| blob | 484bba06c0bbcc5fd5834eb813822a5bcb530f00 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
29 NS_INTERFACE_MAP_END
39 NS_IMPL_CYCLE_COLLECTION_UNLINK_END
45 // If our callback has been cleared, we can't be part of a garbage cycle.
47 }
49 // mCallback is always wrapped for the CallbackObject's incumbent global. In
50 // the case where the real callback is in a different compartment, we have a
51 // cross-compartment wrapper, and it will automatically be cut when its
52 // compartment is nuked. In the case where it is in the same compartment, we
53 // have a reference to the real function. Since that means there are no
54 // wrappers to cut, we need to check whether the compartment is still alive,
55 // and drop the references if it is not.
59 }
62 // It's not safe to release our global reference or drop our JS objects at
63 // this point, so defer their finalization until CC is finished.
67 }
68 NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END
72 NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END
76 NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END
80 // If a new member is added here, don't forget to update IsBlackForCC.
81 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
87 // If a new member is added here, don't forget to update IsBlackForCC.
88 NS_IMPL_CYCLE_COLLECTION_TRACE_END
96 }
106 }
108 }
111 // We don't want to expose to JS here (change the color). If someone ever
112 // reads mIncumbentJSGlobal, that will expose. If not, no need to expose
113 // here.
115 }
117 // We can just forget all our stuff.
119 }
120 }
126 }
130 }
137 }
144 }
146 AutoJSAPI jsapi;
158 }
163 nsAutoJSString funcNameStr;
169 }
173 }
176 }
182 }
189 }
194 ExceptionHandling aExceptionHandling,
209 }
211 // Compute the caller's subject principal (if necessary) early, before we
212 // do anything that might perturb the relevant state.
215 webIDLCallerPrincipal =
217 }
224 }
228 {
229 // First, find the real underlying callback.
233 // Get the global for this callback. Note that for the case of
234 // JS-implemented WebIDL we never have a window here.
239 // We don't want to run script in windows that have been navigated away
240 // from.
243 "Refusing to execute function from window whose document is no "
246 }
249 // No DOM Window. Store the global.
252 }
254 // Make sure to use realCallback to get the global of the callback
255 // object, not the wrapper.
258 "Refusing to execute function from global in which script is "
261 }
262 }
264 // Bail out if there's no useful global.
269 }
271 AutoAllowLegacyScriptExecution exemption;
276 // The callback object traces its incumbent JS global, so in general it
277 // should be alive here. However, it's possible that we could run afoul
278 // of the same IPC global weirdness described above, wherein the
279 // nsIGlobalObject has severed its reference to the JS global. Let's just
280 // be safe here, so that nobody has to waste a day debugging gaia-ui tests.
283 "Refusing to execute function because our incumbent global is being "
286 }
288 }
292 // Unmark the callable (by invoking CallbackOrNull() and not the
293 // CallbackPreserveColor() variant), and stick it in a Rooted before it can
294 // go gray again.
295 // Nothing before us in this function can trigger a CC, so it's safe to wait
296 // until here it do the unmark. This allows us to construct mRootedCallable
297 // with the cx from mAutoEntryScript, avoiding the cost of finding another
298 // JSContext. (Rooted<> does not care about requests or compartments.)
305 }
307 // Enter the realm of our callback, so we can actually work with it.
308 //
309 // Note that if the callback is a wrapper, this will not be the same
310 // realm that we ended up in with mAutoEntryScript above, because the
311 // entry point is based off of the unwrapped callback (realCallback).
314 // And now we're ready to go.
317 // We don't really have a good error message prefix to use for the
318 // BindingCallContext.
320 }
327 }
331 // Now we only want to throw an exception to the caller if the object that was
332 // thrown is in the caller realm (which we stored in mRealm).
336 }
341 }
344 // To get our nesting right we have to destroy our JSAutoRealm first.
345 // In particular, we want to do this before we try reporting any exceptions,
346 // so we end up reporting them while in the realm of our entry point,
347 // not whatever cross-compartment wrappper mCallback might be.
348 // Be careful: the JSAutoRealm might not have been constructed at all!
351 // Now, if we have a JSContext, report any pending errors on it, unless we
352 // were told to re-throw them.
366 }
367 }
368 }
371 // Either we're supposed to report our exceptions, or we're supposed to
372 // re-throw them but we failed to get the exception value. Either way,
373 // we'll just report the pending exception, if any, once ~mAutoEntryScript
374 // runs. Note that we've already run ~mAr, effectively, so we don't have
375 // to worry about ordering here.
377 // XXXkhuey bug 1117269. When this is fixed, please consider fixing
378 // ThrowExceptionValueIfSafe over in Exceptions.cpp in the same way.
380 // IsJSContextException shouldn't be true anymore because we will report
381 // the exception on the JSContext ... so throw something else.
383 }
384 }
385 }
390 // It is important that this is the last thing we do, after leaving the
391 // realm and undoing all our entry/incumbent script changes
395 }
396 }
403 }
405 // We don't init the AutoJSAPI with our callback because we don't want it
406 // reporting errors to its global's onerror handlers.
407 AutoJSAPI jsapi;
414 }
423 }
429 }
432 }