Closed
Conversation
|
Heads up! This PR modifies the following files:
|
|
|
highfive
added
the
S-awaiting-review
Contributor
|
Yay, security policy! |
bors-servo
pushed a commit
to servo/rust-mozjs
that referenced
this pull request
Apr 18, 2017
added servojsprincipal skeleton Cross origin wrappers (servo/servo#16501) require JSPrincipals. This PR adds the skeleton and basic functionality required. CC: @jdm <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/rust-mozjs/353) <!-- Reviewable:end -->
Contributor
|
☔ The latest upstream changes (presumably #16592) made this pull request unmergeable. Please resolve the merge conflicts. |
avadacatavra
force-pushed
the
xow
branch
2 times, most recently
from
c8ed375 to
39a524c
Compare
jdm
requested changes
May 1, 2017
|
|
||
| // avadacatavra: destroy will need to retrieved the boxed origin pointer, turn it back into a box and allow it to be freed | ||
| pub unsafe fn destroy_servo_jsprincipal(principal: &mut ServoJSPrincipal) { | ||
| let origin = GetPrincipalOrigin(principal.0) as *mut Box<MutableOrigin>; |
Member
There was a problem hiding this comment.
Casting to a *mut Box is incorrect; we need *mut MutableOrigin here so we can use from_raw and cause its destructor to run.
| } | ||
| } | ||
|
|
||
| // avadacatavra: destroy will need to retrieved the boxed origin pointer, turn it back into a box and allow it to be freed |
| } | ||
|
|
||
| struct ServoJSPrincipal(*mut JSPrincipals); | ||
| //TODO make principal.rs |
| match &*name { | ||
| "Location" => CrossOriginObjectType::CrossOriginLocation, | ||
| "Window" => CrossOriginObjectType::CrossOriginWindow, | ||
| _ => CrossOriginObjectType::CrossOriginOpaque, |
Member
There was a problem hiding this comment.
let name = CStr::from_ptr((*obj_class).name).to_bytes();
match name {
b"Location" => ...,
b"Window" => ...,
_ => ...,
}| } | ||
| } | ||
|
|
||
| unsafe fn target_subsumes_obj(cx: *mut JSContext, obj: HandleObject) -> bool { |
Member
There was a problem hiding this comment.
Let's call this obj_subsumes_current_compartment.
| values["members"] = "\n".join(members) | ||
|
|
||
| return CGGeneric("""\ | ||
| let origin = object.origin().clone(); |
Member
There was a problem hiding this comment.
Do we need this clone if we pass a reference to create_global_object?
| //TODO is same_origin_domain equivalent to subsumes for our purposes | ||
| pub unsafe extern fn subsumes(obj: *mut JSPrincipals, other: *mut JSPrincipals) -> bool { | ||
| let obj = &ServoJSPrincipal(obj); | ||
| let other = &ServoJSPrincipal(other); |
| //step 7 compare hosts | ||
|
|
||
| //step 8 compare ports | ||
| //false |
Member
There was a problem hiding this comment.
Since these are all covered by subsumes afaict, we don't need to leave references to them here.
|
|
||
| unsafe fn select_wrapper(cx: *mut JSContext, obj: HandleObject) -> *const libc::c_void { | ||
| let security_wrapper = !target_subsumes_obj(cx, obj); | ||
| if !security_wrapper { |
Member
There was a problem hiding this comment.
This will be easier to reason about as if target_subsumes_obj(cx, obj) {.
| @@ -387,7 +478,8 @@ unsafe extern "C" fn wrap(cx: *mut JSContext, | |||
| -> *mut JSObject { | |||
| // FIXME terrible idea. need security wrappers | |||
| // https://github.com/servo/servo/issues/2382 | |||
jdm
added
S-needs-code-changes
highfive
added
S-awaiting-review
jdm
added
S-needs-code-changes
highfive
added
S-awaiting-review
Contributor
|
☔ The latest upstream changes (presumably #16845) made this pull request unmergeable. Please resolve the merge conflicts. |
highfive
added
the
S-awaiting-review
highfive
added
the
S-awaiting-review
highfive
added
the
S-awaiting-review
highfive
added
the
S-awaiting-review
highfive
added
the
S-awaiting-review
Member
|
We're waiting to return to this work until we have a more recent spidermonkey. |
Contributor
|
@jdm @avadacatavra should this be re-opened now that SpiderMonkey has been updated? |
Member
|
No need to do that until someone is actually working on it. |
yvt
added a commit
to yvt/servo
that referenced
this pull request
Jul 13, 2021
5 tasks
bors-servo
added a commit
that referenced
this pull request
Jul 17, 2021
Implement `Location`'s custom internal methods This PR partly resurrects #16501 and introduces the use of principals object to associate objects and Realms with origins. Using this infrastructure, this PR implements [the custom internal methods][1] of the `Location` interface, which is "maybe-cross-origin". Other maybe-cross-origin interfaces, namely `WindowProxy` and `DissimilarWindowLocation`, aren't implemented correctly yet (causing most test cases of `tests/wpt/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html` to fail). [The "perform a security check" operation][2] and `Location`'s non-cross-origin properties' relevant `Document` origin checks aren't implemented either (not sure if they are covered by the existing tests). Finally, there are a slight deviation from the standard and inefficiency in `CrossOriginGetOwnPropertyHelper`'s current implementation. [1]: https://html.spec.whatwg.org/multipage/#the-location-interface [2]: https://html.spec.whatwg.org/multipage/browsers.html#integration-with-idl --- - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #16243 and make some progress in #2382 --- - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___
bors-servo
added a commit
that referenced
this pull request
Aug 1, 2021
Implement `Location`'s custom internal methods This PR partly resurrects #16501 and introduces the use of principals object to associate objects and Realms with origins. Using this infrastructure, this PR implements [the custom internal methods][1] of the `Location` interface, which is "maybe-cross-origin". Unimplemented/incomplete things: - Other maybe-cross-origin interfaces, namely `WindowProxy` and `DissimilarWindowLocation`, aren't implemented correctly yet (causing most test cases of `tests/wpt/web-platform-tests/html/browsers/origin/cross-origin-objects/cross-origin-objects.html` to fail). - `WindowProxy`: #28556 - [The "perform a security check" operation][2] and `Location`'s non-cross-origin properties' relevant `Document` origin checks aren't implemented either (not sure if they are covered by the existing tests). - There are a slight deviation from the standard and inefficiency in `CrossOriginGetOwnPropertyHelper`'s current implementation. - #28557 [1]: https://html.spec.whatwg.org/multipage/#the-location-interface [2]: https://html.spec.whatwg.org/multipage/browsers.html#integration-with-idl --- - [x] `./mach build -d` does not report any errors - [x] `./mach test-tidy` does not report any errors - [x] These changes fix #16243 and make some progress in #2382 --- - [x] There are tests for these changes OR - [ ] These changes do not require tests because ___
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds some infrastructure required for XOWs.
Addresses #16243 and #2382
./mach build -ddoes not report any errors./mach test-tidydoes not report any errorsThis change is