This will still prevent them from accessing stuff (.length will be
undefined, etc), but seems better than unexpectedly throwing. This fixes
the issue at hand at least.
With this patch, we reject length accesses here:
https://searchfox.org/mozilla-central/rev/86c98c486f03b598d0f80356b69163fd400ec8aa/js/xpconnect/wrappers/XrayWrapper.cpp#229-233
Your call on whether this patch is enough as-is, or more work is needed.
Also your call on whether if more work is needed that needs to happen on
this bug or somewhere else.
I'm not sure what we'd need to do to support this more "properly",
presumably we'd need to add special XRay support to
ObservableArrayProxyHandler or so? Pointers (or patches of course ;))
welcome.
Also unsure about the setter situation, I _think_ it's fine not to throw
given the code I read, but please sanity-check.
Differential Revision: https://phabricator.services.mozilla.com/D145045
dom/bindings/BindingUtils.cpp(202,62): error: passing object of class type 'typename raw_type<char16_t, int>::type' (aka 'char16ptr_t') through variadic function [-Werror,-Wclass-varargs]
static_cast<unsigned>(errorNumber), funcNameStr.get(),
^
dom/bindings/BindingUtils.cpp(203,26): error: passing object of class type 'typename raw_type<char16_t, int>::type' (aka 'char16ptr_t') through variadic function [-Werror,-Wclass-varargs]
ifaceName.get());
^
dom/media/webrtc/transport/third_party/nICEr/src/ice/ice_component.c(582,15): error: passing object of class type 'nr_transport_addr' (aka 'struct nr_transport_addr_') through variadic function [-Werror,-Wclass-varargs]
component->stream->turn_servers[j].turn_server.addr);
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(44,45): error: passing object of class type 'typename raw_type<char16_t, int>::type' (aka 'char16ptr_t') through variadic function [-Werror,-Wclass-varargs]
wprintf(L"%s is not registered.\n", aNames[i].get());
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(49,30): error: passing object of class type 'typename raw_type<char16_t, int>::type' (aka 'char16ptr_t') through variadic function [-Werror,-Wclass-varargs]
wprintf(L"%s:%4d\n", aNames[i].get(), *entry);
^
toolkit/xre/dllservices/tests/gtest/TestUntrustedModules.cpp(248,30): error: passing object of class type 'typename raw_type<char16_t, int>::type' (aka 'char16ptr_t') through variadic function [-Werror,-Wclass-varargs]
wprintf(L"JSON: %s\n", json.get());
^
xpcom/io/nsLocalFileWin.cpp(1647,20): error: passing object of class type 'typename raw_type<char16_t, int>::type' (aka 'char16ptr_t') through variadic function [-Werror,-Wclass-varargs]
NS_ConvertASCIItoUTF16(nsDependentCString(aField)).get());
^
Differential Revision: https://phabricator.services.mozilla.com/D144665
To follow the spec more closely, some functionality moved from
`performance.mark` to the PerformanceMark constructor.
I verified the new fingerprinting protection behavior with :tjr: they said it's
okay to return a PerformanceMark as long as it uses the same reduced precision
of `performance.now`.
Differential Revision: https://phabricator.services.mozilla.com/D142625
Without this changing constructable stylesheets to be an ObservableArray
causes compile errors because StyleSheet isn't correctly forward-declared.
Differential Revision: https://phabricator.services.mozilla.com/D144546
- it's likely an oblivion from the fix for bug 1716622;
- so just add a check on the final length of the buffer to be under the limit of 2Gb.
Differential Revision: https://phabricator.services.mozilla.com/D143066
This removes the last usage of variant in WebIDL. Because the conversion to
the WebIDL union now takes place in the generated argument conversion, it's
ok to make the conversion to the right XSLT type (txVariable::convert)
happen lazily again. At that point we're dealing with primitive types
(double/bool/nsString), a Node, a sequence of nodes or an XPathResult, so
txVariable::convert shouldn't have any side-effects. I removed storing a
NodeList, it gets converted to a sequence<Node> during argument conversion.
That, together with cloning XPathResults, makes the parameters stay constant
after they're set, which I think is saner.
Differential Revision: https://phabricator.services.mozilla.com/D140364
Generate helper function for C++ to perform operations on backing objects for
each observable array attribute,
- ElementAt: Get the item at that index. Throw error if fail to get the element.
- ReplaceElementAt: Replace the item at the index, this will also trigger OnDelete
and OnSet callback. Throw error if fail to replace the element.
- AppendElement: Append one element to the end of the array, this will also trigger
OnSet callback. Throw error if fail to append the element.
- RemoveLastElement: Remove the element at the last index, this will also trigger
OnDelete callback. Throw error if fail to remove the element.
- Length: Get the number of the indexd value. Throw error if fail to get the length.
Depends on D113728
Differential Revision: https://phabricator.services.mozilla.com/D113862
The highlevel architecture:
- Each observable array attribute has corresponding ES proxy exotic object stored
in DOM reflector's reserved slot. It use the ObservableArrayProxyHandler as
proxy handler which implements the behaviour defined in the spec.
- Each observable array exotic objects has 2 reserved slots:
* one is to store the raw pointer of the interface, it is cleaned up when the
DOM reflector is finalized. It is used to run the SetAlgorithm and
DeleteAlgorithm defined in the spec.
* one is to store the backing list used to store the indexed value. The additional
properties are stored in the proxy target instead.
Depends on D112279
Differential Revision: https://phabricator.services.mozilla.com/D112280
This implements the base class for proxy handler of observable array exotic
objects, it implments the proxy behaviour define in
https://webidl.spec.whatwg.org/#es-observable-arrays, the virtual functions
, OnDeleteItem() and OnSetItem(), are for SetAlgorithm and DeleteAlgorithm that
are defined and implemented per interface.
Depends on D112277
Differential Revision: https://phabricator.services.mozilla.com/D112278
Tom Schuster
Mats Palmgren
Butkovits Atila
Emilio Cobos Álvarez
Peter Van der Beken
Kagami Sascha Rosylight
Byron Campen
Mike Hommey
Michael Comella
Sean Feng
Marian-Vasile Laza
Matthew Gaudet
Calixte
Jan de Mooij
criss
Edgar Chen
Jon Coppeard
Barret Rennie