mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 655649 - Use Subsumes Rather than Equals in XPConnect wrapper computation. r=mrbkap
Now that we have nsExpandedPrincipal, the current way of doing things is wrong. For some reason, the old document.domain hackery was hiding the failures here.
This commit is contained in:
parent
32d74402a9
commit
63851e7543
@ -32,8 +32,9 @@ GetCompartmentPrincipal(JSCompartment *compartment)
|
|||||||
return nsJSPrincipals::get(JS_GetCompartmentPrincipals(compartment));
|
return nsJSPrincipals::get(JS_GetCompartmentPrincipals(compartment));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Does the principal of compartment a subsume the principal of compartment b?
|
||||||
bool
|
bool
|
||||||
AccessCheck::isSameOrigin(JSCompartment *a, JSCompartment *b)
|
AccessCheck::subsumes(JSCompartment *a, JSCompartment *b)
|
||||||
{
|
{
|
||||||
nsIPrincipal *aprin = GetCompartmentPrincipal(a);
|
nsIPrincipal *aprin = GetCompartmentPrincipal(a);
|
||||||
nsIPrincipal *bprin = GetCompartmentPrincipal(b);
|
nsIPrincipal *bprin = GetCompartmentPrincipal(b);
|
||||||
@ -44,14 +45,11 @@ AccessCheck::isSameOrigin(JSCompartment *a, JSCompartment *b)
|
|||||||
if (!aprin || !bprin)
|
if (!aprin || !bprin)
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
bool equals;
|
bool subsumes;
|
||||||
nsresult rv = aprin->EqualsIgnoringDomain(bprin, &equals);
|
nsresult rv = aprin->SubsumesIgnoringDomain(bprin, &subsumes);
|
||||||
if (NS_FAILED(rv)) {
|
NS_ENSURE_SUCCESS(rv, false);
|
||||||
NS_ERROR("unable to ask about equality");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return equals;
|
return subsumes;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
bool
|
||||||
@ -77,8 +75,8 @@ AccessCheck::isLocationObjectSameOrigin(JSContext *cx, JSObject *wrapper)
|
|||||||
|
|
||||||
// Which lets us compare the current compartment against the old one.
|
// Which lets us compare the current compartment against the old one.
|
||||||
return obj &&
|
return obj &&
|
||||||
(isSameOrigin(js::GetObjectCompartment(wrapper),
|
(subsumes(js::GetObjectCompartment(wrapper),
|
||||||
js::GetObjectCompartment(obj)) ||
|
js::GetObjectCompartment(obj)) ||
|
||||||
documentDomainMakesSameOrigin(cx, obj));
|
documentDomainMakesSameOrigin(cx, obj));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -15,7 +15,7 @@ namespace xpc {
|
|||||||
|
|
||||||
class AccessCheck {
|
class AccessCheck {
|
||||||
public:
|
public:
|
||||||
static bool isSameOrigin(JSCompartment *a, JSCompartment *b);
|
static bool subsumes(JSCompartment *a, JSCompartment *b);
|
||||||
static bool isChrome(JSCompartment *compartment);
|
static bool isChrome(JSCompartment *compartment);
|
||||||
static bool callerIsChrome();
|
static bool callerIsChrome();
|
||||||
static nsIPrincipal *getPrincipal(JSCompartment *compartment);
|
static nsIPrincipal *getPrincipal(JSCompartment *compartment);
|
||||||
|
@ -368,7 +368,7 @@ WrapperFactory::Rewrap(JSContext *cx, JSObject *obj, JSObject *wrappedProto, JSO
|
|||||||
wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
|
wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
|
||||||
ExposedPropertiesOnly>::singleton;
|
ExposedPropertiesOnly>::singleton;
|
||||||
}
|
}
|
||||||
} else if (AccessCheck::isSameOrigin(origin, target)) {
|
} else if (AccessCheck::subsumes(target, origin)) {
|
||||||
// For the same-origin case we use a transparent wrapper, unless one
|
// For the same-origin case we use a transparent wrapper, unless one
|
||||||
// of the following is true:
|
// of the following is true:
|
||||||
// * The object is flagged as needing a SOW.
|
// * The object is flagged as needing a SOW.
|
||||||
|
Loading…
Reference in New Issue
Block a user