Bug 899367 - Stop depending on the default compartment object for DOM JSContexts. r=mccr8

dom/base/nsDOMJSUtils.h

@@ -28,6 +28,8 @@ GetScriptContextFromJSContext(JSContext *cx)
   return scx;
 }
 
+JSObject* GetDefaultScopeFromJSContext(JSContext *cx);
+
 // A factory function for turning a JS::Value argv into an nsIArray
 // but also supports an effecient way of extracting the original argv.
 // Bug 312003 describes why this must be "void *", but argv will be cast to

dom/base/nsJSUtils.cpp

@@ -14,6 +14,7 @@
 #include "nsJSUtils.h"
 #include "jsapi.h"
 #include "js/OldDebugAPI.h"
+#include "jsfriendapi.h"
 #include "nsIScriptContext.h"
 #include "nsIScriptGlobalObject.h"
 #include "nsIXPConnect.h"
@@ -140,7 +141,11 @@ nsJSUtils::ReportPendingException(JSContext *aContext)
   if (JS_IsExceptionPending(aContext)) {
     bool saved = JS_SaveFrameChain(aContext);
     {
-      JSAutoCompartment ac(aContext, js::DefaultObjectForContextOrNull(aContext));
+      nsIScriptContext* scx = GetScriptContextFromJSContext(aContext);
+      JS::Rooted<JSObject*> scope(aContext);
+      scope = scx ? scx->GetNativeGlobal()
+                  : js::DefaultObjectForContextOrNull(aContext);
+      JSAutoCompartment ac(aContext, scope);
       JS_ReportPendingException(aContext);
     }
     if (saved) {
@@ -287,3 +292,19 @@ nsJSUtils::EvaluateString(JSContext* aCx,
     return NS_ERROR_OUT_OF_MEMORY;
   return rv;
 }
+
+//
+// nsDOMJSUtils.h
+//
+
+JSObject* GetDefaultScopeFromJSContext(JSContext *cx)
+{
+  // DOM JSContexts don't store their default compartment object on
+  // the cx, so in those cases we need to fetch it via the scx
+  // instead.
+  nsIScriptContext *scx = GetScriptContextFromJSContext(cx);
+  if (scx) {
+    return scx->GetNativeGlobal();
+  }
+  return js::DefaultObjectForContextOrNull(cx);
+}

js/jsd/jsd_xpc.cpp

@@ -30,6 +30,7 @@
 
 /* XXX DOM dependency */
 #include "nsIScriptContext.h"
+#include "nsDOMJSUtils.h"
 #include "SandboxPrivate.h"
 #include "nsJSPrincipals.h"
 #include "nsContentUtils.h"
@@ -1696,7 +1697,7 @@ NS_IMETHODIMP
 jsdContext::GetGlobalObject (jsdIValue **_rval)
 {
     ASSERT_VALID_EPHEMERAL;
-    JSObject *glob = js::DefaultObjectForContextOrNull(mJSCx);
+    JSObject *glob = GetDefaultScopeFromJSContext(mJSCx);
     JSDValue *jsdv = JSD_NewValue (mJSDCx, OBJECT_TO_JSVAL(glob));
     if (!jsdv)
         return NS_ERROR_FAILURE;

js/xpconnect/src/XPCJSContextStack.cpp

@@ -70,10 +70,14 @@ XPCJSContextStack::Push(JSContext *cx)
         // compartment that's same-origin with the current one, we can skip it.
         nsIScriptSecurityManager* ssm = XPCWrapper::GetSecurityManager();
         if ((e.cx == cx) && ssm) {
-            RootedObject defaultGlobal(cx, js::DefaultObjectForContextOrNull(cx));
+            // DOM JSContexts don't store their default compartment object on
+            // the cx, so in those cases we need to fetch it via the scx
+            // instead.
+            RootedObject defaultScope(cx, GetDefaultScopeFromJSContext(cx));
+
             nsIPrincipal *currentPrincipal =
               GetCompartmentPrincipal(js::GetContextCompartment(cx));
-            nsIPrincipal *defaultPrincipal = GetObjectPrincipal(defaultGlobal);
+            nsIPrincipal *defaultPrincipal = GetObjectPrincipal(defaultScope);
             bool equal = false;
             currentPrincipal->Equals(defaultPrincipal, &equal);
             if (equal) {

js/xpconnect/src/nsCxPusher.cpp

@@ -129,8 +129,12 @@ AutoCxPusher::AutoCxPusher(JSContext* cx, bool allowNull)
   // old XPCAutoRequest as well.
   if (cx) {
     mAutoRequest.construct(cx);
-    if (js::DefaultObjectForContextOrNull(cx))
-      mAutoCompartment.construct(cx, js::DefaultObjectForContextOrNull(cx));
+
+    // DOM JSContexts don't store their default compartment object on the cx.
+    JSObject *compartmentObject = mScx ? mScx->GetNativeGlobal()
+                                       : js::DefaultObjectForContextOrNull(cx);
+    if (compartmentObject)
+      mAutoCompartment.construct(cx, compartmentObject);
     xpc_UnmarkGrayContext(cx);
   }
 }