1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/**
* WebChannel is an abstraction that uses the Message Manager and Custom Events
* to create a two-way communication channel between chrome and content code.
*/
this.EXPORTED_SYMBOLS = ["WebChannel", "WebChannelBroker"];
const ERRNO_UNKNOWN_ERROR = 999;
const ERROR_UNKNOWN = "UNKNOWN_ERROR";
const {classes: Cc, interfaces: Ci, utils: Cu} = Components;
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
Cu.import("resource://gre/modules/Services.jsm");
/**
* WebChannelBroker is a global object that helps manage WebChannel objects.
* This object handles channel registration, origin validation and message multiplexing.
*/
var WebChannelBroker = Object.create({
/**
* Register a new channel that callbacks messages
* based on proper origin and channel name
*
* @param channel {WebChannel}
*/
registerChannel: function (channel) {
if (!this._channelMap.has(channel)) {
this._channelMap.set(channel);
} else {
Cu.reportError("Failed to register the channel. Channel already exists.");
}
// attach the global message listener if needed
if (!this._messageListenerAttached) {
this._messageListenerAttached = true;
this._manager.addMessageListener("WebChannelMessageToChrome", this._listener.bind(this));
}
},
/**
* Unregister a channel
*
* @param channelToRemove {WebChannel}
* WebChannel to remove from the channel map
*
* Removes the specified channel from the channel map
*/
unregisterChannel: function (channelToRemove) {
if (!this._channelMap.delete(channelToRemove)) {
Cu.reportError("Failed to unregister the channel. Channel not found.");
}
},
/**
* @param event {Event}
* Message Manager event
* @private
*/
_listener: function (event) {
let data = event.data;
let sendingContext = {
browser: event.target,
eventTarget: event.objects.eventTarget,
principal: event.principal,
};
// data must be a string except for a few legacy origins allowed by browser-content.js.
if (typeof data == "string") {
try {
data = JSON.parse(data);
} catch (e) {
Cu.reportError("Failed to parse WebChannel data as a JSON object");
return;
}
}
if (data && data.id) {
if (!event.principal) {
this._sendErrorEventToContent(data.id, sendingContext, "Message principal missing");
} else {
let validChannelFound = false;
data.message = data.message || {};
for (var channel of this._channelMap.keys()) {
if (channel.id === data.id &&
channel._originCheckCallback(event.principal)) {
validChannelFound = true;
channel.deliver(data, sendingContext);
}
}
// if no valid origins send an event that there is no such valid channel
if (!validChannelFound) {
this._sendErrorEventToContent(data.id, sendingContext, "No Such Channel");
}
}
} else {
Cu.reportError("WebChannel channel id missing");
}
},
/**
* The global message manager operates on every <browser>
*/
_manager: Cc["@mozilla.org/globalmessagemanager;1"].getService(Ci.nsIMessageListenerManager),
/**
* Boolean used to detect if the global message manager event is already attached
*/
_messageListenerAttached: false,
/**
* Object to store pairs of message origins and callback functions
*/
_channelMap: new Map(),
/**
*
* @param id {String}
* The WebChannel id to include in the message
* @param sendingContext {Object}
* Message sending context
* @param [errorMsg] {String}
* Error message
* @private
*/
_sendErrorEventToContent: function (id, sendingContext, errorMsg) {
let { browser: targetBrowser, eventTarget, principal: targetPrincipal } = sendingContext;
errorMsg = errorMsg || "Web Channel Broker error";
if (targetBrowser && targetBrowser.messageManager) {
targetBrowser.messageManager.sendAsyncMessage("WebChannelMessageToContent", {
id: id,
error: errorMsg,
}, { eventTarget: eventTarget }, targetPrincipal);
} else {
Cu.reportError("Failed to send a WebChannel error. Target invalid.");
}
Cu.reportError(id.toString() + " error message. " + errorMsg);
},
});
/**
* Creates a new WebChannel that listens and sends messages over some channel id
*
* @param id {String}
* WebChannel id
* @param originOrPermission {nsIURI/string}
* If an nsIURI, a valid origin that should be part of requests for
* this channel. If a string, a permission for which the permission
* manager will be checked to determine if the request is allowed. Note
* that in addition to the permission manager check, the request must
* be made over https://
* @constructor
*/
this.WebChannel = function(id, originOrPermission) {
if (!id || !originOrPermission) {
throw new Error("WebChannel id and originOrPermission are required.");
}
this.id = id;
// originOrPermission can be either an nsIURI or a string representing a
// permission name.
if (typeof originOrPermission == "string") {
this._originCheckCallback = requestPrincipal => {
// The permission manager operates on domain names rather than true
// origins (bug 1066517). To mitigate that, we explicitly check that
// the scheme is https://.
let uri = Services.io.newURI(requestPrincipal.originNoSuffix, null, null);
if (uri.scheme != "https") {
return false;
}
// OK - we have https - now we can check the permission.
let perm = Services.perms.testExactPermissionFromPrincipal(requestPrincipal,
originOrPermission);
return perm == Ci.nsIPermissionManager.ALLOW_ACTION;
}
} else {
// a simple URI, so just check for an exact match.
this._originCheckCallback = requestPrincipal => {
return originOrPermission.prePath === requestPrincipal.originNoSuffix;
}
}
this._originOrPermission = originOrPermission;
};
this.WebChannel.prototype = {
/**
* WebChannel id
*/
id: null,
/**
* The originOrPermission value passed to the constructor, mainly for
* debugging and tests.
*/
_originOrPermission: null,
/**
* Callback that will be called with the principal of an incoming message
* to check if the request should be dispatched to the listeners.
*/
_originCheckCallback: null,
/**
* WebChannelBroker that manages WebChannels
*/
_broker: WebChannelBroker,
/**
* Callback that will be called with the contents of an incoming message
*/
_deliverCallback: null,
/**
* Registers the callback for messages on this channel
* Registers the channel itself with the WebChannelBroker
*
* @param callback {Function}
* Callback that will be called when there is a message
* @param {String} id
* The WebChannel id that was used for this message
* @param {Object} message
* The message itself
* @param sendingContext {Object}
* The sending context of the source of the message. Can be passed to
* `send` to respond to a message.
* @param sendingContext.browser {browser}
* The <browser> object that captured the
* WebChannelMessageToChrome.
* @param sendingContext.eventTarget {EventTarget}
* The <EventTarget> where the message was sent.
* @param sendingContext.principal {Principal}
* The <Principal> of the EventTarget where the
* message was sent.
*/
listen: function (callback) {
if (this._deliverCallback) {
throw new Error("Failed to listen. Listener already attached.");
} else if (!callback) {
throw new Error("Failed to listen. Callback argument missing.");
} else {
this._deliverCallback = callback;
this._broker.registerChannel(this);
}
},
/**
* Resets the callback for messages on this channel
* Removes the channel from the WebChannelBroker
*/
stopListening: function () {
this._broker.unregisterChannel(this);
this._deliverCallback = null;
},
/**
* Sends messages over the WebChannel id using the "WebChannelMessageToContent" event
*
* @param message {Object}
* The message object that will be sent
* @param target {Object}
* A <target> with the information of where to send the message.
* @param target.browser {browser}
* The <browser> object with a "messageManager" that will
* be used to send the message.
* @param target.principal {Principal}
* Principal of the target. Prevents messages from
* being dispatched to unexpected origins. The system principal
* can be specified to send to any target.
* @param [target.eventTarget] {EventTarget}
* Optional eventTarget within the browser, use to send to a
* specific element, e.g., an iframe.
*/
send: function (message, target) {
let { browser, principal, eventTarget } = target;
if (message && browser && browser.messageManager && principal) {
browser.messageManager.sendAsyncMessage("WebChannelMessageToContent", {
id: this.id,
message: message
}, { eventTarget }, principal);
} else if (!message) {
Cu.reportError("Failed to send a WebChannel message. Message not set.");
} else {
Cu.reportError("Failed to send a WebChannel message. Target invalid.");
}
},
/**
* Deliver WebChannel messages to the set "_channelCallback"
*
* @param data {Object}
* Message data
* @param sendingContext {Object}
* Message sending context.
* @param sendingContext.browser {browser}
* The <browser> object that captured the
* WebChannelMessageToChrome.
* @param sendingContext.eventTarget {EventTarget}
* The <EventTarget> where the message was sent.
* @param sendingContext.principal {Principal}
* The <Principal> of the EventTarget where the message was sent.
*
*/
deliver: function(data, sendingContext) {
if (this._deliverCallback) {
try {
this._deliverCallback(data.id, data.message, sendingContext);
} catch (ex) {
this.send({
errno: ERRNO_UNKNOWN_ERROR,
error: ex.message ? ex.message : ERROR_UNKNOWN
}, sendingContext);
Cu.reportError("Failed to execute WebChannel callback:");
Cu.reportError(ex);
}
} else {
Cu.reportError("No callback set for this channel.");
}
}
};
|