Bug 1595890 part 3. Remove xpc::IsContentXBLCompartment and its various callsites. r=bholley

It always returns false. Differential Revision: https://phabricator.services.mozilla.com/D52746 --HG-- extra : moz-landing-system : lando
2024-10-21 17:25:36 +00:00 · 2019-11-14 05:20:18 +00:00 · 2019-11-14 05:20:18 +00:00 · 93a34e5934
commit 93a34e5934
parent 54ecf58430
8 changed files with 2 additions and 98 deletions
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@ -2115,7 +2115,7 @@ bool nsContentUtils::IsCallerContentXBL() {
    return true;
  }

-  return xpc::IsContentXBLScope(realm);
+  return false;
 }

 bool nsContentUtils::IsCallerUAWidget() {
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@ -1560,39 +1560,6 @@ static bool ResolvePrototypeOrConstructor(
  return JS_WrapPropertyDescriptor(cx, desc);
 }

-#ifdef DEBUG
-
-static void DEBUG_CheckXBLCallable(JSContext* cx, JSObject* obj) {
-  // In general, we shouldn't have cross-compartment wrappers here, because
-  // we should be running in an XBL scope, and the content prototype should
-  // contain wrappers to functions defined in the XBL scope. But if the node
-  // has been adopted into another compartment, those prototypes will now point
-  // to a different XBL scope (which is ok).
-  MOZ_ASSERT_IF(js::IsCrossCompartmentWrapper(obj),
-                xpc::IsInContentXBLScope(js::UncheckedUnwrap(obj)));
-  MOZ_ASSERT(JS::IsCallable(obj));
-}
-
-static void DEBUG_CheckXBLLookup(JSContext* cx, JS::PropertyDescriptor* desc) {
-  if (!desc->obj) return;
-  if (!desc->value.isUndefined()) {
-    MOZ_ASSERT(desc->value.isObject());
-    DEBUG_CheckXBLCallable(cx, &desc->value.toObject());
-  }
-  if (desc->getter) {
-    MOZ_ASSERT(desc->attrs & JSPROP_GETTER);
-    DEBUG_CheckXBLCallable(cx, JS_FUNC_TO_DATA_PTR(JSObject*, desc->getter));
-  }
-  if (desc->setter) {
-    MOZ_ASSERT(desc->attrs & JSPROP_SETTER);
-    DEBUG_CheckXBLCallable(cx, JS_FUNC_TO_DATA_PTR(JSObject*, desc->setter));
-  }
-}
-#else
-#  define DEBUG_CheckXBLLookup(a, b) \
-    {}
-#endif
-
 /* static */ bool XrayResolveOwnProperty(
    JSContext* cx, JS::Handle<JSObject*> wrapper, JS::Handle<JSObject*> obj,
    JS::Handle<jsid> id, JS::MutableHandle<JS::PropertyDescriptor> desc,
@ -1650,37 +1617,6 @@ static void DEBUG_CheckXBLLookup(JSContext* cx, JS::PropertyDescriptor* desc) {
      }
    }

-    // If we're a special scope for in-content XBL, our script expects to see
-    // the bound XBL methods and attributes when accessing content. However,
-    // these members are implemented in content via custom-spliced prototypes,
-    // and thus aren't visible through Xray wrappers unless we handle them
-    // explicitly. So we check if we're running in such a scope, and if so,
-    // whether the wrappee is a bound element. If it is, we do a lookup via
-    // specialized XBL machinery.
-    //
-    // While we have to do some sketchy walking through content land, we should
-    // be protected by read-only/non-configurable properties, and any functions
-    // we end up with should _always_ be living in our own scope (the XBL
-    // scope). Make sure to assert that.
-    JS::Rooted<JSObject*> maybeElement(cx, obj);
-    Element* element;
-    if (xpc::IsInContentXBLScope(wrapper) &&
-        NS_SUCCEEDED(UNWRAP_OBJECT(Element, &maybeElement, element))) {
-      if (!nsContentUtils::LookupBindingMember(cx, element, id, desc)) {
-        return false;
-      }
-
-      DEBUG_CheckXBLLookup(cx, desc.address());
-
-      if (desc.object()) {
-        // XBL properties shouldn't be cached on the holder, as they might be
-        // shadowed by own properties returned from mResolveOwnProperty.
-        desc.object().set(wrapper);
-
-        return true;
-      }
-    }
-
    // For non-global instance Xrays there are no other properties, so return
    // here for them.
    if (type != eGlobalInstance) {
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@ -497,16 +497,6 @@ Scriptability& Scriptability::Get(JSObject* aScope) {
  return RealmPrivate::Get(aScope)->scriptability;
 }

-bool IsContentXBLCompartment(JS::Compartment* compartment) { return false; }
-
-bool IsContentXBLScope(JS::Realm* realm) {
-  return IsContentXBLCompartment(JS::GetCompartmentForRealm(realm));
-}
-
-bool IsInContentXBLScope(JSObject* obj) {
-  return IsContentXBLCompartment(js::GetObjectCompartment(obj));
-}
-
 bool IsUAWidgetCompartment(JS::Compartment* compartment) {
  // We always eagerly create compartment privates for UA Widget compartments.
  CompartmentPrivate* priv = CompartmentPrivate::Get(compartment);
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@ -191,7 +191,6 @@ bool XPCWrappedNativeScope::AttachComponentsObject(JSContext* aCx) {
 JSObject* XPCWrappedNativeScope::EnsureContentXBLScope(JSContext* cx) {
  JS::RootedObject global(cx, CurrentGlobalOrNull(cx));
  MOZ_ASSERT(js::IsObjectInContextCompartment(global, cx));
-  MOZ_ASSERT(!IsContentXBLScope());
  MOZ_ASSERT(strcmp(js::GetObjectClass(global)->name,
                    "nsXBLPrototypeScript compilation scope"));

--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@ -1158,8 +1158,7 @@ bool IsChromeOrXBL(JSContext* cx, JSObject* /* unused */) {
  // Note that, for performance, we don't check AllowXULXBLForPrincipal here,
  // and instead rely on the fact that AllowContentXBLScope() only returns false
  // in remote XUL situations.
-  return AccessCheck::isChrome(c) || IsContentXBLCompartment(c) ||
-         !AllowContentXBLScope(realm);
+  return AccessCheck::isChrome(c) || !AllowContentXBLScope(realm);
 }

 bool IsNotUAWidget(JSContext* cx, JSObject* /* unused */) {
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@ -905,9 +905,6 @@ class XPCWrappedNativeScope final
    return js::GetFirstGlobalInCompartment(Compartment());
  }

-  bool IsContentXBLScope() {
-    return xpc::IsContentXBLCompartment(Compartment());
-  }
  bool AllowContentXBLScope(JS::Realm* aRealm);

  // ID Object prototype caches.
--- a/js/xpconnect/src/xpcpublic.h
+++ b/js/xpconnect/src/xpcpublic.h
@ -91,10 +91,6 @@ JSObject* TransplantObjectNukingXrayWaiver(JSContext* cx,
                                           JS::HandleObject origObj,
                                           JS::HandleObject target);

-bool IsContentXBLCompartment(JS::Compartment* compartment);
-bool IsContentXBLScope(JS::Realm* realm);
-bool IsInContentXBLScope(JSObject* obj);
-
 bool IsUAWidgetCompartment(JS::Compartment* compartment);
 bool IsUAWidgetScope(JS::Realm* realm);
 bool IsInUAWidgetScope(JSObject* obj);
@ -124,9 +120,6 @@ JSObject* GetUAWidgetScope(JSContext* cx, JSObject* contentScope);

 inline JSObject* GetXBLScopeOrGlobal(JSContext* cx, JSObject* obj) {
  MOZ_ASSERT(!js::IsCrossCompartmentWrapper(obj));
-  if (IsInContentXBLScope(obj)) {
-    return JS::GetNonCCWObjectGlobal(obj);
-  }
  return GetXBLScope(cx, obj);
 }

--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@ -487,16 +487,6 @@ static const Wrapper* SelectWrapper(bool securityWrapper, XrayType xrayType,

  // There's never any reason to expose other objects to non-subsuming actors.
  // Just use an opaque wrapper in these cases.
-  //
-  // In general, we don't want opaque function wrappers to be callable.
-  // But in the case of XBL, we rely on content being able to invoke
-  // functions exposed from the XBL scope. We could remove this exception,
-  // if needed, by using ExportFunction to generate the content-side
-  // representations of XBL methods.
-  if (xrayType == XrayForJSObject && IsInContentXBLScope(obj)) {
-    return &FilteringWrapper<CrossCompartmentSecurityWrapper,
-                             OpaqueWithCall>::singleton;
-  }
  return &FilteringWrapper<CrossCompartmentSecurityWrapper, Opaque>::singleton;
 }