mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 905364 - Don't call into AllowXULXBLForPrincipal during SafeJSContext initialization. r=bz
In the old world, we'd be saved by initializing the SafeJSContext early enough that we'd short-circuit in the nsContentUtils::IsInitialized() check. That's not the case anymore, so let's hande this explicitly.
This commit is contained in:
parent
776e9da067
commit
3d1a1af697
@ -125,7 +125,7 @@ SafeFinalize(JSFreeOp *fop, JSObject* obj)
|
||||
DestroyProtoAndIfaceCache(obj);
|
||||
}
|
||||
|
||||
static JSClass global_class = {
|
||||
JSClass xpc::SafeJSContextGlobalClass = {
|
||||
"global_for_XPCJSContextStack_SafeJSContext",
|
||||
XPCONNECT_GLOBAL_FLAGS,
|
||||
JS_PropertyStub, JS_DeletePropertyStub, JS_PropertyStub, JS_StrictPropertyStub,
|
||||
@ -161,7 +161,7 @@ XPCJSContextStack::GetSafeJSContext()
|
||||
|
||||
JS::CompartmentOptions options;
|
||||
options.setZone(JS::SystemZone);
|
||||
glob = xpc::CreateGlobalObject(mSafeJSContext, &global_class, principal, options);
|
||||
glob = xpc::CreateGlobalObject(mSafeJSContext, &SafeJSContextGlobalClass, principal, options);
|
||||
if (!glob)
|
||||
MOZ_CRASH();
|
||||
|
||||
|
@ -18,6 +18,7 @@
|
||||
|
||||
using namespace mozilla;
|
||||
using namespace xpc;
|
||||
using namespace JS;
|
||||
|
||||
/***************************************************************************/
|
||||
|
||||
@ -97,17 +98,24 @@ XPCWrappedNativeScope::GetNewOrUsed(JSContext *cx, JS::HandleObject aGlobal)
|
||||
}
|
||||
|
||||
static bool
|
||||
RemoteXULForbidsXBLScope(nsIPrincipal *aPrincipal)
|
||||
RemoteXULForbidsXBLScope(nsIPrincipal *aPrincipal, HandleObject aGlobal)
|
||||
{
|
||||
// We end up getting called during SSM bootstrapping to create the
|
||||
// SafeJSContext. In that case, nsContentUtils isn't ready for us.
|
||||
//
|
||||
// Also check for random JSD scopes that don't have a principal.
|
||||
if (!nsContentUtils::IsInitialized() || !aPrincipal)
|
||||
// Check for random JSD scopes that don't have a principal.
|
||||
if (!aPrincipal)
|
||||
return false;
|
||||
|
||||
// The SafeJSContext is lazily created, and tends to be created at really
|
||||
// weird times, at least for xpcshell (often very early in startup or late
|
||||
// in shutdown). Its scope isn't system principal, so if we proceeded we'd
|
||||
// end up calling into AllowXULXBLForPrincipal, which depends on all kinds
|
||||
// of persistent storage and permission machinery that may or not be running.
|
||||
// We know the answer to the question here, so just short-circuit.
|
||||
if (JS_GetClass(aGlobal) == &SafeJSContextGlobalClass)
|
||||
return false;
|
||||
|
||||
// AllowXULXBLForPrincipal will return true for system principal, but we
|
||||
// don't want that here.
|
||||
MOZ_ASSERT(nsContentUtils::IsInitialized());
|
||||
if (nsContentUtils::IsSystemPrincipal(aPrincipal))
|
||||
return false;
|
||||
|
||||
@ -161,7 +169,7 @@ XPCWrappedNativeScope::XPCWrappedNativeScope(JSContext *cx,
|
||||
// In addition to being pref-controlled, we also disable XBL scopes for
|
||||
// remote XUL domains, _except_ if we have an additional pref override set.
|
||||
nsIPrincipal *principal = GetPrincipal();
|
||||
mAllowXBLScope = !RemoteXULForbidsXBLScope(principal);
|
||||
mAllowXBLScope = !RemoteXULForbidsXBLScope(principal, aGlobal);
|
||||
|
||||
// Determine whether to use an XBL scope.
|
||||
mUseXBLScope = mAllowXBLScope;
|
||||
|
@ -3857,6 +3857,8 @@ GetObjectScope(JSObject *obj)
|
||||
extern bool gDebugMode;
|
||||
extern bool gDesiredDebugMode;
|
||||
|
||||
extern JSClass SafeJSContextGlobalClass;
|
||||
|
||||
JSObject* NewOutObject(JSContext* cx, JSObject* scope);
|
||||
bool IsOutObject(JSContext* cx, JSObject* obj);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user