JSObject *
WrapperFactory::PrepareForWrapping(JSContext *cx, HandleObject scope,
HandleObject objArg, unsigned flags)
{
RootedObject obj(cx, objArg);
// Outerize any raw inner objects at the entry point here, so that we don't
// have to worry about them for the rest of the wrapping code.
if (js::IsInnerObject(obj)) {
JSAutoCompartment ac(cx, obj);
obj = JS_ObjectToOuterObject(cx, obj);
NS_ENSURE_TRUE(obj, nullptr);
// The outerization hook wraps, which means that we can end up with a
// CCW here if |obj| was a navigated-away-from inner. Strip any CCWs.
obj = js::UncheckedUnwrap(obj);
MOZ_ASSERT(js::IsOuterObject(obj));
}
// If we've got an outer window, there's nothing special that needs to be
// done here, and we can move on to the next phase of wrapping. We handle
// this case first to allow us to assert against wrappers below.
if (js::IsOuterObject(obj))
return DoubleWrap(cx, obj, flags);
// Here are the rules for wrapping:
// We should never get a proxy here (the JS engine unwraps those for us).
MOZ_ASSERT(!IsWrapper(obj));
// If the object being wrapped is a prototype for a standard class and the
// wrapper does not subsumes the wrappee, use the one from the content
// compartment. This is generally safer all-around, and in the COW case this
// lets us safely take advantage of things like .forEach() via the
// ChromeObjectWrapper machinery.
//
// If the prototype chain of chrome object |obj| looks like this:
//
// obj => foo => bar => chromeWin.StandardClass.prototype
//
// The prototype chain of COW(obj) looks lke this:
//
// COW(obj) => COW(foo) => COW(bar) => contentWin.StandardClass.prototype
//
// NB: We now remap all non-subsuming access of standard prototypes.
//
// NB: We need to ignore domain here so that the security relationship we
// compute here can't change over time. See the comment above the other
// subsumes call below.
bool subsumes = AccessCheck::subsumes(js::GetContextCompartment(cx),
js::GetObjectCompartment(obj));
XrayType xrayType = GetXrayType(obj);
if (!subsumes && xrayType == NotXray) {
JSProtoKey key = JSProto_Null;
{
JSAutoCompartment ac(cx, obj);
key = IdentifyStandardPrototype(obj);
}
if (key != JSProto_Null) {
RootedObject homeProto(cx);
if (!JS_GetClassPrototype(cx, key, &homeProto))
return nullptr;
MOZ_ASSERT(homeProto);
// No need to double-wrap here. We should never have waivers to
// COWs.
return homeProto;
}
}
// Now, our object is ready to be wrapped, but several objects (notably
// nsJSIIDs) have a wrapper per scope. If we are about to wrap one of
// those objects in a security wrapper, then we need to hand back the
// wrapper for the new scope instead. Also, global objects don't move
// between scopes so for those we also want to return the wrapper. So...
if (!IS_WN_REFLECTOR(obj) || !js::GetObjectParent(obj))
return DoubleWrap(cx, obj, flags);
XPCWrappedNative *wn = XPCWrappedNative::Get(obj);
JSAutoCompartment ac(cx, obj);
XPCCallContext ccx(JS_CALLER, cx, obj);
RootedObject wrapScope(cx, scope);
{
if (NATIVE_HAS_FLAG(&ccx, WantPreCreate)) {
// We have a precreate hook. This object might enforce that we only
// ever create JS object for it.
// Note: this penalizes objects that only have one wrapper, but are
// being accessed across compartments. We would really prefer to
// replace the above code with a test that says "do you only have one
// wrapper?"
nsresult rv = wn->GetScriptableInfo()->GetCallback()->
PreCreate(wn->Native(), cx, scope, wrapScope.address());
NS_ENSURE_SUCCESS(rv, DoubleWrap(cx, obj, flags));
// If the handed back scope differs from the passed-in scope and is in
// a separate compartment, then this object is explicitly requesting
// that we don't create a second JS object for it: create a security
// wrapper.
if (js::GetObjectCompartment(scope) != js::GetObjectCompartment(wrapScope))
return DoubleWrap(cx, obj, flags);
RootedObject currentScope(cx, JS_GetGlobalForObject(cx, obj));
if (MOZ_UNLIKELY(wrapScope != currentScope)) {
// The wrapper claims it wants to be in the new scope, but
// currently has a reflection that lives in the old scope. This
// can mean one of two things, both of which are rare:
//
// 1 - The object has a PreCreate hook (we checked for it above),
// but is deciding to request one-wrapper-per-scope (rather than
// one-wrapper-per-native) for some reason. Usually, a PreCreate
// hook indicates one-wrapper-per-native. In this case we want to
// make a new wrapper in the new scope.
//
// 2 - We're midway through wrapper reparenting. The document has
// moved to a new scope, but |wn| hasn't been moved yet, and
// we ended up calling JS_WrapObject() on its JS object. In this
// case, we want to return the existing wrapper.
//
// So we do a trick: call PreCreate _again_, but say that we're
// wrapping for the old scope, rather than the new one. If (1) is
// the case, then PreCreate will return the scope we pass to it
// (the old scope). If (2) is the case, PreCreate will return the
// scope of the document (the new scope).
RootedObject probe(cx);
rv = wn->GetScriptableInfo()->GetCallback()->
PreCreate(wn->Native(), cx, currentScope, probe.address());
// Check for case (2).
if (probe != currentScope) {
MOZ_ASSERT(probe == wrapScope);
return DoubleWrap(cx, obj, flags);
}
// Ok, must be case (1). Fall through and create a new wrapper.
}
// Nasty hack for late-breaking bug 781476. This will confuse identity checks,
// but it's probably better than any of our alternatives.
//
// Note: We have to ignore domain here. The JS engine assumes that, given a
// compartment c, if c->wrap(x) returns a cross-compartment wrapper at time t0,
// it will also return a cross-compartment wrapper for any time t1 > t0 unless
// an explicit transplant is performed. In particular, wrapper recomputation
// assumes that recomputing a wrapper will always result in a wrapper.
//
// This doesn't actually pose a security issue, because we'll still compute
// the correct (opaque) wrapper for the object below given the security
// characteristics of the two compartments.
if (!AccessCheck::isChrome(js::GetObjectCompartment(wrapScope)) &&
AccessCheck::subsumes(js::GetObjectCompartment(wrapScope),
js::GetObjectCompartment(obj)))
{
return DoubleWrap(cx, obj, flags);
}
}
}
// This public WrapNativeToJSVal API enters the compartment of 'wrapScope'
// so we don't have to.
RootedValue v(cx);
nsresult rv =
nsXPConnect::XPConnect()->WrapNativeToJSVal(cx, wrapScope, wn->Native(), nullptr,
&NS_GET_IID(nsISupports), false, &v);
NS_ENSURE_SUCCESS(rv, nullptr);
obj.set(&v.toObject());
MOZ_ASSERT(IS_WN_REFLECTOR(obj), "bad object");
// Because the underlying native didn't have a PreCreate hook, we had
// to a new (or possibly pre-existing) XPCWN in our compartment.
// This could be a problem for chrome code that passes XPCOM objects
// across compartments, because the effects of QI would disappear across
// compartments.
//
// So whenever we pull an XPCWN across compartments in this manner, we
// give the destination object the union of the two native sets. We try
// to do this cleverly in the common case to avoid too much overhead.
XPCWrappedNative *newwn = XPCWrappedNative::Get(obj);
XPCNativeSet *unionSet = XPCNativeSet::GetNewOrUsed(newwn->GetSet(),
wn->GetSet(), false);
if (!unionSet)
return nullptr;
newwn->SetSet(unionSet);
return DoubleWrap(cx, obj, flags);
}
nsresult
EventListenerManager::CompileEventHandlerInternal(Listener* aListener,
const nsAString* aBody,
Element* aElement)
{
NS_PRECONDITION(aListener->GetJSListener(),
"Why do we not have a JS listener?");
NS_PRECONDITION(aListener->mHandlerIsString,
"Why are we compiling a non-string JS listener?");
nsresult result = NS_OK;
nsIJSEventListener* jsListener = aListener->GetJSListener();
NS_ASSERTION(!jsListener->GetHandler().HasEventHandler(),
"What is there to compile?");
nsCOMPtr<nsIDocument> doc;
nsCOMPtr<nsIScriptGlobalObject> global =
GetScriptGlobalAndDocument(getter_AddRefs(doc));
NS_ENSURE_STATE(global);
nsIScriptContext* context = global->GetScriptContext();
NS_ENSURE_STATE(context);
// Push a context to make sure exceptions are reported in the right place.
AutoPushJSContext cx(context->GetNativeContext());
JS::Rooted<JSObject*> handler(cx);
JS::Rooted<JSObject*> scope(cx, jsListener->GetEventScope());
nsCOMPtr<nsIAtom> typeAtom = aListener->mTypeAtom;
nsIAtom* attrName = typeAtom;
if (aListener->mHandlerIsString) {
// OK, we didn't find an existing compiled event handler. Flag us
// as not a string so we don't keep trying to compile strings
// which can't be compiled
aListener->mHandlerIsString = false;
// mTarget may not be an Element if it's a window and we're
// getting an inline event listener forwarded from <html:body> or
// <html:frameset> or <xul:window> or the like.
// XXX I don't like that we have to reference content from
// here. The alternative is to store the event handler string on
// the nsIJSEventListener itself, and that still doesn't address
// the arg names issue.
nsCOMPtr<Element> element = do_QueryInterface(mTarget);
MOZ_ASSERT(element || aBody, "Where will we get our body?");
nsAutoString handlerBody;
const nsAString* body = aBody;
if (!aBody) {
if (aListener->mTypeAtom == nsGkAtoms::onSVGLoad) {
attrName = nsGkAtoms::onload;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGUnload) {
attrName = nsGkAtoms::onunload;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGResize) {
attrName = nsGkAtoms::onresize;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGScroll) {
attrName = nsGkAtoms::onscroll;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGZoom) {
attrName = nsGkAtoms::onzoom;
} else if (aListener->mTypeAtom == nsGkAtoms::onbeginEvent) {
attrName = nsGkAtoms::onbegin;
} else if (aListener->mTypeAtom == nsGkAtoms::onrepeatEvent) {
attrName = nsGkAtoms::onrepeat;
} else if (aListener->mTypeAtom == nsGkAtoms::onendEvent) {
attrName = nsGkAtoms::onend;
}
element->GetAttr(kNameSpaceID_None, attrName, handlerBody);
body = &handlerBody;
aElement = element;
}
aListener = nullptr;
uint32_t lineNo = 0;
nsAutoCString url (NS_LITERAL_CSTRING("-moz-evil:lying-event-listener"));
MOZ_ASSERT(body);
MOZ_ASSERT(aElement);
nsIURI *uri = aElement->OwnerDoc()->GetDocumentURI();
if (uri) {
uri->GetSpec(url);
lineNo = 1;
}
uint32_t argCount;
const char **argNames;
nsContentUtils::GetEventArgNames(aElement->GetNameSpaceID(),
typeAtom,
&argCount, &argNames);
JSAutoCompartment ac(cx, context->GetWindowProxy());
JS::CompileOptions options(cx);
options.setIntroductionType("eventHandler")
.setFileAndLine(url.get(), lineNo)
.setVersion(SCRIPTVERSION_DEFAULT);
JS::Rooted<JS::Value> targetVal(cx);
// Go ahead and wrap into the current compartment of cx directly.
JS::Rooted<JSObject*> wrapScope(cx, JS::CurrentGlobalOrNull(cx));
if (WrapNewBindingObject(cx, wrapScope, aElement, &targetVal)) {
MOZ_ASSERT(targetVal.isObject());
nsDependentAtomString str(attrName);
// Most of our names are short enough that we don't even have to malloc
// the JS string stuff, so don't worry about playing games with
// refcounting XPCOM stringbuffers.
JS::Rooted<JSString*> jsStr(cx, JS_NewUCStringCopyN(cx,
str.BeginReading(),
str.Length()));
NS_ENSURE_TRUE(jsStr, NS_ERROR_OUT_OF_MEMORY);
options.setElement(&targetVal.toObject())
.setElementAttributeName(jsStr);
}
JS::Rooted<JSObject*> handlerFun(cx);
result = nsJSUtils::CompileFunction(cx, JS::NullPtr(), options,
nsAtomCString(typeAtom),
argCount, argNames, *body, handlerFun.address());
NS_ENSURE_SUCCESS(result, result);
handler = handlerFun;
NS_ENSURE_TRUE(handler, NS_ERROR_FAILURE);
} else {
aListener = nullptr;
}
if (handler) {
nsCOMPtr<nsPIDOMWindow> win = do_QueryInterface(mTarget);
// Bind it
JS::Rooted<JSObject*> boundHandler(cx);
context->BindCompiledEventHandler(mTarget, scope, handler, &boundHandler);
// Note - We pass null for aIncumbentGlobal below. We could also pass the
// compilation global, but since the handler is guaranteed to be scripted,
// there's no need to use an override, since the JS engine will always give
// us the right answer.
if (!boundHandler) {
jsListener->ForgetHandler();
} else if (jsListener->EventName() == nsGkAtoms::onerror && win) {
nsRefPtr<OnErrorEventHandlerNonNull> handlerCallback =
new OnErrorEventHandlerNonNull(boundHandler, /* aIncumbentGlobal = */ nullptr);
jsListener->SetHandler(handlerCallback);
} else if (jsListener->EventName() == nsGkAtoms::onbeforeunload && win) {
nsRefPtr<OnBeforeUnloadEventHandlerNonNull> handlerCallback =
new OnBeforeUnloadEventHandlerNonNull(boundHandler, /* aIncumbentGlobal = */ nullptr);
jsListener->SetHandler(handlerCallback);
} else {
nsRefPtr<EventHandlerNonNull> handlerCallback =
new EventHandlerNonNull(boundHandler, /* aIncumbentGlobal = */ nullptr);
jsListener->SetHandler(handlerCallback);
}
}
return result;
}
JSObject *
WrapperFactory::PrepareForWrapping(JSContext *cx, HandleObject scope,
HandleObject objArg, unsigned flags)
{
RootedObject obj(cx, objArg);
// Outerize any raw inner objects at the entry point here, so that we don't
// have to worry about them for the rest of the wrapping code.
if (js::IsInnerObject(obj)) {
JSAutoCompartment ac(cx, obj);
obj = JS_ObjectToOuterObject(cx, obj);
NS_ENSURE_TRUE(obj, nullptr);
// The outerization hook wraps, which means that we can end up with a
// CCW here if |obj| was a navigated-away-from inner. Strip any CCWs.
obj = js::UncheckedUnwrap(obj);
MOZ_ASSERT(js::IsOuterObject(obj));
}
// If we've got an outer window, there's nothing special that needs to be
// done here, and we can move on to the next phase of wrapping. We handle
// this case first to allow us to assert against wrappers below.
if (js::IsOuterObject(obj))
return DoubleWrap(cx, obj, flags);
// Here are the rules for wrapping:
// We should never get a proxy here (the JS engine unwraps those for us).
MOZ_ASSERT(!IsWrapper(obj));
// As soon as an object is wrapped in a security wrapper, it morphs to be
// a fat wrapper. (see also: bug XXX).
if (IS_SLIM_WRAPPER(obj) && !MorphSlimWrapper(cx, obj))
return nullptr;
// Now, our object is ready to be wrapped, but several objects (notably
// nsJSIIDs) have a wrapper per scope. If we are about to wrap one of
// those objects in a security wrapper, then we need to hand back the
// wrapper for the new scope instead. Also, global objects don't move
// between scopes so for those we also want to return the wrapper. So...
if (!IS_WN_WRAPPER(obj) || !js::GetObjectParent(obj))
return DoubleWrap(cx, obj, flags);
XPCWrappedNative *wn = static_cast<XPCWrappedNative *>(xpc_GetJSPrivate(obj));
JSAutoCompartment ac(cx, obj);
XPCCallContext ccx(JS_CALLER, cx, obj);
RootedObject wrapScope(cx, scope);
{
if (NATIVE_HAS_FLAG(&ccx, WantPreCreate)) {
// We have a precreate hook. This object might enforce that we only
// ever create JS object for it.
// Note: this penalizes objects that only have one wrapper, but are
// being accessed across compartments. We would really prefer to
// replace the above code with a test that says "do you only have one
// wrapper?"
nsresult rv = wn->GetScriptableInfo()->GetCallback()->
PreCreate(wn->Native(), cx, scope, wrapScope.address());
NS_ENSURE_SUCCESS(rv, DoubleWrap(cx, obj, flags));
// If the handed back scope differs from the passed-in scope and is in
// a separate compartment, then this object is explicitly requesting
// that we don't create a second JS object for it: create a security
// wrapper.
if (js::GetObjectCompartment(scope) != js::GetObjectCompartment(wrapScope))
return DoubleWrap(cx, obj, flags);
RootedObject currentScope(cx, JS_GetGlobalForObject(cx, obj));
if (MOZ_UNLIKELY(wrapScope != currentScope)) {
// The wrapper claims it wants to be in the new scope, but
// currently has a reflection that lives in the old scope. This
// can mean one of two things, both of which are rare:
//
// 1 - The object has a PreCreate hook (we checked for it above),
// but is deciding to request one-wrapper-per-scope (rather than
// one-wrapper-per-native) for some reason. Usually, a PreCreate
// hook indicates one-wrapper-per-native. In this case we want to
// make a new wrapper in the new scope.
//
// 2 - We're midway through wrapper reparenting. The document has
// moved to a new scope, but |wn| hasn't been moved yet, and
// we ended up calling JS_WrapObject() on its JS object. In this
// case, we want to return the existing wrapper.
//
// So we do a trick: call PreCreate _again_, but say that we're
// wrapping for the old scope, rather than the new one. If (1) is
// the case, then PreCreate will return the scope we pass to it
// (the old scope). If (2) is the case, PreCreate will return the
// scope of the document (the new scope).
RootedObject probe(cx);
rv = wn->GetScriptableInfo()->GetCallback()->
PreCreate(wn->Native(), cx, currentScope, probe.address());
// Check for case (2).
if (probe != currentScope) {
MOZ_ASSERT(probe == wrapScope);
return DoubleWrap(cx, obj, flags);
}
// Ok, must be case (1). Fall through and create a new wrapper.
}
// Nasty hack for late-breaking bug 781476. This will confuse identity checks,
// but it's probably better than any of our alternatives.
//
// Note: We have to ignore domain here. The JS engine assumes that, given a
// compartment c, if c->wrap(x) returns a cross-compartment wrapper at time t0,
// it will also return a cross-compartment wrapper for any time t1 > t0 unless
// an explicit transplant is performed. In particular, wrapper recomputation
// assumes that recomputing a wrapper will always result in a wrapper.
//
// This doesn't actually pose a security issue, because we'll still compute
// the correct (opaque) wrapper for the object below given the security
// characteristics of the two compartments.
if (!AccessCheck::isChrome(js::GetObjectCompartment(wrapScope)) &&
AccessCheck::subsumesIgnoringDomain(js::GetObjectCompartment(wrapScope),
js::GetObjectCompartment(obj)))
{
return DoubleWrap(cx, obj, flags);
}
}
}
// NB: Passing a holder here inhibits slim wrappers under
// WrapNativeToJSVal.
nsCOMPtr<nsIXPConnectJSObjectHolder> holder;
// This public WrapNativeToJSVal API enters the compartment of 'wrapScope'
// so we don't have to.
RootedValue v(cx);
nsresult rv =
nsXPConnect::FastGetXPConnect()->WrapNativeToJSVal(cx, wrapScope, wn->Native(), nullptr,
&NS_GET_IID(nsISupports), false,
v.address(), getter_AddRefs(holder));
if (NS_SUCCEEDED(rv)) {
obj = JSVAL_TO_OBJECT(v);
NS_ASSERTION(IS_WN_WRAPPER(obj), "bad object");
// Because the underlying native didn't have a PreCreate hook, we had
// to a new (or possibly pre-existing) XPCWN in our compartment.
// This could be a problem for chrome code that passes XPCOM objects
// across compartments, because the effects of QI would disappear across
// compartments.
//
// So whenever we pull an XPCWN across compartments in this manner, we
// give the destination object the union of the two native sets. We try
// to do this cleverly in the common case to avoid too much overhead.
XPCWrappedNative *newwn = static_cast<XPCWrappedNative *>(xpc_GetJSPrivate(obj));
XPCNativeSet *unionSet = XPCNativeSet::GetNewOrUsed(ccx, newwn->GetSet(),
wn->GetSet(), false);
if (!unionSet)
return nullptr;
newwn->SetSet(unionSet);
}
return DoubleWrap(cx, obj, flags);
}
nsresult
EventListenerManager::CompileEventHandlerInternal(Listener* aListener,
const nsAString* aBody,
Element* aElement)
{
MOZ_ASSERT(aListener->GetJSEventHandler());
MOZ_ASSERT(aListener->mHandlerIsString, "Why are we compiling a non-string JS listener?");
JSEventHandler* jsEventHandler = aListener->GetJSEventHandler();
MOZ_ASSERT(!jsEventHandler->GetTypedEventHandler().HasEventHandler(),
"What is there to compile?");
nsresult result = NS_OK;
nsCOMPtr<nsIDocument> doc;
nsCOMPtr<nsIScriptGlobalObject> global =
GetScriptGlobalAndDocument(getter_AddRefs(doc));
NS_ENSURE_STATE(global);
// Activate JSAPI, and make sure that exceptions are reported on the right
// Window.
AutoJSAPI jsapi;
if (NS_WARN_IF(!jsapi.InitWithLegacyErrorReporting(global))) {
return NS_ERROR_UNEXPECTED;
}
JSContext* cx = jsapi.cx();
nsCOMPtr<nsIAtom> typeAtom = aListener->mTypeAtom;
nsIAtom* attrName = typeAtom;
// Flag us as not a string so we don't keep trying to compile strings which
// can't be compiled.
aListener->mHandlerIsString = false;
// mTarget may not be an Element if it's a window and we're
// getting an inline event listener forwarded from <html:body> or
// <html:frameset> or <xul:window> or the like.
// XXX I don't like that we have to reference content from
// here. The alternative is to store the event handler string on
// the JSEventHandler itself, and that still doesn't address
// the arg names issue.
nsCOMPtr<Element> element = do_QueryInterface(mTarget);
MOZ_ASSERT(element || aBody, "Where will we get our body?");
nsAutoString handlerBody;
const nsAString* body = aBody;
if (!aBody) {
if (aListener->mTypeAtom == nsGkAtoms::onSVGLoad) {
attrName = nsGkAtoms::onload;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGUnload) {
attrName = nsGkAtoms::onunload;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGResize) {
attrName = nsGkAtoms::onresize;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGScroll) {
attrName = nsGkAtoms::onscroll;
} else if (aListener->mTypeAtom == nsGkAtoms::onSVGZoom) {
attrName = nsGkAtoms::onzoom;
} else if (aListener->mTypeAtom == nsGkAtoms::onbeginEvent) {
attrName = nsGkAtoms::onbegin;
} else if (aListener->mTypeAtom == nsGkAtoms::onrepeatEvent) {
attrName = nsGkAtoms::onrepeat;
} else if (aListener->mTypeAtom == nsGkAtoms::onendEvent) {
attrName = nsGkAtoms::onend;
}
element->GetAttr(kNameSpaceID_None, attrName, handlerBody);
body = &handlerBody;
aElement = element;
}
aListener = nullptr;
uint32_t lineNo = 0;
nsAutoCString url (NS_LITERAL_CSTRING("-moz-evil:lying-event-listener"));
MOZ_ASSERT(body);
MOZ_ASSERT(aElement);
nsIURI *uri = aElement->OwnerDoc()->GetDocumentURI();
if (uri) {
uri->GetSpec(url);
lineNo = 1;
}
nsCOMPtr<nsPIDOMWindow> win = do_QueryInterface(mTarget);
uint32_t argCount;
const char **argNames;
nsContentUtils::GetEventArgNames(aElement->GetNameSpaceID(),
typeAtom, win,
&argCount, &argNames);
JSAddonId *addonId = MapURIToAddonID(uri);
// Wrap the event target, so that we can use it as the scope for the event
// handler. Note that mTarget is different from aElement in the <body> case,
// where mTarget is a Window.
//
// The wrapScope doesn't really matter here, because the target will create
// its reflector in the proper scope, and then we'll enter that compartment.
JS::Rooted<JSObject*> wrapScope(cx, global->GetGlobalJSObject());
JS::Rooted<JS::Value> v(cx);
{
JSAutoCompartment ac(cx, wrapScope);
nsresult rv = nsContentUtils::WrapNative(cx, mTarget, &v,
/* aAllowWrapping = */ false);
if (NS_WARN_IF(NS_FAILED(rv))) {
return rv;
}
}
if (addonId) {
JS::Rooted<JSObject*> vObj(cx, &v.toObject());
JS::Rooted<JSObject*> addonScope(cx, xpc::GetAddonScope(cx, vObj, addonId));
if (!addonScope) {
return NS_ERROR_FAILURE;
}
JSAutoCompartment ac(cx, addonScope);
if (!JS_WrapValue(cx, &v)) {
return NS_ERROR_FAILURE;
}
}
JS::Rooted<JSObject*> target(cx, &v.toObject());
JSAutoCompartment ac(cx, target);
nsDependentAtomString str(attrName);
// Most of our names are short enough that we don't even have to malloc
// the JS string stuff, so don't worry about playing games with
// refcounting XPCOM stringbuffers.
JS::Rooted<JSString*> jsStr(cx, JS_NewUCStringCopyN(cx,
str.BeginReading(),
str.Length()));
NS_ENSURE_TRUE(jsStr, NS_ERROR_OUT_OF_MEMORY);
// Get the reflector for |aElement|, so that we can pass to setElement.
if (NS_WARN_IF(!WrapNewBindingObject(cx, target, aElement, &v))) {
return NS_ERROR_FAILURE;
}
JS::CompileOptions options(cx);
options.setIntroductionType("eventHandler")
.setFileAndLine(url.get(), lineNo)
.setVersion(JSVERSION_DEFAULT)
.setElement(&v.toObject())
.setElementAttributeName(jsStr)
.setDefineOnScope(false);
JS::Rooted<JSObject*> handler(cx);
result = nsJSUtils::CompileFunction(cx, target, options,
nsAtomCString(typeAtom),
argCount, argNames, *body, handler.address());
NS_ENSURE_SUCCESS(result, result);
NS_ENSURE_TRUE(handler, NS_ERROR_FAILURE);
if (jsEventHandler->EventName() == nsGkAtoms::onerror && win) {
nsRefPtr<OnErrorEventHandlerNonNull> handlerCallback =
new OnErrorEventHandlerNonNull(handler, /* aIncumbentGlobal = */ nullptr);
jsEventHandler->SetHandler(handlerCallback);
} else if (jsEventHandler->EventName() == nsGkAtoms::onbeforeunload && win) {
nsRefPtr<OnBeforeUnloadEventHandlerNonNull> handlerCallback =
new OnBeforeUnloadEventHandlerNonNull(handler, /* aIncumbentGlobal = */ nullptr);
jsEventHandler->SetHandler(handlerCallback);
} else {
nsRefPtr<EventHandlerNonNull> handlerCallback =
new EventHandlerNonNull(handler, /* aIncumbentGlobal = */ nullptr);
jsEventHandler->SetHandler(handlerCallback);
}
return result;
}
