[Pkg-mozext-commits] [firebug] 28/59: Make .% syntax throw similar security errors on all Firefox versions (related to issue 7597)
David Prévot
taffit at moszumanska.debian.org
Thu Aug 14 14:52:55 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository firebug.
commit bbe3cbf81e43ad6e897b27839743aa2d5a97726c
Author: Simon Lindholm <simon.lindholm10 at gmail.com>
Date: Wed Jul 30 14:21:11 2014 +0200
Make .% syntax throw similar security errors on all Firefox versions (related to issue 7597)
---
extension/content/firebug/console/closureInspector.js | 9 +++++++--
tests/content/commandLine/5873/issue5873.js | 7 ++++---
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/extension/content/firebug/console/closureInspector.js b/extension/content/firebug/console/closureInspector.js
index 48369a4..3226f6c 100644
--- a/extension/content/firebug/console/closureInspector.js
+++ b/extension/content/firebug/console/closureInspector.js
@@ -130,7 +130,9 @@ var ClosureInspector =
for (var j = 0; j < toTest.length; ++j)
{
var f = toTest[j];
- if (f && f.environment && this.isScopeInteresting(f.environment))
+ if (!f || f.global !== dbgObj.global)
+ continue;
+ if (f.environment && this.isScopeInteresting(f.environment))
return f;
}
}
@@ -155,10 +157,13 @@ var ClosureInspector =
throw new TypeError("can't get scope of non-object");
var objGlobal = Cu.getGlobalForObject(obj);
+
+ // Do a security check. This is automatic in Fx33+, but do it manually
+ // (with the same error message) for compatiblity with older versions.
if (win !== objGlobal && !(win.document && objGlobal.document &&
win.document.nodePrincipal.subsumes(objGlobal.document.nodePrincipal)))
{
- throw new Error("permission denied to access cross origin scope");
+ throw new Error("Permission denied to pass object to chrome");
}
return DebuggerLib.withTemporaryDebugger(context, objGlobal, function(dbgGlobal)
diff --git a/tests/content/commandLine/5873/issue5873.js b/tests/content/commandLine/5873/issue5873.js
index a093733..9e753ec 100644
--- a/tests/content/commandLine/5873/issue5873.js
+++ b/tests/content/commandLine/5873/issue5873.js
@@ -218,14 +218,15 @@ function runTest()
taskList.push(verifyCompletionPopupForA);
// Verify cross-compartment permissions
+ var errMsg = "Error: Permission denied to pass object to chrome";
taskList.push(FBTest.executeCommandAndVerify, "cd.%context",
- "Error: permission denied to access cross origin scope", "span", "errorMessage");
+ errMsg, "span", "errorMessage");
if ("sandbox" in document.createElement("iframe"))
{
taskList.push(FBTest.executeCommandAndVerify, "frames[1].%framePriv",
- "Error: permission denied to access cross origin scope", "span", "errorMessage");
+ errMsg, "span", "errorMessage");
taskList.push(FBTest.executeCommandAndVerify, "frames[1].location.%framePriv",
- "Error: permission denied to access cross origin scope", "span", "errorMessage");
+ errMsg, "span", "errorMessage");
}
taskList.push(FBTest.executeCommandAndVerify, "frames[0].location.%framePriv",
"2", "span", "objectBox-number");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/firebug.git
More information about the Pkg-mozext-commits
mailing list