KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:30:27 +00:00
Code Issues Projects Releases Wiki Activity
Files
dcbe25ed4501e17de1a31d7400a8411f6c0450a0
palemoon27/dom/base/WindowNamedPropertiesHandler.cpp
T
roytam1 dcbe25ed45 import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1235979 - Remove spammy printf that got left by accident when bug 1226904 landed. r=thinker (fc6fe64f23)
- Bug 1208344 part 1: Make EnsurePhysicalProperty() return the property directly, instead of using in/out-param. r=heycam (9515887dd7)
- Bug 1208344 part 2: Make EnsurePhysicalProperty() (not its callers) check whether property is logical. r=heycam (defa671bab)
- Bug 1208344 part 3: Rename MapSinglePropertyInto() args, to make src-vs-target distinctions clearer. r=heycam (bfd2e2c9bc)
- Bug 1208344 part 4: Make MapSinglePropertyInto() take the source property as an arg (unused for the moment). r=heycam (d1278eb58a)
- Bug 1208344 part 5: Add (preffed-off) support for "-webkit-box-orient" CSS property, as a writing-mode-dependent alias for "flex-direction". r=heycam (d8407990aa)
- Bug 1208344 part 6: Move new CSS_PROPERTY_LOGICAL_CUSTOM flag up with other LOGICAL flags, and adjust bits accordingly. r=heycam (df27d64733)
- Bug 1208344 part 7: Add mochitest to test how "-webkit-box-orient" maps to "flex-direction". r=heycam (c448070877)
- Bug 686225 - Work around buggy AAT fonts for Bengali and Kannada scripts. r=jdaggett (17afddbc6c)
- Bug 739117 - Avoid bidi-wrapping the text to be shaped if Core Text direction override API is available. r=jdaggett (c492390922)
- Bug 1156581 - Add null check to nsSVGEffects::InvalidateRenderingObservers to prevent crashes r=dholbert (4c0460e7ac)
- remove windows accents (8b0ad08f11)
- Bug 1123654 - Replace use of [deprecated] GetStockObject(DEFAULT_GUI_FONT) with newer API; results in use of Tahoma in place of Microsoft Sans Serif in various contexts. r=jmathies (3a81fc1bed)
- put back cleartype for winXP (1c24e5ae09)
- Bug 1240180 - Optimize native theme scaling for the single-monitor case. r=emk (a5846457ab)
- Bug 1242720 - Use (non-dynamic) resolution from GetDeviceCaps when dealing with native-theme code that does not handle dynamic changes to system DPI. r=emk (7c25841f0b)
- More win accent removal (afd6af9fd2)
- some more vista or later stuff (1d99554064)
- missing bits of Bug 1243720 - Send accessibility theme state down to the content process on Windows. r=jimm (8f00b4f3ca)
- Bug 1153460 - Support new Fitzpatrick emoji modifiers and regional symbol indicators in Apple Color Emoji font. r=jdaggett (6faf5f30e6)
- Bug 1230497 - Ignore font fallback in Core Text shaping if it's just for a join-control character. r=jdaggett (b612806a42)
- Bug 1153460 - Followup to fix warnings-as-errors build failure on a CLOSED TREE. r=bustage. (12d492772c)
- bug 1243077 - make it possible to get MaiAtkObject::mAccWrap from an AtkObject* without casting to Accessible* or ProxyAccessible* r=davidb (d8f690b6cd)
- Bug 1238403 - Fix inconsistent indenting in layout/style/. r=xidorn (4f24334234)
- Bug 717722 - Implement WebKitCSSMatrix. r=baku (c10f90ff6e)
- Bug 1241723. Update WebKitCSSMatrix.idl to match latest spec updates. r=baku (5f8c33ff14)
- Bug 1241727 - Inverting non-invertible WebKitCSSMatrix should throw NotSupportedError. r=baku (c7791802b8)
- Bug 1241575 - Use transform property syntax to parse WebKitCSSMatrix transform list. r=heycam (5f886e2bd9)
- bug 1243077 - add AccessibleOrProxy::ChildCount() r=davidb (044537f53c)
- bug 1243077 - add AccessibleOrProxy::Role() r=davidb (3f61d03c8e)
- bug 1243077 - add AccessibleOrProxy::ChildAt() r=davidb (91288f269f)
- bug 1243077 - add AccessibleOrProxy::FirstChild() r=davidb (ea3f984716)
- bug 1243077 - add AccessibleOrProxy::LastChild() r=davidb (2181f1740b)
- Bug 1237720: Put "-webkit-min-device-pixel-ratio"/"-webkit-max-device-pixel-ratio" behind its own disabled pref. r=heycam (9f75535617)
- Bug 1239153: Accept unitless '0' for angle values in CSS -webkit-linear-gradient() expressions. r=heycam (c11657a6c9)
- Bug 1239799 part 1: Make check for -webkit-device-pixel-ratio pref more targeted, so we can support other webkit-prefixed media queries. r=heycam (1e8a40127e)
- Bug 1239799 part 2: Add support for @media(-webkit-transform-3d) media query, for web compatibility. r=heycam (f7ff08423e)
- guard some code for 10.5/10.6 which didn't get run, but coulnd't natively compile (cf68e969fd)
- Bug 1019856 - avoid double-buffering in BasicCompositor when window allows it. r=mattwoodrow (e94cfc3fb4)
2023-08-24 10:00:58 +08:00

293 lines
10 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "WindowNamedPropertiesHandler.h"
#include "mozilla/dom/EventTargetBinding.h"
#include "mozilla/dom/WindowBinding.h"
#include "nsContentUtils.h"
#include "nsDOMClassInfo.h"
#include "nsGlobalWindow.h"
#include "nsHTMLDocument.h"
#include "nsJSUtils.h"
#include "xpcprivate.h"
namespace mozilla {
namespace dom {
static bool
ShouldExposeChildWindow(nsString& aNameBeingResolved, nsIDOMWindow *aChild)
{
nsCOMPtr<nsPIDOMWindow> piWin = do_QueryInterface(aChild);
NS_ENSURE_TRUE(piWin, false);
Element* e = piWin->GetFrameElementInternal();
if (e && e->IsInShadowTree()) {
return false;
}
// If we're same-origin with the child, go ahead and expose it.
nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(aChild);
NS_ENSURE_TRUE(sop, false);
if (nsContentUtils::SubjectPrincipal()->Equals(sop->GetPrincipal())) {
return true;
}
// If we're not same-origin, expose it _only_ if the name of the browsing
// context matches the 'name' attribute of the frame element in the parent.
// The motivations behind this heuristic are worth explaining here.
//
// Historically, all UAs supported global named access to any child browsing
// context (that is to say, window.dolske returns a child frame where either
// the "name" attribute on the frame element was set to "dolske", or where
// the child explicitly set window.name = "dolske").
//
// This is problematic because it allows possibly-malicious and unrelated
// cross-origin subframes to pollute the global namespace of their parent in
// unpredictable ways (see bug 860494). This is also problematic for browser
// engines like Servo that want to run cross-origin script on different
// threads.
//
// The naive solution here would be to filter out any cross-origin subframes
// obtained when doing named lookup in global scope. But that is unlikely to
// be web-compatible, since it will break named access for consumers that do
// <iframe name="dolske" src="http://cross-origin.com/sadtrombone.html"> and
// expect to be able to access the cross-origin subframe via named lookup on
// the global.
//
// The optimal behavior would be to do the following:
// (a) Look for any child browsing context with name="dolske".
// (b) If the result is cross-origin, null it out.
// (c) If we have null, look for a frame element whose 'name' attribute is
// "dolske".
//
// Unfortunately, (c) would require some engineering effort to be performant
// in Gecko, and probably in other UAs as well. So we go with a simpler
// approximation of the above. This approximation will only break sites that
// rely on their cross-origin subframes setting window.name to a known value,
// which is unlikely to be very common. And while it does introduce a
// dependency on cross-origin state when doing global lookups, it doesn't
// allow the child to arbitrarily pollute the parent namespace, and requires
// cross-origin communication only in a limited set of cases that can be
// computed independently by the parent.
return e && e->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name,
aNameBeingResolved, eCaseMatters);
}
bool
WindowNamedPropertiesHandler::getOwnPropDescriptor(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
JS::Handle<jsid> aId,
bool /* unused */,
JS::MutableHandle<JSPropertyDescriptor> aDesc)
const
{
if (!JSID_IS_STRING(aId)) {
// Nothing to do if we're resolving a non-string property.
return true;
}
bool hasOnPrototype;
if (!HasPropertyOnPrototype(aCx, aProxy, aId, &hasOnPrototype)) {
return false;
}
if (hasOnPrototype) {
return true;
}
nsAutoJSString str;
if (!str.init(aCx, JSID_TO_STRING(aId))) {
return false;
}
if (str.IsEmpty()) {
return true;
}
// Grab the DOM window.
JS::Rooted<JSObject*> global(aCx, JS_GetGlobalForObject(aCx, aProxy));
nsGlobalWindow* win = xpc::WindowOrNull(global);
if (win->Length() > 0) {
nsCOMPtr<nsIDOMWindow> childWin = win->GetChildWindow(str);
if (childWin && ShouldExposeChildWindow(str, childWin)) {
// We found a subframe of the right name. Shadowing via |var foo| in
// global scope is still allowed, since |var| only looks up |own|
// properties. But unqualified shadowing will fail, per-spec.
JS::Rooted<JS::Value> v(aCx);
if (!WrapObject(aCx, childWin, &v)) {
return false;
}
FillPropertyDescriptor(aDesc, aProxy, 0, v);
return true;
}
}
// The rest of this function is for HTML documents only.
nsCOMPtr<nsIHTMLDocument> htmlDoc = do_QueryInterface(win->GetExtantDoc());
if (!htmlDoc) {
return true;
}
nsHTMLDocument* document = static_cast<nsHTMLDocument*>(htmlDoc.get());
Element* element = document->GetElementById(str);
if (element) {
JS::Rooted<JS::Value> v(aCx);
if (!WrapObject(aCx, element, &v)) {
return false;
}
FillPropertyDescriptor(aDesc, aProxy, 0, v);
return true;
}
nsWrapperCache* cache;
nsISupports* result = document->ResolveName(str, &cache);
if (!result) {
return true;
}
JS::Rooted<JS::Value> v(aCx);
if (!WrapObject(aCx, result, cache, nullptr, &v)) {
return false;
}
FillPropertyDescriptor(aDesc, aProxy, 0, v);
return true;
}
bool
WindowNamedPropertiesHandler::defineProperty(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
JS::Handle<jsid> aId,
JS::Handle<JSPropertyDescriptor> aDesc,
JS::ObjectOpResult &result) const
{
ErrorResult rv;
rv.ThrowTypeError<MSG_DEFINEPROPERTY_ON_GSP>();
rv.MaybeSetPendingException(aCx);
return false;
}
bool
WindowNamedPropertiesHandler::ownPropNames(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
unsigned flags,
JS::AutoIdVector& aProps) const
{
if (!(flags & JSITER_HIDDEN)) {
// None of our named properties are enumerable.
return true;
}
// Grab the DOM window.
nsGlobalWindow* win = xpc::WindowOrNull(JS_GetGlobalForObject(aCx, aProxy));
nsTArray<nsString> names;
win->GetSupportedNames(names);
// Filter out the ones we wouldn't expose from getOwnPropertyDescriptor.
// We iterate backwards so we can remove things from the list easily.
for (size_t i = names.Length(); i > 0; ) {
--i; // Now we're pointing at the next name we want to look at
nsIDOMWindow* childWin = win->GetChildWindow(names[i]);
if (!childWin || !ShouldExposeChildWindow(names[i], childWin)) {
names.RemoveElementAt(i);
}
}
if (!AppendNamedPropertyIds(aCx, aProxy, names, false, aProps)) {
return false;
}
names.Clear();
nsCOMPtr<nsIHTMLDocument> htmlDoc = do_QueryInterface(win->GetExtantDoc());
if (!htmlDoc) {
return true;
}
nsHTMLDocument* document = static_cast<nsHTMLDocument*>(htmlDoc.get());
document->GetSupportedNames(flags, names);
JS::AutoIdVector docProps(aCx);
if (!AppendNamedPropertyIds(aCx, aProxy, names, false, docProps)) {
return false;
}
return js::AppendUnique(aCx, aProps, docProps);
}
bool
WindowNamedPropertiesHandler::delete_(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
JS::Handle<jsid> aId,
JS::ObjectOpResult &aResult) const
{
return aResult.failCantDeleteWindowNamedProperty();
}
static bool
ResolveWindowNamedProperty(JSContext* aCx, JS::Handle<JSObject*> aWrapper,
JS::Handle<JSObject*> aObj, JS::Handle<jsid> aId,
JS::MutableHandle<JSPropertyDescriptor> aDesc)
{
{
JSAutoCompartment ac(aCx, aObj);
if (!js::GetProxyHandler(aObj)->getOwnPropertyDescriptor(aCx, aObj, aId,
aDesc)) {
return false;
}
}
if (aDesc.object()) {
aDesc.object().set(aWrapper);
return JS_WrapPropertyDescriptor(aCx, aDesc);
}
return true;
}
static bool
EnumerateWindowNamedProperties(JSContext* aCx, JS::Handle<JSObject*> aWrapper,
JS::Handle<JSObject*> aObj,
JS::AutoIdVector& aProps)
{
JSAutoCompartment ac(aCx, aObj);
return js::GetProxyHandler(aObj)->ownPropertyKeys(aCx, aObj, aProps);
}
const NativePropertyHooks sWindowNamedPropertiesNativePropertyHooks[] = { {
ResolveWindowNamedProperty,
EnumerateWindowNamedProperties,
{ nullptr, nullptr },
prototypes::id::_ID_Count,
constructors::id::_ID_Count,
nullptr
} };
static const DOMIfaceAndProtoJSClass WindowNamedPropertiesClass = {
PROXY_CLASS_DEF("WindowProperties",
JSCLASS_IS_DOMIFACEANDPROTOJSCLASS),
eNamedPropertiesObject,
sWindowNamedPropertiesNativePropertyHooks,
"[object WindowProperties]",
prototypes::id::_ID_Count,
0,
EventTargetBinding::GetProtoObject
};
// static
JSObject*
WindowNamedPropertiesHandler::Create(JSContext* aCx,
JS::Handle<JSObject*> aProto)
{
// Note: since the scope polluter proxy lives on the window's prototype
// chain, it needs a singleton type to avoid polluting type information
// for properties on the window.
JS::Rooted<JSObject*> gsp(aCx);
js::ProxyOptions options;
options.setSingleton(true);
options.setClass(&WindowNamedPropertiesClass.mBase);
return js::NewProxyObject(aCx, WindowNamedPropertiesHandler::getInstance(),
JS::NullHandleValue, aProto,
options);
}
} // namespace dom
} // namespace mozilla
Reference in New Issue View Git Blame Copy Permalink