Bug 1124898 - Stop exposing ex-nsIDOMChromeWindow things for random unprivileged things loaded in chrome docshells. r=bz
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -4337,20 +4337,21 @@ nsGlobalWindow::GetOwnPropertyNames(JSCo
nsScriptNameSpaceManager* nameSpaceManager = GetNameSpaceManager();
if (nameSpaceManager) {
GlobalNameEnumeratorClosure closure(aCx, this, aNames);
nameSpaceManager->EnumerateGlobalNames(EnumerateGlobalName, &closure);
}
}
/* static */ bool
-nsGlobalWindow::IsChromeWindow(JSContext* aCx, JSObject* aObj)
+nsGlobalWindow::IsPrivilegedChromeWindow(JSContext* aCx, JSObject* aObj)
{
// For now, have to deal with XPConnect objects here.
- return xpc::WindowOrNull(aObj)->IsChromeWindow();
+ return xpc::WindowOrNull(aObj)->IsChromeWindow() &&
+ nsContentUtils::ObjectPrincipal(aObj) == nsContentUtils::GetSystemPrincipal();
}
/* static */ bool
nsGlobalWindow::IsShowModalDialogEnabled(JSContext*, JSObject*)
{
static bool sAddedPrefCache = false;
static bool sIsDisabled;
static const char sShowModalDialogPref[] = "dom.disable_window_showModalDialog";
--- a/dom/base/nsGlobalWindow.h
+++ b/dom/base/nsGlobalWindow.h
@@ -486,17 +486,17 @@ public:
// nsIInterfaceRequestor
NS_DECL_NSIINTERFACEREQUESTOR
// WebIDL interface.
already_AddRefed<nsIDOMWindow> IndexedGetter(uint32_t aIndex, bool& aFound);
void GetSupportedNames(nsTArray<nsString>& aNames);
- static bool IsChromeWindow(JSContext* /* unused */, JSObject* aObj);
+ static bool IsPrivilegedChromeWindow(JSContext* /* unused */, JSObject* aObj);
static bool IsShowModalDialogEnabled(JSContext* /* unused */ = nullptr,
JSObject* /* unused */ = nullptr);
bool DoResolve(JSContext* aCx, JS::Handle<JSObject*> aObj,
JS::Handle<jsid> aId,
JS::MutableHandle<JSPropertyDescriptor> aDesc);
--- a/dom/webidl/Window.webidl
+++ b/dom/webidl/Window.webidl
@@ -400,77 +400,77 @@ partial interface Window {
partial interface Window {
[Replaceable, Throws]
readonly attribute (External or WindowProxy) sidebar;
};
#endif
[Func="IsChromeOrXBL"]
interface ChromeWindow {
- [Func="nsGlobalWindow::IsChromeWindow"]
+ [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
const unsigned short STATE_MAXIMIZED = 1;
- [Func="nsGlobalWindow::IsChromeWindow"]
+ [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
const unsigned short STATE_MINIMIZED = 2;
- [Func="nsGlobalWindow::IsChromeWindow"]
+ [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
const unsigned short STATE_NORMAL = 3;
- [Func="nsGlobalWindow::IsChromeWindow"]
+ [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
const unsigned short STATE_FULLSCREEN = 4;
- [Func="nsGlobalWindow::IsChromeWindow"]
+ [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
readonly attribute unsigned short windowState;
/**
* browserDOMWindow provides access to yet another layer of
* utility functions implemented by chrome script. It will be null
* for DOMWindows not corresponding to browsers.
*/
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
attribute nsIBrowserDOMWindow? browserDOMWindow;
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
void getAttention();
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
void getAttentionWithCycleCount(long aCycleCount);
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
void setCursor(DOMString cursor);
- [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering]
void maximize();
- [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering]
void minimize();
- [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering]
void restore();
/**
* Notify a default button is loaded on a dialog or a wizard.
* defaultButton is the default button.
*/
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
void notifyDefaultButtonLoaded(Element defaultButton);
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
readonly attribute nsIMessageBroadcaster messageManager;
/**
* Returns the message manager identified by the given group name that
* manages all frame loaders belonging to that group.
*/
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
nsIMessageBroadcaster getGroupMessageManager(DOMString aGroup);
/**
* On some operating systems, we must allow the window manager to
* handle window dragging. This function tells the window manager to
* start dragging the window. This function will fail unless called
* while the left mouse button is held down, callers must check this.
*
* The optional panel argument should be set when moving a panel.
*
* Throws NS_ERROR_NOT_IMPLEMENTED if the OS doesn't support this.
*/
- [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+ [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
void beginWindowMove(Event mouseDownEvent, optional Element? panel = null);
};
Window implements ChromeWindow;
Window implements GlobalFetch;