gecko-dev/toolkit/actors/WebChannelChild.jsm

/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/* eslint no-unused-vars: ["error", {args: "none"}] */

var EXPORTED_SYMBOLS = ["WebChannelChild"];

ChromeUtils.import("resource://gre/modules/Services.jsm");
ChromeUtils.import("resource://gre/modules/ActorChild.jsm");

function getMessageManager(event) {
  let window = Cu.getGlobalForObject(event.target);

  return window.docShell.messageManager;
}

// Preference containing the list (space separated) of origins that are
// allowed to send non-string values through a WebChannel, mainly for
// backwards compatability. See bug 1238128 for more information.
const URL_WHITELIST_PREF = "webchannel.allowObject.urlWhitelist";

// Cached list of whitelisted principals, we avoid constructing this if the
// value in `_lastWhitelistValue` hasn't changed since we constructed it last.
let _cachedWhitelist = [];
let _lastWhitelistValue = "";

class WebChannelChild extends ActorChild {
  handleEvent(event) {
    if (event.type === "WebChannelMessageToChrome") {
      return this._onMessageToChrome(event);
    }
    return undefined;
  }

  receiveMessage(msg) {
    if (msg.name === "WebChannelMessageToContent") {
      return this._onMessageToContent(msg);
    }
    return undefined;
  }

  _getWhitelistedPrincipals() {
    let whitelist = Services.prefs.getCharPref(URL_WHITELIST_PREF);
    if (whitelist != _lastWhitelistValue) {
      let urls = whitelist.split(/\s+/);
      _cachedWhitelist = urls.map(origin =>
        Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin));
    }
    return _cachedWhitelist;
  }

  _onMessageToChrome(e) {
    // If target is window then we want the document principal, otherwise fallback to target itself.
    let principal = e.target.nodePrincipal ? e.target.nodePrincipal : e.target.document.nodePrincipal;

    if (e.detail) {
      if (typeof e.detail != "string") {
        // Check if the principal is one of the ones that's allowed to send
        // non-string values for e.detail.  They're whitelisted by site origin,
        // so we compare on originNoSuffix in order to avoid other origin attributes
        // that are not relevant here, such as containers or private browsing.
        let objectsAllowed = this._getWhitelistedPrincipals().some(whitelisted =>
          principal.originNoSuffix == whitelisted.originNoSuffix);
        if (!objectsAllowed) {
          Cu.reportError("WebChannelMessageToChrome sent with an object from a non-whitelisted principal");
          return;
        }
      }

      let mm = getMessageManager(e);

      mm.sendAsyncMessage("WebChannelMessageToChrome", e.detail, { eventTarget: e.target }, principal);
    } else {
      Cu.reportError("WebChannel message failed. No message detail.");
    }
  }

  _onMessageToContent(msg) {
    if (msg.data) {
      // msg.objects.eventTarget will be defined if sending a response to
      // a WebChannelMessageToChrome event. An unsolicited send
      // may not have an eventTarget defined, in this case send to the
      // main content window.
      let eventTarget = msg.objects.eventTarget || msg.target.content;

      // Use nodePrincipal if available, otherwise fallback to document principal.
      let targetPrincipal = eventTarget instanceof Ci.nsIDOMWindow ? eventTarget.document.nodePrincipal : eventTarget.nodePrincipal;

      if (msg.principal.subsumes(targetPrincipal)) {
        // If eventTarget is a window, use it as the targetWindow, otherwise
        // find the window that owns the eventTarget.
        let targetWindow = eventTarget instanceof Ci.nsIDOMWindow ? eventTarget : eventTarget.ownerGlobal;

        eventTarget.dispatchEvent(new targetWindow.CustomEvent("WebChannelMessageToContent", {
          detail: Cu.cloneInto({
            id: msg.data.id,
            message: msg.data.message,
          }, targetWindow),
        }));
      } else {
        Cu.reportError("WebChannel message failed. Principal mismatch.");
      }
    } else {
      Cu.reportError("WebChannel message failed. No message data.");
    }
  }
}
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00			`/* -- indent-tabs-mode: nil; js-indent-level: 2 -- */`
			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`/* eslint no-unused-vars: ["error", {args: "none"}] */`

Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`var EXPORTED_SYMBOLS = ["WebChannelChild"];`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
			`ChromeUtils.import("resource://gre/modules/Services.jsm");`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`ChromeUtils.import("resource://gre/modules/ActorChild.jsm");`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
			`function getMessageManager(event) {`
			`let window = Cu.getGlobalForObject(event.target);`

Bug 1479569 part 2. Use the new messageManager getter on docshell. r=kmag I generally tried to preserve the behavior of consumers where they treated an exception from getInterface(Ci.nsIContentFrameMessageManager) as a signal to use some sort of fallback. I did change the behavior of consumers that walked up to the root same-type docshell before getting the message manager to just get it directly from the docshell they have. Please review those parts carefully, and let me know if you want me to ask some subject area experts to review those. 2018-08-03 06:49:09 +03:00			`return window.docShell.messageManager;`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00			`}`

Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`// Preference containing the list (space separated) of origins that are`
			`// allowed to send non-string values through a WebChannel, mainly for`
			`// backwards compatability. See bug 1238128 for more information.`
			`const URL_WHITELIST_PREF = "webchannel.allowObject.urlWhitelist";`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`// Cached list of whitelisted principals, we avoid constructing this if the`
			// value in `_lastWhitelistValue` hasn't changed since we constructed it last.
			`let _cachedWhitelist = [];`
			`let _lastWhitelistValue = "";`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`class WebChannelChild extends ActorChild {`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00			`handleEvent(event) {`
			`if (event.type === "WebChannelMessageToChrome") {`
			`return this._onMessageToChrome(event);`
			`}`
			`return undefined;`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`}`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
			`receiveMessage(msg) {`
			`if (msg.name === "WebChannelMessageToContent") {`
			`return this._onMessageToContent(msg);`
			`}`
			`return undefined;`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`}`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
			`_getWhitelistedPrincipals() {`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`let whitelist = Services.prefs.getCharPref(URL_WHITELIST_PREF);`
			`if (whitelist != _lastWhitelistValue) {`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00			`let urls = whitelist.split(/\s+/);`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`_cachedWhitelist = urls.map(origin =>`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00			`Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin));`
			`}`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`return _cachedWhitelist;`
			`}`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
			`_onMessageToChrome(e) {`
			`// If target is window then we want the document principal, otherwise fallback to target itself.`
			`let principal = e.target.nodePrincipal ? e.target.nodePrincipal : e.target.document.nodePrincipal;`

			`if (e.detail) {`
			`if (typeof e.detail != "string") {`
			`// Check if the principal is one of the ones that's allowed to send`
			`// non-string values for e.detail. They're whitelisted by site origin,`
			`// so we compare on originNoSuffix in order to avoid other origin attributes`
			`// that are not relevant here, such as containers or private browsing.`
			`let objectsAllowed = this._getWhitelistedPrincipals().some(whitelisted =>`
			`principal.originNoSuffix == whitelisted.originNoSuffix);`
			`if (!objectsAllowed) {`
			`Cu.reportError("WebChannelMessageToChrome sent with an object from a non-whitelisted principal");`
			`return;`
			`}`
			`}`

			`let mm = getMessageManager(e);`

			`mm.sendAsyncMessage("WebChannelMessageToChrome", e.detail, { eventTarget: e.target }, principal);`
			`} else {`
			`Cu.reportError("WebChannel message failed. No message detail.");`
			`}`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`}`
Bug 1474155: Part 3 - Move WebChannel message listeners to a separate JSM. r=mconley MozReview-Commit-ID: AHCTFDBnChn --HG-- rename : toolkit/content/browser-content.js => toolkit/modules/WebChannelContent.jsm extra : rebase_source : cd39745775f1b8ad94f9563f75faa9cb7d5249f1 extra : amend_source : 13950bf852f9bbe2534135c879bb639ea26ad5b7 2018-07-08 06:15:45 +03:00
			`_onMessageToContent(msg) {`
			`if (msg.data) {`
			`// msg.objects.eventTarget will be defined if sending a response to`
			`// a WebChannelMessageToChrome event. An unsolicited send`
			`// may not have an eventTarget defined, in this case send to the`
			`// main content window.`
			`let eventTarget = msg.objects.eventTarget \|\| msg.target.content;`

			`// Use nodePrincipal if available, otherwise fallback to document principal.`
			`let targetPrincipal = eventTarget instanceof Ci.nsIDOMWindow ? eventTarget.document.nodePrincipal : eventTarget.nodePrincipal;`

			`if (msg.principal.subsumes(targetPrincipal)) {`
			`// If eventTarget is a window, use it as the targetWindow, otherwise`
			`// find the window that owns the eventTarget.`
			`let targetWindow = eventTarget instanceof Ci.nsIDOMWindow ? eventTarget : eventTarget.ownerGlobal;`

			`eventTarget.dispatchEvent(new targetWindow.CustomEvent("WebChannelMessageToContent", {`
			`detail: Cu.cloneInto({`
			`id: msg.data.id,`
			`message: msg.data.message,`
			`}, targetWindow),`
			`}));`
			`} else {`
			`Cu.reportError("WebChannel message failed. Principal mismatch.");`
			`}`
			`} else {`
			`Cu.reportError("WebChannel message failed. No message data.");`
			`}`
Bug 1472491: Part 5z - Add WebChannelChild actor. r=markh f=mconley MozReview-Commit-ID: 1f056kpyJW6 --HG-- rename : toolkit/modules/WebChannelContent.jsm => toolkit/actors/WebChannelChild.jsm extra : rebase_source : b0993e4967314f50efb0acb8afb44270d6c372de 2018-07-30 09:36:12 +03:00			`}`
			`}`