Bug 772288 - Waive Xray for target objects in Cu.import. r=mrbkap

This commit is contained in:
Bobby Holley 2012-07-23 16:47:18 +02:00
parent 99a07d6d64
commit 8c8fbbde29
2 changed files with 26 additions and 7 deletions

View File

@ -13,7 +13,8 @@ MODULE = jsloader
LIBRARY_NAME = jsloader_s
FORCE_STATIC_LIB = 1
LIBXUL_LIBRARY = 1
LOCAL_INCLUDES += -I$(srcdir)/../src
LOCAL_INCLUDES += -I$(srcdir)/../src \
-I$(srcdir)/../wrappers
CPPSRCS = mozJSComponentLoader.cpp mozJSSubScriptLoader.cpp mozJSLoaderUtils.cpp

View File

@ -55,6 +55,8 @@
#include "xpcprivate.h"
#include "xpcpublic.h"
#include "nsIResProtocolHandler.h"
#include "nsContentUtils.h"
#include "WrapperFactory.h"
#include "mozilla/scache/StartupCache.h"
#include "mozilla/scache/StartupCacheUtils.h"
@ -67,6 +69,7 @@
using namespace mozilla;
using namespace mozilla::scache;
using namespace xpc;
static const char kJSRuntimeServiceContractID[] = "@mozilla.org/js/xpc/RuntimeService;1";
static const char kXPConnectServiceContractID[] = "@mozilla.org/js/xpc/XPConnect;1";
@ -965,7 +968,7 @@ mozJSComponentLoader::UnloadModules()
NS_IMETHODIMP
mozJSComponentLoader::Import(const nsACString& registryLocation,
const JS::Value& targetObj,
const JS::Value& targetVal_,
JSContext* cx,
PRUint8 optionalArgc,
JS::Value* retval)
@ -975,15 +978,30 @@ mozJSComponentLoader::Import(const nsACString& registryLocation,
JSAutoRequest ar(cx);
JSObject *targetObject = nsnull;
JS::Value targetVal = targetVal_;
JSObject *targetObject = NULL;
MOZ_ASSERT(nsContentUtils::CallerHasUniversalXPConnect());
if (optionalArgc) {
// The caller passed in the optional second argument. Get it.
if (targetObj.isObjectOrNull()) {
targetObject = targetObj.toObjectOrNull();
} else {
if (targetVal.isObject()) {
// If we're passing in something like a content DOM window, chances
// are the caller expects the properties to end up on the object
// proper and not on the Xray holder. This is dubious, but can be used
// during testing. Given that dumb callers can already leak JSMs into
// content by passing a raw content JS object (where Xrays aren't
// possible), we aim for consistency here. Waive xray.
if (WrapperFactory::IsXrayWrapper(&targetVal.toObject()) &&
!WrapperFactory::WaiveXrayAndWrap(cx, &targetVal))
{
return NS_ERROR_FAILURE;
}
targetObject = &targetVal.toObject();
} else if (!targetVal.isNull()) {
// If targetVal isNull(), we actually want to leave targetObject null.
// Not doing so breaks |make package|.
return ReportOnCaller(cx, ERROR_SCOPE_OBJ,
PromiseFlatCString(registryLocation).get());
PromiseFlatCString(registryLocation).get());
}
} else {
// Our targetObject is the caller's global object. Find it by