Bug 1019149. For calls into JS-implemented WebIDL, don't check whether it's OK to run the script (it is) and whether the script lives in a window (it doesn't). r=bholley

2025-02-27 04:38:02 +00:00 · 2014-06-03 11:38:37 -04:00 · 2014-06-03 11:38:37 -04:00 · d519374494
commit d519374494
parent 490d4fc9b2
1 changed files with 7 additions and 3 deletions
--- a/dom/bindings/CallbackObject.cpp
+++ b/dom/bindings/CallbackObject.cpp
@ -86,8 +86,10 @@ CallbackObject::CallSetup::CallSetup(CallbackObject* aCallback,
    // GC, so just paper over the necessary dataflow inversion.
    JS::AutoSuppressGCAnalysis nogc;
    if (mIsMainThread) {
-      // Now get the global and JSContext for this callback.
-      nsGlobalWindow* win = xpc::WindowGlobalOrNull(realCallback);
+      // Now get the global and JSContext for this callback.  Note that for the
+      // case of JS-implemented WebIDL we never have a window here.
+      nsGlobalWindow* win =
+        aIsJSImplementedWebIDL ? nullptr : xpc::WindowGlobalOrNull(realCallback);
      if (win) {
        // Make sure that if this is a window it's the current inner, since the
        // nsIScriptContext and hence JSContext are associated with the outer
@ -151,7 +153,9 @@ CallbackObject::CallSetup::CallSetup(CallbackObject* aCallback,
    mRootedCallable.construct(cx, aCallback->Callback());
  }

-  if (mIsMainThread) {
+  // JS-implemented WebIDL is always OK to run, since it runs with Chrome
+  // privileges anyway.
+  if (mIsMainThread && !aIsJSImplementedWebIDL) {
    // Check that it's ok to run this callback at all.
    // Make sure to use realCallback to get the global of the callback object,
    // not the wrapper.