Bug 867486 - Remove |Components| from content sandboxes. r=gabor

2024-09-13 09:24:08 -07:00 · 2013-07-08 10:05:31 -07:00 · 2013-07-08 10:05:31 -07:00 · fb8f42b563
commit fb8f42b563
parent 6075a3d281
6 changed files with 33 additions and 9 deletions
--- a/content/base/public/nsContentUtils.h
+++ b/content/base/public/nsContentUtils.h
@ -1310,6 +1310,11 @@ public:
   */
  static bool IsSystemPrincipal(nsIPrincipal* aPrincipal);

+  /**
+   * Returns true if aPrincipal is an nsExpandedPrincipal.
+   */
+  static bool IsExpandedPrincipal(nsIPrincipal* aPrincipal);
+
  /**
   * Gets the system principal from the security manager.
   */
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@ -4360,6 +4360,13 @@ nsContentUtils::IsSystemPrincipal(nsIPrincipal* aPrincipal)
  return NS_SUCCEEDED(rv) && isSystem;
 }

+bool
+nsContentUtils::IsExpandedPrincipal(nsIPrincipal* aPrincipal)
+{
+  nsCOMPtr<nsIExpandedPrincipal> ep = do_QueryInterface(aPrincipal);
+  return !!ep;
+}
+
 nsIPrincipal*
 nsContentUtils::GetSystemPrincipal()
 {
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@ -3336,15 +3336,14 @@ xpc_CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop, Sandbo
        // Pass on ownership of sbp to |sandbox|.
        JS_SetPrivate(sandbox, sbp.forget().get());

-        {
-          JSAutoCompartment ac(cx, sandbox);
-          if (options.wantComponents &&
-              !nsXPCComponents::AttachComponentsObject(cx, GetObjectScope(sandbox)))
-              return NS_ERROR_XPC_UNEXPECTED;
+      bool allowComponents = nsContentUtils::IsSystemPrincipal(principal) ||
+                             nsContentUtils::IsExpandedPrincipal(principal);
+      if (options.wantComponents && allowComponents &&
+          !nsXPCComponents::AttachComponentsObject(cx, GetObjectScope(sandbox)))
+          return NS_ERROR_XPC_UNEXPECTED;

-          if (!XPCNativeWrapper::AttachNewConstructorObject(cx, sandbox))
-              return NS_ERROR_XPC_UNEXPECTED;
-        }
+      if (!XPCNativeWrapper::AttachNewConstructorObject(cx, sandbox))
+          return NS_ERROR_XPC_UNEXPECTED;

        if (!JS_DefineFunctions(cx, sandbox, SandboxFunctions))
            return NS_ERROR_XPC_UNEXPECTED;
--- a/js/xpconnect/tests/unit/test_bug867486.js
+++ b/js/xpconnect/tests/unit/test_bug867486.js
@ -0,0 +1,10 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const Cu = Components.utils;
+
+function run_test() {
+  var sb = new Cu.Sandbox('http://www.example.com', { wantComponents: true } );
+  do_check_false(Cu.evalInSandbox('"Components" in this', sb));
+}
--- a/js/xpconnect/tests/unit/test_bug872772.js
+++ b/js/xpconnect/tests/unit/test_bug872772.js
@ -2,7 +2,9 @@ const Cu = Components.utils;
 function run_test() {

  // Make a content sandbox with an Xrayable object.
-  var contentSB = new Cu.Sandbox('http://www.google.com',
+  // NB: We use an nsEP here so that we can have access to Components, but still
+  // have Xray behavior from this scope.
+  var contentSB = new Cu.Sandbox(['http://www.google.com'],
                                 {wantXHRConstructor: true, wantComponents: true});

  // Make an XHR in the content sandbox.
--- a/js/xpconnect/tests/unit/xpcshell.ini
+++ b/js/xpconnect/tests/unit/xpcshell.ini
@ -21,6 +21,7 @@ tail =
 [test_bug851895.js]
 [test_bug854558.js]
 [test_bug868675.js]
+[test_bug867486.js]
 [test_bug872772.js]
 [test_bug885800.js]
 [test_bug_442086.js]