mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-11 16:32:59 +00:00
fe9f006639
Differential Revision: https://phabricator.services.mozilla.com/D204611
883 lines
31 KiB
C++
883 lines
31 KiB
C++
/* -*- Mode: C++; c-basic-offset: 2; indent-tabs-mode: nil; tab-width: 8 -*- */
|
|
/* vim: set sw=2 ts=8 et tw=80 ft=cpp : */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "mozilla/dom/WindowGlobalChild.h"
|
|
|
|
#include "mozilla/AntiTrackingUtils.h"
|
|
#include "mozilla/ClearOnShutdown.h"
|
|
#include "mozilla/dom/WindowGlobalParent.h"
|
|
#include "mozilla/dom/BrowsingContext.h"
|
|
#include "mozilla/dom/BrowsingContextGroup.h"
|
|
#include "mozilla/dom/ContentChild.h"
|
|
#include "mozilla/dom/MozFrameLoaderOwnerBinding.h"
|
|
#include "mozilla/dom/BrowserChild.h"
|
|
#include "mozilla/dom/BrowserBridgeChild.h"
|
|
#include "mozilla/dom/ContentParent.h"
|
|
#include "mozilla/dom/SecurityPolicyViolationEvent.h"
|
|
#include "mozilla/dom/SessionStoreRestoreData.h"
|
|
#include "mozilla/dom/WindowGlobalActorsBinding.h"
|
|
#include "mozilla/dom/WindowContext.h"
|
|
#include "mozilla/dom/InProcessChild.h"
|
|
#include "mozilla/dom/InProcessParent.h"
|
|
#include "mozilla/ipc/Endpoint.h"
|
|
#include "mozilla/PresShell.h"
|
|
#include "mozilla/ScopeExit.h"
|
|
#include "GeckoProfiler.h"
|
|
#include "nsContentUtils.h"
|
|
#include "nsDocShell.h"
|
|
#include "nsFocusManager.h"
|
|
#include "nsFrameLoaderOwner.h"
|
|
#include "nsGlobalWindowInner.h"
|
|
#include "nsNetUtil.h"
|
|
#include "nsQueryObject.h"
|
|
#include "nsSerializationHelper.h"
|
|
#include "nsFrameLoader.h"
|
|
#include "nsScriptSecurityManager.h"
|
|
|
|
#include "mozilla/dom/JSWindowActorBinding.h"
|
|
#include "mozilla/dom/JSWindowActorChild.h"
|
|
#include "mozilla/dom/JSActorService.h"
|
|
#include "nsIHttpChannelInternal.h"
|
|
#include "nsIURIMutator.h"
|
|
#include "nsURLHelper.h"
|
|
|
|
using namespace mozilla::ipc;
|
|
using namespace mozilla::dom::ipc;
|
|
|
|
namespace mozilla::dom {
|
|
|
|
WindowGlobalChild::WindowGlobalChild(dom::WindowContext* aWindowContext,
|
|
nsIPrincipal* aPrincipal,
|
|
nsIURI* aDocumentURI)
|
|
: mWindowContext(aWindowContext),
|
|
mDocumentPrincipal(aPrincipal),
|
|
mDocumentURI(aDocumentURI) {
|
|
MOZ_DIAGNOSTIC_ASSERT(mWindowContext);
|
|
MOZ_DIAGNOSTIC_ASSERT(mDocumentPrincipal);
|
|
|
|
if (!mDocumentURI) {
|
|
NS_NewURI(getter_AddRefs(mDocumentURI), "about:blank");
|
|
}
|
|
|
|
// Registers a DOM Window with the profiler. It re-registers the same Inner
|
|
// Window ID with different URIs because when a Browsing context is first
|
|
// loaded, the first url loaded in it will be about:blank. This call keeps the
|
|
// first non-about:blank registration of window and discards the previous one.
|
|
uint64_t embedderInnerWindowID = 0;
|
|
if (BrowsingContext()->GetParent()) {
|
|
embedderInnerWindowID = BrowsingContext()->GetEmbedderInnerWindowId();
|
|
}
|
|
profiler_register_page(
|
|
BrowsingContext()->BrowserId(), InnerWindowId(),
|
|
nsContentUtils::TruncatedURLForDisplay(aDocumentURI, 1024),
|
|
embedderInnerWindowID, BrowsingContext()->UsePrivateBrowsing());
|
|
}
|
|
|
|
already_AddRefed<WindowGlobalChild> WindowGlobalChild::Create(
|
|
nsGlobalWindowInner* aWindow) {
|
|
#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
|
|
// Opener policy is set when we start to load a document. Here, we ensure we
|
|
// have set the correct Opener policy so that it will be available in the
|
|
// parent process through window global child.
|
|
nsCOMPtr<nsIChannel> chan = aWindow->GetDocument()->GetChannel();
|
|
nsCOMPtr<nsILoadInfo> loadInfo = chan ? chan->LoadInfo() : nullptr;
|
|
nsCOMPtr<nsIHttpChannelInternal> httpChan = do_QueryInterface(chan);
|
|
nsILoadInfo::CrossOriginOpenerPolicy policy;
|
|
if (httpChan &&
|
|
loadInfo->GetExternalContentPolicyType() ==
|
|
ExtContentPolicy::TYPE_DOCUMENT &&
|
|
NS_SUCCEEDED(httpChan->GetCrossOriginOpenerPolicy(&policy))) {
|
|
MOZ_DIAGNOSTIC_ASSERT(policy ==
|
|
aWindow->GetBrowsingContext()->GetOpenerPolicy());
|
|
}
|
|
#endif
|
|
|
|
WindowGlobalInit init = WindowGlobalActor::WindowInitializer(aWindow);
|
|
RefPtr<WindowGlobalChild> wgc = CreateDisconnected(init);
|
|
|
|
// Send the link constructor over PBrowser, or link over PInProcess.
|
|
if (XRE_IsParentProcess()) {
|
|
InProcessChild* ipChild = InProcessChild::Singleton();
|
|
InProcessParent* ipParent = InProcessParent::Singleton();
|
|
if (!ipChild || !ipParent) {
|
|
return nullptr;
|
|
}
|
|
|
|
ManagedEndpoint<PWindowGlobalParent> endpoint =
|
|
ipChild->OpenPWindowGlobalEndpoint(wgc);
|
|
ipParent->BindPWindowGlobalEndpoint(std::move(endpoint),
|
|
wgc->WindowContext()->Canonical());
|
|
} else {
|
|
RefPtr<BrowserChild> browserChild =
|
|
BrowserChild::GetFrom(static_cast<mozIDOMWindow*>(aWindow));
|
|
MOZ_ASSERT(browserChild);
|
|
|
|
#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
|
|
dom::BrowsingContext* bc = aWindow->GetBrowsingContext();
|
|
#endif
|
|
|
|
MOZ_DIAGNOSTIC_ASSERT(bc->AncestorsAreCurrent());
|
|
MOZ_DIAGNOSTIC_ASSERT(bc->IsInProcess());
|
|
|
|
ManagedEndpoint<PWindowGlobalParent> endpoint =
|
|
browserChild->OpenPWindowGlobalEndpoint(wgc);
|
|
browserChild->SendNewWindowGlobal(std::move(endpoint), init);
|
|
}
|
|
|
|
wgc->Init();
|
|
wgc->InitWindowGlobal(aWindow);
|
|
return wgc.forget();
|
|
}
|
|
|
|
already_AddRefed<WindowGlobalChild> WindowGlobalChild::CreateDisconnected(
|
|
const WindowGlobalInit& aInit) {
|
|
RefPtr<dom::BrowsingContext> browsingContext =
|
|
dom::BrowsingContext::Get(aInit.context().mBrowsingContextId);
|
|
|
|
RefPtr<dom::WindowContext> windowContext =
|
|
dom::WindowContext::GetById(aInit.context().mInnerWindowId);
|
|
MOZ_RELEASE_ASSERT(!windowContext, "Creating duplicate WindowContext");
|
|
|
|
// Create our new WindowContext
|
|
if (XRE_IsParentProcess()) {
|
|
windowContext = WindowGlobalParent::CreateDisconnected(aInit);
|
|
} else {
|
|
dom::WindowContext::FieldValues fields = aInit.context().mFields;
|
|
windowContext = new dom::WindowContext(
|
|
browsingContext, aInit.context().mInnerWindowId,
|
|
aInit.context().mOuterWindowId, std::move(fields));
|
|
}
|
|
|
|
RefPtr<WindowGlobalChild> windowChild = new WindowGlobalChild(
|
|
windowContext, aInit.principal(), aInit.documentURI());
|
|
windowContext->mIsInProcess = true;
|
|
windowContext->mWindowGlobalChild = windowChild;
|
|
return windowChild.forget();
|
|
}
|
|
|
|
void WindowGlobalChild::Init() {
|
|
MOZ_ASSERT(mWindowContext->mWindowGlobalChild == this);
|
|
mWindowContext->Init();
|
|
}
|
|
|
|
void WindowGlobalChild::InitWindowGlobal(nsGlobalWindowInner* aWindow) {
|
|
mWindowGlobal = aWindow;
|
|
}
|
|
|
|
void WindowGlobalChild::OnNewDocument(Document* aDocument) {
|
|
MOZ_RELEASE_ASSERT(mWindowGlobal);
|
|
MOZ_RELEASE_ASSERT(aDocument);
|
|
|
|
// Send a series of messages to update document-specific state on
|
|
// WindowGlobalParent, when we change documents on an existing WindowGlobal.
|
|
// This data is also all sent when we construct a WindowGlobal, so anything
|
|
// added here should also be added to WindowGlobalActor::WindowInitializer.
|
|
|
|
// FIXME: Perhaps these should be combined into a smaller number of messages?
|
|
SendSetIsInitialDocument(aDocument->IsInitialDocument());
|
|
SetDocumentURI(aDocument->GetDocumentURI());
|
|
SetDocumentPrincipal(aDocument->NodePrincipal(),
|
|
aDocument->EffectiveStoragePrincipal());
|
|
|
|
nsCOMPtr<nsITransportSecurityInfo> securityInfo;
|
|
if (nsCOMPtr<nsIChannel> channel = aDocument->GetChannel()) {
|
|
channel->GetSecurityInfo(getter_AddRefs(securityInfo));
|
|
}
|
|
SendUpdateDocumentSecurityInfo(securityInfo);
|
|
|
|
SendUpdateDocumentCspSettings(aDocument->GetBlockAllMixedContent(false),
|
|
aDocument->GetUpgradeInsecureRequests(false));
|
|
SendUpdateSandboxFlags(aDocument->GetSandboxFlags());
|
|
|
|
net::CookieJarSettingsArgs csArgs;
|
|
net::CookieJarSettings::Cast(aDocument->CookieJarSettings())
|
|
->Serialize(csArgs);
|
|
if (!SendUpdateCookieJarSettings(csArgs)) {
|
|
NS_WARNING(
|
|
"Failed to update document's cookie jar settings on the "
|
|
"WindowGlobalParent");
|
|
}
|
|
|
|
SendUpdateHttpsOnlyStatus(aDocument->HttpsOnlyStatus());
|
|
|
|
// Update window context fields for the newly loaded Document.
|
|
WindowContext::Transaction txn;
|
|
txn.SetCookieBehavior(
|
|
Some(aDocument->CookieJarSettings()->GetCookieBehavior()));
|
|
txn.SetIsOnContentBlockingAllowList(
|
|
aDocument->CookieJarSettings()->GetIsOnContentBlockingAllowList());
|
|
txn.SetIsThirdPartyWindow(aDocument->HasThirdPartyChannel());
|
|
txn.SetIsThirdPartyTrackingResourceWindow(
|
|
nsContentUtils::IsThirdPartyTrackingResourceWindow(mWindowGlobal));
|
|
txn.SetIsSecureContext(mWindowGlobal->IsSecureContext());
|
|
if (auto policy = aDocument->GetEmbedderPolicy()) {
|
|
txn.SetEmbedderPolicy(*policy);
|
|
}
|
|
txn.SetShouldResistFingerprinting(aDocument->ShouldResistFingerprinting(
|
|
RFPTarget::IsAlwaysEnabledForPrecompute));
|
|
txn.SetOverriddenFingerprintingSettings(
|
|
aDocument->GetOverriddenFingerprintingSettings());
|
|
|
|
if (nsCOMPtr<nsIChannel> channel = aDocument->GetChannel()) {
|
|
nsCOMPtr<nsILoadInfo> loadInfo(channel->LoadInfo());
|
|
txn.SetIsOriginalFrameSource(loadInfo->GetOriginalFrameSrcLoad());
|
|
txn.SetUsingStorageAccess(loadInfo->GetStoragePermission() !=
|
|
nsILoadInfo::NoStoragePermission);
|
|
} else {
|
|
txn.SetIsOriginalFrameSource(false);
|
|
}
|
|
|
|
// Init Mixed Content Fields
|
|
nsCOMPtr<nsIURI> innerDocURI =
|
|
NS_GetInnermostURI(aDocument->GetDocumentURI());
|
|
if (innerDocURI) {
|
|
txn.SetIsSecure(innerDocURI->SchemeIs("https"));
|
|
}
|
|
|
|
MOZ_DIAGNOSTIC_ASSERT(mDocumentPrincipal->GetIsLocalIpAddress() ==
|
|
mWindowContext->IsLocalIP());
|
|
|
|
MOZ_ALWAYS_SUCCEEDS(txn.Commit(mWindowContext));
|
|
}
|
|
|
|
/* static */
|
|
already_AddRefed<WindowGlobalChild> WindowGlobalChild::GetByInnerWindowId(
|
|
uint64_t aInnerWindowId) {
|
|
if (RefPtr<dom::WindowContext> context =
|
|
dom::WindowContext::GetById(aInnerWindowId)) {
|
|
return do_AddRef(context->GetWindowGlobalChild());
|
|
}
|
|
return nullptr;
|
|
}
|
|
|
|
dom::BrowsingContext* WindowGlobalChild::BrowsingContext() {
|
|
return mWindowContext->GetBrowsingContext();
|
|
}
|
|
|
|
uint64_t WindowGlobalChild::InnerWindowId() {
|
|
return mWindowContext->InnerWindowId();
|
|
}
|
|
|
|
uint64_t WindowGlobalChild::OuterWindowId() {
|
|
return mWindowContext->OuterWindowId();
|
|
}
|
|
|
|
bool WindowGlobalChild::IsCurrentGlobal() {
|
|
return CanSend() && mWindowGlobal->IsCurrentInnerWindow();
|
|
}
|
|
|
|
already_AddRefed<WindowGlobalParent> WindowGlobalChild::GetParentActor() {
|
|
if (!CanSend()) {
|
|
return nullptr;
|
|
}
|
|
IProtocol* otherSide = InProcessChild::ParentActorFor(this);
|
|
return do_AddRef(static_cast<WindowGlobalParent*>(otherSide));
|
|
}
|
|
|
|
already_AddRefed<BrowserChild> WindowGlobalChild::GetBrowserChild() {
|
|
if (IsInProcess() || !CanSend()) {
|
|
return nullptr;
|
|
}
|
|
return do_AddRef(static_cast<BrowserChild*>(Manager()));
|
|
}
|
|
|
|
uint64_t WindowGlobalChild::ContentParentId() {
|
|
if (XRE_IsParentProcess()) {
|
|
return 0;
|
|
}
|
|
return ContentChild::GetSingleton()->GetID();
|
|
}
|
|
|
|
// A WindowGlobalChild is the root in its process if it has no parent, or its
|
|
// embedder is in a different process.
|
|
bool WindowGlobalChild::IsProcessRoot() {
|
|
if (!BrowsingContext()->GetParent()) {
|
|
return true;
|
|
}
|
|
|
|
return !BrowsingContext()->GetEmbedderElement();
|
|
}
|
|
|
|
void WindowGlobalChild::BeforeUnloadAdded() {
|
|
// Don't bother notifying the parent if we don't have an IPC link open.
|
|
if (mBeforeUnloadListeners == 0 && CanSend()) {
|
|
Unused << mWindowContext->SetHasBeforeUnload(true);
|
|
}
|
|
|
|
mBeforeUnloadListeners++;
|
|
MOZ_ASSERT(mBeforeUnloadListeners > 0);
|
|
}
|
|
|
|
void WindowGlobalChild::BeforeUnloadRemoved() {
|
|
mBeforeUnloadListeners--;
|
|
MOZ_ASSERT(mBeforeUnloadListeners >= 0);
|
|
|
|
if (mBeforeUnloadListeners == 0) {
|
|
Unused << mWindowContext->SetHasBeforeUnload(false);
|
|
}
|
|
}
|
|
|
|
void WindowGlobalChild::Destroy() {
|
|
JSActorWillDestroy();
|
|
|
|
mWindowContext->Discard();
|
|
|
|
// Perform async IPC shutdown unless we're not in-process, and our
|
|
// BrowserChild is in the process of being destroyed, which will destroy
|
|
// us as well.
|
|
RefPtr<BrowserChild> browserChild = GetBrowserChild();
|
|
if (!browserChild || !browserChild->IsDestroyed()) {
|
|
SendDestroy();
|
|
}
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvMakeFrameLocal(
|
|
const MaybeDiscarded<dom::BrowsingContext>& aFrameContext,
|
|
uint64_t aPendingSwitchId) {
|
|
MOZ_DIAGNOSTIC_ASSERT(XRE_IsContentProcess());
|
|
|
|
MOZ_LOG(BrowsingContext::GetLog(), LogLevel::Debug,
|
|
("RecvMakeFrameLocal ID=%" PRIx64, aFrameContext.ContextId()));
|
|
|
|
if (NS_WARN_IF(aFrameContext.IsNullOrDiscarded())) {
|
|
return IPC_OK();
|
|
}
|
|
dom::BrowsingContext* frameContext = aFrameContext.get();
|
|
|
|
RefPtr<Element> embedderElt = frameContext->GetEmbedderElement();
|
|
if (NS_WARN_IF(!embedderElt)) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
if (NS_WARN_IF(embedderElt->GetOwnerGlobal() != GetWindowGlobal())) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
RefPtr<nsFrameLoaderOwner> flo = do_QueryObject(embedderElt);
|
|
MOZ_DIAGNOSTIC_ASSERT(flo, "Embedder must be a nsFrameLoaderOwner");
|
|
|
|
// Trigger a process switch into the current process.
|
|
RemotenessOptions options;
|
|
options.mRemoteType = NOT_REMOTE_TYPE;
|
|
options.mPendingSwitchID.Construct(aPendingSwitchId);
|
|
options.mSwitchingInProgressLoad = true;
|
|
flo->ChangeRemoteness(options, IgnoreErrors());
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvMakeFrameRemote(
|
|
const MaybeDiscarded<dom::BrowsingContext>& aFrameContext,
|
|
ManagedEndpoint<PBrowserBridgeChild>&& aEndpoint, const TabId& aTabId,
|
|
const LayersId& aLayersId, MakeFrameRemoteResolver&& aResolve) {
|
|
MOZ_DIAGNOSTIC_ASSERT(XRE_IsContentProcess());
|
|
|
|
MOZ_LOG(BrowsingContext::GetLog(), LogLevel::Debug,
|
|
("RecvMakeFrameRemote ID=%" PRIx64, aFrameContext.ContextId()));
|
|
|
|
if (!aLayersId.IsValid()) {
|
|
return IPC_FAIL(this, "Received an invalid LayersId");
|
|
}
|
|
|
|
// Resolve the promise when this function exits, as we'll have fully unloaded
|
|
// at that point.
|
|
auto scopeExit = MakeScopeExit([&] { aResolve(true); });
|
|
|
|
// Get a BrowsingContext if we're not null or discarded. We don't want to
|
|
// early-return before we connect the BrowserBridgeChild, as otherwise we'll
|
|
// never break the channel in the parent.
|
|
RefPtr<dom::BrowsingContext> frameContext;
|
|
if (!aFrameContext.IsDiscarded()) {
|
|
frameContext = aFrameContext.get();
|
|
}
|
|
|
|
// Immediately construct the BrowserBridgeChild so we can destroy it cleanly
|
|
// if the process switch fails.
|
|
RefPtr<BrowserBridgeChild> bridge =
|
|
new BrowserBridgeChild(frameContext, aTabId, aLayersId);
|
|
RefPtr<BrowserChild> manager = GetBrowserChild();
|
|
if (NS_WARN_IF(
|
|
!manager->BindPBrowserBridgeEndpoint(std::move(aEndpoint), bridge))) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
// Synchronously delete de actor here rather than using SendBeginDestroy(), as
|
|
// we haven't initialized it yet.
|
|
auto deleteBridge =
|
|
MakeScopeExit([&] { BrowserBridgeChild::Send__delete__(bridge); });
|
|
|
|
// Immediately tear down the actor if we don't have a valid FrameContext.
|
|
if (NS_WARN_IF(aFrameContext.IsNullOrDiscarded())) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
RefPtr<Element> embedderElt = frameContext->GetEmbedderElement();
|
|
if (NS_WARN_IF(!embedderElt)) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
if (NS_WARN_IF(embedderElt->GetOwnerGlobal() != GetWindowGlobal())) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
RefPtr<nsFrameLoaderOwner> flo = do_QueryObject(embedderElt);
|
|
MOZ_DIAGNOSTIC_ASSERT(flo, "Embedder must be a nsFrameLoaderOwner");
|
|
|
|
// Trgger a process switch into the specified process.
|
|
IgnoredErrorResult rv;
|
|
flo->ChangeRemotenessWithBridge(bridge, rv);
|
|
if (NS_WARN_IF(rv.Failed())) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
// Everything succeeded, so don't delete the bridge.
|
|
deleteBridge.release();
|
|
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvDrawSnapshot(
|
|
const Maybe<IntRect>& aRect, const float& aScale,
|
|
const nscolor& aBackgroundColor, const uint32_t& aFlags,
|
|
DrawSnapshotResolver&& aResolve) {
|
|
aResolve(gfx::PaintFragment::Record(BrowsingContext(), aRect, aScale,
|
|
aBackgroundColor,
|
|
(gfx::CrossProcessPaintFlags)aFlags));
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult
|
|
WindowGlobalChild::RecvSaveStorageAccessPermissionGranted() {
|
|
nsCOMPtr<nsPIDOMWindowInner> inner = GetWindowGlobal();
|
|
if (inner) {
|
|
inner->SaveStorageAccessPermissionGranted();
|
|
}
|
|
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvDispatchSecurityPolicyViolation(
|
|
const nsString& aViolationEventJSON) {
|
|
nsGlobalWindowInner* window = GetWindowGlobal();
|
|
if (!window) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
Document* doc = window->GetDocument();
|
|
if (!doc) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
SecurityPolicyViolationEventInit violationEvent;
|
|
if (!violationEvent.Init(aViolationEventJSON)) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
RefPtr<Event> event = SecurityPolicyViolationEvent::Constructor(
|
|
doc, u"securitypolicyviolation"_ns, violationEvent);
|
|
event->SetTrusted(true);
|
|
doc->DispatchEvent(*event, IgnoreErrors());
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvAddBlockedFrameNodeByClassifier(
|
|
const MaybeDiscardedBrowsingContext& aNode) {
|
|
if (aNode.IsNullOrDiscarded()) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
nsGlobalWindowInner* window = GetWindowGlobal();
|
|
if (!window) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
Document* doc = window->GetDocument();
|
|
if (!doc) {
|
|
return IPC_OK();
|
|
}
|
|
|
|
MOZ_ASSERT(aNode.get()->GetEmbedderElement()->OwnerDoc() == doc);
|
|
doc->AddBlockedNodeByClassifier(aNode.get()->GetEmbedderElement());
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvResetScalingZoom() {
|
|
if (Document* doc = mWindowGlobal->GetExtantDoc()) {
|
|
if (PresShell* ps = doc->GetPresShell()) {
|
|
ps->SetResolutionAndScaleTo(1.0,
|
|
ResolutionChangeOrigin::MainThreadAdjustment);
|
|
}
|
|
}
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvSetContainerFeaturePolicy(
|
|
dom::FeaturePolicy* aContainerFeaturePolicy) {
|
|
mContainerFeaturePolicy = aContainerFeaturePolicy;
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvRestoreDocShellState(
|
|
const dom::sessionstore::DocShellRestoreState& aState,
|
|
RestoreDocShellStateResolver&& aResolve) {
|
|
if (mWindowGlobal) {
|
|
SessionStoreUtils::RestoreDocShellState(mWindowGlobal->GetDocShell(),
|
|
aState);
|
|
}
|
|
aResolve(true);
|
|
return IPC_OK();
|
|
}
|
|
|
|
mozilla::ipc::IPCResult WindowGlobalChild::RecvRestoreTabContent(
|
|
dom::SessionStoreRestoreData* aData, RestoreTabContentResolver&& aResolve) {
|
|
aData->RestoreInto(BrowsingContext());
|
|
aResolve(true);
|
|
return IPC_OK();
|
|
}
|
|
|
|
IPCResult WindowGlobalChild::RecvRawMessage(
|
|
const JSActorMessageMeta& aMeta, const Maybe<ClonedMessageData>& aData,
|
|
const Maybe<ClonedMessageData>& aStack) {
|
|
Maybe<StructuredCloneData> data;
|
|
if (aData) {
|
|
data.emplace();
|
|
data->BorrowFromClonedMessageData(*aData);
|
|
}
|
|
Maybe<StructuredCloneData> stack;
|
|
if (aStack) {
|
|
stack.emplace();
|
|
stack->BorrowFromClonedMessageData(*aStack);
|
|
}
|
|
ReceiveRawMessage(aMeta, std::move(data), std::move(stack));
|
|
return IPC_OK();
|
|
}
|
|
|
|
IPCResult WindowGlobalChild::RecvNotifyPermissionChange(const nsCString& aType,
|
|
uint32_t aPermission) {
|
|
nsCOMPtr<nsIObserverService> observerService = services::GetObserverService();
|
|
NS_ENSURE_TRUE(observerService,
|
|
IPC_FAIL(this, "Failed to get observer service"));
|
|
nsPIDOMWindowInner* notifyTarget =
|
|
static_cast<nsPIDOMWindowInner*>(this->GetWindowGlobal());
|
|
observerService->NotifyObservers(notifyTarget, "perm-changed-notify-only",
|
|
NS_ConvertUTF8toUTF16(aType).get());
|
|
// We only need to handle the revoked permission case here. The permission
|
|
// grant case is handled via the Storage Access API code.
|
|
if (this->GetWindowGlobal() &&
|
|
this->GetWindowGlobal()->UsingStorageAccess() &&
|
|
aPermission != nsIPermissionManager::ALLOW_ACTION) {
|
|
this->GetWindowGlobal()->SaveStorageAccessPermissionRevoked();
|
|
}
|
|
return IPC_OK();
|
|
}
|
|
|
|
void WindowGlobalChild::SetDocumentURI(nsIURI* aDocumentURI) {
|
|
// Registers a DOM Window with the profiler. It re-registers the same Inner
|
|
// Window ID with different URIs because when a Browsing context is first
|
|
// loaded, the first url loaded in it will be about:blank. This call keeps the
|
|
// first non-about:blank registration of window and discards the previous one.
|
|
uint64_t embedderInnerWindowID = 0;
|
|
if (BrowsingContext()->GetParent()) {
|
|
embedderInnerWindowID = BrowsingContext()->GetEmbedderInnerWindowId();
|
|
}
|
|
profiler_register_page(
|
|
BrowsingContext()->BrowserId(), InnerWindowId(),
|
|
nsContentUtils::TruncatedURLForDisplay(aDocumentURI, 1024),
|
|
embedderInnerWindowID, BrowsingContext()->UsePrivateBrowsing());
|
|
|
|
if (StaticPrefs::dom_security_setdocumenturi()) {
|
|
nsCOMPtr<nsIURI> principalURI = mDocumentPrincipal->GetURI();
|
|
if (mDocumentPrincipal->GetIsNullPrincipal()) {
|
|
nsCOMPtr<nsIPrincipal> precursor =
|
|
mDocumentPrincipal->GetPrecursorPrincipal();
|
|
if (precursor) {
|
|
principalURI = precursor->GetURI();
|
|
}
|
|
}
|
|
|
|
MOZ_DIAGNOSTIC_ASSERT(!nsScriptSecurityManager::IsHttpOrHttpsAndCrossOrigin(
|
|
principalURI, aDocumentURI),
|
|
"Setting DocumentURI with a different origin "
|
|
"than principal URI");
|
|
}
|
|
|
|
mDocumentURI = aDocumentURI;
|
|
SendUpdateDocumentURI(WrapNotNull(aDocumentURI));
|
|
}
|
|
|
|
void WindowGlobalChild::SetDocumentPrincipal(
|
|
nsIPrincipal* aNewDocumentPrincipal,
|
|
nsIPrincipal* aNewDocumentStoragePrincipal) {
|
|
MOZ_ASSERT(mDocumentPrincipal->Equals(aNewDocumentPrincipal));
|
|
mDocumentPrincipal = aNewDocumentPrincipal;
|
|
SendUpdateDocumentPrincipal(aNewDocumentPrincipal,
|
|
aNewDocumentStoragePrincipal);
|
|
}
|
|
|
|
const nsACString& WindowGlobalChild::GetRemoteType() {
|
|
if (XRE_IsContentProcess()) {
|
|
return ContentChild::GetSingleton()->GetRemoteType();
|
|
}
|
|
|
|
return NOT_REMOTE_TYPE;
|
|
}
|
|
|
|
already_AddRefed<JSWindowActorChild> WindowGlobalChild::GetActor(
|
|
JSContext* aCx, const nsACString& aName, ErrorResult& aRv) {
|
|
return JSActorManager::GetActor(aCx, aName, aRv)
|
|
.downcast<JSWindowActorChild>();
|
|
}
|
|
|
|
already_AddRefed<JSWindowActorChild> WindowGlobalChild::GetExistingActor(
|
|
const nsACString& aName) {
|
|
return JSActorManager::GetExistingActor(aName).downcast<JSWindowActorChild>();
|
|
}
|
|
|
|
already_AddRefed<JSActor> WindowGlobalChild::InitJSActor(
|
|
JS::Handle<JSObject*> aMaybeActor, const nsACString& aName,
|
|
ErrorResult& aRv) {
|
|
RefPtr<JSWindowActorChild> actor;
|
|
if (aMaybeActor.get()) {
|
|
aRv = UNWRAP_OBJECT(JSWindowActorChild, aMaybeActor.get(), actor);
|
|
if (aRv.Failed()) {
|
|
return nullptr;
|
|
}
|
|
} else {
|
|
actor = new JSWindowActorChild();
|
|
}
|
|
|
|
MOZ_RELEASE_ASSERT(!actor->GetManager(),
|
|
"mManager was already initialized once!");
|
|
actor->Init(aName, this);
|
|
return actor.forget();
|
|
}
|
|
|
|
void WindowGlobalChild::ActorDestroy(ActorDestroyReason aWhy) {
|
|
MOZ_ASSERT(nsContentUtils::IsSafeToRunScript(),
|
|
"Destroying WindowGlobalChild can run script");
|
|
|
|
// If our WindowContext hasn't been marked as discarded yet, ensure it's
|
|
// marked as discarded at this point.
|
|
mWindowContext->Discard();
|
|
|
|
profiler_unregister_page(InnerWindowId());
|
|
|
|
// Destroy our JSActors, and reject any pending queries.
|
|
JSActorDidDestroy();
|
|
}
|
|
|
|
bool WindowGlobalChild::IsSameOriginWith(
|
|
const dom::WindowContext* aOther) const {
|
|
if (aOther == WindowContext()) {
|
|
return true;
|
|
}
|
|
|
|
MOZ_DIAGNOSTIC_ASSERT(WindowContext()->Group() == aOther->Group());
|
|
if (nsGlobalWindowInner* otherWin = aOther->GetInnerWindow()) {
|
|
return mDocumentPrincipal->Equals(otherWin->GetPrincipal());
|
|
}
|
|
return false;
|
|
}
|
|
|
|
bool WindowGlobalChild::SameOriginWithTop() {
|
|
return IsSameOriginWith(WindowContext()->TopWindowContext());
|
|
}
|
|
|
|
// For historical context, see:
|
|
//
|
|
// Bug 13871: Prevent frameset spoofing
|
|
// Bug 103638: Targets with same name in different windows open in wrong
|
|
// window with javascript
|
|
// Bug 408052: Adopt "ancestor" frame navigation policy
|
|
// Bug 1570207: Refactor logic to rely on BrowsingContextGroups to enforce
|
|
// origin attribute isolation
|
|
// Bug 1810619: Crash at null in nsDocShell::ValidateOrigin
|
|
bool WindowGlobalChild::CanNavigate(dom::BrowsingContext* aTarget,
|
|
bool aConsiderOpener) {
|
|
MOZ_DIAGNOSTIC_ASSERT(WindowContext()->Group() == aTarget->Group(),
|
|
"A WindowGlobalChild should never try to navigate a "
|
|
"BrowsingContext from another group");
|
|
|
|
auto isFileScheme = [](nsIPrincipal* aPrincipal) -> bool {
|
|
// NOTE: This code previously checked for a file scheme using
|
|
// `nsIPrincipal::GetURI()` combined with `NS_GetInnermostURI`. We no longer
|
|
// use GetURI, as it has been deprecated, and it makes more sense to take
|
|
// advantage of the pre-computed origin, which will already use the
|
|
// innermost URI (bug 1810619)
|
|
nsAutoCString origin, scheme;
|
|
return NS_SUCCEEDED(aPrincipal->GetOriginNoSuffix(origin)) &&
|
|
NS_SUCCEEDED(net_ExtractURLScheme(origin, scheme)) &&
|
|
scheme == "file"_ns;
|
|
};
|
|
|
|
// A frame can navigate itself and its own root.
|
|
if (aTarget == BrowsingContext() || aTarget == BrowsingContext()->Top()) {
|
|
return true;
|
|
}
|
|
|
|
// If the target frame doesn't yet have a WindowContext, start checking
|
|
// principals from its direct ancestor instead. It would inherit its principal
|
|
// from this document upon creation.
|
|
dom::WindowContext* initialWc = aTarget->GetCurrentWindowContext();
|
|
if (!initialWc) {
|
|
initialWc = aTarget->GetParentWindowContext();
|
|
}
|
|
|
|
// A frame can navigate any frame with a same-origin ancestor.
|
|
bool isFileDocument = isFileScheme(DocumentPrincipal());
|
|
for (dom::WindowContext* wc = initialWc; wc;
|
|
wc = wc->GetParentWindowContext()) {
|
|
dom::WindowGlobalChild* wgc = wc->GetWindowGlobalChild();
|
|
if (!wgc) {
|
|
continue; // out-of process, so not same-origin.
|
|
}
|
|
|
|
if (DocumentPrincipal()->Equals(wgc->DocumentPrincipal())) {
|
|
return true;
|
|
}
|
|
|
|
// Not strictly equal, special case if both are file: URIs.
|
|
//
|
|
// file: URIs are considered the same domain for the purpose of frame
|
|
// navigation, regardless of script accessibility (bug 420425).
|
|
if (isFileDocument && isFileScheme(wgc->DocumentPrincipal())) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// If the target is a top-level document, a frame can navigate it if it can
|
|
// navigate its opener.
|
|
if (aConsiderOpener && !aTarget->GetParent()) {
|
|
if (RefPtr<dom::BrowsingContext> opener = aTarget->GetOpener()) {
|
|
return CanNavigate(opener, false);
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
// FindWithName follows the rules for choosing a browsing context,
|
|
// with the exception of sandboxing for iframes. The implementation
|
|
// for arbitrarily choosing between two browsing contexts with the
|
|
// same name is as follows:
|
|
//
|
|
// 1) The start browsing context, i.e. 'this'
|
|
// 2) Descendants in insertion order
|
|
// 3) The parent
|
|
// 4) Siblings and their children, both in insertion order
|
|
// 5) After this we iteratively follow the parent chain, repeating 3
|
|
// and 4 until
|
|
// 6) If there is no parent, consider all other top level browsing
|
|
// contexts and their children, both in insertion order
|
|
//
|
|
// See
|
|
// https://html.spec.whatwg.org/multipage/browsers.html#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name
|
|
dom::BrowsingContext* WindowGlobalChild::FindBrowsingContextWithName(
|
|
const nsAString& aName, bool aUseEntryGlobalForAccessCheck) {
|
|
RefPtr<WindowGlobalChild> requestingContext = this;
|
|
if (aUseEntryGlobalForAccessCheck) {
|
|
if (nsGlobalWindowInner* caller = nsContentUtils::EntryInnerWindow()) {
|
|
if (caller->GetBrowsingContextGroup() == WindowContext()->Group()) {
|
|
requestingContext = caller->GetWindowGlobalChild();
|
|
} else {
|
|
MOZ_RELEASE_ASSERT(caller->GetPrincipal()->IsSystemPrincipal(),
|
|
"caller must be either same-group or system");
|
|
}
|
|
}
|
|
}
|
|
MOZ_ASSERT(requestingContext, "must have a requestingContext");
|
|
|
|
dom::BrowsingContext* found = nullptr;
|
|
if (aName.IsEmpty()) {
|
|
// You can't find a browsing context with an empty name.
|
|
found = nullptr;
|
|
} else if (aName.LowerCaseEqualsLiteral("_blank")) {
|
|
// Just return null. Caller must handle creating a new window with
|
|
// a blank name.
|
|
found = nullptr;
|
|
} else if (nsContentUtils::IsSpecialName(aName)) {
|
|
found = BrowsingContext()->FindWithSpecialName(aName, *requestingContext);
|
|
} else if (dom::BrowsingContext* child =
|
|
BrowsingContext()->FindWithNameInSubtree(aName,
|
|
requestingContext)) {
|
|
found = child;
|
|
} else {
|
|
dom::WindowContext* current = WindowContext();
|
|
|
|
do {
|
|
Span<RefPtr<dom::BrowsingContext>> siblings;
|
|
dom::WindowContext* parent = current->GetParentWindowContext();
|
|
|
|
if (!parent) {
|
|
// We've reached the root of the tree, consider browsing
|
|
// contexts in the same browsing context group.
|
|
siblings = WindowContext()->Group()->Toplevels();
|
|
} else if (dom::BrowsingContext* bc = parent->GetBrowsingContext();
|
|
bc && bc->NameEquals(aName) &&
|
|
requestingContext->CanNavigate(bc) && bc->IsTargetable()) {
|
|
found = bc;
|
|
break;
|
|
} else {
|
|
siblings = parent->NonSyntheticChildren();
|
|
}
|
|
|
|
for (dom::BrowsingContext* sibling : siblings) {
|
|
if (sibling == current->GetBrowsingContext()) {
|
|
continue;
|
|
}
|
|
|
|
if (dom::BrowsingContext* relative =
|
|
sibling->FindWithNameInSubtree(aName, requestingContext)) {
|
|
found = relative;
|
|
// Breaks the outer loop
|
|
parent = nullptr;
|
|
break;
|
|
}
|
|
}
|
|
|
|
current = parent;
|
|
} while (current);
|
|
}
|
|
|
|
// Helpers should perform access control checks, which means that we
|
|
// only need to assert that we can access found.
|
|
MOZ_DIAGNOSTIC_ASSERT(!found || requestingContext->CanNavigate(found));
|
|
|
|
return found;
|
|
}
|
|
|
|
void WindowGlobalChild::UnblockBFCacheFor(BFCacheStatus aStatus) {
|
|
SendUpdateBFCacheStatus(0, aStatus);
|
|
}
|
|
|
|
void WindowGlobalChild::BlockBFCacheFor(BFCacheStatus aStatus) {
|
|
SendUpdateBFCacheStatus(aStatus, 0);
|
|
}
|
|
|
|
WindowGlobalChild::~WindowGlobalChild() = default;
|
|
|
|
JSObject* WindowGlobalChild::WrapObject(JSContext* aCx,
|
|
JS::Handle<JSObject*> aGivenProto) {
|
|
return WindowGlobalChild_Binding::Wrap(aCx, this, aGivenProto);
|
|
}
|
|
|
|
nsISupports* WindowGlobalChild::GetParentObject() {
|
|
return xpc::NativeGlobal(xpc::PrivilegedJunkScope());
|
|
}
|
|
|
|
NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE_WEAK_PTR(WindowGlobalChild, mWindowGlobal,
|
|
mContainerFeaturePolicy,
|
|
mWindowContext)
|
|
|
|
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(WindowGlobalChild)
|
|
NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
|
|
NS_INTERFACE_MAP_ENTRY(nsISupports)
|
|
NS_INTERFACE_MAP_END
|
|
|
|
NS_IMPL_CYCLE_COLLECTING_ADDREF(WindowGlobalChild)
|
|
NS_IMPL_CYCLE_COLLECTING_RELEASE(WindowGlobalChild)
|
|
|
|
} // namespace mozilla::dom
|