Exposed JavaScript Component + XMLDocument not accessible
James Newell
I have an XPCOM component written in JavaScript that is exposed to
unprivileged JS as a global JS property called "ePaedia". Calling the
method "ePaedia.getPackage("package_name");" returns another JS XPCOM
component that has a number of properties and methods.
The ePaedia component implements nsIClassInfo and
nsISecurityCheckedComponent and the package component only implements
nsISecurityCheckedComponent. They both work as expected with the
various methods and properties accessible or not to unprivileged JS.
"XML", a property of the package component, contains an XML Document
returned from an nsIXMLHttpRequest. Unprivileged JS can access this
object but each of the XML Documents and methods are in-accessible:
Error: uncaught exception: Permission denied to get property
XMLDocument.textContent
What am I doing wrong?
Boris Zbarsky
> "XML", a property of the package component, contains an XML Document
> returned from an nsIXMLHttpRequest. Unprivileged JS can access this
> object but each of the XML Documents and methods are in-accessible:
>
> Error: uncaught exception: Permission denied to get property
> XMLDocument.textContent
>
> What am I doing wrong?
You're creating an XMLDocument in security context A and trying to use it from
security context B. This is typically called an "XSS Attack" when used on the
web... And we generally try to not allow it to happen.
More precisely, the issue is that the XMLDocument returned by XMLHttpRequest
doesn't have a security context of its own, so it uses the security context of
whoever called XMLHttpRequest.
-Boris
James Newell
the unprivileged script hoping that this would solve this issue. This
did not work as I get errors when my epaedia protocol tries to get the
"epaedia://packagename/package.xml" itself. I figured that because
requests for the "package.xml" file are special, and just return the
document without loading "package.xml", that when another file is
requested and the XML doc is retrieved within the request that it would
be successful.
Is there any way I can make the unprivileged script not need
permissions for this XMLDocument?
Thanks,
James
James Newell
nsIXPCSecurityManager.CanAccess enable access to unprivileged scripts
for only the XMLDocument object I create?
Boris Zbarsky
> This did not work as I get errors when my epaedia protocol tries to get the
> "epaedia://packagename/package.xml" itself. I figured that because
> requests for the "package.xml" file are special, and just return the
> document without loading "package.xml", that when another file is
> requested and the XML doc is retrieved within the request that it would
> be successful.
I'm not sure I follow this...
> Is there any way I can make the unprivileged script not need
> permissions for this XMLDocument?
Other than making the principal of the XMLDocument match that of the untrusted
script, not really.
-Boris
Boris Zbarsky
> I cant find much documentation or example code but could
> nsIXPCSecurityManager.CanAccess enable access to unprivileged scripts
> for only the XMLDocument object I create?
No.
What you _could_ do, I suppose, is instead of returning an XMLDocument object
return a wrapper object you implement that forwards certain method calls to the
XMLDocument. I'm not sure what you're trying to do with the XMLDocument, so I'm
not sure how viable this is for you.
-Boris
James Newell
can set/change the principal after retrieving the XMLDocument?
Thanks,
James
Boris Zbarsky
> How do I make the principal of the XMLDocument match? Is there a way I
> can set/change the principal after retrieving the XMLDocument?
In C++, yes. nsIDocument::SetPrincipal. In JavaScript, no.
-Boris