Bug 1273251: Part 2 - Mark extension window compartments as nuked, and nuke all wrappers. r?mccr8
MozReview-Commit-ID: E0ImYZIgEjU
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -9106,23 +9106,39 @@ public:
nsCOMPtr<nsISupports> window = do_QueryReferent(mWindow);
if (!skipNukeCrossCompartment && window) {
nsGlobalWindow* win = nsGlobalWindow::FromSupports(window);
nsGlobalWindow* currentInner = win->IsInnerWindow() ? win : win->GetCurrentInnerWindowInternal();
NS_ENSURE_TRUE(currentInner, NS_OK);
AutoSafeJSContext cx;
JS::Rooted<JSObject*> obj(cx, currentInner->FastGetGlobalJSObject());
- // We only want to nuke wrappers for the chrome->content case
if (obj && !js::IsSystemCompartment(js::GetObjectCompartment(obj))) {
- js::NukeCrossCompartmentWrappers(cx,
- BrowserCompartmentMatcher(),
- js::SingleCompartment(js::GetObjectCompartment(obj)),
- win->IsInnerWindow() ? js::DontNukeWindowReferences
- : js::NukeWindowReferences);
+ JSCompartment* cpt = js::GetObjectCompartment(obj);
+ nsCOMPtr<nsIPrincipal> pc = nsJSPrincipals::get(JS_GetCompartmentPrincipals(cpt));
+
+ nsAutoString addonId;
+ if (NS_SUCCEEDED(pc->GetAddonId(addonId)) && !addonId.IsEmpty()) {
+ // We want to nuke all references to the add-on compartment.
+ js::NukeCrossCompartmentWrappers(cx, js::AllCompartments(),
+ js::SingleCompartment(cpt),
+ win->IsInnerWindow() ? js::DontNukeWindowReferences
+ : js::NukeWindowReferences);
+
+ // Now mark the compartment as nuked and non-scriptable.
+ auto compartmentPrivate = xpc::CompartmentPrivate::Get(cpt);
+ compartmentPrivate->wasNuked = true;
+ compartmentPrivate->scriptability.Block();
+ } else {
+ // We only want to nuke wrappers for the chrome->content case
+ js::NukeCrossCompartmentWrappers(cx, BrowserCompartmentMatcher(),
+ js::SingleCompartment(cpt),
+ win->IsInnerWindow() ? js::DontNukeWindowReferences
+ : js::NukeWindowReferences);
+ }
}
}
return NS_OK;
}
private:
uint64_t mID;