Closed Bug 1472228 Opened 4 years ago Closed 4 years ago

Allow user content to access HybridContentTelemetry event data


(Toolkit :: Telemetry, enhancement, P1)




Tracking Status
firefox63 --- fixed


(Reporter: janerik, Assigned: janerik)


(Blocks 1 open bug)



(1 file)

After testing with a local https server (and a permanent exception for the self-signed certificate) as well as tests with a server with a valid certificate revealed this error in the console:

    Security wrapper denied access to property "toJSON" on privileged Javascript object. Support for exposing privileged objects to untrusted content via __exposedProps__ has been removed - use WebIDL bindings or Components.utils.cloneInto instead. Note that only the first denied property access from a given global object will be reported.

This is also reported in bug 1467871.
Following the advice we need to copy the event data into a new object, accessible by the content page.
Blocks: 1416718, 1467871
Assignee: nobody → jrediger
Priority: -- → P1
Previously accessing the "canUpload" attribute in user code was not
possible, as it was blocked due to security constraints.
By explicitely copying it, the object is accessible in user code and
HybridContentTelemetry correctly reads the attribute.

Unfortunately the tests in
tests/browser/browser_HybridContentTelemetry.js don't have this issue,
as apparently their content process runs with higher privileges.

This change was tested locally to work as expected.

MozReview-Commit-ID: HbNH4wEyOA
Comment on attachment 8988762 [details]
Bug 1472228 - Copy event data to be accessible by user content.

Alessio Placitelli [:Dexter] has approved the revision.
Attachment #8988762 - Flags: review+
Pushed by
Copy event data to be accessible by user content. r=Dexter
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.