Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-27 04:38:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Undo gist of last change for now, it breaks too much even though it's safer.

Browse Source
This commit is contained in:
brendan%mozilla.org 2005-05-04 16:19:31 +00:00
parent d93f6c2eee
commit 371b8140d2
1 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
caps/src/nsScriptSecurityManager.cpp
View File

@ -1841,7 +1841,29 @@ nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *cx,
JSScript *script = JS_GetFunctionScript(cx, fun);
*rv = NS_OK;
if (!script || JS_GetFunctionObject(fun) != obj)
if (!script)
{
// A native function: skip it in order to find its scripted caller.
return nsnull;
}
JSScript *frameScript = fp ? JS_GetFrameScript(cx, fp) : nsnull;
if (frameScript && frameScript != script)
{
// There is a frame script, and it's different from the
// function script. In this case we're dealing with either
// an eval or a Script object, and in these cases the
// principal we want is in the frame's script, not in the
// function's script. The function's script is where the
// eval-calling code came from, not where the eval or new
// Script object came from, and we want the principal of
// the eval function object or new Script object.
script = frameScript;
}
else if (JS_GetFunctionObject(fun) != obj)
{
// Here, obj is either a native method or a cloned function
// object.
@ -1880,22 +1902,6 @@ nsScriptSecurityManager::GetFunctionObjectPrincipal(JSContext *cx,
return result;
}
JSScript *frameScript = fp ? JS_GetFrameScript(cx, fp) : nsnull;
if (frameScript && frameScript != script)
{
// There is a frame script, and it's different from the
// function script. In this case we're dealing with either
// an eval or a Script object, and in these cases the
// principal we want is in the frame's script, not in the
// function's script. The function's script is where the
// eval-calling code came from, not where the eval or new
// Script object came from, and we want the principal of
// the eval function object or new Script object.
script = frameScript;
}
return GetScriptPrincipal(cx, script, rv);
}