Bug 744034 - Link the script context to the outer window earlier to ensure that we always have TI for content. r=mrbkap

dom/base/nsGlobalWindow.cpp

@@ -1605,6 +1605,10 @@ nsGlobalWindow::SetScriptContext(nsIScriptContext *aScriptContext)
     // should probably assert the context is clean???
     aScriptContext->WillInitializeContext();
 
+    // We need point the context to the global window before initializing it
+    // so that it can make various decisions properly.
+    aScriptContext->SetGlobalObject(this);
+
     nsresult rv = aScriptContext->InitContext();
     NS_ENSURE_SUCCESS(rv, rv);
 
@@ -1874,8 +1878,6 @@ NS_IMPL_ISUPPORTS1(WindowStateHolder, WindowStateHolder)
 nsresult
 nsGlobalWindow::CreateOuterObject(nsGlobalWindow* aNewInner)
 {
-  mContext->SetGlobalObject(this);
-
   JSContext* cx = mContext->GetNativeContext();
 
   if (IsChromeWindow()) {

dom/base/nsJSEnvironment.cpp

@@ -945,7 +945,11 @@ nsJSContext::JSOptionChangedCallback(const char *pref, void *data)
   else
     newDefaultJSOptions &= ~JSOPTION_STRICT;
 
-  nsIScriptGlobalObject *global = context->GetGlobalObject();
+  // The vanilla GetGlobalObject returns null if a global isn't set up on
+  // the context yet. We can sometimes be call midway through context init,
+  // So ask for the member directly instead.
+  nsIScriptGlobalObject *global = context->GetGlobalObjectRef();
+
   // XXX should we check for sysprin instead of a chrome window, to make
   // XXX components be covered by the chrome pref instead of the content one?
   nsCOMPtr<nsIDOMWindow> contentWindow(do_QueryInterface(global));

dom/base/nsJSEnvironment.h

@@ -135,6 +135,8 @@ public:
                                    JSObject** aFunctionObject);
 
   virtual nsIScriptGlobalObject *GetGlobalObject();
+  inline nsIScriptGlobalObject *GetGlobalObjectRef() { return mGlobalObjectRef; };
+
   virtual JSContext* GetNativeContext();
   virtual JSObject* GetNativeGlobal();
   virtual nsresult CreateNativeGlobalForInner(

js/xpconnect/src/nsXPConnect.cpp

@@ -1199,6 +1199,18 @@ xpc_CreateGlobalObject(JSContext *cx, JSClass *clasp,
                        bool wantXrays, JSObject **global,
                        JSCompartment **compartment)
 {
+    // Make sure that Type Inference is enabled for everything non-chrome.
+    // Sandboxes and compilation scopes are exceptions. See bug 744034.
+    mozilla::DebugOnly<bool> isSystem;
+    mozilla::DebugOnly<nsIScriptSecurityManager*> ssm;
+    MOZ_ASSERT_IF(strcmp(clasp->name, "Sandbox") &&
+                  strcmp(clasp->name, "nsXBLPrototypeScript compilation scope") &&
+                  strcmp(clasp->name, "nsXULPrototypeScript compilation scope") &&
+                  (ssm = XPCWrapper::GetSecurityManager()) &&
+                  NS_SUCCEEDED(ssm->IsSystemPrincipal(principal, &isSystem.value)) &&
+                  !isSystem.value,
+                  JS_GetOptions(cx) & JSOPTION_TYPE_INFERENCE);
+
     NS_ABORT_IF_FALSE(NS_IsMainThread(), "using a principal off the main thread?");
     NS_ABORT_IF_FALSE(principal, "bad key");