diff options
Diffstat (limited to 'js/src/proxy/ScriptedProxyHandler.cpp')
| -rw-r--r-- | js/src/proxy/ScriptedProxyHandler.cpp | 1428 |
1 files changed, 1428 insertions, 0 deletions
diff --git a/js/src/proxy/ScriptedProxyHandler.cpp b/js/src/proxy/ScriptedProxyHandler.cpp new file mode 100644 index 000000000..776547337 --- /dev/null +++ b/js/src/proxy/ScriptedProxyHandler.cpp @@ -0,0 +1,1428 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- + * vim: set ts=8 sts=4 et sw=4 tw=99: + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "proxy/ScriptedProxyHandler.h" + +#include "jsapi.h" + +#include "vm/Interpreter.h" // For InstanceOfOperator + +#include "jsobjinlines.h" +#include "vm/NativeObject-inl.h" + +using namespace js; + +using JS::IsArrayAnswer; +using mozilla::ArrayLength; + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 9.1.6.2 IsCompatiblePropertyDescriptor. BUT that method just calls +// 9.1.6.3 ValidateAndApplyPropertyDescriptor with two additional constant +// arguments. Therefore step numbering is from the latter method, and +// resulting dead code has been removed. +static bool +IsCompatiblePropertyDescriptor(JSContext* cx, bool extensible, Handle<PropertyDescriptor> desc, + Handle<PropertyDescriptor> current, bool* bp) +{ + // Step 2. + if (!current.object()) { + // Step 2a-b,e. As |O| is always undefined, steps 2c-d fall away. + *bp = extensible; + return true; + } + + // Step 3. + if (!desc.hasValue() && !desc.hasWritable() && + !desc.hasGetterObject() && !desc.hasSetterObject() && + !desc.hasEnumerable() && !desc.hasConfigurable()) + { + *bp = true; + return true; + } + + // Step 4. + if ((!desc.hasWritable() || + (current.hasWritable() && desc.writable() == current.writable())) && + (!desc.hasGetterObject() || desc.getter() == current.getter()) && + (!desc.hasSetterObject() || desc.setter() == current.setter()) && + (!desc.hasEnumerable() || desc.enumerable() == current.enumerable()) && + (!desc.hasConfigurable() || desc.configurable() == current.configurable())) + { + if (!desc.hasValue()) { + *bp = true; + return true; + } + bool same = false; + if (!SameValue(cx, desc.value(), current.value(), &same)) + return false; + if (same) { + *bp = true; + return true; + } + } + + // Step 5. + if (!current.configurable()) { + // Step 5a. + if (desc.hasConfigurable() && desc.configurable()) { + *bp = false; + return true; + } + + // Step 5b. + if (desc.hasEnumerable() && desc.enumerable() != current.enumerable()) { + *bp = false; + return true; + } + } + + // Step 6. + if (desc.isGenericDescriptor()) { + *bp = true; + return true; + } + + // Step 7. + if (current.isDataDescriptor() != desc.isDataDescriptor()) { + // Steps 7a, 11. As |O| is always undefined, steps 2b-c fall away. + *bp = current.configurable(); + return true; + } + + // Step 8. + if (current.isDataDescriptor()) { + MOZ_ASSERT(desc.isDataDescriptor()); // by step 7 + if (!current.configurable() && !current.writable()) { + if (desc.hasWritable() && desc.writable()) { + *bp = false; + return true; + } + + if (desc.hasValue()) { + bool same; + if (!SameValue(cx, desc.value(), current.value(), &same)) + return false; + if (!same) { + *bp = false; + return true; + } + } + } + + *bp = true; + return true; + } + + // Step 9. + MOZ_ASSERT(current.isAccessorDescriptor()); // by step 8 + MOZ_ASSERT(desc.isAccessorDescriptor()); // by step 7 + *bp = (current.configurable() || + ((!desc.hasSetterObject() || desc.setter() == current.setter()) && + (!desc.hasGetterObject() || desc.getter() == current.getter()))); + return true; +} + +// Get the [[ProxyHandler]] of a scripted proxy. +/* static */ JSObject* +ScriptedProxyHandler::handlerObject(const JSObject* proxy) +{ + MOZ_ASSERT(proxy->as<ProxyObject>().handler() == &ScriptedProxyHandler::singleton); + return proxy->as<ProxyObject>().extra(ScriptedProxyHandler::HANDLER_EXTRA).toObjectOrNull(); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 7.3.9 GetMethod, +// reimplemented for proxy handler trap-getting to produce better error +// messages. +static bool +GetProxyTrap(JSContext* cx, HandleObject handler, HandlePropertyName name, MutableHandleValue func) +{ + // Steps 2, 5. + if (!GetProperty(cx, handler, handler, name, func)) + return false; + + // Step 3. + if (func.isUndefined()) + return true; + + if (func.isNull()) { + func.setUndefined(); + return true; + } + + // Step 4. + if (!IsCallable(func)) { + JSAutoByteString bytes(cx, name); + if (!bytes) + return false; + + JS_ReportErrorNumberLatin1(cx, GetErrorMessage, nullptr, JSMSG_BAD_TRAP, bytes.ptr()); + return false; + } + + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.1 Proxy.[[GetPrototypeOf]]. +bool +ScriptedProxyHandler::getPrototype(JSContext* cx, HandleObject proxy, + MutableHandleObject protop) const +{ + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().getPrototypeOf, &trap)) + return false; + + // Step 6. + if (trap.isUndefined()) + return GetPrototype(cx, target, protop); + + // Step 7. + RootedValue handlerProto(cx); + { + FixedInvokeArgs<1> args(cx); + + args[0].setObject(*target); + + handlerProto.setObject(*handler); + + if (!js::Call(cx, trap, handlerProto, args, &handlerProto)) + return false; + } + + // Step 8. + if (!handlerProto.isObjectOrNull()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_BAD_GETPROTOTYPEOF_TRAP_RETURN); + return false; + } + + // Step 9. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) + return false; + + // Step 10. + if (extensibleTarget) { + protop.set(handlerProto.toObjectOrNull()); + return true; + } + + // Step 11. + RootedObject targetProto(cx); + if (!GetPrototype(cx, target, &targetProto)) + return false; + + // Step 12. + if (handlerProto.toObjectOrNull() != targetProto) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_INCONSISTENT_GETPROTOTYPEOF_TRAP); + return false; + } + + // Step 13. + protop.set(handlerProto.toObjectOrNull()); + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.2 Proxy.[[SetPrototypeOf]]. +bool +ScriptedProxyHandler::setPrototype(JSContext* cx, HandleObject proxy, HandleObject proto, + ObjectOpResult& result) const +{ + // Steps 1-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().setPrototypeOf, &trap)) + return false; + + // Step 7. + if (trap.isUndefined()) + return SetPrototype(cx, target, proto, result); + + // Step 8. + bool booleanTrapResult; + { + FixedInvokeArgs<2> args(cx); + + args[0].setObject(*target); + args[1].setObjectOrNull(proto); + + RootedValue hval(cx, ObjectValue(*handler)); + if (!js::Call(cx, trap, hval, args, &hval)) + return false; + + booleanTrapResult = ToBoolean(hval); + } + + // Step 9. + if (!booleanTrapResult) + return result.fail(JSMSG_PROXY_SETPROTOTYPEOF_RETURNED_FALSE); + + // Step 10. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) + return false; + + // Step 11. + if (extensibleTarget) + return result.succeed(); + + // Step 12. + RootedObject targetProto(cx); + if (!GetPrototype(cx, target, &targetProto)) + return false; + + // Step 13. + if (proto != targetProto) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_INCONSISTENT_SETPROTOTYPEOF_TRAP); + return false; + } + + // Step 14. + return result.succeed(); +} + +bool +ScriptedProxyHandler::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary, + MutableHandleObject protop) const +{ + *isOrdinary = false; + return true; +} + +// Not yet part of ES6, but hopefully to be standards-tracked -- and needed to +// handle revoked proxies in any event. +bool +ScriptedProxyHandler::setImmutablePrototype(JSContext* cx, HandleObject proxy, + bool* succeeded) const +{ + RootedObject target(cx, proxy->as<ProxyObject>().target()); + if (!target) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + return SetImmutablePrototype(cx, target, succeeded); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.4 Proxy.[[PreventExtensions]]() +bool +ScriptedProxyHandler::preventExtensions(JSContext* cx, HandleObject proxy, + ObjectOpResult& result) const +{ + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().preventExtensions, &trap)) + return false; + + // Step 6. + if (trap.isUndefined()) + return PreventExtensions(cx, target, result); + + // Step 7. + bool booleanTrapResult; + { + RootedValue arg(cx, ObjectValue(*target)); + RootedValue trapResult(cx); + if (!Call(cx, trap, handler, arg, &trapResult)) + return false; + + booleanTrapResult = ToBoolean(trapResult); + } + + // Step 8. + if (booleanTrapResult) { + // Step 8a. + bool targetIsExtensible; + if (!IsExtensible(cx, target, &targetIsExtensible)) + return false; + + if (targetIsExtensible) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, + JSMSG_CANT_REPORT_AS_NON_EXTENSIBLE); + return false; + } + + // Step 9. + return result.succeed(); + } + + // Also step 9. + return result.fail(JSMSG_PROXY_PREVENTEXTENSIONS_RETURNED_FALSE); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.3 Proxy.[[IsExtensible]]() +bool +ScriptedProxyHandler::isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) const +{ + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().isExtensible, &trap)) + return false; + + // Step 6. + if (trap.isUndefined()) + return IsExtensible(cx, target, extensible); + + // Step 7. + bool booleanTrapResult; + { + RootedValue arg(cx, ObjectValue(*target)); + RootedValue trapResult(cx); + if (!Call(cx, trap, handler, arg, &trapResult)) + return false; + + booleanTrapResult = ToBoolean(trapResult); + } + + // Steps 8. + bool targetResult; + if (!IsExtensible(cx, target, &targetResult)) + return false; + + // Step 9. + if (targetResult != booleanTrapResult) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_EXTENSIBILITY); + return false; + } + + // Step 10. + *extensible = booleanTrapResult; + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.5 Proxy.[[GetOwnProperty]](P) +bool +ScriptedProxyHandler::getOwnPropertyDescriptor(JSContext* cx, HandleObject proxy, HandleId id, + MutableHandle<PropertyDescriptor> desc) const +{ + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().getOwnPropertyDescriptor, &trap)) + return false; + + // Step 7. + if (trap.isUndefined()) + return GetOwnPropertyDescriptor(cx, target, id, desc); + + // Step 8. + RootedValue propKey(cx); + if (!IdToStringOrSymbol(cx, id, &propKey)) + return false; + + RootedValue trapResult(cx); + RootedValue targetVal(cx, ObjectValue(*target)); + if (!Call(cx, trap, handler, targetVal, propKey, &trapResult)) + return false; + + // Step 9. + if (!trapResult.isUndefined() && !trapResult.isObject()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_GETOWN_OBJORUNDEF); + return false; + } + + // Step 10. + Rooted<PropertyDescriptor> targetDesc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &targetDesc)) + return false; + + // Step 11. + if (trapResult.isUndefined()) { + // Step 11a. + if (!targetDesc.object()) { + desc.object().set(nullptr); + return true; + } + + // Step 11b. + if (!targetDesc.configurable()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NC_AS_NE); + return false; + } + + // Steps 11c-d. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) + return false; + + // Step 11e. + if (!extensibleTarget) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_E_AS_NE); + return false; + } + + // Step 11f. + desc.object().set(nullptr); + return true; + } + + // Step 12. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) + return false; + + // Step 13. + Rooted<PropertyDescriptor> resultDesc(cx); + if (!ToPropertyDescriptor(cx, trapResult, true, &resultDesc)) + return false; + + // Step 14. + CompletePropertyDescriptor(&resultDesc); + + // Step 15. + bool valid; + if (!IsCompatiblePropertyDescriptor(cx, extensibleTarget, resultDesc, targetDesc, &valid)) + return false; + + // Step 16. + if (!valid) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_INVALID); + return false; + } + + // Step 17. + if (!resultDesc.configurable()) { + if (!targetDesc.object()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NE_AS_NC); + return false; + } + + if (targetDesc.configurable()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_C_AS_NC); + return false; + } + } + + // Step 18. + desc.set(resultDesc); + desc.object().set(proxy); + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.6 Proxy.[[DefineOwnProperty]](P, Desc) +bool +ScriptedProxyHandler::defineProperty(JSContext* cx, HandleObject proxy, HandleId id, + Handle<PropertyDescriptor> desc, ObjectOpResult& result) const +{ + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().defineProperty, &trap)) + return false; + + // Step 7. + if (trap.isUndefined()) + return DefineProperty(cx, target, id, desc, result); + + // Step 8. + RootedValue descObj(cx); + if (!FromPropertyDescriptorToObject(cx, desc, &descObj)) + return false; + + // Step 9. + RootedValue propKey(cx); + if (!IdToStringOrSymbol(cx, id, &propKey)) + return false; + + RootedValue trapResult(cx); + { + FixedInvokeArgs<3> args(cx); + + args[0].setObject(*target); + args[1].set(propKey); + args[2].set(descObj); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, args, &trapResult)) + return false; + } + + // Step 10. + if (!ToBoolean(trapResult)) + return result.fail(JSMSG_PROXY_DEFINE_RETURNED_FALSE); + + // Step 11. + Rooted<PropertyDescriptor> targetDesc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &targetDesc)) + return false; + + // Step 12. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) + return false; + + // Steps 13-14. + bool settingConfigFalse = desc.hasConfigurable() && !desc.configurable(); + + // Steps 15-16. + if (!targetDesc.object()) { + // Step 15a. + if (!extensibleTarget) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_DEFINE_NEW); + return false; + } + + // Step 15b. + if (settingConfigFalse) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_DEFINE_NE_AS_NC); + return false; + } + } else { + // Steps 16a-b. + bool valid; + if (!IsCompatiblePropertyDescriptor(cx, extensibleTarget, desc, targetDesc, &valid)) + return false; + + if (!valid || (settingConfigFalse && targetDesc.configurable())) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_DEFINE_INVALID); + return false; + } + } + + // Step 17. + return result.succeed(); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 +// 7.3.17 CreateListFromArrayLike with elementTypes fixed to symbol/string. +static bool +CreateFilteredListFromArrayLike(JSContext* cx, HandleValue v, AutoIdVector& props) +{ + // Step 2. + RootedObject obj(cx, NonNullObject(cx, v)); + if (!obj) + return false; + + // Step 3. + uint32_t len; + if (!GetLengthProperty(cx, obj, &len)) + return false; + + // Steps 4-6. + RootedValue next(cx); + RootedId id(cx); + uint32_t index = 0; + while (index < len) { + // Steps 6a-b. + if (!GetElement(cx, obj, obj, index, &next)) + return false; + + // Step 6c. + if (!next.isString() && !next.isSymbol()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_ONWKEYS_STR_SYM); + return false; + } + + if (!ValueToId<CanGC>(cx, next, &id)) + return false; + + // Step 6d. + if (!props.append(id)) + return false; + + // Step 6e. + index++; + } + + // Step 7. + return true; +} + + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.11 Proxy.[[OwnPropertyKeys]]() +bool +ScriptedProxyHandler::ownPropertyKeys(JSContext* cx, HandleObject proxy, AutoIdVector& props) const +{ + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().ownKeys, &trap)) + return false; + + // Step 6. + if (trap.isUndefined()) + return GetPropertyKeys(cx, target, JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, &props); + + // Step 7. + RootedValue trapResultArray(cx); + RootedValue targetVal(cx, ObjectValue(*target)); + if (!Call(cx, trap, handler, targetVal, &trapResultArray)) + return false; + + // Step 8. + AutoIdVector trapResult(cx); + if (!CreateFilteredListFromArrayLike(cx, trapResultArray, trapResult)) + return false; + + // Step 9. + bool extensibleTarget; + if (!IsExtensible(cx, target, &extensibleTarget)) + return false; + + // Steps 10-11. + AutoIdVector targetKeys(cx); + if (!GetPropertyKeys(cx, target, JSITER_OWNONLY | JSITER_HIDDEN | JSITER_SYMBOLS, &targetKeys)) + return false; + + // Steps 12-13. + AutoIdVector targetConfigurableKeys(cx); + AutoIdVector targetNonconfigurableKeys(cx); + + // Step 14. + Rooted<PropertyDescriptor> desc(cx); + for (size_t i = 0; i < targetKeys.length(); ++i) { + // Step 14a. + if (!GetOwnPropertyDescriptor(cx, target, targetKeys[i], &desc)) + return false; + + // Steps 14b-c. + if (desc.object() && !desc.configurable()) { + if (!targetNonconfigurableKeys.append(targetKeys[i])) + return false; + } else { + if (!targetConfigurableKeys.append(targetKeys[i])) + return false; + } + } + + // Step 15. + if (extensibleTarget && targetNonconfigurableKeys.empty()) + return props.appendAll(trapResult); + + // Step 16. + // The algorithm below always removes all occurences of the same key + // at once, so we can use a set here. + Rooted<GCHashSet<jsid>> uncheckedResultKeys(cx, GCHashSet<jsid>(cx)); + if (!uncheckedResultKeys.init(trapResult.length())) + return false; + + for (size_t i = 0, len = trapResult.length(); i < len; i++) { + MOZ_ASSERT(!JSID_IS_VOID(trapResult[i])); + + if (!uncheckedResultKeys.put(trapResult[i])) + return false; + } + + // Step 17. + for (size_t i = 0; i < targetNonconfigurableKeys.length(); ++i) { + MOZ_ASSERT(!JSID_IS_VOID(targetNonconfigurableKeys[i])); + + auto ptr = uncheckedResultKeys.lookup(targetNonconfigurableKeys[i]); + + // Step 17a. + if (!ptr) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_SKIP_NC); + return false; + } + + // Step 17b. + uncheckedResultKeys.remove(ptr); + } + + // Step 18. + if (extensibleTarget) + return props.appendAll(trapResult); + + // Step 19. + for (size_t i = 0; i < targetConfigurableKeys.length(); ++i) { + MOZ_ASSERT(!JSID_IS_VOID(targetConfigurableKeys[i])); + + auto ptr = uncheckedResultKeys.lookup(targetConfigurableKeys[i]); + + // Step 19a. + if (!ptr) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_E_AS_NE); + return false; + } + + // Step 19b. + uncheckedResultKeys.remove(ptr); + } + + // Step 20. + if (!uncheckedResultKeys.empty()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NEW); + return false; + } + + // Step 21. + return props.appendAll(trapResult); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.10 Proxy.[[Delete]](P) +bool +ScriptedProxyHandler::delete_(JSContext* cx, HandleObject proxy, HandleId id, + ObjectOpResult& result) const +{ + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().deleteProperty, &trap)) + return false; + + // Step 7. + if (trap.isUndefined()) + return DeleteProperty(cx, target, id, result); + + // Step 8. + bool booleanTrapResult; + { + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) + return false; + + RootedValue targetVal(cx, ObjectValue(*target)); + RootedValue trapResult(cx); + if (!Call(cx, trap, handler, targetVal, value, &trapResult)) + return false; + + booleanTrapResult = ToBoolean(trapResult); + } + + // Step 9. + if (!booleanTrapResult) + return result.fail(JSMSG_PROXY_DELETE_RETURNED_FALSE); + + // Step 10. + Rooted<PropertyDescriptor> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) + return false; + + // Step 12. + if (desc.object() && !desc.configurable()) { + RootedValue v(cx, IdToValue(id)); + ReportValueError(cx, JSMSG_CANT_DELETE, JSDVG_IGNORE_STACK, v, nullptr); + return false; + } + + // Steps 11,13. + return result.succeed(); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.7 Proxy.[[HasProperty]](P) +bool +ScriptedProxyHandler::has(JSContext* cx, HandleObject proxy, HandleId id, bool* bp) const +{ + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().has, &trap)) + return false; + + // Step 7. + if (trap.isUndefined()) + return HasProperty(cx, target, id, bp); + + // Step 8. + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) + return false; + + RootedValue trapResult(cx); + RootedValue targetVal(cx, ObjectValue(*target)); + if (!Call(cx, trap, handler, targetVal, value, &trapResult)) + return false; + + bool booleanTrapResult = ToBoolean(trapResult); + + // Step 9. + if (!booleanTrapResult) { + // Step 9a. + Rooted<PropertyDescriptor> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) + return false; + + // Step 9b. + if (desc.object()) { + // Step 9b(i). + if (!desc.configurable()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_NC_AS_NE); + return false; + } + + // Step 9b(ii). + bool extensible; + if (!IsExtensible(cx, target, &extensible)) + return false; + + // Step 9b(iii). + if (!extensible) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_REPORT_E_AS_NE); + return false; + } + } + } + + // Step 10. + *bp = booleanTrapResult; + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.8 Proxy.[[GetP]](P, Receiver) +bool +ScriptedProxyHandler::get(JSContext* cx, HandleObject proxy, HandleValue receiver, HandleId id, + MutableHandleValue vp) const +{ + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Steps 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().get, &trap)) + return false; + + // Step 7. + if (trap.isUndefined()) + return GetProperty(cx, target, receiver, id, vp); + + // Step 8. + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) + return false; + + RootedValue trapResult(cx); + { + FixedInvokeArgs<3> args(cx); + + args[0].setObject(*target); + args[1].set(value); + args[2].set(receiver); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, args, &trapResult)) + return false; + } + + // Step 9. + Rooted<PropertyDescriptor> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) + return false; + + // Step 10. + if (desc.object()) { + // Step 10a. + if (desc.isDataDescriptor() && !desc.configurable() && !desc.writable()) { + bool same; + if (!SameValue(cx, trapResult, desc.value(), &same)) + return false; + if (!same) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_MUST_REPORT_SAME_VALUE); + return false; + } + } + + // Step 10b. + if (desc.isAccessorDescriptor() && !desc.configurable() && desc.getterObject() == nullptr) { + if (!trapResult.isUndefined()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_MUST_REPORT_UNDEFINED); + return false; + } + } + } + + // Step 11. + vp.set(trapResult); + return true; +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.9 Proxy.[[Set]](P, V, Receiver) +bool +ScriptedProxyHandler::set(JSContext* cx, HandleObject proxy, HandleId id, HandleValue v, + HandleValue receiver, ObjectOpResult& result) const +{ + // Steps 2-4. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 5. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + + // Step 6. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().set, &trap)) + return false; + + // Step 7. + if (trap.isUndefined()) + return SetProperty(cx, target, id, v, receiver, result); + + // Step 8. + RootedValue value(cx); + if (!IdToStringOrSymbol(cx, id, &value)) + return false; + + RootedValue trapResult(cx); + { + FixedInvokeArgs<4> args(cx); + + args[0].setObject(*target); + args[1].set(value); + args[2].set(v); + args[3].set(receiver); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, args, &trapResult)) + return false; + } + + // Step 9. + if (!ToBoolean(trapResult)) + return result.fail(JSMSG_PROXY_SET_RETURNED_FALSE); + + // Step 10. + Rooted<PropertyDescriptor> desc(cx); + if (!GetOwnPropertyDescriptor(cx, target, id, &desc)) + return false; + + // Step 11. + if (desc.object()) { + // Step 11a. + if (desc.isDataDescriptor() && !desc.configurable() && !desc.writable()) { + bool same; + if (!SameValue(cx, v, desc.value(), &same)) + return false; + if (!same) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_SET_NW_NC); + return false; + } + } + + // Step 11b. + if (desc.isAccessorDescriptor() && !desc.configurable() && desc.setterObject() == nullptr) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CANT_SET_WO_SETTER); + return false; + } + } + + // Step 12. + return result.succeed(); +} + +// ES7 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.13 Proxy.[[Call]] +bool +ScriptedProxyHandler::call(JSContext* cx, HandleObject proxy, const CallArgs& args) const +{ + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + MOZ_ASSERT(target->isCallable()); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().apply, &trap)) + return false; + + // Step 6. + if (trap.isUndefined()) { + InvokeArgs iargs(cx); + if (!FillArgumentsFromArraylike(cx, iargs, args)) + return false; + + RootedValue fval(cx, ObjectValue(*target)); + return js::Call(cx, fval, args.thisv(), iargs, args.rval()); + } + + // Step 7. + RootedObject argArray(cx, NewDenseCopiedArray(cx, args.length(), args.array())); + if (!argArray) + return false; + + // Step 8. + FixedInvokeArgs<3> iargs(cx); + + iargs[0].setObject(*target); + iargs[1].set(args.thisv()); + iargs[2].setObject(*argArray); + + RootedValue thisv(cx, ObjectValue(*handler)); + return js::Call(cx, trap, thisv, iargs, args.rval()); +} + +// ES7 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.14 Proxy.[[Construct]] +bool +ScriptedProxyHandler::construct(JSContext* cx, HandleObject proxy, const CallArgs& args) const +{ + // Steps 1-3. + RootedObject handler(cx, ScriptedProxyHandler::handlerObject(proxy)); + if (!handler) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_REVOKED); + return false; + } + + // Step 4. + RootedObject target(cx, proxy->as<ProxyObject>().target()); + MOZ_ASSERT(target); + MOZ_ASSERT(target->isConstructor()); + + // Step 5. + RootedValue trap(cx); + if (!GetProxyTrap(cx, handler, cx->names().construct, &trap)) + return false; + + // Step 6. + if (trap.isUndefined()) { + ConstructArgs cargs(cx); + if (!FillArgumentsFromArraylike(cx, cargs, args)) + return false; + + RootedValue targetv(cx, ObjectValue(*target)); + RootedObject obj(cx); + if (!Construct(cx, targetv, cargs, args.newTarget(), &obj)) + return false; + + args.rval().setObject(*obj); + return true; + } + + // Step 7. + RootedObject argArray(cx, NewDenseCopiedArray(cx, args.length(), args.array())); + if (!argArray) + return false; + + // Steps 8, 10. + { + FixedInvokeArgs<3> iargs(cx); + + iargs[0].setObject(*target); + iargs[1].setObject(*argArray); + iargs[2].set(args.newTarget()); + + RootedValue thisv(cx, ObjectValue(*handler)); + if (!Call(cx, trap, thisv, iargs, args.rval())) + return false; + } + + // Step 9. + if (!args.rval().isObject()) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_CONSTRUCT_OBJECT); + return false; + } + + return true; +} + +bool +ScriptedProxyHandler::nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, + const CallArgs& args) const +{ + ReportIncompatible(cx, args); + return false; +} + +bool +ScriptedProxyHandler::hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v, + bool* bp) const +{ + return InstanceOfOperator(cx, proxy, v, bp); +} + +bool +ScriptedProxyHandler::getBuiltinClass(JSContext* cx, HandleObject proxy, + ESClass* cls) const +{ + *cls = ESClass::Other; + return true; +} + +bool +ScriptedProxyHandler::isArray(JSContext* cx, HandleObject proxy, IsArrayAnswer* answer) const +{ + RootedObject target(cx, proxy->as<ProxyObject>().target()); + if (target) + return JS::IsArray(cx, target, answer); + + *answer = IsArrayAnswer::RevokedProxy; + return true; +} + +const char* +ScriptedProxyHandler::className(JSContext* cx, HandleObject proxy) const +{ + // Right now the caller is not prepared to handle failures. + return BaseProxyHandler::className(cx, proxy); +} + +JSString* +ScriptedProxyHandler::fun_toString(JSContext* cx, HandleObject proxy, unsigned indent) const +{ + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_INCOMPATIBLE_PROTO, + js_Function_str, js_toString_str, "object"); + return nullptr; +} + +bool +ScriptedProxyHandler::regexp_toShared(JSContext* cx, HandleObject proxy, RegExpGuard* g) const +{ + MOZ_CRASH("Should not end up in ScriptedProxyHandler::regexp_toShared"); + return false; +} + +bool +ScriptedProxyHandler::boxedValue_unbox(JSContext* cx, HandleObject proxy, + MutableHandleValue vp) const +{ + MOZ_CRASH("Should not end up in ScriptedProxyHandler::boxedValue_unbox"); + return false; +} + +bool +ScriptedProxyHandler::isCallable(JSObject* obj) const +{ + MOZ_ASSERT(obj->as<ProxyObject>().handler() == &ScriptedProxyHandler::singleton); + uint32_t callConstruct = obj->as<ProxyObject>().extra(IS_CALLCONSTRUCT_EXTRA).toPrivateUint32(); + return !!(callConstruct & IS_CALLABLE); +} + +bool +ScriptedProxyHandler::isConstructor(JSObject* obj) const +{ + MOZ_ASSERT(obj->as<ProxyObject>().handler() == &ScriptedProxyHandler::singleton); + uint32_t callConstruct = obj->as<ProxyObject>().extra(IS_CALLCONSTRUCT_EXTRA).toPrivateUint32(); + return !!(callConstruct & IS_CONSTRUCTOR); +} + +const char ScriptedProxyHandler::family = 0; +const ScriptedProxyHandler ScriptedProxyHandler::singleton; + +bool +IsRevokedScriptedProxy(JSObject* obj) +{ + obj = CheckedUnwrap(obj); + return obj && IsScriptedProxy(obj) && !obj->as<ProxyObject>().target(); +} + +// ES8 rev 0c1bd3004329336774cbc90de727cd0cf5f11e93 9.5.14 ProxyCreate. +static bool +ProxyCreate(JSContext* cx, CallArgs& args, const char* callerName) +{ + if (args.length() < 2) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_MORE_ARGS_NEEDED, + callerName, "1", "s"); + return false; + } + + // Step 1. + RootedObject target(cx, NonNullObject(cx, args[0])); + if (!target) + return false; + + // Step 2. + if (IsRevokedScriptedProxy(target)) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_ARG_REVOKED, "1"); + return false; + } + + // Step 3. + RootedObject handler(cx, NonNullObject(cx, args[1])); + if (!handler) + return false; + + // Step 4. + if (IsRevokedScriptedProxy(handler)) { + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_PROXY_ARG_REVOKED, "2"); + return false; + } + + // Steps 5-6, 8. + RootedValue priv(cx, ObjectValue(*target)); + JSObject* proxy_ = + NewProxyObject(cx, &ScriptedProxyHandler::singleton, priv, TaggedProto::LazyProto); + if (!proxy_) + return false; + + // Step 9 (reordered). + Rooted<ProxyObject*> proxy(cx, &proxy_->as<ProxyObject>()); + proxy->setExtra(ScriptedProxyHandler::HANDLER_EXTRA, ObjectValue(*handler)); + + // Step 7. + uint32_t callable = target->isCallable() ? ScriptedProxyHandler::IS_CALLABLE : 0; + uint32_t constructor = target->isConstructor() ? ScriptedProxyHandler::IS_CONSTRUCTOR : 0; + proxy->setExtra(ScriptedProxyHandler::IS_CALLCONSTRUCT_EXTRA, + PrivateUint32Value(callable | constructor)); + + // Step 10. + args.rval().setObject(*proxy); + return true; +} + +bool +js::proxy(JSContext* cx, unsigned argc, Value* vp) +{ + CallArgs args = CallArgsFromVp(argc, vp); + + if (!ThrowIfNotConstructing(cx, args, "Proxy")) + return false; + + return ProxyCreate(cx, args, "Proxy"); +} + +static bool +RevokeProxy(JSContext* cx, unsigned argc, Value* vp) +{ + CallArgs args = CallArgsFromVp(argc, vp); + + RootedFunction func(cx, &args.callee().as<JSFunction>()); + RootedObject p(cx, func->getExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT).toObjectOrNull()); + + if (p) { + func->setExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT, NullValue()); + + MOZ_ASSERT(p->is<ProxyObject>()); + + p->as<ProxyObject>().setSameCompartmentPrivate(NullValue()); + p->as<ProxyObject>().setExtra(ScriptedProxyHandler::HANDLER_EXTRA, NullValue()); + } + + args.rval().setUndefined(); + return true; +} + +bool +js::proxy_revocable(JSContext* cx, unsigned argc, Value* vp) +{ + CallArgs args = CallArgsFromVp(argc, vp); + + if (!ProxyCreate(cx, args, "Proxy.revocable")) + return false; + + RootedValue proxyVal(cx, args.rval()); + MOZ_ASSERT(proxyVal.toObject().is<ProxyObject>()); + + RootedObject revoker(cx, NewFunctionByIdWithReserved(cx, RevokeProxy, 0, 0, + AtomToId(cx->names().revoke))); + if (!revoker) + return false; + + revoker->as<JSFunction>().initExtendedSlot(ScriptedProxyHandler::REVOKE_SLOT, proxyVal); + + RootedPlainObject result(cx, NewBuiltinClassInstance<PlainObject>(cx)); + if (!result) + return false; + + RootedValue revokeVal(cx, ObjectValue(*revoker)); + if (!DefineProperty(cx, result, cx->names().proxy, proxyVal) || + !DefineProperty(cx, result, cx->names().revoke, revokeVal)) + { + return false; + } + + args.rval().setObject(*result); + return true; +} |