security fix: Components.util.Sandbox(window) can use xpconnect

git-svn-id: http://svn.coderepos.org/share/lang/javascript/vimperator-plugins/trunk@34032 d0d07461-0603-4401-acd4-de1884942a52
author: teramako 2009-06-18 16:19:11 +0000
committer: teramako 2009-06-18 16:19:11 +0000
commit: 89a619e5c6df544a081b9ccbaae76e33b4143c24 (patch)
tree: d6f6a448024b8418cb1376e72bcd5c21695e5791
parent: 09c2737e16b8b95b8e82d748b78ecd8f2404735d (diff)
download: vimperator-plugins-89a619e5c6df544a081b9ccbaae76e33b4143c24.tar.bz2
5 files changed, 5 insertions, 5 deletions
diff --git a/_libly.js b/_libly.js
index b17b73c..b8a56d7 100644
--- a/_libly.js
+++ b/_libly.js
@@ -231,7 +231,7 @@ libly.$U = {//{{{
         var fnc = window.eval;
         var sandbox;
         try {
-            sandbox = new Components.utils.Sandbox(window);
+            sandbox = new Components.utils.Sandbox("about:blank");
             if (Components.utils.evalInSandbox('true', sandbox) === true) {
                 fnc = function(text) { return Components.utils.evalInSandbox(text, sandbox); };
             }
diff --git a/commandBookmarklet.js b/commandBookmarklet.js
index 829c9cd..18adf93 100644
--- a/commandBookmarklet.js
+++ b/commandBookmarklet.js
@@ -98,7 +98,7 @@ function toBoolean (value, def) {
 }
 
 function evalInSandbox (str) {
-  let sandbox = new Components.utils.Sandbox(buffer.URL);
+  let sandbox = new Components.utils.Sandbox("about:blank");
   sandbox.__proto__ = content.window.wrappedJSObject;
   return Components.utils.evalInSandbox(str, sandbox);
 }
diff --git a/haiku.js b/haiku.js
index 359b2bb..026d08f 100644
--- a/haiku.js
+++ b/haiku.js
@@ -63,7 +63,7 @@ The script allows you to update Haiku status from Vimperator.
     var evalFunc = window.eval;
     var statuses = null;
     try {
-        var sandbox = new Components.utils.Sandbox(window);
+        var sandbox = new Components.utils.Sandbox("about:blank");
         if (Components.utils.evalInSandbox("true", sandbox) === true) {
             evalFunc = function(text) {
                 return Components.utils.evalInSandbox(text, sandbox);
diff --git a/twitter.js b/twitter.js
index 9d39052..8154592 100644
--- a/twitter.js
+++ b/twitter.js
@@ -50,7 +50,7 @@ let PLUGIN_INFO =
     var passwordManager = Cc["@mozilla.org/login-manager;1"].getService(Ci.nsILoginManager);
     var evalFunc = window.eval;
     try {
-        var sandbox = new Components.utils.Sandbox(window);
+        var sandbox = new Components.utils.Sandbox("about:blank");
         if (Components.utils.evalInSandbox("true", sandbox) === true){
             evalFunc = function(text){
                 return Components.utils.evalInSandbox(text, sandbox);
diff --git a/wassr.js b/wassr.js
index 24a934f..451a9b6 100644
--- a/wassr.js
+++ b/wassr.js
@@ -38,7 +38,7 @@
     var passwordManager = Cc["@mozilla.org/login-manager;1"].getService(Ci.nsILoginManager);
     var evalFunc = window.eval;
     try {
-        var sandbox = new Components.utils.Sandbox(window);
+        var sandbox = new Components.utils.Sandbox("about:blank");
         if (Components.utils.evalInSandbox("true", sandbox) === true) {
             evalFunc = function(text) {
                 return Components.utils.evalInSandbox(text, sandbox);
author	teramako	2009-06-18 16:19:11 +0000
committer	teramako	2009-06-18 16:19:11 +0000
commit	89a619e5c6df544a081b9ccbaae76e33b4143c24 (patch)
tree	d6f6a448024b8418cb1376e72bcd5c21695e5791
parent	09c2737e16b8b95b8e82d748b78ecd8f2404735d (diff)
download	vimperator-plugins-89a619e5c6df544a081b9ccbaae76e33b4143c24.tar.bz2