1179334 - various nsDOMWindowUtils methods are missing IsCallerChrome() checks

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect)

Description

[Nathan Froyd [:froydnj]]

Just looks like we've forgotten checks on some more-or-less recently added methods.  Since bug 775868 for initially adding these checks was a sec bug, filing this one as such as well, even if our wrapper safety has improved since then.

Comment 1

[Nathan Froyd [:froydnj]]

Attachment: check for chrome callers in nsDOMWindowUtils interface methods

Attached them to everything that was NS_IMETHODIMP.  We should just have a
little static analysis for this sort of thing...

Comment 2

[Andrew McCreight [:mccr8]]

Comment on attachment 8629041 [details] [diff] [review]
check for chrome callers in nsDOMWindowUtils interface methods

Review of attachment 8629041 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks!

::: dom/base/nsDOMWindowUtils.cpp
@@ +3656,5 @@
>  
>  NS_IMETHODIMP
>  HandlingUserInputHelper::Destruct()
>  {
> +  MOZ_RELEASE_ASSERT(nsContentUtils::IsCallerChrome());

This isn't a method on nsDOMWindowUtils. Does it really need the check?

Comment 3

[Andrew McCreight [:mccr8]]

Bobby, are these checks still important? Should this just be sec-moderate or unhidden or something?

Comment 4

[Bobby Holley (:bholley)]

I don't think we need them anymore after bug 1017820. Ehsan added the release-mode asserts in bug 1018482. Could be useful defense-in-depth to have those assertions, but this isn't security-sensitive AFAICT.

Comment 5

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/1eae35e63366

Comment 6

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/1eae35e63366