Bug 1776790 - Stop exposing the length of argument list of ChromeOnly constructor to non-chrome context; r=peterv

Differential Revision: https://phabricator.services.mozilla.com/D152467
2022-07-27 19:28:55 +00:00 · 2022-07-27 19:28:55 +00:00 · cdad5df9d3
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@ -1042,6 +1042,7 @@ void CreateInterfaceObjects(
    JS::Handle<JSObject*> protoProto, const JSClass* protoClass,
    JS::Heap<JSObject*>* protoCache, JS::Handle<JSObject*> constructorProto,
    const JSClass* constructorClass, unsigned ctorNargs,
+    bool isConstructorChromeOnly,
    const LegacyFactoryFunction* namedConstructors,
    JS::Heap<JSObject*>* constructorCache, const NativeProperties* properties,
    const NativeProperties* chromeOnlyProperties, const char* name,
@ -1097,7 +1098,8 @@ void CreateInterfaceObjects(
  JSObject* interface;
  if (constructorClass) {
    interface = CreateInterfaceObject(
-        cx, global, constructorProto, constructorClass, ctorNargs,
+        cx, global, constructorProto, constructorClass,
+        (isChrome || !isConstructorChromeOnly) ? ctorNargs : 0,
        namedConstructors, proto, properties, chromeOnlyProperties, nameStr,
        isChrome, defineOnGlobal, legacyWindowAliases, isNamespace);
    if (!interface) {
--- a/dom/bindings/BindingUtils.h
+++ b/dom/bindings/BindingUtils.h
@ -714,6 +714,7 @@ struct LegacyFactoryFunction {
 *             ignored. If this is null and constructorClass is also null then
 *             we should not create an interface object at all.
 * ctorNargs is the length of the constructor function; 0 if no constructor
+ * isConstructorChromeOnly if true, the constructor is ChromeOnly.
 * constructorCache a pointer to a JSObject pointer where we should cache the
 *                  interface object. This must be null if both constructorClass
 *                  and constructor are null, and non-null otherwise.
@ -756,6 +757,7 @@ void CreateInterfaceObjects(
    JS::Handle<JSObject*> protoProto, const JSClass* protoClass,
    JS::Heap<JSObject*>* protoCache, JS::Handle<JSObject*> constructorProto,
    const JSClass* constructorClass, unsigned ctorNargs,
+    bool isConstructorChromeOnly,
    const LegacyFactoryFunction* namedConstructors,
    JS::Heap<JSObject*>* constructorCache, const NativeProperties* properties,
    const NativeProperties* chromeOnlyProperties, const char* name,
--- a/dom/bindings/Codegen.py
+++ b/dom/bindings/Codegen.py
@ -3625,8 +3625,10 @@ class CGCreateInterfaceObjectsMethod(CGAbstractMethod):

        if self.descriptor.interface.ctor():
            constructArgs = methodLength(self.descriptor.interface.ctor())
+            isConstructorChromeOnly = isChromeOnly(self.descriptor.interface.ctor())
        else:
            constructArgs = 0
+            isConstructorChromeOnly = False
        if len(self.descriptor.interface.legacyFactoryFunctions) > 0:
            namedConstructors = "namedConstructors"
        else:
@ -3687,7 +3689,7 @@ class CGCreateInterfaceObjectsMethod(CGAbstractMethod):
            JS::Heap<JSObject*>* interfaceCache = ${interfaceCache};
            dom::CreateInterfaceObjects(aCx, aGlobal, ${parentProto},
                                        ${protoClass}, protoCache,
-                                        ${constructorProto}, ${interfaceClass}, ${constructArgs}, ${namedConstructors},
+                                        ${constructorProto}, ${interfaceClass}, ${constructArgs}, ${isConstructorChromeOnly}, ${namedConstructors},
                                        interfaceCache,
                                        ${properties},
                                        ${chromeProperties},
@ -3703,6 +3705,7 @@ class CGCreateInterfaceObjectsMethod(CGAbstractMethod):
            constructorProto=constructorProto,
            interfaceClass=interfaceClass,
            constructArgs=constructArgs,
+            isConstructorChromeOnly=toStringBool(isConstructorChromeOnly),
            namedConstructors=namedConstructors,
            interfaceCache=interfaceCache,
            properties=properties,
--- a/dom/bindings/moz.build
+++ b/dom/bindings/moz.build
@ -132,6 +132,7 @@ if CONFIG["MOZ_DEBUG"] and CONFIG["ENABLE_TESTS"]:
        "test/TestInterfaceIterableDouble.h",
        "test/TestInterfaceIterableDoubleUnion.h",
        "test/TestInterfaceIterableSingle.h",
+        "test/TestInterfaceLength.h",
        "test/TestInterfaceMaplike.h",
        "test/TestInterfaceMaplikeJSObject.h",
        "test/TestInterfaceMaplikeObject.h",
@ -146,6 +147,7 @@ if CONFIG["MOZ_DEBUG"] and CONFIG["ENABLE_TESTS"]:
        "test/TestInterfaceIterableDouble.cpp",
        "test/TestInterfaceIterableDoubleUnion.cpp",
        "test/TestInterfaceIterableSingle.cpp",
+        "test/TestInterfaceLength.cpp",
        "test/TestInterfaceMaplike.cpp",
        "test/TestInterfaceMaplikeJSObject.cpp",
        "test/TestInterfaceMaplikeObject.cpp",
--- a/dom/bindings/test/TestInterfaceLength.cpp
+++ b/dom/bindings/test/TestInterfaceLength.cpp
@ -0,0 +1,27 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/TestInterfaceLength.h"
+#include "mozilla/dom/TestFunctionsBinding.h"
+
+namespace mozilla::dom {
+
+NS_IMPL_CYCLE_COLLECTION_ROOT_NATIVE(TestInterfaceLength, AddRef)
+NS_IMPL_CYCLE_COLLECTION_UNROOT_NATIVE(TestInterfaceLength, Release)
+
+NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE_0(TestInterfaceLength)
+
+JSObject* TestInterfaceLength::WrapObject(JSContext* aCx,
+                                          JS::Handle<JSObject*> aGivenProto) {
+  return TestInterfaceLength_Binding::Wrap(aCx, this, aGivenProto);
+}
+
+already_AddRefed<TestInterfaceLength> TestInterfaceLength::Constructor(
+    const GlobalObject& aGlobalObject, const bool aArg) {
+  return MakeAndAddRef<TestInterfaceLength>();
+}
+
+}  // namespace mozilla::dom
--- a/dom/bindings/test/TestInterfaceLength.h
+++ b/dom/bindings/test/TestInterfaceLength.h
@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_TestInterfaceLength_h
+#define mozilla_dom_TestInterfaceLength_h
+
+#include "js/TypeDecls.h"
+#include "mozilla/Attributes.h"
+#include "mozilla/dom/BindingDeclarations.h"
+#include "nsCycleCollectionParticipant.h"
+#include "nsWrapperCache.h"
+
+namespace mozilla::dom {
+
+class TestInterfaceLength final : public nsWrapperCache {
+ public:
+  NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING(TestInterfaceLength)
+  NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_NATIVE_CLASS(TestInterfaceLength)
+
+ public:
+  TestInterfaceLength() = default;
+
+  static already_AddRefed<TestInterfaceLength> Constructor(
+      const GlobalObject& aGlobalObject, const bool aArg);
+
+ protected:
+  ~TestInterfaceLength() = default;
+
+ public:
+  nsISupports* GetParentObject() const { return nullptr; }
+  JSObject* WrapObject(JSContext*, JS::Handle<JSObject*> aGivenProto) override;
+};
+
+}  // namespace mozilla::dom
+
+#endif  // mozilla_dom_TestInterfaceLength_h
--- a/dom/bindings/test/chrome.ini
+++ b/dom/bindings/test/chrome.ini
@ -14,3 +14,5 @@ support-files =
 skip-if = debug == false
 [test_bug1287912.html]
 [test_bug1457051.html]
+[test_interfaceLength_chrome.html]
+skip-if = debug == false
--- a/dom/bindings/test/mochitest.ini
+++ b/dom/bindings/test/mochitest.ini
@ -37,6 +37,8 @@ support-files =
 [test_exception_messages.html]
 [test_forOf.html]
 [test_integers.html]
+[test_interfaceLength.html]
+skip-if = debug == false
 [test_interfaceName.html]
 [test_interfaceToString.html]
 [test_prefOnConstructor.html]
--- a/dom/bindings/test/test_interfaceLength.html
+++ b/dom/bindings/test/test_interfaceLength.html
@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1776790
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1776790</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1776790">Mozilla Bug 1776790</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script type="application/javascript">
+/* global TestInterfaceLength */
+
+add_task(async function init() {
+  await SpecialPowers.pushPrefEnv({set: [["dom.expose_test_interfaces", true]]});
+});
+
+/** Test for Bug 1776790 **/
+add_task(function test_interface_length() {
+  is(TestInterfaceLength.length, 0, "TestInterfaceLength.length");
+});
+
+</script>
+</pre>
+</body>
+</html>
--- a/dom/bindings/test/test_interfaceLength_chrome.html
+++ b/dom/bindings/test/test_interfaceLength_chrome.html
@ -0,0 +1,34 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1776790
+-->
+<head>
+  <meta charset="utf-8">
+  <title>Test for Bug 1776790</title>
+  <script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1776790">Mozilla Bug 1776790</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script type="application/javascript">
+/* global TestInterfaceLength */
+
+add_task(async function init() {
+  await SpecialPowers.pushPrefEnv({set: [["dom.expose_test_interfaces", true]]});
+});
+
+/** Test for Bug 1776790 **/
+add_task(function test_interface_length() {
+  is(TestInterfaceLength.length, 1, "TestInterfaceLength.length");
+});
+
+</script>
+</pre>
+</body>
+</html>
--- a/dom/webidl/TestFunctions.webidl
+++ b/dom/webidl/TestFunctions.webidl
@ -20,6 +20,13 @@ interface TestTrialInterface {
  constructor();
 };

+[Pref="dom.expose_test_interfaces",
+ Exposed=Window]
+interface TestInterfaceLength {
+  [ChromeOnly]
+  constructor(boolean arg);
+};
+
 // The type of string C++ sees.
 enum StringType {
  "literal",      // A string with the LITERAL flag.
--- a/testing/web-platform/meta/push-api/idlharness.https.any.js.ini
+++ b/testing/web-platform/meta/push-api/idlharness.https.any.js.ini
@ -1,10 +1,4 @@
 [idlharness.https.any.html]
-  [PushManager interface object length]
-    expected: FAIL
-
-  [PushSubscription interface object length]
-    expected: FAIL
-
  [PushSubscriptionOptions interface: attribute userVisibleOnly]
    expected: FAIL

@ -125,9 +119,6 @@
  [PushSubscriptionChangeEvent interface: existence and properties of interface prototype object's "constructor" property]
    expected: FAIL

-  [PushSubscription interface object length]
-    expected: FAIL
-
  [PushSubscriptionChangeEvent interface: existence and properties of interface prototype object's @@unscopables property]
    expected: FAIL

@ -146,9 +137,6 @@
  [PushSubscriptionChangeEvent interface: new PushSubscriptionChangeEvent("pushsubscriptionchange") must inherit property "newSubscription" with the proper type]
    expected: FAIL

-  [PushManager interface object length]
-    expected: FAIL
-
  [PushSubscriptionChangeEvent interface: attribute newSubscription]
    expected: FAIL

--- a/testing/web-platform/meta/service-workers/idlharness.https.any.js.ini
+++ b/testing/web-platform/meta/service-workers/idlharness.https.any.js.ini
@ -65,9 +65,6 @@
  [ServiceWorkerContainer interface: navigator.serviceWorker must inherit property "getRegistration(optional USVString)" with the proper type]
    expected: FAIL

-  [CacheStorage interface object length]
-    expected: FAIL
-
  [ServiceWorkerContainer interface: operation getRegistration(optional USVString)]
    expected: FAIL

@ -265,9 +262,6 @@
  [ServiceWorkerContainer interface: navigator.serviceWorker must inherit property "getRegistration(optional USVString)" with the proper type]
    expected: FAIL

-  [CacheStorage interface object length]
-    expected: FAIL
-
  [ServiceWorkerContainer interface: operation getRegistration(optional USVString)]
    expected: FAIL

@ -398,11 +392,6 @@
    expected: FAIL


-[idlharness.https.any.html]
-  [CacheStorage interface object length]
-    expected: FAIL
-
-
 [idlharness.https.any.serviceworker.html]
  [ServiceWorker interface: serviceWorker must inherit property "scriptURL" with the proper type]
    expected: FAIL
@ -503,9 +492,6 @@
  [WorkerNavigator interface: attribute serviceWorker]
    expected: FAIL

-  [CacheStorage interface object length]
-    expected: FAIL
-
  [ServiceWorkerGlobalScope interface: attribute serviceWorker]
    expected: FAIL