зеркало из https://github.com/mozilla/gecko-dev.git
bug 580128 - Fix evalInSandbox returning objects in the wrong compartment. r=jst
This commit is contained in:
Родитель
84f62c2607
Коммит
6c7cd79252
|
@ -4698,7 +4698,7 @@ BEGIN_CASE(JSOP_APPLY)
|
|||
JS_ASSERT(vp[1].isObjectOrNull() || PrimitiveThisTest(newfun, vp[1]));
|
||||
|
||||
Probes::enterJSFun(cx, newfun);
|
||||
JSBool ok = newfun->u.n.native(cx, argc, vp);
|
||||
JSBool ok = CallJSNative(cx, newfun->u.n.native, argc, vp);
|
||||
Probes::exitJSFun(cx, newfun);
|
||||
regs.sp = vp + 1;
|
||||
if (!ok)
|
||||
|
|
|
@ -3669,8 +3669,10 @@ xpc_EvalInSandbox(JSContext *cx, JSObject *sandbox, const nsAString& source,
|
|||
JSString *str = nsnull;
|
||||
|
||||
if (!ac.enter(sandcx->GetJSContext(), sandbox)) {
|
||||
// XXX HELP!
|
||||
NS_ABORT();
|
||||
if (stack) {
|
||||
stack->Pop(nsnull);
|
||||
}
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
JSBool ok =
|
||||
|
@ -3729,11 +3731,12 @@ xpc_EvalInSandbox(JSContext *cx, JSObject *sandbox, const nsAString& source,
|
|||
} else {
|
||||
// Convert the result into something safe for our caller.
|
||||
JSAutoRequest req(cx);
|
||||
JSAutoEnterCompartment ac;
|
||||
if (str) {
|
||||
v = STRING_TO_JSVAL(str);
|
||||
}
|
||||
|
||||
if (!JS_WrapValue(cx, &v)) {
|
||||
if (!ac.enter(cx, callingScope) || !JS_WrapValue(cx, &v)) {
|
||||
rv = NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче