1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7 #include "InProcessBrowserChildMessageManager.h"
8 #include "nsContentUtils.h"
9 #include "nsDocShell.h"
10 #include "nsIInterfaceRequestorUtils.h"
11 #include "nsComponentManagerUtils.h"
12 #include "nsFrameLoader.h"
13 #include "nsFrameLoaderOwner.h"
14 #include "nsQueryObject.h"
15 #include "xpcpublic.h"
16 #include "nsIMozBrowserFrame.h"
17 #include "mozilla/EventDispatcher.h"
18 #include "mozilla/dom/ChromeMessageSender.h"
19 #include "mozilla/dom/MessageManagerBinding.h"
20 #include "mozilla/dom/SameProcessMessageQueue.h"
21 #include "mozilla/dom/ScriptLoader.h"
22 #include "mozilla/dom/WindowProxyHolder.h"
23 #include "mozilla/dom/JSActorService.h"
24
25 using namespace mozilla;
26 using namespace mozilla::dom;
27 using namespace mozilla::dom::ipc;
28
29 /* static */
30 already_AddRefed<InProcessBrowserChildMessageManager>
Create(nsDocShell * aShell,nsIContent * aOwner,nsFrameMessageManager * aChrome)31 InProcessBrowserChildMessageManager::Create(nsDocShell* aShell,
32 nsIContent* aOwner,
33 nsFrameMessageManager* aChrome) {
34 RefPtr<InProcessBrowserChildMessageManager> mm =
35 new InProcessBrowserChildMessageManager(aShell, aOwner, aChrome);
36
37 NS_ENSURE_TRUE(mm->Init(), nullptr);
38
39 if (XRE_IsParentProcess()) {
40 RefPtr<JSActorService> wasvc = JSActorService::GetSingleton();
41 wasvc->RegisterChromeEventTarget(mm);
42 }
43
44 return mm.forget();
45 }
46
DoSendBlockingMessage(const nsAString & aMessage,StructuredCloneData & aData,nsTArray<StructuredCloneData> * aRetVal)47 bool InProcessBrowserChildMessageManager::DoSendBlockingMessage(
48 const nsAString& aMessage, StructuredCloneData& aData,
49 nsTArray<StructuredCloneData>* aRetVal) {
50 SameProcessMessageQueue* queue = SameProcessMessageQueue::Get();
51 queue->Flush();
52
53 if (mChromeMessageManager) {
54 RefPtr<nsFrameMessageManager> mm = mChromeMessageManager;
55 RefPtr<nsFrameLoader> fl = GetFrameLoader();
56 mm->ReceiveMessage(mOwner, fl, aMessage, true, &aData, aRetVal,
57 IgnoreErrors());
58 }
59 return true;
60 }
61
62 class nsAsyncMessageToParent : public nsSameProcessAsyncMessageBase,
63 public SameProcessMessageQueue::Runnable {
64 public:
nsAsyncMessageToParent(InProcessBrowserChildMessageManager * aBrowserChild)65 explicit nsAsyncMessageToParent(
66 InProcessBrowserChildMessageManager* aBrowserChild)
67 : nsSameProcessAsyncMessageBase(), mBrowserChild(aBrowserChild) {}
68
HandleMessage()69 virtual nsresult HandleMessage() override {
70 RefPtr<nsFrameLoader> fl = mBrowserChild->GetFrameLoader();
71 ReceiveMessage(mBrowserChild->mOwner, fl,
72 mBrowserChild->mChromeMessageManager);
73 return NS_OK;
74 }
75 RefPtr<InProcessBrowserChildMessageManager> mBrowserChild;
76 };
77
DoSendAsyncMessage(const nsAString & aMessage,StructuredCloneData & aData)78 nsresult InProcessBrowserChildMessageManager::DoSendAsyncMessage(
79 const nsAString& aMessage, StructuredCloneData& aData) {
80 SameProcessMessageQueue* queue = SameProcessMessageQueue::Get();
81 RefPtr<nsAsyncMessageToParent> ev = new nsAsyncMessageToParent(this);
82
83 nsresult rv = ev->Init(aMessage, aData);
84 if (NS_FAILED(rv)) {
85 return rv;
86 }
87
88 queue->Push(ev);
89 return NS_OK;
90 }
91
InProcessBrowserChildMessageManager(nsDocShell * aShell,nsIContent * aOwner,nsFrameMessageManager * aChrome)92 InProcessBrowserChildMessageManager::InProcessBrowserChildMessageManager(
93 nsDocShell* aShell, nsIContent* aOwner, nsFrameMessageManager* aChrome)
94 : ContentFrameMessageManager(new nsFrameMessageManager(this)),
95 mDocShell(aShell),
96 mLoadingScript(false),
97 mPreventEventsEscaping(false),
98 mOwner(aOwner),
99 mChromeMessageManager(aChrome) {
100 mozilla::HoldJSObjects(this);
101
102 // If owner corresponds to an <iframe mozbrowser>, we'll have to tweak our
103 // GetEventTargetParent implementation.
104 nsCOMPtr<nsIMozBrowserFrame> browserFrame = do_QueryInterface(mOwner);
105 if (browserFrame) {
106 mIsBrowserFrame = browserFrame->GetReallyIsBrowser();
107 } else {
108 mIsBrowserFrame = false;
109 }
110 }
111
~InProcessBrowserChildMessageManager()112 InProcessBrowserChildMessageManager::~InProcessBrowserChildMessageManager() {
113 if (XRE_IsParentProcess()) {
114 JSActorService::UnregisterChromeEventTarget(this);
115 }
116
117 mAnonymousGlobalScopes.Clear();
118 mozilla::DropJSObjects(this);
119 }
120
121 // This method isn't automatically forwarded safely because it's notxpcom, so
122 // the IDL binding doesn't know what value to return.
MarkForCC()123 void InProcessBrowserChildMessageManager::MarkForCC() {
124 MarkScopesForCC();
125 MessageManagerGlobal::MarkForCC();
126 }
127
128 NS_IMPL_CYCLE_COLLECTION_CLASS(InProcessBrowserChildMessageManager)
129
130 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(
131 InProcessBrowserChildMessageManager, DOMEventTargetHelper)
132 NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mMessageManager)
133 NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDocShell)
134 NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
135
136 NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN_INHERITED(
137 InProcessBrowserChildMessageManager, DOMEventTargetHelper)
138 tmp->nsMessageManagerScriptExecutor::Trace(aCallbacks, aClosure);
139 NS_IMPL_CYCLE_COLLECTION_TRACE_END
140
141 NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(
142 InProcessBrowserChildMessageManager, DOMEventTargetHelper)
143 if (XRE_IsParentProcess()) {
144 JSActorService::UnregisterChromeEventTarget(tmp);
145 }
146
147 NS_IMPL_CYCLE_COLLECTION_UNLINK(mMessageManager)
148 NS_IMPL_CYCLE_COLLECTION_UNLINK(mDocShell)
149 tmp->nsMessageManagerScriptExecutor::Unlink();
150 NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE
151 NS_IMPL_CYCLE_COLLECTION_UNLINK_END
152
NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(InProcessBrowserChildMessageManager)153 NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(InProcessBrowserChildMessageManager)
154 NS_INTERFACE_MAP_ENTRY(nsIMessageSender)
155 NS_INTERFACE_MAP_ENTRY(nsIInProcessContentFrameMessageManager)
156 NS_INTERFACE_MAP_ENTRY(ContentFrameMessageManager)
157 NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
158 NS_INTERFACE_MAP_END_INHERITING(DOMEventTargetHelper)
159
160 NS_IMPL_ADDREF_INHERITED(InProcessBrowserChildMessageManager,
161 DOMEventTargetHelper)
162 NS_IMPL_RELEASE_INHERITED(InProcessBrowserChildMessageManager,
163 DOMEventTargetHelper)
164
165 JSObject* InProcessBrowserChildMessageManager::WrapObject(
166 JSContext* aCx, JS::Handle<JSObject*> aGivenProto) {
167 return ContentFrameMessageManager_Binding::Wrap(aCx, this, aGivenProto);
168 }
169
CacheFrameLoader(nsFrameLoader * aFrameLoader)170 void InProcessBrowserChildMessageManager::CacheFrameLoader(
171 nsFrameLoader* aFrameLoader) {
172 mFrameLoader = aFrameLoader;
173 }
174
GetContent(ErrorResult & aError)175 Nullable<WindowProxyHolder> InProcessBrowserChildMessageManager::GetContent(
176 ErrorResult& aError) {
177 if (!mDocShell) {
178 return nullptr;
179 }
180 return WindowProxyHolder(mDocShell->GetBrowsingContext());
181 }
182
183 already_AddRefed<nsIEventTarget>
GetTabEventTarget()184 InProcessBrowserChildMessageManager::GetTabEventTarget() {
185 nsCOMPtr<nsIEventTarget> target = GetMainThreadEventTarget();
186 return target.forget();
187 }
188
ChromeOuterWindowID()189 uint64_t InProcessBrowserChildMessageManager::ChromeOuterWindowID() {
190 if (!mDocShell) {
191 return 0;
192 }
193
194 nsCOMPtr<nsIDocShellTreeItem> root;
195 nsresult rv = mDocShell->GetInProcessRootTreeItem(getter_AddRefs(root));
196 if (NS_WARN_IF(NS_FAILED(rv))) {
197 return 0;
198 }
199
200 nsPIDOMWindowOuter* topWin = root->GetWindow();
201 if (!topWin) {
202 return 0;
203 }
204
205 return topWin->WindowID();
206 }
207
FireUnloadEvent()208 void InProcessBrowserChildMessageManager::FireUnloadEvent() {
209 // We're called from Document::MaybeInitializeFinalizeFrameLoaders, so it
210 // should be safe to run script.
211 MOZ_ASSERT(nsContentUtils::IsSafeToRunScript());
212
213 // Don't let the unload event propagate to chrome event handlers.
214 mPreventEventsEscaping = true;
215 DOMEventTargetHelper::DispatchTrustedEvent(NS_LITERAL_STRING("unload"));
216
217 // Allow events fired during docshell destruction (pagehide, unload) to
218 // propagate to the <browser> element since chrome code depends on this.
219 mPreventEventsEscaping = false;
220 }
221
DisconnectEventListeners()222 void InProcessBrowserChildMessageManager::DisconnectEventListeners() {
223 if (mDocShell) {
224 if (nsCOMPtr<nsPIDOMWindowOuter> win = mDocShell->GetWindow()) {
225 win->SetChromeEventHandler(win->GetChromeEventHandler());
226 }
227 }
228 if (mListenerManager) {
229 mListenerManager->Disconnect();
230 }
231
232 mDocShell = nullptr;
233 }
234
Disconnect()235 void InProcessBrowserChildMessageManager::Disconnect() {
236 mChromeMessageManager = nullptr;
237 mOwner = nullptr;
238 if (mMessageManager) {
239 static_cast<nsFrameMessageManager*>(mMessageManager.get())->Disconnect();
240 mMessageManager = nullptr;
241 }
242 }
243
NS_IMETHODIMP_(nsIContent *)244 NS_IMETHODIMP_(nsIContent*)
245 InProcessBrowserChildMessageManager::GetOwnerContent() { return mOwner; }
246
GetEventTargetParent(EventChainPreVisitor & aVisitor)247 void InProcessBrowserChildMessageManager::GetEventTargetParent(
248 EventChainPreVisitor& aVisitor) {
249 aVisitor.mForceContentDispatch = true;
250 aVisitor.mCanHandle = true;
251
252 if (mPreventEventsEscaping) {
253 aVisitor.SetParentTarget(nullptr, false);
254 return;
255 }
256
257 if (mIsBrowserFrame &&
258 (!mOwner || !nsContentUtils::IsInChromeDocshell(mOwner->OwnerDoc()))) {
259 if (mOwner) {
260 if (nsPIDOMWindowInner* innerWindow =
261 mOwner->OwnerDoc()->GetInnerWindow()) {
262 // 'this' is already a "chrome handler", so we consider window's
263 // parent target to be part of that same part of the event path.
264 aVisitor.SetParentTarget(innerWindow->GetParentTarget(), false);
265 }
266 }
267 } else {
268 aVisitor.SetParentTarget(mOwner, false);
269 }
270 }
271
272 class nsAsyncScriptLoad : public Runnable {
273 public:
nsAsyncScriptLoad(InProcessBrowserChildMessageManager * aBrowserChild,const nsAString & aURL,bool aRunInGlobalScope)274 nsAsyncScriptLoad(InProcessBrowserChildMessageManager* aBrowserChild,
275 const nsAString& aURL, bool aRunInGlobalScope)
276 : mozilla::Runnable("nsAsyncScriptLoad"),
277 mBrowserChild(aBrowserChild),
278 mURL(aURL),
279 mRunInGlobalScope(aRunInGlobalScope) {}
280
Run()281 NS_IMETHOD Run() override {
282 mBrowserChild->LoadFrameScript(mURL, mRunInGlobalScope);
283 return NS_OK;
284 }
285 RefPtr<InProcessBrowserChildMessageManager> mBrowserChild;
286 nsString mURL;
287 bool mRunInGlobalScope;
288 };
289
LoadFrameScript(const nsAString & aURL,bool aRunInGlobalScope)290 void InProcessBrowserChildMessageManager::LoadFrameScript(
291 const nsAString& aURL, bool aRunInGlobalScope) {
292 if (!nsContentUtils::IsSafeToRunScript()) {
293 nsContentUtils::AddScriptRunner(
294 new nsAsyncScriptLoad(this, aURL, aRunInGlobalScope));
295 return;
296 }
297 bool tmp = mLoadingScript;
298 mLoadingScript = true;
299 JS::Rooted<JSObject*> mm(mozilla::dom::RootingCx(), GetOrCreateWrapper());
300 LoadScriptInternal(mm, aURL, !aRunInGlobalScope);
301 mLoadingScript = tmp;
302 }
303
304 already_AddRefed<nsFrameLoader>
GetFrameLoader()305 InProcessBrowserChildMessageManager::GetFrameLoader() {
306 RefPtr<nsFrameLoaderOwner> owner = do_QueryObject(mOwner);
307 RefPtr<nsFrameLoader> fl = owner ? owner->GetFrameLoader() : nullptr;
308 if (!fl) {
309 fl = mFrameLoader;
310 }
311 return fl.forget();
312 }
313