summaryrefslogtreecommitdiffstats
path: root/js/xpconnect/wrappers/WrapperFactory.h
diff options
context:
space:
mode:
Diffstat (limited to 'js/xpconnect/wrappers/WrapperFactory.h')
-rw-r--r--js/xpconnect/wrappers/WrapperFactory.h114
1 files changed, 114 insertions, 0 deletions
diff --git a/js/xpconnect/wrappers/WrapperFactory.h b/js/xpconnect/wrappers/WrapperFactory.h
new file mode 100644
index 0000000000..f1200bf765
--- /dev/null
+++ b/js/xpconnect/wrappers/WrapperFactory.h
@@ -0,0 +1,114 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _xpc_WRAPPERFACTORY_H
+#define _xpc_WRAPPERFACTORY_H
+
+#include "js/Wrapper.h"
+
+namespace xpc {
+
+/**
+ * A wrapper that's only used for cross-origin objects. This should be
+ * just like a CrossCompartmentWrapper but (as an implementation
+ * detail) doesn't actually do any compartment-entering and (as an
+ * implementation detail) delegates all the security decisions and
+ * compartment-entering to the target object, which is always a
+ * proxy.
+ *
+ * We could also inherit from CrossCompartmentWrapper but then we
+ * would need to override all the proxy hooks to avoid the
+ * compartment-entering bits.
+ */
+class CrossOriginObjectWrapper : public js::Wrapper {
+ public:
+ // We want to claim to have a security policy, so code doesn't just
+ // CheckedUnwrap us willy-nilly. But we're OK with the BaseProxyHandler
+ // implementation of enter(), which allows entering. Our target is what
+ // really does the security checks.
+ //
+ // We don't want to inherit from CrossCompartmentWrapper, because we don't
+ // want the compartment-entering behavior it has. But we do want to set the
+ // CROSS_COMPARTMENT flag on js::Wrapper so that we test true for
+ // is<js::CrossCompartmentWrapperObject> and so forth.
+ constexpr explicit CrossOriginObjectWrapper()
+ : js::Wrapper(CROSS_COMPARTMENT, /* aHasPrototype = */ false,
+ /* aHasSecurityPolicy = */ true) {}
+
+ bool dynamicCheckedUnwrapAllowed(JS::Handle<JSObject*> obj,
+ JSContext* cx) const override;
+
+ // Cross origin objects should not participate in private fields.
+ virtual bool throwOnPrivateField() const override { return true; }
+
+ static const CrossOriginObjectWrapper singleton;
+};
+
+class WrapperFactory {
+ public:
+ enum {
+ WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1,
+ IS_XRAY_WRAPPER_FLAG = WAIVE_XRAY_WRAPPER_FLAG << 1
+ };
+
+ // Return true if any of any of the nested wrappers have the flag set.
+ static bool HasWrapperFlag(JSObject* wrapper, unsigned flag) {
+ unsigned flags = 0;
+ js::UncheckedUnwrap(wrapper, true, &flags);
+ return !!(flags & flag);
+ }
+
+ static bool IsXrayWrapper(JSObject* wrapper) {
+ return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG);
+ }
+
+ static bool IsCrossOriginWrapper(JSObject* obj) {
+ return (js::IsProxy(obj) &&
+ js::GetProxyHandler(obj) == &CrossOriginObjectWrapper::singleton);
+ }
+
+ static bool IsOpaqueWrapper(JSObject* obj);
+
+ static bool HasWaiveXrayFlag(JSObject* wrapper) {
+ return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG);
+ }
+
+ static bool IsCOW(JSObject* wrapper);
+
+ static JSObject* GetXrayWaiver(JS::Handle<JSObject*> obj);
+ // If allowExisting is true, there is an existing waiver for obj in
+ // its scope, but we want to replace it with the new one.
+ static JSObject* CreateXrayWaiver(JSContext* cx, JS::Handle<JSObject*> obj,
+ bool allowExisting = false);
+ static JSObject* WaiveXray(JSContext* cx, JSObject* obj);
+
+ // Computes whether we should allow the creation of an Xray waiver from
+ // |target| to |origin|.
+ static bool AllowWaiver(JS::Compartment* target, JS::Compartment* origin);
+
+ // Convenience method for the above, operating on a wrapper.
+ static bool AllowWaiver(JSObject* wrapper);
+
+ // Prepare a given object for wrapping in a new compartment.
+ static void PrepareForWrapping(JSContext* cx, JS::Handle<JSObject*> scope,
+ JS::Handle<JSObject*> origObj,
+ JS::Handle<JSObject*> obj,
+ JS::Handle<JSObject*> objectPassedToWrap,
+ JS::MutableHandle<JSObject*> retObj);
+
+ // Rewrap an object that is about to cross compartment boundaries.
+ static JSObject* Rewrap(JSContext* cx, JS::Handle<JSObject*> existing,
+ JS::Handle<JSObject*> obj);
+
+ // Wrap wrapped object into a waiver wrapper and then re-wrap it.
+ static bool WaiveXrayAndWrap(JSContext* cx, JS::MutableHandle<JS::Value> vp);
+ static bool WaiveXrayAndWrap(JSContext* cx,
+ JS::MutableHandle<JSObject*> object);
+};
+
+} // namespace xpc
+
+#endif /* _xpc_WRAPPERFACTORY_H */