Mercurial > mozreview > gecko / changeset / a2b9b7f83a4170cb4b3cdbd0c43657f392aa93fc
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1287007 - Derive context.principal from sandbox r?billm draft
authorRob Wu <rob@robwu.nl>
Fri, 30 Sep 2016 19:16:34 +0200
changeset 428422 a2b9b7f83a4170cb4b3cdbd0c43657f392aa93fc
parent 428421 e743084bb22e5433f416ca0f4937c8a969d1b060
child 428423 bdbd3e0e69d835df186cca503cf49827d23ca150
push id33305
push userbmo:rob@robwu.nl
push dateSun, 23 Oct 2016 20:56:25 +0000
reviewersbillm
bugs1287007
milestone52.0a1
Bug 1287007 - Derive context.principal from sandbox r?billm `context.principal` should be equal to the principal of the sandbox, so that if a new sandbox is created using `Cu.Sandbox(principal)`, that objects can be shared between the new sandbox and `context.cloneScope` (= `context.sandbox`) without issues. Without this change, using `context.jsonStringify` on an object from a content script would trigger the following error: > Error: Permission denied to access property "toJSON" This scenario is covered by the test toolkit/components/extensions/test/mochitest/test_ext_storage_content.html in the next commit. MozReview-Commit-ID: E4Jt8TDwNAZ
toolkit/components/extensions/ExtensionContent.jsm file | annotate | diff | comparison | revisions 
--- a/toolkit/components/extensions/ExtensionContent.jsm
+++ b/toolkit/components/extensions/ExtensionContent.jsm
@@ -267,18 +267,16 @@ class ExtensionContext extends BaseConte
     let contentPrincipal = contentWindow.document.nodePrincipal;
     let ssm = Services.scriptSecurityManager;
 
     // copy origin attributes from the content window origin attributes to
     // preserve the user context id. overwrite the addonId.
     let attrs = contentPrincipal.originAttributes;
     attrs.addonId = this.extension.id;
     let extensionPrincipal = ssm.createCodebasePrincipal(this.extension.baseURI, attrs);
-    Object.defineProperty(this, "principal",
-                          {value: extensionPrincipal, enumerable: true, configurable: true});
 
     if (ssm.isSystemPrincipal(contentPrincipal)) {
       // Make sure we don't hand out the system principal by accident.
       // also make sure that the null principal has the right origin attributes
       prin = ssm.createNullPrincipal(attrs);
     } else {
       prin = [contentPrincipal, extensionPrincipal];
     }
@@ -317,16 +315,22 @@ class ExtensionContext extends BaseConte
 
       Cu.evalInSandbox(`
         window.JSON = JSON;
         window.XMLHttpRequest = XMLHttpRequest;
         window.fetch = fetch;
       `, this.sandbox);
     }
 
+    Object.defineProperty(this, "principal", {
+      value: Cu.getObjectPrincipal(this.sandbox),
+      enumerable: true,
+      configurable: true,
+    });
+
     let url = contentWindow.location.href;
     // The |sender| parameter is passed directly to the extension.
     let sender = {id: this.extension.uuid, frameId, url};
     let filter = {extensionId: this.extension.id};
     let optionalFilter = {frameId};
     this.messenger = new Messenger(this, [this.messageManager], sender, filter, optionalFilter);
 
     this.chromeObj = Cu.createObjectIn(this.sandbox, {defineAs: "browser"});
gecko
Deployed from 4e825768105f at 2024-04-08T16:23:58Z.