From 89a619e5c6df544a081b9ccbaae76e33b4143c24 Mon Sep 17 00:00:00 2001 From: teramako Date: Thu, 18 Jun 2009 16:19:11 +0000 Subject: security fix: Components.util.Sandbox(window) can use xpconnect git-svn-id: http://svn.coderepos.org/share/lang/javascript/vimperator-plugins/trunk@34032 d0d07461-0603-4401-acd4-de1884942a52 --- wassr.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'wassr.js') diff --git a/wassr.js b/wassr.js index 24a934f..451a9b6 100644 --- a/wassr.js +++ b/wassr.js @@ -38,7 +38,7 @@ var passwordManager = Cc["@mozilla.org/login-manager;1"].getService(Ci.nsILoginManager); var evalFunc = window.eval; try { - var sandbox = new Components.utils.Sandbox(window); + var sandbox = new Components.utils.Sandbox("about:blank"); if (Components.utils.evalInSandbox("true", sandbox) === true) { evalFunc = function(text) { return Components.utils.evalInSandbox(text, sandbox); -- cgit v1.2.3