I have an XPCOM component written in JavaScript that is exposed to
unprivileged JS as a global JS property called "ePaedia". Calling the
method "ePaedia.getPackage("package_name");" returns another JS XPCOM
component that has a number of properties and methods.
The ePaedia component implements nsIClassInfo and
nsISecurityCheckedComponent and the package component only implements
nsISecurityCheckedComponent. They both work as expected with the
various methods and properties accessible or not to unprivileged JS.
"XML", a property of the package component, contains an XML Document
returned from an nsIXMLHttpRequest. Unprivileged JS can access this
object but each of the XML Documents and methods are in-accessible:
Error: uncaught exception: Permission denied to get property
XMLDocument.textContent
What am I doing wrong?
You're creating an XMLDocument in security context A and trying to use it from
security context B. This is typically called an "XSS Attack" when used on the
web... And we generally try to not allow it to happen.
More precisely, the issue is that the XMLDocument returned by XMLHttpRequest
doesn't have a security context of its own, so it uses the security context of
whoever called XMLHttpRequest.
-Boris
Is there any way I can make the unprivileged script not need
permissions for this XMLDocument?
Thanks,
James
I'm not sure I follow this...
> Is there any way I can make the unprivileged script not need
> permissions for this XMLDocument?
Other than making the principal of the XMLDocument match that of the untrusted
script, not really.
-Boris
No.
What you _could_ do, I suppose, is instead of returning an XMLDocument object
return a wrapper object you implement that forwards certain method calls to the
XMLDocument. I'm not sure what you're trying to do with the XMLDocument, so I'm
not sure how viable this is for you.
-Boris
Thanks,
James
In C++, yes. nsIDocument::SetPrincipal. In JavaScript, no.
-Boris