summaryrefslogtreecommitdiffstats
path: root/toolkit/components/addoncompat/RemoteAddonsParent.jsm
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/components/addoncompat/RemoteAddonsParent.jsm')
-rw-r--r--toolkit/components/addoncompat/RemoteAddonsParent.jsm1080
1 files changed, 1080 insertions, 0 deletions
diff --git a/toolkit/components/addoncompat/RemoteAddonsParent.jsm b/toolkit/components/addoncompat/RemoteAddonsParent.jsm
new file mode 100644
index 000000000..5cadc2902
--- /dev/null
+++ b/toolkit/components/addoncompat/RemoteAddonsParent.jsm
@@ -0,0 +1,1080 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+this.EXPORTED_SYMBOLS = ["RemoteAddonsParent"];
+
+const Ci = Components.interfaces;
+const Cc = Components.classes;
+const Cu = Components.utils;
+const Cr = Components.results;
+
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+Cu.import("resource://gre/modules/RemoteWebProgress.jsm");
+Cu.import('resource://gre/modules/Services.jsm');
+
+XPCOMUtils.defineLazyModuleGetter(this, "BrowserUtils",
+ "resource://gre/modules/BrowserUtils.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "NetUtil",
+ "resource://gre/modules/NetUtil.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "Prefetcher",
+ "resource://gre/modules/Prefetcher.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "CompatWarning",
+ "resource://gre/modules/CompatWarning.jsm");
+
+Cu.permitCPOWsInScope(this);
+
+// Similar to Python. Returns dict[key] if it exists. Otherwise,
+// sets dict[key] to default_ and returns default_.
+function setDefault(dict, key, default_)
+{
+ if (key in dict) {
+ return dict[key];
+ }
+ dict[key] = default_;
+ return default_;
+}
+
+// This code keeps track of a set of paths of the form [component_1,
+// ..., component_n]. The components can be strings or booleans. The
+// child is notified whenever a path is added or removed, and new
+// children can request the current set of paths. The purpose is to
+// keep track of all the observers and events that the child should
+// monitor for the parent.
+var NotificationTracker = {
+ // _paths is a multi-level dictionary. Let's add paths [A, B] and
+ // [A, C]. Then _paths will look like this:
+ // { 'A': { 'B': { '_count': 1 }, 'C': { '_count': 1 } } }
+ // Each component in a path will be a key in some dictionary. At the
+ // end, the _count property keeps track of how many instances of the
+ // given path are present in _paths.
+ _paths: {},
+
+ init: function() {
+ let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"]
+ .getService(Ci.nsIMessageBroadcaster);
+ ppmm.initialProcessData.remoteAddonsNotificationPaths = this._paths;
+ },
+
+ add: function(path) {
+ let tracked = this._paths;
+ for (let component of path) {
+ tracked = setDefault(tracked, component, {});
+ }
+ let count = tracked._count || 0;
+ count++;
+ tracked._count = count;
+
+ let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"]
+ .getService(Ci.nsIMessageBroadcaster);
+ ppmm.broadcastAsyncMessage("Addons:ChangeNotification", {path: path, count: count});
+ },
+
+ remove: function(path) {
+ let tracked = this._paths;
+ for (let component of path) {
+ tracked = setDefault(tracked, component, {});
+ }
+ tracked._count--;
+
+ let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"]
+ .getService(Ci.nsIMessageBroadcaster);
+ ppmm.broadcastAsyncMessage("Addons:ChangeNotification", {path: path, count: tracked._count});
+ },
+};
+NotificationTracker.init();
+
+// An interposition is an object with three properties: methods,
+// getters, and setters. See multiprocessShims.js for an explanation
+// of how these are used. The constructor here just allows one
+// interposition to inherit members from another.
+function Interposition(name, base)
+{
+ this.name = name;
+ if (base) {
+ this.methods = Object.create(base.methods);
+ this.getters = Object.create(base.getters);
+ this.setters = Object.create(base.setters);
+ } else {
+ this.methods = Object.create(null);
+ this.getters = Object.create(null);
+ this.setters = Object.create(null);
+ }
+}
+
+// This object is responsible for notifying the child when a new
+// content policy is added or removed. It also runs all the registered
+// add-on content policies when the child asks it to do so.
+var ContentPolicyParent = {
+ init: function() {
+ let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"]
+ .getService(Ci.nsIMessageBroadcaster);
+ ppmm.addMessageListener("Addons:ContentPolicy:Run", this);
+
+ this._policies = new Map();
+ },
+
+ addContentPolicy: function(addon, name, cid) {
+ this._policies.set(name, cid);
+ NotificationTracker.add(["content-policy", addon]);
+ },
+
+ removeContentPolicy: function(addon, name) {
+ this._policies.delete(name);
+ NotificationTracker.remove(["content-policy", addon]);
+ },
+
+ receiveMessage: function (aMessage) {
+ switch (aMessage.name) {
+ case "Addons:ContentPolicy:Run":
+ return this.shouldLoad(aMessage.data, aMessage.objects);
+ }
+ return undefined;
+ },
+
+ shouldLoad: function(aData, aObjects) {
+ for (let policyCID of this._policies.values()) {
+ let policy;
+ try {
+ policy = Cc[policyCID].getService(Ci.nsIContentPolicy);
+ } catch (e) {
+ // Current Gecko behavior is to ignore entries that don't QI.
+ continue;
+ }
+ try {
+ let contentLocation = BrowserUtils.makeURI(aData.contentLocation);
+ let requestOrigin = aData.requestOrigin ? BrowserUtils.makeURI(aData.requestOrigin) : null;
+
+ let result = Prefetcher.withPrefetching(aData.prefetched, aObjects, () => {
+ return policy.shouldLoad(aData.contentType,
+ contentLocation,
+ requestOrigin,
+ aObjects.node,
+ aData.mimeTypeGuess,
+ null,
+ aData.requestPrincipal);
+ });
+ if (result != Ci.nsIContentPolicy.ACCEPT && result != 0)
+ return result;
+ } catch (e) {
+ Cu.reportError(e);
+ }
+ }
+
+ return Ci.nsIContentPolicy.ACCEPT;
+ },
+};
+ContentPolicyParent.init();
+
+// This interposition intercepts calls to add or remove new content
+// policies and forwards these requests to ContentPolicyParent.
+var CategoryManagerInterposition = new Interposition("CategoryManagerInterposition");
+
+CategoryManagerInterposition.methods.addCategoryEntry =
+ function(addon, target, category, entry, value, persist, replace) {
+ if (category == "content-policy") {
+ CompatWarning.warn("content-policy should be added from the child process only.",
+ addon, CompatWarning.warnings.nsIContentPolicy);
+ ContentPolicyParent.addContentPolicy(addon, entry, value);
+ }
+
+ target.addCategoryEntry(category, entry, value, persist, replace);
+ };
+
+CategoryManagerInterposition.methods.deleteCategoryEntry =
+ function(addon, target, category, entry, persist) {
+ if (category == "content-policy") {
+ CompatWarning.warn("content-policy should be removed from the child process only.",
+ addon, CompatWarning.warnings.nsIContentPolicy);
+ ContentPolicyParent.removeContentPolicy(addon, entry);
+ }
+
+ target.deleteCategoryEntry(category, entry, persist);
+ };
+
+// This shim handles the case where an add-on registers an about:
+// protocol handler in the parent and we want the child to be able to
+// use it. This code is pretty specific to Adblock's usage.
+var AboutProtocolParent = {
+ init: function() {
+ let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"]
+ .getService(Ci.nsIMessageBroadcaster);
+ ppmm.addMessageListener("Addons:AboutProtocol:GetURIFlags", this);
+ ppmm.addMessageListener("Addons:AboutProtocol:OpenChannel", this);
+ this._protocols = [];
+ },
+
+ registerFactory: function(addon, class_, className, contractID, factory) {
+ this._protocols.push({contractID: contractID, factory: factory});
+ NotificationTracker.add(["about-protocol", contractID, addon]);
+ },
+
+ unregisterFactory: function(addon, class_, factory) {
+ for (let i = 0; i < this._protocols.length; i++) {
+ if (this._protocols[i].factory == factory) {
+ NotificationTracker.remove(["about-protocol", this._protocols[i].contractID, addon]);
+ this._protocols.splice(i, 1);
+ break;
+ }
+ }
+ },
+
+ receiveMessage: function (msg) {
+ switch (msg.name) {
+ case "Addons:AboutProtocol:GetURIFlags":
+ return this.getURIFlags(msg);
+ case "Addons:AboutProtocol:OpenChannel":
+ return this.openChannel(msg);
+ }
+ return undefined;
+ },
+
+ getURIFlags: function(msg) {
+ let uri = BrowserUtils.makeURI(msg.data.uri);
+ let contractID = msg.data.contractID;
+ let module = Cc[contractID].getService(Ci.nsIAboutModule);
+ try {
+ return module.getURIFlags(uri);
+ } catch (e) {
+ Cu.reportError(e);
+ return undefined;
+ }
+ },
+
+ // We immediately read all the data out of the channel here and
+ // return it to the child.
+ openChannel: function(msg) {
+ function wrapGetInterface(cpow) {
+ return {
+ getInterface: function(intf) { return cpow.getInterface(intf); }
+ };
+ }
+
+ let uri = BrowserUtils.makeURI(msg.data.uri);
+ let channelParams;
+ if (msg.data.contentPolicyType === Ci.nsIContentPolicy.TYPE_DOCUMENT) {
+ // For TYPE_DOCUMENT loads, we cannot recreate the loadinfo here in the
+ // parent. In that case, treat this as a chrome (addon)-requested
+ // subload. When we use the data in the child, we'll load it into the
+ // correctly-principaled document.
+ channelParams = {
+ uri,
+ contractID: msg.data.contractID,
+ loadingPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
+ securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+ contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER
+ };
+ } else {
+ // We can recreate the loadinfo here in the parent for non TYPE_DOCUMENT
+ // loads.
+ channelParams = {
+ uri,
+ contractID: msg.data.contractID,
+ loadingPrincipal: msg.data.loadingPrincipal,
+ securityFlags: msg.data.securityFlags,
+ contentPolicyType: msg.data.contentPolicyType
+ };
+ }
+
+ try {
+ let channel = NetUtil.newChannel(channelParams);
+
+ // We're not allowed to set channel.notificationCallbacks to a
+ // CPOW, since the setter for notificationCallbacks is in C++,
+ // which can't tolerate CPOWs. Instead we just use a JS object
+ // that wraps the CPOW.
+ channel.notificationCallbacks = wrapGetInterface(msg.objects.notificationCallbacks);
+ if (msg.objects.loadGroupNotificationCallbacks) {
+ channel.loadGroup = {notificationCallbacks: msg.objects.loadGroupNotificationCallbacks};
+ } else {
+ channel.loadGroup = null;
+ }
+ let stream = channel.open2();
+ let data = NetUtil.readInputStreamToString(stream, stream.available(), {});
+ return {
+ data: data,
+ contentType: channel.contentType
+ };
+ } catch (e) {
+ Cu.reportError(e);
+ return undefined;
+ }
+ },
+};
+AboutProtocolParent.init();
+
+var ComponentRegistrarInterposition = new Interposition("ComponentRegistrarInterposition");
+
+ComponentRegistrarInterposition.methods.registerFactory =
+ function(addon, target, class_, className, contractID, factory) {
+ if (contractID && contractID.startsWith("@mozilla.org/network/protocol/about;1?")) {
+ CompatWarning.warn("nsIAboutModule should be registered in the content process" +
+ " as well as the chrome process. (If you do that already, ignore" +
+ " this warning.)",
+ addon, CompatWarning.warnings.nsIAboutModule);
+ AboutProtocolParent.registerFactory(addon, class_, className, contractID, factory);
+ }
+
+ target.registerFactory(class_, className, contractID, factory);
+ };
+
+ComponentRegistrarInterposition.methods.unregisterFactory =
+ function(addon, target, class_, factory) {
+ AboutProtocolParent.unregisterFactory(addon, class_, factory);
+ target.unregisterFactory(class_, factory);
+ };
+
+// This object manages add-on observers that might fire in the child
+// process. Rather than managing the observers itself, it uses the
+// parent's observer service. When an add-on listens on topic T,
+// ObserverParent asks the child process to listen on T. It also adds
+// an observer in the parent for the topic e10s-T. When the T observer
+// fires in the child, the parent fires all the e10s-T observers,
+// passing them CPOWs for the subject and data. We don't want to use T
+// in the parent because there might be non-add-on T observers that
+// won't expect to get notified in this case.
+var ObserverParent = {
+ init: function() {
+ let ppmm = Cc["@mozilla.org/parentprocessmessagemanager;1"]
+ .getService(Ci.nsIMessageBroadcaster);
+ ppmm.addMessageListener("Addons:Observer:Run", this);
+ },
+
+ addObserver: function(addon, observer, topic, ownsWeak) {
+ Services.obs.addObserver(observer, "e10s-" + topic, ownsWeak);
+ NotificationTracker.add(["observer", topic, addon]);
+ },
+
+ removeObserver: function(addon, observer, topic) {
+ Services.obs.removeObserver(observer, "e10s-" + topic);
+ NotificationTracker.remove(["observer", topic, addon]);
+ },
+
+ receiveMessage: function(msg) {
+ switch (msg.name) {
+ case "Addons:Observer:Run":
+ this.notify(msg.objects.subject, msg.objects.topic, msg.objects.data);
+ break;
+ }
+ },
+
+ notify: function(subject, topic, data) {
+ let e = Services.obs.enumerateObservers("e10s-" + topic);
+ while (e.hasMoreElements()) {
+ let obs = e.getNext().QueryInterface(Ci.nsIObserver);
+ try {
+ obs.observe(subject, topic, data);
+ } catch (e) {
+ Cu.reportError(e);
+ }
+ }
+ }
+};
+ObserverParent.init();
+
+// We only forward observers for these topics.
+var TOPIC_WHITELIST = [
+ "content-document-global-created",
+ "document-element-inserted",
+ "dom-window-destroyed",
+ "inner-window-destroyed",
+ "outer-window-destroyed",
+ "csp-on-violate-policy",
+];
+
+// This interposition listens for
+// nsIObserverService.{add,remove}Observer.
+var ObserverInterposition = new Interposition("ObserverInterposition");
+
+ObserverInterposition.methods.addObserver =
+ function(addon, target, observer, topic, ownsWeak) {
+ if (TOPIC_WHITELIST.indexOf(topic) >= 0) {
+ CompatWarning.warn(`${topic} observer should be added from the child process only.`,
+ addon, CompatWarning.warnings.observers);
+
+ ObserverParent.addObserver(addon, observer, topic);
+ }
+
+ target.addObserver(observer, topic, ownsWeak);
+ };
+
+ObserverInterposition.methods.removeObserver =
+ function(addon, target, observer, topic) {
+ if (TOPIC_WHITELIST.indexOf(topic) >= 0) {
+ ObserverParent.removeObserver(addon, observer, topic);
+ }
+
+ target.removeObserver(observer, topic);
+ };
+
+// This object is responsible for forwarding events from the child to
+// the parent.
+var EventTargetParent = {
+ init: function() {
+ // The _listeners map goes from targets (either <browser> elements
+ // or windows) to a dictionary from event types to listeners.
+ this._listeners = new WeakMap();
+
+ let mm = Cc["@mozilla.org/globalmessagemanager;1"].
+ getService(Ci.nsIMessageListenerManager);
+ mm.addMessageListener("Addons:Event:Run", this);
+ },
+
+ // If target is not on the path from a <browser> element to the
+ // window root, then we return null here to ignore the
+ // target. Otherwise, if the target is a browser-specific element
+ // (the <browser> or <tab> elements), then we return the
+ // <browser>. If it's some generic element, then we return the
+ // window itself.
+ redirectEventTarget: function(target) {
+ if (Cu.isCrossProcessWrapper(target)) {
+ return null;
+ }
+
+ if (target instanceof Ci.nsIDOMChromeWindow) {
+ return target;
+ }
+
+ if (target instanceof Ci.nsIDOMXULElement) {
+ if (target.localName == "browser") {
+ return target;
+ } else if (target.localName == "tab") {
+ return target.linkedBrowser;
+ }
+
+ // Check if |target| is somewhere on the patch from the
+ // <tabbrowser> up to the root element.
+ let window = target.ownerDocument.defaultView;
+ if (window && target.contains(window.gBrowser)) {
+ return window;
+ }
+ }
+
+ return null;
+ },
+
+ // When a given event fires in the child, we fire it on the
+ // <browser> element and the window since those are the two possible
+ // results of redirectEventTarget.
+ getTargets: function(browser) {
+ let window = browser.ownerDocument.defaultView;
+ return [browser, window];
+ },
+
+ addEventListener: function(addon, target, type, listener, useCapture, wantsUntrusted, delayedWarning) {
+ let newTarget = this.redirectEventTarget(target);
+ if (!newTarget) {
+ return;
+ }
+
+ useCapture = useCapture || false;
+ wantsUntrusted = wantsUntrusted || false;
+
+ NotificationTracker.add(["event", type, useCapture, addon]);
+
+ let listeners = this._listeners.get(newTarget);
+ if (!listeners) {
+ listeners = {};
+ this._listeners.set(newTarget, listeners);
+ }
+ let forType = setDefault(listeners, type, []);
+
+ // If there's already an identical listener, don't do anything.
+ for (let i = 0; i < forType.length; i++) {
+ if (forType[i].listener === listener &&
+ forType[i].target === target &&
+ forType[i].useCapture === useCapture &&
+ forType[i].wantsUntrusted === wantsUntrusted) {
+ return;
+ }
+ }
+
+ forType.push({listener: listener,
+ target: target,
+ wantsUntrusted: wantsUntrusted,
+ useCapture: useCapture,
+ delayedWarning: delayedWarning});
+ },
+
+ removeEventListener: function(addon, target, type, listener, useCapture) {
+ let newTarget = this.redirectEventTarget(target);
+ if (!newTarget) {
+ return;
+ }
+
+ useCapture = useCapture || false;
+
+ let listeners = this._listeners.get(newTarget);
+ if (!listeners) {
+ return;
+ }
+ let forType = setDefault(listeners, type, []);
+
+ for (let i = 0; i < forType.length; i++) {
+ if (forType[i].listener === listener &&
+ forType[i].target === target &&
+ forType[i].useCapture === useCapture) {
+ forType.splice(i, 1);
+ NotificationTracker.remove(["event", type, useCapture, addon]);
+ break;
+ }
+ }
+ },
+
+ receiveMessage: function(msg) {
+ switch (msg.name) {
+ case "Addons:Event:Run":
+ this.dispatch(msg.target, msg.data.type, msg.data.capturing,
+ msg.data.isTrusted, msg.data.prefetched, msg.objects);
+ break;
+ }
+ },
+
+ dispatch: function(browser, type, capturing, isTrusted, prefetched, cpows) {
+ let event = cpows.event;
+ let eventTarget = cpows.eventTarget;
+ let targets = this.getTargets(browser);
+ for (let target of targets) {
+ let listeners = this._listeners.get(target);
+ if (!listeners) {
+ continue;
+ }
+ let forType = setDefault(listeners, type, []);
+
+ // Make a copy in case they call removeEventListener in the listener.
+ let handlers = [];
+ for (let {listener, target, wantsUntrusted, useCapture, delayedWarning} of forType) {
+ if ((wantsUntrusted || isTrusted) && useCapture == capturing) {
+ // Issue a warning for this listener.
+ delayedWarning();
+
+ handlers.push([listener, target]);
+ }
+ }
+
+ for (let [handler, target] of handlers) {
+ let EventProxy = {
+ get: function(knownProps, name) {
+ if (knownProps.hasOwnProperty(name))
+ return knownProps[name];
+ return event[name];
+ }
+ }
+ let proxyEvent = new Proxy({
+ currentTarget: target,
+ target: eventTarget,
+ type: type,
+ QueryInterface: function(iid) {
+ if (iid.equals(Ci.nsISupports) ||
+ iid.equals(Ci.nsIDOMEventTarget))
+ return proxyEvent;
+ // If event deson't support the interface this will throw. If it
+ // does we want to return the proxy
+ event.QueryInterface(iid);
+ return proxyEvent;
+ }
+ }, EventProxy);
+
+ try {
+ Prefetcher.withPrefetching(prefetched, cpows, () => {
+ if ("handleEvent" in handler) {
+ handler.handleEvent(proxyEvent);
+ } else {
+ handler.call(eventTarget, proxyEvent);
+ }
+ });
+ } catch (e) {
+ Cu.reportError(e);
+ }
+ }
+ }
+ }
+};
+EventTargetParent.init();
+
+// This function returns a listener that will not fire on events where
+// the target is a remote xul:browser element itself. We'd rather let
+// the child process handle the event and pass it up via
+// EventTargetParent.
+var filteringListeners = new WeakMap();
+function makeFilteringListener(eventType, listener)
+{
+ // Some events are actually targeted at the <browser> element
+ // itself, so we only handle the ones where know that won't happen.
+ let eventTypes = ["mousedown", "mouseup", "click"];
+ if (!eventTypes.includes(eventType) || !listener ||
+ (typeof listener != "object" && typeof listener != "function")) {
+ return listener;
+ }
+
+ if (filteringListeners.has(listener)) {
+ return filteringListeners.get(listener);
+ }
+
+ function filter(event) {
+ let target = event.originalTarget;
+ if (target instanceof Ci.nsIDOMXULElement &&
+ target.localName == "browser" &&
+ target.isRemoteBrowser) {
+ return;
+ }
+
+ if ("handleEvent" in listener) {
+ listener.handleEvent(event);
+ } else {
+ listener.call(event.target, event);
+ }
+ }
+ filteringListeners.set(listener, filter);
+ return filter;
+}
+
+// This interposition redirects addEventListener and
+// removeEventListener to EventTargetParent.
+var EventTargetInterposition = new Interposition("EventTargetInterposition");
+
+EventTargetInterposition.methods.addEventListener =
+ function(addon, target, type, listener, useCapture, wantsUntrusted) {
+ let delayed = CompatWarning.delayedWarning(
+ `Registering a ${type} event listener on content DOM nodes` +
+ " needs to happen in the content process.",
+ addon, CompatWarning.warnings.DOM_events);
+
+ EventTargetParent.addEventListener(addon, target, type, listener, useCapture, wantsUntrusted, delayed);
+ target.addEventListener(type, makeFilteringListener(type, listener), useCapture, wantsUntrusted);
+ };
+
+EventTargetInterposition.methods.removeEventListener =
+ function(addon, target, type, listener, useCapture) {
+ EventTargetParent.removeEventListener(addon, target, type, listener, useCapture);
+ target.removeEventListener(type, makeFilteringListener(type, listener), useCapture);
+ };
+
+// This interposition intercepts accesses to |rootTreeItem| on a child
+// process docshell. In the child, each docshell is its own
+// root. However, add-ons expect the root to be the chrome docshell,
+// so we make that happen here.
+var ContentDocShellTreeItemInterposition = new Interposition("ContentDocShellTreeItemInterposition");
+
+ContentDocShellTreeItemInterposition.getters.rootTreeItem =
+ function(addon, target) {
+ // The chrome global in the child.
+ let chromeGlobal = target.rootTreeItem
+ .QueryInterface(Ci.nsIInterfaceRequestor)
+ .getInterface(Ci.nsIContentFrameMessageManager);
+
+ // Map it to a <browser> element and window.
+ let browser = RemoteAddonsParent.globalToBrowser.get(chromeGlobal);
+ if (!browser) {
+ // Somehow we have a CPOW from the child, but it hasn't sent us
+ // its global yet. That shouldn't happen, but return null just
+ // in case.
+ return null;
+ }
+
+ let chromeWin = browser.ownerDocument.defaultView;
+
+ // Return that window's docshell.
+ return chromeWin.QueryInterface(Ci.nsIInterfaceRequestor)
+ .getInterface(Ci.nsIWebNavigation)
+ .QueryInterface(Ci.nsIDocShellTreeItem);
+ };
+
+function chromeGlobalForContentWindow(window)
+{
+ return window
+ .QueryInterface(Ci.nsIInterfaceRequestor)
+ .getInterface(Ci.nsIWebNavigation)
+ .QueryInterface(Ci.nsIDocShellTreeItem)
+ .rootTreeItem
+ .QueryInterface(Ci.nsIInterfaceRequestor)
+ .getInterface(Ci.nsIContentFrameMessageManager);
+}
+
+// This object manages sandboxes created with content principals in
+// the parent. We actually create these sandboxes in the child process
+// so that the code loaded into them runs there. The resulting sandbox
+// object is a CPOW. This is primarly useful for Greasemonkey.
+var SandboxParent = {
+ componentsMap: new WeakMap(),
+
+ makeContentSandbox: function(addon, chromeGlobal, principals, ...rest) {
+ CompatWarning.warn("This sandbox should be created from the child process.",
+ addon, CompatWarning.warnings.sandboxes);
+ if (rest.length) {
+ // Do a shallow copy of the options object into the child
+ // process. This way we don't have to access it through a Chrome
+ // object wrapper, which would require __exposedProps__.
+ //
+ // The only object property here is sandboxPrototype. We assume
+ // it's a child process object (since that's what Greasemonkey
+ // does) and leave it alone.
+ let options = rest[0];
+ let optionsCopy = new chromeGlobal.Object();
+ for (let prop in options) {
+ optionsCopy[prop] = options[prop];
+ }
+ rest[0] = optionsCopy;
+ }
+
+ // Make a sandbox in the child.
+ let cu = chromeGlobal.Components.utils;
+ let sandbox = cu.Sandbox(principals, ...rest);
+
+ // We need to save the sandbox in the child so it won't get
+ // GCed. The child will drop this reference at the next
+ // navigation.
+ chromeGlobal.addSandbox(sandbox);
+
+ // The sandbox CPOW will be kept alive by whomever we return it
+ // to. Its lifetime is unrelated to that of the sandbox object in
+ // the child.
+ this.componentsMap.set(sandbox, cu);
+ return sandbox;
+ },
+
+ evalInSandbox: function(code, sandbox, ...rest) {
+ let cu = this.componentsMap.get(sandbox);
+ return cu.evalInSandbox(code, sandbox, ...rest);
+ }
+};
+
+// This interposition redirects calls to Cu.Sandbox and
+// Cu.evalInSandbox to SandboxParent if the principals are content
+// principals.
+var ComponentsUtilsInterposition = new Interposition("ComponentsUtilsInterposition");
+
+ComponentsUtilsInterposition.methods.Sandbox =
+ function(addon, target, principals, ...rest) {
+ // principals can be a window object, a list of window objects, or
+ // something else (a string, for example).
+ if (principals &&
+ typeof(principals) == "object" &&
+ Cu.isCrossProcessWrapper(principals) &&
+ principals instanceof Ci.nsIDOMWindow) {
+ let chromeGlobal = chromeGlobalForContentWindow(principals);
+ return SandboxParent.makeContentSandbox(addon, chromeGlobal, principals, ...rest);
+ } else if (principals &&
+ typeof(principals) == "object" &&
+ "every" in principals &&
+ principals.length &&
+ principals.every(e => e instanceof Ci.nsIDOMWindow && Cu.isCrossProcessWrapper(e))) {
+ let chromeGlobal = chromeGlobalForContentWindow(principals[0]);
+
+ // The principals we pass to the content process must use an
+ // Array object from the content process.
+ let array = new chromeGlobal.Array();
+ for (let i = 0; i < principals.length; i++) {
+ array[i] = principals[i];
+ }
+ return SandboxParent.makeContentSandbox(addon, chromeGlobal, array, ...rest);
+ }
+ return Components.utils.Sandbox(principals, ...rest);
+ };
+
+ComponentsUtilsInterposition.methods.evalInSandbox =
+ function(addon, target, code, sandbox, ...rest) {
+ if (sandbox && Cu.isCrossProcessWrapper(sandbox)) {
+ return SandboxParent.evalInSandbox(code, sandbox, ...rest);
+ }
+ return Components.utils.evalInSandbox(code, sandbox, ...rest);
+ };
+
+// This interposition handles cases where an add-on tries to import a
+// chrome XUL node into a content document. It doesn't actually do the
+// import, which we can't support. It just avoids throwing an
+// exception.
+var ContentDocumentInterposition = new Interposition("ContentDocumentInterposition");
+
+ContentDocumentInterposition.methods.importNode =
+ function(addon, target, node, deep) {
+ if (!Cu.isCrossProcessWrapper(node)) {
+ // Trying to import a node from the parent process into the
+ // child process. We don't support this now. Video Download
+ // Helper does this in domhook-service.js to add a XUL
+ // popupmenu to content.
+ Cu.reportError("Calling contentDocument.importNode on a XUL node is not allowed.");
+ return node;
+ }
+
+ return target.importNode(node, deep);
+ };
+
+// This interposition ensures that calling browser.docShell from an
+// add-on returns a CPOW around the dochell.
+var RemoteBrowserElementInterposition = new Interposition("RemoteBrowserElementInterposition",
+ EventTargetInterposition);
+
+RemoteBrowserElementInterposition.getters.docShell = function(addon, target) {
+ CompatWarning.warn("Direct access to content docshell will no longer work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+ let remoteChromeGlobal = RemoteAddonsParent.browserToGlobal.get(target);
+ if (!remoteChromeGlobal) {
+ // We may not have any messages from this tab yet.
+ return null;
+ }
+ return remoteChromeGlobal.docShell;
+};
+
+RemoteBrowserElementInterposition.getters.sessionHistory = function(addon, target) {
+ CompatWarning.warn("Direct access to browser.sessionHistory will no longer " +
+ "work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+
+ return getSessionHistory(target);
+}
+
+// We use this in place of the real browser.contentWindow if we
+// haven't yet received a CPOW for the child process's window. This
+// happens if the tab has just started loading.
+function makeDummyContentWindow(browser) {
+ let dummyContentWindow = {
+ set location(url) {
+ browser.loadURI(url, null, null);
+ },
+ document: {
+ readyState: "loading",
+ location: { href: "about:blank" }
+ },
+ frames: [],
+ };
+ dummyContentWindow.top = dummyContentWindow;
+ dummyContentWindow.document.defaultView = dummyContentWindow;
+ browser._contentWindow = dummyContentWindow;
+ return dummyContentWindow;
+}
+
+RemoteBrowserElementInterposition.getters.contentWindow = function(addon, target) {
+ CompatWarning.warn("Direct access to browser.contentWindow will no longer work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+
+ // If we don't have a CPOW yet, just return something we can use for
+ // setting the location. This is useful for tests that create a tab
+ // and immediately set contentWindow.location.
+ if (!target.contentWindowAsCPOW) {
+ CompatWarning.warn("CPOW to the content window does not exist yet, dummy content window is created.");
+ return makeDummyContentWindow(target);
+ }
+ return target.contentWindowAsCPOW;
+};
+
+function getContentDocument(addon, browser)
+{
+ if (!browser.contentWindowAsCPOW) {
+ return makeDummyContentWindow(browser).document;
+ }
+
+ let doc = Prefetcher.lookupInCache(addon, browser.contentWindowAsCPOW, "document");
+ if (doc) {
+ return doc;
+ }
+
+ return browser.contentWindowAsCPOW.document;
+}
+
+function getSessionHistory(browser) {
+ let remoteChromeGlobal = RemoteAddonsParent.browserToGlobal.get(browser);
+ if (!remoteChromeGlobal) {
+ CompatWarning.warn("CPOW for the remote browser docShell hasn't been received yet.");
+ // We may not have any messages from this tab yet.
+ return null;
+ }
+ return remoteChromeGlobal.docShell.QueryInterface(Ci.nsIWebNavigation).sessionHistory;
+}
+
+RemoteBrowserElementInterposition.getters.contentDocument = function(addon, target) {
+ CompatWarning.warn("Direct access to browser.contentDocument will no longer work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+
+ return getContentDocument(addon, target);
+};
+
+var TabBrowserElementInterposition = new Interposition("TabBrowserElementInterposition",
+ EventTargetInterposition);
+
+TabBrowserElementInterposition.getters.contentWindow = function(addon, target) {
+ CompatWarning.warn("Direct access to gBrowser.contentWindow will no longer work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+
+ if (!target.selectedBrowser.contentWindowAsCPOW) {
+ return makeDummyContentWindow(target.selectedBrowser);
+ }
+ return target.selectedBrowser.contentWindowAsCPOW;
+};
+
+TabBrowserElementInterposition.getters.contentDocument = function(addon, target) {
+ CompatWarning.warn("Direct access to gBrowser.contentDocument will no longer work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+
+ let browser = target.selectedBrowser;
+ return getContentDocument(addon, browser);
+};
+
+TabBrowserElementInterposition.getters.sessionHistory = function(addon, target) {
+ CompatWarning.warn("Direct access to gBrowser.sessionHistory will no " +
+ "longer work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+ let browser = target.selectedBrowser;
+ if (!browser.isRemoteBrowser) {
+ return browser.sessionHistory;
+ }
+ return getSessionHistory(browser);
+};
+
+// This function returns a wrapper around an
+// nsIWebProgressListener. When the wrapper is invoked, it calls the
+// real listener but passes CPOWs for the nsIWebProgress and
+// nsIRequest arguments.
+var progressListeners = {global: new WeakMap(), tabs: new WeakMap()};
+function wrapProgressListener(kind, listener)
+{
+ if (progressListeners[kind].has(listener)) {
+ return progressListeners[kind].get(listener);
+ }
+
+ let ListenerHandler = {
+ get: function(target, name) {
+ if (name.startsWith("on")) {
+ return function(...args) {
+ listener[name].apply(listener, RemoteWebProgressManager.argumentsForAddonListener(kind, args));
+ };
+ }
+
+ return listener[name];
+ }
+ };
+ let listenerProxy = new Proxy(listener, ListenerHandler);
+
+ progressListeners[kind].set(listener, listenerProxy);
+ return listenerProxy;
+}
+
+TabBrowserElementInterposition.methods.addProgressListener = function(addon, target, listener) {
+ if (!target.ownerDocument.defaultView.gMultiProcessBrowser) {
+ return target.addProgressListener(listener);
+ }
+
+ NotificationTracker.add(["web-progress", addon]);
+ return target.addProgressListener(wrapProgressListener("global", listener));
+};
+
+TabBrowserElementInterposition.methods.removeProgressListener = function(addon, target, listener) {
+ if (!target.ownerDocument.defaultView.gMultiProcessBrowser) {
+ return target.removeProgressListener(listener);
+ }
+
+ NotificationTracker.remove(["web-progress", addon]);
+ return target.removeProgressListener(wrapProgressListener("global", listener));
+};
+
+TabBrowserElementInterposition.methods.addTabsProgressListener = function(addon, target, listener) {
+ if (!target.ownerDocument.defaultView.gMultiProcessBrowser) {
+ return target.addTabsProgressListener(listener);
+ }
+
+ NotificationTracker.add(["web-progress", addon]);
+ return target.addTabsProgressListener(wrapProgressListener("tabs", listener));
+};
+
+TabBrowserElementInterposition.methods.removeTabsProgressListener = function(addon, target, listener) {
+ if (!target.ownerDocument.defaultView.gMultiProcessBrowser) {
+ return target.removeTabsProgressListener(listener);
+ }
+
+ NotificationTracker.remove(["web-progress", addon]);
+ return target.removeTabsProgressListener(wrapProgressListener("tabs", listener));
+};
+
+var ChromeWindowInterposition = new Interposition("ChromeWindowInterposition",
+ EventTargetInterposition);
+
+// _content is for older add-ons like pinboard and all-in-one gestures
+// that should be using content instead.
+ChromeWindowInterposition.getters.content =
+ChromeWindowInterposition.getters._content = function(addon, target) {
+ CompatWarning.warn("Direct access to chromeWindow.content will no longer work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+
+ let browser = target.gBrowser.selectedBrowser;
+ if (!browser.contentWindowAsCPOW) {
+ return makeDummyContentWindow(browser);
+ }
+ return browser.contentWindowAsCPOW;
+};
+
+var RemoteWebNavigationInterposition = new Interposition("RemoteWebNavigation");
+
+RemoteWebNavigationInterposition.getters.sessionHistory = function(addon, target) {
+ CompatWarning.warn("Direct access to webNavigation.sessionHistory will no longer " +
+ "work in the chrome process.",
+ addon, CompatWarning.warnings.content);
+
+ if (target instanceof Ci.nsIDocShell) {
+ // We must have a non-remote browser, so we can go ahead
+ // and just return the real sessionHistory.
+ return target.sessionHistory;
+ }
+
+ let impl = target.wrappedJSObject;
+ if (!impl) {
+ return null;
+ }
+
+ let browser = impl._browser;
+
+ return getSessionHistory(browser);
+}
+
+var RemoteAddonsParent = {
+ init: function() {
+ let mm = Cc["@mozilla.org/globalmessagemanager;1"].getService(Ci.nsIMessageListenerManager);
+ mm.addMessageListener("Addons:RegisterGlobal", this);
+
+ Services.ppmm.initialProcessData.remoteAddonsParentInitted = true;
+
+ this.globalToBrowser = new WeakMap();
+ this.browserToGlobal = new WeakMap();
+ },
+
+ getInterfaceInterpositions: function() {
+ let result = {};
+
+ function register(intf, interp) {
+ result[intf.number] = interp;
+ }
+
+ register(Ci.nsICategoryManager, CategoryManagerInterposition);
+ register(Ci.nsIComponentRegistrar, ComponentRegistrarInterposition);
+ register(Ci.nsIObserverService, ObserverInterposition);
+ register(Ci.nsIXPCComponents_Utils, ComponentsUtilsInterposition);
+ register(Ci.nsIWebNavigation, RemoteWebNavigationInterposition);
+
+ return result;
+ },
+
+ getTaggedInterpositions: function() {
+ let result = {};
+
+ function register(tag, interp) {
+ result[tag] = interp;
+ }
+
+ register("EventTarget", EventTargetInterposition);
+ register("ContentDocShellTreeItem", ContentDocShellTreeItemInterposition);
+ register("ContentDocument", ContentDocumentInterposition);
+ register("RemoteBrowserElement", RemoteBrowserElementInterposition);
+ register("TabBrowserElement", TabBrowserElementInterposition);
+ register("ChromeWindow", ChromeWindowInterposition);
+
+ return result;
+ },
+
+ receiveMessage: function(msg) {
+ switch (msg.name) {
+ case "Addons:RegisterGlobal":
+ this.browserToGlobal.set(msg.target, msg.objects.global);
+ this.globalToBrowser.set(msg.objects.global, msg.target);
+ break;
+ }
+ }
+};