DOMApplicationRegistry._cloneAppObject doesn't clone the `receipts` array

RESOLVED FIXED in mozilla17

Status

()

Core
DOM: Apps
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: myk, Assigned: myk)

Tracking

unspecified
mozilla17
Points:
---
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa-])

Attachments

(1 attachment)

(Assignee)

Description

5 years ago
Created attachment 649351 [details] [diff] [review]
patch v1: clones `receipts` array

DOMApplicationRegistry._cloneAppObject doesn't clone the `receipts` array, which it obtains from content.

This causes DOMWindows that install apps to leak due to bug 780674 (which should get fixed by the eventual fix for that bug).  It also makes it possible for a webapp to implicitly modify an app's receipts after installing the app, which seems undesirable.  And, more generally, it potentially misleads callers who expect the method to deeply clone the app object, such that the clone contains no references to parts of the original object.

Here's a fix that uses JSON to clone the array.
Attachment #649351 - Flags: review?(fabrice)
Attachment #649351 - Flags: review?(fabrice) → review+
(Assignee)

Comment 1

5 years ago
Comment on attachment 649351 [details] [diff] [review]
patch v1: clones `receipts` array

https://hg.mozilla.org/integration/mozilla-inbound/rev/4e54a6eb43d2
Attachment #649351 - Flags: checkin+
Small followup:
https://hg.mozilla.org/integration/mozilla-inbound/rev/fcb650e7bd6e
Awesome, so this was backed out along with bug 772299 due to mochitest-other permaorange.
https://hg.mozilla.org/integration/mozilla-inbound/rev/5886a528d6db

After backing out, I realized that Fabrice's follow-up fixed the orange. Please be starring builds when pushing bustage fixes...

Re-pushed (with the follow-up included).
https://hg.mozilla.org/integration/mozilla-inbound/rev/922cbdeaaec4
Flags: in-testsuite-
https://hg.mozilla.org/mozilla-central/rev/fcb650e7bd6e
https://hg.mozilla.org/mozilla-central/rev/922cbdeaaec4
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED

Updated

5 years ago
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.