Bug 850517 - Support named window access via Xray. r=mrbkap

2024-09-13 09:24:08 -07:00 · 2013-03-14 22:38:26 -07:00 · 2013-03-14 22:38:26 -07:00 · 71b63fdffa
commit 71b63fdffa
parent 8a98c8a545
1 changed files with 27 additions and 0 deletions
--- a/js/xpconnect/wrappers/XrayWrapper.cpp
+++ b/js/xpconnect/wrappers/XrayWrapper.cpp
@ -175,6 +175,8 @@ private:
 class XPCWrappedNativeXrayTraits : public XrayTraits
 {
 public:
+    static const XrayType Type = XrayForWrappedNative;
+
    static bool resolveNativeProperty(JSContext *cx, JSObject *wrapper, JSObject *holder, jsid id,
                                      JSPropertyDescriptor *desc, unsigned flags);
    virtual bool resolveOwnProperty(JSContext *cx, js::Wrapper &jsWrapper, JSObject *wrapper,
@ -217,6 +219,8 @@ public:
 class DOMXrayTraits : public XrayTraits
 {
 public:
+    static const XrayType Type = XrayForDOMObject;
+
    static bool resolveNativeProperty(JSContext *cx, JSObject *wrapper, JSObject *holder, jsid id,
                                      JSPropertyDescriptor *desc, unsigned flags);
    virtual bool resolveOwnProperty(JSContext *cx, js::Wrapper &jsWrapper, JSObject *wrapper,
@ -1459,6 +1463,29 @@ XrayWrapper<Base, Traits>::getPropertyDescriptor(JSContext *cx, JSObject *wrappe
        return true;
    }

+    // We need to handle named access on the Window somewhere other than
+    // Traits::resolveOwnProperty, because per spec it happens on the Global
+    // Scope Polluter and thus the resulting properties are non-|own|. However,
+    // we're set up (below) to cache (on the holder) anything that comes out of
+    // resolveNativeProperty, which we don't want for something dynamic like
+    // named access. So we just handle it here.
+    nsGlobalWindow *win;
+    if (Traits::Type == XrayForWrappedNative && JSID_IS_STRING(id) &&
+        (win = static_cast<nsGlobalWindow*>(As<nsIDOMWindow>(wrapper))))
+    {
+        nsCOMPtr<nsIDOMWindow> childDOMWin = win->GetChildWindow(id);
+        if (childDOMWin) {
+            nsGlobalWindow *cwin = static_cast<nsGlobalWindow*>(childDOMWin.get());
+            JSObject *childObj = cwin->FastGetGlobalJSObject();
+            if (MOZ_UNLIKELY(!childObj))
+                return xpc::Throw(cx, NS_ERROR_FAILURE);
+            mozilla::dom::FillPropertyDescriptor(desc, wrapper,
+                                                 ObjectValue(*childObj),
+                                                 /* readOnly = */ true);
+            return JS_WrapPropertyDescriptor(cx, desc);
+        }
+    }
+
    if (!JS_GetPropertyDescriptorById(cx, holder, id, 0, desc))
        return false;
    if (desc->obj) {