summaryrefslogtreecommitdiffstats
path: root/dom/bindings/CallbackObject.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'dom/bindings/CallbackObject.cpp')
-rw-r--r--dom/bindings/CallbackObject.cpp433
1 files changed, 433 insertions, 0 deletions
diff --git a/dom/bindings/CallbackObject.cpp b/dom/bindings/CallbackObject.cpp
new file mode 100644
index 0000000000..dfd798ba23
--- /dev/null
+++ b/dom/bindings/CallbackObject.cpp
@@ -0,0 +1,433 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/CallbackObject.h"
+#include "mozilla/CycleCollectedJSContext.h"
+#include "mozilla/dom/BindingUtils.h"
+#include "jsfriendapi.h"
+#include "nsIScriptGlobalObject.h"
+#include "nsIScriptContext.h"
+#include "nsPIDOMWindow.h"
+#include "nsJSUtils.h"
+#include "xpcprivate.h"
+#include "WorkerPrivate.h"
+#include "nsContentUtils.h"
+#include "nsGlobalWindow.h"
+#include "WorkerScope.h"
+#include "jsapi.h"
+#include "js/ContextOptions.h"
+#include "nsJSPrincipals.h"
+
+namespace mozilla::dom {
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(CallbackObject)
+ NS_INTERFACE_MAP_ENTRY(mozilla::dom::CallbackObject)
+ NS_INTERFACE_MAP_ENTRY(nsISupports)
+NS_INTERFACE_MAP_END
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(CallbackObject)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(CallbackObject)
+
+NS_IMPL_CYCLE_COLLECTION_CLASS(CallbackObject)
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(CallbackObject)
+ tmp->ClearJSReferences();
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mIncumbentGlobal)
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_BEGIN(CallbackObject)
+ JSObject* callback = tmp->CallbackPreserveColor();
+
+ if (!aRemovingAllowed) {
+ // If our callback has been cleared, we can't be part of a garbage cycle.
+ return !callback;
+ }
+
+ // mCallback is always wrapped for the CallbackObject's incumbent global. In
+ // the case where the real callback is in a different compartment, we have a
+ // cross-compartment wrapper, and it will automatically be cut when its
+ // compartment is nuked. In the case where it is in the same compartment, we
+ // have a reference to the real function. Since that means there are no
+ // wrappers to cut, we need to check whether the compartment is still alive,
+ // and drop the references if it is not.
+
+ if (MOZ_UNLIKELY(!callback)) {
+ return true;
+ }
+ if (MOZ_LIKELY(tmp->mIncumbentGlobal) &&
+ MOZ_UNLIKELY(js::NukedObjectRealm(tmp->CallbackGlobalPreserveColor()))) {
+ // It's not safe to release our global reference or drop our JS objects at
+ // this point, so defer their finalization until CC is finished.
+ AddForDeferredFinalization(new JSObjectsDropper(tmp));
+ DeferredFinalize(tmp->mIncumbentGlobal.forget().take());
+ return true;
+ }
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_BEGIN(CallbackObject)
+ return !tmp->mCallback;
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(CallbackObject)
+ return !tmp->mCallback;
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END
+
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(CallbackObject)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mIncumbentGlobal)
+ // If a new member is added here, don't forget to update IsBlackForCC.
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(CallbackObject)
+ NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mCallback)
+ NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mCallbackGlobal)
+ NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mCreationStack)
+ NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mIncumbentJSGlobal)
+ // If a new member is added here, don't forget to update IsBlackForCC.
+NS_IMPL_CYCLE_COLLECTION_TRACE_END
+
+void CallbackObject::Trace(JSTracer* aTracer) {
+ JS::TraceEdge(aTracer, &mCallback, "CallbackObject.mCallback");
+ JS::TraceEdge(aTracer, &mCallbackGlobal, "CallbackObject.mCallbackGlobal");
+ JS::TraceEdge(aTracer, &mCreationStack, "CallbackObject.mCreationStack");
+ JS::TraceEdge(aTracer, &mIncumbentJSGlobal,
+ "CallbackObject.mIncumbentJSGlobal");
+}
+
+void CallbackObject::FinishSlowJSInitIfMoreThanOneOwner(JSContext* aCx) {
+ MOZ_ASSERT(mRefCnt.get() > 0);
+ if (mRefCnt.get() > 1) {
+ mozilla::HoldJSObjects(this);
+ if (JS::IsAsyncStackCaptureEnabledForRealm(aCx)) {
+ JS::Rooted<JSObject*> stack(aCx);
+ if (!JS::CaptureCurrentStack(aCx, &stack)) {
+ JS_ClearPendingException(aCx);
+ }
+ mCreationStack = stack;
+ }
+ mIncumbentGlobal = GetIncumbentGlobal();
+ if (mIncumbentGlobal) {
+ // We don't want to expose to JS here (change the color). If someone ever
+ // reads mIncumbentJSGlobal, that will expose. If not, no need to expose
+ // here.
+ mIncumbentJSGlobal = mIncumbentGlobal->GetGlobalJSObjectPreserveColor();
+ }
+ } else {
+ // We can just forget all our stuff.
+ ClearJSReferences();
+ }
+}
+
+JSObject* CallbackObject::Callback(JSContext* aCx) {
+ JSObject* callback = CallbackOrNull();
+ if (!callback) {
+ callback = JS_NewDeadWrapper(aCx);
+ }
+
+ MOZ_DIAGNOSTIC_ASSERT(callback);
+ return callback;
+}
+
+void CallbackObject::GetDescription(nsACString& aOutString) {
+ JSObject* wrappedCallback = CallbackOrNull();
+ if (!wrappedCallback) {
+ aOutString.Append("<callback from a nuked compartment>");
+ return;
+ }
+
+ JS::Rooted<JSObject*> unwrappedCallback(
+ RootingCx(), js::CheckedUnwrapStatic(wrappedCallback));
+ if (!unwrappedCallback) {
+ aOutString.Append("<not a function>");
+ return;
+ }
+
+ AutoJSAPI jsapi;
+ jsapi.Init();
+ JSContext* cx = jsapi.cx();
+
+ JS::Rooted<JSObject*> rootedCallback(cx, unwrappedCallback);
+ JSAutoRealm ar(cx, rootedCallback);
+
+ JS::Rooted<JSFunction*> rootedFunction(cx,
+ JS_GetObjectFunction(rootedCallback));
+ if (!rootedFunction) {
+ aOutString.Append("<not a function>");
+ return;
+ }
+
+ JS::Rooted<JSString*> displayId(cx, JS_GetFunctionDisplayId(rootedFunction));
+ if (displayId) {
+ nsAutoJSString funcNameStr;
+ if (funcNameStr.init(cx, displayId)) {
+ if (funcNameStr.IsEmpty()) {
+ aOutString.Append("<empty name>");
+ } else {
+ AppendUTF16toUTF8(funcNameStr, aOutString);
+ }
+ } else {
+ aOutString.Append("<function name string failed to materialize>");
+ jsapi.ClearException();
+ }
+ } else {
+ aOutString.Append("<anonymous>");
+ }
+
+ JS::Rooted<JSScript*> rootedScript(cx,
+ JS_GetFunctionScript(cx, rootedFunction));
+ if (!rootedScript) {
+ return;
+ }
+
+ aOutString.Append(" (");
+ aOutString.Append(JS_GetScriptFilename(rootedScript));
+ aOutString.Append(":");
+ aOutString.AppendInt(JS_GetScriptBaseLineNumber(cx, rootedScript));
+ aOutString.Append(")");
+}
+
+CallbackObject::CallSetup::CallSetup(CallbackObject* aCallback,
+ ErrorResult& aRv,
+ const char* aExecutionReason,
+ ExceptionHandling aExceptionHandling,
+ JS::Realm* aRealm,
+ bool aIsJSImplementedWebIDL)
+ : mCx(nullptr),
+ mRealm(aRealm),
+ mErrorResult(aRv),
+ mExceptionHandling(aExceptionHandling),
+ mIsMainThread(NS_IsMainThread()) {
+ MOZ_ASSERT_IF(aExceptionHandling == eReportExceptions ||
+ aExceptionHandling == eRethrowExceptions,
+ !aRealm);
+
+ CycleCollectedJSContext* ccjs = CycleCollectedJSContext::Get();
+ if (ccjs) {
+ ccjs->EnterMicroTask();
+ }
+
+ // Compute the caller's subject principal (if necessary) early, before we
+ // do anything that might perturb the relevant state.
+ nsIPrincipal* webIDLCallerPrincipal = nullptr;
+ if (aIsJSImplementedWebIDL) {
+ webIDLCallerPrincipal =
+ nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller();
+ }
+
+ JSObject* wrappedCallback = aCallback->CallbackPreserveColor();
+ if (!wrappedCallback) {
+ aRv.ThrowNotSupportedError(
+ "Cannot execute callback from a nuked compartment.");
+ return;
+ }
+
+ nsIGlobalObject* globalObject = nullptr;
+
+ {
+ // First, find the real underlying callback.
+ JS::Rooted<JSObject*> realCallback(ccjs->RootingCx(),
+ js::UncheckedUnwrap(wrappedCallback));
+
+ // Get the global for this callback. Note that for the case of
+ // JS-implemented WebIDL we never have a window here.
+ nsGlobalWindowInner* win = mIsMainThread && !aIsJSImplementedWebIDL
+ ? xpc::WindowGlobalOrNull(realCallback)
+ : nullptr;
+ if (win) {
+ // We don't want to run script in windows that have been navigated away
+ // from.
+ if (!win->HasActiveDocument()) {
+ aRv.ThrowNotSupportedError(
+ "Refusing to execute function from window whose document is no "
+ "longer active.");
+ return;
+ }
+ globalObject = win;
+ } else {
+ // No DOM Window. Store the global.
+ globalObject = xpc::NativeGlobal(realCallback);
+ MOZ_ASSERT(globalObject);
+ }
+
+ // Make sure to use realCallback to get the global of the callback
+ // object, not the wrapper.
+ if (globalObject->IsScriptForbidden(realCallback, aIsJSImplementedWebIDL)) {
+ aRv.ThrowNotSupportedError(
+ "Refusing to execute function from global in which script is "
+ "disabled.");
+ return;
+ }
+ }
+
+ // Bail out if there's no useful global.
+ if (!globalObject->HasJSGlobal()) {
+ aRv.ThrowNotSupportedError(
+ "Refusing to execute function from global which is being torn down.");
+ return;
+ }
+
+ AutoAllowLegacyScriptExecution exemption;
+ mAutoEntryScript.emplace(globalObject, aExecutionReason, mIsMainThread);
+ mAutoEntryScript->SetWebIDLCallerPrincipal(webIDLCallerPrincipal);
+ nsIGlobalObject* incumbent = aCallback->IncumbentGlobalOrNull();
+ if (incumbent) {
+ // The callback object traces its incumbent JS global, so in general it
+ // should be alive here. However, it's possible that we could run afoul
+ // of the same IPC global weirdness described above, wherein the
+ // nsIGlobalObject has severed its reference to the JS global. Let's just
+ // be safe here, so that nobody has to waste a day debugging gaia-ui tests.
+ if (!incumbent->HasJSGlobal()) {
+ aRv.ThrowNotSupportedError(
+ "Refusing to execute function because our incumbent global is being "
+ "torn down.");
+ return;
+ }
+ mAutoIncumbentScript.emplace(incumbent);
+ }
+
+ JSContext* cx = mAutoEntryScript->cx();
+
+ // Unmark the callable (by invoking CallbackOrNull() and not the
+ // CallbackPreserveColor() variant), and stick it in a Rooted before it can
+ // go gray again.
+ // Nothing before us in this function can trigger a CC, so it's safe to wait
+ // until here it do the unmark. This allows us to construct mRootedCallable
+ // with the cx from mAutoEntryScript, avoiding the cost of finding another
+ // JSContext. (Rooted<> does not care about requests or compartments.)
+ mRootedCallable.emplace(cx, aCallback->CallbackOrNull());
+ mRootedCallableGlobal.emplace(cx, aCallback->CallbackGlobalOrNull());
+
+ mAsyncStack.emplace(cx, aCallback->GetCreationStack());
+ if (*mAsyncStack) {
+ mAsyncStackSetter.emplace(cx, *mAsyncStack, aExecutionReason);
+ }
+
+ // Enter the realm of our callback, so we can actually work with it.
+ //
+ // Note that if the callback is a wrapper, this will not be the same
+ // realm that we ended up in with mAutoEntryScript above, because the
+ // entry point is based off of the unwrapped callback (realCallback).
+ mAr.emplace(cx, *mRootedCallableGlobal);
+
+ // And now we're ready to go.
+ mCx = cx;
+
+ // We don't really have a good error message prefix to use for the
+ // BindingCallContext.
+ mCallContext.emplace(cx, nullptr);
+}
+
+bool CallbackObject::CallSetup::ShouldRethrowException(
+ JS::Handle<JS::Value> aException) {
+ if (mExceptionHandling == eRethrowExceptions) {
+ MOZ_ASSERT(!mRealm);
+ return true;
+ }
+
+ MOZ_ASSERT(mRealm);
+
+ // Now we only want to throw an exception to the caller if the object that was
+ // thrown is in the caller realm (which we stored in mRealm).
+
+ if (!aException.isObject()) {
+ return false;
+ }
+
+ JS::Rooted<JSObject*> obj(mCx, &aException.toObject());
+ obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
+ return js::GetNonCCWObjectRealm(obj) == mRealm;
+}
+
+CallbackObject::CallSetup::~CallSetup() {
+ // To get our nesting right we have to destroy our JSAutoRealm first.
+ // In particular, we want to do this before we try reporting any exceptions,
+ // so we end up reporting them while in the realm of our entry point,
+ // not whatever cross-compartment wrappper mCallback might be.
+ // Be careful: the JSAutoRealm might not have been constructed at all!
+ mAr.reset();
+
+ // Now, if we have a JSContext, report any pending errors on it, unless we
+ // were told to re-throw them.
+ if (mCx) {
+ bool needToDealWithException = mAutoEntryScript->HasException();
+ if ((mRealm && mExceptionHandling == eRethrowContentExceptions) ||
+ mExceptionHandling == eRethrowExceptions) {
+ mErrorResult.MightThrowJSException();
+ if (needToDealWithException) {
+ JS::Rooted<JS::Value> exn(mCx);
+ if (mAutoEntryScript->PeekException(&exn) &&
+ ShouldRethrowException(exn)) {
+ mAutoEntryScript->ClearException();
+ MOZ_ASSERT(!mAutoEntryScript->HasException());
+ mErrorResult.ThrowJSException(mCx, exn);
+ needToDealWithException = false;
+ }
+ }
+ }
+
+ if (needToDealWithException) {
+ // Either we're supposed to report our exceptions, or we're supposed to
+ // re-throw them but we failed to get the exception value. Either way,
+ // we'll just report the pending exception, if any, once ~mAutoEntryScript
+ // runs. Note that we've already run ~mAr, effectively, so we don't have
+ // to worry about ordering here.
+ if (mErrorResult.IsJSContextException()) {
+ // XXXkhuey bug 1117269. When this is fixed, please consider fixing
+ // ThrowExceptionValueIfSafe over in Exceptions.cpp in the same way.
+
+ // IsJSContextException shouldn't be true anymore because we will report
+ // the exception on the JSContext ... so throw something else.
+ mErrorResult.Throw(NS_ERROR_UNEXPECTED);
+ }
+ }
+ }
+
+ mAutoIncumbentScript.reset();
+ mAutoEntryScript.reset();
+
+ // It is important that this is the last thing we do, after leaving the
+ // realm and undoing all our entry/incumbent script changes
+ CycleCollectedJSContext* ccjs = CycleCollectedJSContext::Get();
+ if (ccjs) {
+ ccjs->LeaveMicroTask();
+ }
+}
+
+already_AddRefed<nsISupports> CallbackObjectHolderBase::ToXPCOMCallback(
+ CallbackObject* aCallback, const nsIID& aIID) const {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (!aCallback) {
+ return nullptr;
+ }
+
+ // We don't init the AutoJSAPI with our callback because we don't want it
+ // reporting errors to its global's onerror handlers.
+ AutoJSAPI jsapi;
+ jsapi.Init();
+ JSContext* cx = jsapi.cx();
+
+ JS::Rooted<JSObject*> callback(cx, aCallback->CallbackOrNull());
+ if (!callback) {
+ return nullptr;
+ }
+
+ JSAutoRealm ar(cx, aCallback->CallbackGlobalOrNull());
+
+ RefPtr<nsXPCWrappedJS> wrappedJS;
+ nsresult rv = nsXPCWrappedJS::GetNewOrUsed(cx, callback, aIID,
+ getter_AddRefs(wrappedJS));
+ if (NS_FAILED(rv) || !wrappedJS) {
+ return nullptr;
+ }
+
+ nsCOMPtr<nsISupports> retval;
+ rv = wrappedJS->QueryInterface(aIID, getter_AddRefs(retval));
+ if (NS_FAILED(rv)) {
+ return nullptr;
+ }
+
+ return retval.forget();
+}
+
+} // namespace mozilla::dom