From ee101b5bc028b70e873bcd6abc38a0ea507f3af5 Mon Sep 17 00:00:00 2001
From: Simon Kornblith <simon@simonster.com>
Date: Fri, 5 Nov 2010 03:26:00 +0000
Subject: [PATCH] fix getTranslatorObject(), and throw an error if cross-site
 getTranslatorObject() is attempted

---
 chrome/content/zotero/xpcom/translation/translate.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/chrome/content/zotero/xpcom/translation/translate.js b/chrome/content/zotero/xpcom/translation/translate.js
index ed1973c13..d3d82d1e9 100644
--- a/chrome/content/zotero/xpcom/translation/translate.js
+++ b/chrome/content/zotero/xpcom/translation/translate.js
@@ -264,12 +264,16 @@ Zotero.Translate.Sandbox = {
 				return translation.translate(false);
 			};
 			safeTranslator.getTranslatorObject = function() {
-				translation._loadTranslator();
+				translation._loadTranslator(translation.translator[0]);
+				if(translate._sandboxLocation != translation._sandboxLocation) {
+					throw "Translate: getTranslatorObject() may not be called from web or search "+
+						"translators to web or search translators with different URIs.";
+				}
 				translation._prepareTranslation();
 				setDefaultHandlers(translate, translation);
 				
 				// return sandbox
-				return translation.sandboxManager.sandbox;
+				return translation._sandboxManager.sandbox;
 			};
 			
 			// TODO security is not super-tight here, as someone could pass something into arg