XBL scope creation can fail if the associated window navigates at the wrong time

RESOLVED FIXED in Firefox 42

Status

()

Core
XPConnect
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: bholley, Assigned: bholley)

Tracking

unspecified
mozilla42
Points:
---

Firefox Tracking Flags

(firefox42 fixed)

Details

Attachments

(1 attachment)

(Assignee)

Description

3 years ago
This is what's biting us in bug 1180798. The basic problem is that the XBL scope is a sandbox that's supposed to be tightly associated with a given inner window. But because it all happens in JS-land, the reference ends up being an outer, and navigation can cause the XBL scope to end up with a sandboxPrototype it can't subsumes.

I'll attach a patch that manually handles the immediate problem. It'd sure be nice to have some sort of direct inner window reference in JS though.
(Assignee)

Comment 1

3 years ago
Created attachment 8634463 [details] [diff] [review]
Handle a sandboxPrototype we don't subsume. v1
Attachment #8634463 - Flags: review?(gkrizsanits)
> It'd sure be nice to have some sort of direct inner window reference in JS though.

Yes, yes, it would.  There are lots of cases where having some proxy that directly forwards stuff to an inner would be quite helpful.  JS-implemented WebIDL components, for example...

I wonder whether we could just build a C++ proxy that does the right thing here.
Comment on attachment 8634463 [details] [diff] [review]
Handle a sandboxPrototype we don't subsume. v1

Review of attachment 8634463 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for looking into this.
Attachment #8634463 - Flags: review?(gkrizsanits) → review+
https://hg.mozilla.org/mozilla-central/rev/eb26fd0f023c
Status: NEW → RESOLVED
Last Resolved: 3 years ago
status-firefox42: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
You need to log in before you can comment on or make changes to this bug.