Closed Bug 798857 Opened 12 years ago Closed 12 years ago

After chrome code accesses screen.width, content can't access it

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla19
Tracking Flags:
Tracking Status
firefox15 --- wontfix
firefox16 --- wontfix
firefox17 --- wontfix
firefox18 --- wontfix

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: testcase)

1. Install https://www.squarefree.com/extensions/domFuzzLite3.xpi 2. Load the testcase. Result: JavaScript error: file:///Users/jruderman/Desktop/r.html, line 7: Permission denied to access property 'width' If I change the testcase to access screen.width before the privileged call, then suddenly the access after the privileged call works! Here's what the Chrome code does: function safeResizeTo(aWindow) { function clamp(a, b, c) { return Math.min(c, Math.max(a, b)); } return function(w, h) { w = clamp(200, w, aWindow.screen.width); h = clamp(200, h, aWindow.screen.height); aWindow.resizeTo(w, h); }; }
nsScreen doesn't do the precreate dance. Are we ending up creating an XPCWrappedNative in the chrome compartment and then giving wrappers to the content compartment? In which case, would bug 793244 solve this problem?
Based on my reading of the current code, the answers to your questions are yes and yes.
Depends on: 793244
(In reply to Boris Zbarsky (:bz) from comment #1) > nsScreen doesn't do the precreate dance. Are we ending up creating an > XPCWrappedNative in the chrome compartment and then giving wrappers to the > content compartment? If it doesn't do the PreCreate dance, we should just be creating a new XPCWN in the content scope, right? So how would this happen?
(In reply to Bobby Holley (:bholley) from comment #3) > If it doesn't do the PreCreate dance, we should just be creating a new XPCWN > in the content scope, right? So how would this happen? nsScreen doesn't do the PreCreate dance, but it does implement nsWrapperCache (via nsDOMEventTargetHelper). So we'll create the WN and then find it, cached on the object when content goes to access .screen.
(In reply to Blake Kaplan (:mrbkap) from comment #4) > nsScreen doesn't do the PreCreate dance, but it does implement > nsWrapperCache (via nsDOMEventTargetHelper). So we'll create the WN and then > find it, cached on the object when content goes to access .screen. Oh wow, ok. Yeah, having an nsWrapperCache without a proper precreate hook is totally wrong. :-(
Oh, I missed that we had a wrapper cache, which is why comment 1 had questions, not statements. As in, I couldn't answer the comemnt 3 question. ;) So this is actually a regression from bug 720794, then. Do we care about getting this fixed on branches? Ms2ger, what's the ETA on bug 793244?
Blocks: 720794
status-firefox15: --- → affected
status-firefox16: --- → affected
status-firefox17: --- → affected
status-firefox18: --- → affected
End of the week, I hope.
Status: NEW → RESOLVED
Closed: 12 years ago
status-firefox15: affectedwontfix
status-firefox16: affectedwontfix
status-firefox17: affectedwontfix
status-firefox18: affectedwontfix
Component: Security → DOM
Resolution: --- → DUPLICATE
Target Milestone: --- → mozilla19
More like "Fixed by" than "Duplicate of".
Flags: in-testsuite?
Resolution: DUPLICATE → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.