зеркало из https://github.com/mozilla/gecko-dev.git
e457975e9d
Boris and I debugged this. It looks like we're somehow ending up with an XrayWaiver on the other end of a CrossOriginXrayWrapper. The specifics of how this happens are a bit fuzzy to me, but it's presumably happening in all the brain transplant weirdness we do when recomputing wrappers during document.domain. Having an XrayWaiver there isn't unsafe - the wrapper computation algorithm will ignore the waiver if the principals don't allow the caller to waive. But it does throw a wrench in some brittle code that only expects certain kinds of wrappers. Let's just do what XrayTraits::getTargetObject does. I don't think this is really unsafe at all, because the only wrapper with a security boundary is the CCW, and we're already stripping that off unconditionally with Wrapper::wrappedObject. |
||
|---|---|---|
| .. | ||
| ductwork/debugger | ||
| examples | ||
| ipc | ||
| public | ||
| src | ||
| xpconnect | ||