I consider #1 a non-starter since it's a very severe punishment for the user (unless using these APIs would instantly crash anyway). Breaking the addons seems best, if there is an easy way to achieve that.
-David On 06/25/2012 06:18 PM, Dave Mandelin wrote: > There is a topcrash that appears to be caused mostly by add-ons that > use compartments incorrectly [1]. It crashes in a fairly arbitrary > place, GetNameFromBytecode. I think we can fix that crash, but of > course the add-ons in question will still be unsafe. > > What should we do about add-ons using compartments incorrectly? > > 1. Make compartment assertions fatal at the API, so they just crash > all the time and have to be fixed. This pretty directly protects us, > but could cause a lot of crashing. > > 2. Have the API return false if compartments mismatch. The add-ons > will break, but the browser should stay safe. > > 3. Nothing. > > I like #2, it seems to protect us from a source of unsafety with an > acceptable cost. But what does everyone else think? Is there a > problem with #2 that I haven't noticed? > > Dave > > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=746036#c22 > _______________________________________________ > dev-tech-js-engine-internals mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals _______________________________________________ dev-tech-js-engine-internals mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-js-engine-internals
