The Tor Browser: toolkit/components/social/FrameWorkerContent.js@129ffea94266 (annotated)

toolkit/components/social/FrameWorkerContent.js@129ffea94266 (annotated)

toolkit/components/social/FrameWorkerContent.js

Sat, 03 Jan 2015 20:18:00 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Sat, 03 Jan 2015 20:18:00 +0100
branch: TOR_BUG_3246
changeset 7: 129ffea94266
permissions: -rw-r--r--

Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.

 /* -*- Mode: JavaScript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/.
  */
 "use strict";
 // the singleton frameworker, available for (ab)use by tests.
 let frameworker;
 (function () { // bug 673569 workaround :(
 /*
  * This is an implementation of a "Shared Worker" using a remote <browser>
  * element hosted in the hidden DOM window.  This is the "content script"
  * implementation - it runs in the child process but has chrome permissions.
  *
  * A set of new APIs that simulate a shared worker are introduced to a sandbox
  * by cloning methods from the worker's JS origin.
  */
 const {classes: Cc, interfaces: Ci, utils: Cu} = Components;
 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/MessagePortBase.jsm");
 function navigate(url) {
   let webnav = docShell.QueryInterface(Ci.nsIWebNavigation);
   webnav.loadURI(url, Ci.nsIWebNavigation.LOAD_FLAGS_NONE, null, null, null);
 }
 /**
  * FrameWorker
  *
  * A FrameWorker is a <browser> element hosted by the hiddenWindow.
  * It is constructed with the URL of some JavaScript that will be run in
  * the context of the browser; the script does not have a full DOM but is
  * instead run in a sandbox that has a select set of methods cloned from the
  * URL's domain.
  */
 function FrameWorker(url, name, origin, exposeLocalStorage) {
   this.url = url;
   this.name = name || url;
   this.ports = new Map(); // all unclosed ports, including ones yet to be entangled
   this.loaded = false;
   this.origin = origin;
   this._injectController = null;
   this.exposeLocalStorage = exposeLocalStorage;
   this.load();
 }
 FrameWorker.prototype = {
   load: function FrameWorker_loadWorker() {
     this._injectController = function(doc, topic, data) {
       if (!doc.defaultView || doc.defaultView != content) {
         return;
       }
       this._maybeRemoveInjectController();
       try {
         this.createSandbox();
       } catch (e) {
         Cu.reportError("FrameWorker: failed to create sandbox for " + this.url + ". " + e);
       }
     }.bind(this);
     Services.obs.addObserver(this._injectController, "document-element-inserted", false);
     navigate(this.url);
   },
   _maybeRemoveInjectController: function() {
     if (this._injectController) {
       Services.obs.removeObserver(this._injectController, "document-element-inserted");
       this._injectController = null;
     }
   },
   createSandbox: function createSandbox() {
     let workerWindow = content;
     let sandbox = new Cu.Sandbox(workerWindow);
     // copy the window apis onto the sandbox namespace only functions or
     // objects that are naturally a part of an iframe, I'm assuming they are
     // safe to import this way
     let workerAPI = ['WebSocket', 'atob', 'btoa',
                      'clearInterval', 'clearTimeout', 'dump',
                      'setInterval', 'setTimeout', 'XMLHttpRequest',
                      'FileReader', 'Blob', 'EventSource', 'indexedDB',
                      'location', 'Worker'];
     // Only expose localStorage if the caller opted-in
     if (this.exposeLocalStorage) {
       workerAPI.push('localStorage');
     }
     // Bug 798660 - XHR, WebSocket and Worker have issues in a sandbox and need
     // to be unwrapped to work
     let needsWaive = ['XMLHttpRequest', 'WebSocket', 'Worker'];
     // Methods need to be bound with the proper |this|.
     let needsBind = ['atob', 'btoa', 'dump', 'setInterval', 'clearInterval',
                      'setTimeout', 'clearTimeout'];
     workerAPI.forEach(function(fn) {
       try {
         if (needsWaive.indexOf(fn) != -1)
           sandbox[fn] = XPCNativeWrapper.unwrap(workerWindow)[fn];
         else if (needsBind.indexOf(fn) != -1)
           sandbox[fn] = workerWindow[fn].bind(workerWindow);
         else
           sandbox[fn] = workerWindow[fn];
       }
       catch(e) {
         Cu.reportError("FrameWorker: failed to import API "+fn+"\n"+e+"\n");
       }
     });
     // the "navigator" object in a worker is a subset of the full navigator;
     // specifically, just the interfaces 'NavigatorID' and 'NavigatorOnLine'
     let navigator = {
       __exposedProps__: {
         "appName": "r",
         "appVersion": "r",
         "platform": "r",
         "userAgent": "r",
         "onLine": "r"
       },
       // interface NavigatorID
       appName: workerWindow.navigator.appName,
       appVersion: workerWindow.navigator.appVersion,
       platform: workerWindow.navigator.platform,
       userAgent: workerWindow.navigator.userAgent,
       // interface NavigatorOnLine
       get onLine() workerWindow.navigator.onLine
     };
     sandbox.navigator = navigator;
     // Our importScripts function needs to 'eval' the script code from inside
     // a function, but using eval() directly means functions in the script
     // don't end up in the global scope.
     sandbox._evalInSandbox = function(s, url) {
       let baseURI = Services.io.newURI(workerWindow.location.href, null, null);
       Cu.evalInSandbox(s, sandbox, "1.8",
                        Services.io.newURI(url, null, baseURI).spec, 1);
     };
     // and we delegate ononline and onoffline events to the worker.
     // See http://www.whatwg.org/specs/web-apps/current-work/multipage/workers.html#workerglobalscope
     workerWindow.addEventListener('offline', function fw_onoffline(event) {
       Cu.evalInSandbox("onoffline();", sandbox);
     }, false);
     workerWindow.addEventListener('online', function fw_ononline(event) {
       Cu.evalInSandbox("ononline();", sandbox);
     }, false);
     sandbox._postMessage = function fw_postMessage(d, o) {
       workerWindow.postMessage(d, o)
     };
     sandbox._addEventListener = function fw_addEventListener(t, l, c) {
       workerWindow.addEventListener(t, l, c)
     };
     // Note we don't need to stash |sandbox| in |this| as the unload handler
     // has a reference in its closure, so it can't die until that handler is
     // removed - at which time we've explicitly killed it anyway.
     let worker = this;
     workerWindow.addEventListener("DOMContentLoaded", function loadListener() {
       workerWindow.removeEventListener("DOMContentLoaded", loadListener);
       // no script, error out now rather than creating ports, etc
       let scriptText = workerWindow.document.body.textContent.trim();
       if (!scriptText) {
         Cu.reportError("FrameWorker: Empty worker script received");
         notifyWorkerError();
         return;
       }
       // now that we've got the script text, remove it from the DOM;
       // no need for it to keep occupying memory there
       workerWindow.document.body.textContent = "";
       // the content has loaded the js file as text - first inject the magic
       // port-handling code into the sandbox.
       try {
         Services.scriptloader.loadSubScript("resource://gre/modules/MessagePortBase.jsm", sandbox);
         Services.scriptloader.loadSubScript("resource://gre/modules/MessagePortWorker.js", sandbox);
       }
       catch (e) {
         Cu.reportError("FrameWorker: Error injecting port code into content side of the worker: " + e + "\n" + e.stack);
         notifyWorkerError();
         return;
       }
       // and wire up the client message handling.
       try {
         initClientMessageHandler();
       }
       catch (e) {
         Cu.reportError("FrameWorker: Error setting up event listener for chrome side of the worker: " + e + "\n" + e.stack);
         notifyWorkerError();
         return;
       }
       // Now get the worker js code and eval it into the sandbox
       try {
         Cu.evalInSandbox(scriptText, sandbox, "1.8", workerWindow.location.href, 1);
       } catch (e) {
         Cu.reportError("FrameWorker: Error evaluating worker script for " + worker.name + ": " + e + "; " +
             (e.lineNumber ? ("Line #" + e.lineNumber) : "") +
             (e.stack ? ("\n" + e.stack) : ""));
         notifyWorkerError();
         return;
       }
       // so finally we are ready to roll - dequeue all the pending connects
       worker.loaded = true;
       for (let [,port] of worker.ports) { // enumeration is in insertion order
         if (!port._entangled) {
           try {
             port._createWorkerAndEntangle(worker);
           }
           catch(e) {
             Cu.reportError("FrameWorker: Failed to entangle worker port: " + e + "\n" + e.stack);
           }
         }
       }
     });
     // the 'unload' listener cleans up the worker and the sandbox.  This
     // will be triggered by the window unloading as part of shutdown or reload.
     workerWindow.addEventListener("unload", function unloadListener() {
       workerWindow.removeEventListener("unload", unloadListener);
       worker.loaded = false;
       // No need to close ports - the worker probably wont see a
       // social.port-closing message and certainly isn't going to have time to
       // do anything if it did see it.
       worker.ports.clear();
       if (sandbox) {
         Cu.nukeSandbox(sandbox);
         sandbox = null;
       }
     });
   },
 };
 const FrameWorkerManager = {
   init: function() {
     // first, setup the docShell to disable some types of content
     docShell.allowAuth = false;
     docShell.allowPlugins = false;
     docShell.allowImages = false;
     docShell.allowMedia = false;
     docShell.allowWindowControl = false;
     addMessageListener("frameworker:init", this._onInit);
     addMessageListener("frameworker:connect", this._onConnect);
     addMessageListener("frameworker:port-message", this._onPortMessage);
     addMessageListener("frameworker:cookie-get", this._onCookieGet);
   },
   // This new frameworker is being created.  This should only be called once.
   _onInit: function(msg) {
     let {url, name, origin, exposeLocalStorage} = msg.data;
     frameworker = new FrameWorker(url, name, origin, exposeLocalStorage);
   },
   // A new port is being established for this frameworker.
   _onConnect: function(msg) {
     let port = new ClientPort(msg.data.portId);
     frameworker.ports.set(msg.data.portId, port);
     if (frameworker.loaded && !frameworker.reloading)
       port._createWorkerAndEntangle(frameworker);
   },
   // A message related to a port.
   _onPortMessage: function(msg) {
     // find the "client" port for this message and have it post it into
     // the worker.
     let port = frameworker.ports.get(msg.data.portId);
     port._dopost(msg.data);
   },
   _onCookieGet: function(msg) {
     sendAsyncMessage("frameworker:cookie-get-response", content.document.cookie);
   },
 };
 FrameWorkerManager.init();
 // This is the message listener for the chrome side of the world - ie, the
 // port that exists with chrome permissions inside the <browser/> (ie, in the
 // content process if a remote browser is used).
 function initClientMessageHandler() {
   function _messageHandler(event) {
     // We will ignore all messages destined for otherType.
     let data = event.data;
     let portid = data.portId;
     let port;
     if (!data.portFromType || data.portFromType !== "worker") {
       // this is a message posted by ourself so ignore it.
       return;
     }
     switch (data.portTopic) {
       // No "port-create" here - client ports are created explicitly.
       case "port-connection-error":
         // onconnect failed, we cannot connect the port, the worker has
         // become invalid
         notifyWorkerError();
         break;
       case "port-close":
         // the worker side of the port was closed, so close this side too.
         port = frameworker.ports.get(portid);
         if (!port) {
           // port already closed (which will happen when we call port.close()
           // below - the worker side will send us this message but we've
           // already closed it.)
           return;
         }
         frameworker.ports.delete(portid);
         port.close();
         break;
       case "port-message":
         // the client posted a message to this worker port.
         port = frameworker.ports.get(portid);
         if (!port) {
           return;
         }
         port._onmessage(data.data);
         break;
       default:
         break;
     }
   }
   // this can probably go once debugged and working correctly!
   function messageHandler(event) {
     try {
       _messageHandler(event);
     } catch (ex) {
       Cu.reportError("FrameWorker: Error handling client port control message: " + ex + "\n" + ex.stack);
     }
   }
   content.addEventListener('message', messageHandler);
 }
 /**
  * ClientPort
  *
  * Client side of the entangled ports. This is just a shim that sends messages
  * back to the "parent" port living in the chrome process.
  *
  * constructor:
  * @param {integer} portid
  */
 function ClientPort(portid) {
   // messages posted to the worker before the worker has loaded.
   this._pendingMessagesOutgoing = [];
   AbstractPort.call(this, portid);
 }
 ClientPort.prototype = {
   __proto__: AbstractPort.prototype,
   _portType: "client",
   // _entangled records if the port has ever been entangled (although may be
   // reset during a reload).
   _entangled: false,
   _createWorkerAndEntangle: function fw_ClientPort_createWorkerAndEntangle(worker) {
     this._entangled = true;
     this._postControlMessage("port-create");
     for (let message of this._pendingMessagesOutgoing) {
       this._dopost(message);
     }
     this._pendingMessagesOutgoing = [];
     // The client side of the port might have been closed before it was
     // "entangled" with the worker, in which case we need to disentangle it
     if (this._closed) {
       worker.ports.delete(this._portid);
     }
   },
   _dopost: function fw_ClientPort_dopost(data) {
     if (!this._entangled) {
       this._pendingMessagesOutgoing.push(data);
     } else {
       content.postMessage(data, "*");
     }
   },
   // we are just a "shim" - any messages we get are just forwarded back to
   // the chrome parent process.
   _onmessage: function(data) {
     sendAsyncMessage("frameworker:port-message", {portId: this._portid, data: data});
   },
   _onerror: function fw_ClientPort_onerror(err) {
     Cu.reportError("FrameWorker: Port " + this + " handler failed: " + err + "\n" + err.stack);
   },
   close: function fw_ClientPort_close() {
     if (this._closed) {
       return; // already closed.
     }
     // a leaky abstraction due to the worker spec not specifying how the
     // other end of a port knows it is closing.
     this.postMessage({topic: "social.port-closing"});
     AbstractPort.prototype.close.call(this);
     // this._pendingMessagesOutgoing should still be drained, as a closed
     // port will still get "entangled" quickly enough to deliver the messages.
   }
 }
 function notifyWorkerError() {
   sendAsyncMessage("frameworker:notify-worker-error", {origin: frameworker.origin});
 }
 }());