1601175 - SetScriptGlobalObject happens before we have properly set up the document (and hence principal!) of the inner window

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect, P3)

Description

[Boris Zbarsky [:bzbarsky]]

I just discovered today that we can end up in error-reporting code, examining an inner window's principal, when that principal is null. The sequence of events is as follows:

1. We are doing a pageload and land in nsGlobalWindowOuter::SetNewDocument.
2. We create a new inner window but have not set its mDoc yet.
3. We call SetScriptGlobalObject on the document.
4. This grabs CSP violation stuff and tries to report it via nsCSPContext::flushConsoleMessages.
5. This lands in nsScriptErrorBase::InitializeOnMainThread which tries to examine the principal of the window... but that's still nullptr at this point. It happens to not crash only because nsContentUtils::IsSystemPrincipal is null-safe. But, importantly, it's getting the wrong answers if we reach this code for an actual system-principal window via this path!

I am going to try to see what happens if I change the order around in SetNewDocument so we set up mDoc before calling SetScriptGlobalObject... That seems much saner to me, in terms of not passing partially-initialized inner windows around.

Comment 1

[Boris Zbarsky [:bzbarsky]]

In particular, nsScriptErrorBase::ComputeIsFromPrivateWindow and nsScriptErrorBase::ComputeIsFromChromeContext are the things that will get determined incorrectly.

Comment 2

[Boris Zbarsky [:bzbarsky]]

Attachment: Bug 1601175. Make sure the mDoc of an inner window is set before we call SetScriptGlobalObject on the document. r=peterv

Comment 3

[Pulsebot]

Pushed by bzbarsky@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3c1f509939f1
Make sure the mDoc of an inner window is set before we call SetScriptGlobalObject on the document.  r=peterv

Comment 4

[Noemi Erli[:noemi_erli]]

https://hg.mozilla.org/mozilla-central/rev/3c1f509939f1