Bug 1124898 - Stop exposing ex-nsIDOMChromeWindow things for random unprivileged things loaded in chrome docshells. r=bz, a=lmandel
authorBobby Holley <bobbyholley@gmail.com>
Mon, 26 Jan 2015 10:26:33 -0800
changeset 249527 669f865e1e77690948391d3c1e507ac78252ace6
parent 249526 941a8c8385ebb69c92b1a2c4f2c355a04e99a7e1
child 249528 2884eaa7f1e53a3d07202d0cafe008573eba8d78
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, lmandel
bugs1124898
milestone37.0a2
Bug 1124898 - Stop exposing ex-nsIDOMChromeWindow things for random unprivileged things loaded in chrome docshells. r=bz, a=lmandel
dom/base/nsGlobalWindow.cpp
dom/base/nsGlobalWindow.h
dom/webidl/Window.webidl
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -4328,20 +4328,21 @@ nsGlobalWindow::GetOwnPropertyNames(JSCo
   nsScriptNameSpaceManager* nameSpaceManager = GetNameSpaceManager();
   if (nameSpaceManager) {
     GlobalNameEnumeratorClosure closure(aCx, this, aNames);
     nameSpaceManager->EnumerateGlobalNames(EnumerateGlobalName, &closure);
   }
 }
 
 /* static */ bool
-nsGlobalWindow::IsChromeWindow(JSContext* aCx, JSObject* aObj)
+nsGlobalWindow::IsPrivilegedChromeWindow(JSContext* aCx, JSObject* aObj)
 {
   // For now, have to deal with XPConnect objects here.
-  return xpc::WindowOrNull(aObj)->IsChromeWindow();
+  return xpc::WindowOrNull(aObj)->IsChromeWindow() &&
+         nsContentUtils::ObjectPrincipal(aObj) == nsContentUtils::GetSystemPrincipal();
 }
 
 /* static */ bool
 nsGlobalWindow::IsShowModalDialogEnabled(JSContext*, JSObject*)
 {
   static bool sAddedPrefCache = false;
   static bool sIsDisabled;
   static const char sShowModalDialogPref[] = "dom.disable_window_showModalDialog";
--- a/dom/base/nsGlobalWindow.h
+++ b/dom/base/nsGlobalWindow.h
@@ -486,17 +486,17 @@ public:
   // nsIInterfaceRequestor
   NS_DECL_NSIINTERFACEREQUESTOR
 
   // WebIDL interface.
   already_AddRefed<nsIDOMWindow> IndexedGetter(uint32_t aIndex, bool& aFound);
 
   void GetSupportedNames(nsTArray<nsString>& aNames);
 
-  static bool IsChromeWindow(JSContext* /* unused */, JSObject* aObj);
+  static bool IsPrivilegedChromeWindow(JSContext* /* unused */, JSObject* aObj);
 
   static bool IsShowModalDialogEnabled(JSContext* /* unused */ = nullptr,
                                        JSObject* /* unused */ = nullptr);
 
   bool DoResolve(JSContext* aCx, JS::Handle<JSObject*> aObj,
                  JS::Handle<jsid> aId,
                  JS::MutableHandle<JSPropertyDescriptor> aDesc);
 
--- a/dom/webidl/Window.webidl
+++ b/dom/webidl/Window.webidl
@@ -400,77 +400,77 @@ partial interface Window {
 partial interface Window {
   [Replaceable, Throws]
   readonly attribute (External or WindowProxy) sidebar;
 };
 #endif
 
 [Func="IsChromeOrXBL"]
 interface ChromeWindow {
-  [Func="nsGlobalWindow::IsChromeWindow"]
+  [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   const unsigned short STATE_MAXIMIZED = 1;
-  [Func="nsGlobalWindow::IsChromeWindow"]
+  [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   const unsigned short STATE_MINIMIZED = 2;
-  [Func="nsGlobalWindow::IsChromeWindow"]
+  [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   const unsigned short STATE_NORMAL = 3;
-  [Func="nsGlobalWindow::IsChromeWindow"]
+  [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   const unsigned short STATE_FULLSCREEN = 4;
 
-  [Func="nsGlobalWindow::IsChromeWindow"]
+  [Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   readonly attribute unsigned short windowState;
 
   /**
    * browserDOMWindow provides access to yet another layer of
    * utility functions implemented by chrome script. It will be null
    * for DOMWindows not corresponding to browsers.
    */
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
            attribute nsIBrowserDOMWindow? browserDOMWindow;
 
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   void                      getAttention();
 
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   void                      getAttentionWithCycleCount(long aCycleCount);
 
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   void                      setCursor(DOMString cursor);
 
-  [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering]
   void                      maximize();
-  [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering]
   void                      minimize();
-  [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering]
   void                      restore();
 
   /**
    * Notify a default button is loaded on a dialog or a wizard.
    * defaultButton is the default button.
    */
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   void notifyDefaultButtonLoaded(Element defaultButton);
 
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   readonly attribute nsIMessageBroadcaster messageManager;
 
   /**
    * Returns the message manager identified by the given group name that
    * manages all frame loaders belonging to that group.
    */
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   nsIMessageBroadcaster getGroupMessageManager(DOMString aGroup);
 
   /**
    * On some operating systems, we must allow the window manager to
    * handle window dragging. This function tells the window manager to
    * start dragging the window. This function will fail unless called
    * while the left mouse button is held down, callers must check this.
    *
    * The optional panel argument should be set when moving a panel.
    *
    * Throws NS_ERROR_NOT_IMPLEMENTED if the OS doesn't support this.
    */
-  [Throws, Func="nsGlobalWindow::IsChromeWindow"]
+  [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"]
   void beginWindowMove(Event mouseDownEvent, optional Element? panel = null);
 };
 
 Window implements ChromeWindow;
 Window implements GlobalFetch;