Bug 1490507, part 2 - Fix up the comment about double wrapping r=bholley
authorAndrew McCreight <continuation@gmail.com>
Tue, 09 Oct 2018 21:14:39 +0000
changeset 498779 644d4b1846b0b0b8a4c8b31742f66c6d8f510079
parent 498778 0cbd91ad500bcacaa5f0e77656752cd3a6ce08c1
child 498780 f92dcf5319ae2b9f1a305c0e155c463584c5fdf2
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1490507, part 2 - Fix up the comment about double wrapping r=bholley Depends on D5690 Differential Revision: https://phabricator.services.mozilla.com/D5691
--- a/js/xpconnect/src/XPCWrappedNativeJSOps.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeJSOps.cpp
@@ -148,66 +148,55 @@ XPC_WN_Shared_toPrimitive(JSContext* cx,
 // A "double wrapped object" is a user JSObject that has been wrapped as a
 // wrappedJS in order to be used by native code and then re-wrapped by a
 // wrappedNative wrapper to be used by JS code. One might think of it as:
 //    wrappedNative(wrappedJS(underlying_JSObject))
 // This is done (as opposed to just unwrapping the wrapped JS and automatically
 // returning the underlying JSObject) so that JS callers will see what looks
 // Like any other xpcom object - and be limited to use its interfaces.
-// See the comment preceding nsIXPCWrappedJSObjectGetter in nsIXPConnect.idl.
- * This is a sort of a placeholder interface. It is not intended to be
- * implemented. It exists to give the nsIXPCSecurityManager an iid on
- * which to gate a specific activity in XPConnect.
- *
- * That activity is...
- *
  * When JavaScript code uses a component that is itself implemented in
  * JavaScript then XPConnect will build a wrapper rather than directly
  * expose the JSObject of the component. This allows components implemented
  * in JavaScript to 'look' just like any other xpcom component (from the
  * perspective of the JavaScript caller). This insulates the component from
  * the caller and hides any properties or methods that are not part of the
  * interface as declared in xpidl. Usually this is a good thing.
  * However, in some cases it is useful to allow the JS caller access to the
  * JS component's underlying implementation. In order to facilitate this
- * XPConnect supports the 'wrappedJSObject' property. The caller code can do:
+ * XPConnect supports the 'wrappedJSObject' property. This 'wrappedJSObject'
+ * property is different than the XrayWrapper meaning. (The naming collision
+ * avoids having more than one magic XPConnect property name, but is
+ * confusing.)
+ *
+ * The caller code can do:
  * // 'foo' is some xpcom component (that might be implemented in JS).
- * try {
- *   var bar = foo.wrappedJSObject;
- *   if(bar) {
- *      // bar is the underlying JSObject. Do stuff with it here.
- *   }
- * } catch(e) {
- *   // security exception?
+ * var bar = foo.wrappedJSObject;
+ * if(bar) {
+ *    // bar is the underlying JSObject. Do stuff with it here.
  * }
  * Recall that 'foo' above is an XPConnect wrapper, not the underlying JS
  * object. The property get "foo.wrappedJSObject" will only succeed if three
  * conditions are met:
  * 1) 'foo' really is an XPConnect wrapper around a JSObject.
  * 2) The underlying JSObject actually implements a "wrappedJSObject"
  *    property that returns a JSObject. This is called by XPConnect. This
  *    restriction allows wrapped objects to only allow access to the underlying
- *    JSObject if they choose to do so. Ususally this just means that 'foo'
- *    would have a property tht looks like:
+ *    JSObject if they choose to do so. Usually this just means that 'foo'
+ *    would have a property that looks like:
  *       this.wrappedJSObject = this.
- * 3) The implemementation of nsIXPCSecurityManager (if installed) allows
- *    a property get on the interface below. Although the JSObject need not
- *    implement 'nsIXPCWrappedJSObjectGetter', XPConnect will ask the
- *    security manager if it is OK for the caller to access the only method
- *    in nsIXPCWrappedJSObjectGetter before allowing the activity. This fits
- *    in with the security manager paradigm and makes control over accessing
- *    the property on this interface the control factor for getting the
- *    underlying wrapped JSObject of a JS component from JS code.
+ * 3) The caller must be system JS and not content. Double-wrapped XPCWJS should
+ *    not be exposed to content except with enablePrivilege or a remote-XUL
+ *    domain.
  * Notes:
  * a) If 'foo' above were the underlying JSObject and not a wrapper at all,
  *    then this all just works and XPConnect is not part of the picture at all.
  * b) One might ask why 'foo' should not just implement an interface through
  *    which callers might get at the underlying object. There are three reasons:
  *   i)   XPConnect would still have to do magic since JSObject is not a
@@ -215,20 +204,16 @@ XPC_WN_Shared_toPrimitive(JSContext* cx,
  *   ii)  JS Components might use aggregation (like C++ objects) and have
  *        different JSObjects for different interfaces 'within' an aggregate
  *        object. But, using an additional interface only allows returning one
  *        underlying JSObject. However, this allows for the possibility that
  *        each of the aggregte JSObjects could return something different.
  *        Note that one might do: this.wrappedJSObject = someOtherObject;
  *   iii) Avoiding the explicit interface makes it easier for both the caller
  *        and the component.
- *
- *  Anyway, some future implementation of nsIXPCSecurityManager might want
- *  do special processing on 'nsIXPCSecurityManager::CanGetProperty' when
- *  the interface id is that of nsIXPCWrappedJSObjectGetter.
 static JSObject*
 GetDoubleWrappedJSObject(XPCCallContext& ccx, XPCWrappedNative* wrapper)
     RootedObject obj(ccx);
         underware = do_QueryInterface(wrapper->GetIdentityObject());