Bug 1092156 - [e10s] Don't use compartment-per-addon if window already associated with add-on (r=bholley)

This commit is contained in:
Bill McCloskey 2014-11-18 16:20:59 -08:00
parent cb042206b6
commit e17d1e87ed
5 changed files with 50 additions and 2 deletions

View File

@ -194,6 +194,7 @@
#include "mozilla/dom/SelectionChangeEvent.h"
#include "mozilla/AddonPathService.h"
#include "mozilla/Services.h"
#include "mozilla/Telemetry.h"
#include "nsLocation.h"
@ -2270,6 +2271,14 @@ CreateNativeGlobalForInner(JSContext* aCx,
top = aNewInner->GetTop();
}
JS::CompartmentOptions options;
// Sometimes add-ons load their own XUL windows, either as separate top-level
// windows or inside a browser element. In such cases we want to tag the
// window's compartment with the add-on ID. See bug 1092156.
if (nsContentUtils::IsSystemPrincipal(aPrincipal)) {
options.setAddonId(MapURIToAddonID(aURI));
}
if (top) {
if (top->GetGlobalJSObject()) {
options.setSameZoneAs(top->GetGlobalJSObject());

View File

@ -346,6 +346,16 @@ XPCWrappedNativeScope::EnsureAddonScope(JSContext *cx, JSAddonId *addonId)
MOZ_ASSERT(addonId);
MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(GetPrincipal()));
// In bug 1092156, we found that add-on scopes don't work correctly when the
// window navigates. The add-on global's prototype is an outer window, so,
// after the navigation, looking up window properties in the add-on scope
// will fail. However, in most cases where the window can be navigated, the
// entire window is part of the add-on. To solve the problem, we avoid
// returning an add-on scope for a window that is already tagged with the
// add-on ID.
if (AddonIdOfObject(global) == addonId)
return global;
// If we already have an addon scope object, we know what to use.
for (size_t i = 0; i < mAddonScopes.Length(); i++) {
if (JS::AddonIdOfObject(js::UncheckedUnwrap(mAddonScopes[i])) == addonId)

View File

@ -3,6 +3,7 @@ var Ci = Components.interfaces;
var Cu = Components.utils;
Cu.import("resource://gre/modules/Services.jsm");
Cu.import("resource://gre/modules/BrowserUtils.jsm");
const baseURL = "http://mochi.test:8888/browser/" +
"toolkit/components/addoncompat/tests/browser/";
@ -232,6 +233,31 @@ function testSandbox()
});
}
// Test for bug 1095305. We just want to make sure that loading some
// unprivileged content from an add-on package doesn't crash.
function testAddonContent()
{
let chromeRegistry = Components.classes["@mozilla.org/chrome/chrome-registry;1"]
.getService(Components.interfaces.nsIChromeRegistry);
let base = chromeRegistry.convertChromeURL(BrowserUtils.makeURI("chrome://addonshim1/content/"));
let res = Services.io.getProtocolHandler("resource")
.QueryInterface(Ci.nsIResProtocolHandler);
res.setSubstitution("addonshim1", base);
return new Promise(function(resolve, reject) {
const url = "resource://addonshim1/page.html";
let tab = gBrowser.addTab(url);
let browser = tab.linkedBrowser;
addLoadListener(browser, function handler() {
gBrowser.removeTab(tab);
res.setSubstitution("addonshim1", null);
resolve();
});
});
}
function runTests(win, funcs)
{
ok = funcs.ok;
@ -245,7 +271,8 @@ function runTests(win, funcs)
then(testListeners).
then(testCapturing).
then(testObserver).
then(testSandbox);
then(testSandbox).
then(testAddonContent);
}
/*

View File

@ -1 +1 @@
content addonshim1 content/
content addonshim1 content/

View File

@ -0,0 +1,2 @@
<html>
</html>