Boris Zbarsky [:bzbarsky] Reporter
	Description • 17 years ago

See attached testcase.  Basically, if a XOW is on either side of the instanceof operator, bad things happen.  You'll need to run the testcase from local disk so it can get the privs to do cross-site access.

	Jonas Sicking (:sicking) No longer reading bugmail consistently
	Comment 1 • 17 years ago

Not sure how likely this is to show up in the wild. Will simply doing

window instanceof Window

break? Or will you have to have different origins on the two sides of the operator?

Blake, what's the chances of you having time to fix this in time for release?

	Boris Zbarsky [:bzbarsky] Reporter
	Comment 2 • 17 years ago

I think you probably need different origins...

	Jonas Sicking (:sicking) No longer reading bugmail consistently
	Comment 3 • 17 years ago

This is a little scary to let out in the wild since it might break sites.

	Blake Kaplan (:mrbkap) (inactive) Assignee
	Comment 4 • 17 years ago

I'm not sure if my assertion about this not giving away too much information is true here, but it seems reasonable to me. Note that if we *do* do security checks here, then the testcase will fail to work because of bug 396851.

	Johnny Stenback (:jst)
	Comment 5 • 17 years ago

Comment on attachment 283843 [details] [diff] [review]
patch v1

r+sr=jst, but please add the IsWrapperOfSameOrigin() check we talked about and throw if the wrapper is not same origin.

	Blake Kaplan (:mrbkap) (inactive) Assignee
	Comment 6 • 17 years ago

This is what I'll check in when the tree is next both open and green.

	Blake Kaplan (:mrbkap) (inactive) Assignee
	Comment 7 • 17 years ago

I'll also file a followup on the less important |XOW instanceof Components.interfaces.xxx| case when the XOW is cross origin from this script.

	Blake Kaplan (:mrbkap) (inactive) Assignee
	Comment 8 • 17 years ago

Fix checked into trunk. bug 408887 filed on comment 7.