The primary consumer of this is the whole inner/outer DOM window setup, which
uses the default global to track the current inner. But there are few other
random ones as well.
We use this as an opportunity to convert a bunch of consumers from the two-step
GetNativeContext() -> JS_GetGlobalObject() into just |GetNativeGlobal()|. This
will make things much easier to convert when we start tracking the current inner
explicitly.
There are still a handful that either are used with other runtimes, or that
happen very early/late in cx the lifetime of various things where it doesn't
necessarily make sense to have a cx on the stack. This should definitely ensure
that we're not doing double-duty with the nsCxPusher change, though.
I also replaced some uses of mJSContext with AutoJSContext upon auditing that
they're only ever called by other nsJSContext functions that just pushed. This
makes the code much easier to audit because we know that we're just inheriting
the caller's cx (which is stack-top) rather than injecting a potentially-
unrelated cx.
The main idea behind this thing seems to be that we don't want script to quickly
close the window before the user has time to read the notification. Given the
fuzziness of the constraint here, I think we can (and maybe even should) unblock
a little bit later in the event loop, rather than immediately after the script
terminates.
Note that, due to modal dialogs and their event loop spinning shenanigans, we
want to do this only when the stack frame is popped.
Since this stuff is a property on the browsing context, this only makes sense
as a security check. But now that we're using a DialogValueHolder, the origin
checks are taken care of. So we can kill this off.
The spec currently has returnValue as a DOMString, but this doesn't match
reality given my testing. I filed [1] to fix it.
Note that nsGlobalModalWindow is already set up to CC mReturnValue. Since
we're swapping in another CC-ed container class, we don't need to make any
changes here.
[1] https://www.w3.org/Bugs/Public/show_bug.cgi?id=21771
This is correct by my reading of the spec. Quoting:
The dialogArguments IDL attribute, on getting, must check whether its browsing
context's active document's origin is the same as the dialog arguments' origin.
If it is, then the browsing context's dialog arguments must be returned
unchanged. Otherwise, if the dialog arguments are an object, then the empty
string must be returned, and if the dialog arguments are not an object, then
the stringification of the dialog arguments must be returned.
This patch is bigger than I'd like it to be, but there are a lot of interlocked
dependencies and I eventually decided it was easier to just lump it together.
The semantics of |showModalDialog|/|window.dialogArguments| (an web-exposed
HTML5 feature) and |openDialog|/|window.arguments| (a XUL-proprietary feature)
are quite different. The former is essentially a security-checked JSVal, while
the latter gets converted into an array. We handled them together in the old
world, which led to a lot of confusion and muddled semantics. This patch
separates them.
This patch also eschews the roundabout resolve hook for dialogArguments in favor
of returning them directly from the XPIDL getter. This better matches the
behavior in the spec, especially because it allows dialogArguments to live on
the outer as they're supposed to, rather than the first inner that happens to
end up in the docshell. All in all, this should make this all very
straightforward to convert WebIDL when the time comes.
The current spec on the origin checks here is pretty fictional, so I've filed
https://www.w3.org/Bugs/Public/show_bug.cgi?id=21932 to fix it. This patch
should more or less preserve the current security behavior.
