Closed Bug 1083060 Opened 11 years ago Closed 11 years ago

Stop using XOW handlers for everything but Window and Location

Categories

(Core :: XPConnect, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla36

People

(Reporter: bholley, Assigned: bholley)

Details

Attachments

(2 files, 1 obsolete file)

An old quirk of XPConnect is that we we actually use the XOW handler for a wide variety of cases, and just rely on the filtering policy to make most things opaque. This works, but is kind of confusing, and we can do better from a defense-in-depth perspective. This was confusing bz yesterday, which is reason enough to fix it now. Patches coming up.
Comment on attachment 8505311 [details] [diff] [review] Part 1 - Refactor the XOW access control code to use an enum rather than a char*. v1 Review of attachment 8505311 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/wrappers/AccessCheck.h @@ +31,5 @@ > + CrossOriginWindow, > + CrossOriginLocation, > + CrossOriginOpaque > +}; > +CrossOriginObjectType TypeForCrossOriginObject(JSObject *obj); Looks like you changed this to IdentifyCrossOriginObject in the deinition.
(In reply to Bob Owen (:bobowen) from comment #4) > Looks like you changed this to IdentifyCrossOriginObject in the deinition. Doh. Unified fail.
Attachment #8505311 - Attachment is obsolete: true
Attachment #8505311 - Flags: review?(bzbarsky)
Attachment #8505341 - Flags: review?(bzbarsky)
Comment on attachment 8505312 [details] [diff] [review] Part 2 - Only use the XOW policy for Window and Location. v1 What is IdentifyCrossOriginObject? I don't see it anywhere in the tree. Do we really want to allow the OpaqueWithCall case when XrayForDOMObject? I would think not.
Flags: needinfo?(bobbyholley)
Comment on attachment 8505312 [details] [diff] [review] Part 2 - Only use the XOW policy for Window and Location. v1 > What is IdentifyCrossOriginObject? Oh, its in the "later" part 1. OK. r=me modulo the WithCall bit.
Attachment #8505312 - Flags: review?(bzbarsky) → review+
Comment on attachment 8505341 [details] [diff] [review] Part 1 - Refactor the XOW access control code to use an enum rather than a char*. v2 r=me
Attachment #8505341 - Flags: review?(bzbarsky) → review+
Flags: needinfo?(bobbyholley)
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: