Closed Bug 1465602 Opened 6 years ago Closed 6 years ago

Exposure checks in toJSON implementations aren't quite right

Categories

(Core :: DOM: Bindings (WebIDL), enhancement)

Product:
Core
Component:
DOM: Bindings (WebIDL)
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla62
Tracking Flags:
Tracking Status
firefox62 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

Attachments

(2 files, 1 obsolete file)

part 1. Enforce that the default toJSON can only return 'object'
3.33 KB, patch
qdot
: review+
Details | Diff | Splinter Review
part 2. Fix the interaction of default toJSON with Func-controlled exposure that examines the object's global
11.88 KB, patch
qdot
: review+
Details | Diff | Splinter Review
They pass the "this" value of the toJSON call to Prefable::isEnabled. That's wrong when that value is a cross-compartment wrapper, especially an Xray. We should be passing the unwrapped version instead.
Assignee: nobody → bzbarsky
Flags: needinfo?(bzbarsky)
I will write a patch for this in a bit. I need to write a bunch of tests first.
The spec says: The return type of the default toJSON operation must be object.
Attachment #8982116 - Flags: review?(kyle)
Flags: needinfo?(bzbarsky)
Blocks: 1464772
Attachment #8982117 - Attachment is obsolete: true
Attachment #8982117 - Flags: review?(kyle)
Attachment #8982116 - Flags: review?(kyle) → review+
Attachment #8982214 - Flags: review?(kyle) → review+
Component: DOM → DOM: Bindings (WebIDL)
Pushed by bzbarsky@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/916e5914d84a part 1. Enforce that the default toJSON can only return 'object'. r=qdot https://hg.mozilla.org/integration/mozilla-inbound/rev/7c76daa75842 part 2. Fix the interaction of default toJSON with Func-controlled exposure that examines the object's global. r=qdot
https://hg.mozilla.org/mozilla-central/rev/916e5914d84a https://hg.mozilla.org/mozilla-central/rev/7c76daa75842
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox62: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: