Changeset 638

Show
Ignore:
Timestamp:
01/20/08 17:43:05 (10 months ago)
Author:
boo..@youngpup.net
Message:

Apply Anthony's callstack scanning patch to GM_xhr and GM_get/setValue. Other
APIs not done, thinking it might be worth it for compatibility.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/0.7/src/chrome/chromeFiles/content/miscapis.js

    r416 r638  
    1010 
    1111GM_ScriptStorage.prototype.setValue = function(name, val) { 
     12  if (!GM_apiLeakCheck("GM_setValue")) { 
     13    return; 
     14  } 
     15 
    1216  this.prefMan.setValue(name, val); 
    1317} 
    1418 
    1519GM_ScriptStorage.prototype.getValue = function(name, defVal) { 
     20  if (!GM_apiLeakCheck("GM_getValue")) { 
     21    return; 
     22  } 
     23 
    1624  return this.prefMan.getValue(name, defVal); 
    1725} 

  • branches/0.7/src/chrome/chromeFiles/content/xmlhttprequester.js

    r398 r638  
    1515// text/xml and we can't support that 
    1616GM_xmlhttpRequester.prototype.contentStartRequest = function(details) { 
     17  if (!GM_apiLeakCheck("GM_xmlhttpRequest")) { 
     18    return; 
     19  } 
     20 
    1721  // don't actually need the timer functionality, but this pops it 
    1822  // out into chromeWindow's thread so that we get that security 

  • branches/0.7/src/components/greasemonkey.js

    r429 r638  
    88const appSvc = Cc["@mozilla.org/appshell/appShellService;1"] 
    99                 .getService(Ci.nsIAppShellService); 
     10 
     11const gmSvcFilename = Components.stack.filename; 
    1012 
    1113function alert(msg) { 
     
    1416    .alert(null, "Greasemonkey alert", msg); 
    1517} 
     18 
     19// Examines the stack to determine if an API should be callable. 
     20function GM_apiLeakCheck(apiName) { 
     21  var stack = Components.stack; 
     22 
     23  do { 
     24    // Valid stack frames for GM api calls are: native and js when coming from 
     25    // chrome:// URLs and the greasemonkey.js component's file:// URL. 
     26    if (2 == stack.language) { 
     27      // NOTE: In FF 2.0.0.0, I saw that stack.filename can be null for JS/XPCOM 
     28      // services. This didn't happen in FF 2.0.0.11; I'm not sure when it 
     29      // changed. 
     30      if (stack.filename != null &&  
     31          stack.filename != gmSvcFilename && 
     32          stack.filename.substr(0, 6) != 'chrome') { 
     33        GM_logError(new Error("Greasemonkey access violation: unsafeWindow " + 
     34                    "cannot call " + apiName + ".")); 
     35        return false; 
     36      } 
     37    } 
     38 
     39    stack = stack.caller; 
     40  } while (stack); 
     41 
     42  return true; 
     43}; 
    1644 
    1745var greasemonkeyService = {