Created attachment 121378 [details] testcase: reads the location of a third-party iframe after a redirect
This is fairly serious, as it could allow tracking of browsing in some situations. Nominating for 1.4final blocker.
jst's got a patch. /be
Comment on attachment 122639 [details] [diff] [review] This should do it. Looks good to me. r=mstoltz.
Comment on attachment 122639 [details] [diff] [review] This should do it. Null return from JS_ValueToString indeed means an error, and errors are exceptions (except for "out of memory" -- that gets reported via the context's error reporter immediately, no exception is created for it). Do you need the nccx->SetExceptionWasThrown call and surrounding code from JS_GetPendingException down? Shouldn't the new helper JSValueToString return false or failure, and that r.v. propagate? /be
Created attachment 122797 [details] [diff] [review] Same as above, with OOM error propagation This is baiscally the same as the above, with the addition of distinguishing between OOM and an exception being thrown in JS_ValueToString(). Brendan, yes, I do need the call to SetPendingException() on the current call context, w/o that, XPConnect will go on as if no error occured. But I do not want to throw an error to the XPCOM caller in this case, doing that makes a lot of code freak out. Ideally, we could clean up this mess and do that, but I'm not up for doing that at this point.
Comment on attachment 122797 [details] [diff] [review] Same as above, with OOM error propagation carrying forward r=mstoltz, marking sr=me. Nit: "as if the result *were* undefined" -- uphold the dying subjunctive mood! /be
Comment on attachment 122797 [details] [diff] [review] Same as above, with OOM error propagation Requesting approval to check in for 1.4final.
Comment on attachment 122797 [details] [diff] [review] Same as above, with OOM error propagation a=as (on behalf of drivers) for checkin to 1.4
So this caused regression bug 206026. The fix for that is to revert the evaluation context change. See bug 206026 for more details.