mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-27 23:02:20 +00:00
6e6a41683e
The end result we want is that on the web cross-compartment wrappers for WindowProxy and Location are always CrossOriginObjectWrapper. That needs to be true for both cases that are different-origin (as now) and cases that are same-origin, since they might become different-origin due to document.domain changes but we don't want that to affect the wrappers involved. On the web, all security checks are symmetric, so in WrapperFactory::Rewrap we would have originSubsumesTarget == targetSubsumesOrigin in all web cases. I claim that originSubsumesTarget == targetSubsumesOrigin && (!targetSubsumesOrigin || (!originCompartmentPrivate->wantXrays && !targetCompartmentPrivate->wantXrays)) && "object is a WindowProxy or Location" is a necessary and sufficient condition for using CrossOriginObjectWrapper. Comparing to our current code, if originSubsumesTarget and targetSubsumesOrigin are both false, then for the WindowProxy and Location cases we currently end up with the following arguments to SelectWrapper: securityWrapper: true xrayType: XrayForDOMObject waiveXrays: false So SelectWrapper ends up returning CrossOriginObjectWrapper, which the new condition keeps doing. If originSubsumesTarget and targetSubsumesOrigin are both true, then there are two cases. If both compartments have wantXrays false (which is always the case on the web), then we end up with the following arguments to SelectWrapper: securityWrapper: false xrayType: NotXray waiveXrays: false and SelectWrapper returns CrossCompartmentWrapper. We want to do CrossOriginObjectWrapper instead, as explained above. Finally, if originSubsumesTarget and targetSubsumesOrigin are both true but one of the compartments has wantXrays set, then we get: securityWrapper: false xrayType: XrayForDOMObject waiveXrays: might be true or false and then SelectWrapper might return a WaiveXrayWrapper or a PermissiveXrayDOM. In this case we do _not_ want to start returning CrossOriginObjectWrapper, and this is a non-web case anyway, since web compartments can't set wantXrays. Differential Revision: https://phabricator.services.mozilla.com/D18030 --HG-- extra : moz-landing-system : lando |
||
---|---|---|
.. | ||
ductwork/debugger | ||
examples | ||
ipc | ||
public | ||
rust | ||
src | ||
xpconnect | ||
app.mozbuild | ||
ffi.configure | ||
moz.build | ||
moz.configure | ||
sub.configure |