зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset 8ce65f4eb1ba (bug 820170) for suspicion of causing bug 860903 on a CLOSED TREE.
This commit is contained in:
Родитель
d0e32dc400
Коммит
7b5cb126eb
|
@ -1852,13 +1852,6 @@ nsDocument::Init()
|
|||
mRadioGroups.Init();
|
||||
mCustomPrototypes.Init();
|
||||
|
||||
// If after creation the owner js global is not set for a document
|
||||
// we use the default compartment for this document, instead of creating
|
||||
// wrapper in some random compartment when the document is exposed to js
|
||||
// via some events.
|
||||
mScopeObject = do_GetWeakReference(xpc::GetNativeForGlobal(xpc::GetJunkScope()));
|
||||
MOZ_ASSERT(mScopeObject);
|
||||
|
||||
// Force initialization.
|
||||
nsINode::nsSlots* slots = Slots();
|
||||
|
||||
|
|
|
@ -1520,25 +1520,6 @@ XULDocument::GetHeight(ErrorResult& aRv)
|
|||
return height;
|
||||
}
|
||||
|
||||
nsIGlobalObject*
|
||||
GetScopeObjectOfNode(nsIDOMNode* node)
|
||||
{
|
||||
// Window root occasionally keeps alive a node of a document whose
|
||||
// window is already dead. If in this brief period someone calls
|
||||
// GetPopupNode and we return that node, nsNodeSH::PreCreate will throw,
|
||||
// because it will not know which scope this node belongs to. Returning
|
||||
// an orphan node like that to JS would be a bug anyway, so to avoid
|
||||
// this, let's do the same check as nsNodeSH::PreCreate does to
|
||||
// determine the scope and if it fails let's just return null in
|
||||
// XULDocument::GetPopupNode.
|
||||
nsIDocument* doc = nullptr;
|
||||
for (nsCOMPtr<nsINode> inode = do_QueryInterface(node);
|
||||
!doc && inode; inode = inode->GetParent()) {
|
||||
doc = inode->OwnerDoc();
|
||||
}
|
||||
return doc ? doc->GetScopeObject() : nullptr;
|
||||
}
|
||||
|
||||
//----------------------------------------------------------------------
|
||||
//
|
||||
// nsIDOMXULDocument interface
|
||||
|
@ -1561,10 +1542,8 @@ XULDocument::GetPopupNode(nsIDOMNode** aNode)
|
|||
}
|
||||
}
|
||||
|
||||
if (node && nsContentUtils::CanCallerAccess(node)
|
||||
&& GetScopeObjectOfNode(node)) {
|
||||
node.swap(*aNode);
|
||||
}
|
||||
if (node && nsContentUtils::CanCallerAccess(node))
|
||||
node.swap(*aNode);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
|
@ -5707,6 +5707,18 @@ nsNodeSH::PreCreate(nsISupports *nativeObj, JSContext *cx, JSObject *globalObj,
|
|||
// See http://bugzilla.mozilla.org/show_bug.cgi?id=227417
|
||||
nsIDocument* doc = node->OwnerDoc();
|
||||
|
||||
// If we have a document, make sure one of these is true
|
||||
// (1) it has a script handling object,
|
||||
// (2) has had one, or has been marked to have had one,
|
||||
// (3) we are running a privileged script.
|
||||
// Event handling is possible only if (1). If (2) event handling is prevented.
|
||||
// If document has never had a script handling object,
|
||||
// untrusted scripts (3) shouldn't touch it!
|
||||
bool hasHadScriptHandlingObject = false;
|
||||
NS_ENSURE_STATE(doc->GetScriptHandlingObject(hasHadScriptHandlingObject) ||
|
||||
hasHadScriptHandlingObject ||
|
||||
nsContentUtils::IsCallerChrome());
|
||||
|
||||
nsINode *native_parent;
|
||||
|
||||
bool nodeIsElement = node->IsElement();
|
||||
|
@ -5755,14 +5767,26 @@ nsNodeSH::PreCreate(nsISupports *nativeObj, JSContext *cx, JSObject *globalObj,
|
|||
}
|
||||
} else {
|
||||
// We're called for a document object; set the parent to be the
|
||||
// document's global object
|
||||
// document's global object, if there is one
|
||||
|
||||
// Document should know its global but if the owner window of the
|
||||
// document is already dead at this point, then just throw.
|
||||
nsIGlobalObject* scope = doc->GetScopeObject();
|
||||
NS_ENSURE_TRUE(scope, NS_ERROR_UNEXPECTED);
|
||||
// Get the scope object from the document.
|
||||
nsISupports *scope = doc->GetScopeObject();
|
||||
|
||||
*parentObj = scope->GetGlobalJSObject();
|
||||
if (scope) {
|
||||
jsval v;
|
||||
nsCOMPtr<nsIXPConnectJSObjectHolder> holder;
|
||||
nsresult rv = WrapNative(cx, globalObj, scope, false, &v,
|
||||
getter_AddRefs(holder));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
holder->GetJSObject(parentObj);
|
||||
}
|
||||
else {
|
||||
// No global object reachable from this document, use the
|
||||
// global object that was passed to this method.
|
||||
|
||||
*parentObj = globalObj;
|
||||
}
|
||||
|
||||
// No slim wrappers for a document's scope object.
|
||||
return node->ChromeOnlyAccess() ?
|
||||
|
|
|
@ -32,17 +32,8 @@ function checkResults(xhr)
|
|||
return true;
|
||||
}
|
||||
|
||||
var httpServersClosed = 0;
|
||||
function finishIfDone()
|
||||
{
|
||||
if (++httpServersClosed == 2)
|
||||
do_test_finished();
|
||||
}
|
||||
|
||||
function run_test()
|
||||
{
|
||||
do_test_pending();
|
||||
|
||||
httpserver.registerPathHandler(testpath, serverHandler);
|
||||
httpserver.start(4444);
|
||||
|
||||
|
@ -54,6 +45,14 @@ function run_test()
|
|||
var res = cu.evalInSandbox('var sync = createXHR("4444/simple"); sync.send(null); sync', sb);
|
||||
checkResults(res);
|
||||
|
||||
// Test async XHR sending
|
||||
var async = cu.evalInSandbox('var async = createXHR("4444/simple", true); async', sb);
|
||||
async.addEventListener("readystatechange", function(event) {
|
||||
if (checkResults(async))
|
||||
httpserver.stop(do_test_finished);
|
||||
}, false);
|
||||
async.send(null);
|
||||
|
||||
// negative test sync XHR sending (to ensure that the xhr do not have chrome caps, see bug 779821)
|
||||
try {
|
||||
cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
|
||||
|
@ -62,28 +61,8 @@ function run_test()
|
|||
} catch (e) {
|
||||
do_check_true(true);
|
||||
}
|
||||
|
||||
httpserver2.stop(finishIfDone);
|
||||
|
||||
// Test async XHR sending
|
||||
sb.finish = function(){
|
||||
httpserver.stop(finishIfDone);
|
||||
}
|
||||
|
||||
sb.checkResults = checkResults;
|
||||
|
||||
sb.do_check_eq = do_check_eq;
|
||||
|
||||
function changeListener(event) {
|
||||
if (checkResults(async))
|
||||
finish();
|
||||
}
|
||||
|
||||
var async = cu.evalInSandbox('var async = createXHR("4444/simple", true);' +
|
||||
'async.addEventListener("readystatechange", ' +
|
||||
changeListener.toString() + ', false);' +
|
||||
'async', sb);
|
||||
async.send(null);
|
||||
do_test_pending();
|
||||
}
|
||||
|
||||
function serverHandler(metadata, response)
|
||||
|
|
Загрузка…
Ссылка в новой задаче