The Tor Browser: comparison content/base/src/nsFrameMessageManager.cpp

--1:000000000000
+:29452eada15c
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "base/basictypes.h"
+#include "nsFrameMessageManager.h"
+#include "AppProcessChecker.h"
+#include "ContentChild.h"
+#include "ContentParent.h"
+#include "nsContentUtils.h"
+#include "nsCxPusher.h"
+#include "nsError.h"
+#include "nsIXPConnect.h"
+#include "jsapi.h"
+#include "nsJSUtils.h"
+#include "nsJSPrincipals.h"
+#include "nsNetUtil.h"
+#include "nsScriptLoader.h"
+#include "nsFrameLoader.h"
+#include "nsIXULRuntime.h"
+#include "nsIScriptError.h"
+#include "nsIConsoleService.h"
+#include "nsIMemoryReporter.h"
+#include "nsIProtocolHandler.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIJSRuntimeService.h"
+#include "nsIDOMClassInfo.h"
+#include "nsIDOMFile.h"
+#include "xpcpublic.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/dom/StructuredCloneUtils.h"
+#include "mozilla/dom/PBlobChild.h"
+#include "mozilla/dom/PBlobParent.h"
+#include "JavaScriptChild.h"
+#include "JavaScriptParent.h"
+#include "mozilla/dom/DOMStringList.h"
+#include "nsPrintfCString.h"
+#include <algorithm>
+#ifdef ANDROID
+#include <android/log.h>
+#endif
+#ifdef XP_WIN
+#include <windows.h>
+# if defined(SendMessage)
+#  undef SendMessage
+# endif
+#endif
+using namespace mozilla;
+using namespace mozilla::dom;
+using namespace mozilla::dom::ipc;
+static PLDHashOperator
+CycleCollectorTraverseListeners(const nsAString& aKey,
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* aListeners,
+void* aCb)
+{
+nsCycleCollectionTraversalCallback* cb =
+static_cast<nsCycleCollectionTraversalCallback*> (aCb);
+uint32_t count = aListeners->Length();
+for (uint32_t i = 0; i < count; ++i) {
+NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*cb, "listeners[i] mStrongListener");
+cb->NoteXPCOMChild(aListeners->ElementAt(i).mStrongListener.get());
+}
+return PL_DHASH_NEXT;
+}
+NS_IMPL_CYCLE_COLLECTION_CLASS(nsFrameMessageManager)
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(nsFrameMessageManager)
+tmp->mListeners.EnumerateRead(CycleCollectorTraverseListeners,
+static_cast<void*>(&cb));
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mChildManagers)
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsFrameMessageManager)
+tmp->mListeners.Clear();
+for (int32_t i = tmp->mChildManagers.Count(); i > 0; --i) {
+static_cast<nsFrameMessageManager*>(tmp->mChildManagers[i - 1])->
+Disconnect(false);
+}
+NS_IMPL_CYCLE_COLLECTION_UNLINK(mChildManagers)
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(nsFrameMessageManager)
+NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIContentFrameMessageManager)
+/* nsFrameMessageManager implements nsIMessageSender and nsIMessageBroadcaster,
+* both of which descend from nsIMessageListenerManager. QI'ing to
+* nsIMessageListenerManager is therefore ambiguous and needs explicit casts
+* depending on which child interface applies. */
+NS_INTERFACE_MAP_ENTRY_AGGREGATED(nsIMessageListenerManager,
+(mIsBroadcaster ?
+static_cast<nsIMessageListenerManager*>(
+static_cast<nsIMessageBroadcaster*>(this)) :
+static_cast<nsIMessageListenerManager*>(
+static_cast<nsIMessageSender*>(this))))
+/* Message managers in child process implement nsIMessageSender and
+nsISyncMessageSender.  Message managers in the chrome process are
+either broadcasters (if they have subordinate/child message
+managers) or they're simple message senders. */
+NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsISyncMessageSender, !mChrome)
+NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIMessageSender, !mChrome || !mIsBroadcaster)
+NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIMessageBroadcaster, mChrome && mIsBroadcaster)
+/* nsIContentFrameMessageManager is accessible only in TabChildGlobal. */
+NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIContentFrameMessageManager,
+!mChrome && !mIsProcessManager)
+/* Frame message managers (non-process message managers) support nsIFrameScriptLoader. */
+NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIFrameScriptLoader,
+mChrome && !mIsProcessManager)
+/* Message senders in the chrome process support nsIProcessChecker. */
+NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIProcessChecker,
+mChrome && !mIsBroadcaster)
+NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageBroadcaster,
+mChrome && mIsBroadcaster)
+NS_DOM_INTERFACE_MAP_ENTRY_CLASSINFO_CONDITIONAL(ChromeMessageSender,
+mChrome && !mIsBroadcaster)
+NS_INTERFACE_MAP_END
+NS_IMPL_CYCLE_COLLECTING_ADDREF(nsFrameMessageManager)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(nsFrameMessageManager)
+enum ActorFlavorEnum {
+Parent = 0,
+Child
+};
+template <ActorFlavorEnum>
+struct BlobTraits
+{ };
+template <>
+struct BlobTraits<Parent>
+{
+typedef mozilla::dom::BlobParent BlobType;
+typedef mozilla::dom::PBlobParent ProtocolType;
+typedef mozilla::dom::ContentParent ConcreteContentManagerType;
+};
+template <>
+struct BlobTraits<Child>
+{
+typedef mozilla::dom::BlobChild BlobType;
+typedef mozilla::dom::PBlobChild ProtocolType;
+typedef mozilla::dom::ContentChild ConcreteContentManagerType;
+};
+template<ActorFlavorEnum>
+struct DataBlobs
+{ };
+template<>
+struct DataBlobs<Parent>
+{
+typedef BlobTraits<Parent>::ProtocolType ProtocolType;
+static InfallibleTArray<ProtocolType*>& Blobs(ClonedMessageData& aData)
+{
+return aData.blobsParent();
+}
+static const InfallibleTArray<ProtocolType*>& Blobs(const ClonedMessageData& aData)
+{
+return aData.blobsParent();
+}
+};
+template<>
+struct DataBlobs<Child>
+{
+typedef BlobTraits<Child>::ProtocolType ProtocolType;
+static InfallibleTArray<ProtocolType*>& Blobs(ClonedMessageData& aData)
+{
+return aData.blobsChild();
+}
+static const InfallibleTArray<ProtocolType*>& Blobs(const ClonedMessageData& aData)
+{
+return aData.blobsChild();
+}
+};
+template<ActorFlavorEnum Flavor>
+static bool
+BuildClonedMessageData(typename BlobTraits<Flavor>::ConcreteContentManagerType* aManager,
+const StructuredCloneData& aData,
+ClonedMessageData& aClonedData)
+{
+SerializedStructuredCloneBuffer& buffer = aClonedData.data();
+buffer.data = aData.mData;
+buffer.dataLength = aData.mDataLength;
+const nsTArray<nsCOMPtr<nsIDOMBlob> >& blobs = aData.mClosure.mBlobs;
+if (!blobs.IsEmpty()) {
+typedef typename BlobTraits<Flavor>::ProtocolType ProtocolType;
+InfallibleTArray<ProtocolType*>& blobList = DataBlobs<Flavor>::Blobs(aClonedData);
+uint32_t length = blobs.Length();
+blobList.SetCapacity(length);
+for (uint32_t i = 0; i < length; ++i) {
+typename BlobTraits<Flavor>::BlobType* protocolActor =
+aManager->GetOrCreateActorForBlob(blobs[i]);
+if (!protocolActor) {
+return false;
+}
+blobList.AppendElement(protocolActor);
+}
+}
+return true;
+}
+bool
+MessageManagerCallback::BuildClonedMessageDataForParent(ContentParent* aParent,
+const StructuredCloneData& aData,
+ClonedMessageData& aClonedData)
+{
+return BuildClonedMessageData<Parent>(aParent, aData, aClonedData);
+}
+bool
+MessageManagerCallback::BuildClonedMessageDataForChild(ContentChild* aChild,
+const StructuredCloneData& aData,
+ClonedMessageData& aClonedData)
+{
+return BuildClonedMessageData<Child>(aChild, aData, aClonedData);
+}
+template<ActorFlavorEnum Flavor>
+static StructuredCloneData
+UnpackClonedMessageData(const ClonedMessageData& aData)
+{
+const SerializedStructuredCloneBuffer& buffer = aData.data();
+typedef typename BlobTraits<Flavor>::ProtocolType ProtocolType;
+const InfallibleTArray<ProtocolType*>& blobs = DataBlobs<Flavor>::Blobs(aData);
+StructuredCloneData cloneData;
+cloneData.mData = buffer.data;
+cloneData.mDataLength = buffer.dataLength;
+if (!blobs.IsEmpty()) {
+uint32_t length = blobs.Length();
+cloneData.mClosure.mBlobs.SetCapacity(length);
+for (uint32_t i = 0; i < length; ++i) {
+auto* blob =
+static_cast<typename BlobTraits<Flavor>::BlobType*>(blobs[i]);
+MOZ_ASSERT(blob);
+nsCOMPtr<nsIDOMBlob> domBlob = blob->GetBlob();
+MOZ_ASSERT(domBlob);
+cloneData.mClosure.mBlobs.AppendElement(domBlob);
+}
+}
+return cloneData;
+}
+StructuredCloneData
+mozilla::dom::ipc::UnpackClonedMessageDataForParent(const ClonedMessageData& aData)
+{
+return UnpackClonedMessageData<Parent>(aData);
+}
+StructuredCloneData
+mozilla::dom::ipc::UnpackClonedMessageDataForChild(const ClonedMessageData& aData)
+{
+return UnpackClonedMessageData<Child>(aData);
+}
+bool
+SameProcessCpowHolder::ToObject(JSContext* aCx,
+JS::MutableHandle<JSObject*> aObjp)
+{
+if (!mObj) {
+return true;
+}
+aObjp.set(mObj);
+return JS_WrapObject(aCx, aObjp);
+}
+// nsIMessageListenerManager
+NS_IMETHODIMP
+nsFrameMessageManager::AddMessageListener(const nsAString& aMessage,
+nsIMessageListener* aListener)
+{
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* listeners =
+mListeners.Get(aMessage);
+if (!listeners) {
+listeners = new nsAutoTObserverArray<nsMessageListenerInfo, 1>();
+mListeners.Put(aMessage, listeners);
+} else {
+uint32_t len = listeners->Length();
+for (uint32_t i = 0; i < len; ++i) {
+if (listeners->ElementAt(i).mStrongListener == aListener) {
+return NS_OK;
+}
+}
+}
+nsMessageListenerInfo* entry = listeners->AppendElement();
+NS_ENSURE_TRUE(entry, NS_ERROR_OUT_OF_MEMORY);
+entry->mStrongListener = aListener;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::RemoveMessageListener(const nsAString& aMessage,
+nsIMessageListener* aListener)
+{
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* listeners =
+mListeners.Get(aMessage);
+if (!listeners) {
+return NS_OK;
+}
+uint32_t len = listeners->Length();
+for (uint32_t i = 0; i < len; ++i) {
+if (listeners->ElementAt(i).mStrongListener == aListener) {
+listeners->RemoveElementAt(i);
+return NS_OK;
+}
+}
+return NS_OK;
+}
+#ifdef DEBUG
+typedef struct
+{
+nsCOMPtr<nsISupports> mCanonical;
+nsWeakPtr mWeak;
+} CanonicalCheckerParams;
+static PLDHashOperator
+CanonicalChecker(const nsAString& aKey,
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* aListeners,
+void* aParams)
+{
+CanonicalCheckerParams* params =
+static_cast<CanonicalCheckerParams*> (aParams);
+uint32_t count = aListeners->Length();
+for (uint32_t i = 0; i < count; i++) {
+if (!aListeners->ElementAt(i).mWeakListener) {
+continue;
+}
+nsCOMPtr<nsISupports> otherCanonical =
+do_QueryReferent(aListeners->ElementAt(i).mWeakListener);
+MOZ_ASSERT((params->mCanonical == otherCanonical) ==
+(params->mWeak == aListeners->ElementAt(i).mWeakListener));
+}
+return PL_DHASH_NEXT;
+}
+#endif
+NS_IMETHODIMP
+nsFrameMessageManager::AddWeakMessageListener(const nsAString& aMessage,
+nsIMessageListener* aListener)
+{
+nsWeakPtr weak = do_GetWeakReference(aListener);
+NS_ENSURE_TRUE(weak, NS_ERROR_NO_INTERFACE);
+#ifdef DEBUG
+// It's technically possible that one object X could give two different
+// nsIWeakReference*'s when you do_GetWeakReference(X).  We really don't want
+// this to happen; it will break e.g. RemoveWeakMessageListener.  So let's
+// check that we're not getting ourselves into that situation.
+nsCOMPtr<nsISupports> canonical = do_QueryInterface(aListener);
+CanonicalCheckerParams params;
+params.mCanonical = canonical;
+params.mWeak = weak;
+mListeners.EnumerateRead(CanonicalChecker, (void*)&params);
+#endif
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* listeners =
+mListeners.Get(aMessage);
+if (!listeners) {
+listeners = new nsAutoTObserverArray<nsMessageListenerInfo, 1>();
+mListeners.Put(aMessage, listeners);
+} else {
+uint32_t len = listeners->Length();
+for (uint32_t i = 0; i < len; ++i) {
+if (listeners->ElementAt(i).mWeakListener == weak) {
+return NS_OK;
+}
+}
+}
+nsMessageListenerInfo* entry = listeners->AppendElement();
+entry->mWeakListener = weak;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::RemoveWeakMessageListener(const nsAString& aMessage,
+nsIMessageListener* aListener)
+{
+nsWeakPtr weak = do_GetWeakReference(aListener);
+NS_ENSURE_TRUE(weak, NS_OK);
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* listeners =
+mListeners.Get(aMessage);
+if (!listeners) {
+return NS_OK;
+}
+uint32_t len = listeners->Length();
+for (uint32_t i = 0; i < len; ++i) {
+if (listeners->ElementAt(i).mWeakListener == weak) {
+listeners->RemoveElementAt(i);
+return NS_OK;
+}
+}
+return NS_OK;
+}
+// nsIFrameScriptLoader
+NS_IMETHODIMP
+nsFrameMessageManager::LoadFrameScript(const nsAString& aURL,
+bool aAllowDelayedLoad,
+bool aRunInGlobalScope)
+{
+// FIXME: Bug 673569 is currently disabled.
+aRunInGlobalScope = true;
+if (aAllowDelayedLoad) {
+if (IsGlobal() || IsWindowLevel()) {
+// Cache for future windows or frames
+mPendingScripts.AppendElement(aURL);
+mPendingScriptsGlobalStates.AppendElement(aRunInGlobalScope);
+} else if (!mCallback) {
+// We're frame message manager, which isn't connected yet.
+mPendingScripts.AppendElement(aURL);
+mPendingScriptsGlobalStates.AppendElement(aRunInGlobalScope);
+return NS_OK;
+}
+}
+if (mCallback) {
+#ifdef DEBUG_smaug
+printf("Will load %s \n", NS_ConvertUTF16toUTF8(aURL).get());
+#endif
+NS_ENSURE_TRUE(mCallback->DoLoadFrameScript(aURL, aRunInGlobalScope),
+NS_ERROR_FAILURE);
+}
+for (int32_t i = 0; i < mChildManagers.Count(); ++i) {
+nsRefPtr<nsFrameMessageManager> mm =
+static_cast<nsFrameMessageManager*>(mChildManagers[i]);
+if (mm) {
+// Use false here, so that child managers don't cache the script, which
+// is already cached in the parent.
+mm->LoadFrameScript(aURL, false, aRunInGlobalScope);
+}
+}
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::RemoveDelayedFrameScript(const nsAString& aURL)
+{
+for (uint32_t i = 0; i < mPendingScripts.Length(); ++i) {
+if (mPendingScripts[i] == aURL) {
+mPendingScripts.RemoveElementAt(i);
+mPendingScriptsGlobalStates.RemoveElementAt(i);
+break;
+}
+}
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::GetDelayedFrameScripts(JSContext* aCx, JS::MutableHandle<JS::Value> aList)
+{
+// Frame message managers may return an incomplete list because scripts
+// that were loaded after it was connected are not added to the list.
+if (!IsGlobal() && !IsWindowLevel()) {
+NS_WARNING("Cannot retrieve list of pending frame scripts for frame"
+"message managers as it may be incomplete");
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+JS::Rooted<JSObject*> array(aCx, JS_NewArrayObject(aCx, mPendingScripts.Length()));
+NS_ENSURE_TRUE(array, NS_ERROR_OUT_OF_MEMORY);
+JS::Rooted<JSString*> url(aCx);
+JS::Rooted<JSObject*> pair(aCx);
+for (uint32_t i = 0; i < mPendingScripts.Length(); ++i) {
+url = JS_NewUCStringCopyN(aCx, mPendingScripts[i].get(), mPendingScripts[i].Length());
+NS_ENSURE_TRUE(url, NS_ERROR_OUT_OF_MEMORY);
+JS::AutoValueArray<2> pairElts(aCx);
+pairElts[0].setString(url);
+pairElts[1].setBoolean(mPendingScriptsGlobalStates[i]);
+pair = JS_NewArrayObject(aCx, pairElts);
+NS_ENSURE_TRUE(pair, NS_ERROR_OUT_OF_MEMORY);
+NS_ENSURE_TRUE(JS_SetElement(aCx, array, i, pair),
+NS_ERROR_OUT_OF_MEMORY);
+}
+aList.setObject(*array);
+return NS_OK;
+}
+static bool
+JSONCreator(const jschar* aBuf, uint32_t aLen, void* aData)
+{
+nsAString* result = static_cast<nsAString*>(aData);
+result->Append(static_cast<const char16_t*>(aBuf),
+static_cast<uint32_t>(aLen));
+return true;
+}
+static bool
+GetParamsForMessage(JSContext* aCx,
+const JS::Value& aJSON,
+JSAutoStructuredCloneBuffer& aBuffer,
+StructuredCloneClosure& aClosure)
+{
+JS::Rooted<JS::Value> v(aCx, aJSON);
+if (WriteStructuredClone(aCx, v, aBuffer, aClosure)) {
+return true;
+}
+JS_ClearPendingException(aCx);
+// Not clonable, try JSON
+//XXX This is ugly but currently structured cloning doesn't handle
+//    properly cases when interface is implemented in JS and used
+//    as a dictionary.
+nsAutoString json;
+NS_ENSURE_TRUE(JS_Stringify(aCx, &v, JS::NullPtr(), JS::NullHandleValue,
+JSONCreator, &json), false);
+NS_ENSURE_TRUE(!json.IsEmpty(), false);
+JS::Rooted<JS::Value> val(aCx, JS::NullValue());
+NS_ENSURE_TRUE(JS_ParseJSON(aCx, static_cast<const jschar*>(json.get()),
+json.Length(), &val), false);
+return WriteStructuredClone(aCx, val, aBuffer, aClosure);
+}
+// nsISyncMessageSender
+static bool sSendingSyncMessage = false;
+NS_IMETHODIMP
+nsFrameMessageManager::SendSyncMessage(const nsAString& aMessageName,
+JS::Handle<JS::Value> aJSON,
+JS::Handle<JS::Value> aObjects,
+nsIPrincipal* aPrincipal,
+JSContext* aCx,
+uint8_t aArgc,
+JS::MutableHandle<JS::Value> aRetval)
+{
+return SendMessage(aMessageName, aJSON, aObjects, aPrincipal, aCx, aArgc,
+aRetval, true);
+}
+NS_IMETHODIMP
+nsFrameMessageManager::SendRpcMessage(const nsAString& aMessageName,
+JS::Handle<JS::Value> aJSON,
+JS::Handle<JS::Value> aObjects,
+nsIPrincipal* aPrincipal,
+JSContext* aCx,
+uint8_t aArgc,
+JS::MutableHandle<JS::Value> aRetval)
+{
+return SendMessage(aMessageName, aJSON, aObjects, aPrincipal, aCx, aArgc,
+aRetval, false);
+}
+nsresult
+nsFrameMessageManager::SendMessage(const nsAString& aMessageName,
+JS::Handle<JS::Value> aJSON,
+JS::Handle<JS::Value> aObjects,
+nsIPrincipal* aPrincipal,
+JSContext* aCx,
+uint8_t aArgc,
+JS::MutableHandle<JS::Value> aRetval,
+bool aIsSync)
+{
+NS_ASSERTION(!IsGlobal(), "Should not call SendSyncMessage in chrome");
+NS_ASSERTION(!IsWindowLevel(), "Should not call SendSyncMessage in chrome");
+NS_ASSERTION(!mParentManager, "Should not have parent manager in content!");
+aRetval.setUndefined();
+NS_ENSURE_TRUE(mCallback, NS_ERROR_NOT_INITIALIZED);
+if (sSendingSyncMessage && aIsSync) {
+// No kind of blocking send should be issued on top of a sync message.
+return NS_ERROR_UNEXPECTED;
+}
+StructuredCloneData data;
+JSAutoStructuredCloneBuffer buffer;
+if (aArgc >= 2 &&
+!GetParamsForMessage(aCx, aJSON, buffer, data.mClosure)) {
+return NS_ERROR_DOM_DATA_CLONE_ERR;
+}
+data.mData = buffer.data();
+data.mDataLength = buffer.nbytes();
+JS::Rooted<JSObject*> objects(aCx);
+if (aArgc >= 3 && aObjects.isObject()) {
+objects = &aObjects.toObject();
+}
+InfallibleTArray<nsString> retval;
+sSendingSyncMessage |= aIsSync;
+bool rv = mCallback->DoSendBlockingMessage(aCx, aMessageName, data, objects,
+aPrincipal, &retval, aIsSync);
+if (aIsSync) {
+sSendingSyncMessage = false;
+}
+if (!rv) {
+return NS_OK;
+}
+uint32_t len = retval.Length();
+JS::Rooted<JSObject*> dataArray(aCx, JS_NewArrayObject(aCx, len));
+NS_ENSURE_TRUE(dataArray, NS_ERROR_OUT_OF_MEMORY);
+for (uint32_t i = 0; i < len; ++i) {
+if (retval[i].IsEmpty()) {
+continue;
+}
+JS::Rooted<JS::Value> ret(aCx);
+if (!JS_ParseJSON(aCx, static_cast<const jschar*>(retval[i].get()),
+retval[i].Length(), &ret)) {
+return NS_ERROR_UNEXPECTED;
+}
+NS_ENSURE_TRUE(JS_SetElement(aCx, dataArray, i, ret),
+NS_ERROR_OUT_OF_MEMORY);
+}
+aRetval.setObject(*dataArray);
+return NS_OK;
+}
+nsresult
+nsFrameMessageManager::DispatchAsyncMessageInternal(JSContext* aCx,
+const nsAString& aMessage,
+const StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal)
+{
+if (mIsBroadcaster) {
+int32_t len = mChildManagers.Count();
+for (int32_t i = 0; i < len; ++i) {
+static_cast<nsFrameMessageManager*>(mChildManagers[i])->
+DispatchAsyncMessageInternal(aCx, aMessage, aData, aCpows, aPrincipal);
+}
+return NS_OK;
+}
+NS_ENSURE_TRUE(mCallback, NS_ERROR_NOT_INITIALIZED);
+if (!mCallback->DoSendAsyncMessage(aCx, aMessage, aData, aCpows, aPrincipal)) {
+return NS_ERROR_FAILURE;
+}
+return NS_OK;
+}
+nsresult
+nsFrameMessageManager::DispatchAsyncMessage(const nsAString& aMessageName,
+const JS::Value& aJSON,
+const JS::Value& aObjects,
+nsIPrincipal* aPrincipal,
+JSContext* aCx,
+uint8_t aArgc)
+{
+StructuredCloneData data;
+JSAutoStructuredCloneBuffer buffer;
+if (aArgc >= 2 &&
+!GetParamsForMessage(aCx, aJSON, buffer, data.mClosure)) {
+return NS_ERROR_DOM_DATA_CLONE_ERR;
+}
+JS::Rooted<JSObject*> objects(aCx);
+if (aArgc >= 3 && aObjects.isObject()) {
+objects = &aObjects.toObject();
+}
+data.mData = buffer.data();
+data.mDataLength = buffer.nbytes();
+return DispatchAsyncMessageInternal(aCx, aMessageName, data, objects,
+aPrincipal);
+}
+// nsIMessageSender
+NS_IMETHODIMP
+nsFrameMessageManager::SendAsyncMessage(const nsAString& aMessageName,
+JS::Handle<JS::Value> aJSON,
+JS::Handle<JS::Value> aObjects,
+nsIPrincipal* aPrincipal,
+JSContext* aCx,
+uint8_t aArgc)
+{
+return DispatchAsyncMessage(aMessageName, aJSON, aObjects, aPrincipal, aCx,
+aArgc);
+}
+// nsIMessageBroadcaster
+NS_IMETHODIMP
+nsFrameMessageManager::BroadcastAsyncMessage(const nsAString& aMessageName,
+JS::Handle<JS::Value> aJSON,
+JS::Handle<JS::Value> aObjects,
+JSContext* aCx,
+uint8_t aArgc)
+{
+return DispatchAsyncMessage(aMessageName, aJSON, aObjects, nullptr, aCx,
+aArgc);
+}
+NS_IMETHODIMP
+nsFrameMessageManager::GetChildCount(uint32_t* aChildCount)
+{
+*aChildCount = static_cast<uint32_t>(mChildManagers.Count());
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::GetChildAt(uint32_t aIndex,
+nsIMessageListenerManager** aMM)
+{
+*aMM = nullptr;
+nsCOMPtr<nsIMessageListenerManager> mm =
+do_QueryInterface(mChildManagers.SafeObjectAt(static_cast<uint32_t>(aIndex)));
+mm.swap(*aMM);
+return NS_OK;
+}
+// nsIContentFrameMessageManager
+NS_IMETHODIMP
+nsFrameMessageManager::Dump(const nsAString& aStr)
+{
+#ifdef ANDROID
+__android_log_print(ANDROID_LOG_INFO, "Gecko", "%s", NS_ConvertUTF16toUTF8(aStr).get());
+#endif
+#ifdef XP_WIN
+if (IsDebuggerPresent()) {
+OutputDebugStringW(PromiseFlatString(aStr).get());
+}
+#endif
+fputs(NS_ConvertUTF16toUTF8(aStr).get(), stdout);
+fflush(stdout);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::PrivateNoteIntentionalCrash()
+{
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::GetContent(nsIDOMWindow** aContent)
+{
+*aContent = nullptr;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::GetDocShell(nsIDocShell** aDocShell)
+{
+*aDocShell = nullptr;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::Btoa(const nsAString& aBinaryData,
+nsAString& aAsciiBase64String)
+{
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::Atob(const nsAString& aAsciiString,
+nsAString& aBinaryData)
+{
+return NS_OK;
+}
+// nsIProcessChecker
+nsresult
+nsFrameMessageManager::AssertProcessInternal(ProcessCheckerType aType,
+const nsAString& aCapability,
+bool* aValid)
+{
+*aValid = false;
+// This API is only supported for message senders in the chrome process.
+if (!mChrome || mIsBroadcaster) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+if (!mCallback) {
+return NS_ERROR_NOT_AVAILABLE;
+}
+switch (aType) {
+case PROCESS_CHECKER_PERMISSION:
+*aValid = mCallback->CheckPermission(aCapability);
+break;
+case PROCESS_CHECKER_MANIFEST_URL:
+*aValid = mCallback->CheckManifestURL(aCapability);
+break;
+case ASSERT_APP_HAS_PERMISSION:
+*aValid = mCallback->CheckAppHasPermission(aCapability);
+break;
+default:
+break;
+}
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameMessageManager::AssertPermission(const nsAString& aPermission,
+bool* aHasPermission)
+{
+return AssertProcessInternal(PROCESS_CHECKER_PERMISSION,
+aPermission,
+aHasPermission);
+}
+NS_IMETHODIMP
+nsFrameMessageManager::AssertContainApp(const nsAString& aManifestURL,
+bool* aHasManifestURL)
+{
+return AssertProcessInternal(PROCESS_CHECKER_MANIFEST_URL,
+aManifestURL,
+aHasManifestURL);
+}
+NS_IMETHODIMP
+nsFrameMessageManager::AssertAppHasPermission(const nsAString& aPermission,
+bool* aHasPermission)
+{
+return AssertProcessInternal(ASSERT_APP_HAS_PERMISSION,
+aPermission,
+aHasPermission);
+}
+NS_IMETHODIMP
+nsFrameMessageManager::AssertAppHasStatus(unsigned short aStatus,
+bool* aHasStatus)
+{
+*aHasStatus = false;
+// This API is only supported for message senders in the chrome process.
+if (!mChrome || mIsBroadcaster) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+if (!mCallback) {
+return NS_ERROR_NOT_AVAILABLE;
+}
+*aHasStatus = mCallback->CheckAppHasStatus(aStatus);
+return NS_OK;
+}
+class MMListenerRemover
+{
+public:
+MMListenerRemover(nsFrameMessageManager* aMM)
+: mWasHandlingMessage(aMM->mHandlingMessage)
+, mMM(aMM)
+{
+mMM->mHandlingMessage = true;
+}
+~MMListenerRemover()
+{
+if (!mWasHandlingMessage) {
+mMM->mHandlingMessage = false;
+if (mMM->mDisconnected) {
+mMM->mListeners.Clear();
+}
+}
+}
+bool mWasHandlingMessage;
+nsRefPtr<nsFrameMessageManager> mMM;
+};
+// nsIMessageListener
+nsresult
+nsFrameMessageManager::ReceiveMessage(nsISupports* aTarget,
+const nsAString& aMessage,
+bool aIsSync,
+const StructuredCloneData* aCloneData,
+CpowHolder* aCpows,
+nsIPrincipal* aPrincipal,
+InfallibleTArray<nsString>* aJSONRetVal)
+{
+AutoSafeJSContext cx;
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* listeners =
+mListeners.Get(aMessage);
+if (listeners) {
+MMListenerRemover lr(this);
+nsAutoTObserverArray<nsMessageListenerInfo, 1>::EndLimitedIterator
+iter(*listeners);
+while(iter.HasMore()) {
+nsMessageListenerInfo& listener = iter.GetNext();
+// Remove mListeners[i] if it's an expired weak listener.
+nsCOMPtr<nsISupports> weakListener;
+if (listener.mWeakListener) {
+weakListener = do_QueryReferent(listener.mWeakListener);
+if (!weakListener) {
+listeners->RemoveElement(listener);
+continue;
+}
+}
+nsCOMPtr<nsIXPConnectWrappedJS> wrappedJS;
+if (weakListener) {
+wrappedJS = do_QueryInterface(weakListener);
+} else {
+wrappedJS = do_QueryInterface(listener.mStrongListener);
+}
+if (!wrappedJS) {
+continue;
+}
+JS::Rooted<JSObject*> object(cx, wrappedJS->GetJSObject());
+if (!object) {
+continue;
+}
+JSAutoCompartment ac(cx, object);
+// The parameter for the listener function.
+JS::Rooted<JSObject*> param(cx,
+JS_NewObject(cx, nullptr, JS::NullPtr(), JS::NullPtr()));
+NS_ENSURE_TRUE(param, NS_ERROR_OUT_OF_MEMORY);
+JS::Rooted<JS::Value> targetv(cx);
+js::AssertSameCompartment(cx, object);
+nsresult rv = nsContentUtils::WrapNative(cx, aTarget, &targetv);
+NS_ENSURE_SUCCESS(rv, rv);
+JS::Rooted<JSObject*> cpows(cx);
+if (aCpows) {
+if (!aCpows->ToObject(cx, &cpows)) {
+return NS_ERROR_UNEXPECTED;
+}
+}
+if (!cpows) {
+cpows = JS_NewObject(cx, nullptr, JS::NullPtr(), JS::NullPtr());
+if (!cpows) {
+return NS_ERROR_UNEXPECTED;
+}
+}
+JS::Rooted<JS::Value> cpowsv(cx, JS::ObjectValue(*cpows));
+JS::Rooted<JS::Value> json(cx, JS::NullValue());
+if (aCloneData && aCloneData->mDataLength &&
+!ReadStructuredClone(cx, *aCloneData, &json)) {
+JS_ClearPendingException(cx);
+return NS_OK;
+}
+JS::Rooted<JSString*> jsMessage(cx,
+JS_NewUCStringCopyN(cx,
+static_cast<const jschar*>(aMessage.BeginReading()),
+aMessage.Length()));
+NS_ENSURE_TRUE(jsMessage, NS_ERROR_OUT_OF_MEMORY);
+JS::Rooted<JS::Value> syncv(cx, JS::BooleanValue(aIsSync));
+JS_DefineProperty(cx, param, "target", targetv, JSPROP_ENUMERATE);
+JS_DefineProperty(cx, param, "name", jsMessage, JSPROP_ENUMERATE);
+JS_DefineProperty(cx, param, "sync", syncv, JSPROP_ENUMERATE);
+JS_DefineProperty(cx, param, "json", json, JSPROP_ENUMERATE); // deprecated
+JS_DefineProperty(cx, param, "data", json, JSPROP_ENUMERATE);
+JS_DefineProperty(cx, param, "objects", cpowsv, JSPROP_ENUMERATE);
+// message.principal == null
+if (!aPrincipal) {
+JS_DefineProperty(cx, param, "principal", JS::UndefinedHandleValue, JSPROP_ENUMERATE);
+}
+// message.principal = { appId: <id>, origin: <origin>, isInBrowserElement: <something> }
+else {
+JS::Rooted<JSObject*> principalObj(cx,
+JS_NewObject(cx, nullptr, JS::NullPtr(), JS::NullPtr()));
+uint32_t appId;
+nsresult rv = aPrincipal->GetAppId(&appId);
+NS_ENSURE_SUCCESS(rv, rv);
+JS_DefineProperty(cx, principalObj, "appId", appId, JSPROP_ENUMERATE);
+nsCString origin;
+rv = aPrincipal->GetOrigin(getter_Copies(origin));
+NS_ENSURE_SUCCESS(rv, rv);
+JS::Rooted<JSString*> originStr(cx, JS_NewStringCopyN(cx, origin.get(), origin.Length()));
+NS_ENSURE_TRUE(originStr, NS_ERROR_OUT_OF_MEMORY);
+JS_DefineProperty(cx, principalObj, "origin", originStr, JSPROP_ENUMERATE);
+bool browser;
+rv = aPrincipal->GetIsInBrowserElement(&browser);
+NS_ENSURE_SUCCESS(rv, rv);
+JS::Rooted<JS::Value> browserValue(cx, JS::BooleanValue(browser));
+JS_DefineProperty(cx, principalObj, "isInBrowserElement", browserValue, JSPROP_ENUMERATE);
+JS_DefineProperty(cx, param, "principal", principalObj, JSPROP_ENUMERATE);
+}
+JS::Rooted<JS::Value> thisValue(cx, JS::UndefinedValue());
+JS::Rooted<JS::Value> funval(cx);
+if (JS_ObjectIsCallable(cx, object)) {
+// If the listener is a JS function:
+funval.setObject(*object);
+// A small hack to get 'this' value right on content side where
+// messageManager is wrapped in TabChildGlobal.
+nsCOMPtr<nsISupports> defaultThisValue;
+if (mChrome) {
+defaultThisValue = do_QueryObject(this);
+} else {
+defaultThisValue = aTarget;
+}
+js::AssertSameCompartment(cx, object);
+nsresult rv = nsContentUtils::WrapNative(cx, defaultThisValue, &thisValue);
+NS_ENSURE_SUCCESS(rv, rv);
+} else {
+// If the listener is a JS object which has receiveMessage function:
+if (!JS_GetProperty(cx, object, "receiveMessage", &funval) ||
+!funval.isObject())
+return NS_ERROR_UNEXPECTED;
+// Check if the object is even callable.
+NS_ENSURE_STATE(JS_ObjectIsCallable(cx, &funval.toObject()));
+thisValue.setObject(*object);
+}
+JS::Rooted<JS::Value> rval(cx, JSVAL_VOID);
+JS::Rooted<JS::Value> argv(cx, JS::ObjectValue(*param));
+{
+JS::Rooted<JSObject*> thisObject(cx, thisValue.toObjectOrNull());
+JSAutoCompartment tac(cx, thisObject);
+if (!JS_WrapValue(cx, &argv)) {
+return NS_ERROR_UNEXPECTED;
+}
+if (!JS_CallFunctionValue(cx, thisObject, funval, argv, &rval)) {
+nsJSUtils::ReportPendingException(cx);
+continue;
+}
+if (aJSONRetVal) {
+nsString json;
+if (!JS_Stringify(cx, &rval, JS::NullPtr(), JS::NullHandleValue,
+JSONCreator, &json)) {
+nsJSUtils::ReportPendingException(cx);
+continue;
+}
+aJSONRetVal->AppendElement(json);
+}
+}
+}
+}
+nsRefPtr<nsFrameMessageManager> kungfuDeathGrip = mParentManager;
+return mParentManager ? mParentManager->ReceiveMessage(aTarget, aMessage,
+aIsSync, aCloneData,
+aCpows, aPrincipal,
+aJSONRetVal) : NS_OK;
+}
+void
+nsFrameMessageManager::AddChildManager(nsFrameMessageManager* aManager)
+{
+mChildManagers.AppendObject(aManager);
+nsRefPtr<nsFrameMessageManager> kungfuDeathGrip = this;
+nsRefPtr<nsFrameMessageManager> kungfuDeathGrip2 = aManager;
+// We have parent manager if we're a window message manager.
+// In that case we want to load the pending scripts from global
+// message manager.
+if (mParentManager) {
+nsRefPtr<nsFrameMessageManager> globalMM = mParentManager;
+for (uint32_t i = 0; i < globalMM->mPendingScripts.Length(); ++i) {
+aManager->LoadFrameScript(globalMM->mPendingScripts[i], false,
+globalMM->mPendingScriptsGlobalStates[i]);
+}
+}
+for (uint32_t i = 0; i < mPendingScripts.Length(); ++i) {
+aManager->LoadFrameScript(mPendingScripts[i], false,
+mPendingScriptsGlobalStates[i]);
+}
+}
+void
+nsFrameMessageManager::SetCallback(MessageManagerCallback* aCallback)
+{
+MOZ_ASSERT(!mIsBroadcaster || !mCallback,
+"Broadcasters cannot have callbacks!");
+if (aCallback && mCallback != aCallback) {
+mCallback = aCallback;
+if (mOwnsCallback) {
+mOwnedCallback = aCallback;
+}
+}
+}
+void
+nsFrameMessageManager::InitWithCallback(MessageManagerCallback* aCallback)
+{
+if (mCallback) {
+// Initialization should only happen once.
+return;
+}
+SetCallback(aCallback);
+// First load global scripts by adding this to parent manager.
+if (mParentManager) {
+mParentManager->AddChildManager(this);
+}
+for (uint32_t i = 0; i < mPendingScripts.Length(); ++i) {
+LoadFrameScript(mPendingScripts[i], false, mPendingScriptsGlobalStates[i]);
+}
+}
+void
+nsFrameMessageManager::RemoveFromParent()
+{
+if (mParentManager) {
+mParentManager->RemoveChildManager(this);
+}
+mParentManager = nullptr;
+mCallback = nullptr;
+mOwnedCallback = nullptr;
+}
+void
+nsFrameMessageManager::Disconnect(bool aRemoveFromParent)
+{
+if (!mDisconnected) {
+nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService();
+if (obs) {
+obs->NotifyObservers(NS_ISUPPORTS_CAST(nsIContentFrameMessageManager*, this),
+"message-manager-disconnect", nullptr);
+}
+}
+if (mParentManager && aRemoveFromParent) {
+mParentManager->RemoveChildManager(this);
+}
+mDisconnected = true;
+mParentManager = nullptr;
+mCallback = nullptr;
+mOwnedCallback = nullptr;
+if (!mHandlingMessage) {
+mListeners.Clear();
+}
+}
+namespace {
+struct MessageManagerReferentCount
+{
+MessageManagerReferentCount() : mStrong(0), mWeakAlive(0), mWeakDead(0) {}
+size_t mStrong;
+size_t mWeakAlive;
+size_t mWeakDead;
+nsTArray<nsString> mSuspectMessages;
+nsDataHashtable<nsStringHashKey, uint32_t> mMessageCounter;
+};
+} // anonymous namespace
+namespace mozilla {
+namespace dom {
+class MessageManagerReporter MOZ_FINAL : public nsIMemoryReporter
+{
+public:
+NS_DECL_ISUPPORTS
+NS_DECL_NSIMEMORYREPORTER
+static const size_t kSuspectReferentCount = 300;
+protected:
+void CountReferents(nsFrameMessageManager* aMessageManager,
+MessageManagerReferentCount* aReferentCount);
+};
+NS_IMPL_ISUPPORTS(MessageManagerReporter, nsIMemoryReporter)
+static PLDHashOperator
+CollectMessageListenerData(const nsAString& aKey,
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* aListeners,
+void* aData)
+{
+MessageManagerReferentCount* referentCount =
+static_cast<MessageManagerReferentCount*>(aData);
+uint32_t listenerCount = aListeners->Length();
+if (!listenerCount) {
+return PL_DHASH_NEXT;
+}
+nsString key(aKey);
+uint32_t oldCount = 0;
+referentCount->mMessageCounter.Get(key, &oldCount);
+uint32_t currentCount = oldCount + listenerCount;
+referentCount->mMessageCounter.Put(key, currentCount);
+// Keep track of messages that have a suspiciously large
+// number of referents (symptom of leak).
+if (currentCount == MessageManagerReporter::kSuspectReferentCount) {
+referentCount->mSuspectMessages.AppendElement(key);
+}
+for (uint32_t i = 0; i < listenerCount; ++i) {
+const nsMessageListenerInfo& listenerInfo =
+aListeners->ElementAt(i);
+if (listenerInfo.mWeakListener) {
+nsCOMPtr<nsISupports> referent =
+do_QueryReferent(listenerInfo.mWeakListener);
+if (referent) {
+referentCount->mWeakAlive++;
+} else {
+referentCount->mWeakDead++;
+}
+} else {
+referentCount->mStrong++;
+}
+}
+return PL_DHASH_NEXT;
+}
+void
+MessageManagerReporter::CountReferents(nsFrameMessageManager* aMessageManager,
+MessageManagerReferentCount* aReferentCount)
+{
+aMessageManager->mListeners.EnumerateRead(CollectMessageListenerData,
+aReferentCount);
+// Add referent count in child managers because the listeners
+// participate in messages dispatched from parent message manager.
+for (uint32_t i = 0; i < aMessageManager->mChildManagers.Length(); ++i) {
+nsRefPtr<nsFrameMessageManager> mm =
+static_cast<nsFrameMessageManager*>(aMessageManager->mChildManagers[i]);
+CountReferents(mm, aReferentCount);
+}
+}
+static nsresult
+ReportReferentCount(const char* aManagerType,
+const MessageManagerReferentCount& aReferentCount,
+nsIMemoryReporterCallback* aCb,
+nsISupports* aClosure)
+{
+#define REPORT(_path, _amount, _desc)                                         \
+do {                                                                      \
+nsresult rv;                                                            \
+rv = aCb->Callback(EmptyCString(), _path,                               \
+nsIMemoryReporter::KIND_OTHER,                       \
+nsIMemoryReporter::UNITS_COUNT, _amount,             \
+_desc, aClosure);                                    \
+NS_ENSURE_SUCCESS(rv, rv);                                              \
+} while (0)
+REPORT(nsPrintfCString("message-manager/referent/%s/strong", aManagerType),
+aReferentCount.mStrong,
+nsPrintfCString("The number of strong referents held by the message "
+"manager in the %s manager.", aManagerType));
+REPORT(nsPrintfCString("message-manager/referent/%s/weak/alive", aManagerType),
+aReferentCount.mWeakAlive,
+nsPrintfCString("The number of weak referents that are still alive "
+"held by the message manager in the %s manager.",
+aManagerType));
+REPORT(nsPrintfCString("message-manager/referent/%s/weak/dead", aManagerType),
+aReferentCount.mWeakDead,
+nsPrintfCString("The number of weak referents that are dead "
+"held by the message manager in the %s manager.",
+aManagerType));
+for (uint32_t i = 0; i < aReferentCount.mSuspectMessages.Length(); i++) {
+uint32_t totalReferentCount = 0;
+aReferentCount.mMessageCounter.Get(aReferentCount.mSuspectMessages[i],
+&totalReferentCount);
+NS_ConvertUTF16toUTF8 suspect(aReferentCount.mSuspectMessages[i]);
+REPORT(nsPrintfCString("message-manager-suspect/%s/referent(message=%s)",
+aManagerType, suspect.get()), totalReferentCount,
+nsPrintfCString("A message in the %s message manager with a "
+"suspiciously large number of referents (symptom "
+"of a leak).", aManagerType));
+}
+#undef REPORT
+return NS_OK;
+}
+NS_IMETHODIMP
+MessageManagerReporter::CollectReports(nsIMemoryReporterCallback* aCb,
+nsISupports* aClosure)
+{
+nsresult rv;
+if (XRE_GetProcessType() == GeckoProcessType_Default) {
+nsCOMPtr<nsIMessageBroadcaster> globalmm =
+do_GetService("@mozilla.org/globalmessagemanager;1");
+if (globalmm) {
+nsRefPtr<nsFrameMessageManager> mm =
+static_cast<nsFrameMessageManager*>(globalmm.get());
+MessageManagerReferentCount count;
+CountReferents(mm, &count);
+rv = ReportReferentCount("global-manager", count, aCb, aClosure);
+NS_ENSURE_SUCCESS(rv, rv);
+}
+}
+if (nsFrameMessageManager::sParentProcessManager) {
+MessageManagerReferentCount count;
+CountReferents(nsFrameMessageManager::sParentProcessManager, &count);
+rv = ReportReferentCount("parent-process-manager", count, aCb, aClosure);
+NS_ENSURE_SUCCESS(rv, rv);
+}
+if (nsFrameMessageManager::sChildProcessManager) {
+MessageManagerReferentCount count;
+CountReferents(nsFrameMessageManager::sChildProcessManager, &count);
+rv = ReportReferentCount("child-process-manager", count, aCb, aClosure);
+NS_ENSURE_SUCCESS(rv, rv);
+}
+return NS_OK;
+}
+} // namespace dom
+} // namespace mozilla
+nsresult
+NS_NewGlobalMessageManager(nsIMessageBroadcaster** aResult)
+{
+NS_ENSURE_TRUE(XRE_GetProcessType() == GeckoProcessType_Default,
+NS_ERROR_NOT_AVAILABLE);
+nsFrameMessageManager* mm = new nsFrameMessageManager(nullptr,
+nullptr,
+MM_CHROME | MM_GLOBAL | MM_BROADCASTER);
+RegisterStrongMemoryReporter(new MessageManagerReporter());
+return CallQueryInterface(mm, aResult);
+}
+nsDataHashtable<nsStringHashKey, nsFrameScriptObjectExecutorHolder*>*
+nsFrameScriptExecutor::sCachedScripts = nullptr;
+nsScriptCacheCleaner* nsFrameScriptExecutor::sScriptCacheCleaner = nullptr;
+void
+nsFrameScriptExecutor::DidCreateGlobal()
+{
+NS_ASSERTION(mGlobal, "Should have mGlobal!");
+if (!sCachedScripts) {
+sCachedScripts =
+new nsDataHashtable<nsStringHashKey, nsFrameScriptObjectExecutorHolder*>;
+nsRefPtr<nsScriptCacheCleaner> scriptCacheCleaner =
+new nsScriptCacheCleaner();
+scriptCacheCleaner.forget(&sScriptCacheCleaner);
+}
+}
+static PLDHashOperator
+RemoveCachedScriptEntry(const nsAString& aKey,
+nsFrameScriptObjectExecutorHolder*& aData,
+void* aUserArg)
+{
+delete aData;
+return PL_DHASH_REMOVE;
+}
+// static
+void
+nsFrameScriptExecutor::Shutdown()
+{
+if (sCachedScripts) {
+AutoSafeJSContext cx;
+NS_ASSERTION(sCachedScripts != nullptr, "Need cached scripts");
+sCachedScripts->Enumerate(RemoveCachedScriptEntry, nullptr);
+delete sCachedScripts;
+sCachedScripts = nullptr;
+nsRefPtr<nsScriptCacheCleaner> scriptCacheCleaner;
+scriptCacheCleaner.swap(sScriptCacheCleaner);
+}
+}
+void
+nsFrameScriptExecutor::LoadFrameScriptInternal(const nsAString& aURL,
+bool aRunInGlobalScope)
+{
+if (!mGlobal || !sCachedScripts) {
+return;
+}
+AutoSafeJSContext cx;
+JS::Rooted<JSScript*> script(cx);
+JS::Rooted<JSObject*> funobj(cx);
+nsFrameScriptObjectExecutorHolder* holder = sCachedScripts->Get(aURL);
+if (holder && holder->WillRunInGlobalScope() == aRunInGlobalScope) {
+script = holder->mScript;
+funobj = holder->mFunction;
+} else {
+// Don't put anything in the cache if we already have an entry
+// with a different WillRunInGlobalScope() value.
+bool shouldCache = !holder;
+TryCacheLoadAndCompileScript(aURL, aRunInGlobalScope,
+shouldCache, &script, &funobj);
+}
+JS::Rooted<JSObject*> global(cx, mGlobal->GetJSObject());
+if (global) {
+JSAutoCompartment ac(cx, global);
+bool ok = true;
+if (funobj) {
+JS::Rooted<JSObject*> method(cx, JS_CloneFunctionObject(cx, funobj, global));
+if (!method) {
+return;
+}
+JS::Rooted<JS::Value> rval(cx);
+JS::Rooted<JS::Value> methodVal(cx, JS::ObjectValue(*method));
+ok = JS_CallFunctionValue(cx, global, methodVal,
+JS::HandleValueArray::empty(), &rval);
+} else if (script) {
+ok = JS::CloneAndExecuteScript(cx, global, script);
+}
+if (!ok) {
+nsJSUtils::ReportPendingException(cx);
+}
+}
+}
+void
+nsFrameScriptExecutor::TryCacheLoadAndCompileScript(const nsAString& aURL,
+bool aRunInGlobalScope,
+bool aShouldCache,
+JS::MutableHandle<JSScript*> aScriptp,
+JS::MutableHandle<JSObject*> aFunp)
+{
+nsCString url = NS_ConvertUTF16toUTF8(aURL);
+nsCOMPtr<nsIURI> uri;
+nsresult rv = NS_NewURI(getter_AddRefs(uri), url);
+if (NS_FAILED(rv)) {
+return;
+}
+bool hasFlags;
+rv = NS_URIChainHasFlags(uri,
+nsIProtocolHandler::URI_IS_LOCAL_RESOURCE,
+&hasFlags);
+if (NS_FAILED(rv) || !hasFlags) {
+NS_WARNING("Will not load a frame script!");
+return;
+}
+nsCOMPtr<nsIChannel> channel;
+NS_NewChannel(getter_AddRefs(channel), uri);
+if (!channel) {
+return;
+}
+nsCOMPtr<nsIInputStream> input;
+channel->Open(getter_AddRefs(input));
+nsString dataString;
+jschar* dataStringBuf = nullptr;
+size_t dataStringLength = 0;
+uint64_t avail64 = 0;
+if (input && NS_SUCCEEDED(input->Available(&avail64)) && avail64) {
+if (avail64 > UINT32_MAX) {
+return;
+}
+nsCString buffer;
+uint32_t avail = (uint32_t)std::min(avail64, (uint64_t)UINT32_MAX);
+if (NS_FAILED(NS_ReadInputStreamToString(input, buffer, avail))) {
+return;
+}
+nsScriptLoader::ConvertToUTF16(channel, (uint8_t*)buffer.get(), avail,
+EmptyString(), nullptr,
+dataStringBuf, dataStringLength);
+}
+JS::SourceBufferHolder srcBuf(dataStringBuf, dataStringLength,
+JS::SourceBufferHolder::GiveOwnership);
+if (dataStringBuf && dataStringLength > 0) {
+AutoSafeJSContext cx;
+JS::Rooted<JSObject*> global(cx, mGlobal->GetJSObject());
+if (global) {
+JSAutoCompartment ac(cx, global);
+JS::CompileOptions options(cx);
+options.setFileAndLine(url.get(), 1);
+JS::Rooted<JSScript*> script(cx);
+JS::Rooted<JSObject*> funobj(cx);
+if (aRunInGlobalScope) {
+options.setNoScriptRval(true);
+if (!JS::Compile(cx, JS::NullPtr(), options, srcBuf, &script)) {
+return;
+}
+} else {
+JS::Rooted<JSFunction *> fun(cx);
+if (!JS::CompileFunction(cx, JS::NullPtr(), options,
+nullptr, 0, nullptr, /* name, nargs, args */
+srcBuf, &fun))
+{
+return;
+}
+funobj = JS_GetFunctionObject(fun);
+}
+if (!script && !funobj) {
+return;
+}
+aScriptp.set(script);
+aFunp.set(funobj);
+nsAutoCString scheme;
+uri->GetScheme(scheme);
+// We don't cache data: scripts!
+if (aShouldCache && !scheme.EqualsLiteral("data")) {
+nsFrameScriptObjectExecutorHolder* holder;
+// Root the object also for caching.
+if (script) {
+holder = new nsFrameScriptObjectExecutorHolder(cx, script);
+} else {
+holder = new nsFrameScriptObjectExecutorHolder(cx, funobj);
+}
+sCachedScripts->Put(aURL, holder);
+}
+}
+}
+}
+void
+nsFrameScriptExecutor::TryCacheLoadAndCompileScript(const nsAString& aURL,
+bool aRunInGlobalScope)
+{
+AutoSafeJSContext cx;
+JS::Rooted<JSScript*> script(cx);
+JS::Rooted<JSObject*> funobj(cx);
+TryCacheLoadAndCompileScript(aURL, aRunInGlobalScope, true, &script, &funobj);
+}
+bool
+nsFrameScriptExecutor::InitTabChildGlobalInternal(nsISupports* aScope,
+const nsACString& aID)
+{
+nsCOMPtr<nsIJSRuntimeService> runtimeSvc =
+do_GetService("@mozilla.org/js/xpc/RuntimeService;1");
+NS_ENSURE_TRUE(runtimeSvc, false);
+JSRuntime* rt = nullptr;
+runtimeSvc->GetRuntime(&rt);
+NS_ENSURE_TRUE(rt, false);
+AutoSafeJSContext cx;
+nsContentUtils::GetSecurityManager()->GetSystemPrincipal(getter_AddRefs(mPrincipal));
+nsIXPConnect* xpc = nsContentUtils::XPConnect();
+const uint32_t flags = nsIXPConnect::INIT_JS_STANDARD_CLASSES;
+JS::CompartmentOptions options;
+options.setZone(JS::SystemZone)
+.setVersion(JSVERSION_LATEST);
+nsresult rv =
+xpc->InitClassesWithNewWrappedGlobal(cx, aScope, mPrincipal,
+flags, options, getter_AddRefs(mGlobal));
+NS_ENSURE_SUCCESS(rv, false);
+JS::Rooted<JSObject*> global(cx, mGlobal->GetJSObject());
+NS_ENSURE_TRUE(global, false);
+// Set the location information for the new global, so that tools like
+// about:memory may use that information.
+xpc::SetLocationForGlobal(global, aID);
+DidCreateGlobal();
+return true;
+}
+NS_IMPL_ISUPPORTS(nsScriptCacheCleaner, nsIObserver)
+nsFrameMessageManager* nsFrameMessageManager::sChildProcessManager = nullptr;
+nsFrameMessageManager* nsFrameMessageManager::sParentProcessManager = nullptr;
+nsFrameMessageManager* nsFrameMessageManager::sSameProcessParentManager = nullptr;
+nsTArray<nsCOMPtr<nsIRunnable> >* nsFrameMessageManager::sPendingSameProcessAsyncMessages = nullptr;
+class nsAsyncMessageToSameProcessChild : public nsSameProcessAsyncMessageBase,
+public nsRunnable
+{
+public:
+nsAsyncMessageToSameProcessChild(JSContext* aCx,
+const nsAString& aMessage,
+const StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal)
+: nsSameProcessAsyncMessageBase(aCx, aMessage, aData, aCpows, aPrincipal)
+{
+}
+NS_IMETHOD Run()
+{
+nsFrameMessageManager* ppm = nsFrameMessageManager::sChildProcessManager;
+ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm), ppm);
+return NS_OK;
+}
+};
+/**
+* Send messages to an imaginary child process in a single-process scenario.
+*/
+class SameParentProcessMessageManagerCallback : public MessageManagerCallback
+{
+public:
+SameParentProcessMessageManagerCallback()
+{
+MOZ_COUNT_CTOR(SameParentProcessMessageManagerCallback);
+}
+virtual ~SameParentProcessMessageManagerCallback()
+{
+MOZ_COUNT_DTOR(SameParentProcessMessageManagerCallback);
+}
+virtual bool DoSendAsyncMessage(JSContext* aCx,
+const nsAString& aMessage,
+const StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal)
+{
+nsRefPtr<nsIRunnable> ev =
+new nsAsyncMessageToSameProcessChild(aCx, aMessage, aData, aCpows,
+aPrincipal);
+NS_DispatchToCurrentThread(ev);
+return true;
+}
+bool CheckPermission(const nsAString& aPermission)
+{
+// In a single-process scenario, the child always has all capabilities.
+return true;
+}
+bool CheckManifestURL(const nsAString& aManifestURL)
+{
+// In a single-process scenario, the child always has all capabilities.
+return true;
+}
+bool CheckAppHasPermission(const nsAString& aPermission)
+{
+// In a single-process scenario, the child always has all capabilities.
+return true;
+}
+virtual bool CheckAppHasStatus(unsigned short aStatus)
+{
+// In a single-process scenario, the child always has all capabilities.
+return true;
+}
+};
+/**
+* Send messages to the parent process.
+*/
+class ChildProcessMessageManagerCallback : public MessageManagerCallback
+{
+public:
+ChildProcessMessageManagerCallback()
+{
+MOZ_COUNT_CTOR(ChildProcessMessageManagerCallback);
+}
+virtual ~ChildProcessMessageManagerCallback()
+{
+MOZ_COUNT_DTOR(ChildProcessMessageManagerCallback);
+}
+virtual bool DoSendBlockingMessage(JSContext* aCx,
+const nsAString& aMessage,
+const mozilla::dom::StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal,
+InfallibleTArray<nsString>* aJSONRetVal,
+bool aIsSync) MOZ_OVERRIDE
+{
+mozilla::dom::ContentChild* cc =
+mozilla::dom::ContentChild::GetSingleton();
+if (!cc) {
+return true;
+}
+ClonedMessageData data;
+if (!BuildClonedMessageDataForChild(cc, aData, data)) {
+return false;
+}
+InfallibleTArray<mozilla::jsipc::CpowEntry> cpows;
+if (!cc->GetCPOWManager()->Wrap(aCx, aCpows, &cpows)) {
+return false;
+}
+if (aIsSync) {
+return cc->SendSyncMessage(PromiseFlatString(aMessage), data, cpows,
+aPrincipal, aJSONRetVal);
+}
+return cc->CallRpcMessage(PromiseFlatString(aMessage), data, cpows,
+aPrincipal, aJSONRetVal);
+}
+virtual bool DoSendAsyncMessage(JSContext* aCx,
+const nsAString& aMessage,
+const mozilla::dom::StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal) MOZ_OVERRIDE
+{
+mozilla::dom::ContentChild* cc =
+mozilla::dom::ContentChild::GetSingleton();
+if (!cc) {
+return true;
+}
+ClonedMessageData data;
+if (!BuildClonedMessageDataForChild(cc, aData, data)) {
+return false;
+}
+InfallibleTArray<mozilla::jsipc::CpowEntry> cpows;
+if (!cc->GetCPOWManager()->Wrap(aCx, aCpows, &cpows)) {
+return false;
+}
+return cc->SendAsyncMessage(PromiseFlatString(aMessage), data, cpows,
+aPrincipal);
+}
+};
+class nsAsyncMessageToSameProcessParent : public nsSameProcessAsyncMessageBase,
+public nsRunnable
+{
+public:
+nsAsyncMessageToSameProcessParent(JSContext* aCx,
+const nsAString& aMessage,
+const StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal)
+: nsSameProcessAsyncMessageBase(aCx, aMessage, aData, aCpows, aPrincipal)
+{
+}
+NS_IMETHOD Run()
+{
+if (nsFrameMessageManager::sPendingSameProcessAsyncMessages) {
+nsFrameMessageManager::sPendingSameProcessAsyncMessages->RemoveElement(this);
+}
+nsFrameMessageManager* ppm = nsFrameMessageManager::sSameProcessParentManager;
+ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm), ppm);
+return NS_OK;
+}
+};
+/**
+* Send messages to the imaginary parent process in a single-process scenario.
+*/
+class SameChildProcessMessageManagerCallback : public MessageManagerCallback
+{
+public:
+SameChildProcessMessageManagerCallback()
+{
+MOZ_COUNT_CTOR(SameChildProcessMessageManagerCallback);
+}
+virtual ~SameChildProcessMessageManagerCallback()
+{
+MOZ_COUNT_DTOR(SameChildProcessMessageManagerCallback);
+}
+virtual bool DoSendBlockingMessage(JSContext* aCx,
+const nsAString& aMessage,
+const mozilla::dom::StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal,
+InfallibleTArray<nsString>* aJSONRetVal,
+bool aIsSync) MOZ_OVERRIDE
+{
+nsTArray<nsCOMPtr<nsIRunnable> > asyncMessages;
+if (nsFrameMessageManager::sPendingSameProcessAsyncMessages) {
+asyncMessages.SwapElements(*nsFrameMessageManager::sPendingSameProcessAsyncMessages);
+uint32_t len = asyncMessages.Length();
+for (uint32_t i = 0; i < len; ++i) {
+nsCOMPtr<nsIRunnable> async = asyncMessages[i];
+async->Run();
+}
+}
+if (nsFrameMessageManager::sSameProcessParentManager) {
+SameProcessCpowHolder cpows(js::GetRuntime(aCx), aCpows);
+nsRefPtr<nsFrameMessageManager> ppm = nsFrameMessageManager::sSameProcessParentManager;
+ppm->ReceiveMessage(static_cast<nsIContentFrameMessageManager*>(ppm.get()), aMessage,
+true, &aData, &cpows, aPrincipal, aJSONRetVal);
+}
+return true;
+}
+virtual bool DoSendAsyncMessage(JSContext* aCx,
+const nsAString& aMessage,
+const mozilla::dom::StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal)
+{
+if (!nsFrameMessageManager::sPendingSameProcessAsyncMessages) {
+nsFrameMessageManager::sPendingSameProcessAsyncMessages = new nsTArray<nsCOMPtr<nsIRunnable> >;
+}
+nsCOMPtr<nsIRunnable> ev =
+new nsAsyncMessageToSameProcessParent(aCx, aMessage, aData, aCpows, aPrincipal);
+nsFrameMessageManager::sPendingSameProcessAsyncMessages->AppendElement(ev);
+NS_DispatchToCurrentThread(ev);
+return true;
+}
+};
+// This creates the global parent process message manager.
+nsresult
+NS_NewParentProcessMessageManager(nsIMessageBroadcaster** aResult)
+{
+NS_ASSERTION(!nsFrameMessageManager::sParentProcessManager,
+"Re-creating sParentProcessManager");
+NS_ENSURE_TRUE(XRE_GetProcessType() == GeckoProcessType_Default,
+NS_ERROR_NOT_AVAILABLE);
+nsRefPtr<nsFrameMessageManager> mm = new nsFrameMessageManager(nullptr,
+nullptr,
+MM_CHROME | MM_PROCESSMANAGER | MM_BROADCASTER);
+nsFrameMessageManager::sParentProcessManager = mm;
+nsFrameMessageManager::NewProcessMessageManager(nullptr); // Create same process message manager.
+return CallQueryInterface(mm, aResult);
+}
+nsFrameMessageManager*
+nsFrameMessageManager::NewProcessMessageManager(mozilla::dom::ContentParent* aProcess)
+{
+if (!nsFrameMessageManager::sParentProcessManager) {
+nsCOMPtr<nsIMessageBroadcaster> dummy =
+do_GetService("@mozilla.org/parentprocessmessagemanager;1");
+}
+MOZ_ASSERT(nsFrameMessageManager::sParentProcessManager,
+"parent process manager not created");
+nsFrameMessageManager* mm;
+if (aProcess) {
+mm = new nsFrameMessageManager(aProcess,
+nsFrameMessageManager::sParentProcessManager,
+MM_CHROME | MM_PROCESSMANAGER);
+} else {
+mm = new nsFrameMessageManager(new SameParentProcessMessageManagerCallback(),
+nsFrameMessageManager::sParentProcessManager,
+MM_CHROME | MM_PROCESSMANAGER | MM_OWNSCALLBACK);
+sSameProcessParentManager = mm;
+}
+return mm;
+}
+nsresult
+NS_NewChildProcessMessageManager(nsISyncMessageSender** aResult)
+{
+NS_ASSERTION(!nsFrameMessageManager::sChildProcessManager,
+"Re-creating sChildProcessManager");
+MessageManagerCallback* cb;
+if (XRE_GetProcessType() == GeckoProcessType_Default) {
+cb = new SameChildProcessMessageManagerCallback();
+} else {
+cb = new ChildProcessMessageManagerCallback();
+RegisterStrongMemoryReporter(new MessageManagerReporter());
+}
+nsFrameMessageManager* mm = new nsFrameMessageManager(cb,
+nullptr,
+MM_PROCESSMANAGER | MM_OWNSCALLBACK);
+nsFrameMessageManager::sChildProcessManager = mm;
+return CallQueryInterface(mm, aResult);
+}
+static PLDHashOperator
+CycleCollectorMarkListeners(const nsAString& aKey,
+nsAutoTObserverArray<nsMessageListenerInfo, 1>* aListeners,
+void* aData)
+{
+uint32_t count = aListeners->Length();
+for (uint32_t i = 0; i < count; i++) {
+if (aListeners->ElementAt(i).mStrongListener) {
+xpc_TryUnmarkWrappedGrayObject(aListeners->ElementAt(i).mStrongListener);
+}
+}
+return PL_DHASH_NEXT;
+}
+bool
+nsFrameMessageManager::MarkForCC()
+{
+mListeners.EnumerateRead(CycleCollectorMarkListeners, nullptr);
+if (mRefCnt.IsPurple()) {
+mRefCnt.RemovePurple();
+}
+return true;
+}
+nsSameProcessAsyncMessageBase::nsSameProcessAsyncMessageBase(JSContext* aCx,
+const nsAString& aMessage,
+const StructuredCloneData& aData,
+JS::Handle<JSObject*> aCpows,
+nsIPrincipal* aPrincipal)
+: mRuntime(js::GetRuntime(aCx)),
+mMessage(aMessage),
+mCpows(aCx, aCpows),
+mPrincipal(aPrincipal)
+{
+if (aData.mDataLength && !mData.copy(aData.mData, aData.mDataLength)) {
+NS_RUNTIMEABORT("OOM");
+}
+mClosure = aData.mClosure;
+}
+void
+nsSameProcessAsyncMessageBase::ReceiveMessage(nsISupports* aTarget,
+nsFrameMessageManager* aManager)
+{
+if (aManager) {
+StructuredCloneData data;
+data.mData = mData.data();
+data.mDataLength = mData.nbytes();
+data.mClosure = mClosure;
+SameProcessCpowHolder cpows(mRuntime, mCpows);
+nsRefPtr<nsFrameMessageManager> mm = aManager;
+mm->ReceiveMessage(aTarget, mMessage, false, &data, &cpows,
+mPrincipal, nullptr);
+}
+}

The Tor Browser / file comparison

comparison: content/base/src/nsFrameMessageManager.cpp

content/base/src/nsFrameMessageManager.cpp