Closed
Bug 923846
Opened 11 years ago
Closed 2 years ago
Firefox is mangling objects in unexpected ways (Worker example).
Categories
(Core :: DOM: Workers, defect, P5)
Tracking
()
RESOLVED
INVALID
People
(Reporter: pdp, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36 Steps to reproduce: var augmentWorker = function (OriginalWorker) { var AugmentedWorker = function (script) { console.log(OriginalWorker.toString()); this.worker = new OriginalWorker(script); console.log(this.worker.constructor.toString()); this.worker.postMessage('hello'); } AugmentedWorker.prototype.postMessage = function () { alert('wow'); } return AugmentedWorker; }; Worker = augmentWorker(Worker); new Worker('insane'); Actual results: postMessage from AugmentedWorker is called instead of the native Worker Expected results: The code should have called the native function. More over, there is a total mix of native worker object and the constructed js object. This issue could potentially have security implications. I haven't researched it!
Comment 1•11 years ago
|
||
Caveat: Since I don't have as good an understanding of the internals of Firefox as our platform security folks do, I have bugged them to look at this too. I don't think this is an outright security issue as the ability to override built-in objects and methods is a feature not a bug. There is certainly alot of potential for abuse in changing how postMessage functionality works, but since it requires explicitly adding the code, or being vulnerable to XSS I doubt this would be considered a bug.
Updated•10 years ago
|
Component: Untriaged → DOM: Workers
Product: Firefox → Core
Updated•6 years ago
|
Priority: -- → P5
Comment 2•2 years ago
|
||
Yes, it's fine, but not a great idea, for content to do this. For posterity, https://firefox-source-docs.mozilla.org/dom/scriptSecurity/index.html covers the mechanisms by which system code is able to avoid being confused by content code. Note that Worker.postMessage is not something used by system code and is strictly exposed for use by content.
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•