KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:30:27 +00:00
Code Issues Projects Releases Wiki Activity
Files
afafcc8fa26dbe39ffa76bdee5807b28bb0efafc
palemoon27/dom/base/PostMessageEvent.cpp
T
roytam1 2ce8c88a9b import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1265072 part 1. Add GetWindowIfCurrent and GetDocumentIfCurrent helpers to DOMEventTargetHelper. r=smaug (238cf93592)
- Bug 1265072 part 2. Get rid of uses of GetDocumentFromScriptContext in XMLHttpRequest code. r=smaug (263f063149)
- Bug 1265072 part 3. Get rid of the use of GetDocumentFromScriptContext in DOMEventTargetHelper. r=smaug (8dd8dca53d)
- Bug 1265072 part 4. Get rid of uses of GetDocumentFromScriptContext in WebSocket code. r=smaug (be9c18769b)
- Bug 1265072 part 5. Get rid of uses of GetDocumentFromScriptContext in EventSource code. r=smaug (5fbcf73629)
- Bug 1265072 part 6. Get rid of nsContentUtils::GetDocumentFromScriptContext. r=smaug (752aa67986)
- Bug 1258576 part.1 nsContentIterator should give up to find next/previous node if it reached the root node unexpectedly r=smaug (7175ce5477)
- Bug 1230660 - Remove verbose warnings emitted from nsContentIterator. r=smaug (ef0b8a3a4c)
- Bug 1260908 - Fix type of kMinTelemetryMessageSize. r=smaug (8817839277)
- Bug 1209461 - Remove compilation warnings in nsFrameMessageManager, r=smaug (da95cf91ab)
- Bug 1251361 - "Assertion failure: cache->PreservingWrapper()" with <marquee>, navigation, adoptNode. r=smaug. (630cff1943)
- Bug 1144204. Stop returning things for non-plug-in MIME types from the navigator.mimeTypes getter. r=smaug (329eac72b1)
- Bug 1150709 - Add mForceContentDispatch to nsInProcessTabChildGlobal (r=smaug) (d7e2887457)
- Bug 233705 - remove mDontWrapAnyQuotes, mWrapToWindow and pref wrap_to_window_width. r=ehsan (c7e98bc307)
- Bug 1105556 - nsPerformance::CheckAllowedOrigin should return early for TYPE_DOCUMENT loads. TYPE_DOCUMENT loads don't go through a TimingAllowedCheck(). r=bz, vgosu (5da5530caf)
- Bug 1241183 - Make nsScriptLoadRequest non-threadsafe now it's no longer used as a context for network loads r=sicking (206d763af8)
- Bug 962251 - Add relatedTarget in FocusEvent, r=smaug (f66018e5a4)
- Bug 1248806 - Splitting out protocol handlers from nsLayoutModule. r=bholley (572243ca92)
- Bug 1256488 - Use Base64 URL-encoding in CryptoBuffer. r=ttaubert (9d28ca5f9c)
- Bug 1243311 - Add structured cloning tests for CryptoKeys r=rbarnes (5cde35d811)
- Bug 842818 - Enable structured cloning for CryptoKeys across threads r=baku,keeler (8863b23dc3)
- Bug 1257325 - Silence VS2015 compiler warnings in CryptoKey.cpp f=gps r=rbarnes (0d93bdc950)
- Bug 1188750 - Add test to ensure NSS is initialized before the WebCrypto API tries to deserialize a key f=keeler r=khuey (8d08363e2c)
- Bug 842818 - Run WebCrypto tests in Workers r=mt,rbarnes (48477dfeb4)
- Bug 1205177 - call fileHandleQueue->Finish if aFinish in FileHandleThreadPool::Enqueue. r=janv (f5d6737f27)
- Bug 1206166 - Move FetchUtil::Consume methods into separate BodyUtil class and update Fetch.cpp and ServiceWorkerEvents.cpp accordingly. r=kitcambridge (967f2f58e1)
- Bug 1250930 - Use SubtleCrypto's global when creating keys for an ImportKeyTask r=bz (6227fb14b3)
- Bug 1250930 - Use correct global when creating a key in GenerateSymmetricKeyTask r=bz (92d7faa773)
- Bug 1240436 - Part1: Convert UTF16 to UTF8 before generating nsStringInputStream. r=khuey (1919accaf8)
- Bug 1240436 - Part2: Lossy convert UTF16 to ASCII before generating nsStringInputStream. r=mayhemer (03aa1b6dbe)
- Bug 1240436 - Part3: Remove NS_NewStringInputStream to prevent misuse. r=froydnj (cff40c1b2e)
- Bug 1263405 - Some headers missing in dom/base, r=smaug (12043c5368)
- Bug 964583 - Revert Web IDL [EnforceRange] (unsigned) long long boundary conditions to match ES6. r=bz (6e235bb6b7)
- Bug 1260838 - Assert that ScriptSource's reference count is zero upon destruction; r=jimb a=kwierso (8455465c92)
- Bug 1257164 - Check for interrupts in a few loops in JSON.stringify to eliminate feedback-less hangs. r=evilpie (dbe1336aa8)
- Bug 837192 followup: In js::FunctionToString, fold variable into its only remaining usage-site (an assertion) to fix opt Werror build failures. rs=Waldo (e6b4f52d6a)
- Bug 1258436 - Remove GC suppression in JSFunction::createScriptForLazilyInterpretedFunction. r=sfink (206023942d)
- Declare and define ExecutableAllocator::reprotectRegion only #ifdef NON_WRITABLE_JIT_CODE, to eliminate MOZ_ASSERT of a constant condition that makes some compilers warn. No bug, r=efaust over IRC (5a4d3ab11b)
- Bug 1254369 - IonMonkey: MIPS: Fix ma_b(Register, Imm32, wasm::JumpTarget) missing. r=arai (2f906fec70)
- Bug 1256502 - Use a uint32_t cast to avoid C4319 on VS2015; r=botond (93ba380002)
- Bug 1236043 - Use TiledRegion for the invalid region of a layer. r=jrmuizel (37b87bc355)
- Bug 1248044 - Add PingPongRegion for faster region operations for 2x memory usage. r=jrmuizel (fbd73fb879)
- Bug 1236043 - Add a TiledRegion class. r=jrmuizel (3056f641a4)
- Bug 1116473 - [3.2] Use RefPtr for AndroidSurfaceTexture references. r=snorp (c6e80d0d84)
- Bug 1116473 - [1.1] Handle AndroidSurfaceTexture mapping in thread-safe class. r=snorp (ee8b1d0736)
- Bug 1116473 - [2.1] Const-correctness fixes. r=snorp (5f5fb8fbc4)
- Bug 1251163 - Clear android surface texture before widget shutdown, r=nical (b71d849297)
- Bug 1245813 - Make TextureHost bullet-proof against changing its compositor. r=dvander (b0ef2492fc)
- Recreate GLTextureSources after changing compositors on Mac. (bug 1247611, r=mattwoodrow) (26bd0e69aa)
- Bug 1258768 - Check compositor backends before casting. r=dvander (98929ca492)
- Bug 1245813 - Fix a trivial inverted null check in TextureHostOGL.cpp. r=me (956cfd2e5c)
- Bug 1245813 - Add a missing parenthesis on NS_SUCCEEDED, on a CLOSED TREE. (8e13cc3e1b)
- Bug 1262601 - Handle video content as opaque in PostProcessLayers() r=mattwoodrow (ba578d7394)
- Bug 1258768 - Remove the remaining unsafe compositor casts. r=dvander (8ec58c0ce8)
- Bug 1229946 - report GL_ARB_texture_rg extension to SkiaGL to avoid using GL_ALPHA render targets. r=jgilbert (cf0f3a9fec)
- Bug 1238541 - Don't die in SharedSurface_EGLImage::ProducerReadReleaseImpl() if there is an existing fence r=jgilbert (c1ea4891f7)
- Bug 1240806 - Remove some dead code in GLContextProviderEGL. r=jgilbert (40484e9039)
- Bug 1258094 - Use SurfaceFormat::B8G8R8A8 as back buffer surface r=jrmuizel (cec7a31ffd)
- Bug 1254897 - Recycle back buffer in BasicCompositor r=jrmuizel (0359698b68)
2024-05-27 16:55:14 +08:00

173 lines
6.4 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "PostMessageEvent.h"
#include "MessageEvent.h"
#include "mozilla/dom/BlobBinding.h"
#include "mozilla/dom/File.h"
#include "mozilla/dom/FileList.h"
#include "mozilla/dom/FileListBinding.h"
#include "mozilla/dom/MessagePort.h"
#include "mozilla/dom/MessagePortBinding.h"
#include "mozilla/dom/PMessagePort.h"
#include "mozilla/dom/StructuredCloneTags.h"
#include "mozilla/dom/UnionConversions.h"
#include "mozilla/EventDispatcher.h"
#include "nsContentUtils.h"
#include "nsGlobalWindow.h"
#include "nsIPresShell.h"
#include "nsIPrincipal.h"
#include "nsIScriptError.h"
#include "nsPresContext.h"
#include "nsQueryObject.h"
namespace mozilla {
namespace dom {
PostMessageEvent::PostMessageEvent(nsGlobalWindow* aSource,
const nsAString& aCallerOrigin,
nsGlobalWindow* aTargetWindow,
nsIPrincipal* aProvidedPrincipal,
nsIDocument* aSourceDocument,
bool aTrustedCaller)
: StructuredCloneHolder(CloningSupported, TransferringSupported,
SameProcessSameThread),
mSource(aSource),
mCallerOrigin(aCallerOrigin),
mTargetWindow(aTargetWindow),
mProvidedPrincipal(aProvidedPrincipal),
mSourceDocument(aSourceDocument),
mTrustedCaller(aTrustedCaller)
{
MOZ_COUNT_CTOR(PostMessageEvent);
}
PostMessageEvent::~PostMessageEvent()
{
MOZ_COUNT_DTOR(PostMessageEvent);
}
NS_IMETHODIMP
PostMessageEvent::Run()
{
MOZ_ASSERT(mTargetWindow->IsOuterWindow(),
"should have been passed an outer window!");
MOZ_ASSERT(!mSource || mSource->IsOuterWindow(),
"should have been passed an outer window!");
AutoJSAPI jsapi;
jsapi.Init();
JSContext* cx = jsapi.cx();
// The document is just used for the principal mismatch error message below.
// Use a stack variable so mSourceDocument is not held onto after this method
// finishes, regardless of the method outcome.
nsCOMPtr<nsIDocument> sourceDocument;
sourceDocument.swap(mSourceDocument);
// If we bailed before this point we're going to leak mMessage, but
// that's probably better than crashing.
RefPtr<nsGlobalWindow> targetWindow;
if (mTargetWindow->IsClosedOrClosing() ||
!(targetWindow = mTargetWindow->GetCurrentInnerWindowInternal()) ||
targetWindow->IsClosedOrClosing())
return NS_OK;
MOZ_ASSERT(targetWindow->IsInnerWindow(),
"we ordered an inner window!");
JSAutoCompartment ac(cx, targetWindow->GetWrapperPreserveColor());
// Ensure that any origin which might have been provided is the origin of this
// window's document. Note that we do this *now* instead of when postMessage
// is called because the target window might have been navigated to a
// different location between then and now. If this check happened when
// postMessage was called, it would be fairly easy for a malicious webpage to
// intercept messages intended for another site by carefully timing navigation
// of the target window so it changed location after postMessage but before
// now.
if (mProvidedPrincipal) {
// Get the target's origin either from its principal or, in the case the
// principal doesn't carry a URI (e.g. the system principal), the target's
// document.
nsIPrincipal* targetPrin = targetWindow->GetPrincipal();
if (NS_WARN_IF(!targetPrin))
return NS_OK;
// Note: This is contrary to the spec with respect to file: URLs, which
// the spec groups into a single origin, but given we intentionally
// don't do that in other places it seems better to hold the line for
// now. Long-term, we want HTML5 to address this so that we can
// be compliant while being safer.
if (!targetPrin->Equals(mProvidedPrincipal)) {
nsAutoString providedOrigin, targetOrigin;
nsresult rv = nsContentUtils::GetUTFOrigin(targetPrin, targetOrigin);
NS_ENSURE_SUCCESS(rv, rv);
rv = nsContentUtils::GetUTFOrigin(mProvidedPrincipal, providedOrigin);
NS_ENSURE_SUCCESS(rv, rv);
const char16_t* params[] = { providedOrigin.get(), targetOrigin.get() };
nsContentUtils::ReportToConsole(nsIScriptError::errorFlag,
NS_LITERAL_CSTRING("DOM Window"), sourceDocument,
nsContentUtils::eDOM_PROPERTIES,
"TargetPrincipalDoesNotMatch",
params, ArrayLength(params));
return NS_OK;
}
}
ErrorResult rv;
JS::Rooted<JS::Value> messageData(cx);
nsCOMPtr<nsPIDOMWindow> window = targetWindow.get();
Read(window, cx, &messageData, rv);
if (NS_WARN_IF(rv.Failed())) {
return rv.StealNSResult();
}
// Create the event
nsCOMPtr<mozilla::dom::EventTarget> eventTarget =
do_QueryInterface(static_cast<nsPIDOMWindow*>(targetWindow.get()));
RefPtr<MessageEvent> event =
new MessageEvent(eventTarget, nullptr, nullptr);
event->InitMessageEvent(NS_LITERAL_STRING("message"), false /*non-bubbling */,
false /*cancelable */, messageData, mCallerOrigin,
EmptyString(), mSource);
nsTArray<RefPtr<MessagePort>> ports = TakeTransferredPorts();
event->SetPorts(new MessagePortList(static_cast<dom::Event*>(event.get()),
ports));
// We can't simply call dispatchEvent on the window because doing so ends
// up flipping the trusted bit on the event, and we don't want that to
// happen because then untrusted content can call postMessage on a chrome
// window if it can get a reference to it.
nsIPresShell *shell = targetWindow->GetExtantDoc()->GetShell();
RefPtr<nsPresContext> presContext;
if (shell)
presContext = shell->GetPresContext();
event->SetTrusted(mTrustedCaller);
WidgetEvent* internalEvent = event->WidgetEventPtr();
nsEventStatus status = nsEventStatus_eIgnore;
EventDispatcher::Dispatch(static_cast<nsPIDOMWindow*>(mTargetWindow),
presContext,
internalEvent,
static_cast<dom::Event*>(event.get()),
&status);
return NS_OK;
}
} // namespace dom
} // namespace mozilla
Reference in New Issue View Git Blame Copy Permalink