delete node.prop; gives "Security Manager vetoed action" (XPCNativeWrapper)

RESOLVED FIXED in mozilla1.9.3a1

Status

()

Core
XPConnect
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: John J. Barton, Assigned: mrbkap)

Tracking

({dev-doc-complete})

Trunk
mozilla1.9.3a1
x86
Windows XP
dev-doc-complete
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [doc-waiting-1.9.3])

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
On 9/30/09 12:55 AM, John J. Barton wrote:
> I hit a problem, I get an error message "Security Manager vetoed action"
> with the line number point to:
> delete node.__walkingAnonymousChildren; // unmark looping
> Here node is in an nsIDOMDocumentXBL document loaded in a content
> browser.

I assume |node| is just something that looks like a DOM node to you (as in, you didn't do wrappedJSObject on it or anything?

If so, looks like the issue is that XPC_NW_DelProperty will throw NS_ERROR_XPC_SECURITY_MANAGER_VETO, in general, when touching content from chrome.  Not sure why that code is as it is; this was part of the initial XPCNativeWrapper landing.  Looks wrong to me; worth filing a bug on and ccing ":jst" and "brendan@moz" and probably "mrbkap" and ":bz". Minimal-ish testcase:

javascript: var foo = new XPCNativeWrapper(document.body); foo.bar = 'x'; delete foo.bar;

Of course I'm not quite sure why you need the __walkingAnonymousChildren thing at all... Why do you need it?

-Boris
(Reporter)

Comment 1

8 years ago
This code was probably working when the js was running in extensions space on extension nodes, but fails when the js is in extension space but the node is content.

Blocks nothing, I wrote different code.

Comment 2

8 years ago
I was talking about this with Blake, and we see no reason to forbid deletes on an XPCNativeWrapper from deleting own properties.  Brendan, jst, can you think of any such reasons?
(Assignee)

Comment 3

8 years ago
Created attachment 405965 [details] [diff] [review]
Proposed fix

Note that unlike the other wrappers, XPCNativeWrapper doesn't forward the delete to its underlying object. If you delete an IDL-declared property, we'll simply re-resolve it the next time you ask for it. Expandos get nuked until you recreate them.
Assignee: nobody → mrbkap
Status: NEW → ASSIGNED
Attachment #405965 - Flags: review?(bzbarsky)

Comment 4

8 years ago
Comment on attachment 405965 [details] [diff] [review]
Proposed fix

r=bzbarsky
Attachment #405965 - Flags: review?(bzbarsky) → review+
(Assignee)

Comment 5

8 years ago
http://hg.mozilla.org/mozilla-central/rev/fae00beb30ff
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Assignee)

Comment 6

8 years ago
Mochitests: http://hg.mozilla.org/mozilla-central/rev/2c61dc4844fe
Flags: in-testsuite+

Comment 7

8 years ago
So is this a fix for this limitation:
https://developer.mozilla.org/en/XPCNativeWrapper#Limitations_of_XPCNativeWrapper
"16. Using the delete operator on "expando" properties of an XPCNativeWrapper throws a security exception."
?
Keywords: dev-doc-needed
Summary: delete node.prop; gives "Security Manager vetoed action" → delete node.prop; gives "Security Manager vetoed action" (XPCNativeWrapper)
Target Milestone: --- → mozilla1.9.3a1

Comment 8

8 years ago
Yes, it is.
Whiteboard: [doc-waiting-1.9.3]
Updated:

https://developer.mozilla.org/en/XPCNativeWrapper

Mentioned here:

https://developer.mozilla.org/en/XPCOM/XPCOM_changes_in_Gecko_2.0
Keywords: dev-doc-needed → dev-doc-complete
You need to log in before you can comment on or make changes to this bug.