mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1185360 - PostMessageEvent should not have a different behavior if the main principal subsumes the destination one., r=smaug

This commit is contained in:
Andrea Marchesini 2015-07-22 17:01:55 +01:00
Родитель d2a76a0465
Коммит 3fafd87671
3 изменённых файлов: 5 добавлений и 12 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

9
dom/base/PostMessageEvent.cpp
Просмотреть файл

@ -26,7 +26,6 @@ namespace {
struct StructuredCloneInfo struct StructuredCloneInfo
{ {
PostMessageEvent* event; PostMessageEvent* event;
bool subsumes;
nsPIDOMWindow* window; nsPIDOMWindow* window;
// This hashtable contains the transferred ports - used to avoid duplicates. // This hashtable contains the transferred ports - used to avoid duplicates.
@ -117,7 +116,7 @@ PostMessageEvent::WriteStructuredClone(JSContext* cx,
// See if this is a File/Blob object. // See if this is a File/Blob object.
{ {
Blob* blob = nullptr; Blob* blob = nullptr;
if (scInfo->subsumes && NS_SUCCEEDED(UNWRAP_OBJECT(Blob, obj, blob))) { if (NS_SUCCEEDED(UNWRAP_OBJECT(Blob, obj, blob))) {
BlobImpl* blobImpl = blob->Impl(); BlobImpl* blobImpl = blob->Impl();
if (JS_WriteUint32Pair(writer, SCTAG_DOM_BLOB, 0) && if (JS_WriteUint32Pair(writer, SCTAG_DOM_BLOB, 0) &&
JS_WriteBytes(writer, &blobImpl, sizeof(blobImpl))) { JS_WriteBytes(writer, &blobImpl, sizeof(blobImpl))) {
@ -135,7 +134,7 @@ PostMessageEvent::WriteStructuredClone(JSContext* cx,
nsISupports* supports = wrappedNative->Native(); nsISupports* supports = wrappedNative->Native();
nsCOMPtr<nsIDOMFileList> list = do_QueryInterface(supports); nsCOMPtr<nsIDOMFileList> list = do_QueryInterface(supports);
if (list && scInfo->subsumes) if (list)
scTag = SCTAG_DOM_FILELIST; scTag = SCTAG_DOM_FILELIST;
if (scTag) if (scTag)
@ -379,15 +378,13 @@ PostMessageEvent::Run()
bool bool
PostMessageEvent::Write(JSContext* aCx, JS::Handle<JS::Value> aMessage, PostMessageEvent::Write(JSContext* aCx, JS::Handle<JS::Value> aMessage,
JS::Handle<JS::Value> aTransfer, bool aSubsumes, JS::Handle<JS::Value> aTransfer, nsPIDOMWindow* aWindow)
nsPIDOMWindow* aWindow)
{ {
// We *must* clone the data here, or the JS::Value could be modified // We *must* clone the data here, or the JS::Value could be modified
// by script // by script
StructuredCloneInfo scInfo; StructuredCloneInfo scInfo;
scInfo.event = this; scInfo.event = this;
scInfo.window = aWindow; scInfo.window = aWindow;
scInfo.subsumes = aSubsumes;
return mBuffer.write(aCx, aMessage, aTransfer, &sPostMessageCallbacks, return mBuffer.write(aCx, aMessage, aTransfer, &sPostMessageCallbacks,
&scInfo); &scInfo);

3
dom/base/PostMessageEvent.h
Просмотреть файл

@ -39,8 +39,7 @@ public:
bool aTrustedCaller); bool aTrustedCaller);
bool Write(JSContext* aCx, JS::Handle<JS::Value> aMessage, bool Write(JSContext* aCx, JS::Handle<JS::Value> aMessage,
JS::Handle<JS::Value> aTransfer, bool aSubsumes, JS::Handle<JS::Value> aTransfer, nsPIDOMWindow* aWindow);
nsPIDOMWindow* aWindow);
private: private:
~PostMessageEvent(); ~PostMessageEvent();

5
dom/base/nsGlobalWindow.cpp
Просмотреть файл

@ -8561,13 +8561,10 @@ nsGlobalWindow::PostMessageMozOuter(JSContext* aCx, JS::Handle<JS::Value> aMessa
providedPrincipal, providedPrincipal,
nsContentUtils::IsCallerChrome()); nsContentUtils::IsCallerChrome());
nsIPrincipal* principal = GetPrincipal();
JS::Rooted<JS::Value> message(aCx, aMessage); JS::Rooted<JS::Value> message(aCx, aMessage);
JS::Rooted<JS::Value> transfer(aCx, aTransfer); JS::Rooted<JS::Value> transfer(aCx, aTransfer);
bool subsumes;
if (NS_FAILED(callerPrin->Subsumes(principal, &subsumes)) || if (!event->Write(aCx, message, transfer, this)) {
!event->Write(aCx, message, transfer, subsumes, this)) {
aError.Throw(NS_ERROR_DOM_DATA_CLONE_ERR); aError.Throw(NS_ERROR_DOM_DATA_CLONE_ERR);
return; return;
} }