Bug 1057176. Don't try to use the document's window for regexp evaluation in nsContentUtils::IsPatternMatching, since there might not be one. Just use the unprivileged junk scope. r=bholley

2024-09-13 09:24:08 -07:00 · 2014-09-04 15:26:39 -04:00 · 2014-09-04 15:26:39 -04:00 · 2555bedfb3
commit 2555bedfb3
parent f9250dfe0d
3 changed files with 37 additions and 3 deletions
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@ -6396,10 +6396,11 @@ nsContentUtils::IsPatternMatching(nsAString& aValue, nsAString& aPattern,
  NS_ASSERTION(aDocument, "aDocument should be a valid pointer (not null)");

  AutoJSAPI jsapi;
-  if (NS_WARN_IF(!jsapi.Init(aDocument->GetWindow()))) {
-    return true;
-  }
+  jsapi.Init();
  JSContext* cx = jsapi.cx();
+  // We can use the junk scope here, because we're just using it for
+  // regexp evaluation, not actual script execution.
+  JSAutoCompartment ac(cx, xpc::UnprivilegedJunkScope());

  // The pattern has to match the entire value.
  aPattern.Insert(NS_LITERAL_STRING("^(?:"), 0);
--- a/content/base/test/mochitest.ini
+++ b/content/base/test/mochitest.ini
@ -558,6 +558,7 @@ skip-if = buildapp == 'mulet' || buildapp == 'b2g' || toolkit == 'android' || e1
 run-if = os == 'linux'
 [test_bug1008126.html]
 run-if = os == 'linux'
+[test_bug1057176.html]
 [test_caretPositionFromPoint.html]
 [test_classList.html]
 # This test fails on the Mac for some reason
--- a/content/base/test/test_bug1057176.html
+++ b/content/base/test/test_bug1057176.html
@ -0,0 +1,32 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1057176
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1057176</title>
+  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+  <script type="application/javascript">
+
+  /** Test for Bug 1057176 **/
+  var doc = document.implementation.createDocument(null, null);
+  var elem = doc.createElementNS("http://www.w3.org/1999/xhtml", "input");
+  elem.pattern = "abc";
+  elem.value = "def";
+  ok(!elem.validity.valid, '"def" should not match the pattern "abc"');
+  elem.value = "abc";
+  ok(elem.validity.valid, '"abc" should match the pattern "abc"');
+  </script>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1057176">Mozilla Bug 1057176</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+</pre>
+</body>
+</html>