зеркало из https://github.com/mozilla/gecko-dev.git
Bug 604430 - Make the wantXrays flag apply to values obtained off of the sandbox object itself. r=peterv
--HG-- extra : rebase_source : 5c4c04829b8db95cc47954b11152ec328bbd7b98
This commit is contained in:
Родитель
c125a74d1a
Коммит
8fcb8ca6f8
|
@ -942,7 +942,7 @@ static JSClass xpcTempGlobalClass = {
|
|||
nsresult
|
||||
xpc_CreateGlobalObject(JSContext *cx, JSClass *clasp,
|
||||
const nsACString &origin, nsIPrincipal *principal,
|
||||
bool preferXrays, JSObject **global,
|
||||
bool wantXrays, JSObject **global,
|
||||
JSCompartment **compartment)
|
||||
{
|
||||
XPCCompartmentMap& map = nsXPConnect::GetRuntimeInstance()->GetCompartmentMap();
|
||||
|
@ -973,7 +973,7 @@ xpc_CreateGlobalObject(JSContext *cx, JSClass *clasp,
|
|||
js::SwitchToCompartment sc(cx, *compartment);
|
||||
|
||||
xpc::CompartmentPrivate *priv =
|
||||
new xpc::CompartmentPrivate(ToNewCString(local_origin), preferXrays);
|
||||
new xpc::CompartmentPrivate(ToNewCString(local_origin), wantXrays);
|
||||
JS_SetCompartmentPrivate(cx, *compartment, priv);
|
||||
map.Put(local_origin, *compartment);
|
||||
}
|
||||
|
|
|
@ -3165,6 +3165,15 @@ NS_IMPL_THREADSAFE_RELEASE(nsXPCComponents_utils_Sandbox)
|
|||
#include "xpc_map_end.h" /* This #undef's the above. */
|
||||
|
||||
#ifndef XPCONNECT_STANDALONE
|
||||
|
||||
static bool
|
||||
WrapForSandbox(JSContext *cx, bool wantXrays, jsval *vp)
|
||||
{
|
||||
return wantXrays
|
||||
? JS_WrapValue(cx, vp)
|
||||
: xpc::WrapperFactory::WaiveXrayAndWrap(cx, vp);
|
||||
}
|
||||
|
||||
nsresult
|
||||
xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop, JSObject *proto,
|
||||
bool wantXrays)
|
||||
|
@ -3263,7 +3272,7 @@ xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop, JSOb
|
|||
|
||||
if (vp) {
|
||||
*vp = OBJECT_TO_JSVAL(sandbox);
|
||||
if (!JS_WrapValue(cx, vp)) {
|
||||
if (!WrapForSandbox(cx, wantXrays, vp)) {
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
}
|
||||
|
@ -3732,7 +3741,11 @@ xpc_EvalInSandbox(JSContext *cx, JSObject *sandbox, const nsAString& source,
|
|||
v = STRING_TO_JSVAL(str);
|
||||
}
|
||||
|
||||
if (!ac.enter(cx, callingScope) || !JS_WrapValue(cx, &v)) {
|
||||
xpc::CompartmentPrivate *sandboxdata =
|
||||
static_cast<xpc::CompartmentPrivate *>
|
||||
(JS_GetCompartmentPrivate(cx, sandbox->getCompartment()));
|
||||
if (!ac.enter(cx, callingScope) ||
|
||||
!WrapForSandbox(cx, sandboxdata->wantXrays, &v)) {
|
||||
rv = NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
|
|
|
@ -4431,13 +4431,13 @@ namespace xpc {
|
|||
|
||||
struct CompartmentPrivate
|
||||
{
|
||||
CompartmentPrivate(char *origin, bool preferXrays)
|
||||
CompartmentPrivate(char *origin, bool wantXrays)
|
||||
: origin(origin),
|
||||
preferXrays(preferXrays)
|
||||
wantXrays(wantXrays)
|
||||
{
|
||||
}
|
||||
char *origin;
|
||||
bool preferXrays;
|
||||
bool wantXrays;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
nsresult
|
||||
xpc_CreateGlobalObject(JSContext *cx, JSClass *clasp,
|
||||
const nsACString &origin, nsIPrincipal *principal,
|
||||
bool preferXrays, JSObject **global,
|
||||
bool wantXrays, JSObject **global,
|
||||
JSCompartment **compartment);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -43,27 +43,37 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=533596
|
|||
"return value was rewrapped correctly");
|
||||
}
|
||||
|
||||
function checkCrossOriginXrayedSandbox(sandbox)
|
||||
{
|
||||
ok(Cu.evalInSandbox("('wrappedJSObject' in this.document);", sandbox),
|
||||
"wrappers inside eIS are Xrays");
|
||||
ok(Cu.evalInSandbox("!('foo' in this.document);", sandbox),
|
||||
"must not see expandos");
|
||||
ok('wrappedJSObject' in Cu.evalInSandbox("this.document", sandbox),
|
||||
"wrappers returned from the sandbox are Xrays");
|
||||
ok(!("foo" in Cu.evalInSandbox("this.document", sandbox)),
|
||||
"must not see expandos in wrappers returned from the sandbox");
|
||||
|
||||
ok('wrappedJSObject' in sandbox.document,
|
||||
"values obtained from the sandbox are Xrays");
|
||||
ok(!("foo" in sandbox.document),
|
||||
"must not see expandos in wrappers obtained from the sandbox");
|
||||
|
||||
}
|
||||
|
||||
function checkCrossOrigin(ifr) {
|
||||
var win = ifr.contentWindow;
|
||||
var sandbox =
|
||||
new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: true } );
|
||||
|
||||
checkCrossOriginSandbox(sandbox);
|
||||
|
||||
ok(Cu.evalInSandbox("('wrappedJSObject' in this.document);", sandbox),
|
||||
"wrappers inside eIS are XPCNativeWrappers");
|
||||
ok(Cu.evalInSandbox("!('foo' in this.document);", sandbox),
|
||||
"must not see expandos");
|
||||
checkCrossOriginXrayedSandbox(sandbox);
|
||||
|
||||
sandbox =
|
||||
new Cu.Sandbox(win, { sandboxPrototype: win } );
|
||||
|
||||
checkCrossOriginSandbox(sandbox);
|
||||
|
||||
ok(Cu.evalInSandbox("('wrappedJSObject' in this.document);", sandbox),
|
||||
"wrappers inside eIS are XPCNativeWrappers");
|
||||
ok(Cu.evalInSandbox("!('foo' in this.document);", sandbox),
|
||||
"must not see expandos");
|
||||
checkCrossOriginXrayedSandbox(sandbox);
|
||||
|
||||
sandbox =
|
||||
new Cu.Sandbox(win, { sandboxPrototype: win, wantXrays: false } );
|
||||
|
@ -72,6 +82,11 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=533596
|
|||
|
||||
ok(Cu.evalInSandbox("('foo' in this.document);", sandbox),
|
||||
"can see expandos");
|
||||
ok(("foo" in Cu.evalInSandbox("this.document", sandbox)),
|
||||
"must see expandos in wrappers returned from the sandbox");
|
||||
|
||||
ok(("foo" in sandbox.document),
|
||||
"must see expandos in wrappers obtained from the sandbox");
|
||||
|
||||
testDone();
|
||||
}
|
||||
|
|
|
@ -216,7 +216,7 @@ WrapperFactory::Rewrap(JSContext *cx, JSObject *obj, JSObject *wrappedProto, JSO
|
|||
if (AccessCheck::needsSystemOnlyWrapper(obj)) {
|
||||
wrapper = &FilteringWrapper<JSCrossCompartmentWrapper,
|
||||
OnlyIfSubjectIsSystem>::singleton;
|
||||
} else if (targetdata && targetdata->preferXrays && IS_WN_WRAPPER(obj)) {
|
||||
} else if (targetdata && targetdata->wantXrays && IS_WN_WRAPPER(obj)) {
|
||||
typedef XrayWrapper<JSCrossCompartmentWrapper, CrossCompartmentXray> Xray;
|
||||
wrapper = &Xray::singleton;
|
||||
xrayHolder = Xray::createHolder(cx, obj, parent);
|
||||
|
|
Загрузка…
Ссылка в новой задаче