[Project_owners] Re: Are you using XPCNativeWrapper() ?

Neil neil at parkwaycc.co.uk
Sun Oct 24 13:45:44 EDT 2004


HJ wrote:

> I'm always on the lookout for security related patches, and so should 
> you. I spotted two new patches today, but I'm still a bit uncertain 
> about using XPCNativeWrapper() When exactly should that be used?
>
> Lets take this example:
>
> var sourceURI = 
> ioService.newURI(event.target.ownerDocument.location.href, null, null);
>
> 'ownerDocument' is not safe, right, but what should I use for this?
> This perhaps?
>
> var sourceURI = new XPCNativeWrapper(event.target, 
> "ownerDocument").location.href;
>
> Is there a list with un trusted properties/methods for which we should 
> use the wrapper?

Depends on how much you trust content not to give you odd properties; 
about the only thing you can rely on is .location and its properties, so 
in your case new XPCNativeWrapper(event.target, 
"ownerDocument").ownerDocument.location.href should suffice.


More information about the Project_owners mailing list