Bug 1215167 - Forbid unsafe browser CPOWs (disabled by default for now) (r=mrbkap)

js/ipc/JavaScriptParent.cpp

@@ -48,6 +48,54 @@ JavaScriptParent::init()
     return true;
 }
 
+static bool
+ForbidUnsafeBrowserCPOWs()
+{
+    static bool result;
+    static bool cached = false;
+    if (!cached) {
+        cached = true;
+        Preferences::AddBoolVarCache(&result, "dom.ipc.cpows.forbid-unsafe-from-browser", false);
+    }
+    return result;
+}
+
+bool
+JavaScriptParent::allowMessage(JSContext* cx)
+{
+    MessageChannel* channel = GetIPCChannel();
+    if (channel->IsInTransaction())
+        return true;
+
+    if (ForbidUnsafeBrowserCPOWs()) {
+        if (JSObject* global = JS::CurrentGlobalOrNull(cx)) {
+            if (!JS::AddonIdOfObject(global)) {
+                JS_ReportError(cx, "unsafe CPOW usage forbidden");
+                return false;
+            }
+        }
+    }
+
+    static bool disableUnsafeCPOWWarnings = PR_GetEnv("DISABLE_UNSAFE_CPOW_WARNINGS");
+    if (!disableUnsafeCPOWWarnings) {
+        nsCOMPtr<nsIConsoleService> console(do_GetService(NS_CONSOLESERVICE_CONTRACTID));
+        if (console && cx) {
+            nsAutoString filename;
+            uint32_t lineno = 0, column = 0;
+            nsJSUtils::GetCallingLocation(cx, filename, &lineno, &column);
+            nsCOMPtr<nsIScriptError> error(do_CreateInstance(NS_SCRIPTERROR_CONTRACTID));
+            error->Init(NS_LITERAL_STRING("unsafe CPOW usage"), filename,
+                        EmptyString(), lineno, column,
+                        nsIScriptError::warningFlag, "chrome javascript");
+            console->LogMessage(error);
+        } else {
+            NS_WARNING("Unsafe synchronous IPC message");
+        }
+    }
+
+    return true;
+}
+
 void
 JavaScriptParent::trace(JSTracer* trc)
 {