Open Bug 1207321 Opened 4 years ago Updated 2 years ago

Stop exposing XPCWrappedNative (XPCWN) to the web

Categories

(Core :: XPConnect, defect)

defect
Not set

Tracking

()

Tracking Status
firefox44 --- affected

People

(Reporter: bzbarsky, Unassigned)

References

(Blocks 3 open bugs)

Details

Obviously this depends on the various bugs that track things we still expose via XPCWN.  Added some of those, but some stuff listed in https://etherpad.mozilla.org/classinfo doesn't seem to have associated bugs yet.
Blocks: 1053271
Blocks: 1208164
Depends on: 1245140
Blocks: 1265271
Depends on: 1252211
Depends on: 1389585
Depends on: 1449211
Has the day finally come? :-)
Flags: needinfo?(bzbarsky)
It depends on your definitions of "web", "expose", and "is".  ;)

The current state of things is that nsScriptSecurityManager::CanCreateWrapper allows creation in the following three cases:

1) This is a remote-XUL domain.  Hence my thread about removing remote XUL on .platform.
2) This is a global that did enablePrivilege.
3) This is a global that has the system principal.

What that means in terms of resolving this bug, I'm not sure.  I'm not even sure what it means in terms of resolving the bugs it blocks (e.g. can we get rid of XPCWN xrays given the above?  Replace them with opaque wrappers, presumably?).
Flags: needinfo?(bzbarsky)
Per vidyo discussion, I think we should:
* Remove the permission stuff around remote XUL, replace it with: IsFileURIWithPrefSet || IsInAutomation
* Move all web-related stuff to a separate object, only instantiate XPCWNScope for the cases where it's allowed, and kill the CanCreateWrapper stuff.
* Try to get somebody to do the work to remove enablePrivilege (see bug 1435113)
You need to log in before you can comment on or make changes to this bug.