gecko-dev/js
Boris Zbarsky 6e6a41683e Bug 1471496 part 2. Change the way we do cross-compartment wrappers for Window and Location so they don't ever need to be recomputed. r=bholley
The end result we want is that on the web cross-compartment wrappers for
WindowProxy and Location are always CrossOriginObjectWrapper.  That needs to be true
for both cases that are different-origin (as now) and cases that are
same-origin, since they might become different-origin due to document.domain
changes but we don't want that to affect the wrappers involved.

On the web, all security checks are symmetric, so in WrapperFactory::Rewrap we
would have originSubsumesTarget == targetSubsumesOrigin in all web cases.

I claim that

  originSubsumesTarget == targetSubsumesOrigin &&
  (!targetSubsumesOrigin ||
   (!originCompartmentPrivate->wantXrays &&
    !targetCompartmentPrivate->wantXrays)) &&
  "object is a WindowProxy or Location"

is a necessary and sufficient condition for using CrossOriginObjectWrapper.

Comparing to our current code, if originSubsumesTarget and targetSubsumesOrigin
are both false, then for the WindowProxy and Location cases we currently end up
with the following arguments to SelectWrapper:

  securityWrapper: true
  xrayType: XrayForDOMObject
  waiveXrays: false

So SelectWrapper ends up returning CrossOriginObjectWrapper, which the new
condition keeps doing.

If originSubsumesTarget and targetSubsumesOrigin are both true, then there are
two cases.  If both compartments have wantXrays false (which is always the case
on the web), then we end up with the following arguments to SelectWrapper:

  securityWrapper: false
  xrayType: NotXray
  waiveXrays: false

and SelectWrapper returns CrossCompartmentWrapper.  We want to do
CrossOriginObjectWrapper instead, as explained above.

Finally, if originSubsumesTarget and targetSubsumesOrigin are both true but one
of the compartments has wantXrays set, then we get:

  securityWrapper: false
  xrayType: XrayForDOMObject
  waiveXrays: might be true or false

and then SelectWrapper might return a WaiveXrayWrapper or a PermissiveXrayDOM.
In this case we do _not_ want to start returning CrossOriginObjectWrapper, and
this is a non-web case anyway, since web compartments can't set wantXrays.

Differential Revision: https://phabricator.services.mozilla.com/D18030

--HG--
extra : moz-landing-system : lando
2019-02-05 18:06:18 +00:00
..
ductwork/debugger Bug 1514594: Part 3 - Change ChromeUtils.import API. 2019-01-17 10:18:31 -08:00
examples No bug. Make jorendb give a REPL even if the script throws an exception. r=NPOAEW 2019-01-08 14:21:25 -08:00
ipc Bug 1521907 part 5. Start using CheckedUnwrapStatic/Dynamic in XPConnect. r=peterv 2019-02-02 03:24:45 +00:00
public Bug 1519636 - Reformat recent changes to the Google coding style r=Ehsan 2019-02-04 19:10:18 +00:00
rust Bug 1156077 - Remove the non-standard Proxy getPropertyDescriptor trap. r=bzbarsky,jorendorff 2019-01-25 16:41:34 +00:00
src Backed out changeset dfefd2d4d63f (bug 1525346) for failures in test_bug862380.html CLOSED TREE 2019-02-06 00:10:11 +02:00
xpconnect Bug 1471496 part 2. Change the way we do cross-compartment wrappers for Window and Location so they don't ever need to be recomputed. r=bholley 2019-02-05 18:06:18 +00:00
app.mozbuild
ffi.configure Bug 1519040 - Remove some unused old-configure assignments. r=mshal 2019-01-10 22:02:04 +00:00
moz.build
moz.configure Bug 1519319 - Move bindgen.configure include to js/moz.configure. r=froydnj 2019-01-11 22:17:54 +00:00
sub.configure Bug 1520394 - Don't invoke js subconfigure as a separate process. r=nalexander 2019-01-16 23:42:12 +00:00