Bug 1549803 - Add a check that the remoteType is privileged. r=MattN
authorJared Wein <jwein@mozilla.com>
Sat, 11 May 2019 03:29:45 +0000
changeset 532348 7654f255fd12223f92011e01627dc98649f9d0f5
parent 532347 6efab548863ef3ff2b2ef68892d775dbedf1f527
child 532349 018fd8ddc6578dc2062b8cbcad9bae92e8fdffed
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersMattN
bugs1549803
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1549803 - Add a check that the remoteType is privileged. r=MattN Differential Revision: https://phabricator.services.mozilla.com/D30677
browser/components/aboutlogins/AboutLoginsParent.jsm
--- a/browser/components/aboutlogins/AboutLoginsParent.jsm
+++ b/browser/components/aboutlogins/AboutLoginsParent.jsm
@@ -2,16 +2,18 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 "use strict";
 
 var EXPORTED_SYMBOLS = ["AboutLoginsParent"];
 
 const {XPCOMUtils} = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
+ChromeUtils.defineModuleGetter(this, "E10SUtils",
+                               "resource://gre/modules/E10SUtils.jsm");
 ChromeUtils.defineModuleGetter(this, "LoginHelper",
                                "resource://gre/modules/LoginHelper.jsm");
 ChromeUtils.defineModuleGetter(this, "Services",
                                "resource://gre/modules/Services.jsm");
 
 XPCOMUtils.defineLazyGetter(this, "log", () => {
   return LoginHelper.createLogger("AboutLoginsParent");
 });
@@ -32,17 +34,18 @@ const convertSubjectToLogin = subject =>
 };
 
 var AboutLoginsParent = {
   _subscribers: new WeakSet(),
 
   // Listeners are added in BrowserGlue.jsm
   receiveMessage(message) {
     // Only respond to messages sent from about:logins.
-    if (message.target.contentPrincipal.originNoSuffix != ABOUT_LOGINS_ORIGIN) {
+    if (message.target.remoteType != E10SUtils.PRIVILEGED_REMOTE_TYPE ||
+        message.target.contentPrincipal.originNoSuffix != ABOUT_LOGINS_ORIGIN) {
       return;
     }
 
     switch (message.name) {
       case "AboutLogins:DeleteLogin": {
         let login = LoginHelper.vanillaObjectToLogin(message.data.login);
         Services.logins.removeLogin(login);
         break;
@@ -114,17 +117,18 @@ var AboutLoginsParent = {
         break;
       }
     }
   },
 
   messageSubscribers(name, details) {
     let subscribers = ChromeUtils.nondeterministicGetWeakSetKeys(this._subscribers);
     for (let subscriber of subscribers) {
-      if (!subscriber.contentPrincipal ||
+      if (subscriber.remoteType != E10SUtils.PRIVILEGED_REMOTE_TYPE ||
+          !subscriber.contentPrincipal ||
           subscriber.contentPrincipal.originNoSuffix != ABOUT_LOGINS_ORIGIN) {
         this._subscribers.delete(subscriber);
         continue;
       }
       try {
         subscriber.messageManager.sendAsyncMessage(name, details);
       } catch (ex) {}
     }