Closed
Bug 84020
Opened 25 years ago
Closed 25 years ago
InitClassesWithNewWrappedGlobal should not override context global
Categories
(Core :: XPConnect, defect)
Core
XPConnect
Tracking
()
VERIFIED
FIXED
mozilla0.9.1
People
(Reporter: jband_mozilla, Assigned: jband_mozilla)
Details
Attachments
(1 file)
|
771 bytes,
patch
|
Details | Diff | Splinter Review |
As nsXPConnect::InitClassesWithNewWrappedGlobal evolved it was left with an
incorrect unconditional call to JS_SetGlobalObject. When called from the JS
component loader on the main thread this causes the global JSObject for the
given component to be the context global for the hidden window. This is very
bad.
What this code should do is conditionally set the global object only if the
JSContext did not have one or if somehow the local 'tempGlobal' had become the
context global (this used to be the case when JS_InitStandardClasses was called
rather than the lazy resolve using JS_ResolveStandardClass).
I'll attach a patch
In the Netscape proprietary stuff this is...
http://bugscape.netscape.com/show_bug.cgi?id=5711
The symptoms there are the inabilty to quit the app due to a failure to QI the
nsISupports private data pointer of the context global into
nsIScriptGlobalObject. There is also security concern that this bug can cause
the global of the hidden window context to have system principals.
I want to get this fix into the 0.9.1 branch
The same patch in the bugscape bug already has sr=jst
| Assignee | ||
Comment 1•25 years ago
|
||
| Assignee | ||
Comment 2•25 years ago
|
||
Yuck. The patch got mangled in doing a save-as from the bugscape bug and then
attaching here. But I think it is clear enough.
Target Milestone: --- → mozilla0.9.1
Comment 3•25 years ago
|
||
r=dbradley
Comment 4•25 years ago
|
||
a= asa@mozilla.org for checkin to the 0.9.1 branch and the trunk.
(on behalf of drivers)
| Assignee | ||
Comment 5•25 years ago
|
||
both patches checked into the trunk.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
| Assignee | ||
Comment 6•25 years ago
|
||
Oops, I closed the wrong bug. I still have to check this into the branch. I'll
do that soon.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
| Assignee | ||
Comment 7•25 years ago
|
||
fix checked in to 0.9.1 branch and trunk.
Status: REOPENED → RESOLVED
Closed: 25 years ago → 25 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•