mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 911864 - Only expose XBL members which have the exposeToUntrustedContent attribute set. r=smaug
This commit is contained in:
parent
7b822eba16
commit
c8fd7ea7d1
@ -20,6 +20,7 @@
|
||||
#include "nsIURI.h"
|
||||
#include "mozilla/dom/XULElementBinding.h"
|
||||
#include "xpcpublic.h"
|
||||
#include "js/CharacterEncoding.h"
|
||||
|
||||
using namespace mozilla;
|
||||
using js::GetGlobalForObjectCrossCompartment;
|
||||
@ -116,14 +117,22 @@ nsXBLProtoImpl::InstallImplementation(nsXBLPrototypeBinding* aPrototypeBinding,
|
||||
JSAutoCompartment ac2(cx, targetClassObject);
|
||||
|
||||
// Now, if we're using a separate XBL scope, enter the compartment of the
|
||||
// bound node and copy the properties to the prototype there. This rewraps
|
||||
// them appropriately, which should result in cross-compartment function
|
||||
// wrappers.
|
||||
// bound node and copy exposable properties to the prototype there. This
|
||||
// rewraps them appropriately, which should result in cross-compartment
|
||||
// function wrappers.
|
||||
if (propertyHolder != targetClassObject) {
|
||||
AssertSameCompartment(propertyHolder, scopeObject);
|
||||
AssertSameCompartment(targetClassObject, globalObject);
|
||||
bool ok = JS_CopyPropertiesFrom(cx, targetClassObject, propertyHolder);
|
||||
NS_ENSURE_TRUE(ok, NS_ERROR_UNEXPECTED);
|
||||
for (nsXBLProtoImplMember* curr = mMembers; curr; curr = curr->GetNext()) {
|
||||
if (curr->ShouldExposeToUntrustedContent()) {
|
||||
JS::Rooted<jsid> id(cx);
|
||||
JS::TwoByteChars chars(curr->GetName(), NS_strlen(curr->GetName()));
|
||||
bool ok = JS_CharsToId(cx, chars, &id);
|
||||
NS_ENSURE_TRUE(ok, NS_ERROR_UNEXPECTED);
|
||||
JS_CopyPropertyFrom(cx, id, targetClassObject, propertyHolder);
|
||||
NS_ENSURE_TRUE(ok, NS_ERROR_UNEXPECTED);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Install all of our field accessors.
|
||||
|
@ -43,6 +43,16 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=821850
|
||||
is(bound.primitiveField, undefined, "Xrays don't show fields");
|
||||
is(bound.wrappedJSObject.primitiveField, 2, "Waiving Xrays show fields");
|
||||
|
||||
// Check exposure behavior.
|
||||
is(typeof bound.unexposedMethod, 'function',
|
||||
"Unexposed method should be visible to XBL");
|
||||
is(typeof bound.wrappedJSObject.unexposedMethod, 'undefined',
|
||||
"Unexposed method should not be defined in content");
|
||||
is(typeof bound.unexposedProperty, 'number',
|
||||
"Unexposed property should be visible to XBL");
|
||||
is(typeof bound.wrappedJSObject.unexposedProperty, 'undefined',
|
||||
"Unexposed property should not be defined in content");
|
||||
|
||||
// Check that here document.QueryInterface works
|
||||
ok("QueryInterface" in document,
|
||||
"Should have a document.QueryInterface here");
|
||||
@ -65,6 +75,8 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=821850
|
||||
win.go();
|
||||
</constructor>
|
||||
<field name="primitiveField">2</field>
|
||||
<method name="unexposedMethod"><body></body></method>
|
||||
<property name="unexposedProperty" onget="return 2;" readonly="true"></property>
|
||||
<method name="method" exposeToUntrustedContent="true">
|
||||
<parameter name="arg" />
|
||||
<body>
|
||||
|
Loading…
Reference in New Issue
Block a user