From e9fce7a3ae5176ce092e7eabd1534f237f1e1243 Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Thu, 16 Aug 2012 12:25:39 -0700 Subject: [PATCH] Bug 781476 - Cross-compartment wrap same-origin objects with PreCreate even if PreCreate requests one wrapper per scope. r=mrbkap --- js/xpconnect/wrappers/WrapperFactory.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/js/xpconnect/wrappers/WrapperFactory.cpp b/js/xpconnect/wrappers/WrapperFactory.cpp index 726a820a3476..63dc0e191fb4 100644 --- a/js/xpconnect/wrappers/WrapperFactory.cpp +++ b/js/xpconnect/wrappers/WrapperFactory.cpp @@ -229,6 +229,15 @@ WrapperFactory::PrepareForWrapping(JSContext *cx, JSObject *scope, JSObject *obj // Ok, must be case (1). Fall through and create a new wrapper. } + + // Nasty hack for late-breaking bug 781476. This will confuse identity checks, + // but it's probably better than any of our alternatives. + if (!AccessCheck::isChrome(js::GetObjectCompartment(scope)) && + AccessCheck::subsumes(js::GetObjectCompartment(scope), + js::GetObjectCompartment(obj))) + { + return DoubleWrap(cx, obj, flags); + } } }