[Pkg-mozext-commits] [firebug] 27/59: Issue 7597: Console API is broken since Firefox 33

Thu Aug 14 14:52:55 UTC 2014

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository firebug.

commit 0d056a77c576a0d1b55ed3bca3a4fe9e9346cf9f
Author: Simon Lindholm <simon.lindholm10 at gmail.com>
Date:   Wed Jul 30 01:34:24 2014 +0200

    Issue 7597: Console API is broken since Firefox 33
    
    https://code.google.com/p/fbug/issues/detail?id=7597
---
 .../content/firebug/console/consoleExposed.js      |  8 +----
 .../content/firebug/console/consoleInjector.js     | 40 +++++++---------------
 extension/content/firebug/lib/wrapper.js           | 36 +++++++++++++++++++
 3 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/extension/content/firebug/console/consoleExposed.js b/extension/content/firebug/console/consoleExposed.js
index fcc932e..870b6db 100644
--- a/extension/content/firebug/console/consoleExposed.js
+++ b/extension/content/firebug/console/consoleExposed.js
@@ -38,7 +38,7 @@ var Trace = FBTrace.to("DBG_CONSOLE");
 
 /**
  * Returns a console object (bundled with passed window through closure), expected to be called
- * into from a web page. The object provides all necessary APIs as described here:
+ * into (indirectly) from a web page. The object provides all necessary APIs as described here:
  * https://getfirebug.com/wiki/index.php/Console_API
  *
  * @param {Object} context
@@ -219,12 +219,6 @@ function createFirebugConsole(context, win)
         }
     };
 
-    // Expose those properties to the content scope (read only).
-    var expose = Object.keys(console);
-    console.__exposedProps__ = {};
-    for (var i = 0; i < expose.length; i++)
-        console.__exposedProps__[expose[i]] = "r";
-
     // * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * //
     // Helpers (not accessible from web content)
 
diff --git a/extension/content/firebug/console/consoleInjector.js b/extension/content/firebug/console/consoleInjector.js
index 3819cbd..f21d6cf 100644
--- a/extension/content/firebug/console/consoleInjector.js
+++ b/extension/content/firebug/console/consoleInjector.js
@@ -2,10 +2,11 @@
 
 define([
     "firebug/firebug",
+    "firebug/lib/wrapper",
     "firebug/console/console",
     "firebug/console/consoleExposed",
 ],
-function(Firebug, Console, ConsoleExposed) {
+function(Firebug, Wrapper, Console, ConsoleExposed) {
 
 // ********************************************************************************************* //
 // Constants
@@ -38,35 +39,18 @@ Firebug.Console.injector =
             // Get the 'console' object (this comes from chrome scope).
             var console = ConsoleExposed.createFirebugConsole(context, win);
 
-            // Do not expose the chrome object as is but, rather do a wrapper, see below.
-            //win.wrappedJSObject.console = console;
-            //return;
-
-            // Construct a script string that defines a function. This function returns
-            // an object that wraps every 'console' method. This function will be evaluated
-            // in a window content sandbox and return a wrapper for the 'console' object.
-            // Note that this wrapper appends an additional frame that shouldn't be displayed
-            // to the user.
-            //
-            // Since we are using .caller and .arguments for stack walking, the function must
-            // not be in strict mode.
-            var expr = "(function(x) { return {\n";
-            for (var p in console)
+            // Create a content-owned "console" object, to be exported into the page.
+            // We need to use unsafeCloneFunctionIntoContentScope here, since we don't
+            // want `console.log(crossOriginWindow)` to throw.
+            var sandbox = Cu.Sandbox(win, {wantXrays: false});
+            var exposedConsole = Wrapper.unwrapObject(new win.Object());
+            for (var prop in console)
             {
-                var func = console[p];
-                if (typeof(func) == "function")
-                {
-                    expr += p + ": function() { return Function.apply.call(x." + p +
-                        ", x, arguments); },\n";
-                }
+                if (!console.hasOwnProperty(prop) || typeof console[prop] !== "function")
+                    continue;
+                exposedConsole[prop] =
+                    Wrapper.unsafeCloneFunctionIntoContentScope(win, sandbox, console[prop]);
             }
-            expr += "};})";
-
-            // Evaluate the function in the window sandbox/scope and execute. The return value
-            // is a wrapper for the 'console' object.
-            var sandbox = Cu.Sandbox(win);
-            var getConsoleWrapper = Cu.evalInSandbox(expr, sandbox);
-            var exposedConsole = getConsoleWrapper(console);
 
             // Store the context and the exposedConsole in a WeakMap.
             wmExposedConsoles.set(winDoc, {
diff --git a/extension/content/firebug/lib/wrapper.js b/extension/content/firebug/lib/wrapper.js
index 0452c39..baac0cb 100644
--- a/extension/content/firebug/lib/wrapper.js
+++ b/extension/content/firebug/lib/wrapper.js
@@ -81,6 +81,34 @@ Wrapper.cloneIntoContentScope = function(global, obj)
     return newObj;
 };
 
+/**
+ * Create a clone of a function usable from within a content global similarly to
+ * cloneIntoContentScope, except that it accepts even cross-origin objects
+ * as arguments. A sandbox, which must be created with:
+ * `Cu.Sandbox(win, {wantXrays: false})`, is used for the marshalling.
+ */
+Wrapper.unsafeCloneFunctionIntoContentScope = function(win, sandbox, func)
+{
+    // Delegate from the sandbox, which accepts anything, to chrome space by
+    // passing the arguments object as a single argument, which is then
+    // unwrapped. Since checking for dangerous objects only goes one level
+    // deep, this avoids problems with arguments getting denied entry.
+    // Return a bound function, so as to get "[native code]" in the function
+    // stringification.
+    function chromeForwarder(args)
+    {
+        var unwrappedArgs = XPCNativeWrapper.unwrap(args);
+        var wrappedArgs = [];
+        for (var i = 0; i < unwrappedArgs.length; i++)
+            wrappedArgs.push(XPCNativeWrapper(unwrappedArgs[i]));
+        return func.apply(null, wrappedArgs);
+    }
+
+    var expr = "(function(x) { return function() { return x(arguments); }.bind(null); })";
+    var makeContentForwarder = Cu.evalInSandbox(expr, sandbox);
+    return makeContentForwarder(cloneFunction(win, chromeForwarder));
+};
+
 // ********************************************************************************************* //
 
 // XXX Obsolete, but left for extension compatibility.
@@ -95,6 +123,14 @@ function isPrimitive(obj)
     return !(obj && (typeof obj === "object" || typeof obj === "function"));
 }
 
+function cloneFunction(win, func)
+{
+    var obj = XPCNativeWrapper.unwrap(new win.Object());
+    Object.defineProperty(obj, "f", {value: func});
+    Cu.makeObjectPropsNormal(obj);
+    return obj.f;
+}
+
 // ********************************************************************************************* //
 // Registration
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/firebug.git

