isChromeHandler(handler) { const handlerPrincipal = Cu.getObjectPrincipal(handler); // Chrome codebase may register listeners on the page from a frame script or // JSM <video> tags may also report internal listeners, but they won't be // coming from the system principal. Instead, they will be using an expanded // principal. return handlerPrincipal.isSystemPrincipal || handlerPrincipal.isExpandedPrincipal; }
exports.isSafeJSObject = function isSafeJSObject(aObj) { if (Cu.getGlobalForObject(aObj) == Cu.getGlobalForObject(exports.isSafeJSObject)) { return true; // aObj is not a cross-compartment wrapper. } let principal = Cu.getObjectPrincipal(aObj); if (Services.scriptSecurityManager.isSystemPrincipal(principal)) { return true; // allow chrome objects } return Cu.isXrayWrapper(aObj); };
exports.isSafeJSObject = function isSafeJSObject(aObj) { // If we are running on a worker thread, Cu is not available. In this case, // we always return false, just to be on the safe side. if (isWorker) { return false; } if (Cu.getGlobalForObject(aObj) == Cu.getGlobalForObject(exports.isSafeJSObject)) { return true; // aObj is not a cross-compartment wrapper. } let principal = Cu.getObjectPrincipal(aObj); if (Services.scriptSecurityManager.isSystemPrincipal(principal)) { return true; // allow chrome objects } return Cu.isXrayWrapper(aObj); };
exports.isSafeJSObject = function(obj) { // If we are running on a worker thread, Cu is not available. In this case, // we always return false, just to be on the safe side. if (isWorker) { return false; } if (Cu.getGlobalForObject(obj) == Cu.getGlobalForObject(exports.isSafeJSObject)) { // obj is not a cross-compartment wrapper. return true; } // Xray wrappers protect against unintended code execution. if (Cu.isXrayWrapper(obj)) { return true; } // If there aren't Xrays, only allow chrome objects. const principal = Cu.getObjectPrincipal(obj); if (!Services.scriptSecurityManager.isSystemPrincipal(principal)) { return false; } // Scripted proxy objects without Xrays can run their proxy traps. if (Cu.isProxy(obj)) { return false; } // Even if `obj` looks safe, an unsafe object in its prototype chain may still // run unintended code, e.g. when using the `instanceof` operator. const proto = Object.getPrototypeOf(obj); if (proto && !exports.isSafeJSObject(proto)) { return false; } // Allow non-problematic chrome objects. return true; };