mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 812415 - Use wrapperSubsumes rather than isChrome in XPCNativeWrapper.unwrap. r=mrbkap
The current behavior breaks same-origin Xrays in sandboxes. This makes it match the check we do in XrayWrapper.cpp for the .wrappedJSObject property.
This commit is contained in:
parent
85dc9a9ee5
commit
d9bcd00b8c
@ -39,7 +39,7 @@ UnwrapNW(JSContext *cx, unsigned argc, jsval *vp)
|
||||
return true;
|
||||
}
|
||||
|
||||
if (WrapperFactory::IsXrayWrapper(obj) && AccessCheck::isChrome(obj)) {
|
||||
if (WrapperFactory::IsXrayWrapper(obj) && AccessCheck::wrapperSubsumes(obj)) {
|
||||
return JS_GetProperty(cx, obj, "wrappedJSObject", vp);
|
||||
}
|
||||
|
||||
|
@ -46,6 +46,7 @@ MOCHITEST_CHROME_FILES = \
|
||||
test_bug795275.xul \
|
||||
test_bug799348.xul \
|
||||
test_bug801241.xul \
|
||||
test_bug812415.xul \
|
||||
test_APIExposer.xul \
|
||||
test_chrometoSource.xul \
|
||||
outoflinexulscript.js \
|
||||
|
37
js/xpconnect/tests/chrome/test_bug812415.xul
Normal file
37
js/xpconnect/tests/chrome/test_bug812415.xul
Normal file
@ -0,0 +1,37 @@
|
||||
<?xml version="1.0"?>
|
||||
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
|
||||
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
|
||||
<!--
|
||||
https://bugzilla.mozilla.org/show_bug.cgi?id=812415
|
||||
-->
|
||||
<window title="Mozilla Bug 812415"
|
||||
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
|
||||
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
|
||||
|
||||
<!-- test results are displayed in the html:body -->
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=812415"
|
||||
target="_blank">Mozilla Bug 812415</a>
|
||||
</body>
|
||||
|
||||
<!-- test code goes here -->
|
||||
<script type="application/javascript">
|
||||
<![CDATA[
|
||||
/** Test for Bug 812415 **/
|
||||
|
||||
const Cu = Components.utils;
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
function go() {
|
||||
var iwin = document.getElementById('ifr').contentWindow;
|
||||
var sb = new Components.utils.Sandbox(iwin);
|
||||
sb.win = iwin;
|
||||
is(Cu.evalInSandbox('win', sb), iwin, "Basic identity works");
|
||||
is(Cu.evalInSandbox('win.wrappedJSObject', sb), iwin.wrappedJSObject, "Waivers work via .wrappedJSObject");
|
||||
is(Cu.evalInSandbox('XPCNativeWrapper.unwrap(win)', sb), iwin.wrappedJSObject, "Waivers work via XPCNativeWrapper.unwrap");
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
]]>
|
||||
</script>
|
||||
<iframe id="ifr" onload="go();" src="http://example.org/tests/js/xpconnect/tests/mochitest/file_empty.html" />
|
||||
</window>
|
Loading…
Reference in New Issue
Block a user