ExposedPropertiesOnly::check should leave the chrome compartment before checking UniversalXPConnect

RESOLVED FIXED in mozilla16

Status

()

RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: bholley, Assigned: bholley)

Tracking

unspecified
mozilla16
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Assignee)

Description

7 years ago
This isn't a problem on trunk, because we don't base CAPS security decision on the context compartment. But with bug 754202, we do. Let's fix this.
(Assignee)

Comment 1

7 years ago
Created attachment 632212 [details] [diff] [review]
Part 1 - Clarify compartment semantics for ExposedPropertiesOnly. v2
Attachment #632212 - Flags: review?(mrbkap)
(Assignee)

Comment 2

7 years ago
Created attachment 632213 [details] [diff] [review]
Part 2 - Clarify compartment situation in Xray wrapper. v1

Adding to the mess of the NodePrincipal (et al) check isn't great, but I'm refactoring that in bug 761704.
Attachment #632213 - Flags: review?(mrbkap)
Comment on attachment 632212 [details] [diff] [review]
Part 1 - Clarify compartment semantics for ExposedPropertiesOnly. v2

Review of attachment 632212 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/xpconnect/wrappers/AccessCheck.cpp
@@ +447,5 @@
>      }
> +
> +    // Double-check that the subject principal according to CAPS is a content
> +    // principal rather than the system principal. If it is, this check is
> +    // meaningless.

If it is or if it is not?
Attachment #632212 - Flags: review?(mrbkap) → review+
Attachment #632213 - Flags: review?(mrbkap) → review+
https://hg.mozilla.org/mozilla-central/rev/9523d286839d
https://hg.mozilla.org/mozilla-central/rev/256b856c0da6
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla16
You need to log in before you can comment on or make changes to this bug.