From ee1f5ecbde6d635af3e084e5763aa9847165eff7 Mon Sep 17 00:00:00 2001
From: Andrea Marchesini <amarchesini@mozilla.com>
Date: Tue, 1 Oct 2024 06:25:05 +0000
Subject: [PATCH] Bug 1739779 - Check if the global is eligible for messaging
 before sending/receiving BroadcastChannel messages, r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D224030
---
 dom/broadcastchannel/BroadcastChannel.cpp     | 21 ++++++++++---------
 .../broadcastchannel/detached-iframe.html.ini |  8 -------
 2 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/dom/broadcastchannel/BroadcastChannel.cpp b/dom/broadcastchannel/BroadcastChannel.cpp
index 5df8903a3dd9..fdfa6c8e1148 100644
--- a/dom/broadcastchannel/BroadcastChannel.cpp
+++ b/dom/broadcastchannel/BroadcastChannel.cpp
@@ -271,21 +271,17 @@ already_AddRefed<BroadcastChannel> BroadcastChannel::Constructor(
 void BroadcastChannel::PostMessage(JSContext* aCx,
                                    JS::Handle<JS::Value> aMessage,
                                    ErrorResult& aRv) {
+  nsCOMPtr<nsIGlobalObject> global = GetOwnerGlobal();
+  if (!global || !global->IsEligibleForMessaging()) {
+    return;
+  }
+
   if (mState != StateActive) {
     aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
     return;
   }
 
-  Maybe<nsID> agentClusterId;
-  nsCOMPtr<nsIGlobalObject> global = GetOwnerGlobal();
-  MOZ_ASSERT(global);
-  if (global) {
-    agentClusterId = global->GetAgentClusterId();
-  }
-
-  if (!global->IsEligibleForMessaging()) {
-    return;
-  }
+  Maybe<nsID> agentClusterId = global->GetAgentClusterId();
 
   RefPtr<SharedMessageBody> data = new SharedMessageBody(
       StructuredCloneHolder::TransferringNotSupported, agentClusterId);
@@ -364,6 +360,11 @@ void BroadcastChannel::DisconnectFromOwner() {
 }
 
 void BroadcastChannel::MessageReceived(const MessageData& aData) {
+  nsCOMPtr<nsIGlobalObject> global = GetOwnerGlobal();
+  if (!global || !global->IsEligibleForMessaging()) {
+    return;
+  }
+
   if (NS_FAILED(CheckCurrentGlobalCorrectness())) {
     RemoveDocFromBFCache();
     return;
diff --git a/testing/web-platform/meta/webmessaging/broadcastchannel/detached-iframe.html.ini b/testing/web-platform/meta/webmessaging/broadcastchannel/detached-iframe.html.ini
index e6740f1a65b1..fb6c1f28f1fa 100644
--- a/testing/web-platform/meta/webmessaging/broadcastchannel/detached-iframe.html.ini
+++ b/testing/web-platform/meta/webmessaging/broadcastchannel/detached-iframe.html.ini
@@ -1,11 +1,3 @@
 [detached-iframe.html]
   expected:
     if (os == "android") and fission: [OK, TIMEOUT]
-  [BroadcastChannel messages from detached iframe to parent should be ignored (BC created before detaching)]
-    expected: FAIL
-
-  [BroadcastChannel messages within detached iframe should be ignored (BCs created before detaching)]
-    expected: FAIL
-
-  [BroadcastChannel messages within detached iframe should be ignored (BCs created after detaching)]
-    expected: FAIL