mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-11 20:35:50 +00:00
Bug 819158 - Introduce stopAtOuter for UnwrapObjectChecked. r=mrbkap
We need to simultaneously stop marking outers as unsafe to unwrap, otherwise we'll end up with paradoxical behavior whereby stopAtOuter=true returns null but stopAtOuter=false returns an object. This is fine, because we're now handling outer explicitly.
This commit is contained in:
parent
cf9a39264b
commit
424b997531
@ -528,7 +528,7 @@ nsPIDOMWindow::~nsPIDOMWindow() {}
|
||||
class nsOuterWindowProxy : public js::Wrapper
|
||||
{
|
||||
public:
|
||||
nsOuterWindowProxy() : js::Wrapper(0) { setSafeToUnwrap(false); }
|
||||
nsOuterWindowProxy() : js::Wrapper(0) { }
|
||||
|
||||
virtual bool isOuterWindow() {
|
||||
return true;
|
||||
|
@ -92,22 +92,21 @@ js::UnwrapObject(JSObject *wrapped, bool stopAtOuter, unsigned *flagsp)
|
||||
}
|
||||
|
||||
JS_FRIEND_API(JSObject *)
|
||||
js::UnwrapObjectChecked(RawObject obj)
|
||||
js::UnwrapObjectChecked(RawObject obj, bool stopAtOuter)
|
||||
{
|
||||
while (true) {
|
||||
JSObject *wrapper = obj;
|
||||
obj = UnwrapOneChecked(obj);
|
||||
obj = UnwrapOneChecked(obj, stopAtOuter);
|
||||
if (!obj || obj == wrapper)
|
||||
return obj;
|
||||
}
|
||||
}
|
||||
|
||||
JS_FRIEND_API(JSObject *)
|
||||
js::UnwrapOneChecked(RawObject obj)
|
||||
js::UnwrapOneChecked(RawObject obj, bool stopAtOuter)
|
||||
{
|
||||
// Checked unwraps should never unwrap outer windows.
|
||||
if (!obj->isWrapper() ||
|
||||
JS_UNLIKELY(!!obj->getClass()->ext.innerObject))
|
||||
JS_UNLIKELY(!!obj->getClass()->ext.innerObject && stopAtOuter))
|
||||
{
|
||||
return obj;
|
||||
}
|
||||
|
@ -262,12 +262,12 @@ UnwrapObject(JSObject *obj, bool stopAtOuter = true, unsigned *flagsp = NULL);
|
||||
// code should never be unwrapping outer window wrappers, we always stop at
|
||||
// outer windows.
|
||||
JS_FRIEND_API(JSObject *)
|
||||
UnwrapObjectChecked(RawObject obj);
|
||||
UnwrapObjectChecked(RawObject obj, bool stopAtOuter = true);
|
||||
|
||||
// Unwrap only the outermost security wrapper, with the same semantics as
|
||||
// above. This is the checked version of Wrapper::wrappedObject.
|
||||
JS_FRIEND_API(JSObject *)
|
||||
UnwrapOneChecked(RawObject obj);
|
||||
UnwrapOneChecked(RawObject obj, bool stopAtOuter = true);
|
||||
|
||||
JS_FRIEND_API(bool)
|
||||
IsCrossCompartmentWrapper(RawObject obj);
|
||||
|
Loading…
Reference in New Issue
Block a user