Bug 932906 - Exempt Remote XUL from CanCreateWrapper checks. r=bz, a=bajaj
☠☠ backed out by fe1898c72e2e ☠ ☠
authorBobby Holley <bobbyholley@gmail.com>
Wed, 04 Dec 2013 19:15:40 -0800
changeset 167651 344da41d22a3c7ca905b9948203268602fd088bf
parent 167650 3b52b794b1a682d956731dbd7f450c055ac2314b
child 167652 dcf668ab8d94292a273ab98168395932b8a4ee4f
push id428
push userbbajaj@mozilla.com
push dateTue, 28 Jan 2014 00:16:25 +0000
treeherdermozilla-release@cd72a7ff3a75 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, bajaj
bugs932906
milestone27.0a2
Bug 932906 - Exempt Remote XUL from CanCreateWrapper checks. r=bz, a=bajaj
caps/src/nsScriptSecurityManager.cpp
js/xpconnect/tests/chrome/chrome.ini
js/xpconnect/tests/chrome/test_bug932906.xul
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -1983,16 +1983,22 @@ nsScriptSecurityManager::CanCreateWrappe
 {
 // XXX Special case for nsIXPCException ?
     ClassInfoData objClassInfo = ClassInfoData(aClassInfo, nullptr);
     if (objClassInfo.IsDOMClass())
     {
         return NS_OK;
     }
 
+    // We give remote-XUL whitelisted domains a free pass here. See bug 932906.
+    if (!xpc::AllowXBLScope(js::GetContextCompartment(cx)))
+    {
+        return NS_OK;
+    }
+
     //--See if the object advertises a non-default level of access
     //  using nsISecurityCheckedComponent
     nsCOMPtr<nsISecurityCheckedComponent> checkedComponent =
         do_QueryInterface(aObj);
 
     nsXPIDLCString objectSecurityLevel;
     if (checkedComponent)
         checkedComponent->CanCreateWrapper((nsIID *)&aIID, getter_Copies(objectSecurityLevel));
--- a/js/xpconnect/tests/chrome/chrome.ini
+++ b/js/xpconnect/tests/chrome/chrome.ini
@@ -43,16 +43,17 @@ support-files =
 [test_bug795275.xul]
 [test_bug799348.xul]
 [test_bug801241.xul]
 [test_bug812415.xul]
 [test_bug853283.xul]
 [test_bug853571.xul]
 [test_bug860494.xul]
 [test_bug895340.xul]
+[test_bug932906.xul]
 [test_chrometoSource.xul]
 [test_cows.xul]
 [test_documentdomain.xul]
 [test_doublewrappedcompartments.xul]
 [test_evalInSandbox.xul]
 [test_evalInWindow.xul]
 [test_exnstack.xul]
 [test_expandosharing.xul]
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/chrome/test_bug932906.xul
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
+<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=932906
+-->
+<window title="Mozilla Bug 932906"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+  <!-- test results are displayed in the html:body -->
+  <body xmlns="http://www.w3.org/1999/xhtml">
+  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=932906"
+     target="_blank">Mozilla Bug 932906</a>
+  </body>
+
+  <!-- test code goes here -->
+  <script type="application/javascript">
+  <![CDATA[
+  const Cu = Components.utils;
+  Cu.import('resource://gre/modules/Services.jsm');
+
+  /** Test for Bug 932906 **/
+  SimpleTest.waitForExplicitFinish();
+
+  function passToContent(shouldThrow) {
+    try {
+      $('ifr').contentWindow.obs = Services.obs;
+      ok(!shouldThrow, "Didn't throw when passing non-DOM XPCWN to content");
+    } catch (e) {
+      ok(shouldThrow, "Threw when passing non-DOM XPCWN to content");
+      ok(/denied/.test(e), "Threw correct exception: " + e);
+    }
+  }
+
+  var gLoadCount = 0;
+  function loaded() {
+    ++gLoadCount;
+    if (gLoadCount == 1)
+      part1();
+    else if (gLoadCount == 2)
+      part2();
+    else
+      ok(false, "Didn't expect three loads");
+  }
+
+  function part1() {
+
+    // Make sure that the pref is what we expect for mochitests.
+    is(Services.prefs.getBoolPref('dom.use_xbl_scopes_for_remote_xul'), true,
+       "Test harness set up like we expect");
+
+
+    // First, test that we can't normally pass non-DOM XPCWNs to content.
+    passToContent(/* shouldThrow = */ true);
+
+    // Now, make sure we _can_ for the remote xul case. We use SpecialPowers
+    // for the pref munging because it cleans up after us.
+    SpecialPowers.pushPrefEnv({set: [['dom.use_xbl_scopes_for_remote_xul', false]]}, function() {
+      $('ifr').contentWindow.location.reload();
+    });
+  }
+
+  function part2() {
+      passToContent(/* shouldThrow = */ false);
+      SimpleTest.finish();
+  }
+
+  ]]>
+  </script>
+  <iframe id="ifr" onload="loaded();" type="content" src="http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html" />
+</window>