Bug 912322 - Stop making XBL methods available to the web. r=bz
☠☠ backed out by b2730cc16df1 ☠ ☠
authorBobby Holley <bobbyholley@gmail.com>
Wed, 04 Sep 2013 19:05:52 -0700
changeset 145983 e46601eb7279c2896af0f178f30dddebe86fae02
parent 145982 d15d14b1e637f751d3fdeeb092129ad0e8ac3532
child 145984 ebb5b0609fe601da56ea5500381f79d8fe7d8d85
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewersbz
bugs912322
milestone26.0a1
Bug 912322 - Stop making XBL methods available to the web. r=bz
dom/webidl/Document.webidl
js/xpconnect/tests/mochitest/Makefile.in
js/xpconnect/tests/mochitest/test_bug912322.html
--- a/dom/webidl/Document.webidl
+++ b/dom/webidl/Document.webidl
@@ -272,21 +272,24 @@ partial interface Document {
   //(Not implemented)Element?  find(DOMString selectors, optional (Element or sequence<Node>)? refNodes);
   //(Not implemented)NodeList  findAll(DOMString selectors, optional (Element or sequence<Node>)? refNodes);
 };
 
 //  Mozilla extensions of various sorts
 partial interface Document {
   // nsIDOMDocumentXBL.  Wish we could make these [ChromeOnly], but
   // that would likely break bindings running with the page principal.
+  [Func="IsChromeOrXBL"]
   NodeList? getAnonymousNodes(Element elt);
+  [Func="IsChromeOrXBL"]
   Element? getAnonymousElementByAttribute(Element elt, DOMString attrName,
                                           DOMString attrValue);
+  [Func="IsChromeOrXBL"]
   Element? getBindingParent(Node node);
-  [Throws]
+  [Throws, Func="IsChromeOrXBL"]
   void loadBindingDocument(DOMString documentURL);
 
   // nsIDOMDocumentTouch
   // XXXbz I can't find the sane spec for this stuff, so just cribbing
   // from our xpidl for now.
   [Creator, Func="nsGenericHTMLElement::TouchEventsEnabled"]
   Touch createTouch(optional Window? view = null,
                     optional EventTarget? target = null,
--- a/js/xpconnect/tests/mochitest/Makefile.in
+++ b/js/xpconnect/tests/mochitest/Makefile.in
@@ -82,13 +82,14 @@ MOCHITEST_FILES =	chrome_wrappers_helper
 		file_bug802557.html \
 		test_bug803730.html \
 		test_bug809547.html \
 		test_bug829872.html \
 		test_bug862380.html \
 		test_bug865260.html \
 		test_bug870423.html \
 		test_bug871887.html \
+		test_bug912322.html \
 		file_crosscompartment_weakmap.html \
 		test_crosscompartment_weakmap.html \
 		test_asmjs.html \
 		file_asmjs.js \
 		$(NULL)
new file mode 100644
--- /dev/null
+++ b/js/xpconnect/tests/mochitest/test_bug912322.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=912322
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 912322</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+  <script type="application/javascript">
+
+  /** Test that XBL functions aren't exposed to the web. **/
+  funs = ['getAnonymousNodes', 'getAnonymousElementByAttribute',
+          'getBindingParent', 'loadBindingDocument'];
+  for (var f of funs) {
+    ok(!(f in document), f + " should not be available to content");
+    ok(f in SpecialPowers.wrap(document), f + " should be available to chrome via Xray");
+  }
+
+
+
+
+  </script>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=912322">Mozilla Bug 912322</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+</pre>
+</body>
+</html>