mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
2716 lines
100 KiB
C++
2716 lines
100 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/* vim: set ts=8 sts=4 et sw=4 tw=99: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "XrayWrapper.h"
|
|
#include "AccessCheck.h"
|
|
#include "WrapperFactory.h"
|
|
|
|
#include "nsIContent.h"
|
|
#include "nsIControllers.h"
|
|
#include "mozilla/dom/Element.h"
|
|
#include "nsContentUtils.h"
|
|
|
|
#include "XPCWrapper.h"
|
|
#include "xpcprivate.h"
|
|
|
|
#include "jsapi.h"
|
|
#include "jsprf.h"
|
|
#include "nsJSUtils.h"
|
|
#include "nsPrintfCString.h"
|
|
|
|
#include "mozilla/dom/BindingUtils.h"
|
|
#include "mozilla/dom/WindowBinding.h"
|
|
#include "nsGlobalWindow.h"
|
|
|
|
using namespace mozilla::dom;
|
|
using namespace JS;
|
|
using namespace mozilla;
|
|
|
|
using js::Wrapper;
|
|
using js::BaseProxyHandler;
|
|
using js::IsCrossCompartmentWrapper;
|
|
using js::UncheckedUnwrap;
|
|
using js::CheckedUnwrap;
|
|
|
|
namespace xpc {
|
|
|
|
using namespace XrayUtils;
|
|
|
|
inline bool
|
|
IsTypedArrayKey(JSProtoKey key)
|
|
{
|
|
#ifdef DEBUG
|
|
bool isTypedArraySlow = key == JSProto_Int8Array ||
|
|
key == JSProto_Uint8Array ||
|
|
key == JSProto_Int16Array ||
|
|
key == JSProto_Uint16Array ||
|
|
key == JSProto_Int32Array ||
|
|
key == JSProto_Uint32Array ||
|
|
key == JSProto_Float32Array ||
|
|
key == JSProto_Float64Array ||
|
|
key == JSProto_Uint8ClampedArray;
|
|
#endif
|
|
bool isTypedArray = key >= JSProto_Int8Array &&
|
|
key <= JSProto_Uint8ClampedArray;
|
|
MOZ_ASSERT(isTypedArray == isTypedArraySlow, "Somebody reordered jsprototypes.h!");
|
|
static_assert(JSProto_Uint8ClampedArray - JSProto_Int8Array == 8,
|
|
"New prototype added in typed array range");
|
|
return isTypedArray;
|
|
}
|
|
|
|
// Whitelist for the standard ES classes we can Xray to.
|
|
static bool
|
|
IsJSXraySupported(JSProtoKey key)
|
|
{
|
|
if (IsTypedArrayKey(key))
|
|
return true;
|
|
switch (key) {
|
|
case JSProto_Date:
|
|
case JSProto_Object:
|
|
case JSProto_Array:
|
|
case JSProto_Function:
|
|
return true;
|
|
default:
|
|
return false;
|
|
}
|
|
}
|
|
|
|
XrayType
|
|
GetXrayType(JSObject *obj)
|
|
{
|
|
obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
|
|
if (mozilla::dom::UseDOMXray(obj))
|
|
return XrayForDOMObject;
|
|
|
|
const js::Class* clasp = js::GetObjectClass(obj);
|
|
if (IS_WN_CLASS(clasp) || clasp->ext.innerObject)
|
|
return XrayForWrappedNative;
|
|
|
|
JSProtoKey standardProto = IdentifyStandardInstanceOrPrototype(obj);
|
|
if (IsJSXraySupported(standardProto))
|
|
return XrayForJSObject;
|
|
|
|
return NotXray;
|
|
}
|
|
|
|
JSObject *
|
|
XrayAwareCalleeGlobal(JSObject *fun)
|
|
{
|
|
MOZ_ASSERT(js::IsFunctionObject(fun));
|
|
JSObject *scope = js::GetObjectParent(fun);
|
|
if (IsXrayWrapper(scope))
|
|
scope = js::UncheckedUnwrap(scope);
|
|
return js::GetGlobalForObjectCrossCompartment(scope);
|
|
}
|
|
|
|
const uint32_t JSSLOT_RESOLVING = 0;
|
|
ResolvingId::ResolvingId(JSContext *cx, HandleObject wrapper, HandleId id)
|
|
: mId(id),
|
|
mHolder(cx, getHolderObject(wrapper)),
|
|
mPrev(getResolvingId(mHolder)),
|
|
mXrayShadowing(false)
|
|
{
|
|
js::SetReservedSlot(mHolder, JSSLOT_RESOLVING, js::PrivateValue(this));
|
|
}
|
|
|
|
ResolvingId::~ResolvingId()
|
|
{
|
|
MOZ_ASSERT(getResolvingId(mHolder) == this, "unbalanced ResolvingIds");
|
|
js::SetReservedSlot(mHolder, JSSLOT_RESOLVING, js::PrivateValue(mPrev));
|
|
}
|
|
|
|
bool
|
|
ResolvingId::isXrayShadowing(jsid id)
|
|
{
|
|
if (!mXrayShadowing)
|
|
return false;
|
|
|
|
return mId == id;
|
|
}
|
|
|
|
bool
|
|
ResolvingId::isResolving(jsid id)
|
|
{
|
|
for (ResolvingId *cur = this; cur; cur = cur->mPrev) {
|
|
if (cur->mId == id)
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
ResolvingId *
|
|
ResolvingId::getResolvingId(JSObject *holder)
|
|
{
|
|
MOZ_ASSERT(strcmp(JS_GetClass(holder)->name, "NativePropertyHolder") == 0);
|
|
return (ResolvingId *)js::GetReservedSlot(holder, JSSLOT_RESOLVING).toPrivate();
|
|
}
|
|
|
|
JSObject *
|
|
ResolvingId::getHolderObject(JSObject *wrapper)
|
|
{
|
|
return &js::GetProxyExtra(wrapper, 0).toObject();
|
|
}
|
|
|
|
ResolvingId *
|
|
ResolvingId::getResolvingIdFromWrapper(JSObject *wrapper)
|
|
{
|
|
return getResolvingId(getHolderObject(wrapper));
|
|
}
|
|
|
|
class MOZ_STACK_CLASS ResolvingIdDummy
|
|
{
|
|
public:
|
|
ResolvingIdDummy(JSContext *cx, HandleObject wrapper, HandleId id)
|
|
{
|
|
}
|
|
};
|
|
|
|
class XrayTraits
|
|
{
|
|
public:
|
|
XrayTraits() {}
|
|
|
|
static JSObject* getTargetObject(JSObject *wrapper) {
|
|
return js::UncheckedUnwrap(wrapper, /* stopAtOuter = */ false);
|
|
}
|
|
|
|
virtual bool resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc) = 0;
|
|
// NB: resolveOwnProperty may decide whether or not to cache what it finds
|
|
// on the holder. If the result is not cached, the lookup will happen afresh
|
|
// for each access, which is the right thing for things like dynamic NodeList
|
|
// properties.
|
|
virtual bool resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper,
|
|
HandleObject wrapper, HandleObject holder,
|
|
HandleId id, MutableHandle<JSPropertyDescriptor> desc);
|
|
|
|
bool delete_(JSContext *cx, HandleObject wrapper, HandleId id, bool *bp) {
|
|
*bp = true;
|
|
return true;
|
|
}
|
|
|
|
virtual void preserveWrapper(JSObject *target) = 0;
|
|
|
|
static bool set(JSContext *cx, HandleObject wrapper, HandleObject receiver, HandleId id,
|
|
bool strict, MutableHandleValue vp);
|
|
|
|
JSObject* getExpandoObject(JSContext *cx, HandleObject target,
|
|
HandleObject consumer);
|
|
JSObject* ensureExpandoObject(JSContext *cx, HandleObject wrapper,
|
|
HandleObject target);
|
|
|
|
JSObject* getHolder(JSObject *wrapper);
|
|
JSObject* ensureHolder(JSContext *cx, HandleObject wrapper);
|
|
virtual JSObject* createHolder(JSContext *cx, JSObject *wrapper) = 0;
|
|
|
|
JSObject* getExpandoChain(JSObject *obj) {
|
|
return GetObjectScope(obj)->GetExpandoChain(obj);
|
|
}
|
|
|
|
bool setExpandoChain(JSContext *cx, HandleObject obj, HandleObject chain) {
|
|
return GetObjectScope(obj)->SetExpandoChain(cx, obj, chain);
|
|
}
|
|
bool cloneExpandoChain(JSContext *cx, HandleObject dst, HandleObject src);
|
|
|
|
private:
|
|
bool expandoObjectMatchesConsumer(JSContext *cx, HandleObject expandoObject,
|
|
nsIPrincipal *consumerOrigin,
|
|
HandleObject exclusiveGlobal);
|
|
JSObject* getExpandoObjectInternal(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin,
|
|
JSObject *exclusiveGlobal);
|
|
JSObject* attachExpandoObject(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin,
|
|
HandleObject exclusiveGlobal);
|
|
|
|
XrayTraits(XrayTraits &) MOZ_DELETE;
|
|
const XrayTraits& operator=(XrayTraits &) MOZ_DELETE;
|
|
};
|
|
|
|
class XPCWrappedNativeXrayTraits : public XrayTraits
|
|
{
|
|
public:
|
|
enum {
|
|
HasPrototype = 0
|
|
};
|
|
|
|
static const XrayType Type = XrayForWrappedNative;
|
|
|
|
virtual bool resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
|
|
virtual bool resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
|
|
bool defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc,
|
|
Handle<JSPropertyDescriptor> existingDesc, bool *defined);
|
|
virtual bool enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props);
|
|
static bool call(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance);
|
|
static bool construct(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance);
|
|
|
|
static bool isResolving(JSContext *cx, JSObject *holder, jsid id);
|
|
|
|
static bool resolveDOMCollectionProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc);
|
|
|
|
static XPCWrappedNative* getWN(JSObject *wrapper) {
|
|
return XPCWrappedNative::Get(getTargetObject(wrapper));
|
|
}
|
|
|
|
virtual void preserveWrapper(JSObject *target) MOZ_OVERRIDE;
|
|
|
|
typedef ResolvingId ResolvingIdImpl;
|
|
|
|
virtual JSObject* createHolder(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
|
|
|
|
static const JSClass HolderClass;
|
|
static XPCWrappedNativeXrayTraits singleton;
|
|
};
|
|
|
|
const JSClass XPCWrappedNativeXrayTraits::HolderClass = {
|
|
"NativePropertyHolder", JSCLASS_HAS_RESERVED_SLOTS(2),
|
|
JS_PropertyStub, JS_DeletePropertyStub, holder_get, holder_set,
|
|
JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub
|
|
};
|
|
|
|
class DOMXrayTraits : public XrayTraits
|
|
{
|
|
public:
|
|
enum {
|
|
HasPrototype = 0
|
|
};
|
|
|
|
static const XrayType Type = XrayForDOMObject;
|
|
|
|
virtual bool resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
|
|
virtual bool resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
|
|
bool defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc,
|
|
Handle<JSPropertyDescriptor> existingDesc, bool *defined);
|
|
static bool set(JSContext *cx, HandleObject wrapper, HandleObject receiver, HandleId id,
|
|
bool strict, MutableHandleValue vp);
|
|
virtual bool enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props);
|
|
static bool call(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance);
|
|
static bool construct(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance);
|
|
|
|
static bool isResolving(JSContext *cx, JSObject *holder, jsid id)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
typedef ResolvingIdDummy ResolvingIdImpl;
|
|
|
|
virtual void preserveWrapper(JSObject *target) MOZ_OVERRIDE;
|
|
|
|
virtual JSObject* createHolder(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
|
|
|
|
static DOMXrayTraits singleton;
|
|
};
|
|
|
|
class JSXrayTraits : public XrayTraits
|
|
{
|
|
public:
|
|
enum {
|
|
HasPrototype = 1
|
|
};
|
|
static const XrayType Type = XrayForJSObject;
|
|
|
|
virtual bool resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE
|
|
{
|
|
MOZ_ASSUME_UNREACHABLE("resolveNativeProperty hook should never be called with HasPrototype = 1");
|
|
}
|
|
|
|
virtual bool resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc) MOZ_OVERRIDE;
|
|
|
|
bool delete_(JSContext *cx, HandleObject wrapper, HandleId id, bool *bp);
|
|
|
|
bool defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc,
|
|
Handle<JSPropertyDescriptor> existingDesc, bool *defined);
|
|
|
|
virtual bool enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props);
|
|
|
|
static bool call(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance)
|
|
{
|
|
JSXrayTraits &self = JSXrayTraits::singleton;
|
|
RootedObject holder(cx, self.ensureHolder(cx, wrapper));
|
|
if (self.getProtoKey(holder) == JSProto_Function)
|
|
return baseInstance.call(cx, wrapper, args);
|
|
|
|
RootedValue v(cx, ObjectValue(*wrapper));
|
|
js_ReportIsNotFunction(cx, v);
|
|
return false;
|
|
}
|
|
|
|
static bool construct(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance)
|
|
{
|
|
JSXrayTraits &self = JSXrayTraits::singleton;
|
|
RootedObject holder(cx, self.ensureHolder(cx, wrapper));
|
|
if (self.getProtoKey(holder) == JSProto_Function)
|
|
return baseInstance.construct(cx, wrapper, args);
|
|
|
|
RootedValue v(cx, ObjectValue(*wrapper));
|
|
js_ReportIsNotFunction(cx, v);
|
|
return false;
|
|
}
|
|
|
|
static bool isResolving(JSContext *cx, JSObject *holder, jsid id)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
typedef ResolvingIdDummy ResolvingIdImpl;
|
|
|
|
bool getPrototypeOf(JSContext *cx, JS::HandleObject wrapper,
|
|
JS::HandleObject target,
|
|
JS::MutableHandleObject protop)
|
|
{
|
|
RootedObject holder(cx, ensureHolder(cx, wrapper));
|
|
JSProtoKey key = getProtoKey(holder);
|
|
if (isPrototype(holder)) {
|
|
if (key == JSProto_Object) {
|
|
protop.set(nullptr);
|
|
return true;
|
|
}
|
|
key = JSProto_Object;
|
|
}
|
|
|
|
{
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!JS_GetClassPrototype(cx, key, protop))
|
|
return false;
|
|
}
|
|
return JS_WrapObject(cx, protop);
|
|
}
|
|
|
|
virtual void preserveWrapper(JSObject *target) MOZ_OVERRIDE {
|
|
// In the case of pure JS objects, there is no underlying object, and
|
|
// the target is the canonical representation of state. If it gets
|
|
// collected, then expandos and such should be collected too. So there's
|
|
// nothing to do here.
|
|
}
|
|
|
|
enum {
|
|
SLOT_PROTOKEY = 0,
|
|
SLOT_ISPROTOTYPE,
|
|
SLOT_CONSTRUCTOR_FOR,
|
|
SLOT_COUNT
|
|
};
|
|
virtual JSObject* createHolder(JSContext *cx, JSObject *wrapper) MOZ_OVERRIDE;
|
|
|
|
static JSProtoKey getProtoKey(JSObject *holder) {
|
|
int32_t key = js::GetReservedSlot(holder, SLOT_PROTOKEY).toInt32();
|
|
return static_cast<JSProtoKey>(key);
|
|
}
|
|
|
|
static bool isPrototype(JSObject *holder) {
|
|
return js::GetReservedSlot(holder, SLOT_ISPROTOTYPE).toBoolean();
|
|
}
|
|
|
|
static JSProtoKey constructorFor(JSObject *holder) {
|
|
int32_t key = js::GetReservedSlot(holder, SLOT_CONSTRUCTOR_FOR).toInt32();
|
|
return static_cast<JSProtoKey>(key);
|
|
}
|
|
|
|
static bool getOwnPropertyFromTargetIfSafe(JSContext *cx,
|
|
HandleObject target,
|
|
HandleObject wrapper,
|
|
HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc);
|
|
|
|
static const JSClass HolderClass;
|
|
static JSXrayTraits singleton;
|
|
};
|
|
|
|
const JSClass JSXrayTraits::HolderClass = {
|
|
"JSXrayHolder", JSCLASS_HAS_RESERVED_SLOTS(SLOT_COUNT),
|
|
JS_PropertyStub, JS_DeletePropertyStub,
|
|
JS_PropertyStub, JS_StrictPropertyStub,
|
|
JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub
|
|
};
|
|
|
|
inline bool
|
|
SilentFailure(JSContext *cx, HandleId id, const char *reason)
|
|
{
|
|
#ifdef DEBUG
|
|
nsDependentJSString name;
|
|
if (!name.init(cx, id))
|
|
return false;
|
|
AutoFilename filename;
|
|
unsigned line = 0;
|
|
DescribeScriptedCaller(cx, &filename, &line);
|
|
NS_WARNING(nsPrintfCString("Denied access to property |%s| on Xrayed Object: %s (@%s:%u)",
|
|
NS_LossyConvertUTF16toASCII(name).get(), reason,
|
|
filename.get(), line).get());
|
|
#endif
|
|
return true;
|
|
}
|
|
|
|
bool JSXrayTraits::getOwnPropertyFromTargetIfSafe(JSContext *cx,
|
|
HandleObject target,
|
|
HandleObject wrapper,
|
|
HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> outDesc)
|
|
{
|
|
// Note - This function operates in the target compartment, because it
|
|
// avoids a bunch of back-and-forth wrapping in enumerateNames.
|
|
MOZ_ASSERT(getTargetObject(wrapper) == target);
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(target, cx));
|
|
MOZ_ASSERT(WrapperFactory::IsXrayWrapper(wrapper));
|
|
MOZ_ASSERT(outDesc.object() == nullptr);
|
|
|
|
Rooted<JSPropertyDescriptor> desc(cx);
|
|
if (!JS_GetOwnPropertyDescriptorById(cx, target, id, &desc))
|
|
return false;
|
|
|
|
// If the property doesn't exist at all, we're done.
|
|
if (!desc.object())
|
|
return true;
|
|
|
|
// Disallow accessor properties.
|
|
if (desc.hasGetterOrSetter())
|
|
return SilentFailure(cx, id, "Property has accessor");
|
|
|
|
// Apply extra scrutiny to objects.
|
|
if (desc.value().isObject()) {
|
|
RootedObject propObj(cx, js::UncheckedUnwrap(&desc.value().toObject()));
|
|
JSAutoCompartment ac(cx, propObj);
|
|
|
|
// Disallow non-subsumed objects.
|
|
if (!AccessCheck::subsumes(target, propObj))
|
|
return SilentFailure(cx, id, "Value not same-origin with target");
|
|
|
|
// Disallow non-Xrayable objects.
|
|
if (GetXrayType(propObj) == NotXray)
|
|
return SilentFailure(cx, id, "Value not Xrayable");
|
|
|
|
// Disallow callables.
|
|
if (JS_ObjectIsCallable(cx, propObj))
|
|
return SilentFailure(cx, id, "Value is callable");
|
|
}
|
|
|
|
// Disallow any property that shadows something on its (Xrayed)
|
|
// prototype chain.
|
|
JSAutoCompartment ac2(cx, wrapper);
|
|
RootedObject proto(cx);
|
|
bool foundOnProto = false;
|
|
if (!JS_GetPrototype(cx, wrapper, &proto) ||
|
|
(proto && !JS_HasPropertyById(cx, proto, id, &foundOnProto)))
|
|
{
|
|
return false;
|
|
}
|
|
if (foundOnProto)
|
|
return SilentFailure(cx, id, "Value shadows a property on the standard prototype");
|
|
|
|
// We made it! Assign over the descriptor, and don't forget to wrap.
|
|
outDesc.assign(desc.get());
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
JSXrayTraits::resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper,
|
|
HandleObject wrapper, HandleObject holder,
|
|
HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc)
|
|
{
|
|
// Call the common code.
|
|
bool ok = XrayTraits::resolveOwnProperty(cx, jsWrapper, wrapper, holder,
|
|
id, desc);
|
|
if (!ok || desc.object())
|
|
return ok;
|
|
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
if (!isPrototype(holder)) {
|
|
JSProtoKey key = getProtoKey(holder);
|
|
// For Object and Array instances, we expose some properties from the
|
|
// underlying object, but only after filtering them carefully.
|
|
//
|
|
// Note that, as far as JS observables go, Arrays are just Objects with
|
|
// a different prototype and a magic (own, non-configurable) |.length| that
|
|
// serves as a non-tight upper bound on |own| indexed properties. So while
|
|
// it's tempting to try to impose some sort of structure on what Arrays
|
|
// "should" look like over Xrays, the underlying object is squishy enough
|
|
// that it makes sense to just treat them like Objects for Xray purposes.
|
|
if (key == JSProto_Object || key == JSProto_Array) {
|
|
{
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!getOwnPropertyFromTargetIfSafe(cx, target, wrapper, id, desc))
|
|
return false;
|
|
}
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
} else if (IsTypedArrayKey(key)) {
|
|
if (IsArrayIndex(GetArrayIndexFromId(cx, id))) {
|
|
JS_ReportError(cx, "Accessing TypedArray data over Xrays is slow, and forbidden "
|
|
"in order to encourage performant code. To copy TypedArrays "
|
|
"across origin boundaries, consider using Components.utils.cloneInto().");
|
|
return false;
|
|
}
|
|
} else if (key == JSProto_Function) {
|
|
if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_LENGTH)) {
|
|
FillPropertyDescriptor(desc, wrapper, JSPROP_PERMANENT | JSPROP_READONLY,
|
|
NumberValue(JS_GetFunctionArity(JS_GetObjectFunction(target))));
|
|
return true;
|
|
} else if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_NAME)) {
|
|
FillPropertyDescriptor(desc, wrapper, JSPROP_PERMANENT | JSPROP_READONLY,
|
|
StringValue(JS_GetFunctionId(JS_GetObjectFunction(target))));
|
|
} else if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_PROTOTYPE)) {
|
|
// Handle the 'prototype' property to make xrayedGlobal.StandardClass.prototype work.
|
|
JSProtoKey standardConstructor = constructorFor(holder);
|
|
if (standardConstructor != JSProto_Null) {
|
|
RootedObject standardProto(cx);
|
|
{
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!JS_GetClassPrototype(cx, standardConstructor, &standardProto))
|
|
return false;
|
|
MOZ_ASSERT(standardProto);
|
|
}
|
|
if (!JS_WrapObject(cx, &standardProto))
|
|
return false;
|
|
FillPropertyDescriptor(desc, wrapper, JSPROP_PERMANENT | JSPROP_READONLY,
|
|
ObjectValue(*standardProto));
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
|
|
// The rest of this function applies only to prototypes.
|
|
return true;
|
|
}
|
|
|
|
// The non-HasPrototypes semantics implemented by traditional Xrays are kind
|
|
// of broken with respect to |own|-ness and the holder. The common code
|
|
// muddles through by only checking the holder for non-|own| lookups, but
|
|
// that doesn't work for us. So we do an explicit holder check here, and hope
|
|
// that this mess gets fixed up soon.
|
|
if (!JS_GetPropertyDescriptorById(cx, holder, id, desc))
|
|
return false;
|
|
if (desc.object()) {
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
// Grab the JSClass. We require all Xrayable classes to have a ClassSpec.
|
|
const js::Class *clasp = js::GetObjectClass(target);
|
|
JSProtoKey protoKey = JSCLASS_CACHED_PROTO_KEY(clasp);
|
|
MOZ_ASSERT(protoKey == getProtoKey(holder));
|
|
MOZ_ASSERT(clasp->spec.defined());
|
|
|
|
// Handle the 'constructor' property.
|
|
if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_CONSTRUCTOR)) {
|
|
RootedObject constructor(cx);
|
|
{
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!JS_GetClassObject(cx, protoKey, &constructor))
|
|
return false;
|
|
}
|
|
if (!JS_WrapObject(cx, &constructor))
|
|
return false;
|
|
desc.object().set(wrapper);
|
|
desc.setAttributes(0);
|
|
desc.setGetter(nullptr);
|
|
desc.setSetter(nullptr);
|
|
desc.value().setObject(*constructor);
|
|
return true;
|
|
}
|
|
|
|
// Compute the property name we're looking for. We'll handle indexed
|
|
// properties when we start supporting arrays.
|
|
if (!JSID_IS_STRING(id))
|
|
return true;
|
|
Rooted<JSFlatString*> str(cx, JSID_TO_FLAT_STRING(id));
|
|
|
|
// Scan through the functions.
|
|
const JSFunctionSpec *fsMatch = nullptr;
|
|
for (const JSFunctionSpec *fs = clasp->spec.prototypeFunctions; fs && fs->name; ++fs) {
|
|
if (JS_FlatStringEqualsAscii(str, fs->name)) {
|
|
fsMatch = fs;
|
|
break;
|
|
}
|
|
}
|
|
if (fsMatch) {
|
|
// Generate an Xrayed version of the method.
|
|
RootedFunction fun(cx);
|
|
if (fsMatch->selfHostedName) {
|
|
fun = JS::GetSelfHostedFunction(cx, fsMatch->selfHostedName, id, fsMatch->nargs);
|
|
} else {
|
|
fun = JS_NewFunctionById(cx, fsMatch->call.op, fsMatch->nargs,
|
|
0, wrapper, id);
|
|
}
|
|
if (!fun)
|
|
return false;
|
|
|
|
// The generic Xray machinery only defines non-own properties on the holder.
|
|
// This is broken, and will be fixed at some point, but for now we need to
|
|
// cache the value explicitly. See the corresponding call to
|
|
// JS_GetPropertyById at the top of this function.
|
|
RootedObject funObj(cx, JS_GetFunctionObject(fun));
|
|
return JS_DefinePropertyById(cx, holder, id, funObj, 0) &&
|
|
JS_GetPropertyDescriptorById(cx, holder, id, desc);
|
|
}
|
|
|
|
// Scan through the properties.
|
|
const JSPropertySpec *psMatch = nullptr;
|
|
for (const JSPropertySpec *ps = clasp->spec.prototypeProperties; ps && ps->name; ++ps) {
|
|
if (JS_FlatStringEqualsAscii(str, ps->name)) {
|
|
psMatch = ps;
|
|
break;
|
|
}
|
|
}
|
|
if (psMatch) {
|
|
desc.value().setUndefined();
|
|
// Note that this is also kind of an abuse of JSPROP_NATIVE_ACCESSORS.
|
|
// See bug 992977.
|
|
RootedFunction getterObj(cx);
|
|
RootedFunction setterObj(cx);
|
|
unsigned flags = psMatch->flags;
|
|
if (flags & JSPROP_NATIVE_ACCESSORS) {
|
|
desc.setGetter(psMatch->getter.propertyOp.op);
|
|
desc.setSetter(psMatch->setter.propertyOp.op);
|
|
} else {
|
|
MOZ_ASSERT(flags & JSPROP_GETTER);
|
|
getterObj = JS::GetSelfHostedFunction(cx, psMatch->getter.selfHosted.funname, id, 0);
|
|
if (!getterObj)
|
|
return false;
|
|
desc.setGetterObject(JS_GetFunctionObject(getterObj));
|
|
if (psMatch->setter.selfHosted.funname) {
|
|
MOZ_ASSERT(flags & JSPROP_SETTER);
|
|
setterObj = JS::GetSelfHostedFunction(cx, psMatch->setter.selfHosted.funname, id, 0);
|
|
if (!setterObj)
|
|
return false;
|
|
desc.setSetterObject(JS_GetFunctionObject(setterObj));
|
|
}
|
|
}
|
|
desc.setAttributes(flags);
|
|
|
|
// The generic Xray machinery only defines non-own properties on the holder.
|
|
// This is broken, and will be fixed at some point, but for now we need to
|
|
// cache the value explicitly. See the corresponding call to
|
|
// JS_GetPropertyById at the top of this function.
|
|
//
|
|
// Note also that the public-facing API here doesn't give us a way to
|
|
// pass along JITInfo. It's probably ok though, since Xrays are already
|
|
// pretty slow.
|
|
return JS_DefinePropertyById(cx, holder, id,
|
|
UndefinedHandleValue, desc.attributes(),
|
|
desc.getter(), desc.setter()) &&
|
|
JS_GetPropertyDescriptorById(cx, holder, id, desc);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
JSXrayTraits::delete_(JSContext *cx, HandleObject wrapper, HandleId id, bool *bp)
|
|
{
|
|
RootedObject holder(cx, ensureHolder(cx, wrapper));
|
|
|
|
// If we're using Object Xrays, we allow callers to attempt to delete any
|
|
// property from the underlying object that they are able to resolve. Note
|
|
// that this deleting may fail if the property is non-configurable.
|
|
JSProtoKey key = getProtoKey(holder);
|
|
bool isObjectOrArrayInstance = (key == JSProto_Object || key == JSProto_Array) &&
|
|
!isPrototype(holder);
|
|
if (isObjectOrArrayInstance) {
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
JSAutoCompartment ac(cx, target);
|
|
Rooted<JSPropertyDescriptor> desc(cx);
|
|
if (!getOwnPropertyFromTargetIfSafe(cx, target, wrapper, id, &desc))
|
|
return false;
|
|
if (desc.object())
|
|
return JS_DeletePropertyById2(cx, target, id, bp);
|
|
}
|
|
*bp = true;
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
JSXrayTraits::defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc,
|
|
Handle<JSPropertyDescriptor> existingDesc,
|
|
bool *defined)
|
|
{
|
|
*defined = false;
|
|
RootedObject holder(cx, ensureHolder(cx, wrapper));
|
|
if (!holder)
|
|
return false;
|
|
|
|
|
|
// Object and Array instances are special. For those cases, we forward property
|
|
// definitions to the underlying object if the following conditions are met:
|
|
// * The property being defined is a value-prop.
|
|
// * The property being defined is either a primitive or subsumed by the target.
|
|
// * As seen from the Xray, any existing property that we would overwrite is an
|
|
// |own| value-prop.
|
|
//
|
|
// To avoid confusion, we disallow expandos on Object and Array instances, and
|
|
// therefore raise an exception here if the above conditions aren't met.
|
|
JSProtoKey key = getProtoKey(holder);
|
|
bool isObjectOrArrayInstance = (key == JSProto_Object || key == JSProto_Array) &&
|
|
!isPrototype(holder);
|
|
if (isObjectOrArrayInstance) {
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
if (desc.hasGetterOrSetter()) {
|
|
JS_ReportError(cx, "Not allowed to define accessor property on [Object] or [Array] XrayWrapper");
|
|
return false;
|
|
}
|
|
if (desc.value().isObject() &&
|
|
!AccessCheck::subsumes(target, js::UncheckedUnwrap(&desc.value().toObject())))
|
|
{
|
|
JS_ReportError(cx, "Not allowed to define cross-origin object as property on [Object] or [Array] XrayWrapper");
|
|
return false;
|
|
}
|
|
if (existingDesc.hasGetterOrSetter()) {
|
|
JS_ReportError(cx, "Not allowed to overwrite accessor property on [Object] or [Array] XrayWrapper");
|
|
return false;
|
|
}
|
|
if (existingDesc.object() && existingDesc.object() != wrapper) {
|
|
JS_ReportError(cx, "Not allowed to shadow non-own Xray-resolved property on [Object] or [Array] XrayWrapper");
|
|
return false;
|
|
}
|
|
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!JS_WrapPropertyDescriptor(cx, desc) ||
|
|
!JS_DefinePropertyById(cx, target, id, desc.value(), desc.attributes(),
|
|
JS_PropertyStub, JS_StrictPropertyStub))
|
|
{
|
|
return false;
|
|
}
|
|
*defined = true;
|
|
return true;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
JSXrayTraits::enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props)
|
|
{
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
RootedObject holder(cx, ensureHolder(cx, wrapper));
|
|
if (!holder)
|
|
return false;
|
|
|
|
if (!isPrototype(holder)) {
|
|
JSProtoKey key = getProtoKey(holder);
|
|
// For Object and Array instances, we expose some properties from the underlying
|
|
// object, but only after filtering them carefully.
|
|
if (key == JSProto_Object || key == JSProto_Array) {
|
|
MOZ_ASSERT(props.empty());
|
|
{
|
|
JSAutoCompartment ac(cx, target);
|
|
AutoIdVector targetProps(cx);
|
|
if (!js::GetPropertyNames(cx, target, flags | JSITER_OWNONLY, &targetProps))
|
|
return false;
|
|
// Loop over the properties, and only pass along the ones that
|
|
// we determine to be safe.
|
|
if (!props.reserve(targetProps.length()))
|
|
return false;
|
|
for (size_t i = 0; i < targetProps.length(); ++i) {
|
|
Rooted<JSPropertyDescriptor> desc(cx);
|
|
RootedId id(cx, targetProps[i]);
|
|
if (!getOwnPropertyFromTargetIfSafe(cx, target, wrapper, id, &desc))
|
|
return false;
|
|
if (desc.object())
|
|
props.infallibleAppend(id);
|
|
}
|
|
}
|
|
return true;
|
|
} else if (IsTypedArrayKey(key)) {
|
|
uint32_t length = JS_GetTypedArrayLength(target);
|
|
// TypedArrays enumerate every indexed property in range, but
|
|
// |length| is a getter that lives on the proto, like it should be.
|
|
if (!props.reserve(length))
|
|
return false;
|
|
for (int32_t i = 0; i <= int32_t(length - 1); ++i)
|
|
props.infallibleAppend(INT_TO_JSID(i));
|
|
} else if (key == JSProto_Function) {
|
|
if (!props.append(GetRTIdByIndex(cx, XPCJSRuntime::IDX_LENGTH)))
|
|
return false;
|
|
if (!props.append(GetRTIdByIndex(cx, XPCJSRuntime::IDX_NAME)))
|
|
return false;
|
|
// Handle the .prototype property on standard constructors.
|
|
if (constructorFor(holder) != JSProto_Null) {
|
|
if (!props.append(GetRTIdByIndex(cx, XPCJSRuntime::IDX_PROTOTYPE)))
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// The rest of this function applies only to prototypes.
|
|
return true;
|
|
}
|
|
|
|
// Grab the JSClass. We require all Xrayable classes to have a ClassSpec.
|
|
const js::Class *clasp = js::GetObjectClass(target);
|
|
MOZ_ASSERT(JSCLASS_CACHED_PROTO_KEY(clasp) == getProtoKey(holder));
|
|
MOZ_ASSERT(clasp->spec.defined());
|
|
|
|
// Intern all the strings, and pass theme to the caller.
|
|
for (const JSFunctionSpec *fs = clasp->spec.prototypeFunctions; fs && fs->name; ++fs) {
|
|
RootedString str(cx, JS_InternString(cx, fs->name));
|
|
if (!str)
|
|
return false;
|
|
if (!props.append(INTERNED_STRING_TO_JSID(cx, str)))
|
|
return false;
|
|
}
|
|
for (const JSPropertySpec *ps = clasp->spec.prototypeProperties; ps && ps->name; ++ps) {
|
|
// We have code to Xray self-hosted accessors. But at present, there don't appear
|
|
// to be any self-hosted accessors anywhere in SpiderMonkey, let alone in on an
|
|
// Xrayable class, so we can't test it. Assert against it to make sure that we get
|
|
// test coverage in test_XrayToJS.xul when the time comes.
|
|
MOZ_ASSERT(ps->flags & JSPROP_NATIVE_ACCESSORS,
|
|
"Self-hosted accessor added to Xrayable class - ping the XPConnect "
|
|
"module owner about adding test coverage");
|
|
RootedString str(cx, JS_InternString(cx, ps->name));
|
|
if (!str)
|
|
return false;
|
|
if (!props.append(INTERNED_STRING_TO_JSID(cx, str)))
|
|
return false;
|
|
}
|
|
|
|
// Add the 'constructor' property.
|
|
return props.append(GetRTIdByIndex(cx, XPCJSRuntime::IDX_CONSTRUCTOR));
|
|
}
|
|
|
|
JSObject*
|
|
JSXrayTraits::createHolder(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
RootedObject global(cx, JS_GetGlobalForObject(cx, wrapper));
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
RootedObject holder(cx, JS_NewObjectWithGivenProto(cx, &HolderClass,
|
|
JS::NullPtr(), global));
|
|
if (!holder)
|
|
return nullptr;
|
|
|
|
// Compute information about the target.
|
|
bool isPrototype = false;
|
|
JSProtoKey key = IdentifyStandardInstance(target);
|
|
if (key == JSProto_Null) {
|
|
isPrototype = true;
|
|
key = IdentifyStandardPrototype(target);
|
|
}
|
|
MOZ_ASSERT(key != JSProto_Null);
|
|
|
|
// Store it on the holder.
|
|
RootedValue v(cx);
|
|
v.setNumber(static_cast<uint32_t>(key));
|
|
js::SetReservedSlot(holder, SLOT_PROTOKEY, v);
|
|
v.setBoolean(isPrototype);
|
|
js::SetReservedSlot(holder, SLOT_ISPROTOTYPE, v);
|
|
|
|
// If this is a function, also compute whether it serves as a constructor
|
|
// for a standard class.
|
|
if (key == JSProto_Function) {
|
|
v.setNumber(static_cast<uint32_t>(IdentifyStandardConstructor(target)));
|
|
js::SetReservedSlot(holder, SLOT_CONSTRUCTOR_FOR, v);
|
|
}
|
|
|
|
return holder;
|
|
}
|
|
|
|
XPCWrappedNativeXrayTraits XPCWrappedNativeXrayTraits::singleton;
|
|
DOMXrayTraits DOMXrayTraits::singleton;
|
|
JSXrayTraits JSXrayTraits::singleton;
|
|
|
|
XrayTraits*
|
|
GetXrayTraits(JSObject *obj)
|
|
{
|
|
switch (GetXrayType(obj)) {
|
|
case XrayForDOMObject:
|
|
return &DOMXrayTraits::singleton;
|
|
case XrayForWrappedNative:
|
|
return &XPCWrappedNativeXrayTraits::singleton;
|
|
case XrayForJSObject:
|
|
return &JSXrayTraits::singleton;
|
|
default:
|
|
return nullptr;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Xray expando handling.
|
|
*
|
|
* We hang expandos for Xray wrappers off a reserved slot on the target object
|
|
* so that same-origin compartments can share expandos for a given object. We
|
|
* have a linked list of expando objects, one per origin. The properties on these
|
|
* objects are generally wrappers pointing back to the compartment that applied
|
|
* them.
|
|
*
|
|
* The expando objects should _never_ be exposed to script. The fact that they
|
|
* live in the target compartment is a detail of the implementation, and does
|
|
* not imply that code in the target compartment should be allowed to inspect
|
|
* them. They are private to the origin that placed them.
|
|
*/
|
|
|
|
enum ExpandoSlots {
|
|
JSSLOT_EXPANDO_NEXT = 0,
|
|
JSSLOT_EXPANDO_ORIGIN,
|
|
JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL,
|
|
JSSLOT_EXPANDO_PROTOTYPE,
|
|
JSSLOT_EXPANDO_COUNT
|
|
};
|
|
|
|
static nsIPrincipal*
|
|
ObjectPrincipal(JSObject *obj)
|
|
{
|
|
return GetCompartmentPrincipal(js::GetObjectCompartment(obj));
|
|
}
|
|
|
|
static nsIPrincipal*
|
|
GetExpandoObjectPrincipal(JSObject *expandoObject)
|
|
{
|
|
Value v = JS_GetReservedSlot(expandoObject, JSSLOT_EXPANDO_ORIGIN);
|
|
return static_cast<nsIPrincipal*>(v.toPrivate());
|
|
}
|
|
|
|
static void
|
|
ExpandoObjectFinalize(JSFreeOp *fop, JSObject *obj)
|
|
{
|
|
// Release the principal.
|
|
nsIPrincipal *principal = GetExpandoObjectPrincipal(obj);
|
|
NS_RELEASE(principal);
|
|
}
|
|
|
|
const JSClass ExpandoObjectClass = {
|
|
"XrayExpandoObject",
|
|
JSCLASS_HAS_RESERVED_SLOTS(JSSLOT_EXPANDO_COUNT),
|
|
JS_PropertyStub, JS_DeletePropertyStub, JS_PropertyStub, JS_StrictPropertyStub,
|
|
JS_EnumerateStub, JS_ResolveStub, JS_ConvertStub, ExpandoObjectFinalize
|
|
};
|
|
|
|
bool
|
|
XrayTraits::expandoObjectMatchesConsumer(JSContext *cx,
|
|
HandleObject expandoObject,
|
|
nsIPrincipal *consumerOrigin,
|
|
HandleObject exclusiveGlobal)
|
|
{
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(expandoObject, cx));
|
|
|
|
// First, compare the principals.
|
|
nsIPrincipal *o = GetExpandoObjectPrincipal(expandoObject);
|
|
// Note that it's very important here to ignore document.domain. We
|
|
// pull the principal for the expando object off of the first consumer
|
|
// for a given origin, and freely share the expandos amongst multiple
|
|
// same-origin consumers afterwards. However, this means that we have
|
|
// no way to know whether _all_ consumers have opted in to collaboration
|
|
// by explicitly setting document.domain. So we just mandate that expando
|
|
// sharing is unaffected by it.
|
|
if (!consumerOrigin->Equals(o))
|
|
return false;
|
|
|
|
// Sandboxes want exclusive expando objects.
|
|
JSObject *owner = JS_GetReservedSlot(expandoObject,
|
|
JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL)
|
|
.toObjectOrNull();
|
|
if (!owner && !exclusiveGlobal)
|
|
return true;
|
|
|
|
// The exclusive global should always be wrapped in the target's compartment.
|
|
MOZ_ASSERT(!exclusiveGlobal || js::IsObjectInContextCompartment(exclusiveGlobal, cx));
|
|
MOZ_ASSERT(!owner || js::IsObjectInContextCompartment(owner, cx));
|
|
return owner == exclusiveGlobal;
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::getExpandoObjectInternal(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin,
|
|
JSObject *exclusiveGlobalArg)
|
|
{
|
|
// The expando object lives in the compartment of the target, so all our
|
|
// work needs to happen there.
|
|
RootedObject exclusiveGlobal(cx, exclusiveGlobalArg);
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!JS_WrapObject(cx, &exclusiveGlobal))
|
|
return nullptr;
|
|
|
|
// Iterate through the chain, looking for a same-origin object.
|
|
RootedObject head(cx, getExpandoChain(target));
|
|
while (head) {
|
|
if (expandoObjectMatchesConsumer(cx, head, origin, exclusiveGlobal))
|
|
return head;
|
|
head = JS_GetReservedSlot(head, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
|
|
}
|
|
|
|
// Not found.
|
|
return nullptr;
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::getExpandoObject(JSContext *cx, HandleObject target, HandleObject consumer)
|
|
{
|
|
JSObject *consumerGlobal = js::GetGlobalForObjectCrossCompartment(consumer);
|
|
bool isSandbox = !strcmp(js::GetObjectJSClass(consumerGlobal)->name, "Sandbox");
|
|
return getExpandoObjectInternal(cx, target, ObjectPrincipal(consumer),
|
|
isSandbox ? consumerGlobal : nullptr);
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::attachExpandoObject(JSContext *cx, HandleObject target,
|
|
nsIPrincipal *origin, HandleObject exclusiveGlobal)
|
|
{
|
|
// Make sure the compartments are sane.
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(target, cx));
|
|
MOZ_ASSERT(!exclusiveGlobal || js::IsObjectInContextCompartment(exclusiveGlobal, cx));
|
|
|
|
// No duplicates allowed.
|
|
MOZ_ASSERT(!getExpandoObjectInternal(cx, target, origin, exclusiveGlobal));
|
|
|
|
// Create the expando object. We parent it directly to the target object.
|
|
RootedObject expandoObject(cx, JS_NewObjectWithGivenProto(cx, &ExpandoObjectClass,
|
|
JS::NullPtr(), target));
|
|
if (!expandoObject)
|
|
return nullptr;
|
|
|
|
// AddRef and store the principal.
|
|
NS_ADDREF(origin);
|
|
JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_ORIGIN, PRIVATE_TO_JSVAL(origin));
|
|
|
|
// Note the exclusive global, if any.
|
|
JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL,
|
|
OBJECT_TO_JSVAL(exclusiveGlobal));
|
|
|
|
// If this is our first expando object, take the opportunity to preserve
|
|
// the wrapper. This keeps our expandos alive even if the Xray wrapper gets
|
|
// collected.
|
|
RootedObject chain(cx, getExpandoChain(target));
|
|
if (!chain)
|
|
preserveWrapper(target);
|
|
|
|
// Insert it at the front of the chain.
|
|
JS_SetReservedSlot(expandoObject, JSSLOT_EXPANDO_NEXT, OBJECT_TO_JSVAL(chain));
|
|
setExpandoChain(cx, target, expandoObject);
|
|
|
|
return expandoObject;
|
|
}
|
|
|
|
JSObject *
|
|
XrayTraits::ensureExpandoObject(JSContext *cx, HandleObject wrapper,
|
|
HandleObject target)
|
|
{
|
|
// Expando objects live in the target compartment.
|
|
JSAutoCompartment ac(cx, target);
|
|
JSObject *expandoObject = getExpandoObject(cx, target, wrapper);
|
|
if (!expandoObject) {
|
|
// If the object is a sandbox, we don't want it to share expandos with
|
|
// anyone else, so we tag it with the sandbox global.
|
|
//
|
|
// NB: We first need to check the class, _then_ wrap for the target's
|
|
// compartment.
|
|
RootedObject consumerGlobal(cx, js::GetGlobalForObjectCrossCompartment(wrapper));
|
|
bool isSandbox = !strcmp(js::GetObjectJSClass(consumerGlobal)->name, "Sandbox");
|
|
if (!JS_WrapObject(cx, &consumerGlobal))
|
|
return nullptr;
|
|
expandoObject = attachExpandoObject(cx, target, ObjectPrincipal(wrapper),
|
|
isSandbox ? (HandleObject)consumerGlobal : NullPtr());
|
|
}
|
|
return expandoObject;
|
|
}
|
|
|
|
bool
|
|
XrayTraits::cloneExpandoChain(JSContext *cx, HandleObject dst, HandleObject src)
|
|
{
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(dst, cx));
|
|
MOZ_ASSERT(getExpandoChain(dst) == nullptr);
|
|
|
|
RootedObject oldHead(cx, getExpandoChain(src));
|
|
while (oldHead) {
|
|
RootedObject exclusive(cx, JS_GetReservedSlot(oldHead,
|
|
JSSLOT_EXPANDO_EXCLUSIVE_GLOBAL)
|
|
.toObjectOrNull());
|
|
if (!JS_WrapObject(cx, &exclusive))
|
|
return false;
|
|
RootedObject newHead(cx, attachExpandoObject(cx, dst, GetExpandoObjectPrincipal(oldHead),
|
|
exclusive));
|
|
if (!JS_CopyPropertiesFrom(cx, newHead, oldHead))
|
|
return false;
|
|
oldHead = JS_GetReservedSlot(oldHead, JSSLOT_EXPANDO_NEXT).toObjectOrNull();
|
|
}
|
|
return true;
|
|
}
|
|
|
|
namespace XrayUtils {
|
|
bool CloneExpandoChain(JSContext *cx, JSObject *dstArg, JSObject *srcArg)
|
|
{
|
|
RootedObject dst(cx, dstArg);
|
|
RootedObject src(cx, srcArg);
|
|
return GetXrayTraits(src)->cloneExpandoChain(cx, dst, src);
|
|
}
|
|
}
|
|
|
|
static JSObject *
|
|
GetHolder(JSObject *obj)
|
|
{
|
|
return &js::GetProxyExtra(obj, 0).toObject();
|
|
}
|
|
|
|
JSObject*
|
|
XrayTraits::getHolder(JSObject *wrapper)
|
|
{
|
|
MOZ_ASSERT(WrapperFactory::IsXrayWrapper(wrapper));
|
|
js::Value v = js::GetProxyExtra(wrapper, 0);
|
|
return v.isObject() ? &v.toObject() : nullptr;
|
|
}
|
|
|
|
JSObject*
|
|
XrayTraits::ensureHolder(JSContext *cx, HandleObject wrapper)
|
|
{
|
|
RootedObject holder(cx, getHolder(wrapper));
|
|
if (holder)
|
|
return holder;
|
|
holder = createHolder(cx, wrapper); // virtual trap.
|
|
if (holder)
|
|
js::SetProxyExtra(wrapper, 0, ObjectValue(*holder));
|
|
return holder;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::isResolving(JSContext *cx, JSObject *holder,
|
|
jsid id)
|
|
{
|
|
ResolvingId *cur = ResolvingId::getResolvingId(holder);
|
|
if (!cur)
|
|
return false;
|
|
return cur->isResolving(id);
|
|
}
|
|
|
|
namespace XrayUtils {
|
|
|
|
bool
|
|
IsXPCWNHolderClass(const JSClass *clasp)
|
|
{
|
|
return clasp == &XPCWrappedNativeXrayTraits::HolderClass;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
// Some DOM objects have shared properties that don't have an explicit
|
|
// getter/setter and rely on the class getter/setter. We install a
|
|
// class getter/setter on the holder object to trigger them.
|
|
bool
|
|
holder_get(JSContext *cx, HandleObject wrapper, HandleId id, MutableHandleValue vp)
|
|
{
|
|
// JSClass::getProperty is wacky enough that it's hard to be sure someone
|
|
// can't inherit this getter by prototyping a random object to an
|
|
// XrayWrapper. Be safe.
|
|
NS_ENSURE_TRUE(WrapperFactory::IsXrayWrapper(wrapper), true);
|
|
JSObject *holder = GetHolder(wrapper);
|
|
|
|
XPCWrappedNative *wn = XPCWrappedNativeXrayTraits::getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantGetProperty)) {
|
|
JSAutoCompartment ac(cx, holder);
|
|
bool retval = true;
|
|
nsresult rv = wn->GetScriptableCallback()->GetProperty(wn, cx, wrapper,
|
|
id, vp.address(), &retval);
|
|
if (NS_FAILED(rv) || !retval) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
holder_set(JSContext *cx, HandleObject wrapper, HandleId id, bool strict, MutableHandleValue vp)
|
|
{
|
|
// JSClass::setProperty is wacky enough that it's hard to be sure someone
|
|
// can't inherit this getter by prototyping a random object to an
|
|
// XrayWrapper. Be safe.
|
|
NS_ENSURE_TRUE(WrapperFactory::IsXrayWrapper(wrapper), true);
|
|
JSObject *holder = GetHolder(wrapper);
|
|
if (XPCWrappedNativeXrayTraits::isResolving(cx, holder, id)) {
|
|
return true;
|
|
}
|
|
|
|
XPCWrappedNative *wn = XPCWrappedNativeXrayTraits::getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantSetProperty)) {
|
|
JSAutoCompartment ac(cx, holder);
|
|
bool retval = true;
|
|
nsresult rv = wn->GetScriptableCallback()->SetProperty(wn, cx, wrapper,
|
|
id, vp.address(), &retval);
|
|
if (NS_FAILED(rv) || !retval) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
class AutoSetWrapperNotShadowing
|
|
{
|
|
public:
|
|
AutoSetWrapperNotShadowing(ResolvingId *resolvingId MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
|
|
{
|
|
MOZ_GUARD_OBJECT_NOTIFIER_INIT;
|
|
MOZ_ASSERT(resolvingId);
|
|
mResolvingId = resolvingId;
|
|
mResolvingId->mXrayShadowing = true;
|
|
}
|
|
|
|
~AutoSetWrapperNotShadowing()
|
|
{
|
|
mResolvingId->mXrayShadowing = false;
|
|
}
|
|
|
|
private:
|
|
MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
|
|
ResolvingId *mResolvingId;
|
|
};
|
|
|
|
// This is called after the resolveNativeProperty could not find any property
|
|
// with the given id. At this point we can check for DOM specific collections
|
|
// like document["formName"] because we already know that it is not shadowing
|
|
// any native property.
|
|
bool
|
|
XPCWrappedNativeXrayTraits::resolveDOMCollectionProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc)
|
|
{
|
|
// If we are not currently resolving this id and resolveNative is called
|
|
// we don't do anything. (see defineProperty in case of shadowing is forbidden).
|
|
ResolvingId *rid = ResolvingId::getResolvingId(holder);
|
|
if (!rid || rid->mId != id)
|
|
return true;
|
|
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
if (!wn) {
|
|
// This should NEVER happen, but let's be extra careful here
|
|
// because of the reported crashes (Bug 832091).
|
|
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
|
|
return false;
|
|
}
|
|
if (!NATIVE_HAS_FLAG(wn, WantNewResolve))
|
|
return true;
|
|
|
|
ResolvingId *resolvingId = ResolvingId::getResolvingIdFromWrapper(wrapper);
|
|
if (!resolvingId) {
|
|
// This should NEVER happen, but let's be extra careful here
|
|
// becaue of the reported crashes (Bug 832091).
|
|
XPCThrower::Throw(NS_ERROR_UNEXPECTED, cx);
|
|
return false;
|
|
}
|
|
|
|
// Setting the current ResolvingId in non-shadowing mode. So for this id
|
|
// Xray won't ignore DOM specific collection properties temporarily.
|
|
AutoSetWrapperNotShadowing asw(resolvingId);
|
|
|
|
bool retval = true;
|
|
RootedObject pobj(cx);
|
|
nsresult rv = wn->GetScriptableInfo()->GetCallback()->NewResolve(wn, cx, wrapper, id,
|
|
pobj.address(), &retval);
|
|
if (NS_FAILED(rv)) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
|
|
if (pobj && !JS_GetPropertyDescriptorById(cx, holder, id, desc))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
static nsGlobalWindow*
|
|
AsWindow(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
nsGlobalWindow* win;
|
|
// We want to use our target object here, since we don't want to be
|
|
// doing a security check while unwrapping.
|
|
JSObject* target = XrayTraits::getTargetObject(wrapper);
|
|
nsresult rv = UNWRAP_OBJECT(Window, target, win);
|
|
if (NS_SUCCEEDED(rv))
|
|
return win;
|
|
|
|
nsCOMPtr<nsPIDOMWindow> piWin = do_QueryInterface(
|
|
nsContentUtils::XPConnect()->GetNativeOfWrapper(cx, target));
|
|
return static_cast<nsGlobalWindow*>(piWin.get());
|
|
}
|
|
|
|
static bool
|
|
IsWindow(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
return !!AsWindow(cx, wrapper);
|
|
}
|
|
|
|
static nsQueryInterface
|
|
do_QueryInterfaceNative(JSContext* cx, HandleObject wrapper);
|
|
|
|
void
|
|
XPCWrappedNativeXrayTraits::preserveWrapper(JSObject *target)
|
|
{
|
|
XPCWrappedNative *wn = XPCWrappedNative::Get(target);
|
|
nsRefPtr<nsXPCClassInfo> ci;
|
|
CallQueryInterface(wn->Native(), getter_AddRefs(ci));
|
|
if (ci)
|
|
ci->PreserveWrapper(wn->Native());
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc)
|
|
{
|
|
MOZ_ASSERT(js::GetObjectJSClass(holder) == &HolderClass);
|
|
|
|
desc.object().set(nullptr);
|
|
|
|
// This will do verification and the method lookup for us.
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
XPCCallContext ccx(JS_CALLER, cx, target, NullPtr(), id);
|
|
|
|
// There are no native numeric properties, so we can shortcut here. We will
|
|
// not find the property. However we want to support non shadowing dom
|
|
// specific collection properties like window.frames, so we still have to
|
|
// check for those.
|
|
if (!JSID_IS_STRING(id)) {
|
|
/* Not found */
|
|
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc);
|
|
}
|
|
|
|
|
|
// The |controllers| property is accessible as a [ChromeOnly] property on
|
|
// Window.WebIDL, and [noscript] in XPIDL. Chrome needs to see this over
|
|
// Xray, so we need to special-case it until we move |Window| to WebIDL.
|
|
nsGlobalWindow *win = nullptr;
|
|
if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_CONTROLLERS) &&
|
|
AccessCheck::isChrome(wrapper) &&
|
|
(win = AsWindow(cx, wrapper)))
|
|
{
|
|
nsCOMPtr<nsIControllers> c;
|
|
nsresult rv = win->GetControllers(getter_AddRefs(c));
|
|
if (NS_SUCCEEDED(rv) && c) {
|
|
rv = nsXPConnect::XPConnect()->WrapNativeToJSVal(cx, CurrentGlobalOrNull(cx),
|
|
c, nullptr, nullptr, true,
|
|
desc.value());
|
|
}
|
|
|
|
if (NS_FAILED(rv) || !c) {
|
|
JS_ReportError(cx, "Failed to invoke GetControllers via Xrays");
|
|
return false;
|
|
}
|
|
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
// The |realFrameElement| property is accessible as a [ChromeOnly] property
|
|
// on Window.WebIDL, and [noscript] in XPIDL. Chrome needs to see this over
|
|
// Xray, so we need to special-case it until we move |Window| to WebIDL.
|
|
if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_REALFRAMEELEMENT) &&
|
|
AccessCheck::isChrome(wrapper) &&
|
|
(win = AsWindow(cx, wrapper)))
|
|
{
|
|
ErrorResult rv;
|
|
Element* f = win->GetRealFrameElement(rv);
|
|
if (!f) {
|
|
desc.object().set(nullptr);
|
|
return true;
|
|
}
|
|
|
|
if (!WrapNewBindingObject(cx, f, desc.value())) {
|
|
return false;
|
|
}
|
|
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
XPCNativeInterface *iface;
|
|
XPCNativeMember *member;
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
|
|
if (ccx.GetWrapper() != wn || !wn->IsValid()) {
|
|
// Something is wrong. If the wrapper is not even valid let's not risk
|
|
// calling resolveDOMCollectionProperty.
|
|
return true;
|
|
} else if (!(iface = ccx.GetInterface()) ||
|
|
!(member = ccx.GetMember())) {
|
|
/* Not found */
|
|
return resolveDOMCollectionProperty(cx, wrapper, holder, id, desc);
|
|
}
|
|
|
|
desc.object().set(holder);
|
|
desc.setAttributes(JSPROP_ENUMERATE);
|
|
desc.setGetter(nullptr);
|
|
desc.setSetter(nullptr);
|
|
desc.value().set(JSVAL_VOID);
|
|
|
|
RootedValue fval(cx, JSVAL_VOID);
|
|
if (member->IsConstant()) {
|
|
if (!member->GetConstantValue(ccx, iface, desc.value().address())) {
|
|
JS_ReportError(cx, "Failed to convert constant native property to JS value");
|
|
return false;
|
|
}
|
|
} else if (member->IsAttribute()) {
|
|
// This is a getter/setter. Clone a function for it.
|
|
if (!member->NewFunctionObject(ccx, iface, wrapper, fval.address())) {
|
|
JS_ReportError(cx, "Failed to clone function object for native getter/setter");
|
|
return false;
|
|
}
|
|
|
|
unsigned attrs = desc.attributes();
|
|
attrs |= JSPROP_GETTER;
|
|
if (member->IsWritableAttribute())
|
|
attrs |= JSPROP_SETTER;
|
|
|
|
// Make the property shared on the holder so no slot is allocated
|
|
// for it. This avoids keeping garbage alive through that slot.
|
|
attrs |= JSPROP_SHARED;
|
|
desc.setAttributes(attrs);
|
|
} else {
|
|
// This is a method. Clone a function for it.
|
|
if (!member->NewFunctionObject(ccx, iface, wrapper, desc.value().address())) {
|
|
JS_ReportError(cx, "Failed to clone function object for native function");
|
|
return false;
|
|
}
|
|
|
|
// Without a wrapper the function would live on the prototype. Since we
|
|
// don't have one, we have to avoid calling the scriptable helper's
|
|
// GetProperty method for this property, so stub out the getter and
|
|
// setter here explicitly.
|
|
desc.setGetter(JS_PropertyStub);
|
|
desc.setSetter(JS_StrictPropertyStub);
|
|
}
|
|
|
|
if (!JS_WrapValue(cx, desc.value()) || !JS_WrapValue(cx, &fval))
|
|
return false;
|
|
|
|
if (desc.hasGetterObject())
|
|
desc.setGetterObject(&fval.toObject());
|
|
if (desc.hasSetterObject())
|
|
desc.setSetterObject(&fval.toObject());
|
|
|
|
// Define the property.
|
|
return JS_DefinePropertyById(cx, holder, id, desc.value(), desc.attributes(),
|
|
desc.getter(), desc.setter());
|
|
}
|
|
|
|
static bool
|
|
wrappedJSObject_getter(JSContext *cx, HandleObject wrapper, HandleId id, MutableHandleValue vp)
|
|
{
|
|
if (!IsWrapper(wrapper) || !WrapperFactory::IsXrayWrapper(wrapper)) {
|
|
JS_ReportError(cx, "Unexpected object");
|
|
return false;
|
|
}
|
|
|
|
vp.set(OBJECT_TO_JSVAL(wrapper));
|
|
|
|
return WrapperFactory::WaiveXrayAndWrap(cx, vp);
|
|
}
|
|
|
|
bool
|
|
XrayTraits::resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper,
|
|
HandleObject wrapper, HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc)
|
|
{
|
|
desc.object().set(nullptr);
|
|
RootedObject target(cx, getTargetObject(wrapper));
|
|
RootedObject expando(cx, getExpandoObject(cx, target, wrapper));
|
|
|
|
// Check for expando properties first. Note that the expando object lives
|
|
// in the target compartment.
|
|
bool found = false;
|
|
if (expando) {
|
|
JSAutoCompartment ac(cx, expando);
|
|
if (!JS_GetPropertyDescriptorById(cx, expando, id, desc))
|
|
return false;
|
|
found = !!desc.object();
|
|
}
|
|
|
|
// Next, check for ES builtins.
|
|
if (!found && JS_IsGlobalObject(target)) {
|
|
JSProtoKey key = JS_IdToProtoKey(cx, id);
|
|
JSAutoCompartment ac(cx, target);
|
|
if (key != JSProto_Null) {
|
|
MOZ_ASSERT(key < JSProto_LIMIT);
|
|
RootedObject constructor(cx);
|
|
if (!JS_GetClassObject(cx, key, &constructor))
|
|
return false;
|
|
MOZ_ASSERT(constructor);
|
|
desc.value().set(ObjectValue(*constructor));
|
|
found = true;
|
|
} else if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_EVAL)) {
|
|
RootedObject eval(cx);
|
|
if (!js::GetOriginalEval(cx, target, &eval))
|
|
return false;
|
|
desc.value().set(ObjectValue(*eval));
|
|
found = true;
|
|
}
|
|
}
|
|
|
|
if (found) {
|
|
if (!JS_WrapPropertyDescriptor(cx, desc))
|
|
return false;
|
|
// Pretend the property lives on the wrapper.
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
// Handle .wrappedJSObject for subsuming callers. This should move once we
|
|
// sort out own-ness for the holder.
|
|
if (id == GetRTIdByIndex(cx, XPCJSRuntime::IDX_WRAPPED_JSOBJECT) &&
|
|
AccessCheck::wrapperSubsumes(wrapper))
|
|
{
|
|
if (!JS_AlreadyHasOwnPropertyById(cx, holder, id, &found))
|
|
return false;
|
|
if (!found && !JS_DefinePropertyById(cx, holder, id, UndefinedHandleValue,
|
|
JSPROP_ENUMERATE | JSPROP_SHARED,
|
|
wrappedJSObject_getter)) {
|
|
return false;
|
|
}
|
|
if (!JS_GetPropertyDescriptorById(cx, holder, id, desc))
|
|
return false;
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
XrayTraits::set(JSContext *cx, HandleObject wrapper, HandleObject receiver, HandleId id,
|
|
bool strict, MutableHandleValue vp)
|
|
{
|
|
// Skip our Base if it isn't already BaseProxyHandler.
|
|
js::BaseProxyHandler *handler = js::GetProxyHandler(wrapper);
|
|
return handler->js::BaseProxyHandler::set(cx, wrapper, receiver, id, strict, vp);
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper,
|
|
HandleObject wrapper, HandleObject holder,
|
|
HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc)
|
|
{
|
|
// Call the common code.
|
|
bool ok = XrayTraits::resolveOwnProperty(cx, jsWrapper, wrapper, holder,
|
|
id, desc);
|
|
if (!ok || desc.object())
|
|
return ok;
|
|
|
|
// Check for indexed access on a window.
|
|
int32_t index = GetArrayIndexFromId(cx, id);
|
|
if (IsArrayIndex(index)) {
|
|
nsGlobalWindow* win = AsWindow(cx, wrapper);
|
|
// Note: As() unwraps outer windows to get to the inner window.
|
|
if (win) {
|
|
bool unused;
|
|
nsCOMPtr<nsIDOMWindow> subframe = win->IndexedGetter(index, unused);
|
|
if (subframe) {
|
|
nsGlobalWindow* global = static_cast<nsGlobalWindow*>(subframe.get());
|
|
global->EnsureInnerWindow();
|
|
JSObject* obj = global->FastGetGlobalJSObject();
|
|
if (MOZ_UNLIKELY(!obj)) {
|
|
// It's gone?
|
|
return xpc::Throw(cx, NS_ERROR_FAILURE);
|
|
}
|
|
desc.value().setObject(*obj);
|
|
FillPropertyDescriptor(desc, wrapper, true);
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Xray wrappers don't use the regular wrapper hierarchy, so we should be
|
|
// in the wrapper's compartment here, not the wrappee.
|
|
MOZ_ASSERT(js::IsObjectInContextCompartment(wrapper, cx));
|
|
|
|
bool hasProp;
|
|
if (!JS_HasPropertyById(cx, holder, id, &hasProp)) {
|
|
return false;
|
|
}
|
|
if (!hasProp) {
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
|
|
// Run the resolve hook of the wrapped native.
|
|
if (!NATIVE_HAS_FLAG(wn, WantNewResolve)) {
|
|
return true;
|
|
}
|
|
|
|
bool retval = true;
|
|
RootedObject pobj(cx);
|
|
nsIXPCScriptable *callback = wn->GetScriptableInfo()->GetCallback();
|
|
nsresult rv = callback->NewResolve(wn, cx, wrapper, id, pobj.address(),
|
|
&retval);
|
|
if (NS_FAILED(rv)) {
|
|
if (retval)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
|
|
MOZ_ASSERT(!pobj || (JS_HasPropertyById(cx, holder, id, &hasProp) &&
|
|
hasProp), "id got defined somewhere else?");
|
|
}
|
|
|
|
// resolveOwnProperty must return a non-empty |desc| if and only if an |own|
|
|
// property was found on the object. However, given how the NewResolve setup
|
|
// works, we can't run the resolve hook if the holder already has a property
|
|
// of the same name. So if there was a pre-existing property on the holder,
|
|
// we have to use it. But we have no way of knowing if it corresponded to an
|
|
// |own| or non-|own| property, since both get cached on the holder and the
|
|
// |own|-ness information is lost.
|
|
//
|
|
// So we just over-zealously call things |own| here. This can cause us to
|
|
// return non-|own| properties from Object.getOwnPropertyDescriptor if
|
|
// lookups are performed in a certain order, but we can probably live with
|
|
// that until XPCWN Xrays go away with the new DOM bindings.
|
|
return JS_GetPropertyDescriptorById(cx, holder, id, desc);
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc,
|
|
Handle<JSPropertyDescriptor> existingDesc, bool *defined)
|
|
{
|
|
*defined = false;
|
|
RootedObject holder(cx, singleton.ensureHolder(cx, wrapper));
|
|
if (isResolving(cx, holder, id)) {
|
|
if (!desc.hasAttributes(JSPROP_GETTER | JSPROP_SETTER)) {
|
|
if (!desc.getter())
|
|
desc.setGetter(holder_get);
|
|
if (!desc.setter())
|
|
desc.setSetter(holder_set);
|
|
}
|
|
|
|
*defined = true;
|
|
return JS_DefinePropertyById(cx, holder, id, desc.value(), desc.attributes(),
|
|
desc.getter(), desc.setter());
|
|
}
|
|
|
|
// Check for an indexed property on a Window. If that's happening, do
|
|
// nothing but claim we defined it so it won't get added as an expando.
|
|
int32_t index = GetArrayIndexFromId(cx, id);
|
|
if (IsArrayIndex(index) && IsWindow(cx, wrapper)) {
|
|
*defined = true;
|
|
return true;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props)
|
|
{
|
|
// Force all native properties to be materialized onto the wrapped native.
|
|
AutoIdVector wnProps(cx);
|
|
{
|
|
RootedObject target(cx, singleton.getTargetObject(wrapper));
|
|
JSAutoCompartment ac(cx, target);
|
|
if (!js::GetPropertyNames(cx, target, flags, &wnProps))
|
|
return false;
|
|
}
|
|
|
|
// Go through the properties we got and enumerate all native ones.
|
|
if (!props.reserve(wnProps.length()))
|
|
return false;
|
|
for (size_t n = 0; n < wnProps.length(); ++n) {
|
|
RootedId id(cx, wnProps[n]);
|
|
bool hasProp;
|
|
if (!JS_HasPropertyById(cx, wrapper, id, &hasProp))
|
|
return false;
|
|
if (hasProp)
|
|
props.infallibleAppend(id);
|
|
}
|
|
return true;
|
|
}
|
|
|
|
JSObject *
|
|
XPCWrappedNativeXrayTraits::createHolder(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
RootedObject global(cx, JS_GetGlobalForObject(cx, wrapper));
|
|
JSObject *holder = JS_NewObjectWithGivenProto(cx, &HolderClass, JS::NullPtr(),
|
|
global);
|
|
if (!holder)
|
|
return nullptr;
|
|
|
|
js::SetReservedSlot(holder, JSSLOT_RESOLVING, PrivateValue(nullptr));
|
|
return holder;
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::call(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args,
|
|
const js::Wrapper& baseInstance)
|
|
{
|
|
// Run the resolve hook of the wrapped native.
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantCall)) {
|
|
XPCCallContext ccx(JS_CALLER, cx, wrapper, NullPtr(), JSID_VOIDHANDLE, args.length(),
|
|
args.array(), args.rval().address());
|
|
if (!ccx.IsValid())
|
|
return false;
|
|
bool ok = true;
|
|
nsresult rv = wn->GetScriptableInfo()->GetCallback()->Call(
|
|
wn, cx, wrapper, args, &ok);
|
|
if (NS_FAILED(rv)) {
|
|
if (ok)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
bool
|
|
XPCWrappedNativeXrayTraits::construct(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args,
|
|
const js::Wrapper& baseInstance)
|
|
{
|
|
// Run the resolve hook of the wrapped native.
|
|
XPCWrappedNative *wn = getWN(wrapper);
|
|
if (NATIVE_HAS_FLAG(wn, WantConstruct)) {
|
|
XPCCallContext ccx(JS_CALLER, cx, wrapper, NullPtr(), JSID_VOIDHANDLE, args.length(),
|
|
args.array(), args.rval().address());
|
|
if (!ccx.IsValid())
|
|
return false;
|
|
bool ok = true;
|
|
nsresult rv = wn->GetScriptableInfo()->GetCallback()->Construct(
|
|
wn, cx, wrapper, args, &ok);
|
|
if (NS_FAILED(rv)) {
|
|
if (ok)
|
|
XPCThrower::Throw(rv, cx);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::resolveNativeProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc)
|
|
{
|
|
RootedObject obj(cx, getTargetObject(wrapper));
|
|
if (!XrayResolveNativeProperty(cx, wrapper, obj, id, desc))
|
|
return false;
|
|
|
|
MOZ_ASSERT(!desc.object() || desc.object() == wrapper, "What did we resolve this on?");
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::resolveOwnProperty(JSContext *cx, const Wrapper &jsWrapper, HandleObject wrapper,
|
|
HandleObject holder, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc)
|
|
{
|
|
// Call the common code.
|
|
bool ok = XrayTraits::resolveOwnProperty(cx, jsWrapper, wrapper, holder, id, desc);
|
|
if (!ok || desc.object())
|
|
return ok;
|
|
|
|
// Check for indexed access on a window.
|
|
int32_t index = GetArrayIndexFromId(cx, id);
|
|
if (IsArrayIndex(index)) {
|
|
nsGlobalWindow* win = AsWindow(cx, wrapper);
|
|
// Note: As() unwraps outer windows to get to the inner window.
|
|
if (win) {
|
|
bool unused;
|
|
nsCOMPtr<nsIDOMWindow> subframe = win->IndexedGetter(index, unused);
|
|
if (subframe) {
|
|
nsGlobalWindow* global = static_cast<nsGlobalWindow*>(subframe.get());
|
|
global->EnsureInnerWindow();
|
|
JSObject* obj = global->FastGetGlobalJSObject();
|
|
if (MOZ_UNLIKELY(!obj)) {
|
|
// It's gone?
|
|
return xpc::Throw(cx, NS_ERROR_FAILURE);
|
|
}
|
|
desc.value().setObject(*obj);
|
|
FillPropertyDescriptor(desc, wrapper, true);
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
}
|
|
}
|
|
}
|
|
|
|
RootedObject obj(cx, getTargetObject(wrapper));
|
|
if (!XrayResolveOwnProperty(cx, wrapper, obj, id, desc))
|
|
return false;
|
|
|
|
MOZ_ASSERT(!desc.object() || desc.object() == wrapper, "What did we resolve this on?");
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::defineProperty(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
MutableHandle<JSPropertyDescriptor> desc,
|
|
Handle<JSPropertyDescriptor> existingDesc, bool *defined)
|
|
{
|
|
// Check for an indexed property on a Window. If that's happening, do
|
|
// nothing but claim we defined it so it won't get added as an expando.
|
|
if (IsWindow(cx, wrapper)) {
|
|
int32_t index = GetArrayIndexFromId(cx, id);
|
|
if (IsArrayIndex(index)) {
|
|
*defined = true;
|
|
return true;
|
|
}
|
|
}
|
|
|
|
if (!existingDesc.object())
|
|
return true;
|
|
|
|
JS::Rooted<JSObject*> obj(cx, getTargetObject(wrapper));
|
|
return XrayDefineProperty(cx, wrapper, obj, id, desc, defined);
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::set(JSContext *cx, HandleObject wrapper, HandleObject receiver, HandleId id,
|
|
bool strict, MutableHandleValue vp)
|
|
{
|
|
MOZ_ASSERT(xpc::WrapperFactory::IsXrayWrapper(wrapper));
|
|
RootedObject obj(cx, getTargetObject(wrapper));
|
|
if (IsDOMProxy(obj)) {
|
|
DOMProxyHandler* handler = GetDOMProxyHandler(obj);
|
|
|
|
bool done;
|
|
if (!handler->setCustom(cx, obj, id, vp, &done))
|
|
return false;
|
|
if (done)
|
|
return true;
|
|
}
|
|
return XrayTraits::set(cx, wrapper, receiver, id, strict, vp);
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::enumerateNames(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props)
|
|
{
|
|
JS::Rooted<JSObject*> obj(cx, getTargetObject(wrapper));
|
|
return XrayEnumerateProperties(cx, wrapper, obj, flags, props);
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::call(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance)
|
|
{
|
|
RootedObject obj(cx, getTargetObject(wrapper));
|
|
const js::Class* clasp = js::GetObjectClass(obj);
|
|
// What we have is either a WebIDL interface object, a WebIDL prototype
|
|
// object, or a WebIDL instance object. WebIDL prototype objects never have
|
|
// a clasp->call. WebIDL interface objects we want to invoke on the xray
|
|
// compartment. WebIDL instance objects either don't have a clasp->call or
|
|
// are using "legacycaller", which basically means plug-ins. We want to
|
|
// call those on the content compartment.
|
|
if (clasp->flags & JSCLASS_IS_DOMIFACEANDPROTOJSCLASS) {
|
|
if (!clasp->call) {
|
|
RootedValue v(cx, ObjectValue(*wrapper));
|
|
js_ReportIsNotFunction(cx, v);
|
|
return false;
|
|
}
|
|
// call it on the Xray compartment
|
|
if (!clasp->call(cx, args.length(), args.base()))
|
|
return false;
|
|
} else {
|
|
// This is only reached for WebIDL instance objects, and in practice
|
|
// only for plugins. Just call them on the content compartment.
|
|
if (!baseInstance.call(cx, wrapper, args))
|
|
return false;
|
|
}
|
|
return JS_WrapValue(cx, args.rval());
|
|
}
|
|
|
|
bool
|
|
DOMXrayTraits::construct(JSContext *cx, HandleObject wrapper,
|
|
const JS::CallArgs &args, const js::Wrapper& baseInstance)
|
|
{
|
|
RootedObject obj(cx, getTargetObject(wrapper));
|
|
MOZ_ASSERT(mozilla::dom::HasConstructor(obj));
|
|
const js::Class* clasp = js::GetObjectClass(obj);
|
|
// See comments in DOMXrayTraits::call() explaining what's going on here.
|
|
if (clasp->flags & JSCLASS_IS_DOMIFACEANDPROTOJSCLASS) {
|
|
if (!clasp->construct) {
|
|
RootedValue v(cx, ObjectValue(*wrapper));
|
|
js_ReportIsNotFunction(cx, v);
|
|
return false;
|
|
}
|
|
if (!clasp->construct(cx, args.length(), args.base()))
|
|
return false;
|
|
} else {
|
|
if (!baseInstance.construct(cx, wrapper, args))
|
|
return false;
|
|
}
|
|
if (!args.rval().isObject() || !JS_WrapValue(cx, args.rval()))
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
void
|
|
DOMXrayTraits::preserveWrapper(JSObject *target)
|
|
{
|
|
nsISupports *identity = mozilla::dom::UnwrapDOMObjectToISupports(target);
|
|
if (!identity)
|
|
return;
|
|
nsWrapperCache* cache = nullptr;
|
|
CallQueryInterface(identity, &cache);
|
|
if (cache)
|
|
cache->PreserveWrapper(identity);
|
|
}
|
|
|
|
JSObject*
|
|
DOMXrayTraits::createHolder(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
RootedObject global(cx, JS_GetGlobalForObject(cx, wrapper));
|
|
return JS_NewObjectWithGivenProto(cx, nullptr, JS::NullPtr(), global);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
XrayWrapper<Base, Traits>::XrayWrapper(unsigned flags)
|
|
: Base(flags | WrapperFactory::IS_XRAY_WRAPPER_FLAG, /* hasPrototype = */ Traits::HasPrototype)
|
|
{
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
XrayWrapper<Base, Traits>::~XrayWrapper()
|
|
{
|
|
}
|
|
|
|
namespace XrayUtils {
|
|
|
|
JSObject *
|
|
GetNativePropertiesObject(JSContext *cx, JSObject *wrapper)
|
|
{
|
|
MOZ_ASSERT(js::IsWrapper(wrapper) && WrapperFactory::IsXrayWrapper(wrapper),
|
|
"bad object passed in");
|
|
|
|
JSObject *holder = GetHolder(wrapper);
|
|
MOZ_ASSERT(holder, "uninitialized wrapper being used?");
|
|
return holder;
|
|
}
|
|
|
|
bool
|
|
IsXrayResolving(JSContext *cx, HandleObject wrapper, HandleId id)
|
|
{
|
|
if (!WrapperFactory::IsXrayWrapper(wrapper) ||
|
|
GetXrayType(wrapper) != XrayForWrappedNative)
|
|
{
|
|
return false;
|
|
}
|
|
JSObject *holder =
|
|
XPCWrappedNativeXrayTraits::singleton.ensureHolder(cx, wrapper);
|
|
return XPCWrappedNativeXrayTraits::isResolving(cx, holder, id);
|
|
}
|
|
|
|
bool
|
|
HasNativeProperty(JSContext *cx, HandleObject wrapper, HandleId id, bool *hasProp)
|
|
{
|
|
MOZ_ASSERT(WrapperFactory::IsXrayWrapper(wrapper));
|
|
XrayTraits *traits = GetXrayTraits(wrapper);
|
|
MOZ_ASSERT(traits);
|
|
RootedObject holder(cx, traits->ensureHolder(cx, wrapper));
|
|
NS_ENSURE_TRUE(holder, false);
|
|
*hasProp = false;
|
|
Rooted<JSPropertyDescriptor> desc(cx);
|
|
Wrapper *handler = Wrapper::wrapperHandler(wrapper);
|
|
|
|
// Try resolveOwnProperty.
|
|
Maybe<ResolvingId> resolvingId;
|
|
if (traits == &XPCWrappedNativeXrayTraits::singleton)
|
|
resolvingId.construct(cx, wrapper, id);
|
|
if (!traits->resolveOwnProperty(cx, *handler, wrapper, holder, id, &desc))
|
|
return false;
|
|
if (desc.object()) {
|
|
*hasProp = true;
|
|
return true;
|
|
}
|
|
|
|
// Try the holder.
|
|
bool found = false;
|
|
if (!JS_AlreadyHasOwnPropertyById(cx, holder, id, &found))
|
|
return false;
|
|
if (found) {
|
|
*hasProp = true;
|
|
return true;
|
|
}
|
|
|
|
// Try resolveNativeProperty.
|
|
if (!traits->resolveNativeProperty(cx, wrapper, holder, id, &desc))
|
|
return false;
|
|
*hasProp = !!desc.object();
|
|
return true;
|
|
}
|
|
|
|
} // namespace XrayUtils
|
|
|
|
static bool
|
|
XrayToString(JSContext *cx, unsigned argc, Value *vp)
|
|
{
|
|
CallArgs args = CallArgsFromVp(argc, vp);
|
|
|
|
if (!args.thisv().isObject()) {
|
|
JS_ReportError(cx, "XrayToString called on an incompatible object");
|
|
return false;
|
|
}
|
|
|
|
RootedObject wrapper(cx, &args.thisv().toObject());
|
|
if (!wrapper)
|
|
return false;
|
|
if (IsWrapper(wrapper) &&
|
|
GetProxyHandler(wrapper) == &sandboxCallableProxyHandler) {
|
|
wrapper = xpc::SandboxCallableProxyHandler::wrappedObject(wrapper);
|
|
}
|
|
if (!IsWrapper(wrapper) || !WrapperFactory::IsXrayWrapper(wrapper)) {
|
|
JS_ReportError(cx, "XrayToString called on an incompatible object");
|
|
return false;
|
|
}
|
|
|
|
RootedObject obj(cx, XrayTraits::getTargetObject(wrapper));
|
|
|
|
static const char start[] = "[object XrayWrapper ";
|
|
static const char end[] = "]";
|
|
if (UseDOMXray(obj))
|
|
return NativeToString(cx, wrapper, obj, start, end, args.rval());
|
|
|
|
nsAutoString result;
|
|
result.AppendASCII(start);
|
|
|
|
XPCCallContext ccx(JS_CALLER, cx, obj);
|
|
XPCWrappedNative *wn = XPCWrappedNativeXrayTraits::getWN(wrapper);
|
|
char *wrapperStr = wn->ToString();
|
|
if (!wrapperStr) {
|
|
JS_ReportOutOfMemory(cx);
|
|
return false;
|
|
}
|
|
result.AppendASCII(wrapperStr);
|
|
JS_smprintf_free(wrapperStr);
|
|
|
|
result.AppendASCII(end);
|
|
|
|
JSString *str = JS_NewUCStringCopyN(cx, result.get(), result.Length());
|
|
if (!str)
|
|
return false;
|
|
|
|
args.rval().setString(str);
|
|
return true;
|
|
}
|
|
|
|
#ifdef DEBUG
|
|
|
|
static void
|
|
DEBUG_CheckXBLCallable(JSContext *cx, JSObject *obj)
|
|
{
|
|
// In general, we shouldn't have cross-compartment wrappers here, because
|
|
// we should be running in an XBL scope, and the content prototype should
|
|
// contain wrappers to functions defined in the XBL scope. But if the node
|
|
// has been adopted into another compartment, those prototypes will now point
|
|
// to a different XBL scope (which is ok).
|
|
MOZ_ASSERT_IF(js::IsCrossCompartmentWrapper(obj),
|
|
xpc::IsContentXBLScope(js::GetObjectCompartment(js::UncheckedUnwrap(obj))));
|
|
MOZ_ASSERT(JS_ObjectIsCallable(cx, obj));
|
|
}
|
|
|
|
static void
|
|
DEBUG_CheckXBLLookup(JSContext *cx, JSPropertyDescriptor *desc)
|
|
{
|
|
if (!desc->obj)
|
|
return;
|
|
if (!desc->value.isUndefined()) {
|
|
MOZ_ASSERT(desc->value.isObject());
|
|
DEBUG_CheckXBLCallable(cx, &desc->value.toObject());
|
|
}
|
|
if (desc->getter) {
|
|
MOZ_ASSERT(desc->attrs & JSPROP_GETTER);
|
|
DEBUG_CheckXBLCallable(cx, JS_FUNC_TO_DATA_PTR(JSObject *, desc->getter));
|
|
}
|
|
if (desc->setter) {
|
|
MOZ_ASSERT(desc->attrs & JSPROP_SETTER);
|
|
DEBUG_CheckXBLCallable(cx, JS_FUNC_TO_DATA_PTR(JSObject *, desc->setter));
|
|
}
|
|
}
|
|
#else
|
|
#define DEBUG_CheckXBLLookup(a, b) {}
|
|
#endif
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::isExtensible(JSContext *cx, JS::Handle<JSObject*> wrapper,
|
|
bool *extensible) const
|
|
{
|
|
// Xray wrappers are supposed to provide a clean view of the target
|
|
// reflector, hiding any modifications by script in the target scope. So
|
|
// even if that script freezes the reflector, we don't want to make that
|
|
// visible to the caller. DOM reflectors are always extensible by default,
|
|
// so we can just return true here.
|
|
*extensible = true;
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::preventExtensions(JSContext *cx, HandleObject wrapper) const
|
|
{
|
|
// See above.
|
|
JS_ReportErrorNumber(cx, js_GetErrorMessage, nullptr, JSMSG_CANT_CHANGE_EXTENSIBILITY);
|
|
return false;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::getPropertyDescriptor(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
JS::MutableHandle<JSPropertyDescriptor> desc)
|
|
const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id, BaseProxyHandler::GET | BaseProxyHandler::SET);
|
|
RootedObject holder(cx, Traits::singleton.ensureHolder(cx, wrapper));
|
|
if (Traits::isResolving(cx, holder, id)) {
|
|
desc.object().set(nullptr);
|
|
return true;
|
|
}
|
|
|
|
typename Traits::ResolvingIdImpl resolving(cx, wrapper, id);
|
|
|
|
if (!holder)
|
|
return false;
|
|
|
|
// Ordering is important here.
|
|
//
|
|
// We first need to call resolveOwnProperty, even before checking the holder,
|
|
// because there might be a new dynamic |own| property that appears and
|
|
// shadows a previously-resolved non-own property that we cached on the
|
|
// holder. This can happen with indexed properties on NodeLists, for example,
|
|
// which are |own| value props.
|
|
//
|
|
// resolveOwnProperty may or may not cache what it finds on the holder,
|
|
// depending on how ephemeral it decides the property is. XPCWN |own|
|
|
// properties generally end up on the holder via NewResolve, whereas
|
|
// NodeList |own| properties don't get defined on the holder, since they're
|
|
// supposed to be dynamic. This means that we have to first check the result
|
|
// of resolveOwnProperty, and _then_, if that comes up blank, check the
|
|
// holder for any cached native properties.
|
|
//
|
|
// Finally, we call resolveNativeProperty, which checks non-own properties,
|
|
// and unconditionally caches what it finds on the holder.
|
|
|
|
// Check resolveOwnProperty.
|
|
if (!Traits::singleton.resolveOwnProperty(cx, *this, wrapper, holder, id, desc))
|
|
return false;
|
|
|
|
// Check the holder.
|
|
if (!desc.object() && !JS_GetPropertyDescriptorById(cx, holder, id, desc))
|
|
return false;
|
|
if (desc.object()) {
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
// Nothing in the cache. Call through, and cache the result.
|
|
if (!Traits::singleton.resolveNativeProperty(cx, wrapper, holder, id, desc))
|
|
return false;
|
|
|
|
// We need to handle named access on the Window somewhere other than
|
|
// Traits::resolveOwnProperty, because per spec it happens on the Global
|
|
// Scope Polluter and thus the resulting properties are non-|own|. However,
|
|
// we're set up (above) to cache (on the holder) anything that comes out of
|
|
// resolveNativeProperty, which we don't want for something dynamic like
|
|
// named access. So we just handle it separately here.
|
|
nsGlobalWindow *win = nullptr;
|
|
if (!desc.object() &&
|
|
JSID_IS_STRING(id) &&
|
|
(win = AsWindow(cx, wrapper)))
|
|
{
|
|
// Note - The infallibleInit() depends on the JSID_IS_STRING check above.
|
|
nsDependentJSString name;
|
|
name.infallibleInit(id);
|
|
nsCOMPtr<nsIDOMWindow> childDOMWin = win->GetChildWindow(name);
|
|
if (childDOMWin) {
|
|
nsGlobalWindow *cwin = static_cast<nsGlobalWindow*>(childDOMWin.get());
|
|
JSObject *childObj = cwin->FastGetGlobalJSObject();
|
|
if (MOZ_UNLIKELY(!childObj))
|
|
return xpc::Throw(cx, NS_ERROR_FAILURE);
|
|
FillPropertyDescriptor(desc, wrapper, ObjectValue(*childObj),
|
|
/* readOnly = */ true);
|
|
return JS_WrapPropertyDescriptor(cx, desc);
|
|
}
|
|
}
|
|
|
|
if (!desc.object() &&
|
|
id == nsXPConnect::GetRuntimeInstance()->GetStringID(XPCJSRuntime::IDX_TO_STRING))
|
|
{
|
|
|
|
JSFunction *toString = JS_NewFunction(cx, XrayToString, 0, 0, wrapper, "toString");
|
|
if (!toString)
|
|
return false;
|
|
|
|
desc.object().set(wrapper);
|
|
desc.setAttributes(0);
|
|
desc.setGetter(nullptr);
|
|
desc.setSetter(nullptr);
|
|
desc.value().setObject(*JS_GetFunctionObject(toString));
|
|
}
|
|
|
|
// If we're a special scope for in-content XBL, our script expects to see
|
|
// the bound XBL methods and attributes when accessing content. However,
|
|
// these members are implemented in content via custom-spliced prototypes,
|
|
// and thus aren't visible through Xray wrappers unless we handle them
|
|
// explicitly. So we check if we're running in such a scope, and if so,
|
|
// whether the wrappee is a bound element. If it is, we do a lookup via
|
|
// specialized XBL machinery.
|
|
//
|
|
// While we have to do some sketchy walking through content land, we should
|
|
// be protected by read-only/non-configurable properties, and any functions
|
|
// we end up with should _always_ be living in an XBL scope (usually ours,
|
|
// but could be another if the node has been adopted).
|
|
//
|
|
// Make sure to assert this.
|
|
nsCOMPtr<nsIContent> content;
|
|
if (!desc.object() &&
|
|
EnsureCompartmentPrivate(wrapper)->scope->IsContentXBLScope() &&
|
|
(content = do_QueryInterfaceNative(cx, wrapper)))
|
|
{
|
|
if (!nsContentUtils::LookupBindingMember(cx, content, id, desc))
|
|
return false;
|
|
DEBUG_CheckXBLLookup(cx, desc.address());
|
|
}
|
|
|
|
// If we still have nothing, we're done.
|
|
if (!desc.object())
|
|
return true;
|
|
|
|
if (!JS_DefinePropertyById(cx, holder, id, desc.value(), desc.attributes(),
|
|
desc.getter(), desc.setter()) ||
|
|
!JS_GetPropertyDescriptorById(cx, holder, id, desc))
|
|
{
|
|
return false;
|
|
}
|
|
MOZ_ASSERT(desc.object());
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::getOwnPropertyDescriptor(JSContext *cx, HandleObject wrapper, HandleId id,
|
|
JS::MutableHandle<JSPropertyDescriptor> desc)
|
|
const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id, BaseProxyHandler::GET | BaseProxyHandler::SET);
|
|
RootedObject holder(cx, Traits::singleton.ensureHolder(cx, wrapper));
|
|
if (Traits::isResolving(cx, holder, id)) {
|
|
desc.object().set(nullptr);
|
|
return true;
|
|
}
|
|
|
|
typename Traits::ResolvingIdImpl resolving(cx, wrapper, id);
|
|
|
|
// NB: Nothing we do here acts on the wrapped native itself, so we don't
|
|
// enter our policy.
|
|
|
|
if (!Traits::singleton.resolveOwnProperty(cx, *this, wrapper, holder, id, desc))
|
|
return false;
|
|
if (desc.object())
|
|
desc.object().set(wrapper);
|
|
return true;
|
|
}
|
|
|
|
// Consider what happens when chrome does |xray.expando = xray.wrappedJSObject|.
|
|
//
|
|
// Since the expando comes from the target compartment, wrapping it back into
|
|
// the target compartment to define it on the expando object ends up stripping
|
|
// off the Xray waiver that gives |xray| and |xray.wrappedJSObject| different
|
|
// identities. This is generally the right thing to do when wrapping across
|
|
// compartments, but is incorrect in the special case of the Xray expando
|
|
// object. Manually re-apply Xrays if necessary.
|
|
//
|
|
// NB: In order to satisfy the invariants of WaiveXray, we need to pass
|
|
// in an object sans security wrapper, which means we need to strip off any
|
|
// potential same-compartment security wrapper that may have been applied
|
|
// to the content object. This is ok, because the the expando object is only
|
|
// ever accessed by code across the compartment boundary.
|
|
static bool
|
|
RecreateLostWaivers(JSContext *cx, JSPropertyDescriptor *orig,
|
|
MutableHandle<JSPropertyDescriptor> wrapped)
|
|
{
|
|
// Compute whether the original objects were waived, and implicitly, whether
|
|
// they were objects at all.
|
|
bool valueWasWaived =
|
|
orig->value.isObject() &&
|
|
WrapperFactory::HasWaiveXrayFlag(&orig->value.toObject());
|
|
bool getterWasWaived =
|
|
(orig->attrs & JSPROP_GETTER) &&
|
|
WrapperFactory::HasWaiveXrayFlag(JS_FUNC_TO_DATA_PTR(JSObject*, orig->getter));
|
|
bool setterWasWaived =
|
|
(orig->attrs & JSPROP_SETTER) &&
|
|
WrapperFactory::HasWaiveXrayFlag(JS_FUNC_TO_DATA_PTR(JSObject*, orig->setter));
|
|
|
|
// Recreate waivers. Note that for value, we need an extra UncheckedUnwrap
|
|
// to handle same-compartment security wrappers (see above). This should
|
|
// never happen for getters/setters.
|
|
|
|
RootedObject rewaived(cx);
|
|
if (valueWasWaived && !IsCrossCompartmentWrapper(&wrapped.value().toObject())) {
|
|
rewaived = &wrapped.value().toObject();
|
|
rewaived = WrapperFactory::WaiveXray(cx, UncheckedUnwrap(rewaived));
|
|
NS_ENSURE_TRUE(rewaived, false);
|
|
wrapped.value().set(ObjectValue(*rewaived));
|
|
}
|
|
if (getterWasWaived && !IsCrossCompartmentWrapper(wrapped.getterObject())) {
|
|
MOZ_ASSERT(CheckedUnwrap(wrapped.getterObject()));
|
|
rewaived = WrapperFactory::WaiveXray(cx, wrapped.getterObject());
|
|
NS_ENSURE_TRUE(rewaived, false);
|
|
wrapped.setGetterObject(rewaived);
|
|
}
|
|
if (setterWasWaived && !IsCrossCompartmentWrapper(wrapped.setterObject())) {
|
|
MOZ_ASSERT(CheckedUnwrap(wrapped.setterObject()));
|
|
rewaived = WrapperFactory::WaiveXray(cx, wrapped.setterObject());
|
|
NS_ENSURE_TRUE(rewaived, false);
|
|
wrapped.setSetterObject(rewaived);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::defineProperty(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, MutableHandle<JSPropertyDescriptor> desc)
|
|
const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id, BaseProxyHandler::SET);
|
|
|
|
Rooted<JSPropertyDescriptor> existing_desc(cx);
|
|
if (!JS_GetPropertyDescriptorById(cx, wrapper, id, &existing_desc))
|
|
return false;
|
|
|
|
// Note that the check here is intended to differentiate between own and
|
|
// non-own properties, since the above lookup is not limited to own
|
|
// properties. At present, this may not always do the right thing because
|
|
// we often lie (sloppily) about where we found properties and set
|
|
// desc.object() to |wrapper|. Once we fully fix our Xray prototype semantics,
|
|
// this should work as intended.
|
|
if (existing_desc.object() == wrapper && existing_desc.isPermanent()) {
|
|
// We have a non-configurable property. See if the caller is trying to
|
|
// re-configure it in any way other than making it non-writable.
|
|
if (existing_desc.hasGetterOrSetterObject() || desc.hasGetterOrSetterObject() ||
|
|
existing_desc.isEnumerable() != desc.isEnumerable() ||
|
|
(existing_desc.isReadonly() && !desc.isReadonly()))
|
|
{
|
|
// We should technically report non-configurability in strict mode, but
|
|
// doing that via JSAPI is a lot of trouble.
|
|
return true;
|
|
}
|
|
if (existing_desc.isReadonly()) {
|
|
// Same as the above for non-writability.
|
|
return true;
|
|
}
|
|
}
|
|
|
|
bool defined = false;
|
|
if (!Traits::singleton.defineProperty(cx, wrapper, id, desc, existing_desc, &defined))
|
|
return false;
|
|
if (defined)
|
|
return true;
|
|
|
|
// We're placing an expando. The expando objects live in the target
|
|
// compartment, so we need to enter it.
|
|
RootedObject target(cx, Traits::singleton.getTargetObject(wrapper));
|
|
JSAutoCompartment ac(cx, target);
|
|
|
|
// Grab the relevant expando object.
|
|
RootedObject expandoObject(cx, Traits::singleton.ensureExpandoObject(cx, wrapper,
|
|
target));
|
|
if (!expandoObject)
|
|
return false;
|
|
|
|
// Wrap the property descriptor for the target compartment.
|
|
Rooted<JSPropertyDescriptor> wrappedDesc(cx, desc);
|
|
if (!JS_WrapPropertyDescriptor(cx, &wrappedDesc))
|
|
return false;
|
|
|
|
// Fix up Xray waivers.
|
|
if (!RecreateLostWaivers(cx, desc.address(), &wrappedDesc))
|
|
return false;
|
|
|
|
return JS_DefinePropertyById(cx, expandoObject, id, wrappedDesc.value(),
|
|
wrappedDesc.get().attrs,
|
|
wrappedDesc.getter(), wrappedDesc.setter());
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::getOwnPropertyNames(JSContext *cx, HandleObject wrapper,
|
|
AutoIdVector &props) const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID, BaseProxyHandler::ENUMERATE);
|
|
return enumerate(cx, wrapper, JSITER_OWNONLY | JSITER_HIDDEN, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::delete_(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, bool *bp) const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, id, BaseProxyHandler::SET);
|
|
|
|
// Check the expando object.
|
|
RootedObject target(cx, Traits::getTargetObject(wrapper));
|
|
RootedObject expando(cx, Traits::singleton.getExpandoObject(cx, target, wrapper));
|
|
if (expando) {
|
|
JSAutoCompartment ac(cx, expando);
|
|
return JS_DeletePropertyById2(cx, expando, id, bp);
|
|
}
|
|
|
|
return Traits::singleton.delete_(cx, wrapper, id, bp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::enumerate(JSContext *cx, HandleObject wrapper, unsigned flags,
|
|
AutoIdVector &props) const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID, BaseProxyHandler::ENUMERATE);
|
|
if (!AccessCheck::wrapperSubsumes(wrapper)) {
|
|
JS_ReportError(cx, "Not allowed to enumerate cross origin objects");
|
|
return false;
|
|
}
|
|
|
|
// Enumerate expando properties first. Note that the expando object lives
|
|
// in the target compartment.
|
|
RootedObject target(cx, Traits::singleton.getTargetObject(wrapper));
|
|
RootedObject expando(cx, Traits::singleton.getExpandoObject(cx, target, wrapper));
|
|
if (expando) {
|
|
JSAutoCompartment ac(cx, expando);
|
|
if (!js::GetPropertyNames(cx, expando, flags, &props))
|
|
return false;
|
|
}
|
|
|
|
return Traits::singleton.enumerateNames(cx, wrapper, flags, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::enumerate(JSContext *cx, HandleObject wrapper,
|
|
AutoIdVector &props) const
|
|
{
|
|
return enumerate(cx, wrapper, 0, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::get(JSContext *cx, HandleObject wrapper,
|
|
HandleObject receiver, HandleId id,
|
|
MutableHandleValue vp) const
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
// NB: None of the functions we call are prepared for the receiver not
|
|
// being the wrapper, so ignore the receiver here.
|
|
return js::BaseProxyHandler::get(cx, wrapper, Traits::HasPrototype ? receiver : wrapper, id, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::set(JSContext *cx, HandleObject wrapper,
|
|
HandleObject receiver, HandleId id,
|
|
bool strict, MutableHandleValue vp) const
|
|
{
|
|
// Delegate to Traits.
|
|
// NB: None of the functions we call are prepared for the receiver not
|
|
// being the wrapper, so ignore the receiver here.
|
|
return Traits::set(cx, wrapper, Traits::HasPrototype ? receiver : wrapper, id, strict, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::has(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, bool *bp) const
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::has(cx, wrapper, id, bp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::hasOwn(JSContext *cx, HandleObject wrapper,
|
|
HandleId id, bool *bp) const
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::hasOwn(cx, wrapper, id, bp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::keys(JSContext *cx, HandleObject wrapper,
|
|
AutoIdVector &props) const
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::keys(cx, wrapper, props);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::iterate(JSContext *cx, HandleObject wrapper,
|
|
unsigned flags, MutableHandleValue vp) const
|
|
{
|
|
// Skip our Base if it isn't already ProxyHandler.
|
|
return js::BaseProxyHandler::iterate(cx, wrapper, flags, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::call(JSContext *cx, HandleObject wrapper, const JS::CallArgs &args) const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID, BaseProxyHandler::CALL);
|
|
// Hard cast the singleton since SecurityWrapper doesn't have one.
|
|
return Traits::call(cx, wrapper, args, Base::singleton);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::construct(JSContext *cx, HandleObject wrapper, const JS::CallArgs &args) const
|
|
{
|
|
assertEnteredPolicy(cx, wrapper, JSID_VOID, BaseProxyHandler::CALL);
|
|
// Hard cast the singleton since SecurityWrapper doesn't have one.
|
|
return Traits::construct(cx, wrapper, args, Base::singleton);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::defaultValue(JSContext *cx, HandleObject wrapper,
|
|
JSType hint, MutableHandleValue vp) const
|
|
{
|
|
// Even if this isn't a security wrapper, Xray semantics dictate that we
|
|
// run the DefaultValue algorithm directly on the Xray wrapper.
|
|
//
|
|
// NB: We don't have to worry about things with special [[DefaultValue]]
|
|
// behavior like Date because we'll never have an XrayWrapper to them.
|
|
return js::DefaultValue(cx, wrapper, hint, vp);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::getPrototypeOf(JSContext *cx, JS::HandleObject wrapper,
|
|
JS::MutableHandleObject protop) const
|
|
{
|
|
// We really only want this override for non-SecurityWrapper-inheriting
|
|
// |Base|. But doing that statically with templates requires partial method
|
|
// specializations (and therefore a helper class), which is all more trouble
|
|
// than it's worth. Do a dynamic check.
|
|
if (Base::hasSecurityPolicy())
|
|
return Base::getPrototypeOf(cx, wrapper, protop);
|
|
|
|
RootedObject target(cx, Traits::getTargetObject(wrapper));
|
|
RootedObject expando(cx, Traits::singleton.getExpandoObject(cx, target, wrapper));
|
|
|
|
// We want to keep the Xray's prototype distinct from that of content, but
|
|
// only if there's been a set. If there's not an expando, or the expando
|
|
// slot is |undefined|, hand back the default proto, appropriately wrapped.
|
|
|
|
RootedValue v(cx);
|
|
if (expando) {
|
|
JSAutoCompartment ac(cx, expando);
|
|
v = JS_GetReservedSlot(expando, JSSLOT_EXPANDO_PROTOTYPE);
|
|
}
|
|
if (v.isUndefined())
|
|
return getPrototypeOfHelper(cx, wrapper, target, protop);
|
|
|
|
protop.set(v.toObjectOrNull());
|
|
return JS_WrapObject(cx, protop);
|
|
}
|
|
|
|
template <typename Base, typename Traits>
|
|
bool
|
|
XrayWrapper<Base, Traits>::setPrototypeOf(JSContext *cx, JS::HandleObject wrapper,
|
|
JS::HandleObject proto, bool *bp) const
|
|
{
|
|
// Do this only for non-SecurityWrapper-inheriting |Base|. See the comment
|
|
// in getPrototypeOf().
|
|
if (Base::hasSecurityPolicy())
|
|
return Base::setPrototypeOf(cx, wrapper, proto, bp);
|
|
|
|
RootedObject target(cx, Traits::getTargetObject(wrapper));
|
|
RootedObject expando(cx, Traits::singleton.ensureExpandoObject(cx, wrapper, target));
|
|
|
|
// The expando lives in the target's compartment, so do our installation there.
|
|
JSAutoCompartment ac(cx, target);
|
|
|
|
RootedValue v(cx, ObjectValue(*proto));
|
|
if (!JS_WrapValue(cx, &v))
|
|
return false;
|
|
JS_SetReservedSlot(expando, JSSLOT_EXPANDO_PROTOTYPE, v);
|
|
*bp = true;
|
|
return true;
|
|
}
|
|
|
|
|
|
/*
|
|
* The Permissive / Security variants should be used depending on whether the
|
|
* compartment of the wrapper is guranteed to subsume the compartment of the
|
|
* wrapped object (i.e. - whether it is safe from a security perspective to
|
|
* unwrap the wrapper).
|
|
*/
|
|
|
|
template<>
|
|
const PermissiveXrayXPCWN PermissiveXrayXPCWN::singleton(0);
|
|
template class PermissiveXrayXPCWN;
|
|
|
|
template<>
|
|
const SecurityXrayXPCWN SecurityXrayXPCWN::singleton(0);
|
|
template class SecurityXrayXPCWN;
|
|
|
|
template<>
|
|
const PermissiveXrayDOM PermissiveXrayDOM::singleton(0);
|
|
template class PermissiveXrayDOM;
|
|
|
|
template<>
|
|
const SecurityXrayDOM SecurityXrayDOM::singleton(0);
|
|
template class SecurityXrayDOM;
|
|
|
|
template<>
|
|
const PermissiveXrayJS PermissiveXrayJS::singleton(0);
|
|
template class PermissiveXrayJS;
|
|
|
|
template<>
|
|
const SCSecurityXrayXPCWN SCSecurityXrayXPCWN::singleton(0);
|
|
template class SCSecurityXrayXPCWN;
|
|
|
|
static nsQueryInterface
|
|
do_QueryInterfaceNative(JSContext* cx, HandleObject wrapper)
|
|
{
|
|
nsISupports* nativeSupports;
|
|
if (IsWrapper(wrapper) && WrapperFactory::IsXrayWrapper(wrapper)) {
|
|
RootedObject target(cx, XrayTraits::getTargetObject(wrapper));
|
|
if (GetXrayType(target) == XrayForDOMObject) {
|
|
nativeSupports = UnwrapDOMObjectToISupports(target);
|
|
} else {
|
|
XPCWrappedNative *wn = XPCWrappedNative::Get(target);
|
|
nativeSupports = wn->Native();
|
|
}
|
|
} else {
|
|
nsIXPConnect *xpc = nsXPConnect::XPConnect();
|
|
nativeSupports = xpc->GetNativeOfWrapper(cx, wrapper);
|
|
}
|
|
|
|
return nsQueryInterface(nativeSupports);
|
|
}
|
|
|
|
}
|