Commit Graph

736 Commits

Author SHA1 Message Date
Bobby Holley
ed9547ed3d Bug 1152784 - Be more robust about possible intermediate wrappers in IsFrameId. r=bz
Boris and I debugged this. It looks like we're somehow ending up with an
XrayWaiver on the other end of a CrossOriginXrayWrapper. The specifics of how
this happens are a bit fuzzy to me, but it's presumably happening in all the
brain transplant weirdness we do when recomputing wrappers during document.domain.

Having an XrayWaiver there isn't unsafe - the wrapper computation algorithm
will ignore the waiver if the principals don't allow the caller to waive. But
it does throw a wrench in some brittle code that only expects certain kinds
of wrappers. Let's just do what XrayTraits::getTargetObject does. I don't think
this is really unsafe at all, because the only wrapper with a security boundary
is the CCW, and we're already stripping that off unconditionally with
Wrapper::wrappedObject.
2015-04-10 00:28:05 -07:00
Bobby Holley
84fe323eef Bug 1150771 - Let ArrayBuffer through object Xrays. r=gabor 2015-04-07 15:10:00 -07:00
Jan de Mooij
353df38b83 Bug 1144366 - Switch SpiderMonkey and XPConnect style from |T *t| to |T* t|. r=jorendorff 2015-03-28 23:22:11 +01:00
Phil Ringnalda
ebf64fc997 Backed out changeset 0c030f97a04f (bug 1144366) for being on top of patches being backed out
CLOSED TREE
2015-03-28 10:39:56 -07:00
Jan de Mooij
f981f078d8 Bug 1144366 - Switch SpiderMonkey and XPConnect style from |T *t| to |T* t|. r=jorendorff 2015-03-28 12:08:37 +01:00
Nick Fitzgerald
f3aee023be Bug 1038238 - Part 1: Make Error instances use SavedFrame objects for their
stacks; r=jorendorff
2015-03-27 13:08:46 -07:00
Jason Orendorff
db4ac4cade Bug 1142794 - Change 'receiver' argument to SetProperty functions and ProxyHandler::set methods to be a HandleValue. r=Waldo.
Also: Change signature of these functions and methods to all have the same arguments in the same order: (cx, obj, id, v, receiver). Also change v from MutableHandleValue to HandleValue.

There is no change in behavior.

In fact the new error message `JSMSG_SET_NON_OBJECT_RECEIVER` is
impossible to trigger from scripts for now, I think (after re-reading
the whole patch with this in mind). JS_ForwardSetPropertyTo is the only
way to get a non-object receiver into the engine, but no caller
currently does so.

We're installing new pipes here, and they should work, but for now it's
the same cold water flowing through as before. Actually hooking up the
hot water is left for another bug (one with tests, not to put too fine a
point on it).

Notes:

*   InvokeGetterOrSetter had to be split into two functions:
    InvokeGetter takes a MutableHandleValue out-param,
    InvokeSetter a HandleValue in-param.

*   Watchpoints can still tamper with values being assigned. So can
    JSSetterOps. I'm pleased we can support this craziness in a way that
    doesn't have to spread via the type system to encompass the entire
    codebase.

*   Change in GlobalObject::setIntrinsicValue is not really a change.
    Yes, it asserted before, but an exception thrown during self-hosting
    initialization is not going to go unnoticed either.

*   Since the receiver argument to js::SetProperty() is at the end now, it
    makes sense for it to be optional. Some callers look nicer.
2015-03-01 13:16:19 -06:00
Jason Orendorff
d28f3fee83 Bug 1142784, part 2 - Change ProxyHandler::defineProperty() to make the desc argument a non-mutable handle. r=Waldo. 2015-02-17 11:58:43 -06:00
Phil Ringnalda
8a89e647fd Backed out 9 changesets (bug 1142775, bug 1139683, bug 1143810, bug 1142761, bug 1142784, bug 1142794, bug 1144819) for widespread bustage
CLOSED TREE

Backed out changeset 7613fc978d36 (bug 1142794)
Backed out changeset e5f0cb31263d (bug 1142784)
Backed out changeset dcd0af73ac84 (bug 1142784)
Backed out changeset 034f9c8e79ee (bug 1142784)
Backed out changeset ce0ee37e3ca9 (bug 1142775)
Backed out changeset 1519b8f2bbba (bug 1142761)
Backed out changeset 26fd55677841 (bug 1139683)
Backed out changeset 7ebc76a450c3 (bug 1144819)
Backed out changeset 92adb459d519 (bug 1143810)
2015-03-22 09:34:25 -07:00
Jason Orendorff
60373a960b Bug 1142794 - Change 'receiver' argument to SetProperty functions and ProxyHandler::set methods to be a HandleValue. r=Waldo.
Also: Change signature of these functions and methods to all have the same arguments in the same order: (cx, obj, id, v, receiver). Also change v from MutableHandleValue to HandleValue.

There is no change in behavior.

In fact the new error message `JSMSG_SET_NON_OBJECT_RECEIVER` is
impossible to trigger from scripts for now, I think (after re-reading
the whole patch with this in mind). JS_ForwardSetPropertyTo is the only
way to get a non-object receiver into the engine, but no caller
currently does so.

We're installing new pipes here, and they should work, but for now it's
the same cold water flowing through as before. Actually hooking up the
hot water is left for another bug (one with tests, not to put too fine a
point on it).

Notes:

*   InvokeGetterOrSetter had to be split into two functions:
    InvokeGetter takes a MutableHandleValue out-param,
    InvokeSetter a HandleValue in-param.

*   Watchpoints can still tamper with values being assigned. So can
    JSSetterOps. I'm pleased we can support this craziness in a way that
    doesn't have to spread via the type system to encompass the entire
    codebase.

*   Change in GlobalObject::setIntrinsicValue is not really a change.
    Yes, it asserted before, but an exception thrown during self-hosting
    initialization is not going to go unnoticed either.

*   Since the receiver argument to js::SetProperty() is at the end now, it
    makes sense for it to be optional. Some callers look nicer.
2015-03-01 13:16:19 -06:00
Jason Orendorff
6b90d382df Bug 1142784, part 2 - Change ProxyHandler::defineProperty() to make the desc argument a non-mutable handle. r=Waldo. 2015-02-17 11:58:43 -06:00
Ehsan Akhgari
33bb32f549 Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj
This patch was automatically generated using the following script:

function convert() {
echo "Converting $1 to $2..."
find . \
       ! -wholename "*/.git*" \
       ! -wholename "obj-ff-dbg*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.c" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_OVERRIDE override
convert MOZ_FINAL final
2015-03-21 12:28:04 -04:00
Tooru Fujisawa
2cd1c1bfda Bug 1079919 - Part 1: Support RegExp in Xray. r=bholley 2015-03-18 18:22:05 +09:00
Jason Orendorff
3c188fc686 Bug 1133081, part 5 - Remove non-asserting PropertyDescriptor accessors in favor of the new PropDesc-inspired asserting accessors. r=efaust.
value() can't assert hasValue() because too many places have plausible reasons for calling it on a PropertyDescriptor they basically know nothing about. One such place is CompartmentChecker::check(Handle<JSPropertyDescriptor>). Another is DefinePropertyByDescriptor. Maybe this will change with time.

In some cases we do things like `desc.hasWritable() && desc.writable() != existing_desc.writable()`. It is OK to write it this way, even though we have not checked existing_desc.hasWritable(), because in these cases we already know existingDesc is a complete property descriptor.
2015-02-15 06:18:30 -06:00
Jason Orendorff
69a35609b0 Bug 1133294 - Object.getOwnPropertyDescriptor(obj, key) must always return either undefined or a complete property descriptor, even if obj is a proxy. r=efaust. 2015-02-15 02:49:42 -06:00
Boris Zbarsky
add82dfc14 Bug 1140573 part 2. Drop the parent argument from JS_NewFunctionById. r=waldo 2015-03-09 12:50:05 -04:00
Boris Zbarsky
7f7b76aa0c Bug 1140573 part 1. Drop the parent argument from JS_NewFunction. r=waldo 2015-03-09 12:50:03 -04:00
Boris Zbarsky
a94ca36434 Bug 1131802 part 2. Allocate functions with reserved slots for DOM Xrays so we can store the Xray wrapper reference in those slots instead of as the function parent. r=peterv 2015-03-06 16:33:31 -05:00
Jason Orendorff
e218a3988f Bug 1113369, part 7 - [[SetPrototypeOf]] ObjectOpResult support. r=Waldo, r=bz in dom, r=dvander in js/ipc, r=bholley in js/xpconnect. 2015-02-05 16:36:50 -06:00
Jason Orendorff
3322381e4f Bug 1113369, part 6 - [[PreventExtensions]] ObjectOpResult support. r=Waldo, r=bz in dom, r=dvander in js/ipc, r=bholley in js/xpconnect. 2015-02-04 12:01:01 -06:00
Jason Orendorff
d1204e0adb Bug 1113369, part 5 - [[Delete]] ObjectOpResult support. r=Waldo, r=bz in dom, r=dvander in js/ipc, r=bholley in js/xpconnect. 2015-02-04 10:20:04 -06:00
Jason Orendorff
e065e5cceb Bug 1113369, part 4 - [[Set]] ObjectOpResult support. r=Waldo, r=bz in dom, r=dvander in js/ipc, r=bholley in js/xpconnect. 2015-02-03 19:51:40 -06:00
Jason Orendorff
f43c96af4d Bug 1113369, part 3 - [[DefineOwnProperty]] ObjectOpResult support. r=Waldo, r=bz in dom, r=dvander in js/ipc, r=bholley in js/xpconnect.
Add an ObjectOpResult out-param for DefineProperty functions everywhere. We leave a few js::DefineProperty() convenience functions with no *result out-param. These have strict behavior: that is, they automatically check the result and throw if it is false. In bug 1125624 these strict signatures may end up being called DefinePropertyOrThrow, as that is what the spec calls it.
2015-01-30 11:37:07 -06:00
Jason Orendorff
155abd81e7 Bug 1130576 - Rename JSPropertyOp -> JSGetterOp and JSStrictPropertyOp -> JSSetterOp. r=efaust. 2015-01-30 13:56:15 -06:00
L. David Baron
6d3ce826c6 Back out bug 1131802 (changesets 80e90f586329 and 35c268f162db) and patch 2 from bug 1131805 (changeset 4139522bf814) on a CLOSED TREE for assertion failures.
Assertion failure: (ptrBits & 1) == 0, at ../../dist/include/js/Value.h
:871
called from XrayCreateFunction
2015-03-06 15:14:52 -08:00
Boris Zbarsky
57f6535651 Bug 1131805 part 1. Remove remaining JS_GetParent and js::GetObjectParent uses in Gecko. r=bholley 2015-03-06 16:33:31 -05:00
Boris Zbarsky
76179d5e5e Bug 1131802 part 2. Allocate functions with reserved slots for DOM Xrays so we can store the Xray wrapper reference in those slots instead of as the function parent. r=peterv 2015-03-06 16:33:31 -05:00
Jon Coppeard
dc04a20f73 Bug 1138874 - Generalise assertion that source object has a preserved wrapper r=bholley 2015-03-06 10:19:07 +00:00
Jon Coppeard
186d726ceb Bug 1138874 - Change ReparentWrapper() to avoid multiple JS objects pointing to the same native r=bholley 2015-03-05 13:39:53 +00:00
Jan de Mooij
c588ad661c Bug 1137523 - Unprefix most js_* functions. r=bhackett CLOSED TREE 2015-02-27 16:08:15 +01:00
Boris Zbarsky
f8bbb7c7e5 Bug 1136925 part 2. Stop passing a parent to Wrapper::New. r=waldo,bholley 2015-02-26 15:58:59 -05:00
Boris Zbarsky
91dab40486 Bug 1131803. Remove the use of parents from SandboxCallableProxyHandler and SandboxProxyHandler. r=bholley 2015-02-26 15:58:59 -05:00
Wes Kocher
0ed4ba78c4 Backed out changeset 4ef990c3d69d (bug 1131803) for potentially busting mochitest-e10s-dt on a CLOSED TREE 2015-02-26 23:20:33 -08:00
Wes Kocher
bc62dd3b33 Backed out 4 changesets (bug 1136925) for potentially busting m-e10s-dt on a CLOSED TREE
Backed out changeset 331761aaae22 (bug 1136925)
Backed out changeset 2faa0e91fe23 (bug 1136925)
Backed out changeset a00f2530c911 (bug 1136925)
Backed out changeset d5e658bc0792 (bug 1136925)
2015-02-26 23:17:34 -08:00
Boris Zbarsky
c210c7621b Bug 1136925 part 2. Stop passing a parent to Wrapper::New. r=waldo,bholley 2015-02-26 15:58:59 -05:00
Boris Zbarsky
8a4e0b62a3 Bug 1131803. Remove the use of parents from SandboxCallableProxyHandler and SandboxProxyHandler. r=bholley 2015-02-26 15:58:59 -05:00
Boris Zbarsky
a00f32b28f Bug 1136520. Stop parenting Xray expando objects to a non-global. r=bholley 2015-02-26 09:40:08 -05:00
Boris Zbarsky
58d73aae7a Bug 1136345. Drop the parent arg from JS_NewObjectWithGivenProto and introduce a JS_DeprecatedNewObjectWithGivenProtoAndParent for the few cases that still pass in a custom parent. r=waldo 2015-02-26 09:40:08 -05:00
Boris Zbarsky
bc8973aead Bug 1136292 part 5. Stop passing a global as the parent arg to JS_NewObjectWithGivenProto in XPConnect. r=peterv 2015-02-26 09:40:07 -05:00
Nick Fitzgerald
770748abfb Bug 1117242 - SavedFrame objects should do principal checks for every accessor; r=jimb,jandem,bz 2015-02-13 09:21:50 -08:00
Ryan VanderMeulen
0271067944 Backed out 7 changesets (bug 1117242) for mochitest failures.
Backed out changeset 694f7ac58964 (bug 1117242)
Backed out changeset b3f8122dd990 (bug 1117242)
Backed out changeset 442d41779bd8 (bug 1117242)
Backed out changeset ccf6dfe1ac75 (bug 1117242)
Backed out changeset 86421767cd26 (bug 1117242)
Backed out changeset 2f996950fb2f (bug 1117242)
Backed out changeset 4414e9d0b66b (bug 1117242)

CLOSED TREE
2015-02-06 13:40:53 -05:00
Nick Fitzgerald
16213c2fc2 Bug 1117242 - Part 5: Implement xray support for SavedFrame; r=bholley 2015-02-06 09:15:01 -08:00
Bobby Holley
0a4d9d8104 Bug 1126911 - Special-case all chrome objects in wrapper selection. r=gabor 2015-02-05 11:07:40 -08:00
Bill McCloskey
411974faf9 Bug 1123461 - Make a real interface for js/ipc (r=dvander) 2015-01-26 13:32:18 -08:00
Jason Orendorff
0a7eb056ad Bug 1112778, part 2 - Rename js::DefaultValue -> js::OrdinaryToPrimitive. r=Waldo.
--HG--
extra : rebase_source : 90e9de457d157d0ac30308ceb633f981917645ff
2014-12-18 05:02:30 -06:00
Ehsan Akhgari
b6e35bb4b4 Bug 1118486 - Part 1: Use = delete instead of MOZ_DELETE directly; r=Waldo
Most of this patch (with the exception of dom/bindings/Codegen.py) was
generated by the following bash script:

#!/bin/bash

function convert() {
echo "Converting $1 to $2..."
find . ! -wholename "*nsprpub*" \
       ! -wholename "*security/nss*" \
       ! -wholename "*/.hg*" \
       ! -wholename "*/.git*" \
       ! -wholename "obj-*" \
         -type f \
      \( -iname "*.cpp" \
         -o -iname "*.h" \
         -o -iname "*.cc" \
         -o -iname "*.idl" \
         -o -iname "*.ipdl" \
         -o -iname "*.ipdlh" \
         -o -iname "*.mm" \) | \
    xargs -n 1 sed -i -e "s/\b$1\b/$2/g"
}

convert MOZ_DELETE '= delete'
2015-01-08 23:19:05 -05:00
Tom Schuster
f64a27048c Bug 1094176 - Remove lookup API from browser. r=bholley 2014-12-17 00:28:39 +01:00
Tom Schuster
a135bf8d75 Bug 783829 - Remove getEnumerablePropertyKeys. r=efaust,bholley 2014-12-17 00:28:38 +01:00
Tom Schuster
71db988913 Bug 783829 - Change from Proxy iterate to enumerate. r=efaust,bholley 2014-12-17 00:28:38 +01:00
Jason Orendorff
3adebb6c77 Bug 1103368, part 5 - Make Class::getProperty and setProperty nullable instead of needing stub functions. Never store stub functions in JSPropertyDescriptors. r=bhackett.
--HG--
extra : rebase_source : a44070dd6155426ef6026c1575116f90b5fdac0c
extra : amend_source : 8d8fcf05dfd5fdf214a39501663347a6d6b56463
2014-11-22 12:23:39 -06:00