Closed Bug 84020 Opened 25 years ago Closed 25 years ago

InitClassesWithNewWrappedGlobal should not override context global

Categories

(Core :: XPConnect, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED
mozilla0.9.1

People

(Reporter: jband_mozilla, Assigned: jband_mozilla)

Details

Attachments

(1 file)

As nsXPConnect::InitClassesWithNewWrappedGlobal evolved it was left with an incorrect unconditional call to JS_SetGlobalObject. When called from the JS component loader on the main thread this causes the global JSObject for the given component to be the context global for the hidden window. This is very bad. What this code should do is conditionally set the global object only if the JSContext did not have one or if somehow the local 'tempGlobal' had become the context global (this used to be the case when JS_InitStandardClasses was called rather than the lazy resolve using JS_ResolveStandardClass). I'll attach a patch In the Netscape proprietary stuff this is... http://bugscape.netscape.com/show_bug.cgi?id=5711 The symptoms there are the inabilty to quit the app due to a failure to QI the nsISupports private data pointer of the context global into nsIScriptGlobalObject. There is also security concern that this bug can cause the global of the hidden window context to have system principals. I want to get this fix into the 0.9.1 branch The same patch in the bugscape bug already has sr=jst
Attached patch proposed fixSplinter Review
Yuck. The patch got mangled in doing a save-as from the bugscape bug and then attaching here. But I think it is clear enough.
Target Milestone: --- → mozilla0.9.1
r=dbradley
a= asa@mozilla.org for checkin to the 0.9.1 branch and the trunk. (on behalf of drivers)
both patches checked into the trunk.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Oops, I closed the wrong bug. I still have to check this into the branch. I'll do that soon.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
fix checked in to 0.9.1 branch and trunk.
Status: REOPENED → RESOLVED
Closed: 25 years ago25 years ago
Resolution: --- → FIXED
Marking Verified -
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: