Closed
Bug 976151
Opened 9 years ago
Closed 9 years ago
Anti eval/Function() check during wrapping should use |subsumes|
Categories
(Core :: XPConnect, defect)
Tracking
()
RESOLVED
FIXED
mozilla30
People
(Reporter: bholley, Assigned: bholley)
References
Details
Attachments
(1 file)
3.15 KB,
patch
|
gkrizsanits
:
review+
|
Details | Diff | Splinter Review |
We have this just-in-case check against creating a cross-compartment wrapper to either eval or the Function constructor from a privileged page. Currently, this just checks if the wrapper would be a COW, but that's suboptimal for two reasons: (1) When we implement Xrays-to-Functions, this check will be wrong. (2) Now that we have asymmetric privilege relationships with non-chrome principals (i.e nsIExpandedPrincipal), we want the logic to cover all non-subsuming cases, not just content->chrome. This isn't a security problem, just the improvement of a belt-and-braces check. I'll write up a patch.
Assignee | ||
Comment 1•9 years ago
|
||
Attachment #8380825 -
Flags: review?(gkrizsanits)
Assignee | ||
Comment 2•9 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=43a9d95e4e29
Updated•9 years ago
|
Attachment #8380825 -
Flags: review?(gkrizsanits) → review+
Assignee | ||
Comment 3•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/9a8a8a73df71
https://hg.mozilla.org/mozilla-central/rev/9a8a8a73df71
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla30
You need to log in
before you can comment on or make changes to this bug.
Description
•