/usr/include/firefox-esr-52/xpcpublic.h is in firefox-esr-dev 52.8.1esr-1~deb8u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 | /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=8 sts=4 et sw=4 tw=99: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef xpcpublic_h
#define xpcpublic_h
#include "jsapi.h"
#include "js/HeapAPI.h"
#include "js/GCAPI.h"
#include "js/Proxy.h"
#include "nsISupports.h"
#include "nsIURI.h"
#include "nsIPrincipal.h"
#include "nsIGlobalObject.h"
#include "nsPIDOMWindow.h"
#include "nsWrapperCache.h"
#include "nsStringGlue.h"
#include "nsTArray.h"
#include "mozilla/dom/JSSlots.h"
#include "mozilla/fallible.h"
#include "nsMathUtils.h"
#include "nsStringBuffer.h"
#include "mozilla/dom/BindingDeclarations.h"
#include "mozilla/Preferences.h"
class nsGlobalWindow;
class nsIPrincipal;
class nsScriptNameSpaceManager;
class nsIMemoryReporterCallback;
namespace mozilla {
namespace dom {
class Exception;
}
}
typedef void (* xpcGCCallback)(JSGCStatus status);
namespace xpc {
class Scriptability {
public:
explicit Scriptability(JSCompartment* c);
bool Allowed();
bool IsImmuneToScriptPolicy();
void Block();
void Unblock();
void SetDocShellAllowsScript(bool aAllowed);
static Scriptability& Get(JSObject* aScope);
private:
// Whenever a consumer wishes to prevent script from running on a global,
// it increments this value with a call to Block(). When it wishes to
// re-enable it (if ever), it decrements this value with a call to Unblock().
// Script may not run if this value is non-zero.
uint32_t mScriptBlocks;
// Whether the docshell allows javascript in this scope. If this scope
// doesn't have a docshell, this value is always true.
bool mDocShellAllowsScript;
// Whether this scope is immune to user-defined or addon-defined script
// policy.
bool mImmuneToScriptPolicy;
// Whether the new-style domain policy when this compartment was created
// forbids script execution.
bool mScriptBlockedByPolicy;
};
JSObject*
TransplantObject(JSContext* cx, JS::HandleObject origobj, JS::HandleObject target);
bool IsContentXBLScope(JSCompartment* compartment);
bool IsInContentXBLScope(JSObject* obj);
// Return a raw XBL scope object corresponding to contentScope, which must
// be an object whose global is a DOM window.
//
// The return value is not wrapped into cx->compartment, so be sure to enter
// its compartment before doing anything meaningful.
//
// Also note that XBL scopes are lazily created, so the return-value should be
// null-checked unless the caller can ensure that the scope must already
// exist.
//
// This function asserts if |contentScope| is itself in an XBL scope to catch
// sloppy consumers. Conversely, GetXBLScopeOrGlobal will handle objects that
// are in XBL scope (by just returning the global).
JSObject*
GetXBLScope(JSContext* cx, JSObject* contentScope);
inline JSObject*
GetXBLScopeOrGlobal(JSContext* cx, JSObject* obj)
{
if (IsInContentXBLScope(obj))
return js::GetGlobalForObjectCrossCompartment(obj);
return GetXBLScope(cx, obj);
}
// This function is similar to GetXBLScopeOrGlobal. However, if |obj| is a
// chrome scope, then it will return an add-on scope if addonId is non-null.
// Like GetXBLScopeOrGlobal, it returns the scope of |obj| if it's already a
// content XBL scope. But it asserts that |obj| is not an add-on scope.
JSObject*
GetScopeForXBLExecution(JSContext* cx, JS::HandleObject obj, JSAddonId* addonId);
// Returns whether XBL scopes have been explicitly disabled for code running
// in this compartment. See the comment around mAllowContentXBLScope.
bool
AllowContentXBLScope(JSCompartment* c);
// Returns whether we will use an XBL scope for this compartment. This is
// semantically equivalent to comparing global != GetXBLScope(global), but it
// does not have the side-effect of eagerly creating the XBL scope if it does
// not already exist.
bool
UseContentXBLScope(JSCompartment* c);
// Clear out the content XBL scope (if any) on the given global. This will
// force creation of a new one if one is needed again.
void
ClearContentXBLScope(JSObject* global);
bool
IsInAddonScope(JSObject* obj);
JSObject*
GetAddonScope(JSContext* cx, JS::HandleObject contentScope, JSAddonId* addonId);
bool
IsSandboxPrototypeProxy(JSObject* obj);
bool
IsReflector(JSObject* obj);
bool
IsXrayWrapper(JSObject* obj);
// If this function was created for a given XrayWrapper, returns the global of
// the Xrayed object. Otherwise, returns the global of the function.
//
// To emphasize the obvious: the return value here is not necessarily same-
// compartment with the argument.
JSObject*
XrayAwareCalleeGlobal(JSObject* fun);
void
TraceXPCGlobal(JSTracer* trc, JSObject* obj);
} /* namespace xpc */
namespace JS {
struct RuntimeStats;
} // namespace JS
#define XPC_WRAPPER_FLAGS (JSCLASS_HAS_PRIVATE | JSCLASS_FOREGROUND_FINALIZE)
#define XPCONNECT_GLOBAL_FLAGS_WITH_EXTRA_SLOTS(n) \
JSCLASS_DOM_GLOBAL | JSCLASS_HAS_PRIVATE | \
JSCLASS_PRIVATE_IS_NSISUPPORTS | \
JSCLASS_GLOBAL_FLAGS_WITH_SLOTS(DOM_GLOBAL_SLOTS + n)
#define XPCONNECT_GLOBAL_EXTRA_SLOT_OFFSET (JSCLASS_GLOBAL_SLOT_COUNT + DOM_GLOBAL_SLOTS)
#define XPCONNECT_GLOBAL_FLAGS XPCONNECT_GLOBAL_FLAGS_WITH_EXTRA_SLOTS(0)
inline JSObject*
xpc_FastGetCachedWrapper(JSContext* cx, nsWrapperCache* cache, JS::MutableHandleValue vp)
{
if (cache) {
JSObject* wrapper = cache->GetWrapper();
if (wrapper &&
js::GetObjectCompartment(wrapper) == js::GetContextCompartment(cx))
{
vp.setObject(*wrapper);
return wrapper;
}
}
return nullptr;
}
// If aVariant is an XPCVariant, this marks the object to be in aGeneration.
// This also unmarks the gray JSObject.
extern void
xpc_MarkInCCGeneration(nsISupports* aVariant, uint32_t aGeneration);
// If aWrappedJS is a JS wrapper, unmark its JSObject.
extern void
xpc_TryUnmarkWrappedGrayObject(nsISupports* aWrappedJS);
extern void
xpc_UnmarkSkippableJSHolders();
// readable string conversions, static methods and members only
class XPCStringConvert
{
// One-slot cache, because it turns out it's common for web pages to
// get the same string a few times in a row. We get about a 40% cache
// hit rate on this cache last it was measured. We'd get about 70%
// hit rate with a hashtable with removal on finalization, but that
// would take a lot more machinery.
struct ZoneStringCache
{
// mString owns mBuffer. mString is a JS thing, so it can only die
// during GC, though it can drop its ref to the buffer if it gets
// flattened and wasn't null-terminated. We clear mString and mBuffer
// during GC and in our finalizer (to catch the flatterning case). As
// long as the above holds, mBuffer should not be a dangling pointer, so
// using this as a cache key should be safe.
//
// We also need to include the string's length in the cache key, because
// now that we allow non-null-terminated buffers we can have two strings
// with the same mBuffer but different lengths.
void* mBuffer = nullptr;
uint32_t mLength = 0;
JSString* mString = nullptr;
};
public:
// If the string shares the readable's buffer, that buffer will
// get assigned to *sharedBuffer. Otherwise null will be
// assigned.
static bool ReadableToJSVal(JSContext* cx, const nsAString& readable,
nsStringBuffer** sharedBuffer,
JS::MutableHandleValue vp);
// Convert the given stringbuffer/length pair to a jsval
static MOZ_ALWAYS_INLINE bool
StringBufferToJSVal(JSContext* cx, nsStringBuffer* buf, uint32_t length,
JS::MutableHandleValue rval, bool* sharedBuffer)
{
JS::Zone* zone = js::GetContextZone(cx);
ZoneStringCache* cache = static_cast<ZoneStringCache*>(JS_GetZoneUserData(zone));
if (cache && buf == cache->mBuffer && length == cache->mLength) {
MOZ_ASSERT(JS::GetStringZone(cache->mString) == zone);
JS::MarkStringAsLive(zone, cache->mString);
rval.setString(cache->mString);
*sharedBuffer = false;
return true;
}
JSString* str = JS_NewExternalString(cx,
static_cast<char16_t*>(buf->Data()),
length, &sDOMStringFinalizer);
if (!str) {
return false;
}
rval.setString(str);
if (!cache) {
cache = new ZoneStringCache();
JS_SetZoneUserData(zone, cache);
}
cache->mBuffer = buf;
cache->mLength = length;
cache->mString = str;
*sharedBuffer = true;
return true;
}
static void FreeZoneCache(JS::Zone* zone);
static void ClearZoneCache(JS::Zone* zone);
static MOZ_ALWAYS_INLINE bool IsLiteral(JSString* str)
{
return JS_IsExternalString(str) &&
JS_GetExternalStringFinalizer(str) == &sLiteralFinalizer;
}
static MOZ_ALWAYS_INLINE bool IsDOMString(JSString* str)
{
return JS_IsExternalString(str) &&
JS_GetExternalStringFinalizer(str) == &sDOMStringFinalizer;
}
private:
static const JSStringFinalizer sLiteralFinalizer, sDOMStringFinalizer;
static void FinalizeLiteral(JS::Zone* zone, const JSStringFinalizer* fin, char16_t* chars);
static void FinalizeDOMString(JS::Zone* zone, const JSStringFinalizer* fin, char16_t* chars);
XPCStringConvert() = delete;
};
class nsIAddonInterposition;
namespace xpc {
// If these functions return false, then an exception will be set on cx.
bool Base64Encode(JSContext* cx, JS::HandleValue val, JS::MutableHandleValue out);
bool Base64Decode(JSContext* cx, JS::HandleValue val, JS::MutableHandleValue out);
/**
* Convert an nsString to jsval, returning true on success.
* Note, the ownership of the string buffer may be moved from str to rval.
* If that happens, str will point to an empty string after this call.
*/
bool NonVoidStringToJsval(JSContext* cx, nsAString& str, JS::MutableHandleValue rval);
inline bool StringToJsval(JSContext* cx, nsAString& str, JS::MutableHandleValue rval)
{
// From the T_DOMSTRING case in XPCConvert::NativeData2JS.
if (str.IsVoid()) {
rval.setNull();
return true;
}
return NonVoidStringToJsval(cx, str, rval);
}
inline bool
NonVoidStringToJsval(JSContext* cx, const nsAString& str, JS::MutableHandleValue rval)
{
nsString mutableCopy;
if (!mutableCopy.Assign(str, mozilla::fallible)) {
JS_ReportOutOfMemory(cx);
return false;
}
return NonVoidStringToJsval(cx, mutableCopy, rval);
}
inline bool
StringToJsval(JSContext* cx, const nsAString& str, JS::MutableHandleValue rval)
{
nsString mutableCopy;
if (!mutableCopy.Assign(str, mozilla::fallible)) {
JS_ReportOutOfMemory(cx);
return false;
}
return StringToJsval(cx, mutableCopy, rval);
}
/**
* As above, but for mozilla::dom::DOMString.
*/
inline
bool NonVoidStringToJsval(JSContext* cx, mozilla::dom::DOMString& str,
JS::MutableHandleValue rval)
{
if (!str.HasStringBuffer()) {
// It's an actual XPCOM string
return NonVoidStringToJsval(cx, str.AsAString(), rval);
}
uint32_t length = str.StringBufferLength();
if (length == 0) {
rval.set(JS_GetEmptyStringValue(cx));
return true;
}
nsStringBuffer* buf = str.StringBuffer();
bool shared;
if (!XPCStringConvert::StringBufferToJSVal(cx, buf, length, rval,
&shared)) {
return false;
}
if (shared) {
// JS now needs to hold a reference to the buffer
str.RelinquishBufferOwnership();
}
return true;
}
MOZ_ALWAYS_INLINE
bool StringToJsval(JSContext* cx, mozilla::dom::DOMString& str,
JS::MutableHandleValue rval)
{
if (str.IsNull()) {
rval.setNull();
return true;
}
return NonVoidStringToJsval(cx, str, rval);
}
nsIPrincipal* GetCompartmentPrincipal(JSCompartment* compartment);
void SetLocationForGlobal(JSObject* global, const nsACString& location);
void SetLocationForGlobal(JSObject* global, nsIURI* locationURI);
// ReportJSRuntimeExplicitTreeStats will expect this in the |extra| member
// of JS::ZoneStats.
class ZoneStatsExtras {
public:
ZoneStatsExtras() {}
nsCString pathPrefix;
private:
ZoneStatsExtras(const ZoneStatsExtras& other) = delete;
ZoneStatsExtras& operator=(const ZoneStatsExtras& other) = delete;
};
// ReportJSRuntimeExplicitTreeStats will expect this in the |extra| member
// of JS::CompartmentStats.
class CompartmentStatsExtras {
public:
CompartmentStatsExtras() {}
nsCString jsPathPrefix;
nsCString domPathPrefix;
nsCOMPtr<nsIURI> location;
private:
CompartmentStatsExtras(const CompartmentStatsExtras& other) = delete;
CompartmentStatsExtras& operator=(const CompartmentStatsExtras& other) = delete;
};
// This reports all the stats in |rtStats| that belong in the "explicit" tree,
// (which isn't all of them).
// @see ZoneStatsExtras
// @see CompartmentStatsExtras
void
ReportJSRuntimeExplicitTreeStats(const JS::RuntimeStats& rtStats,
const nsACString& rtPath,
nsIMemoryReporterCallback* handleReport,
nsISupports* data,
bool anonymize,
size_t* rtTotal = nullptr);
/**
* Throws an exception on cx and returns false.
*/
bool
Throw(JSContext* cx, nsresult rv);
/**
* Returns the nsISupports native behind a given reflector (either DOM or
* XPCWN).
*/
already_AddRefed<nsISupports>
UnwrapReflectorToISupports(JSObject* reflector);
/**
* Singleton scopes for stuff that really doesn't fit anywhere else.
*
* If you find yourself wanting to use these compartments, you're probably doing
* something wrong. Callers MUST consult with the XPConnect module owner before
* using this compartment. If you don't, bholley will hunt you down.
*/
JSObject*
UnprivilegedJunkScope();
JSObject*
PrivilegedJunkScope();
/**
* Shared compilation scope for XUL prototype documents and XBL
* precompilation. This compartment has a null principal. No code may run, and
* it is invisible to the debugger.
*/
JSObject*
CompilationScope();
/**
* Returns the nsIGlobalObject corresponding to |aObj|'s JS global.
*/
nsIGlobalObject*
NativeGlobal(JSObject* aObj);
/**
* If |aObj| is a window, returns the associated nsGlobalWindow.
* Otherwise, returns null.
*/
nsGlobalWindow*
WindowOrNull(JSObject* aObj);
/**
* If |aObj| has a window for a global, returns the associated nsGlobalWindow.
* Otherwise, returns null.
*/
nsGlobalWindow*
WindowGlobalOrNull(JSObject* aObj);
/**
* If |aObj| is in an addon scope and that addon scope is associated with a
* live DOM Window, returns the associated nsGlobalWindow. Otherwise, returns
* null.
*/
nsGlobalWindow*
AddonWindowOrNull(JSObject* aObj);
/**
* If |cx| is in a compartment whose global is a window, returns the associated
* nsGlobalWindow. Otherwise, returns null.
*/
nsGlobalWindow*
CurrentWindowOrNull(JSContext* cx);
void
SimulateActivityCallback(bool aActive);
// This function may be used off-main-thread, in which case it is benignly
// racey.
bool
ShouldDiscardSystemSource();
bool
SharedMemoryEnabled();
bool
SetAddonInterposition(const nsACString& addonId, nsIAddonInterposition* interposition);
bool
AllowCPOWsInAddon(const nsACString& addonId, bool allow);
bool
ExtraWarningsForSystemJS();
class ErrorReport {
public:
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(ErrorReport);
ErrorReport() : mWindowID(0)
, mLineNumber(0)
, mColumn(0)
, mFlags(0)
, mIsMuted(false)
{}
void Init(JSErrorReport* aReport, const char* aToStringResult,
bool aIsChrome, uint64_t aWindowID);
void Init(JSContext* aCx, mozilla::dom::Exception* aException,
bool aIsChrome, uint64_t aWindowID);
// Log the error report to the console. Which console will depend on the
// window id it was initialized with.
void LogToConsole();
// Log to console, using the given stack object (which should be a stack of
// the sort that JS::CaptureCurrentStack produces). aStack is allowed to be
// null.
void LogToConsoleWithStack(JS::HandleObject aStack);
// Produce an error event message string from the given JSErrorReport. Note
// that this may produce an empty string if aReport doesn't have a
// message attached.
static void ErrorReportToMessageString(JSErrorReport* aReport,
nsAString& aString);
public:
nsCString mCategory;
nsString mErrorMsgName;
nsString mErrorMsg;
nsString mFileName;
nsString mSourceLine;
uint64_t mWindowID;
uint32_t mLineNumber;
uint32_t mColumn;
uint32_t mFlags;
bool mIsMuted;
private:
~ErrorReport() {}
};
void
DispatchScriptErrorEvent(nsPIDOMWindowInner* win, JS::RootingContext* rootingCx,
xpc::ErrorReport* xpcReport, JS::Handle<JS::Value> exception);
// Get a stack of the sort that can be passed to
// xpc::ErrorReport::LogToConsoleWithStack from the given exception value. Can
// return null if the exception value doesn't have an associated stack. The
// returned stack, if any, may also not be in the same compartment as
// exceptionValue.
//
// The "win" argument passed in here should be the same as the window whose
// WindowID() is used to initialize the xpc::ErrorReport. This may be null, of
// course. If it's not null, this function may return a null stack object if
// the window is far enough gone, because in those cases we don't want to have
// the stack in the console message keeping the window alive.
JSObject*
FindExceptionStackForConsoleReport(nsPIDOMWindowInner* win,
JS::HandleValue exceptionValue);
// Return a name for the compartment.
// This function makes reasonable efforts to make this name both mostly human-readable
// and unique. However, there are no guarantees of either property.
extern void
GetCurrentCompartmentName(JSContext*, nsCString& name);
void AddGCCallback(xpcGCCallback cb);
void RemoveGCCallback(xpcGCCallback cb);
inline bool
AreNonLocalConnectionsDisabled()
{
static int disabledForTest = -1;
if (disabledForTest == -1) {
char *s = getenv("MOZ_DISABLE_NONLOCAL_CONNECTIONS");
if (s) {
disabledForTest = *s != '0';
} else {
disabledForTest = 0;
}
}
return disabledForTest;
}
inline bool
IsInAutomation()
{
const char* prefName =
"security.turn_off_all_security_so_that_viruses_can_take_over_this_computer";
return mozilla::Preferences::GetBool(prefName) &&
AreNonLocalConnectionsDisabled();
}
} // namespace xpc
namespace mozilla {
namespace dom {
/**
* A test for whether WebIDL methods that should only be visible to
* chrome or XBL scopes should be exposed.
*/
bool IsChromeOrXBL(JSContext* cx, JSObject* /* unused */);
/**
* Same as IsChromeOrXBL but can be used in worker threads as well.
*/
bool ThreadSafeIsChromeOrXBL(JSContext* cx, JSObject* obj);
} // namespace dom
} // namespace mozilla
#endif
|