Bug 844783 - Disable XBL scopes for XUL-whitelisted domains. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Wed, 27 Mar 2013 11:40:44 -0700
changeset 128703 413d5d8de3c89fb919e124e13d570729ae342ac9
parent 128702 033f2f8ee525c5b135c306b1227c288b0b549db8
child 128704 762893c10abfd6569843c3ef2b10bd7b178b644e
push id3562
push userbobbyholley@gmail.com
push dateWed, 27 Mar 2013 18:41:22 +0000
treeherdermozilla-aurora@c5add7fbc027 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs844783, 853747
milestone21.0a2
Bug 844783 - Disable XBL scopes for XUL-whitelisted domains. r=bz This also has the followup fix for bug 853747 merged in, for aurora.
build/automation.py.in
js/xpconnect/src/XPCWrappedNativeScope.cpp
layout/tools/reftest/b2g_start_script.js
layout/tools/reftest/reftest-cmdline.js
--- a/build/automation.py.in
+++ b/build/automation.py.in
@@ -523,16 +523,24 @@ user_pref("extensions.getAddons.search.u
 user_pref("plugins.update.url", "http://%(server)s/plugins-dummy/updateCheckURL");
 
 // Existing tests don't wait for the notification button security delay
 user_pref("security.notification_enable_delay", 0);
 
 // Make enablePrivilege continue to work for test code. :-(
 user_pref("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", true);
 
+// In the default configuration, we bypass XBL scopes (a security feature) for
+// domains whitelisted for remote XUL, so that intranet apps and such continue
+// to work without major rewrites. However, we also use the whitelist mechanism
+// to run our XBL tests in automation, in which case we really want to be testing
+// the configuration that we ship to users without special whitelisting. So we
+// use an additional pref here to allow automation to use the "normal" behavior.
+user_pref("dom.use_xbl_scopes_for_remote_xul", true);
+
 // Get network events.
 user_pref("network.activity.blipIntervalMilliseconds", 250);
 
 // Don't allow the Data Reporting service to prompt for policy acceptance.
 user_pref("datareporting.policy.dataSubmissionPolicyBypassAcceptance", true);
 
 // Point Firefox Health Report at a local server. We don't care if it actually
 // works. It just can't hit the default production endpoint.
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -5,16 +5,17 @@
 
 /* Class used to manage the wrapped native objects within a JS scope. */
 
 #include "xpcprivate.h"
 #include "XPCWrapper.h"
 #include "jsproxy.h"
 #include "nsContentUtils.h"
 #include "nsPrincipal.h"
+#include "mozilla/Preferences.h"
 
 #include "mozilla/dom/BindingUtils.h"
 
 using namespace mozilla;
 using namespace xpc;
 
 /***************************************************************************/
 
@@ -125,27 +126,32 @@ XPCWrappedNativeScope::XPCWrappedNativeS
     DEBUG_TrackNewScope(this);
     MOZ_COUNT_CTOR(XPCWrappedNativeScope);
 
     // Attach ourselves to the compartment private.
     CompartmentPrivate *priv = EnsureCompartmentPrivate(aGlobal);
     priv->scope = this;
 
     // Determine whether to use an XBL scope or not.
+    nsIPrincipal *principal = GetPrincipal();
     mUseXBLScope = XPCJSRuntime::Get()->XBLScopesEnabled();
     if (mUseXBLScope) {
       js::Class *clasp = js::GetObjectClass(mGlobalJSObject);
       mUseXBLScope = !strcmp(clasp->name, "Window") ||
                      !strcmp(clasp->name, "ChromeWindow") ||
                      !strcmp(clasp->name, "ModalContentWindow");
     }
     if (mUseXBLScope) {
-      nsIPrincipal *principal = GetPrincipal();
       mUseXBLScope = principal && !nsContentUtils::IsSystemPrincipal(principal);
     }
+    if (mUseXBLScope) {
+      mUseXBLScope = !nsContentUtils::AllowXULXBLForPrincipal(principal) ||
+                      Preferences::GetBool("dom.use_xbl_scopes_for_remote_xul",
+                                           false);
+    }
 }
 
 // static
 JSBool
 XPCWrappedNativeScope::IsDyingScope(XPCWrappedNativeScope *scope)
 {
     for (XPCWrappedNativeScope *cur = gDyingScopes; cur; cur = cur->mNext) {
         if (scope == cur)
--- a/layout/tools/reftest/b2g_start_script.js
+++ b/layout/tools/reftest/b2g_start_script.js
@@ -4,16 +4,17 @@ function setDefaultPrefs() {
     // This code sets the preferences for extension-based reftest; for
     // command-line based reftest they are set in function handler_handle in
     // reftest-cmdline.js.  These two locations should stay in sync.
     //
     // FIXME: These should be in only one place.
     var prefs = Components.classes["@mozilla.org/preferences-service;1"].
                 getService(Components.interfaces.nsIPrefService);
     var branch = prefs.getDefaultBranch("");
+    branch.setBoolPref("dom.use_xbl_scopes_for_remote_xul", true);
     branch.setBoolPref("gfx.color_management.force_srgb", true);
     branch.setBoolPref("browser.dom.window.dump.enabled", true);
     branch.setIntPref("ui.caretBlinkTime", -1);
     branch.setBoolPref("dom.send_after_paint_to_content", true);
     // no slow script dialogs
     branch.setIntPref("dom.max_script_run_time", 0);
     branch.setIntPref("dom.max_chrome_script_run_time", 0);
     branch.setIntPref("hangmonitor.timeout", 0);
--- a/layout/tools/reftest/reftest-cmdline.js
+++ b/layout/tools/reftest/reftest-cmdline.js
@@ -71,16 +71,17 @@ RefTestCmdLineHandler.prototype =
      * setDefaultPrefs().  These are duplicated there so we can have a 
      * restartless addon for reftest on native Android.
      *
      * FIXME: These should be in only one place. 
      */
     var prefs = Components.classes["@mozilla.org/preferences-service;1"].
                 getService(Components.interfaces.nsIPrefService);
     var branch = prefs.getDefaultBranch("");
+    branch.setBoolPref("dom.use_xbl_scopes_for_remote_xul", true);
     branch.setBoolPref("gfx.color_management.force_srgb", true);
     branch.setBoolPref("browser.dom.window.dump.enabled", true);
     branch.setIntPref("ui.caretBlinkTime", -1);
     branch.setBoolPref("dom.send_after_paint_to_content", true);
     // no slow script dialogs
     branch.setIntPref("dom.max_script_run_time", 0);
     branch.setIntPref("dom.max_chrome_script_run_time", 0);
     branch.setIntPref("hangmonitor.timeout", 0);