Closed Bug 1243696 Opened 4 years ago Closed 4 years ago

Fix unsafe CPOW usage for TabBar.get_handle_for_tab(): "win.QueryInterface(Components.interfaces.nsIInterfaceRequestor)"

Categories

(Testing :: Firefox UI Tests, defect)

47 Branch
defect
Not set

Tracking

(firefox47 fixed)

RESOLVED FIXED
mozilla47
Tracking Status
firefox47 --- fixed

People

(Reporter: whimboo, Assigned: whimboo)

References

Details

Attachments

(2 files)

With bug 1233497 a preference turned on to report unsafe CPOW usage. As I have seen with our latest Travis run for mozilla-central we mainly fail for the following case:

https://travis-ci.org/mozilla/firefox-ui-tests/jobs/105258229

	execute_script @tabbar.py, line 203

	inline javascript, line 5

	src: "          return win.QueryInterface(Components.interfaces.nsIInterfaceRequestor)"

	Stack:

	func@tabbar.py:5:11

	@tabbar.py:8:13

	GeckoDriver.prototype.executeScriptInSandbox@chrome://marionette/content/driver.js:852:13

	GeckoDriver.prototype.execute@chrome://marionette/content/driver.js:954:5

	TaskImpl_run@resource://gre/modules/Task.jsm:335:41

	TaskImpl@resource://gre/modules/Task.jsm:280:3

	createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:254:14

	Task_spawn@resource://gre/modules/Task.jsm:168:12

	TaskImpl_handleResultValue@resource://gre/modules/Task.jsm:388:16

	TaskImpl_run@resource://gre/modules/Task.jsm:327:13

	TaskImpl@resource://gre/modules/Task.jsm:280:3

	createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:254:14

	Task_spawn@resource://gre/modules/Task.jsm:168:12

	Dispatcher.prototype.execute@chrome://marionette/content/dispatcher.js:120:13

	Dispatcher.prototype.onPacket@chrome://marionette/content/dispatcher.js:91:5

	DebuggerTransport.prototype._onJSONObjectReady/<@chrome://marionette/content/server.js -> resource://devtools/shared/transport/transport.js:479:9

	exports.makeInfallible/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/ThreadSafeDevToolsUtils.js:101:14

	exports.makeInfallible/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/ThreadSafeDevToolsUtils.js:101:14


Appropriate source code:

https://dxr.mozilla.org/mozilla-central/source/testing/puppeteer/firefox/firefox_puppeteer/ui/browser/tabbar.py?from=tabbar.py#182

So the reason is the usage of `contentWindowAsCPOW`. Mike, do you have an advice for us? Not sure if we could call permitCPOWsInScope(this) in that case.
Flags: needinfo?(mconley)
If you just want to get up and running again, you could set:

dom.ipc.cpows.forbid-unsafe-from-browser

to false in your testing profile. That's probably the fastest way to get up and running again.

For the code you linked to, it looks like you're using the CPOW to get at the outer window ID. You're lucky! We've added that as a property to <xul:browser> (both remote and non-remote), so I think you can access it without CPOW'ing via:

```JavaScript
let browser = arguments[0].linkedBrowser;

if (!browser) {
  return null;
}

return browser.outerWindowID.toString();

```
Flags: needinfo?(mconley)
So we don't need bug 1244715 here. The proposal from Mike works perfectly. Thanks a lot! PR is upcoming.
Assignee: nobody → hskupin
Status: NEW → ASSIGNED
Attached file Github PR
Attachment #8714351 - Flags: review?(mjzffr)
Attachment #8714351 - Flags: review?(mjzffr) → review+
PR got merged to github/mozilla-central:
https://github.com/mozilla/firefox-ui-tests/commit/ee02cdd616eba4901bdb4911378827761c14a717

The hg.mo patch with updated paths will be uploaded later today or early tomorrow.
Attached patch Patch for hg.moSplinter Review
Updated patch for landing on hg.mo without any code changes. Taking over r+.
Attachment #8714740 - Flags: review+
Version: 45 Branch → 47 Branch
https://hg.mozilla.org/mozilla-central/rev/032d3c488c68
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in before you can comment on or make changes to this bug.