Open
Bug 1338313
Opened 8 years ago
Updated 2 years ago
Sort out how content-principal sandboxes should behave when script is disabled
Categories
(Core :: XPConnect, defect, P3)
Core
XPConnect
Tracking
()
REOPENED
| Tracking | Status | |
|---|---|---|
| firefox54 | --- | affected |
People
(Reporter: bzbarsky, Unassigned)
Details
If I set the "javascript.enabled" pref to false, and then create a content-principal sandbox, I can evaluate script in it just fine and defined functions whose global is the sandbox global. But xpc::Scriptability::Get(sandboxFunction).Allowed() returns false. That's because Scriptability::Scriptability only cares about the principal and our principal is some random content principal.
This doesn't block evaluation of script in the sandbox, because xpc::EvalInSandbox uses JS::Evaluate directly, not via something like nsJSUtils that would check xpc::Scriptability::Get().Allowed(). But if that script tries to call APIs that take web idl callbacks, and passes functions from inside the sandbox, those functions will not run.
This seems pretty dubious to me. We should probably be consistent here, right? Not sure in which direction.
Flags: needinfo?(bobbyholley)
|
||
Comment 1•8 years ago
|
||
Yeah, seems like xpc::EvalInSandbox should check scriptability just like everything else.
Flags: needinfo?(bobbyholley)
What about WebExtensions? We already have bug 1329731.
|
|
||
Comment 3•8 years ago
|
||
(In reply to Tom Schuster [:evilpie] from comment #2)
> What about WebExtensions? We already have bug 1329731.
Web extensions run with nsExpandedPrincipal, right? Aren't those exempt from the script disabling machinery?
|
Reporter | |
Comment 4•8 years ago
|
||
I think web extension content scripts run with an nsExpandedPrincipal.
But the actual web extension code apparently does not...
|
|
||
Comment 5•8 years ago
|
||
(In reply to Boris Zbarsky [:bz] (still a bit busy) from comment #4)
> I think web extension content scripts run with an nsExpandedPrincipal.
>
> But the actual web extension code apparently does not...
What does it run with - a null principal? We should just add a SandboxOption or something if we don't already have a similar opt-out mechanism.
|
|
Reporter | |
Comment 6•8 years ago
|
||
> What does it run with - a null principal?
Based on the patches in bug 1329731, I'd guess a moz-extension: codebase principal. But I'm not sure.
|
|
Reporter | |
Comment 7•8 years ago
|
||
> Yeah, seems like xpc::EvalInSandbox should check scriptability just like everything else.
So my worry about that is that it's backwards-incompatible and might break various extensions...
But yes, I guess we could add opt-in sandbox behavior here. The worry is that no one will test in the "JS disabled" configuration and hence never set this flag.
|
|
||
Comment 8•8 years ago
|
||
(In reply to Boris Zbarsky [:bz] (still a bit busy) from comment #7)
> > Yeah, seems like xpc::EvalInSandbox should check scriptability just like everything else.
>
> So my worry about that is that it's backwards-incompatible and might break
> various extensions...
We could also just wait 6 months for that problem to go away.
|
||
Comment 9•8 years ago
|
||
Given comment 8 I'm saying P3 (aka "backlog") but please lmk if this should be higher priority.
Priority: -- → P3
|
||
Comment 10•7 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
|
||
Updated•7 years ago
|
Status: RESOLVED → REOPENED
Resolution: INACTIVE → ---
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•