Issue #618 - Clear the module map when changing a Document's global and add

release build assertions for mismatching compartments.

4 files changed, 17 insertions, 3 deletions

diff --git a/dom/html/nsHTMLDocument.cpp b/dom/html/nsHTMLDocument.cpp
index fc5268acc..b0747fb04 100644
--- a/dom/html/nsHTMLDocument.cpp
+++ b/dom/html/nsHTMLDocument.cpp
@@ -1511,6 +1511,9 @@ nsHTMLDocument::Open(JSContext* cx,
     // document again otherwise the document could have a non-zero onload block
     // count without the onload blocker request being in the loadgroup.
     EnsureOnloadBlocker();
+
+    // Throw away loaded modules created for the previous global.
+    ScriptLoader()->ClearModuleMap();
   }
 
   // Step 8 - Clear all event listeners out of our DOM tree
diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp
index 71838580f..362c27f3e 100644
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -477,6 +477,11 @@ ScriptLoader::GetFetchedModule(nsIURI* aURL) const
   return ms;
 }
 
+void ScriptLoader::ClearModuleMap() {
+  MOZ_ASSERT(mFetchingModules.IsEmpty());
+  mFetchedModules.Clear();
+}
+
 nsresult
 ScriptLoader::ProcessFetchedModuleSource(ModuleLoadRequest* aRequest)
 {
diff --git a/dom/script/ScriptLoader.h b/dom/script/ScriptLoader.h
index 2c5b683e7..73f2a9258 100644
--- a/dom/script/ScriptLoader.h
+++ b/dom/script/ScriptLoader.h
@@ -506,6 +506,12 @@ public:
     return mPendingChildLoaders.AppendElement(aChild) != nullptr;
   }
 
+  /*
+   * Clear the map of loaded modules. Called when a Document object is reused
+   * for a different global.
+   */
+  void ClearModuleMap();
+
 private:
   virtual ~ScriptLoader();
 
diff --git a/js/src/jsapi.cpp b/js/src/jsapi.cpp
index 69a3ba2ac..c0f0e61cc 100644
--- a/js/src/jsapi.cpp
+++ b/js/src/jsapi.cpp
@@ -4708,7 +4708,7 @@ JS::ModuleInstantiate(JSContext* cx, JS::HandleObject moduleArg)
 {
     AssertHeapIsIdle(cx);
     CHECK_REQUEST(cx);
-    assertSameCompartment(cx, moduleArg);
+    releaseAssertSameCompartment(cx, moduleArg);
     return ModuleObject::Instantiate(cx, moduleArg.as<ModuleObject>());
 }
 
@@ -4717,7 +4717,7 @@ JS::ModuleEvaluate(JSContext* cx, JS::HandleObject moduleArg)
 {
     AssertHeapIsIdle(cx);
     CHECK_REQUEST(cx);
-    assertSameCompartment(cx, moduleArg);
+    releaseAssertSameCompartment(cx, moduleArg);
     return ModuleObject::Evaluate(cx, moduleArg.as<ModuleObject>());
 }
 
@@ -6204,7 +6204,7 @@ JS_SetPendingException(JSContext* cx, HandleValue value)
 {
     AssertHeapIsIdle(cx);
     CHECK_REQUEST(cx);
-    assertSameCompartment(cx, value);
+    releaseAssertSameCompartment(cx, value);
     cx->setPendingException(value);
 }