| author | Bobby Holley <bobbyholley@gmail.com> |
| Tue, 21 Aug 2012 10:27:08 -0700 | |
| changeset 108417 | 6f955c140b60ae8399bc4a013a80e794f64fa315 |
| parent 108416 | 0e73660050a44ecd554cd3859f4af01bbdca2f65 |
| child 108418 | 321da000a2281b8ca719f2290df8e13571a62cb3 |
| push id | 1490 |
| push user | akeybl@mozilla.com |
| push date | Mon, 08 Oct 2012 18:29:50 +0000 |
| treeherder | mozilla-beta@f335e7dacdc1 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | gal |
| bugs | 784233 |
| milestone | 17.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/content/base/public/nsDeprecatedOperationList.h +++ b/content/base/public/nsDeprecatedOperationList.h @@ -40,10 +40,11 @@ DEPRECATED_OPERATION(IsEqualNode) DEPRECATED_OPERATION(TextContent) DEPRECATED_OPERATION(EnablePrivilege) DEPRECATED_OPERATION(Position) DEPRECATED_OPERATION(TotalSize) DEPRECATED_OPERATION(InputEncoding) DEPRECATED_OPERATION(MozBeforePaint) DEPRECATED_OPERATION(MozBlobBuilder) DEPRECATED_OPERATION(DOMExceptionCode) +DEPRECATED_OPERATION(NoExposedProps) DEPRECATED_OPERATION(MutationEvent) DEPRECATED_OPERATION(MozSlice)
--- a/js/xpconnect/tests/chrome/test_cows.xul +++ b/js/xpconnect/tests/chrome/test_cows.xul @@ -90,22 +90,20 @@ function COWTests() { //var cow = getCOW({ foo: "fooval", __exposedProps__: {}}); //Math.sin(1); //is(cow.foo, undefined, "one test to rule them all"); //return; const PROPS_TO_TEST = ['foo', 'bar', 'prototype']; var empty = {}; - var nonempty = {foo: 42, bar: 33}; + // Once we flip the default for __exposedProps__, this should behave + // the same as for function objects below. is(getCOW(empty).foo, undefined, "shouldn't throw when accessing exposed properties that doesn't exist"); - PROPS_TO_TEST.forEach(function(name) { - isPropHidden(getCOW(nonempty), name, "object without exposedProps"); - }); // Test function objects without __exposedProps__ var func = function(x) { return 42; }; func.foo = "foo property"; var funcCOW = getCOW(func); PROPS_TO_TEST.forEach(function(name) { isPropHidden(funcCOW, name, "function without exposedProps"); });
--- a/js/xpconnect/wrappers/AccessCheck.cpp +++ b/js/xpconnect/wrappers/AccessCheck.cpp @@ -378,16 +378,26 @@ PermitIfUniversalXPConnect(JSContext *cx perm = ExposedPropertiesOnly::PermitPropertyAccess; return true; // Allow } // Deny return Deny(cx, id, act); } +static bool +IsInSandbox(JSContext *cx, JSObject *obj) +{ + JSAutoEnterCompartment ac; + if (!ac.enter(cx, obj)) + return false; + JSObject *global = JS_GetGlobalForObject(cx, obj); + return !strcmp(js::GetObjectJSClass(global)->name, "Sandbox"); +} + bool ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper::Action act, Permission &perm) { JSObject *wrappedObject = Wrapper::wrappedObject(wrapper); if (act == Wrapper::CALL) { perm = PermitObjectAccess; @@ -422,16 +432,36 @@ ExposedPropertiesOnly::check(JSContext * } // If no __exposedProps__ existed, deny access. if (!found) { // Everything below here needs to be done in the wrapper's compartment. if (!wrapperAC.enter(cx, wrapper)) return false; + // Make a temporary exception for objects in a chrome sandbox to help + // out jetpack. See bug 784233. + if (!JS_ObjectIsFunction(cx, wrappedObject) && + IsInSandbox(cx, wrappedObject)) + { + // This little loop hole will go away soon! See bug 553102. + nsCOMPtr<nsPIDOMWindow> win = + do_QueryInterface(nsJSUtils::GetStaticScriptGlobal(cx, wrapper)); + if (win) { + nsCOMPtr<nsIDocument> doc = + do_QueryInterface(win->GetExtantDocument()); + if (doc) { + doc->WarnOnceAbout(nsIDocument::eNoExposedProps, + /* asError = */ true); + } + } + + perm = PermitPropertyAccess; + return true; + } return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny } if (id == JSID_VOID) { // This will force the caller to call us back for individual property accesses. perm = PermitPropertyAccess; return true; }