[Project_owners] Re: Are you using XPCNativeWrapper() ?
neil at parkwaycc.co.uk
Sun Oct 24 13:45:44 EDT 2004
> I'm always on the lookout for security related patches, and so should
> you. I spotted two new patches today, but I'm still a bit uncertain
> about using XPCNativeWrapper() When exactly should that be used?
> Lets take this example:
> var sourceURI =
> ioService.newURI(event.target.ownerDocument.location.href, null, null);
> 'ownerDocument' is not safe, right, but what should I use for this?
> This perhaps?
> var sourceURI = new XPCNativeWrapper(event.target,
> Is there a list with un trusted properties/methods for which we should
> use the wrapper?
Depends on how much you trust content not to give you odd properties;
about the only thing you can rely on is .location and its properties, so
in your case new XPCNativeWrapper(event.target,
"ownerDocument").ownerDocument.location.href should suffice.
More information about the Project_owners