396849 - XOW breaks instanceof

Status: RESOLVED FIXED

(Core :: XPConnect, defect, P3)

Description

[Boris Zbarsky [:bzbarsky]]

Attachment: test

See attached testcase.  Basically, if a XOW is on either side of the instanceof operator, bad things happen.  You'll need to run the testcase from local disk so it can get the privs to do cross-site access.

Comment 1

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Not sure how likely this is to show up in the wild. Will simply doing

window instanceof Window

break? Or will you have to have different origins on the two sides of the operator?

Blake, what's the chances of you having time to fix this in time for release?

Comment 2

[Boris Zbarsky [:bzbarsky]]

I think you probably need different origins...

Comment 3

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

This is a little scary to let out in the wild since it might break sites.

Comment 4

[Blake Kaplan (:mrbkap) (inactive)]

Attachment: patch v1

I'm not sure if my assertion about this not giving away too much information is true here, but it seems reasonable to me. Note that if we *do* do security checks here, then the testcase will fail to work because of bug 396851.

Comment 5

[Johnny Stenback (:jst)]

Comment on attachment 283843 [details] [diff] [review]
patch v1

r+sr=jst, but please add the IsWrapperOfSameOrigin() check we talked about and throw if the wrapper is not same origin.

Comment 6

[Blake Kaplan (:mrbkap) (inactive)]

Attachment: Updated patch

This is what I'll check in when the tree is next both open and green.

Comment 7

[Blake Kaplan (:mrbkap) (inactive)]

I'll also file a followup on the less important |XOW instanceof Components.interfaces.xxx| case when the XOW is cross origin from this script.

Comment 8

[Blake Kaplan (:mrbkap) (inactive)]

Fix checked into trunk. bug 408887 filed on comment 7.