mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1575711 - CallerSubsumes should return false for remote object proxies. r=peterv 

This check is used to reject cross-origin objects from being passed in
as |any| or |object| parameters to WebIDL methods. Remote object
proxies are technically same-origin, but we want to make them behave
the same as when Fission is not enabled.

Differential Revision: https://phabricator.services.mozilla.com/D43105

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Andrew McCreight 2019-08-26 18:26:02 +00:00
Родитель 77056e86ec
Коммит 2a7c750b84
2 изменённых файлов: 16 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
dom/bindings/BindingUtils.cpp
Просмотреть файл

@ -3283,6 +3283,12 @@ void AssertReturnTypeMatchesJitinfo(const JSJitInfo* aJitInfo,
#endif
bool CallerSubsumes(JSObject* aObject) {
// Remote object proxies are not CCWs, so unwrapping them does not get you
// their "real" principal, but we want to treat them like cross-origin objects
// when considering them as WebIDL arguments, for consistency.
if (IsRemoteObjectProxy(aObject)) {
return false;
}
nsIPrincipal* objPrin =
nsContentUtils::ObjectPrincipal(js::UncheckedUnwrap(aObject));
return nsContentUtils::SubjectPrincipal()->Subsumes(objPrin);

10
dom/bindings/test/test_bug1036214.html
Просмотреть файл

@ -15,6 +15,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1036214
SimpleTest.waitForExplicitFinish();
var xoObjects = [];
function setup() {
// window[0] is same-process and cross-origin, even with Fission enabled.
xoObjects.push(window[0]);
xoObjects.push(window[0].location);
xoObjects.push(SpecialPowers.unwrap(SpecialPowers.wrap(window[0]).document));
@ -23,6 +24,14 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1036214
SpecialPowers.pushPrefEnv({set: [["dom.expose_test_interfaces", true]]}, go);
}
function setup2() {
if (SpecialPowers.useRemoteSubframes) {
// window[1] is cross-origin and out of process, with Fission enabled.
xoObjects.push(window[1]);
xoObjects.push(window[1].location);
}
}
function checkThrows(f, msg) {
try {
f();
@ -127,5 +136,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1036214
<pre id="test">
</pre>
<iframe id="ifr" onload="setup();" src="http://test1.mochi.test:8888/tests/js/xpconnect/tests/mochitest/file_empty.html"></iframe>
<iframe id="ifr2" onload="setup2();" src="http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html"></iframe>
</body>
</html>