Bug 1590908 - Part 3: Use CallerInnerWindow in LocationBase::SetURI, r=kmag
authorNika Layzell <nika@thelayzells.com>
Mon, 04 Nov 2019 15:05:56 +0000
changeset 500409 7842d89fdccf2cd64545bc1e54210df7b962e6ed
parent 500408 1c60e2224eead6fc0ae000c2a099fe6d9949d35c
child 500410 f9e4f9253b67e7f2c5e57dd47e36a6f2dba0a751
push id99572
push usernlayzell@mozilla.com
push dateMon, 04 Nov 2019 15:07:22 +0000
treeherderautoland@7842d89fdccf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskmag
bugs1590908
milestone72.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1590908 - Part 3: Use CallerInnerWindow in LocationBase::SetURI, r=kmag This doesn't fix every scenario, as chrome JS can still try to call one of these methods, which will cause a crash. We would need to move SendLoadURI to PContent so that chrome JS can navigate arbitrary contexts if we wanted to be certain no crash occurred. Unfortunately, chrome JS navigates in-process BrowsingContext objects very frequently in tests (etc), so we can't make location navigations which don't have an accessor fail. I considered making the method just produce an error, rather than doing a diagnostic assert, but I figured we should make that decision in another bug. Differential Revision: https://phabricator.services.mozilla.com/D50856
dom/base/LocationBase.cpp
--- a/dom/base/LocationBase.cpp
+++ b/dom/base/LocationBase.cpp
@@ -132,17 +132,17 @@ void LocationBase::SetURI(nsIURI* aURI, 
     if (aReplace) {
       loadState->SetLoadType(LOAD_STOP_CONTENT_AND_REPLACE);
     } else {
       loadState->SetLoadType(LOAD_STOP_CONTENT);
     }
 
     // Get the incumbent script's browsing context to set as source.
     nsCOMPtr<nsPIDOMWindowInner> sourceWindow =
-        do_QueryInterface(mozilla::dom::GetIncumbentGlobal());
+        nsContentUtils::CallerInnerWindow();
     RefPtr<BrowsingContext> accessingBC;
     if (sourceWindow) {
       accessingBC = sourceWindow->GetBrowsingContext();
       loadState->SetSourceDocShell(sourceWindow->GetDocShell());
     }
 
     loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
     loadState->SetFirstParty(true);