Closed Bug 1465602 Opened 2 years ago Closed 2 years ago

Exposure checks in toJSON implementations aren't quite right

Categories

(Core :: DOM: Bindings (WebIDL), enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla62
Tracking Status
firefox62 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

Attachments

(2 files, 1 obsolete file)

They pass the "this" value of the toJSON call to Prefable::isEnabled.  That's wrong when that value is a cross-compartment wrapper, especially an Xray.  We should be passing the unwrapped version instead.
Assignee: nobody → bzbarsky
Flags: needinfo?(bzbarsky)
I will write a patch for this in a bit.  I need to write a bunch of tests first.
The spec says:

  The return type of the default toJSON operation must be object.
Attachment #8982116 - Flags: review?(kyle)
Flags: needinfo?(bzbarsky)
Blocks: 1464772
Attachment #8982117 - Attachment is obsolete: true
Attachment #8982117 - Flags: review?(kyle)
Attachment #8982116 - Flags: review?(kyle) → review+
Attachment #8982214 - Flags: review?(kyle) → review+
Component: DOM → DOM: Bindings (WebIDL)
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/916e5914d84a
part 1.  Enforce that the default toJSON can only return 'object'.  r=qdot
https://hg.mozilla.org/integration/mozilla-inbound/rev/7c76daa75842
part 2.  Fix the interaction of default toJSON with Func-controlled exposure that examines the object's global.  r=qdot
https://hg.mozilla.org/mozilla-central/rev/916e5914d84a
https://hg.mozilla.org/mozilla-central/rev/7c76daa75842
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
You need to log in before you can comment on or make changes to this bug.