Fire the branch callback for the original cx when we're evaluating in a

sandbox.  Bug 368714, r+sr=jst

js/src/xpconnect/src/xpccomponents.cpp

@@ -3346,13 +3346,20 @@ public:
     NS_DECL_ISUPPORTS
 
 private:
+    static JSBool JS_DLL_CALLBACK ContextHolderBranchCallback(JSContext *cx,
+                                                              JSScript *script);
+    
     XPCAutoJSContext mJSContext;
+    JSBranchCallback mOrigBranchCallback;
+    JSContext* mOrigCx;
 };
 
 NS_IMPL_ISUPPORTS0(ContextHolder)
 
 ContextHolder::ContextHolder(JSContext *aOuterCx, JSObject *aSandbox)
-    : mJSContext(JS_NewContext(JS_GetRuntime(aOuterCx), 1024), JS_FALSE)
+    : mJSContext(JS_NewContext(JS_GetRuntime(aOuterCx), 1024), JS_FALSE),
+      mOrigBranchCallback(nsnull),
+      mOrigCx(aOuterCx)
 {
     if (mJSContext) {
         JS_SetOptions(mJSContext,
@@ -3360,9 +3367,31 @@ ContextHolder::ContextHolder(JSContext *aOuterCx, JSObject *aSandbox)
                       JSOPTION_PRIVATE_IS_NSISUPPORTS);
         JS_SetGlobalObject(mJSContext, aSandbox);
         JS_SetContextPrivate(mJSContext, this);
+
+        // Now cache the original branch callback
+        mOrigBranchCallback = JS_SetBranchCallback(aOuterCx, nsnull);
+        JS_SetBranchCallback(aOuterCx, mOrigBranchCallback);
+
+        if (mOrigBranchCallback) {
+            JS_SetBranchCallback(mJSContext, ContextHolderBranchCallback);
+        }
     }
 }
 
+JSBool JS_DLL_CALLBACK
+ContextHolder::ContextHolderBranchCallback(JSContext *cx, JSScript *script)
+{
+    ContextHolder* thisObject =
+        NS_STATIC_CAST(ContextHolder*, JS_GetContextPrivate(cx));
+    NS_ASSERTION(thisObject, "How did that happen?");
+
+    if (thisObject->mOrigBranchCallback) {
+        return (thisObject->mOrigBranchCallback)(thisObject->mOrigCx, script);
+    }
+
+    return JS_TRUE;
+}
+
 /***************************************************************************/
 
 /* void evalInSandbox(in AString source, in nativeobj sandbox); */