Bug 986730 - Run the FeedWriter sandbox with an expanded principal. r=mrbkap

2025-01-31 19:10:36 +00:00 · 2014-04-06 12:32:38 -07:00 · 2014-04-06 12:32:38 -07:00 · df7f0b15e1
commit df7f0b15e1
parent 106a5de3c3
1 changed files with 13 additions and 1 deletions
--- a/browser/components/feeds/src/FeedWriter.js
+++ b/browser/components/feeds/src/FeedWriter.js
@ -221,8 +221,20 @@ FeedWriter.prototype = {
   */
  __contentSandbox: null,
  get _contentSandbox() {
+    // This whole sandbox setup is totally archaic. It was introduced in bug
+    // 360529, presumably before the existence of a solid security membrane,
+    // since all of the manipulation of content here should be made safe by
+    // Xrays. And now that anonymous content is no longer content-accessible,
+    // manipulating the xml stylesheet content can't be done from content
+    // anymore.
+    //
+    // The right solution would be to rip out all of this sandbox junk and
+    // manipulate the DOM directly. But that's a big yak to shave, so for now,
+    // we just give the sandbox an nsExpandedPrincipal with []. This has the
+    // effect of giving it Xrays, and making it same-origin with the XBL scope,
+    // thereby letting it manipulate anonymous content.
    if (!this.__contentSandbox)
-      this.__contentSandbox = new Cu.Sandbox(this._window, 
+      this.__contentSandbox = new Cu.Sandbox([this._window],
                                             {sandboxName: 'FeedWriter'});

    return this.__contentSandbox;