Bug 853571 - Do special detection for sandboxPrototype to make sure the source gets set up right in postMessage. r=bz

2024-09-13 09:24:08 -07:00 · 2013-03-24 09:27:10 -07:00 · 2013-03-24 09:27:10 -07:00 · 79bc02dabd
commit 79bc02dabd
parent 8943712333
3 changed files with 29 additions and 6 deletions
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@ -6392,13 +6392,26 @@ nsGlobalWindow*
 nsGlobalWindow::CallerInnerWindow()
 {
  JSContext *cx = nsContentUtils::GetCurrentJSContext();
-  if (!cx) {
-    NS_ERROR("Please don't call this method from C++!");
-
-    return nullptr;
-  }
-
+  NS_ENSURE_TRUE(cx, nullptr);
  JSObject *scope = CallerGlobal();
+
+  // When Jetpack runs content scripts inside a sandbox, it uses
+  // sandboxPrototype to make them appear as though they're running in the
+  // scope of the page. So when a content script invokes postMessage, it expects
+  // the |source| of the received message to be the window set as the
+  // sandboxPrototype. This used to work incidentally for unrelated reasons, but
+  // now we need to do some special handling to support it.
+  {
+    JSAutoCompartment ac(cx, scope);
+    JSObject *scopeProto;
+    bool ok = JS_GetPrototype(cx, scope, &scopeProto);
+    NS_ENSURE_TRUE(ok, nullptr);
+    if (scopeProto && xpc::IsSandboxPrototypeProxy(scopeProto) &&
+        (scopeProto = js::UnwrapObjectChecked(scopeProto, /* stopAtOuter = */ false)))
+    {
+      scope = scopeProto;
+    }
+  }
  JSAutoCompartment ac(cx, scope);

  nsCOMPtr<nsIXPConnectWrappedNative> wrapper;
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@ -3046,6 +3046,13 @@ NS_IMPL_THREADSAFE_RELEASE(nsXPCComponents_utils_Sandbox)

 xpc::SandboxProxyHandler xpc::sandboxProxyHandler;

+bool
+xpc::IsSandboxPrototypeProxy(JSObject *obj)
+{
+    return js::IsProxy(obj) &&
+           js::GetProxyHandler(obj) == &xpc::sandboxProxyHandler;
+}
+
 bool
 xpc::SandboxCallableProxyHandler::call(JSContext *cx, JS::Handle<JSObject*> proxy,
                                       unsigned argc, Value *vp)
--- a/js/xpconnect/src/xpcpublic.h
+++ b/js/xpconnect/src/xpcpublic.h
@ -52,6 +52,9 @@ TransplantObjectWithWrapper(JSContext *cx,
 JSObject *
 GetXBLScope(JSContext *cx, JSObject *contentScope);

+bool
+IsSandboxPrototypeProxy(JSObject *obj);
+
 } /* namespace xpc */

 #define XPCONNECT_GLOBAL_FLAGS                                                \