Closed Bug 414296 Opened 15 years ago Closed 15 years ago

Don't overwrap chrome objects

Categories

(Core :: XPConnect, defect, P2)

Product:
Core
Component:
XPConnect
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mrbkap, Assigned: mrbkap)

Details

Attachments

(1 file)

Proposed fix
5.13 KB, patch
jst
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review 
In bug 355766, jst added a way for chrome to safely touch content objects via XPCSafeJSObjectWrapper. In bug 413902, Jeremy Maitin-Shepard pointed out that when an XPCNativeWrapper wraps a chrome object, then getting a SJOW out of .wrappedJSObject is unexpected and it should be possible to get at the underlying object directly. This is safe because the underlying object here is chrome, and therefore trusted.

In the other bug, Jeremy suggested not using SJOWs for .wrappedJSObject on chrome objects, and I think that's the way to go.
Flags: blocking1.9?
Attached patch Proposed fixSplinter Review 
So, something like this would do it.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #300193 - Flags: superreview?(bzbarsky)
Attachment #300193 - Flags: review?(jst)
Attachment #300193 - Flags: review?(jst) → review+
+'ing w/ P2.
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
Comment on attachment 300193 [details] [diff] [review]
Proposed fix

sr=bzbarsky
Attachment #300193 - Flags: superreview?(bzbarsky) → superreview+
Fix checked into trunk.
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.