diff --git a/accessible/src/html/HTMLFormControlAccessible.cpp b/accessible/src/html/HTMLFormControlAccessible.cpp
index bc3601fb49e3..16c28a0b0345 100644
--- a/accessible/src/html/HTMLFormControlAccessible.cpp
+++ b/accessible/src/html/HTMLFormControlAccessible.cpp
@@ -14,7 +14,6 @@
#include "States.h"
#include "nsContentList.h"
-#include "nsCxPusher.h"
#include "mozilla/dom/HTMLInputElement.h"
#include "nsIAccessibleRelation.h"
#include "nsIDOMNSEditableElement.h"
@@ -26,6 +25,7 @@
#include "nsISelectionController.h"
#include "nsIServiceManager.h"
#include "nsITextControlFrame.h"
+#include "mozilla/dom/ScriptSettings.h"
#include "mozilla/FloatingPoint.h"
#include "mozilla/Preferences.h"
@@ -470,8 +470,7 @@ HTMLTextFieldAccessible::GetEditor() const
// nsGenericHTMLElement::GetEditor has a security check.
// Make sure we're not restricted by the permissions of
// whatever script is currently running.
- nsCxPusher pusher;
- pusher.PushNull();
+ mozilla::dom::AutoSystemCaller asc;
nsCOMPtr editor;
editableElt->GetEditor(getter_AddRefs(editor));
diff --git a/content/base/src/nsImageLoadingContent.cpp b/content/base/src/nsImageLoadingContent.cpp
index 8cf824e9912f..8e218ffef12e 100644
--- a/content/base/src/nsImageLoadingContent.cpp
+++ b/content/base/src/nsImageLoadingContent.cpp
@@ -39,7 +39,6 @@
#include "nsIDOMNode.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
#include "nsLayoutUtils.h"
#include "nsIContentPolicy.h"
#include "nsEventDispatcher.h"
@@ -47,6 +46,7 @@
#include "mozAutoDocUpdate.h"
#include "mozilla/dom/Element.h"
+#include "mozilla/dom/ScriptSettings.h"
#if defined(XP_WIN)
// Undefine LoadImage to prevent naming conflict with Windows.
@@ -54,6 +54,7 @@
#endif
using namespace mozilla;
+using mozilla::dom::AutoSystemCaller;
#ifdef DEBUG_chb
static void PrintReqURL(imgIRequest* req) {
@@ -1194,11 +1195,8 @@ nsImageLoadingContent::ClearPendingRequest(nsresult aReason,
if (!mPendingRequest)
return;
- // Push a null JSContext on the stack so that code that runs within
- // the below code doesn't think it's being called by JS. See bug
- // 604262.
- nsCxPusher pusher;
- pusher.PushNull();
+ // See bug 604262.
+ AutoSystemCaller asc;
// Deregister this image from the refresh driver so it no longer receives
// notifications.
@@ -1259,10 +1257,9 @@ nsImageLoadingContent::BindToTree(nsIDocument* aDocument, nsIContent* aParent,
if (!aDocument)
return;
- // Push a null JSContext on the stack so that callbacks triggered by the
- // below code won't think they're being called from JS.
- nsCxPusher pusher;
- pusher.PushNull();
+ // Make sure the callbacks triggered by the below code don't think they're
+ // being called from JS.
+ AutoSystemCaller asc;
TrackImage(mCurrentRequest);
TrackImage(mPendingRequest);
@@ -1279,10 +1276,9 @@ nsImageLoadingContent::UnbindFromTree(bool aDeep, bool aNullParent)
if (!doc)
return;
- // Push a null JSContext on the stack so that callbacks triggered by the
- // below code won't think they're being called from JS.
- nsCxPusher pusher;
- pusher.PushNull();
+ // Make sure the callbacks triggered by the below code don't think they're
+ // being called from JS.
+ AutoSystemCaller asc;
UntrackImage(mCurrentRequest);
UntrackImage(mPendingRequest);
diff --git a/content/html/content/src/nsTextEditorState.cpp b/content/html/content/src/nsTextEditorState.cpp
index 8f23090897d0..5bff5b9bba43 100644
--- a/content/html/content/src/nsTextEditorState.cpp
+++ b/content/html/content/src/nsTextEditorState.cpp
@@ -38,11 +38,11 @@
#include "mozilla/Selection.h"
#include "nsEventListenerManager.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
#include "mozilla/Preferences.h"
#include "nsTextNode.h"
#include "nsIController.h"
#include "mozilla/TextEvents.h"
+#include "mozilla/dom/ScriptSettings.h"
using namespace mozilla;
using namespace mozilla::dom;
@@ -1283,13 +1283,12 @@ nsTextEditorState::PrepareEditor(const nsAString *aValue)
// What follows is a bit of a hack. The editor uses the public DOM APIs
// for its content manipulations, and it causes it to fail some security
- // checks deep inside when initializing. So we push a null JSContext
- // on the JS stack here to make it clear that we're native code.
+ // checks deep inside when initializing. So we explictly make it clear that
+ // we're native code.
// Note that any script that's directly trying to access our value
// has to be going through some scriptable object to do that and that
// already does the relevant security checks.
- nsCxPusher pusher;
- pusher.PushNull();
+ AutoSystemCaller asc;
rv = newEditor->Init(domdoc, GetRootNode(), mSelCon, editorFlags);
NS_ENSURE_SUCCESS(rv, rv);
@@ -1777,9 +1776,8 @@ nsTextEditorState::GetValue(nsAString& aValue, bool aIgnoreWrap) const
// XXXbz if we could just get the textContent of our anonymous content (eg
// if plaintext editor didn't create
nodes all over), we wouldn't need
// this.
- { /* Scope for context pusher */
- nsCxPusher pusher;
- pusher.PushNull();
+ { /* Scope for AutoSystemCaller. */
+ AutoSystemCaller asc;
mEditor->OutputToString(NS_LITERAL_STRING("text/plain"), flags,
aValue);
@@ -1857,9 +1855,8 @@ nsTextEditorState::SetValue(const nsAString& aValue, bool aUserInput,
// Time to mess with our security context... See comments in GetValue()
// for why this is needed. Note that we have to do this up here, because
// otherwise SelectAll() will fail.
- { /* Scope for context pusher */
- nsCxPusher pusher;
- pusher.PushNull();
+ {
+ AutoSystemCaller asc;
nsCOMPtr domSel;
nsCOMPtr selPriv;
diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
index ccdce6a557bb..0a4ef8ea451b 100644
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -212,6 +212,7 @@
#include "nsITabChild.h"
#include "nsIDOMMediaQueryList.h"
#include "mozilla/dom/DOMJSClass.h"
+#include "mozilla/dom/ScriptSettings.h"
#ifdef MOZ_WEBSPEECH
#include "mozilla/dom/SpeechSynthesis.h"
@@ -11203,18 +11204,18 @@ nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName,
aDialog, aNavigate, argv,
getter_AddRefs(domReturn));
} else {
- // Push a null JSContext here so that the window watcher won't screw us
+ // Force a system caller here so that the window watcher won't screw us
// up. We do NOT want this case looking at the JS context on the stack
// when searching. Compare comments on
// nsIDOMWindow::OpenWindow and nsIWindowWatcher::OpenWindow.
// Note: Because nsWindowWatcher is so broken, it's actually important
- // that we don't push a null cx here, because that screws it up when it
- // tries to compute the caller principal to associate with dialog
+ // that we don't force a system caller here, because that screws it up
+ // when it tries to compute the caller principal to associate with dialog
// arguments. That whole setup just really needs to be rewritten. :-(
- nsCxPusher pusher;
+ Maybe asc;
if (!aContentModal) {
- pusher.PushNull();
+ asc.construct();
}
diff --git a/dom/bindings/BindingUtils.cpp b/dom/bindings/BindingUtils.cpp
index df3de176fcda..6dce37c1ed1b 100644
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@@ -27,6 +27,7 @@
#include "nsPrintfCString.h"
#include "prprf.h"
+#include "mozilla/dom/ScriptSettings.h"
#include "mozilla/dom/DOMError.h"
#include "mozilla/dom/DOMErrorBinding.h"
#include "mozilla/dom/HTMLObjectElement.h"
@@ -2015,12 +2016,12 @@ ConstructJSImplementation(JSContext* aCx, const char* aContractId,
return nullptr;
}
- // Make sure to have nothing on the JS context stack while creating and
+ // Make sure to divorce ourselves from the calling JS while creating and
// initializing the object, so exceptions from that will get reported
// properly, since those are never exceptions that a spec wants to be thrown.
- { // Scope for the nsCxPusher
- nsCxPusher pusher;
- pusher.PushNull();
+ {
+ AutoSystemCaller asc;
+
// Get the XPCOM component containing the JS implementation.
nsCOMPtr implISupports = do_CreateInstance(aContractId);
if (!implISupports) {
diff --git a/dom/src/geolocation/nsGeolocation.cpp b/dom/src/geolocation/nsGeolocation.cpp
index dde32decc69f..389ad2b70f84 100644
--- a/dom/src/geolocation/nsGeolocation.cpp
+++ b/dom/src/geolocation/nsGeolocation.cpp
@@ -14,7 +14,6 @@
#include "nsComponentManagerUtils.h"
#include "nsServiceManagerUtils.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
#include "nsIDocument.h"
#include "nsIObserverService.h"
#include "nsPIDOMWindow.h"
@@ -25,6 +24,7 @@
#include "mozilla/ClearOnShutdown.h"
#include "PCOMContentPermissionRequestChild.h"
#include "mozilla/dom/PermissionMessageUtils.h"
+#include "mozilla/dom/ScriptSettings.h"
class nsIPrincipal;
@@ -294,9 +294,8 @@ PositionError::WrapObject(JSContext* aCx, JS::Handle aScope)
void
PositionError::NotifyCallback(const GeoPositionErrorCallback& aCallback)
{
- // Ensure that the proper context is on the stack (bug 452762)
- nsCxPusher pusher;
- pusher.PushNull();
+ // We need to be system here. See bug 452762.
+ AutoSystemCaller asc;
nsAutoMicroTask mt;
if (aCallback.HasWebIDLCallback()) {
@@ -529,9 +528,8 @@ nsGeolocationRequest::SendLocation(nsIDOMGeoPosition* aPosition)
Shutdown();
}
- // Ensure that the proper context is on the stack (bug 452762)
- nsCxPusher pusher;
- pusher.PushNull();
+ // We need to be system here. See bug 452762.
+ AutoSystemCaller asc;
nsAutoMicroTask mt;
if (mCallback.HasWebIDLCallback()) {
ErrorResult err;
diff --git a/js/jsd/jsd_xpc.cpp b/js/jsd/jsd_xpc.cpp
index 4d3f0142321f..13da92e6f91f 100644
--- a/js/jsd/jsd_xpc.cpp
+++ b/js/jsd/jsd_xpc.cpp
@@ -36,10 +36,11 @@
#include "SandboxPrivate.h"
#include "nsJSPrincipals.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
+#include "mozilla/dom/ScriptSettings.h"
using mozilla::AutoSafeJSContext;
using mozilla::AutoPushJSContext;
+using mozilla::dom::AutoSystemCaller;
/*
* defining CAUTIOUS_SCRIPTHOOK makes jsds disable GC while calling out to the
@@ -3004,8 +3005,7 @@ jsdService::EnterNestedEventLoop (jsdINestCallback *callback, uint32_t *_rval)
// Nesting event queues is a thing of the past. Now, we just spin the
// current event loop.
nsresult rv = NS_OK;
- nsCxPusher pusher;
- pusher.PushNull();
+ AutoSystemCaller asc;
uint32_t nestLevel = ++mNestedLoopLevel;
nsCOMPtr thread = do_GetCurrentThread();
diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp
index 4474721c8ef1..3d629739e512 100644
--- a/layout/base/nsLayoutUtils.cpp
+++ b/layout/base/nsLayoutUtils.cpp
@@ -35,7 +35,6 @@
#include "nsRenderingContext.h"
#include "nsIInterfaceRequestorUtils.h"
#include "nsCSSRendering.h"
-#include "nsCxPusher.h"
#include "nsThemeConstants.h"
#include "nsPIDOMWindow.h"
#include "nsIDocShell.h"
@@ -73,6 +72,7 @@
#include "nsComputedDOMStyle.h"
#include "ActiveLayerTracker.h"
+#include "mozilla/dom/ScriptSettings.h"
#include "mozilla/Preferences.h"
#ifdef MOZ_XUL
@@ -4775,11 +4775,9 @@ nsLayoutUtils::SurfaceFromElement(nsIImageLoadingContent* aElement,
wantImageSurface = true;
}
- // Push a null JSContext on the stack so that code that runs within
- // the below code doesn't think it's being called by JS. See bug
- // 604262.
- nsCxPusher pusher;
- pusher.PushNull();
+ // Force a system caller so that the below code doesn't think it's being
+ // called by JS. See bug 604262.
+ AutoSystemCaller asc;
nsCOMPtr imgRequest;
rv = aElement->GetRequest(nsIImageLoadingContent::CURRENT_REQUEST,
diff --git a/layout/base/nsRefreshDriver.cpp b/layout/base/nsRefreshDriver.cpp
index b07041128e3f..5703d215881e 100644
--- a/layout/base/nsRefreshDriver.cpp
+++ b/layout/base/nsRefreshDriver.cpp
@@ -37,7 +37,6 @@
#include "nsIDocument.h"
#include "jsapi.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
#include "mozilla/Preferences.h"
#include "nsViewManager.h"
#include "GeckoProfiler.h"
@@ -48,6 +47,7 @@
#include "Layers.h"
#include "imgIContainer.h"
#include "nsIFrameRequestCallback.h"
+#include "mozilla/dom/ScriptSettings.h"
using namespace mozilla;
using namespace mozilla::widget;
@@ -722,8 +722,7 @@ nsRefreshDriver::AdvanceTimeAndRefresh(int64_t aMilliseconds)
mMostRecentRefreshEpochTime += aMilliseconds * 1000;
mMostRecentRefresh += TimeDuration::FromMilliseconds((double) aMilliseconds);
- nsCxPusher pusher;
- pusher.PushNull();
+ mozilla::dom::AutoSystemCaller asc;
DoTick();
}
diff --git a/layout/forms/nsTextControlFrame.cpp b/layout/forms/nsTextControlFrame.cpp
index e1a512362159..dd4bd7520f8e 100644
--- a/layout/forms/nsTextControlFrame.cpp
+++ b/layout/forms/nsTextControlFrame.cpp
@@ -42,9 +42,9 @@
#include "nsAttrValueInlines.h"
#include "mozilla/Selection.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
#include "nsTextNode.h"
#include "nsStyleSet.h"
+#include "mozilla/dom/ScriptSettings.h"
#define DEFAULT_COLUMN_WIDTH 20
@@ -274,8 +274,7 @@ nsTextControlFrame::EnsureEditorInitialized()
// Time to mess with our security context... See comments in GetValue()
// for why this is needed.
- nsCxPusher pusher;
- pusher.PushNull();
+ mozilla::dom::AutoSystemCaller asc;
// Make sure that we try to focus the content even if the method fails
class EnsureSetFocus {
diff --git a/layout/generic/nsVideoFrame.cpp b/layout/generic/nsVideoFrame.cpp
index ac57e4099110..7e9535b876a5 100644
--- a/layout/generic/nsVideoFrame.cpp
+++ b/layout/generic/nsVideoFrame.cpp
@@ -23,10 +23,10 @@
#include "nsImageFrame.h"
#include "nsIImageLoadingContent.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
#include "ImageContainer.h"
#include "ImageLayers.h"
#include "nsContentList.h"
+#include "mozilla/dom/ScriptSettings.h"
#include
using namespace mozilla;
@@ -75,11 +75,8 @@ nsVideoFrame::CreateAnonymousContent(nsTArray& aElements)
mPosterImage = element;
NS_ENSURE_TRUE(mPosterImage, NS_ERROR_OUT_OF_MEMORY);
- // Push a null JSContext on the stack so that code that runs
- // within the below code doesn't think it's being called by
- // JS. See bug 604262.
- nsCxPusher pusher;
- pusher.PushNull();
+ // See bug 604262.
+ AutoSystemCaller asc;
// Set the nsImageLoadingContent::ImageState() to 0. This means that the
// image will always report its state as 0, so it will never be reframed
diff --git a/security/manager/pki/src/nsNSSDialogHelper.cpp b/security/manager/pki/src/nsNSSDialogHelper.cpp
index 0ebd42b23f7d..f17f5bfec482 100644
--- a/security/manager/pki/src/nsNSSDialogHelper.cpp
+++ b/security/manager/pki/src/nsNSSDialogHelper.cpp
@@ -8,10 +8,10 @@
#include "nsIWindowWatcher.h"
#include "nsCOMPtr.h"
#include "nsIComponentManager.h"
-#include "nsCxPusher.h"
#include "nsIServiceManager.h"
#include "nsIInterfaceRequestor.h"
#include "nsIInterfaceRequestorUtils.h"
+#include "mozilla/dom/ScriptSettings.h"
static const char kOpenDialogParam[] = "centerscreen,chrome,modal,titlebar";
static const char kOpenWindowParam[] = "centerscreen,chrome,titlebar";
@@ -39,8 +39,7 @@ nsNSSDialogHelper::openDialog(
// gets a system principal, otherwise we'll bork when trying to wrap the
// nsIKeyGenThread |arguments| property into the unprivileged scoope.
MOZ_ASSERT(!strncmp("chrome://", url, strlen("chrome://")));
- nsCxPusher pusher;
- pusher.PushNull();
+ mozilla::dom::AutoSystemCaller asc;
nsCOMPtr newWindow;
rv = windowWatcher->OpenWindow(parent,
diff --git a/toolkit/devtools/server/nsJSInspector.cpp b/toolkit/devtools/server/nsJSInspector.cpp
index 15c2d2cfa3bd..a87b6136c02e 100644
--- a/toolkit/devtools/server/nsJSInspector.cpp
+++ b/toolkit/devtools/server/nsJSInspector.cpp
@@ -6,11 +6,11 @@
#include "nsJSInspector.h"
#include "nsIXPConnect.h"
#include "nsThreadUtils.h"
-#include "nsCxPusher.h"
#include "jsfriendapi.h"
#include "js/OldDebugAPI.h"
#include "mozilla/HoldDropJSObjects.h"
#include "mozilla/ModuleUtils.h"
+#include "mozilla/dom/ScriptSettings.h"
#include "nsServiceManagerUtils.h"
#include "nsMemory.h"
#include "nsArray.h"
@@ -73,8 +73,7 @@ nsJSInspector::EnterNestedEventLoop(const JS::Value& requestor, uint32_t *out)
mRequestors.AppendElement(requestor);
mozilla::HoldJSObjects(this);
- nsCxPusher pusher;
- pusher.PushNull();
+ mozilla::dom::AutoSystemCaller asc;
uint32_t nestLevel = ++mNestedLoopLevel;
while (NS_SUCCEEDED(rv) && mNestedLoopLevel >= nestLevel) {
diff --git a/xpfe/appshell/src/nsContentTreeOwner.cpp b/xpfe/appshell/src/nsContentTreeOwner.cpp
index 494560094e89..c08eb826f8fe 100644
--- a/xpfe/appshell/src/nsContentTreeOwner.cpp
+++ b/xpfe/appshell/src/nsContentTreeOwner.cpp
@@ -12,7 +12,6 @@
// Helper Classes
#include "nsIServiceManager.h"
#include "nsAutoPtr.h"
-#include "nsCxPusher.h"
// Interfaces needed to be included
#include "nsIDOMNode.h"
@@ -47,6 +46,7 @@
#include "mozilla/Preferences.h"
#include "mozilla/dom/Element.h"
+#include "mozilla/dom/ScriptSettings.h"
using namespace mozilla;
@@ -945,8 +945,7 @@ nsContentTreeOwner::ProvideWindow(nsIDOMWindow* aParent,
*aWindowIsNew = (containerPref != nsIBrowserDOMWindow::OPEN_CURRENTWINDOW);
{
- nsCxPusher pusher;
- pusher.PushNull();
+ dom::AutoSystemCaller asc;
// Get a new rendering area from the browserDOMWin. We don't want
// to be starting any loads here, so get it with a null URI.
diff --git a/xpfe/appshell/src/nsXULWindow.cpp b/xpfe/appshell/src/nsXULWindow.cpp
index 2fc33a9dd06d..e974b25c8fda 100644
--- a/xpfe/appshell/src/nsXULWindow.cpp
+++ b/xpfe/appshell/src/nsXULWindow.cpp
@@ -50,7 +50,6 @@
#include "nsStyleConsts.h"
#include "nsPresContext.h"
#include "nsContentUtils.h"
-#include "nsCxPusher.h"
#include "nsWebShellWindow.h" // get rid of this one, too...
#include "nsDOMEvent.h"
#include "nsGlobalWindow.h"
@@ -60,8 +59,10 @@
#include "mozilla/Preferences.h"
#include "mozilla/dom/BarProps.h"
#include "mozilla/dom/Element.h"
+#include "mozilla/dom/ScriptSettings.h"
using namespace mozilla;
+using dom::AutoSystemCaller;
#define SIZEMODE_NORMAL NS_LITERAL_STRING("normal")
#define SIZEMODE_MAXIMIZED NS_LITERAL_STRING("maximized")
@@ -358,8 +359,7 @@ NS_IMETHODIMP nsXULWindow::ShowModal()
EnableParent(false);
{
- nsCxPusher pusher;
- pusher.PushNull();
+ AutoSystemCaller asc;
nsIThread *thread = NS_GetCurrentThread();
while (mContinueModalLoop) {
if (!NS_ProcessNextEvent(thread))
@@ -1767,16 +1767,16 @@ NS_IMETHODIMP nsXULWindow::CreateNewContentWindow(int32_t aChromeFlags,
// We need to create a chrome window to contain the content window we're about
// to pass back. The subject principal needs to be system while we're creating
- // it to make things work right, so push a null cx. See bug 799348 comment 13
- // for a description of what happens when we don't.
- nsCxPusher pusher;
- pusher.PushNull();
+ // it to make things work right, so force a system caller. See bug 799348
+ // comment 13 for a description of what happens when we don't.
nsCOMPtr newWindow;
- appShell->CreateTopLevelWindow(this, uri,
- aChromeFlags, 615, 480,
- getter_AddRefs(newWindow));
- NS_ENSURE_TRUE(newWindow, NS_ERROR_FAILURE);
- pusher.Pop();
+ {
+ AutoSystemCaller asc;
+ appShell->CreateTopLevelWindow(this, uri,
+ aChromeFlags, 615, 480,
+ getter_AddRefs(newWindow));
+ NS_ENSURE_TRUE(newWindow, NS_ERROR_FAILURE);
+ }
// Specify that we want the window to remain locked until the chrome has loaded.
nsXULWindow *xulWin = static_cast
@@ -1785,10 +1785,8 @@ NS_IMETHODIMP nsXULWindow::CreateNewContentWindow(int32_t aChromeFlags,
xulWin->LockUntilChromeLoad();
- // Push nullptr onto the JSContext stack before we dispatch a native event.
{
- nsCxPusher pusher;
- pusher.PushNull();
+ AutoSystemCaller asc;
nsIThread *thread = NS_GetCurrentThread();
while (xulWin->IsLocked()) {
if (!NS_ProcessNextEvent(thread))