diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2017-10-06 19:47:11 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-08 13:10:17 +0100 |
commit | c247ba5ab8f600fd748bc914524ae1ee17369062 (patch) | |
tree | 8c446e712a6a0e332b66966dacc8fc860793ad4a /js | |
parent | acbd84f5741451d67e0fbaa3b85fdafc85dab5f9 (diff) | |
download | UXP-c247ba5ab8f600fd748bc914524ae1ee17369062.tar UXP-c247ba5ab8f600fd748bc914524ae1ee17369062.tar.gz UXP-c247ba5ab8f600fd748bc914524ae1ee17369062.tar.lz UXP-c247ba5ab8f600fd748bc914524ae1ee17369062.tar.xz UXP-c247ba5ab8f600fd748bc914524ae1ee17369062.zip |
Stop bypassing the Xray layer when walking the prototype chain.
Diffstat (limited to 'js')
-rw-r--r-- | js/xpconnect/src/XPCJSID.cpp | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/js/xpconnect/src/XPCJSID.cpp b/js/xpconnect/src/XPCJSID.cpp index b9cbee7be..1e14c1bdf 100644 --- a/js/xpconnect/src/XPCJSID.cpp +++ b/js/xpconnect/src/XPCJSID.cpp @@ -456,27 +456,26 @@ nsJSIID::Enumerate(nsIXPConnectWrappedNative* wrapper, static nsresult FindObjectForHasInstance(JSContext* cx, HandleObject objArg, MutableHandleObject target) { + using namespace mozilla::jsipc; RootedObject obj(cx, objArg), proto(cx); - - while (obj && !IS_WN_REFLECTOR(obj) && - !IsDOMObject(obj) && !mozilla::jsipc::IsCPOW(obj)) - { - if (js::IsWrapper(obj)) { - obj = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false); - continue; + while (true) { + // Try the object, or the wrappee if allowed. + JSObject* o = js::IsWrapper(obj) ? js::CheckedUnwrap(obj, false) : obj; + if (o && (IS_WN_REFLECTOR(o) || IsDOMObject(o) || IsCPOW(o))) { + target.set(o); + return NS_OK; } - { - JSAutoCompartment ac(cx, obj); - if (!js::GetObjectProto(cx, obj, &proto)) - return NS_ERROR_FAILURE; + // Walk the prototype chain from the perspective of the callee (i.e. + // respecting Xrays if they exist). + if (!js::GetObjectProto(cx, obj, &proto)) + return NS_ERROR_FAILURE; + if (!proto) { + target.set(nullptr); + return NS_OK; } - obj = proto; } - - target.set(obj); - return NS_OK; } nsresult |