From 5cfba85d3a0db6c48c66248bc6a01f1a042a48b9 Mon Sep 17 00:00:00 2001 From: John Schoenick Date: Tue, 4 Feb 2014 13:53:32 -0800 Subject: [PATCH] Bug 967694 - Make clear that we only sync spawn plugins in response to content, not chrome, JS access. r=bsmedberg --- content/base/src/nsObjectLoadingContent.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/content/base/src/nsObjectLoadingContent.cpp b/content/base/src/nsObjectLoadingContent.cpp index 9100dd1ce18..bcb827649c1 100644 --- a/content/base/src/nsObjectLoadingContent.cpp +++ b/content/base/src/nsObjectLoadingContent.cpp @@ -2622,7 +2622,7 @@ nsObjectLoadingContent::ScriptRequestPluginInstance(JSContext* aCx, NS_NOTREACHED("failed to dispatch PluginScripted event"); } mScriptRequested = true; - } else if (mType == eType_Plugin && !mInstanceOwner && + } else if (callerIsContentJS && mType == eType_Plugin && !mInstanceOwner && nsContentUtils::IsSafeToRunScript() && InActiveDocument(thisContent)) { // If we're configured as a plugin in an active document and it's safe to @@ -3434,7 +3434,8 @@ nsObjectLoadingContent::DoNewResolve(JSContext* aCx, JS::Handle aObje JS::Handle aId, JS::MutableHandle aDesc) { - // We don't resolve anything; we just try to make sure we're instantiated + // We don't resolve anything; we just try to make sure we're instantiated. + // This purposefully does not fire for chrome/xray resolves, see bug 967694 nsRefPtr pi; nsresult rv = ScriptRequestPluginInstance(aCx, getter_AddRefs(pi)); @@ -3450,8 +3451,8 @@ nsObjectLoadingContent::GetOwnPropertyNames(JSContext* aCx, ErrorResult& aRv) { // Just like DoNewResolve, just make sure we're instantiated. That will do - // the work our Enumerate hook needs to do, and we don't want to return these - // property names from Xrays anyway. + // the work our Enumerate hook needs to do. This purposefully does not fire + // for xray resolves, see bug 967694 nsRefPtr pi; aRv = ScriptRequestPluginInstance(aCx, getter_AddRefs(pi)); }