corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1233497 - Fix infrastructure for disallowing unsafe CPOWs in browser code. r=mrbkap

Browse Source
This commit is contained in:
Bill McCloskey
2016-01-05 19:28:27 -05:00
parent d1bb08fb15
commit 0fbb50f168
7 changed files with 44 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
js/ipc/JavaScriptParent.cpp
View File

@@ -7,6 +7,7 @@
#include "JavaScriptParent.h"
#include "mozilla/dom/ContentParent.h"
#include "mozilla/dom/ScriptSettings.h"
#include "nsJSUtils.h"
#include "jsfriendapi.h"
#include "jswrapper.h"
@@ -68,8 +69,11 @@ JavaScriptParent::allowMessage(JSContext* cx)
return true;
if (ForbidUnsafeBrowserCPOWs()) {
if (JSObject* global = JS::CurrentGlobalOrNull(cx)) {
if (!JS::AddonIdOfObject(global)) {
nsIGlobalObject* global = dom::GetIncumbentGlobal();
JSObject* jsGlobal = global ? global->GetGlobalJSObject() : nullptr;
if (jsGlobal) {
JSAutoCompartment ac(cx, jsGlobal);
if (!JS::AddonIdOfObject(jsGlobal) && !xpc::CompartmentPrivate::Get(jsGlobal)->allowCPOWs) {
JS_ReportError(cx, "unsafe CPOW usage forbidden");
return false;
}