Closed Bug 515475 Opened 16 years ago Closed 16 years ago

Remove security check from js_InternalGetOrSet

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: mrbkap, Assigned: mrbkap)

Details

Attachments

(1 file)

Test + fix
4.61 KB, patch
brendan
: review+
Details | Diff | Splinter Review
This was added because otherwise there would be no call out to the embedding when accessing a cross-origin object's getter (see bug 92773). I'll attach a testcase showing the problem and explaining why the check isn't useful in a second.
Attached patch Test + fixSplinter Review
Before XOWs, cross-origin checking was accomplished through nsWindowSH::GetProperty and related hooks. The problem pointed out in bug 92773 is that when someone sets a getter or setter on a property, subsequent gets and sets of that property don't go through the hooks, they call the getter directly, bypassing the security checks that we'd otherwise do. Now, XOWs take care of this by imposing a barrier between the getter or setter and the object that the cross-origin window has.
Assignee: general → mrbkap
Status: NEW → ASSIGNED
Attachment #399588 - Flags: review?(brendan)
Comment on attachment 399588 [details] [diff] [review] Test + fix Yay. Anything like this to eliminate under separate bug(s)? /be
Attachment #399588 - Flags: review?(brendan) → review+
http://hg.mozilla.org/mozilla-central/rev/4448e1b581b7
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
There probably are. I'll do a separate pass to find them.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: