Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-11 04:15:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Just because there isn't a stack frame with a function object doesn't mean that code isn't running. bug 339918, r=jst sr=brendan

Browse Source
This commit is contained in:
mrbkap%gmail.com 2006-06-05 20:55:59 +00:00
parent 8c19983a2d
commit 229aa0627e
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
dom/src/base/nsDOMClassInfo.cpp
View File

@ -3828,29 +3828,29 @@ needsSecurityCheck(JSContext *cx, nsIXPConnectWrappedNative *wrapper)
JSStackFrame *fp = nsnull;
JSObject *fp_obj = nsnull;
cached_win_needs_check = PR_FALSE;
do {
fp = ::JS_FrameIterator(cx, &fp);
if(!fp) {
break;
if (!fp) {
return cached_win_needs_check;
}
fp_obj = ::JS_GetFrameFunctionObject(cx, fp);
cached_win_needs_check = PR_TRUE;
} while (!fp_obj);
if (fp_obj) {
JSObject *global = GetGlobalJSObject(cx, fp_obj);
JSObject *global = GetGlobalJSObject(cx, fp_obj);
JSObject *wrapper_obj = nsnull;
wrapper->GetJSObject(&wrapper_obj);
JSObject *wrapper_obj = nsnull;
wrapper->GetJSObject(&wrapper_obj);
if (global != wrapper_obj) {
return PR_TRUE;
}
if (global != wrapper_obj) {
return PR_TRUE;
}
cached_win_needs_check = PR_FALSE;
return PR_FALSE;
}
@ -7385,7 +7385,6 @@ documentNeedsSecurityCheck(JSContext *cx, nsIXPConnectWrappedNative *wrapper)
cached_doc_cx = cx;
cached_doc_wrapper = wrapper;
cached_doc_needs_check = PR_TRUE;
// Get the JS object from the wrapper
JSObject *wrapper_obj = nsnull;
@ -7412,26 +7411,27 @@ documentNeedsSecurityCheck(JSContext *cx, nsIXPConnectWrappedNative *wrapper)
JSObject *function_obj = nsnull;
JSStackFrame *fp = nsnull;
// Initialize to false to handle the case where there's no JS running
// on the current context (e.g., we're getting here from a property
// access from the JS API). Since the scope chain is immutable, it's
// OK to keep skipping the check.
cached_doc_needs_check = PR_FALSE;
do {
fp = ::JS_FrameIterator(cx, &fp);
if (!fp) {
if (!function_obj) {
// No JS is running (there's no frame on the JS stack with a
// function object), someone is just accessing properties on a
// JS object using the JS API, no need to do security checks
// then.
// Since the scope chain is immutable, it's OK to keep
// skipping the check
cached_doc_needs_check = PR_FALSE;
return PR_FALSE;
}
break;
return cached_doc_needs_check;
}
function_obj = ::JS_GetFrameFunctionObject(cx, fp);
// Since we're here, we know that there is some JS running. Now, we
// need to default to being paranoid, and can only skip the security
// check if we find that the currently-running function is from the
// same scope.
cached_doc_needs_check = PR_TRUE;
} while (!function_obj);
// Get the global object that the calling function comes from.