roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:18:48 +00:00
Code Issues Projects Releases Wiki Activity
Files
5d360f5c45e232ec95be9447218c7acd7d18440d
palemoon27/dom/base/PostMessageEvent.cpp
T
roytam1 5d360f5c45 import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1198572 - Add telemetry for how often HSTS would fix mixed content problems r=smaug r=tanvi (1abeb434a4)
- Bug 1181683 - Mark ping and beacon as blockable mixed content instead of optionally blockable. r=smaug (ab4b612439)
- Bug 1148732 - When checking a document's scheme, check the innermost uri. r=dveditz, smaug (f03eef9b3a)
- put back source RegExp (112cbc1797)
- Bug 1026520 - CSP: Inline report sending into allows - csp changes (r=dveditz) (f835967ad3)
- Bug 1026520 - CSP: Inline report sending into allows - callsite updates (r=dveditz) (39b200f027)
- Bug 1026520 - CSP: Inline report sending into allows - test updates (r=dveditz) (6a9dd4d859)
- Bug 1201822 - Update web-platform-tests expected data to revision d0571e01e1a2e4b8c5f696af2f81cbc1be9a5842, a=testonly (851485e4f9)
- Bug 1026520 - CSP: Inline report sending into allows - web platform test updates (r=deveditz) (0fbb9ce2c7)
- Bug 1612470 - Remove Document.hasScriptsBlockedBySandbox and Document.inlineScriptAllowedByCSP. r=bzbarsky (840ec6ebfb)
- Bug 1192333 - Use channel->ascynOpen2 in dom/xslt/xslt/txMozillaStyleheetCompiler.cpp (r=sicking) (73989dc9d2)
- Bug 1186843 - Don't recreate message manager. r=smaug (d4e2e28136)
- Bug 1209361 - Add missing includes to dom/base. r=mccr8 (702a9b0c21)
- Bug 1209621 - Add a way to get the TabParent for the content-primary tab, r=mconley (7d8a7e501f)
- Bug 1209001 - Fix OOM handling when creating ModuleObject r=terrence (e5b9fc8db3)
- Bug 1183289 - Run fewer CGC tests r=sfink (d529983340)
- Bug 1204692 - Add arm64-sim variant to the autospider.sh script. r=sstangl (8f46c42105)
- Bug 1183289 - Partially revert previous patch so jstests get run with default jitflags only r=me (97d1721e43)
- Bug 1210924 - Do not fire read barriers when using ReadBarriered in a boolean context; r=sfink (697885508c)
- code style and reshuffle (1b55c0f721)
- Bug 1207821 - Change the initialized length of an unboxed array in some places without triggering pre barriers, r=jandem. (92452a2db0)
- Bug 1074935 - Add SPS pseudo frames for JSRope flattening; r=jandem (5589064dc1)
- Bug 1184423 - Properly report OOM when initializing the RematerizedFrameTable fails; r=shu (60d964e1ca)
- Bug 1201575 - Give copied FrameIter::Data the cx of the current frame. (r=jimb) (af5e59d95a)
- Bug 1204725 - IonMonkey: Check result when copying frame iter data, r=nbp (7de175e301)
- Bug 1184423 - Properly report OOM when adding a rematerialized frame to the current JitActivation fails; r=shu (a00c310833)
- Bug 1210391 - Module scopes are currently not cacheable r=jandem (b42adeb292)
- pointer style (30f967d1ee)
- Bug 1199221 - Implement JS::ubi::Node::size for js::ObjectGroup referents; r=sfink (364cbff290)
- Bug 1199219 - Implement JS::ubi::Node::size for js::Shape referents; r=sfink (683d11d589)
- Bug 1199220 - Implement JS::ubi::Node::size for js::BaseShape referents; r=sfink (a9e1c02cbc)
- Bug 1200482: Make Debugger respect 'enabled' flag when setting allocation tracking hook on debuggee compartments, and check that it does. r=fitzgen (cf203e12e0)
- Bug 1177508 - Truncate the stack more aggressively in adoptAsyncStack. r=fitzgen (c335f6dcd5)
- Bug 1209989 - Implicitly attach a PRThread to native threads when first used as a PRThread in the PosixNSPR implementation. r=terrence (c9d771fb47)
- Bug 1206640: Fix an implicit constructor in PosixNSPR.cpp; r=nbp (178312c0f2)
- Bug 1204863 - Ignore frames from self-hosted scripts; r=shu (4b8cd11832)
- Bug 1180047: Debugger.prototype.findObjects should not return objects that must not be exposed to JS. r=fitzgen (634f19195b)
- Bug 1208908 - Fix a conditional statement in BytecodeRangeWithPosition::updatePosition(); r=ejpbruel (e58c656255)
- some profiler and crash import (d5b8b4f798)
- Bug 1185532: Turn on the NPAPI process sandbox for Windows 64-bit flash by default. r=bsmedberg (5aa8fa8a6e)
- Bug 1194488: Whitelist specific plugins for async init; r=jimm (7c78723689)
- Bug 1200698: Rename async plugin init pref; r=bsmedberg (df37e5833e)
- Bug 1184068: Ensure that mShutdown is not incorrectly set from true to false if plugin crashes during CallNP_Shutdown; r=jimm Bug 1202024: Initialize plugin details and quirks in parent on first run for async init. r=aklotz (934d877d8c)
- missing bit of Bug 1119878 Part 2 (3a0dd8afc1)
- Bug 1209351 (part 6) - Optimize nsTHashTable::RemoveEntry() usage in toolkit/. r=froydnj. (810fbbab89)
- Bug 1209351 (part 1) - Add an overloading of nsTHashTable::RemoveEntry() that takes an already-found entry. r=froydnj. (45d6181461)
- Bug 1209351 (part 2) - Optimize nsTHashTable::RemoveEntry() usage in dom/. r=bz. (bdb19ed49f)
- Bug 1209351 (part 3) - Optimize nsTHashTable::RemoveEntry() usage in gfx/. r=jrmuizel. (dc29a2b97f)
- Bug 1209351 (part 4) - Optimize nsTHashTable::RemoveEntry() usage in netwerk/. r=michal.novotny. (3be1f09b5c)
- Bug 1209351 (part 5) - Optimize nsTHashTable::RemoveEntry() usage in security/. r=keeler. (47999463fe)
2022-09-09 10:02:21 +08:00

147 lines
5.3 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "PostMessageEvent.h"
#include "MessageEvent.h"
#include "mozilla/dom/BlobBinding.h"
#include "mozilla/dom/File.h"
#include "mozilla/dom/FileList.h"
#include "mozilla/dom/FileListBinding.h"
#include "mozilla/dom/MessagePort.h"
#include "mozilla/dom/MessagePortBinding.h"
#include "mozilla/dom/PMessagePort.h"
#include "mozilla/dom/StructuredCloneTags.h"
#include "mozilla/EventDispatcher.h"
#include "nsGlobalWindow.h"
#include "nsIPresShell.h"
#include "nsIPrincipal.h"
#include "nsPresContext.h"
namespace mozilla {
namespace dom {
PostMessageEvent::PostMessageEvent(nsGlobalWindow* aSource,
const nsAString& aCallerOrigin,
nsGlobalWindow* aTargetWindow,
nsIPrincipal* aProvidedPrincipal,
bool aTrustedCaller)
: StructuredCloneHolder(CloningSupported, TransferringSupported,
SameProcessSameThread),
mSource(aSource),
mCallerOrigin(aCallerOrigin),
mTargetWindow(aTargetWindow),
mProvidedPrincipal(aProvidedPrincipal),
mTrustedCaller(aTrustedCaller)
{
MOZ_COUNT_CTOR(PostMessageEvent);
}
PostMessageEvent::~PostMessageEvent()
{
MOZ_COUNT_DTOR(PostMessageEvent);
}
NS_IMETHODIMP
PostMessageEvent::Run()
{
MOZ_ASSERT(mTargetWindow->IsOuterWindow(),
"should have been passed an outer window!");
MOZ_ASSERT(!mSource || mSource->IsOuterWindow(),
"should have been passed an outer window!");
AutoJSAPI jsapi;
jsapi.Init();
JSContext* cx = jsapi.cx();
// If we bailed before this point we're going to leak mMessage, but
// that's probably better than crashing.
nsRefPtr<nsGlobalWindow> targetWindow;
if (mTargetWindow->IsClosedOrClosing() ||
!(targetWindow = mTargetWindow->GetCurrentInnerWindowInternal()) ||
targetWindow->IsClosedOrClosing())
return NS_OK;
MOZ_ASSERT(targetWindow->IsInnerWindow(),
"we ordered an inner window!");
JSAutoCompartment ac(cx, targetWindow->GetWrapperPreserveColor());
// Ensure that any origin which might have been provided is the origin of this
// window's document. Note that we do this *now* instead of when postMessage
// is called because the target window might have been navigated to a
// different location between then and now. If this check happened when
// postMessage was called, it would be fairly easy for a malicious webpage to
// intercept messages intended for another site by carefully timing navigation
// of the target window so it changed location after postMessage but before
// now.
if (mProvidedPrincipal) {
// Get the target's origin either from its principal or, in the case the
// principal doesn't carry a URI (e.g. the system principal), the target's
// document.
nsIPrincipal* targetPrin = targetWindow->GetPrincipal();
if (NS_WARN_IF(!targetPrin))
return NS_OK;
// Note: This is contrary to the spec with respect to file: URLs, which
// the spec groups into a single origin, but given we intentionally
// don't do that in other places it seems better to hold the line for
// now. Long-term, we want HTML5 to address this so that we can
// be compliant while being safer.
if (!targetPrin->Equals(mProvidedPrincipal)) {
return NS_OK;
}
}
ErrorResult rv;
JS::Rooted<JS::Value> messageData(cx);
nsCOMPtr<nsPIDOMWindow> window = targetWindow.get();
Read(window, cx, &messageData, rv);
if (NS_WARN_IF(rv.Failed())) {
return rv.StealNSResult();
}
// Create the event
nsCOMPtr<mozilla::dom::EventTarget> eventTarget =
do_QueryInterface(static_cast<nsPIDOMWindow*>(targetWindow.get()));
nsRefPtr<MessageEvent> event =
new MessageEvent(eventTarget, nullptr, nullptr);
event->InitMessageEvent(NS_LITERAL_STRING("message"), false /*non-bubbling */,
false /*cancelable */, messageData, mCallerOrigin,
EmptyString(), mSource);
nsTArray<nsRefPtr<MessagePort>> ports = TakeTransferredPorts();
event->SetPorts(new MessagePortList(static_cast<dom::Event*>(event.get()),
ports));
// We can't simply call dispatchEvent on the window because doing so ends
// up flipping the trusted bit on the event, and we don't want that to
// happen because then untrusted content can call postMessage on a chrome
// window if it can get a reference to it.
nsIPresShell *shell = targetWindow->GetExtantDoc()->GetShell();
nsRefPtr<nsPresContext> presContext;
if (shell)
presContext = shell->GetPresContext();
event->SetTrusted(mTrustedCaller);
WidgetEvent* internalEvent = event->GetInternalNSEvent();
nsEventStatus status = nsEventStatus_eIgnore;
EventDispatcher::Dispatch(static_cast<nsPIDOMWindow*>(mTargetWindow),
presContext,
internalEvent,
static_cast<dom::Event*>(event.get()),
&status);
return NS_OK;
}
} // namespace dom
} // namespace mozilla
Reference in New Issue View Git Blame Copy Permalink