| blob | bf8fdbbcc6bb6528c21f2f19c51069b12d42d7e4 |
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /* globals setImmediate, rpc */
9 /* General utilities used throughout devtools. */
13 getStack,
14 callFunctionWithAsyncStack,
21 lazy,
22 {
24 NetworkHelper:
27 },
29 );
30 }
32 // Native getters which are considered to be side effect free.
35 getters,
42 }
44 }
47 });
49 // Using this name lets the eslint plugin know about lazy defines in
50 // this file.
53 // Re-export the thread-safe utils.
54 const ThreadSafeDevToolsUtils = require("resource://devtools/shared/ThreadSafeDevToolsUtils.js");
57 }
59 /**
60 * Waits for the next tick in the event loop to execute a callback.
61 */
67 // Only enable async stack reporting when DEBUG_JS_MODULES is set
68 // (customized local builds) to avoid a performance penalty.
71 executor = () => {
73 };
76 }
79 });
80 }
81 };
83 /**
84 * Similar to executeSoon, but enters microtask before executing the callback
85 * if this is called on the main thread.
86 */
92 // Only enable async stack reporting when DEBUG_JS_MODULES is set
93 // (customized local builds) to avoid a performance penalty.
96 executor = () => {
98 fn,
99 stack,
100 "DevToolsUtils.executeSoonWithMicroTask"
101 );
102 };
105 }
108 });
109 }
110 };
112 /**
113 * Waits for the next tick in the event loop.
114 *
115 * @return Promise
116 * A promise that is resolved after the next tick in the event loop.
117 */
121 });
122 };
124 /**
125 * Waits for the specified amount of time to pass.
126 *
127 * @param number delay
128 * The amount of time to wait, in milliseconds.
129 * @return Promise
130 * A promise that is resolved after the specified amount of time passes.
131 */
134 };
136 /**
137 * Like ChromeUtils.defineLazyGetter, but with a |this| sensitive getter that
138 * allows the lazy getter to be defined on a prototype and work correctly with
139 * instances.
140 *
141 * @param Object object
142 * The prototype object to define the lazy getter on.
143 * @param String key
144 * The key to define the lazy getter on.
145 * @param Function callback
146 * The callback that will be called to determine the value. Will be
147 * called with the |this| value of the current instance.
148 */
158 value,
159 });
162 },
163 });
164 };
166 /**
167 * Safely get the property value from a Debugger.Object for a given key. Walks
168 * the prototype chain until the property is found.
169 *
170 * @param {Debugger.Object} object
171 * The Debugger.Object to get the value from.
172 * @param {String} key
173 * The key to look for.
174 * @param {Boolean} invokeUnsafeGetter (defaults to false).
175 * Optional boolean to indicate if the function should execute unsafe getter
176 * in order to retrieve its result's properties.
177 * ⚠️ This should be set to true *ONLY* on user action as it may cause side-effects
178 * in the content page ⚠️
179 * @return Any
180 */
188 // The above can throw when the debuggee does not subsume the object's
189 // compartment, or for some WrappedNatives like Cu.Sandbox.
191 }
195 }
196 // Call the getter if it's safe.
201 // If anything goes wrong report the error and return undefined.
203 }
204 }
206 }
208 }
210 };
212 /**
213 * Removes all the non-opaque security wrappers of a debuggee object.
214 *
215 * @param obj Debugger.Object
216 * The debuggee object to be unwrapped.
217 * @return Debugger.Object|null|undefined
218 * - If the object has no wrapper, the same `obj` is returned. Note DeadObject
219 * objects belong to this case.
220 * - Otherwise, if the debuggee doesn't subsume object's compartment, returns `null`.
221 * - Otherwise, if the object belongs to an invisible-to-debugger compartment,
222 * returns `undefined`.
223 * - Otherwise, returns the unwrapped object.
224 */
226 // Check if `obj` has an opaque wrapper.
229 }
231 // Attempt to unwrap via `obj.unwrap()`. Note that:
232 // - This will return `null` if the debuggee does not subsume object's compartment.
233 // - This will throw if the object belongs to an invisible-to-debugger compartment.
234 // - This will return `obj` if there is no wrapper.
240 }
242 // Check if further unwrapping is not possible.
245 }
247 // Recursively remove additional security wrappers.
249 };
251 /**
252 * Checks whether a debuggee object is safe. Unsafe objects may run proxy traps or throw
253 * when using `proto`, `isExtensible`, `isFrozen` or `isSealed`. Note that safe objects
254 * may still throw when calling `getOwnPropertyNames`, `getOwnPropertyDescriptor`, etc.
255 * Also note DeadObject objects are considered safe.
256 *
257 * @param obj Debugger.Object
258 * The debuggee object to be checked.
259 * @return boolean
260 */
264 // Objects belonging to an invisible-to-debugger compartment might be proxies,
265 // so just in case consider them unsafe.
268 }
270 // If the debuggee does not subsume the object's compartment, most properties won't
271 // be accessible. Cross-origin Window and Location objects might expose some, though.
272 // Therefore, it must be considered safe. Note that proxy objects have fully opaque
273 // security wrappers, so proxy traps won't run in this case.
276 }
278 // Proxy objects can run traps when accessed. `isProxy` getter is called on `unwrapped`
279 // instead of on `obj` in order to detect proxies behind transparent wrappers.
282 }
285 };
287 /**
288 * Determines if a descriptor has a getter which doesn't call into JavaScript.
289 *
290 * @param Object desc
291 * The descriptor to check for a safe getter.
292 * @return Boolean
293 * Whether a safe getter was found.
294 */
296 // Scripted functions that are CCWs will not appear scripted until after
297 // unwrapping.
302 }
305 }
307 // This is scripted function.
309 }
311 // This is a getter with native function.
313 // We assume all DOM getters have no major side effect, and they are
314 // eagerly-evaluateable.
315 //
316 // JitInfo is used only by methods/accessors in WebIDL, and being
317 // "a getter with JitInfo" can be used as a condition to check if given
318 // function is DOM getter.
319 //
320 // This includes privileged interfaces in addition to standard web APIs.
323 }
325 // Apply explicit allowlist.
328 };
330 /**
331 * Check that the property value from a Debugger.Object for a given key is an unsafe
332 * getter or not. Walks the prototype chain until the property is found.
333 *
334 * @param {Debugger.Object} object
335 * The Debugger.Object to check on.
336 * @param {String} key
337 * The key to look for.
338 * @param {Boolean} invokeUnsafeGetter (defaults to false).
339 * Optional boolean to indicate if the function should execute unsafe getter
340 * in order to retrieve its result's properties.
341 * @return Boolean
342 */
349 // The above can throw when the debuggee does not subsume the object's
350 // compartment, or for some WrappedNatives like Cu.Sandbox.
352 }
356 }
357 }
359 }
362 };
364 /**
365 * Check if it is safe to read properties and execute methods from the given JS
366 * object. Safety is defined as being protected from unintended code execution
367 * from content scripts (or cross-compartment code).
368 *
369 * See bugs 945920 and 946752 for discussion.
370 *
371 * @type Object obj
372 * The object to check.
373 * @return Boolean
374 * True if it is safe to read properties from obj, or false otherwise.
375 */
377 // If we are running on a worker thread, Cu is not available. In this case,
378 // we always return false, just to be on the safe side.
381 }
385 ) {
386 // obj is not a cross-compartment wrapper.
388 }
390 // Xray wrappers protect against unintended code execution.
393 }
395 // If there aren't Xrays, only allow chrome objects.
399 }
401 // Scripted proxy objects without Xrays can run their proxy traps.
404 }
406 // Even if `obj` looks safe, an unsafe object in its prototype chain may still
407 // run unintended code, e.g. when using the `instanceof` operator.
411 }
413 // Allow non-problematic chrome objects.
415 };
417 /**
418 * Dump with newline - This is a logging function that will only output when
419 * the preference "devtools.debugger.log" is set to true. Typically it is used
420 * for logging the remote debugging protocol calls.
421 */
425 }
426 };
428 /**
429 * Dump verbose - This is a verbose logger for low-level tracing, that is typically
430 * used to provide information about the remote debugging protocol's transport
431 * mechanisms. The logging can be enabled by changing the preferences
432 * "devtools.debugger.log" and "devtools.debugger.log.verbose" to true.
433 */
437 }
438 };
440 /**
441 * Defines a getter on a specified object that will be created upon first use.
442 *
443 * @param object
444 * The object to define the lazy getter on.
445 * @param name
446 * The name of the getter to define on object.
447 * @param lambda
448 * A function that returns what the getter should return. This will
449 * only ever be called once.
450 */
457 },
460 });
461 };
466 }
471 });
473 /**
474 * No operation. The empty function.
475 */
483 },
484 });
488 assertionFailureCount++;
492 }
493 }
495 /**
496 * DevToolsUtils.assert(condition, message)
497 *
498 * @param Boolean condition
499 * @param String message
500 *
501 * Assertions are enabled when any of the following are true:
502 * - This is a DEBUG_JS_MODULES build
503 * - flags.testing is set to true
504 *
505 * If assertions are enabled, then `condition` is checked and if false-y, the
506 * assertion failure is logged and then an error is thrown.
507 *
508 * If assertions are not enabled, then this function is a no-op.
509 */
513 ? reallyAssert
515 });
521 });
523 /**
524 * Performs a request to load the desired URL and returns a promise.
525 *
526 * @param urlIn String
527 * The URL we will request.
528 * @param aOptions Object
529 * An object with the following optional properties:
530 * - loadFromCache: if false, will bypass the cache and
531 * always load fresh from the network (default: true)
532 * - policy: the nsIContentPolicy type to apply when fetching the URL
533 * (only works when loading from system principal)
534 * - window: the window to get the loadGroup from
535 * - charset: the charset to use if the channel doesn't provide one
536 * - principal: the principal to use, if omitted, the request is loaded
537 * with a content principal corresponding to the url being
538 * loaded, using the origin attributes of the window, if any.
539 * - headers: extra headers
540 * - cacheKey: when loading from cache, use this key to retrieve a cache
541 * specific to a given SHEntry. (Allows loading POST
542 * requests from cache)
543 * @returns Promise that resolves with an object with the following members on
544 * success:
545 * - content: the document at that URL, as a string,
546 * - contentType: the content type of the document
547 *
548 * If an error occurs, the promise is rejected with that error.
549 *
550 * XXX: It may be better to use nsITraceableChannel to get to the sources
551 * without relying on caching when we can (not for eval, etc.):
552 * http://www.softwareishard.com/blog/firebug/nsitraceablechannel-intercept-http-traffic/
553 */
555 urlIn,
556 aOptions = {
564 }
565 ) {
567 // Create a channel.
575 }
579 // Set the channel options.
585 // If DevTools intents to load the content from the cache,
586 // we make the LOAD_FROM_CACHE flag preferred over LOAD_BYPASS_CACHE.
589 // When loading from cache, the cacheKey allows us to target a specific
590 // SHEntry and offer ways to restore POST requests from cache.
593 }
594 }
599 }
600 }
603 // Respect private browsing.
605 Ci.nsIDocumentLoader
607 }
609 // eslint-disable-next-line complexity
614 }
617 // We cannot use NetUtil to do the charset conversion as if charset
618 // information is not available and our default guess is wrong the method
619 // might fail and we lose the stream data. This means we can't fall back
620 // to using the locale default encoding (bug 1181345).
622 // Read and decode the data according to the locale default encoding.
629 // Empty files cause NS_BASE_STREAM_CLOSED exception.
630 // If there was a real stream error, we would have already rejected above.
634 });
636 }
639 }
643 // We do our own BOM sniffing here because there's no convenient
644 // implementation of the "decode" algorithm
645 // (https://encoding.spec.whatwg.org/#decode) exposed to JS.
652 ) {
659 ) {
666 ) {
669 }
671 // If the channel or the caller has correct charset information, the
672 // content will be decoded correctly. If we have to fall back to UTF-8 and
673 // the guess is wrong, the conversion fails and convertToUnicode returns
674 // the input unmodified. Essentially we try to decode the data as UTF-8
675 // and if that fails, we use the locale specific default encoding. This is
676 // the best we can do if the source does not provide charset info.
682 // Accessing `contentCharset` on content served by a service worker in
683 // non-e10s may throw.
684 }
685 }
688 }
690 source,
691 charset
692 );
694 // Look for any source map URL in the response.
704 }
705 }
710 sourceMapURL,
711 });
714 }
715 };
717 // Open the channel
722 }
723 });
724 }
726 /**
727 * Opens a channel for given URL. Tries a bit harder than NetUtil.newChannel.
728 *
729 * @param {String} url - The URL to open a channel for.
730 * @param {Object} options - The options object passed to @method fetch.
731 * @return {nsIChannel} - The newly created channel. Throws on failure.
732 */
741 // In the xpcshell tests, the script url is the absolute path of the test
742 // file, which will make a malformed URI error be thrown. Add the file
743 // scheme to see if it helps.
745 }
747 // In xpcshell tests on Windows, opening the channel
748 // can throw NS_ERROR_UNKNOWN_PROTOCOL if the external protocol isn't
749 // supported by Windows, so we also need to handle that case here if
750 // parsing the URL above doesn't throw.
755 ) {
757 }
761 securityFlags,
762 uri,
763 };
765 // Ensure that we have some contentPolicyType type set if one was
766 // not provided.
769 }
771 // If a window is provided, always use it's document as the loadingNode.
772 // This will provide the correct principal, origin attributes, service
773 // worker controller, etc.
777 // If a window is not provided, then we must set a loading principal.
779 // If the caller did not provide a principal, then we use the URI
780 // to create one. Note, it's not clear what use cases require this
781 // and it may not be correct.
785 }
788 }
791 }
793 // Fetch is defined differently depending on whether we are on the main thread
794 // or a worker thread.
796 // Services is not available in worker threads, nor is there any other way
797 // to fetch a URL. We need to enlist the help from the main thread here, by
798 // issuing an rpc request, to fetch the URL on our behalf.
801 };
804 }
806 /**
807 * Open the file at the given path for reading.
808 *
809 * @param {String} filePath
810 *
811 * @returns Promise<nsIInputStream>
812 */
822 }
825 }
826 );
827 });
828 };
830 /**
831 * Save the given data to disk after asking the user where to do so.
832 *
833 * @param {Window} parentWindow
834 * The parent window to use to display the filepicker.
835 * @param {UInt8Array} dataArray
836 * The data to write to the file.
837 * @param {String} fileName
838 * The suggested filename.
839 * @param {Array} filters
840 * An array of object of the following shape:
841 * - pattern: A pattern for accepted files (example: "*.js")
842 * - label: The label that will be displayed in the save file dialog.
843 * @return {String|null}
844 * The path to the local saved file, if saved.
845 */
847 parentWindow,
848 dataArray,
850 filters = []
851 ) {
855 parentWindow,
856 fileName,
857 filters
858 );
861 }
865 });
868 };
870 /**
871 * Show file picker and return the file user selected.
872 *
873 * @param {nsIWindow} parentWindow
874 * Optional parent window. If null the parent window of the file picker
875 * will be the window of the attached input element.
876 * @param {String} suggestedFilename
877 * The suggested filename.
878 * @param {Array} filters
879 * An array of object of the following shape:
880 * - pattern: A pattern for accepted files (example: "*.js")
881 * - label: The label that will be displayed in the save file dialog.
882 * @return {Promise}
883 * A promise that is resolved after the file is selected by the file picker
884 */
886 parentWindow,
887 suggestedFilename,
888 filters = []
889 ) {
894 }
900 }
903 }
911 }
912 });
913 });
914 };
916 /*
917 * All of the flags have been moved to a different module. Make sure
918 * nobody is accessing them anymore, and don't write new code using
919 * them. We can remove this code after a while.
920 */
929 },
936 },
937 });
938 }
944 // Calls the property with the given `name` on the given `object`, where
945 // `name` is a string, and `object` a Debugger.Object instance.
946 //
947 // This function uses only the Debugger.Object API to call the property. It
948 // avoids the use of unsafeDeference. This is useful for example in workers,
949 // where unsafeDereference will return an opaque security wrapper to the
950 // referent.
952 // Find the property.
959 }
964 }
968 }
972 "The property isn't a native function and will execute code in the debuggee"
973 );
974 }
976 // Call the property.
980 }
983 }
985 }
989 // Convert a Debugger.Object wrapping an iterator into an iterator in the
990 // debugger's realm.
996 }
998 }
999 }
1003 /**
1004 * Shared helper to retrieve the topmost window. This can be used to retrieve the chrome
1005 * window embedding the DevTools frame.
1006 */
1009 }
1013 /**
1014 * Check whether two objects are identical by performing
1015 * a deep equality check on their properties and values.
1016 * See toolkit/modules/ObjectUtils.jsm for implementation.
1017 *
1018 * @param {Object} a
1019 * @param {Object} b
1020 * @return {Boolean}
1021 */
1024 };
1027 // Some workers are zombies. `isClosed` is false, but nothing works.
1028 // `postMessage` is a noop, `addListener`'s `onClosed` doesn't work.
1029 // (Ignore dbg without `window` as they aren't related to docShell
1030 // and probably do not suffer form this issue)
1032 }