EventListenerManager::Listener* EventListenerManager::SetEventHandlerInternal( nsIAtom* aName, const nsAString& aTypeString, const TypedEventHandler& aTypedHandler, bool aPermitUntrustedEvents) { MOZ_ASSERT(aName || !aTypeString.IsEmpty()); uint32_t eventType = nsContentUtils::GetEventId(aName); Listener* listener = FindEventHandler(eventType, aName, aTypeString); if (!listener) { // If we didn't find a script listener or no listeners existed // create and add a new one. EventListenerFlags flags; flags.mListenerIsJSListener = true; nsCOMPtr<JSEventHandler> jsEventHandler; NS_NewJSEventHandler(mTarget, aName, aTypedHandler, getter_AddRefs(jsEventHandler)); EventListenerHolder listenerHolder(jsEventHandler); AddEventListenerInternal(listenerHolder, eventType, aName, aTypeString, flags, true); listener = FindEventHandler(eventType, aName, aTypeString); } else { JSEventHandler* jsEventHandler = listener->GetJSEventHandler(); MOZ_ASSERT(jsEventHandler, "How can we have an event handler with no JSEventHandler?"); bool same = jsEventHandler->GetTypedEventHandler() == aTypedHandler; // Possibly the same listener, but update still the context and scope. jsEventHandler->SetHandler(aTypedHandler); if (mTarget && !same && aName) { mTarget->EventListenerRemoved(aName); mTarget->EventListenerAdded(aName); } if (mIsMainThreadELM && mTarget) { EventListenerService::NotifyAboutMainThreadListenerChange(mTarget); } } // Set flag to indicate possible need for compilation later listener->mHandlerIsString = !aTypedHandler.HasEventHandler(); if (aPermitUntrustedEvents) { listener->mFlags.mAllowUntrustedEvents = true; } return listener; }
size_t EventListenerManager::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const { size_t n = aMallocSizeOf(this); n += mListeners.SizeOfExcludingThis(aMallocSizeOf); uint32_t count = mListeners.Length(); for (uint32_t i = 0; i < count; ++i) { JSEventHandler* jsEventHandler = mListeners.ElementAt(i).GetJSEventHandler(); if (jsEventHandler) { n += jsEventHandler->SizeOfIncludingThis(aMallocSizeOf); } } return n; }
void EventListenerManager::TraceListeners(JSTracer* aTrc) { uint32_t count = mListeners.Length(); for (uint32_t i = 0; i < count; ++i) { const Listener& listener = mListeners.ElementAt(i); JSEventHandler* jsEventHandler = listener.GetJSEventHandler(); if (jsEventHandler) { const TypedEventHandler& typedHandler = jsEventHandler->GetTypedEventHandler(); if (typedHandler.HasEventHandler()) { mozilla::TraceScriptHolder(typedHandler.Ptr(), aTrc); } } else if (listener.mListenerType == Listener::eWebIDLListener) { mozilla::TraceScriptHolder(listener.mListener.GetWebIDLCallback(), aTrc); } // We might have eWrappedJSListener, but that is the legacy type for // JS implemented event listeners, and trickier to handle here. } }
const TypedEventHandler* EventListenerManager::GetTypedEventHandler(nsIAtom* aEventName, const nsAString& aTypeString) { uint32_t eventType = nsContentUtils::GetEventId(aEventName); Listener* listener = FindEventHandler(eventType, aEventName, aTypeString); if (!listener) { return nullptr; } JSEventHandler* jsEventHandler = listener->GetJSEventHandler(); if (listener->mHandlerIsString) { CompileEventHandlerInternal(listener, nullptr, nullptr); } const TypedEventHandler& typedHandler = jsEventHandler->GetTypedEventHandler(); return typedHandler.HasEventHandler() ? &typedHandler : nullptr; }
void EventListenerManager::MarkForCC() { uint32_t count = mListeners.Length(); for (uint32_t i = 0; i < count; ++i) { const Listener& listener = mListeners.ElementAt(i); JSEventHandler* jsEventHandler = listener.GetJSEventHandler(); if (jsEventHandler) { const TypedEventHandler& typedHandler = jsEventHandler->GetTypedEventHandler(); if (typedHandler.HasEventHandler()) { JS::ExposeObjectToActiveJS(typedHandler.Ptr()->Callable()); } } else if (listener.mListenerType == Listener::eWrappedJSListener) { xpc_TryUnmarkWrappedGrayObject(listener.mListener.GetXPCOMCallback()); } else if (listener.mListenerType == Listener::eWebIDLListener) { // Callback() unmarks gray listener.mListener.GetWebIDLCallback()->Callback(); } } if (mRefCnt.IsPurple()) { mRefCnt.RemovePurple(); } }
nsresult EventListenerManager::CompileEventHandlerInternal(Listener* aListener, const nsAString* aBody, Element* aElement) { MOZ_ASSERT(aListener->GetJSEventHandler()); MOZ_ASSERT(aListener->mHandlerIsString, "Why are we compiling a non-string JS listener?"); JSEventHandler* jsEventHandler = aListener->GetJSEventHandler(); MOZ_ASSERT(!jsEventHandler->GetTypedEventHandler().HasEventHandler(), "What is there to compile?"); nsresult result = NS_OK; nsCOMPtr<nsIDocument> doc; nsCOMPtr<nsIScriptGlobalObject> global = GetScriptGlobalAndDocument(getter_AddRefs(doc)); NS_ENSURE_STATE(global); // Activate JSAPI, and make sure that exceptions are reported on the right // Window. AutoJSAPI jsapi; if (NS_WARN_IF(!jsapi.InitWithLegacyErrorReporting(global))) { return NS_ERROR_UNEXPECTED; } JSContext* cx = jsapi.cx(); nsCOMPtr<nsIAtom> typeAtom = aListener->mTypeAtom; nsIAtom* attrName = typeAtom; // Flag us as not a string so we don't keep trying to compile strings which // can't be compiled. aListener->mHandlerIsString = false; // mTarget may not be an Element if it's a window and we're // getting an inline event listener forwarded from <html:body> or // <html:frameset> or <xul:window> or the like. // XXX I don't like that we have to reference content from // here. The alternative is to store the event handler string on // the JSEventHandler itself, and that still doesn't address // the arg names issue. nsCOMPtr<Element> element = do_QueryInterface(mTarget); MOZ_ASSERT(element || aBody, "Where will we get our body?"); nsAutoString handlerBody; const nsAString* body = aBody; if (!aBody) { if (aListener->mTypeAtom == nsGkAtoms::onSVGLoad) { attrName = nsGkAtoms::onload; } else if (aListener->mTypeAtom == nsGkAtoms::onSVGUnload) { attrName = nsGkAtoms::onunload; } else if (aListener->mTypeAtom == nsGkAtoms::onSVGResize) { attrName = nsGkAtoms::onresize; } else if (aListener->mTypeAtom == nsGkAtoms::onSVGScroll) { attrName = nsGkAtoms::onscroll; } else if (aListener->mTypeAtom == nsGkAtoms::onSVGZoom) { attrName = nsGkAtoms::onzoom; } else if (aListener->mTypeAtom == nsGkAtoms::onbeginEvent) { attrName = nsGkAtoms::onbegin; } else if (aListener->mTypeAtom == nsGkAtoms::onrepeatEvent) { attrName = nsGkAtoms::onrepeat; } else if (aListener->mTypeAtom == nsGkAtoms::onendEvent) { attrName = nsGkAtoms::onend; } element->GetAttr(kNameSpaceID_None, attrName, handlerBody); body = &handlerBody; aElement = element; } aListener = nullptr; uint32_t lineNo = 0; nsAutoCString url (NS_LITERAL_CSTRING("-moz-evil:lying-event-listener")); MOZ_ASSERT(body); MOZ_ASSERT(aElement); nsIURI *uri = aElement->OwnerDoc()->GetDocumentURI(); if (uri) { uri->GetSpec(url); lineNo = 1; } nsCOMPtr<nsPIDOMWindow> win = do_QueryInterface(mTarget); uint32_t argCount; const char **argNames; nsContentUtils::GetEventArgNames(aElement->GetNameSpaceID(), typeAtom, win, &argCount, &argNames); JSAddonId *addonId = MapURIToAddonID(uri); // Wrap the event target, so that we can use it as the scope for the event // handler. Note that mTarget is different from aElement in the <body> case, // where mTarget is a Window. // // The wrapScope doesn't really matter here, because the target will create // its reflector in the proper scope, and then we'll enter that compartment. JS::Rooted<JSObject*> wrapScope(cx, global->GetGlobalJSObject()); JS::Rooted<JS::Value> v(cx); { JSAutoCompartment ac(cx, wrapScope); nsresult rv = nsContentUtils::WrapNative(cx, mTarget, &v, /* aAllowWrapping = */ false); if (NS_WARN_IF(NS_FAILED(rv))) { return rv; } } if (addonId) { JS::Rooted<JSObject*> vObj(cx, &v.toObject()); JS::Rooted<JSObject*> addonScope(cx, xpc::GetAddonScope(cx, vObj, addonId)); if (!addonScope) { return NS_ERROR_FAILURE; } JSAutoCompartment ac(cx, addonScope); if (!JS_WrapValue(cx, &v)) { return NS_ERROR_FAILURE; } } JS::Rooted<JSObject*> target(cx, &v.toObject()); JSAutoCompartment ac(cx, target); nsDependentAtomString str(attrName); // Most of our names are short enough that we don't even have to malloc // the JS string stuff, so don't worry about playing games with // refcounting XPCOM stringbuffers. JS::Rooted<JSString*> jsStr(cx, JS_NewUCStringCopyN(cx, str.BeginReading(), str.Length())); NS_ENSURE_TRUE(jsStr, NS_ERROR_OUT_OF_MEMORY); // Get the reflector for |aElement|, so that we can pass to setElement. if (NS_WARN_IF(!WrapNewBindingObject(cx, target, aElement, &v))) { return NS_ERROR_FAILURE; } JS::CompileOptions options(cx); options.setIntroductionType("eventHandler") .setFileAndLine(url.get(), lineNo) .setVersion(JSVERSION_DEFAULT) .setElement(&v.toObject()) .setElementAttributeName(jsStr) .setDefineOnScope(false); JS::Rooted<JSObject*> handler(cx); result = nsJSUtils::CompileFunction(cx, target, options, nsAtomCString(typeAtom), argCount, argNames, *body, handler.address()); NS_ENSURE_SUCCESS(result, result); NS_ENSURE_TRUE(handler, NS_ERROR_FAILURE); if (jsEventHandler->EventName() == nsGkAtoms::onerror && win) { nsRefPtr<OnErrorEventHandlerNonNull> handlerCallback = new OnErrorEventHandlerNonNull(handler, /* aIncumbentGlobal = */ nullptr); jsEventHandler->SetHandler(handlerCallback); } else if (jsEventHandler->EventName() == nsGkAtoms::onbeforeunload && win) { nsRefPtr<OnBeforeUnloadEventHandlerNonNull> handlerCallback = new OnBeforeUnloadEventHandlerNonNull(handler, /* aIncumbentGlobal = */ nullptr); jsEventHandler->SetHandler(handlerCallback); } else { nsRefPtr<EventHandlerNonNull> handlerCallback = new EventHandlerNonNull(handler, /* aIncumbentGlobal = */ nullptr); jsEventHandler->SetHandler(handlerCallback); } return result; }