forked from mirrors/gecko-dev
90f15532d4
<!-- Please describe your changes on the following line: --> This PR implements cross-thread `WindowProxy` objects. At the moment, if a `Window` performs a non-similar-origin navigation, the old script thread does not update its `WindowProxy`, since the new `Window` is in the new script thread. With this PR, the `WindowProxy` is updated to a dummy `XOriginWindow` object, that only implements the whitelisted methods that are allowed to be called cross-origin. This PR does not include working implementations of some of the cross-origin `Window` or `Location` methods. This PR causes some cross-origin wpt tests to now pass, in particular `/html/browsers/origin/cross-origin-objects/cross-origin-objects.html ` now passes `Only whitelisted properties are accessible cross-origin`. There are some CORS failures in `fetch`, I suspect caused by the incorrect setting of `origin` in fetch requests. Although there are some functions that now throw `SecurityException`, it is not meant to be a complete implementation, which will have to wait for XOWs to land. --- <!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: --> - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors - [X] These changes fix #15180. - [X] There are tests for these changes <!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. --> Source-Repo: https://github.com/servo/servo Source-Revision: 6adbcb4ccdc1f74638b0c6e990c122e34bc967e4 --HG-- extra : subtree_source : https%3A//hg.mozilla.org/projects/converted-servo-linear extra : subtree_revision : 58d9f159bf07c8f6e695afbd4d9904edbd418a62
140 lines
5.3 KiB
Rust
140 lines
5.3 KiB
Rust
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
use dom::bindings::codegen::Bindings::DissimilarOriginWindowBinding;
|
|
use dom::bindings::codegen::Bindings::DissimilarOriginWindowBinding::DissimilarOriginWindowMethods;
|
|
use dom::bindings::js::{JS, MutNullableJS, Root};
|
|
use dom::bindings::reflector::DomObject;
|
|
use dom::bindings::str::DOMString;
|
|
use dom::browsingcontext::BrowsingContext;
|
|
use dom::dissimilaroriginlocation::DissimilarOriginLocation;
|
|
use dom::globalscope::GlobalScope;
|
|
use ipc_channel::ipc;
|
|
use js::jsapi::{JSContext, HandleValue};
|
|
use js::jsval::{JSVal, UndefinedValue};
|
|
use msg::constellation_msg::PipelineId;
|
|
|
|
/// Represents a dissimilar-origin `Window` that exists in another script thread.
|
|
///
|
|
/// Since the `Window` is in a different script thread, we cannot access it
|
|
/// directly, but some of its accessors (for example `window.parent`)
|
|
/// still need to function.
|
|
///
|
|
/// In `browsingcontext.rs`, we create a custom window proxy for these windows,
|
|
/// that throws security exceptions for most accessors. This is not a replacement
|
|
/// for XOWs, but provides belt-and-braces security.
|
|
#[dom_struct]
|
|
pub struct DissimilarOriginWindow {
|
|
/// The global for this window.
|
|
globalscope: GlobalScope,
|
|
|
|
/// The browsing context this window is part of.
|
|
browsing_context: JS<BrowsingContext>,
|
|
|
|
/// The location of this window, initialized lazily.
|
|
location: MutNullableJS<DissimilarOriginLocation>,
|
|
}
|
|
|
|
impl DissimilarOriginWindow {
|
|
#[allow(unsafe_code)]
|
|
pub fn new(browsing_context: &BrowsingContext) -> Root<DissimilarOriginWindow> {
|
|
let globalscope = browsing_context.global();
|
|
let cx = globalscope.get_cx();
|
|
// Any timer events fired on this window are ignored.
|
|
let (timer_event_chan, _) = ipc::channel().unwrap();
|
|
let win = box DissimilarOriginWindow {
|
|
globalscope: GlobalScope::new_inherited(PipelineId::new(),
|
|
globalscope.devtools_chan().cloned(),
|
|
globalscope.mem_profiler_chan().clone(),
|
|
globalscope.time_profiler_chan().clone(),
|
|
globalscope.constellation_chan().clone(),
|
|
globalscope.scheduler_chan().clone(),
|
|
globalscope.resource_threads().clone(),
|
|
timer_event_chan),
|
|
browsing_context: JS::from_ref(browsing_context),
|
|
location: MutNullableJS::new(None),
|
|
};
|
|
unsafe { DissimilarOriginWindowBinding::Wrap(cx, win) }
|
|
}
|
|
}
|
|
|
|
impl DissimilarOriginWindowMethods for DissimilarOriginWindow {
|
|
// https://html.spec.whatwg.org/multipage/#dom-window
|
|
fn Window(&self) -> Root<BrowsingContext> {
|
|
Root::from_ref(&*self.browsing_context)
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-self
|
|
fn Self_(&self) -> Root<BrowsingContext> {
|
|
Root::from_ref(&*self.browsing_context)
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-frames
|
|
fn Frames(&self) -> Root<BrowsingContext> {
|
|
Root::from_ref(&*self.browsing_context)
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-parent
|
|
fn GetParent(&self) -> Option<Root<BrowsingContext>> {
|
|
// TODO: implement window.parent correctly for x-origin windows.
|
|
Some(Root::from_ref(&*self.browsing_context))
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-top
|
|
fn GetTop(&self) -> Option<Root<BrowsingContext>> {
|
|
// TODO: implement window.top correctly for x-origin windows.
|
|
Some(Root::from_ref(&*self.browsing_context))
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-length
|
|
fn Length(&self) -> u32 {
|
|
// TODO: Implement x-origin length
|
|
0
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-window-close
|
|
fn Close(&self) {
|
|
// TODO: Implement x-origin close
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-window-closed
|
|
fn Closed(&self) -> bool {
|
|
// TODO: Implement x-origin close
|
|
false
|
|
}
|
|
|
|
#[allow(unsafe_code)]
|
|
// https://html.spec.whatwg.org/multipage/#dom-window-postmessage
|
|
unsafe fn PostMessage(&self, _: *mut JSContext, _: HandleValue, _: DOMString) {
|
|
// TODO: Implement x-origin postMessage
|
|
}
|
|
|
|
#[allow(unsafe_code)]
|
|
// https://html.spec.whatwg.org/multipage/#dom-opener
|
|
unsafe fn Opener(&self, _: *mut JSContext) -> JSVal {
|
|
// TODO: Implement x-origin opener
|
|
UndefinedValue()
|
|
}
|
|
|
|
#[allow(unsafe_code)]
|
|
// https://html.spec.whatwg.org/multipage/#dom-opener
|
|
unsafe fn SetOpener(&self, _: *mut JSContext, _: HandleValue) {
|
|
// TODO: Implement x-origin opener
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-window-blur
|
|
fn Blur(&self) {
|
|
// TODO: Implement x-origin blur
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-focus
|
|
fn Focus(&self) {
|
|
// TODO: Implement x-origin focus
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/#dom-location
|
|
fn Location(&self) -> Root<DissimilarOriginLocation> {
|
|
self.location.or_init(|| DissimilarOriginLocation::new(self))
|
|
}
|
|
}
|