Last Comment Bug 674436 - NS_ENSURE_TRUE(JS_GetProperty(ctx, object, "receiveMessage", &funval) with message manager and sandboxes
: NS_ENSURE_TRUE(JS_GetProperty(ctx, object, "receiveMessage", &funval) with me...
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: IPC (show other bugs)
: unspecified
: x86 All
: -- normal (vote)
: mozilla8
Assigned To: Josh Matthews [:jdm]
:
Mentors:
Depends on:
Blocks: 667259
  Show dependency treegraph
 
Reported: 2011-07-26 19:22 PDT by :Felipe Gomes (needinfo me!)
Modified: 2011-07-28 08:53 PDT (History)
5 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Relax message listener restrictions to allow callable proxies. (1.34 KB, patch)
2011-07-26 20:31 PDT, Josh Matthews [:jdm]
no flags Details | Diff | Splinter Review
Relax message listener restrictions to allow callable proxies. (2.17 KB, patch)
2011-07-27 13:07 PDT, Josh Matthews [:jdm]
bugs: review+
Details | Diff | Splinter Review

Description :Felipe Gomes (needinfo me!) 2011-07-26 19:22:38 PDT
I've been trying to add mm listeners using the Scratchpad, but whenever a message is received, I get the following error and the listener is not called:

WARNING: NS_ENSURE_TRUE(JS_GetProperty(ctx, object, "receiveMessage", &funval) && JSVAL_IS_OBJECT(funval) && !JSVAL_IS_NULL(funval)) failed: file c:/moz/mozilla
-central/ff-debug/content/base/src/../../../../mozilla/content/base/src/nsFrameMessageManager.cpp, line 436


How to reproduce:
-----------------
set the pref devtools.chrome.enabled = true
Open Scratchpad (Shift + F4) and set Environment -> Browser

type this code in the text area, select all the text and choose Execute -> Run:

/***** begin *****/

gBrowser.selectedBrowser.messageManager.addMessageListener("z", function(o) {
  alert(o.json.q);
});

gBrowser.selectedBrowser.messageManager.loadFrameScript('data:,sendAsyncMessage("z", {q: "bar"})', false);

/***** end *****/


###########
What causes it is that the Scratchpad runs the code through a sandbox prototyped with the browser window.


The actual code boils down to:

/*** begin ***/
var mm = gBrowser.selectedBrowser.messageManager;
var win = Services.wm.getMostRecentWindow("navigator:browser");
var sand = new Cu.Sandbox(win, {sandboxPrototype:win});

var sandboxscript = "gBrowser.selectedBrowser.messageManager.addMessageListener('z', function(o) { alert(o.json.q);});"
Cu.evalInSandbox(sandboxscript, sand);
mm.loadFrameScript('data:,sendAsyncMessage("z", {q: "bar"})', false);

/*** end ***/
Comment 1 Josh Matthews [:jdm] 2011-07-26 20:31:49 PDT
Created attachment 548678 [details] [diff] [review]
Relax message listener restrictions to allow callable proxies.
Comment 2 Josh Matthews [:jdm] 2011-07-26 20:39:13 PDT
Comment on attachment 548678 [details] [diff] [review]
Relax message listener restrictions to allow callable proxies.

There's nothing wrong with this patch, but I just noticed the other call to JS_IsObjectFunction in the other branch. We should probably nix that too, because I suspect that the current testcase with an object that has receiveMessage would probably fail similarly.
Comment 3 Josh Matthews [:jdm] 2011-07-27 13:07:16 PDT
Created attachment 548880 [details] [diff] [review]
Relax message listener restrictions to allow callable proxies.
Comment 4 :Felipe Gomes (needinfo me!) 2011-07-27 14:22:44 PDT
thanks Josh!
http://hg.mozilla.org/integration/mozilla-inbound/rev/3d3f25a67e24
Comment 5 Dão Gottwald [:dao] 2011-07-28 02:53:39 PDT
backed out for android reftest failures
Comment 6 Marco Bonardo [::mak] 2011-07-28 02:56:57 PDT
I think it has nothing to do with those failures, my suspect is that the Android ndk changes are causing them (mozilla central has same failures)
Comment 7 Marco Bonardo [::mak] 2011-07-28 04:31:39 PDT
relanded
http://hg.mozilla.org/integration/mozilla-inbound/rev/c2ab7a1d1350
Comment 8 :Ehsan Akhgari 2011-07-28 08:18:08 PDT
This was backed out from inbound...
Comment 9 Marco Bonardo [::mak] 2011-07-28 08:53:16 PDT
it was not, I relanded it :)
http://hg.mozilla.org/mozilla-central/rev/c2ab7a1d1350

Note You need to log in before you can comment on or make changes to this bug.