Bug 1083060 - Only use the XOW policy for Window and Location. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Fri, 17 Oct 2014 16:17:03 +0200
changeset 211045 ba0373a2af17c17e65456136dd8d2f03aea2fabd
parent 211044 78f725c6441db73e22b886040a0782f11478bbe0
child 211046 a483e89f4b2197fe44cd689c87048246088d6fe4
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersbz
bugs1083060
milestone36.0a1
Bug 1083060 - Only use the XOW policy for Window and Location. r=bz
js/xpconnect/wrappers/WrapperFactory.cpp
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -362,17 +362,17 @@ DEBUG_CheckUnwrapSafety(HandleObject obj
     }
 }
 #else
 #define DEBUG_CheckUnwrapSafety(obj, handler, origin, target) {}
 #endif
 
 static const Wrapper *
 SelectWrapper(bool securityWrapper, bool wantXrays, XrayType xrayType,
-              bool waiveXrays, bool originIsXBLScope)
+              bool waiveXrays, bool originIsXBLScope, JSObject *obj)
 {
     // Waived Xray uses a modified CCW that has transparent behavior but
     // transitively waives Xrays on arguments.
     if (waiveXrays) {
         MOZ_ASSERT(!securityWrapper);
         return &WaiveXrayWrapper::singleton;
     }
 
@@ -393,29 +393,29 @@ SelectWrapper(bool securityWrapper, bool
             return &PermissiveXrayDOM::singleton;
         else if (xrayType == XrayForJSObject)
             return &PermissiveXrayJS::singleton;
         MOZ_ASSERT(xrayType == XrayForOpaqueObject);
         return &PermissiveXrayOpaque::singleton;
     }
 
     // This is a security wrapper. Use the security versions and filter.
-    if (xrayType == XrayForDOMObject)
+    if (xrayType == XrayForDOMObject && IdentifyCrossOriginObject(obj) != CrossOriginOpaque)
         return &FilteringWrapper<CrossOriginXrayWrapper,
                                  CrossOriginAccessiblePropertiesOnly>::singleton;
 
     // There's never any reason to expose other objects to non-subsuming actors.
     // Just use an opaque wrapper in these cases.
     //
     // In general, we don't want opaque function wrappers to be callable.
     // But in the case of XBL, we rely on content being able to invoke
     // functions exposed from the XBL scope. We could remove this exception,
     // if needed, by using ExportFunction to generate the content-side
     // representations of XBL methods.
-    if (originIsXBLScope)
+    if (xrayType == XrayForJSObject && originIsXBLScope)
         return &FilteringWrapper<CrossCompartmentSecurityWrapper, OpaqueWithCall>::singleton;
     return &FilteringWrapper<CrossCompartmentSecurityWrapper, Opaque>::singleton;
 }
 
 static const Wrapper *
 SelectAddonWrapper(JSContext *cx, HandleObject obj, const Wrapper *wrapper)
 {
     JSAddonId *originAddon = JS::AddonIdOfObject(obj);
@@ -520,17 +520,17 @@ WrapperFactory::Rewrap(JSContext *cx, Ha
         // wrappers.
         bool waiveXrays = wantXrays && !securityWrapper && HasWaiveXrayFlag(obj);
 
         // We have slightly different behavior for the case when the object
         // being wrapped is in an XBL scope.
         bool originIsContentXBLScope = IsContentXBLScope(origin);
 
         wrapper = SelectWrapper(securityWrapper, wantXrays, xrayType, waiveXrays,
-                                originIsContentXBLScope);
+                                originIsContentXBLScope, obj);
 
         // If we want to apply add-on interposition in the target compartment,
         // then we try to "upgrade" the wrapper to an interposing one.
         if (CompartmentPrivate::Get(target)->scope->HasInterposition())
             wrapper = SelectAddonWrapper(cx, obj, wrapper);
     }
 
     if (!targetSubsumesOrigin) {