Switch over to using XPCSafeJSObjectWrapper instead of trying to write it ourselves. bug 374071, r=crowder sr=darin

This commit is contained in:
mrbkap@gmail.com 2007-06-21 11:56:37 -07:00
Родитель 90dffc280d
Коммит 2441a1ff2e
1 изменённых файлов: 12 добавлений и 48 удалений

Просмотреть файл

@ -52,31 +52,6 @@ const nsISupports = Components.interfaces.nsISupports;
const nsIProxyAutoConfig = Components.interfaces.nsIProxyAutoConfig;
const nsIDNSService = Components.interfaces.nsIDNSService;
// Loaded once per PAC script, this is a safe way for the supplied functions
// that require chrome privileges to turn a random untrusted object into a
// string.
var safeToString = null;
function myToString(thisp) {
return thisp + '';
}
// This is like safeToString, except that it calls a given function with a
// given this and arguments.
var callFunction = null;
function myCall(fun) {
var args = [];
for (var i = 1; i < arguments.length; i++)
args.push(arguments[i]);
return fun.apply(this, args);
}
// Like the above, except that this gets a property off of an untrusted
// object.
var safeGetProperty = null;
function myGet(thisp, id) {
return thisp[id];
}
// implementor of nsIProxyAutoConfig
function nsProxyAutoConfig() {};
@ -94,7 +69,6 @@ nsProxyAutoConfig.prototype = {
init: function(pacURI, pacText) {
// remove PAC configuration if requested
if (pacURI == "" || pacText == "") {
this._findProxyForURL = null;
this._sandBox = null;
return;
}
@ -103,21 +77,6 @@ nsProxyAutoConfig.prototype = {
this._sandBox = new Components.utils.Sandbox(pacURI);
Components.utils.evalInSandbox(pacUtils, this._sandBox);
safeToString =
Components.utils.evalInSandbox("(" + myToString.toSource() + ")",
this._sandBox);
callFunction =
Components.utils.evalInSandbox("(" + myCall.toSource() + ")",
this._sandBox);
// Clone callFunction.call onto our callFunction so that the PAC
// script can't monkey with Function.prototype.call and confuse us.
callFunction.call = Function.prototype.call;
safeGetProperty =
Components.utils.evalInSandbox("(" + myGet.toSource() + ")",
this._sandBox);
// add predefined functions to pac
this._sandBox.importFunction(myIpAddress);
this._sandBox.importFunction(dnsResolve);
@ -125,23 +84,27 @@ nsProxyAutoConfig.prototype = {
// evaluate loaded js file
Components.utils.evalInSandbox(pacText, this._sandBox);
this._findProxyForURL =
safeGetProperty(this._sandBox, "FindProxyForURL");
// We can no longer trust this._sandBox. Touching it directly can
// cause all sorts of pain, so wrap it in an XPCSafeJSObjectWrapper
// and do all of our work through there.
this._sandBox = new XPCSafeJSObjectWrapper(this._sandBox);
},
getProxyForURI: function(testURI, testHost) {
if (!this._findProxyForURL)
if (!("FindProxyForURL" in this._sandBox))
return null;
// Call the original function
return callFunction.call(this._sandBox, this._findProxyForURL,
testURI, testHost);
var rval = this._sandBox.FindProxyForURL(testURI, testHost);
return rval;
}
}
function proxyAlert(msg) {
// Ensure that we have a string.
msg = safeToString(msg);
if (typeof msg != "string")
msg = new XPCSafeJSObjectWraper(msg).toString();
try {
// It would appear that the console service is threadsafe.
@ -164,7 +127,8 @@ function myIpAddress() {
// wrapper for resolving hostnames called by PAC file
function dnsResolve(host) {
host = safeToString(host);
if (typeof host != "string")
host = new XPCSafeJSObjectWrapper(host).toString();
try {
return dns.resolve(host, 0).getNextAddrAsString();