1 files changed, 124 insertions, 0 deletions

diff --git a/browser/components/uitour/UITourChild.sys.mjs b/browser/components/uitour/UITourChild.sys.mjs
new file mode 100644
index 0000000000..65ef20931b
--- /dev/null
+++ b/browser/components/uitour/UITourChild.sys.mjs
@@ -0,0 +1,124 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const PREF_TEST_WHITELIST = "browser.uitour.testingOrigins";
+const UITOUR_PERMISSION = "uitour";
+
+export class UITourChild extends JSWindowActorChild {
+  handleEvent(event) {
+    if (!Services.prefs.getBoolPref("browser.uitour.enabled")) {
+      return;
+    }
+    if (!this.ensureTrustedOrigin()) {
+      return;
+    }
+
+    this.sendAsyncMessage("UITour:onPageEvent", {
+      detail: event.detail,
+      type: event.type,
+      pageVisibilityState: this.document.visibilityState,
+    });
+  }
+
+  isTestingOrigin(aURI) {
+    if (
+      Services.prefs.getPrefType(PREF_TEST_WHITELIST) !=
+      Services.prefs.PREF_STRING
+    ) {
+      return false;
+    }
+
+    // Add any testing origins (comma-seperated) to the whitelist for the session.
+    for (let origin of Services.prefs
+      .getCharPref(PREF_TEST_WHITELIST)
+      .split(",")) {
+      try {
+        let testingURI = Services.io.newURI(origin);
+        if (aURI.prePath == testingURI.prePath) {
+          return true;
+        }
+      } catch (ex) {
+        console.error(ex);
+      }
+    }
+    return false;
+  }
+
+  // This function is copied from UITour.sys.mjs.
+  isSafeScheme(aURI) {
+    let allowedSchemes = new Set(["https", "about"]);
+    if (!Services.prefs.getBoolPref("browser.uitour.requireSecure")) {
+      allowedSchemes.add("http");
+    }
+
+    if (!allowedSchemes.has(aURI.scheme)) {
+      return false;
+    }
+
+    return true;
+  }
+
+  ensureTrustedOrigin() {
+    if (this.browsingContext.top != this.browsingContext) {
+      return false;
+    }
+
+    let uri = this.document.documentURIObject;
+
+    if (uri.schemeIs("chrome")) {
+      return true;
+    }
+
+    if (!this.isSafeScheme(uri)) {
+      return false;
+    }
+
+    let principal = Services.scriptSecurityManager.principalWithOA(
+      this.document.nodePrincipal,
+      {}
+    );
+    let permission = Services.perms.testPermissionFromPrincipal(
+      principal,
+      UITOUR_PERMISSION
+    );
+    if (permission == Services.perms.ALLOW_ACTION) {
+      return true;
+    }
+
+    // Bug 1557153: To allow Skyline messaging, workaround for UNKNOWN_ACTION
+    // overriding browser/app/permissions default
+    // Bug 1837407: Do a similar thing for support.mozilla.org for the same
+    // underlying issue (bug 1579517).
+    return (
+      uri.host == "www.mozilla.org" ||
+      uri.host == "support.mozilla.org" ||
+      this.isTestingOrigin(uri)
+    );
+  }
+
+  receiveMessage(aMessage) {
+    switch (aMessage.name) {
+      case "UITour:SendPageCallback":
+        this.sendPageEvent("Response", aMessage.data);
+        break;
+      case "UITour:SendPageNotification":
+        this.sendPageEvent("Notification", aMessage.data);
+        break;
+    }
+  }
+
+  sendPageEvent(type, detail) {
+    if (!this.ensureTrustedOrigin()) {
+      return;
+    }
+
+    let win = this.contentWindow;
+    let eventName = "mozUITour" + type;
+    let event = new win.CustomEvent(eventName, {
+      bubbles: true,
+      detail: Cu.cloneInto(detail, win),
+    });
+    win.document.dispatchEvent(event);
+  }
+}