Closed
Bug 1448735
Opened 6 years ago
Closed 6 years ago
Stop allowing Components in non-system-principal sandboxes
Categories
(Core :: XPConnect, enhancement)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
mozilla61
Tracking | Status | |
---|---|---|
firefox61 | --- | fixed |
People
(Reporter: bzbarsky, Assigned: bzbarsky)
References
Details
Attachments
(1 file)
3.06 KB,
patch
|
kmag
:
review+
|
Details | Diff | Splinter Review |
Right now we put a Components into expanded-principal sandboxes unless they explicitly opt out. We should stop doing this, as part of making Components system-only.
Assignee | ||
Comment 1•6 years ago
|
||
I don't see an obvious way to keep the test coverage for same-compartment security wrappers there...
Attachment #8962229 -
Flags: review?(kmaglione+bmo)
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED
Comment 2•6 years ago
|
||
Comment on attachment 8962229 [details] [diff] [review] Stop exposing Components in expanded principal sandboxes Review of attachment 8962229 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/tests/unit/test_bug872772.js @@ -37,5 @@ > - var waivedC = unwaivedC.wrappedJSObject; > - Assert.ok(waivedC && unwaivedC && (waivedC != unwaivedC)); > - xhr.waivedC = waivedC; > - Assert.ok(xhr.waivedC === waivedC); > - Assert.ok(Cu.unwaiveXrays(xhr.waivedC) === unwaivedC); I guess at this point it doesn't really matter. Once the DOM_OBJECT flag is gone, there shouldn't be any way to get a same-compartment security wrapper from a content scope anymore.
Attachment #8962229 -
Flags: review?(kmaglione+bmo) → review+
Pushed by bzbarsky@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/0aa804586253 Stop exposing Components in expanded principal sandboxes. r=kmag
Comment 4•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/0aa804586253
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox61:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in
before you can comment on or make changes to this bug.
Description
•