diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /js/src/proxy | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'js/src/proxy')
-rw-r--r-- | js/src/proxy/BaseProxyHandler.cpp | 426 | ||||
-rw-r--r-- | js/src/proxy/CrossCompartmentWrapper.cpp | 648 | ||||
-rw-r--r-- | js/src/proxy/DOMProxy.cpp | 41 | ||||
-rw-r--r-- | js/src/proxy/DOMProxy.h | 34 | ||||
-rw-r--r-- | js/src/proxy/DeadObjectProxy.cpp | 156 | ||||
-rw-r--r-- | js/src/proxy/DeadObjectProxy.h | 100 | ||||
-rw-r--r-- | js/src/proxy/OpaqueCrossCompartmentWrapper.cpp | 152 | ||||
-rw-r--r-- | js/src/proxy/Proxy.cpp | 1063 | ||||
-rw-r--r-- | js/src/proxy/Proxy.h | 112 | ||||
-rw-r--r-- | js/src/proxy/ScriptedProxyHandler.cpp | 1577 | ||||
-rw-r--r-- | js/src/proxy/ScriptedProxyHandler.h | 115 | ||||
-rw-r--r-- | js/src/proxy/SecurityWrapper.cpp | 108 | ||||
-rw-r--r-- | js/src/proxy/Wrapper.cpp | 456 |
13 files changed, 4988 insertions, 0 deletions
diff --git a/js/src/proxy/BaseProxyHandler.cpp b/js/src/proxy/BaseProxyHandler.cpp new file mode 100644 index 0000000000..1dc4e03664 --- /dev/null +++ b/js/src/proxy/BaseProxyHandler.cpp @@ -0,0 +1,426 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "jsapi.h" +#include "NamespaceImports.h" + +#include "gc/GC.h" +#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* +#include "js/Proxy.h" +#include "proxy/DeadObjectProxy.h" +#include "vm/Interpreter.h" +#include "vm/ProxyObject.h" +#include "vm/WellKnownAtom.h" // js_*_str +#include "vm/WrapperObject.h" + +#include "vm/JSContext-inl.h" +#include "vm/JSObject-inl.h" + +using namespace js; + +using JS::IsArrayAnswer; + +bool BaseProxyHandler::enter(JSContext* cx, HandleObject wrapper, HandleId id, + Action act, bool mayThrow, bool* bp) const { + *bp = true; + return true; +} + +bool BaseProxyHandler::has(JSContext* cx, HandleObject proxy, HandleId id, + bool* bp) const { + assertEnteredPolicy(cx, proxy, id, GET); + + // This method is not covered by any spec, but we follow ES 2016 + // (February 11, 2016) 9.1.7.1 fairly closely. + + // Step 2. (Step 1 is a superfluous assertion.) + // Non-standard: Use our faster hasOwn trap. + if (!hasOwn(cx, proxy, id, bp)) { + return false; + } + + // Step 3. + if (*bp) { + return true; + } + + // The spec calls this variable "parent", but that word has weird + // connotations in SpiderMonkey, so let's go with "proto". + // Step 4. + RootedObject proto(cx); + if (!GetPrototype(cx, proxy, &proto)) { + return false; + } + + // Step 5.,5.a. + if (proto) { + return HasProperty(cx, proto, id, bp); + } + + // Step 6. + *bp = false; + return true; +} + +bool BaseProxyHandler::hasOwn(JSContext* cx, HandleObject proxy, HandleId id, + bool* bp) const { + assertEnteredPolicy(cx, proxy, id, GET); + Rooted<mozilla::Maybe<PropertyDescriptor>> desc(cx); + if (!getOwnPropertyDescriptor(cx, proxy, id, &desc)) { + return false; + } + *bp = desc.isSome(); + return true; +} + +bool BaseProxyHandler::get(JSContext* cx, HandleObject proxy, + HandleValue receiver, HandleId id, + MutableHandleValue vp) const { + assertEnteredPolicy(cx, proxy, id, GET); + + // This method is not covered by any spec, but we follow ES 2016 + // (January 21, 2016) 9.1.8 fairly closely. + + // Step 2. (Step 1 is a superfluous assertion.) + Rooted<mozilla::Maybe<PropertyDescriptor>> desc(cx); + if (!getOwnPropertyDescriptor(cx, proxy, id, &desc)) { + return false; + } + if (desc.isSome()) { + desc->assertComplete(); + } + + // Step 3. + if (desc.isNothing()) { + // The spec calls this variable "parent", but that word has weird + // connotations in SpiderMonkey, so let's go with "proto". + // Step 3.a. + RootedObject proto(cx); + if (!GetPrototype(cx, proxy, &proto)) { + return false; + } + + // Step 3.b. + if (!proto) { + vp.setUndefined(); + return true; + } + + // Step 3.c. + return GetProperty(cx, proto, receiver, id, vp); + } + + // Step 4. + if (desc->isDataDescriptor()) { + vp.set(desc->value()); + return true; + } + + // Step 5. + MOZ_ASSERT(desc->isAccessorDescriptor()); + RootedObject getter(cx, desc->getter()); + + // Step 6. + if (!getter) { + vp.setUndefined(); + return true; + } + + // Step 7. + RootedValue getterFunc(cx, ObjectValue(*getter)); + return CallGetter(cx, receiver, getterFunc, vp); +} + +bool BaseProxyHandler::set(JSContext* cx, HandleObject proxy, HandleId id, + HandleValue v, HandleValue receiver, + ObjectOpResult& result) const { + assertEnteredPolicy(cx, proxy, id, SET); + + // This method is not covered by any spec, but we follow ES6 draft rev 28 + // (2014 Oct 14) 9.1.9 fairly closely, adapting it slightly for + // SpiderMonkey's particular foibles. + + // Steps 2-3. (Step 1 is a superfluous assertion.) + Rooted<mozilla::Maybe<PropertyDescriptor>> ownDesc(cx); + if (!getOwnPropertyDescriptor(cx, proxy, id, &ownDesc)) { + return false; + } + if (ownDesc.isSome()) { + ownDesc->assertComplete(); + } + + // The rest is factored out into a separate function with a weird name. + // This algorithm continues just below. + return SetPropertyIgnoringNamedGetter(cx, proxy, id, v, receiver, ownDesc, + result); +} + +bool js::SetPropertyIgnoringNamedGetter( + JSContext* cx, HandleObject obj, HandleId id, HandleValue v, + HandleValue receiver, Handle<mozilla::Maybe<PropertyDescriptor>> ownDesc_, + ObjectOpResult& result) { + Rooted<PropertyDescriptor> ownDesc(cx); + + // Step 4. + if (ownDesc_.isNothing()) { + // The spec calls this variable "parent", but that word has weird + // connotations in SpiderMonkey, so let's go with "proto". + RootedObject proto(cx); + if (!GetPrototype(cx, obj, &proto)) { + return false; + } + if (proto) { + return SetProperty(cx, proto, id, v, receiver, result); + } + + // Step 4.d. + ownDesc.set(PropertyDescriptor::Data( + UndefinedValue(), + {JS::PropertyAttribute::Configurable, JS::PropertyAttribute::Enumerable, + JS::PropertyAttribute::Writable})); + } else { + ownDesc.set(*ownDesc_); + } + + // Step 5. + if (ownDesc.isDataDescriptor()) { + // Steps 5.a-b. + if (!ownDesc.writable()) { + return result.fail(JSMSG_READ_ONLY); + } + if (!receiver.isObject()) { + return result.fail(JSMSG_SET_NON_OBJECT_RECEIVER); + } + RootedObject receiverObj(cx, &receiver.toObject()); + + // Steps 5.c-d. + Rooted<mozilla::Maybe<PropertyDescriptor>> existingDescriptor(cx); + if (!GetOwnPropertyDescriptor(cx, receiverObj, id, &existingDescriptor)) { + return false; + } + + // Step 5.e. + if (existingDescriptor.isSome()) { + // Step 5.e.i. + if (existingDescriptor->isAccessorDescriptor()) { + return result.fail(JSMSG_OVERWRITING_ACCESSOR); + } + + // Step 5.e.ii. + if (!existingDescriptor->writable()) { + return result.fail(JSMSG_READ_ONLY); + } + } + + // Steps 5.e.iii-iv. and 5.f.i. + Rooted<PropertyDescriptor> desc(cx); + if (existingDescriptor.isSome()) { + desc = PropertyDescriptor::Empty(); + desc.setValue(v); + } else { + desc = PropertyDescriptor::Data(v, {JS::PropertyAttribute::Configurable, + JS::PropertyAttribute::Enumerable, + JS::PropertyAttribute::Writable}); + } + return DefineProperty(cx, receiverObj, id, desc, result); + } + + // Step 6. + MOZ_ASSERT(ownDesc.isAccessorDescriptor()); + RootedObject setter(cx); + if (ownDesc.hasSetter()) { + setter = ownDesc.setter(); + } + if (!setter) { + return result.fail(JSMSG_GETTER_ONLY); + } + RootedValue setterValue(cx, ObjectValue(*setter)); + if (!CallSetter(cx, receiver, setterValue, v)) { + return false; + } + return result.succeed(); +} + +bool BaseProxyHandler::getOwnEnumerablePropertyKeys( + JSContext* cx, HandleObject proxy, MutableHandleIdVector props) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), ENUMERATE); + MOZ_ASSERT(props.length() == 0); + + if (!ownPropertyKeys(cx, proxy, props)) { + return false; + } + + /* Select only the enumerable properties through in-place iteration. */ + RootedId id(cx); + size_t i = 0; + for (size_t j = 0, len = props.length(); j < len; j++) { + MOZ_ASSERT(i <= j); + id = props[j]; + if (id.isSymbol()) { + continue; + } + + AutoWaivePolicy policy(cx, proxy, id, BaseProxyHandler::GET); + Rooted<mozilla::Maybe<PropertyDescriptor>> desc(cx); + if (!getOwnPropertyDescriptor(cx, proxy, id, &desc)) { + return false; + } + if (desc.isSome()) { + desc->assertComplete(); + } + + if (desc.isSome() && desc->enumerable()) { + props[i++].set(id); + } + } + + MOZ_ASSERT(i <= props.length()); + if (!props.resize(i)) { + return false; + } + + return true; +} + +bool BaseProxyHandler::enumerate(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), ENUMERATE); + + // GetPropertyKeys will invoke getOwnEnumerablePropertyKeys along the proto + // chain for us. + MOZ_ASSERT(props.empty()); + return GetPropertyKeys(cx, proxy, 0, props); +} + +bool BaseProxyHandler::call(JSContext* cx, HandleObject proxy, + const CallArgs& args) const { + MOZ_CRASH("callable proxies should implement call trap"); +} + +bool BaseProxyHandler::construct(JSContext* cx, HandleObject proxy, + const CallArgs& args) const { + MOZ_CRASH("callable proxies should implement construct trap"); +} + +const char* BaseProxyHandler::className(JSContext* cx, + HandleObject proxy) const { + return proxy->isCallable() ? "Function" : "Object"; +} + +JSString* BaseProxyHandler::fun_toString(JSContext* cx, HandleObject proxy, + bool isToSource) const { + if (proxy->isCallable()) { + return JS_NewStringCopyZ(cx, "function () {\n [native code]\n}"); + } + + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_INCOMPATIBLE_PROTO, js_Function_str, + js_toString_str, "object"); + return nullptr; +} + +RegExpShared* BaseProxyHandler::regexp_toShared(JSContext* cx, + HandleObject proxy) const { + MOZ_CRASH("This should have been a wrapped regexp"); +} + +bool BaseProxyHandler::boxedValue_unbox(JSContext* cx, HandleObject proxy, + MutableHandleValue vp) const { + vp.setUndefined(); + return true; +} + +bool BaseProxyHandler::nativeCall(JSContext* cx, IsAcceptableThis test, + NativeImpl impl, const CallArgs& args) const { + ReportIncompatible(cx, args); + return false; +} + +bool BaseProxyHandler::getBuiltinClass(JSContext* cx, HandleObject proxy, + ESClass* cls) const { + *cls = ESClass::Other; + return true; +} + +bool BaseProxyHandler::isArray(JSContext* cx, HandleObject proxy, + IsArrayAnswer* answer) const { + *answer = IsArrayAnswer::NotArray; + return true; +} + +void BaseProxyHandler::trace(JSTracer* trc, JSObject* proxy) const {} + +void BaseProxyHandler::finalize(JS::GCContext* gcx, JSObject* proxy) const {} + +size_t BaseProxyHandler::objectMoved(JSObject* proxy, JSObject* old) const { + return 0; +} + +bool BaseProxyHandler::getPrototype(JSContext* cx, HandleObject proxy, + MutableHandleObject protop) const { + MOZ_CRASH("must override getPrototype with dynamic prototype"); +} + +bool BaseProxyHandler::setPrototype(JSContext* cx, HandleObject proxy, + HandleObject proto, + ObjectOpResult& result) const { + // Disallow sets of protos on proxies with dynamic prototypes but no hook. + // This keeps us away from the footgun of having the first proto set opt + // you out of having dynamic protos altogether. + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_CANT_SET_PROTO_OF, "incompatible Proxy"); + return false; +} + +bool BaseProxyHandler::setImmutablePrototype(JSContext* cx, HandleObject proxy, + bool* succeeded) const { + *succeeded = false; + return true; +} + +bool BaseProxyHandler::getElements(JSContext* cx, HandleObject proxy, + uint32_t begin, uint32_t end, + ElementAdder* adder) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), GET); + + return js::GetElementsWithAdder(cx, proxy, proxy, begin, end, adder); +} + +bool BaseProxyHandler::isCallable(JSObject* obj) const { return false; } + +bool BaseProxyHandler::isConstructor(JSObject* obj) const { return false; } + +JS_PUBLIC_API void js::NukeNonCCWProxy(JSContext* cx, HandleObject proxy) { + MOZ_ASSERT(proxy->is<ProxyObject>()); + MOZ_ASSERT(!proxy->is<CrossCompartmentWrapperObject>()); + + // (NotifyGCNukeWrapper() only needs to be called on CCWs.) + + // The proxy is about to be replaced, so we need to do any necessary + // cleanup first. + proxy->as<ProxyObject>().handler()->finalize(cx->gcContext(), proxy); + + proxy->as<ProxyObject>().nuke(); + + MOZ_ASSERT(IsDeadProxyObject(proxy)); +} + +JS_PUBLIC_API void js::NukeRemovedCrossCompartmentWrapper(JSContext* cx, + JSObject* wrapper) { + MOZ_ASSERT(wrapper->is<CrossCompartmentWrapperObject>()); + + NotifyGCNukeWrapper(cx, wrapper); + + // We don't need to call finalize here because the CCW finalizer doesn't do + // anything. Skipping finalize means that |wrapper| doesn't need to be rooted + // to pass the hazard analysis, which is needed because this method is called + // from some tricky places inside transplanting where rooting can be + // difficult. + + wrapper->as<ProxyObject>().nuke(); + + MOZ_ASSERT(IsDeadProxyObject(wrapper)); +} diff --git a/js/src/proxy/CrossCompartmentWrapper.cpp b/js/src/proxy/CrossCompartmentWrapper.cpp new file mode 100644 index 0000000000..07b9b8afd7 --- /dev/null +++ b/js/src/proxy/CrossCompartmentWrapper.cpp @@ -0,0 +1,648 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "builtin/FinalizationRegistryObject.h" +#include "gc/GC.h" +#include "gc/PublicIterators.h" +#include "js/friend/WindowProxy.h" // js::IsWindow, js::IsWindowProxy +#include "js/Wrapper.h" +#include "proxy/DeadObjectProxy.h" +#include "proxy/DOMProxy.h" +#include "vm/Iteration.h" +#include "vm/Runtime.h" +#include "vm/WrapperObject.h" + +#include "gc/Nursery-inl.h" +#include "vm/Compartment-inl.h" +#include "vm/JSObject-inl.h" +#include "vm/Realm-inl.h" + +using namespace js; + +#define PIERCE(cx, wrapper, pre, op, post) \ + JS_BEGIN_MACRO \ + bool ok; \ + { \ + AutoRealm call(cx, wrappedObject(wrapper)); \ + ok = (pre) && (op); \ + } \ + return ok && (post); \ + JS_END_MACRO + +#define NOTHING (true) + +static bool MarkAtoms(JSContext* cx, jsid id) { + cx->markId(id); + return true; +} + +static bool MarkAtoms(JSContext* cx, HandleIdVector ids) { + for (size_t i = 0; i < ids.length(); i++) { + cx->markId(ids[i]); + } + return true; +} + +bool CrossCompartmentWrapper::getOwnPropertyDescriptor( + JSContext* cx, HandleObject wrapper, HandleId id, + MutableHandle<mozilla::Maybe<PropertyDescriptor>> desc) const { + PIERCE(cx, wrapper, MarkAtoms(cx, id), + Wrapper::getOwnPropertyDescriptor(cx, wrapper, id, desc), + cx->compartment()->wrap(cx, desc)); +} + +bool CrossCompartmentWrapper::defineProperty(JSContext* cx, + HandleObject wrapper, HandleId id, + Handle<PropertyDescriptor> desc, + ObjectOpResult& result) const { + Rooted<PropertyDescriptor> desc2(cx, desc); + PIERCE(cx, wrapper, MarkAtoms(cx, id) && cx->compartment()->wrap(cx, &desc2), + Wrapper::defineProperty(cx, wrapper, id, desc2, result), NOTHING); +} + +bool CrossCompartmentWrapper::ownPropertyKeys( + JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const { + PIERCE(cx, wrapper, NOTHING, Wrapper::ownPropertyKeys(cx, wrapper, props), + MarkAtoms(cx, props)); +} + +bool CrossCompartmentWrapper::delete_(JSContext* cx, HandleObject wrapper, + HandleId id, + ObjectOpResult& result) const { + PIERCE(cx, wrapper, MarkAtoms(cx, id), + Wrapper::delete_(cx, wrapper, id, result), NOTHING); +} + +bool CrossCompartmentWrapper::getPrototype(JSContext* cx, HandleObject wrapper, + MutableHandleObject protop) const { + { + RootedObject wrapped(cx, wrappedObject(wrapper)); + AutoRealm call(cx, wrapped); + if (!GetPrototype(cx, wrapped, protop)) { + return false; + } + } + + return cx->compartment()->wrap(cx, protop); +} + +bool CrossCompartmentWrapper::setPrototype(JSContext* cx, HandleObject wrapper, + HandleObject proto, + ObjectOpResult& result) const { + RootedObject protoCopy(cx, proto); + PIERCE(cx, wrapper, cx->compartment()->wrap(cx, &protoCopy), + Wrapper::setPrototype(cx, wrapper, protoCopy, result), NOTHING); +} + +bool CrossCompartmentWrapper::getPrototypeIfOrdinary( + JSContext* cx, HandleObject wrapper, bool* isOrdinary, + MutableHandleObject protop) const { + { + RootedObject wrapped(cx, wrappedObject(wrapper)); + AutoRealm call(cx, wrapped); + if (!GetPrototypeIfOrdinary(cx, wrapped, isOrdinary, protop)) { + return false; + } + + if (!*isOrdinary) { + return true; + } + } + + return cx->compartment()->wrap(cx, protop); +} + +bool CrossCompartmentWrapper::setImmutablePrototype(JSContext* cx, + HandleObject wrapper, + bool* succeeded) const { + PIERCE(cx, wrapper, NOTHING, + Wrapper::setImmutablePrototype(cx, wrapper, succeeded), NOTHING); +} + +bool CrossCompartmentWrapper::preventExtensions(JSContext* cx, + HandleObject wrapper, + ObjectOpResult& result) const { + PIERCE(cx, wrapper, NOTHING, Wrapper::preventExtensions(cx, wrapper, result), + NOTHING); +} + +bool CrossCompartmentWrapper::isExtensible(JSContext* cx, HandleObject wrapper, + bool* extensible) const { + PIERCE(cx, wrapper, NOTHING, Wrapper::isExtensible(cx, wrapper, extensible), + NOTHING); +} + +bool CrossCompartmentWrapper::has(JSContext* cx, HandleObject wrapper, + HandleId id, bool* bp) const { + PIERCE(cx, wrapper, MarkAtoms(cx, id), Wrapper::has(cx, wrapper, id, bp), + NOTHING); +} + +bool CrossCompartmentWrapper::hasOwn(JSContext* cx, HandleObject wrapper, + HandleId id, bool* bp) const { + PIERCE(cx, wrapper, MarkAtoms(cx, id), Wrapper::hasOwn(cx, wrapper, id, bp), + NOTHING); +} + +static bool WrapReceiver(JSContext* cx, HandleObject wrapper, + MutableHandleValue receiver) { + // Usually the receiver is the wrapper and we can just unwrap it. If the + // wrapped object is also a wrapper, things are more complicated and we + // fall back to the slow path (it calls UncheckedUnwrap to unwrap all + // wrappers). + if (ObjectValue(*wrapper) == receiver) { + JSObject* wrapped = Wrapper::wrappedObject(wrapper); + if (!IsWrapper(wrapped)) { + MOZ_ASSERT(wrapped->compartment() == cx->compartment()); + MOZ_ASSERT(!IsWindow(wrapped)); + receiver.setObject(*wrapped); + return true; + } + } + + return cx->compartment()->wrap(cx, receiver); +} + +bool CrossCompartmentWrapper::get(JSContext* cx, HandleObject wrapper, + HandleValue receiver, HandleId id, + MutableHandleValue vp) const { + RootedValue receiverCopy(cx, receiver); + { + AutoRealm call(cx, wrappedObject(wrapper)); + if (!MarkAtoms(cx, id) || !WrapReceiver(cx, wrapper, &receiverCopy)) { + return false; + } + + if (!Wrapper::get(cx, wrapper, receiverCopy, id, vp)) { + return false; + } + } + return cx->compartment()->wrap(cx, vp); +} + +bool CrossCompartmentWrapper::set(JSContext* cx, HandleObject wrapper, + HandleId id, HandleValue v, + HandleValue receiver, + ObjectOpResult& result) const { + RootedValue valCopy(cx, v); + RootedValue receiverCopy(cx, receiver); + PIERCE(cx, wrapper, + MarkAtoms(cx, id) && cx->compartment()->wrap(cx, &valCopy) && + WrapReceiver(cx, wrapper, &receiverCopy), + Wrapper::set(cx, wrapper, id, valCopy, receiverCopy, result), NOTHING); +} + +bool CrossCompartmentWrapper::getOwnEnumerablePropertyKeys( + JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const { + PIERCE(cx, wrapper, NOTHING, + Wrapper::getOwnEnumerablePropertyKeys(cx, wrapper, props), + MarkAtoms(cx, props)); +} + +bool CrossCompartmentWrapper::enumerate(JSContext* cx, HandleObject wrapper, + MutableHandleIdVector props) const { + PIERCE(cx, wrapper, NOTHING, Wrapper::enumerate(cx, wrapper, props), + MarkAtoms(cx, props)); +} + +bool CrossCompartmentWrapper::call(JSContext* cx, HandleObject wrapper, + const CallArgs& args) const { + RootedObject wrapped(cx, wrappedObject(wrapper)); + + { + AutoRealm call(cx, wrapped); + + args.setCallee(ObjectValue(*wrapped)); + if (!cx->compartment()->wrap(cx, args.mutableThisv())) { + return false; + } + + for (size_t n = 0; n < args.length(); ++n) { + if (!cx->compartment()->wrap(cx, args[n])) { + return false; + } + } + + if (!Wrapper::call(cx, wrapper, args)) { + return false; + } + } + + return cx->compartment()->wrap(cx, args.rval()); +} + +bool CrossCompartmentWrapper::construct(JSContext* cx, HandleObject wrapper, + const CallArgs& args) const { + RootedObject wrapped(cx, wrappedObject(wrapper)); + { + AutoRealm call(cx, wrapped); + + for (size_t n = 0; n < args.length(); ++n) { + if (!cx->compartment()->wrap(cx, args[n])) { + return false; + } + } + if (!cx->compartment()->wrap(cx, args.newTarget())) { + return false; + } + if (!Wrapper::construct(cx, wrapper, args)) { + return false; + } + } + return cx->compartment()->wrap(cx, args.rval()); +} + +bool CrossCompartmentWrapper::nativeCall(JSContext* cx, IsAcceptableThis test, + NativeImpl impl, + const CallArgs& srcArgs) const { + RootedObject wrapper(cx, &srcArgs.thisv().toObject()); + MOZ_ASSERT(srcArgs.thisv().isMagic(JS_IS_CONSTRUCTING) || + !UncheckedUnwrap(wrapper)->is<CrossCompartmentWrapperObject>()); + + RootedObject wrapped(cx, wrappedObject(wrapper)); + { + AutoRealm call(cx, wrapped); + InvokeArgs dstArgs(cx); + if (!dstArgs.init(cx, srcArgs.length())) { + return false; + } + + Value* src = srcArgs.base(); + Value* srcend = srcArgs.array() + srcArgs.length(); + Value* dst = dstArgs.base(); + + RootedValue source(cx); + for (; src < srcend; ++src, ++dst) { + source = *src; + if (!cx->compartment()->wrap(cx, &source)) { + return false; + } + *dst = source.get(); + + // Handle |this| specially. When we rewrap on the other side of the + // membrane, we might apply a same-compartment security wrapper that + // will stymie this whole process. If that happens, unwrap the wrapper. + // This logic can go away when same-compartment security wrappers go away. + if ((src == srcArgs.base() + 1) && dst->isObject()) { + RootedObject thisObj(cx, &dst->toObject()); + if (thisObj->is<WrapperObject>() && + Wrapper::wrapperHandler(thisObj)->hasSecurityPolicy()) { + MOZ_ASSERT(!thisObj->is<CrossCompartmentWrapperObject>()); + *dst = ObjectValue(*Wrapper::wrappedObject(thisObj)); + } + } + } + + if (!CallNonGenericMethod(cx, test, impl, dstArgs)) { + return false; + } + + srcArgs.rval().set(dstArgs.rval()); + } + return cx->compartment()->wrap(cx, srcArgs.rval()); +} + +const char* CrossCompartmentWrapper::className(JSContext* cx, + HandleObject wrapper) const { + AutoRealm call(cx, wrappedObject(wrapper)); + return Wrapper::className(cx, wrapper); +} + +JSString* CrossCompartmentWrapper::fun_toString(JSContext* cx, + HandleObject wrapper, + bool isToSource) const { + RootedString str(cx); + { + AutoRealm call(cx, wrappedObject(wrapper)); + str = Wrapper::fun_toString(cx, wrapper, isToSource); + if (!str) { + return nullptr; + } + } + if (!cx->compartment()->wrap(cx, &str)) { + return nullptr; + } + return str; +} + +RegExpShared* CrossCompartmentWrapper::regexp_toShared( + JSContext* cx, HandleObject wrapper) const { + RootedRegExpShared re(cx); + { + AutoRealm call(cx, wrappedObject(wrapper)); + re = Wrapper::regexp_toShared(cx, wrapper); + if (!re) { + return nullptr; + } + } + + // Get an equivalent RegExpShared associated with the current compartment. + Rooted<JSAtom*> source(cx, re->getSource()); + cx->markAtom(source); + return cx->zone()->regExps().get(cx, source, re->getFlags()); +} + +bool CrossCompartmentWrapper::boxedValue_unbox(JSContext* cx, + HandleObject wrapper, + MutableHandleValue vp) const { + PIERCE(cx, wrapper, NOTHING, Wrapper::boxedValue_unbox(cx, wrapper, vp), + cx->compartment()->wrap(cx, vp)); +} + +const CrossCompartmentWrapper CrossCompartmentWrapper::singleton(0u); + +JS_PUBLIC_API void js::NukeCrossCompartmentWrapper(JSContext* cx, + JSObject* wrapper) { + JS::Compartment* comp = wrapper->compartment(); + auto ptr = comp->lookupWrapper(Wrapper::wrappedObject(wrapper)); + if (ptr) { + comp->removeWrapper(ptr); + } + NukeRemovedCrossCompartmentWrapper(cx, wrapper); +} + +JS_PUBLIC_API void js::NukeCrossCompartmentWrapperIfExists( + JSContext* cx, JS::Compartment* source, JSObject* target) { + MOZ_ASSERT(source != target->compartment()); + MOZ_ASSERT(!target->is<CrossCompartmentWrapperObject>()); + auto ptr = source->lookupWrapper(target); + if (ptr) { + JSObject* wrapper = ptr->value().get(); + NukeCrossCompartmentWrapper(cx, wrapper); + } +} + +// Returns true iff all realms in the compartment have been nuked. +static bool NukedAllRealms(JS::Compartment* comp) { + for (RealmsInCompartmentIter realm(comp); !realm.done(); realm.next()) { + if (!realm->nukedIncomingWrappers) { + return false; + } + } + return true; +} + +/* + * NukeChromeCrossCompartmentWrappersForGlobal reaches into chrome and cuts + * all of the cross-compartment wrappers that point to an object in the |target| + * realm. The snag here is that we need to avoid cutting wrappers that point to + * the window object on page navigation (inner window destruction) and only do + * that on tab close (outer window destruction). Thus the option of how to + * handle the global object. + */ +JS_PUBLIC_API bool js::NukeCrossCompartmentWrappers( + JSContext* cx, const CompartmentFilter& sourceFilter, JS::Realm* target, + js::NukeReferencesToWindow nukeReferencesToWindow, + js::NukeReferencesFromTarget nukeReferencesFromTarget) { + CHECK_THREAD(cx); + JSRuntime* rt = cx->runtime(); + + // If we're nuking all wrappers into the target realm, prevent us from + // creating new wrappers for it in the future. + if (nukeReferencesFromTarget == NukeAllReferences) { + target->nukedIncomingWrappers = true; + } + + for (CompartmentsIter c(rt); !c.done(); c.next()) { + if (!sourceFilter.match(c)) { + continue; + } + + // If the realm matches both the source and target filter, we may want to + // cut outgoing wrappers too, if we nuked all realms in the compartment. + bool nukeAll = + (nukeReferencesFromTarget == NukeAllReferences && + target->compartment() == c.get() && NukedAllRealms(c.get())); + + // Iterate only the wrappers that have target compartment matched unless + // |nukeAll| is true. Use Maybe to avoid copying from conditionally + // initializing ObjectWrapperEnum. + mozilla::Maybe<Compartment::ObjectWrapperEnum> e; + if (MOZ_LIKELY(!nukeAll)) { + e.emplace(c, target->compartment()); + } else { + e.emplace(c); + c.get()->nukedOutgoingWrappers = true; + } + for (; !e->empty(); e->popFront()) { + JSObject* key = e->front().key(); + + AutoWrapperRooter wobj(cx, WrapperValue(*e)); + + // Unwrap from the wrapped object in key instead of the wrapper, this + // could save us a bit of time. + JSObject* wrapped = UncheckedUnwrap(key); + + // Don't nuke wrappers for objects in other realms in the target + // compartment unless nukeAll is set because in that case we want to nuke + // all outgoing wrappers for the current compartment. + if (!nukeAll && wrapped->nonCCWRealm() != target) { + continue; + } + + // We only skip nuking window references that point to a target + // compartment, not the ones that belong to it. + if (nukeReferencesToWindow == DontNukeWindowReferences && + MOZ_LIKELY(!nukeAll) && IsWindowProxy(wrapped)) { + continue; + } + + // Now this is the wrapper we want to nuke. + e->removeFront(); + NukeRemovedCrossCompartmentWrapper(cx, wobj); + } + } + + return true; +} + +JS_PUBLIC_API bool js::AllowNewWrapper(JS::Compartment* target, JSObject* obj) { + // Disallow creating new wrappers if we nuked the object realm or target + // compartment. + + MOZ_ASSERT(obj->compartment() != target); + + if (target->nukedOutgoingWrappers || + obj->nonCCWRealm()->nukedIncomingWrappers) { + return false; + } + + return true; +} + +JS_PUBLIC_API bool js::NukedObjectRealm(JSObject* obj) { + return obj->nonCCWRealm()->nukedIncomingWrappers; +} + +// Given a cross-compartment wrapper |wobj|, update it to point to +// |newTarget|. This recomputes the wrapper with JS_WrapValue, and thus can be +// useful even if wrapper already points to newTarget. +// This operation crashes on failure rather than leaving the heap in an +// inconsistent state. +void js::RemapWrapper(JSContext* cx, JSObject* wobjArg, + JSObject* newTargetArg) { + RootedObject wobj(cx, wobjArg); + RootedObject newTarget(cx, newTargetArg); + MOZ_ASSERT(wobj->is<CrossCompartmentWrapperObject>()); + MOZ_ASSERT(!newTarget->is<CrossCompartmentWrapperObject>()); + JSObject* origTarget = Wrapper::wrappedObject(wobj); + MOZ_ASSERT(origTarget); + JS::Compartment* wcompartment = wobj->compartment(); + MOZ_ASSERT(wcompartment != newTarget->compartment()); + + AutoDisableProxyCheck adpc; + + // If we're mapping to a different target (as opposed to just recomputing + // for the same target), we must not have an existing wrapper for the new + // target, otherwise this will break. + MOZ_ASSERT_IF(origTarget != newTarget, + !wcompartment->lookupWrapper(newTarget)); + + // The old value should still be in the cross-compartment wrapper map, and + // the lookup should return wobj. + ObjectWrapperMap::Ptr p = wcompartment->lookupWrapper(origTarget); + MOZ_ASSERT(*p->value().unsafeGet() == wobj); + wcompartment->removeWrapper(p); + + // When we remove origv from the wrapper map, its wrapper, wobj, must + // immediately cease to be a cross-compartment wrapper. Nuke it. + NukeCrossCompartmentWrapper(cx, wobj); + + // If the target is a dead wrapper, and we're just fixing wrappers for + // it, then we're done now that the CCW is a dead wrapper. + if (JS_IsDeadWrapper(origTarget)) { + MOZ_RELEASE_ASSERT(origTarget == newTarget); + return; + } + + js::RemapDeadWrapper(cx, wobj, newTarget); +} + +// Given a dead proxy object |wobj|, turn it into a cross-compartment wrapper +// pointing at |newTarget|. +// This operation crashes on failure rather than leaving the heap in an +// inconsistent state. +void js::RemapDeadWrapper(JSContext* cx, HandleObject wobj, + HandleObject newTarget) { + MOZ_ASSERT(IsDeadProxyObject(wobj)); + MOZ_ASSERT(!newTarget->is<CrossCompartmentWrapperObject>()); + + // These are not exposed. Doing this would require updating the + // FinalizationObservers data structures. + MOZ_ASSERT(!newTarget->is<FinalizationRecordObject>()); + + AutoDisableProxyCheck adpc; + + // wobj is not a cross-compartment wrapper, so we can use nonCCWRealm. + Realm* wrealm = wobj->nonCCWRealm(); + + // First, we wrap it in the new compartment. We try to use the existing + // wrapper, |wobj|, since it's been nuked anyway. The rewrap() function has + // the choice to reuse |wobj| or not. + RootedObject tobj(cx, newTarget); + AutoRealmUnchecked ar(cx, wrealm); + AutoEnterOOMUnsafeRegion oomUnsafe; + JS::Compartment* wcompartment = wobj->compartment(); + if (!wcompartment->rewrap(cx, &tobj, wobj)) { + oomUnsafe.crash("js::RemapWrapper"); + } + + // If rewrap() reused |wobj|, it will have overwritten it and returned with + // |tobj == wobj|. Otherwise, |tobj| will point to a new wrapper and |wobj| + // will still be nuked. In the latter case, we replace |wobj| with the + // contents of the new wrapper in |tobj|. + if (tobj != wobj) { + // Now, because we need to maintain object identity, we do a brain + // transplant on the old object so that it contains the contents of the + // new one. + JSObject::swap(cx, wobj, tobj, oomUnsafe); + } + + if (!wobj->is<WrapperObject>()) { + MOZ_ASSERT(js::IsDOMRemoteProxyObject(wobj) || IsDeadProxyObject(wobj)); + return; + } + + // Before swapping, this wrapper came out of rewrap(), which enforces the + // invariant that the wrapper in the map points directly to the key. + MOZ_ASSERT(Wrapper::wrappedObject(wobj) == newTarget); + + // Update the incremental weakmap marking state. + wobj->zone()->afterAddDelegate(wobj); + + // Update the entry in the compartment's wrapper map to point to the old + // wrapper, which has now been updated (via reuse or swap). + if (!wcompartment->putWrapper(cx, newTarget, wobj)) { + oomUnsafe.crash("js::RemapWrapper"); + } +} + +// Remap all cross-compartment wrappers pointing to |oldTarget| to point to +// |newTarget|. All wrappers are recomputed. +JS_PUBLIC_API bool js::RemapAllWrappersForObject(JSContext* cx, + HandleObject oldTarget, + HandleObject newTarget) { + AutoWrapperVector toTransplant(cx); + + for (CompartmentsIter c(cx->runtime()); !c.done(); c.next()) { + if (ObjectWrapperMap::Ptr wp = c->lookupWrapper(oldTarget)) { + // We found a wrapper. Remember and root it. + if (!toTransplant.append(WrapperValue(wp))) { + return false; + } + } + } + + for (const WrapperValue& v : toTransplant) { + RemapWrapper(cx, v, newTarget); + } + + return true; +} + +JS_PUBLIC_API bool js::RecomputeWrappers( + JSContext* cx, const CompartmentFilter& sourceFilter, + const CompartmentFilter& targetFilter) { + bool evictedNursery = false; + + AutoWrapperVector toRecompute(cx); + for (CompartmentsIter c(cx->runtime()); !c.done(); c.next()) { + // Filter by source compartment. + if (!sourceFilter.match(c)) { + continue; + } + + if (!evictedNursery && + c->hasNurseryAllocatedObjectWrapperEntries(targetFilter)) { + cx->runtime()->gc.evictNursery(); + evictedNursery = true; + } + + // Iterate over object wrappers, filtering appropriately. + for (Compartment::ObjectWrapperEnum e(c, targetFilter); !e.empty(); + e.popFront()) { + // Don't remap wrappers to finalization record objects. These are used + // internally and are not exposed. + JSObject* wrapper = *e.front().value().unsafeGet(); + if (Wrapper::wrappedObject(wrapper)->is<FinalizationRecordObject>()) { + continue; + } + + // Add the wrapper to the list. + if (!toRecompute.append(WrapperValue(e))) { + return false; + } + } + } + + // Recompute all the wrappers in the list. + for (const WrapperValue& wrapper : toRecompute) { + JSObject* wrapped = Wrapper::wrappedObject(wrapper); + RemapWrapper(cx, wrapper, wrapped); + } + + return true; +} diff --git a/js/src/proxy/DOMProxy.cpp b/js/src/proxy/DOMProxy.cpp new file mode 100644 index 0000000000..eab5390158 --- /dev/null +++ b/js/src/proxy/DOMProxy.cpp @@ -0,0 +1,41 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* DOM proxy-related functionality, including expando support. */ + +#include "js/friend/DOMProxy.h" // JS::DOMProxyShadowsCheck +#include "proxy/DOMProxy.h" + +#include "js/Proxy.h" // js::GetProxyHandler, js::IsProxy + +using JS::DOMProxyShadowsCheck; + +static const void* gDOMProxyHandlerFamily = nullptr; +static DOMProxyShadowsCheck gDOMProxyShadowsCheck = nullptr; +static const void* gDOMRemoteProxyHandlerFamily = nullptr; + +void JS::SetDOMProxyInformation(const void* domProxyHandlerFamily, + DOMProxyShadowsCheck domProxyShadowsCheck, + const void* domRemoteProxyHandlerFamily) { + gDOMProxyHandlerFamily = domProxyHandlerFamily; + gDOMProxyShadowsCheck = domProxyShadowsCheck; + gDOMRemoteProxyHandlerFamily = domRemoteProxyHandlerFamily; +} + +const void* js::GetDOMProxyHandlerFamily() { return gDOMProxyHandlerFamily; } + +DOMProxyShadowsCheck js::GetDOMProxyShadowsCheck() { + return gDOMProxyShadowsCheck; +} + +const void* js::GetDOMRemoteProxyHandlerFamily() { + return gDOMRemoteProxyHandlerFamily; +} + +bool js::IsDOMRemoteProxyObject(JSObject* object) { + return js::IsProxy(object) && js::GetProxyHandler(object)->family() == + js::GetDOMRemoteProxyHandlerFamily(); +} diff --git a/js/src/proxy/DOMProxy.h b/js/src/proxy/DOMProxy.h new file mode 100644 index 0000000000..91975658b1 --- /dev/null +++ b/js/src/proxy/DOMProxy.h @@ -0,0 +1,34 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* DOM proxy details that don't need to be exported as friend API. */ + +#ifndef proxy_DOMProxy_h +#define proxy_DOMProxy_h + +#include "js/friend/DOMProxy.h" // JS::DOMProxyShadowsCheck + +class JS_PUBLIC_API JSObject; + +namespace js { + +extern const void* GetDOMProxyHandlerFamily(); + +extern JS::DOMProxyShadowsCheck GetDOMProxyShadowsCheck(); + +inline bool DOMProxyIsShadowing(JS::DOMProxyShadowsResult result) { + return result == JS::DOMProxyShadowsResult::Shadows || + result == JS::DOMProxyShadowsResult::ShadowsViaDirectExpando || + result == JS::DOMProxyShadowsResult::ShadowsViaIndirectExpando; +} + +extern const void* GetDOMRemoteProxyHandlerFamily(); + +extern bool IsDOMRemoteProxyObject(JSObject* object); + +} // namespace js + +#endif // proxy_DOMProxy_h diff --git a/js/src/proxy/DeadObjectProxy.cpp b/js/src/proxy/DeadObjectProxy.cpp new file mode 100644 index 0000000000..fe32946eb3 --- /dev/null +++ b/js/src/proxy/DeadObjectProxy.cpp @@ -0,0 +1,156 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "proxy/DeadObjectProxy.h" + +#include "js/ErrorReport.h" // JS_ReportErrorNumberASCII +#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* +#include "vm/JSFunction.h" // XXXefaust Bug 1064662 +#include "vm/ProxyObject.h" + +#include "vm/JSObject-inl.h" + +using namespace js; + +const DeadObjectProxy DeadObjectProxy::singleton; +const char DeadObjectProxy::family = 0; + +static void ReportDead(JSContext* cx) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_DEAD_OBJECT); +} + +bool DeadObjectProxy::getOwnPropertyDescriptor( + JSContext* cx, HandleObject wrapper, HandleId id, + MutableHandle<mozilla::Maybe<PropertyDescriptor>> desc) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::defineProperty(JSContext* cx, HandleObject wrapper, + HandleId id, + Handle<PropertyDescriptor> desc, + ObjectOpResult& result) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::ownPropertyKeys(JSContext* cx, HandleObject wrapper, + MutableHandleIdVector props) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::delete_(JSContext* cx, HandleObject wrapper, HandleId id, + ObjectOpResult& result) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::getPrototype(JSContext* cx, HandleObject proxy, + MutableHandleObject protop) const { + protop.set(nullptr); + return true; +} + +bool DeadObjectProxy::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, + bool* isOrdinary, + MutableHandleObject protop) const { + *isOrdinary = false; + return true; +} + +bool DeadObjectProxy::preventExtensions(JSContext* cx, HandleObject proxy, + ObjectOpResult& result) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::isExtensible(JSContext* cx, HandleObject proxy, + bool* extensible) const { + // This is kind of meaningless, but dead-object semantics aside, + // [[Extensible]] always being true is consistent with other proxy types. + *extensible = true; + return true; +} + +bool DeadObjectProxy::call(JSContext* cx, HandleObject wrapper, + const CallArgs& args) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::construct(JSContext* cx, HandleObject wrapper, + const CallArgs& args) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::nativeCall(JSContext* cx, IsAcceptableThis test, + NativeImpl impl, const CallArgs& args) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::getBuiltinClass(JSContext* cx, HandleObject proxy, + ESClass* cls) const { + ReportDead(cx); + return false; +} + +bool DeadObjectProxy::isArray(JSContext* cx, HandleObject obj, + JS::IsArrayAnswer* answer) const { + ReportDead(cx); + return false; +} + +const char* DeadObjectProxy::className(JSContext* cx, + HandleObject wrapper) const { + return "DeadObject"; +} + +JSString* DeadObjectProxy::fun_toString(JSContext* cx, HandleObject proxy, + bool isToSource) const { + ReportDead(cx); + return nullptr; +} + +RegExpShared* DeadObjectProxy::regexp_toShared(JSContext* cx, + HandleObject proxy) const { + ReportDead(cx); + return nullptr; +} + +bool js::IsDeadProxyObject(const JSObject* obj) { + return IsDerivedProxyObject(obj, &DeadObjectProxy::singleton); +} + +Value js::DeadProxyTargetValue(JSObject* obj) { + // When nuking scripted proxies, isCallable and isConstructor values for + // the proxy needs to be preserved. So does background-finalization status. + int32_t flags = 0; + if (obj->isCallable()) { + flags |= DeadObjectProxyIsCallable; + } + if (obj->isConstructor()) { + flags |= DeadObjectProxyIsConstructor; + } + if (obj->isBackgroundFinalized()) { + flags |= DeadObjectProxyIsBackgroundFinalized; + } + return Int32Value(flags); +} + +JSObject* js::NewDeadProxyObject(JSContext* cx, JSObject* origObj) { + RootedValue target(cx); + if (origObj) { + target = DeadProxyTargetValue(origObj); + } else { + target = Int32Value(DeadObjectProxyIsBackgroundFinalized); + } + + return NewProxyObject(cx, &DeadObjectProxy::singleton, target, nullptr, + ProxyOptions()); +} diff --git a/js/src/proxy/DeadObjectProxy.h b/js/src/proxy/DeadObjectProxy.h new file mode 100644 index 0000000000..6b7805b018 --- /dev/null +++ b/js/src/proxy/DeadObjectProxy.h @@ -0,0 +1,100 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef proxy_DeadObjectProxy_h +#define proxy_DeadObjectProxy_h + +#include "js/Proxy.h" + +namespace js { + +class ProxyObject; + +enum DeadObjectProxyFlags { + DeadObjectProxyIsCallable = 1 << 0, + DeadObjectProxyIsConstructor = 1 << 1, + DeadObjectProxyIsBackgroundFinalized = 1 << 2 +}; + +class DeadObjectProxy : public BaseProxyHandler { + public: + explicit constexpr DeadObjectProxy() : BaseProxyHandler(&family) {} + + /* Standard internal methods. */ + virtual bool getOwnPropertyDescriptor( + JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, + JS::MutableHandle<mozilla::Maybe<JS::PropertyDescriptor>> desc) + const override; + virtual bool defineProperty(JSContext* cx, JS::HandleObject wrapper, + JS::HandleId id, + JS::Handle<JS::PropertyDescriptor> desc, + JS::ObjectOpResult& result) const override; + virtual bool ownPropertyKeys(JSContext* cx, JS::HandleObject wrapper, + JS::MutableHandleIdVector props) const override; + virtual bool delete_(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, + JS::ObjectOpResult& result) const override; + virtual bool getPrototype(JSContext* cx, JS::HandleObject proxy, + JS::MutableHandleObject protop) const override; + virtual bool getPrototypeIfOrdinary( + JSContext* cx, JS::HandleObject proxy, bool* isOrdinary, + JS::MutableHandleObject protop) const override; + virtual bool preventExtensions(JSContext* cx, JS::HandleObject proxy, + JS::ObjectOpResult& result) const override; + virtual bool isExtensible(JSContext* cx, JS::HandleObject proxy, + bool* extensible) const override; + virtual bool call(JSContext* cx, JS::HandleObject proxy, + const JS::CallArgs& args) const override; + virtual bool construct(JSContext* cx, JS::HandleObject proxy, + const JS::CallArgs& args) const override; + + /* SpiderMonkey extensions. */ + // BaseProxyHandler::enumerate will throw by calling ownKeys. + virtual bool nativeCall(JSContext* cx, JS::IsAcceptableThis test, + JS::NativeImpl impl, + const JS::CallArgs& args) const override; + virtual bool getBuiltinClass(JSContext* cx, JS::HandleObject proxy, + ESClass* cls) const override; + virtual bool isArray(JSContext* cx, JS::HandleObject proxy, + JS::IsArrayAnswer* answer) const override; + virtual const char* className(JSContext* cx, + JS::HandleObject proxy) const override; + virtual JSString* fun_toString(JSContext* cx, JS::HandleObject proxy, + bool isToSource) const override; + virtual RegExpShared* regexp_toShared(JSContext* cx, + JS::HandleObject proxy) const override; + + // Use the regular paths for private values + virtual bool useProxyExpandoObjectForPrivateFields() const override { + return false; + } + + virtual bool isCallable(JSObject* obj) const override { + return flags(obj) & DeadObjectProxyIsCallable; + } + virtual bool isConstructor(JSObject* obj) const override { + return flags(obj) & DeadObjectProxyIsConstructor; + } + + virtual bool finalizeInBackground(const JS::Value& priv) const override { + return priv.toInt32() & DeadObjectProxyIsBackgroundFinalized; + } + + static const DeadObjectProxy singleton; + static const char family; + + private: + static int32_t flags(JSObject* obj) { return GetProxyPrivate(obj).toInt32(); } +}; + +bool IsDeadProxyObject(const JSObject* obj); + +JS::Value DeadProxyTargetValue(JSObject* obj); + +JSObject* NewDeadProxyObject(JSContext* cx, JSObject* origObj = nullptr); + +} /* namespace js */ + +#endif /* proxy_DeadObjectProxy_h */ diff --git a/js/src/proxy/OpaqueCrossCompartmentWrapper.cpp b/js/src/proxy/OpaqueCrossCompartmentWrapper.cpp new file mode 100644 index 0000000000..f809937d3f --- /dev/null +++ b/js/src/proxy/OpaqueCrossCompartmentWrapper.cpp @@ -0,0 +1,152 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* +#include "js/Wrapper.h" +#include "vm/WellKnownAtom.h" // js_*_str + +#include "vm/JSObject-inl.h" + +using namespace js; + +bool OpaqueCrossCompartmentWrapper::getOwnPropertyDescriptor( + JSContext* cx, HandleObject wrapper, HandleId id, + MutableHandle<mozilla::Maybe<PropertyDescriptor>> desc) const { + desc.reset(); + return true; +} + +bool OpaqueCrossCompartmentWrapper::defineProperty( + JSContext* cx, HandleObject wrapper, HandleId id, + Handle<PropertyDescriptor> desc, ObjectOpResult& result) const { + return result.succeed(); +} + +bool OpaqueCrossCompartmentWrapper::ownPropertyKeys( + JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const { + return true; +} + +bool OpaqueCrossCompartmentWrapper::delete_(JSContext* cx, HandleObject wrapper, + HandleId id, + ObjectOpResult& result) const { + return result.succeed(); +} + +bool OpaqueCrossCompartmentWrapper::enumerate( + JSContext* cx, HandleObject proxy, MutableHandleIdVector props) const { + return BaseProxyHandler::enumerate(cx, proxy, props); +} + +bool OpaqueCrossCompartmentWrapper::getPrototype( + JSContext* cx, HandleObject proxy, MutableHandleObject protop) const { + protop.set(nullptr); + return true; +} + +bool OpaqueCrossCompartmentWrapper::setPrototype(JSContext* cx, + HandleObject proxy, + HandleObject proto, + ObjectOpResult& result) const { + return result.succeed(); +} + +bool OpaqueCrossCompartmentWrapper::getPrototypeIfOrdinary( + JSContext* cx, HandleObject proxy, bool* isOrdinary, + MutableHandleObject protop) const { + *isOrdinary = false; + return true; +} + +bool OpaqueCrossCompartmentWrapper::setImmutablePrototype( + JSContext* cx, HandleObject proxy, bool* succeeded) const { + *succeeded = false; + return true; +} + +bool OpaqueCrossCompartmentWrapper::preventExtensions( + JSContext* cx, HandleObject wrapper, ObjectOpResult& result) const { + return result.failCantPreventExtensions(); +} + +bool OpaqueCrossCompartmentWrapper::isExtensible(JSContext* cx, + HandleObject wrapper, + bool* extensible) const { + *extensible = true; + return true; +} + +bool OpaqueCrossCompartmentWrapper::has(JSContext* cx, HandleObject wrapper, + HandleId id, bool* bp) const { + return BaseProxyHandler::has(cx, wrapper, id, bp); +} + +bool OpaqueCrossCompartmentWrapper::get(JSContext* cx, HandleObject wrapper, + HandleValue receiver, HandleId id, + MutableHandleValue vp) const { + return BaseProxyHandler::get(cx, wrapper, receiver, id, vp); +} + +bool OpaqueCrossCompartmentWrapper::set(JSContext* cx, HandleObject wrapper, + HandleId id, HandleValue v, + HandleValue receiver, + ObjectOpResult& result) const { + return BaseProxyHandler::set(cx, wrapper, id, v, receiver, result); +} + +bool OpaqueCrossCompartmentWrapper::call(JSContext* cx, HandleObject wrapper, + const CallArgs& args) const { + RootedValue v(cx, ObjectValue(*wrapper)); + ReportIsNotFunction(cx, v); + return false; +} + +bool OpaqueCrossCompartmentWrapper::construct(JSContext* cx, + HandleObject wrapper, + const CallArgs& args) const { + RootedValue v(cx, ObjectValue(*wrapper)); + ReportIsNotFunction(cx, v); + return false; +} + +bool OpaqueCrossCompartmentWrapper::hasOwn(JSContext* cx, HandleObject wrapper, + HandleId id, bool* bp) const { + return BaseProxyHandler::hasOwn(cx, wrapper, id, bp); +} + +bool OpaqueCrossCompartmentWrapper::getOwnEnumerablePropertyKeys( + JSContext* cx, HandleObject wrapper, MutableHandleIdVector props) const { + return BaseProxyHandler::getOwnEnumerablePropertyKeys(cx, wrapper, props); +} + +bool OpaqueCrossCompartmentWrapper::getBuiltinClass(JSContext* cx, + HandleObject wrapper, + ESClass* cls) const { + *cls = ESClass::Other; + return true; +} + +bool OpaqueCrossCompartmentWrapper::isArray(JSContext* cx, HandleObject obj, + JS::IsArrayAnswer* answer) const { + *answer = JS::IsArrayAnswer::NotArray; + return true; +} + +const char* OpaqueCrossCompartmentWrapper::className(JSContext* cx, + HandleObject proxy) const { + return "Opaque"; +} + +JSString* OpaqueCrossCompartmentWrapper::fun_toString(JSContext* cx, + HandleObject proxy, + bool isToSource) const { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_INCOMPATIBLE_PROTO, js_Function_str, + js_toString_str, "object"); + return nullptr; +} + +const OpaqueCrossCompartmentWrapper OpaqueCrossCompartmentWrapper::singleton; diff --git a/js/src/proxy/Proxy.cpp b/js/src/proxy/Proxy.cpp new file mode 100644 index 0000000000..6841691111 --- /dev/null +++ b/js/src/proxy/Proxy.cpp @@ -0,0 +1,1063 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "js/Proxy.h" + +#include "mozilla/Attributes.h" +#include "mozilla/Maybe.h" + +#include <string.h> + +#include "js/friend/ErrorMessages.h" // JSMSG_* +#include "js/friend/StackLimits.h" // js::AutoCheckRecursionLimit, js::GetNativeStackLimit +#include "js/friend/WindowProxy.h" // js::IsWindow, js::IsWindowProxy, js::ToWindowProxyIfWindow +#include "js/PropertySpec.h" +#include "js/Value.h" // JS::ObjectValue +#include "js/Wrapper.h" +#include "proxy/DeadObjectProxy.h" +#include "proxy/ScriptedProxyHandler.h" +#include "vm/Compartment.h" +#include "vm/Interpreter.h" // js::CallGetter +#include "vm/JSContext.h" +#include "vm/JSFunction.h" +#include "vm/JSObject.h" +#include "vm/WrapperObject.h" + +#include "gc/Marking-inl.h" +#include "vm/JSAtom-inl.h" +#include "vm/JSObject-inl.h" +#include "vm/NativeObject-inl.h" + +using namespace js; + +// Used by private fields to manipulate the ProxyExpando: +// All the following methods are called iff the handler for the proxy +// returns true for useProxyExpandoObjectForPrivateFields. +static bool ProxySetOnExpando(JSContext* cx, HandleObject proxy, HandleId id, + HandleValue v, HandleValue receiver, + ObjectOpResult& result) { + MOZ_ASSERT(id.isPrivateName()); + + // For BaseProxyHandler, private names are stored in the expando object. + RootedObject expando(cx, proxy->as<ProxyObject>().expando().toObjectOrNull()); + + // SetPrivateElementOperation checks for hasOwn first, which ensures the + // expando exsists. + // + // If we don't have an expando, then we're probably misusing debugger apis and + // should just throw. + if (!expando) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_SET_MISSING_PRIVATE); + return false; + } + + Rooted<mozilla::Maybe<PropertyDescriptor>> ownDesc(cx); + if (!GetOwnPropertyDescriptor(cx, expando, id, &ownDesc)) { + return false; + } + if (ownDesc.isNothing()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_SET_MISSING_PRIVATE); + return false; + } + + RootedValue expandoValue(cx, proxy->as<ProxyObject>().expando()); + return SetPropertyIgnoringNamedGetter(cx, expando, id, v, expandoValue, + ownDesc, result); +} + +static bool ProxyGetOwnPropertyDescriptorFromExpando( + JSContext* cx, HandleObject proxy, HandleId id, + MutableHandle<mozilla::Maybe<PropertyDescriptor>> desc) { + RootedObject expando(cx, proxy->as<ProxyObject>().expando().toObjectOrNull()); + + if (!expando) { + return true; + } + + return GetOwnPropertyDescriptor(cx, expando, id, desc); +} + +static bool ProxyGetOnExpando(JSContext* cx, HandleObject proxy, + HandleValue receiver, HandleId id, + MutableHandleValue vp) { + // For BaseProxyHandler, private names are stored in the expando object. + RootedObject expando(cx, proxy->as<ProxyObject>().expando().toObjectOrNull()); + + // We must have the expando, or GetPrivateElemOperation didn't call + // hasPrivate first. + if (!expando) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_GET_MISSING_PRIVATE); + return false; + } + + // Because we controlled the creation of the expando, we know it's not a + // proxy, and so can safely call internal methods on it without worrying about + // exposing information about private names. + Rooted<mozilla::Maybe<PropertyDescriptor>> desc(cx); + if (!GetOwnPropertyDescriptor(cx, expando, id, &desc)) { + return false; + } + // We must have the object, same reasoning as the expando. + if (desc.isNothing()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_SET_MISSING_PRIVATE); + return false; + } + + // If the private name has a getter, delegate to that. + if (desc->hasGetter()) { + RootedValue getter(cx, JS::ObjectValue(*desc->getter())); + return js::CallGetter(cx, receiver, getter, vp); + } + + MOZ_ASSERT(desc->hasValue()); + MOZ_ASSERT(desc->isDataDescriptor()); + + vp.set(desc->value()); + return true; +} + +static bool ProxyHasOnExpando(JSContext* cx, HandleObject proxy, HandleId id, + bool* bp) { + // For BaseProxyHandler, private names are stored in the expando object. + RootedObject expando(cx, proxy->as<ProxyObject>().expando().toObjectOrNull()); + + // If there is no expando object, then there is no private field. + if (!expando) { + *bp = false; + return true; + } + + return HasOwnProperty(cx, expando, id, bp); +} + +static bool ProxyDefineOnExpando(JSContext* cx, HandleObject proxy, HandleId id, + Handle<PropertyDescriptor> desc, + ObjectOpResult& result) { + MOZ_ASSERT(id.isPrivateName()); + + // For BaseProxyHandler, private names are stored in the expando object. + RootedObject expando(cx, proxy->as<ProxyObject>().expando().toObjectOrNull()); + + if (!expando) { + expando = NewPlainObjectWithProto(cx, nullptr); + if (!expando) { + return false; + } + + proxy->as<ProxyObject>().setExpando(expando); + } + + return DefineProperty(cx, expando, id, desc, result); +} + +void js::AutoEnterPolicy::reportErrorIfExceptionIsNotPending(JSContext* cx, + HandleId id) { + if (JS_IsExceptionPending(cx)) { + return; + } + + if (id.isVoid()) { + ReportAccessDenied(cx); + } else { + Throw(cx, id, JSMSG_PROPERTY_ACCESS_DENIED); + } +} + +#ifdef DEBUG +void js::AutoEnterPolicy::recordEnter(JSContext* cx, HandleObject proxy, + HandleId id, Action act) { + if (allowed()) { + context = cx; + enteredProxy.emplace(proxy); + enteredId.emplace(id); + enteredAction = act; + prev = cx->enteredPolicy; + cx->enteredPolicy = this; + } +} + +void js::AutoEnterPolicy::recordLeave() { + if (enteredProxy) { + MOZ_ASSERT(context->enteredPolicy == this); + context->enteredPolicy = prev; + } +} + +JS_PUBLIC_API void js::assertEnteredPolicy(JSContext* cx, JSObject* proxy, + jsid id, + BaseProxyHandler::Action act) { + MOZ_ASSERT(proxy->is<ProxyObject>()); + MOZ_ASSERT(cx->enteredPolicy); + MOZ_ASSERT(cx->enteredPolicy->enteredProxy->get() == proxy); + MOZ_ASSERT(cx->enteredPolicy->enteredId->get() == id); + MOZ_ASSERT(cx->enteredPolicy->enteredAction & act); +} +#endif + +bool Proxy::getOwnPropertyDescriptor( + JSContext* cx, HandleObject proxy, HandleId id, + MutableHandle<mozilla::Maybe<PropertyDescriptor>> desc) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + desc.reset(); // default result if we refuse to perform this action + AutoEnterPolicy policy(cx, handler, proxy, id, + BaseProxyHandler::GET_PROPERTY_DESCRIPTOR, true); + if (!policy.allowed()) { + return policy.returnValue(); + } + + if (handler->useProxyExpandoObjectForPrivateFields() && id.isPrivateName()) { + return ProxyGetOwnPropertyDescriptorFromExpando(cx, proxy, id, desc); + } + return handler->getOwnPropertyDescriptor(cx, proxy, id, desc); +} + +bool Proxy::defineProperty(JSContext* cx, HandleObject proxy, HandleId id, + Handle<PropertyDescriptor> desc, + ObjectOpResult& result) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + + // We shouldn't be definining a private field if we are supposed to throw; + // this ought to have been caught by CheckPrivateField. + MOZ_ASSERT_IF(id.isPrivateName(), !handler->throwOnPrivateField()); + + AutoEnterPolicy policy(cx, handler, proxy, id, BaseProxyHandler::SET, true); + if (!policy.allowed()) { + if (!policy.returnValue()) { + return false; + } + return result.succeed(); + } + + // Private field accesses have different semantics depending on the kind + // of proxy involved, and so take a different path compared to regular + // [[Get]] operations. For example, scripted handlers don't fire traps + // when accessing private fields (because of the WeakMap semantics) + if (id.isPrivateName() && handler->useProxyExpandoObjectForPrivateFields()) { + return ProxyDefineOnExpando(cx, proxy, id, desc, result); + } + + return proxy->as<ProxyObject>().handler()->defineProperty(cx, proxy, id, desc, + result); +} + +bool Proxy::ownPropertyKeys(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::ENUMERATE, true); + if (!policy.allowed()) { + return policy.returnValue(); + } + return proxy->as<ProxyObject>().handler()->ownPropertyKeys(cx, proxy, props); +} + +bool Proxy::delete_(JSContext* cx, HandleObject proxy, HandleId id, + ObjectOpResult& result) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + AutoEnterPolicy policy(cx, handler, proxy, id, BaseProxyHandler::SET, true); + if (!policy.allowed()) { + bool ok = policy.returnValue(); + if (ok) { + result.succeed(); + } + return ok; + } + + // Private names shouldn't take this path, as deleting a private name + // should be a syntax error. + MOZ_ASSERT(!id.isPrivateName()); + + return proxy->as<ProxyObject>().handler()->delete_(cx, proxy, id, result); +} + +JS_PUBLIC_API bool js::AppendUnique(JSContext* cx, MutableHandleIdVector base, + HandleIdVector others) { + RootedIdVector uniqueOthers(cx); + if (!uniqueOthers.reserve(others.length())) { + return false; + } + for (size_t i = 0; i < others.length(); ++i) { + bool unique = true; + for (size_t j = 0; j < base.length(); ++j) { + if (others[i].get() == base[j]) { + unique = false; + break; + } + } + if (unique) { + if (!uniqueOthers.append(others[i])) { + return false; + } + } + } + return base.appendAll(std::move(uniqueOthers)); +} + +/* static */ +bool Proxy::getPrototype(JSContext* cx, HandleObject proxy, + MutableHandleObject proto) { + MOZ_ASSERT(proxy->hasDynamicPrototype()); + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + return proxy->as<ProxyObject>().handler()->getPrototype(cx, proxy, proto); +} + +/* static */ +bool Proxy::setPrototype(JSContext* cx, HandleObject proxy, HandleObject proto, + ObjectOpResult& result) { + MOZ_ASSERT(proxy->hasDynamicPrototype()); + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + return proxy->as<ProxyObject>().handler()->setPrototype(cx, proxy, proto, + result); +} + +/* static */ +bool Proxy::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, + bool* isOrdinary, + MutableHandleObject proto) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + return proxy->as<ProxyObject>().handler()->getPrototypeIfOrdinary( + cx, proxy, isOrdinary, proto); +} + +/* static */ +bool Proxy::setImmutablePrototype(JSContext* cx, HandleObject proxy, + bool* succeeded) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + return handler->setImmutablePrototype(cx, proxy, succeeded); +} + +/* static */ +bool Proxy::preventExtensions(JSContext* cx, HandleObject proxy, + ObjectOpResult& result) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + return handler->preventExtensions(cx, proxy, result); +} + +/* static */ +bool Proxy::isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + return proxy->as<ProxyObject>().handler()->isExtensible(cx, proxy, + extensible); +} + +bool Proxy::has(JSContext* cx, HandleObject proxy, HandleId id, bool* bp) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + *bp = false; // default result if we refuse to perform this action + AutoEnterPolicy policy(cx, handler, proxy, id, BaseProxyHandler::GET, true); + if (!policy.allowed()) { + return policy.returnValue(); + } + + // Private names shouldn't take this path, but only hasOwn; + MOZ_ASSERT(!id.isPrivateName()); + + if (handler->hasPrototype()) { + if (!handler->hasOwn(cx, proxy, id, bp)) { + return false; + } + if (*bp) { + return true; + } + + RootedObject proto(cx); + if (!GetPrototype(cx, proxy, &proto)) { + return false; + } + if (!proto) { + return true; + } + + return HasProperty(cx, proto, id, bp); + } + + return handler->has(cx, proxy, id, bp); +} + +bool js::ProxyHas(JSContext* cx, HandleObject proxy, HandleValue idVal, + bool* result) { + RootedId id(cx); + if (!ToPropertyKey(cx, idVal, &id)) { + return false; + } + + return Proxy::has(cx, proxy, id, result); +} + +bool Proxy::hasOwn(JSContext* cx, HandleObject proxy, HandleId id, bool* bp) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + *bp = false; // default result if we refuse to perform this action + + // If the handler is supposed to throw, we'll never have a private field so + // simply return, as we shouldn't throw an invalid security error when + // checking for the presence of a private field (WeakMap model). + if (id.isPrivateName() && handler->throwOnPrivateField()) { + return true; + } + + AutoEnterPolicy policy(cx, handler, proxy, id, BaseProxyHandler::GET, true); + if (!policy.allowed()) { + return policy.returnValue(); + } + + // Private field accesses have different semantics depending on the kind + // of proxy involved, and so take a different path compared to regular + // [[Get]] operations. For example, scripted handlers don't fire traps + // when accessing private fields (because of the WeakMap semantics) + if (id.isPrivateName() && handler->useProxyExpandoObjectForPrivateFields()) { + return ProxyHasOnExpando(cx, proxy, id, bp); + } + + return handler->hasOwn(cx, proxy, id, bp); +} + +bool js::ProxyHasOwn(JSContext* cx, HandleObject proxy, HandleValue idVal, + bool* result) { + RootedId id(cx); + if (!ToPropertyKey(cx, idVal, &id)) { + return false; + } + + return Proxy::hasOwn(cx, proxy, id, result); +} + +static MOZ_ALWAYS_INLINE Value ValueToWindowProxyIfWindow(const Value& v, + JSObject* proxy) { + if (v.isObject() && v != ObjectValue(*proxy)) { + return ObjectValue(*ToWindowProxyIfWindow(&v.toObject())); + } + return v; +} + +MOZ_ALWAYS_INLINE bool Proxy::getInternal(JSContext* cx, HandleObject proxy, + HandleValue receiver, HandleId id, + MutableHandleValue vp) { + MOZ_ASSERT_IF(receiver.isObject(), !IsWindow(&receiver.toObject())); + + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + + // Shouldn't have gotten here, as this should have been caught earlier. + MOZ_ASSERT_IF(id.isPrivateName(), !handler->throwOnPrivateField()); + + vp.setUndefined(); // default result if we refuse to perform this action + AutoEnterPolicy policy(cx, handler, proxy, id, BaseProxyHandler::GET, true); + if (!policy.allowed()) { + return policy.returnValue(); + } + + // Private field accesses have different semantics depending on the kind + // of proxy involved, and so take a different path compared to regular + // [[Get]] operations. For example, scripted handlers don't fire traps + // when accessing private fields (because of the WeakMap semantics) + if (id.isPrivateName() && handler->useProxyExpandoObjectForPrivateFields()) { + return ProxyGetOnExpando(cx, proxy, receiver, id, vp); + } + + if (handler->hasPrototype()) { + bool own; + if (!handler->hasOwn(cx, proxy, id, &own)) { + return false; + } + if (!own) { + RootedObject proto(cx); + if (!GetPrototype(cx, proxy, &proto)) { + return false; + } + if (!proto) { + return true; + } + return GetProperty(cx, proto, receiver, id, vp); + } + } + + return handler->get(cx, proxy, receiver, id, vp); +} + +bool Proxy::get(JSContext* cx, HandleObject proxy, HandleValue receiver_, + HandleId id, MutableHandleValue vp) { + // Use the WindowProxy as receiver if receiver_ is a Window. Proxy handlers + // shouldn't have to know about the Window/WindowProxy distinction. + RootedValue receiver(cx, ValueToWindowProxyIfWindow(receiver_, proxy)); + return getInternal(cx, proxy, receiver, id, vp); +} + +bool js::ProxyGetProperty(JSContext* cx, HandleObject proxy, HandleId id, + MutableHandleValue vp) { + RootedValue receiver(cx, ObjectValue(*proxy)); + return Proxy::getInternal(cx, proxy, receiver, id, vp); +} + +bool js::ProxyGetPropertyByValue(JSContext* cx, HandleObject proxy, + HandleValue idVal, MutableHandleValue vp) { + RootedId id(cx); + if (!ToPropertyKey(cx, idVal, &id)) { + return false; + } + + RootedValue receiver(cx, ObjectValue(*proxy)); + return Proxy::getInternal(cx, proxy, receiver, id, vp); +} + +MOZ_ALWAYS_INLINE bool Proxy::setInternal(JSContext* cx, HandleObject proxy, + HandleId id, HandleValue v, + HandleValue receiver, + ObjectOpResult& result) { + MOZ_ASSERT_IF(receiver.isObject(), !IsWindow(&receiver.toObject())); + + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + + // Should have been handled already. + MOZ_ASSERT_IF(id.isPrivateName(), !handler->throwOnPrivateField()); + + AutoEnterPolicy policy(cx, handler, proxy, id, BaseProxyHandler::SET, true); + if (!policy.allowed()) { + if (!policy.returnValue()) { + return false; + } + return result.succeed(); + } + + // Private field accesses have different semantics depending on the kind + // of proxy involved, and so take a different path compared to regular + // [[Set]] operations. + // + // This doesn't interact with hasPrototype, as PrivateFields are always + // own propertiers, and so we never deal with prototype traversals. + if (id.isPrivateName() && handler->useProxyExpandoObjectForPrivateFields()) { + return ProxySetOnExpando(cx, proxy, id, v, receiver, result); + } + + // Special case. See the comment on BaseProxyHandler::mHasPrototype. + if (handler->hasPrototype()) { + return handler->BaseProxyHandler::set(cx, proxy, id, v, receiver, result); + } + + return handler->set(cx, proxy, id, v, receiver, result); +} + +bool Proxy::set(JSContext* cx, HandleObject proxy, HandleId id, HandleValue v, + HandleValue receiver_, ObjectOpResult& result) { + // Use the WindowProxy as receiver if receiver_ is a Window. Proxy handlers + // shouldn't have to know about the Window/WindowProxy distinction. + RootedValue receiver(cx, ValueToWindowProxyIfWindow(receiver_, proxy)); + return setInternal(cx, proxy, id, v, receiver, result); +} + +bool js::ProxySetProperty(JSContext* cx, HandleObject proxy, HandleId id, + HandleValue val, bool strict) { + ObjectOpResult result; + RootedValue receiver(cx, ObjectValue(*proxy)); + if (!Proxy::setInternal(cx, proxy, id, val, receiver, result)) { + return false; + } + return result.checkStrictModeError(cx, proxy, id, strict); +} + +bool js::ProxySetPropertyByValue(JSContext* cx, HandleObject proxy, + HandleValue idVal, HandleValue val, + bool strict) { + RootedId id(cx); + if (!ToPropertyKey(cx, idVal, &id)) { + return false; + } + + ObjectOpResult result; + RootedValue receiver(cx, ObjectValue(*proxy)); + if (!Proxy::setInternal(cx, proxy, id, val, receiver, result)) { + return false; + } + return result.checkStrictModeError(cx, proxy, id, strict); +} + +bool Proxy::getOwnEnumerablePropertyKeys(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::ENUMERATE, true); + if (!policy.allowed()) { + return policy.returnValue(); + } + return handler->getOwnEnumerablePropertyKeys(cx, proxy, props); +} + +bool Proxy::enumerate(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + if (handler->hasPrototype()) { + if (!Proxy::getOwnEnumerablePropertyKeys(cx, proxy, props)) { + return false; + } + + RootedObject proto(cx); + if (!GetPrototype(cx, proxy, &proto)) { + return false; + } + if (!proto) { + return true; + } + + cx->check(proxy, proto); + + RootedIdVector protoProps(cx); + if (!GetPropertyKeys(cx, proto, 0, &protoProps)) { + return false; + } + return AppendUnique(cx, props, protoProps); + } + + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::ENUMERATE, true); + + // If the policy denies access but wants us to return true, we need + // to return an empty |props| list. + if (!policy.allowed()) { + MOZ_ASSERT(props.empty()); + return policy.returnValue(); + } + + return handler->enumerate(cx, proxy, props); +} + +bool Proxy::call(JSContext* cx, HandleObject proxy, const CallArgs& args) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + + // Because vp[0] is JS_CALLEE on the way in and JS_RVAL on the way out, we + // can only set our default value once we're sure that we're not calling the + // trap. + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::CALL, true); + if (!policy.allowed()) { + args.rval().setUndefined(); + return policy.returnValue(); + } + + return handler->call(cx, proxy, args); +} + +bool Proxy::construct(JSContext* cx, HandleObject proxy, const CallArgs& args) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + + // Because vp[0] is JS_CALLEE on the way in and JS_RVAL on the way out, we + // can only set our default value once we're sure that we're not calling the + // trap. + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::CALL, true); + if (!policy.allowed()) { + args.rval().setUndefined(); + return policy.returnValue(); + } + + return handler->construct(cx, proxy, args); +} + +bool Proxy::nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, + const CallArgs& args) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + RootedObject proxy(cx, &args.thisv().toObject()); + // Note - we don't enter a policy here because our security architecture + // guards against nativeCall by overriding the trap itself in the right + // circumstances. + return proxy->as<ProxyObject>().handler()->nativeCall(cx, test, impl, args); +} + +bool Proxy::getBuiltinClass(JSContext* cx, HandleObject proxy, ESClass* cls) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + return proxy->as<ProxyObject>().handler()->getBuiltinClass(cx, proxy, cls); +} + +bool Proxy::isArray(JSContext* cx, HandleObject proxy, + JS::IsArrayAnswer* answer) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + return proxy->as<ProxyObject>().handler()->isArray(cx, proxy, answer); +} + +const char* Proxy::className(JSContext* cx, HandleObject proxy) { + // Check for unbounded recursion, but don't signal an error; className + // needs to be infallible. + AutoCheckRecursionLimit recursion(cx); + if (!recursion.checkDontReport(cx)) { + return "too much recursion"; + } + + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::GET, /* mayThrow = */ false); + // Do the safe thing if the policy rejects. + if (!policy.allowed()) { + return handler->BaseProxyHandler::className(cx, proxy); + } + return handler->className(cx, proxy); +} + +JSString* Proxy::fun_toString(JSContext* cx, HandleObject proxy, + bool isToSource) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return nullptr; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::GET, /* mayThrow = */ false); + // Do the safe thing if the policy rejects. + if (!policy.allowed()) { + return handler->BaseProxyHandler::fun_toString(cx, proxy, isToSource); + } + return handler->fun_toString(cx, proxy, isToSource); +} + +RegExpShared* Proxy::regexp_toShared(JSContext* cx, HandleObject proxy) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return nullptr; + } + return proxy->as<ProxyObject>().handler()->regexp_toShared(cx, proxy); +} + +bool Proxy::boxedValue_unbox(JSContext* cx, HandleObject proxy, + MutableHandleValue vp) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + return proxy->as<ProxyObject>().handler()->boxedValue_unbox(cx, proxy, vp); +} + +JSObject* const TaggedProto::LazyProto = reinterpret_cast<JSObject*>(0x1); + +/* static */ +bool Proxy::getElements(JSContext* cx, HandleObject proxy, uint32_t begin, + uint32_t end, ElementAdder* adder) { + AutoCheckRecursionLimit recursion(cx); + if (!recursion.check(cx)) { + return false; + } + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + AutoEnterPolicy policy(cx, handler, proxy, JS::VoidHandlePropertyKey, + BaseProxyHandler::GET, + /* mayThrow = */ true); + if (!policy.allowed()) { + if (policy.returnValue()) { + MOZ_ASSERT(!cx->isExceptionPending()); + return js::GetElementsWithAdder(cx, proxy, proxy, begin, end, adder); + } + return false; + } + return handler->getElements(cx, proxy, begin, end, adder); +} + +/* static */ +void Proxy::trace(JSTracer* trc, JSObject* proxy) { + const BaseProxyHandler* handler = proxy->as<ProxyObject>().handler(); + handler->trace(trc, proxy); +} + +static bool proxy_LookupProperty(JSContext* cx, HandleObject obj, HandleId id, + MutableHandleObject objp, + PropertyResult* propp) { + bool found; + if (!Proxy::has(cx, obj, id, &found)) { + return false; + } + + if (found) { + propp->setProxyProperty(); + objp.set(obj); + } else { + propp->setNotFound(); + objp.set(nullptr); + } + return true; +} + +static bool proxy_DeleteProperty(JSContext* cx, HandleObject obj, HandleId id, + ObjectOpResult& result) { + if (!Proxy::delete_(cx, obj, id, result)) { + return false; + } + return SuppressDeletedProperty(cx, obj, id); // XXX is this necessary? +} + +/* static */ +void ProxyObject::traceEdgeToTarget(JSTracer* trc, ProxyObject* obj) { + TraceCrossCompartmentEdge(trc, obj, obj->slotOfPrivate(), "proxy target"); +} + +#ifdef DEBUG +static inline void CheckProxyIsInCCWMap(ProxyObject* proxy) { + if (proxy->zone()->isGCCompacting()) { + // Skip this check during compacting GC since objects' object groups may be + // forwarded. It's not impossible to make this work, but requires adding a + // parallel lookupWrapper() path for this one case. + return; + } + + JSObject* referent = MaybeForwarded(proxy->target()); + if (referent->compartment() != proxy->compartment()) { + // Assert that this proxy is tracked in the wrapper map. We maintain the + // invariant that the wrapped object is the key in the wrapper map. + ObjectWrapperMap::Ptr p = proxy->compartment()->lookupWrapper(referent); + MOZ_ASSERT(p); + MOZ_ASSERT(*p->value().unsafeGet() == proxy); + } +} +#endif + +/* static */ +void ProxyObject::trace(JSTracer* trc, JSObject* obj) { + ProxyObject* proxy = &obj->as<ProxyObject>(); + + TraceNullableEdge(trc, proxy->slotOfExpando(), "expando"); + +#ifdef DEBUG + JSContext* cx = TlsContext.get(); + if (cx && cx->isStrictProxyCheckingEnabled() && proxy->is<WrapperObject>()) { + CheckProxyIsInCCWMap(proxy); + } +#endif + + // Note: If you add new slots here, make sure to change + // nuke() to cope. + + traceEdgeToTarget(trc, proxy); + + size_t nreserved = proxy->numReservedSlots(); + for (size_t i = 0; i < nreserved; i++) { + /* + * The GC can use the second reserved slot to link the cross compartment + * wrappers into a linked list, in which case we don't want to trace it. + */ + if (proxy->is<CrossCompartmentWrapperObject>() && + i == CrossCompartmentWrapperObject::GrayLinkReservedSlot) { + continue; + } + TraceEdge(trc, proxy->reservedSlotPtr(i), "proxy_reserved"); + } + + Proxy::trace(trc, obj); +} + +static void proxy_Finalize(JS::GCContext* gcx, JSObject* obj) { + // Suppress a bogus warning about finalize(). + JS::AutoSuppressGCAnalysis nogc; + + MOZ_ASSERT(obj->is<ProxyObject>()); + ProxyObject* proxy = &obj->as<ProxyObject>(); + proxy->handler()->finalize(gcx, obj); + + if (!proxy->usingInlineValueArray() && proxy->isTenured()) { + auto* valArray = js::detail::GetProxyDataLayout(obj)->values(); + size_t size = + js::detail::ProxyValueArray::sizeOf(proxy->numReservedSlots()); + gcx->free_(obj, valArray, size, MemoryUse::ProxyExternalValueArray); + } +} + +size_t js::proxy_ObjectMoved(JSObject* obj, JSObject* old) { + ProxyObject& proxy = obj->as<ProxyObject>(); + + if (IsInsideNursery(old)) { + proxy.nurseryProxyTenured(&old->as<ProxyObject>()); + } + + return proxy.handler()->objectMoved(obj, old); +} + +void ProxyObject::nurseryProxyTenured(ProxyObject* old) { + if (old->usingInlineValueArray()) { + setInlineValueArray(); + return; + } + + Nursery& nursery = runtimeFromMainThread()->gc.nursery(); + nursery.removeMallocedBufferDuringMinorGC(data.values()); + + size_t size = detail::ProxyValueArray::sizeOf(numReservedSlots()); + AddCellMemory(this, size, MemoryUse::ProxyExternalValueArray); +} + +const JSClassOps js::ProxyClassOps = { + nullptr, // addProperty + nullptr, // delProperty + nullptr, // enumerate + nullptr, // newEnumerate + nullptr, // resolve + nullptr, // mayResolve + proxy_Finalize, // finalize + nullptr, // call + nullptr, // construct + ProxyObject::trace, // trace +}; + +const ClassExtension js::ProxyClassExtension = { + proxy_ObjectMoved, // objectMovedOp +}; + +const ObjectOps js::ProxyObjectOps = { + proxy_LookupProperty, // lookupProperty + Proxy::defineProperty, // defineProperty + Proxy::has, // hasProperty + Proxy::get, // getProperty + Proxy::set, // setProperty + Proxy::getOwnPropertyDescriptor, // getOwnPropertyDescriptor + proxy_DeleteProperty, // deleteProperty + Proxy::getElements, // getElements + Proxy::fun_toString, // funToString +}; + +static const JSFunctionSpec proxy_static_methods[] = { + JS_FN("revocable", proxy_revocable, 2, 0), JS_FS_END}; + +static const ClassSpec ProxyClassSpec = { + GenericCreateConstructor<js::proxy, 2, gc::AllocKind::FUNCTION>, nullptr, + proxy_static_methods, nullptr}; + +const JSClass js::ProxyClass = PROXY_CLASS_DEF_WITH_CLASS_SPEC( + "Proxy", + JSCLASS_HAS_CACHED_PROTO(JSProto_Proxy) | JSCLASS_HAS_RESERVED_SLOTS(2), + &ProxyClassSpec); + +JS_PUBLIC_API JSObject* js::NewProxyObject(JSContext* cx, + const BaseProxyHandler* handler, + HandleValue priv, JSObject* proto_, + const ProxyOptions& options) { + AssertHeapIsIdle(); + CHECK_THREAD(cx); + + // This can be called from the compartment wrap hooks while in a realm with a + // gray global. Trigger the read barrier on the global to ensure this is + // unmarked. + cx->realm()->maybeGlobal(); + + if (proto_ != TaggedProto::LazyProto) { + cx->check(proto_); // |priv| might be cross-compartment. + } + + if (options.lazyProto()) { + MOZ_ASSERT(!proto_); + proto_ = TaggedProto::LazyProto; + } + + return ProxyObject::New(cx, handler, priv, TaggedProto(proto_), + options.clasp()); +} + +void ProxyObject::renew(const BaseProxyHandler* handler, const Value& priv) { + MOZ_ASSERT_IF(IsCrossCompartmentWrapper(this), IsDeadProxyObject(this)); + MOZ_ASSERT(getClass() == &ProxyClass); + MOZ_ASSERT(!IsWindowProxy(this)); + MOZ_ASSERT(hasDynamicPrototype()); + + setHandler(handler); + setCrossCompartmentPrivate(priv); + for (size_t i = 0; i < numReservedSlots(); i++) { + setReservedSlot(i, UndefinedValue()); + } +} + +// This implementation of HostEnsureCanAddPrivateElement is designed to work in +// collaboration with Gecko to support the HTML implementation, which applies +// only to Proxy type objects, and as a result we can simply provide proxy +// handlers to correctly match the required semantics. +bool DefaultHostEnsureCanAddPrivateElementCallback(JSContext* cx, + HandleValue val) { + if (!val.isObject()) { + return true; + } + + Rooted<JSObject*> valObj(cx, &val.toObject()); + if (!IsProxy(valObj)) { + return true; + } + + if (GetProxyHandler(valObj)->throwOnPrivateField()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_ILLEGAL_PRIVATE_EXOTIC); + return false; + } + return true; +} diff --git a/js/src/proxy/Proxy.h b/js/src/proxy/Proxy.h new file mode 100644 index 0000000000..a2a015791e --- /dev/null +++ b/js/src/proxy/Proxy.h @@ -0,0 +1,112 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef proxy_Proxy_h +#define proxy_Proxy_h + +#include "NamespaceImports.h" + +#include "js/Array.h" // JS::IsArrayAnswer +#include "js/Class.h" + +namespace js { + +/* + * Dispatch point for handlers that executes the appropriate C++ or scripted + * traps. + * + * Important: All proxy methods need either (a) an AutoEnterPolicy in their + * Proxy::foo entry point below or (b) an override in SecurityWrapper. See bug + * 945826 comment 0. + */ +class Proxy { + public: + /* Standard internal methods. */ + static bool getOwnPropertyDescriptor( + JSContext* cx, HandleObject proxy, HandleId id, + MutableHandle<mozilla::Maybe<JS::PropertyDescriptor>> desc); + static bool defineProperty(JSContext* cx, HandleObject proxy, HandleId id, + Handle<JS::PropertyDescriptor> desc, + ObjectOpResult& result); + static bool ownPropertyKeys(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props); + static bool delete_(JSContext* cx, HandleObject proxy, HandleId id, + ObjectOpResult& result); + static bool enumerate(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props); + static bool isExtensible(JSContext* cx, HandleObject proxy, bool* extensible); + static bool preventExtensions(JSContext* cx, HandleObject proxy, + ObjectOpResult& result); + static bool getPrototype(JSContext* cx, HandleObject proxy, + MutableHandleObject protop); + static bool setPrototype(JSContext* cx, HandleObject proxy, + HandleObject proto, ObjectOpResult& result); + static bool getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, + bool* isOrdinary, + MutableHandleObject protop); + static bool setImmutablePrototype(JSContext* cx, HandleObject proxy, + bool* succeeded); + static bool has(JSContext* cx, HandleObject proxy, HandleId id, bool* bp); + static bool get(JSContext* cx, HandleObject proxy, HandleValue receiver, + HandleId id, MutableHandleValue vp); + static bool getInternal(JSContext* cx, HandleObject proxy, + HandleValue receiver, HandleId id, + MutableHandleValue vp); + static bool set(JSContext* cx, HandleObject proxy, HandleId id, HandleValue v, + HandleValue receiver, ObjectOpResult& result); + static bool setInternal(JSContext* cx, HandleObject proxy, HandleId id, + HandleValue v, HandleValue receiver, + ObjectOpResult& result); + static bool call(JSContext* cx, HandleObject proxy, const CallArgs& args); + static bool construct(JSContext* cx, HandleObject proxy, + const CallArgs& args); + + /* SpiderMonkey extensions. */ + static bool hasOwn(JSContext* cx, HandleObject proxy, HandleId id, bool* bp); + static bool getOwnEnumerablePropertyKeys(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props); + static bool nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, + const CallArgs& args); + static bool getBuiltinClass(JSContext* cx, HandleObject proxy, ESClass* cls); + static bool isArray(JSContext* cx, HandleObject proxy, + JS::IsArrayAnswer* answer); + static const char* className(JSContext* cx, HandleObject proxy); + static JSString* fun_toString(JSContext* cx, HandleObject proxy, + bool isToSource); + static RegExpShared* regexp_toShared(JSContext* cx, HandleObject proxy); + static bool boxedValue_unbox(JSContext* cx, HandleObject proxy, + MutableHandleValue vp); + + static bool getElements(JSContext* cx, HandleObject obj, uint32_t begin, + uint32_t end, ElementAdder* adder); + + static void trace(JSTracer* trc, JSObject* obj); +}; + +size_t proxy_ObjectMoved(JSObject* obj, JSObject* old); + +// These functions are used by JIT code + +bool ProxyHas(JSContext* cx, HandleObject proxy, HandleValue idVal, + bool* result); + +bool ProxyHasOwn(JSContext* cx, HandleObject proxy, HandleValue idVal, + bool* result); + +bool ProxyGetProperty(JSContext* cx, HandleObject proxy, HandleId id, + MutableHandleValue vp); + +bool ProxyGetPropertyByValue(JSContext* cx, HandleObject proxy, + HandleValue idVal, MutableHandleValue vp); + +bool ProxySetProperty(JSContext* cx, HandleObject proxy, HandleId id, + HandleValue val, bool strict); + +bool ProxySetPropertyByValue(JSContext* cx, HandleObject proxy, + HandleValue idVal, HandleValue val, bool strict); +} /* namespace js */ + +#endif /* proxy_Proxy_h */ diff --git a/js/src/proxy/ScriptedProxyHandler.cpp b/js/src/proxy/ScriptedProxyHandler.cpp new file mode 100644 index 0000000000..43ba8de0a3 --- /dev/null +++ b/js/src/proxy/ScriptedProxyHandler.cpp @@ -0,0 +1,1577 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "proxy/ScriptedProxyHandler.h" + +#include "mozilla/Maybe.h" + +#include "jsapi.h" + +#include "builtin/Object.h" +#include "js/CallAndConstruct.h" // JS::Construct, JS::IsCallable +#include "js/CharacterEncoding.h" +#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* +#include "js/PropertyDescriptor.h" // JS::FromPropertyDescriptor +#include "vm/EqualityOperations.h" // js::SameValue +#include "vm/Interpreter.h" // js::Call +#include "vm/JSFunction.h" +#include "vm/JSObject.h" +#include "vm/PlainObject.h" // js::PlainObject + +#include "vm/JSObject-inl.h" +#include "vm/NativeObject-inl.h" + +using namespace js; + +using JS::IsArrayAnswer; + +using mozilla::Maybe; + +// ES2022 rev 33fe30f9a6b0dc81826f2f217167a89c025779a0 +// IsCompatiblePropertyDescriptor. BUT that method just calls +// ValidateAndApplyPropertyDescriptor with two additional constant arguments. +// Therefore step numbering is from the latter method, and resulting dead code +// has been removed. + +// If an exception should be thrown, we will set errorDetails. +static bool IsCompatiblePropertyDescriptor( + JSContext* cx, bool extensible, Handle<PropertyDescriptor> desc, + Handle<Maybe<PropertyDescriptor>> current, const char** errorDetails) { + // precondition: we won't set details if checks pass, so it must be null + // here. + MOZ_ASSERT(*errorDetails == nullptr); + + // Step 2. + if (current.isNothing()) { + // Step 2.a-b,e. As |O| is always undefined, steps 2.c-d fall away. + if (!extensible) { + static const char DETAILS_NOT_EXTENSIBLE[] = + "proxy can't report an extensible object as non-extensible"; + *errorDetails = DETAILS_NOT_EXTENSIBLE; + } + return true; + } + + current->assertComplete(); + + // Step 3. + if (!desc.hasValue() && !desc.hasWritable() && !desc.hasGetter() && + !desc.hasSetter() && !desc.hasEnumerable() && !desc.hasConfigurable()) { + return true; + } + + // Step 4. + if (!current->configurable()) { + // Step 4.a. + if (desc.hasConfigurable() && desc.configurable()) { + static const char DETAILS_CANT_REPORT_NC_AS_C[] = + "proxy can't report an existing non-configurable property as " + "configurable"; + *errorDetails = DETAILS_CANT_REPORT_NC_AS_C; + return true; + } + + // Step 4.b. + if (desc.hasEnumerable() && desc.enumerable() != current->enumerable()) { + static const char DETAILS_ENUM_DIFFERENT[] = + "proxy can't report a different 'enumerable' from target when target " + "is not configurable"; + *errorDetails = DETAILS_ENUM_DIFFERENT; + return true; + } + } + + // Step 5. + if (desc.isGenericDescriptor()) { + return true; + } + + // Step 6. + if (current->isDataDescriptor() != desc.isDataDescriptor()) { + // Steps 6.a., 10. As |O| is always undefined, steps 6.b-c fall away. + if (!current->configurable()) { + static const char DETAILS_CURRENT_NC_DIFF_TYPE[] = + "proxy can't report a different descriptor type when target is not " + "configurable"; + *errorDetails = DETAILS_CURRENT_NC_DIFF_TYPE; + } + return true; + } + + // Step 7. + if (current->isDataDescriptor()) { + MOZ_ASSERT(desc.isDataDescriptor()); // by step 6 + // Step 7.a. + if (!current->configurable() && !current->writable()) { + // Step 7.a.i. + if (desc.hasWritable() && desc.writable()) { + static const char DETAILS_CANT_REPORT_NW_AS_W[] = + "proxy can't report a non-configurable, non-writable property as " + "writable"; + *errorDetails = DETAILS_CANT_REPORT_NW_AS_W; + return true; + } + + // Step 7.a.ii. + if (desc.hasValue()) { + RootedValue value(cx, current->value()); + bool same; + if (!SameValue(cx, desc.value(), value, &same)) { + return false; + } + if (!same) { + static const char DETAILS_DIFFERENT_VALUE[] = + "proxy must report the same value for the non-writable, " + "non-configurable property"; + *errorDetails = DETAILS_DIFFERENT_VALUE; + return true; + } + } + } + + // Step 7.a.ii, 10. + return true; + } + + // Step 8. + + // Step 8.a. + MOZ_ASSERT(current->isAccessorDescriptor()); // by step 7 + MOZ_ASSERT(desc.isAccessorDescriptor()); // by step 6 + + // Step 8.b. + if (current->configurable()) { + return true; + } + // Steps 8.b.i-ii. + if (desc.hasSetter() && desc.setter() != current->setter()) { + static const char DETAILS_SETTERS_DIFFERENT[] = + "proxy can't report different setters for a currently non-configurable " + "property"; + *errorDetails = DETAILS_SETTERS_DIFFERENT; + } else if (desc.hasGetter() && desc.getter() != current->getter()) { + static const char DETAILS_GETTERS_DIFFERENT[] = + "proxy can't report different getters for a currently non-configurable " + "property"; + *errorDetails = DETAILS_GETTERS_DIFFERENT; + } + + // Step 9. + // |O| is always undefined. + + // Step 10. + return true; +} + +// Get the [[ProxyHandler]] of a scripted proxy. +/* static */ +JSObject* ScriptedProxyHandler::handlerObject(const JSObject* proxy) { + MOZ_ASSERT(proxy->as<ProxyObject>().handler() == + &ScriptedProxyHandler::singleton); + return proxy->as<ProxyObject>() + .reservedSlot(ScriptedProxyHandler::HANDLER_EXTRA) + .toObjectOrNull(); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 7.3.9 GetMethod, reimplemented for proxy handler trap-getting to produce +// better error messages. +static bool GetProxyTrap(JSContext* cx, HandleObject handler, + Handle<PropertyName*> name, MutableHandleValue func) { + // Steps 2, 5. + if (!GetProperty(cx, handler, handler, name, func)) { + return false; + } + + // Step 3. + if (func.isUndefined()) { + return true; + } + + if (func.isNull()) { + func.setUndefined(); + return true; + } + + // Step 4. + if (!IsCallable(func)) { + UniqueChars bytes = EncodeAscii(cx, name); + if (!bytes) { + return false; + } + + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_BAD_TRAP, + bytes.get()); + return false; + } + + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.1 Proxy.[[GetPrototypeOf]]. +bool ScriptedProxyHandler::getPrototype(JSContext* cx, HandleObject proxy, + MutableHandleObject protop) const { + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().getPrototypeOf, &trap)) { + return false; + } + + // Step 6. + if (trap.isUndefined()) { + return GetPrototype(cx, target, protop); + } + + // Step 7. + RootedValue handlerProto(cx); + { + FixedInvokeArgs<1> args(cx); + + args[0].setObject(*target); + + handlerProto.setObject(*handler); + + if (!js::Call(cx, trap, handlerProto, args, &handlerProto)) { + return false; + } + } + + // Step 8. + if (!handlerProto.isObjectOrNull()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_BAD_GETPROTOTYPEOF_TRAP_RETURN); + return false; + } + + // Step 9. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) { + return false; + } + + // Step 10. + if (extensibleTarget) { + protop.set(handlerProto.toObjectOrNull()); + return true; + } + + // Step 11. + RootedObject targetProto(cx); + if (!GetPrototype(cx, target, &targetProto)) { + return false; + } + + // Step 12. + if (handlerProto.toObjectOrNull() != targetProto) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_INCONSISTENT_GETPROTOTYPEOF_TRAP); + return false; + } + + // Step 13. + protop.set(handlerProto.toObjectOrNull()); + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.2 Proxy.[[SetPrototypeOf]]. +bool ScriptedProxyHandler::setPrototype(JSContext* cx, HandleObject proxy, + HandleObject proto, + ObjectOpResult& result) const { + // Steps 1-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().setPrototypeOf, &trap)) { + return false; + } + + // Step 7. + if (trap.isUndefined()) { + return SetPrototype(cx, target, proto, result); + } + + // Step 8. + bool booleanTrapResult; + { + FixedInvokeArgs<2> args(cx); + + args[0].setObject(*target); + args[1].setObjectOrNull(proto); + + RootedValue hval(cx, ObjectValue(*handler)); + if (!js::Call(cx, trap, hval, args, &hval)) { + return false; + } + + booleanTrapResult = ToBoolean(hval); + } + + // Step 9. + if (!booleanTrapResult) { + return result.fail(JSMSG_PROXY_SETPROTOTYPEOF_RETURNED_FALSE); + } + + // Step 10. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) { + return false; + } + + // Step 11. + if (extensibleTarget) { + return result.succeed(); + } + + // Step 12. + RootedObject targetProto(cx); + if (!GetPrototype(cx, target, &targetProto)) { + return false; + } + + // Step 13. + if (proto != targetProto) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_INCONSISTENT_SETPROTOTYPEOF_TRAP); + return false; + } + + // Step 14. + return result.succeed(); +} + +bool ScriptedProxyHandler::getPrototypeIfOrdinary( + JSContext* cx, HandleObject proxy, bool* isOrdinary, + MutableHandleObject protop) const { + *isOrdinary = false; + return true; +} + +// Not yet part of ES6, but hopefully to be standards-tracked -- and needed to +// handle revoked proxies in any event. +bool ScriptedProxyHandler::setImmutablePrototype(JSContext* cx, + HandleObject proxy, + bool* succeeded) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + if (!target) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + return SetImmutablePrototype(cx, target, succeeded); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.4 Proxy.[[PreventExtensions]]() +bool ScriptedProxyHandler::preventExtensions(JSContext* cx, HandleObject proxy, + ObjectOpResult& result) const { + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().preventExtensions, &trap)) { + return false; + } + + // Step 6. + if (trap.isUndefined()) { + return PreventExtensions(cx, target, result); + } + + // Step 7. + bool booleanTrapResult; + { + RootedValue arg(cx, ObjectValue(*target)); + RootedValue trapResult(cx); + if (!Call(cx, trap, handler, arg, &trapResult)) { + return false; + } + + booleanTrapResult = ToBoolean(trapResult); + } + + // Step 8. + if (booleanTrapResult) { + // Step 8a. + bool targetIsExtensible; + if (!IsExtensible(cx, target, &targetIsExtensible)) { + return false; + } + + if (targetIsExtensible) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_CANT_REPORT_AS_NON_EXTENSIBLE); + return false; + } + + // Step 9. + return result.succeed(); + } + + // Also step 9. + return result.fail(JSMSG_PROXY_PREVENTEXTENSIONS_RETURNED_FALSE); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.3 Proxy.[[IsExtensible]]() +bool ScriptedProxyHandler::isExtensible(JSContext* cx, HandleObject proxy, + bool* extensible) const { + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().isExtensible, &trap)) { + return false; + } + + // Step 6. + if (trap.isUndefined()) { + return IsExtensible(cx, target, extensible); + } + + // Step 7. + bool booleanTrapResult; + { + RootedValue arg(cx, ObjectValue(*target)); + RootedValue trapResult(cx); + if (!Call(cx, trap, handler, arg, &trapResult)) { + return false; + } + + booleanTrapResult = ToBoolean(trapResult); + } + + // Steps 8. + bool targetResult; + if (!IsExtensible(cx, target, &targetResult)) { + return false; + } + + // Step 9. + if (targetResult != booleanTrapResult) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_EXTENSIBILITY); + return false; + } + + // Step 10. + *extensible = booleanTrapResult; + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.5 Proxy.[[GetOwnProperty]](P) +bool ScriptedProxyHandler::getOwnPropertyDescriptor( + JSContext* cx, HandleObject proxy, HandleId id, + MutableHandle<mozilla::Maybe<PropertyDescriptor>> desc) const { + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().getOwnPropertyDescriptor, &trap)) { + return false; + } + + // Step 7. + if (trap.isUndefined()) { + return GetOwnPropertyDescriptor(cx, target, id, desc); + } + + // Step 8. + RootedValue propKey(cx); + if (!IdToStringOrSymbol(cx, id, &propKey)) { + return false; + } + + RootedValue trapResult(cx); + RootedValue targetVal(cx, ObjectValue(*target)); + if (!Call(cx, trap, handler, targetVal, propKey, &trapResult)) { + return false; + } + + // Step 9. + if (!trapResult.isUndefined() && !trapResult.isObject()) { + return js::Throw(cx, id, JSMSG_PROXY_GETOWN_OBJORUNDEF); + } + + // Step 10. + Rooted<Maybe<PropertyDescriptor>> targetDesc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &targetDesc)) { + return false; + } + + // Step 11. + if (trapResult.isUndefined()) { + // Step 11a. + if (targetDesc.isNothing()) { + desc.reset(); + return true; + } + + // Step 11b. + if (!targetDesc->configurable()) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_NC_AS_NE); + } + + // Steps 11c-d. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) { + return false; + } + + // Step 11e. + if (!extensibleTarget) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_E_AS_NE); + } + + // Step 11f. + desc.reset(); + return true; + } + + // Step 12. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) { + return false; + } + + // Step 13. + Rooted<PropertyDescriptor> resultDesc(cx); + if (!ToPropertyDescriptor(cx, trapResult, true, &resultDesc)) { + return false; + } + + // Step 14. + CompletePropertyDescriptor(&resultDesc); + + // Step 15. + const char* errorDetails = nullptr; + if (!IsCompatiblePropertyDescriptor(cx, extensibleTarget, resultDesc, + targetDesc, &errorDetails)) + return false; + + // Step 16. + if (errorDetails) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_INVALID, errorDetails); + } + + // Step 17. + if (!resultDesc.configurable()) { + if (targetDesc.isNothing()) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_NE_AS_NC); + } + + if (targetDesc->configurable()) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_C_AS_NC); + } + + if (resultDesc.hasWritable() && !resultDesc.writable()) { + if (targetDesc->writable()) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_W_AS_NW); + } + } + } + + // Step 18. + desc.set(mozilla::Some(resultDesc.get())); + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.6 Proxy.[[DefineOwnProperty]](P, Desc) +bool ScriptedProxyHandler::defineProperty(JSContext* cx, HandleObject proxy, + HandleId id, + Handle<PropertyDescriptor> desc, + ObjectOpResult& result) const { + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().defineProperty, &trap)) { + return false; + } + + // Step 7. + if (trap.isUndefined()) { + return DefineProperty(cx, target, id, desc, result); + } + + // Step 8. + RootedValue descObj(cx); + if (!FromPropertyDescriptorToObject(cx, desc, &descObj)) { + return false; + } + + // Step 9. + RootedValue propKey(cx); + if (!IdToStringOrSymbol(cx, id, &propKey)) { + return false; + } + + RootedValue trapResult(cx); + { + FixedInvokeArgs<3> args(cx); + + args[0].setObject(*target); + args[1].set(propKey); + args[2].set(descObj); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, args, &trapResult)) { + return false; + } + } + + // Step 10. + if (!ToBoolean(trapResult)) { + return result.fail(JSMSG_PROXY_DEFINE_RETURNED_FALSE); + } + + // Step 11. + Rooted<Maybe<PropertyDescriptor>> targetDesc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &targetDesc)) { + return false; + } + + // Step 12. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) { + return false; + } + + // Steps 13-14. + bool settingConfigFalse = desc.hasConfigurable() && !desc.configurable(); + + // Steps 15-16. + if (targetDesc.isNothing()) { + // Step 15a. + if (!extensibleTarget) { + return js::Throw(cx, id, JSMSG_CANT_DEFINE_NEW); + } + + // Step 15b. + if (settingConfigFalse) { + return js::Throw(cx, id, JSMSG_CANT_DEFINE_NE_AS_NC); + } + } else { + // Step 16a. + const char* errorDetails = nullptr; + if (!IsCompatiblePropertyDescriptor(cx, extensibleTarget, desc, targetDesc, + &errorDetails)) + return false; + + if (errorDetails) { + return js::Throw(cx, id, JSMSG_CANT_DEFINE_INVALID, errorDetails); + } + + // Step 16b. + if (settingConfigFalse && targetDesc->configurable()) { + static const char DETAILS_CANT_REPORT_C_AS_NC[] = + "proxy can't define an existing configurable property as " + "non-configurable"; + return js::Throw(cx, id, JSMSG_CANT_DEFINE_INVALID, + DETAILS_CANT_REPORT_C_AS_NC); + } + + if (targetDesc->isDataDescriptor() && !targetDesc->configurable() && + targetDesc->writable()) { + if (desc.hasWritable() && !desc.writable()) { + static const char DETAILS_CANT_DEFINE_NW[] = + "proxy can't define an existing non-configurable writable property " + "as non-writable"; + return js::Throw(cx, id, JSMSG_CANT_DEFINE_INVALID, + DETAILS_CANT_DEFINE_NW); + } + } + } + + // Step 17. + return result.succeed(); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 7.3.17 CreateListFromArrayLike with elementTypes fixed to symbol/string. +static bool CreateFilteredListFromArrayLike(JSContext* cx, HandleValue v, + MutableHandleIdVector props) { + // Step 2. + RootedObject obj(cx, RequireObject(cx, JSMSG_OBJECT_REQUIRED_RET_OWNKEYS, + JSDVG_IGNORE_STACK, v)); + if (!obj) { + return false; + } + + // Step 3. + uint64_t len; + if (!GetLengthProperty(cx, obj, &len)) { + return false; + } + + // Steps 4-6. + RootedValue next(cx); + RootedId id(cx); + uint64_t index = 0; + while (index < len) { + // Steps 6a-b. + if (!GetElementLargeIndex(cx, obj, obj, index, &next)) { + return false; + } + + // Step 6c. + if (!next.isString() && !next.isSymbol()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_OWNKEYS_STR_SYM); + return false; + } + + if (!PrimitiveValueToId<CanGC>(cx, next, &id)) { + return false; + } + + // Step 6d. + if (!props.append(id)) { + return false; + } + + // Step 6e. + index++; + } + + // Step 7. + return true; +} + +// ES2018 draft rev aab1ea3bd4d03c85d6f4a91503b4169346ab7271 +// 9.5.11 Proxy.[[OwnPropertyKeys]]() +bool ScriptedProxyHandler::ownPropertyKeys(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props) const { + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().ownKeys, &trap)) { + return false; + } + + // Step 6. + if (trap.isUndefined()) { + return GetPropertyKeys( + cx, target, JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, props); + } + + // Step 7. + RootedValue trapResultArray(cx); + RootedValue targetVal(cx, ObjectValue(*target)); + if (!Call(cx, trap, handler, targetVal, &trapResultArray)) { + return false; + } + + // Step 8. + RootedIdVector trapResult(cx); + if (!CreateFilteredListFromArrayLike(cx, trapResultArray, &trapResult)) { + return false; + } + + // Steps 9, 18. + Rooted<GCHashSet<jsid>> uncheckedResultKeys( + cx, GCHashSet<jsid>(cx, trapResult.length())); + + for (size_t i = 0, len = trapResult.length(); i < len; i++) { + MOZ_ASSERT(!trapResult[i].isVoid()); + + auto ptr = uncheckedResultKeys.lookupForAdd(trapResult[i]); + if (ptr) { + return js::Throw(cx, trapResult[i], JSMSG_OWNKEYS_DUPLICATE); + } + + if (!uncheckedResultKeys.add(ptr, trapResult[i])) { + return false; + } + } + + // Step 10. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) { + return false; + } + + // Steps 11-13. + RootedIdVector targetKeys(cx); + if (!GetPropertyKeys(cx, target, + JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, + &targetKeys)) { + return false; + } + + // Steps 14-15. + RootedIdVector targetConfigurableKeys(cx); + RootedIdVector targetNonconfigurableKeys(cx); + + // Step 16. + Rooted<Maybe<PropertyDescriptor>> desc(cx); + for (size_t i = 0; i < targetKeys.length(); ++i) { + // Step 16.a. + if (!GetOwnPropertyDescriptor(cx, target, targetKeys[i], &desc)) { + return false; + } + + // Steps 16.b-c. + if (desc.isSome() && !desc->configurable()) { + if (!targetNonconfigurableKeys.append(targetKeys[i])) { + return false; + } + } else { + if (!targetConfigurableKeys.append(targetKeys[i])) { + return false; + } + } + } + + // Step 17. + if (extensibleTarget && targetNonconfigurableKeys.empty()) { + return props.appendAll(std::move(trapResult)); + } + + // Step 19. + for (size_t i = 0; i < targetNonconfigurableKeys.length(); ++i) { + MOZ_ASSERT(!targetNonconfigurableKeys[i].isVoid()); + + auto ptr = uncheckedResultKeys.lookup(targetNonconfigurableKeys[i]); + + // Step 19.a. + if (!ptr) { + return js::Throw(cx, targetNonconfigurableKeys[i], JSMSG_CANT_SKIP_NC); + } + + // Step 19.b. + uncheckedResultKeys.remove(ptr); + } + + // Step 20. + if (extensibleTarget) { + return props.appendAll(std::move(trapResult)); + } + + // Step 21. + for (size_t i = 0; i < targetConfigurableKeys.length(); ++i) { + MOZ_ASSERT(!targetConfigurableKeys[i].isVoid()); + + auto ptr = uncheckedResultKeys.lookup(targetConfigurableKeys[i]); + + // Step 21.a. + if (!ptr) { + return js::Throw(cx, targetConfigurableKeys[i], + JSMSG_CANT_REPORT_E_AS_NE); + } + + // Step 21.b. + uncheckedResultKeys.remove(ptr); + } + + // Step 22. + if (!uncheckedResultKeys.empty()) { + RootedId id(cx, uncheckedResultKeys.all().front()); + return js::Throw(cx, id, JSMSG_CANT_REPORT_NEW); + } + + // Step 23. + return props.appendAll(std::move(trapResult)); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.10 Proxy.[[Delete]](P) +bool ScriptedProxyHandler::delete_(JSContext* cx, HandleObject proxy, + HandleId id, ObjectOpResult& result) const { + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().deleteProperty, &trap)) { + return false; + } + + // Step 7. + if (trap.isUndefined()) { + return DeleteProperty(cx, target, id, result); + } + + // Step 8. + bool booleanTrapResult; + { + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) { + return false; + } + + RootedValue targetVal(cx, ObjectValue(*target)); + RootedValue trapResult(cx); + if (!Call(cx, trap, handler, targetVal, value, &trapResult)) { + return false; + } + + booleanTrapResult = ToBoolean(trapResult); + } + + // Step 9. + if (!booleanTrapResult) { + return result.fail(JSMSG_PROXY_DELETE_RETURNED_FALSE); + } + + // Step 10. + Rooted<Maybe<PropertyDescriptor>> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) { + return false; + } + + // Step 11. + if (desc.isNothing()) { + return result.succeed(); + } + + // Step 12. + if (!desc->configurable()) { + return Throw(cx, id, JSMSG_CANT_DELETE); + } + + bool extensible; + if (!IsExtensible(cx, target, &extensible)) { + return false; + } + + if (!extensible) { + return Throw(cx, id, JSMSG_CANT_DELETE_NON_EXTENSIBLE); + } + + // Step 13. + return result.succeed(); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.7 Proxy.[[HasProperty]](P) +bool ScriptedProxyHandler::has(JSContext* cx, HandleObject proxy, HandleId id, + bool* bp) const { + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().has, &trap)) { + return false; + } + + // Step 7. + if (trap.isUndefined()) { + return HasProperty(cx, target, id, bp); + } + + // Step 8. + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) { + return false; + } + + RootedValue trapResult(cx); + RootedValue targetVal(cx, ObjectValue(*target)); + if (!Call(cx, trap, handler, targetVal, value, &trapResult)) { + return false; + } + + bool booleanTrapResult = ToBoolean(trapResult); + + // Step 9. + if (!booleanTrapResult) { + // Step 9a. + Rooted<Maybe<PropertyDescriptor>> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) { + return false; + } + + // Step 9b. + if (desc.isSome()) { + // Step 9b(i). + if (!desc->configurable()) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_NC_AS_NE); + } + + // Step 9b(ii). + bool extensible; + if (!IsExtensible(cx, target, &extensible)) { + return false; + } + + // Step 9b(iii). + if (!extensible) { + return js::Throw(cx, id, JSMSG_CANT_REPORT_E_AS_NE); + } + } + } + + // Step 10. + *bp = booleanTrapResult; + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.8 Proxy.[[GetP]](P, Receiver) +bool ScriptedProxyHandler::get(JSContext* cx, HandleObject proxy, + HandleValue receiver, HandleId id, + MutableHandleValue vp) const { + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Steps 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().get, &trap)) { + return false; + } + + // Step 7. + if (trap.isUndefined()) { + return GetProperty(cx, target, receiver, id, vp); + } + + // Step 8. + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) { + return false; + } + + RootedValue trapResult(cx); + { + FixedInvokeArgs<3> args(cx); + + args[0].setObject(*target); + args[1].set(value); + args[2].set(receiver); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, args, &trapResult)) { + return false; + } + } + + // Step 9. + Rooted<Maybe<PropertyDescriptor>> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) { + return false; + } + + // Step 10. + if (desc.isSome()) { + // Step 10a. + if (desc->isDataDescriptor() && !desc->configurable() && + !desc->writable()) { + RootedValue value(cx, desc->value()); + bool same; + if (!SameValue(cx, trapResult, value, &same)) { + return false; + } + if (!same) { + return js::Throw(cx, id, JSMSG_MUST_REPORT_SAME_VALUE); + } + } + + // Step 10b. + if (desc->isAccessorDescriptor() && !desc->configurable() && + (desc->getter() == nullptr) && !trapResult.isUndefined()) { + return js::Throw(cx, id, JSMSG_MUST_REPORT_UNDEFINED); + } + } + + // Step 11. + vp.set(trapResult); + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.5.9 Proxy.[[Set]](P, V, Receiver) +bool ScriptedProxyHandler::set(JSContext* cx, HandleObject proxy, HandleId id, + HandleValue v, HandleValue receiver, + ObjectOpResult& result) const { + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().set, &trap)) { + return false; + } + + // Step 7. + if (trap.isUndefined()) { + return SetProperty(cx, target, id, v, receiver, result); + } + + // Step 8. + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) { + return false; + } + + RootedValue trapResult(cx); + { + FixedInvokeArgs<4> args(cx); + + args[0].setObject(*target); + args[1].set(value); + args[2].set(v); + args[3].set(receiver); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, args, &trapResult)) { + return false; + } + } + + // Step 9. + if (!ToBoolean(trapResult)) { + return result.fail(JSMSG_PROXY_SET_RETURNED_FALSE); + } + + // Step 10. + Rooted<Maybe<PropertyDescriptor>> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) { + return false; + } + + // Step 11. + if (desc.isSome()) { + // Step 11a. + if (desc->isDataDescriptor() && !desc->configurable() && + !desc->writable()) { + RootedValue value(cx, desc->value()); + bool same; + if (!SameValue(cx, v, value, &same)) { + return false; + } + if (!same) { + return js::Throw(cx, id, JSMSG_CANT_SET_NW_NC); + } + } + + // Step 11b. + if (desc->isAccessorDescriptor() && !desc->configurable() && + desc->setter() == nullptr) { + return js::Throw(cx, id, JSMSG_CANT_SET_WO_SETTER); + } + } + + // Step 12. + return result.succeed(); +} + +// ES7 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.13 Proxy.[[Call]] +bool ScriptedProxyHandler::call(JSContext* cx, HandleObject proxy, + const CallArgs& args) const { + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + MOZ_ASSERT(target->isCallable()); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().apply, &trap)) { + return false; + } + + // Step 6. + if (trap.isUndefined()) { + InvokeArgs iargs(cx); + if (!FillArgumentsFromArraylike(cx, iargs, args)) { + return false; + } + + RootedValue fval(cx, ObjectValue(*target)); + return js::Call(cx, fval, args.thisv(), iargs, args.rval()); + } + + // Step 7. + RootedObject argArray(cx, + NewDenseCopiedArray(cx, args.length(), args.array())); + if (!argArray) { + return false; + } + + // Step 8. + FixedInvokeArgs<3> iargs(cx); + + iargs[0].setObject(*target); + iargs[1].set(args.thisv()); + iargs[2].setObject(*argArray); + + RootedValue thisv(cx, ObjectValue(*handler)); + return js::Call(cx, trap, thisv, iargs, args.rval()); +} + +// ES7 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.14 Proxy.[[Construct]] +bool ScriptedProxyHandler::construct(JSContext* cx, HandleObject proxy, + const CallArgs& args) const { + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + MOZ_ASSERT(target->isConstructor()); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().construct, &trap)) { + return false; + } + + // Step 6. + if (trap.isUndefined()) { + ConstructArgs cargs(cx); + if (!FillArgumentsFromArraylike(cx, cargs, args)) { + return false; + } + + RootedValue targetv(cx, ObjectValue(*target)); + RootedObject obj(cx); + if (!Construct(cx, targetv, cargs, args.newTarget(), &obj)) { + return false; + } + + args.rval().setObject(*obj); + return true; + } + + // Step 7. + RootedObject argArray(cx, + NewDenseCopiedArray(cx, args.length(), args.array())); + if (!argArray) { + return false; + } + + // Steps 8, 10. + { + FixedInvokeArgs<3> iargs(cx); + + iargs[0].setObject(*target); + iargs[1].setObject(*argArray); + iargs[2].set(args.newTarget()); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, iargs, args.rval())) { + return false; + } + } + + // Step 9. + if (!args.rval().isObject()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_PROXY_CONSTRUCT_OBJECT); + return false; + } + + return true; +} + +bool ScriptedProxyHandler::nativeCall(JSContext* cx, IsAcceptableThis test, + NativeImpl impl, + const CallArgs& args) const { + ReportIncompatible(cx, args); + return false; +} + +bool ScriptedProxyHandler::getBuiltinClass(JSContext* cx, HandleObject proxy, + ESClass* cls) const { + *cls = ESClass::Other; + return true; +} + +bool ScriptedProxyHandler::isArray(JSContext* cx, HandleObject proxy, + IsArrayAnswer* answer) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + if (target) { + return JS::IsArray(cx, target, answer); + } + + *answer = IsArrayAnswer::RevokedProxy; + return true; +} + +const char* ScriptedProxyHandler::className(JSContext* cx, + HandleObject proxy) const { + // Right now the caller is not prepared to handle failures. + return BaseProxyHandler::className(cx, proxy); +} + +JSString* ScriptedProxyHandler::fun_toString(JSContext* cx, HandleObject proxy, + bool isToSource) const { + // The BaseProxyHandler has the desired behavior: Throw for non-callable, + // otherwise return [native code]. + return BaseProxyHandler::fun_toString(cx, proxy, isToSource); +} + +RegExpShared* ScriptedProxyHandler::regexp_toShared(JSContext* cx, + HandleObject proxy) const { + MOZ_CRASH("Should not end up in ScriptedProxyHandler::regexp_toShared"); +} + +bool ScriptedProxyHandler::boxedValue_unbox(JSContext* cx, HandleObject proxy, + MutableHandleValue vp) const { + MOZ_CRASH("Should not end up in ScriptedProxyHandler::boxedValue_unbox"); + return false; +} + +bool ScriptedProxyHandler::isCallable(JSObject* obj) const { + MOZ_ASSERT(obj->as<ProxyObject>().handler() == + &ScriptedProxyHandler::singleton); + uint32_t callConstruct = obj->as<ProxyObject>() + .reservedSlot(IS_CALLCONSTRUCT_EXTRA) + .toPrivateUint32(); + return !!(callConstruct & IS_CALLABLE); +} + +bool ScriptedProxyHandler::isConstructor(JSObject* obj) const { + MOZ_ASSERT(obj->as<ProxyObject>().handler() == + &ScriptedProxyHandler::singleton); + uint32_t callConstruct = obj->as<ProxyObject>() + .reservedSlot(IS_CALLCONSTRUCT_EXTRA) + .toPrivateUint32(); + return !!(callConstruct & IS_CONSTRUCTOR); +} + +const char ScriptedProxyHandler::family = 0; +const ScriptedProxyHandler ScriptedProxyHandler::singleton; + +// ES2021 rev c21b280a2c46e92decf3efeca9e9da35d5b9f622 +// Including the changes from: https://github.com/tc39/ecma262/pull/1814 +// 9.5.14 ProxyCreate. +static bool ProxyCreate(JSContext* cx, CallArgs& args, const char* callerName) { + if (!args.requireAtLeast(cx, callerName, 2)) { + return false; + } + + // Step 1. + RootedObject target(cx, + RequireObjectArg(cx, "`target`", callerName, args[0])); + if (!target) { + return false; + } + + // Step 2. + RootedObject handler(cx, + RequireObjectArg(cx, "`handler`", callerName, args[1])); + if (!handler) { + return false; + } + + // Steps 3-4, 6. + RootedValue priv(cx, ObjectValue(*target)); + JSObject* proxy_ = NewProxyObject(cx, &ScriptedProxyHandler::singleton, priv, + TaggedProto::LazyProto); + if (!proxy_) { + return false; + } + + // Step 7 (reordered). + Rooted<ProxyObject*> proxy(cx, &proxy_->as<ProxyObject>()); + proxy->setReservedSlot(ScriptedProxyHandler::HANDLER_EXTRA, + ObjectValue(*handler)); + + // Step 5. + uint32_t callable = + target->isCallable() ? ScriptedProxyHandler::IS_CALLABLE : 0; + uint32_t constructor = + target->isConstructor() ? ScriptedProxyHandler::IS_CONSTRUCTOR : 0; + proxy->setReservedSlot(ScriptedProxyHandler::IS_CALLCONSTRUCT_EXTRA, + PrivateUint32Value(callable | constructor)); + + // Step 8. + args.rval().setObject(*proxy); + return true; +} + +bool js::proxy(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (!ThrowIfNotConstructing(cx, args, "Proxy")) { + return false; + } + + return ProxyCreate(cx, args, "Proxy"); +} + +static bool RevokeProxy(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + RootedFunction func(cx, &args.callee().as<JSFunction>()); + RootedObject p(cx, func->getExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT) + .toObjectOrNull()); + + if (p) { + func->setExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT, NullValue()); + + MOZ_ASSERT(p->is<ProxyObject>()); + + p->as<ProxyObject>().setSameCompartmentPrivate(NullValue()); + p->as<ProxyObject>().setReservedSlot(ScriptedProxyHandler::HANDLER_EXTRA, + NullValue()); + } + + args.rval().setUndefined(); + return true; +} + +bool js::proxy_revocable(JSContext* cx, unsigned argc, Value* vp) { + CallArgs args = CallArgsFromVp(argc, vp); + + if (!ProxyCreate(cx, args, "Proxy.revocable")) { + return false; + } + + RootedValue proxyVal(cx, args.rval()); + MOZ_ASSERT(proxyVal.toObject().is<ProxyObject>()); + + RootedFunction revoker( + cx, NewNativeFunction(cx, RevokeProxy, 0, nullptr, + gc::AllocKind::FUNCTION_EXTENDED, GenericObject)); + if (!revoker) { + return false; + } + + revoker->initExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT, proxyVal); + + Rooted<PlainObject*> result(cx, NewPlainObject(cx)); + if (!result) { + return false; + } + + RootedValue revokeVal(cx, ObjectValue(*revoker)); + if (!DefineDataProperty(cx, result, cx->names().proxy, proxyVal) || + !DefineDataProperty(cx, result, cx->names().revoke, revokeVal)) { + return false; + } + + args.rval().setObject(*result); + return true; +} diff --git a/js/src/proxy/ScriptedProxyHandler.h b/js/src/proxy/ScriptedProxyHandler.h new file mode 100644 index 0000000000..ec471c7b16 --- /dev/null +++ b/js/src/proxy/ScriptedProxyHandler.h @@ -0,0 +1,115 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef proxy_ScriptedProxyHandler_h +#define proxy_ScriptedProxyHandler_h + +#include "js/Proxy.h" + +namespace js { + +/* Derived class for all scripted proxy handlers. */ +class ScriptedProxyHandler : public BaseProxyHandler { + public: + constexpr ScriptedProxyHandler() : BaseProxyHandler(&family) {} + + /* Standard internal methods. */ + virtual bool getOwnPropertyDescriptor( + JSContext* cx, JS::HandleObject proxy, JS::HandleId id, + JS::MutableHandle<mozilla::Maybe<JS::PropertyDescriptor>> desc) + const override; + virtual bool defineProperty(JSContext* cx, JS::HandleObject proxy, + JS::HandleId id, + JS::Handle<JS::PropertyDescriptor> desc, + JS::ObjectOpResult& result) const override; + virtual bool ownPropertyKeys(JSContext* cx, JS::HandleObject proxy, + JS::MutableHandleIdVector props) const override; + virtual bool delete_(JSContext* cx, JS::HandleObject proxy, JS::HandleId id, + JS::ObjectOpResult& result) const override; + + virtual bool getPrototype(JSContext* cx, JS::HandleObject proxy, + JS::MutableHandleObject protop) const override; + virtual bool setPrototype(JSContext* cx, JS::HandleObject proxy, + JS::HandleObject proto, + JS::ObjectOpResult& result) const override; + /* Non-standard, but needed to correctly implement OrdinaryGetPrototypeOf. */ + virtual bool getPrototypeIfOrdinary( + JSContext* cx, JS::HandleObject proxy, bool* isOrdinary, + JS::MutableHandleObject protop) const override; + /* Non-standard, but needed to handle revoked proxies. */ + virtual bool setImmutablePrototype(JSContext* cx, JS::HandleObject proxy, + bool* succeeded) const override; + + virtual bool preventExtensions(JSContext* cx, JS::HandleObject proxy, + JS::ObjectOpResult& result) const override; + virtual bool isExtensible(JSContext* cx, JS::HandleObject proxy, + bool* extensible) const override; + + virtual bool has(JSContext* cx, JS::HandleObject proxy, JS::HandleId id, + bool* bp) const override; + virtual bool get(JSContext* cx, JS::HandleObject proxy, + JS::HandleValue receiver, JS::HandleId id, + JS::MutableHandleValue vp) const override; + virtual bool set(JSContext* cx, JS::HandleObject proxy, JS::HandleId id, + JS::HandleValue v, JS::HandleValue receiver, + JS::ObjectOpResult& result) const override; + virtual bool call(JSContext* cx, JS::HandleObject proxy, + const JS::CallArgs& args) const override; + virtual bool construct(JSContext* cx, JS::HandleObject proxy, + const JS::CallArgs& args) const override; + + /* SpiderMonkey extensions. */ + virtual bool hasOwn(JSContext* cx, JS::HandleObject proxy, JS::HandleId id, + bool* bp) const override { + return BaseProxyHandler::hasOwn(cx, proxy, id, bp); + } + + // A scripted proxy should not be treated as generic in most contexts. + virtual bool nativeCall(JSContext* cx, JS::IsAcceptableThis test, + JS::NativeImpl impl, + const JS::CallArgs& args) const override; + virtual bool getBuiltinClass(JSContext* cx, JS::HandleObject proxy, + ESClass* cls) const override; + virtual bool isArray(JSContext* cx, JS::HandleObject proxy, + JS::IsArrayAnswer* answer) const override; + virtual const char* className(JSContext* cx, + JS::HandleObject proxy) const override; + virtual JSString* fun_toString(JSContext* cx, JS::HandleObject proxy, + bool isToSource) const override; + virtual RegExpShared* regexp_toShared(JSContext* cx, + JS::HandleObject proxy) const override; + virtual bool boxedValue_unbox(JSContext* cx, JS::HandleObject proxy, + JS::MutableHandleValue vp) const override; + + virtual bool isCallable(JSObject* obj) const override; + virtual bool isConstructor(JSObject* obj) const override; + + virtual bool isScripted() const override { return true; } + + static const char family; + static const ScriptedProxyHandler singleton; + + // The "proxy extra" slot index in which the handler is stored. Revocable + // proxies need to set this at revocation time. + static const int HANDLER_EXTRA = 0; + static const int IS_CALLCONSTRUCT_EXTRA = 1; + // Bitmasks for the "call/construct" slot + static const int IS_CALLABLE = 1 << 0; + static const int IS_CONSTRUCTOR = 1 << 1; + // The "function extended" slot index in which the revocation object is + // stored. Per spec, this is to be cleared during the first revocation. + static const int REVOKE_SLOT = 0; + + static JSObject* handlerObject(const JSObject* proxy); +}; + +bool proxy(JSContext* cx, unsigned argc, JS::Value* vp); + +bool proxy_revocable(JSContext* cx, unsigned argc, JS::Value* vp); + +} /* namespace js */ + +#endif /* proxy_ScriptedProxyHandler_h */ diff --git a/js/src/proxy/SecurityWrapper.cpp b/js/src/proxy/SecurityWrapper.cpp new file mode 100644 index 0000000000..6b308576fd --- /dev/null +++ b/js/src/proxy/SecurityWrapper.cpp @@ -0,0 +1,108 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "NamespaceImports.h" + +#include "js/friend/ErrorMessages.h" // JSMSG_* +#include "js/Wrapper.h" +#include "vm/JSObject.h" +#include "vm/StringType.h" + +using namespace js; + +template <class Base> +bool SecurityWrapper<Base>::enter(JSContext* cx, HandleObject wrapper, + HandleId id, Wrapper::Action act, + bool mayThrow, bool* bp) const { + ReportAccessDenied(cx); + *bp = false; + return false; +} + +template <class Base> +bool SecurityWrapper<Base>::nativeCall(JSContext* cx, IsAcceptableThis test, + NativeImpl impl, + const CallArgs& args) const { + ReportAccessDenied(cx); + return false; +} + +template <class Base> +bool SecurityWrapper<Base>::setPrototype(JSContext* cx, HandleObject wrapper, + HandleObject proto, + ObjectOpResult& result) const { + ReportAccessDenied(cx); + return false; +} + +template <class Base> +bool SecurityWrapper<Base>::setImmutablePrototype(JSContext* cx, + HandleObject wrapper, + bool* succeeded) const { + ReportAccessDenied(cx); + return false; +} + +template <class Base> +bool SecurityWrapper<Base>::preventExtensions(JSContext* cx, + HandleObject wrapper, + ObjectOpResult& result) const { + // Just like BaseProxyHandler, SecurityWrappers claim by default to always + // be extensible, so as not to leak information about the state of the + // underlying wrapped thing. + return result.fail(JSMSG_CANT_CHANGE_EXTENSIBILITY); +} + +template <class Base> +bool SecurityWrapper<Base>::isExtensible(JSContext* cx, HandleObject wrapper, + bool* extensible) const { + // See above. + *extensible = true; + return true; +} + +template <class Base> +bool SecurityWrapper<Base>::getBuiltinClass(JSContext* cx, HandleObject wrapper, + ESClass* cls) const { + *cls = ESClass::Other; + return true; +} + +template <class Base> +bool SecurityWrapper<Base>::isArray(JSContext* cx, HandleObject obj, + JS::IsArrayAnswer* answer) const { + // This should ReportAccessDenied(cx), but bug 849730 disagrees. :-( + *answer = JS::IsArrayAnswer::NotArray; + return true; +} + +template <class Base> +RegExpShared* SecurityWrapper<Base>::regexp_toShared(JSContext* cx, + HandleObject obj) const { + return Base::regexp_toShared(cx, obj); +} + +template <class Base> +bool SecurityWrapper<Base>::boxedValue_unbox(JSContext* cx, HandleObject obj, + MutableHandleValue vp) const { + vp.setUndefined(); + return true; +} + +template <class Base> +bool SecurityWrapper<Base>::defineProperty(JSContext* cx, HandleObject wrapper, + HandleId id, + Handle<PropertyDescriptor> desc, + ObjectOpResult& result) const { + if (desc.isAccessorDescriptor()) { + return Throw(cx, id, JSMSG_ACCESSOR_DEF_DENIED); + } + + return Base::defineProperty(cx, wrapper, id, desc, result); +} + +template class js::SecurityWrapper<Wrapper>; +template class js::SecurityWrapper<CrossCompartmentWrapper>; diff --git a/js/src/proxy/Wrapper.cpp b/js/src/proxy/Wrapper.cpp new file mode 100644 index 0000000000..0c31a11d38 --- /dev/null +++ b/js/src/proxy/Wrapper.cpp @@ -0,0 +1,456 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * vim: set ts=8 sts=2 et sw=2 tw=80: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "js/Wrapper.h" + +#include "jsexn.h" + +#include "js/CallAndConstruct.h" // JS::Construct, JS::IsConstructor +#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* +#include "js/friend/WindowProxy.h" // js::IsWindowProxy +#include "js/Object.h" // JS::GetBuiltinClass +#include "js/Proxy.h" +#include "vm/Compartment.h" +#include "vm/ErrorObject.h" +#include "vm/Interpreter.h" +#include "vm/JSContext.h" +#include "vm/ProxyObject.h" +#include "vm/Realm.h" +#include "vm/RegExpObject.h" +#include "vm/WrapperObject.h" + +#include "gc/Marking-inl.h" +#include "vm/JSObject-inl.h" +#include "vm/NativeObject-inl.h" + +using namespace js; + +bool Wrapper::finalizeInBackground(const Value& priv) const { + if (!priv.isObject()) { + return true; + } + + /* + * Make the 'background-finalized-ness' of the wrapper the same as the + * wrapped object, to allow transplanting between them. + */ + JSObject* wrapped = MaybeForwarded(&priv.toObject()); + gc::AllocKind wrappedKind; + if (IsInsideNursery(wrapped)) { + JSRuntime* rt = wrapped->runtimeFromMainThread(); + wrappedKind = wrapped->allocKindForTenure(rt->gc.nursery()); + } else { + wrappedKind = wrapped->asTenured().getAllocKind(); + } + return IsBackgroundFinalized(wrappedKind); +} + +bool ForwardingProxyHandler::getOwnPropertyDescriptor( + JSContext* cx, HandleObject proxy, HandleId id, + MutableHandle<mozilla::Maybe<PropertyDescriptor>> desc) const { + assertEnteredPolicy(cx, proxy, id, GET | SET | GET_PROPERTY_DESCRIPTOR); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return GetOwnPropertyDescriptor(cx, target, id, desc); +} + +bool ForwardingProxyHandler::defineProperty(JSContext* cx, HandleObject proxy, + HandleId id, + Handle<PropertyDescriptor> desc, + ObjectOpResult& result) const { + assertEnteredPolicy(cx, proxy, id, SET); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return DefineProperty(cx, target, id, desc, result); +} + +bool ForwardingProxyHandler::ownPropertyKeys( + JSContext* cx, HandleObject proxy, MutableHandleIdVector props) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), ENUMERATE); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return GetPropertyKeys( + cx, target, JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, props); +} + +bool ForwardingProxyHandler::delete_(JSContext* cx, HandleObject proxy, + HandleId id, + ObjectOpResult& result) const { + assertEnteredPolicy(cx, proxy, id, SET); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return DeleteProperty(cx, target, id, result); +} + +bool ForwardingProxyHandler::enumerate(JSContext* cx, HandleObject proxy, + MutableHandleIdVector props) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), ENUMERATE); + MOZ_ASSERT( + !hasPrototype()); // Should never be called if there's a prototype. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return EnumerateProperties(cx, target, props); +} + +bool ForwardingProxyHandler::getPrototype(JSContext* cx, HandleObject proxy, + MutableHandleObject protop) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return GetPrototype(cx, target, protop); +} + +bool ForwardingProxyHandler::setPrototype(JSContext* cx, HandleObject proxy, + HandleObject proto, + ObjectOpResult& result) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return SetPrototype(cx, target, proto, result); +} + +bool ForwardingProxyHandler::getPrototypeIfOrdinary( + JSContext* cx, HandleObject proxy, bool* isOrdinary, + MutableHandleObject protop) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return GetPrototypeIfOrdinary(cx, target, isOrdinary, protop); +} + +bool ForwardingProxyHandler::setImmutablePrototype(JSContext* cx, + HandleObject proxy, + bool* succeeded) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return SetImmutablePrototype(cx, target, succeeded); +} + +bool ForwardingProxyHandler::preventExtensions(JSContext* cx, + HandleObject proxy, + ObjectOpResult& result) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return PreventExtensions(cx, target, result); +} + +bool ForwardingProxyHandler::isExtensible(JSContext* cx, HandleObject proxy, + bool* extensible) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return IsExtensible(cx, target, extensible); +} + +bool ForwardingProxyHandler::has(JSContext* cx, HandleObject proxy, HandleId id, + bool* bp) const { + assertEnteredPolicy(cx, proxy, id, GET); + MOZ_ASSERT( + !hasPrototype()); // Should never be called if there's a prototype. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return HasProperty(cx, target, id, bp); +} + +bool ForwardingProxyHandler::get(JSContext* cx, HandleObject proxy, + HandleValue receiver, HandleId id, + MutableHandleValue vp) const { + assertEnteredPolicy(cx, proxy, id, GET); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return GetProperty(cx, target, receiver, id, vp); +} + +bool ForwardingProxyHandler::set(JSContext* cx, HandleObject proxy, HandleId id, + HandleValue v, HandleValue receiver, + ObjectOpResult& result) const { + assertEnteredPolicy(cx, proxy, id, SET); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return SetProperty(cx, target, id, v, receiver, result); +} + +bool ForwardingProxyHandler::call(JSContext* cx, HandleObject proxy, + const CallArgs& args) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), CALL); + RootedValue target(cx, proxy->as<ProxyObject>().private_()); + + InvokeArgs iargs(cx); + if (!FillArgumentsFromArraylike(cx, iargs, args)) { + return false; + } + + return js::Call(cx, target, args.thisv(), iargs, args.rval()); +} + +bool ForwardingProxyHandler::construct(JSContext* cx, HandleObject proxy, + const CallArgs& args) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), CALL); + + RootedValue target(cx, proxy->as<ProxyObject>().private_()); + if (!IsConstructor(target)) { + ReportValueError(cx, JSMSG_NOT_CONSTRUCTOR, JSDVG_IGNORE_STACK, target, + nullptr); + return false; + } + + ConstructArgs cargs(cx); + if (!FillArgumentsFromArraylike(cx, cargs, args)) { + return false; + } + + RootedObject obj(cx); + if (!Construct(cx, target, cargs, args.newTarget(), &obj)) { + return false; + } + + args.rval().setObject(*obj); + return true; +} + +bool ForwardingProxyHandler::hasOwn(JSContext* cx, HandleObject proxy, + HandleId id, bool* bp) const { + assertEnteredPolicy(cx, proxy, id, GET); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return HasOwnProperty(cx, target, id, bp); +} + +bool ForwardingProxyHandler::getOwnEnumerablePropertyKeys( + JSContext* cx, HandleObject proxy, MutableHandleIdVector props) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), ENUMERATE); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return GetPropertyKeys(cx, target, JSITER_OWNONLY, props); +} + +bool ForwardingProxyHandler::nativeCall(JSContext* cx, IsAcceptableThis test, + NativeImpl impl, + const CallArgs& args) const { + args.setThis( + ObjectValue(*args.thisv().toObject().as<ProxyObject>().target())); + if (!test(args.thisv())) { + ReportIncompatible(cx, args); + return false; + } + + return CallNativeImpl(cx, impl, args); +} + +bool ForwardingProxyHandler::getBuiltinClass(JSContext* cx, HandleObject proxy, + ESClass* cls) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return JS::GetBuiltinClass(cx, target, cls); +} + +bool ForwardingProxyHandler::isArray(JSContext* cx, HandleObject proxy, + JS::IsArrayAnswer* answer) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return IsArray(cx, target, answer); +} + +const char* ForwardingProxyHandler::className(JSContext* cx, + HandleObject proxy) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), GET); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return GetObjectClassName(cx, target); +} + +JSString* ForwardingProxyHandler::fun_toString(JSContext* cx, + HandleObject proxy, + bool isToSource) const { + assertEnteredPolicy(cx, proxy, JS::PropertyKey::Void(), GET); + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return fun_toStringHelper(cx, target, isToSource); +} + +RegExpShared* ForwardingProxyHandler::regexp_toShared( + JSContext* cx, HandleObject proxy) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return RegExpToShared(cx, target); +} + +bool ForwardingProxyHandler::boxedValue_unbox(JSContext* cx, HandleObject proxy, + MutableHandleValue vp) const { + RootedObject target(cx, proxy->as<ProxyObject>().target()); + return Unbox(cx, target, vp); +} + +bool ForwardingProxyHandler::isCallable(JSObject* obj) const { + JSObject* target = obj->as<ProxyObject>().target(); + return target->isCallable(); +} + +bool ForwardingProxyHandler::isConstructor(JSObject* obj) const { + JSObject* target = obj->as<ProxyObject>().target(); + return target->isConstructor(); +} + +JSObject* Wrapper::New(JSContext* cx, JSObject* obj, const Wrapper* handler, + const WrapperOptions& options) { + // If this is a cross-compartment wrapper allocate it in the compartment's + // first global. See Compartment::globalForNewCCW. + mozilla::Maybe<AutoRealm> ar; + if (handler->isCrossCompartmentWrapper()) { + ar.emplace(cx, &cx->compartment()->globalForNewCCW()); + } + RootedValue priv(cx, ObjectValue(*obj)); + return NewProxyObject(cx, handler, priv, options.proto(), options); +} + +JSObject* Wrapper::Renew(JSObject* existing, JSObject* obj, + const Wrapper* handler) { + existing->as<ProxyObject>().renew(handler, ObjectValue(*obj)); + return existing; +} + +JSObject* Wrapper::wrappedObject(JSObject* wrapper) { + MOZ_ASSERT(wrapper->is<WrapperObject>()); + JSObject* target = wrapper->as<ProxyObject>().target(); + + if (target) { + // A cross-compartment wrapper should never wrap a CCW. We rely on this + // in the wrapper handlers (we use AutoRealm on our return value, and + // AutoRealm cannot be used with CCWs). + MOZ_ASSERT_IF(IsCrossCompartmentWrapper(wrapper), + !IsCrossCompartmentWrapper(target)); + +#ifdef DEBUG + // An incremental GC will eventually mark the targets of black wrappers + // black but while it is in progress we can observe gray targets. + if (!wrapper->runtimeFromMainThread()->gc.isIncrementalGCInProgress() && + wrapper->isMarkedBlack()) { + JS::AssertObjectIsNotGray(target); + } +#endif + + // Unmark wrapper targets that should be black in case an incremental GC + // hasn't marked them the correct color yet. + JS::ExposeObjectToActiveJS(target); + } + + return target; +} + +JS_PUBLIC_API JSObject* js::UncheckedUnwrapWithoutExpose(JSObject* wrapped) { + while (true) { + if (!wrapped->is<WrapperObject>() || MOZ_UNLIKELY(IsWindowProxy(wrapped))) { + break; + } + wrapped = wrapped->as<WrapperObject>().target(); + + // This can be called from when getting a weakmap key delegate() on a + // wrapper whose referent has been moved while it is still unmarked. + if (wrapped) { + wrapped = MaybeForwarded(wrapped); + } + } + return wrapped; +} + +JS_PUBLIC_API JSObject* js::UncheckedUnwrap(JSObject* wrapped, + bool stopAtWindowProxy, + unsigned* flagsp) { + MOZ_ASSERT(!JS::RuntimeHeapIsCollecting()); + MOZ_ASSERT(CurrentThreadCanAccessRuntime(wrapped->runtimeFromAnyThread())); + + unsigned flags = 0; + while (true) { + if (!wrapped->is<WrapperObject>() || + MOZ_UNLIKELY(stopAtWindowProxy && IsWindowProxy(wrapped))) { + break; + } + flags |= Wrapper::wrapperHandler(wrapped)->flags(); + wrapped = Wrapper::wrappedObject(wrapped); + } + if (flagsp) { + *flagsp = flags; + } + return wrapped; +} + +JS_PUBLIC_API JSObject* js::CheckedUnwrapStatic(JSObject* obj) { + while (true) { + JSObject* wrapper = obj; + obj = UnwrapOneCheckedStatic(obj); + if (!obj || obj == wrapper) { + return obj; + } + } +} + +JS_PUBLIC_API JSObject* js::UnwrapOneCheckedStatic(JSObject* obj) { + MOZ_ASSERT(!JS::RuntimeHeapIsCollecting()); + MOZ_ASSERT(CurrentThreadCanAccessRuntime(obj->runtimeFromAnyThread())); + + // Note: callers that care about WindowProxy unwrapping should use + // CheckedUnwrapDynamic or UnwrapOneCheckedDynamic instead of this. We don't + // unwrap WindowProxy here to preserve legacy behavior and for consistency + // with CheckedUnwrapDynamic's default stopAtWindowProxy = true. + if (!obj->is<WrapperObject>() || MOZ_UNLIKELY(IsWindowProxy(obj))) { + return obj; + } + + const Wrapper* handler = Wrapper::wrapperHandler(obj); + return handler->hasSecurityPolicy() ? nullptr : Wrapper::wrappedObject(obj); +} + +JS_PUBLIC_API JSObject* js::CheckedUnwrapDynamic(JSObject* obj, JSContext* cx, + bool stopAtWindowProxy) { + RootedObject wrapper(cx, obj); + while (true) { + JSObject* unwrapped = + UnwrapOneCheckedDynamic(wrapper, cx, stopAtWindowProxy); + if (!unwrapped || unwrapped == wrapper) { + return unwrapped; + } + wrapper = unwrapped; + } +} + +JS_PUBLIC_API JSObject* js::UnwrapOneCheckedDynamic(HandleObject obj, + JSContext* cx, + bool stopAtWindowProxy) { + MOZ_ASSERT(!JS::RuntimeHeapIsCollecting()); + MOZ_ASSERT(CurrentThreadCanAccessRuntime(obj->runtimeFromAnyThread())); + // We should know who's asking. + MOZ_ASSERT(cx); + MOZ_ASSERT(cx->realm()); + + if (!obj->is<WrapperObject>() || + MOZ_UNLIKELY(stopAtWindowProxy && IsWindowProxy(obj))) { + return obj; + } + + const Wrapper* handler = Wrapper::wrapperHandler(obj); + if (!handler->hasSecurityPolicy() || + handler->dynamicCheckedUnwrapAllowed(obj, cx)) { + return Wrapper::wrappedObject(obj); + } + + return nullptr; +} + +void js::ReportAccessDenied(JSContext* cx) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_OBJECT_ACCESS_DENIED); +} + +const char Wrapper::family = 0; +const Wrapper Wrapper::singleton((unsigned)0); +const Wrapper Wrapper::singletonWithPrototype((unsigned)0, true); +JSObject* const Wrapper::defaultProto = TaggedProto::LazyProto; + +/* Compartments. */ + +JSObject* js::TransparentObjectWrapper(JSContext* cx, HandleObject existing, + HandleObject obj) { + // Allow wrapping outer window proxies. + MOZ_ASSERT(!obj->is<WrapperObject>() || IsWindowProxy(obj)); + return Wrapper::New(cx, obj, &CrossCompartmentWrapper::singleton); +} + +ErrorCopier::~ErrorCopier() { + JSContext* cx = ar->context(); + + // The provenance of Debugger.DebuggeeWouldRun is the topmost locking + // debugger compartment; it should not be copied around. + if (ar->origin()->compartment() != cx->compartment() && + cx->isExceptionPending() && !cx->isThrowingDebuggeeWouldRun()) { + RootedValue exc(cx); + if (cx->getPendingException(&exc) && exc.isObject() && + exc.toObject().is<ErrorObject>()) { + Rooted<SavedFrame*> stack(cx, cx->getPendingExceptionStack()); + cx->clearPendingException(); + ar.reset(); + Rooted<ErrorObject*> errObj(cx, &exc.toObject().as<ErrorObject>()); + if (JSObject* copyobj = CopyErrorObject(cx, errObj)) { + RootedValue rootedCopy(cx, ObjectValue(*copyobj)); + cx->setPendingException(rootedCopy, stack); + } + } + } +} |