зеркало из https://github.com/mozilla/pjs.git
Switch over to using XPCSafeJSObjectWrapper instead of trying to write it ourselves. bug 374071, r=crowder sr=darin
This commit is contained in:
Родитель
90dffc280d
Коммит
2441a1ff2e
|
@ -52,31 +52,6 @@ const nsISupports = Components.interfaces.nsISupports;
|
|||
const nsIProxyAutoConfig = Components.interfaces.nsIProxyAutoConfig;
|
||||
const nsIDNSService = Components.interfaces.nsIDNSService;
|
||||
|
||||
// Loaded once per PAC script, this is a safe way for the supplied functions
|
||||
// that require chrome privileges to turn a random untrusted object into a
|
||||
// string.
|
||||
var safeToString = null;
|
||||
function myToString(thisp) {
|
||||
return thisp + '';
|
||||
}
|
||||
|
||||
// This is like safeToString, except that it calls a given function with a
|
||||
// given this and arguments.
|
||||
var callFunction = null;
|
||||
function myCall(fun) {
|
||||
var args = [];
|
||||
for (var i = 1; i < arguments.length; i++)
|
||||
args.push(arguments[i]);
|
||||
return fun.apply(this, args);
|
||||
}
|
||||
|
||||
// Like the above, except that this gets a property off of an untrusted
|
||||
// object.
|
||||
var safeGetProperty = null;
|
||||
function myGet(thisp, id) {
|
||||
return thisp[id];
|
||||
}
|
||||
|
||||
// implementor of nsIProxyAutoConfig
|
||||
function nsProxyAutoConfig() {};
|
||||
|
||||
|
@ -94,7 +69,6 @@ nsProxyAutoConfig.prototype = {
|
|||
init: function(pacURI, pacText) {
|
||||
// remove PAC configuration if requested
|
||||
if (pacURI == "" || pacText == "") {
|
||||
this._findProxyForURL = null;
|
||||
this._sandBox = null;
|
||||
return;
|
||||
}
|
||||
|
@ -103,21 +77,6 @@ nsProxyAutoConfig.prototype = {
|
|||
this._sandBox = new Components.utils.Sandbox(pacURI);
|
||||
Components.utils.evalInSandbox(pacUtils, this._sandBox);
|
||||
|
||||
safeToString =
|
||||
Components.utils.evalInSandbox("(" + myToString.toSource() + ")",
|
||||
this._sandBox);
|
||||
callFunction =
|
||||
Components.utils.evalInSandbox("(" + myCall.toSource() + ")",
|
||||
this._sandBox);
|
||||
|
||||
// Clone callFunction.call onto our callFunction so that the PAC
|
||||
// script can't monkey with Function.prototype.call and confuse us.
|
||||
callFunction.call = Function.prototype.call;
|
||||
|
||||
safeGetProperty =
|
||||
Components.utils.evalInSandbox("(" + myGet.toSource() + ")",
|
||||
this._sandBox);
|
||||
|
||||
// add predefined functions to pac
|
||||
this._sandBox.importFunction(myIpAddress);
|
||||
this._sandBox.importFunction(dnsResolve);
|
||||
|
@ -125,23 +84,27 @@ nsProxyAutoConfig.prototype = {
|
|||
|
||||
// evaluate loaded js file
|
||||
Components.utils.evalInSandbox(pacText, this._sandBox);
|
||||
this._findProxyForURL =
|
||||
safeGetProperty(this._sandBox, "FindProxyForURL");
|
||||
|
||||
// We can no longer trust this._sandBox. Touching it directly can
|
||||
// cause all sorts of pain, so wrap it in an XPCSafeJSObjectWrapper
|
||||
// and do all of our work through there.
|
||||
this._sandBox = new XPCSafeJSObjectWrapper(this._sandBox);
|
||||
},
|
||||
|
||||
getProxyForURI: function(testURI, testHost) {
|
||||
if (!this._findProxyForURL)
|
||||
if (!("FindProxyForURL" in this._sandBox))
|
||||
return null;
|
||||
|
||||
// Call the original function
|
||||
return callFunction.call(this._sandBox, this._findProxyForURL,
|
||||
testURI, testHost);
|
||||
var rval = this._sandBox.FindProxyForURL(testURI, testHost);
|
||||
return rval;
|
||||
}
|
||||
}
|
||||
|
||||
function proxyAlert(msg) {
|
||||
// Ensure that we have a string.
|
||||
msg = safeToString(msg);
|
||||
if (typeof msg != "string")
|
||||
msg = new XPCSafeJSObjectWraper(msg).toString();
|
||||
|
||||
try {
|
||||
// It would appear that the console service is threadsafe.
|
||||
|
@ -164,7 +127,8 @@ function myIpAddress() {
|
|||
|
||||
// wrapper for resolving hostnames called by PAC file
|
||||
function dnsResolve(host) {
|
||||
host = safeToString(host);
|
||||
if (typeof host != "string")
|
||||
host = new XPCSafeJSObjectWrapper(host).toString();
|
||||
|
||||
try {
|
||||
return dns.resolve(host, 0).getNextAddrAsString();
|
||||
|
|
Загрузка…
Ссылка в новой задаче