Revert "Bug 1340719 - Throw an exception if accessing Xray from wrong docgroup (r=bholley)"
authorBill McCloskey <billm@mozilla.com>
Fri, 07 Apr 2017 14:22:23 -0700
changeset 351981 6c5217a2b92a0773a6ac097938dd19f37d03d9ab
parent 351980 50aee6c869012859a3395ddfda2aa4fd62fff1c5
child 351982 5f26e6ae5421568f030d17a2f8440e3ecc4ccabf
push id31624
push userarchaeopteryx@coole-files.de
push dateSat, 08 Apr 2017 20:49:20 +0000
treeherdermozilla-central@2a3ecdb7d1ea [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1340719
milestone55.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Revert "Bug 1340719 - Throw an exception if accessing Xray from wrong docgroup (r=bholley)" This reverts commit ff10f4faedd42f13ed2899cf4ea05c47411aba95.
dom/base/DocGroup.h
dom/base/nsFrameMessageManager.cpp
dom/base/test/browser.ini
dom/base/test/browser_docgroup_forbid.js
dom/base/test/file_docgroup_forbid.html
js/xpconnect/src/XPCWrappedNativeScope.cpp
js/xpconnect/src/nsXPConnect.cpp
js/xpconnect/src/xpcprivate.h
js/xpconnect/src/xpcpublic.h
js/xpconnect/wrappers/DocGroupValidationWrapper.cpp
js/xpconnect/wrappers/DocGroupValidationWrapper.h
js/xpconnect/wrappers/WrapperFactory.cpp
js/xpconnect/wrappers/moz.build
modules/libpref/init/all.js
testing/profiles/prefs_general.js
xpcom/threads/Dispatcher.h
--- a/dom/base/DocGroup.h
+++ b/dom/base/DocGroup.h
@@ -88,22 +88,16 @@ public:
   virtual nsIEventTarget* EventTargetFor(TaskCategory aCategory) const override;
 
   // Ensure that it's valid to access the DocGroup at this time.
   void ValidateAccess() const
   {
     mTabGroup->ValidateAccess();
   }
 
-  // Like ValidateAccess, but it returns a bool rather than asserting.
-  bool AccessAllowed() const
-  {
-    return mTabGroup->AccessAllowed();
-  }
-
   // Return a pointer that can be continually checked to see if access to this
   // DocGroup is valid. This pointer should live at least as long as the
   // DocGroup.
   bool* GetValidAccessPtr();
 
 private:
   virtual AbstractThread*
   AbstractMainThreadForImpl(TaskCategory aCategory) override;
--- a/dom/base/nsFrameMessageManager.cpp
+++ b/dom/base/nsFrameMessageManager.cpp
@@ -1712,17 +1712,16 @@ nsMessageManagerScriptExecutor::InitChil
 
 
   JS::Rooted<JSObject*> global(cx, mGlobal->GetJSObject());
   NS_ENSURE_TRUE(global, false);
 
   // Set the location information for the new global, so that tools like
   // about:memory may use that information.
   xpc::SetLocationForGlobal(global, aID);
-  xpc::SetDocGroupValidation(global);
 
   DidCreateGlobal();
   return true;
 }
 
 void
 nsMessageManagerScriptExecutor::MarkScopesForCC()
 {
--- a/dom/base/test/browser.ini
+++ b/dom/base/test/browser.ini
@@ -4,17 +4,16 @@ support-files =
   empty.html
   file_audioLoop.html
   file_audioLoopInIframe.html
   file_bug1011748_redirect.sjs
   file_bug1011748_OK.sjs
   file_bug1303838.html
   file_bug1303838_target.html
   file_bug1303838_with_iframe.html
-  file_docgroup_forbid.html
   file_messagemanager_unload.html
   file_pluginAudio.html
   file_use_counter_outer.html
   file_use_counter_svg_getElementById.svg
   file_use_counter_svg_currentScale.svg
   file_use_counter_svg_fill_pattern_definition.svg
   file_use_counter_svg_fill_pattern.svg
   file_use_counter_svg_fill_pattern_internal.svg
@@ -22,18 +21,16 @@ support-files =
   file_webaudioLoop.html
   plugin.js
 
 [browser_bug593387.js]
 [browser_bug902350.js]
 tags = mcb
 [browser_bug1011748.js]
 [browser_bug1058164.js]
-[browser_docgroup_forbid.js]
-skip-if = !e10s
 [browser_messagemanager_loadprocessscript.js]
 [browser_messagemanager_targetframeloader.js]
 [browser_messagemanager_unload.js]
 [browser_pagehide_on_tab_close.js]
 skip-if = e10s # this tests non-e10s behavior. it's not expected to work in e10s.
 [browser_state_notifications.js]
 skip-if = true # Bug 1271028
 [browser_use_counters.js]
deleted file mode 100644
--- a/dom/base/test/browser_docgroup_forbid.js
+++ /dev/null
@@ -1,74 +0,0 @@
-const url = "https://example.com/browser/dom/base/test/file_docgroup_forbid.html";
-
-function frameScript() {
-  let e = Services.ww.getWindowEnumerator();
-  let exception = false;
-  while (e.hasMoreElements()) {
-    try {
-      /*
-       * If this is a window we're not supposed to touch, we'll get an
-       * error very early here (during the QI).
-       */
-      var window = e.getNext().QueryInterface(Components.interfaces.nsIDOMWindow);
-      var doc = window.document;
-    } catch (e) {
-      if (/accessing object in wrong DocGroup/.test(e.toString())) {
-        exception = true;
-        break;
-      }
-      throw e;
-    }
-
-    /*
-     * Do some stuff that will trigger the DocGroup assertions if we
-     * didn't throw.
-     */
-
-    let elt = doc.createElement("div");
-    elt.innerHTML = "hello!";
-    doc.body.appendChild(elt);
-
-    let evt = new window.CustomEvent("foopy");
-    doc.dispatchEvent(evt);
-  }
-  sendAsyncMessage("DocGroupTest:Done", exception);
-}
-
-function promiseMessage(messageManager, message) {
-  return new Promise(resolve => {
-    let listener = (msg) => {
-      messageManager.removeMessageListener(message, listener);
-      resolve(msg);
-    };
-
-    messageManager.addMessageListener(message, listener);
-  })
-}
-
-add_task(function*() {
-  // This pref is normally disabled during tests, but we want to test
-  // it here, so we enable it.
-  yield new Promise(go => {
-    SpecialPowers.pushPrefEnv({set: [["extensions.throw_on_docgroup_mismatch.enabled", true]]}, go)
-  });
-
-  let url1 = url + "?tab=1";
-  let url2 = url + "?tab=2";
-
-  let browser1 = gBrowser.selectedBrowser;
-
-  let tab2 = gBrowser.addTab(url2, {sameProcessAsFrameLoader: browser1.frameLoader});
-  let browser2 = tab2.linkedBrowser;
-  yield BrowserTestUtils.browserLoaded(browser2, false, url2);
-
-  browser1.loadURI(url1);
-  yield BrowserTestUtils.browserLoaded(browser1, false, url1);
-
-  browser1.messageManager.loadFrameScript(`data:,(${frameScript})();`, false);
-
-  let exception = yield promiseMessage(browser1.messageManager, "DocGroupTest:Done");
-
-  ok(exception, "Touching two windows threw an exception (that's good!)");
-
-  gBrowser.removeTab(tab2);
-});
deleted file mode 100644
--- a/dom/base/test/file_docgroup_forbid.html
+++ /dev/null
@@ -1,7 +0,0 @@
-<html>
-  <body>
-    <script>
-      document.addEventListener("foopy", function() { dump("ran event handler\n"); });
-    </script>
-  </body>
-</html>
--- a/js/xpconnect/src/XPCWrappedNativeScope.cpp
+++ b/js/xpconnect/src/XPCWrappedNativeScope.cpp
@@ -92,17 +92,16 @@ RemoteXULForbidsXBLScope(nsIPrincipal* a
 XPCWrappedNativeScope::XPCWrappedNativeScope(JSContext* cx,
                                              JS::HandleObject aGlobal)
       : mWrappedNativeMap(Native2WrappedNativeMap::newMap(XPC_NATIVE_MAP_LENGTH)),
         mWrappedNativeProtoMap(ClassInfo2WrappedNativeProtoMap::newMap(XPC_NATIVE_PROTO_MAP_LENGTH)),
         mComponents(nullptr),
         mNext(nullptr),
         mGlobalJSObject(aGlobal),
         mHasCallInterpositions(false),
-        mDocGroupValidation(false),
         mIsContentXBLScope(false),
         mIsAddonScope(false)
 {
     // add ourselves to the scopes list
     {
         MOZ_ASSERT(aGlobal);
         DebugOnly<const js::Class*> clasp = js::GetObjectClass(aGlobal);
         MOZ_ASSERT(clasp->flags & (JSCLASS_PRIVATE_IS_NSISUPPORTS |
@@ -163,19 +162,16 @@ XPCWrappedNativeScope::XPCWrappedNativeS
             UpdateInterpositionWhitelist(cx, mInterposition);
           }
         }
     }
 
     if (addonId) {
         // We forbid CPOWs unless they're specifically allowed.
         priv->allowCPOWs = gAllowCPOWAddonSet ? gAllowCPOWAddonSet->has(addonId) : false;
-
-        // Automatically opt into DocGroup validation for add-on compartments.
-        mDocGroupValidation = true;
     }
 }
 
 // static
 bool
 XPCWrappedNativeScope::IsDyingScope(XPCWrappedNativeScope* scope)
 {
     for (XPCWrappedNativeScope* cur = gDyingScopes; cur; cur = cur->mNext) {
--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@@ -1368,22 +1368,16 @@ AllowCPOWsInAddon(const nsACString& addo
     if (!jsapi.Init(xpc::PrivilegedJunkScope()))
         return false;
     addonId = NewAddonId(jsapi.cx(), addonIdStr);
     if (!addonId)
         return false;
     return XPCWrappedNativeScope::AllowCPOWsInAddon(jsapi.cx(), addonId, allow);
 }
 
-void
-SetDocGroupValidation(JSObject* global)
-{
-    CompartmentPrivate::Get(global)->scope->SetDocGroupValidation();
-}
-
 } // namespace xpc
 
 namespace mozilla {
 namespace dom {
 
 bool
 IsChromeOrXBL(JSContext* cx, JSObject* /* unused */)
 {
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -861,19 +861,16 @@ public:
 
     // Forces the creation of a privileged |Components| object, even in
     // content scopes. This will crash if used outside of automation.
     void
     ForcePrivilegedComponents();
 
     bool AttachComponentsObject(JSContext* aCx);
 
-    void SetDocGroupValidation() { mDocGroupValidation = true; }
-    bool HasDocGroupValidation() const { return mDocGroupValidation; }
-
     // Returns the JS object reflection of the Components object.
     bool
     GetComponentsJSObject(JS::MutableHandleObject obj);
 
     JSObject*
     GetGlobalJSObject() const {
         return mGlobalJSObject;
     }
@@ -1065,22 +1062,16 @@ private:
     // This is a service that will be use to interpose on some property accesses on
     // objects from other scope, for add-on compatibility reasons.
     nsCOMPtr<nsIAddonInterposition>  mInterposition;
 
     // If this flag is set, we intercept function calls on vanilla JS function objects
     // from this scope if the caller scope has mInterposition set.
     bool mHasCallInterpositions;
 
-    // If this flag is set, Xray wrappers from this compartment to content
-    // compartments will be DocGroupValidationWrappers of some
-    // sort. Consequently, this compartment will throw instead of asserting for
-    // DocGroup mismatches.
-    bool mDocGroupValidation;
-
     nsAutoPtr<DOMExpandoSet> mDOMExpandoSet;
 
     JS::WeakMapPtr<JSObject*, JSObject*> mXrayExpandos;
 
     bool mIsContentXBLScope;
     bool mIsAddonScope;
 
     // For remote XUL domains, we run all XBL in the content scope for compat
--- a/js/xpconnect/src/xpcpublic.h
+++ b/js/xpconnect/src/xpcpublic.h
@@ -358,18 +358,16 @@ bool StringToJsval(JSContext* cx, mozill
 nsIPrincipal* GetCompartmentPrincipal(JSCompartment* compartment);
 
 void NukeAllWrappersForCompartment(JSContext* cx, JSCompartment* compartment,
                                    js::NukeReferencesToWindow nukeReferencesToWindow = js::NukeWindowReferences);
 
 void SetLocationForGlobal(JSObject* global, const nsACString& location);
 void SetLocationForGlobal(JSObject* global, nsIURI* locationURI);
 
-void SetDocGroupValidation(JSObject* global);
-
 // ReportJSRuntimeExplicitTreeStats will expect this in the |extra| member
 // of JS::ZoneStats.
 class ZoneStatsExtras {
 public:
     ZoneStatsExtras() {}
 
     nsCString pathPrefix;
 
deleted file mode 100644
--- a/js/xpconnect/wrappers/DocGroupValidationWrapper.cpp
+++ /dev/null
@@ -1,274 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* vim: set ts=8 sts=4 et sw=4 tw=99: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "DocGroupValidationWrapper.h"
-#include "AddonWrapper.h"
-#include "WaiveXrayWrapper.h"
-
-#include "mozilla/dom/DocGroup.h"
-#include "nsGlobalWindow.h"
-
-using namespace xpc;
-
-static bool
-AccessAllowed(JSContext* cx, JS::Handle<JSObject*> wrapper)
-{
-    RootedObject unwrapped(cx, UncheckedUnwrap(wrapper));
-    RefPtr<nsGlobalWindow> window = WindowGlobalOrNull(unwrapped);
-    if (!window) {
-        // Access to non-windows is always kosher.
-        return true;
-    }
-
-    if (window->GetDocGroup()->AccessAllowed())
-        return true;
-
-    static bool sThrowOnMismatch;
-    static bool sPrefInitialized;
-    if (!sPrefInitialized) {
-        sPrefInitialized = true;
-        Preferences::AddBoolVarCache(&sThrowOnMismatch,
-                                     "extensions.throw_on_docgroup_mismatch.enabled");
-    }
-
-    // If DocGroup validation is disabled, don't throw.
-    if (!sThrowOnMismatch)
-        return true;
-
-    JS_ReportErrorASCII(cx, "accessing object in wrong DocGroup");
-    return false;
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::getOwnPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id,
-                                                          MutableHandle<PropertyDescriptor> desc) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::getOwnPropertyDescriptor(cx, wrapper, id, desc);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::defineProperty(JSContext* cx, HandleObject wrapper, HandleId id,
-                                                Handle<PropertyDescriptor> desc,
-                                                ObjectOpResult& result) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::defineProperty(cx, wrapper, id, desc, result);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::ownPropertyKeys(JSContext* cx, HandleObject wrapper,
-                                                 AutoIdVector& props) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::ownPropertyKeys(cx, wrapper, props);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::delete_(JSContext* cx, HandleObject wrapper, HandleId id,
-                                         ObjectOpResult& result) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::delete_(cx, wrapper, id, result);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::enumerate(JSContext* cx, HandleObject wrapper, MutableHandleObject objp) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::enumerate(cx, wrapper, objp);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::getPrototype(JSContext* cx, HandleObject proxy,
-                                              MutableHandleObject protop) const
-{
-    return AccessAllowed(cx, proxy) &&
-           Base::getPrototype(cx, proxy, protop);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::setPrototype(JSContext* cx, HandleObject proxy, HandleObject proto,
-                                              ObjectOpResult& result) const
-{
-    return AccessAllowed(cx, proxy) &&
-           Base::setPrototype(cx, proxy, proto, result);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary,
-                                                        MutableHandleObject protop) const
-{
-    return AccessAllowed(cx, proxy) &&
-           Base::getPrototypeIfOrdinary(cx, proxy, isOrdinary, protop);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::setImmutablePrototype(JSContext* cx, HandleObject proxy,
-                                                       bool* succeeded) const
-{
-    return AccessAllowed(cx, proxy) &&
-           Base::setImmutablePrototype(cx, proxy, succeeded);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::preventExtensions(JSContext* cx, HandleObject wrapper,
-                                                   ObjectOpResult& result) const
-{
-    return AccessAllowed(cx, wrapper) &&
-        Base::preventExtensions(cx, wrapper, result);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::isExtensible(JSContext* cx, HandleObject wrapper, bool* extensible) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::isExtensible(cx, wrapper, extensible);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::has(JSContext* cx, HandleObject wrapper, HandleId id, bool* bp) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::has(cx, wrapper, id, bp);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::get(JSContext* cx, HandleObject wrapper, HandleValue receiver,
-                                     HandleId id, MutableHandleValue vp) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::get(cx, wrapper, receiver, id, vp);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::set(JSContext* cx, HandleObject wrapper, HandleId id, HandleValue v,
-                                     HandleValue receiver, ObjectOpResult& result) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::set(cx, wrapper, id, v, receiver, result);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::call(JSContext* cx, HandleObject wrapper, const CallArgs& args) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::call(cx, wrapper, args);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::construct(JSContext* cx, HandleObject wrapper, const CallArgs& args) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::construct(cx, wrapper, args);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::getPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id,
-                                                       MutableHandle<PropertyDescriptor> desc) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::getPropertyDescriptor(cx, wrapper, id, desc);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::hasOwn(JSContext* cx, HandleObject wrapper, HandleId id, bool* bp) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::hasOwn(cx, wrapper, id, bp);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::getOwnEnumerablePropertyKeys(JSContext* cx, HandleObject wrapper,
-                                                              AutoIdVector& props) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::getOwnEnumerablePropertyKeys(cx, wrapper, props);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::hasInstance(JSContext* cx, HandleObject wrapper, MutableHandleValue v,
-                                             bool* bp) const
-{
-    return AccessAllowed(cx, wrapper) &&
-           Base::hasInstance(cx, wrapper, v, bp);
-}
-
-template<typename Base>
-const char*
-DocGroupValidationWrapper<Base>::className(JSContext* cx, HandleObject proxy) const
-{
-    return AccessAllowed(cx, proxy)
-         ? Base::className(cx, proxy)
-         : "forbidden";
-}
-
-template<typename Base>
-JSString*
-DocGroupValidationWrapper<Base>::fun_toString(JSContext* cx, HandleObject wrapper,
-                                              unsigned indent) const
-{
-    return AccessAllowed(cx, wrapper)
-           ? Base::fun_toString(cx, wrapper, indent)
-           : nullptr;
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::regexp_toShared(JSContext* cx, HandleObject proxy, MutableHandle<RegExpShared*> g) const
-{
-    return AccessAllowed(cx, proxy) &&
-           Base::regexp_toShared(cx, proxy, g);
-}
-
-template<typename Base>
-bool
-DocGroupValidationWrapper<Base>::boxedValue_unbox(JSContext* cx, HandleObject proxy, MutableHandleValue vp) const
-{
-    return AccessAllowed(cx, proxy) &&
-           Base::boxedValue_unbox(cx, proxy, vp);
-}
-
-namespace xpc {
-
-template<typename Base>
-const DocGroupValidationWrapper<Base> DocGroupValidationWrapper<Base>::singleton(0);
-
-#define DEFINE_SINGLETON(Base)                          \
-    template class DocGroupValidationWrapper<Base>
-
-DEFINE_SINGLETON(CrossCompartmentWrapper);
-DEFINE_SINGLETON(PermissiveXrayXPCWN);
-DEFINE_SINGLETON(PermissiveXrayDOM);
-DEFINE_SINGLETON(PermissiveXrayJS);
-
-DEFINE_SINGLETON(AddonWrapper<CrossCompartmentWrapper>);
-DEFINE_SINGLETON(AddonWrapper<PermissiveXrayXPCWN>);
-DEFINE_SINGLETON(AddonWrapper<PermissiveXrayDOM>);
-
-DEFINE_SINGLETON(WaiveXrayWrapper);
-
-} // namespace xpc
deleted file mode 100644
--- a/js/xpconnect/wrappers/DocGroupValidationWrapper.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
-/* vim: set ts=8 sts=4 et sw=4 tw=99: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef xpc_DocGroupValidationWrapper_h
-#define xpc_DocGroupValidationWrapper_h
-
-#include "mozilla/Attributes.h"
-
-#include "jswrapper.h"
-#include "WaiveXrayWrapper.h"
-#include "XrayWrapper.h"
-
-namespace xpc {
-
-template<typename Base>
-class DocGroupValidationWrapper : public Base {
-  public:
-    explicit constexpr DocGroupValidationWrapper(unsigned flags) : Base(flags) { }
-
-    /* Standard internal methods. */
-    virtual bool getOwnPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id,
-                                          MutableHandle<PropertyDescriptor> desc) const override;
-    virtual bool defineProperty(JSContext* cx, HandleObject wrapper, HandleId id,
-                                Handle<PropertyDescriptor> desc,
-                                ObjectOpResult& result) const override;
-    virtual bool ownPropertyKeys(JSContext* cx, HandleObject wrapper,
-                                 AutoIdVector& props) const override;
-    virtual bool delete_(JSContext* cx, HandleObject wrapper, HandleId id,
-                         ObjectOpResult& result) const override;
-    virtual bool enumerate(JSContext* cx, HandleObject wrapper, MutableHandleObject objp) const override;
-    virtual bool getPrototype(JSContext* cx, HandleObject proxy,
-                              MutableHandleObject protop) const override;
-    virtual bool setPrototype(JSContext* cx, HandleObject proxy, HandleObject proto,
-                              ObjectOpResult& result) const override;
-
-    virtual bool getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary,
-                                        MutableHandleObject protop) const override;
-    virtual bool setImmutablePrototype(JSContext* cx, HandleObject proxy,
-                                       bool* succeeded) const override;
-    virtual bool preventExtensions(JSContext* cx, HandleObject wrapper,
-                                   ObjectOpResult& result) const override;
-    virtual bool isExtensible(JSContext* cx, HandleObject wrapper, bool* extensible) const override;
-    virtual bool has(JSContext* cx, HandleObject wrapper, HandleId id, bool* bp) const override;
-    virtual bool get(JSContext* cx, HandleObject wrapper, HandleValue receiver,
-                     HandleId id, MutableHandleValue vp) const override;
-    virtual bool set(JSContext* cx, HandleObject wrapper, HandleId id, HandleValue v,
-                     HandleValue receiver, ObjectOpResult& result) const override;
-    virtual bool call(JSContext* cx, HandleObject wrapper, const CallArgs& args) const override;
-    virtual bool construct(JSContext* cx, HandleObject wrapper, const CallArgs& args) const override;
-
-    /* SpiderMonkey extensions. */
-    virtual bool getPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id,
-                                       MutableHandle<PropertyDescriptor> desc) const override;
-    virtual bool hasOwn(JSContext* cx, HandleObject wrapper, HandleId id, bool* bp) const override;
-    virtual bool getOwnEnumerablePropertyKeys(JSContext* cx, HandleObject wrapper,
-                                              AutoIdVector& props) const override;
-    virtual bool hasInstance(JSContext* cx, HandleObject wrapper, MutableHandleValue v,
-                             bool* bp) const override;
-    virtual const char* className(JSContext* cx, HandleObject proxy) const override;
-    virtual JSString* fun_toString(JSContext* cx, HandleObject wrapper,
-                                   unsigned indent) const override;
-    virtual bool regexp_toShared(JSContext* cx, HandleObject proxy, MutableHandle<RegExpShared*> g) const override;
-    virtual bool boxedValue_unbox(JSContext* cx, HandleObject proxy, MutableHandleValue vp) const override;
-
-    static const DocGroupValidationWrapper singleton;
-};
-
-#define DECLARE_SINGLETON(Base) \
-    extern template class DocGroupValidationWrapper<Base>
-
-DECLARE_SINGLETON(CrossCompartmentWrapper);
-DECLARE_SINGLETON(PermissiveXrayXPCWN);
-DECLARE_SINGLETON(PermissiveXrayDOM);
-DECLARE_SINGLETON(PermissiveXrayJS);
-
-DECLARE_SINGLETON(AddonWrapper<CrossCompartmentWrapper>);
-DECLARE_SINGLETON(AddonWrapper<PermissiveXrayXPCWN>);
-DECLARE_SINGLETON(AddonWrapper<PermissiveXrayDOM>);
-
-DECLARE_SINGLETON(WaiveXrayWrapper);
-
-} // namespace xpc
-
-#endif // xpc_DocGroupValidationWrapper_h
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -2,17 +2,16 @@
 /* vim: set ts=8 sts=4 et sw=4 tw=99: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "WaiveXrayWrapper.h"
 #include "FilteringWrapper.h"
 #include "AddonWrapper.h"
-#include "DocGroupValidationWrapper.h"
 #include "XrayWrapper.h"
 #include "AccessCheck.h"
 #include "XPCWrapper.h"
 #include "ChromeObjectWrapper.h"
 #include "WrapperFactory.h"
 
 #include "xpcprivate.h"
 #include "XPCMaps.h"
@@ -443,76 +442,16 @@ SelectAddonWrapper(JSContext* cx, Handle
         return &AddonWrapper<PermissiveXrayXPCWN>::singleton;
     else if (wrapper == &PermissiveXrayDOM::singleton)
         return &AddonWrapper<PermissiveXrayDOM>::singleton;
 
     // |wrapper| is not supported for interposition, so we don't do it.
     return wrapper;
 }
 
-static bool
-NeedsDocGroupValidationWrapper(JSContext* cx, HandleObject obj,
-                               JSCompartment* origin, JSCompartment* target,
-                               CompartmentPrivate* targetCompartmentPrivate)
-{
-    // We do DocGroup validation in the following circumstances:
-    //   - Only if the target compartment has the DocGroupValidation()
-    //     flag set (which includes any add-on compartments).
-    //   - Only if we're in the content process.
-    //   - Only if the origin compartment is not system principled and is not a sandbox.
-    //   - Only if the target compartment is system principled.
-
-    if (!targetCompartmentPrivate->scope->HasDocGroupValidation())
-        return false;
-
-    if (!XRE_IsContentProcess())
-        return false;
-
-    if (!AccessCheck::isChrome(target))
-        return false;
-
-    if (AccessCheck::isChrome(origin) ||
-        IsSandbox(js::GetGlobalForObjectCrossCompartment(obj)))
-    {
-        return false;
-    }
-
-    return true;
-}
-
-static const Wrapper*
-SelectDocGroupValidationWrapper(JSContext* cx, HandleObject obj, const Wrapper* wrapper)
-{
-    // Validation wrappers only supports certain wrapper types, so we check if
-    // we would have used one of the supported ones.
-    if (wrapper == &CrossCompartmentWrapper::singleton)
-        return &DocGroupValidationWrapper<CrossCompartmentWrapper>::singleton;
-    else if (wrapper == &PermissiveXrayXPCWN::singleton)
-        return &DocGroupValidationWrapper<PermissiveXrayXPCWN>::singleton;
-    else if (wrapper == &PermissiveXrayDOM::singleton)
-        return &DocGroupValidationWrapper<PermissiveXrayDOM>::singleton;
-    else if (wrapper == &PermissiveXrayJS::singleton)
-        return &DocGroupValidationWrapper<PermissiveXrayJS>::singleton;
-    else if (wrapper == &AddonWrapper<CrossCompartmentWrapper>::singleton)
-        return &DocGroupValidationWrapper<AddonWrapper<CrossCompartmentWrapper>>::singleton;
-    else if (wrapper == &AddonWrapper<PermissiveXrayXPCWN>::singleton)
-        return &DocGroupValidationWrapper<AddonWrapper<PermissiveXrayXPCWN>>::singleton;
-    else if (wrapper == &AddonWrapper<PermissiveXrayDOM>::singleton)
-        return &DocGroupValidationWrapper<AddonWrapper<PermissiveXrayDOM>>::singleton;
-    else if (wrapper == &WaiveXrayWrapper::singleton)
-        return &DocGroupValidationWrapper<WaiveXrayWrapper>::singleton;
-
-    // If NeedsDocGroupValidationWrapper is true, then securityWrapper should be false
-    // and xrayType should never be NotXray (since the target always subsumes the origin
-    // and the origin never subsumes the target).
-    MOZ_ASSERT(wrapper == &WaiveXrayWrapper::singleton ||
-               wrapper == &(PermissiveXrayOpaque::singleton));
-    return wrapper;
-}
-
 JSObject*
 WrapperFactory::Rewrap(JSContext* cx, HandleObject existing, HandleObject obj)
 {
     MOZ_ASSERT(!IsWrapper(obj) ||
                GetProxyHandler(obj) == &XrayWaiver ||
                js::IsWindowProxy(obj),
                "wrapped object passed to rewrap");
     MOZ_ASSERT(!XrayUtils::IsXPCWNHolderClass(JS_GetClass(obj)), "trying to wrap a holder");
@@ -612,23 +551,16 @@ WrapperFactory::Rewrap(JSContext* cx, Ha
                           HasWaiveXrayFlag(obj);
 
         wrapper = SelectWrapper(securityWrapper, xrayType, waiveXrays, obj);
 
         // If we want to apply add-on interposition in the target compartment,
         // then we try to "upgrade" the wrapper to an interposing one.
         if (targetCompartmentPrivate->scope->HasInterposition())
             wrapper = SelectAddonWrapper(cx, obj, wrapper);
-
-        // Now try another "upgrade" to a DocGroupValidationWrapper.
-        if (NeedsDocGroupValidationWrapper(cx, obj, origin, target,
-                                           targetCompartmentPrivate))
-        {
-            wrapper = SelectDocGroupValidationWrapper(cx, obj, wrapper);
-        }
     }
 
     if (!targetSubsumesOrigin) {
         // Do a belt-and-suspenders check against exposing eval()/Function() to
         // non-subsuming content.
         if (JSFunction* fun = JS_GetObjectFunction(obj)) {
             if (JS_IsBuiltinEvalFunction(fun) || JS_IsBuiltinFunctionConstructor(fun)) {
                 NS_WARNING("Trying to expose eval or Function to non-subsuming content!");
--- a/js/xpconnect/wrappers/moz.build
+++ b/js/xpconnect/wrappers/moz.build
@@ -7,17 +7,16 @@
 EXPORTS += [
     'WrapperFactory.h',
 ]
 
 UNIFIED_SOURCES += [
     'AccessCheck.cpp',
     'AddonWrapper.cpp',
     'ChromeObjectWrapper.cpp',
-    'DocGroupValidationWrapper.cpp',
     'FilteringWrapper.cpp',
     'WaiveXrayWrapper.cpp',
     'WrapperFactory.cpp',
 ]
 
 # XrayWrapper needs to be built separately becaue of template instantiations.
 SOURCES += [
     'XrayWrapper.cpp',
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5653,12 +5653,8 @@ pref("fuzzing.enabled", false);
 // turn these on and off, instead use the conditional-pref code in gfxPrefs.h
 // to do that.
 pref("layers.advanced.border-layers", 2);
 pref("layers.advanced.boxshadow-inset-layers", 2);
 pref("layers.advanced.boxshadow-outer-layers", 2);
 pref("layers.advanced.caret-layers", 2);
 pref("layers.advanced.displaybuttonborder-layers", 2);
 pref("layers.advanced.outline-layers", 2);
-
-// Determines whether we throw an exception when a frame script
-// accesses the wrong DocGroup. The alternative is to crash.
-user_pref("extensions.throw_on_docgroup_mismatch.enabled", true);
--- a/testing/profiles/prefs_general.js
+++ b/testing/profiles/prefs_general.js
@@ -365,10 +365,8 @@ user_pref("signon.rememberSignons", fals
 
 // Enable form autofill feature testing.
 user_pref("browser.formautofill.experimental", true);
 
 // Disable all recommended Marionette preferences for Gecko tests.
 // The prefs recommended by Marionette are typically geared towards
 // consumer automation; not vendor testing.
 user_pref("marionette.prefs.recommended", false);
-
-user_pref("extensions.throw_on_docgroup_mismatch.enabled", false);
--- a/xpcom/threads/Dispatcher.h
+++ b/xpcom/threads/Dispatcher.h
@@ -72,26 +72,20 @@ public:
   public:
     AutoProcessEvent();
     ~AutoProcessEvent();
 
   private:
     ValidatingDispatcher* mPrevRunningDispatcher;
   };
 
-  // Return true if it's valid to access the TabGroup at this time.
-  bool AccessAllowed() const
-  {
-    return !sRunningDispatcher || mAccessValid;
-  }
-
-  // Like AccessAllowed(), but asserts.
+  // Ensure that it's valid to access the TabGroup at this time.
   void ValidateAccess() const
   {
-    MOZ_ASSERT(AccessAllowed());
+    MOZ_ASSERT(!sRunningDispatcher || mAccessValid);
   }
 
   class Runnable;
   friend class Runnable;
 
   bool* GetValidAccessPtr() { return &mAccessValid; }
 
   nsresult Dispatch(const char* aName,