Open Bug 1207321 Opened 9 years ago Updated 2 months ago

Stop exposing XPCWrappedNative (XPCWN) to the web


(Core :: XPConnect, defect)




Tracking Status
firefox44 --- affected


(Reporter: bzbarsky, Assigned: mccr8)


(Blocks 2 open bugs)


Obviously this depends on the various bugs that track things we still expose via XPCWN.  Added some of those, but some stuff listed in doesn't seem to have associated bugs yet.
Blocks: 1053271
Blocks: 1208164
Depends on: 1245140
Blocks: 1265271
Depends on: 1252211
Depends on: 1389585
Depends on: 1449211
Has the day finally come? :-)
Flags: needinfo?(bzbarsky)
It depends on your definitions of "web", "expose", and "is".  ;)

The current state of things is that nsScriptSecurityManager::CanCreateWrapper allows creation in the following three cases:

1) This is a remote-XUL domain.  Hence my thread about removing remote XUL on .platform.
2) This is a global that did enablePrivilege.
3) This is a global that has the system principal.

What that means in terms of resolving this bug, I'm not sure.  I'm not even sure what it means in terms of resolving the bugs it blocks (e.g. can we get rid of XPCWN xrays given the above?  Replace them with opaque wrappers, presumably?).
Flags: needinfo?(bzbarsky)
Per vidyo discussion, I think we should:
* Remove the permission stuff around remote XUL, replace it with: IsFileURIWithPrefSet || IsInAutomation
* Move all web-related stuff to a separate object, only instantiate XPCWNScope for the cases where it's allowed, and kill the CanCreateWrapper stuff.
* Try to get somebody to do the work to remove enablePrivilege (see bug 1435113)

OK, enablePrivilege is gone now. So the only weird case left here is the "remote XUL" bit.

Andrew, do you have the cycles to take this over? Seems like we can just drop the remaining remote XUL stuff and then make the data structures simpler and safer.

Flags: needinfo?(continuation)
Depends on: 1460732


Flags: needinfo?(continuation)
Assignee: nobody → continuation
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.