Closed Bug 1481640 Opened 3 years ago Closed 1 year ago
Get rid of force
47 bytes, text/x-phabricator-request
|Details | Review|
Keeping this special case around in our wrapper management code is problematic enough on its own, but I also think it's a footgun, at this point. In bug 1481021, I stopped SpecialPowers from setting the flag on frame script globals for unrelated reasons, and found lots of code improperly relying on the fact that it allowed them to pass objects from frame script globals to unprivileged content. Most of that code seemed to be test-only, and therefore not a huge concern, but it's only a matter of time before some production code starts relying on it somewhere as well, and therefore working fine when run under a test harness, but failing in the real world. And, in fact, that very thing happened a few days ago: https://searchfox.org/mozilla-central/rev/f0c15db995198a1013e1c5f5b5bea54ef83f1049/browser/components/payments/content/paymentDialogFrameScript.js#92-104 If we want to expose any privileged objects to unprivileged scopes, at this point, we should explicitly clone or wrap all of them. SpecialPowers.wrap should work well enough for the existing cases I know of in tests, as long as we create the Proxy object in the content compartment rather than the JSM.
Pushed by VYV03354@nifty.ne.jp: https://hg.mozilla.org/integration/autoland/rev/490b19dd5762 Remove forcePermissiveCOWs(). r=kmag
You need to log in before you can comment on or make changes to this bug.