Closed Bug 1083060 Opened 5 years ago Closed 5 years ago

Stop using XOW handlers for everything but Window and Location

Categories

(Core :: XPConnect, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla36

People

(Reporter: bholley, Assigned: bholley)

Details

Attachments

(2 files, 1 obsolete file)

An old quirk of XPConnect is that we we actually use the XOW handler for a wide variety of cases, and just rely on the filtering policy to make most things opaque. This works, but is kind of confusing, and we can do better from a defense-in-depth perspective.

This was confusing bz yesterday, which is reason enough to fix it now. Patches coming up.
Comment on attachment 8505311 [details] [diff] [review]
Part 1 - Refactor the XOW access control code to use an enum rather than a char*. v1

Review of attachment 8505311 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/xpconnect/wrappers/AccessCheck.h
@@ +31,5 @@
> +    CrossOriginWindow,
> +    CrossOriginLocation,
> +    CrossOriginOpaque
> +};
> +CrossOriginObjectType TypeForCrossOriginObject(JSObject *obj);

Looks like you changed this to IdentifyCrossOriginObject in the deinition.
(In reply to Bob Owen (:bobowen) from comment #4)
> Looks like you changed this to IdentifyCrossOriginObject in the deinition.

Doh. Unified fail.
Attachment #8505311 - Attachment is obsolete: true
Attachment #8505311 - Flags: review?(bzbarsky)
Attachment #8505341 - Flags: review?(bzbarsky)
Comment on attachment 8505312 [details] [diff] [review]
Part 2 - Only use the XOW policy for Window and Location. v1

What is IdentifyCrossOriginObject?  I don't see it anywhere in the tree.

Do we really want to allow the OpaqueWithCall case when XrayForDOMObject?  I would think not.
Flags: needinfo?(bobbyholley)
Comment on attachment 8505312 [details] [diff] [review]
Part 2 - Only use the XOW policy for Window and Location. v1

> What is IdentifyCrossOriginObject?

Oh, its in the "later" part 1.  OK.

r=me modulo the WithCall bit.
Attachment #8505312 - Flags: review?(bzbarsky) → review+
Comment on attachment 8505341 [details] [diff] [review]
Part 1 - Refactor the XOW access control code to use an enum rather than a char*. v2

r=me
Attachment #8505341 - Flags: review?(bzbarsky) → review+
Flags: needinfo?(bobbyholley)
https://hg.mozilla.org/mozilla-central/rev/78f725c6441d
https://hg.mozilla.org/mozilla-central/rev/ba0373a2af17
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in before you can comment on or make changes to this bug.