Closed
Bug 464527
Opened 16 years ago
Closed 12 years ago
Need wrapper for callbacks
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
RESOLVED
FIXED
People
(Reporter: sicking, Assigned: mrbkap)
Details
We need to make it safe for chrome code to pass in callback functions to content code. This will probably be done through wrapper magic which will prevent content from getting a reference to the actual chrome function, as well as wrap as appropriate any arguments to the callback function.
Comment 1•16 years ago
|
||
This could get costly without more JS engine work. Let's discuss. How often and with what kinds of args (deep object graphs?) are such callbacks actually invoked? /be
Assignee | ||
Comment 2•16 years ago
|
||
This wrapper would be more general. It's a hole in our system right now that it isn't easy to expose chrome objects (such as GreaseMonkey's console or the geolocation object) to content. These wrappers could automatically be created by XPCNativeWrapper/XPCSafeJSObjectWrapper. I'm not sure why this particular case could get any more costly than our existing wrappers.
Assignee | ||
Comment 3•15 years ago
|
||
Was this not fixed by bug 480205?
Comment 4•15 years ago
|
||
This bug is referenced from https://developer.mozilla.org/en/Safely_accessing_content_DOM_from_chrome#Firefox_2_and_newer , please update accordingly when resolving. (That page is not very clear right now and references to private bugs do not help to understand...)
Comment 5•13 years ago
|
||
Sorry for digging up old bug reports, but I was wondering whether the warnings are still valid. I am currently working on an extension that aims to rewrite and replace attributes of window from within chrome, using an observer on the "content-document-global-created" topic. I am getting a wrapped window object and the security warnings at the aforementioned URL made me hesitate :)
Comment 6•13 years ago
|
||
I believe that what you want to do is now safe (as of Gecko 2.0).
Assignee | ||
Comment 7•12 years ago
|
||
Yeah, this was fixed (more or less) by COWs.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•