Bug 1359017 - onmessageerror for WindowEventHandlers in case StructuredClone algorithm fails when deserializing, r=masayuki, r=smaug

2017-09-13 05:59:06 +02:00 · 2017-09-13 05:59:06 +02:00 · 68fed142b9
--- a/dom/base/PostMessageEvent.cpp
+++ b/dom/base/PostMessageEvent.cpp
@ -143,19 +143,18 @@ PostMessageEvent::Run()
    }
  }

-  ErrorResult rv;
+  IgnoredErrorResult rv;
  JS::Rooted<JS::Value> messageData(cx);
-  nsCOMPtr<nsPIDOMWindowInner> window = targetWindow->AsInner();
+  nsCOMPtr<mozilla::dom::EventTarget> eventTarget = do_QueryObject(targetWindow);

-  Read(window, cx, &messageData, rv);
+  Read(targetWindow->AsInner(), cx, &messageData, rv);
  if (NS_WARN_IF(rv.Failed())) {
-    return rv.StealNSResult();
+    DispatchError(cx, targetWindow, eventTarget);
+    return NS_OK;
  }

  // Create the event
-  nsCOMPtr<mozilla::dom::EventTarget> eventTarget = do_QueryObject(targetWindow);
-  RefPtr<MessageEvent> event =
-    new MessageEvent(eventTarget, nullptr, nullptr);
+  RefPtr<MessageEvent> event = new MessageEvent(eventTarget, nullptr, nullptr);


  Nullable<WindowProxyOrMessagePortOrServiceWorker> source;
@ -163,7 +162,8 @@ PostMessageEvent::Run()

  Sequence<OwningNonNull<MessagePort>> ports;
  if (!TakeTransferredPortsAsSequence(ports)) {
-    return NS_ERROR_OUT_OF_MEMORY;
+    DispatchError(cx, targetWindow, eventTarget);
+    return NS_OK;
  }

  event->InitMessageEvent(nullptr, NS_LITERAL_STRING("message"),
@ -171,26 +171,52 @@ PostMessageEvent::Run()
                          messageData, mCallerOrigin,
                          EmptyString(), source, ports);

+  Dispatch(targetWindow, event);
+  return NS_OK;
+}
+
+void
+PostMessageEvent::DispatchError(JSContext* aCx, nsGlobalWindow* aTargetWindow,
+                                mozilla::dom::EventTarget* aEventTarget)
+{
+  RootedDictionary<MessageEventInit> init(aCx);
+  init.mBubbles = false;
+  init.mCancelable = false;
+  init.mOrigin = mCallerOrigin;
+
+  if (mSource) {
+    init.mSource.SetValue().SetAsWindowProxy() = mSource->AsOuter();
+  }
+
+  RefPtr<Event> event =
+    MessageEvent::Constructor(aEventTarget, NS_LITERAL_STRING("messageerror"),
+                              init);
+  Dispatch(aTargetWindow, event);
+}
+
+void
+PostMessageEvent::Dispatch(nsGlobalWindow* aTargetWindow, Event* aEvent)
+{
  // We can't simply call dispatchEvent on the window because doing so ends
  // up flipping the trusted bit on the event, and we don't want that to
  // happen because then untrusted content can call postMessage on a chrome
  // window if it can get a reference to it.

-  nsIPresShell *shell = targetWindow->GetExtantDoc()->GetShell();
+  nsIPresShell *shell = aTargetWindow->GetExtantDoc()->GetShell();
  RefPtr<nsPresContext> presContext;
-  if (shell)
+  if (shell) {
    presContext = shell->GetPresContext();
+  }

-  event->SetTrusted(mTrustedCaller);
-  WidgetEvent* internalEvent = event->WidgetEventPtr();
+  aEvent->SetTrusted(mTrustedCaller);
+  WidgetEvent* internalEvent = aEvent->WidgetEventPtr();

  nsEventStatus status = nsEventStatus_eIgnore;
-  EventDispatcher::Dispatch(window,
+  EventDispatcher::Dispatch(aTargetWindow->AsInner(),
                            presContext,
                            internalEvent,
-                            static_cast<dom::Event*>(event.get()),
+                            aEvent,
                            &status);
-  return NS_OK;
 }

 } // namespace dom
--- a/dom/base/PostMessageEvent.h
+++ b/dom/base/PostMessageEvent.h
@ -40,6 +40,13 @@ public:
 private:
  ~PostMessageEvent();

+  void
+  Dispatch(nsGlobalWindow* aTargetWindow, Event* aEvent);
+
+  void
+  DispatchError(JSContext* aCx, nsGlobalWindow* aTargetWindow,
+                mozilla::dom::EventTarget* aEventTarget);
+
  RefPtr<nsGlobalWindow> mSource;
  nsString mCallerOrigin;
  RefPtr<nsGlobalWindow> mTargetWindow;
--- a/dom/events/EventNameList.h
+++ b/dom/events/EventNameList.h
@ -551,6 +551,10 @@ WINDOW_EVENT(message,
             eMessage,
             EventNameType_None,
             eBasicEventClass)
+WINDOW_EVENT(messageerror,
+             eMessageError,
+             EventNameType_HTMLBodyOrFramesetOnly,
+             eBasicEventClass)
 WINDOW_EVENT(offline,
             eOffline,
             EventNameType_XUL | EventNameType_HTMLBodyOrFramesetOnly,
--- a/dom/webidl/EventHandler.webidl
+++ b/dom/webidl/EventHandler.webidl
@ -147,6 +147,7 @@ interface WindowEventHandlers {
           attribute EventHandler onhashchange;
           attribute EventHandler onlanguagechange;
           attribute EventHandler onmessage;
+           attribute EventHandler onmessageerror;
           attribute EventHandler onoffline;
           attribute EventHandler ononline;
           attribute EventHandler onpagehide;
--- a/widget/EventMessageList.h
+++ b/widget/EventMessageList.h
@ -374,6 +374,7 @@ NS_EVENT_MESSAGE(eBeforePrint)
 NS_EVENT_MESSAGE(eAfterPrint)

 NS_EVENT_MESSAGE(eMessage)
+NS_EVENT_MESSAGE(eMessageError)

 // Menu open event
 NS_EVENT_MESSAGE(eOpen)