mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Backout bug 788914 and bug 789494 because they were backed out on inbound.
This commit is contained in:
Ryan VanderMeulen
parent
ff4293d31d
commit
bdca80da9c
@ -21,13 +21,14 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=448602
|
||||
|
||||
|
||||
function runTests() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
/*
|
||||
Disabled due to lack of present support for JSD in JM
|
||||
var jsdIDebuggerService = Components.interfaces.jsdIDebuggerService;
|
||||
var jsd = Components.classes['@mozilla.org/js/jsd/debugger-service;1']
|
||||
.getService(jsdIDebuggerService);
|
||||
*/
|
||||
var els = SpecialPowers.wrap(Components).classes["@mozilla.org/eventlistenerservice;1"]
|
||||
var els = Components.classes["@mozilla.org/eventlistenerservice;1"]
|
||||
.getService(Components.interfaces.nsIEventListenerService);
|
||||
|
||||
// Event listener info tests
|
||||
@ -106,7 +107,7 @@ function runTests() {
|
||||
var l2 = document.getElementById("testlevel2");
|
||||
var l3 = document.getElementById("testlevel3");
|
||||
var textnode = l3.firstChild;
|
||||
var chain = SpecialPowers.unwrap(els.getEventTargetChainFor(textnode, {}));
|
||||
var chain = els.getEventTargetChainFor(textnode, {});
|
||||
ok(chain.length > 3, "Too short event target chain.");
|
||||
is(chain[0], textnode, "Wrong chain item (1)");
|
||||
is(chain[1], l3, "Wrong chain item (2)");
|
||||
|
||||
@ -2176,7 +2176,7 @@ bool
|
||||
nsDOMClassInfo::ObjectIsNativeWrapper(JSContext* cx, JSObject* obj)
|
||||
{
|
||||
return xpc::WrapperFactory::IsXrayWrapper(obj) &&
|
||||
xpc::AccessCheck::isChrome(obj);
|
||||
!xpc::WrapperFactory::IsPartiallyTransparent(obj);
|
||||
}
|
||||
|
||||
nsDOMClassInfo::nsDOMClassInfo(nsDOMClassInfoData* aData) : mData(aData)
|
||||
|
||||
@ -33,6 +33,7 @@ SimpleTest.waitForExplicitFinish();
|
||||
* In other words, they obey the interface that |hold| expects its |accessor|
|
||||
* parameter to obey.
|
||||
*/
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
var popupMax = makePrefAccessor("dom.popup_maximum"),
|
||||
popupEvents = makePrefAccessor("dom.popup_allowed_events"),
|
||||
blockPopups = makePrefAccessor("dom.disable_open_during_load"),
|
||||
@ -133,6 +134,7 @@ function check_sanity() {
|
||||
}
|
||||
|
||||
setTimeout(function() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
check_sanity();
|
||||
hold(blockPopups, true, run_tests);
|
||||
SimpleTest.finish();
|
||||
|
||||
@ -52,11 +52,13 @@ function alter_file(uri, file) {
|
||||
|
||||
(function() {
|
||||
|
||||
var prefService = SpecialPowers.wrap(Components).classes["@mozilla.org/preferences-service;1"]
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
var prefService = Components.classes["@mozilla.org/preferences-service;1"]
|
||||
.getService(Components.interfaces.nsIPrefService),
|
||||
pm = SpecialPowers.wrap(Components).classes["@mozilla.org/permissionmanager;1"]
|
||||
pm = Components.classes["@mozilla.org/permissionmanager;1"]
|
||||
.getService(Components.interfaces.nsIPermissionManager),
|
||||
ioService = SpecialPowers.wrap(Components).classes["@mozilla.org/network/io-service;1"]
|
||||
ioService = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
|
||||
ALLOW_ACTION = pm.ALLOW_ACTION;
|
||||
@ -98,7 +100,7 @@ function alter_file(uri, file) {
|
||||
|
||||
makePopupPrivAccessor = function(uri) {
|
||||
uri = ioService.newURI(uri, null, null);
|
||||
var principal = SpecialPowers.wrap(Components).classes["@mozilla.org/scriptsecuritymanager;1"]
|
||||
var principal = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
|
||||
.getService(Components.interfaces.nsIScriptSecurityManager)
|
||||
.getNoAppCodebasePrincipal(uri);
|
||||
|
||||
|
||||
@ -6,7 +6,6 @@
|
||||
<script type="text/javascript">
|
||||
|
||||
const DOM_QUOTA_REACHED = 2152924150;
|
||||
const Cc = SpecialPowers.wrap(Components).classes;
|
||||
|
||||
function checkException(func, exc)
|
||||
{
|
||||
@ -23,10 +22,12 @@ function checkException(func, exc)
|
||||
|
||||
function doStep()
|
||||
{
|
||||
var io = Cc["@mozilla.org/network/io-service;1"]
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
var io = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
var uri = io.newURI(window.location, "", null);
|
||||
var cp = Cc["@mozilla.org/cookie/permission;1"]
|
||||
var cp = Components.classes["@mozilla.org/cookie/permission;1"]
|
||||
.getService(Components.interfaces.nsICookiePermission);
|
||||
|
||||
cp.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_SESSION);
|
||||
|
||||
@ -9,10 +9,12 @@
|
||||
|
||||
function startTest()
|
||||
{
|
||||
var io = SpecialPowers.wrap(Components).classes["@mozilla.org/network/io-service;1"]
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
var io = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
var uri = io.newURI(window.location, "", null);
|
||||
var cp = SpecialPowers.wrap(Components).classes["@mozilla.org/cookie/permission;1"]
|
||||
var cp = Components.classes["@mozilla.org/cookie/permission;1"]
|
||||
.getService(Components.interfaces.nsICookiePermission);
|
||||
|
||||
cp.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_DENY);
|
||||
|
||||
@ -19,10 +19,12 @@ function startTest()
|
||||
localStorage.setItem("persistent1", "persistent value 1");
|
||||
localStorage.setItem("persistent2", "persistent value 2");
|
||||
|
||||
var io = SpecialPowers.wrap(Components).classes["@mozilla.org/network/io-service;1"]
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
var io = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
var uri = io.newURI(window.location, "", null);
|
||||
var cp = SpecialPowers.wrap(Components).classes["@mozilla.org/cookie/permission;1"]
|
||||
var cp = Components.classes["@mozilla.org/cookie/permission;1"]
|
||||
.getService(Components.interfaces.nsICookiePermission);
|
||||
cp.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_SESSION);
|
||||
|
||||
|
||||
@ -9,10 +9,12 @@
|
||||
|
||||
function startTest()
|
||||
{
|
||||
var io = SpecialPowers.wrap(Components).classes["@mozilla.org/network/io-service;1"]
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
var io = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
var uri = io.newURI(window.location, "", null);
|
||||
var cp = SpecialPowers.wrap(Components).classes["@mozilla.org/cookie/permission;1"]
|
||||
var cp = Components.classes["@mozilla.org/cookie/permission;1"]
|
||||
.getService(Components.interfaces.nsICookiePermission);
|
||||
|
||||
is(localStorage.getItem("session only"), "session value", "Value present when cookies in session-only mode");
|
||||
|
||||
@ -7,7 +7,9 @@
|
||||
|
||||
<script type="text/javascript">
|
||||
|
||||
window.Services = SpecialPowers.Services;
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
Components.utils.import("resource://gre/modules/Services.jsm");
|
||||
|
||||
|
||||
// Set cookies behavior to "always reject".
|
||||
Services.prefs.setIntPref("network.cookie.cookieBehavior", 2);
|
||||
|
||||
@ -8,27 +8,27 @@
|
||||
|
||||
<script type="text/javascript">
|
||||
|
||||
const Cc = SpecialPowers.wrap(Components).classes;
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
var currentTest = 1;
|
||||
var prefs = Cc["@mozilla.org/preferences-service;1"]
|
||||
var prefs = Components.classes["@mozilla.org/preferences-service;1"]
|
||||
.getService(Components.interfaces.nsIPrefBranch);
|
||||
var io = Cc["@mozilla.org/network/io-service;1"]
|
||||
var io = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
var uri = io.newURI(window.location, "", null);
|
||||
var cp = Cc["@mozilla.org/cookie/permission;1"]
|
||||
var cp = Components.classes["@mozilla.org/cookie/permission;1"]
|
||||
.getService(Components.interfaces.nsICookiePermission);
|
||||
|
||||
var quota, quotaOffline;
|
||||
|
||||
function addOfflineApp(url)
|
||||
{
|
||||
var permissionManager = Cc["@mozilla.org/permissionmanager;1"]
|
||||
var permissionManager = Components.classes["@mozilla.org/permissionmanager;1"]
|
||||
.getService(Components.interfaces.nsIPermissionManager);
|
||||
var uri = Cc["@mozilla.org/network/io-service;1"]
|
||||
var uri = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService)
|
||||
.newURI(url, null, null);
|
||||
var principal = Cc["@mozilla.org/scriptsecuritymanager;1"]
|
||||
var principal = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
|
||||
.getService(Components.interfaces.nsIScriptSecurityManager)
|
||||
.getNoAppCodebasePrincipal(uri);
|
||||
|
||||
@ -38,12 +38,12 @@ function addOfflineApp(url)
|
||||
|
||||
function removeOfflineApp(url)
|
||||
{
|
||||
var permissionManager = Cc["@mozilla.org/permissionmanager;1"]
|
||||
var permissionManager = Components.classes["@mozilla.org/permissionmanager;1"]
|
||||
.getService(Components.interfaces.nsIPermissionManager);
|
||||
var uri = Cc["@mozilla.org/network/io-service;1"]
|
||||
var uri = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService)
|
||||
.newURI(url, null, null);
|
||||
var principal = Cc["@mozilla.org/scriptsecuritymanager;1"]
|
||||
var principal = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
|
||||
.getService(Components.interfaces.nsIScriptSecurityManager)
|
||||
.getNoAppCodebasePrincipal(uri);
|
||||
|
||||
@ -54,6 +54,8 @@ function doNextTest()
|
||||
{
|
||||
slave = frame;
|
||||
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
|
||||
switch (currentTest)
|
||||
{
|
||||
// Initialy setup the quota to testing value of 1024B and
|
||||
|
||||
@ -7,9 +7,7 @@
|
||||
#include "XPCWrapper.h"
|
||||
#include "AccessCheck.h"
|
||||
#include "WrapperFactory.h"
|
||||
#include "AccessCheck.h"
|
||||
|
||||
using namespace xpc;
|
||||
namespace XPCNativeWrapper {
|
||||
|
||||
static inline
|
||||
@ -39,7 +37,8 @@ UnwrapNW(JSContext *cx, unsigned argc, jsval *vp)
|
||||
return true;
|
||||
}
|
||||
|
||||
if (WrapperFactory::IsXrayWrapper(obj) && AccessCheck::isChrome(obj)) {
|
||||
if (xpc::WrapperFactory::IsXrayWrapper(obj) &&
|
||||
!xpc::WrapperFactory::IsPartiallyTransparent(obj)) {
|
||||
return JS_GetProperty(cx, obj, "wrappedJSObject", vp);
|
||||
}
|
||||
|
||||
|
||||
@ -4380,21 +4380,16 @@ GetCompartmentPrivate(JSObject *object)
|
||||
return GetCompartmentPrivate(compartment);
|
||||
}
|
||||
|
||||
inline bool IsUniversalXPConnectEnabled(JSCompartment *compartment)
|
||||
{
|
||||
CompartmentPrivate *priv =
|
||||
static_cast<CompartmentPrivate*>(JS_GetCompartmentPrivate(compartment));
|
||||
if (!priv)
|
||||
return false;
|
||||
return priv->universalXPConnectEnabled;
|
||||
}
|
||||
|
||||
inline bool IsUniversalXPConnectEnabled(JSContext *cx)
|
||||
{
|
||||
JSCompartment *compartment = js::GetContextCompartment(cx);
|
||||
if (!compartment)
|
||||
return false;
|
||||
return IsUniversalXPConnectEnabled(compartment);
|
||||
CompartmentPrivate *priv =
|
||||
static_cast<CompartmentPrivate*>(JS_GetCompartmentPrivate(compartment));
|
||||
if (!priv)
|
||||
return false;
|
||||
return priv->universalXPConnectEnabled;
|
||||
}
|
||||
|
||||
inline void EnableUniversalXPConnect(JSContext *cx)
|
||||
@ -4407,13 +4402,6 @@ inline void EnableUniversalXPConnect(JSContext *cx)
|
||||
if (!priv)
|
||||
return;
|
||||
priv->universalXPConnectEnabled = true;
|
||||
|
||||
// Recompute all the cross-compartment wrappers leaving the newly-privileged
|
||||
// compartment.
|
||||
mozilla::DebugOnly<bool> rv;
|
||||
rv = js::RecomputeWrappers(cx, js::SingleCompartment(compartment),
|
||||
js::AllCompartments());
|
||||
MOZ_ASSERT(rv);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -52,16 +52,6 @@ AccessCheck::subsumes(JSCompartment *a, JSCompartment *b)
|
||||
return subsumes;
|
||||
}
|
||||
|
||||
// Does the compartment of the wrapper subsumes the compartment of the wrappee?
|
||||
bool
|
||||
AccessCheck::wrapperSubsumes(JSObject *wrapper)
|
||||
{
|
||||
MOZ_ASSERT(js::IsWrapper(wrapper));
|
||||
JSObject *wrapped = js::UnwrapObject(wrapper);
|
||||
return AccessCheck::subsumes(js::GetObjectCompartment(wrapper),
|
||||
js::GetObjectCompartment(wrapped));
|
||||
}
|
||||
|
||||
bool
|
||||
AccessCheck::isLocationObjectSameOrigin(JSContext *cx, JSObject *wrapper)
|
||||
{
|
||||
@ -101,12 +91,6 @@ AccessCheck::isChrome(JSCompartment *compartment)
|
||||
return NS_SUCCEEDED(ssm->IsSystemPrincipal(principal, &privileged)) && privileged;
|
||||
}
|
||||
|
||||
bool
|
||||
AccessCheck::isChrome(JSObject *obj)
|
||||
{
|
||||
return isChrome(js::GetObjectCompartment(obj));
|
||||
}
|
||||
|
||||
bool
|
||||
AccessCheck::callerIsChrome()
|
||||
{
|
||||
@ -221,7 +205,7 @@ AccessCheck::isCrossOriginAccessPermitted(JSContext *cx, JSObject *wrapper, jsid
|
||||
|
||||
// PUNCTURE Is always denied for cross-origin access.
|
||||
if (act == Wrapper::PUNCTURE) {
|
||||
return false;
|
||||
return nsContentUtils::CallerHasUniversalXPConnect();
|
||||
}
|
||||
|
||||
const char *name;
|
||||
@ -286,7 +270,7 @@ AccessCheck::isSystemOnlyAccessPermitted(JSContext *cx)
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
return NS_SUCCEEDED(ssm->IsCapabilityEnabled("UniversalXPConnect", &privileged)) && privileged;
|
||||
}
|
||||
|
||||
bool
|
||||
@ -311,7 +295,18 @@ AccessCheck::isScriptAccessOnly(JSContext *cx, JSObject *wrapper)
|
||||
if (flags & WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG) {
|
||||
if (flags & WrapperFactory::SOW_FLAG)
|
||||
return !isSystemOnlyAccessPermitted(cx);
|
||||
return true;
|
||||
|
||||
if (flags & WrapperFactory::PARTIALLY_TRANSPARENT)
|
||||
return !XrayUtils::IsTransparent(cx, wrapper);
|
||||
|
||||
nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
|
||||
if (!ssm)
|
||||
return true;
|
||||
|
||||
// Bypass script-only status if UniversalXPConnect is enabled.
|
||||
bool privileged;
|
||||
return !NS_SUCCEEDED(ssm->IsCapabilityEnabled("UniversalXPConnect", &privileged)) ||
|
||||
!privileged;
|
||||
}
|
||||
|
||||
// In addition, chrome objects can explicitly opt-in by setting .scriptOnly to true.
|
||||
@ -361,6 +356,33 @@ Deny(JSContext *cx, jsid id, Wrapper::Action act)
|
||||
return false;
|
||||
}
|
||||
|
||||
bool
|
||||
PermitIfUniversalXPConnect(JSContext *cx, jsid id, Wrapper::Action act,
|
||||
ExposedPropertiesOnly::Permission &perm)
|
||||
{
|
||||
// If UniversalXPConnect is enabled, allow access even if __exposedProps__ doesn't
|
||||
// exists.
|
||||
nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
|
||||
if (!ssm) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Double-check that the subject principal according to CAPS is a content
|
||||
// principal rather than the system principal. If it isn't, this check is
|
||||
// meaningless.
|
||||
NS_ASSERTION(!AccessCheck::callerIsChrome(), "About to do a meaningless security check!");
|
||||
|
||||
bool privileged;
|
||||
if (NS_SUCCEEDED(ssm->IsCapabilityEnabled("UniversalXPConnect", &privileged)) &&
|
||||
privileged) {
|
||||
perm = ExposedPropertiesOnly::PermitPropertyAccess;
|
||||
return true; // Allow
|
||||
}
|
||||
|
||||
// Deny
|
||||
return Deny(cx, id, act);
|
||||
}
|
||||
|
||||
static bool
|
||||
IsInSandbox(JSContext *cx, JSObject *obj)
|
||||
{
|
||||
@ -382,12 +404,12 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
||||
|
||||
perm = DenyAccess;
|
||||
if (act == Wrapper::PUNCTURE)
|
||||
return Deny(cx, id, act);
|
||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||
|
||||
jsid exposedPropsId = GetRTIdByIndex(cx, XPCJSRuntime::IDX_EXPOSEDPROPS);
|
||||
|
||||
// We need to enter the wrappee's compartment to look at __exposedProps__,
|
||||
// but we want to be in the wrapper's compartment if we call Deny().
|
||||
// but we need to be in the wrapper's compartment to check UniversalXPConnect.
|
||||
//
|
||||
// Unfortunately, |cx| can be in either compartment when we call ::check. :-(
|
||||
JSAutoCompartment ac(cx, wrappedObject);
|
||||
@ -429,7 +451,7 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
||||
perm = PermitPropertyAccess;
|
||||
return true;
|
||||
}
|
||||
return Deny(cx, id, act);
|
||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||
}
|
||||
|
||||
if (id == JSID_VOID) {
|
||||
@ -444,7 +466,7 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
||||
|
||||
if (exposedProps.isNullOrUndefined()) {
|
||||
JSAutoCompartment wrapperAC(cx, wrapper);
|
||||
return Deny(cx, id, act);
|
||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||
}
|
||||
|
||||
if (!exposedProps.isObject()) {
|
||||
@ -463,7 +485,7 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
||||
}
|
||||
if (desc.obj == NULL || !(desc.attrs & JSPROP_ENUMERATE)) {
|
||||
JSAutoCompartment wrapperAC(cx, wrapper);
|
||||
return Deny(cx, id, act);
|
||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||
}
|
||||
|
||||
if (!JSVAL_IS_STRING(desc.value)) {
|
||||
@ -509,7 +531,7 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
||||
if ((act == Wrapper::SET && !(access & WRITE)) ||
|
||||
(act != Wrapper::SET && !(access & READ))) {
|
||||
JSAutoCompartment wrapperAC(cx, wrapper);
|
||||
return Deny(cx, id, act);
|
||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||
}
|
||||
|
||||
perm = PermitPropertyAccess;
|
||||
@ -536,15 +558,7 @@ ComponentsObjectPolicy::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper
|
||||
}
|
||||
}
|
||||
|
||||
// We don't have any way to recompute same-compartment Components wrappers,
|
||||
// so we need this dynamic check. This can go away when we expose Components
|
||||
// as SpecialPowers.wrap(Components) during automation.
|
||||
if (xpc::IsUniversalXPConnectEnabled(cx)) {
|
||||
perm = PermitPropertyAccess;
|
||||
return true;
|
||||
}
|
||||
|
||||
return Deny(cx, id, act);
|
||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -19,9 +19,7 @@ namespace xpc {
|
||||
class AccessCheck {
|
||||
public:
|
||||
static bool subsumes(JSCompartment *a, JSCompartment *b);
|
||||
static bool wrapperSubsumes(JSObject *wrapper);
|
||||
static bool isChrome(JSCompartment *compartment);
|
||||
static bool isChrome(JSObject *obj);
|
||||
static bool callerIsChrome();
|
||||
static nsIPrincipal *getPrincipal(JSCompartment *compartment);
|
||||
static bool isCrossOriginAccessPermitted(JSContext *cx, JSObject *obj, jsid id,
|
||||
|
||||
@ -125,10 +125,14 @@ template<> SOW SOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
||||
WrapperFactory::SOW_FLAG);
|
||||
template<> SCSOW SCSOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
||||
WrapperFactory::SOW_FLAG);
|
||||
template<> XOW XOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG);
|
||||
template<> PXOW PXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG);
|
||||
template<> DXOW DXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG);
|
||||
template<> NNXOW NNXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG);
|
||||
template<> XOW XOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
||||
WrapperFactory::PARTIALLY_TRANSPARENT);
|
||||
template<> PXOW PXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
||||
WrapperFactory::PARTIALLY_TRANSPARENT);
|
||||
template<> DXOW DXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
||||
WrapperFactory::PARTIALLY_TRANSPARENT);
|
||||
template<> NNXOW NNXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
||||
WrapperFactory::PARTIALLY_TRANSPARENT);
|
||||
template<> LW LW::singleton(WrapperFactory::SHADOWING_FORBIDDEN);
|
||||
template<> XLW XLW::singleton(WrapperFactory::SHADOWING_FORBIDDEN);
|
||||
|
||||
|
||||
@ -349,8 +349,6 @@ WrapperFactory::Rewrap(JSContext *cx, JSObject *obj, JSObject *wrappedProto, JSO
|
||||
}
|
||||
}
|
||||
}
|
||||
} else if (xpc::IsUniversalXPConnectEnabled(target)) {
|
||||
wrapper = &CrossCompartmentWrapper::singleton;
|
||||
} else if (AccessCheck::isChrome(origin)) {
|
||||
JSFunction *fun = JS_GetObjectFunction(obj);
|
||||
if (fun) {
|
||||
|
||||
@ -18,7 +18,8 @@ class WrapperFactory {
|
||||
enum { WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1,
|
||||
IS_XRAY_WRAPPER_FLAG = WAIVE_XRAY_WRAPPER_FLAG << 1,
|
||||
SCRIPT_ACCESS_ONLY_FLAG = IS_XRAY_WRAPPER_FLAG << 1,
|
||||
SOW_FLAG = SCRIPT_ACCESS_ONLY_FLAG << 1,
|
||||
PARTIALLY_TRANSPARENT = SCRIPT_ACCESS_ONLY_FLAG << 1,
|
||||
SOW_FLAG = PARTIALLY_TRANSPARENT << 1,
|
||||
|
||||
// Prevent scripts from shadowing native properties.
|
||||
// NB: Applies only to Xray wrappers.
|
||||
@ -37,6 +38,10 @@ class WrapperFactory {
|
||||
return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG);
|
||||
}
|
||||
|
||||
static bool IsPartiallyTransparent(JSObject *wrapper) {
|
||||
return HasWrapperFlag(wrapper, PARTIALLY_TRANSPARENT);
|
||||
}
|
||||
|
||||
static bool HasWaiveXrayFlag(JSObject *wrapper) {
|
||||
return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG);
|
||||
}
|
||||
|
||||
@ -910,6 +910,23 @@ nodePrincipal_getter(JSContext *cx, JSHandleObject wrapper, JSHandleId id, JSMut
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool
|
||||
ContentScriptHasUniversalXPConnect()
|
||||
{
|
||||
nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
|
||||
if (ssm) {
|
||||
// Double-check that the subject principal according to CAPS is a content
|
||||
// principal rather than the system principal. If it is, this check is
|
||||
// meaningless.
|
||||
NS_ASSERTION(!AccessCheck::callerIsChrome(), "About to do a meaningless security check!");
|
||||
|
||||
bool privileged;
|
||||
if (NS_SUCCEEDED(ssm->IsCapabilityEnabled("UniversalXPConnect", &privileged)) && privileged)
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
bool
|
||||
XPCWrappedNativeXrayTraits::resolveOwnProperty(JSContext *cx, js::Wrapper &jsWrapper,
|
||||
JSObject *wrapper, JSObject *holder, jsid id,
|
||||
@ -919,12 +936,13 @@ XPCWrappedNativeXrayTraits::resolveOwnProperty(JSContext *cx, js::Wrapper &jsWra
|
||||
// in the wrapper's compartment here, not the wrappee.
|
||||
MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
|
||||
XPCJSRuntime* rt = nsXPConnect::GetRuntimeInstance();
|
||||
if (AccessCheck::isChrome(wrapper) &&
|
||||
if (!WrapperFactory::IsPartiallyTransparent(wrapper) &&
|
||||
(((id == rt->GetStringID(XPCJSRuntime::IDX_BASEURIOBJECT) ||
|
||||
id == rt->GetStringID(XPCJSRuntime::IDX_NODEPRINCIPAL)) &&
|
||||
Is<nsINode>(wrapper)) ||
|
||||
(id == rt->GetStringID(XPCJSRuntime::IDX_DOCUMENTURIOBJECT) &&
|
||||
Is<nsIDocument>(wrapper)))) {
|
||||
Is<nsIDocument>(wrapper))) &&
|
||||
(AccessCheck::callerIsChrome() || ContentScriptHasUniversalXPConnect())) {
|
||||
bool status;
|
||||
Wrapper::Action action = set ? Wrapper::SET : Wrapper::GET;
|
||||
desc->obj = NULL; // default value
|
||||
@ -1280,7 +1298,16 @@ namespace XrayUtils {
|
||||
bool
|
||||
IsTransparent(JSContext *cx, JSObject *wrapper)
|
||||
{
|
||||
return WrapperFactory::HasWaiveXrayFlag(wrapper);
|
||||
if (WrapperFactory::HasWaiveXrayFlag(wrapper))
|
||||
return true;
|
||||
|
||||
if (!WrapperFactory::IsPartiallyTransparent(wrapper))
|
||||
return false;
|
||||
|
||||
// Redirect access straight to the wrapper if UniversalXPConnect is enabled.
|
||||
// We don't need to check for system principal here, because only content
|
||||
// scripts have Partially Transparent wrappers.
|
||||
return ContentScriptHasUniversalXPConnect();
|
||||
}
|
||||
|
||||
JSObject *
|
||||
@ -1387,11 +1414,10 @@ XrayWrapper<Base, Traits>::getPropertyDescriptor(JSContext *cx, JSObject *wrappe
|
||||
if (!holder)
|
||||
return false;
|
||||
|
||||
// Only chrome wrappers and same-origin xrays (used by jetpack sandboxes)
|
||||
// get .wrappedJSObject. We can check this by determining if the compartment
|
||||
// of the wrapper subsumes that of the wrappee.
|
||||
// Partially transparent wrappers (which used to be known as XOWs) don't
|
||||
// have a .wrappedJSObject property.
|
||||
XPCJSRuntime* rt = nsXPConnect::GetRuntimeInstance();
|
||||
if (AccessCheck::wrapperSubsumes(wrapper) &&
|
||||
if (!WrapperFactory::IsPartiallyTransparent(wrapper) &&
|
||||
id == rt->GetStringID(XPCJSRuntime::IDX_WRAPPED_JSOBJECT)) {
|
||||
bool status;
|
||||
Wrapper::Action action = set ? Wrapper::SET : Wrapper::GET;
|
||||
@ -1582,7 +1608,7 @@ XrayWrapper<Base, Traits>::enumerate(JSContext *cx, JSObject *wrapper, unsigned
|
||||
return js::GetPropertyNames(cx, obj, flags, &props);
|
||||
}
|
||||
|
||||
if (!AccessCheck::isChrome(wrapper)) {
|
||||
if (WrapperFactory::IsPartiallyTransparent(wrapper)) {
|
||||
JS_ReportError(cx, "Not allowed to enumerate cross origin objects");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -7,10 +7,13 @@
|
||||
<input type=text>
|
||||
<script>
|
||||
function doTest() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege(
|
||||
"UniversalXPConnect");
|
||||
|
||||
var d = document.querySelector("input");
|
||||
d.value = "b";
|
||||
d.focus();
|
||||
var editor = SpecialPowers.wrap(d).QueryInterface(Components.interfaces.nsIDOMNSEditableElement).editor;
|
||||
var editor = d.QueryInterface(Components.interfaces.nsIDOMNSEditableElement).editor;
|
||||
var sel = editor.selection;
|
||||
var t = editor.rootElement.firstChild;
|
||||
sel.collapse(t, 1); // put the caret at the end of the textbox
|
||||
|
||||
@ -7,6 +7,8 @@
|
||||
<input type=text>
|
||||
<script>
|
||||
function doTest() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege(
|
||||
"UniversalXPConnect");
|
||||
function enableCaret(aEnable) {
|
||||
var selCon = editor.selectionController;
|
||||
selCon.setCaretEnabled(aEnable);
|
||||
@ -15,11 +17,13 @@
|
||||
var d = document.querySelector("input");
|
||||
d.value = "a";
|
||||
d.focus();
|
||||
var editor = SpecialPowers.wrap(d).QueryInterface(Components.interfaces.nsIDOMNSEditableElement).editor;
|
||||
var editor = d.QueryInterface(Components.interfaces.nsIDOMNSEditableElement).editor;
|
||||
var sel = editor.selection;
|
||||
var t = editor.rootElement.firstChild;
|
||||
sel.collapse(t, 1); // put the caret at the end of the div
|
||||
setTimeout(function() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege(
|
||||
"UniversalXPConnect");
|
||||
enableCaret(false);enableCaret(true);// force a caret display
|
||||
enableCaret(false); // hide the caret
|
||||
t.replaceData(0, 1, "b"); // replace the text node data
|
||||
|
||||
@ -27,9 +27,10 @@ window.fileInputGotClick = false;
|
||||
// accessibility.tabfocus must be set to value 7 before running test also
|
||||
// on a mac.
|
||||
function setOrRestoreTabFocus(newValue) {
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
const prefSvcContractID = "@mozilla.org/preferences-service;1";
|
||||
const prefSvcIID = Components.interfaces.nsIPrefService;
|
||||
var prefs = SpecialPowers.wrap(Components).classes[prefSvcContractID].getService(prefSvcIID)
|
||||
var prefs = Components.classes[prefSvcContractID].getService(prefSvcIID)
|
||||
.getBranch("accessibility.");
|
||||
if (!newValue) {
|
||||
prefs.clearUserPref("tabfocus");
|
||||
@ -39,7 +40,9 @@ function setOrRestoreTabFocus(newValue) {
|
||||
}
|
||||
|
||||
function tab() {
|
||||
var utils = SpecialPowers.DOMWindowUtils;
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
var utils = window.QueryInterface(Components.interfaces.nsIInterfaceRequestor).
|
||||
getInterface(Components.interfaces.nsIDOMWindowUtils);
|
||||
// Send tab key events.
|
||||
var key = Components.interfaces.nsIDOMKeyEvent.DOM_VK_TAB;
|
||||
utils.sendKeyEvent("keydown", key, 0, 0);
|
||||
@ -48,6 +51,7 @@ function tab() {
|
||||
}
|
||||
|
||||
function test() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
// Try to find the 'Browse...' using tabbing.
|
||||
var i = 0;
|
||||
while (!window.oTarget && i < 100) {
|
||||
@ -63,11 +67,11 @@ function test() {
|
||||
}
|
||||
|
||||
ok(window.oTarget instanceof HTMLInputElement, "Should have focused an input element!")
|
||||
ok(SpecialPowers.wrap(window.oTarget).type == "button", "Should have focused 'Browse...' button!");
|
||||
ok(window.oTarget.type == "button", "Should have focused 'Browse...' button!");
|
||||
var e = document.createEvent("mouseevents");
|
||||
e.initMouseEvent("click", true, true, window, 0, 1, 1, 1, 1,
|
||||
false, false, false, false, 0, null);
|
||||
SpecialPowers.wrap(window.oTarget).dispatchEvent(e);
|
||||
window.oTarget.dispatchEvent(e);
|
||||
ok(window.fileInputGotClick,
|
||||
"File input should have got a click event, but not open the file dialog.");
|
||||
setOrRestoreTabFocus(0);
|
||||
|
||||
@ -16,7 +16,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=619644
|
||||
<script class="testbody" type="text/javascript">
|
||||
function hasTabModalPrompts() {
|
||||
var prefName = "prompts.tab_modal.enabled";
|
||||
Services = SpecialPowers.Services;
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
Components.utils.import("resource://gre/modules/Services.jsm");
|
||||
return Services.prefs.getPrefType(prefName) == Services.prefs.PREF_BOOL &&
|
||||
Services.prefs.getBoolPref(prefName);
|
||||
}
|
||||
|
||||
@ -1,12 +1,14 @@
|
||||
(function() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
// Set cache size to something large
|
||||
var prefService = SpecialPowers.wrap(Components).classes["@mozilla.org/preferences-service;1"]
|
||||
var prefService = Components.classes["@mozilla.org/preferences-service;1"]
|
||||
.getService(Components.interfaces.nsIPrefService);
|
||||
var branch = prefService.getBranch("media.");
|
||||
var oldSize = branch.getIntPref("cache_size");
|
||||
branch.setIntPref("cache_size", 40000);
|
||||
|
||||
window.addEventListener("unload", function() {
|
||||
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
|
||||
branch.setIntPref("cache_size", oldSize);
|
||||
}, false);
|
||||
})();
|
||||
|
||||
Loading…
Reference in New Issue
Block a user