зеркало из https://github.com/mozilla/gecko-dev.git
Fixing bug 377356. Move code around to ensure security checks are always done against the right object. r+sr=bzbarsky@mit.edu
This commit is contained in:
Родитель
e499c7c3a7
Коммит
8e554b972d
|
@ -6543,6 +6543,19 @@ nsEventReceiverSH::AddEventListenerHelper(JSContext *cx, JSObject *obj,
|
|||
return JS_FALSE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIXPConnectWrappedNative> wrapper;
|
||||
nsresult rv =
|
||||
sXPConnect->GetWrappedNativeOfJSObject(cx, obj, getter_AddRefs(wrapper));
|
||||
if (NS_FAILED(rv)) {
|
||||
nsDOMClassInfo::ThrowJSException(cx, rv);
|
||||
|
||||
return JS_FALSE;
|
||||
}
|
||||
|
||||
// Set obj to be the object on which we'll actually register the
|
||||
// event listener.
|
||||
wrapper->GetJSObject(&obj);
|
||||
|
||||
// Check that the caller has permission to call obj's addEventListener.
|
||||
if (NS_FAILED(sSecMan->CheckPropertyAccess(cx, obj,
|
||||
JS_GET_CLASS(cx, obj)->name,
|
||||
|
@ -6559,15 +6572,6 @@ nsEventReceiverSH::AddEventListenerHelper(JSContext *cx, JSObject *obj,
|
|||
return JS_FALSE;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIXPConnectWrappedNative> wrapper;
|
||||
nsresult rv =
|
||||
sXPConnect->GetWrappedNativeOfJSObject(cx, obj, getter_AddRefs(wrapper));
|
||||
if (NS_FAILED(rv)) {
|
||||
nsDOMClassInfo::ThrowJSException(cx, rv);
|
||||
|
||||
return JS_FALSE;
|
||||
}
|
||||
|
||||
if (JSVAL_IS_PRIMITIVE(argv[1])) {
|
||||
// The second argument must be a function, or a
|
||||
// nsIDOMEventListener. Throw an error.
|
||||
|
|
Загрузка…
Ссылка в новой задаче