Closed
Bug 814022
Opened 12 years ago
Closed 12 years ago
Fix instanceof for new DOM bindings
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla20
People
(Reporter: peterv, Assigned: peterv)
References
Details
Attachments
(1 file)
|
24.24 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
There are a couple of problems: - We don't unwrap security wrappers around new binding objects in GetWrappedNativeOfJSObject (called by the hasInstance hook for interface objects) - We don't unwrap security wrappers around new binding objects in nsJSIID::HasInstance A number of tests use instanceof with a DOM object and a DOM interface object from a different scope. I've fixed a bunch of them, even though the fixes above make it unnecessary. I still think we should fix these tests. Ideally we'd stop supporting this altogether by getting rid of the hasInstance hook on interface objects, but we'd need to fix all the chrome code that does it (and probably provide a chrome-only alternative). I tried restricting the QI in hasInstance to chrome code, but that doesn't work for now because we have EventTargets for which the first interface on the primary prototype chain does not inherit from nsIDOMEventTarget :-/.
Attachment #684038 -
Flags: review?(bzbarsky)
|
||
Comment 1•12 years ago
|
||
Comment on attachment 684038 [details] [diff] [review] v1 Review of attachment 684038 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/xpconnect/src/XPCJSID.cpp @@ +482,5 @@ > return NS_ERROR_FAILURE; > + } else { > + JSObject* unsafeObj = > + XPCWrapper::Unwrap(cx, obj, /* stopAtOuter = */ false); > + JSObject* cur = unsafeObj ? unsafeObj : obj; Trailing whitespace ::: js/xpconnect/src/nsXPConnect.cpp @@ +1384,5 @@ > return (nsISupports*)xpc_GetJSPrivate(obj2); > > + JSObject* unsafeObj = > + XPCWrapper::Unwrap(aJSContext, aJSObj, /* stopAtOuter = */ false); > + JSObject* cur = unsafeObj ? unsafeObj : aJSObj; Again
|
||
Comment 2•12 years ago
|
||
Comment on attachment 684038 [details] [diff] [review] v1 r=me
Attachment #684038 -
Flags: review?(bzbarsky) → review+
|
Assignee | |
Comment 3•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/3e9a567ce55c
Target Milestone: --- → mozilla20
|
||
Comment 4•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3e9a567ce55c
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•