mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 10:44:56 +00:00
Bug 553102 - Make content-> access default to deny if __exposedProps__ is not defined. r=mrbkap
This commit is contained in:
parent
aa8dadc330
commit
9a7444669f
@ -45,6 +45,5 @@ DEPRECATED_OPERATION(InputEncoding)
|
|||||||
DEPRECATED_OPERATION(MozBeforePaint)
|
DEPRECATED_OPERATION(MozBeforePaint)
|
||||||
DEPRECATED_OPERATION(MozBlobBuilder)
|
DEPRECATED_OPERATION(MozBlobBuilder)
|
||||||
DEPRECATED_OPERATION(DOMExceptionCode)
|
DEPRECATED_OPERATION(DOMExceptionCode)
|
||||||
DEPRECATED_OPERATION(NoExposedProps)
|
|
||||||
DEPRECATED_OPERATION(MutationEvent)
|
DEPRECATED_OPERATION(MutationEvent)
|
||||||
DEPRECATED_OPERATION(MozSlice)
|
DEPRECATED_OPERATION(MozSlice)
|
||||||
|
@ -127,8 +127,6 @@ MediaLoadDecodeError=Media resource %S could not be decoded.
|
|||||||
MozBlobBuilderWarning=Use of MozBlobBuilder is deprecated. Use Blob constructor instead.
|
MozBlobBuilderWarning=Use of MozBlobBuilder is deprecated. Use Blob constructor instead.
|
||||||
# LOCALIZATION NOTE: Do not translate "DOMException", "code" and "name"
|
# LOCALIZATION NOTE: Do not translate "DOMException", "code" and "name"
|
||||||
DOMExceptionCodeWarning=Use of DOMException's code attribute is deprecated. Use name instead.
|
DOMExceptionCodeWarning=Use of DOMException's code attribute is deprecated. Use name instead.
|
||||||
# LOCALIZATION NOTE: Do not translate "__exposedProps__"
|
|
||||||
NoExposedPropsWarning=Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See https://developer.mozilla.org/en/XPConnect_wrappers for more information.
|
|
||||||
# LOCALIZATION NOTE: Do not translate "Mutation Event" and "MutationObserver"
|
# LOCALIZATION NOTE: Do not translate "Mutation Event" and "MutationObserver"
|
||||||
MutationEventWarning=Use of Mutation Events is deprecated. Use MutationObserver instead.
|
MutationEventWarning=Use of Mutation Events is deprecated. Use MutationObserver instead.
|
||||||
# LOCALIZATION NOTE: Do not translate "Blob", "mozSlice", or "slice"
|
# LOCALIZATION NOTE: Do not translate "Blob", "mozSlice", or "slice"
|
||||||
|
@ -33,7 +33,6 @@ MOCHITEST_CHROME_FILES = \
|
|||||||
test_bug706301.xul \
|
test_bug706301.xul \
|
||||||
test_bug726949.xul \
|
test_bug726949.xul \
|
||||||
test_bug743843.xul \
|
test_bug743843.xul \
|
||||||
test_bug758563.xul \
|
|
||||||
test_bug760076.xul \
|
test_bug760076.xul \
|
||||||
test_bug760109.xul \
|
test_bug760109.xul \
|
||||||
test_bug763343.xul \
|
test_bug763343.xul \
|
||||||
|
@ -1,80 +0,0 @@
|
|||||||
<?xml version="1.0"?>
|
|
||||||
<?xml-stylesheet type="text/css" href="chrome://global/skin"?>
|
|
||||||
<?xml-stylesheet type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"?>
|
|
||||||
<!--
|
|
||||||
https://bugzilla.mozilla.org/show_bug.cgi?id=758563
|
|
||||||
-->
|
|
||||||
<window title="Mozilla Bug 758563"
|
|
||||||
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
|
|
||||||
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
|
|
||||||
|
|
||||||
<!-- test results are displayed in the html:body -->
|
|
||||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
|
||||||
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=758563"
|
|
||||||
target="_blank">Mozilla Bug 758563</a>
|
|
||||||
</body>
|
|
||||||
|
|
||||||
<!-- test code goes here -->
|
|
||||||
<script type="application/javascript">
|
|
||||||
<![CDATA[
|
|
||||||
|
|
||||||
/** Test for deprecation warnings for non-__exposedProps__ COWs. **/
|
|
||||||
|
|
||||||
SimpleTest.waitForExplicitFinish();
|
|
||||||
|
|
||||||
// Set up our console listener.
|
|
||||||
var gWarnings = 0;
|
|
||||||
function onWarning(consoleMessage) {
|
|
||||||
if (/__exposedProps__/.test(consoleMessage.message))
|
|
||||||
gWarnings++;
|
|
||||||
}
|
|
||||||
var gListener = {
|
|
||||||
observe: onWarning,
|
|
||||||
QueryInterface: function (iid) {
|
|
||||||
if (!iid.equals(Components.interfaces.nsIConsoleListener) &&
|
|
||||||
!iid.equals(Components.interfaces.nsISupports)) {
|
|
||||||
throw Components.results.NS_ERROR_NO_INTERFACE;
|
|
||||||
}
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
};
|
|
||||||
var gConsoleService = Components.classes["@mozilla.org/consoleservice;1"]
|
|
||||||
.getService(Components.interfaces.nsIConsoleService);
|
|
||||||
gConsoleService.registerListener(gListener);
|
|
||||||
|
|
||||||
// Wait for both child frame to load.
|
|
||||||
var gLoadCount = 0;
|
|
||||||
function frameLoaded() {
|
|
||||||
if (++gLoadCount == 2)
|
|
||||||
go();
|
|
||||||
}
|
|
||||||
|
|
||||||
function go() {
|
|
||||||
testFor('frame1');
|
|
||||||
testFor('frame2');
|
|
||||||
|
|
||||||
// Warnings are dispatched async, so stick ourselves at the end of the event
|
|
||||||
// queue.
|
|
||||||
setTimeout(done, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
function testFor(id) {
|
|
||||||
var win = document.getElementById(id).contentWindow.wrappedJSObject;
|
|
||||||
win.chromeObj = {a: 42};
|
|
||||||
win.ok = ok;
|
|
||||||
win.is = is;
|
|
||||||
win.doAccess();
|
|
||||||
}
|
|
||||||
|
|
||||||
function done() {
|
|
||||||
gConsoleService.unregisterListener(gListener);
|
|
||||||
is(gWarnings, 2, "Got the right number of warnings");
|
|
||||||
SimpleTest.finish();
|
|
||||||
}
|
|
||||||
|
|
||||||
]]>
|
|
||||||
|
|
||||||
</script>
|
|
||||||
<iframe id="frame1" onload="frameLoaded();" type="content" src="http://mochi.test:8888/tests/js/xpconnect/tests/mochitest/file_bug758563.html" />
|
|
||||||
<iframe id="frame2" onload="frameLoaded();" type="content" src="http://mochi.test:8888/tests/js/xpconnect/tests/mochitest/file_bug758563.html" />
|
|
||||||
</window>
|
|
@ -95,10 +95,12 @@ function COWTests() {
|
|||||||
const PROPS_TO_TEST = ['foo', 'bar', 'prototype'];
|
const PROPS_TO_TEST = ['foo', 'bar', 'prototype'];
|
||||||
|
|
||||||
var empty = {};
|
var empty = {};
|
||||||
// Once we flip the default for __exposedProps__, this should behave
|
var nonempty = {foo: 42, bar: 33};
|
||||||
// the same as for function objects below.
|
|
||||||
is(getCOW(empty).foo, undefined,
|
is(getCOW(empty).foo, undefined,
|
||||||
"shouldn't throw when accessing exposed properties that doesn't exist");
|
"shouldn't throw when accessing exposed properties that doesn't exist");
|
||||||
|
PROPS_TO_TEST.forEach(function(name) {
|
||||||
|
isPropHidden(getCOW(nonempty), name, "object without exposedProps");
|
||||||
|
});
|
||||||
|
|
||||||
// Test function objects without __exposedProps__
|
// Test function objects without __exposedProps__
|
||||||
var func = function(x) { return 42; };
|
var func = function(x) { return 42; };
|
||||||
|
@ -61,7 +61,6 @@ MOCHITEST_FILES = bug500931_helper.html \
|
|||||||
test_bug691059.html \
|
test_bug691059.html \
|
||||||
file_bug706301.html \
|
file_bug706301.html \
|
||||||
test_bug745483.html \
|
test_bug745483.html \
|
||||||
file_bug758563.html \
|
|
||||||
file_bug760131.html \
|
file_bug760131.html \
|
||||||
test_bug764389.html \
|
test_bug764389.html \
|
||||||
test_bug772288.html \
|
test_bug772288.html \
|
||||||
|
@ -1,19 +0,0 @@
|
|||||||
<html>
|
|
||||||
<head>
|
|
||||||
<script type="application/javascript">
|
|
||||||
function doAccess() {
|
|
||||||
// Access the variable twice.
|
|
||||||
oneAccess();
|
|
||||||
oneAccess();
|
|
||||||
}
|
|
||||||
|
|
||||||
function oneAccess() {
|
|
||||||
try {
|
|
||||||
is(window.chromeObj.a, 42, "Successfully read chrome property");
|
|
||||||
} catch (e) { ok(false, "Threw while trying to access chrome property"); };
|
|
||||||
}
|
|
||||||
</script>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
@ -427,24 +427,6 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
|||||||
if (!wrapperAC.enter(cx, wrapper))
|
if (!wrapperAC.enter(cx, wrapper))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
// For now, only do this on functions.
|
|
||||||
if (!JS_ObjectIsFunction(cx, wrappedObject)) {
|
|
||||||
|
|
||||||
// This little loop hole will go away soon! See bug 553102.
|
|
||||||
nsCOMPtr<nsPIDOMWindow> win =
|
|
||||||
do_QueryInterface(nsJSUtils::GetStaticScriptGlobal(cx, wrapper));
|
|
||||||
if (win) {
|
|
||||||
nsCOMPtr<nsIDocument> doc =
|
|
||||||
do_QueryInterface(win->GetExtantDocument());
|
|
||||||
if (doc) {
|
|
||||||
doc->WarnOnceAbout(nsIDocument::eNoExposedProps,
|
|
||||||
/* asError = */ true);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
perm = PermitPropertyAccess;
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
return PermitIfUniversalXPConnect(cx, id, act, perm); // Deny
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user