michael@0: /* -*- Mode: c++; c-basic-offset: 2; indent-tabs-mode: nil; tab-width: 40 -*- */
michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: #include "ScriptLoader.h"
michael@0: 
michael@0: #include "nsIChannel.h"
michael@0: #include "nsIChannelPolicy.h"
michael@0: #include "nsIContentPolicy.h"
michael@0: #include "nsIContentSecurityPolicy.h"
michael@0: #include "nsIHttpChannel.h"
michael@0: #include "nsIIOService.h"
michael@0: #include "nsIProtocolHandler.h"
michael@0: #include "nsIScriptSecurityManager.h"
michael@0: #include "nsIStreamLoader.h"
michael@0: #include "nsIURI.h"
michael@0: 
michael@0: #include "jsapi.h"
michael@0: #include "nsChannelPolicy.h"
michael@0: #include "nsError.h"
michael@0: #include "nsContentPolicyUtils.h"
michael@0: #include "nsContentUtils.h"
michael@0: #include "nsDocShellCID.h"
michael@0: #include "nsISupportsPrimitives.h"
michael@0: #include "nsNetUtil.h"
michael@0: #include "nsScriptLoader.h"
michael@0: #include "nsString.h"
michael@0: #include "nsTArray.h"
michael@0: #include "nsThreadUtils.h"
michael@0: #include "nsXPCOM.h"
michael@0: #include "xpcpublic.h"
michael@0: 
michael@0: #include "mozilla/dom/Exceptions.h"
michael@0: #include "Principal.h"
michael@0: #include "WorkerFeature.h"
michael@0: #include "WorkerPrivate.h"
michael@0: #include "WorkerRunnable.h"
michael@0: 
michael@0: #define MAX_CONCURRENT_SCRIPTS 1000
michael@0: 
michael@0: USING_WORKERS_NAMESPACE
michael@0: 
michael@0: using mozilla::dom::workers::exceptions::ThrowDOMExceptionForNSResult;
michael@0: 
michael@0: namespace {
michael@0: 
michael@0: nsresult
michael@0: ChannelFromScriptURL(nsIPrincipal* principal,
michael@0:                      nsIURI* baseURI,
michael@0:                      nsIDocument* parentDoc,
michael@0:                      nsILoadGroup* loadGroup,
michael@0:                      nsIIOService* ios,
michael@0:                      nsIScriptSecurityManager* secMan,
michael@0:                      const nsAString& aScriptURL,
michael@0:                      bool aIsWorkerScript,
michael@0:                      nsIChannel** aChannel)
michael@0: {
michael@0:   AssertIsOnMainThread();
michael@0: 
michael@0:   nsresult rv;
michael@0:   nsCOMPtr<nsIURI> uri;
michael@0:   rv = nsContentUtils::NewURIWithDocumentCharset(getter_AddRefs(uri),
michael@0:                                                  aScriptURL, parentDoc,
michael@0:                                                  baseURI);
michael@0:   if (NS_FAILED(rv)) {
michael@0:     return NS_ERROR_DOM_SYNTAX_ERR;
michael@0:   }
michael@0: 
michael@0:   // If we're part of a document then check the content load policy.
michael@0:   if (parentDoc) {
michael@0:     int16_t shouldLoad = nsIContentPolicy::ACCEPT;
michael@0:     rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT, uri,
michael@0:                                    principal, parentDoc,
michael@0:                                    NS_LITERAL_CSTRING("text/javascript"),
michael@0:                                    nullptr, &shouldLoad,
michael@0:                                    nsContentUtils::GetContentPolicy(),
michael@0:                                    secMan);
michael@0:     if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
michael@0:       if (NS_FAILED(rv) || shouldLoad != nsIContentPolicy::REJECT_TYPE) {
michael@0:         return rv = NS_ERROR_CONTENT_BLOCKED;
michael@0:       }
michael@0:       return rv = NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   // If this script loader is being used to make a new worker then we need
michael@0:   // to do a same-origin check. Otherwise we need to clear the load with the
michael@0:   // security manager.
michael@0:   if (aIsWorkerScript) {
michael@0:     nsCString scheme;
michael@0:     rv = uri->GetScheme(scheme);
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:     // We pass true as the 3rd argument to checkMayLoad here.
michael@0:     // This allows workers in sandboxed documents to load data URLs
michael@0:     // (and other URLs that inherit their principal from their
michael@0:     // creator.)
michael@0:     rv = principal->CheckMayLoad(uri, false, true);
michael@0:     NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);
michael@0:   }
michael@0:   else {
michael@0:     rv = secMan->CheckLoadURIWithPrincipal(principal, uri, 0);
michael@0:     NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SECURITY_ERR);
michael@0:   }
michael@0: 
michael@0:   // Get Content Security Policy from parent document to pass into channel.
michael@0:   nsCOMPtr<nsIContentSecurityPolicy> csp;
michael@0:   rv = principal->GetCsp(getter_AddRefs(csp));
michael@0:   NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:   nsCOMPtr<nsIChannelPolicy> channelPolicy;
michael@0:   if (csp) {
michael@0:     channelPolicy = do_CreateInstance(NSCHANNELPOLICY_CONTRACTID, &rv);
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:     rv = channelPolicy->SetContentSecurityPolicy(csp);
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:     rv = channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT);
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0:   }
michael@0: 
michael@0:   uint32_t flags = nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI;
michael@0: 
michael@0:   nsCOMPtr<nsIChannel> channel;
michael@0:   rv = NS_NewChannel(getter_AddRefs(channel), uri, ios, loadGroup, nullptr,
michael@0:                      flags, channelPolicy);
michael@0:   NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:   channel.forget(aChannel);
michael@0:   return rv;
michael@0: }
michael@0: 
michael@0: struct ScriptLoadInfo
michael@0: {
michael@0:   ScriptLoadInfo()
michael@0:   : mScriptTextBuf(nullptr)
michael@0:   , mScriptTextLength(0)
michael@0:   , mLoadResult(NS_ERROR_NOT_INITIALIZED), mExecutionScheduled(false)
michael@0:   , mExecutionResult(false)
michael@0:   { }
michael@0: 
michael@0:   ~ScriptLoadInfo()
michael@0:   {
michael@0:     if (mScriptTextBuf) {
michael@0:       js_free(mScriptTextBuf);
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   bool
michael@0:   ReadyToExecute()
michael@0:   {
michael@0:     return !mChannel && NS_SUCCEEDED(mLoadResult) && !mExecutionScheduled;
michael@0:   }
michael@0: 
michael@0:   nsString mURL;
michael@0:   nsCOMPtr<nsIChannel> mChannel;
michael@0:   jschar* mScriptTextBuf;
michael@0:   size_t mScriptTextLength;
michael@0: 
michael@0:   nsresult mLoadResult;
michael@0:   bool mExecutionScheduled;
michael@0:   bool mExecutionResult;
michael@0: };
michael@0: 
michael@0: class ScriptLoaderRunnable;
michael@0: 
michael@0: class ScriptExecutorRunnable MOZ_FINAL : public MainThreadWorkerSyncRunnable
michael@0: {
michael@0:   ScriptLoaderRunnable& mScriptLoader;
michael@0:   uint32_t mFirstIndex;
michael@0:   uint32_t mLastIndex;
michael@0: 
michael@0: public:
michael@0:   ScriptExecutorRunnable(ScriptLoaderRunnable& aScriptLoader,
michael@0:                          nsIEventTarget* aSyncLoopTarget, uint32_t aFirstIndex,
michael@0:                          uint32_t aLastIndex);
michael@0: 
michael@0: private:
michael@0:   ~ScriptExecutorRunnable()
michael@0:   { }
michael@0: 
michael@0:   virtual bool
michael@0:   WorkerRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate) MOZ_OVERRIDE;
michael@0: 
michael@0:   virtual void
michael@0:   PostRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate, bool aRunResult)
michael@0:           MOZ_OVERRIDE;
michael@0: 
michael@0:   NS_DECL_NSICANCELABLERUNNABLE
michael@0: 
michael@0:   void
michael@0:   ShutdownScriptLoader(JSContext* aCx,
michael@0:                        WorkerPrivate* aWorkerPrivate,
michael@0:                        bool aResult);
michael@0: };
michael@0: 
michael@0: class ScriptLoaderRunnable MOZ_FINAL : public WorkerFeature,
michael@0:                                        public nsIRunnable,
michael@0:                                        public nsIStreamLoaderObserver
michael@0: {
michael@0:   friend class ScriptExecutorRunnable;
michael@0: 
michael@0:   WorkerPrivate* mWorkerPrivate;
michael@0:   nsCOMPtr<nsIEventTarget> mSyncLoopTarget;
michael@0:   nsTArray<ScriptLoadInfo> mLoadInfos;
michael@0:   bool mIsWorkerScript;
michael@0:   bool mCanceled;
michael@0:   bool mCanceledMainThread;
michael@0: 
michael@0: public:
michael@0:   NS_DECL_THREADSAFE_ISUPPORTS
michael@0: 
michael@0:   ScriptLoaderRunnable(WorkerPrivate* aWorkerPrivate,
michael@0:                        nsIEventTarget* aSyncLoopTarget,
michael@0:                        nsTArray<ScriptLoadInfo>& aLoadInfos,
michael@0:                        bool aIsWorkerScript)
michael@0:   : mWorkerPrivate(aWorkerPrivate), mSyncLoopTarget(aSyncLoopTarget),
michael@0:     mIsWorkerScript(aIsWorkerScript), mCanceled(false),
michael@0:     mCanceledMainThread(false)
michael@0:   {
michael@0:     aWorkerPrivate->AssertIsOnWorkerThread();
michael@0:     MOZ_ASSERT(aSyncLoopTarget);
michael@0:     MOZ_ASSERT_IF(aIsWorkerScript, aLoadInfos.Length() == 1);
michael@0: 
michael@0:     mLoadInfos.SwapElements(aLoadInfos);
michael@0:   }
michael@0: 
michael@0: private:
michael@0:   ~ScriptLoaderRunnable()
michael@0:   { }
michael@0: 
michael@0:   NS_IMETHOD
michael@0:   Run() MOZ_OVERRIDE
michael@0:   {
michael@0:     AssertIsOnMainThread();
michael@0: 
michael@0:     if (NS_FAILED(RunInternal())) {
michael@0:       CancelMainThread();
michael@0:     }
michael@0: 
michael@0:     return NS_OK;
michael@0:   }
michael@0: 
michael@0:   NS_IMETHOD
michael@0:   OnStreamComplete(nsIStreamLoader* aLoader, nsISupports* aContext,
michael@0:                    nsresult aStatus, uint32_t aStringLen,
michael@0:                    const uint8_t* aString) MOZ_OVERRIDE
michael@0:   {
michael@0:     AssertIsOnMainThread();
michael@0: 
michael@0:     nsCOMPtr<nsISupportsPRUint32> indexSupports(do_QueryInterface(aContext));
michael@0:     NS_ASSERTION(indexSupports, "This should never fail!");
michael@0: 
michael@0:     uint32_t index = UINT32_MAX;
michael@0:     if (NS_FAILED(indexSupports->GetData(&index)) ||
michael@0:         index >= mLoadInfos.Length()) {
michael@0:       NS_ERROR("Bad index!");
michael@0:     }
michael@0: 
michael@0:     ScriptLoadInfo& loadInfo = mLoadInfos[index];
michael@0: 
michael@0:     loadInfo.mLoadResult = OnStreamCompleteInternal(aLoader, aContext, aStatus,
michael@0:                                                     aStringLen, aString,
michael@0:                                                     loadInfo);
michael@0: 
michael@0:     ExecuteFinishedScripts();
michael@0: 
michael@0:     return NS_OK;
michael@0:   }
michael@0: 
michael@0:   virtual bool
michael@0:   Notify(JSContext* aCx, Status aStatus) MOZ_OVERRIDE
michael@0:   {
michael@0:     mWorkerPrivate->AssertIsOnWorkerThread();
michael@0: 
michael@0:     if (aStatus >= Terminating && !mCanceled) {
michael@0:       mCanceled = true;
michael@0: 
michael@0:       nsCOMPtr<nsIRunnable> runnable =
michael@0:         NS_NewRunnableMethod(this, &ScriptLoaderRunnable::CancelMainThread);
michael@0:       NS_ASSERTION(runnable, "This should never fail!");
michael@0: 
michael@0:       if (NS_FAILED(NS_DispatchToMainThread(runnable, NS_DISPATCH_NORMAL))) {
michael@0:         JS_ReportError(aCx, "Failed to cancel script loader!");
michael@0:         return false;
michael@0:       }
michael@0:     }
michael@0: 
michael@0:     return true;
michael@0:   }
michael@0: 
michael@0:   void
michael@0:   CancelMainThread()
michael@0:   {
michael@0:     AssertIsOnMainThread();
michael@0: 
michael@0:     if (mCanceledMainThread) {
michael@0:       return;
michael@0:     }
michael@0: 
michael@0:     mCanceledMainThread = true;
michael@0: 
michael@0:     // Cancel all the channels that were already opened.
michael@0:     for (uint32_t index = 0; index < mLoadInfos.Length(); index++) {
michael@0:       ScriptLoadInfo& loadInfo = mLoadInfos[index];
michael@0: 
michael@0:       if (loadInfo.mChannel &&
michael@0:           NS_FAILED(loadInfo.mChannel->Cancel(NS_BINDING_ABORTED))) {
michael@0:         NS_WARNING("Failed to cancel channel!");
michael@0:         loadInfo.mChannel = nullptr;
michael@0:         loadInfo.mLoadResult = NS_BINDING_ABORTED;
michael@0:       }
michael@0:     }
michael@0: 
michael@0:     ExecuteFinishedScripts();
michael@0:   }
michael@0: 
michael@0:   nsresult
michael@0:   RunInternal()
michael@0:   {
michael@0:     AssertIsOnMainThread();
michael@0: 
michael@0:     WorkerPrivate* parentWorker = mWorkerPrivate->GetParent();
michael@0: 
michael@0:     // Figure out which principal to use.
michael@0:     nsIPrincipal* principal = mWorkerPrivate->GetPrincipal();
michael@0:     if (!principal) {
michael@0:       NS_ASSERTION(parentWorker, "Must have a principal!");
michael@0:       NS_ASSERTION(mIsWorkerScript, "Must have a principal for importScripts!");
michael@0: 
michael@0:       principal = parentWorker->GetPrincipal();
michael@0:     }
michael@0:     NS_ASSERTION(principal, "This should never be null here!");
michael@0: 
michael@0:     // Figure out our base URI.
michael@0:     nsCOMPtr<nsIURI> baseURI;
michael@0:     if (mIsWorkerScript) {
michael@0:       if (parentWorker) {
michael@0:         baseURI = parentWorker->GetBaseURI();
michael@0:         NS_ASSERTION(baseURI, "Should have been set already!");
michael@0:       }
michael@0:       else {
michael@0:         // May be null.
michael@0:         baseURI = mWorkerPrivate->GetBaseURI();
michael@0:       }
michael@0:     }
michael@0:     else {
michael@0:       baseURI = mWorkerPrivate->GetBaseURI();
michael@0:       NS_ASSERTION(baseURI, "Should have been set already!");
michael@0:     }
michael@0: 
michael@0:     // May be null.
michael@0:     nsCOMPtr<nsIDocument> parentDoc = mWorkerPrivate->GetDocument();
michael@0: 
michael@0:     nsCOMPtr<nsIChannel> channel;
michael@0:     if (mIsWorkerScript) {
michael@0:       // May be null.
michael@0:       channel = mWorkerPrivate->ForgetWorkerChannel();
michael@0:     }
michael@0: 
michael@0:     // All of these can potentially be null, but that should be ok. We'll either
michael@0:     // succeed without them or fail below.
michael@0:     nsCOMPtr<nsILoadGroup> loadGroup;
michael@0:     if (parentDoc) {
michael@0:       loadGroup = parentDoc->GetDocumentLoadGroup();
michael@0:     }
michael@0: 
michael@0:     nsCOMPtr<nsIIOService> ios(do_GetIOService());
michael@0: 
michael@0:     nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
michael@0:     NS_ASSERTION(secMan, "This should never be null!");
michael@0: 
michael@0:     for (uint32_t index = 0; index < mLoadInfos.Length(); index++) {
michael@0:       ScriptLoadInfo& loadInfo = mLoadInfos[index];
michael@0:       nsresult& rv = loadInfo.mLoadResult;
michael@0: 
michael@0:       if (!channel) {
michael@0:         rv = ChannelFromScriptURL(principal, baseURI, parentDoc, loadGroup, ios,
michael@0:                                   secMan, loadInfo.mURL, mIsWorkerScript,
michael@0:                                                 getter_AddRefs(channel));
michael@0:         if (NS_FAILED(rv)) {
michael@0:           return rv;
michael@0:         }
michael@0:       }
michael@0: 
michael@0:       // We need to know which index we're on in OnStreamComplete so we know
michael@0:       // where to put the result.
michael@0:       nsCOMPtr<nsISupportsPRUint32> indexSupports =
michael@0:         do_CreateInstance(NS_SUPPORTS_PRUINT32_CONTRACTID, &rv);
michael@0:       NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:       rv = indexSupports->SetData(index);
michael@0:       NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:       // We don't care about progress so just use the simple stream loader for
michael@0:       // OnStreamComplete notification only.
michael@0:       nsCOMPtr<nsIStreamLoader> loader;
michael@0:       rv = NS_NewStreamLoader(getter_AddRefs(loader), this);
michael@0:       NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:       rv = channel->AsyncOpen(loader, indexSupports);
michael@0:       NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:       loadInfo.mChannel.swap(channel);
michael@0:     }
michael@0: 
michael@0:     return NS_OK;
michael@0:   }
michael@0: 
michael@0:   nsresult
michael@0:   OnStreamCompleteInternal(nsIStreamLoader* aLoader, nsISupports* aContext,
michael@0:                            nsresult aStatus, uint32_t aStringLen,
michael@0:                            const uint8_t* aString, ScriptLoadInfo& aLoadInfo)
michael@0:   {
michael@0:     AssertIsOnMainThread();
michael@0: 
michael@0:     if (!aLoadInfo.mChannel) {
michael@0:       return NS_BINDING_ABORTED;
michael@0:     }
michael@0: 
michael@0:     aLoadInfo.mChannel = nullptr;
michael@0: 
michael@0:     if (NS_FAILED(aStatus)) {
michael@0:       return aStatus;
michael@0:     }
michael@0: 
michael@0:     if (!aStringLen) {
michael@0:       return NS_OK;
michael@0:     }
michael@0: 
michael@0:     NS_ASSERTION(aString, "This should never be null!");
michael@0: 
michael@0:     // Make sure we're not seeing the result of a 404 or something by checking
michael@0:     // the 'requestSucceeded' attribute on the http channel.
michael@0:     nsCOMPtr<nsIRequest> request;
michael@0:     nsresult rv = aLoader->GetRequest(getter_AddRefs(request));
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:     nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(request);
michael@0:     if (httpChannel) {
michael@0:       bool requestSucceeded;
michael@0:       rv = httpChannel->GetRequestSucceeded(&requestSucceeded);
michael@0:       NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:       if (!requestSucceeded) {
michael@0:         return NS_ERROR_NOT_AVAILABLE;
michael@0:       }
michael@0:     }
michael@0: 
michael@0:     // May be null.
michael@0:     nsIDocument* parentDoc = mWorkerPrivate->GetDocument();
michael@0: 
michael@0:     // Use the regular nsScriptLoader for this grunt work! Should be just fine
michael@0:     // because we're running on the main thread.
michael@0:     // Unlike <script> tags, Worker scripts are always decoded as UTF-8,
michael@0:     // per spec. So we explicitly pass in the charset hint.
michael@0:     rv = nsScriptLoader::ConvertToUTF16(aLoadInfo.mChannel, aString, aStringLen,
michael@0:                                         NS_LITERAL_STRING("UTF-8"), parentDoc,
michael@0:                                         aLoadInfo.mScriptTextBuf,
michael@0:                                         aLoadInfo.mScriptTextLength);
michael@0:     if (NS_FAILED(rv)) {
michael@0:       return rv;
michael@0:     }
michael@0: 
michael@0:     if (!aLoadInfo.mScriptTextBuf || !aLoadInfo.mScriptTextLength) {
michael@0:       return NS_ERROR_FAILURE;
michael@0:     }
michael@0: 
michael@0:     nsCOMPtr<nsIChannel> channel = do_QueryInterface(request);
michael@0:     NS_ASSERTION(channel, "This should never fail!");
michael@0: 
michael@0:     // Figure out what we actually loaded.
michael@0:     nsCOMPtr<nsIURI> finalURI;
michael@0:     rv = NS_GetFinalChannelURI(channel, getter_AddRefs(finalURI));
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:     nsCString filename;
michael@0:     rv = finalURI->GetSpec(filename);
michael@0:     NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:     if (!filename.IsEmpty()) {
michael@0:       // This will help callers figure out what their script url resolved to in
michael@0:       // case of errors.
michael@0:       aLoadInfo.mURL.Assign(NS_ConvertUTF8toUTF16(filename));
michael@0:     }
michael@0: 
michael@0:     // Update the principal of the worker and its base URI if we just loaded the
michael@0:     // worker's primary script.
michael@0:     if (mIsWorkerScript) {
michael@0:       // Take care of the base URI first.
michael@0:       mWorkerPrivate->SetBaseURI(finalURI);
michael@0: 
michael@0:       // Now to figure out which principal to give this worker.
michael@0:       WorkerPrivate* parent = mWorkerPrivate->GetParent();
michael@0: 
michael@0:       NS_ASSERTION(mWorkerPrivate->GetPrincipal() || parent,
michael@0:                    "Must have one of these!");
michael@0: 
michael@0:       nsCOMPtr<nsIPrincipal> loadPrincipal = mWorkerPrivate->GetPrincipal() ?
michael@0:                                              mWorkerPrivate->GetPrincipal() :
michael@0:                                              parent->GetPrincipal();
michael@0: 
michael@0:       nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
michael@0:       NS_ASSERTION(ssm, "Should never be null!");
michael@0: 
michael@0:       nsCOMPtr<nsIPrincipal> channelPrincipal;
michael@0:       rv = ssm->GetChannelPrincipal(channel, getter_AddRefs(channelPrincipal));
michael@0:       NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:       // See if this is a resource URI. Since JSMs usually come from resource://
michael@0:       // URIs we're currently considering all URIs with the URI_IS_UI_RESOURCE
michael@0:       // flag as valid for creating privileged workers.
michael@0:       if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
michael@0:         bool isResource;
michael@0:         rv = NS_URIChainHasFlags(finalURI,
michael@0:                                  nsIProtocolHandler::URI_IS_UI_RESOURCE,
michael@0:                                  &isResource);
michael@0:         NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:         if (isResource) {
michael@0:           rv = ssm->GetSystemPrincipal(getter_AddRefs(channelPrincipal));
michael@0:           NS_ENSURE_SUCCESS(rv, rv);
michael@0:         }
michael@0:       }
michael@0: 
michael@0:       // If the load principal is the system principal then the channel
michael@0:       // principal must also be the system principal (we do not allow chrome
michael@0:       // code to create workers with non-chrome scripts). Otherwise this channel
michael@0:       // principal must be same origin with the load principal (we check again
michael@0:       // here in case redirects changed the location of the script).
michael@0:       if (nsContentUtils::IsSystemPrincipal(loadPrincipal)) {
michael@0:         if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
michael@0:           return NS_ERROR_DOM_BAD_URI;
michael@0:         }
michael@0:       }
michael@0:       else  {
michael@0:         nsCString scheme;
michael@0:         rv = finalURI->GetScheme(scheme);
michael@0:         NS_ENSURE_SUCCESS(rv, rv);
michael@0: 
michael@0:         // We exempt data urls and other URI's that inherit their
michael@0:         // principal again.
michael@0:         if (NS_FAILED(loadPrincipal->CheckMayLoad(finalURI, false, true))) {
michael@0:           return NS_ERROR_DOM_BAD_URI;
michael@0:         }
michael@0:       }
michael@0: 
michael@0:       mWorkerPrivate->SetPrincipal(channelPrincipal);
michael@0: 
michael@0:       if (parent) {
michael@0:         // XHR Params Allowed
michael@0:         mWorkerPrivate->SetXHRParamsAllowed(parent->XHRParamsAllowed());
michael@0: 
michael@0:         // Set Eval and ContentSecurityPolicy
michael@0:         mWorkerPrivate->SetCSP(parent->GetCSP());
michael@0:         mWorkerPrivate->SetEvalAllowed(parent->IsEvalAllowed());
michael@0:       }
michael@0:     }
michael@0: 
michael@0:     return NS_OK;
michael@0:   }
michael@0: 
michael@0:   void
michael@0:   ExecuteFinishedScripts()
michael@0:   {
michael@0:     AssertIsOnMainThread();
michael@0: 
michael@0:     if (mIsWorkerScript) {
michael@0:       mWorkerPrivate->WorkerScriptLoaded();
michael@0:     }
michael@0: 
michael@0:     uint32_t firstIndex = UINT32_MAX;
michael@0:     uint32_t lastIndex = UINT32_MAX;
michael@0: 
michael@0:     // Find firstIndex based on whether mExecutionScheduled is unset.
michael@0:     for (uint32_t index = 0; index < mLoadInfos.Length(); index++) {
michael@0:       if (!mLoadInfos[index].mExecutionScheduled) {
michael@0:         firstIndex = index;
michael@0:         break;
michael@0:       }
michael@0:     }
michael@0: 
michael@0:     // Find lastIndex based on whether mChannel is set, and update
michael@0:     // mExecutionScheduled on the ones we're about to schedule.
michael@0:     if (firstIndex != UINT32_MAX) {
michael@0:       for (uint32_t index = firstIndex; index < mLoadInfos.Length(); index++) {
michael@0:         ScriptLoadInfo& loadInfo = mLoadInfos[index];
michael@0: 
michael@0:         // If we still have a channel then the load is not complete.
michael@0:         if (loadInfo.mChannel) {
michael@0:           break;
michael@0:         }
michael@0: 
michael@0:         // We can execute this one.
michael@0:         loadInfo.mExecutionScheduled = true;
michael@0: 
michael@0:         lastIndex = index;
michael@0:       }
michael@0:     }
michael@0: 
michael@0:     if (firstIndex != UINT32_MAX && lastIndex != UINT32_MAX) {
michael@0:       nsRefPtr<ScriptExecutorRunnable> runnable =
michael@0:         new ScriptExecutorRunnable(*this, mSyncLoopTarget, firstIndex,
michael@0:                                    lastIndex);
michael@0:       if (!runnable->Dispatch(nullptr)) {
michael@0:         MOZ_ASSERT(false, "This should never fail!");
michael@0:       }
michael@0:     }
michael@0:   }
michael@0: };
michael@0: 
michael@0: NS_IMPL_ISUPPORTS(ScriptLoaderRunnable, nsIRunnable, nsIStreamLoaderObserver)
michael@0: 
michael@0: class ChannelGetterRunnable MOZ_FINAL : public nsRunnable
michael@0: {
michael@0:   WorkerPrivate* mParentWorker;
michael@0:   nsCOMPtr<nsIEventTarget> mSyncLoopTarget;
michael@0:   const nsAString& mScriptURL;
michael@0:   nsIChannel** mChannel;
michael@0:   nsresult mResult;
michael@0: 
michael@0: public:
michael@0:   ChannelGetterRunnable(WorkerPrivate* aParentWorker,
michael@0:                         nsIEventTarget* aSyncLoopTarget,
michael@0:                         const nsAString& aScriptURL,
michael@0:                         nsIChannel** aChannel)
michael@0:   : mParentWorker(aParentWorker), mSyncLoopTarget(aSyncLoopTarget),
michael@0:     mScriptURL(aScriptURL), mChannel(aChannel), mResult(NS_ERROR_FAILURE)
michael@0:   {
michael@0:     aParentWorker->AssertIsOnWorkerThread();
michael@0:     MOZ_ASSERT(aSyncLoopTarget);
michael@0:   }
michael@0: 
michael@0:   NS_IMETHOD
michael@0:   Run() MOZ_OVERRIDE
michael@0:   {
michael@0:     AssertIsOnMainThread();
michael@0: 
michael@0:     nsIPrincipal* principal = mParentWorker->GetPrincipal();
michael@0:     NS_ASSERTION(principal, "This should never be null here!");
michael@0: 
michael@0:     // Figure out our base URI.
michael@0:     nsCOMPtr<nsIURI> baseURI = mParentWorker->GetBaseURI();
michael@0:     NS_ASSERTION(baseURI, "Should have been set already!");
michael@0: 
michael@0:     // May be null.
michael@0:     nsCOMPtr<nsIDocument> parentDoc = mParentWorker->GetDocument();
michael@0: 
michael@0:     nsCOMPtr<nsIChannel> channel;
michael@0:     mResult =
michael@0:       scriptloader::ChannelFromScriptURLMainThread(principal, baseURI,
michael@0:                                                    parentDoc, mScriptURL,
michael@0:                                                    getter_AddRefs(channel));
michael@0:     if (NS_SUCCEEDED(mResult)) {
michael@0:       channel.forget(mChannel);
michael@0:     }
michael@0: 
michael@0:     nsRefPtr<MainThreadStopSyncLoopRunnable> runnable =
michael@0:       new MainThreadStopSyncLoopRunnable(mParentWorker,
michael@0:                                          mSyncLoopTarget.forget(), true);
michael@0:     if (!runnable->Dispatch(nullptr)) {
michael@0:       NS_ERROR("This should never fail!");
michael@0:     }
michael@0: 
michael@0:     return NS_OK;
michael@0:   }
michael@0: 
michael@0:   nsresult
michael@0:   GetResult() const
michael@0:   {
michael@0:     return mResult;
michael@0:   }
michael@0: 
michael@0: private:
michael@0:   virtual ~ChannelGetterRunnable()
michael@0:   { }
michael@0: };
michael@0: 
michael@0: ScriptExecutorRunnable::ScriptExecutorRunnable(
michael@0:                                             ScriptLoaderRunnable& aScriptLoader,
michael@0:                                             nsIEventTarget* aSyncLoopTarget,
michael@0:                                             uint32_t aFirstIndex,
michael@0:                                             uint32_t aLastIndex)
michael@0: : MainThreadWorkerSyncRunnable(aScriptLoader.mWorkerPrivate, aSyncLoopTarget),
michael@0:   mScriptLoader(aScriptLoader), mFirstIndex(aFirstIndex), mLastIndex(aLastIndex)
michael@0: {
michael@0:   MOZ_ASSERT(aFirstIndex <= aLastIndex);
michael@0:   MOZ_ASSERT(aLastIndex < aScriptLoader.mLoadInfos.Length());
michael@0: }
michael@0: 
michael@0: bool
michael@0: ScriptExecutorRunnable::WorkerRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate)
michael@0: {
michael@0:   nsTArray<ScriptLoadInfo>& loadInfos = mScriptLoader.mLoadInfos;
michael@0: 
michael@0:   // Don't run if something else has already failed.
michael@0:   for (uint32_t index = 0; index < mFirstIndex; index++) {
michael@0:     ScriptLoadInfo& loadInfo = loadInfos.ElementAt(index);
michael@0: 
michael@0:     NS_ASSERTION(!loadInfo.mChannel, "Should no longer have a channel!");
michael@0:     NS_ASSERTION(loadInfo.mExecutionScheduled, "Should be scheduled!");
michael@0: 
michael@0:     if (!loadInfo.mExecutionResult) {
michael@0:       return true;
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   JS::Rooted<JSObject*> global(aCx, JS::CurrentGlobalOrNull(aCx));
michael@0:   NS_ASSERTION(global, "Must have a global by now!");
michael@0: 
michael@0:   // Determine whether we want to be discarding source on this global to save
michael@0:   // memory. It would make more sense to do this when we create the global, but
michael@0:   // the information behind UsesSystemPrincipal() et al isn't finalized until
michael@0:   // the call to SetPrincipal during the first script load. After that, however,
michael@0:   // it never changes. So we can just idempotently set the bits here.
michael@0:   //
michael@0:   // Note that we read a pref that is cached on the main thread. This is benignly
michael@0:   // racey.
michael@0:   if (xpc::ShouldDiscardSystemSource()) {
michael@0:     bool discard = aWorkerPrivate->UsesSystemPrincipal() ||
michael@0:                    aWorkerPrivate->IsInPrivilegedApp();
michael@0:     JS::CompartmentOptionsRef(global).setDiscardSource(discard);
michael@0:   }
michael@0: 
michael@0:   for (uint32_t index = mFirstIndex; index <= mLastIndex; index++) {
michael@0:     ScriptLoadInfo& loadInfo = loadInfos.ElementAt(index);
michael@0: 
michael@0:     NS_ASSERTION(!loadInfo.mChannel, "Should no longer have a channel!");
michael@0:     NS_ASSERTION(loadInfo.mExecutionScheduled, "Should be scheduled!");
michael@0:     NS_ASSERTION(!loadInfo.mExecutionResult, "Should not have executed yet!");
michael@0: 
michael@0:     if (NS_FAILED(loadInfo.mLoadResult)) {
michael@0:       scriptloader::ReportLoadError(aCx, loadInfo.mURL, loadInfo.mLoadResult,
michael@0:                                     false);
michael@0:       return true;
michael@0:     }
michael@0: 
michael@0:     NS_ConvertUTF16toUTF8 filename(loadInfo.mURL);
michael@0: 
michael@0:     JS::CompileOptions options(aCx);
michael@0:     options.setFileAndLine(filename.get(), 1);
michael@0: 
michael@0:     JS::SourceBufferHolder srcBuf(loadInfo.mScriptTextBuf,
michael@0:                                   loadInfo.mScriptTextLength,
michael@0:                                   JS::SourceBufferHolder::GiveOwnership);
michael@0:     loadInfo.mScriptTextBuf = nullptr;
michael@0:     loadInfo.mScriptTextLength = 0;
michael@0: 
michael@0:     if (!JS::Evaluate(aCx, global, options, srcBuf)) {
michael@0:       return true;
michael@0:     }
michael@0: 
michael@0:     loadInfo.mExecutionResult = true;
michael@0:   }
michael@0: 
michael@0:   return true;
michael@0: }
michael@0: 
michael@0: void
michael@0: ScriptExecutorRunnable::PostRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate,
michael@0:                                 bool aRunResult)
michael@0: {
michael@0:   nsTArray<ScriptLoadInfo>& loadInfos = mScriptLoader.mLoadInfos;
michael@0: 
michael@0:   if (mLastIndex == loadInfos.Length() - 1) {
michael@0:     // All done. If anything failed then return false.
michael@0:     bool result = true;
michael@0:     for (uint32_t index = 0; index < loadInfos.Length(); index++) {
michael@0:       if (!loadInfos[index].mExecutionResult) {
michael@0:         result = false;
michael@0:         break;
michael@0:       }
michael@0:     }
michael@0: 
michael@0:     ShutdownScriptLoader(aCx, aWorkerPrivate, result);
michael@0:   }
michael@0: }
michael@0: 
michael@0: NS_IMETHODIMP
michael@0: ScriptExecutorRunnable::Cancel()
michael@0: {
michael@0:   if (mLastIndex == mScriptLoader.mLoadInfos.Length() - 1) {
michael@0:     ShutdownScriptLoader(mWorkerPrivate->GetJSContext(), mWorkerPrivate, false);
michael@0:   }
michael@0:   return MainThreadWorkerSyncRunnable::Cancel();
michael@0: }
michael@0: 
michael@0: void
michael@0: ScriptExecutorRunnable::ShutdownScriptLoader(JSContext* aCx,
michael@0:                                              WorkerPrivate* aWorkerPrivate,
michael@0:                                              bool aResult)
michael@0: {
michael@0:   aWorkerPrivate->RemoveFeature(aCx, &mScriptLoader);
michael@0:   aWorkerPrivate->StopSyncLoop(mSyncLoopTarget, aResult);
michael@0: }
michael@0: 
michael@0: bool
michael@0: LoadAllScripts(JSContext* aCx, WorkerPrivate* aWorkerPrivate,
michael@0:                nsTArray<ScriptLoadInfo>& aLoadInfos, bool aIsWorkerScript)
michael@0: {
michael@0:   aWorkerPrivate->AssertIsOnWorkerThread();
michael@0:   NS_ASSERTION(!aLoadInfos.IsEmpty(), "Bad arguments!");
michael@0: 
michael@0:   AutoSyncLoopHolder syncLoop(aWorkerPrivate);
michael@0: 
michael@0:   nsRefPtr<ScriptLoaderRunnable> loader =
michael@0:     new ScriptLoaderRunnable(aWorkerPrivate, syncLoop.EventTarget(),
michael@0:                              aLoadInfos, aIsWorkerScript);
michael@0: 
michael@0:   NS_ASSERTION(aLoadInfos.IsEmpty(), "Should have swapped!");
michael@0: 
michael@0:   if (!aWorkerPrivate->AddFeature(aCx, loader)) {
michael@0:     return false;
michael@0:   }
michael@0: 
michael@0:   if (NS_FAILED(NS_DispatchToMainThread(loader, NS_DISPATCH_NORMAL))) {
michael@0:     NS_ERROR("Failed to dispatch!");
michael@0: 
michael@0:     aWorkerPrivate->RemoveFeature(aCx, loader);
michael@0:     return false;
michael@0:   }
michael@0: 
michael@0:   return syncLoop.Run();
michael@0: }
michael@0: 
michael@0: } /* anonymous namespace */
michael@0: 
michael@0: BEGIN_WORKERS_NAMESPACE
michael@0: 
michael@0: namespace scriptloader {
michael@0: 
michael@0: nsresult
michael@0: ChannelFromScriptURLMainThread(nsIPrincipal* aPrincipal,
michael@0:                                nsIURI* aBaseURI,
michael@0:                                nsIDocument* aParentDoc,
michael@0:                                const nsAString& aScriptURL,
michael@0:                                nsIChannel** aChannel)
michael@0: {
michael@0:   AssertIsOnMainThread();
michael@0: 
michael@0:   nsCOMPtr<nsILoadGroup> loadGroup;
michael@0:   if (aParentDoc) {
michael@0:     loadGroup = aParentDoc->GetDocumentLoadGroup();
michael@0:   }
michael@0: 
michael@0:   nsCOMPtr<nsIIOService> ios(do_GetIOService());
michael@0: 
michael@0:   nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
michael@0:   NS_ASSERTION(secMan, "This should never be null!");
michael@0: 
michael@0:   return ChannelFromScriptURL(aPrincipal, aBaseURI, aParentDoc, loadGroup,
michael@0:                               ios, secMan, aScriptURL, true, aChannel);
michael@0: }
michael@0: 
michael@0: nsresult
michael@0: ChannelFromScriptURLWorkerThread(JSContext* aCx,
michael@0:                                  WorkerPrivate* aParent,
michael@0:                                  const nsAString& aScriptURL,
michael@0:                                  nsIChannel** aChannel)
michael@0: {
michael@0:   aParent->AssertIsOnWorkerThread();
michael@0: 
michael@0:   AutoSyncLoopHolder syncLoop(aParent);
michael@0: 
michael@0:   nsRefPtr<ChannelGetterRunnable> getter =
michael@0:     new ChannelGetterRunnable(aParent, syncLoop.EventTarget(), aScriptURL,
michael@0:                               aChannel);
michael@0: 
michael@0:   if (NS_FAILED(NS_DispatchToMainThread(getter, NS_DISPATCH_NORMAL))) {
michael@0:     NS_ERROR("Failed to dispatch!");
michael@0:     return NS_ERROR_FAILURE;
michael@0:   }
michael@0: 
michael@0:   if (!syncLoop.Run()) {
michael@0:     return NS_ERROR_FAILURE;
michael@0:   }
michael@0: 
michael@0:   return getter->GetResult();
michael@0: }
michael@0: 
michael@0: void ReportLoadError(JSContext* aCx, const nsAString& aURL,
michael@0:                      nsresult aLoadResult, bool aIsMainThread)
michael@0: {
michael@0:   NS_LossyConvertUTF16toASCII url(aURL);
michael@0: 
michael@0:   switch (aLoadResult) {
michael@0:     case NS_BINDING_ABORTED:
michael@0:       // Canceled, don't set an exception.
michael@0:       break;
michael@0: 
michael@0:     case NS_ERROR_MALFORMED_URI:
michael@0:       JS_ReportError(aCx, "Malformed script URI: %s", url.get());
michael@0:       break;
michael@0: 
michael@0:     case NS_ERROR_FILE_NOT_FOUND:
michael@0:     case NS_ERROR_NOT_AVAILABLE:
michael@0:       JS_ReportError(aCx, "Script file not found: %s", url.get());
michael@0:       break;
michael@0: 
michael@0:     case NS_ERROR_DOM_SECURITY_ERR:
michael@0:     case NS_ERROR_DOM_SYNTAX_ERR:
michael@0:       Throw(aCx, aLoadResult);
michael@0:       break;
michael@0: 
michael@0:     default:
michael@0:       JS_ReportError(aCx, "Failed to load script (nsresult = 0x%x)", aLoadResult);
michael@0:   }
michael@0: }
michael@0: 
michael@0: bool
michael@0: LoadWorkerScript(JSContext* aCx)
michael@0: {
michael@0:   WorkerPrivate* worker = GetWorkerPrivateFromContext(aCx);
michael@0:   NS_ASSERTION(worker, "This should never be null!");
michael@0: 
michael@0:   nsTArray<ScriptLoadInfo> loadInfos;
michael@0: 
michael@0:   ScriptLoadInfo* info = loadInfos.AppendElement();
michael@0:   info->mURL = worker->ScriptURL();
michael@0: 
michael@0:   return LoadAllScripts(aCx, worker, loadInfos, true);
michael@0: }
michael@0: 
michael@0: void
michael@0: Load(JSContext* aCx, WorkerPrivate* aWorkerPrivate,
michael@0:      const Sequence<nsString>& aScriptURLs, ErrorResult& aRv)
michael@0: {
michael@0:   const uint32_t urlCount = aScriptURLs.Length();
michael@0: 
michael@0:   if (!urlCount) {
michael@0:     return;
michael@0:   }
michael@0: 
michael@0:   if (urlCount > MAX_CONCURRENT_SCRIPTS) {
michael@0:     aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
michael@0:     return;
michael@0:   }
michael@0: 
michael@0:   nsTArray<ScriptLoadInfo> loadInfos;
michael@0:   loadInfos.SetLength(urlCount);
michael@0: 
michael@0:   for (uint32_t index = 0; index < urlCount; index++) {
michael@0:     loadInfos[index].mURL = aScriptURLs[index];
michael@0:   }
michael@0: 
michael@0:   if (!LoadAllScripts(aCx, aWorkerPrivate, loadInfos, false)) {
michael@0:     // LoadAllScripts can fail if we're shutting down.
michael@0:     aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
michael@0:   }
michael@0: }
michael@0: 
michael@0: } // namespace scriptloader
michael@0: 
michael@0: END_WORKERS_NAMESPACE