2010-06-03 15:27:29 -07:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
|
|
|
|
|
* vim: set ts=4 sw=4 et tw=99:
|
|
|
|
|
*
|
2012-05-21 04:12:37 -07:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2010-06-03 15:27:29 -07:00
|
|
|
|
|
|
|
|
#ifndef jswrapper_h___
|
|
|
|
|
#define jswrapper_h___
|
|
|
|
|
|
2011-11-20 12:22:51 -08:00
|
|
|
#include "mozilla/Attributes.h"
|
2011-11-14 10:31:46 -08:00
|
|
|
|
2010-06-03 15:27:29 -07:00
|
|
|
#include "jsapi.h"
|
|
|
|
|
#include "jsproxy.h"
|
|
|
|
|
|
2011-09-08 20:29:15 -07:00
|
|
|
namespace js {
|
2010-09-25 20:05:36 -07:00
|
|
|
|
2012-01-02 10:05:19 -08:00
|
|
|
class DummyFrameGuard;
|
|
|
|
|
|
2012-07-08 10:04:14 -07:00
|
|
|
/*
|
|
|
|
|
* A wrapper is essentially a proxy that restricts access to certain traps. The
|
|
|
|
|
* way in which a wrapper restricts access to its traps depends on the
|
|
|
|
|
* particular policy for that wrapper. To allow a wrapper's policy to be
|
|
|
|
|
* customized, the Wrapper base class contains two functions, enter/leave, which
|
|
|
|
|
* are called as a policy enforcement check before/after each trap is forwarded.
|
|
|
|
|
*
|
|
|
|
|
* To minimize code duplication, a set of abstract wrapper classes is
|
|
|
|
|
* provided, from which other wrappers may inherit. These abstract classes are
|
|
|
|
|
* organized in the following hierarchy:
|
|
|
|
|
*
|
|
|
|
|
* BaseProxyHandler Wrapper
|
|
|
|
|
* | | |
|
|
|
|
|
* IndirectProxyHandler | |
|
|
|
|
|
* | | | |
|
|
|
|
|
* | IndirectWrapper |
|
|
|
|
|
* | |
|
|
|
|
|
* DirectProxyHandler |
|
|
|
|
|
* | |
|
|
|
|
|
* DirectWrapper
|
|
|
|
|
*/
|
2012-06-27 19:10:37 -07:00
|
|
|
class JS_FRIEND_API(Wrapper)
|
2011-09-08 20:29:15 -07:00
|
|
|
{
|
2012-04-19 11:19:41 -07:00
|
|
|
unsigned mFlags;
|
2012-06-27 19:10:37 -07:00
|
|
|
|
2010-07-01 18:06:33 -07:00
|
|
|
public:
|
2012-06-27 19:10:37 -07:00
|
|
|
enum Action {
|
|
|
|
|
GET,
|
|
|
|
|
SET,
|
|
|
|
|
CALL,
|
|
|
|
|
PUNCTURE
|
|
|
|
|
};
|
2012-04-19 11:19:41 -07:00
|
|
|
|
2012-06-27 19:10:37 -07:00
|
|
|
enum Flags {
|
|
|
|
|
CROSS_COMPARTMENT = 1 << 0,
|
|
|
|
|
LAST_USED_FLAG = CROSS_COMPARTMENT
|
|
|
|
|
};
|
2010-06-03 15:27:29 -07:00
|
|
|
|
2012-06-27 19:10:37 -07:00
|
|
|
typedef enum {
|
|
|
|
|
PermitObjectAccess,
|
|
|
|
|
PermitPropertyAccess,
|
|
|
|
|
DenyAccess
|
|
|
|
|
} Permission;
|
|
|
|
|
|
|
|
|
|
static JSObject *New(JSContext *cx, JSObject *obj, JSObject *proto,
|
|
|
|
|
JSObject *parent, Wrapper *handler);
|
|
|
|
|
|
|
|
|
|
static Wrapper *wrapperHandler(const JSObject *wrapper);
|
|
|
|
|
|
|
|
|
|
static JSObject *wrappedObject(const JSObject *wrapper);
|
|
|
|
|
|
|
|
|
|
explicit Wrapper(unsigned flags);
|
|
|
|
|
|
|
|
|
|
unsigned flags() const {
|
|
|
|
|
return mFlags;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The function Wrapper::New takes a pointer to a Wrapper as the handler
|
|
|
|
|
* object. It then passes it on to the function NewProxyObject, which
|
|
|
|
|
* expects a pointer to a BaseProxyHandler as the handler object. We don't
|
|
|
|
|
* want to change Wrapper::New to take a pointer to a BaseProxyHandler,
|
|
|
|
|
* because that would allow the creation of wrappers with non-wrapper
|
|
|
|
|
* handlers. Unfortunately, we can't inherit Wrapper from BaseProxyHandler,
|
|
|
|
|
* since that would create a dreaded diamond, and we can't use dynamic_cast
|
|
|
|
|
* to cast Wrapper to BaseProxyHandler, since that would require us to
|
|
|
|
|
* compile with run time type information. Hence the need for this virtual
|
|
|
|
|
* function.
|
|
|
|
|
*/
|
|
|
|
|
virtual BaseProxyHandler *toBaseProxyHandler() = 0;
|
2010-07-02 13:54:53 -07:00
|
|
|
|
2012-03-23 14:59:27 -07:00
|
|
|
/* Policy enforcement traps.
|
|
|
|
|
*
|
|
|
|
|
* enter() allows the policy to specify whether the caller may perform |act|
|
|
|
|
|
* on the underlying object's |id| property. In the case when |act| is CALL,
|
|
|
|
|
* |id| is generally JSID_VOID.
|
|
|
|
|
*
|
|
|
|
|
* The |act| parameter to enter() specifies the action being performed. GET,
|
2012-06-27 19:10:37 -07:00
|
|
|
* SET, and CALL are self-explanatory, but PUNCTURE requires more
|
|
|
|
|
* explanation:
|
2012-03-23 14:59:27 -07:00
|
|
|
*
|
|
|
|
|
* GET and SET allow for a very fine-grained security membrane, through
|
|
|
|
|
* which access can be granted or denied on a per-property, per-object, and
|
|
|
|
|
* per-action basis. Sometimes though, we just want to asks if we can access
|
|
|
|
|
* _everything_ behind the wrapper barrier. For example, when the structured
|
|
|
|
|
* clone algorithm runs up against a cross-compartment wrapper, it needs to
|
|
|
|
|
* know whether it can enter the compartment and keep cloning, or whether it
|
|
|
|
|
* should throw. This is the role of PUNCTURE.
|
|
|
|
|
*
|
|
|
|
|
* PUNCTURE allows the policy to specify whether the wrapper barrier may
|
|
|
|
|
* be lifted - that is to say, whether the caller is allowed to access
|
|
|
|
|
* anything that the wrapped object could access. This is a very powerful
|
|
|
|
|
* permission, and thus should generally be denied for security wrappers
|
|
|
|
|
* except under very special circumstances. When |act| is PUNCTURE, |id|
|
|
|
|
|
* should be JSID_VOID.
|
2012-06-27 19:10:37 -07:00
|
|
|
*/
|
|
|
|
|
virtual bool enter(JSContext *cx, JSObject *wrapper, jsid id, Action act,
|
|
|
|
|
bool *bp);
|
|
|
|
|
};
|
2010-06-03 15:27:29 -07:00
|
|
|
|
2012-06-27 19:10:37 -07:00
|
|
|
/*
|
2012-07-08 10:04:14 -07:00
|
|
|
* IndirectWrapper forwards its traps by forwarding them to
|
|
|
|
|
* IndirectProxyHandler. In effect, IndirectWrapper behaves the same as
|
|
|
|
|
* IndirectProxyHandler, except that it adds policy enforcement checks to each
|
|
|
|
|
* fundamental trap.
|
2012-06-27 19:10:37 -07:00
|
|
|
*/
|
2012-07-08 10:04:14 -07:00
|
|
|
class JS_FRIEND_API(IndirectWrapper) : public Wrapper,
|
2012-06-27 19:10:37 -07:00
|
|
|
public IndirectProxyHandler
|
|
|
|
|
{
|
|
|
|
|
public:
|
2012-07-08 10:04:14 -07:00
|
|
|
explicit IndirectWrapper(unsigned flags);
|
2012-06-27 19:10:37 -07:00
|
|
|
|
|
|
|
|
virtual BaseProxyHandler* toBaseProxyHandler() {
|
|
|
|
|
return this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
virtual Wrapper *toWrapper() {
|
|
|
|
|
return this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ES5 Harmony fundamental wrapper traps. */
|
|
|
|
|
virtual bool getPropertyDescriptor(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
jsid id, bool set,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool getOwnPropertyDescriptor(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
jsid id, bool set,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool defineProperty(JSContext *cx, JSObject *wrapper, jsid id,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool getOwnPropertyNames(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
AutoIdVector &props) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool delete_(JSContext *cx, JSObject *wrapper, jsid id,
|
|
|
|
|
bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool enumerate(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
AutoIdVector &props) MOZ_OVERRIDE;
|
2012-04-15 16:43:14 -07:00
|
|
|
};
|
|
|
|
|
|
2012-06-27 19:10:37 -07:00
|
|
|
/*
|
2012-07-08 10:04:14 -07:00
|
|
|
* DirectWrapper forwards its traps by forwarding them to DirectProxyHandler.
|
|
|
|
|
* In effect, DirectWrapper behaves the same as DirectProxyHandler, except that
|
|
|
|
|
* it adds policy enforcement checks to each trap.
|
2012-06-27 19:10:37 -07:00
|
|
|
*/
|
2012-06-29 07:43:16 -07:00
|
|
|
class JS_FRIEND_API(DirectWrapper) : public Wrapper, public DirectProxyHandler
|
2012-04-15 16:43:14 -07:00
|
|
|
{
|
|
|
|
|
public:
|
2012-06-01 03:51:20 -07:00
|
|
|
explicit DirectWrapper(unsigned flags);
|
2012-04-15 16:43:14 -07:00
|
|
|
|
2012-06-01 03:51:20 -07:00
|
|
|
virtual ~DirectWrapper();
|
2012-04-15 16:43:14 -07:00
|
|
|
|
2012-06-29 07:43:16 -07:00
|
|
|
virtual BaseProxyHandler* toBaseProxyHandler() {
|
|
|
|
|
return this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
virtual Wrapper *toWrapper() {
|
|
|
|
|
return this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* ES5 Harmony fundamental wrapper traps. */
|
|
|
|
|
virtual bool getPropertyDescriptor(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
jsid id, bool set,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool getOwnPropertyDescriptor(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
jsid id, bool set,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool defineProperty(JSContext *cx, JSObject *wrapper, jsid id,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool getOwnPropertyNames(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
AutoIdVector &props) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool delete_(JSContext *cx, JSObject *wrapper, jsid id,
|
|
|
|
|
bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool enumerate(JSContext *cx, JSObject *wrapper,
|
|
|
|
|
AutoIdVector &props) MOZ_OVERRIDE;
|
|
|
|
|
|
2012-04-15 16:43:14 -07:00
|
|
|
/* ES5 Harmony derived wrapper traps. */
|
|
|
|
|
virtual bool has(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool hasOwn(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool get(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, Value *vp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool set(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, bool strict,
|
|
|
|
|
Value *vp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool keys(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool iterate(JSContext *cx, JSObject *wrapper, unsigned flags, Value *vp) MOZ_OVERRIDE;
|
|
|
|
|
|
|
|
|
|
/* Spidermonkey extensions. */
|
|
|
|
|
virtual bool call(JSContext *cx, JSObject *wrapper, unsigned argc, Value *vp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool construct(JSContext *cx, JSObject *wrapper, unsigned argc, Value *argv, Value *rval) MOZ_OVERRIDE;
|
2012-07-03 17:44:22 -07:00
|
|
|
virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
|
|
|
|
|
CallArgs args) MOZ_OVERRIDE;
|
2012-04-15 16:43:14 -07:00
|
|
|
virtual bool hasInstance(JSContext *cx, JSObject *wrapper, const Value *vp, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual JSString *obj_toString(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
|
|
|
|
|
virtual JSString *fun_toString(JSContext *cx, JSObject *wrapper, unsigned indent) MOZ_OVERRIDE;
|
|
|
|
|
|
2012-06-01 03:51:20 -07:00
|
|
|
static DirectWrapper singleton;
|
2010-06-03 15:27:29 -07:00
|
|
|
|
2010-10-10 15:36:04 -07:00
|
|
|
static void *getWrapperFamily();
|
2010-06-23 14:35:10 -07:00
|
|
|
};
|
|
|
|
|
|
2010-06-24 14:45:32 -07:00
|
|
|
/* Base class for all cross compartment wrapper handlers. */
|
2012-06-01 03:51:20 -07:00
|
|
|
class JS_FRIEND_API(CrossCompartmentWrapper) : public DirectWrapper
|
2011-09-08 20:29:15 -07:00
|
|
|
{
|
2010-06-24 14:45:32 -07:00
|
|
|
public:
|
2012-02-28 15:11:11 -08:00
|
|
|
CrossCompartmentWrapper(unsigned flags);
|
2010-06-25 15:58:09 -07:00
|
|
|
|
2011-09-08 20:29:15 -07:00
|
|
|
virtual ~CrossCompartmentWrapper();
|
2010-06-24 14:45:32 -07:00
|
|
|
|
2010-07-02 13:54:53 -07:00
|
|
|
/* ES5 Harmony fundamental wrapper traps. */
|
2010-09-17 14:54:41 -07:00
|
|
|
virtual bool getPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
|
2011-11-14 10:31:46 -08:00
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
2010-09-17 14:54:41 -07:00
|
|
|
virtual bool getOwnPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
|
2011-11-14 10:31:46 -08:00
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
2010-08-10 09:31:06 -07:00
|
|
|
virtual bool defineProperty(JSContext *cx, JSObject *wrapper, jsid id,
|
2011-11-14 10:31:46 -08:00
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool getOwnPropertyNames(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool delete_(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool enumerate(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
|
2010-07-02 13:54:53 -07:00
|
|
|
|
|
|
|
|
/* ES5 Harmony derived wrapper traps. */
|
2011-11-14 10:31:46 -08:00
|
|
|
virtual bool has(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool hasOwn(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool get(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, Value *vp) MOZ_OVERRIDE;
|
2011-02-09 11:31:40 -08:00
|
|
|
virtual bool set(JSContext *cx, JSObject *wrapper, JSObject *receiver, jsid id, bool strict,
|
2011-11-14 10:31:46 -08:00
|
|
|
Value *vp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool keys(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
|
2012-02-28 15:11:11 -08:00
|
|
|
virtual bool iterate(JSContext *cx, JSObject *wrapper, unsigned flags, Value *vp) MOZ_OVERRIDE;
|
2010-06-24 14:45:32 -07:00
|
|
|
|
|
|
|
|
/* Spidermonkey extensions. */
|
2012-02-28 15:11:11 -08:00
|
|
|
virtual bool call(JSContext *cx, JSObject *wrapper, unsigned argc, Value *vp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool construct(JSContext *cx, JSObject *wrapper, unsigned argc, Value *argv, Value *rval) MOZ_OVERRIDE;
|
2012-07-03 17:44:22 -07:00
|
|
|
virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
|
|
|
|
|
CallArgs args) MOZ_OVERRIDE;
|
2011-11-14 10:31:46 -08:00
|
|
|
virtual bool hasInstance(JSContext *cx, JSObject *wrapper, const Value *vp, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual JSString *obj_toString(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
|
2012-02-28 15:11:11 -08:00
|
|
|
virtual JSString *fun_toString(JSContext *cx, JSObject *wrapper, unsigned indent) MOZ_OVERRIDE;
|
2011-11-14 10:31:46 -08:00
|
|
|
virtual bool defaultValue(JSContext *cx, JSObject *wrapper, JSType hint, Value *vp) MOZ_OVERRIDE;
|
2012-02-07 10:57:16 -08:00
|
|
|
virtual bool iteratorNext(JSContext *cx, JSObject *wrapper, Value *vp);
|
2011-07-07 17:31:24 -07:00
|
|
|
|
2011-09-08 20:29:15 -07:00
|
|
|
static CrossCompartmentWrapper singleton;
|
2010-06-24 14:45:32 -07:00
|
|
|
};
|
|
|
|
|
|
2011-10-04 10:50:25 -07:00
|
|
|
/*
|
|
|
|
|
* Base class for security wrappers. A security wrapper is potentially hiding
|
|
|
|
|
* all or part of some wrapped object thus SecurityWrapper defaults to denying
|
|
|
|
|
* access to the wrappee. This is the opposite of Wrapper which tries to be
|
|
|
|
|
* completely transparent.
|
|
|
|
|
*
|
|
|
|
|
* NB: Currently, only a few ProxyHandler operations are overridden to deny
|
|
|
|
|
* access, relying on derived SecurityWrapper to block access when necessary.
|
|
|
|
|
*/
|
|
|
|
|
template <class Base>
|
|
|
|
|
class JS_FRIEND_API(SecurityWrapper) : public Base
|
|
|
|
|
{
|
|
|
|
|
public:
|
2012-02-28 15:11:11 -08:00
|
|
|
SecurityWrapper(unsigned flags);
|
2011-10-04 10:50:25 -07:00
|
|
|
|
2012-07-03 17:44:22 -07:00
|
|
|
virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
|
|
|
|
|
CallArgs args) MOZ_OVERRIDE;
|
2011-11-14 10:31:46 -08:00
|
|
|
virtual bool objectClassIs(JSObject *obj, ESClassValue classValue, JSContext *cx) MOZ_OVERRIDE;
|
2012-02-23 13:51:19 -08:00
|
|
|
virtual bool regexp_toShared(JSContext *cx, JSObject *proxy, RegExpGuard *g) MOZ_OVERRIDE;
|
2011-10-04 10:50:25 -07:00
|
|
|
};
|
|
|
|
|
|
2012-06-01 03:51:20 -07:00
|
|
|
typedef SecurityWrapper<DirectWrapper> SameCompartmentSecurityWrapper;
|
2011-10-04 10:50:25 -07:00
|
|
|
typedef SecurityWrapper<CrossCompartmentWrapper> CrossCompartmentSecurityWrapper;
|
|
|
|
|
|
2011-09-08 20:29:15 -07:00
|
|
|
/*
|
|
|
|
|
* A hacky class that lets a friend force a fake frame. We must already be
|
|
|
|
|
* in the compartment of |target| when we enter the forced frame.
|
|
|
|
|
*/
|
2011-05-02 15:47:10 -07:00
|
|
|
class JS_FRIEND_API(ForceFrame)
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
JSContext * const context;
|
|
|
|
|
JSObject * const target;
|
|
|
|
|
private:
|
2011-06-07 16:43:18 -07:00
|
|
|
DummyFrameGuard *frame;
|
2011-05-02 15:47:10 -07:00
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
ForceFrame(JSContext *cx, JSObject *target);
|
2011-05-24 08:45:36 -07:00
|
|
|
~ForceFrame();
|
2011-05-02 15:47:10 -07:00
|
|
|
bool enter();
|
|
|
|
|
};
|
|
|
|
|
|
2012-07-19 09:39:43 -07:00
|
|
|
class JS_FRIEND_API(DeadObjectProxy) : public BaseProxyHandler
|
|
|
|
|
{
|
|
|
|
|
public:
|
|
|
|
|
static int sDeadObjectFamily;
|
|
|
|
|
|
|
|
|
|
explicit DeadObjectProxy();
|
|
|
|
|
|
|
|
|
|
/* ES5 Harmony fundamental wrapper traps. */
|
|
|
|
|
virtual bool getPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool getOwnPropertyDescriptor(JSContext *cx, JSObject *wrapper, jsid id, bool set,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool defineProperty(JSContext *cx, JSObject *wrapper, jsid id,
|
|
|
|
|
PropertyDescriptor *desc) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool getOwnPropertyNames(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool delete_(JSContext *cx, JSObject *wrapper, jsid id, bool *bp) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool enumerate(JSContext *cx, JSObject *wrapper, AutoIdVector &props) MOZ_OVERRIDE;
|
|
|
|
|
|
|
|
|
|
/* Spidermonkey extensions. */
|
|
|
|
|
virtual bool call(JSContext *cx, JSObject *proxy, unsigned argc, Value *vp);
|
|
|
|
|
virtual bool construct(JSContext *cx, JSObject *proxy, unsigned argc, Value *argv, Value *rval);
|
|
|
|
|
virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
|
|
|
|
|
CallArgs args) MOZ_OVERRIDE;
|
|
|
|
|
virtual bool hasInstance(JSContext *cx, JSObject *proxy, const Value *vp, bool *bp);
|
|
|
|
|
virtual bool objectClassIs(JSObject *obj, ESClassValue classValue, JSContext *cx);
|
|
|
|
|
virtual JSString *obj_toString(JSContext *cx, JSObject *proxy);
|
|
|
|
|
virtual JSString *fun_toString(JSContext *cx, JSObject *proxy, unsigned indent);
|
|
|
|
|
virtual bool regexp_toShared(JSContext *cx, JSObject *proxy, RegExpGuard *g);
|
|
|
|
|
virtual bool defaultValue(JSContext *cx, JSObject *obj, JSType hint, Value *vp);
|
|
|
|
|
virtual bool iteratorNext(JSContext *cx, JSObject *proxy, Value *vp);
|
|
|
|
|
virtual bool getElementIfPresent(JSContext *cx, JSObject *obj, JSObject *receiver,
|
|
|
|
|
uint32_t index, Value *vp, bool *present);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static DeadObjectProxy singleton;
|
|
|
|
|
};
|
|
|
|
|
|
2010-06-24 14:45:32 -07:00
|
|
|
extern JSObject *
|
2010-09-17 14:54:40 -07:00
|
|
|
TransparentObjectWrapper(JSContext *cx, JSObject *obj, JSObject *wrappedProto, JSObject *parent,
|
2012-02-28 15:11:11 -08:00
|
|
|
unsigned flags);
|
2010-06-24 14:45:32 -07:00
|
|
|
|
2012-02-21 10:31:35 -08:00
|
|
|
// Proxy family for wrappers. Public so that IsWrapper() can be fully inlined by
|
|
|
|
|
// jsfriendapi users.
|
|
|
|
|
extern JS_FRIEND_DATA(int) sWrapperFamily;
|
|
|
|
|
|
|
|
|
|
inline bool
|
|
|
|
|
IsWrapper(const JSObject *obj)
|
|
|
|
|
{
|
|
|
|
|
return IsProxy(obj) && GetProxyHandler(obj)->family() == &sWrapperFamily;
|
|
|
|
|
}
|
2012-01-26 05:55:27 -08:00
|
|
|
|
|
|
|
|
// Given a JSObject, returns that object stripped of wrappers. If
|
|
|
|
|
// stopAtOuter is true, then this returns the outer window if it was
|
|
|
|
|
// previously wrapped. Otherwise, this returns the first object for
|
|
|
|
|
// which JSObject::isWrapper returns false.
|
2012-05-22 14:54:08 -07:00
|
|
|
JS_FRIEND_API(JSObject *)
|
|
|
|
|
UnwrapObject(JSObject *obj, bool stopAtOuter = true, unsigned *flagsp = NULL);
|
2012-01-26 05:55:27 -08:00
|
|
|
|
2012-03-23 14:59:27 -07:00
|
|
|
// Given a JSObject, returns that object stripped of wrappers. At each stage,
|
|
|
|
|
// the security wrapper has the opportunity to veto the unwrap. Since checked
|
|
|
|
|
// code should never be unwrapping outer window wrappers, we always stop at
|
|
|
|
|
// outer windows.
|
2012-05-22 14:54:08 -07:00
|
|
|
JS_FRIEND_API(JSObject *)
|
|
|
|
|
UnwrapObjectChecked(JSContext *cx, JSObject *obj);
|
2012-03-23 14:59:27 -07:00
|
|
|
|
2012-07-18 04:51:28 -07:00
|
|
|
// Unwrap only the outermost security wrapper, with the same semantics as
|
|
|
|
|
// above. This is the checked version of Wrapper::wrappedObject.
|
|
|
|
|
JS_FRIEND_API(JSObject *)
|
|
|
|
|
UnwrapOneChecked(JSContext *cx, JSObject *obj);
|
|
|
|
|
|
2012-06-04 01:13:18 -07:00
|
|
|
JS_FRIEND_API(bool)
|
2012-05-22 14:54:08 -07:00
|
|
|
IsCrossCompartmentWrapper(const JSObject *obj);
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
NukeCrossCompartmentWrapper(JSObject *wrapper);
|
2011-10-04 07:06:54 -07:00
|
|
|
|
2012-07-04 03:13:01 -07:00
|
|
|
bool
|
|
|
|
|
RemapWrapper(JSContext *cx, JSObject *wobj, JSObject *newTarget);
|
|
|
|
|
|
2012-07-23 08:57:39 -07:00
|
|
|
JS_FRIEND_API(bool)
|
2012-07-04 03:13:01 -07:00
|
|
|
RemapAllWrappersForObject(JSContext *cx, JSObject *oldTarget,
|
|
|
|
|
JSObject *newTarget);
|
2012-07-04 03:13:01 -07:00
|
|
|
|
|
|
|
|
// API to recompute all cross-compartment wrappers whose source and target
|
|
|
|
|
// match the given filters.
|
|
|
|
|
JS_FRIEND_API(bool)
|
|
|
|
|
RecomputeWrappers(JSContext *cx, const CompartmentFilter &sourceFilter,
|
|
|
|
|
const CompartmentFilter &targetFilter);
|
|
|
|
|
|
2011-10-04 07:06:54 -07:00
|
|
|
} /* namespace js */
|
2010-06-03 15:27:29 -07:00
|
|
|
|
|
|
|
|
#endif
|
