static bool IsFrameId(JSContext *cx, JSObject *objArg, jsid idArg) { RootedObject obj(cx, objArg); RootedId id(cx, idArg); obj = JS_ObjectToInnerObject(cx, obj); MOZ_ASSERT(!js::IsWrapper(obj)); nsGlobalWindow* win = WindowOrNull(obj); if (!win) { return false; } nsCOMPtr<nsIDOMWindowCollection> col; win->GetFrames(getter_AddRefs(col)); if (!col) { return false; } nsCOMPtr<nsIDOMWindow> domwin; if (JSID_IS_INT(id)) { col->Item(JSID_TO_INT(id), getter_AddRefs(domwin)); } else if (JSID_IS_STRING(id)) { nsAutoJSString idAsString; if (!idAsString.init(cx, JSID_TO_STRING(id))) { return false; } col->NamedItem(idAsString, getter_AddRefs(domwin)); } return domwin != nullptr; }
static XPCWrappedNative * GetWrappedNative(JSContext *cx, JSObject *obj) { obj = JS_ObjectToInnerObject(cx, obj); return IS_WN_WRAPPER(obj) ? static_cast<XPCWrappedNative *>(js::GetObjectPrivate(obj)) : nsnull; }
XPCVariant::XPCVariant(JSContext* cx, jsval aJSVal) : mJSVal(aJSVal), mCCGeneration(0) { nsVariant::Initialize(&mData); if (!JSVAL_IS_PRIMITIVE(mJSVal)) { // XXXbholley - The innerization here was from bug 638026. Blake says // the basic problem was that we were storing the C++ inner but the JS // outer, which meant that, after navigation, the JS inner could be // collected, which would cause us to try to recreate the JS inner at // some later point after teardown, which would crash. This is shouldn't // be a problem anymore because SetParentToWindow will do the right // thing, but I'm saving the cleanup here for another day. Blake thinks // that we should just not store the WN if we're creating a variant for // an outer window. JSObject *obj = JS_ObjectToInnerObject(cx, JSVAL_TO_OBJECT(mJSVal)); mJSVal = OBJECT_TO_JSVAL(obj); JSObject *unwrapped = js::UnwrapObjectChecked(obj, /* stopAtOuter = */ false); mReturnRawObject = !(unwrapped && IS_WN_WRAPPER(unwrapped)); } else mReturnRawObject = false; }
XPCVariant::XPCVariant(XPCCallContext& ccx, jsval aJSVal) : mJSVal(aJSVal), mCCGeneration(0) { nsVariant::Initialize(&mData); if (!JSVAL_IS_PRIMITIVE(mJSVal)) { JSObject *obj = JS_ObjectToInnerObject(ccx, JSVAL_TO_OBJECT(mJSVal)); mJSVal = OBJECT_TO_JSVAL(obj); // If the incoming object is an XPCWrappedNative, then it could be a // double-wrapped object, and we should return the double-wrapped // object back out to script. JSObject* proto; XPCWrappedNative* wn = XPCWrappedNative::GetWrappedNativeOfJSObject(ccx, JSVAL_TO_OBJECT(mJSVal), nsnull, &proto); mReturnRawObject = !wn && !proto; } else mReturnRawObject = false; }
/* * "Steal" calls to netscape.security.PrivilegeManager.enablePrivilege, * et al. so that code that worked with 4.0 can still work. */ NS_IMETHODIMP nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext) { JSContext* cx = aScriptContext->GetNativeContext(); JSObject *global = JS_ObjectToInnerObject(cx, JS_GetGlobalObject(cx)); // We hide enablePrivilege behind a pref because it has been altered in a // way that makes it fundamentally insecure to use in production. Mozilla // uses this pref during automated testing to support legacy test code that // uses enablePrivilege. If you're not doing test automation, you _must_ not // flip this pref, or you will be exposing all your users to security // vulnerabilities. if (!mozilla::Preferences::GetBool("security.enablePrivilege.enable_for_tests")) return NS_OK; /* * Find Object.prototype's class by walking up the global object's * prototype chain. */ JSObject *obj = global; JSObject *proto; JSAutoRequest ar(cx); while ((proto = JS_GetPrototype(obj)) != nullptr) obj = proto; JSClass *objectClass = JS_GetClass(obj); JS::Value v; if (!JS_GetProperty(cx, global, "netscape", &v)) return NS_ERROR_FAILURE; JSObject *securityObj; if (v.isObject()) { /* * "netscape" property of window object exists; get the * "security" property. */ obj = &v.toObject(); if (!JS_GetProperty(cx, obj, "security", &v) || !v.isObject()) return NS_ERROR_FAILURE; securityObj = &v.toObject(); } else { /* define netscape.security object */ obj = JS_DefineObject(cx, global, "netscape", objectClass, nullptr, 0); if (obj == nullptr) return NS_ERROR_FAILURE; securityObj = JS_DefineObject(cx, obj, "security", objectClass, nullptr, 0); if (securityObj == nullptr) return NS_ERROR_FAILURE; } /* Define PrivilegeManager object with the necessary "static" methods. */ obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass, nullptr, 0); if (obj == nullptr) return NS_ERROR_FAILURE; return JS_DefineFunctions(cx, obj, PrivilegeManager_static_methods) ? NS_OK : NS_ERROR_FAILURE; }