Mercurial > releases > mozilla-esr17 / changeset / bd0f8cb6c50b9da9651dcb243fa22f2376cbb3bd
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 791526 - Temporarily add the |netscape.security| object back in to fix broken browser detection. r=bz a=lsblakk
authorBobby Holley <bobbyholley@gmail.com>
Tue, 02 Oct 2012 11:01:31 +0200
changeset 109370 bd0f8cb6c50b9da9651dcb243fa22f2376cbb3bd
parent 109369 846561f033dbc446279e3215aecf7d12f1a6abfc
child 109371 89f96cbcc3efa2e651eebc9e9d7ee501614b68d6
push idunknown
push userunknown
push dateunknown
reviewersbz, lsblakk
bugs791526
milestone17.0a2
Bug 791526 - Temporarily add the |netscape.security| object back in to fix broken browser detection. r=bz a=lsblakk
caps/src/nsSecurityManagerFactory.cpp file | annotate | diff | comparison | revisions 
--- a/caps/src/nsSecurityManagerFactory.cpp
+++ b/caps/src/nsSecurityManagerFactory.cpp
@@ -63,25 +63,16 @@ static JSFunctionSpec PrivilegeManager_s
  * et al. so that code that worked with 4.0 can still work.
  */
 NS_IMETHODIMP 
 nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
 {
     JSContext* cx = aScriptContext->GetNativeContext();
     JSObject *global = JS_ObjectToInnerObject(cx, JS_GetGlobalObject(cx));
 
-    // We hide enablePrivilege behind a pref because it has been altered in a
-    // way that makes it fundamentally insecure to use in production. Mozilla
-    // uses this pref during automated testing to support legacy test code that
-    // uses enablePrivilege. If you're not doing test automation, you _must_ not
-    // flip this pref, or you will be exposing all your users to security
-    // vulnerabilities.
-    if (!Preferences::GetBool("security.enablePrivilege.enable_for_tests"))
-        return NS_OK;
-
     /*
      * Find Object.prototype's class by walking up the global object's
      * prototype chain.
      */
     JSObject *obj = global;
     JSObject *proto;
     JSAutoRequest ar(cx);
     while ((proto = JS_GetPrototype(obj)) != nullptr)
@@ -108,16 +99,25 @@ nsSecurityNameSet::InitializeNameSet(nsI
         if (obj == nullptr)
             return NS_ERROR_FAILURE;
         securityObj = JS_DefineObject(cx, obj, "security", objectClass,
                                       nullptr, 0);
         if (securityObj == nullptr)
             return NS_ERROR_FAILURE;
     }
 
+    // We hide enablePrivilege behind a pref because it has been altered in a
+    // way that makes it fundamentally insecure to use in production. Mozilla
+    // uses this pref during automated testing to support legacy test code that
+    // uses enablePrivilege. If you're not doing test automation, you _must_ not
+    // flip this pref, or you will be exposing all your users to security
+    // vulnerabilities.
+    if (!Preferences::GetBool("security.enablePrivilege.enable_for_tests"))
+        return NS_OK;
+
     /* Define PrivilegeManager object with the necessary "static" methods. */
     obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass,
                           nullptr, 0);
     if (obj == nullptr)
         return NS_ERROR_FAILURE;
 
     return JS_DefineFunctions(cx, obj, PrivilegeManager_static_methods)
            ? NS_OK
mozilla-esr17
Deployed from b3b23ca3239b at 2021-02-23T19:22:34Z.