From f485a6c791b5525d508e893e8bf593ad105cd952 Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Fri, 2 Nov 2012 13:27:59 +0100 Subject: [PATCH] Bug 805807 - Make Components wrapper throw on denial. r=mrbkap There's really no reason to use the wishy-washy static COW Deny() here. Also, note that the xpcshell-test wasn't testing what it thought it was - interfaces is accessible from content code. --- .../libeditor/html/tests/test_bug468353.html | 1 - js/xpconnect/tests/unit/test_components.js | 35 +++++++++---------- js/xpconnect/wrappers/AccessCheck.cpp | 3 +- .../tests/chrome/sandbox_content_perms.html | 11 +++++- 4 files changed, 28 insertions(+), 22 deletions(-) diff --git a/editor/libeditor/html/tests/test_bug468353.html b/editor/libeditor/html/tests/test_bug468353.html index dd5981fde924..f64581860b9a 100644 --- a/editor/libeditor/html/tests/test_bug468353.html +++ b/editor/libeditor/html/tests/test_bug468353.html @@ -42,7 +42,6 @@ function checkStylesheets() { function runTest() { const Ci = SpecialPowers.Ci; - const Cc = SpecialPowers.Components.classes; /** Found while fixing bug 440614 **/ var editframe = window.frames[0]; diff --git a/js/xpconnect/tests/unit/test_components.js b/js/xpconnect/tests/unit/test_components.js index 5bd1b62bbb54..7cff627e47a6 100644 --- a/js/xpconnect/tests/unit/test_components.js +++ b/js/xpconnect/tests/unit/test_components.js @@ -1,5 +1,6 @@ +const Cu = Components.utils; + function run_test() { - var Cu = Components.utils; var sb1 = Cu.Sandbox("http://www.blah.com"); var sb2 = Cu.Sandbox("http://www.blah.com"); var sb3 = Cu.Sandbox(this); @@ -13,25 +14,19 @@ function run_test() { // non-chrome accessing chrome Components sb1.C = Components; - rv = Cu.evalInSandbox("C.utils", sb1); - do_check_eq(rv, undefined); - rv = Cu.evalInSandbox("C.interfaces", sb1); - do_check_neq(rv, undefined); + checkThrows("C.utils", sb1); + checkThrows("C.classes", sb1); // non-chrome accessing own Components - rv = Cu.evalInSandbox("Components.utils", sb1); - do_check_eq(rv, undefined); - rv = Cu.evalInSandbox("Components.interfaces", sb1); - do_check_neq(rv, undefined); + checkThrows("Components.utils", sb1); + checkThrows("Components.classes", sb1); // non-chrome same origin var C2 = Cu.evalInSandbox("Components", sb2); - do_check_neq(rv, C2.utils); + do_check_neq(rv, C2.utils); sb1.C2 = C2; - rv = Cu.evalInSandbox("C2.utils", sb1); - do_check_eq(rv, undefined); - rv = Cu.evalInSandbox("C2.interfaces", sb1); - do_check_neq(rv, undefined); + checkThrows("C2.utils", sb1); + checkThrows("C2.classes", sb1); // chrome accessing chrome sb3.C = Components; @@ -40,9 +35,11 @@ function run_test() { // non-chrome cross origin sb4.C2 = C2; - rv = Cu.evalInSandbox("C2.interfaces", sb1); - do_check_neq(rv, undefined); - rv = Cu.evalInSandbox("C2.utils", sb1); - do_check_eq(rv, undefined); - + checkThrows("C2.utils", sb1); + checkThrows("C2.classes", sb1); +} + +function checkThrows(expression, sb) { + var result = Cu.evalInSandbox('(function() { try { ' + expression + '; return "allowed"; } catch (e) { return e.toString(); }})();', sb); + do_check_true(!!/denied/.exec(result)); } diff --git a/js/xpconnect/wrappers/AccessCheck.cpp b/js/xpconnect/wrappers/AccessCheck.cpp index 2d4744eb1dcf..ad986e758fd6 100644 --- a/js/xpconnect/wrappers/AccessCheck.cpp +++ b/js/xpconnect/wrappers/AccessCheck.cpp @@ -523,7 +523,8 @@ ComponentsObjectPolicy::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper return true; } - return Deny(cx, id, act); + AccessCheck::deny(cx, id); + return false; } } diff --git a/toolkit/identity/tests/chrome/sandbox_content_perms.html b/toolkit/identity/tests/chrome/sandbox_content_perms.html index 1f99dd5d2882..59905f13c241 100644 --- a/toolkit/identity/tests/chrome/sandbox_content_perms.html +++ b/toolkit/identity/tests/chrome/sandbox_content_perms.html @@ -18,6 +18,15 @@ return false; } + function CcDenied() { + try { + Components.classes; + return false; + } catch (e) { + return !!/denied/.exec(e); + } + } + // Build an object with test results (true = pass) let results = { windowTop: window.top == window, @@ -28,7 +37,7 @@ .docCharsetIsForced; }), - ccAccess: SpecialPowers.Components.classes == null, + ccAccess: !!CcDenied(), }; let resultsJSON = JSON.stringify(results);