| blob | 650876b1bb91047a548ce5c03cc7cb36ce38964f |
1 /* -*- Mode: IDL; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this
4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 #include "nsISupports.idl"
9 #include "jspubtd.h"
10 %}
25 webidl Element;
27 /**
28 * interface of Components.interfaces
29 * (interesting stuff only reflected into JavaScript)
30 */
33 {
34 };
36 /**
37 * interface of Components.classes
38 * (interesting stuff only reflected into JavaScript)
39 */
42 {
43 };
45 /**
46 * interface of Components.results
47 * (interesting stuff only reflected into JavaScript)
48 */
51 {
52 };
54 /**
55 * interface of Components.ID
56 * (interesting stuff only reflected into JavaScript)
57 */
60 {
61 };
63 /**
64 * interface of Components.Exception
65 * (interesting stuff only reflected into JavaScript)
66 */
69 {
70 };
72 /**
73 * interface of Components.Constructor
74 * (interesting stuff only reflected into JavaScript)
75 */
78 {
79 };
81 /**
82 * interface of object returned by Components.utils.Sandbox.
83 */
86 {
87 };
89 /**
90 * interface for callback to be passed to Cu.schedulePreciseGC
91 */
94 {
96 };
98 /**
99 * interface of Components.utils
100 */
103 {
104 /*
105 * Prints the provided message to stderr.
106 */
109 /*
110 * reportError is designed to be called from JavaScript only.
111 *
112 * It will report a JS Error object to the JS console, and return. It
113 * is meant for use in exception handler blocks which want to "eat"
114 * an exception, but still want to report it to the console.
115 *
116 * It must be called with one param, usually an object which was caught by
117 * an exception handler. If it is not a JS error object, the parameter
118 * is converted to a string and reported as a new error.
119 *
120 * If called with two parameters, and the first parameter is not an
121 * object, the second parameter is used as the stack for the error report.
122 */
127 /**
128 * Cu.Sandbox is used to create a sandbox object
129 *
130 * let sandbox = Cu.Sandbox(principal[, options]);
131 *
132 * Using new Cu.Sandbox(...) to create a sandbox has the same effect as
133 * calling Cu.Sandbox(...) without new.
134 *
135 * In JS, Cu.Sandbox uses the following parameters:
136 *
137 * @param {Principal} principal
138 * The security principal defined for a sandbox determines what code
139 * running in that sandbox will be allowed to do. The principal may be one
140 * of four types: the system principal, a content principal, an expanded
141 * principal or a null principal. Depending on the principal type,
142 * this argument can be a nsIPrincipal, a Window, a String, an Array
143 * or null. See below.
144 * A content principal can be provided by passing a nsIPrincipal, a
145 * DOM Window, or a string URI (not recommended).
146 * An expanded (or extended) principal is an array of principals,
147 * where each item can be either a nsIPrincipal, a DOM window or a
148 * string URI.
149 * A null principal can either be specified by passing `null` or
150 * created explicitly with `Cc["@mozilla.org/nullprincipal;1"].createInstance(Ci.nsIPrincipal);`
151 * @param {Object} options
152 * Optional parameters, valid properties are:
153 * - allowWaivers: {Boolean} Allows the caller to waive Xrays, in case
154 * Xrays were used. Defaults to true.
155 * - discardSource: {Boolean} For certain globals, we know enough about
156 * the code that will run in them that we can discard script source
157 * entirely. A discarded source will be re-read when stringifying
158 * functions.
159 * Defaults to false.
160 * - forceSecureContext: {Boolean} Determines whether content windows and
161 * workers are marked as "Secure Context"s. If principal is the system
162 * principal, the value is forced to true. Otherwise defaults to false.
163 * - freshCompartment: {Boolean} Whether the sandbox should be created
164 * using a new compartment. Defaults to false.
165 * - freshZone: {Boolean} if true creates a new GC region separate from
166 * both the calling context's and the sandbox prototype's region.
167 * Defaults to false.
168 * - invisibleToDebugger: {Boolean} Whether this sandbox and its scripts
169 * can be accessed by the JavaScript Debugger.
170 * Defaults to false.
171 * - isWebExtensionContentScript: {Boolean} Whether this sandbox
172 * corresponds to a WebExtension content script, and should receive
173 * various bits of special compatibility behavior.
174 * Defaults to false.
175 * - metadata: {Object} Object to use as the metadata for the sandbox. See
176 * setSandboxMetadata.
177 * - originAttributes: {Object} Dictionary of origin attributes to use if
178 * the principal was provided as a string.
179 * - sameZoneAs: {Object} Javascript Object in whose garbage collection
180 * region the sandbox should be created. This helps to improve memory
181 * usage by allowing sandboxes to be discarded when that zone goes away.
182 * It also improves performance and memory usage by allowing strings
183 * to be passed between the compartments without copying or using
184 * wrappers.
185 * Content scripts should pass the window they're running in as this
186 * parameter, in order to ensure that the script is cleaned up at the
187 * same time as the content itself.
188 * - sandboxContentSecurityPolicy: {String} The Content Security Policy
189 * to apply in this sandbox. This can be used to restrict eval
190 * (e.g. "script-src 'self'"). It does not apply to DOM methods
191 * that were retrieved from objects outside the sandbox.
192 * This is only implemented for Expanded Principals; if desired for
193 * other principals, bug 1548468 must be resolved first.
194 * When not specified, the default CSP is used (usually no CSP).
195 * - sandboxName: {String} Identifies the sandbox in about:memory. This
196 * property is optional, but very useful for tracking memory usage. A
197 * recommended value for this property is an absolute path to the script
198 * responsible for creating the sandbox. If you don't specify a sandbox
199 * name it will default to the caller's filename.
200 * - sandboxPrototype: {Object} Prototype object for the sandbox. The
201 * sandbox will inherit the contents of this object if it's provided.
202 * Passing a content window object, setting wantXrays:true (default) and
203 * using an extended principal provides a clean, isolated execution
204 * environment in which javascript code that needs Web APIs (such as
205 * accessing the window's DOM) can be executed without interference from
206 * untrusted content code.
207 * - userContextId: {Number} The id of the user context this sandbox is
208 * inside. Defaults to 0.
209 * - wantComponents: {Boolean} Indicates whether the Components object is
210 * available or not in the sandbox. If the sandbox interacts with
211 * untrusted content this should be set to false when possible to
212 * further reduce possible attack surface.
213 * Defaults to true.
214 * - wantExportHelpers: {Boolean} if true, then createObjectIn(),
215 * evalInWindow(), and exportFunction() are available in the sandbox.
216 * Defaults to false.
217 * - wantGlobalProperties: {Array<String>} Each string is the name of an
218 * object that you want to make available as a global to code running in
219 * the sandbox. Possible values: Blob, ChromeUtils, CSS, CSSRule,
220 * Directory, DOMParser, Element, Event, File, FileReader, FormData,
221 * InspectorCSSParser, InspectorUtils, MessageChannel, Node, NodeFilter,
222 PromiseDebugging, TextDecoder, TextEncoder, URL, URLSearchParams,
223 XMLHttpRequest, XMLSerializer, atob, btoa, caches, crypto, fetch,
224 indexedDB, rtcIdentityProvider
225 * - wantXrays: {Boolean} Whether the sandbox wants Xray vision with
226 * respect to same-origin objects outside the sandbox.
227 * Note that wantXrays is essentially deprecated. The preferred method
228 * of handling this now is to give the sandbox an expanded principal
229 * which inherits from the principal of the content compartment the
230 * sandbox will interact with. That lets the sandbox see the content
231 * compartment through X-ray wrappers, and gives any object passed from
232 * the sandbox to the content compartment opaque security wrappers unless
233 * export helpers are explicitly used.
234 * "Xray vision" is exactly the same Xray behavior that script always
235 * gets, by default, when working with DOM objects across origin
236 * boundaries. This is primarily visible for chrome code accessing
237 * content. However, it also occurs during cross-origin access between
238 * two content pages, since each page sees a "vanilla" view of the
239 * other. The protection is bidirectional: the caller sees the bonafide
240 * DOM objects without being confused by sneakily-redefined properties,
241 * and the target receives appropriate privacy from having its expandos
242 * inspected by untrusted callers. In situations where only
243 * unidirectional protection is needed, callers have the option to waive
244 * the X-ray behavior using wrappedJSObject or XPCNativeWrapper.unwrap().
245 * In general, when accessing same-origin content, script gets a
246 * Transparent wrapper rather than an Xray wrapper. However, sandboxes
247 * are often used when chrome wants to run script as another origin,
248 * possibly to interact with the page. In this case, same-origin Xrays
249 * are desirable, and wantXrays should be set to true.
250 * Defaults to true.
251 */
254 /*
255 * evalInSandbox is designed to be called from JavaScript only.
256 *
257 * evalInSandbox evaluates the provided source string in the given sandbox.
258 * It returns the result of the evaluation to the caller.
259 *
260 * var s = new C.u.Sandbox("http://www.mozilla.org");
261 * var res = C.u.evalInSandbox("var five = 5; 2 + five", s);
262 * var outerFive = s.five;
263 * s.seven = res;
264 * var thirtyFive = C.u.evalInSandbox("five * seven", s);
265 */
273 /*
274 * Get the sandbox for running JS-implemented UA widgets (video controls etc.),
275 * hosted inside UA-created Shadow DOM.
276 */
280 /*
281 * getSandboxMetadata is designed to be called from JavaScript only.
282 *
283 * getSandboxMetadata retrieves the metadata associated with
284 * a sandbox object. It will return undefined if there
285 * is no metadata attached to the sandbox.
286 *
287 * var s = C.u.Sandbox(..., { metadata: "metadata" });
288 * var metadata = C.u.getSandboxMetadata(s);
289 */
293 /*
294 * setSandboxMetadata is designed to be called from JavaScript only.
295 *
296 * setSandboxMetadata sets the metadata associated with
297 * a sandbox object.
298 *
299 * Note that the metadata object will be copied before being used.
300 * The copy will be performed using the structured clone algorithm.
301 * Note that this algorithm does not support reflectors and
302 * it will throw if it encounters them.
303 */
307 /*
308 * import is designed to be called from JavaScript only.
309 *
310 * Synchronously loads and evaluates the js file located at
311 * 'registryLocation' with a new, fully privileged global object.
312 *
313 * If 'targetObj' is specified and equal to null, returns the
314 * module's global object. Otherwise (if 'targetObj' is not
315 * specified, or 'targetObj' is != null) looks for a property
316 * 'EXPORTED_SYMBOLS' on the new global object. 'EXPORTED_SYMBOLS'
317 * is expected to be an array of strings identifying properties on
318 * the global object. These properties will be installed as
319 * properties on 'targetObj', or, if 'targetObj' is not specified,
320 * on the caller's global object. If 'EXPORTED_SYMBOLS' is not
321 * found, an error is thrown.
322 *
323 * @param resourceURI A resource:// URI string to load the module from.
324 * @param targetObj the object to install the exported properties on.
325 * If this parameter is a primitive value, this method throws
326 * an exception.
327 * @returns the module code's global object.
328 *
329 * The implementation maintains a hash of registryLocation->global obj.
330 * Subsequent invocations of importModule with 'registryLocation'
331 * pointing to the same file will not cause the module to be re-evaluated,
332 * but the symbols in EXPORTED_SYMBOLS will be exported into the
333 * specified target object and the global object returned as above.
334 *
335 * TODO: Remove this once m-c, c-c, and out-of-tree code migrations finish
336 * (bug 1776175, bug 1881888).
337 */
341 /**
342 * Returns true if the JSM is loaded into the system global previously via
343 * the import method above, or corresponding ESM is loaded. Returns false
344 * otherwise.
345 *
346 * @param resourceURI A resource:// URI string representing the location of
347 * the js file to be checked if it is already loaded or not.
348 * @returns boolean, true if the js file has been loaded via import. false
349 * otherwise
350 */
354 /**
355 * Returns true if the JSM is loaded into the system global previously via
356 * the import method above. Returns false otherwise.
357 *
358 * TODO: Remove this once m-c, c-c, and out-of-tree code migrations finish
359 * (bug 1776175, bug 1881888).
360 */
363 /**
364 * Returns true if the ESM is loaded into the system global previously via
365 * the ChromeUtils.importESModule method etc. Returns false otherwise.
366 */
369 /*
370 * Unloads the JS module at 'registryLocation'. Existing references to the
371 * module will continue to work but any subsequent import of the module will
372 * reload it and give new reference. If the JS module hasn't yet been
373 * imported then this method will do nothing.
374 *
375 * @param resourceURI A resource:// URI string to unload the module from.
376 *
377 * TODO: Remove this once m-c, c-c, and out-of-tree code migrations finish
378 * (bug 1776175, bug 1881888).
379 */
382 /*
383 * Imports global properties (like DOM constructors) into the scope, defining
384 * them on the caller's global. aPropertyList should be an array of property
385 * names.
386 *
387 * See xpc::GlobalProperties::Parse for the current list of supported
388 * properties.
389 */
393 /*
394 * To be called from JS only.
395 *
396 * Return a weak reference for the given JS object.
397 */
401 /*
402 * To be called from JS only.
403 *
404 * Force an immediate garbage collection cycle.
405 */
409 /*
410 * To be called from JS only.
411 *
412 * Force an immediate cycle collection cycle.
413 */
416 /*
417 * To be called from JS only. C++ callers should use the
418 * nsCycleCollector_createLogger() function instead.
419 *
420 * Create an instance of the built-in cycle collector logger object.
421 */
422 nsICycleCollectorListener createCCLogger();
424 /*
425 * To be called from JS only.
426 *
427 * If any incremental CC is in progress, finish it. For testing.
428 */
431 /*
432 * To be called from JS only.
433 *
434 * Do some cycle collector work, with the given work budget.
435 * The cost of calling Traverse() on a single object is set as 1.
436 * For testing.
437 */
440 /*
441 * To be called from JS only.
442 *
443 * Return the longest cycle collector slice time since the last
444 * time clearMaxCCTime() was called.
445 */
448 /*
449 * To be called from JS only.
450 *
451 * Reset the internal max slice time value used for
452 * getMaxCCSliceTimeSinceClear().
453 */
456 /*
457 * To be called from JS only.
458 *
459 * Force an immediate shrinking garbage collection cycle.
460 */
464 /*
465 * Schedule a garbage collection cycle for a point in the future when no JS
466 * is running. Call the provided function once this has occurred.
467 */
470 /*
471 * Schedule a shrinking garbage collection cycle for a point in the future
472 * when no JS is running. Call the provided function once this has occured.
473 */
476 /*
477 * In a debug build, unlink any ghost windows. This is only for debugging
478 * leaks, and can cause bad things to happen if called.
479 */
482 /*
483 * In an NS_FREE_PERMANENT_DATA build, intentionally leak a C++ object. This
484 * is needed to test leak checking.
485 */
489 jsval getJSTestingFunctions();
491 /**
492 * Returns an object containing `filename` and `lineNumber` properties
493 * describing the source location of the given function.
494 */
498 /*
499 * To be called from JS only.
500 *
501 * Call 'func', using the provided stack as the async stack responsible
502 * for the call, and propagate its return value or the exception it throws.
503 * The function is called with no arguments, and 'this' is 'undefined'.
504 *
505 * The code in the function will see the given stack frame as the
506 * asyncCaller of its own stack frame, instead of the current caller.
507 */
512 /*
513 * To be called from JS only.
514 *
515 * Returns the global object with which the given object is associated.
516 *
517 * @param obj The JavaScript object whose global is to be gotten.
518 * @return the corresponding global.
519 */
523 /*
524 * To be called from JS only.
525 *
526 * Returns the true if the object is a (scripted) proxy.
527 * NOTE: Security wrappers are unwrapped first before the check.
528 */
532 /*
533 * To be called from JS only.
534 *
535 * Instead of simply wrapping a function into another compartment,
536 * this helper function creates a native function in the target
537 * compartment and forwards the call to the original function.
538 * That call will be different than a regular JS function call in
539 * that, the |this| is left unbound, and all the non-native JS
540 * object arguments will be cloned using the structured clone
541 * algorithm.
542 * The return value is the new forwarder function, wrapped into
543 * the caller's compartment.
544 * The 3rd argument is an optional options object:
545 * - defineAs: the name of the property that will
546 * be set on the target scope, with
547 * the forwarder function as the value.
548 */
552 /*
553 * To be called from JS only.
554 *
555 * Returns an object created in |vobj|'s compartment.
556 * If defineAs property on the options object is a non-null ID,
557 * the new object will be added to vobj as a property. Also, the
558 * returned new object is always automatically waived (see waiveXrays).
559 */
563 /*
564 * To be called from JS only.
565 *
566 * Ensures that all functions come from vobj's scope (and aren't cross
567 * compartment wrappers).
568 */
572 /**
573 * Determines whether this object is backed by a DeadObjectProxy.
574 *
575 * Dead-wrapper objects hold no other objects alive (they have no outgoing
576 * reference edges) and will throw if you touch them (e.g. by
577 * reading/writing a property).
578 */
581 /**
582 * Determines whether this value is a remote object proxy, such as
583 * RemoteWindowProxy or RemoteLocationProxy, for an out-of-process frame.
584 *
585 * Remote object proxies do not grant chrome callers the same exemptions
586 * to the same-origin-policy that in-process wrappers typically do, so
587 * this can be used to determine whether access to cross-origin proxies is
588 * safe:
589 *
590 * if (!Cu.isRemoteProxy(frame.contentWindow)) {
591 * frame.contentWindow.doCrossOriginThing();
592 * }
593 */
596 /*
597 * To be called from JS only. This is for Gecko internal use only, and may
598 * disappear at any moment.
599 *
600 * Forces a recomputation of all wrappers in and out of the compartment
601 * containing |vobj|. If |vobj| is not an object, all wrappers system-wide
602 * are recomputed.
603 */
607 /*
608 * To be called from JS only. This is for Gecko internal use only, and may
609 * disappear at any moment.
610 *
611 * Enables Xray vision for same-compartment access for the compartment
612 * indicated by |vscope|. All outgoing wrappers are recomputed.
613 *
614 * This must not be called on chrome (system-principal) scopes.
615 */
619 /*
620 * Dispatches a runnable to the current/main thread. If |scope| is passed,
621 * the runnable will be dispatch in the compartment of |scope|, which
622 * affects which error reporter gets called.
623 */
627 // Returns true if we're running in automation and certain security
628 // restrictions can be eased.
631 // Called by automated tests to exit immediately after we are done getting
632 // test results.
643 /*
644 * API to dynamically block script for a given global. This takes effect
645 * immediately, unlike other APIs that only affect newly-created globals.
646 *
647 * The machinery here maintains a counter, and allows script only if each
648 * call to blockScriptForGlobal() has been matched with a call to
649 * unblockScriptForGlobal(). The caller _must_ make sure never to call
650 * unblock() more times than it calls block(), since that could potentially
651 * interfere with another consumer's script blocking.
652 */
660 /**
661 * Check whether the given object is an opaque wrapper (PermissiveXrayOpaque).
662 */
665 /**
666 * Check whether the given object is an XrayWrapper.
667 */
670 /**
671 * Waive Xray on a given value. Identity op for primitives.
672 */
676 /**
677 * Strip off Xray waivers on a given value. Identity op for primitives.
678 */
682 /**
683 * Gets the name of the JSClass of the object.
684 *
685 * if |aUnwrap| is true, all wrappers are unwrapped first. Unless you're
686 * specifically trying to detect whether the object is a proxy, this is
687 * probably what you want.
688 */
692 /**
693 * Gets the incument global for the execution of this function. For internal
694 * and testing use only.
695 *
696 * If |callback| is passed, it is invoked with the incumbent global as its
697 * sole argument. This allows the incumbent global to be measured in callback
698 * environments with no scripted frames on the stack.
699 */
703 /**
704 * Returns a name for the given function or object which is useful for
705 * debugging. It will be very similar to the name displayed in call
706 * stacks.
708 * Objects which contain a single enumerable property which is a function
709 * will generate a name based on that function. Any other non-function
710 * objects will return "nonfunction".
711 */
715 /**
716 * Retrieve the last time, in microseconds since epoch, that a given
717 * watchdog-related event occured.
718 *
719 * Valid categories:
720 * "ContextStateChange" - Context switching between active and inactive states
721 * "WatchdogWakeup" - Watchdog waking up from sleeping
722 * "WatchdogHibernateStart" - Watchdog begins hibernating
723 * "WatchdogHibernateStop" - Watchdog stops hibernating
724 */
728 jsval getJSEngineTelemetryValue();
730 /*
731 * Clone an object into a scope.
732 * The 3rd argument is an optional options object:
733 * - cloneFunctions: boolean. If true, functions in the value are
734 * wrapped in a function forwarder that appears to be a native function in
735 * the content scope. Defaults to false.
736 * - wrapReflectors: boolean. If true, DOM objects are passed through the
737 * clone directly with cross-compartment wrappers. Otherwise, the clone
738 * fails when such an object is encountered. Defaults to false.
739 */
743 /*
744 * When C++-Implemented code does security checks, it can generally query
745 * the subject principal (i.e. the principal of the most-recently-executed
746 * script) in order to determine the responsible party. However, when an API
747 * is implemented in JS, this doesn't work - the most-recently-executed
748 * script is always the System-Principaled API implementation. So we need
749 * another mechanism.
750 *
751 * Hence the notion of the "WebIDL Caller". If the current Entry Script on
752 * the Script Settings Stack represents the invocation of JS-implemented
753 * WebIDL, this API returns the principal of the caller at the time
754 * of invocation. Otherwise (i.e. outside of JS-implemented WebIDL), this
755 * function throws. If it throws, you probably shouldn't be using it.
756 */
757 nsIPrincipal getWebIDLCallerPrincipal();
759 /*
760 * Gets the principal of a script object, after unwrapping any cross-
761 * compartment wrappers.
762 */
766 /*
767 * Gets the URI or identifier string associated with an object's
768 * realm (the same one used by the memory reporter machinery).
769 *
770 * Unwraps cross-compartment wrappers first.
771 *
772 * The string formats and values may change at any time. Do not depend on
773 * this from addon code.
774 */
778 /*
779 * Return a fractional number of milliseconds from process
780 * startup, measured with a monotonic clock.
781 */
784 /*
785 * Reads the given file and returns its contents. If called during early
786 * startup, the file will be pre-read on a background thread during profile
787 * startup so its contents will be available the next time they're read.
788 *
789 * The file must be a text file encoded in UTF-8. Otherwise the result is
790 * undefined.
791 */
794 /*
795 * Reads the given local file URL and returns its contents. This has the
796 * same semantics of readUTF8File.
797 * Only supports file URLs or URLs that point into one of the omnijars.
798 */
801 /* Create a spellchecker object. */
802 nsIEditorSpellCheck createSpellChecker();
804 /* Create a commandline object.
805 *
806 * @return a new `nsICommandLine` instance.
807 *
808 * @param args
809 * The arguments of the command line, not including the app/program itself.
810 * @param workingDir
811 * An optional working directory for the command line.
812 * @param state
813 * The command line's state, one of `nsICommandLine.STATE_INITIAL_LAUNCH`,
814 * `nsICommandLine.STATE_REMOTE_AUTO`, or
815 * `nsICommandLine.STATE_REMOTE_EXPLICIT`.
816 */
821 /* Create a command params object. */
822 nsICommandParams createCommandParams();
824 /* Create a loadcontext object. */
825 nsILoadContext createLoadContext();
827 /* Create a private loadcontext object. */
828 nsILoadContext createPrivateLoadContext();
830 /* Create a persistent property object. */
831 nsIPersistentProperties createPersistentProperties();
833 /* Create a document encoder object. */
836 /* Create an HTML copy encoder object. */
837 nsIDocumentEncoder createHTMLCopyEncoder();
839 // These attributes are for startup testing purposes. They are not expected
840 // to be used for production code.
842 // Array of the URI of JSM and ESM loaded, converting ESM URI into JSM URI.
845 // Array of the URI of JSM loaded.
848 // Array of the URI of ESM loaded.
852 // This function will only return useful values if the
853 // "browser.startup.record" preference was true at the time the JS file
854 // was loaded.
856 };
858 /**
859 * Interface for the 'Components' object.
860 */
864 {
871 // Will return null if there is no JS stack right now.
881 // A javascript component can set |returnCode| to specify an nsresult to
882 // be returned without throwing an exception.
883 attribute jsval returnCode;
884 };