Closed Bug 780686 Opened 12 years ago Closed 12 years ago

DOMApplicationRegistry._cloneAppObject doesn't clone the `receipts` array

Categories

(Core Graveyard :: DOM: Apps, defect)

Product:
Core Graveyard
Component:
DOM: Apps
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla17

People

(Reporter: myk, Assigned: myk)

Details

(Whiteboard: [qa-])

Attachments

(1 file)

patch v1: clones `receipts` array
504 bytes, patch
fabrice
: review+
myk
: checkin+
Details | Diff | Splinter Review
DOMApplicationRegistry._cloneAppObject doesn't clone the `receipts` array, which it obtains from content. This causes DOMWindows that install apps to leak due to bug 780674 (which should get fixed by the eventual fix for that bug). It also makes it possible for a webapp to implicitly modify an app's receipts after installing the app, which seems undesirable. And, more generally, it potentially misleads callers who expect the method to deeply clone the app object, such that the clone contains no references to parts of the original object. Here's a fix that uses JSON to clone the array.
Attachment #649351 - Flags: review?(fabrice)
Attachment #649351 - Flags: review?(fabrice) → review+
Awesome, so this was backed out along with bug 772299 due to mochitest-other permaorange. https://hg.mozilla.org/integration/mozilla-inbound/rev/5886a528d6db After backing out, I realized that Fabrice's follow-up fixed the orange. Please be starring builds when pushing bustage fixes... Re-pushed (with the follow-up included). https://hg.mozilla.org/integration/mozilla-inbound/rev/922cbdeaaec4
Flags: in-testsuite-
https://hg.mozilla.org/mozilla-central/rev/fcb650e7bd6e https://hg.mozilla.org/mozilla-central/rev/922cbdeaaec4
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [qa-]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: