Bug 733984 - Apply Location wrappers for same-origin cross-compartment wrapping. r=mrbkap
authorBobby Holley <bobbyholley@gmail.com>
Fri, 23 Mar 2012 14:59:23 -0700
changeset 93524 6519fd0616e2aa9a695ed4370705079afe2ebd22
parent 93523 ae71e6cdc6c479bca3e8f8ccc7e27424a519192c
child 93525 1742f60b446837de68abbff2f64040c027ff39a9
push id886
push userlsblakk@mozilla.com
push dateMon, 04 Jun 2012 19:57:52 +0000
treeherdermozilla-beta@bbd8d5efd6d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs733984
milestone14.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 733984 - Apply Location wrappers for same-origin cross-compartment wrapping. r=mrbkap This isn't an issue right now, since it can't ever happen outside of sandboxes, which content can't use. But if it could, it could get a pure CrossCompartmentWrapper to a Location object, which is bad.
js/xpconnect/wrappers/WrapperFactory.cpp
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -346,22 +346,33 @@ WrapperFactory::Rewrap(JSContext *cx, JS
                 wrapper = &FilteringWrapper<Xray, LocationPolicy>::singleton;
             else
                 wrapper = &FilteringWrapper<Xray, CrossOriginAccessiblePropertiesOnly>::singleton;
         } else {
             wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
                                         ExposedPropertiesOnly>::singleton;
         }
     } else if (AccessCheck::isSameOrigin(origin, target)) {
-        // Same origin we use a transparent wrapper, unless the compartment asks
-        // for an Xray or the wrapper needs a SOW.
+        // For the same-origin case we use a transparent wrapper, unless one
+        // of the following is true:
+        // * The wrapper is a Location object.
+        // * The wrapper is flagged as needing a SOW.
+        // * The context compartment specifically requested Xray vision into
+        //   same-origin compartments.
+        //
+        // The first two cases always require a security wrapper for non-chrome
+        // access, regardless of the origin of the object.
         bool proxy;
         if (AccessCheck::needsSystemOnlyWrapper(obj)) {
             wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
                                         OnlyIfSubjectIsSystem>::singleton;
+        } else if (IsLocationObject(obj)) {
+            typedef XrayWrapper<CrossCompartmentSecurityWrapper> Xray;
+            usingXray = true;
+            wrapper = &FilteringWrapper<Xray, LocationPolicy>::singleton;
         } else if (targetdata && targetdata->wantXrays && CanXray(obj, &proxy)) {
             if (proxy) {
                 wrapper = &XrayProxy::singleton;
             } else {
                 typedef XrayWrapper<CrossCompartmentWrapper> Xray;
                 usingXray = true;
                 wrapper = &Xray::singleton;
             }