corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1b562adf6d1b51e49e15a8acdb7d72164c0f1db6
tubestation/dom/script/ModuleLoader.cpp
Jonatan Klemets 1ccec98a57 Bug 1918449 - Part 1: Handle unknown module type earlier r=jonco,dom-worker-reviewers,dom-core,asuth,mccr8 
We never reach `CompileFetchedModule` if we have an unknown module type since
we take the module type into account when we do mime type checking, so the file
always fails to load because of MIME mismatch, and we don't get the expected
`TypeError.` Checking if we have an unknown type should happen much earlier in
the process.

Differential Revision: https://phabricator.services.mozilla.com/D222222
2024-09-24 08:50:36 +00:00

432 lines
16 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ScriptLoader.h"
#include "ModuleLoader.h"
#include "jsapi.h"
#include "js/CompileOptions.h" // JS::CompileOptions, JS::InstantiateOptions
#include "js/ContextOptions.h" // JS::ContextOptionsRef
#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_*
#include "js/experimental/JSStencil.h" // JS::Stencil, JS::CompileModuleScriptToStencil, JS::InstantiateModuleStencil
#include "js/MemoryFunctions.h"
#include "js/Modules.h" // JS::FinishDynamicModuleImport, JS::{G,S}etModuleResolveHook, JS::Get{ModulePrivate,ModuleScript,RequestedModule{s,Specifier,SourcePos}}, JS::SetModule{DynamicImport,Metadata}Hook
#include "js/PropertyAndElement.h" // JS_DefineProperty
#include "js/Realm.h"
#include "js/SourceText.h"
#include "js/loader/LoadedScript.h"
#include "js/loader/ScriptLoadRequest.h"
#include "js/loader/ModuleLoaderBase.h"
#include "js/loader/ModuleLoadRequest.h"
#include "mozilla/dom/RequestBinding.h"
#include "mozilla/Assertions.h"
#include "nsError.h"
#include "xpcpublic.h"
#include "GeckoProfiler.h"
#include "nsContentSecurityManager.h"
#include "nsIContent.h"
#include "nsJSUtils.h"
#include "mozilla/CycleCollectedJSContext.h"
#include "mozilla/dom/AutoEntryScript.h"
#include "mozilla/dom/Document.h"
#include "mozilla/dom/Element.h"
#include "nsIPrincipal.h"
#include "mozilla/LoadInfo.h"
#include "mozilla/Maybe.h"
using JS::SourceText;
using namespace JS::loader;
namespace mozilla::dom {
#undef LOG
#define LOG(args) \
MOZ_LOG(ScriptLoader::gScriptLoaderLog, mozilla::LogLevel::Debug, args)
#define LOG_ENABLED() \
MOZ_LOG_TEST(ScriptLoader::gScriptLoaderLog, mozilla::LogLevel::Debug)
//////////////////////////////////////////////////////////////
// DOM module loader
//////////////////////////////////////////////////////////////
ModuleLoader::ModuleLoader(ScriptLoader* aLoader,
nsIGlobalObject* aGlobalObject, Kind aKind)
: ModuleLoaderBase(aLoader, aGlobalObject), mKind(aKind) {}
ScriptLoader* ModuleLoader::GetScriptLoader() {
return static_cast<ScriptLoader*>(mLoader.get());
}
bool ModuleLoader::CanStartLoad(ModuleLoadRequest* aRequest, nsresult* aRvOut) {
if (!GetScriptLoader()->GetDocument()) {
*aRvOut = NS_ERROR_NULL_POINTER;
return false;
}
// If this document is sandboxed without 'allow-scripts', abort.
if (GetScriptLoader()->GetDocument()->HasScriptsBlockedBySandbox()) {
*aRvOut = NS_OK;
return false;
}
// To prevent dynamic code execution, content scripts can only
// load moz-extension URLs.
nsCOMPtr<nsIPrincipal> principal = aRequest->TriggeringPrincipal();
if (BasePrincipal::Cast(principal)->ContentScriptAddonPolicy() &&
!aRequest->mURI->SchemeIs("moz-extension")) {
*aRvOut = NS_ERROR_DOM_WEBEXT_CONTENT_SCRIPT_URI;
return false;
}
if (LOG_ENABLED()) {
nsAutoCString url;
aRequest->mURI->GetAsciiSpec(url);
LOG(("ScriptLoadRequest (%p): Start Module Load (url = %s)", aRequest,
url.get()));
}
return true;
}
nsresult ModuleLoader::StartFetch(ModuleLoadRequest* aRequest) {
// According to the spec, module scripts have different behaviour to classic
// scripts and always use CORS. Only exception: Non linkable about: pages
// which load local module scripts.
bool isAboutPageLoadingChromeURI = ScriptLoader::IsAboutPageLoadingChromeURI(
aRequest, GetScriptLoader()->GetDocument());
nsContentSecurityManager::CORSSecurityMapping corsMapping =
isAboutPageLoadingChromeURI
? nsContentSecurityManager::CORSSecurityMapping::DISABLE_CORS_CHECKS
: nsContentSecurityManager::CORSSecurityMapping::REQUIRE_CORS_CHECKS;
nsSecurityFlags securityFlags =
nsContentSecurityManager::ComputeSecurityFlags(aRequest->CORSMode(),
corsMapping);
securityFlags |= nsILoadInfo::SEC_ALLOW_CHROME;
// Delegate Shared Behavior to base ScriptLoader
//
// aCharsetForPreload is passed as Nothing() because this is not a preload
// and `StartLoadInternal` is able to find the charset by using `aRequest`
// for this case.
nsresult rv = GetScriptLoader()->StartLoadInternal(
aRequest, securityFlags, Nothing() /* aCharsetForPreload */);
NS_ENSURE_SUCCESS(rv, rv);
// https://html.spec.whatwg.org/multipage/webappapis.html#fetch-an-import()-module-script-graph
// Step 1. Disallow further import maps given settings object.
if (!aRequest->GetScriptLoadContext()->IsPreload()) {
LOG(("ScriptLoadRequest (%p): Disallow further import maps.", aRequest));
DisallowImportMaps();
}
LOG(("ScriptLoadRequest (%p): Start fetching module", aRequest));
return NS_OK;
}
void ModuleLoader::AsyncExecuteInlineModule(ModuleLoadRequest* aRequest) {
MOZ_ALWAYS_SUCCEEDS(NS_DispatchToMainThread(
mozilla::NewRunnableMethod<RefPtr<ModuleLoadRequest>>(
"ModuleLoader::ExecuteInlineModule", this,
&ModuleLoader::ExecuteInlineModule, aRequest)));
}
void ModuleLoader::ExecuteInlineModule(ModuleLoadRequest* aRequest) {
MOZ_ASSERT(aRequest->IsFinished());
MOZ_ASSERT(aRequest->IsTopLevel());
MOZ_ASSERT(aRequest->GetScriptLoadContext()->mIsInline);
if (aRequest->GetScriptLoadContext()->GetParserCreated() == NOT_FROM_PARSER) {
GetScriptLoader()->RunScriptWhenSafe(aRequest);
} else {
GetScriptLoader()->MaybeMoveToLoadedList(aRequest);
GetScriptLoader()->ProcessPendingRequests();
}
aRequest->GetScriptLoadContext()->MaybeUnblockOnload();
}
void ModuleLoader::OnModuleLoadComplete(ModuleLoadRequest* aRequest) {
MOZ_ASSERT(aRequest->IsFinished());
if (aRequest->IsTopLevel()) {
if (aRequest->GetScriptLoadContext()->mIsInline &&
aRequest->GetScriptLoadContext()->GetParserCreated() ==
NOT_FROM_PARSER) {
if (aRequest->mImports.Length() == 0) {
GetScriptLoader()->RunScriptWhenSafe(aRequest);
} else {
AsyncExecuteInlineModule(aRequest);
return;
}
} else if (aRequest->GetScriptLoadContext()->mIsInline &&
aRequest->GetScriptLoadContext()->GetParserCreated() !=
NOT_FROM_PARSER &&
!nsContentUtils::IsSafeToRunScript()) {
// Avoid giving inline async module scripts that don't have
// external dependencies a guaranteed execution time relative
// to the HTML parse. That is, deliberately avoid guaranteeing
// that the script would always observe a DOM shape where the
// parser has not added further elements to the DOM.
// (If `nsContentUtils::IsSafeToRunScript()` returns `true`,
// we come here synchronously from the parser. If it returns
// `false` we come here from an external dependency completing
// its fetch, in which case we already are at an unspecific
// point relative to the parse.)
AsyncExecuteInlineModule(aRequest);
return;
} else {
GetScriptLoader()->MaybeMoveToLoadedList(aRequest);
GetScriptLoader()->ProcessPendingRequestsAsync();
}
}
aRequest->GetScriptLoadContext()->MaybeUnblockOnload();
}
nsresult ModuleLoader::CompileFetchedModule(
JSContext* aCx, JS::Handle<JSObject*> aGlobal, JS::CompileOptions& aOptions,
ModuleLoadRequest* aRequest, JS::MutableHandle<JSObject*> aModuleOut) {
if (aRequest->IsTextSource()) {
ScriptLoader::CalculateBytecodeCacheFlag(aRequest);
}
if (!nsJSUtils::IsScriptable(aGlobal)) {
return NS_ERROR_FAILURE;
}
switch (aRequest->mModuleType) {
case JS::ModuleType::Unknown:
MOZ_CRASH("Unexpected module type");
case JS::ModuleType::JavaScript:
return CompileJavaScriptModule(aCx, aOptions, aRequest, aModuleOut);
case JS::ModuleType::JSON: {
return CompileJsonModule(aCx, aOptions, aRequest, aModuleOut);
}
}
MOZ_CRASH("Unhandled module type");
}
nsresult ModuleLoader::CompileJavaScriptModule(
JSContext* aCx, JS::CompileOptions& aOptions, ModuleLoadRequest* aRequest,
JS::MutableHandle<JSObject*> aModuleOut) {
if (aRequest->GetScriptLoadContext()->mWasCompiledOMT) {
JS::InstantiationStorage storage;
RefPtr<JS::Stencil> stencil =
aRequest->GetScriptLoadContext()->StealOffThreadResult(aCx, &storage);
if (!stencil) {
return NS_ERROR_FAILURE;
}
JS::InstantiateOptions instantiateOptions(aOptions);
aModuleOut.set(JS::InstantiateModuleStencil(aCx, instantiateOptions,
stencil, &storage));
if (!aModuleOut) {
return NS_ERROR_FAILURE;
}
if (aRequest->IsTextSource() &&
aRequest->PassedConditionForBytecodeEncoding()) {
bool alreadyStarted;
if (!JS::StartIncrementalEncoding(aCx, std::move(stencil),
alreadyStarted)) {
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(!alreadyStarted);
}
return NS_OK;
}
RefPtr<JS::Stencil> stencil;
if (aRequest->IsTextSource()) {
MaybeSourceText maybeSource;
nsresult rv = aRequest->GetScriptSource(aCx, &maybeSource,
aRequest->mLoadContext.get());
NS_ENSURE_SUCCESS(rv, rv);
auto compile = [&](auto& source) {
return JS::CompileModuleScriptToStencil(aCx, aOptions, source);
};
stencil = maybeSource.mapNonEmpty(compile);
} else {
MOZ_ASSERT(aRequest->IsBytecode());
JS::DecodeOptions decodeOptions(aOptions);
decodeOptions.borrowBuffer = true;
JS::TranscodeRange range = aRequest->Bytecode();
JS::TranscodeResult tr =
JS::DecodeStencil(aCx, decodeOptions, range, getter_AddRefs(stencil));
if (tr != JS::TranscodeResult::Ok) {
return NS_ERROR_DOM_JS_DECODING_ERROR;
}
}
if (!stencil) {
return NS_ERROR_FAILURE;
}
JS::InstantiateOptions instantiateOptions(aOptions);
aModuleOut.set(
JS::InstantiateModuleStencil(aCx, instantiateOptions, stencil));
if (!aModuleOut) {
return NS_ERROR_FAILURE;
}
if (aRequest->IsTextSource() &&
aRequest->PassedConditionForBytecodeEncoding()) {
bool alreadyStarted;
if (!JS::StartIncrementalEncoding(aCx, std::move(stencil),
alreadyStarted)) {
return NS_ERROR_FAILURE;
}
MOZ_ASSERT(!alreadyStarted);
}
return NS_OK;
}
nsresult ModuleLoader::CompileJsonModule(
JSContext* aCx, JS::CompileOptions& aOptions, ModuleLoadRequest* aRequest,
JS::MutableHandle<JSObject*> aModuleOut) {
MOZ_ASSERT(!aRequest->GetScriptLoadContext()->mWasCompiledOMT);
MOZ_ASSERT(aRequest->IsTextSource());
ModuleLoader::MaybeSourceText maybeSource;
nsresult rv = aRequest->GetScriptSource(aCx, &maybeSource,
aRequest->mLoadContext.get());
NS_ENSURE_SUCCESS(rv, rv);
auto compile = [&](auto& source) {
return JS::CompileJsonModule(aCx, aOptions, source);
};
auto* jsonModule = maybeSource.mapNonEmpty(compile);
if (!jsonModule) {
return NS_ERROR_FAILURE;
}
aModuleOut.set(jsonModule);
return NS_OK;
}
/* static */
already_AddRefed<ModuleLoadRequest> ModuleLoader::CreateTopLevel(
nsIURI* aURI, ReferrerPolicy aReferrerPolicy,
ScriptFetchOptions* aFetchOptions, const SRIMetadata& aIntegrity,
nsIURI* aReferrer, ScriptLoader* aLoader, ScriptLoadContext* aContext) {
RefPtr<VisitedURLSet> visitedSet =
ModuleLoadRequest::NewVisitedSetForTopLevelImport(
aURI, JS::ModuleType::JavaScript);
RefPtr<ModuleLoadRequest> request = new ModuleLoadRequest(
aURI, JS::ModuleType::JavaScript, aReferrerPolicy, aFetchOptions,
aIntegrity, aReferrer, aContext, true,
/* is top level */ false, /* is dynamic import */
aLoader->GetModuleLoader(), visitedSet, nullptr);
request->NoCacheEntryFound();
return request.forget();
}
already_AddRefed<ModuleLoadRequest> ModuleLoader::CreateStaticImport(
nsIURI* aURI, JS::ModuleType aModuleType, ModuleLoadRequest* aParent) {
RefPtr<ScriptLoadContext> newContext = new ScriptLoadContext();
newContext->mIsInline = false;
// Propagated Parent values. TODO: allow child modules to use root module's
// script mode.
newContext->mScriptMode = aParent->GetScriptLoadContext()->mScriptMode;
RefPtr<ModuleLoadRequest> request = new ModuleLoadRequest(
aURI, aModuleType, aParent->ReferrerPolicy(), aParent->mFetchOptions,
SRIMetadata(), aParent->mURI, newContext, false, /* is top level */
false, /* is dynamic import */
aParent->mLoader, aParent->mVisitedSet, aParent->GetRootModule());
request->NoCacheEntryFound();
return request.forget();
}
already_AddRefed<ModuleLoadRequest> ModuleLoader::CreateDynamicImport(
JSContext* aCx, nsIURI* aURI, JS::ModuleType aModuleType,
LoadedScript* aMaybeActiveScript, JS::Handle<JSString*> aSpecifier,
JS::Handle<JSObject*> aPromise) {
MOZ_ASSERT(aSpecifier);
MOZ_ASSERT(aPromise);
RefPtr<ScriptFetchOptions> options = nullptr;
nsIURI* baseURL = nullptr;
RefPtr<ScriptLoadContext> context = new ScriptLoadContext();
ReferrerPolicy referrerPolicy;
if (aMaybeActiveScript) {
// https://html.spec.whatwg.org/multipage/webappapis.html#hostloadimportedmodule
// Step 6.3. Set fetchOptions to the new descendant script fetch options for
// referencingScript's fetch options.
options = aMaybeActiveScript->GetFetchOptions();
referrerPolicy = aMaybeActiveScript->ReferrerPolicy();
baseURL = aMaybeActiveScript->BaseURL();
} else {
// We don't have a referencing script so fall back on using
// options from the document. This can happen when the user
// triggers an inline event handler, as there is no active script
// there.
Document* document = GetScriptLoader()->GetDocument();
nsCOMPtr<nsIPrincipal> principal = GetGlobalObject()->PrincipalOrNull();
MOZ_ASSERT_IF(GetKind() == WebExtension,
BasePrincipal::Cast(principal)->ContentScriptAddonPolicy());
MOZ_ASSERT_IF(GetKind() == Normal, principal == document->NodePrincipal());
// https://html.spec.whatwg.org/multipage/webappapis.html#hostloadimportedmodule
// Step 4. Let fetchOptions be the default classic script fetch options.
//
// https://html.spec.whatwg.org/multipage/webappapis.html#default-classic-script-fetch-options
// The default classic script fetch options are a script fetch options whose
// cryptographic nonce is the empty string, integrity metadata is the empty
// string, parser metadata is "not-parser-inserted", credentials mode is
// "same-origin", referrer policy is the empty string, and fetch priority is
// "auto".
options = new ScriptFetchOptions(
mozilla::CORS_NONE, /* aNonce = */ u""_ns, RequestPriority::Auto,
ParserMetadata::NotParserInserted, principal);
referrerPolicy = document->GetReferrerPolicy();
baseURL = document->GetDocBaseURI();
}
context->mIsInline = false;
context->mScriptMode = ScriptLoadContext::ScriptMode::eAsync;
RefPtr<VisitedURLSet> visitedSet =
ModuleLoadRequest::NewVisitedSetForTopLevelImport(aURI, aModuleType);
RefPtr<ModuleLoadRequest> request =
new ModuleLoadRequest(aURI, aModuleType, referrerPolicy, options,
SRIMetadata(), baseURL, context, true,
/* is top level */ true, /* is dynamic import */
this, visitedSet, nullptr);
request->SetDynamicImport(aMaybeActiveScript, aSpecifier, aPromise);
request->NoCacheEntryFound();
return request.forget();
}
ModuleLoader::~ModuleLoader() {
LOG(("ModuleLoader::~ModuleLoader %p", this));
mLoader = nullptr;
}
#undef LOG
#undef LOG_ENABLED
} // namespace mozilla::dom
Reference in New Issue View Git Blame Copy Permalink