2.) WebShell now implements the new nsIScriptGlobalObjectOwner.
3.) WebShell supports GetInterface to nsIScriptGlobalObject.
4.) Documents no longer carry around a reference to nsIScriptContextOwner. Instead they hold on to a nsIScriptGlobalObject. nsIDocument::GetScriptContextOwner has now become nsIDocument::GetScriptGlobalObject(). Same change to the set methods.
- Rename nsIScriptContext::CompileFunction to CompileEventHandler, and add BindCompiledEventHandler, to reflect function name restrictions and help brutal sharing.
- Add adjunct-interface nsIScriptEventHandlerOwner to nsIScriptObjectOwner.h; this interface is queried for by nsEventListenerManger.cpp to test and fill the XUL prototype event handler "cache".
- PR_LOG JS warnings, and look in javascript.options.{strict,werror} for those options.
- Implement nsIScriptEventHandlerOwner in nsXULElement, keeping pointers to pre-compiled event handlers in nsXULPrototypeAttribute.
(bug 13218, r=waterson@netscape.com,vidur@netscape.com)
Build'). Modified files that conditionally compiled in support for
OJI, replacing with code that looks for OJI as an XPCOM service, and
failing gracefully if the OJI XPCOM service is not found. The four
files modified by this fix are the only active ones; other modules
that conditionally compile in support for OJI appear to be dead code.
r=drapeau@eng.sun.com. Fix contributed by Jayashri Visvanathan
(visvan@eng.sun.com).
20257 unable to edit existing images in editor due to JS error
19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.
I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.
Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.
r=joki
There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.
r=jband
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
