From 531fb8a6049a0789de3051af8a829dba1375a65a Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Thu, 16 Oct 2014 15:28:30 +0200 Subject: [PATCH] Bug 1083427 - Remove exposedProps from sandbox code. r=gabor --- addon-sdk/source/lib/sdk/content/sandbox.js | 33 +++++-------------- .../lib/sdk/deprecated/traits-worker.js | 29 ++++------------ 2 files changed, 14 insertions(+), 48 deletions(-) diff --git a/addon-sdk/source/lib/sdk/content/sandbox.js b/addon-sdk/source/lib/sdk/content/sandbox.js index 1676ebb3e333..cd6585234df6 100644 --- a/addon-sdk/source/lib/sdk/content/sandbox.js +++ b/addon-sdk/source/lib/sdk/content/sandbox.js @@ -176,12 +176,8 @@ const WorkerSandbox = Class({ // by trading two methods that allow to send events to the other side: // - `onEvent` called by content script // - `result.emitToContent` called by addon script - // Bug 758203: We have to explicitely define `__exposedProps__` in order - // to allow access to these chrome object attributes from this sandbox with - // content priviledges - // https://developer.mozilla.org/en/XPConnect_wrappers#Other_security_wrappers let onEvent = onContentEvent.bind(null, this); - let chromeAPI = createChromeAPI(); + let chromeAPI = createChromeAPI(ContentWorker); let result = Cu.waiveXrays(ContentWorker).inject(content, chromeAPI, onEvent, options); // Merge `emitToContent` into our private model of the @@ -379,29 +375,16 @@ function emitToContent (workerSandbox, args) { return modelFor(workerSandbox).emitToContent(args); } -function createChromeAPI () { - return { +function createChromeAPI (scope) { + return Cu.cloneInto({ timers: { - setTimeout: timer.setTimeout, - setInterval: timer.setInterval, - clearTimeout: timer.clearTimeout, - clearInterval: timer.clearInterval, - __exposedProps__: { - setTimeout: 'r', - setInterval: 'r', - clearTimeout: 'r', - clearInterval: 'r' - }, + setTimeout: timer.setTimeout.bind(timer), + setInterval: timer.setInterval.bind(timer), + clearTimeout: timer.clearTimeout.bind(timer), + clearInterval: timer.clearInterval.bind(timer), }, sandbox: { evaluate: evaluate, - __exposedProps__: { - evaluate: 'r' - } }, - __exposedProps__: { - timers: 'r', - sandbox: 'r' - } - }; + }, scope, {cloneFunctions: true}); } diff --git a/addon-sdk/source/lib/sdk/deprecated/traits-worker.js b/addon-sdk/source/lib/sdk/deprecated/traits-worker.js index 69b559958209..52974a8fc9eb 100644 --- a/addon-sdk/source/lib/sdk/deprecated/traits-worker.js +++ b/addon-sdk/source/lib/sdk/deprecated/traits-worker.js @@ -184,34 +184,17 @@ const WorkerSandbox = EventEmitter.compose({ // by trading two methods that allow to send events to the other side: // - `onEvent` called by content script // - `result.emitToContent` called by addon script - // Bug 758203: We have to explicitely define `__exposedProps__` in order - // to allow access to these chrome object attributes from this sandbox with - // content priviledges - // https://developer.mozilla.org/en/XPConnect_wrappers#Other_security_wrappers - let chromeAPI = { + let chromeAPI = Cu.cloneInto({ timers: { - setTimeout: timer.setTimeout, - setInterval: timer.setInterval, - clearTimeout: timer.clearTimeout, - clearInterval: timer.clearInterval, - __exposedProps__: { - setTimeout: 'r', - setInterval: 'r', - clearTimeout: 'r', - clearInterval: 'r' - } + setTimeout: timer.setTimeout.bind(timer), + setInterval: timer.setInterval.bind(timer), + clearTimeout: timer.clearTimeout.bind(timer), + clearInterval: timer.clearInterval.bind(timer), }, sandbox: { evaluate: evaluate, - __exposedProps__: { - evaluate: 'r', - } }, - __exposedProps__: { - timers: 'r', - sandbox: 'r', - } - }; + }, ContentWorker, {cloneFunctions: true}); let onEvent = this._onContentEvent.bind(this); let result = Cu.waiveXrays(ContentWorker).inject(content, chromeAPI, onEvent, options); this._emitToContent = result;