roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:18:48 +00:00
Code Issues Projects Releases Wiki Activity
Files
2ce8c88a9be2093654b0103c7e20d43aaae346c0
palemoon27/dom/base/WindowNamedPropertiesHandler.cpp
T
roytam1 532c50e266 import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 911216 - Part 5: Add --enable-sm-promise configure flag. r=chmanchester (5f7b08bbc2)
- Bug 911216 - Part 6: Shim new promise-related Debugger.Object accessors using PromiseDebugging. r=shu (cc71e67632)
- Bug 1219757 - Part 0: Remove RegExp.multiline warning. r=till (900d106c4c)
- Bug 1219757 - Part 1: Remove RegExp.multiline accessor. r=till (290aa1388e)
- Bug 1219757 - Part 2: Remove RegExpStaticsUse parameter from RegExpInitialize. r=till (c81bb1ec3d)
- Bug 1219757 - Part 3: Rename Self-hosting regexp_construct_no_statics to regexp_construct. r=till (52b47bfebb)
- Bug 1219757 - Part 4: Remove RegExpStatics* parameter from RegExpObject::create. r=till (a2e7692fac)
- Bug 1219757 - Part 5: Remove RegExpObject::createNoStatics. r=till (a4e36a6165)
- Bug 1219757 - Part 6: Remove multiline parameter from RegExpStatics::reset. r=till (bfea07f1d8)
- Bug 1219757 - Part 7: Remove RegExpStatics::multiline and RegExpStatics::setMultiline. r=till (ca2dd7dd7b)
- Bug 1238917 - initialize lazySticky in clear function. r=jorendorff@mozilla.com (2b150516b3)
- Bug 1219757 - Part 8: Remove RegExpStatics::getFlags and RegExpStatics::flags. r=till (a911e4812c)
- Bug 1219757 - Part 9: Remove OBJECT_FLAG_REGEXP_FLAGS_SET flag. r=till (fa4d38b298)
- Bug 1219757 - Part 10: Remove HandleObject parameter from JS_NewRegExpObject and JS_NewUCRegExpObject. r=till (2c42fd46c5)
- Bug 1219757 - Part 11: Remove multiline parameter from JS_SetRegExpInput. r=till (ca479e0504)
- Bug 1219757 - Part 12: Remove JS_NewRegExpObjectNoStatics and JS_NewUCRegExpObjectNoStatics. r=till (26a54d51d7)
- Bug 1258314 - Use TraceNullableEdge where appropriate throughout the engine r=terrence (0f067bddc2)
- Bug 1258314 - Add internal TraceNullableEdge API r=terrence (e9c99665d6)
- Bug 887016 - Part 1: Add native RegExpCreate. r=h4writer (1f8fb65d76)
- Bug 887016 - Part 2: Add self-hosting RegExpCreate intrinsic. r=till (48c3be62a8)
- Bug 887016 - Part 3: Add LookupOwnPropertyPure. r=jandem (9df42dd053)
- Bug 1165053 - Part 0.1: Add PossiblyWrappedArrayBufferByteLength self-hosting intrinsic. r=jwalden (30ec6edd26)
- Bug 1165053 - Part 0.2: Inline PossiblyWrappedArrayBufferByteLength self-hosting intrinsic. r=jwalden (8f0ffc5e1e)
- Bug 1165053 - Part 0.3: Inline ArrayBufferByteLength self-hosting intrinsic. r=jwalden (102e34e89f)
- Bug 1165053 - Part 1: Handle when ArrayBuffer species constructor returns wrapped ArrayBuffer. r=jwalden (faddbcada5)
- Bug 1259194 (part 1) - Add 's' prefixes to some statics generated for dom bindings. r=bz. (3384ee607d)
- Bug 1259194 (part 2) - Remove XPCWrappedNativeJSClass. r=mrbkap. (18526e3a5f)
- Bug 1259194 (part 3) - Remove PopulateJSClass(). r=mrbkap. (b805d201b3)
- Bug 1253246 - Handle DebugScopeProxies around unqualified varobjs in setname. (r=jorendorff) (4db4821257)
- Bug 1258924 - Reorder DOMIfaceAndProtoJSClass fields to reduce padding. r=bz. (d96c8c00a8)
- Bug 1259194 (part 4) - Separate js::ObjectOps from js::Class. r=efaust,mrbkap,bz. (e16737ecbb)
- Bug 1260984 (part 1) - Remove ClonedBlockObject::objectOps_. r=jorendorff. (b3c85b351e)
- Bug 1260984 (part 2) - Reduce ObjectOps exposure. r=jorendorff. (799a8b6b89)
- Bug 911216 - Part 7: Implement ES6 Promises in the JavaScript engine.  r=efaust (0e0dbcbd90)
- Bug 911216 - Part 8: Properly wrap and unwrap |then| callbacks for xrayed Promises. r=efaust,f=bz (101852ef55)
- Bug 911216 - Part 9: Properly handle rejecting wrapped promises in the face of xray wrappers. r=efaust,f=bxuz (bf87dbc46a)
- Bug 911216 - Part 10: Support debugger hooks for creation and settling of promises. r=shu (2f3155cd6c)
- Bug 911216 - Part 11: Implement all Promise inspection functionality as Debugger getters. r=shu,fitzgen (a3d856acfb)
- Bug 1260984 (part 3) - Separate js::ClassSpec from js::Class. r=jorendorff. (8ee3ecb6c9)
- Bug 1165053 - Part 2: Implement %TypedArray%[@@species] getter and ArrayBuffer[@@species] getter. r=evilpie (4b0b963aa2)
- Bug 1165053 - Part 3: Add SpeciesConstructor tests for TypedArray.prototype.{filter,map,slice,subarray}. r=evilpie (bad7fdc11b)
- Bug 1165053 - Part 4: Add SpeciesConstructor tests for ArrayBuffer.prototype.slice. r=lth (b5994f1995)
- Bug 1165053 - Part 5: Add native SpeciesConstructor wrapper. r=lth (ad0540cad8)
- Bug 1165053 - Part 6: Refactor TypedArrayObjectTemplate::fromArray. r=lth (a9a9816dd1)
- Bug 1165053 - Part 7: Call SpeciesConstructor in TypedArray ctors. r=lth (53496be131)
- Bug 1165053 - Part 8: Add GetGetterPure. r=lth (203b7da55c)
- Bug 887016 - Part 4: Add GetOwnNativeGetterPure. r=jandem (8bdc284a0a)
- Bug 887016 - Part 5: Add HasOwnDataPropertyPure. r=jandem (bbc83a59f0)
- Bug 1233642 - Part 1: Add IsArray intrinsic. r=efaust (e0a0badcc5)
- Bug 1233642 - Part 2: Self-host Array.prototype.concat. r=efaust,bholley (c4a6d51cbe)
- Bug 1165052 - Part 1: Implement Array[@@species] getter. r=efaust,bholley (6b08a1a534)
- Bug 1165053 - Part 9: Add IsArrayBufferSpecies and avoid calling SpeciesConstructor on normal case. r=lth (027f18a066)
- Bug 1165052 - Part 2: Add IsArraySpecies. r=efaust (2dc1eaee19)
- Bug 1165052 - Part 3: Add IsWrappedArrayConstructor intrinsic. r=efaust (dbf091125a)
- Bug 1165052 - Part 4: Inline IsConstructor intrinsic. r=jandem (2afc1b8696)
- Bug 1165052 - Part 5: Inline IsWrappedArrayConstructor intrinsic. r=jandem (fde5fc9539)
- Bug 1165052 - Part 6: Implement self-hosted ArraySpeciesCreate. r=efaust (4aca60d0f7)
- Bug 1165052 - Part 0: Add throwOutOfMemory testing function and use it instead of Array.prototype.splice in test_oom_reporting.html. r=efaust (1d26a615f1)
- Bug 1177488 - use |const char*| for representing async call reasons; r=bz,fitzgen (01faeb7f56)
- Bug 1257077 - Implement js::Fixed{Invoke,Construct}Args for args of statically-known count, avoiding js::{Invoke,Construct}Args's fallibility. Also implement js::Any{Invoke,Construct}Args as base classes for args, whether or not their count is statically known. r=efaust (0683ce95f5)
- Bug 1256298 - Make DoCallFallback consume a bit less stack space. r=Waldo (26086d80e7)
- Bug 1239269 - as lastIndex cannot be negative change it's storage class from int32_t to uint32_t, r=Waldo (31024ee4eb)
- Bug 1258711 - Skip the pixel cap when drawing scrollbar tracks or thumbs, since they don't use intermediate surfaces internally to CoreUI, and shouldn't blow up. r=mstange (af468008a0)
- Bug 1259224 - Silence some warnings in the mac widget code. r=mstange (8cfba3caae)
- Bug 1255214 - Only repaint GTK scrollbar button if its enablement actually changed. r=mstange (e161cc2a26)

js/src/shell/js.cpp has only prototype changes, as Bug 911216 - Part 7 js.cpp changes cause C2248 error:
 1:27.82 obj-i686-pc-mingw32\dist\include\js/GCVector.h(127) : error C2248: 'mozilla::Vector<T,0,AllocPolicy>::operator =' : cannot access private member declared in class 'mozilla::Vector<T,0,AllocPolicy>'
 1:27.83         with
 1:27.83         [
 1:27.83             T=JSObject *
 1:27.83 ,            AllocPolicy=js::SystemAllocPolicy
 1:27.83         ]
 1:27.83         obj-i686-pc-mingw32\dist\include\mozilla/Vector.h(710) : see declaration of 'mozilla::Vector<T,0,AllocPolicy>::operator ='
 1:27.83         with
 1:27.83         [
 1:27.83             T=JSObject *
 1:27.83 ,            AllocPolicy=js::SystemAllocPolicy
 1:27.83         ]
 1:27.83         This diagnostic occurred in the compiler generated function 'js::GCVector<JSObject *,0,js::SystemAllocPolicy> &js::GCVector<JSObject *,0,js::SystemAllocPolicy>::operator =(const js::GCVector<JSObject *,0,js::SystemAllocPolicy> &)'
2024-04-04 12:11:19 +08:00

308 lines
11 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "WindowNamedPropertiesHandler.h"
#include "mozilla/dom/EventTargetBinding.h"
#include "mozilla/dom/WindowBinding.h"
#include "nsContentUtils.h"
#include "nsDOMClassInfo.h"
#include "nsDOMWindowList.h"
#include "nsGlobalWindow.h"
#include "nsHTMLDocument.h"
#include "nsJSUtils.h"
#include "xpcprivate.h"
namespace mozilla {
namespace dom {
static bool
ShouldExposeChildWindow(nsString& aNameBeingResolved, nsIDOMWindow *aChild)
{
nsCOMPtr<nsPIDOMWindow> piWin = do_QueryInterface(aChild);
NS_ENSURE_TRUE(piWin, false);
Element* e = piWin->GetFrameElementInternal();
if (e && e->IsInShadowTree()) {
return false;
}
// If we're same-origin with the child, go ahead and expose it.
nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(aChild);
NS_ENSURE_TRUE(sop, false);
if (nsContentUtils::SubjectPrincipal()->Equals(sop->GetPrincipal())) {
return true;
}
// If we're not same-origin, expose it _only_ if the name of the browsing
// context matches the 'name' attribute of the frame element in the parent.
// The motivations behind this heuristic are worth explaining here.
//
// Historically, all UAs supported global named access to any child browsing
// context (that is to say, window.dolske returns a child frame where either
// the "name" attribute on the frame element was set to "dolske", or where
// the child explicitly set window.name = "dolske").
//
// This is problematic because it allows possibly-malicious and unrelated
// cross-origin subframes to pollute the global namespace of their parent in
// unpredictable ways (see bug 860494). This is also problematic for browser
// engines like Servo that want to run cross-origin script on different
// threads.
//
// The naive solution here would be to filter out any cross-origin subframes
// obtained when doing named lookup in global scope. But that is unlikely to
// be web-compatible, since it will break named access for consumers that do
// <iframe name="dolske" src="http://cross-origin.com/sadtrombone.html"> and
// expect to be able to access the cross-origin subframe via named lookup on
// the global.
//
// The optimal behavior would be to do the following:
// (a) Look for any child browsing context with name="dolske".
// (b) If the result is cross-origin, null it out.
// (c) If we have null, look for a frame element whose 'name' attribute is
// "dolske".
//
// Unfortunately, (c) would require some engineering effort to be performant
// in Gecko, and probably in other UAs as well. So we go with a simpler
// approximation of the above. This approximation will only break sites that
// rely on their cross-origin subframes setting window.name to a known value,
// which is unlikely to be very common. And while it does introduce a
// dependency on cross-origin state when doing global lookups, it doesn't
// allow the child to arbitrarily pollute the parent namespace, and requires
// cross-origin communication only in a limited set of cases that can be
// computed independently by the parent.
return e && e->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name,
aNameBeingResolved, eCaseMatters);
}
bool
WindowNamedPropertiesHandler::getOwnPropDescriptor(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
JS::Handle<jsid> aId,
bool /* unused */,
JS::MutableHandle<JS::PropertyDescriptor> aDesc)
const
{
if (!JSID_IS_STRING(aId)) {
// Nothing to do if we're resolving a non-string property.
return true;
}
bool hasOnPrototype;
if (!HasPropertyOnPrototype(aCx, aProxy, aId, &hasOnPrototype)) {
return false;
}
if (hasOnPrototype) {
return true;
}
nsAutoJSString str;
if (!str.init(aCx, JSID_TO_STRING(aId))) {
return false;
}
if (str.IsEmpty()) {
return true;
}
// Grab the DOM window.
JS::Rooted<JSObject*> global(aCx, JS_GetGlobalForObject(aCx, aProxy));
nsGlobalWindow* win = xpc::WindowOrNull(global);
if (win->Length() > 0) {
nsCOMPtr<nsIDOMWindow> childWin = win->GetChildWindow(str);
if (childWin && ShouldExposeChildWindow(str, childWin)) {
// We found a subframe of the right name. Shadowing via |var foo| in
// global scope is still allowed, since |var| only looks up |own|
// properties. But unqualified shadowing will fail, per-spec.
JS::Rooted<JS::Value> v(aCx);
if (!WrapObject(aCx, childWin, &v)) {
return false;
}
FillPropertyDescriptor(aDesc, aProxy, 0, v);
return true;
}
}
// The rest of this function is for HTML documents only.
nsCOMPtr<nsIHTMLDocument> htmlDoc = do_QueryInterface(win->GetExtantDoc());
if (!htmlDoc) {
return true;
}
nsHTMLDocument* document = static_cast<nsHTMLDocument*>(htmlDoc.get());
Element* element = document->GetElementById(str);
if (element) {
JS::Rooted<JS::Value> v(aCx);
if (!WrapObject(aCx, element, &v)) {
return false;
}
FillPropertyDescriptor(aDesc, aProxy, 0, v);
return true;
}
nsWrapperCache* cache;
nsISupports* result = document->ResolveName(str, &cache);
if (!result) {
return true;
}
JS::Rooted<JS::Value> v(aCx);
if (!WrapObject(aCx, result, cache, nullptr, &v)) {
return false;
}
FillPropertyDescriptor(aDesc, aProxy, 0, v);
return true;
}
bool
WindowNamedPropertiesHandler::defineProperty(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
JS::Handle<jsid> aId,
JS::Handle<JS::PropertyDescriptor> aDesc,
JS::ObjectOpResult &result) const
{
ErrorResult rv;
rv.ThrowTypeError<MSG_DEFINEPROPERTY_ON_GSP>();
rv.MaybeSetPendingException(aCx);
return false;
}
bool
WindowNamedPropertiesHandler::ownPropNames(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
unsigned flags,
JS::AutoIdVector& aProps) const
{
if (!(flags & JSITER_HIDDEN)) {
// None of our named properties are enumerable.
return true;
}
// Grab the DOM window.
nsGlobalWindow* win = xpc::WindowOrNull(JS_GetGlobalForObject(aCx, aProxy));
nsTArray<nsString> names;
// The names live on the outer window, which might be null
nsGlobalWindow* outer = win->GetOuterWindowInternal();
if (outer) {
nsDOMWindowList* childWindows = outer->GetWindowList();
uint32_t length = childWindows->GetLength();
for (uint32_t i = 0; i < length; ++i) {
nsCOMPtr<nsIDocShellTreeItem> item =
childWindows->GetDocShellTreeItemAt(i);
// This is a bit silly, since we could presumably just do
// item->GetWindow(). But it's not obvious whether this does the same
// thing as GetChildWindow() with the item's name (due to the complexity
// of FindChildWithName). Since GetChildWindow is what we use in
// getOwnPropDescriptor, let's try to be consistent.
nsString name;
item->GetName(name);
if (!names.Contains(name)) {
// Make sure we really would expose it from getOwnPropDescriptor.
nsCOMPtr<nsPIDOMWindow> childWin = win->GetChildWindow(name);
if (childWin && ShouldExposeChildWindow(name, childWin)) {
names.AppendElement(name);
}
}
}
}
if (!AppendNamedPropertyIds(aCx, aProxy, names, false, aProps)) {
return false;
}
names.Clear();
nsCOMPtr<nsIHTMLDocument> htmlDoc = do_QueryInterface(win->GetExtantDoc());
if (!htmlDoc) {
return true;
}
nsHTMLDocument* document = static_cast<nsHTMLDocument*>(htmlDoc.get());
document->GetSupportedNames(flags, names);
JS::AutoIdVector docProps(aCx);
if (!AppendNamedPropertyIds(aCx, aProxy, names, false, docProps)) {
return false;
}
return js::AppendUnique(aCx, aProps, docProps);
}
bool
WindowNamedPropertiesHandler::delete_(JSContext* aCx,
JS::Handle<JSObject*> aProxy,
JS::Handle<jsid> aId,
JS::ObjectOpResult &aResult) const
{
return aResult.failCantDeleteWindowNamedProperty();
}
static bool
ResolveWindowNamedProperty(JSContext* aCx, JS::Handle<JSObject*> aWrapper,
JS::Handle<JSObject*> aObj, JS::Handle<jsid> aId,
JS::MutableHandle<JS::PropertyDescriptor> aDesc)
{
{
JSAutoCompartment ac(aCx, aObj);
if (!js::GetProxyHandler(aObj)->getOwnPropertyDescriptor(aCx, aObj, aId,
aDesc)) {
return false;
}
}
if (aDesc.object()) {
aDesc.object().set(aWrapper);
return JS_WrapPropertyDescriptor(aCx, aDesc);
}
return true;
}
static bool
EnumerateWindowNamedProperties(JSContext* aCx, JS::Handle<JSObject*> aWrapper,
JS::Handle<JSObject*> aObj,
JS::AutoIdVector& aProps)
{
JSAutoCompartment ac(aCx, aObj);
return js::GetProxyHandler(aObj)->ownPropertyKeys(aCx, aObj, aProps);
}
const NativePropertyHooks sWindowNamedPropertiesNativePropertyHooks[] = { {
ResolveWindowNamedProperty,
EnumerateWindowNamedProperties,
{ nullptr, nullptr },
prototypes::id::_ID_Count,
constructors::id::_ID_Count,
nullptr
} };
static const DOMIfaceAndProtoJSClass WindowNamedPropertiesClass = {
PROXY_CLASS_DEF("WindowProperties",
JSCLASS_IS_DOMIFACEANDPROTOJSCLASS),
eNamedPropertiesObject,
prototypes::id::_ID_Count,
0,
sWindowNamedPropertiesNativePropertyHooks,
"[object WindowProperties]",
EventTargetBinding::GetProtoObject
};
// static
JSObject*
WindowNamedPropertiesHandler::Create(JSContext* aCx,
JS::Handle<JSObject*> aProto)
{
// Note: since the scope polluter proxy lives on the window's prototype
// chain, it needs a singleton type to avoid polluting type information
// for properties on the window.
JS::Rooted<JSObject*> gsp(aCx);
js::ProxyOptions options;
options.setSingleton(true);
options.setClass(&WindowNamedPropertiesClass.mBase);
return js::NewProxyObject(aCx, WindowNamedPropertiesHandler::getInstance(),
JS::NullHandleValue, aProto,
options);
}
} // namespace dom
} // namespace mozilla
Reference in New Issue View Git Blame Copy Permalink