JavaScript chrome Cu.getObjectPrincipal Examples

Programming Language: JavaScript

Namespace/Package Name: chrome

Class/Type: Cu

Method/Function: getObjectPrincipal

Examples at hotexamples.com: 4

JavaScript Cu.getObjectPrincipal - 4 examples found. These are the top rated real world JavaScript examples of chrome.Cu.getObjectPrincipal extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

import(30)

reportError(30)

Sandbox(24)

isDeadWrapper(24)

getGlobalForObject(21)

cloneInto(20)

evalInSandbox(17)

waiveXrays(16)

getWeakReference(13)

importGlobalProperties(11)

schedulePreciseGC(10)

unwaiveXrays(8)

forceGC(8)

isXrayWrapper(7)

exportFunction(6)

nukeSandbox(6)

createObjectIn(5)

getSandboxMetadata(5)

isCrossProcessWrapper(4)

getObjectPrincipal(4)

unload(4)

forceCC(3)

now(3)

callFunctionWithAsyncStack(2)

isModuleLoaded(1)

makeObjectPropsNormal(1)

setSandboxMetadata(1)

getRealmLocation(1)

isProxy(1)

Example #1

Show file

File: event-collector.js Project: jasonLaster/gecko-dev

  isChromeHandler(handler) {
    const handlerPrincipal = Cu.getObjectPrincipal(handler);

    // Chrome codebase may register listeners on the page from a frame script or
    // JSM <video> tags may also report internal listeners, but they won't be
    // coming from the system principal. Instead, they will be using an expanded
    // principal.
    return handlerPrincipal.isSystemPrincipal || handlerPrincipal.isExpandedPrincipal;
  }

Example #2

Show file

File: DevToolsUtils.js Project: JuannyWang/gecko-dev

exports.isSafeJSObject = function isSafeJSObject(aObj) {
  if (Cu.getGlobalForObject(aObj) ==
      Cu.getGlobalForObject(exports.isSafeJSObject)) {
    return true; // aObj is not a cross-compartment wrapper.
  }

  let principal = Cu.getObjectPrincipal(aObj);
  if (Services.scriptSecurityManager.isSystemPrincipal(principal)) {
    return true; // allow chrome objects
  }

  return Cu.isXrayWrapper(aObj);
};

Example #3

Show file

File: DevToolsUtils.js Project: ashie/gecko-dev

exports.isSafeJSObject = function isSafeJSObject(aObj) {
  // If we are running on a worker thread, Cu is not available. In this case,
  // we always return false, just to be on the safe side.
  if (isWorker) {
    return false;
  }

  if (Cu.getGlobalForObject(aObj) ==
      Cu.getGlobalForObject(exports.isSafeJSObject)) {
    return true; // aObj is not a cross-compartment wrapper.
  }

  let principal = Cu.getObjectPrincipal(aObj);
  if (Services.scriptSecurityManager.isSystemPrincipal(principal)) {
    return true; // allow chrome objects
  }

  return Cu.isXrayWrapper(aObj);
};

Example #4

Show file

File: DevToolsUtils.js Project: staktrace/gecko-dev

exports.isSafeJSObject = function(obj) {
  // If we are running on a worker thread, Cu is not available. In this case,
  // we always return false, just to be on the safe side.
  if (isWorker) {
    return false;
  }

  if (Cu.getGlobalForObject(obj) ==
      Cu.getGlobalForObject(exports.isSafeJSObject)) {
    // obj is not a cross-compartment wrapper.
    return true;
  }

  // Xray wrappers protect against unintended code execution.
  if (Cu.isXrayWrapper(obj)) {
    return true;
  }

  // If there aren't Xrays, only allow chrome objects.
  const principal = Cu.getObjectPrincipal(obj);
  if (!Services.scriptSecurityManager.isSystemPrincipal(principal)) {
    return false;
  }

  // Scripted proxy objects without Xrays can run their proxy traps.
  if (Cu.isProxy(obj)) {
    return false;
  }

  // Even if `obj` looks safe, an unsafe object in its prototype chain may still
  // run unintended code, e.g. when using the `instanceof` operator.
  const proto = Object.getPrototypeOf(obj);
  if (proto && !exports.isSafeJSObject(proto)) {
    return false;
  }

  // Allow non-problematic chrome objects.
  return true;
};