From c4cf5ef02fbd2a32f23b45912bcee22bc18f20e1 Mon Sep 17 00:00:00 2001 From: Bobby Holley Date: Mon, 26 Jan 2015 10:26:33 -0800 Subject: [PATCH] Bug 1124898 - Stop exposing ex-nsIDOMChromeWindow things for random unprivileged things loaded in chrome docshells. r=bz --- dom/base/nsGlobalWindow.cpp | 5 +++-- dom/base/nsGlobalWindow.h | 2 +- dom/webidl/Window.webidl | 32 ++++++++++++++++---------------- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp index 2933846462cc..c8d03dd35f5d 100644 --- a/dom/base/nsGlobalWindow.cpp +++ b/dom/base/nsGlobalWindow.cpp @@ -4342,10 +4342,11 @@ nsGlobalWindow::GetOwnPropertyNames(JSContext* aCx, nsTArray& aNames, } /* static */ bool -nsGlobalWindow::IsChromeWindow(JSContext* aCx, JSObject* aObj) +nsGlobalWindow::IsPrivilegedChromeWindow(JSContext* aCx, JSObject* aObj) { // For now, have to deal with XPConnect objects here. - return xpc::WindowOrNull(aObj)->IsChromeWindow(); + return xpc::WindowOrNull(aObj)->IsChromeWindow() && + nsContentUtils::ObjectPrincipal(aObj) == nsContentUtils::GetSystemPrincipal(); } /* static */ bool diff --git a/dom/base/nsGlobalWindow.h b/dom/base/nsGlobalWindow.h index 731b1390887c..647fa45e06ec 100644 --- a/dom/base/nsGlobalWindow.h +++ b/dom/base/nsGlobalWindow.h @@ -491,7 +491,7 @@ public: void GetSupportedNames(nsTArray& aNames); - static bool IsChromeWindow(JSContext* /* unused */, JSObject* aObj); + static bool IsPrivilegedChromeWindow(JSContext* /* unused */, JSObject* aObj); static bool IsShowModalDialogEnabled(JSContext* /* unused */ = nullptr, JSObject* /* unused */ = nullptr); diff --git a/dom/webidl/Window.webidl b/dom/webidl/Window.webidl index 5dea5cf6c1c0..fa4c6656c0c5 100644 --- a/dom/webidl/Window.webidl +++ b/dom/webidl/Window.webidl @@ -405,16 +405,16 @@ partial interface Window { [Func="IsChromeOrXBL"] interface ChromeWindow { - [Func="nsGlobalWindow::IsChromeWindow"] + [Func="nsGlobalWindow::IsPrivilegedChromeWindow"] const unsigned short STATE_MAXIMIZED = 1; - [Func="nsGlobalWindow::IsChromeWindow"] + [Func="nsGlobalWindow::IsPrivilegedChromeWindow"] const unsigned short STATE_MINIMIZED = 2; - [Func="nsGlobalWindow::IsChromeWindow"] + [Func="nsGlobalWindow::IsPrivilegedChromeWindow"] const unsigned short STATE_NORMAL = 3; - [Func="nsGlobalWindow::IsChromeWindow"] + [Func="nsGlobalWindow::IsPrivilegedChromeWindow"] const unsigned short STATE_FULLSCREEN = 4; - [Func="nsGlobalWindow::IsChromeWindow"] + [Func="nsGlobalWindow::IsPrivilegedChromeWindow"] readonly attribute unsigned short windowState; /** @@ -422,40 +422,40 @@ interface ChromeWindow { * utility functions implemented by chrome script. It will be null * for DOMWindows not corresponding to browsers. */ - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] attribute nsIBrowserDOMWindow? browserDOMWindow; - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] void getAttention(); - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] void getAttentionWithCycleCount(long aCycleCount); - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] void setCursor(DOMString cursor); - [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering] void maximize(); - [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering] void minimize(); - [Throws, Func="nsGlobalWindow::IsChromeWindow", UnsafeInPrerendering] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow", UnsafeInPrerendering] void restore(); /** * Notify a default button is loaded on a dialog or a wizard. * defaultButton is the default button. */ - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] void notifyDefaultButtonLoaded(Element defaultButton); - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] readonly attribute nsIMessageBroadcaster messageManager; /** * Returns the message manager identified by the given group name that * manages all frame loaders belonging to that group. */ - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] nsIMessageBroadcaster getGroupMessageManager(DOMString aGroup); /** @@ -468,7 +468,7 @@ interface ChromeWindow { * * Throws NS_ERROR_NOT_IMPLEMENTED if the OS doesn't support this. */ - [Throws, Func="nsGlobalWindow::IsChromeWindow"] + [Throws, Func="nsGlobalWindow::IsPrivilegedChromeWindow"] void beginWindowMove(Event mouseDownEvent, optional Element? panel = null); };