Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1353074 - Make unload event safe for introspection from content; …
…r=maja_zf Marionette does not protect the unloadHandler in testing/marionette/evaluate.js from content introspection or modification, which can happen when web frameworks override window.addEventListener/window.removeEventListener. The script evaluation module used in Marionette relies on sandbox.window.addEventListener/removeEventListener to throw an error when script execution is aborted due to the document unloading itself. If the window.addEventListener/removeEventListener functions have been overridden to introspect the objects that are passed, they may inadvertently touch objects originating from chrome space, such as the unloadHandler. Because the Gecko sandboxing system put in place strict security measures to prevent accidental chrome-space modification from content, inspecting the unloadHandler will throw a permission denied error once the script has finished executing. We have found examples in the wild of this in particular with the Angular web framework. This patch makes the unloadHandler safe for introspection from web content. Fixes: mozilla/geckodriver#515 MozReview-Commit-ID: E2LgPhLLuDT --HG-- extra : rebase_source : 9948585b4ac2f464a9f31868bfd2d5967e61755e
- Loading branch information