Bug 1154366. Pass in a JSContext to StructuredCloneContainer::InitFromJSVal so it will throw its exceptions somewhere where people might see them. r=bholley

2015-04-16 13:22:15 -04:00
parent 3e27204fc6
commit b2c93fc96e
8 changed files with 19 additions and 24 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -11474,7 +11474,7 @@ nsDocShell::AddState(JS::Handle<JS::Value> aData, const nsAString& aTitle,
    nsCOMPtr<nsIPrincipal> origPrincipal = origDocument->NodePrincipal();
    scContainer = new nsStructuredCloneContainer();
-    rv = scContainer->InitFromJSVal(aData);
+    rv = scContainer->InitFromJSVal(aData, aCx);
    NS_ENSURE_SUCCESS(rv, rv);
    nsCOMPtr<nsIDocument> newDocument = GetDocument();
--- a/dom/base/crashtests/crashtests.list
+++ b/dom/base/crashtests/crashtests.list
@@ -200,4 +200,5 @@ pref(dom.webcomponents.enabled,true) load 1029710.html
 HTTP(..) load xhr_abortinprogress.html
 load xhr_empty_datauri.html
 load xhr_html_nullresponse.html
 load structured_clone_container_throws.html
 load 1154598.xhtml
--- a/dom/base/crashtests/structured_clone_container_throws.html
+++ b/dom/base/crashtests/structured_clone_container_throws.html
@@ -0,0 +1,9 @@
 <iframe></iframe>
 <script>
 try { frames[0].history.pushState({ dummy: function() {} }, ''); }
 catch (e) {}
 var doc = frames[0].document;
 var s = doc.createElement("script");
 s.textContent = "1";
 doc.body.appendChild(s);
 </script>
--- a/dom/base/nsStructuredCloneContainer.cpp
+++ b/dom/base/nsStructuredCloneContainer.cpp
@@ -42,28 +42,19 @@ nsStructuredCloneContainer::~nsStructuredCloneContainer()
 }
 nsresult
-nsStructuredCloneContainer::InitFromJSVal(JS::Handle<JS::Value> aData)
+nsStructuredCloneContainer::InitFromJSVal(JS::Handle<JS::Value> aData,
                                          JSContext* aCx)
 {
  NS_ENSURE_STATE(!mData);
  uint64_t* jsBytes = nullptr;
  bool success = false;
  if (aData.isPrimitive()) {
-    // |aData| is a primitive, so the structured clone algorithm won't run
+    success = JS_WriteStructuredClone(aCx, aData, &jsBytes, &mSize,
    // script and we can just use AutoJSAPI.
    dom::AutoJSAPI jsapi;
    jsapi.Init();
    success = JS_WriteStructuredClone(jsapi.cx(), aData, &jsBytes, &mSize,
                                      nullptr, nullptr,
                                      JS::UndefinedHandleValue);
  } else {
-    // |aData| is an object and the structured clone algorithm can run script as
+    success = JS_WriteStructuredClone(aCx, aData, &jsBytes, &mSize,
    // part of the "own" "deep clone" sub-steps, so we need an AutoEntryScript.
    // http://www.whatwg.org/specs/web-apps/current-work/#internal-structured-cloning-algorithm
    nsIGlobalObject* nativeGlobal =
      xpc::NativeGlobal(js::GetGlobalForObjectCrossCompartment(&aData.toObject()));
    dom::AutoEntryScript aes(nativeGlobal);
    success = JS_WriteStructuredClone(aes.cx(), aData, &jsBytes, &mSize,
                                      nullptr, nullptr,
                                      JS::UndefinedHandleValue);
  }
--- a/dom/interfaces/base/nsIStructuredCloneContainer.idl
+++ b/dom/interfaces/base/nsIStructuredCloneContainer.idl
@@ -19,7 +19,7 @@ interface nsIDocument;
 * structured clone algorithm.
 *
 * You can copy an object into an nsIStructuredCloneContainer using
- * initFromVariant or initFromBase64.  It's an error to initialize an
+ * initFromJSVal or initFromBase64.  It's an error to initialize an
 * nsIStructuredCloneContainer more than once.
 *
 * Once you've initialized the container, you can get a copy of the object it
@@ -27,14 +27,14 @@ interface nsIDocument;
 * string containing a copy of the container's serialized data, using
 * getDataAsBase64.
 */
-[scriptable, uuid(8144021a-7f8a-483a-a0f1-ca02b761403f)]
+[scriptable, uuid(63eeafec-63f5-42c3-aea9-5c04678784e7)]
 interface nsIStructuredCloneContainer : nsISupports
 {
  /**
   * Initialize this structured clone container so it contains a clone of the
   * given jsval.
   */
-  [noscript]
+  [noscript, implicit_jscontext]
  void initFromJSVal(in jsval aData);
  /**
--- a/dom/notification/Notification.cpp
+++ b/dom/notification/Notification.cpp
@@ -941,7 +941,7 @@ Notification::InitFromJSVal(JSContext* aCx, JS::Handle<JS::Value> aData,
    return;
  }
  mDataObjectContainer = new nsStructuredCloneContainer();
-  aRv = mDataObjectContainer->InitFromJSVal(aData);
+  aRv = mDataObjectContainer->InitFromJSVal(aData, aCx);
 }
 void Notification::InitFromBase64(JSContext* aCx, const nsAString& aData,
--- a/testing/web-platform/meta/html/browsers/history/the-history-interface/001.html.ini
+++ b/testing/web-platform/meta/html/browsers/history/the-history-interface/001.html.ini
@@ -9,9 +9,6 @@
  [pushState must remove any tasks queued by the history traversal task source]
    expected: FAIL
  [security errors are expected to be thrown in the context of the document that owns the history object (2)]
    expected: FAIL
  [history.state should be a separate clone of the object, not a reference to the object passed to the event handler]
    expected: FAIL
--- a/testing/web-platform/meta/html/browsers/history/the-history-interface/002.html.ini
+++ b/testing/web-platform/meta/html/browsers/history/the-history-interface/002.html.ini
@@ -12,9 +12,6 @@
  [.go must queue a task with the history traversal task source (run asynchronously)]
    expected: FAIL
  [security errors are expected to be thrown in the context of the document that owns the history object (2)]
    expected: FAIL
  [history.state should be a separate clone of the object, not a reference to the object passed to the event handler]
    expected: FAIL