зеркало из https://github.com/mozilla/gecko-dev.git
1910 строки
64 KiB
C++
1910 строки
64 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
* vim: set ts=4 sw=4 et tw=99 ft=cpp:
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "XrayWrapper.h"
|
|
#include "AccessCheck.h"
|
|
#include "FilteringWrapper.h"
|
|
#include "WaiveXrayWrapper.h"
|
|
#include "WrapperFactory.h"
|
|
|
|
#include "nsINode.h"
|
|
#include "nsIContent.h"
|
|
#include "nsIDocument.h"
|
|
#include "nsContentUtils.h"
|
|
|
|
#include "XPCWrapper.h"
|
|
#include "xpcprivate.h"
|
|
|
|
#include "jsapi.h"
|
|
#include "nsJSUtils.h"
|
|
|
|
#include "mozilla/dom/BindingUtils.h"
|
|
#include "nsGlobalWindow.h"
|
|
|
|
using namespace mozilla::dom;
|
|
using namespace JS;
|
|
|
|
using js::PropertyDescriptor;
|
|
using js::Wrapper;
|
|
|
|
namespace xpc {
|
|
|
|
static const uint32_t JSSLOT_RESOLVING = 0;
|
|
|
|
static XPCWrappedNative *GetWrappedNative(JSObject *obj);
|
|
|
|
namespace XrayUtils {
|
|
|
|
JSClass HolderClass = {
|
|
"NativePropertyHolder",
|
|
JSCLASS_HAS_RESERVED_SLOTS(2),
|
|
JS_PropertyStub, JS_PropertyStub, holder_get, holder_set,
|
|
JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub
|
|
};
|
|
}
|
|
|
|
using namespace XrayUtils;
|
|
|
|
XrayType
|
|
GetXrayType(JSObject *obj)
|
|
{
|
|
obj = js::UnwrapObject(obj, /* stopAtOuter = */ false);
|
|
if (mozilla::dom::UseDOMXray(obj))
|
|
return XrayForDOMObject;
|
|
|
|
js::Class* clasp = js::GetObjectClass(obj);
|
|
if (IS_WRAPPER_CLASS(clasp) || clasp->ext.innerObject) {
|
|
NS_ASSERTION(clasp->ext.innerObject || IS_WN_WRAPPER_OBJECT(obj),
|
|
"We forgot to Morph a slim wrapper!");
|
|
return XrayForWrappedNative;
|
|
}
|
|
return NotXray;
|
|
}
|
|
|
|
ResolvingId::ResolvingId(JSObject *wrapper, jsid id)
|
|
: mId(id),
|
|
mHolder(getHolderObject(wrapper)),
|
|
mPrev(getResolvingId(mHolder)),
|
|
mXrayShadowing(false)
|
|
{
|
|
js::SetReservedSlot(mHolder, JSSLOT_RESOLVING, js::PrivateValue(this));
|
|
}
|
|
|
|
ResolvingId::~ResolvingId()
|
|
{
|
|
MOZ_ASSERT(getResolvingId(mHolder) == this, "unbalanced ResolvingIds");
|
|
js::SetReservedSlot(mHolder, JSSLOT_RESOLVING, js::PrivateValue(mPrev));
|
|
}
|
|
|
|
bool
|
|
ResolvingId::isXrayShadowing(jsid id)
|
|
{
|
|
if (!mXrayShadowing)
|
|
return false;
|
|
|
|
return mId == id;
|
|
}
|
|
|
|
bool
|
|
ResolvingId::isResolving(jsid id)
|
|
{
|
|
for (ResolvingId *cur = this; cur; cur = cur->mPrev) {
|
|
if (cur->mId == id)
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
ResolvingId *
|
|
ResolvingId::getResolvingId(JSObject *holder)
|
|
{
|
|
MOZ_ASSERT(strcmp(JS_GetClass(holder)->name, "NativePropertyHolder") == 0);
|
|
return (ResolvingId *)js::GetReservedSlot(holder, JSSLOT_RESOLVING).toPrivate();
|
|
}
|
|
|
|
JSObject *
|
|
ResolvingId::getHolderObject(JSObject *wrapper)
|
|
{
|
|
return &js::GetProxyExtra(wrapper, 0).toObject();
|
|
}
|
|
|
|
ResolvingId *
|
|
ResolvingId::getResolvingIdFromWrapper(JSObject *wrapper)
|
|
{
|
|
return getResolvingId(getHolderObject(wrapper));
|
|
}
|
|
|
|
class ResolvingIdDummy
|
|
{
|
|
public:
|
|
ResolvingIdDummy(JSObject *wrapper, jsid id)
|
|
{
|
|
}
|
|
};
|
|
|
|
class XrayTraits
|
|
{
|
|
public:
|
|
static JSObject* getTargetObject(JSObject *wrapper) {
|
|
return js::UnwrapObject(wrapper, /* stopAtOuter = */ false);
|
|
}
|
|
|
|
virtual bool resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper,
|
|
HandleObject wrapper, HandleObject holder,
|
|
HandleId id, JSPropertyDescriptor *desc, unsigned flags);
|
|
|
|
static bool call(JSContext *cx, HandleObject wrapper, unsigned argc, Value *vp)
|
|
{
|
|
MOZ_NOT_REACHED("Call trap currently implemented only for XPCWNs");
|
|
}
|
|
static bool construct(JSContext *cx, HandleObject wrapper, unsigned argc,
|
|
Value *argv, MutableHandleValue rval)
|
|
{
|
|
MOZ_NOT_REACHED("Call trap currently implemented only for XPCWNs");
|
|
}
|
|
|
|
virtual void preserveWrapper(JSObject *target) = 0;
|
|
|
|
JSObject* getExpandoObject(JSContext *cx, HandleObject target,
|
|
HandleObject consumer);
|
|
JSObject* ensureExpandoObject(JSContext *cx, HandleObject wrapper,
|
|
HandleObject target);
|
|
|
|
JSObject* getHolder(JSObject *wrapper);
|
|
JSObject* ensureHolder(JSContext *cx, HandleObject wrapper);
|
|
virtual JSObject* createHolder(JSContext *cx, JSObject *wrapper) = 0;
|
|
|
|
virtual JSObject* getExpandoChain(JSObject *obj) = 0;
|
|
virtual void setExpandoChain(JSObject *obj, JSObject *chain) = 0;
|
|
bool cloneExpandoChain(JSContext *cx, HandleObject dst, HandleObject src);
|
|
|
|
private:
|
|
bool expandoObjectMatchesConsumer(JSContext *cx, HandleObject expandoObject,
|
|
nsIPrincipal *consumerOrigin,
|
|
HandleObject exclusiveGlobal);
|
|
JSObject* getExpandoObjectInternal(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin,
|
|
JSObject *exclusiveGlobal);
|
|
JSObject* attachExpandoObject(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin,
|
|
HandleObject exclusiveGlobal);
|
|
};
|
|
|
|
class XPCWrappedNativeXrayTraits : public XrayTraits
|
|
{
|
|
public:
|
|
static const XrayType Type = XrayForWrappedNative;
|
|
|
|
static bool resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
JSPropertyDescriptor *desc, unsigned flags);
|
|
virtual bool resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
JSPropertyDescriptor *desc, unsigned flags);
|
|
static bool defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
PropertyDescriptor *desc, PropertyDescriptor &existingDesc,
|
|
bool *defined);
|
|
static bool enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props);
|
|
static bool call(JSContext *cx, HandleObject wrapper, unsigned argc, Value *vp);
|
|
static bool construct(JSContext *cx, HandleObject wrapper, unsigned argc,
|
|
Value *argv, MutableHandleValue rval);
|
|
|
|
static bool isResolving(JSContext *cx, JSObject *holder, jsid id);
|
|
|
|
static bool resolveDOMCollectionProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
PropertyDescriptor *desc, unsigned flags);
|
|
|
|
static XPCWrappedNative* getWN(JSObject *wrapper) {
|
|
return GetWrappedNative(getTargetObject(wrapper));
|
|
}
|
|
|
|
virtual void preserveWrapper(JSObject *target);
|
|
|
|
typedef ResolvingId ResolvingIdImpl;
|
|
|
|
virtual JSObject* createHolder(JSContext *cx, JSObject *wrapper);
|
|
virtual JSObject* getExpandoChain(JSObject *obj) {
|
|
return GetWNExpandoChain(obj);
|
|
}
|
|
virtual void setExpandoChain(JSObject *obj, JSObject *chain) {
|
|
SetWNExpandoChain(obj, chain);
|
|
}
|
|
|
|
static XPCWrappedNativeXrayTraits singleton;
|
|
};
|
|
|
|
class DOMXrayTraits : public XrayTraits
|
|
{
|
|
public:
|
|
static const XrayType Type = XrayForDOMObject;
|
|
|
|
static bool resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
JSPropertyDescriptor *desc, unsigned flags);
|
|
virtual bool resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
JSPropertyDescriptor *desc, unsigned flags);
|
|
static bool defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
PropertyDescriptor *desc, PropertyDescriptor &existingDesc,
|
|
bool *defined);
|
|
static bool enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props);
|
|
static bool call(JSContext *cx, HandleObject wrapper, unsigned argc, Value *vp);
|
|
static bool construct(JSContext *cx, HandleObject wrapper, unsigned argc,
|
|
Value *argv, MutableHandleValue rval);
|
|
|
|
static bool isResolving(JSContext *cx, JSObject *holder, jsid id)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
typedef ResolvingIdDummy ResolvingIdImpl;
|
|
|
|
virtual void preserveWrapper(JSObject *target);
|
|
|
|
virtual JSObject* createHolder(JSContext *cx, JSObject *wrapper);
|
|
|
|
virtual JSObject* getExpandoChain(JSObject *obj) {
|
|
return mozilla::dom::GetXrayExpandoChain(obj);
|
|
}
|
|
virtual void setExpandoChain(JSObject *obj, JSObject *chain) {
|
|
mozilla::dom::SetXrayExpandoChain(obj, chain);
|
|
}
|
|
|
|
static DOMXrayTraits singleton;
|
|
};
|
|
|
|
XPCWrappedNativeXrayTraits XPCWrappedNativeXrayTraits::singleton;
|
|
DOMXrayTraits DOMXrayTraits::singleton;
|
|
|
|
XrayTraits*
|
|
GetXrayTraits(JSObject *obj)
|
|
{
|
|
switch (GetXrayType(obj)) {
|
|
case XrayForDOMObject:
|
|
return &DOMXrayTraits::singleton;
|
|
case XrayForWrappedNative:
|
|
return &XPCWrappedNativeXrayTraits::singleton;
|
|
default:
|
|
return nullptr;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Xray expando handling.
|
|
*
|
|
* We hang expandos for Xray wrappers off a reserved slot on the target object
|
|
* so that same-origin compartments can share expandos for a given object. We
|
|
* have a linked list of expando objects, one per origin. The properties on these
|
|
* objects are generally wrappers pointing back to the compartment that applied
|
|
* them.
|
|
*
|
|
* The expando objects should _never_ be exposed to script. The fact that they
|
|
* live in the target compartment is a detail of the implementation, and does
|
|
* not imply that code in the target compartment should be allowed to inspect
|
|
* them. They are private to the origin that placed them.
|
|
*/
|
|
|
|
enum ExpandoSlots {
|
|
JSSLOT_EXPANDO_NEXT = 0,
|
|
JSSLOT_EXPANDO_ORIGIN,
|
|
JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL,
|
|
JSSLOT_EXPANDO_COUNT
|
|
};
|
|
|
|
static nsIPrincipal*
|
|
ObjectPrincipal(JSObject *obj)
|
|
{
|
|
return GetCompartmentPrincipal(js::GetObjectCompartment(obj));
|
|
}
|
|
|
|
static nsIPrincipal*
|
|
GetExpandoObjectPrincipal(JSObject *expandoObject)
|
|
{
|
|
Value v = JS_GetReservedSlot(expandoObject, JSSLOT_EXPANDO_ORIGIN);
|
|
return static_cast<nsIPrincipal*>(v.toPrivate());
|
|
}
|
|
|
|
static void
|
|
ExpandoObjectFinalize(JSFreeOp *fop, JSObject *obj)
|
|
{
|
|
// Release the principal.
|
|
nsIPrincipal *principal = GetExpandoObjectPrincipal(obj);
|
|
NS_RELEASE(principal);
|
|
}
|
|
|
|
JSClass ExpandoObjectClass = {
|
|
"XrayExpandoObject",
|
|
JSCLASS_HAS_RESERVED_SLOTS(JSSLOT_EXPANDO_COUNT),
|
|
JS_PropertyStub, JS_PropertyStub, JS_PropertyStub, JS_StrictPropertyStub,
|
|
JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, ExpandoObjectFinalize
|
|
};
|
|
|
|
bool
|
|
XrayTraits::expandoObjectMatchesConsumer(JSContext *cx,
|
|
HandleObject expandoObject,
|
|
nsIPrincipal *consumerOrigin,
|
|
HandleObject exclusiveGlobal)
|
|
{
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(expandoObject, cx));
|
|
|
|
// First, compare the principals.
|
|
nsIPrincipal *o = GetExpandoObjectPrincipal(expandoObject);
|
|
bool equal;
|
|
// Note that it's very important here to ignore document.domain. We
|
|
// pull the principal for the expando object off of the first consumer
|
|
// for a given origin, and freely share the expandos amongst multiple
|
|
// same-origin consumers afterwards. However, this means that we have
|
|
// no way to know whether _all_ consumers have opted in to collaboration
|
|
// by explicitly setting document.domain. So we just mandate that expando
|
|
// sharing is unaffected by it.
|
|
nsresult rv = consumerOrigin->EqualsIgnoringDomain(o, &equal);
|
|
if (NS_FAILED(rv) || !equal)
|
|
return false;
|
|
|
|
// Sandboxes want exclusive expando objects.
|
|
JSObject *owner = JS_GetReservedSlot(expandoObject,
|
|
JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL)
|
|
.toObjectOrNull();
|
|
if (!owner && !exclusiveGlobal)
|
|
return true;
|
|
|
|
// The exclusive global should always be wrapped in the target's compartment.
|
|
MOZ_ASSERT(!exclusiveGlobal || js::IsObjectInContextCompartment(exclusiveGlobal, cx));
|
|
MOZ_ASSERT(!owner || js::IsObjectInContextCompartment(owner, cx));
|
|
return owner == exclusiveGlobal;
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::getExpandoObjectInternal(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin,
|
|
JSObject *exclusiveGlobal_)
|
|
{
|
|
// The expando object lives in the compartment of the target, so all our
|
|
// work needs to happen there.
|
|
RootedObject exclusiveGlobal(cx, exclusiveGlobal_);
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!JS_WrapObject(cx, exclusiveGlobal.address()))
|
|
return NULL;
|
|
|
|
// Iterate through the chain, looking for a same-origin object.
|
|
RootedObject head(cx, getExpandoChain(target));
|
|
while (head) {
|
|
if (expandoObjectMatchesConsumer(cx, head, origin, exclusiveGlobal))
|
|
return head;
|
|
head = JS_GetReservedSlot(head, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
|
|
}
|
|
|
|
// Not found.
|
|
return nullptr;
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::getExpandoObject(JSContext *cx, HandleObject target, HandleObject consumer)
|
|
{
|
|
JSObject *consumerGlobal = js::GetGlobalForObjectCrossCompartment(consumer);
|
|
bool isSandbox = !strcmp(js::GetObjectJSClass(consumerGlobal)->name, "Sandbox");
|
|
return getExpandoObjectInternal(cx, target, ObjectPrincipal(consumer),
|
|
isSandbox ? consumerGlobal : nullptr);
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::attachExpandoObject(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin, HandleObject exclusiveGlobal)
|
|
{
|
|
// Make sure the compartments are sane.
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(target, cx));
|
|
MOZ_ASSERT(!exclusiveGlobal || js::IsObjectInContextCompartment(exclusiveGlobal, cx));
|
|
|
|
// No duplicates allowed.
|
|
MOZ_ASSERT(!getExpandoObjectInternal(cx, target, origin, exclusiveGlobal));
|
|
|
|
// Create the expando object. We parent it directly to the target object.
|
|
RootedObject expandoObject(cx, JS_NewObjectWithGivenProto(cx, &ExpandoObjectClass,
|
|
nullptr, target));
|
|
if (!expandoObject)
|
|
return nullptr;
|
|
|
|
// AddRef and store the principal.
|
|
NS_ADDREF(origin);
|
|
JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_ORIGIN, PRIVATE_TO_JSVAL(origin));
|
|
|
|
// Note the exclusive global, if any.
|
|
JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL,
|
|
OBJECT_TO_JSVAL(exclusiveGlobal));
|
|
|
|
// If this is our first expando object, take the opportunity to preserve
|
|
// the wrapper. This keeps our expandos alive even if the Xray wrapper gets
|
|
// collected.
|
|
RootedObject chain(cx, getExpandoChain(target));
|
|
if (!chain)
|
|
preserveWrapper(target);
|
|
|
|
// Insert it at the front of the chain.
|
|
JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_NEXT, OBJECT_TO_JSVAL(chain));
|
|
setExpandoChain(target, expandoObject);
|
|
|
|
return expandoObject;
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::ensureExpandoObject(JSContext *cx, HandleObject wrapper,
|
|
HandleObject target)
|
|
{
|
|
// Expando objects live in the target compartment.
|
|
JSAutoCompartment ac(cx, target);
|
|
JSObject *expandoObject = getExpandoObject(cx, target, wrapper);
|
|
if (!expandoObject) {
|
|
// If the object is a sandbox, we don't want it to share expandos with
|
|
// anyone else, so we tag it with the sandbox global.
|
|
//
|
|
// NB: We first need to check the class, _then_ wrap for the target's
|
|
// compartment.
|
|
RootedObject consumerGlobal(cx, js::GetGlobalForObjectCrossCompartment(wrapper));
|
|
bool isSandbox = !strcmp(js::GetObjectJSClass(consumerGlobal)->name, "Sandbox");
|
|
if (!JS_WrapObject(cx, consumerGlobal.address()))
|
|
return NULL;
|
|
expandoObject = attachExpandoObject(cx, target, ObjectPrincipal(wrapper),
|
|
isSandbox ? (HandleObject)consumerGlobal : NullPtr());
|
|
}
|
|
return expandoObject;
|
|
}
|
|
|
|
bool
|
|
XrayTraits::cloneExpandoChain(JSContext *cx, HandleObject dst, HandleObject src)
|
|
{
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(dst, cx));
|
|
MOZ_ASSERT(getExpandoChain(dst) == nullptr);
|
|
|
|
RootedObject oldHead(cx, getExpandoChain(src));
|
|
while (oldHead) {
|
|
RootedObject exclusive(cx, JS_GetReservedSlot(oldHead,
|
|
JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL)
|
|
.toObjectOrNull());
|
|
if (!JS_WrapObject(cx, exclusive.address()))
|
|
return false;
|
|
JSObject *newHead = attachExpandoObject(cx, dst, GetExpandoObjectPrincipal(oldHead),
|
|
exclusive);
|
|
if (!JS_CopyPropertiesFrom(cx, newHead, oldHead))
|
|
return false;
|
|
oldHead = JS_GetReservedSlot(oldHead, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
|
|
}
|
|
return true;
|
|
}
|
|
|
|
namespace XrayUtils {
|
|
bool CloneExpandoChain(JSContext *cx, JSObject *dst_, JSObject *src_)
|
|
{
|
|
RootedObject dst(cx, dst_);
|
|
RootedObject src(cx, src_);
|
|
return GetXrayTraits(src)->cloneExpandoChain(cx, dst, src);
|
|
}
|
|
}
|
|
|
|
static JSObject *
|
|
GetHolder(JSObject *obj)
|
|
{
|
|
return &js::GetProxyExtra(obj, 0).toObject();
|
|
}
|
|
|
|
static XPCWrappedNative *
|
|
GetWrappedNative(JSObject *obj)
|
|
{
|
|
MOZ_ASSERT(IS_WN_WRAPPER_OBJECT(obj));
|
|
return static_cast<XPCWrappedNative *>(js::GetObjectPrivate(obj));
|
|
}
|
|
|
|
static inline JSObject *
|
|
FindWrapper(JSContext *cx, JSObject *wrapper_)
|
|
{
|
|
RootedObject wrapper(cx, wrapper_);
|
|
while (!js::IsWrapper(wrapper) ||
|
|
!(Wrapper::wrapperHandler(wrapper)->flags() &
|
|
WrapperFactory::IS_XRAY_WRAPPER_FLAG)) {
|
|
if (js::IsWrapper(wrapper) &&
|
|
js::GetProxyHandler(wrapper) == &sandboxProxyHandler) {
|
|
wrapper = SandboxProxyHandler::wrappedObject(wrapper);
|
|
} else {
|
|
if (!js::GetObjectProto(cx, wrapper, wrapper.address()))
|
|
return nullptr;
|
|
}
|
|
// NB: we must eventually hit our wrapper.
|
|
}
|
|
|
|
return wrapper;
|
|
}
|
|
|
|
JSObject*
|
|
XrayTraits::getHolder(JSObject *wrapper)
|
|
{
|
|
MOZ_ASSERT(WrapperFactory::IsXrayWrapper(wrapper));
|
|
js::Value v = js::GetProxyExtra(wrapper, 0);
|
|
return v.isObject() ? &v.toObject() : nullptr;
|
|
}
|
|
|
|
JSObject*
|
|
XrayTraits::ensureHolder(JSContext *cx, HandleObject wrapper)
|
|
{
|
|
RootedObject holder(cx, getHolder(wrapper));
|
|
if (holder)
|
|
return holder;
|
|
holder = createHolder(cx, wrapper); // virtual trap.
|
|
if (holder)
|
|
js::SetProxyExtra(wrapper, 0, ObjectValue(*holder));
|
|
return holder;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::isResolving(JSContext *cx, JSObject *holder,
|
|
jsid id)
|
|
{
|
|
ResolvingId *cur = ResolvingId::getResolvingId(holder);
|
|
if (!cur)
|
|
return false;
|
|
return cur->isResolving(id);
|
|
}
|
|
|
|
// Some DOM objects have shared properties that don't have an explicit
|
|
// getter/setter and rely on the class getter/setter. We install a
|
|
// class getter/setter on the holder object to trigger them.
|
|
JSBool
|
|
holder_get(JSContext *cx, HandleObject wrapperArg, HandleId id, MutableHandleValue vp)
|
|
{
|
|
RootedObject wrapper(cx, FindWrapper(cx, wrapperArg));
|
|
if (!wrapper)
|
|
return false;
|
|
|
|
JSObject *holder = GetHolder(wrapper);
|
|
|
|
XPCWrappedNative *wn = XPCWrappedNativeXrayTraits::getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantGetProperty)) {
|
|
JSAutoCompartment ac(cx, holder);
|
|
bool retval = true;
|
|
nsresult rv = wn->GetScriptableCallback()->GetProperty(wn, cx, wrapper,
|
|
id, vp.address(), &retval);
|
|
if (NS_FAILED(rv) || !retval) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
JSBool
|
|
holder_set(JSContext *cx, HandleObject wrapperArg, HandleId id, JSBool strict, MutableHandleValue vp)
|
|
{
|
|
RootedObject wrapper(cx, FindWrapper(cx, wrapperArg));
|
|
if (!wrapper)
|
|
return false;
|
|
|
|
JSObject *holder = GetHolder(wrapper);
|
|
if (XPCWrappedNativeXrayTraits::isResolving(cx, holder, id)) {
|
|
return true;
|
|
}
|
|
|
|
XPCWrappedNative *wn = XPCWrappedNativeXrayTraits::getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantSetProperty)) {
|
|
JSAutoCompartment ac(cx, holder);
|
|
bool retval = true;
|
|
nsresult rv = wn->GetScriptableCallback()->SetProperty(wn, cx, wrapper,
|
|
id, vp.address(), &retval);
|
|
if (NS_FAILED(rv) || !retval) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
class AutoSetWrapperNotShadowing
|
|
{
|
|
public:
|
|
AutoSetWrapperNotShadowing(JSObject *wrapper MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
|
|
{
|
|
MOZ_GUARD_OBJECT_NOTIFIER_INIT;
|
|
MOZ_ASSERT(wrapper);
|
|
mResolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper);
|
|
MOZ_ASSERT(mResolvingId);
|
|
mResolvingId->mXrayShadowing = true;
|
|
}
|
|
|
|
~AutoSetWrapperNotShadowing()
|
|
{
|
|
mResolvingId->mXrayShadowing = false;
|
|
}
|
|
|
|
private:
|
|
MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
|
|
ResolvingId *mResolvingId;
|
|
};
|
|
|
|
// This is called after the resolveNativeProperty could not find any property
|
|
// with the given id. At this point we can check for DOM specific collections
|
|
// like document["formName"] because we already know that it is not shadowing
|
|
// any native property.
|
|
bool
|
|
XPCWrappedNativeXrayTraits::resolveDOMCollectionProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
PropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
// If we are not currently resolving this id and resolveNative is called
|
|
// we don't do anything. (see defineProperty in case of shadowing is forbidden).
|
|
ResolvingId *rid = ResolvingId::getResolvingId(holder);
|
|
if (!rid || rid->mId != id)
|
|
return true;
|
|
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
if (!NATIVE_HAS_FLAG(wn, WantNewResolve))
|
|
return true;
|
|
|
|
// Setting the current ResolvingId in non-shadowing mode. So for this id
|
|
// Xray won't ignore DOM specific collection properties temporarily.
|
|
AutoSetWrapperNotShadowing asw(wrapper);
|
|
|
|
bool retval = true;
|
|
RootedObject pobj(cx);
|
|
nsresult rv = wn->GetScriptableInfo()->GetCallback()->NewResolve(wn, cx, wrapper, id,
|
|
flags, pobj.address(), &retval);
|
|
if (NS_FAILED(rv)) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
|
|
if (pobj && !JS_GetPropertyDescriptorById(cx, holder, id, 0, desc))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
template <typename T>
|
|
static T*
|
|
As(JSObject *wrapper)
|
|
{
|
|
XPCWrappedNative *wn = XPCWrappedNativeXrayTraits::getWN(wrapper);
|
|
nsCOMPtr<T> native = do_QueryWrappedNative(wn);
|
|
return native;
|
|
}
|
|
|
|
template <typename T>
|
|
static bool
|
|
Is(JSObject *wrapper)
|
|
{
|
|
return !!As<T>(wrapper);
|
|
}
|
|
|
|
static nsQueryInterface
|
|
do_QueryInterfaceNative(JSContext* cx, HandleObject wrapper);
|
|
|
|
// Helper function to work around some limitations of the current XPC
|
|
// calling mechanism. See: bug 763897.
|
|
// The idea is that we unwrap the 'this' object, and find the wrapped
|
|
// native that belongs to it. Then we simply make the call directly
|
|
// on it after a Query Interface.
|
|
static JSBool
|
|
mozMatchesSelectorStub(JSContext *cx, unsigned argc, jsval *vp)
|
|
{
|
|
if (argc < 1) {
|
|
JS_ReportError(cx, "Not enough arguments");
|
|
return false;
|
|
}
|
|
|
|
RootedObject wrapper(cx, JS_THIS_OBJECT(cx, vp));
|
|
RootedString selector(cx, JS_ValueToString(cx, JS_ARGV(cx, vp)[0]));
|
|
if (!selector) {
|
|
return false;
|
|
}
|
|
nsDependentJSString selectorStr;
|
|
NS_ENSURE_TRUE(selectorStr.init(cx, selector), false);
|
|
|
|
nsCOMPtr<nsIDOMElement> element = do_QueryInterfaceNative(cx, wrapper);
|
|
if (!element) {
|
|
JS_ReportError(cx, "Unexpected object");
|
|
return false;
|
|
}
|
|
|
|
bool ret;
|
|
nsresult rv = element->MozMatchesSelector(selectorStr, &ret);
|
|
if (NS_FAILED(rv)) {
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
|
|
JS_SET_RVAL(cx, vp, BOOLEAN_TO_JSVAL(ret));
|
|
return true;
|
|
}
|
|
|
|
void
|
|
XPCWrappedNativeXrayTraits::preserveWrapper(JSObject *target)
|
|
{
|
|
XPCWrappedNative *wn =
|
|
static_cast<XPCWrappedNative *>(xpc_GetJSPrivate(target));
|
|
nsRefPtr<nsXPCClassInfo> ci;
|
|
CallQueryInterface(wn->Native(), getter_AddRefs(ci));
|
|
if (ci)
|
|
ci->PreserveWrapper(wn->Native());
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
JSPropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
MOZ_ASSERT(js::GetObjectJSClass(holder) == &HolderClass);
|
|
XPCJSRuntime* rt = nsXPConnect::GetRuntimeInstance();
|
|
if (id == rt->GetStringID(XPCJSRuntime::IDX_MOZMATCHESSELECTOR) &&
|
|
Is<nsIDOMElement>(wrapper))
|
|
{
|
|
// XPC calling mechanism cannot handle call/bind properly in some cases
|
|
// especially through xray wrappers. This is a temporary work around for
|
|
// this problem for mozMatchesSelector. See: bug 763897.
|
|
desc->obj = wrapper;
|
|
desc->attrs = JSPROP_ENUMERATE;
|
|
RootedObject proto(cx);
|
|
if (!JS_GetPrototype(cx, wrapper, proto.address()))
|
|
return false;
|
|
JSFunction *fun = JS_NewFunction(cx, mozMatchesSelectorStub,
|
|
1, 0, proto,
|
|
"mozMatchesSelector");
|
|
NS_ENSURE_TRUE(fun, false);
|
|
desc->value = OBJECT_TO_JSVAL(JS_GetFunctionObject(fun));
|
|
desc->getter = NULL;
|
|
desc->setter = NULL;
|
|
desc->shortid = 0;
|
|
return true;
|
|
}
|
|
|
|
desc->obj = NULL;
|
|
|
|
// This will do verification and the method lookup for us.
|
|
XPCCallContext ccx(JS_CALLER, cx, getTargetObject(wrapper), nullptr, id);
|
|
|
|
// There are no native numeric properties, so we can shortcut here. We will
|
|
// not find the property. However we want to support non shadowing dom
|
|
// specific collection properties like window.frames, so we still have to
|
|
// check for those.
|
|
if (!JSID_IS_STRING(id)) {
|
|
/* Not found */
|
|
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc, flags);
|
|
}
|
|
|
|
XPCNativeInterface *iface;
|
|
XPCNativeMember *member;
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
if (ccx.GetWrapper() != wn ||
|
|
!wn->IsValid() ||
|
|
!(iface = ccx.GetInterface()) ||
|
|
!(member = ccx.GetMember())) {
|
|
/* Not found */
|
|
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc, flags);
|
|
}
|
|
|
|
desc->obj = holder;
|
|
desc->attrs = JSPROP_ENUMERATE;
|
|
desc->getter = NULL;
|
|
desc->setter = NULL;
|
|
desc->shortid = 0;
|
|
desc->value = JSVAL_VOID;
|
|
|
|
RootedValue fval(cx, JSVAL_VOID);
|
|
if (member->IsConstant()) {
|
|
if (!member->GetConstantValue(ccx, iface, &desc->value)) {
|
|
JS_ReportError(cx, "Failed to convert constant native property to JS value");
|
|
return false;
|
|
}
|
|
} else if (member->IsAttribute()) {
|
|
// This is a getter/setter. Clone a function for it.
|
|
if (!member->NewFunctionObject(ccx, iface, wrapper, fval.address())) {
|
|
JS_ReportError(cx, "Failed to clone function object for native getter/setter");
|
|
return false;
|
|
}
|
|
|
|
desc->attrs |= JSPROP_GETTER;
|
|
if (member->IsWritableAttribute())
|
|
desc->attrs |= JSPROP_SETTER;
|
|
|
|
// Make the property shared on the holder so no slot is allocated
|
|
// for it. This avoids keeping garbage alive through that slot.
|
|
desc->attrs |= JSPROP_SHARED;
|
|
} else {
|
|
// This is a method. Clone a function for it.
|
|
if (!member->NewFunctionObject(ccx, iface, wrapper, &desc->value)) {
|
|
JS_ReportError(cx, "Failed to clone function object for native function");
|
|
return false;
|
|
}
|
|
|
|
// Without a wrapper the function would live on the prototype. Since we
|
|
// don't have one, we have to avoid calling the scriptable helper's
|
|
// GetProperty method for this property, so stub out the getter and
|
|
// setter here explicitly.
|
|
desc->getter = JS_PropertyStub;
|
|
desc->setter = JS_StrictPropertyStub;
|
|
}
|
|
|
|
if (!JS_WrapValue(cx, &desc->value) || !JS_WrapValue(cx, fval.address()))
|
|
return false;
|
|
|
|
if (desc->attrs & JSPROP_GETTER)
|
|
desc->getter = js::CastAsJSPropertyOp(JSVAL_TO_OBJECT(fval));
|
|
if (desc->attrs & JSPROP_SETTER)
|
|
desc->setter = js::CastAsJSStrictPropertyOp(JSVAL_TO_OBJECT(fval));
|
|
|
|
// Define the property.
|
|
return JS_DefinePropertyById(cx, holder, id, desc->value,
|
|
desc->getter, desc->setter, desc->attrs);
|
|
}
|
|
|
|
static JSBool
|
|
wrappedJSObject_getter(JSContext *cx, HandleObject wrapper, HandleId id, MutableHandleValue vp)
|
|
{
|
|
if (!IsWrapper(wrapper) || !WrapperFactory::IsXrayWrapper(wrapper)) {
|
|
JS_ReportError(cx, "Unexpected object");
|
|
return false;
|
|
}
|
|
|
|
vp.set(OBJECT_TO_JSVAL(wrapper));
|
|
|
|
return WrapperFactory::WaiveXrayAndWrap(cx, vp.address());
|
|
}
|
|
|
|
static JSBool
|
|
WrapURI(JSContext *cx, nsIURI *uri, MutableHandleValue vp)
|
|
{
|
|
RootedObject scope(cx, JS_GetGlobalForScopeChain(cx));
|
|
nsresult rv =
|
|
nsXPConnect::FastGetXPConnect()->WrapNativeToJSVal(cx, scope, uri, nullptr,
|
|
&NS_GET_IID(nsIURI), true,
|
|
vp.address(), nullptr);
|
|
if (NS_FAILED(rv)) {
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static JSBool
|
|
documentURIObject_getter(JSContext *cx, HandleObject wrapper, HandleId id, MutableHandleValue vp)
|
|
{
|
|
nsCOMPtr<nsIDocument> native = do_QueryInterfaceNative(cx, wrapper);
|
|
if (!native) {
|
|
JS_ReportError(cx, "Unexpected object");
|
|
return false;
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> uri = native->GetDocumentURI();
|
|
if (!uri) {
|
|
JS_ReportOutOfMemory(cx);
|
|
return false;
|
|
}
|
|
|
|
return WrapURI(cx, uri, vp);
|
|
}
|
|
|
|
static JSBool
|
|
baseURIObject_getter(JSContext *cx, HandleObject wrapper, HandleId id, MutableHandleValue vp)
|
|
{
|
|
nsCOMPtr<nsINode> native = do_QueryInterfaceNative(cx, wrapper);
|
|
if (!native) {
|
|
JS_ReportError(cx, "Unexpected object");
|
|
return false;
|
|
}
|
|
|
|
nsCOMPtr<nsIURI> uri = native->GetBaseURI();
|
|
if (!uri) {
|
|
JS_ReportOutOfMemory(cx);
|
|
return false;
|
|
}
|
|
|
|
return WrapURI(cx, uri, vp);
|
|
}
|
|
|
|
static JSBool
|
|
nodePrincipal_getter(JSContext *cx, HandleObject wrapper, HandleId id, MutableHandleValue vp)
|
|
{
|
|
nsCOMPtr<nsINode> node = do_QueryInterfaceNative(cx, wrapper);
|
|
if (!node) {
|
|
JS_ReportError(cx, "Unexpected object");
|
|
return false;
|
|
}
|
|
|
|
RootedObject scope(cx, JS_GetGlobalForScopeChain(cx));
|
|
nsresult rv =
|
|
nsXPConnect::FastGetXPConnect()->WrapNativeToJSVal(cx, scope, node->NodePrincipal(), nullptr,
|
|
&NS_GET_IID(nsIPrincipal), true,
|
|
vp.address(), nullptr);
|
|
if (NS_FAILED(rv)) {
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
XrayTraits::resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper,
|
|
HandleObject wrapper, HandleObject holder, HandleId id,
|
|
PropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
desc->obj = NULL;
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
RootedObject expando(cx, getExpandoObject(cx, target, wrapper));
|
|
|
|
// Check for expando properties first. Note that the expando object lives
|
|
// in the target compartment.
|
|
if (expando) {
|
|
JSAutoCompartment ac(cx, expando);
|
|
if (!JS_GetPropertyDescriptorById(cx, expando, id, 0, desc))
|
|
return false;
|
|
}
|
|
if (desc->obj) {
|
|
if (!JS_WrapPropertyDescriptor(cx, desc))
|
|
return false;
|
|
// Pretend the property lives on the wrapper.
|
|
desc->obj = wrapper;
|
|
return true;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper,
|
|
HandleObject wrapper, HandleObject holder,
|
|
HandleId id, PropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
// Call the common code.
|
|
bool ok = XrayTraits::resolveOwnProperty(cx, jsWrapper, wrapper, holder,
|
|
id, desc, flags);
|
|
if (!ok || desc->obj)
|
|
return ok;
|
|
|
|
// Check for indexed access on a window.
|
|
int32_t index = GetArrayIndexFromId(cx, id);
|
|
if (IsArrayIndex(index)) {
|
|
nsGlobalWindow* win =
|
|
static_cast<nsGlobalWindow*>(As<nsPIDOMWindow>(wrapper));
|
|
// Note: As() unwraps outer windows to get to the inner window.
|
|
if (win) {
|
|
bool unused;
|
|
nsCOMPtr<nsIDOMWindow> subframe = win->IndexedGetter(index, unused);
|
|
if (subframe) {
|
|
nsGlobalWindow* global = static_cast<nsGlobalWindow*>(subframe.get());
|
|
global->EnsureInnerWindow();
|
|
JSObject* obj = global->FastGetGlobalJSObject();
|
|
if (MOZ_UNLIKELY(!obj)) {
|
|
// It's gone?
|
|
return xpc::Throw(cx, NS_ERROR_FAILURE);
|
|
}
|
|
desc->value = ObjectValue(*obj);
|
|
mozilla::dom::FillPropertyDescriptor(desc, wrapper, true);
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Xray wrappers don't use the regular wrapper hierarchy, so we should be
|
|
// in the wrapper's compartment here, not the wrappee.
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
|
|
XPCJSRuntime* rt = nsXPConnect::GetRuntimeInstance();
|
|
if (AccessCheck::isChrome(wrapper) &&
|
|
(((id == rt->GetStringID(XPCJSRuntime::IDX_BASEURIOBJECT) ||
|
|
id == rt->GetStringID(XPCJSRuntime::IDX_NODEPRINCIPAL)) &&
|
|
Is<nsINode>(wrapper)) ||
|
|
(id == rt->GetStringID(XPCJSRuntime::IDX_DOCUMENTURIOBJECT) &&
|
|
Is<nsIDocument>(wrapper))))
|
|
{
|
|
desc->obj = wrapper;
|
|
desc->attrs = JSPROP_ENUMERATE|JSPROP_SHARED;
|
|
if (id == rt->GetStringID(XPCJSRuntime::IDX_BASEURIOBJECT))
|
|
desc->getter = baseURIObject_getter;
|
|
else if (id == rt->GetStringID(XPCJSRuntime::IDX_DOCUMENTURIOBJECT))
|
|
desc->getter = documentURIObject_getter;
|
|
else
|
|
desc->getter = nodePrincipal_getter;
|
|
desc->setter = NULL;
|
|
desc->shortid = 0;
|
|
desc->value = JSVAL_VOID;
|
|
return true;
|
|
}
|
|
|
|
JSBool hasProp;
|
|
if (!JS_HasPropertyById(cx, holder, id, &hasProp)) {
|
|
return false;
|
|
}
|
|
if (!hasProp) {
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
|
|
// Run the resolve hook of the wrapped native.
|
|
if (!NATIVE_HAS_FLAG(wn, WantNewResolve)) {
|
|
return true;
|
|
}
|
|
|
|
bool retval = true;
|
|
JSObject *pobj = NULL;
|
|
nsresult rv = wn->GetScriptableInfo()->GetCallback()->NewResolve(wn, cx, wrapper, id,
|
|
flags, &pobj, &retval);
|
|
if (NS_FAILED(rv)) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
|
|
#ifdef DEBUG
|
|
NS_ASSERTION(!pobj || (JS_HasPropertyById(cx, holder, id, &hasProp) &&
|
|
hasProp), "id got defined somewhere else?");
|
|
#endif
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
PropertyDescriptor *desc,
|
|
PropertyDescriptor &existingDesc,
|
|
bool *defined)
|
|
{
|
|
*defined = false;
|
|
JSObject *holder = singleton.ensureHolder(cx, wrapper);
|
|
if (isResolving(cx, holder, id)) {
|
|
if (!(desc->attrs & (JSPROP_GETTER | JSPROP_SETTER))) {
|
|
if (!desc->getter)
|
|
desc->getter = holder_get;
|
|
if (!desc->setter)
|
|
desc->setter = holder_set;
|
|
}
|
|
|
|
*defined = true;
|
|
return JS_DefinePropertyById(cx, holder, id, desc->value, desc->getter, desc->setter,
|
|
desc->attrs);
|
|
}
|
|
|
|
// Check for an indexed property on a Window. If that's happening, do
|
|
// nothing but claim we defined it so it won't get added as an expando.
|
|
int32_t index = GetArrayIndexFromId(cx, id);
|
|
if (IsArrayIndex(index) && Is<nsIDOMWindow>(wrapper)) {
|
|
*defined = true;
|
|
return true;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props)
|
|
{
|
|
// Force all native properties to be materialized onto the wrapped native.
|
|
AutoIdVector wnProps(cx);
|
|
{
|
|
RootedObject target(cx, singleton.getTargetObject(wrapper));
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!js::GetPropertyNames(cx, target, flags, &wnProps))
|
|
return false;
|
|
}
|
|
|
|
// Go through the properties we got and enumerate all native ones.
|
|
for (size_t n = 0; n < wnProps.length(); ++n) {
|
|
RootedId id(cx, wnProps[n]);
|
|
JSBool hasProp;
|
|
if (!JS_HasPropertyById(cx, wrapper, id, &hasProp))
|
|
return false;
|
|
if (hasProp)
|
|
props.append(id);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
JSObject *
|
|
XPCWrappedNativeXrayTraits::createHolder(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
JSObject *global = JS_GetGlobalForObject(cx, wrapper);
|
|
JSObject *holder = JS_NewObjectWithGivenProto(cx, &HolderClass, nullptr,
|
|
global);
|
|
if (!holder)
|
|
return nullptr;
|
|
|
|
js::SetReservedSlot(holder, JSSLOT_RESOLVING, PrivateValue(NULL));
|
|
return holder;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::call(JSContext *cx, HandleObject wrapper,
|
|
unsigned argc, Value *vp)
|
|
{
|
|
// Run the resolve hook of the wrapped native.
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantCall)) {
|
|
XPCCallContext ccx(JS_CALLER, cx, wrapper, nullptr, JSID_VOID, argc,
|
|
vp + 2, vp);
|
|
if (!ccx.IsValid())
|
|
return false;
|
|
bool ok = true;
|
|
nsresult rv = wn->GetScriptableInfo()->GetCallback()->Call(wn, cx, wrapper,
|
|
argc, vp + 2, vp, &ok);
|
|
if (NS_FAILED(rv)) {
|
|
if (ok)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::construct(JSContext *cx, HandleObject wrapper,
|
|
unsigned argc, Value *argv,
|
|
MutableHandleValue rval)
|
|
{
|
|
// Run the resolve hook of the wrapped native.
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantConstruct)) {
|
|
XPCCallContext ccx(JS_CALLER, cx, wrapper, nullptr, JSID_VOID, argc, argv, rval.address());
|
|
if (!ccx.IsValid())
|
|
return false;
|
|
bool ok = true;
|
|
nsresult rv = wn->GetScriptableInfo()->GetCallback()->Construct(wn, cx, wrapper,
|
|
argc, argv, rval.address(),
|
|
&ok);
|
|
if (NS_FAILED(rv)) {
|
|
if (ok)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
JSPropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
JSObject *obj = getTargetObject(wrapper);
|
|
if (!XrayResolveNativeProperty(cx, wrapper, obj, id, desc))
|
|
return false;
|
|
|
|
NS_ASSERTION(!desc->obj || desc->obj == wrapper,
|
|
"What did we resolve this on?");
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::resolveOwnProperty(JSContext *cx, Wrapper &jsWrapper, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
JSPropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
// Call the common code.
|
|
bool ok = XrayTraits::resolveOwnProperty(cx, jsWrapper, wrapper, holder,
|
|
id, desc, flags);
|
|
if (!ok || desc->obj)
|
|
return ok;
|
|
|
|
JSObject *obj = getTargetObject(wrapper);
|
|
if (!XrayResolveOwnProperty(cx, wrapper, obj, id, desc, flags))
|
|
return false;
|
|
|
|
NS_ASSERTION(!desc->obj || desc->obj == wrapper,
|
|
"What did we resolve this on?");
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
PropertyDescriptor *desc, PropertyDescriptor &existingDesc,
|
|
bool *defined)
|
|
{
|
|
if (!existingDesc.obj)
|
|
return true;
|
|
|
|
JSObject *obj= getTargetObject(wrapper);
|
|
if (!js::IsProxy(obj))
|
|
return true;
|
|
|
|
*defined = true;
|
|
return js::GetProxyHandler(obj)->defineProperty(cx, wrapper, id, desc);
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props)
|
|
{
|
|
return XrayEnumerateProperties(cx, wrapper, getTargetObject(wrapper),
|
|
flags, props);
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::call(JSContext *cx, HandleObject wrapper, unsigned argc, Value *vp)
|
|
{
|
|
RootedObject obj(cx, getTargetObject(wrapper));
|
|
AutoValueRooter rval(cx);
|
|
bool ok;
|
|
{
|
|
JSAutoCompartment ac(cx, obj);
|
|
if (!JS_WrapValue(cx, &vp[1]))
|
|
return false;
|
|
Value* argv = JS_ARGV(cx, vp);
|
|
for (unsigned i = 0; i < argc; ++i) {
|
|
if (!JS_WrapValue(cx, &argv[i]))
|
|
return false;
|
|
}
|
|
ok = Call(cx, vp[1], obj, argc, argv, rval.addr());
|
|
}
|
|
if (!ok || !JS_WrapValue(cx, rval.addr()))
|
|
return false;
|
|
JS_SET_RVAL(cx, vp, rval.value());
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::construct(JSContext *cx, HandleObject wrapper, unsigned argc,
|
|
Value *argv, MutableHandleValue rval)
|
|
{
|
|
RootedObject obj(cx, getTargetObject(wrapper));
|
|
MOZ_ASSERT(mozilla::dom::HasConstructor(obj));
|
|
RootedObject newObj(cx);
|
|
{
|
|
JSAutoCompartment ac(cx, obj);
|
|
for (unsigned i = 0; i < argc; ++i) {
|
|
if (!JS_WrapValue(cx, &argv[i]))
|
|
return false;
|
|
}
|
|
newObj = JS_New(cx, obj, argc, argv);
|
|
}
|
|
if (!newObj || !JS_WrapObject(cx, newObj.address()))
|
|
return false;
|
|
rval.setObject(*newObj);
|
|
return true;
|
|
}
|
|
|
|
void
|
|
DOMXrayTraits::preserveWrapper(JSObject *target)
|
|
{
|
|
nsISupports *identity;
|
|
if (!mozilla::dom::UnwrapDOMObjectToISupports(target, identity))
|
|
return;
|
|
nsWrapperCache* cache = nullptr;
|
|
CallQueryInterface(identity, &cache);
|
|
if (cache)
|
|
nsContentUtils::PreserveWrapper(identity, cache);
|
|
}
|
|
|
|
JSObject*
|
|
DOMXrayTraits::createHolder(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
return JS_NewObjectWithGivenProto(cx, nullptr, nullptr,
|
|
JS_GetGlobalForObject(cx, wrapper));
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
XrayWrapper<Base, Traits>::XrayWrapper(unsigned flags)
|
|
: Base(flags | WrapperFactory::IS_XRAY_WRAPPER_FLAG)
|
|
{
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
XrayWrapper<Base, Traits>::~XrayWrapper()
|
|
{
|
|
}
|
|
|
|
namespace XrayUtils {
|
|
|
|
bool
|
|
IsTransparent(JSContext *cx, HandleObject wrapper, HandleId id)
|
|
{
|
|
// We dynamically waive Xray vision for XBL bindings accessing fields
|
|
// on bound elements, since there's no way to access such things sanely
|
|
// over Xray.
|
|
nsCOMPtr<nsIContent> content;
|
|
if (EnsureCompartmentPrivate(wrapper)->scope->IsXBLScope() &&
|
|
(content = do_QueryInterfaceNative(cx, wrapper)))
|
|
{
|
|
if (nsContentUtils::IsBindingField(cx, content, id))
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
JSObject *
|
|
GetNativePropertiesObject(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
NS_ASSERTION(js::IsWrapper(wrapper) && WrapperFactory::IsXrayWrapper(wrapper),
|
|
"bad object passed in");
|
|
|
|
JSObject *holder = GetHolder(wrapper);
|
|
NS_ASSERTION(holder, "uninitialized wrapper being used?");
|
|
return holder;
|
|
}
|
|
|
|
bool
|
|
IsXrayResolving(JSContext *cx, HandleObject wrapper, HandleId id)
|
|
{
|
|
if (!WrapperFactory::IsXrayWrapper(wrapper) ||
|
|
GetXrayType(wrapper) != XrayForWrappedNative)
|
|
{
|
|
return false;
|
|
}
|
|
JSObject *holder =
|
|
XPCWrappedNativeXrayTraits::singleton.ensureHolder(cx, wrapper);
|
|
return XPCWrappedNativeXrayTraits::isResolving(cx, holder, id);
|
|
}
|
|
|
|
} // namespace XrayUtils
|
|
|
|
static JSBool
|
|
XrayToString(JSContext *cx, unsigned argc, jsval *vp)
|
|
{
|
|
RootedObject wrapper(cx, JS_THIS_OBJECT(cx, vp));
|
|
if (!wrapper)
|
|
return false;
|
|
if (IsWrapper(wrapper) &&
|
|
GetProxyHandler(wrapper) == &sandboxCallableProxyHandler) {
|
|
wrapper = xpc::SandboxCallableProxyHandler::wrappedObject(wrapper);
|
|
}
|
|
if (!IsWrapper(wrapper) || !WrapperFactory::IsXrayWrapper(wrapper)) {
|
|
JS_ReportError(cx, "XrayToString called on an incompatible object");
|
|
return false;
|
|
}
|
|
|
|
RootedObject obj(cx, XrayTraits::getTargetObject(wrapper));
|
|
|
|
static const char start[] = "[object XrayWrapper ";
|
|
static const char end[] = "]";
|
|
if (UseDOMXray(obj))
|
|
return NativeToString(cx, wrapper, obj, start, end, vp);
|
|
|
|
nsAutoString result;
|
|
result.AppendASCII(start);
|
|
|
|
XPCCallContext ccx(JS_CALLER, cx, obj);
|
|
XPCWrappedNative *wn = XPCWrappedNativeXrayTraits::getWN(wrapper);
|
|
char *wrapperStr = wn->ToString(ccx);
|
|
if (!wrapperStr) {
|
|
JS_ReportOutOfMemory(cx);
|
|
return false;
|
|
}
|
|
result.AppendASCII(wrapperStr);
|
|
JS_smprintf_free(wrapperStr);
|
|
|
|
result.AppendASCII(end);
|
|
|
|
JSString *str = JS_NewUCStringCopyN(cx, reinterpret_cast<const jschar *>(result.get()),
|
|
result.Length());
|
|
if (!str)
|
|
return false;
|
|
|
|
*vp = STRING_TO_JSVAL(str);
|
|
return true;
|
|
}
|
|
|
|
#ifdef DEBUG
|
|
|
|
static void
|
|
DEBUG_CheckXBLCallable(JSContext *cx, JSObject *obj)
|
|
{
|
|
MOZ_ASSERT(!js::IsCrossCompartmentWrapper(obj));
|
|
MOZ_ASSERT(JS_ObjectIsCallable(cx, obj));
|
|
}
|
|
|
|
static void
|
|
DEBUG_CheckXBLLookup(JSContext *cx, JSPropertyDescriptor *desc)
|
|
{
|
|
if (!desc->obj)
|
|
return;
|
|
if (!desc->value.isUndefined()) {
|
|
MOZ_ASSERT(desc->value.isObject());
|
|
DEBUG_CheckXBLCallable(cx, &desc->value.toObject());
|
|
}
|
|
if (desc->getter) {
|
|
MOZ_ASSERT(desc->attrs & JSPROP_GETTER);
|
|
DEBUG_CheckXBLCallable(cx, JS_FUNC_TO_DATA_PTR(JSObject *, desc->getter));
|
|
}
|
|
if (desc->setter) {
|
|
MOZ_ASSERT(desc->attrs & JSPROP_SETTER);
|
|
DEBUG_CheckXBLCallable(cx, JS_FUNC_TO_DATA_PTR(JSObject *, desc->setter));
|
|
}
|
|
}
|
|
#else
|
|
#define DEBUG_CheckXBLLookup(a, b) {}
|
|
#endif
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::isExtensible(JSObject *wrapper)
|
|
{
|
|
// Xray wrappers are supposed to provide a clean view of the target
|
|
// reflector, hiding any modifications by script in the target scope. So
|
|
// even if that script freezes the reflector, we don't want to make that
|
|
// visible to the caller. DOM reflectors are always extensible by default,
|
|
// so we can just return true here.
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::preventExtensions(JSContext *cx, JS::Handle<JSObject*> wrapper)
|
|
{
|
|
// See above.
|
|
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_CANT_CHANGE_EXTENSIBILITY);
|
|
return false;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::getPropertyDescriptor(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
PropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id);
|
|
RootedObject holder(cx, Traits::singleton.ensureHolder(cx, wrapper));
|
|
if (Traits::isResolving(cx, holder, id)) {
|
|
desc->obj = NULL;
|
|
return true;
|
|
}
|
|
|
|
typename Traits::ResolvingIdImpl resolving(wrapper, id);
|
|
|
|
// Redirect access straight to the wrapper if we should be transparent.
|
|
if (XrayUtils::IsTransparent(cx, wrapper, id)) {
|
|
RootedObject obj(cx, Traits::getTargetObject(wrapper));
|
|
{
|
|
JSAutoCompartment ac(cx, obj);
|
|
if (!JS_GetPropertyDescriptorById(cx, obj, id, flags, desc))
|
|
return false;
|
|
}
|
|
|
|
if (desc->obj)
|
|
desc->obj = wrapper;
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
}
|
|
|
|
if (!holder)
|
|
return false;
|
|
|
|
// Only chrome wrappers and same-origin xrays (used by jetpack sandboxes)
|
|
// get .wrappedJSObject. We can check this by determining if the compartment
|
|
// of the wrapper subsumes that of the wrappee.
|
|
XPCJSRuntime* rt = nsXPConnect::GetRuntimeInstance();
|
|
if (AccessCheck::wrapperSubsumes(wrapper) &&
|
|
id == rt->GetStringID(XPCJSRuntime::IDX_WRAPPED_JSOBJECT)) {
|
|
desc->obj = wrapper;
|
|
desc->attrs = JSPROP_ENUMERATE|JSPROP_SHARED;
|
|
desc->getter = wrappedJSObject_getter;
|
|
desc->setter = NULL;
|
|
desc->shortid = 0;
|
|
desc->value = JSVAL_VOID;
|
|
return true;
|
|
}
|
|
|
|
if (!Traits::singleton.resolveOwnProperty(cx, *this, wrapper, holder, id, desc, flags))
|
|
return false;
|
|
|
|
if (desc->obj) {
|
|
desc->obj = wrapper;
|
|
return true;
|
|
}
|
|
|
|
// We need to handle named access on the Window somewhere other than
|
|
// Traits::resolveOwnProperty, because per spec it happens on the Global
|
|
// Scope Polluter and thus the resulting properties are non-|own|. However,
|
|
// we're set up (below) to cache (on the holder) anything that comes out of
|
|
// resolveNativeProperty, which we don't want for something dynamic like
|
|
// named access. So we just handle it here.
|
|
nsGlobalWindow *win;
|
|
if (Traits::Type == XrayForWrappedNative && JSID_IS_STRING(id) &&
|
|
(win = static_cast<nsGlobalWindow*>(As<nsPIDOMWindow>(wrapper))))
|
|
{
|
|
nsCOMPtr<nsIDOMWindow> childDOMWin = win->GetChildWindow(id);
|
|
if (childDOMWin) {
|
|
nsGlobalWindow *cwin = static_cast<nsGlobalWindow*>(childDOMWin.get());
|
|
JSObject *childObj = cwin->FastGetGlobalJSObject();
|
|
if (MOZ_UNLIKELY(!childObj))
|
|
return xpc::Throw(cx, NS_ERROR_FAILURE);
|
|
mozilla::dom::FillPropertyDescriptor(desc, wrapper,
|
|
ObjectValue(*childObj),
|
|
/* readOnly = */ true);
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
}
|
|
}
|
|
|
|
if (!JS_GetPropertyDescriptorById(cx, holder, id, 0, desc))
|
|
return false;
|
|
if (desc->obj) {
|
|
desc->obj = wrapper;
|
|
return true;
|
|
}
|
|
|
|
// Nothing in the cache. Call through, and cache the result.
|
|
if (!Traits::resolveNativeProperty(cx, wrapper, holder, id, desc, flags))
|
|
return false;
|
|
|
|
if (!desc->obj &&
|
|
id == nsXPConnect::GetRuntimeInstance()->GetStringID(XPCJSRuntime::IDX_TO_STRING))
|
|
{
|
|
|
|
JSFunction *toString = JS_NewFunction(cx, XrayToString, 0, 0, holder, "toString");
|
|
if (!toString)
|
|
return false;
|
|
|
|
desc->obj = wrapper;
|
|
desc->attrs = 0;
|
|
desc->getter = NULL;
|
|
desc->setter = NULL;
|
|
desc->shortid = 0;
|
|
desc->value.setObject(*JS_GetFunctionObject(toString));
|
|
}
|
|
|
|
// If we're a special scope for in-content XBL, our script expects to see
|
|
// the bound XBL methods and attributes when accessing content. However,
|
|
// these members are implemented in content via custom-spliced prototypes,
|
|
// and thus aren't visible through Xray wrappers unless we handle them
|
|
// explicitly. So we check if we're running in such a scope, and if so,
|
|
// whether the wrappee is a bound element. If it is, we do a lookup via
|
|
// specialized XBL machinery.
|
|
//
|
|
// While we have to do some sketchy walking through content land, we should
|
|
// be protected by read-only/non-configurable properties, and any functions
|
|
// we end up with should _always_ be living in our own scope (the XBL scope).
|
|
// Make sure to assert that.
|
|
nsCOMPtr<nsIContent> content;
|
|
if (!desc->obj &&
|
|
EnsureCompartmentPrivate(wrapper)->scope->IsXBLScope() &&
|
|
(content = do_QueryInterfaceNative(cx, wrapper)))
|
|
{
|
|
if (!nsContentUtils::LookupBindingMember(cx, content, id, desc))
|
|
return false;
|
|
DEBUG_CheckXBLLookup(cx, desc);
|
|
}
|
|
|
|
// If we still have nothing, we're done.
|
|
if (!desc->obj)
|
|
return true;
|
|
|
|
if (!JS_DefinePropertyById(cx, holder, id, desc->value, desc->getter,
|
|
desc->setter, desc->attrs) ||
|
|
!JS_GetPropertyDescriptorById(cx, holder, id, flags, desc))
|
|
{
|
|
return false;
|
|
}
|
|
MOZ_ASSERT(desc->obj);
|
|
desc->obj = wrapper;
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::getOwnPropertyDescriptor(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
PropertyDescriptor *desc, unsigned flags)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id);
|
|
RootedObject holder(cx, Traits::singleton.ensureHolder(cx, wrapper));
|
|
if (Traits::isResolving(cx, holder, id)) {
|
|
desc->obj = NULL;
|
|
return true;
|
|
}
|
|
|
|
typename Traits::ResolvingIdImpl resolving(wrapper, id);
|
|
|
|
// NB: Nothing we do here acts on the wrapped native itself, so we don't
|
|
// enter our policy.
|
|
// Redirect access straight to the wrapper if we should be transparent.
|
|
if (XrayUtils::IsTransparent(cx, wrapper, id)) {
|
|
RootedObject obj(cx, Traits::getTargetObject(wrapper));
|
|
{
|
|
JSAutoCompartment ac(cx, obj);
|
|
if (!JS_GetPropertyDescriptorById(cx, obj, id, flags, desc))
|
|
return false;
|
|
}
|
|
|
|
desc->obj = (desc->obj == obj) ? wrapper.get() : nullptr; // XXX
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
}
|
|
|
|
if (!Traits::singleton.resolveOwnProperty(cx, *this, wrapper, holder, id, desc, flags))
|
|
return false;
|
|
|
|
if (desc->obj) {
|
|
desc->obj = wrapper;
|
|
return true;
|
|
}
|
|
|
|
if (!JS_GetPropertyDescriptorById(cx, holder, id, flags, desc))
|
|
return false;
|
|
|
|
// Pretend we found the property on the wrapper, not the holder.
|
|
if (desc->obj)
|
|
desc->obj = wrapper;
|
|
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::defineProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, PropertyDescriptor *desc)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id);
|
|
// Redirect access straight to the wrapper if we should be transparent.
|
|
if (XrayUtils::IsTransparent(cx, wrapper, id)) {
|
|
RootedObject obj(cx, Traits::getTargetObject(wrapper));
|
|
JSAutoCompartment ac(cx, obj);
|
|
if (!JS_WrapPropertyDescriptor(cx, desc))
|
|
return false;
|
|
|
|
return JS_DefinePropertyById(cx, obj, id, desc->value, desc->getter, desc->setter,
|
|
desc->attrs);
|
|
}
|
|
|
|
// NB: We still need JSRESOLVE_ASSIGNING here for the time being, because it
|
|
// tells things like nodelists whether they should create the property or not.
|
|
PropertyDescriptor existing_desc;
|
|
if (!getOwnPropertyDescriptor(cx, wrapper, id, &existing_desc, JSRESOLVE_ASSIGNING))
|
|
return false;
|
|
|
|
if (existing_desc.obj && (existing_desc.attrs & JSPROP_PERMANENT))
|
|
return true; // silently ignore attempt to overwrite native property
|
|
|
|
bool defined = false;
|
|
if (!Traits::defineProperty(cx, wrapper, id, desc, existing_desc, &defined))
|
|
return false;
|
|
if (defined)
|
|
return true;
|
|
|
|
// We're placing an expando. The expando objects live in the target
|
|
// compartment, so we need to enter it.
|
|
RootedObject target(cx, Traits::singleton.getTargetObject(wrapper));
|
|
JSAutoCompartment ac(cx, target);
|
|
|
|
// Grab the relevant expando object.
|
|
RootedObject expandoObject(cx, Traits::singleton.ensureExpandoObject(cx, wrapper,
|
|
target));
|
|
if (!expandoObject)
|
|
return false;
|
|
|
|
// Wrap the property descriptor for the target compartment.
|
|
PropertyDescriptor wrappedDesc = *desc;
|
|
if (!JS_WrapPropertyDescriptor(cx, &wrappedDesc))
|
|
return false;
|
|
|
|
return JS_DefinePropertyById(cx, expandoObject, id, wrappedDesc.value,
|
|
wrappedDesc.getter, wrappedDesc.setter,
|
|
wrappedDesc.attrs);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::getOwnPropertyNames(JSContext *cx, HandleObject wrapper,
|
|
AutoIdVector &props)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID);
|
|
return enumerate(cx, wrapper, JSITER_OWNONLY | JSITER_HIDDEN, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::delete_(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, bool *bp)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id);
|
|
// Redirect access straight to the wrapper if we should be transparent.
|
|
if (XrayUtils::IsTransparent(cx, wrapper, id)) {
|
|
RootedObject obj(cx, Traits::getTargetObject(wrapper));
|
|
|
|
JSAutoCompartment ac(cx, obj);
|
|
|
|
JSBool b;
|
|
RootedValue v(cx);
|
|
if (!JS_DeletePropertyById2(cx, obj, id, v.address()) || !JS_ValueToBoolean(cx, v, &b))
|
|
return false;
|
|
*bp = !!b;
|
|
return true;
|
|
}
|
|
|
|
// Check the expando object.
|
|
RootedObject target(cx, Traits::getTargetObject(wrapper));
|
|
RootedObject expando(cx, Traits::singleton.getExpandoObject(cx, target, wrapper));
|
|
JSBool b = true;
|
|
if (expando) {
|
|
JSAutoCompartment ac(cx, expando);
|
|
RootedValue v(cx);
|
|
if (!JS_DeletePropertyById2(cx, expando, id, v.address()) ||
|
|
!JS_ValueToBoolean(cx, v, &b))
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
*bp = !!b;
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::enumerate(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID);
|
|
// Redirect access straight to the wrapper if we should be transparent.
|
|
if (XrayUtils::IsTransparent(cx, wrapper, JSID_VOIDHANDLE)) {
|
|
RootedObject obj(cx, Traits::getTargetObject(wrapper));
|
|
JSAutoCompartment ac(cx, obj);
|
|
return js::GetPropertyNames(cx, obj, flags, &props);
|
|
}
|
|
|
|
if (!AccessCheck::wrapperSubsumes(wrapper)) {
|
|
JS_ReportError(cx, "Not allowed to enumerate cross origin objects");
|
|
return false;
|
|
}
|
|
|
|
// Enumerate expando properties first. Note that the expando object lives
|
|
// in the target compartment.
|
|
RootedObject target(cx, Traits::singleton.getTargetObject(wrapper));
|
|
RootedObject expando(cx, Traits::singleton.getExpandoObject(cx, target, wrapper));
|
|
if (expando) {
|
|
JSAutoCompartment ac(cx, expando);
|
|
if (!js::GetPropertyNames(cx, expando, flags, &props))
|
|
return false;
|
|
}
|
|
if (!JS_WrapAutoIdVector(cx, props))
|
|
return false;
|
|
|
|
return Traits::enumerateNames(cx, wrapper, flags, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::enumerate(JSContext *cx, HandleObject wrapper,
|
|
AutoIdVector &props)
|
|
{
|
|
return enumerate(cx, wrapper, 0, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::get(JSContext *cx, HandleObject wrapper,
|
|
HandleObject receiver, HandleId id,
|
|
MutableHandleValue vp)
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
// NB: None of the functions we call are prepared for the receiver not
|
|
// being the wrapper, so ignore the receiver here.
|
|
return js::BaseProxyHandler::get(cx, wrapper, wrapper, id, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::set(JSContext *cx, HandleObject wrapper,
|
|
HandleObject receiver, HandleId id,
|
|
bool strict, MutableHandleValue vp)
|
|
{
|
|
// Skip our Base if it isn't already BaseProxyHandler.
|
|
// NB: None of the functions we call are prepared for the receiver not
|
|
// being the wrapper, so ignore the receiver here.
|
|
return js::BaseProxyHandler::set(cx, wrapper, wrapper, id, strict, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::has(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, bool *bp)
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::has(cx, wrapper, id, bp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::hasOwn(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, bool *bp)
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::hasOwn(cx, wrapper, id, bp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::keys(JSContext *cx, HandleObject wrapper,
|
|
AutoIdVector &props)
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::keys(cx, wrapper, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::iterate(JSContext *cx, HandleObject wrapper,
|
|
unsigned flags, MutableHandleValue vp)
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::iterate(cx, wrapper, flags, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::call(JSContext *cx, HandleObject wrapper,
|
|
unsigned argc, js::Value *vp)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID);
|
|
return Traits::call(cx, wrapper, argc, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::construct(JSContext *cx, HandleObject wrapper,
|
|
unsigned argc, Value *argv,
|
|
MutableHandleValue rval)
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID);
|
|
return Traits::construct(cx, wrapper, argc, argv, rval);
|
|
}
|
|
|
|
/*
|
|
* The Permissive / Security variants should be used depending on whether the
|
|
* compartment of the wrapper is guranteed to subsume the compartment of the
|
|
* wrapped object (i.e. - whether it is safe from a security perspective to
|
|
* unwrap the wrapper).
|
|
*/
|
|
|
|
template<>
|
|
PermissiveXrayXPCWN PermissiveXrayXPCWN::singleton(0);
|
|
template class PermissiveXrayXPCWN;
|
|
|
|
template<>
|
|
SecurityXrayXPCWN SecurityXrayXPCWN::singleton(0);
|
|
template class SecurityXrayXPCWN;
|
|
|
|
template<>
|
|
PermissiveXrayDOM PermissiveXrayDOM::singleton(0);
|
|
template class PermissiveXrayDOM;
|
|
|
|
template<>
|
|
SecurityXrayDOM SecurityXrayDOM::singleton(0);
|
|
template class SecurityXrayDOM;
|
|
|
|
template<>
|
|
SCPermissiveXrayXPCWN SCPermissiveXrayXPCWN::singleton(0);
|
|
template class SCPermissiveXrayXPCWN;
|
|
|
|
template<>
|
|
SCSecurityXrayXPCWN SCSecurityXrayXPCWN::singleton(0);
|
|
template class SCSecurityXrayXPCWN;
|
|
|
|
template<>
|
|
SCPermissiveXrayDOM SCPermissiveXrayDOM::singleton(0);
|
|
template class SCPermissiveXrayDOM;
|
|
|
|
static nsQueryInterface
|
|
do_QueryInterfaceNative(JSContext* cx, HandleObject wrapper)
|
|
{
|
|
nsISupports* nativeSupports;
|
|
if (IsWrapper(wrapper) && WrapperFactory::IsXrayWrapper(wrapper)) {
|
|
JSObject* target = XrayTraits::getTargetObject(wrapper);
|
|
if (GetXrayType(target) == XrayForDOMObject) {
|
|
if (!UnwrapDOMObjectToISupports(target, nativeSupports)) {
|
|
nativeSupports = nullptr;
|
|
}
|
|
} else {
|
|
XPCWrappedNative *wn = GetWrappedNative(target);
|
|
nativeSupports = wn->Native();
|
|
}
|
|
} else {
|
|
nsIXPConnect *xpc = nsXPConnect::GetXPConnect();
|
|
nativeSupports = xpc->GetNativeOfWrapper(cx, wrapper);
|
|
}
|
|
|
|
return nsQueryInterface(nativeSupports);
|
|
}
|
|
|
|
}
|