Bug 610941 - Don't resolve prototypes for things that aren't windows. r=jst

2010-12-02 14:35:27 -08:00 · 2010-12-02 14:35:27 -08:00 · edddd018b8
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@ -4701,7 +4701,7 @@ nsDOMClassInfo::PostCreatePrototype(JSContext * cx, JSObject * proto)
  // XXX Is there a better way to check this?
  nsISupports *globalNative = XPConnect()->GetNativeOfWrapper(cx, global);
  nsCOMPtr<nsPIDOMWindow> piwin = do_QueryInterface(globalNative);
-  if(!piwin) {
+  if (!piwin) {
    return NS_OK;
  }

@ -4709,6 +4709,15 @@ nsDOMClassInfo::PostCreatePrototype(JSContext * cx, JSObject * proto)
  if (win->IsClosedOrClosing()) {
    return NS_OK;
  }
+
+  // If the window is in a different compartment than the global object, then
+  // it's likely that global is a sandbox object whose prototype is a window.
+  // Don't do anything in this case.
+  if (win->FastGetGlobalJSObject() &&
+      global->compartment() != win->FastGetGlobalJSObject()->compartment()) {
+    return NS_OK;
+  }
+
  if (win->IsOuterWindow()) {
    // XXXjst: Do security checks here when we remove the security
    // checks on the inner window.