Bug 1034682 - Move remaining wacky wantXrays behavior to the JS entry point so that we don't have to worry about it when creating Sandboxes from C++. r=peterv
authorBobby Holley <bobbyholley@gmail.com>
Fri, 11 Jul 2014 15:56:27 -0700
changeset 215619 ee683f7998c16c55deadb9d49282cdbb634ae1b0
parent 215618 cc85d728482e18b3126f4ae3e7adf4a052af787d
child 215620 91a2a519a72507fe9aff6d7b99905e29b32aa836
push id515
push userraliiev@mozilla.com
push dateMon, 06 Oct 2014 12:51:51 +0000
treeherdermozilla-release@267c7a481bef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerspeterv
bugs1034682
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1034682 - Move remaining wacky wantXrays behavior to the JS entry point so that we don't have to worry about it when creating Sandboxes from C++. r=peterv
js/xpconnect/src/Sandbox.cpp
js/xpconnect/src/XPCWrappedNativeScope.cpp
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -959,23 +959,18 @@ xpc::CreateSandboxObject(JSContext *cx, 
         if (!options.globalProperties.Define(cx, sandbox))
             return NS_ERROR_XPC_UNEXPECTED;
 
         // Resolve standard classes eagerly to avoid triggering mirroring hooks for them.
         if (options.writeToGlobalPrototype && !JS_EnumerateStandardClasses(cx, sandbox))
             return NS_ERROR_XPC_UNEXPECTED;
     }
 
-    // We have this crazy behavior where wantXrays=false also implies that the
-    // returned sandbox is implicitly waived. We've stopped advertising it, but
-    // keep supporting it for now.
     vp.setObject(*sandbox);
-    if (options.wantXrays && !JS_WrapValue(cx, vp))
-        return NS_ERROR_UNEXPECTED;
-    if (!options.wantXrays && !xpc::WrapperFactory::WaiveXrayAndWrap(cx, vp))
+    if (!JS_WrapValue(cx, vp))
         return NS_ERROR_UNEXPECTED;
 
     // Set the location information for the new global, so that tools like
     // about:memory may use that information
     xpc::SetLocationForGlobal(sandbox, options.sandboxName);
 
     xpc::SetSandboxMetadata(cx, sandbox, options.metadata);
 
@@ -1434,16 +1429,22 @@ nsXPCComponents_utils_Sandbox::CallOrCon
         }
     }
 
     rv = CreateSandboxObject(cx, args.rval(), prinOrSop, options);
 
     if (NS_FAILED(rv))
         return ThrowAndFail(rv, cx, _retval);
 
+    // We have this crazy behavior where wantXrays=false also implies that the
+    // returned sandbox is implicitly waived. We've stopped advertising it, but
+    // keep supporting it for now.
+    if (!options.wantXrays && !xpc::WrapperFactory::WaiveXrayAndWrap(cx, args.rval()))
+        return NS_ERROR_UNEXPECTED;
+
     *_retval = true;
     return NS_OK;
 }
 
 class ContextHolder : public nsIScriptObjectPrincipal
 {
 public:
     ContextHolder(JSContext *aOuterCx, HandleObject aSandbox, nsIPrincipal *aPrincipal);
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -208,21 +208,16 @@ XPCWrappedNativeScope::EnsureContentXBLS
 
     // If this scope doesn't need an XBL scope, just return the global.
     if (!mUseContentXBLScope)
         return global;
 
     // Set up the sandbox options. Note that we use the DOM global as the
     // sandboxPrototype so that the XBL scope can access all the DOM objects
     // it's accustomed to accessing.
-    //
-    // NB: One would think that wantXrays wouldn't make a difference here.
-    // However, wantXrays lives a secret double life, and one of its other
-    // hobbies is to waive Xray on the returned sandbox when set to false.
-    // So make sure to keep this set to true, here.
     SandboxOptions options;
     options.wantXrays = true;
     options.wantComponents = true;
     options.proto = global;
     options.sameZoneAs = global;
 
     // Use an nsExpandedPrincipal to create asymmetric security.
     nsIPrincipal *principal = GetPrincipal();