Closed
Bug 451729
Opened 16 years ago
Closed 16 years ago
Allow runtime's security callbacks to be overridden by a context
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla1.9.1
People
(Reporter: bent.mozilla, Assigned: jorendorff)
References
Details
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
brendan
:
review+
|
Details | Diff | Splinter Review |
checkObjectAccess is currently set on the JSRuntime and so my background threads are using caps (which is not threadsafe). I have my own sandbox so I'd like to make the checkObjectAccess settable from the context as I control the lifetime of the contexts I'm using. Patch attached.
Attachment #335066 -
Flags: review?(brendan)
Reporter | ||
Comment 1•16 years ago
|
||
I'll file a followup to fix xpconnect, dom, and caps.
Reporter | ||
Comment 2•16 years ago
|
||
Comment 3•16 years ago
|
||
Comment on attachment 335066 [details] [diff] [review]
Move checkObjectAccess to JSContext, v1
Great, thanks. Who will do the dev-doc-needed deed? Do we even have API doc on this callback?
/be
Attachment #335066 -
Flags: review?(brendan) → review+
Reporter | ||
Comment 4•16 years ago
|
||
Talking about this with jst and brendan we decided to change directions here. We're going to leave the callbacks on the runtime as defaults that can be overridden by individual contexts. Also they've moved into their own callback struct.
Attachment #335066 -
Attachment is obsolete: true
Attachment #336732 -
Flags: review?(brendan)
Reporter | ||
Updated•16 years ago
|
Summary: Move checkObjectAccess from the JSRuntime to the JSContext → Allow runtime's security callbacks to be overridden by a context
Updated•16 years ago
|
Attachment #336732 -
Flags: review?(brendan) → review+
Comment 6•16 years ago
|
||
Comment on attachment 336732 [details] [diff] [review]
Make callbacks overridable on the context, v1
>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_SetSecurityCallbacksRT(JSRuntime *rt, JSSecurityCallbacks *callbacks);
>+
>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_GetSecurityCallbacksRT(JSRuntime *rt);
>+
>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_SetSecurityCallbacks(JSContext *cx, JSSecurityCallbacks *callbacks);
These are misnamed -- elsewhere, the RT suffix just means a change of parameters, not a change of semantics. Suggest JS_SetRuntimeSecurityCallbacks, JS_GetRuntimeSecurityCallbacks, and JS_SetContextSecurityCallbacks.
>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_GetSecurityCallbacks(JSContext *cx);
This one is different, and well-named. I can't think of a longer name that conveys how it falls back on the runtime's callbacks if the context has none set.
Looks great otherwise, r=me with name fixage.
/be
Reporter | ||
Comment 7•16 years ago
|
||
Pushed changeset 7da53f4cd712 to mozilla-central with brendan's comments addressed.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 8•16 years ago
|
||
We're going to need some documentation updated for this change.
JS_SetCheckObjectAccessCallback, JS_SetPrincipalsTranscoder, and JS_SetObjectPrincipalsFinder have been superseded by JS_SetRuntimeSecurityCallbacks and JS_SetContextSecurityCallbacks.
Consumers that wish to use one of the callback functions should call JS_GetSecurityCallbacks which will favor the callbacks set on the context over those on the runtime.
Reporter | ||
Updated•16 years ago
|
Keywords: dev-doc-needed
Updated•16 years ago
|
Flags: in-testsuite-
Flags: in-litmus-
Comment 9•16 years ago
|
||
Is someone going to write this up, or do I need to beg for details on these and do it myself? :)
Assignee | ||
Comment 10•16 years ago
|
||
I added a bullet in the 1.8 release notes mentioning that the old APIs are deprecated and will be removed in 1.8.1.
I did some preliminary dev-doc stuff too but it's not done.
Comment 11•16 years ago
|
||
jorend - any chance you can find time to finish these up? I suspect it's much more efficient for you to do it than for me; if you can't, I'll take a whack at it though.
Comment 13•14 years ago
|
||
In part, the docs would be here:
https://developer.mozilla.org/En/SpiderMonkey/JSAPI_Reference/JS_GetSecurityCallbacks
Updated•4 years ago
|
Keywords: dev-doc-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•