corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backed out changeset 22feaebc0b2c (bug 821809) win8 debug jetpack-sdk test failures

Browse Source
This commit is contained in:
Carsten "Tomcat" Book
2014-04-09 15:12:01 +02:00
parent 1cffec5ff9
commit 223f1c2d50
4 changed files with 8 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
addon-sdk/source/lib/sdk/content/sandbox.js
View File

@@ -38,12 +38,6 @@ const metadata = require('@loader/options').metadata;
const permissions = (metadata && metadata['permissions']) || {};
const EXPANDED_PRINCIPALS = permissions['cross-domain-content'] || [];
const waiveSecurityMembrane = !!permissions['unsafe-content-script'];
const nsIScriptSecurityManager = Ci.nsIScriptSecurityManager;
const secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].
getService(Ci.nsIScriptSecurityManager);
const JS_VERSION = '1.8';
const WorkerSandbox = Class({
@@ -102,10 +96,8 @@ const WorkerSandbox = Class({
this.emit = this.emit.bind(this);
this.emitSync = this.emitSync.bind(this);
// Use expanded principal for content-script if the content is a
// regular web content for better isolation.
// (This behavior can be turned off for now with the unsafe-content-script
// flag to give addon developers time for making the necessary changes)
// Eventually use expanded principal sandbox feature, if some are given.
//
// But prevent it when the Worker isn't used for a content script but for
// injecting `addon` object into a Panel, Widget, ... scope.
// That's because:
@@ -118,17 +110,12 @@ const WorkerSandbox = Class({
// domain principal.
let principals = window;
let wantGlobalProperties = [];
let isSystemPrincipal = secMan.isSystemPrincipal(
window.document.nodePrincipal);
if (!isSystemPrincipal && !requiresAddonGlobal(worker)) {
if (EXPANDED_PRINCIPALS.length > 0) {
// We have to replace XHR constructor of the content document
// with a custom cross origin one, automagically added by platform code:
delete proto.XMLHttpRequest;
wantGlobalProperties.push('XMLHttpRequest');
}
if (!waiveSecurityMembrane)
principals = EXPANDED_PRINCIPALS.concat(window);
if (EXPANDED_PRINCIPALS.length > 0 && !requiresAddonGlobal(worker)) {
principals = EXPANDED_PRINCIPALS.concat(window);
// We have to replace XHR constructor of the content document
// with a custom cross origin one, automagically added by platform code:
delete proto.XMLHttpRequest;
wantGlobalProperties.push('XMLHttpRequest');
}
// Instantiate trusted code in another Sandbox in order to prevent content
@@ -142,7 +129,6 @@ const WorkerSandbox = Class({
sandboxPrototype: proto,
wantXrays: true,
wantGlobalProperties: wantGlobalProperties,
wantExportHelpers: !waiveSecurityMembrane,
sameZoneAs: window,
metadata: {
SDKContentScript: true,