Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Implementing nsIXPCSecurityManager per JSContext (in c++)

6 views
Skip to first unread message

djorz

unread,
Dec 9, 2006, 8:45:42 AM12/9/06
to
In my extension there are two iframes with the @type=content attribute.
My goal is to have IFrame A have access to the js in IFrame B. But not
the other way around.
Both IFrames load data from different domains so the SameOrigin check
will allways fail in the default nsIScriptSecurityManager.
What I do is, wait for IFrame B to finish loading, then create a new
property ("otherDocument") on the global object of IFrame A and set
that to the "document" property of IFrame B.
In fact I first "unwrap" the nsHTMLDocument and wrap it again using the
JSContext in IFrame A.
Now when I try to access the "otherDocument" property, I get a ACCESS
DENIED js error reported.
Which offcourse is fine because they have different origins.

Now to have full access to "otherDocument" I create my own
nsIXPCSecurityManager (which, for now, allways returns NS_OK) and set
that through a call to

nsIXPConnect->setSecurityManagerForJSContext(JSContextIFrameA,
myManager, HOOK_ALL)

Result: ACCESS DENIED. So I tried to also set:

nsIXPConnect->setSecurityManagerForJSContext(JSContextIFrameB,
myManager, HOOK_ALL)

Result: Still ACCESS DENIED.

Browsing through the source of mozilla i get the impression that
somehow the SecurityManager for a JSContext has to be set prior to the
JS_InitStandardClasses. Is this correct?

I'm also getting the impression that almost all mozilla code uses the
nsContentUtils::GetSecurityManager() which returns the singleton
nsIScriptSecurityManager.
So I wonder if it's even possible to have a custom
nsIXPCSecurityManager for a given JSContext.

Please advise..

Dennis

timeless

unread,
Dec 10, 2006, 5:42:27 AM12/10/06
to
i'm pretty sure no one really expected to see the security manager
replaced on the fly. and note that this is really more of an xpconnect
/ caps question than a js engine question. (xpconnect/caps are the bad
consumers of js-engine and they're what you're talking to or otherwise
confusing).

djorz

unread,
Dec 11, 2006, 5:28:30 AM12/11/06
to

I totally over looked the capability.policy.* pref settings.
It seems like thet can solve my problem.

0 new messages