Bug 1536094 - Support dynamic import from content scripts (sandboxed code) r=smaug,jonco

Firstly we need to find a usable ScriptLoader for code in the content script sandbox, for that we use the normal ScriptLoader associated with DOMWindow wrapped by the sandbox. Secondly we need to execute the module in the global of the sandbox instead of the "ScriptGlobal" the ScriptLoader is actually associated with. The main behavior change here comes from using xpc::NativeGlobal in HostImportModuleDynamically and passing that global around inside ScriptFetchOptions. To ensure that content-scripts and the webpage don't share imported modules, the module map (mFetchingModules and mFetchedModules) now uses a complex key of <URI, Global>. The Global is a nullptr for normal imports from a webpage. Differential Revision: https://phabricator.services.mozilla.com/D107076
2021-03-23 11:15:11 +00:00
parent 2b862d9727
commit 26c4c51d5e
14 changed files with 278 additions and 69 deletions
--- a/dom/script/ScriptLoadRequest.cpp
+++ b/dom/script/ScriptLoadRequest.cpp
@@ -27,7 +27,8 @@ namespace dom {
 // ScriptFetchOptions
 //////////////////////////////////////////////////////////////

-NS_IMPL_CYCLE_COLLECTION(ScriptFetchOptions, mElement, mTriggeringPrincipal)
+NS_IMPL_CYCLE_COLLECTION(ScriptFetchOptions, mElement, mTriggeringPrincipal,
+                         mWebExtGlobal)

 NS_IMPL_CYCLE_COLLECTION_ROOT_NATIVE(ScriptFetchOptions, AddRef)
 NS_IMPL_CYCLE_COLLECTION_UNROOT_NATIVE(ScriptFetchOptions, Release)
@@ -35,12 +36,14 @@ NS_IMPL_CYCLE_COLLECTION_UNROOT_NATIVE(ScriptFetchOptions, Release)
 ScriptFetchOptions::ScriptFetchOptions(mozilla::CORSMode aCORSMode,
                                       ReferrerPolicy aReferrerPolicy,
                                       Element* aElement,
-                                       nsIPrincipal* aTriggeringPrincipal)
+                                       nsIPrincipal* aTriggeringPrincipal,
+                                       nsIGlobalObject* aWebExtGlobal)
    : mCORSMode(aCORSMode),
      mReferrerPolicy(aReferrerPolicy),
      mIsPreload(false),
      mElement(aElement),
-      mTriggeringPrincipal(aTriggeringPrincipal) {
+      mTriggeringPrincipal(aTriggeringPrincipal),
+      mWebExtGlobal(aWebExtGlobal) {
  MOZ_ASSERT(mTriggeringPrincipal);
 }

@@ -59,6 +62,7 @@ NS_IMPL_CYCLE_COLLECTING_RELEASE(ScriptLoadRequest)
 NS_IMPL_CYCLE_COLLECTION_CLASS(ScriptLoadRequest)

 NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(ScriptLoadRequest)
+  // XXX missing mLoadBlockedDocument ?
  NS_IMPL_CYCLE_COLLECTION_UNLINK(mFetchOptions, mCacheInfo)
  tmp->mScript = nullptr;
  if (Runnable* runnable = tmp->mRunnable.exchange(nullptr)) {