Backed out changeset a01f270b961a to fix tinderbox orange.

js/src/xpconnect/src/XPCWrapper.h

@@ -215,15 +215,6 @@ public:
     return JS_TRUE;
   }
 
-  static JSBool IsSecurityWrapper(JSObject *wrapper)
-  {
-    JSClass *clasp = STOBJ_GET_CLASS(wrapper);
-    return clasp == &sXPC_COW_JSClass.base ||
-           clasp == &sXPC_SJOW_JSClass.base ||
-           clasp == &sXPC_SOW_JSClass.base ||
-           clasp == &sXPC_XOW_JSClass.base;
-  }
-
   /**
    * Given an arbitrary object, Unwrap will return the wrapped object if the
    * passed-in object is a wrapper that Unwrap knows about *and* the

js/src/xpconnect/src/xpcconvert.cpp

@@ -149,6 +149,24 @@ XPCConvert::IsMethodReflectable(const XPTMethodDescriptor& info)
 
 /***************************************************************************/
 
+// static
+JSBool
+XPCConvert::GetISupportsFromJSObject(JSObject* obj, nsISupports** iface)
+{
+    JSClass* jsclass = STOBJ_GET_CLASS(obj);
+    NS_ASSERTION(jsclass, "obj has no class");
+    if(jsclass &&
+       (jsclass->flags & JSCLASS_HAS_PRIVATE) &&
+       (jsclass->flags & JSCLASS_PRIVATE_IS_NSISUPPORTS))
+    {
+        *iface = (nsISupports*) xpc_GetJSPrivate(obj);
+        return JS_TRUE;
+    }
+    return JS_FALSE;
+}
+
+/***************************************************************************/
+
 static void
 FinalizeXPCOMUCString(JSContext *cx, JSString *str)
 {
@@ -1441,39 +1459,32 @@ XPCConvert::JSObject2NativeInterface(XPCCallContext& ccx,
         // wrappedNative or other wise has 'nsISupportness'. 
         // This allows wrapJSAggregatedToNative to work.
 
-        // If we're looking at a security wrapper, see now if we're allowed to
-        // pass it to C++. If we are, then fall through to the code below. If
-        // we aren't, throw an exception eagerly.
-        JSObject* inner = nsnull;
-        if(XPCWrapper::IsSecurityWrapper(src))
-        {
-            inner = XPCWrapper::Unwrap(cx, src);
-            if(!inner)
-            {
-                if(pErr)
-                    *pErr = NS_ERROR_XPC_SECURITY_MANAGER_VETO;
-                return JS_FALSE;
-            }
-        }
-
         // Is this really a native xpcom object with a wrapper?
         XPCWrappedNative* wrappedNative =
-                    XPCWrappedNative::GetWrappedNativeOfJSObject(cx,
-                                                                 inner
-                                                                 ? inner
-                                                                 : src);
+                    XPCWrappedNative::GetWrappedNativeOfJSObject(cx, src);
         if(wrappedNative)
         {
             iface = wrappedNative->GetIdentityObject();
             return NS_SUCCEEDED(iface->QueryInterface(*iid, dest));
         }
         // else...
-
+        
         // XXX E4X breaks the world. Don't try wrapping E4X objects!
         // This hack can be removed (or changed accordingly) when the
         // DOM <-> E4X bindings are complete, see bug 270553
         if(JS_TypeOfValue(cx, OBJECT_TO_JSVAL(src)) == JSTYPE_XML)
             return JS_FALSE;
+
+        // Does the JSObject have 'nsISupportness'?
+        // XXX hmm, I wonder if this matters anymore with no 
+        // oldstyle DOM objects around.
+        if(GetISupportsFromJSObject(src, &iface))
+        {
+            if(iface)
+                return NS_SUCCEEDED(iface->QueryInterface(*iid, dest));
+
+            return JS_FALSE;
+        }
     }
 
     // else...

js/src/xpconnect/src/xpcprivate.h

@@ -3037,6 +3037,7 @@ public:
                                            const nsID* iid,
                                            nsISupports* aOuter,
                                            nsresult* pErr);
+    static JSBool GetISupportsFromJSObject(JSObject* obj, nsISupports** iface);
 
     /**
      * Convert a native array into a jsval.

js/src/xpconnect/src/xpcquickstubs.cpp

@@ -839,13 +839,6 @@ xpc_qsUnwrapThisImpl(JSContext *cx,
                      jsval *vp,
                      XPCLazyCallContext *lccx)
 {
-    if(XPCWrapper::IsSecurityWrapper(obj))
-    {
-        obj = XPCWrapper::Unwrap(cx, obj);
-        if(!obj)
-            return xpc_qsThrow(cx, NS_ERROR_XPC_SECURITY_MANAGER_VETO);
-    }
-
     JSObject *cur = obj;
     XPCWrappedNativeTearOff *tearoff;
     XPCWrappedNative *wrapper =
@@ -934,17 +927,9 @@ xpc_qsUnwrapArgImpl(JSContext *cx,
         return NS_OK;
     }
 
-    JSObject *inner = nsnull;
-    if(XPCWrapper::IsSecurityWrapper(src))
-    {
-        inner = XPCWrapper::Unwrap(cx, src);
-        if(!inner)
-            return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
-    }
-
     // From XPCConvert::JSObject2NativeInterface
     XPCWrappedNative* wrappedNative =
-        XPCWrappedNative::GetWrappedNativeOfJSObject(cx, inner ? inner : src);
+        XPCWrappedNative::GetWrappedNativeOfJSObject(cx, src);
     nsISupports *iface;
     if(wrappedNative)
     {
@@ -966,6 +951,21 @@ xpc_qsUnwrapArgImpl(JSContext *cx,
         return NS_ERROR_XPC_BAD_CONVERT_JS;
     }
 
+    // Does the JSObject have 'nsISupportness'?
+    // XXX hmm, I wonder if this matters anymore with no
+    // oldstyle DOM objects around.
+    if(XPCConvert::GetISupportsFromJSObject(src, &iface))
+    {
+        if(!iface || NS_FAILED(iface->QueryInterface(iid, ppArg)))
+        {
+            *ppArgRef = nsnull;
+            return NS_ERROR_XPC_BAD_CONVERT_JS;
+        }
+
+        *ppArgRef = static_cast<nsISupports*>(*ppArg);
+        return NS_OK;
+    }
+
     // Create the ccx needed for quick stubs.
     XPCCallContext ccx(JS_CALLER, cx);
     if(!ccx.IsValid())

js/src/xpconnect/tests/mochitest/Makefile.in

@@ -64,7 +64,6 @@ _TEST_FILES =	bug500931_helper.html \
 		test_bug500691.html \
 		test_bug502959.html \
 		test_bug503926.html \
-		test_bug505915.html \
 		test_bug517163.html \
 		$(NULL)
 

js/src/xpconnect/tests/mochitest/test_bug505915.html

@@ -1,65 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=505915
--->
-<head>
-  <title>Test for Bug 505915</title>
-  <script type="application/javascript" src="/MochiKit/packed.js"></script>
-  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
-</head>
-<body>
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=505915">Mozilla Bug 505915</a>
-<p id="display"></p>
-<div id="content" style="display: none">
-  
-</div>
-<pre id="test">
-<script type="application/javascript">
-
-/** Test for Bug 505915 **/
-
-function go() {
-    var ifr = $('ifr');
-    try {
-        document.documentElement.appendChild(ifr.contentWindow);
-        ok(false, "weird behavior");
-    } catch (e) {
-        ok(/NS_ERROR_XPC_SECURITY_MANAGER_VETO/.test(e),
-           "threw a security exception instead of an invalid child exception");
-    }
-
-    try {
-        document.createTreeWalker(ifr.contentDocument, 0, null, false);
-        ok(false, "should have thrown a security exception");
-    } catch (e) {
-        ok(/NS_ERROR_XPC_SECURITY_MANAGER_VETO/.test(e),
-           "threw a security exception instead of an invalid child exception");
-    }
-
-    var xhr = new XMLHttpRequest();
-    var orsc = new XPCSafeJSObjectWrapper(function(){});
-    xhr.onreadystatechange = orsc;
-    // we only can test that the above didn't throw (which it shouldn't).
-
-    try {
-        xhr.onreadystatechange = ifr.contentWindow;
-        ok(false, "weird behavior");
-    } catch (e) {
-        ok(/NS_ERROR_XPC_SECURITY_MANAGER_VETO/.test(e),
-           "threw a security exception instead of an invalid child exception");
-    }
-
-    SimpleTest.finish();
-}
-
-SimpleTest.waitForExplicitFinish();
-
-</script>
-</pre>
-
-<iframe id="ifr" onload="go()" src="http://example.org/"></iframe>
-
-</body>
-</html>