michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- michael@0: * vim: set ts=8 sts=4 et sw=4 tw=99: michael@0: * This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef jsproxy_h michael@0: #define jsproxy_h michael@0: michael@0: #include "mozilla/Maybe.h" michael@0: michael@0: #include "jsfriendapi.h" michael@0: michael@0: #include "js/CallNonGenericMethod.h" michael@0: #include "js/Class.h" michael@0: michael@0: namespace js { michael@0: michael@0: using JS::AutoIdVector; michael@0: using JS::CallArgs; michael@0: using JS::HandleId; michael@0: using JS::HandleObject; michael@0: using JS::HandleValue; michael@0: using JS::IsAcceptableThis; michael@0: using JS::MutableHandle; michael@0: using JS::MutableHandleObject; michael@0: using JS::MutableHandleValue; michael@0: using JS::NativeImpl; michael@0: using JS::PrivateValue; michael@0: using JS::Value; michael@0: michael@0: class RegExpGuard; michael@0: class JS_FRIEND_API(Wrapper); michael@0: michael@0: /* michael@0: * A proxy is a JSObject that implements generic behavior by providing custom michael@0: * implementations for each object trap. The implementation for each trap is michael@0: * provided by a C++ object stored on the proxy, known as its handler. michael@0: * michael@0: * A major use case for proxies is to forward each trap to another object, michael@0: * known as its target. The target can be an arbitrary C++ object. Not every michael@0: * proxy has the notion of a target, however. michael@0: * michael@0: * Proxy traps are grouped into fundamental and derived traps. Every proxy has michael@0: * to at least provide implementations for the fundamental traps, but the michael@0: * derived traps can be implemented in terms of the fundamental ones michael@0: * BaseProxyHandler provides implementations of the derived traps in terms of michael@0: * the (pure virtual) fundamental traps. michael@0: * michael@0: * In addition to the normal traps, there are two models for proxy prototype michael@0: * chains. First, proxies may opt to use the standard prototype mechanism used michael@0: * throughout the engine. To do so, simply pass a prototype to NewProxyObject() michael@0: * at creation time. All prototype accesses will then "just work" to treat the michael@0: * proxy as a "normal" object. Alternatively, if instead the proxy wishes to michael@0: * implement more complicated prototype semantics (if, for example, it wants to michael@0: * delegate the prototype lookup to a wrapped object), it may pass Proxy::LazyProto michael@0: * as the prototype at create time and opt in to the trapped prototype system, michael@0: * which guarantees that their trap will be called on any and every prototype michael@0: * chain access of the object. michael@0: * michael@0: * This system is implemented with two traps: {get,set}PrototypeOf. The default michael@0: * implementation of setPrototypeOf throws a TypeError. Since it is not possible michael@0: * to create an object without a sense of prototype chain, handler implementors michael@0: * must provide a getPrototypeOf trap if opting in to the dynamic prototype system. michael@0: * michael@0: * To minimize code duplication, a set of abstract proxy handler classes is michael@0: * provided, from which other handlers may inherit. These abstract classes michael@0: * are organized in the following hierarchy: michael@0: * michael@0: * BaseProxyHandler michael@0: * | michael@0: * DirectProxyHandler michael@0: * | michael@0: * Wrapper michael@0: */ michael@0: michael@0: /* michael@0: * BaseProxyHandler is the most generic kind of proxy handler. It does not make michael@0: * any assumptions about the target. Consequently, it does not provide any michael@0: * default implementation for the fundamental traps. It does, however, implement michael@0: * the derived traps in terms of the fundamental ones. This allows consumers of michael@0: * this class to define any custom behavior they want. michael@0: * michael@0: * Important: If you add a trap here, you should probably also add a Proxy::foo michael@0: * entry point with an AutoEnterPolicy. If you don't, you need an explicit michael@0: * override for the trap in SecurityWrapper. See bug 945826 comment 0. michael@0: */ michael@0: class JS_FRIEND_API(BaseProxyHandler) michael@0: { michael@0: const void *mFamily; michael@0: michael@0: /* michael@0: * Proxy handlers can use mHasPrototype to request the following special michael@0: * treatment from the JS engine: michael@0: * michael@0: * - When mHasPrototype is true, the engine never calls these methods: michael@0: * getPropertyDescriptor, has, set, enumerate, iterate. Instead, for michael@0: * these operations, it calls the "own" traps like michael@0: * getOwnPropertyDescriptor, hasOwn, defineProperty, keys, etc., and michael@0: * consults the prototype chain if needed. michael@0: * michael@0: * - When mHasPrototype is true, the engine calls handler->get() only if michael@0: * handler->hasOwn() says an own property exists on the proxy. If not, michael@0: * it consults the prototype chain. michael@0: * michael@0: * This is useful because it frees the ProxyHandler from having to implement michael@0: * any behavior having to do with the prototype chain. michael@0: */ michael@0: bool mHasPrototype; michael@0: michael@0: /* michael@0: * All proxies indicate whether they have any sort of interesting security michael@0: * policy that might prevent the caller from doing something it wants to michael@0: * the object. In the case of wrappers, this distinction is used to michael@0: * determine whether the caller may strip off the wrapper if it so desires. michael@0: */ michael@0: bool mHasSecurityPolicy; michael@0: michael@0: protected: michael@0: // Subclasses may set this in their constructor. michael@0: void setHasPrototype(bool aHasPrototype) { mHasPrototype = aHasPrototype; } michael@0: void setHasSecurityPolicy(bool aHasPolicy) { mHasSecurityPolicy = aHasPolicy; } michael@0: michael@0: public: michael@0: explicit BaseProxyHandler(const void *family); michael@0: virtual ~BaseProxyHandler(); michael@0: michael@0: bool hasPrototype() { michael@0: return mHasPrototype; michael@0: } michael@0: michael@0: bool hasSecurityPolicy() { michael@0: return mHasSecurityPolicy; michael@0: } michael@0: michael@0: inline const void *family() { michael@0: return mFamily; michael@0: } michael@0: static size_t offsetOfFamily() { michael@0: return offsetof(BaseProxyHandler, mFamily); michael@0: } michael@0: michael@0: virtual bool finalizeInBackground(Value priv) { michael@0: /* michael@0: * Called on creation of a proxy to determine whether its finalize michael@0: * method can be finalized on the background thread. michael@0: */ michael@0: return true; michael@0: } michael@0: michael@0: /* Policy enforcement traps. michael@0: * michael@0: * enter() allows the policy to specify whether the caller may perform |act| michael@0: * on the proxy's |id| property. In the case when |act| is CALL, |id| is michael@0: * generally JSID_VOID. michael@0: * michael@0: * The |act| parameter to enter() specifies the action being performed. michael@0: * If |bp| is false, the trap suggests that the caller throw (though it michael@0: * may still decide to squelch the error). michael@0: * michael@0: * We make these OR-able so that assertEnteredPolicy can pass a union of them. michael@0: * For example, get{,Own}PropertyDescriptor is invoked by both calls to ::get() michael@0: * and ::set() (since we need to look up the accessor), so its michael@0: * assertEnteredPolicy would pass GET | SET. michael@0: */ michael@0: typedef uint32_t Action; michael@0: enum { michael@0: NONE = 0x00, michael@0: GET = 0x01, michael@0: SET = 0x02, michael@0: CALL = 0x04, michael@0: ENUMERATE = 0x08 michael@0: }; michael@0: michael@0: virtual bool enter(JSContext *cx, HandleObject wrapper, HandleId id, Action act, michael@0: bool *bp); michael@0: michael@0: /* ES5 Harmony fundamental proxy traps. */ michael@0: virtual bool preventExtensions(JSContext *cx, HandleObject proxy) = 0; michael@0: virtual bool getPropertyDescriptor(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc) = 0; michael@0: virtual bool getOwnPropertyDescriptor(JSContext *cx, HandleObject proxy, michael@0: HandleId id, MutableHandle desc) = 0; michael@0: virtual bool defineProperty(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc) = 0; michael@0: virtual bool getOwnPropertyNames(JSContext *cx, HandleObject proxy, michael@0: AutoIdVector &props) = 0; michael@0: virtual bool delete_(JSContext *cx, HandleObject proxy, HandleId id, bool *bp) = 0; michael@0: virtual bool enumerate(JSContext *cx, HandleObject proxy, AutoIdVector &props) = 0; michael@0: michael@0: /* ES5 Harmony derived proxy traps. */ michael@0: virtual bool has(JSContext *cx, HandleObject proxy, HandleId id, bool *bp); michael@0: virtual bool hasOwn(JSContext *cx, HandleObject proxy, HandleId id, bool *bp); michael@0: virtual bool get(JSContext *cx, HandleObject proxy, HandleObject receiver, michael@0: HandleId id, MutableHandleValue vp); michael@0: virtual bool set(JSContext *cx, HandleObject proxy, HandleObject receiver, michael@0: HandleId id, bool strict, MutableHandleValue vp); michael@0: virtual bool keys(JSContext *cx, HandleObject proxy, AutoIdVector &props); michael@0: virtual bool iterate(JSContext *cx, HandleObject proxy, unsigned flags, michael@0: MutableHandleValue vp); michael@0: michael@0: /* Spidermonkey extensions. */ michael@0: virtual bool isExtensible(JSContext *cx, HandleObject proxy, bool *extensible) = 0; michael@0: virtual bool call(JSContext *cx, HandleObject proxy, const CallArgs &args); michael@0: virtual bool construct(JSContext *cx, HandleObject proxy, const CallArgs &args); michael@0: virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, CallArgs args); michael@0: virtual bool hasInstance(JSContext *cx, HandleObject proxy, MutableHandleValue v, bool *bp); michael@0: virtual bool objectClassIs(HandleObject obj, ESClassValue classValue, JSContext *cx); michael@0: virtual const char *className(JSContext *cx, HandleObject proxy); michael@0: virtual JSString *fun_toString(JSContext *cx, HandleObject proxy, unsigned indent); michael@0: virtual bool regexp_toShared(JSContext *cx, HandleObject proxy, RegExpGuard *g); michael@0: virtual bool defaultValue(JSContext *cx, HandleObject obj, JSType hint, MutableHandleValue vp); michael@0: virtual void finalize(JSFreeOp *fop, JSObject *proxy); michael@0: virtual bool getPrototypeOf(JSContext *cx, HandleObject proxy, MutableHandleObject protop); michael@0: virtual bool setPrototypeOf(JSContext *cx, HandleObject proxy, HandleObject proto, bool *bp); michael@0: michael@0: // These two hooks must be overridden, or not overridden, in tandem -- no michael@0: // overriding just one! michael@0: virtual bool watch(JSContext *cx, JS::HandleObject proxy, JS::HandleId id, michael@0: JS::HandleObject callable); michael@0: virtual bool unwatch(JSContext *cx, JS::HandleObject proxy, JS::HandleId id); michael@0: michael@0: virtual bool slice(JSContext *cx, HandleObject proxy, uint32_t begin, uint32_t end, michael@0: HandleObject result); michael@0: michael@0: /* See comment for weakmapKeyDelegateOp in js/Class.h. */ michael@0: virtual JSObject *weakmapKeyDelegate(JSObject *proxy); michael@0: virtual bool isScripted() { return false; } michael@0: }; michael@0: michael@0: /* michael@0: * DirectProxyHandler includes a notion of a target object. All traps are michael@0: * reimplemented such that they forward their behavior to the target. This michael@0: * allows consumers of this class to forward to another object as transparently michael@0: * and efficiently as possible. michael@0: * michael@0: * Important: If you add a trap implementation here, you probably also need to michael@0: * add an override in CrossCompartmentWrapper. If you don't, you risk michael@0: * compartment mismatches. See bug 945826 comment 0. michael@0: */ michael@0: class JS_PUBLIC_API(DirectProxyHandler) : public BaseProxyHandler michael@0: { michael@0: public: michael@0: explicit DirectProxyHandler(const void *family); michael@0: michael@0: /* ES5 Harmony fundamental proxy traps. */ michael@0: virtual bool preventExtensions(JSContext *cx, HandleObject proxy) MOZ_OVERRIDE; michael@0: virtual bool getPropertyDescriptor(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc) MOZ_OVERRIDE; michael@0: virtual bool getOwnPropertyDescriptor(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc) MOZ_OVERRIDE; michael@0: virtual bool defineProperty(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc) MOZ_OVERRIDE; michael@0: virtual bool getOwnPropertyNames(JSContext *cx, HandleObject proxy, michael@0: AutoIdVector &props) MOZ_OVERRIDE; michael@0: virtual bool delete_(JSContext *cx, HandleObject proxy, HandleId id, michael@0: bool *bp) MOZ_OVERRIDE; michael@0: virtual bool enumerate(JSContext *cx, HandleObject proxy, michael@0: AutoIdVector &props) MOZ_OVERRIDE; michael@0: michael@0: /* ES5 Harmony derived proxy traps. */ michael@0: virtual bool has(JSContext *cx, HandleObject proxy, HandleId id, michael@0: bool *bp) MOZ_OVERRIDE; michael@0: virtual bool hasOwn(JSContext *cx, HandleObject proxy, HandleId id, michael@0: bool *bp) MOZ_OVERRIDE; michael@0: virtual bool get(JSContext *cx, HandleObject proxy, HandleObject receiver, michael@0: HandleId id, MutableHandleValue vp) MOZ_OVERRIDE; michael@0: virtual bool set(JSContext *cx, HandleObject proxy, HandleObject receiver, michael@0: HandleId id, bool strict, MutableHandleValue vp) MOZ_OVERRIDE; michael@0: virtual bool keys(JSContext *cx, HandleObject proxy, michael@0: AutoIdVector &props) MOZ_OVERRIDE; michael@0: virtual bool iterate(JSContext *cx, HandleObject proxy, unsigned flags, michael@0: MutableHandleValue vp) MOZ_OVERRIDE; michael@0: michael@0: /* Spidermonkey extensions. */ michael@0: virtual bool isExtensible(JSContext *cx, HandleObject proxy, bool *extensible) MOZ_OVERRIDE; michael@0: virtual bool call(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE; michael@0: virtual bool construct(JSContext *cx, HandleObject proxy, const CallArgs &args) MOZ_OVERRIDE; michael@0: virtual bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, michael@0: CallArgs args) MOZ_OVERRIDE; michael@0: virtual bool hasInstance(JSContext *cx, HandleObject proxy, MutableHandleValue v, michael@0: bool *bp) MOZ_OVERRIDE; michael@0: virtual bool getPrototypeOf(JSContext *cx, HandleObject proxy, MutableHandleObject protop); michael@0: virtual bool setPrototypeOf(JSContext *cx, HandleObject proxy, HandleObject proto, bool *bp); michael@0: virtual bool objectClassIs(HandleObject obj, ESClassValue classValue, michael@0: JSContext *cx) MOZ_OVERRIDE; michael@0: virtual const char *className(JSContext *cx, HandleObject proxy) MOZ_OVERRIDE; michael@0: virtual JSString *fun_toString(JSContext *cx, HandleObject proxy, michael@0: unsigned indent) MOZ_OVERRIDE; michael@0: virtual bool regexp_toShared(JSContext *cx, HandleObject proxy, michael@0: RegExpGuard *g) MOZ_OVERRIDE; michael@0: virtual JSObject *weakmapKeyDelegate(JSObject *proxy); michael@0: }; michael@0: michael@0: /* michael@0: * Dispatch point for handlers that executes the appropriate C++ or scripted traps. michael@0: * michael@0: * Important: All proxy traps need either (a) an AutoEnterPolicy in their michael@0: * Proxy::foo entry point below or (b) an override in SecurityWrapper. See bug michael@0: * 945826 comment 0. michael@0: */ michael@0: class Proxy michael@0: { michael@0: public: michael@0: /* ES5 Harmony fundamental proxy traps. */ michael@0: static bool preventExtensions(JSContext *cx, HandleObject proxy); michael@0: static bool getPropertyDescriptor(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc); michael@0: static bool getPropertyDescriptor(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandleValue vp); michael@0: static bool getOwnPropertyDescriptor(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc); michael@0: static bool getOwnPropertyDescriptor(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandleValue vp); michael@0: static bool defineProperty(JSContext *cx, HandleObject proxy, HandleId id, michael@0: MutableHandle desc); michael@0: static bool defineProperty(JSContext *cx, HandleObject proxy, HandleId id, HandleValue v); michael@0: static bool getOwnPropertyNames(JSContext *cx, HandleObject proxy, AutoIdVector &props); michael@0: static bool delete_(JSContext *cx, HandleObject proxy, HandleId id, bool *bp); michael@0: static bool enumerate(JSContext *cx, HandleObject proxy, AutoIdVector &props); michael@0: michael@0: /* ES5 Harmony derived proxy traps. */ michael@0: static bool has(JSContext *cx, HandleObject proxy, HandleId id, bool *bp); michael@0: static bool hasOwn(JSContext *cx, HandleObject proxy, HandleId id, bool *bp); michael@0: static bool get(JSContext *cx, HandleObject proxy, HandleObject receiver, HandleId id, michael@0: MutableHandleValue vp); michael@0: static bool set(JSContext *cx, HandleObject proxy, HandleObject receiver, HandleId id, michael@0: bool strict, MutableHandleValue vp); michael@0: static bool keys(JSContext *cx, HandleObject proxy, AutoIdVector &props); michael@0: static bool iterate(JSContext *cx, HandleObject proxy, unsigned flags, MutableHandleValue vp); michael@0: michael@0: /* Spidermonkey extensions. */ michael@0: static bool isExtensible(JSContext *cx, HandleObject proxy, bool *extensible); michael@0: static bool call(JSContext *cx, HandleObject proxy, const CallArgs &args); michael@0: static bool construct(JSContext *cx, HandleObject proxy, const CallArgs &args); michael@0: static bool nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl, CallArgs args); michael@0: static bool hasInstance(JSContext *cx, HandleObject proxy, MutableHandleValue v, bool *bp); michael@0: static bool objectClassIs(HandleObject obj, ESClassValue classValue, JSContext *cx); michael@0: static const char *className(JSContext *cx, HandleObject proxy); michael@0: static JSString *fun_toString(JSContext *cx, HandleObject proxy, unsigned indent); michael@0: static bool regexp_toShared(JSContext *cx, HandleObject proxy, RegExpGuard *g); michael@0: static bool defaultValue(JSContext *cx, HandleObject obj, JSType hint, MutableHandleValue vp); michael@0: static bool getPrototypeOf(JSContext *cx, HandleObject proxy, MutableHandleObject protop); michael@0: static bool setPrototypeOf(JSContext *cx, HandleObject proxy, HandleObject proto, bool *bp); michael@0: michael@0: static bool watch(JSContext *cx, HandleObject proxy, HandleId id, HandleObject callable); michael@0: static bool unwatch(JSContext *cx, HandleObject proxy, HandleId id); michael@0: michael@0: static bool slice(JSContext *cx, HandleObject obj, uint32_t begin, uint32_t end, michael@0: HandleObject result); michael@0: michael@0: /* IC entry path for handling __noSuchMethod__ on access. */ michael@0: static bool callProp(JSContext *cx, HandleObject proxy, HandleObject reveiver, HandleId id, michael@0: MutableHandleValue vp); michael@0: }; michael@0: michael@0: // Use these in places where you don't want to #include vm/ProxyObject.h. michael@0: extern JS_FRIEND_DATA(const js::Class* const) CallableProxyClassPtr; michael@0: extern JS_FRIEND_DATA(const js::Class* const) UncallableProxyClassPtr; michael@0: michael@0: inline bool IsProxy(JSObject *obj) michael@0: { michael@0: return GetObjectClass(obj)->isProxy(); michael@0: } michael@0: michael@0: /* michael@0: * These are part of the API. michael@0: * michael@0: * NOTE: PROXY_PRIVATE_SLOT is 0 because that way slot 0 is usable by API michael@0: * clients for both proxy and non-proxy objects. So an API client that only michael@0: * needs to store one slot's worth of data doesn't need to branch on what sort michael@0: * of object it has. michael@0: */ michael@0: const uint32_t PROXY_PRIVATE_SLOT = 0; michael@0: const uint32_t PROXY_HANDLER_SLOT = 1; michael@0: const uint32_t PROXY_EXTRA_SLOT = 2; michael@0: const uint32_t PROXY_MINIMUM_SLOTS = 4; michael@0: michael@0: inline BaseProxyHandler * michael@0: GetProxyHandler(JSObject *obj) michael@0: { michael@0: JS_ASSERT(IsProxy(obj)); michael@0: return (BaseProxyHandler *) GetReservedSlot(obj, PROXY_HANDLER_SLOT).toPrivate(); michael@0: } michael@0: michael@0: inline const Value & michael@0: GetProxyPrivate(JSObject *obj) michael@0: { michael@0: JS_ASSERT(IsProxy(obj)); michael@0: return GetReservedSlot(obj, PROXY_PRIVATE_SLOT); michael@0: } michael@0: michael@0: inline JSObject * michael@0: GetProxyTargetObject(JSObject *obj) michael@0: { michael@0: JS_ASSERT(IsProxy(obj)); michael@0: return GetProxyPrivate(obj).toObjectOrNull(); michael@0: } michael@0: michael@0: inline const Value & michael@0: GetProxyExtra(JSObject *obj, size_t n) michael@0: { michael@0: JS_ASSERT(IsProxy(obj)); michael@0: return GetReservedSlot(obj, PROXY_EXTRA_SLOT + n); michael@0: } michael@0: michael@0: inline void michael@0: SetProxyHandler(JSObject *obj, BaseProxyHandler *handler) michael@0: { michael@0: JS_ASSERT(IsProxy(obj)); michael@0: SetReservedSlot(obj, PROXY_HANDLER_SLOT, PrivateValue(handler)); michael@0: } michael@0: michael@0: inline void michael@0: SetProxyExtra(JSObject *obj, size_t n, const Value &extra) michael@0: { michael@0: JS_ASSERT(IsProxy(obj)); michael@0: JS_ASSERT(n <= 1); michael@0: SetReservedSlot(obj, PROXY_EXTRA_SLOT + n, extra); michael@0: } michael@0: michael@0: inline bool michael@0: IsScriptedProxy(JSObject *obj) michael@0: { michael@0: return IsProxy(obj) && GetProxyHandler(obj)->isScripted(); michael@0: } michael@0: michael@0: class MOZ_STACK_CLASS ProxyOptions { michael@0: protected: michael@0: /* protected constructor for subclass */ michael@0: ProxyOptions(bool singletonArg, const Class *claspArg) michael@0: : singleton_(singletonArg), michael@0: clasp_(claspArg) michael@0: {} michael@0: michael@0: public: michael@0: ProxyOptions() : singleton_(false), michael@0: clasp_(UncallableProxyClassPtr) michael@0: {} michael@0: michael@0: bool singleton() const { return singleton_; } michael@0: ProxyOptions &setSingleton(bool flag) { michael@0: singleton_ = flag; michael@0: return *this; michael@0: } michael@0: michael@0: const Class *clasp() const { michael@0: return clasp_; michael@0: } michael@0: ProxyOptions &setClass(const Class *claspArg) { michael@0: clasp_ = claspArg; michael@0: return *this; michael@0: } michael@0: ProxyOptions &selectDefaultClass(bool callable) { michael@0: const Class *classp = callable? CallableProxyClassPtr : michael@0: UncallableProxyClassPtr; michael@0: return setClass(classp); michael@0: } michael@0: michael@0: private: michael@0: bool singleton_; michael@0: const Class *clasp_; michael@0: }; michael@0: michael@0: JS_FRIEND_API(JSObject *) michael@0: NewProxyObject(JSContext *cx, BaseProxyHandler *handler, HandleValue priv, michael@0: JSObject *proto, JSObject *parent, const ProxyOptions &options = ProxyOptions()); michael@0: michael@0: JSObject * michael@0: RenewProxyObject(JSContext *cx, JSObject *obj, BaseProxyHandler *handler, Value priv); michael@0: michael@0: class JS_FRIEND_API(AutoEnterPolicy) michael@0: { michael@0: public: michael@0: typedef BaseProxyHandler::Action Action; michael@0: AutoEnterPolicy(JSContext *cx, BaseProxyHandler *handler, michael@0: HandleObject wrapper, HandleId id, Action act, bool mayThrow) michael@0: #ifdef JS_DEBUG michael@0: : context(nullptr) michael@0: #endif michael@0: { michael@0: allow = handler->hasSecurityPolicy() ? handler->enter(cx, wrapper, id, act, &rv) michael@0: : true; michael@0: recordEnter(cx, wrapper, id, act); michael@0: // We want to throw an exception if all of the following are true: michael@0: // * The policy disallowed access. michael@0: // * The policy set rv to false, indicating that we should throw. michael@0: // * The caller did not instruct us to ignore exceptions. michael@0: // * The policy did not throw itself. michael@0: if (!allow && !rv && mayThrow) michael@0: reportErrorIfExceptionIsNotPending(cx, id); michael@0: } michael@0: michael@0: virtual ~AutoEnterPolicy() { recordLeave(); } michael@0: inline bool allowed() { return allow; } michael@0: inline bool returnValue() { JS_ASSERT(!allowed()); return rv; } michael@0: michael@0: protected: michael@0: // no-op constructor for subclass michael@0: AutoEnterPolicy() michael@0: #ifdef JS_DEBUG michael@0: : context(nullptr) michael@0: , enteredAction(BaseProxyHandler::NONE) michael@0: #endif michael@0: {}; michael@0: void reportErrorIfExceptionIsNotPending(JSContext *cx, jsid id); michael@0: bool allow; michael@0: bool rv; michael@0: michael@0: #ifdef JS_DEBUG michael@0: JSContext *context; michael@0: mozilla::Maybe enteredProxy; michael@0: mozilla::Maybe enteredId; michael@0: Action enteredAction; michael@0: michael@0: // NB: We explicitly don't track the entered action here, because sometimes michael@0: // SET traps do an implicit GET during their implementation, leading to michael@0: // spurious assertions. michael@0: AutoEnterPolicy *prev; michael@0: void recordEnter(JSContext *cx, HandleObject proxy, HandleId id, Action act); michael@0: void recordLeave(); michael@0: michael@0: friend JS_FRIEND_API(void) assertEnteredPolicy(JSContext *cx, JSObject *proxy, jsid id, Action act); michael@0: #else michael@0: inline void recordEnter(JSContext *cx, JSObject *proxy, jsid id, Action act) {} michael@0: inline void recordLeave() {} michael@0: #endif michael@0: michael@0: }; michael@0: michael@0: #ifdef JS_DEBUG michael@0: class JS_FRIEND_API(AutoWaivePolicy) : public AutoEnterPolicy { michael@0: public: michael@0: AutoWaivePolicy(JSContext *cx, HandleObject proxy, HandleId id, michael@0: BaseProxyHandler::Action act) michael@0: { michael@0: allow = true; michael@0: recordEnter(cx, proxy, id, act); michael@0: } michael@0: }; michael@0: #else michael@0: class JS_FRIEND_API(AutoWaivePolicy) { michael@0: public: michael@0: AutoWaivePolicy(JSContext *cx, HandleObject proxy, HandleId id, michael@0: BaseProxyHandler::Action act) michael@0: {} michael@0: }; michael@0: #endif michael@0: michael@0: #ifdef JS_DEBUG michael@0: extern JS_FRIEND_API(void) michael@0: assertEnteredPolicy(JSContext *cx, JSObject *obj, jsid id, michael@0: BaseProxyHandler::Action act); michael@0: #else michael@0: inline void assertEnteredPolicy(JSContext *cx, JSObject *obj, jsid id, michael@0: BaseProxyHandler::Action act) michael@0: {}; michael@0: #endif michael@0: michael@0: } /* namespace js */ michael@0: michael@0: extern JS_FRIEND_API(JSObject *) michael@0: js_InitProxyClass(JSContext *cx, JS::HandleObject obj); michael@0: michael@0: #endif /* jsproxy_h */