Commit Graph

397 Commits

Author SHA1 Message Date
Bobby Holley
170286774d Bug 843829 - Explicitly add a waiver in FieldGetter and FieldSetter. r=mrbkap 2013-04-02 18:51:20 -07:00
Bobby Holley
6a9d39f758 Bug 843829 - Stop using IsTransparent for XBL field access, and explicitly waive instead. r=mrbkap 2013-04-02 18:51:20 -07:00
Bobby Holley
70b8e9c476 Bug 843829 - Apply transitive waivers for nativeCall. r=mrbkap 2013-04-02 18:51:20 -07:00
Bobby Holley
c6e721524b Bug 845862 - Transitively apply waivers for accessor descriptors. r=mrbkap 2013-04-02 18:51:19 -07:00
Jon Coppeard
03a9c98899 Bug 854955 - GC: Rooting in XrayWrapper.cpp r=bholley
--HG--
extra : rebase_source : fdee7c16f54e1fcbf4ae96e89ffd20eb14ec2d8d
2013-03-27 11:33:30 +00:00
Bobby Holley
7ca7a4cb72 Bug 854480 - Remove SCRIPT_ACCESS_ONLY. r=mrbkap 2013-04-01 15:17:51 -07:00
Gabor Krizsanits
31f45643be Bug 820170 - GetNativeForGlobal. r=bholley 2013-04-04 11:27:42 +02:00
Kyle Machulis
72a717a860 Bug 855465 - Add emacs python mode comments to moz.build files; r=gps 2013-04-01 11:36:59 -07:00
Eddy Bruel
ac26949ffe Bug 789897 - Implement isExtensible and preventExtensions traps for proxies, including scriptable direct proxies, and in the various wrapper classes. Also move non-static JSObject::preventExtensions to static ObjectImpl::preventExtensions, for handle correctness. Patch is a semi-tag-team effort with jwalden. r=jwalden, r=ejpbruel, r=bholley, r=two-turtle-doves-and-a-partridge-in-a-pear-tree
--HG--
extra : rebase_source : 156d2c22499372fceb60d130e363a3685e68b9fc
2013-03-22 19:43:03 -07:00
Kyle Machulis
43628a7867 Backout for changeset 03452b187c14 (Bug 855465) due to bustage on a CLOSED TREE; r=qdot 2013-03-29 15:12:58 -07:00
Kyle Machulis
334c0800cf Bug 855465 - Add emacs python mode comments to moz.build files; r=gps
--HG--
extra : rebase_source : 004a756492323e1a049586e85b3be5037159df20
2013-03-29 13:56:18 -07:00
Ryan VanderMeulen
114ddf1599 Backed out bug 789897 due to regressions. 2013-03-29 14:07:32 -04:00
Bobby Holley
cf8475a71a Bug 855922 - Check XBL scopes per-compartment in the SOW isSafeToUnwrap hook. r=bz 2013-03-28 18:38:07 -07:00
Eddy Bruel
4f59f6b452 Bug 789897 - Implement a preventExtensions trap for proxies. Patch is a semi-tag-team effort with jwalden. r=jwalden, r=ejpbruel, r=bholley, r=two-turtle-doves-and-a-partridge-in-a-pear-tree
--HG--
extra : rebase_source : 03b1b90c727ecc6a5d9d8cd769423f0a8f6efde4
2013-03-22 19:43:12 -07:00
Eddy Bruel
6c07f423e8 Bug 789897 - Implement an isExtensible trap for proxies. Patch is a semi-tag-team effort with jwalden. r=jwalden, r=ejpbruel, r=bholley, r=two-turtle-doves-and-a-partridge-in-a-pear-tree
--HG--
extra : rebase_source : 346645d8dc32ddb76f18e7557e99f41cb66abe9e
2013-03-22 19:43:03 -07:00
Bobby Holley
0cdff77326 Bug 854558 - Enforce __exposedProps__ for Sandboxes. r=gabor 2013-03-26 09:08:29 -07:00
David Zbarsky
46284ae633 Bug 847007: Remove nsIContent includes r=Ms2ger 2013-03-21 20:05:20 -04:00
Tom Schuster
a1663a0e87 Bug 828462 - Root Proxy/Wrapper in the browser. r=terrence,bz 2013-03-21 23:23:48 +01:00
Tom Schuster
787f786f96 Bug 828462 - Root Proxy/Wrapper delete. r=terrence 2013-03-21 23:23:48 +01:00
Tom Schuster
b6725433ce Bug 828462 - Root Proxy/Wrapper getOwnPropertyNames and keys. r=terrence 2013-03-21 23:23:47 +01:00
Tom Schuster
aaa3687e9b Bug 828462 - Root Proxy/Wrapper defineProperty. r=terrence 2013-03-21 23:23:47 +01:00
Tom Schuster
950e87f7e8 Bug 828462 - Root Proxy/Wrapper get(Own)PropertyDescriptor. r=terrence 2013-03-21 23:23:47 +01:00
Bobby Holley
5d587a2a1e Bug 658909 - Remove GWNOJO from AccessCheck. r=mrbkap 2013-03-21 08:20:45 -07:00
Bobby Holley
155c7bef82 Bug 658909 - Remove GWNOJO from JSObject2NativeInterface. r=mrbkap 2013-03-21 08:20:44 -07:00
Bobby Holley
b945d5623d Bug 658909 - Implement carefully-checked unwrapping in XPCCallContext. r=mrbkap 2013-03-21 08:20:42 -07:00
Bobby Holley
dace71a951 Bug 658909 - Make isSafeToUnwrap pseudo-dynamic for SOWs. r=mrbkap
This can go away as soon as XBL scopes are no longer behind a pref.
2013-03-21 08:20:41 -07:00
Ryan VanderMeulen
318dfacf98 Backed out 22 changesets (bug 658909) for Windows debug bustage. 2013-03-21 15:24:54 -04:00
Bobby Holley
f89657fd7e Bug 658909 - Remove GWNOJO from AccessCheck. r=mrbkap 2013-03-21 08:20:45 -07:00
Bobby Holley
9d8bb86c94 Bug 658909 - Remove GWNOJO from JSObject2NativeInterface. r=mrbkap 2013-03-21 08:20:44 -07:00
Bobby Holley
9a8ea3591c Bug 658909 - Implement carefully-checked unwrapping in XPCCallContext. r=mrbkap 2013-03-21 08:20:42 -07:00
Bobby Holley
13040f7556 Bug 658909 - Make isSafeToUnwrap pseudo-dynamic for SOWs. r=mrbkap
This can go away as soon as XBL scopes are no longer behind a pref.
2013-03-21 08:20:41 -07:00
Jon Coppeard
f18e9439d5 Bug 853028 - GC: Fix some rooting issues found by static analysis r=terrence
--HG--
extra : rebase_source : a1d340a00516ae890c98fa7420497e85526823fc
2013-03-21 12:56:58 +00:00
Mike Shal
7ecea60097 Bug 844654 - Part 2: Move MODULE to moz.build; rs=gps 2013-03-19 11:47:00 -07:00
Mohit Gahlot
8cc749406f Bug 851377 - Now ResolvingId::isResolving is not called with a null object. r=bholley 2013-03-18 21:28:05 +05:30
Bobby Holley
fa807df3d0 Bug 851987 - QI to nsPIDOMWindow instead of nsIDOMWindow in XPCWrappedJS. r=bz 2013-03-18 14:30:23 -07:00
Ms2ger
4f5fca99bc Bug 845374 - Part l: Stop including nsIDocument.h in nsContentUtils.h and fix two nits; r=khuey 2013-03-17 08:55:15 +01:00
Bobby Holley
4b95a9deb0 Bug 850517 - Support named window access via Xray. r=mrbkap 2013-03-14 22:38:26 -07:00
Bobby Holley
510b8a85e9 Bug 849730 - Let objectClassIs through for COWs. r=mrbkap 2013-03-13 14:48:59 -07:00
Bill McCloskey
484d62d1fb Bug 846890 - Avoid check for native anonymous content when possible (r=bholley) 2013-03-08 18:49:36 -08:00
Bill McCloskey
7401ed1cc2 Back out bug 846890 for reftest orange 2013-03-08 21:27:25 -08:00
Bill McCloskey
0ca2a01b5b Bug 846890 - Avoid check for native anonymous content when possible (r=bholley) 2013-03-08 18:49:36 -08:00
Jon Coppeard
a0a3f88913 Bug 848395 - GC: Move Rooted to JS namespace - rename js::Rooted to JS::Rooted outside SpiderMonkey r=terrence
--HG--
extra : rebase_source : 35cbf3cc4da4598c2e9e6975028ef397718849db
2013-03-06 16:41:43 +00:00
Ed Morley
3a53c22824 Backed out changeset 28ef4bdff455 (bug 848395) 2013-03-07 13:03:35 +00:00
Jon Coppeard
6a98a4532a Bug 848395 - GC: Move Rooted to JS namespace - rename js::Rooted to JS::Rooted outside SpiderMonkey r=terrence
--HG--
extra : rebase_source : 866879df05e3ec3f8e93570eb3f6b71103636b41
2013-03-06 16:41:43 +00:00
Gregory Szorc
0c8ee65118 Merge mozilla-central into build-system
There were merges in configure.in and some Makefile.in. None had any
conflicts. I spot verified the Makefile.in changes and confirmed that
the changes did not touch any DIRS* variables.
2013-02-27 10:03:52 -08:00
Gregory Szorc
45faa95b04 Merge mozilla-central into build-system
Only conflict was configure.in amd was due to context, not
changed lines themselves.
2013-02-25 22:09:18 -08:00
Gregory Szorc
c832d55dac Bug 784841 - Part 18s: Convert /js; r=glandium 2013-02-25 12:47:22 -08:00
Bobby Holley
0c9994db1d Bug 836301 - Hoist some assertions, remove a bunch of no-op trap overrides, and add assertions that we've entered our policy. r=mrbkap 2013-02-25 13:54:18 -08:00
Bobby Holley
59d3c6c36d Bug 836301 - Hoist enter() calls from {Xray,}Wrapper::foo into Proxy::foo. r=mrbkap 2013-02-25 13:54:18 -08:00
Bobby Holley
d916a1015e Bug 836301 - Introduce an RAII class for entering policies. r=mrbkap
This will allow us to make some hard assertions that a given policy has been
entered exactly once.
2013-02-25 13:54:18 -08:00
Bobby Holley
e969932415 Bug 836301 - Add Special handling to allow us to call enter() for defineProperty on Xrays. r=mrbkap 2013-02-25 13:54:17 -08:00
Bobby Holley
141e362856 Bug 836301 - Stop using JSRESOLVE_ASSIGNING to determine GET vs SET. r=mrbkap
This is just a heuristic, anyway, and some of the usage is downright broken.
There are two cases here:

1 - Deciding what to do for get{Own,}PropertyDescriptor. In these cases, we can
just enter with GET and rely on the filtering machinery to filter out dangerous
setters for security wrappers.

2 - Custom Xray props. None of these make sense in a |set| context. In fact,
    they generally have null setters anyway, so we can just assume GET.

The policy-entering code in XrayWrapper is super haphazard. We'll get rid of it
entirely later in these patches.
2013-02-25 13:54:17 -08:00
Bobby Holley
75c19cf6e0 Bug 834732 - Assert proper cx stack handling in WrapperFactory::Rewrap. r=mrbkap 2013-02-26 11:04:13 -08:00
Bobby Holley
a56a907e29 Bug 834697 - Enable XBL scopes, and disable assertion. r=bz,me 2013-02-14 15:15:59 +01:00
Ryan VanderMeulen
141f9389ce Backed out 12 changesets (bug 834732) for b2g bustage and OSX mochitest-1 crashes on a CLOSED TREE. 2013-02-12 20:54:48 -05:00
Bobby Holley
17eaab9c51 Bug 834732 - Assert proper cx stack handling in WrapperFactory::Rewrap. r=mrbkap 2013-02-13 00:22:27 +01:00
Phil Ringnalda
7529e0b16b Back out 4d301b2bcad0:e0632e639097 (bug 836301) for Windows build bustage
CLOSED TREE
2013-02-22 08:41:37 -08:00
Bobby Holley
510ba5b448 Bug 836301 - Hoist some assertions, remove a bunch of no-op trap overrides, and add assertions that we've entered our policy. r=mrbkap 2013-02-22 08:14:34 -08:00
Bobby Holley
bdcb37109c Bug 836301 - Hoist enter() calls from {Xray,}Wrapper::foo into Proxy::foo. r=mrbkap 2013-02-22 08:14:34 -08:00
Bobby Holley
2c74bb15cf Bug 836301 - Introduce an RAII class for entering policies. r=mrbkap
This will allow us to make some hard assertions that a given policy has been
entered exactly once.
2013-02-22 08:14:33 -08:00
Bobby Holley
3e3a4e08c3 Bug 836301 - Add Special handling to allow us to call enter() for defineProperty on Xrays. r=mrbkap 2013-02-22 08:14:33 -08:00
Bobby Holley
79dd453af9 Bug 836301 - Stop using JSRESOLVE_ASSIGNING to determine GET vs SET. r=mrbkap
This is just a heuristic, anyway, and some of the usage is downright broken.
There are two cases here:

1 - Deciding what to do for get{Own,}PropertyDescriptor. In these cases, we can
just enter with GET and rely on the filtering machinery to filter out dangerous
setters for security wrappers.

2 - Custom Xray props. None of these make sense in a |set| context. In fact,
    they generally have null setters anyway, so we can just assume GET.

The policy-entering code in XrayWrapper is super haphazard. We'll get rid of it
entirely later in these patches.
2013-02-22 08:14:32 -08:00
Bobby Holley
047d41c0d3 Bug 839867 - Align gecko with the spec on cross-origin access to Location.hash. r=bz
We update the tests to cover this case. There was also a bug in the tests where
we were accidentally testing non-writable Location properties against window
rather than window.location. :-(
2013-02-11 00:05:17 +01:00
Bobby Holley
af54a3636a Bug 821850 - Dynamically waive Xray for field access by XBL script on bound nodes. r=bz 2013-02-08 14:24:22 +00:00
Bobby Holley
1b758ec295 Bug 821850 - Expose XBL members via Xray wrappers. r=bz 2013-02-08 14:24:21 +00:00
Bobby Holley
97bf6ad095 Bug 821850 - Clean up security wrappers for NAC. r=bz 2013-02-08 14:24:20 +00:00
Bobby Holley
54511231e6 Bug 831076 - Outerize during same-compartment wrapping so that JS_Wrap* is guaranteed to outerize. r=mrbkap 2013-02-04 15:13:14 +00:00
Bobby Holley
be3d55b211 Bug 831076 - Outerize at the very beginning of XPConnect wrapping and remove other outerization checks. r=mrbkap 2013-02-04 15:13:13 +00:00
Peter Van der Beken
88de345330 Fix for bug 715156 (JS code no longer work for select options as array in a Greasemonkey script (index and name setters don't really work via XrayWrapper)). r=bz.
--HG--
extra : rebase_source : 2ced75b6d49dbab5afe9a6ce7c322bf18a634026
2013-01-14 11:29:48 +01:00
Ed Morley
9474e07ea6 Backout f3c145bd1dd2 & 5075690572a9 for OS X startup failures 2013-01-28 11:08:21 +00:00
Peter Van der Beken
95d9de83f0 Fix for bug 715156 (JS code no longer work for select options as array in a Greasemonkey script (index and name setters don't really work via XrayWrapper)). r=bz.
--HG--
extra : rebase_source : 6bc420bd917e00a49dc5f6f3de13ff9e290c9580
2013-01-14 11:29:48 +01:00
Bobby Holley
59d0d80d82 Bug 823348 - Stop checking for Xray waivers in the Xray machinery. r=mrbkap
All the casese where we want to waive should now be going through WaiveXrayWrapper.
2013-01-23 06:04:39 +01:00
Bobby Holley
38606e7675 Bug 823348 - Replace security wrapper enumeration with a more rule-based approach. r=mrbkap 2013-01-23 06:04:39 +01:00
Bobby Holley
81028b7e44 Bug 823348 - Hoist special cases to the top of WrapperFactory::Rewrap. r=mrbkap
This paves the way for more rule-based selection of wrappers in the common case.
2013-01-23 06:04:39 +01:00
Bobby Holley
e73d3f774c Bug 823348 - Move COW prototype remapping out of wrapper selection. r=mrbkap
It's pretty orthogonal, and makes the critical block more complicated than it
needs to be.
2013-01-23 06:04:39 +01:00
Bobby Holley
d138e10671 Bug 823348 - Precompute various parameters in Rewrap. r=mrbkap
This is generally cleaner, and avoids potentially calling these functions
multiple times when we start moving this stuff around.
2013-01-23 06:04:39 +01:00
Bobby Holley
93ef6e574e Bug 823348 - Use GetXrayType for content->chrome Xray wrappers. r=mrbkap
There's no reason to do this any different than we do for XOWs and such. The
only thing this might conceivably support would be certain chrome XPWNs-as-COWs.
But that would require that they forced a parent in precreate without being
flagged as DOM objects in classinfo. And it's not clear why we'd want to support
that. And we're generally moving away from COWs anyway.
2013-01-23 06:04:39 +01:00
Bobby Holley
879caaf0ed Bug 823348 - Use EnsureCompartmentPrivate In Rewrap and stop checking for null. r=mrbkap 2013-01-23 06:04:39 +01:00
Bobby Holley
26a118b43a Bug 823348 - Make NNXOWs use an explicitly opaque Policy. r=mrbkap
There's no reason to be doing a dynamic check here, given that the JSClasses
will never match. Lets be explicit and safe.
2013-01-23 06:04:38 +01:00
Bobby Holley
402fba14fe Bug 823348 - Do a better job of lying about the holder and make assertions fatal. r=mrbkap
I noticed this nonfatal assertion firing, unrelated to my patches. Leaking
the holder is not so great. Let's fix this for real.
2013-01-23 06:04:38 +01:00
Bobby Holley
2eb6adc447 Bug 823348 - Remove broken and unused __scriptOnly__ check. r=mrbkap
__scriptOnly__ is unused on mxr and addons-mxr. Morevoer, the current
implementation is totally broken, because we check for NNXOW, which only
happens when a random content JS object ends up in some other cross-origin
scope (via addons, presumably), whereas chrome objects use ChomeObjectWrapper.

I'm soon going to replace SCRIPT_ACCESS_ONLY with checked unwrapping, and mark
all COWs as unsafe to unwrap (see bug 821573 and bug 658909). So let's just kill
this thing here.
2013-01-23 06:04:38 +01:00
Boris Zbarsky
06072bf404 Bug 823228 part 2. Move indexed property access on windows from nsWindowSH::GetProperty to the outer window proxy. r=bholley 2013-01-17 12:30:37 -05:00
Jeff Walden
192b78fa9c Whitespace tab-killing patrol. No bug, r=sparky 2013-01-04 17:00:43 -06:00
Jeff Walden
4a62a2dda6 Bug 824217 - Make ChromeObjectWrapper::getPropertyDescriptor not pretend no descriptor exists when the property exists along the prototype chain, when the property is being resolved just before an assignment. r=bholley 2013-01-03 17:55:58 -06:00
Jeff Walden
a127013839 Bug 826447 - Change all the proxy API signatures to take unsigned flags, rather than bool set, so that it's easier to find all tests of JSRESOLVE_ASSIGNING. r=bz
--HG--
extra : rebase_source : 3b88b411965087984d7973a90f8fa1b06457a6ce
2013-01-03 15:31:36 -06:00
Jeff Walden
c4fadd1981 Bug 823283 - Remove all remaining uses of JSRESOLVE_QUALIFIED, and the few remaining tests (which were pretty much purely diagnostic). r=luke
--HG--
extra : rebase_source : 51e2ac7ccc76be84d12600baeb6d458c2927bea7
2012-09-15 11:19:55 -07:00
Bobby Holley
f681aaffe9 Bug 809652 - Deny nativeCall for SecurityWrapper except under specific circumstances. r=jorendorff 2012-12-20 22:33:26 -08:00
Bobby Holley
ee5cb1d935 Bug 809652 - Have SecurityWrapper::enter default to deny, and override SecurityWrapper::objectClassIs. r=jorendorff 2012-12-20 22:33:26 -08:00
Peter Van der Beken
6f6a341ee2 Fix for bug 815149 (Add support for SOWs and XBL bindings in new DOM bindings). r=bz.
--HG--
extra : rebase_source : c24544fd3d1c99651e279e687a07a02c5b994323
2012-09-12 22:29:30 +02:00
Bobby Holley
65be2969d3 Bug 818716 - Move XBL detection into nsContentUtils and remove filename hack. r=mrbkap 2012-12-12 17:09:37 -08:00
Saurabh Anand
6de7befa37 Bug 818817 - Fix some compiler warnings, r=Ms2ger 2012-12-09 22:53:19 +05:30
Bobby Holley
8d249e9c73 Bug 813901 - Validate __exposedProps__. r=mrbkap
This also involves modifying test_cows to deep clone in getCOW.
2012-12-07 14:49:11 -08:00
Bobby Holley
2582344755 Bug 813901 - Throw COW exceptions in the wrapper's scope. r=mrbkap 2012-12-07 14:49:11 -08:00
Bobby Holley
f0c88f066f Bug 808608 - Remove Xray shadowing protection infrastructure. r=mrbkap
This is now unused.
2012-11-21 13:20:05 -08:00
Bobby Holley
11d6106099 Bug 808608 - Remove specialized Location security wrappers. r=mrbkap 2012-11-21 13:20:05 -08:00
Peter Van der Beken
a1d0e1ff9a Fix for bug 811895 (Fix WN Xray special methods so they can take new DOM binding objects). r=bz.
--HG--
extra : rebase_source : 4b4ade0c3cddee9241e94f2e20216cee73a8e284
2012-09-26 16:17:51 +02:00
Bobby Holley
7c36e30523 Bug 800915 - Remove the cx parameter and simplify various APIs. r=sfink,bz
If callers want to throw, it's now their responsibility.
2012-11-14 09:56:26 -08:00
Bobby Holley
2988e5c227 Bug 800915 - Reimplement PUNCTURE consumers in terms of isSafeToUnwrap() and remove PUNCTURE API. r=mrbkap 2012-11-14 09:56:25 -08:00
Bobby Holley
8b01117ea3 Bug 800915 - Add infrastructure to flag security wrappers as unsafe to unwrap. r=mrbkap 2012-11-14 09:56:25 -08:00
Bobby Holley
6f63d40f85 Bug 800915 - Clarify and refine the semantics of SecurityWrapper so that it is used if and only if unwrapping is unsafe. r=mrbkap
The naming scheme for Xray typedefs is the concatenation of the tuple:
({SC,}, {Security,Permissive}, Xray, {XPCWN,DOM}). This is admittedly a bit
much, but I think it's still better than explicitly doing the "typdef Foo Xray"
everywhere. Moreover, once the new DOM bindings are done, the last component
in the tuple will go away.
2012-11-14 09:56:25 -08:00
Bill McCloskey
c6fc79b890 Bug 803376 - Allow wrappers to be reused (r=bholley) 2012-09-11 17:14:24 -07:00
Boris Zbarsky
63fb55a443 Bug 779048 part 0.5. Don't require a JSContext argument for nsJSUtils::GetStaticScriptGlobal. r=bholley 2012-11-09 07:43:57 -08:00
Bobby Holley
e0e591c636 Bug 805807 - Filter setters. r=mrbkap 2012-11-07 15:45:50 -08:00
Bobby Holley
a209826b20 Bug 808611 - Move valueOf to nsIDOMLocation. r=mrbkap 2012-11-07 08:27:23 -08:00
Bobby Holley
5373164479 Bug 807179 - Add a constructor for JSPropertyDescriptor. r=luke 2012-11-05 17:49:44 -08:00
Boris Zbarsky
d1b570c89c Bug 807548. Enumerating an Xray should not see the 'constructor' property on DOM prototypes unless we're told to include non-enumerable properties. r=peterv 2012-11-05 11:58:03 -05:00
Bobby Holley
2669b93e81 Bug 805807 - Rearchitect filtering policies so that check() doesn't throw on denial. r=mrbkap
This is another one of those annoying situaitons in XPConnect right now where we
can't ask a question without potentially throwing if the answer is no. There's
also a bunch of unused cruft in here (like the Perm*Access stuff), so this stuff
was ripe for a spring cleaning. Unfortunately, I wasn't able to divide this patch
up nicely. Sorry for the big diff. :-(

In a nutshell, this patch changes things so that Policy::check() just becomes
a predicate that says whether the access is allowed or not. There's the remote
possibility that one of the underlying JSAPI calls in a ::check() implementation
might throw, so callers to ::check() should check JS_IsExceptionPending
afterwards (this doesn't catch OOM, but we can just continue along until the
next OOM-triggering operation and throw there).

Aside from exceptional cases, callers should call Policy::deny if they want to
report the failure. Policy::deny returns success value that should be returned
to the wrapper's consumer.
2012-11-02 21:47:49 -03:00
Bobby Holley
6c9faad2ad Bug 805807 - Make Components wrapper throw on denial. r=mrbkap
There's really no reason to use the wishy-washy static COW Deny() here.

Also, note that the xpcshell-test wasn't testing what it thought it
was - interfaces is accessible from content code.
2012-11-02 21:47:49 -03:00
Ed Morley
982b0d39e4 Backout 23c9f61a243b & 6ca11f4b470c (bug 805807) for mochitest-1 orange in test_contextmenu.html 2012-11-02 14:12:51 +00:00
Bobby Holley
6559feed97 Bug 805807 - Rearchitect filtering policies so that check() doesn't throw on denial. r=mrbkap
This is another one of those annoying situaitons in XPConnect right now where we
can't ask a question without potentially throwing if the answer is no. There's
also a bunch of unused cruft in here (like the Perm*Access stuff), so this stuff
was ripe for a spring cleaning. Unfortunately, I wasn't able to divide this patch
up nicely. Sorry for the big diff. :-(

In a nutshell, this patch changes things so that Policy::check() just becomes
a predicate that says whether the access is allowed or not. There's the remote
possibility that one of the underlying JSAPI calls in a ::check() implementation
might throw, so callers to ::check() should check JS_IsExceptionPending
afterwards (this doesn't catch OOM, but we can just continue along until the
next OOM-triggering operation and throw there).

Aside from exceptional cases, callers should call Policy::deny if they want to
report the failure. Policy::deny returns success value that should be returned
to the wrapper's consumer.
2012-11-02 13:27:59 +01:00
Bobby Holley
f485a6c791 Bug 805807 - Make Components wrapper throw on denial. r=mrbkap
There's really no reason to use the wishy-washy static COW Deny() here.

Also, note that the xpcshell-test wasn't testing what it thought it
was - interfaces is accessible from content code.
2012-11-02 13:27:59 +01:00
Peter Van der Beken
669602b5e0 Fix for bug 778152 (Content window does not have an XMLHttpRequest property when accessed via an Xray wrapper in a subscript). r=bz.
Switch from using the interface objects from the Xrays compartment to wrapping
interface objects and interface prototype objects in Xrays. Make dom binding
Xrays deal with both instance objects and interface and interface prototype
objects.
2012-10-09 20:50:27 +02:00
Bobby Holley
5dafb39b7f Bug 803068 - Merge DirectWrapper and Wrapper. r=ejpbruel
--HG--
extra : rebase_source : a2b98a9585c6f7761747cfaf55684e6eeed91344
2012-10-29 16:52:53 +01:00
Bobby Holley
b871af67e5 Bug 803068 - Manually grab the BaseProxyHandler derived traps in SandboxProxyHandler. r=ejpbruel
Let's just bite the bullet and do this here. It will let us get rid of
IndirectProxyHandler, which has really overcomplicated our proxy hierarchy.

--HG--
extra : rebase_source : 7e81529936bc256d672e40537eb6abca6374e52c
2012-10-29 16:52:53 +01:00
Bobby Holley
2afd934910 Bug 797821 - Address Ms2ger's review comments. r=me 2012-10-25 17:01:09 +02:00
Bobby Holley
e5281ffe10 Bug 797821 - Hoist XPConnect-y stuff out of the compartment private and into the XPCWrappedNativeScope. r=mrbkap
This change means we no longer have to keep around a set of XPConnect compartments.
We keep the compartment private around for non-xpconnecty stuff like about:memory
instrumentation that needs to happen on non-xpconnect compartments.
2012-10-25 17:01:09 +02:00
Bobby Holley
f2880fe1d1 Bug 801576 - Forbid cross-origin access to the History object. r=mrbkap 2012-10-24 12:04:18 +02:00
Peter Van der Beken
9af14c557f Fix for bug 801083 (Remove old proxy-based list bindings). r=bz. 2012-10-13 14:50:24 +02:00
Bobby Holley
2b400bf0e8 Bug 793969 - Define an identity transformation at the Xray layer. r=mrbkap 2012-10-19 21:00:48 +02:00
Isaac Aggrey
f3cb73b9c7 Bug 794510: Part 1 - Build with NO_NSPR_10_SUPPORT by default; r=ehsan,glandium,wtc 2012-10-11 01:00:54 -05:00
Bobby Holley
2a4c1de7d5 Bug 797204 - Consolidate XBL filename hack logic into nsContentUtils. r=mrbkap
These two functions do the exact same thing, as far as I can tell.
2012-10-10 11:01:26 +02:00
Boris Zbarsky
1060975a5f Bug 798011. Deal with JS_ValueToString failing. r=gabor 2012-10-06 12:06:24 -04:00
Bobby Holley
3e2bc99f16 Bug 761695 - Put Proxy and DOM expandos on the expando object, rather than the holder. r=peterv 2012-10-05 18:59:24 +02:00
Bobby Holley
54f0bae85b Bug 761695 - Hoist expando-checking (but not expando-creating) operations into common code. r=peterv
We do this for delete_, enumerateNames, and resolveOwnProperty. This doesn't change
existing behavior, because for ProxyXrayTraits and DOMXrayTraits the expando object
will (currently) always be null.
2012-10-05 18:59:24 +02:00
Bobby Holley
da6cbf326f Bug 761695 - Create XrayTraits::resolveOwnProperty. r=peterv 2012-10-05 18:59:23 +02:00
Bobby Holley
c0125cfb00 Bug 761695 - Reorder checks for expandos and nodePrincipal. r=peterv
Peter and I decided this was ok. We can't hoist expando stuff otherwise.
2012-10-05 18:59:23 +02:00
Bobby Holley
3dee0ce8e2 Bug 761695 - Implement expando traps for ProxyXrayTraits DOMXrayTraits. r=peterv
For new DOM proxies, we could probably use the Xray expando machinery for the
regular expando object as well, and free up one of the reserved slots. That's
more than I want to bite off for the moment, though.

I also decided not to block on bug 760095 and just kick the problem of globals
with new binding down the road a little bit.
2012-10-05 18:59:23 +02:00
Bobby Holley
6894d29805 Bug 761695 - Move wrapper preservation stuff into a virtual trap. r=peterv
I'm not sure this stuff is correct for non-WN objects. Hopefully that will
come out in review.

Anyway, with this change, the expando infrastructure in XrayTraits is now
fully generic and non-WN-specific. To make things work for other objects,
we now need to implement the virtual traps and hoist the code that calls the
expando machinery out of XPCWrappedNativeXrayTraits.
2012-10-05 18:59:23 +02:00
Bobby Holley
e5b93a88c9 Bug 761695 - Make expando chain getting/setting a virtual trap. r=peterv 2012-10-05 18:59:23 +02:00
Bobby Holley
d9be4b7c75 Bug 761695 - Hoist expando infrastructure into XrayTraits. r=peterv
It's still WN-only, now we can move the WN-only bits into virtual traps.

Note that the new-binding reparenting code will need to have a call to
CloneExpandoChain.
2012-10-05 18:59:23 +02:00
Bobby Holley
9b34e0d88e Bug 761695 - Hoist Xray identification machinery into XrayWrapper, and use it for trait identification. r=peterv
We don't currently have a good way of selecting the traits used by a given Xray
wrapper. This lets us do that.

Note: We add a call to js::UnwrapObject to GetXrayType while hoisting it. When
it was used only in WrapperFactory, this was unnecessary, because |obj| was
always unwrapped. But for our new purposes, it might not be. Aside from that,
there are no changes to the function.
2012-10-05 18:59:23 +02:00
Bobby Holley
79702a4c27 Bug 761695 - Move Xray expando infrastructure further down in the file. r=peterv
Just cut/paste. No code changes.
2012-10-05 18:59:23 +02:00
Bobby Holley
1a9081b1ce Bug 761695 - Unify holder creation and access. r=peterv
With this patch, all holders are created lazily. There are two common accessors,
getHolder() and ensureHolder(). The former returns null if no holder exists, the
latter lazily creates the holder if it doesn't exist. It does this by calling into
a virtual trap on XrayTraits, which lets the appropriate Xray type do its thing.
2012-10-05 18:59:23 +02:00
Bobby Holley
05eeb2aa4e Bug 761695 - Get the WN directly from the wrapper. r=peterv
All this indirection was getting seriously mucky. This, incidentally, means that
the XPCWN holder no longer needs a reserved slot pointing to the WN.
2012-10-05 18:59:23 +02:00
Bobby Holley
3b46b5fe43 Bug 761695 - Hoist call and construct traps into Traits, since the current implementations are XPCWN-specific. r=peterv 2012-10-05 18:59:22 +02:00
Bobby Holley
655913416f Bug 761695 - Rename getInnerObject to getTargetObject. r=peterv
The current name potentially implies that the object returned is an inner
object in the JS sense, which isn't true. Really we just want the thing
we're Xraying to.
2012-10-05 18:59:22 +02:00
Bobby Holley
3ae8dedbf2 Bug 761695 - Hoist getInnerObject into XrayTraits. r=peterv
The only special handling here with wrapped natives is to make sure that we
bypass outer windows. But we can do this with js::UnwrapObject.
2012-10-05 18:59:22 +02:00
Bobby Holley
0aab228c02 Bug 761695 - Make Xray traits inherit from a common superclass and give them a singleton instance. r=peterv
There's some code that can be shared between different Xray traits, but can't
(yet) be hoisted into XrayWrapper, because it needs to be callable from outside
XrayWrapper where we don't have the appropriate template parameters. Moreover,
this code benefits from virtual function specialization. The use case here is
illuminated in the next patch.

For the moment, we skip converting the bulk of the traits calls to virtual
methods, because they're working just fine.
2012-10-05 18:59:22 +02:00
Bobby Holley
5173bb4550 Bug 761695 - Stop stashing a raw WN pointer in XPCWN Xray holders. r=peterv
We might as well do this dynamically, which simplifies the code. Note that we
could avoid the reserved slot by parenting the holder to the wrapper. But the
JS parent API is deprecated, and we need to move away from it to reserved slots
anyhow. We might as well start here, with the added advantage that parenting
to the global makes us consistent with the other Xray types.
2012-10-05 18:59:22 +02:00
Bobby Holley
66236ce627 Bug 761695 - Simplify XPCWN Xray holder creation. r=peterv
The major semantic change here is that we parent holders directly to their
global. This should be fine.
2012-10-05 18:59:22 +02:00
Bobby Holley
54bd828407 Bug 761695 - Fix inaccurate commenting. r=peterv
The .wrappedJSObject property only exists when the Xray wrapper subsumes the wrappee.
2012-10-05 18:59:22 +02:00
Bobby Holley
9b319107a7 Bug 795275 - Introduce an explicit mechanism for determining if a script is from XBL. r=mrbkap
We want this right now so that we can avoid the scary warning when content Components
access happens in XBL (which we're allowing going forward). This patch would be overkill
just for that, but I also have plans to introduce a SOW-like protection of the Components
wrapper filtering policy. I can't just do the filename hack for that though, because real-
world XBL filenames might be all over the place. So let's just be safe here.
2012-10-03 11:44:18 +02:00
Bobby Holley
c216a1e8e8 Bug 795275 - Clean up isSystemOnlyAccessPermitted. r=mrbkap
A lot of this stuff can be simplified now, and we can stop using the deprecated APIs.
2012-10-03 11:44:18 +02:00
Bobby Holley
10b97e0d43 Bug 794912 - Remove dynamic privilege check in isCrossOriginAccessPermitted. r=mrbkap 2012-10-01 23:13:49 +02:00
Bill McCloskey
d23b971c32 Bug 787856 - Use lazy protos for cross-compartment wrappers (r=bholley) 2012-09-03 16:42:22 -07:00
Bill McCloskey
c53e57f4b2 Bug 787856 - Convert JS_GetPrototype to support lazy protos (r=bhackett) 2012-09-03 16:42:17 -07:00
Bill McCloskey
1f195f679b Bug 787856 - Convert js::GetObjectProto to support lazy protos (r=bhackett) 2012-09-03 16:42:10 -07:00
Ms2ger
b69b160c41 Bug 792474 - Don't JS_ASSERT in xpconnect; rs=bholley 2012-09-20 09:55:37 +02:00
Gabor Krizsanits
f7c3bb7006 Bug 791845 - mozMatchesSelectorStub should return false on error. r=bholley 2012-09-19 10:53:42 +02:00
Bobby Holley
10a2abc98b Bug 789713 - Ignore domain when computing whether to share non-PreCreate WNs cross-compartment. r=mrbkap 2012-09-11 10:23:20 -07:00