Add predefined XPCOM variables to the validator

RESOLVED FIXED in Q2 2011

Status

addons.mozilla.org Graveyard
Admin/Editor Tools
P3
normal
RESOLVED FIXED
7 years ago
2 years ago

People

(Reporter: kmag, Assigned: basta)

Tracking

unspecified
Q2 2011

Details

(Whiteboard: [ReviewTeam])

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110419 Firefox/6.0a1
Build Identifier: 

There are certain variables pre-defined by most Mozilla applications that add-ons often take advantage of. Cc and Ci are of particular interest to the validator, as any add-ons that make use of them without explicitly declaring them in the same file automatically bypass XPCOM security checks.

Also of interest is the Services object from Services.jsm. I don't especially care whether this is defined from the start or only added when Services.jsm is imported, but it should be accounted for in some manner.

I think it would probably be sufficient to pre-evaluate the following code:

let Cc = Components.classes;
let Ci = Components.interfaces;

let Services = {
    // This requires marking the loadSubScript method as
    // dangerous in addition to marking the service itself.
    scriptloader: Cc["@mozilla.org/moz/jssubscript-loader;1"].getService(Ci.mozIJSSubScriptLoader)

    wm: Cc["@mozilla.org/appshell/window-mediator;1"].getService(Ci.nsIWindowMediator),

    ww: Cc["@mozilla.org/embedcomp/window-watcher;1"].getService(Ci.nsIWindowWatcher)
};



Reproducible: Always
Assignee: nobody → mbasta
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Whiteboard: [required amo-editors]
Target Milestone: --- → Q2 2011
(Assignee)

Comment 1

7 years ago
Are these defined in all local scopes or in the global scope?
(Reporter)

Comment 2

7 years ago
In Firefox, they're defined in the global scope by default.
(Assignee)

Comment 3

7 years ago
Is Cu also defined as Components.utils? Just want to double check.
(Reporter)

Comment 4

7 years ago
It is, yes. I'd forgotten that that had flagged methods.
(Assignee)

Comment 6

7 years ago
Merged:

https://github.com/mozilla/amo-validator/commit/ac21262ff23ba38ccd2c78a34d218da40e2095d0
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Reclassifying editor bugs and changing to a new whiteboard flag. Spam, spam, spam, spam...
Whiteboard: [required amo-editors] → [ReviewTeam]
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.