Open Bug 1491490 Opened 1 year ago Updated 1 year ago

Kill wantXrays

Categories

(Core :: XPConnect, enhancement, P3)

enhancement

Tracking

()

People

(Reporter: bholley, Unassigned)

References

(Blocks 1 open bug)

Details

I wrote a 1-line patch to always set wantXrays to false, and see what breaks:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=2aa151d3be75aacf25083f00d835c921ab6ff669
(In reply to Bobby Holley (:bholley) from comment #1)
> I wrote a 1-line patch to always set wantXrays to false, and see what breaks:
> 
> https://treeherder.mozilla.org/#/
> jobs?repo=try&revision=2aa151d3be75aacf25083f00d835c921ab6ff669

Not *too* orange :)
Priority: -- → P3
(In reply to Andrew Overholt [:overholt] from comment #2)
> (In reply to Bobby Holley (:bholley) from comment #1)
> > I wrote a 1-line patch to always set wantXrays to false, and see what breaks:
> > 
> > https://treeherder.mozilla.org/#/
> > jobs?repo=try&revision=2aa151d3be75aacf25083f00d835c921ab6ff669
> 
> Not *too* orange :)

Fortunately, most of that orange is just tests of Sandbox X-ray functionality. It looks like the devtools tests are doing something a bit weird. Not sure what.

Not quite sure about the Marionette harness one either. We may need to change that to create content sandboxes with an expanded principal.
Hi Bobby, is that a thing you want to see fixed somewhat in the near future?
Flags: needinfo?(bobbyholley)
(In reply to Henrik Skupin (:whimboo) from comment #4)
> Hi Bobby, is that a thing you want to see fixed somewhat in the near future?

Yes, though I'm unlikely to get to it in the next few weeks.

I don't think this needs to block bug 1274251 though. You can just set wantXrays to false in all your sandboxes, which will give you the new behavior, and is one of the things we'd need to do to get this bug landed anyway.
Flags: needinfo?(bobbyholley)
And for the sandboxes where you're currently relying on it to get Xray vision, you should use an Expanded Principal [1] instead.

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Gecko/Script_security#Expanded_principal
You need to log in before you can comment on or make changes to this bug.