Bug 641342 - Treat chrome DOM objects like DOM objects. r=gal/jst
☠☠ backed out by d1d5daab95bd ☠ ☠
authorBlake Kaplan <mrbkap@gmail.com>
Fri, 08 Apr 2011 14:28:24 -0700
changeset 67695 652bd0eed005369e444005e6a75944a174056f91
parent 67694 a089731c47d5cee62c33c6423befeaf7f14a921c
child 67696 0a780111aacb24497319d8404aabff0e9360725d
child 67699 d1d5daab95bd18473b3c502a2586f227aa994e2a
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgal, jst
bugs641342
milestone2.2a1pre
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 641342 - Treat chrome DOM objects like DOM objects. r=gal/jst
js/src/xpconnect/wrappers/WrapperFactory.cpp
--- a/js/src/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/src/xpconnect/wrappers/WrapperFactory.cpp
@@ -274,18 +274,33 @@ WrapperFactory::Rewrap(JSContext *cx, JS
     } else if (AccessCheck::isChrome(origin)) {
         if (obj->isFunction()) {
             JSFunction *fun = obj->getFunctionPrivate();
             if (JS_IsBuiltinEvalFunction(fun) || JS_IsBuiltinFunctionConstructor(fun)) {
                 JS_ReportError(cx, "Not allowed to access chrome eval or Function from content");
                 return nsnull;
             }
         }
-        wrapper = &FilteringWrapper<JSCrossCompartmentWrapper,
-                                    ExposedPropertiesOnly>::singleton;
+
+        JSObject *inner = obj;
+        OBJ_TO_INNER_OBJECT(cx, inner);
+        XPCWrappedNative *wn;
+        if (IS_WN_WRAPPER(inner) &&
+            (wn = static_cast<XPCWrappedNative *>(inner->getPrivate()))->HasProto() &&
+            wn->GetProto()->ClassIsDOMObject()) {
+            typedef XrayWrapper<JSCrossCompartmentWrapper> Xray;
+            wrapper = &FilteringWrapper<Xray,
+                                        CrossOriginAccessiblePropertiesOnly>::singleton;
+            xrayHolder = Xray::createHolder(cx, obj, parent);
+            if (!xrayHolder)
+                return nsnull;
+        } else {
+            wrapper = &FilteringWrapper<JSCrossCompartmentWrapper,
+                                        ExposedPropertiesOnly>::singleton;
+        }
     } else if (AccessCheck::isSameOrigin(origin, target)) {
         // Same origin we use a transparent wrapper, unless the compartment asks
         // for an Xray or the wrapper needs a SOW.
         if (AccessCheck::needsSystemOnlyWrapper(obj)) {
             wrapper = &FilteringWrapper<JSCrossCompartmentWrapper,
                                         OnlyIfSubjectIsSystem>::singleton;
         } else if (targetdata && targetdata->wantXrays &&
                    (IS_WN_WRAPPER(obj) || obj->getClass()->ext.innerObject)) {
@@ -312,17 +327,17 @@ WrapperFactory::Rewrap(JSContext *cx, JS
             typedef XrayWrapper<JSCrossCompartmentWrapper> Xray;
 
             // Location objects can become same origin after navigation, so we might
             // have to grant transparent access later on.
             if (IsLocationObject(obj)) {
                 wrapper = &FilteringWrapper<Xray,
                     SameOriginOrCrossOriginAccessiblePropertiesOnly>::singleton;
             } else {
-                wrapper= &FilteringWrapper<Xray,
+                wrapper = &FilteringWrapper<Xray,
                     CrossOriginAccessiblePropertiesOnly>::singleton;
             }
 
             xrayHolder = Xray::createHolder(cx, obj, parent);
             if (!xrayHolder)
                 return nsnull;
         }
     }