JSBool WrapObject(JSContext *cx, JSObject *scope, jsval v, jsval *vp) { // This might be redundant if called from XPC_SJOW_Construct, but it should // be cheap in that case. JSObject *objToWrap = UnsafeUnwrapSecurityWrapper(cx, JSVAL_TO_OBJECT(v)); if (!objToWrap || JS_TypeOfValue(cx, OBJECT_TO_JSVAL(objToWrap)) == JSTYPE_XML) { return ThrowException(NS_ERROR_INVALID_ARG, cx); } // Prevent script created Script objects from ever being wrapped // with XPCSafeJSObjectWrapper, and never let the eval function // object be directly wrapped. if (objToWrap->getClass() == &js_ScriptClass || (JS_ObjectIsFunction(cx, objToWrap) && JS_GetFunctionFastNative(cx, JS_ValueToFunction(cx, v)) == XPCWrapper::sEvalNative)) { return ThrowException(NS_ERROR_INVALID_ARG, cx); } XPCWrappedNativeScope *xpcscope = XPCWrappedNativeScope::FindInJSObjectScope(cx, scope); NS_ASSERTION(xpcscope, "what crazy scope are we in?"); XPCWrappedNative *wrappedNative; WrapperType type = xpcscope->GetWrapperFor(cx, objToWrap, SJOW, &wrappedNative); // NB: We allow XOW here because we're as restrictive as it is (and we know // we're same origin here). if (type != NONE && type != XOW && !(type & SJOW)) { return ThrowException(NS_ERROR_INVALID_ARG, cx); } SLIM_LOG_WILL_MORPH(cx, objToWrap); if (IS_SLIM_WRAPPER(objToWrap) && !MorphSlimWrapper(cx, objToWrap)) { return ThrowException(NS_ERROR_FAILURE, cx); } XPCWrappedNative *wn = XPCWrappedNative::GetWrappedNativeOfJSObject(cx, objToWrap); if (wn) { CheckWindow(wn); } JSObject *wrapperObj = JS_NewObjectWithGivenProto(cx, js::Jsvalify(&SJOWClass), nsnull, scope); if (!wrapperObj) { // JS_NewObjectWithGivenProto already threw. return JS_FALSE; } *vp = OBJECT_TO_JSVAL(wrapperObj); if (!JS_SetReservedSlot(cx, wrapperObj, XPCWrapper::sWrappedObjSlot, OBJECT_TO_JSVAL(objToWrap)) || !JS_SetReservedSlot(cx, wrapperObj, XPCWrapper::sFlagsSlot, JSVAL_ZERO)) { return JS_FALSE; } return JS_TRUE; }
JSBool XPC_SJOW_Construct(JSContext *cx, JSObject *obj, uintN argc, jsval *argv, jsval *rval) { if (argc < 1) { return ThrowException(NS_ERROR_XPC_NOT_ENOUGH_ARGS, cx); } // |obj| almost always has the wrong proto and parent so we have to create // our own object anyway. Set |obj| to null so we don't use it by accident. obj = nsnull; if (JSVAL_IS_PRIMITIVE(argv[0])) { JSStackFrame *fp = nsnull; if (JS_FrameIterator(cx, &fp) && JS_IsConstructorFrame(cx, fp)) { return ThrowException(NS_ERROR_ILLEGAL_VALUE, cx); } *rval = argv[0]; return JS_TRUE; } JSObject *objToWrap = JSVAL_TO_OBJECT(argv[0]); // Prevent script created Script objects from ever being wrapped // with XPCSafeJSObjectWrapper, and never let the eval function // object be directly wrapped. if (STOBJ_GET_CLASS(objToWrap) == &js_ScriptClass || (::JS_ObjectIsFunction(cx, objToWrap) && ::JS_GetFunctionNative(cx, ::JS_ValueToFunction(cx, argv[0])) == XPCWrapper::sEvalNative)) { return ThrowException(NS_ERROR_INVALID_ARG, cx); } SLIM_LOG_WILL_MORPH(cx, objToWrap); if(IS_SLIM_WRAPPER(objToWrap) && !MorphSlimWrapper(cx, objToWrap)) { return ThrowException(NS_ERROR_FAILURE, cx); } // Check that the caller can access the unsafe object. if (!CanCallerAccess(cx, objToWrap)) { // CanCallerAccess() already threw for us. return JS_FALSE; } JSObject *unsafeObj = GetUnsafeObject(objToWrap); if (unsafeObj) { // We're asked to wrap an already wrapped object. Re-wrap the // object wrapped by the given wrapper. objToWrap = unsafeObj; } // Don't use the object the JS engine created for us, it is in most // cases incorectly parented and has a proto from the wrong scope. JSObject *wrapperObj = ::JS_NewObjectWithGivenProto(cx, &sXPC_SJOW_JSClass.base, nsnull, objToWrap); if (!wrapperObj) { // JS_NewObjectWithGivenProto already threw. return JS_FALSE; } if (!::JS_SetReservedSlot(cx, wrapperObj, XPC_SJOW_SLOT_IS_RESOLVING, JSVAL_ZERO)) { return JS_FALSE; } *rval = OBJECT_TO_JSVAL(wrapperObj); return JS_TRUE; }