Fix Components.utils.evalInSandbox bugs: 1) GC'ing after even eval blows performance, no need; 2) borrowing the calling cx's error reporter doesn't work, we must turn uncaught exception errors back into thrown exceptions on the calling cx (301353, r+sr+a=shaver).

js/src/jsapi.c

@@ -4474,6 +4474,13 @@ JS_ErrorFromException(JSContext *cx, jsval v)
 #endif
 }
 
+JS_PUBLIC_API(JSBool)
+JS_ThrowReportedError(JSContext *cx, const char *message,
+                      JSErrorReport *reportp)
+{
+    js_ErrorToException(cx, message, reportp);
+}
+
 #ifdef JS_THREADSAFE
 JS_PUBLIC_API(jsword)
 JS_GetContextThread(JSContext *cx)

js/src/jsapi.h

@@ -1902,6 +1902,14 @@ JS_DropExceptionState(JSContext *cx, JSExceptionState *state);
 extern JS_PUBLIC_API(JSErrorReport *)
 JS_ErrorFromException(JSContext *cx, jsval v);
 
+/*
+ * Given a reported error's message and JSErrorReport struct pointer, throw
+ * the corresponding exception on cx.
+ */
+extern JS_PUBLIC_API(JSBool)
+JS_ThrowReportedError(JSContext *cx, const char *message,
+                      JSErrorReport *reportp);
+
 #ifdef JS_THREADSAFE
 
 /*

js/src/xpconnect/src/xpccomponents.cpp

@@ -2083,6 +2083,18 @@ static JSFunctionSpec SandboxFunctions[] = {
 
 #endif /* !XPCONNECT_STANDALONE */
 
+/*
+ * Throw an exception on caller_cx that is made from message and report,
+ * which were reported as uncaught on cx.
+ */
+static void
+SandboxErrorReporter(JSContext *cx, const char *message, JSErrorReport *report)
+{
+    JSContext *caller_cx = NS_STATIC_CAST(JSContext*, JS_GetContextPrivate(cx));
+
+    JS_ThrowReportedError(caller_cx, message, report);
+}
+
 /* void evalInSandbox(in AString source, in AUTF8String codebase); */
 NS_IMETHODIMP
 nsXPCComponents_Utils::EvalInSandbox(const nsAString &source,
@@ -2188,12 +2200,12 @@ nsXPCComponents_Utils::EvalInSandbox(const nsAString &source,
     }
     JS_SetGlobalObject(sandcx, sandbox);
 
-    // There's no JS_GetErrorReporter, so we fake it
-    JSErrorReporter borrowedReporter = JS_SetErrorReporter(cx, nsnull);
-    JS_SetErrorReporter(sandcx, borrowedReporter);
-    JS_SetErrorReporter(cx, borrowedReporter);
+    // Capture uncaught exceptions reported as errors on sandcx and
+    // re-throw them on cx.
+    JS_SetContextPrivate(sandcx, cx);
+    JS_SetErrorReporter(sandcx, SandboxErrorReporter);
 
-    if(!JS_EvaluateUCScriptForPrincipals(sandcx, sandbox, jsPrincipals,
+    if (!JS_EvaluateUCScriptForPrincipals(sandcx, sandbox, jsPrincipals,
                                           NS_REINTERPRET_CAST(const jschar *,
                                               PromiseFlatString(source).get()),
                                           source.Length(),
@@ -2207,7 +2219,7 @@ nsXPCComponents_Utils::EvalInSandbox(const nsAString &source,
         cc->SetReturnValueWasSet(PR_TRUE);
     }
 
-    JS_DestroyContext(sandcx);
+    JS_DestroyContextNoGC(sandcx);
     JSPRINCIPALS_DROP(cx, jsPrincipals);
     return rv;
 #endif /* !XPCONNECT_STANDALONE */