Fix translation under Firefox 33

Our strategy: put arguments into a property of the function, and then
get them out unwrapped. This avoids security checks on arguments passed
to the function.
This commit is contained in:
Simon Kornblith 2014-10-10 18:28:37 -04:00
parent fc0f541ad8
commit d3a69be997
4 changed files with 41 additions and 26 deletions

View file

@ -386,8 +386,16 @@ Zotero.Translate.Sandbox = {
}
};
// TODO security is not super-tight here, as someone could pass something into arg
// that gets evaluated in the wrong scope in Fx < 4. We should wrap this.
if(Zotero.isFx && Zotero.platformMajorVersion >= 33) {
for(var i in safeTranslator) {
if (typeof(safeTranslator[i]) === "function") {
let func = safeTranslator[i];
safeTranslator[i] = translate._sandboxManager._makeContentForwarder(function() {
func.apply(safeTranslator, this.args.wrappedJSObject);
});
}
}
}
return safeTranslator;
},
@ -434,7 +442,7 @@ Zotero.Translate.Sandbox = {
*/
"selectItems":function(translate, items, callback) {
function transferObject(obj) {
return Zotero.isFx ? translate._sandboxManager.sandbox.JSON.parse(JSON.stringify(obj)) : obj;
return Zotero.isFx ? translate._sandboxManager._copyObject(obj) : obj;
}
if(Zotero.Utilities.isEmpty(items)) {

View file

@ -425,6 +425,9 @@ Zotero.Translate.SandboxManager = function(sandboxLocation) {
};
this.sandbox.XMLSerializer.__exposedProps__ = {"prototype":"r"};
this.sandbox.XMLSerializer.prototype = {"__exposedProps__":{"serializeToString":"r"}};
var expr = "(function(x) { return function() { this.args = arguments; return x.apply(this); }.bind({}); })";
this._makeContentForwarder = Components.utils.evalInSandbox(expr, this.sandbox);
}
Zotero.Translate.SandboxManager.prototype = {
@ -447,26 +450,36 @@ Zotero.Translate.SandboxManager.prototype = {
"importObject":function(object, passAsFirstArgument, attachTo) {
if(!attachTo) attachTo = this.sandbox.Zotero;
if(attachTo.wrappedJSObject) attachTo = attachTo.wrappedJSObject;
var newExposedProps = false,
sandbox = this.sandbox,
me = this;
if(!object.__exposedProps__) newExposedProps = {};
for(var key in (newExposedProps ? object : object.__exposedProps__)) {
var sandbox = this.sandbox, me = this;
for(var key in (object.__exposedProps__ ? object.__exposedProps__ : object)) {
let localKey = key;
if(newExposedProps) newExposedProps[localKey] = "r";
var type = typeof object[localKey];
var isFunction = type === "function";
var isObject = typeof object[localKey] === "object";
if(isFunction || isObject) {
if(isFunction) {
if (Zotero.platformMajorVersion >= 33) {
attachTo[localKey] = this._makeContentForwarder(function() {
var args = Array.prototype.slice.apply(this.args.wrappedJSObject);
for(var i = 0; i<args.length; i++) {
// Make sure we keep XPCNativeWrappers
if(args[i] instanceof Components.interfaces.nsISupports) {
args[i] = new XPCNativeWrapper(args[i]);
}
}
if(passAsFirstArgument) args.unshift(passAsFirstArgument);
return me._copyObject(object[localKey].apply(object, args));
});
} else {
attachTo[localKey] = function() {
var args = Array.prototype.slice.apply(arguments);
if(passAsFirstArgument) args.unshift(passAsFirstArgument);
return me._copyObject(object[localKey].apply(object, args));
};
}
} else {
attachTo[localKey] = {};
attachTo[localKey] = new sandbox.Object();
}
// attach members
@ -477,12 +490,6 @@ Zotero.Translate.SandboxManager.prototype = {
attachTo[localKey] = object[localKey];
}
}
if(newExposedProps) {
attachTo.__exposedProps__ = newExposedProps;
} else {
attachTo.__exposedProps__ = object.__exposedProps__;
}
},
"_canCopy":function(obj) {

View file

@ -24,8 +24,8 @@
<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id>
<em:minVersion>24.0</em:minVersion>
<em:maxVersion>32.*</em:maxVersion>
<em:minVersion>31.0</em:minVersion>
<em:maxVersion>33.*</em:maxVersion>
</Description>
</em:targetApplication>

View file

@ -11,8 +11,8 @@
<targetApplication>
<RDF:Description>
<id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</id>
<minVersion>24.0</minVersion>
<maxVersion>32.*</maxVersion>
<minVersion>31.0</minVersion>
<maxVersion>33.*</maxVersion>
<updateLink>http://download.zotero.org/extension/zotero.xpi</updateLink>
<updateHash>sha1:</updateHash>
</RDF:Description>