If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Scriptable thread API allows spinning event queue with JS on stack

NEW
Unassigned

Status

()

Core
XPCOM
--
major
11 years ago
6 years ago

People

(Reporter: bz, Unassigned)

Tracking

Trunk
x86
Linux
Points:
---
Bug Flags:
wanted1.9.0.x -

Firefox Tracking Flags

(Not tracked)

Details

STEPS TO REPRODUCE:

1)  Write some JS that has UniversalXPConnect (or is chrome)
2)  In this JS, get the mainThread off the threadmanager.
3)  Call processNextEvent() on it.

ACTUAL RESULTS:  The Run() method of the runnable called while there is a non-null JSContext on the top of the JSContext stack.  This screws up security checks, subject principals, etc.

EXPECTED RESULTS:  Not screw up security checks and subject principals.

NOTE: Given that we use this API from C++ too, and that some callers of it from C++ have similar issues (XMLHttpRequest comes to mind!), ideally we would just push a null cx on the JSContext stack in this method.  Failing that, we need to either make this method noscript or provide an API that JS could use around calls to this method to push a null cx on the JSContext stack.  Not sure how well this last would work, truthfully.  If desired, we could also do a combination: have a scriptable "safe" method for processing events (one that pushes a null cx before each event) and a noscript "unsafe" method (the latter used in places in the code where perf matters and which therefore do their own cx pushing around the whole chunk where they spin the event loop).
Flags: wanted1.9.1?
Flags: wanted1.9.0.x?
Not wanted for 1.9.0.x.
Flags: wanted1.9.0.x? → wanted1.9.0.x-
Flags: wanted1.9.1?
You need to log in before you can comment on or make changes to this bug.