1472228 - Allow user content to access HybridContentTelemetry event data

Status: RESOLVED FIXED

(Toolkit :: Telemetry, enhancement, P1)

Description

[Jan-Erik Rediger [:janerik]]

After testing with a local https server (and a permanent exception for the self-signed certificate) as well as tests with a server with a valid certificate revealed this error in the console:

    Security wrapper denied access to property "toJSON" on privileged Javascript object. Support for exposing privileged objects to untrusted content via __exposedProps__ has been removed - use WebIDL bindings or Components.utils.cloneInto instead. Note that only the first denied property access from a given global object will be reported.

This is also reported in bug 1467871.
Following the advice we need to copy the event data into a new object, accessible by the content page.

Comment 1

[Jan-Erik Rediger [:janerik]]

Attachment: Bug 1472228 - Copy event data to be accessible by user content.

Previously accessing the "canUpload" attribute in user code was not
possible, as it was blocked due to security constraints.
By explicitely copying it, the object is accessible in user code and
HybridContentTelemetry correctly reads the attribute.

Unfortunately the tests in
tests/browser/browser_HybridContentTelemetry.js don't have this issue,
as apparently their content process runs with higher privileges.

This change was tested locally to work as expected.

MozReview-Commit-ID: HbNH4wEyOA

Comment 2

[Phabricator Automation]

Comment on attachment 8988762 [details]
Bug 1472228 - Copy event data to be accessible by user content.

Alessio Placitelli [:Dexter] has approved the revision.

https://phabricator.services.mozilla.com/D1879

Comment 3

[Pulsebot]

Pushed by jrediger@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d73fc7a2cf1d
Copy event data to be accessible by user content. r=Dexter

Comment 4

[Tiberius Oros[:tiberius_oros]]

https://hg.mozilla.org/mozilla-central/rev/d73fc7a2cf1d