зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1353150. Add a preference that controls whether named properties object properties are exposed on Xrays, with a default of "not exposed in web extension content scripts". r=bholley
MozReview-Commit-ID: E8CqW16uH3M
This commit is contained in:
Родитель
823fdb1a4e
Коммит
ca77a52851
|
@ -7,6 +7,7 @@
|
|||
#include "WindowNamedPropertiesHandler.h"
|
||||
#include "mozilla/dom/EventTargetBinding.h"
|
||||
#include "mozilla/dom/WindowBinding.h"
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "nsContentUtils.h"
|
||||
#include "nsDOMClassInfo.h"
|
||||
#include "nsDOMWindowList.h"
|
||||
|
@ -237,11 +238,56 @@ WindowNamedPropertiesHandler::delete_(JSContext* aCx,
|
|||
return aResult.failCantDeleteWindowNamedProperty();
|
||||
}
|
||||
|
||||
static bool
|
||||
IsWebExtensionContentScript(JSContext* aCx)
|
||||
{
|
||||
auto* priv = xpc::CompartmentPrivate::Get(JS::CurrentGlobalOrNull(aCx));
|
||||
return priv->isWebExtensionContentScript;
|
||||
}
|
||||
|
||||
static const int32_t kAlwaysAllowNamedPropertiesObject = 0;
|
||||
static const int32_t kDisallowNamedPropertiesObjectForContentScripts = 1;
|
||||
static const int32_t kDisallowNamedPropertiesObjectForXrays = 2;
|
||||
|
||||
static bool
|
||||
AllowNamedPropertiesObject(JSContext* aCx)
|
||||
{
|
||||
static int32_t sAllowed;
|
||||
static bool sAllowedCached = false;
|
||||
if (!sAllowedCached) {
|
||||
Preferences::AddIntVarCache(&sAllowed,
|
||||
"dom.allow_named_properties_object_for_xrays",
|
||||
kDisallowNamedPropertiesObjectForContentScripts);
|
||||
sAllowedCached = true;
|
||||
}
|
||||
|
||||
if (sAllowed == kDisallowNamedPropertiesObjectForXrays) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (sAllowed == kAlwaysAllowNamedPropertiesObject) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (sAllowed == kDisallowNamedPropertiesObjectForContentScripts) {
|
||||
return !IsWebExtensionContentScript(aCx);
|
||||
}
|
||||
|
||||
NS_WARNING("Unknown value for dom.allow_named_properties_object_for_xrays");
|
||||
// Fail open for now.
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
static bool
|
||||
ResolveWindowNamedProperty(JSContext* aCx, JS::Handle<JSObject*> aWrapper,
|
||||
JS::Handle<JSObject*> aObj, JS::Handle<jsid> aId,
|
||||
JS::MutableHandle<JS::PropertyDescriptor> aDesc)
|
||||
{
|
||||
if (!AllowNamedPropertiesObject(aCx)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
{
|
||||
JSAutoCompartment ac(aCx, aObj);
|
||||
if (!js::GetProxyHandler(aObj)->getOwnPropertyDescriptor(aCx, aObj, aId,
|
||||
|
@ -264,6 +310,10 @@ EnumerateWindowNamedProperties(JSContext* aCx, JS::Handle<JSObject*> aWrapper,
|
|||
JS::Handle<JSObject*> aObj,
|
||||
JS::AutoIdVector& aProps)
|
||||
{
|
||||
if (!AllowNamedPropertiesObject(aCx)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
JSAutoCompartment ac(aCx, aObj);
|
||||
return js::GetProxyHandler(aObj)->ownPropertyKeys(aCx, aObj, aProps);
|
||||
}
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
|
||||
/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
|
@ -1237,6 +1238,13 @@ pref("dom.webapps.useCurrentProfile", false);
|
|||
|
||||
pref("dom.cycle_collector.incremental", true);
|
||||
|
||||
// Whether Xrays expose properties from the named properties object (aka global
|
||||
// scope polluter). Values are:
|
||||
// 0 = properties exposed on Xrays
|
||||
// 1 = properties exposed on Xrays, except in web extension content scripts.
|
||||
// 2 = properties not exposed on xrays
|
||||
pref("dom.allow_named_properties_object_for_xrays", 1);
|
||||
|
||||
// Parsing perf prefs. For now just mimic what the old code did.
|
||||
#ifndef XP_WIN
|
||||
pref("content.sink.pending_event_mode", 0);
|
||||
|
|
Загрузка…
Ссылка в новой задаче