Closed
Bug 1553276
Opened 6 years ago
Closed 6 years ago
Xrays should call legacycallers without entering the content compartment
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
mozilla69
Tracking | Status | |
---|---|---|
firefox69 | --- | fixed |
People
(Reporter: bzbarsky, Assigned: bzbarsky)
Details
Attachments
(1 file)
We no longer have legacycallers on plug-ins, and the other consumers actually want Xray behavior here.
![]() |
Assignee | |
Comment 1•6 years ago
|
||
Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4b59d75bb1ff
Don't enter the content compartment when calling a Web IDL legacycaller over Xrays. r=bholley
Comment 3•6 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
![]() |
Assignee | |
Comment 4•6 years ago
|
||
Comment on attachment 9066515 [details]
Bug 1553276. Don't enter the content compartment when calling a Web IDL legacycaller over Xrays. r=bholley
Beta/Release Uplift Approval Request
- User impact if declined: Can't land bug 1551282 without test failures; see uplift requests there.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): This only affects calls via Xrays, and only to three things:
- MozQueryInterface. This is used for generateQI implenentations in chrome; I would be extremely surprised if it's ever called over Xrays.
- HTMLAllCollection. Arguably this actually fixes a bug, where if you do
document.all({ toString: () => "0" })
right now in chrome or extension code it throws; with this fix it will work correctly. There should be no ill effects here. - The new
register
/sign
things I am adding in bug 1551282. This change is needed to make them work when called from chrome; we have tests doing that.
The other option is to disable the relevant u2f tests that are doing register/sign from chrome code and just land bug 1551282 without landing this fix. That does mean that web extensions would also not be able to call the methods, which may well be higher risk than this patch.
- String changes made/needed:
Attachment #9066515 -
Flags: approval-mozilla-release?
Attachment #9066515 -
Flags: approval-mozilla-beta?
![]() |
Assignee | |
Comment 5•6 years ago
|
||
Comment on attachment 9066515 [details]
Bug 1553276. Don't enter the content compartment when calling a Web IDL legacycaller over Xrays. r=bholley
Looks like we won't need this for bug 1551282.
Attachment #9066515 -
Flags: approval-mozilla-release?
Attachment #9066515 -
Flags: approval-mozilla-beta?
You need to log in
before you can comment on or make changes to this bug.
Description
•