static JSBool XPC_SJOW_CheckAccess(JSContext *cx, JSObject *obj, jsid id, JSAccessMode mode, jsval *vp) { // Prevent setting __proto__ on an XPCSafeJSObjectWrapper if ((mode & JSACC_WATCH) == JSACC_PROTO && (mode & JSACC_WRITE)) { return ThrowException(NS_ERROR_XPC_SECURITY_MANAGER_VETO, cx); } // Forward to the checkObjectAccess hook in the runtime, if any. JSSecurityCallbacks *callbacks = JS_GetSecurityCallbacks(cx); if (callbacks && callbacks->checkObjectAccess && !callbacks->checkObjectAccess(cx, obj, id, mode, vp)) { return JS_FALSE; } JSObject *unsafeObj = GetUnsafeObject(cx, obj); if (!unsafeObj) { return JS_TRUE; } // Forward the unsafe object to the checkObjectAccess hook in the // runtime too, if any. if (callbacks && callbacks->checkObjectAccess && !callbacks->checkObjectAccess(cx, unsafeObj, id, mode, vp)) { return JS_FALSE; } JSClass *clazz = unsafeObj->getJSClass(); return !clazz->checkAccess || clazz->checkAccess(cx, unsafeObj, id, mode, vp); }
static JSBool checkAccess(JSContext *cx, JSObject *obj, jsid id, JSAccessMode mode, jsval *vp) { // Forward to the checkObjectAccess hook in the runtime, if any. JSSecurityCallbacks *callbacks = JS_GetSecurityCallbacks(cx); if (callbacks && callbacks->checkObjectAccess) return callbacks->checkObjectAccess(cx, obj, id, mode, vp); JS_ReportError(cx, "Security callbacks not defined"); return JS_FALSE; }
bool GlobalObject::isEvalAllowed(JSContext *cx) { Value &v = getSlotRef(EVAL_ALLOWED); if (v.isUndefined()) { JSSecurityCallbacks *callbacks = JS_GetSecurityCallbacks(cx); /* * If there are callbacks, make sure that the CSP callback is installed * and that it permits eval(), then cache the result. */ v.setBoolean((!callbacks || !callbacks->contentSecurityPolicyAllows) || callbacks->contentSecurityPolicyAllows(cx)); } return !v.isFalse(); }
bool GlobalObject::isRuntimeCodeGenEnabled(JSContext *cx) { Value &v = getSlotRef(RUNTIME_CODEGEN_ENABLED); if (v.isUndefined()) { JSSecurityCallbacks *callbacks = JS_GetSecurityCallbacks(cx); /* * If there are callbacks, make sure that the CSP callback is installed * and that it permits runtime code generation, then cache the result. */ v.setBoolean((!callbacks || !callbacks->contentSecurityPolicyAllows) || callbacks->contentSecurityPolicyAllows(cx)); } return !v.isFalse(); }