tor-browser

WebIDLGlobalNameHash.cpp (10824B)

---

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "WebIDLGlobalNameHash.h"

#include "WrapperFactory.h"
#include "js/Class.h"
#include "js/GCAPI.h"
#include "js/Id.h"
#include "js/Object.h"  // JS::GetClass, JS::GetReservedSlot
#include "js/Wrapper.h"
#include "jsapi.h"
#include "jsfriendapi.h"
#include "mozilla/ErrorResult.h"
#include "mozilla/Maybe.h"
#include "mozilla/dom/BindingNames.h"
#include "mozilla/dom/DOMJSClass.h"
#include "mozilla/dom/Exceptions.h"
#include "mozilla/dom/JSSlots.h"
#include "mozilla/dom/PrototypeList.h"
#include "mozilla/dom/ProxyHandlerUtils.h"
#include "mozilla/dom/RegisterBindings.h"
#include "nsGlobalWindowInner.h"
#include "nsTHashtable.h"

namespace mozilla::dom {

static JSObject* FindNamedConstructorForXray(
   JSContext* aCx, JS::Handle<jsid> aId, const WebIDLNameTableEntry* aEntry) {
 JSObject* interfaceObject =
     GetPerInterfaceObjectHandle(aCx, aEntry->mConstructorId, aEntry->mCreate,
                                 DefineInterfaceProperty::No);
 if (!interfaceObject) {
   return nullptr;
 }

 if (IsInterfaceObject(interfaceObject)) {
   // This is a call over Xrays, so we will actually use the return value
   // (instead of just having it defined on the global now).  Check for named
   // constructors with this id, in case that's what the caller is asking for.
   for (unsigned slot = INTERFACE_OBJECT_FIRST_LEGACY_FACTORY_FUNCTION;
        slot < INTERFACE_OBJECT_MAX_SLOTS; ++slot) {
     const JS::Value& v = js::GetFunctionNativeReserved(interfaceObject, slot);
     if (!v.isObject()) {
       break;
     }
     JSObject* constructor = &v.toObject();
     if (JS_GetMaybePartialFunctionId(JS_GetObjectFunction(constructor)) ==
         aId.toString()) {
       return constructor;
     }
   }
 }

 // None of the legacy factory functions match, so the caller must want the
 // interface object itself.
 return interfaceObject;
}

/* static */
bool WebIDLGlobalNameHash::DefineIfEnabled(
   JSContext* aCx, JS::Handle<JSObject*> aObj, JS::Handle<jsid> aId,
   JS::MutableHandle<mozilla::Maybe<JS::PropertyDescriptor>> aDesc,
   bool* aFound) {
 MOZ_ASSERT(aId.isString(), "Check for string id before calling this!");

 const WebIDLNameTableEntry* entry = GetEntry(aId.toLinearString());
 if (!entry) {
   *aFound = false;
   return true;
 }

 *aFound = true;

 ConstructorEnabled checkEnabledForScope = entry->mEnabled;
 // We do the enabled check on the current Realm of aCx, but for the
 // actual object we pass in the underlying object in the Xray case.  That
 // way the callee can decide whether to allow access based on the caller
 // or the window being touched.
 //
 // Using aCx to represent the current Realm for CheckedUnwrapDynamic
 // purposes is OK here, because that's the Realm where we plan to do
 // our property-defining.
 JS::Rooted<JSObject*> global(
     aCx,
     js::CheckedUnwrapDynamic(aObj, aCx, /* stopAtWindowProxy = */ false));
 if (!global) {
   return Throw(aCx, NS_ERROR_DOM_SECURITY_ERR);
 }

 {
   // It's safe to pass "&global" here, because we've already unwrapped it, but
   // for general sanity better to not have debug code even having the
   // appearance of mutating things that opt code uses.
#ifdef DEBUG
   JS::Rooted<JSObject*> temp(aCx, global);
   DebugOnly<nsGlobalWindowInner*> win;
   MOZ_ASSERT(NS_SUCCEEDED(
       UNWRAP_MAYBE_CROSS_ORIGIN_OBJECT(Window, &temp, win, aCx)));
#endif
 }

 if (checkEnabledForScope && !checkEnabledForScope(aCx, global)) {
   return true;
 }

 // The DOM constructor resolve machinery interacts with Xrays in tricky
 // ways, and there are some asymmetries that are important to understand.
 //
 // In the regular (non-Xray) case, we only want to resolve constructors
 // once (so that if they're deleted, they don't reappear). We do this by
 // stashing the constructor in a slot on the global, such that we can see
 // during resolve whether we've created it already. This is rather
 // memory-intensive, so we don't try to maintain these semantics when
 // manipulating a global over Xray (so the properties just re-resolve if
 // they've been deleted).
 //
 // Unfortunately, there's a bit of an impedance-mismatch between the Xray
 // and non-Xray machinery. The Xray machinery wants an API that returns a
 // JS::PropertyDescriptor, so that the resolve hook doesn't have to get
 // snared up with trying to define a property on the Xray holder. At the
 // same time, the DefineInterface callbacks are set up to define things
 // directly on the global.  And re-jiggering them to return property
 // descriptors is tricky, because some DefineInterface callbacks define
 // multiple things (like the Image() alias for HTMLImageElement).
 //
 // So the setup is as-follows:
 //
 // * The resolve function takes a JS::PropertyDescriptor, but in the
 //   non-Xray case, callees may define things directly on the global, and
 //   set the value on the property descriptor to |undefined| to indicate
 //   that there's nothing more for the caller to do. We assert against
 //   this behavior in the Xray case.
 //
 // * We make sure that we do a non-Xray resolve first, so that all the
 //   slots are set up. In the Xray case, this means unwrapping and doing
 //   a non-Xray resolve before doing the Xray resolve.
 //
 // This all could use some grand refactoring, but for now we just limp
 // along.
 if (xpc::WrapperFactory::IsXrayWrapper(aObj)) {
   JS::Rooted<JSObject*> constructor(aCx);
   {
     JSAutoRealm ar(aCx, global);
     constructor = FindNamedConstructorForXray(aCx, aId, entry);
   }
   if (NS_WARN_IF(!constructor)) {
     return Throw(aCx, NS_ERROR_FAILURE);
   }
   if (!JS_WrapObject(aCx, &constructor)) {
     return Throw(aCx, NS_ERROR_FAILURE);
   }

   aDesc.set(mozilla::Some(JS::PropertyDescriptor::Data(
       JS::ObjectValue(*constructor), {JS::PropertyAttribute::Configurable,
                                       JS::PropertyAttribute::Writable})));
   return true;
 }

 // We've already checked whether the interface is enabled (see
 // checkEnabledForScope above), so it's fine to pass
 // DefineInterfaceProperty::Always here.
 JS::Rooted<JSObject*> interfaceObject(
     aCx,
     GetPerInterfaceObjectHandle(aCx, entry->mConstructorId, entry->mCreate,
                                 DefineInterfaceProperty::Always));
 if (NS_WARN_IF(!interfaceObject)) {
   return Throw(aCx, NS_ERROR_FAILURE);
 }

 // We've already defined the property.  We indicate this to the caller
 // by filling a property descriptor with JS::UndefinedValue() as the
 // value.  We still have to fill in a property descriptor, though, so
 // that the caller knows the property is in fact on this object.
 aDesc.set(
     mozilla::Some(JS::PropertyDescriptor::Data(JS::UndefinedValue(), {})));
 return true;
}

/* static */
bool WebIDLGlobalNameHash::MayResolve(jsid aId) {
 return GetEntry(aId.toLinearString()) != nullptr;
}

/* static */
bool WebIDLGlobalNameHash::GetNames(JSContext* aCx, JS::Handle<JSObject*> aObj,
                                   NameType aNameType,
                                   JS::MutableHandleVector<jsid> aNames) {
 // aObj is always a Window here, so GetProtoAndIfaceCache on it is safe.
 ProtoAndIfaceCache* cache = GetProtoAndIfaceCache(aObj);
 for (size_t i = 0; i < sCount; ++i) {
   const WebIDLNameTableEntry& entry = sEntries[i];
   // If aNameType is not AllNames, only include things whose entry slot in the
   // ProtoAndIfaceCache is null.
   if ((aNameType == AllNames ||
        !cache->HasEntryInSlot(entry.mConstructorId)) &&
       (!entry.mEnabled || entry.mEnabled(aCx, aObj))) {
     JSString* str = JS_AtomizeStringN(aCx, BindingName(entry.mNameOffset),
                                       entry.mNameLength);
     if (!str || !aNames.append(JS::PropertyKey::NonIntAtom(str))) {
       return false;
     }
   }
 }

 return true;
}

/* static */
bool WebIDLGlobalNameHash::ResolveForSystemGlobal(JSContext* aCx,
                                                 JS::Handle<JSObject*> aObj,
                                                 JS::Handle<jsid> aId,
                                                 bool* aResolvedp) {
 MOZ_ASSERT(JS_IsGlobalObject(aObj));

 // First we try to resolve standard classes.
 if (!JS_ResolveStandardClass(aCx, aObj, aId, aResolvedp)) {
   return false;
 }
 if (*aResolvedp) {
   return true;
 }

 // We don't resolve any non-string entries.
 if (!aId.isString()) {
   return true;
 }

 // XXX(nika): In the Window case, we unwrap our global object here to handle
 // XRays. I don't think we ever create xrays to system globals, so I believe
 // we can skip this step.
 MOZ_ASSERT(!xpc::WrapperFactory::IsXrayWrapper(aObj), "Xrays not supported!");

 // Look up the corresponding entry in the name table, and resolve if enabled.
 const WebIDLNameTableEntry* entry = GetEntry(aId.toLinearString());
 if (entry && (!entry->mEnabled || entry->mEnabled(aCx, aObj))) {
   // We've already checked whether the interface is enabled (see
   // entry->mEnabled above), so it's fine to pass
   // DefineInterfaceProperty::Always here.
   if (NS_WARN_IF(!GetPerInterfaceObjectHandle(
           aCx, entry->mConstructorId, entry->mCreate,
           DefineInterfaceProperty::Always))) {
     return Throw(aCx, NS_ERROR_FAILURE);
   }

   *aResolvedp = true;
 }
 return true;
}

/* static */
bool WebIDLGlobalNameHash::NewEnumerateSystemGlobal(
   JSContext* aCx, JS::Handle<JSObject*> aObj,
   JS::MutableHandleVector<jsid> aProperties, bool aEnumerableOnly) {
 MOZ_ASSERT(JS_IsGlobalObject(aObj));

 if (!JS_NewEnumerateStandardClasses(aCx, aObj, aProperties,
                                     aEnumerableOnly)) {
   return false;
 }

 // All properties defined on our global are non-enumerable, so we can skip
 // remaining properties.
 if (aEnumerableOnly) {
   return true;
 }

 // Enumerate all entries & add enabled ones.
 for (size_t i = 0; i < sCount; ++i) {
   const WebIDLNameTableEntry& entry = sEntries[i];
   if (!entry.mEnabled || entry.mEnabled(aCx, aObj)) {
     JSString* str = JS_AtomizeStringN(aCx, BindingName(entry.mNameOffset),
                                       entry.mNameLength);
     if (!str || !aProperties.append(JS::PropertyKey::NonIntAtom(str))) {
       return false;
     }
   }
 }
 return true;
}

}  // namespace mozilla::dom