From 92cda301e034d8fb23514af1746ae091350aeeb8 Mon Sep 17 00:00:00 2001
From: "brendan%mozilla.org"
 <brendan%mozilla.org@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Tue, 7 Oct 2003 23:02:29 +0000
Subject: [PATCH] Late-breaking security fix (221526, r=shaver).

git-svn-id: svn://10.0.0.236/trunk@147718 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/js/src/jsscript.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/mozilla/js/src/jsscript.c b/mozilla/js/src/jsscript.c
index 64ef7873d43..0a7bddb2672 100644
--- a/mozilla/js/src/jsscript.c
+++ b/mozilla/js/src/jsscript.c
@@ -563,6 +563,13 @@ js_XDRScript(JSXDRState *xdr, JSScript **scriptp, JSBool *hasMagic)
     return JS_FALSE;
 }
 
+#ifndef MOZILLA_CLIENT
+/*
+ * These cannot be exposed to web content, and chrome does not need them, so
+ * we take them out of the Mozilla client altogether.  Script.thaw is a hole
+ * wide enough that you could hack your own native function and call it!
+ */
+
 static JSBool
 script_freeze(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
               jsval *rval)
@@ -709,10 +716,11 @@ out:
     return ok;
 }
 
-#endif /* JS_HAS_XDR */
-
 static const char js_thaw_str[] = "thaw";
 
+#endif /* !defined MOZILLA_CLIENT */
+#endif /* JS_HAS_XDR */
+
 static JSFunctionSpec script_methods[] = {
 #if JS_HAS_TOSOURCE
     {js_toSource_str,   script_toSource,        0,0,0},
@@ -720,10 +728,10 @@ static JSFunctionSpec script_methods[] = {
     {js_toString_str,   script_toString,        0,0,0},
     {"compile",         script_compile,         2,0,0},
     {"exec",            script_exec,            1,0,0},
-#if JS_HAS_XDR
+#if JS_HAS_XDR && !defined MOZILLA_CLIENT
     {"freeze",          script_freeze,          0,0,0},
     {js_thaw_str,       script_thaw,            1,0,0},
-#endif /* JS_HAS_XDR */
+#endif /* JS_HAS_XDR && !defined MOZILLA_CLIENT */
     {0,0,0,0,0}
 };
 
@@ -783,7 +791,7 @@ Script(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval)
     return script_compile(cx, obj, argc, argv, rval);
 }
 
-#if JS_HAS_XDR
+#if JS_HAS_XDR && !defined MOZILLA_CLIENT
 
 static JSBool
 script_static_thaw(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
@@ -803,11 +811,11 @@ static JSFunctionSpec script_static_methods[] = {
     {0,0,0,0,0}
 };
 
-#else  /* !JS_HAS_XDR */
+#else  /* !JS_HAS_XDR || defined MOZILLA_CLIENT */
 
 #define script_static_methods   NULL
 
-#endif /* !JS_HAS_XDR */
+#endif /* !JS_HAS_XDR || defined MOZILLA_CLIENT */
 
 JSObject *
 js_InitScriptClass(JSContext *cx, JSObject *obj)