From 6629d14a069bdf37dd616ad5c0e424c962bb1819 Mon Sep 17 00:00:00 2001 From: Blake Kaplan Date: Fri, 4 May 2012 14:22:55 +0200 Subject: [PATCH] Bug 751858 - Actually throw when we deny access. r=bholley --- js/xpconnect/wrappers/AccessCheck.cpp | 6 ++---- js/xpconnect/wrappers/AccessCheck.h | 9 ++++----- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/js/xpconnect/wrappers/AccessCheck.cpp b/js/xpconnect/wrappers/AccessCheck.cpp index ce93bdf1ef63..5aa59cd9ca67 100644 --- a/js/xpconnect/wrappers/AccessCheck.cpp +++ b/js/xpconnect/wrappers/AccessCheck.cpp @@ -455,12 +455,10 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper: perm = PermitObjectAccess; return true; } - if (act == Wrapper::PUNCTURE) { - perm = DenyAccess; - return false; - } perm = DenyAccess; + if (act == Wrapper::PUNCTURE) + return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny jsid exposedPropsId = GetRTIdByIndex(cx, XPCJSRuntime::IDX_EXPOSEDPROPS); diff --git a/js/xpconnect/wrappers/AccessCheck.h b/js/xpconnect/wrappers/AccessCheck.h index 703bd70bdcc4..75a85ee99dc8 100644 --- a/js/xpconnect/wrappers/AccessCheck.h +++ b/js/xpconnect/wrappers/AccessCheck.h @@ -120,14 +120,13 @@ struct LocationPolicy : public Policy { perm = DenyAccess; // Location object security is complicated enough. Don't allow punctures. - if (act == js::Wrapper::PUNCTURE) - return false; - - if (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) || - AccessCheck::isLocationObjectSameOrigin(cx, wrapper)) { + if (act != js::Wrapper::PUNCTURE && + (AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act) || + AccessCheck::isLocationObjectSameOrigin(cx, wrapper))) { perm = PermitPropertyAccess; return true; } + JSAutoEnterCompartment ac; if (!ac.enter(cx, wrapper)) return false;