Bug 1535124 part 2. Mark Web IDL callbacks MOZ_CAN_RUN_SCRIPT by default. r=qdot

We add a [MOZ_CAN_RUN_SCRIPT_BOUNDARY] opt-out for now to keep the tree compiling. The naming purposefully matches the C++ annotation that has a similar effect, top make it easy to search for. Differential Revision: https://phabricator.services.mozilla.com/D23520 --HG-- extra : moz-landing-system : lando
2024-10-09 11:25:00 +00:00 · 2019-03-19 12:59:54 +00:00 · 2019-03-19 12:59:54 +00:00 · a998830a71
commit a998830a71
parent 5c13f9c06d
31 changed files with 78 additions and 17 deletions
--- a/dom/bindings/Codegen.py
+++ b/dom/bindings/Codegen.py
@ -10645,7 +10645,7 @@ class ClassMethod(ClassItem):
                 virtual=False, const=False, bodyInHeader=False,
                 templateArgs=None, visibility='public', body=None,
                 breakAfterReturnDecl="\n",
-                 breakAfterSelf="\n", override=False):
+                 breakAfterSelf="\n", override=False, canRunScript=False):
        """
        override indicates whether to flag the method as override
        """
@ -10663,10 +10663,13 @@ class ClassMethod(ClassItem):
        self.breakAfterReturnDecl = breakAfterReturnDecl
        self.breakAfterSelf = breakAfterSelf
        self.override = override
+        self.canRunScript = canRunScript;
        ClassItem.__init__(self, name, visibility)

    def getDecorators(self, declaring):
        decorators = []
+        if self.canRunScript:
+            decorators.append('MOZ_CAN_RUN_SCRIPT')
        if self.inline:
            decorators.append('inline')
        if declaring:
@ -14783,7 +14786,7 @@ class CGNativeMember(ClassMethod):
                 breakAfter=True, passJSBitsAsNeeded=True, visibility="public",
                 spiderMonkeyInterfacesAreStructs=True,
                 variadicIsSequence=False, resultNotAddRefed=False,
-                 virtual=False, override=False):
+                 virtual=False, override=False, canRunScript=False):
        """
        If spiderMonkeyInterfacesAreStructs is false, SpiderMonkey interfaces
        will be passed as JS::Handle<JSObject*>.  If it's true they will be
@ -14813,7 +14816,8 @@ class CGNativeMember(ClassMethod):
                             breakAfterSelf=breakAfterSelf,
                             visibility=visibility,
                             virtual=virtual,
-                             override=override)
+                             override=override,
+                             canRunScript=canRunScript)

    def getReturnType(self, type, isMember):
        return self.getRetvalInfo(type, isMember)[0]
@ -16227,17 +16231,21 @@ class CGCallback(CGClass):
        return [ClassMethod(method.name, method.returnType, args,
                            bodyInHeader=True,
                            templateArgs=["typename T"],
-                            body=bodyWithThis),
+                            body=bodyWithThis,
+                            canRunScript=method.canRunScript),
                ClassMethod(method.name, method.returnType, argsWithoutThis,
                            bodyInHeader=True,
-                            body=bodyWithoutThis),
+                            body=bodyWithoutThis,
+                            canRunScript=method.canRunScript),
                ClassMethod(method.name, method.returnType, argsWithoutRv,
                            bodyInHeader=True,
                            templateArgs=["typename T"],
-                            body=bodyWithThisWithoutRv),
+                            body=bodyWithThisWithoutRv,
+                            canRunScript=method.canRunScript),
                ClassMethod(method.name, method.returnType, argsWithoutThisAndRv,
                            bodyInHeader=True,
-                            body=bodyWithoutThisAndRv),
+                            body=bodyWithoutThisAndRv,
+                            canRunScript=method.canRunScript),
                method]

    def deps(self):
@ -16388,7 +16396,8 @@ class CallbackMember(CGNativeMember):
    def __init__(self, sig, name, descriptorProvider, needThisHandling,
                 rethrowContentException=False,
                 spiderMonkeyInterfacesAreStructs=False,
-                 wrapScope='CallbackKnownNotGray()'):
+                 wrapScope='CallbackKnownNotGray()',
+                 canRunScript=False):
        """
        needThisHandling is True if we need to be able to accept a specified
        thisObj, False otherwise.
@ -16422,7 +16431,8 @@ class CallbackMember(CGNativeMember):
                                extendedAttrs={},
                                passJSBitsAsNeeded=False,
                                visibility=visibility,
-                                spiderMonkeyInterfacesAreStructs=spiderMonkeyInterfacesAreStructs)
+                                spiderMonkeyInterfacesAreStructs=spiderMonkeyInterfacesAreStructs,
+                                canRunScript=canRunScript)
        # We have to do all the generation of our body now, because
        # the caller relies on us throwing if we can't manage it.
        self.exceptionCode = ("aRv.Throw(NS_ERROR_UNEXPECTED);\n"
@ -16644,10 +16654,12 @@ class CallbackMember(CGNativeMember):
 class CallbackMethod(CallbackMember):
    def __init__(self, sig, name, descriptorProvider, needThisHandling,
                 rethrowContentException=False,
-                 spiderMonkeyInterfacesAreStructs=False):
+                 spiderMonkeyInterfacesAreStructs=False,
+                 canRunScript=False):
        CallbackMember.__init__(self, sig, name, descriptorProvider,
                                needThisHandling, rethrowContentException,
-                                spiderMonkeyInterfacesAreStructs=spiderMonkeyInterfacesAreStructs)
+                                spiderMonkeyInterfacesAreStructs=spiderMonkeyInterfacesAreStructs,
+                                canRunScript=canRunScript)

    def getRvalDecl(self):
        return "JS::Rooted<JS::Value> rval(cx, JS::UndefinedValue());\n"
@ -16680,7 +16692,8 @@ class CallCallback(CallbackMethod):
    def __init__(self, callback, descriptorProvider):
        self.callback = callback
        CallbackMethod.__init__(self, callback.signatures()[0], "Call",
-                                descriptorProvider, needThisHandling=True)
+                                descriptorProvider, needThisHandling=True,
+                                canRunScript=not callback.isRunScriptBoundary())

    def getThisDecl(self):
        return ""
--- a/dom/bindings/parser/WebIDL.py
+++ b/dom/bindings/parser/WebIDL.py
@ -4664,6 +4664,7 @@ class IDLCallback(IDLObjectWithScope):

        self._treatNonCallableAsNull = False
        self._treatNonObjectAsNull = False
+        self._isRunScriptBoundary = False

    def isCallback(self):
        return True
@ -4701,6 +4702,8 @@ class IDLCallback(IDLObjectWithScope):
                self._treatNonCallableAsNull = True
            elif attr.identifier() == "TreatNonObjectAsNull":
                self._treatNonObjectAsNull = True
+            elif attr.identifier() == "MOZ_CAN_RUN_SCRIPT_BOUNDARY":
+                self._isRunScriptBoundary = True
            else:
                unhandledAttrs.append(attr)
        if self._treatNonCallableAsNull and self._treatNonObjectAsNull:
@ -4712,6 +4715,9 @@ class IDLCallback(IDLObjectWithScope):
    def _getDependentObjects(self):
        return set([self._returnType] + self._arguments)

+    def isRunScriptBoundary(self):
+        return self._isRunScriptBoundary;
+

 class IDLCallbackType(IDLType):
    def __init__(self, location, callback):
--- a/dom/bindings/test/TestFunctions.h
+++ b/dom/bindings/test/TestFunctions.h
@ -28,6 +28,7 @@ class TestFunctions : public NonRefcountedDOMObject {

  static Promise* PassThroughPromise(GlobalObject& aGlobal, Promise& aPromise);

+  MOZ_CAN_RUN_SCRIPT
  static already_AddRefed<Promise> PassThroughCallbackPromise(
      GlobalObject& aGlobal, PromiseReturner& aCallback, ErrorResult& aRv);

--- a/dom/chrome-webidl/PlacesObservers.webidl
+++ b/dom/chrome-webidl/PlacesObservers.webidl
@ -4,6 +4,7 @@
 * You can obtain one at http://mozilla.org/MPL/2.0/.
 */

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback PlacesEventCallback = void (sequence<PlacesEvent> events);

 [ChromeOnly, Exposed=Window,
--- a/dom/chrome-webidl/SessionStoreUtils.webidl
+++ b/dom/chrome-webidl/SessionStoreUtils.webidl
@ -8,6 +8,7 @@ interface nsISupports;
 /**
 * A callback passed to SessionStoreUtils.forEachNonDynamicChildFrame().
 */
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback SessionStoreUtilsFrameCallback = void (WindowProxy frame, unsigned long index);

 /**
--- a/dom/chrome-webidl/WebExtensionPolicy.webidl
+++ b/dom/chrome-webidl/WebExtensionPolicy.webidl
@ -5,6 +5,7 @@
 interface URI;
 interface WindowProxy;

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback WebExtensionLocalizeCallback = DOMString (DOMString unlocalizedText);

 /**
--- a/dom/webidl/BaseAudioContext.webidl
+++ b/dom/webidl/BaseAudioContext.webidl
@ -10,7 +10,9 @@
 * liability, trademark and document use rules apply.
 */

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback DecodeSuccessCallback = void (AudioBuffer decodedData);
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback DecodeErrorCallback = void (DOMException error);

 enum AudioContextState {
--- a/dom/webidl/Console.webidl
+++ b/dom/webidl/Console.webidl
@ -189,6 +189,7 @@ interface ConsoleInstance {
  void profileEnd(any... data);
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback ConsoleInstanceDumpCallback = void (DOMString message);

 enum ConsoleLogLevel {
--- a/dom/webidl/CustomElementRegistry.webidl
+++ b/dom/webidl/CustomElementRegistry.webidl
@ -19,4 +19,5 @@ dictionary ElementDefinitionOptions {
  DOMString extends;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback CustomElementCreationCallback = void (DOMString name);
--- a/dom/webidl/DataTransferItem.webidl
+++ b/dom/webidl/DataTransferItem.webidl
@ -17,6 +17,7 @@ interface DataTransferItem {
  File? getAsFile();
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback FunctionStringCallback = void (DOMString data);

 // https://wicg.github.io/entries-api/#idl-index
--- a/dom/webidl/EventHandler.webidl
+++ b/dom/webidl/EventHandler.webidl
@ -10,15 +10,15 @@
 * Opera Software ASA. You are granted a license to use, reproduce
 * and create derivative works of this document.
 */
-[TreatNonObjectAsNull]
+[TreatNonObjectAsNull, MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback EventHandlerNonNull = any (Event event);
 typedef EventHandlerNonNull? EventHandler;

-[TreatNonObjectAsNull]
+[TreatNonObjectAsNull, MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback OnBeforeUnloadEventHandlerNonNull = DOMString? (Event event);
 typedef OnBeforeUnloadEventHandlerNonNull? OnBeforeUnloadEventHandler;

-[TreatNonObjectAsNull]
+[TreatNonObjectAsNull, MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback OnErrorEventHandlerNonNull = any ((Event or DOMString) event, optional DOMString source, optional unsigned long lineno, optional unsigned long column, optional any error);
 typedef OnErrorEventHandlerNonNull? OnErrorEventHandler;

--- a/dom/webidl/FileSystem.webidl
+++ b/dom/webidl/FileSystem.webidl
@ -11,8 +11,10 @@ dictionary FileSystemFlags {
    boolean exclusive = false;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback FileSystemEntryCallback = void (FileSystemEntry entry);

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback ErrorCallback = void (DOMException err);

 interface FileSystem {
--- a/dom/webidl/FileSystemDirectoryReader.webidl
+++ b/dom/webidl/FileSystemDirectoryReader.webidl
@ -6,6 +6,7 @@
 * https://wicg.github.io/entries-api/#idl-index
 */

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback FileSystemEntriesCallback = void (sequence<FileSystemEntry> entries);

 interface FileSystemDirectoryReader {
--- a/dom/webidl/FileSystemFileEntry.webidl
+++ b/dom/webidl/FileSystemFileEntry.webidl
@ -6,6 +6,7 @@
 * https://wicg.github.io/entries-api/#idl-index
 */

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback FileCallback = void (File file);

 interface FileSystemFileEntry : FileSystemEntry {
--- a/dom/webidl/FontFaceSet.webidl
+++ b/dom/webidl/FontFaceSet.webidl
@ -23,6 +23,7 @@ interface FontFaceSetIterator {
  [Throws] FontFaceSetIteratorResult next();
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback FontFaceSetForEachCallback = void (FontFace value, FontFace key, FontFaceSet set);

 enum FontFaceSetLoadStatus { "loading", "loaded" };
--- a/dom/webidl/Function.webidl
+++ b/dom/webidl/Function.webidl
@ -10,7 +10,7 @@
 * Opera Software ASA. You are granted a license to use, reproduce
 * and create derivative works of this document.
 */
-
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback Function = any(any... arguments);

 callback VoidFunction = void ();
--- a/dom/webidl/Geolocation.webidl
+++ b/dom/webidl/Geolocation.webidl
@ -31,6 +31,8 @@ interface Geolocation {
  void clearWatch(long watchId);
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback PositionCallback = void (Position position);

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback PositionErrorCallback = void (PositionError positionError);
--- a/dom/webidl/HTMLCanvasElement.webidl
+++ b/dom/webidl/HTMLCanvasElement.webidl
@ -66,6 +66,8 @@ interface MozCanvasPrintState
  void done();
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback PrintCallback = void(MozCanvasPrintState ctx);

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback BlobCallback = void(Blob? blob);
--- a/dom/webidl/IntersectionObserver.webidl
+++ b/dom/webidl/IntersectionObserver.webidl
@ -44,6 +44,7 @@ interface IntersectionObserver {
  readonly attribute IntersectionCallback intersectionCallback;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback IntersectionCallback =
  void (sequence<IntersectionObserverEntry> entries, IntersectionObserver observer);

--- a/dom/webidl/L10nUtils.webidl
+++ b/dom/webidl/L10nUtils.webidl
@ -34,5 +34,6 @@ dictionary L10nValue {
  sequence<AttributeNameValue>? attributes = null;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback L10nCallback =
  Promise<sequence<L10nValue>> (sequence<L10nElement> l10nElements);
--- a/dom/webidl/MutationObserver.webidl
+++ b/dom/webidl/MutationObserver.webidl
@ -52,6 +52,7 @@ interface MutationObserver {
  attribute boolean mergeAttributeRecords;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback MutationCallback = void (sequence<MutationRecord> mutations, MutationObserver observer);

 dictionary MutationObserverInit {
--- a/dom/webidl/Navigator.webidl
+++ b/dom/webidl/Navigator.webidl
@ -234,7 +234,9 @@ partial interface Navigator {
  Promise<MIDIAccess> requestMIDIAccess(optional MIDIOptions options);
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback NavigatorUserMediaSuccessCallback = void (MediaStream stream);
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback NavigatorUserMediaErrorCallback = void (MediaStreamError error);

 partial interface Navigator {
@ -251,6 +253,7 @@ partial interface Navigator {
 };

 // nsINavigatorUserMedia
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback MozGetUserMediaDevicesSuccessCallback = void (nsIVariant? devices);
 partial interface Navigator {
  [Throws, ChromeOnly]
--- a/dom/webidl/Notification.webidl
+++ b/dom/webidl/Notification.webidl
@ -88,6 +88,7 @@ enum NotificationPermission {
  "granted"
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback NotificationPermissionCallback = void (NotificationPermission permission);

 enum NotificationDirection {
--- a/dom/webidl/PerformanceObserver.webidl
+++ b/dom/webidl/PerformanceObserver.webidl
@ -12,6 +12,7 @@ dictionary PerformanceObserverInit {
  boolean buffered = false;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback PerformanceObserverCallback = void (PerformanceObserverEntryList entries,
                                             PerformanceObserver observer);

--- a/dom/webidl/Promise.webidl
+++ b/dom/webidl/Promise.webidl
@ -7,9 +7,10 @@
 * Web IDL infrastructure.
 */

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback PromiseJobCallback = void();

-[TreatNonCallableAsNull]
+[TreatNonCallableAsNull, MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback AnyCallback = any (any value);

 // Hack to allow us to have JS owning and properly tracing/CCing/etc a
--- a/dom/webidl/RTCIdentityProvider.webidl
+++ b/dom/webidl/RTCIdentityProvider.webidl
@ -35,10 +35,12 @@ dictionary RTCIdentityProvider {
  required ValidateAssertionCallback validateAssertion;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback GenerateAssertionCallback =
  Promise<RTCIdentityAssertionResult>
    (DOMString contents, DOMString origin,
     RTCIdentityProviderOptions options);
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback ValidateAssertionCallback =
  Promise<RTCIdentityValidationResult> (DOMString assertion, DOMString origin);

--- a/dom/webidl/Reporting.webidl
+++ b/dom/webidl/Reporting.webidl
@ -26,6 +26,7 @@ interface ReportingObserver {
  ReportList takeRecords();
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback ReportingObserverCallback = void (sequence<Report> reports, ReportingObserver observer);

 dictionary ReportingObserverOptions {
--- a/dom/webidl/U2F.webidl
+++ b/dom/webidl/U2F.webidl
@ -64,7 +64,9 @@ dictionary SignResponse {
    DOMString? errorMessage;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback U2FRegisterCallback = void(RegisterResponse response);
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback U2FSignCallback = void(SignResponse response);

 [SecureContext, Pref="security.webauth.u2f"]
--- a/dom/webidl/WebComponents.webidl
+++ b/dom/webidl/WebComponents.webidl
@ -10,14 +10,19 @@
 * liability, trademark and document use rules apply.
 */

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback LifecycleConnectedCallback = void();
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback LifecycleDisconnectedCallback = void();
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback LifecycleAdoptedCallback = void(Document? oldDocument,
                                         Document? newDocment);
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback LifecycleAttributeChangedCallback = void(DOMString attrName,
                                                  DOMString? oldValue,
                                                  DOMString? newValue,
                                                  DOMString? namespaceURI);
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback LifecycleGetCustomInterfaceCallback = object?(any iid);

 dictionary LifecycleCallbacks {
--- a/dom/webidl/WebrtcGlobalInformation.webidl
+++ b/dom/webidl/WebrtcGlobalInformation.webidl
@ -8,7 +8,9 @@ dictionary WebrtcGlobalStatisticsReport {
  sequence<RTCStatsReportInternal> reports;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback WebrtcGlobalStatisticsCallback = void (WebrtcGlobalStatisticsReport reports);
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback WebrtcGlobalLoggingCallback = void (sequence<DOMString> logMessages);

 [ChromeOnly]
--- a/dom/webidl/Window.webidl
+++ b/dom/webidl/Window.webidl
@ -211,6 +211,7 @@ partial interface Window {
  [Throws] long requestAnimationFrame(FrameRequestCallback callback);
  [Throws] void cancelAnimationFrame(long handle);
 };
+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback FrameRequestCallback = void (DOMHighResTimeStamp time);

 // https://dvcs.w3.org/hg/webperf/raw-file/tip/specs/NavigationTiming/Overview.html
@ -396,6 +397,7 @@ partial interface Window {
 };
 #endif

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback PromiseDocumentFlushedCallback = any ();

 // Mozilla extensions for Chrome windows.
@ -555,6 +557,7 @@ dictionary IdleRequestOptions {
  unsigned long timeout;
 };

+[MOZ_CAN_RUN_SCRIPT_BOUNDARY]
 callback IdleRequestCallback = void (IdleDeadline deadline);

 partial interface Window {