mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:30:27 +00:00
roytam1
c39d750e67
- Bug 1198230 - Respect FetchEvent.preventDefault(). r=jdm (acc8e103cf)
- Bug 1183813 - PushEvent.data should be same instance every time. r=smaug (4e74889cb6)
- Bug 1190478 - Hide PushEvent.data until we ship message encryption. r=mt,jst (16c158d76e)
- Bug 1144660 - Make KeepAliveHandler threadsafe refcounted. r=ehsan (77dde56da9)
- Bug 1191647 - Listen to clear-origin-data in ServiceWorkerManager.cpp. r=bkelly (eda9f683db)
- Bug 1189675 - Make all ServiceWorker events non cancelable. r=catalinb (10c9b30da1)
- Bug 1181056 - waitUntil() should throw if called when event is not dispatching. r=smaug (b0355e7571)
- Bug 1189644 - Update waitUntil() and activation to spec. r=catalinb (feef7f7963)
- Bug 1189668 - Expose GetUnfilteredUrl on InternalResponse. r=ehsan (ece8356282)
- Bug 942515 - Show Untrusted Connection Error for SHA-1-based SSL certificates with notBefore >= 2016-01-01 r=keeler (4ad8c1c58e)
- code style (279edb609a)
- style (3b6873d924)
- Bug 1203790 - Trigger a pre barrier when shrinking the initialized length of unboxed arrays, r=jandem. (d5bb7a710b)
- Bug 1205870 - Make sure all possible unboxed array inline capacities are accounted for, r=jandem. (694b1cbf8d)
- Bug 1193459 review follow-up: Copy the comment from TraceKind.h. DONTBUILD CLOSED TREE (d8b7d2a8c4)
- missing extern qualifier and some style (fd9f8899df)
- Bug 1200444 - Make JS::dbg::{IsDebugger,GetDebuggeeGlobals} handle CCWs; r=sfink (0e486daa82)
- Bug 1204790 - Prefer deleted function with public access specifiers instead of private in UniquePtr. r=nfroyd (d6796b1f4d)
- clean old comment (22b342cbe7)
- Bug 1165466 - Fix up docshell and loadcontext inheriting code in nsIScriptSecurityManager. r=bholley (478eb72ff4)
- Bug 1189235 - Use originAttribute for ServiceWorkerRegistrar. r=baku (b0c3f5e0a8)
- Bug 1203916 - Get rid of NS_DOMReadStructuredClone and NS_DOMWriteStructuredClone, r=smaug (0f56e93bbc)
- Bug 1163254 - Add signedPkg to OriginAttributes. r=bholley (c661f106e7)
- Bug 1168226 - ServiceWorkerRegistrar only use the scope when registering a service worker. r=baku (ddc3e393ac)
- Bug 1183894 - Remove warning if MessagePort::CloseInternal is called before start. r=khuey (3553d2091f)
- Bug 1204775 - SharedWorker.port should be a 'real' MessagePort, r=khuey (3ff36c45f5)
- Bug 1188776 - Remove appId/isInBrowserElement from BroadcastChannel. r=bholley (ee1f91cf09)
- Bug 1199265 - Correct actor for Blob in StructuredCloneHelper, r=khuey (c05b33d6d2)
- Bug 1196371 - Add a runtime assertion against illegal string characters in OriginAttributes suffix creation. r=janv,r=mystor (5ee44eec67)
- namespace style (d3c3738b42)
- Bug 871846 - Database changes for locale aware indexes. r=janv (185ecd2bcc)
- Bug 871846 - ICU usage and infrastructure bits. r=janv (5eabbaac22)
- remove strange hack (1169852a68)
- Bug 871846 - Handle locale aware indexes. r=janv (36f37c5e6f)
- Bug 871846 - Implement IDBLocaleAwareKeyRange. r=janv r=sicking (270ed240cc)
- Bug 871846 - Tests for locale aware indexes. r=janv (4eb2a168c8)
- Bug 1180978: Don't proceed with opening an invalidated database. r=janv,baku (54836535c6)
- Bug 1192023 - Use enum class instead of State_ prefix. r=khuey (8df8ed6b1a)
- Bug 871846 - API changes for locale aware indexes. r=janv r=sicking (75ce5c7bb6)
146 lines
5.3 KiB
C++
146 lines
5.3 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "PostMessageEvent.h"
|
|
|
|
#include "MessageEvent.h"
|
|
#include "mozilla/dom/BlobBinding.h"
|
|
#include "mozilla/dom/FileList.h"
|
|
#include "mozilla/dom/FileListBinding.h"
|
|
#include "mozilla/dom/MessagePort.h"
|
|
#include "mozilla/dom/MessagePortBinding.h"
|
|
#include "mozilla/dom/PMessagePort.h"
|
|
#include "mozilla/dom/StructuredCloneTags.h"
|
|
#include "mozilla/EventDispatcher.h"
|
|
#include "nsGlobalWindow.h"
|
|
#include "nsIPresShell.h"
|
|
#include "nsIPrincipal.h"
|
|
#include "nsPresContext.h"
|
|
|
|
namespace mozilla {
|
|
namespace dom {
|
|
|
|
PostMessageEvent::PostMessageEvent(nsGlobalWindow* aSource,
|
|
const nsAString& aCallerOrigin,
|
|
nsGlobalWindow* aTargetWindow,
|
|
nsIPrincipal* aProvidedPrincipal,
|
|
bool aTrustedCaller)
|
|
: StructuredCloneHelper(CloningSupported, TransferringSupported,
|
|
SameProcessSameThread),
|
|
mSource(aSource),
|
|
mCallerOrigin(aCallerOrigin),
|
|
mTargetWindow(aTargetWindow),
|
|
mProvidedPrincipal(aProvidedPrincipal),
|
|
mTrustedCaller(aTrustedCaller)
|
|
{
|
|
MOZ_COUNT_CTOR(PostMessageEvent);
|
|
}
|
|
|
|
PostMessageEvent::~PostMessageEvent()
|
|
{
|
|
MOZ_COUNT_DTOR(PostMessageEvent);
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
PostMessageEvent::Run()
|
|
{
|
|
MOZ_ASSERT(mTargetWindow->IsOuterWindow(),
|
|
"should have been passed an outer window!");
|
|
MOZ_ASSERT(!mSource || mSource->IsOuterWindow(),
|
|
"should have been passed an outer window!");
|
|
|
|
AutoJSAPI jsapi;
|
|
jsapi.Init();
|
|
JSContext* cx = jsapi.cx();
|
|
|
|
// If we bailed before this point we're going to leak mMessage, but
|
|
// that's probably better than crashing.
|
|
|
|
nsRefPtr<nsGlobalWindow> targetWindow;
|
|
if (mTargetWindow->IsClosedOrClosing() ||
|
|
!(targetWindow = mTargetWindow->GetCurrentInnerWindowInternal()) ||
|
|
targetWindow->IsClosedOrClosing())
|
|
return NS_OK;
|
|
|
|
MOZ_ASSERT(targetWindow->IsInnerWindow(),
|
|
"we ordered an inner window!");
|
|
JSAutoCompartment ac(cx, targetWindow->GetWrapperPreserveColor());
|
|
|
|
// Ensure that any origin which might have been provided is the origin of this
|
|
// window's document. Note that we do this *now* instead of when postMessage
|
|
// is called because the target window might have been navigated to a
|
|
// different location between then and now. If this check happened when
|
|
// postMessage was called, it would be fairly easy for a malicious webpage to
|
|
// intercept messages intended for another site by carefully timing navigation
|
|
// of the target window so it changed location after postMessage but before
|
|
// now.
|
|
if (mProvidedPrincipal) {
|
|
// Get the target's origin either from its principal or, in the case the
|
|
// principal doesn't carry a URI (e.g. the system principal), the target's
|
|
// document.
|
|
nsIPrincipal* targetPrin = targetWindow->GetPrincipal();
|
|
if (NS_WARN_IF(!targetPrin))
|
|
return NS_OK;
|
|
|
|
// Note: This is contrary to the spec with respect to file: URLs, which
|
|
// the spec groups into a single origin, but given we intentionally
|
|
// don't do that in other places it seems better to hold the line for
|
|
// now. Long-term, we want HTML5 to address this so that we can
|
|
// be compliant while being safer.
|
|
if (!targetPrin->Equals(mProvidedPrincipal)) {
|
|
return NS_OK;
|
|
}
|
|
}
|
|
|
|
ErrorResult rv;
|
|
JS::Rooted<JS::Value> messageData(cx);
|
|
nsCOMPtr<nsPIDOMWindow> window = targetWindow.get();
|
|
|
|
Read(window, cx, &messageData, rv);
|
|
if (NS_WARN_IF(rv.Failed())) {
|
|
return rv.StealNSResult();
|
|
}
|
|
|
|
// Create the event
|
|
nsCOMPtr<mozilla::dom::EventTarget> eventTarget =
|
|
do_QueryInterface(static_cast<nsPIDOMWindow*>(targetWindow.get()));
|
|
nsRefPtr<MessageEvent> event =
|
|
new MessageEvent(eventTarget, nullptr, nullptr);
|
|
|
|
event->InitMessageEvent(NS_LITERAL_STRING("message"), false /*non-bubbling */,
|
|
false /*cancelable */, messageData, mCallerOrigin,
|
|
EmptyString(), mSource);
|
|
|
|
nsTArray<nsRefPtr<MessagePort>> ports = TakeTransferredPorts();
|
|
|
|
event->SetPorts(new MessagePortList(static_cast<dom::Event*>(event.get()),
|
|
ports));
|
|
|
|
// We can't simply call dispatchEvent on the window because doing so ends
|
|
// up flipping the trusted bit on the event, and we don't want that to
|
|
// happen because then untrusted content can call postMessage on a chrome
|
|
// window if it can get a reference to it.
|
|
|
|
nsIPresShell *shell = targetWindow->GetExtantDoc()->GetShell();
|
|
nsRefPtr<nsPresContext> presContext;
|
|
if (shell)
|
|
presContext = shell->GetPresContext();
|
|
|
|
event->SetTrusted(mTrustedCaller);
|
|
WidgetEvent* internalEvent = event->GetInternalNSEvent();
|
|
|
|
nsEventStatus status = nsEventStatus_eIgnore;
|
|
EventDispatcher::Dispatch(static_cast<nsPIDOMWindow*>(mTargetWindow),
|
|
presContext,
|
|
internalEvent,
|
|
static_cast<dom::Event*>(event.get()),
|
|
&status);
|
|
return NS_OK;
|
|
}
|
|
|
|
} // namespace dom
|
|
} // namespace mozilla
|