Bug 1125423 part 2 - Rename stopAtOuter argument to *Unwrap functions to stopAtWindowProxy. r=bz
authorJan de Mooij <jdemooij@mozilla.com>
Fri, 06 Nov 2015 19:03:52 +0100
changeset 307584 61022cd922f82c4d6eddb3a265ef0a8e4aecd836
parent 307583 0c5045d56439fee2304de57cdc02484e4810714f
child 307585 150f4e0ec3f9127f7a44f103cbadf89feb57e8a2
push id1040
push userraliiev@mozilla.com
push dateMon, 29 Feb 2016 17:11:22 +0000
treeherdermozilla-release@8c3167321162 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1125423
milestone45.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1125423 part 2 - Rename stopAtOuter argument to *Unwrap functions to stopAtWindowProxy. r=bz
dom/base/Navigator.cpp
dom/base/nsDOMClassInfo.cpp
dom/base/nsGlobalWindow.cpp
dom/bindings/BindingUtils.cpp
dom/bindings/BindingUtils.h
dom/bindings/CallbackObject.cpp
dom/bindings/Codegen.py
js/ductwork/debugger/JSDebugger.cpp
js/src/jscompartment.cpp
js/src/jswrapper.h
js/src/proxy/Wrapper.cpp
js/xpconnect/src/ExportHelpers.cpp
js/xpconnect/src/Sandbox.cpp
js/xpconnect/src/XPCCallContext.cpp
js/xpconnect/src/XPCComponents.cpp
js/xpconnect/src/XPCConvert.cpp
js/xpconnect/src/XPCJSID.cpp
js/xpconnect/src/XPCJSRuntime.cpp
js/xpconnect/src/XPCVariant.cpp
js/xpconnect/src/nsXPConnect.cpp
js/xpconnect/wrappers/AccessCheck.cpp
js/xpconnect/wrappers/WrapperFactory.cpp
js/xpconnect/wrappers/XrayWrapper.cpp
js/xpconnect/wrappers/XrayWrapper.h
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@@ -2248,17 +2248,17 @@ Navigator::DoResolve(JSContext* aCx, JS:
   const nsGlobalNameStruct* name_struct =
     nameSpaceManager->LookupNavigatorName(name);
   if (!name_struct) {
     return true;
   }
 
   JS::Rooted<JSObject*> naviObj(aCx,
                                 js::CheckedUnwrap(aObject,
-                                                  /* stopAtOuter = */ false));
+                                                  /* stopAtWindowProxy = */ false));
   if (!naviObj) {
     return Throw(aCx, NS_ERROR_DOM_SECURITY_ERR);
   }
 
   if (name_struct->mType == nsGlobalNameStruct::eTypeNewDOMBinding) {
     ConstructNavigatorProperty construct = name_struct->mConstructNavigatorProperty;
     MOZ_ASSERT(construct);
 
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -1508,17 +1508,17 @@ nsDOMConstructor::HasInstance(nsIXPConne
   if (v.isPrimitive()) {
     return NS_OK;
   }
 
   JS::Rooted<JSObject*> dom_obj(cx, v.toObjectOrNull());
   NS_ASSERTION(dom_obj, "nsDOMConstructor::HasInstance couldn't get object");
 
   // This might not be the right object, if there are wrappers. Unwrap if we can.
-  JSObject *wrapped_obj = js::CheckedUnwrap(dom_obj, /* stopAtOuter = */ false);
+  JSObject *wrapped_obj = js::CheckedUnwrap(dom_obj, /* stopAtWindowProxy = */ false);
   if (wrapped_obj)
       dom_obj = wrapped_obj;
 
   const JSClass *dom_class = JS_GetClass(dom_obj);
   if (!dom_class) {
     NS_ERROR("nsDOMConstructor::HasInstance can't get class.");
     return NS_ERROR_UNEXPECTED;
   }
@@ -2037,17 +2037,17 @@ nsWindowSH::GlobalResolve(nsGlobalWindow
       }
 
       ConstructorEnabled* checkEnabledForScope = name_struct->mConstructorEnabled;
       // We do the enabled check on the current compartment of cx, but for the
       // actual object we pass in the underlying object in the Xray case.  That
       // way the callee can decide whether to allow access based on the caller
       // or the window being touched.
       JS::Rooted<JSObject*> global(cx,
-        js::CheckedUnwrap(obj, /* stopAtOuter = */ false));
+        js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false));
       if (!global) {
         return NS_ERROR_DOM_SECURITY_ERR;
       }
       if (checkEnabledForScope && !checkEnabledForScope(cx, global)) {
         return NS_OK;
       }
 
       // The DOM constructor resolve machinery interacts with Xrays in tricky
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -4507,17 +4507,17 @@ nsGlobalWindow::SetOpener(JSContext* aCx
     // Chrome code trying to set some random value as opener
     aError.Throw(NS_ERROR_INVALID_ARG);
     return;
   }
 
   nsPIDOMWindow* win = nullptr;
   if (aOpener.isObject()) {
     JSObject* unwrapped = js::CheckedUnwrap(&aOpener.toObject(),
-                                            /* stopAtOuter = */ false);
+                                            /* stopAtWindowProxy = */ false);
     if (!unwrapped) {
       aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
       return;
     }
 
     win = xpc::WindowOrNull(unwrapped);
     if (!win) {
       // Wasn't a window
@@ -7819,17 +7819,17 @@ nsGlobalWindow::CallerInnerWindow()
   // sandboxPrototype. This used to work incidentally for unrelated reasons, but
   // now we need to do some special handling to support it.
   if (xpc::IsSandbox(scope)) {
     JSAutoCompartment ac(cx, scope);
     JS::Rooted<JSObject*> scopeProto(cx);
     bool ok = JS_GetPrototype(cx, scope, &scopeProto);
     NS_ENSURE_TRUE(ok, nullptr);
     if (scopeProto && xpc::IsSandboxPrototypeProxy(scopeProto) &&
-        (scopeProto = js::CheckedUnwrap(scopeProto, /* stopAtOuter = */ false)))
+        (scopeProto = js::CheckedUnwrap(scopeProto, /* stopAtWindowProxy = */ false)))
     {
       global = xpc::NativeGlobal(scopeProto);
       NS_ENSURE_TRUE(global, nullptr);
     }
   }
 
   // The calling window must be holding a reference, so we can return a weak
   // pointer.
--- a/dom/bindings/BindingUtils.cpp
+++ b/dom/bindings/BindingUtils.cpp
@@ -992,17 +992,17 @@ QueryInterface(JSContext* cx, unsigned a
   JS::Rooted<JS::Value> thisv(cx, JS_THIS(cx, vp));
   if (thisv.isNull())
     return false;
 
   // Get the object. It might be a security wrapper, in which case we do a checked
   // unwrap.
   JS::Rooted<JSObject*> origObj(cx, &thisv.toObject());
   JS::Rooted<JSObject*> obj(cx, js::CheckedUnwrap(origObj,
-                                                  /* stopAtOuter = */ false));
+                                                  /* stopAtWindowProxy = */ false));
   if (!obj) {
       JS_ReportError(cx, "Permission denied to access object");
       return false;
   }
 
   // Switch this to UnwrapDOMObjectToISupports once our global objects are
   // using new bindings.
   nsCOMPtr<nsISupports> native;
@@ -2002,17 +2002,17 @@ ReparentWrapper(JSContext* aCx, JS::Hand
 GlobalObject::GlobalObject(JSContext* aCx, JSObject* aObject)
   : mGlobalJSObject(aCx),
     mCx(aCx),
     mGlobalObject(nullptr)
 {
   MOZ_ASSERT(mCx);
   JS::Rooted<JSObject*> obj(aCx, aObject);
   if (js::IsWrapper(obj)) {
-    obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+    obj = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     if (!obj) {
       // We should never end up here on a worker thread, since there shouldn't
       // be any security wrappers to worry about.
       if (!MOZ_LIKELY(NS_IsMainThread())) {
         MOZ_CRASH();
       }
 
       Throw(aCx, NS_ERROR_XPC_SECURITY_MANAGER_VETO);
@@ -2073,17 +2073,18 @@ GlobalObject::GetAsSupports() const
 bool
 InterfaceHasInstance(JSContext* cx, JS::Handle<JSObject*> obj,
                      JS::Handle<JSObject*> instance,
                      bool* bp)
 {
   const DOMIfaceAndProtoJSClass* clasp =
     DOMIfaceAndProtoJSClass::FromJSClass(js::GetObjectClass(obj));
 
-  const DOMJSClass* domClass = GetDOMClass(js::UncheckedUnwrap(instance, /* stopAtOuter = */ false));
+  const DOMJSClass* domClass =
+    GetDOMClass(js::UncheckedUnwrap(instance, /* stopAtWindowProxy = */ false));
 
   MOZ_ASSERT(!domClass || clasp->mPrototypeID != prototypes::id::_ID_Count,
              "Why do we have a hasInstance hook if we don't have a prototype "
              "ID?");
 
   if (domClass &&
       domClass->mInterfaceChain[clasp->mDepth] == clasp->mPrototypeID) {
     *bp = true;
@@ -2904,17 +2905,17 @@ template<decltype(JS::NewMapObject) Meth
 bool
 GetMaplikeSetlikeBackingObject(JSContext* aCx, JS::Handle<JSObject*> aObj,
                                size_t aSlotIndex,
                                JS::MutableHandle<JSObject*> aBackingObj,
                                bool* aBackingObjCreated)
 {
   JS::Rooted<JSObject*> reflector(aCx);
   reflector = IsDOMObject(aObj) ? aObj : js::UncheckedUnwrap(aObj,
-                                                             /* stopAtOuter = */ false);
+                                                             /* stopAtWindowProxy = */ false);
 
   // Retrieve the backing object from the reserved slot on the maplike/setlike
   // object. If it doesn't exist yet, create it.
   JS::Rooted<JS::Value> slotValue(aCx);
   slotValue = js::GetReservedSlot(reflector, aSlotIndex);
   if (slotValue.isUndefined()) {
     // Since backing object access can happen in non-originating compartments,
     // make sure to create the backing object in reflector compartment.
--- a/dom/bindings/BindingUtils.h
+++ b/dom/bindings/BindingUtils.h
@@ -217,17 +217,17 @@ UnwrapObject(JSObject* obj, U& value, pr
   const DOMJSClass* domClass = GetDOMClass(obj);
   if (!domClass) {
     /* Maybe we have a security wrapper or outer window? */
     if (!js::IsWrapper(obj)) {
       /* Not a DOM object, not a wrapper, just bail */
       return NS_ERROR_XPC_BAD_CONVERT_JS;
     }
 
-    obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+    obj = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     if (!obj) {
       return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
     }
     MOZ_ASSERT(!js::IsWrapper(obj));
     domClass = GetDOMClass(obj);
     if (!domClass) {
       /* We don't have a DOM object */
       return NS_ERROR_XPC_BAD_CONVERT_JS;
@@ -1084,17 +1084,17 @@ WrapNewBindingNonWrapperCachedObject(JSC
     // before we call JS_WrapValue.
     Maybe<JSAutoCompartment> ac;
     // Maybe<Handle> doesn't so much work, and in any case, adding
     // more Maybe (one for a Rooted and one for a Handle) adds more
     // code (and branches!) than just adding a single rooted.
     JS::Rooted<JSObject*> scope(cx, scopeArg);
     JS::Rooted<JSObject*> proto(cx, givenProto);
     if (js::IsWrapper(scope)) {
-      scope = js::CheckedUnwrap(scope, /* stopAtOuter = */ false);
+      scope = js::CheckedUnwrap(scope, /* stopAtWindowProxy = */ false);
       if (!scope)
         return false;
       ac.emplace(cx, scope);
       if (!JS_WrapObject(cx, &proto)) {
         return false;
       }
     }
 
@@ -1135,17 +1135,17 @@ WrapNewBindingNonWrapperCachedObject(JSC
     // before we call JS_WrapValue.
     Maybe<JSAutoCompartment> ac;
     // Maybe<Handle> doesn't so much work, and in any case, adding
     // more Maybe (one for a Rooted and one for a Handle) adds more
     // code (and branches!) than just adding a single rooted.
     JS::Rooted<JSObject*> scope(cx, scopeArg);
     JS::Rooted<JSObject*> proto(cx, givenProto);
     if (js::IsWrapper(scope)) {
-      scope = js::CheckedUnwrap(scope, /* stopAtOuter = */ false);
+      scope = js::CheckedUnwrap(scope, /* stopAtWindowProxy = */ false);
       if (!scope)
         return false;
       ac.emplace(cx, scope);
       if (!JS_WrapObject(cx, &proto)) {
         return false;
       }
     }
 
--- a/dom/bindings/CallbackObject.cpp
+++ b/dom/bindings/CallbackObject.cpp
@@ -232,17 +232,17 @@ CallbackObject::CallSetup::ShouldRethrow
   // Now we only want to throw an exception to the caller if the object that was
   // thrown is in the caller compartment (which we stored in mCompartment).
 
   if (!aException.isObject()) {
     return false;
   }
 
   JS::Rooted<JSObject*> obj(mCx, &aException.toObject());
-  obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
+  obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
   return js::GetObjectCompartment(obj) == mCompartment;
 }
 
 CallbackObject::CallSetup::~CallSetup()
 {
   // To get our nesting right we have to destroy our JSAutoCompartment first.
   // In particular, we want to do this before we try reporting any exceptions,
   // so we end up reporting them while in the compartment of our entry point,
--- a/dom/bindings/Codegen.py
+++ b/dom/bindings/Codegen.py
@@ -1856,35 +1856,35 @@ class CGClassHasInstanceHook(CGAbstractS
                     bool ok = InterfaceHasInstance(cx, obj, instance, bp);
                     if (!ok || *bp) {
                       return ok;
                     }
 
                     // FIXME Limit this to chrome by checking xpc::AccessCheck::isChrome(obj).
                     nsISupports* native =
                       nsContentUtils::XPConnect()->GetNativeOfWrapper(cx,
-                                                                      js::UncheckedUnwrap(instance, /* stopAtOuter = */ false));
+                                                                      js::UncheckedUnwrap(instance, /* stopAtWindowProxy = */ false));
                     nsCOMPtr<nsIDOM${name}> qiResult = do_QueryInterface(native);
                     *bp = !!qiResult;
                     return true;
                     """,
                     nativeType=self.descriptor.nativeType,
                     name=self.descriptor.interface.identifier.name))
 
         hasInstanceCode = dedent("""
 
-            const DOMJSClass* domClass = GetDOMClass(js::UncheckedUnwrap(instance, /* stopAtOuter = */ false));
+            const DOMJSClass* domClass = GetDOMClass(js::UncheckedUnwrap(instance, /* stopAtWindowProxy = */ false));
             *bp = false;
             if (!domClass) {
               // Not a DOM object, so certainly not an instance of this interface
               return true;
             }
             """)
         if self.descriptor.interface.identifier.name == "ChromeWindow":
-            setBp = "*bp = UnwrapDOMObject<nsGlobalWindow>(js::UncheckedUnwrap(instance, /* stopAtOuter = */ false))->IsChromeWindow()"
+            setBp = "*bp = UnwrapDOMObject<nsGlobalWindow>(js::UncheckedUnwrap(instance, /* stopAtWindowProxy = */ false))->IsChromeWindow()"
         else:
             setBp = "*bp = true"
         # Sort interaces implementing self by name so we get stable output.
         for iface in sorted(self.descriptor.interface.interfacesImplementingSelf,
                             key=lambda iface: iface.identifier.name):
             hasInstanceCode += fill(
                 """
 
@@ -8379,17 +8379,17 @@ class CGSpecializedGetter(CGAbstractStat
                                  self.attr.identifier.name))
             prefix = fill(
                 """
                 // Have to either root across the getter call or reget after.
                 JS::Rooted<JSObject*> reflector(cx);
                 // Safe to do an unchecked unwrap, since we've gotten this far.
                 // Also make sure to unwrap outer windows, since we want the
                 // real DOM object.
-                reflector = IsDOMObject(obj) ? obj : js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
+                reflector = IsDOMObject(obj) ? obj : js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
                 {
                   // Scope for cachedVal
                   JS::Value cachedVal = js::GetReservedSlot(reflector, ${slot});
                   if (!cachedVal.isUndefined()) {
                     args.rval().set(cachedVal);
                     // The cached value is in the compartment of reflector,
                     // so wrap into the caller compartment as needed.
                     return ${maybeWrap}(cx, args.rval());
@@ -15390,17 +15390,17 @@ class CGMaplikeOrSetlikeHelperFunctionGe
             JS::Rooted<JS::Value> v(cx);
             if(!ToJSValue(cx, self, &v)) {
               aRv.Throw(NS_ERROR_UNEXPECTED);
               return%s;
             }
             // This is a reflector, but due to trying to name things
             // similarly across method generators, it's called obj here.
             JS::Rooted<JSObject*> obj(cx);
-            obj = js::UncheckedUnwrap(&v.toObject(), /* stopAtOuter = */ false);
+            obj = js::UncheckedUnwrap(&v.toObject(), /* stopAtWindowProxy = */ false);
             JSAutoCompartment reflectorCompartment(cx, obj);
             """ % self.getDefaultRetval())
 
     def getArgs(self, returnType, argList):
         # We don't need the context or the value. We'll generate those instead.
         args = CGNativeMember.getArgs(self, returnType, argList)
         # Prepend a pointer to the binding object onto the arguments
         return [Argument(self.descriptorProvider.nativeType + "*", "self")] + args
--- a/js/ductwork/debugger/JSDebugger.cpp
+++ b/js/ductwork/debugger/JSDebugger.cpp
@@ -40,17 +40,17 @@ JSDebugger::AddClass(JS::Handle<JS::Valu
   nsresult rv;
   nsCOMPtr<nsIXPConnect> xpc = do_GetService(nsIXPConnect::GetCID(), &rv);
 
   if (!global.isObject()) {
     return NS_ERROR_INVALID_ARG;
   }
 
   JS::RootedObject obj(cx, &global.toObject());
-  obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
+  obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
   if (!obj) {
     return NS_ERROR_FAILURE;
   }
 
   JSAutoCompartment ac(cx, obj);
   if (JS_GetGlobalForObject(cx, obj) != obj) {
     return NS_ERROR_INVALID_ARG;
   }
--- a/js/src/jscompartment.cpp
+++ b/js/src/jscompartment.cpp
@@ -411,17 +411,17 @@ JSCompartment::wrap(JSContext* cx, Mutab
     // associated with the self-hosting global. We don't want to create
     // wrappers for objects in other runtimes, which may be the case for the
     // self-hosting global.
     MOZ_ASSERT(!cx->runtime()->isSelfHostingGlobal(global) &&
                !cx->runtime()->isSelfHostingGlobal(objGlobal));
 
     // Unwrap the object, but don't unwrap outer windows.
     RootedObject objectPassedToWrap(cx, obj);
-    obj.set(UncheckedUnwrap(obj, /* stopAtOuter = */ true));
+    obj.set(UncheckedUnwrap(obj, /* stopAtWindowProxy = */ true));
 
     if (obj->compartment() == this) {
         MOZ_ASSERT(!IsWindow(obj));
         return true;
     }
 
     // Translate StopIteration singleton.
     if (obj->is<StopIterationObject>()) {
--- a/js/src/jswrapper.h
+++ b/js/src/jswrapper.h
@@ -271,33 +271,33 @@ TransparentObjectWrapper(JSContext* cx, 
 
 inline bool
 IsWrapper(JSObject* obj)
 {
     return IsProxy(obj) && GetProxyHandler(obj)->family() == &Wrapper::family;
 }
 
 // Given a JSObject, returns that object stripped of wrappers. If
-// stopAtOuter is true, then this returns the outer window if it was
+// stopAtWindowProxy is true, then this returns the WindowProxy if it was
 // previously wrapped. Otherwise, this returns the first object for
 // which JSObject::isWrapper returns false.
 JS_FRIEND_API(JSObject*)
-UncheckedUnwrap(JSObject* obj, bool stopAtOuter = true, unsigned* flagsp = nullptr);
+UncheckedUnwrap(JSObject* obj, bool stopAtWindowProxy = true, unsigned* flagsp = nullptr);
 
 // Given a JSObject, returns that object stripped of wrappers. At each stage,
-// the security wrapper has the opportunity to veto the unwrap. Since checked
-// code should never be unwrapping outer window wrappers, we always stop at
-// outer windows.
+// the security wrapper has the opportunity to veto the unwrap. If
+// stopAtWindowProxy is true, then this returns the WindowProxy if it was
+// previously wrapped.
 JS_FRIEND_API(JSObject*)
-CheckedUnwrap(JSObject* obj, bool stopAtOuter = true);
+CheckedUnwrap(JSObject* obj, bool stopAtWindowProxy = true);
 
 // Unwrap only the outermost security wrapper, with the same semantics as
 // above. This is the checked version of Wrapper::wrappedObject.
 JS_FRIEND_API(JSObject*)
-UnwrapOneChecked(JSObject* obj, bool stopAtOuter = true);
+UnwrapOneChecked(JSObject* obj, bool stopAtWindowProxy = true);
 
 JS_FRIEND_API(bool)
 IsCrossCompartmentWrapper(JSObject* obj);
 
 void
 NukeCrossCompartmentWrapper(JSContext* cx, JSObject* wrapper);
 
 bool
--- a/js/src/proxy/Wrapper.cpp
+++ b/js/src/proxy/Wrapper.cpp
@@ -50,22 +50,22 @@ Wrapper::isConstructor(JSObject* obj) co
 {
     // For now, all wrappers are constructable if they are callable. We will want to eventually
     // decouple this behavior, but none of the Wrapper infrastructure is currently prepared for
     // that.
     return isCallable(obj);
 }
 
 JS_FRIEND_API(JSObject*)
-js::UncheckedUnwrap(JSObject* wrapped, bool stopAtOuter, unsigned* flagsp)
+js::UncheckedUnwrap(JSObject* wrapped, bool stopAtWindowProxy, unsigned* flagsp)
 {
     unsigned flags = 0;
     while (true) {
         if (!wrapped->is<WrapperObject>() ||
-            MOZ_UNLIKELY(stopAtOuter && wrapped->getClass()->ext.innerObject))
+            MOZ_UNLIKELY(stopAtWindowProxy && wrapped->getClass()->ext.innerObject))
         {
             break;
         }
         flags |= Wrapper::wrapperHandler(wrapped)->flags();
         wrapped = wrapped->as<ProxyObject>().private_().toObjectOrNull();
 
         // This can be called from DirectProxyHandler::weakmapKeyDelegate() on a
         // wrapper whose referent has been moved while it is still unmarked.
@@ -73,31 +73,31 @@ js::UncheckedUnwrap(JSObject* wrapped, b
             wrapped = MaybeForwarded(wrapped);
     }
     if (flagsp)
         *flagsp = flags;
     return wrapped;
 }
 
 JS_FRIEND_API(JSObject*)
-js::CheckedUnwrap(JSObject* obj, bool stopAtOuter)
+js::CheckedUnwrap(JSObject* obj, bool stopAtWindowProxy)
 {
     while (true) {
         JSObject* wrapper = obj;
-        obj = UnwrapOneChecked(obj, stopAtOuter);
+        obj = UnwrapOneChecked(obj, stopAtWindowProxy);
         if (!obj || obj == wrapper)
             return obj;
     }
 }
 
 JS_FRIEND_API(JSObject*)
-js::UnwrapOneChecked(JSObject* obj, bool stopAtOuter)
+js::UnwrapOneChecked(JSObject* obj, bool stopAtWindowProxy)
 {
     if (!obj->is<WrapperObject>() ||
-        MOZ_UNLIKELY(!!obj->getClass()->ext.innerObject && stopAtOuter))
+        MOZ_UNLIKELY(!!obj->getClass()->ext.innerObject && stopAtWindowProxy))
     {
         return obj;
     }
 
     const Wrapper* handler = Wrapper::wrapperHandler(obj);
     return handler->hasSecurityPolicy() ? nullptr : Wrapper::wrappedObject(obj);
 }
 
--- a/js/xpconnect/src/ExportHelpers.cpp
+++ b/js/xpconnect/src/ExportHelpers.cpp
@@ -26,17 +26,17 @@ using namespace mozilla::dom;
 using namespace JS;
 using namespace js;
 
 namespace xpc {
 
 bool
 IsReflector(JSObject* obj)
 {
-    obj = CheckedUnwrap(obj, /* stopAtOuter = */ false);
+    obj = CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     if (!obj)
         return false;
     return IS_WN_REFLECTOR(obj) || dom::IsDOMObject(obj);
 }
 
 enum StackScopedCloneTags {
     SCTAG_BASE = JS_SCTAG_USER_MIN,
     SCTAG_REFLECTOR,
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -505,17 +505,17 @@ sandbox_addProperty(JSContext* cx, Handl
 
     AutoSkipPropertyMirroring askip(priv);
 
     RootedObject proto(cx);
     if (!JS_GetPrototype(cx, obj, &proto))
         return false;
 
     // After bug 1015790 is fixed, we should be able to remove this unwrapping.
-    RootedObject unwrappedProto(cx, js::UncheckedUnwrap(proto, /* stopAtOuter = */ false));
+    RootedObject unwrappedProto(cx, js::UncheckedUnwrap(proto, /* stopAtWindowProxy = */ false));
 
     Rooted<JSPropertyDescriptor> pd(cx);
     if (!JS_GetPropertyDescriptorById(cx, proto, id, &pd))
         return false;
 
     // This is a little icky. If the property exists and is not configurable,
     // then JS_CopyPropertyFrom will throw an exception when we try to do a
     // normal assignment since it will think we're trying to remove the
--- a/js/xpconnect/src/XPCCallContext.cpp
+++ b/js/xpconnect/src/XPCCallContext.cpp
@@ -52,17 +52,17 @@ XPCCallContext::XPCCallContext(XPCContex
         return;
 
     mMethodIndex = 0xDEAD;
 
     mState = HAVE_OBJECT;
 
     mTearOff = nullptr;
 
-    JSObject* unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+    JSObject* unwrapped = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     if (!unwrapped) {
         JS_ReportError(mJSContext, "Permission denied to call method on |this|");
         mState = INIT_FAILED;
         return;
     }
     const js::Class* clasp = js::GetObjectClass(unwrapped);
     if (IS_WN_CLASS(clasp)) {
         mWrapper = XPCWrappedNative::Get(unwrapped);
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@@ -2762,17 +2762,17 @@ NS_IMETHODIMP
 nsXPCComponents_Utils::IsProxy(HandleValue vobj, JSContext* cx, bool* rval)
 {
     if (!vobj.isObject()) {
         *rval = false;
         return NS_OK;
     }
 
     RootedObject obj(cx, &vobj.toObject());
-    obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+    obj = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     NS_ENSURE_TRUE(obj, NS_ERROR_FAILURE);
 
     *rval = js::IsScriptedProxy(obj);
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsXPCComponents_Utils::ExportFunction(HandleValue vfunction, HandleValue vscope,
@@ -3040,33 +3040,33 @@ nsXPCComponents_Utils::NukeSandbox(Handl
 }
 
 NS_IMETHODIMP
 nsXPCComponents_Utils::BlockScriptForGlobal(HandleValue globalArg,
                                             JSContext* cx)
 {
     NS_ENSURE_TRUE(globalArg.isObject(), NS_ERROR_INVALID_ARG);
     RootedObject global(cx, UncheckedUnwrap(&globalArg.toObject(),
-                                            /* stopAtOuter = */ false));
+                                            /* stopAtWindowProxy = */ false));
     NS_ENSURE_TRUE(JS_IsGlobalObject(global), NS_ERROR_INVALID_ARG);
     if (nsContentUtils::IsSystemPrincipal(xpc::GetObjectPrincipal(global))) {
         JS_ReportError(cx, "Script may not be disabled for system globals");
         return NS_ERROR_FAILURE;
     }
     Scriptability::Get(global).Block();
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsXPCComponents_Utils::UnblockScriptForGlobal(HandleValue globalArg,
                                               JSContext* cx)
 {
     NS_ENSURE_TRUE(globalArg.isObject(), NS_ERROR_INVALID_ARG);
     RootedObject global(cx, UncheckedUnwrap(&globalArg.toObject(),
-                                            /* stopAtOuter = */ false));
+                                            /* stopAtWindowProxy = */ false));
     NS_ENSURE_TRUE(JS_IsGlobalObject(global), NS_ERROR_INVALID_ARG);
     if (nsContentUtils::IsSystemPrincipal(xpc::GetObjectPrincipal(global))) {
         JS_ReportError(cx, "Script may not be disabled for system globals");
         return NS_ERROR_FAILURE;
     }
     Scriptability::Get(global).Unblock();
     return NS_OK;
 }
@@ -3106,17 +3106,17 @@ nsXPCComponents_Utils::UnwaiveXrays(Hand
 
 NS_IMETHODIMP
 nsXPCComponents_Utils::GetClassName(HandleValue aObj, bool aUnwrap, JSContext* aCx, char** aRv)
 {
     if (!aObj.isObject())
         return NS_ERROR_INVALID_ARG;
     RootedObject obj(aCx, &aObj.toObject());
     if (aUnwrap)
-        obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
+        obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     *aRv = NS_strdup(js::GetObjectClass(obj)->name);
     NS_ENSURE_TRUE(*aRv, NS_ERROR_OUT_OF_MEMORY);
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsXPCComponents_Utils::GetDOMClassInfo(const nsAString& aClassName,
                                        nsIClassInfo** aClassInfo)
--- a/js/xpconnect/src/XPCConvert.cpp
+++ b/js/xpconnect/src/XPCConvert.cpp
@@ -899,17 +899,17 @@ XPCConvert::JSObject2NativeInterface(voi
         // If we're looking at a security wrapper, see now if we're allowed to
         // pass it to C++. If we are, then fall through to the code below. If
         // we aren't, throw an exception eagerly.
         //
         // NB: It's very important that we _don't_ unwrap in the aOuter case,
         // because the caller may explicitly want to create the XPCWrappedJS
         // around a security wrapper. XBL does this with Xrays from the XBL
         // scope - see nsBindingManager::GetBindingImplementation.
-        JSObject* inner = js::CheckedUnwrap(src, /* stopAtOuter = */ false);
+        JSObject* inner = js::CheckedUnwrap(src, /* stopAtWindowProxy = */ false);
         if (!inner) {
             if (pErr)
                 *pErr = NS_ERROR_XPC_SECURITY_MANAGER_VETO;
             return false;
         }
 
         // Is this really a native xpcom object with a wrapper?
         XPCWrappedNative* wrappedNative = nullptr;
@@ -1032,17 +1032,17 @@ XPCConvert::JSValToXPCException(MutableH
         RootedObject obj(cx, s.toObjectOrNull());
 
         if (!obj) {
             NS_ERROR("when is an object not an object?");
             return NS_ERROR_FAILURE;
         }
 
         // is this really a native xpcom object with a wrapper?
-        JSObject* unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+        JSObject* unwrapped = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
         if (!unwrapped)
             return NS_ERROR_XPC_SECURITY_MANAGER_VETO;
         XPCWrappedNative* wrapper = IS_WN_REFLECTOR(unwrapped) ? XPCWrappedNative::Get(unwrapped)
                                                                : nullptr;
         if (wrapper) {
             nsISupports* supports = wrapper->GetIdentityObject();
             nsCOMPtr<nsIException> iface = do_QueryInterface(supports);
             if (iface) {
--- a/js/xpconnect/src/XPCJSID.cpp
+++ b/js/xpconnect/src/XPCJSID.cpp
@@ -458,17 +458,17 @@ static JSObject*
 FindObjectForHasInstance(JSContext* cx, HandleObject objArg)
 {
     RootedObject obj(cx, objArg), proto(cx);
 
     while (obj && !IS_WN_REFLECTOR(obj) &&
            !IsDOMObject(obj) && !mozilla::jsipc::IsCPOW(obj))
     {
         if (js::IsWrapper(obj)) {
-            obj = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+            obj = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
             continue;
         }
         if (!js::GetObjectProto(cx, obj, &proto))
             return nullptr;
         obj = proto;
     }
     return obj;
 }
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -545,17 +545,17 @@ AddonWindowOrNull(JSObject* aObj)
     JSObject* global = js::GetGlobalForObjectCrossCompartment(aObj);
     JSObject* proto = js::GetPrototypeNoProxy(global);
 
     // Addons could theoretically change the prototype of the addon scope, but
     // we pretty much just want to crash if that happens so that we find out
     // about it and get them to change their code.
     MOZ_RELEASE_ASSERT(js::IsCrossCompartmentWrapper(proto) ||
                        xpc::IsSandboxPrototypeProxy(proto));
-    JSObject* mainGlobal = js::UncheckedUnwrap(proto, /* stopAtOuter = */ false);
+    JSObject* mainGlobal = js::UncheckedUnwrap(proto, /* stopAtWindowProxy = */ false);
     MOZ_RELEASE_ASSERT(JS_IsGlobalObject(mainGlobal));
 
     return WindowOrNull(mainGlobal);
 }
 
 nsGlobalWindow*
 CurrentWindowOrNull(JSContext* cx)
 {
@@ -1428,17 +1428,17 @@ XPCJSRuntime::InterruptCallback(JSContex
     if (!win && IsSandbox(global)) {
         // If this is a sandbox associated with a DOMWindow via a
         // sandboxPrototype, use that DOMWindow. This supports GreaseMonkey
         // and JetPack content scripts.
         JS::Rooted<JSObject*> proto(cx);
         if (!JS_GetPrototype(cx, global, &proto))
             return false;
         if (proto && IsSandboxPrototypeProxy(proto) &&
-            (proto = js::CheckedUnwrap(proto, /* stopAtOuter = */ false)))
+            (proto = js::CheckedUnwrap(proto, /* stopAtWindowProxy = */ false)))
         {
             win = WindowGlobalOrNull(proto);
         }
     }
 
     if (!win) {
         NS_WARNING("No active window");
         return true;
--- a/js/xpconnect/src/XPCVariant.cpp
+++ b/js/xpconnect/src/XPCVariant.cpp
@@ -40,17 +40,17 @@ XPCVariant::XPCVariant(JSContext* cx, Va
         // some later point after teardown, which would crash. This is shouldn't
         // be a problem anymore because SetParentToWindow will do the right
         // thing, but I'm saving the cleanup here for another day. Blake thinks
         // that we should just not store the WN if we're creating a variant for
         // an outer window.
         JSObject* obj = js::ToWindowIfWindowProxy(&mJSVal.toObject());
         mJSVal = JS::ObjectValue(*obj);
 
-        JSObject* unwrapped = js::CheckedUnwrap(obj, /* stopAtOuter = */ false);
+        JSObject* unwrapped = js::CheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
         mReturnRawObject = !(unwrapped && IS_WN_REFLECTOR(unwrapped));
     } else
         mReturnRawObject = false;
 }
 
 XPCTraceableVariant::~XPCTraceableVariant()
 {
     Value val = GetJSValPreserveColor();
--- a/js/xpconnect/src/nsXPConnect.cpp
+++ b/js/xpconnect/src/nsXPConnect.cpp
@@ -618,32 +618,32 @@ nsXPConnect::GetWrappedNativeOfJSObject(
                                         JSObject * aJSObjArg,
                                         nsIXPConnectWrappedNative** _retval)
 {
     MOZ_ASSERT(aJSContext, "bad param");
     MOZ_ASSERT(aJSObjArg, "bad param");
     MOZ_ASSERT(_retval, "bad param");
 
     RootedObject aJSObj(aJSContext, aJSObjArg);
-    aJSObj = js::CheckedUnwrap(aJSObj, /* stopAtOuter = */ false);
+    aJSObj = js::CheckedUnwrap(aJSObj, /* stopAtWindowProxy = */ false);
     if (!aJSObj || !IS_WN_REFLECTOR(aJSObj)) {
         *_retval = nullptr;
         return NS_ERROR_FAILURE;
     }
 
     RefPtr<XPCWrappedNative> temp = XPCWrappedNative::Get(aJSObj);
     temp.forget(_retval);
     return NS_OK;
 }
 
 nsISupports*
 xpc::UnwrapReflectorToISupports(JSObject* reflector)
 {
     // Unwrap security wrappers, if allowed.
-    reflector = js::CheckedUnwrap(reflector, /* stopAtOuter = */ false);
+    reflector = js::CheckedUnwrap(reflector, /* stopAtWindowProxy = */ false);
     if (!reflector)
         return nullptr;
 
     // Try XPCWrappedNatives.
     if (IS_WN_REFLECTOR(reflector)) {
         XPCWrappedNative* wn = XPCWrappedNative::Get(reflector);
         if (!wn)
             return nullptr;
--- a/js/xpconnect/wrappers/AccessCheck.cpp
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@@ -137,17 +137,17 @@ IsFrameId(JSContext* cx, JSObject* obj, 
     }
 
     return domwin != nullptr;
 }
 
 CrossOriginObjectType
 IdentifyCrossOriginObject(JSObject* obj)
 {
-    obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
+    obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     const js::Class* clasp = js::GetObjectClass(obj);
     MOZ_ASSERT(!XrayUtils::IsXPCWNHolderClass(Jsvalify(clasp)), "shouldn't have a holder here");
 
     if (clasp->name[0] == 'L' && !strcmp(clasp->name, "Location"))
         return CrossOriginLocation;
     if (clasp->name[0] == 'W' && !strcmp(clasp->name, "Window"))
         return CrossOriginWindow;
 
@@ -166,17 +166,17 @@ AccessCheck::isCrossOriginAccessPermitte
 
     // For the case of getting a property descriptor, we allow if either GET or SET
     // is allowed, and rely on FilteringWrapper to filter out any disallowed accessors.
     if (act == Wrapper::GET_PROPERTY_DESCRIPTOR) {
         return isCrossOriginAccessPermitted(cx, wrapper, id, Wrapper::GET) ||
                isCrossOriginAccessPermitted(cx, wrapper, id, Wrapper::SET);
     }
 
-    RootedObject obj(cx, js::UncheckedUnwrap(wrapper, /* stopAtOuter = */ false));
+    RootedObject obj(cx, js::UncheckedUnwrap(wrapper, /* stopAtWindowProxy = */ false));
     CrossOriginObjectType type = IdentifyCrossOriginObject(obj);
     if (JSID_IS_STRING(id)) {
         if (IsPermitted(type, JSID_TO_FLAT_STRING(id), act == Wrapper::SET))
             return true;
     }
 
     if (act != Wrapper::GET)
         return false;
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -119,17 +119,17 @@ WrapperFactory::AllowWaiver(JSObject* wr
     return AllowWaiver(js::GetObjectCompartment(wrapper),
                        js::GetObjectCompartment(js::UncheckedUnwrap(wrapper)));
 }
 
 inline bool
 ShouldWaiveXray(JSContext* cx, JSObject* originalObj)
 {
     unsigned flags;
-    (void) js::UncheckedUnwrap(originalObj, /* stopAtOuter = */ true, &flags);
+    (void) js::UncheckedUnwrap(originalObj, /* stopAtWindowProxy = */ true, &flags);
 
     // If the original object did not point through an Xray waiver, we're done.
     if (!(flags & WrapperFactory::WAIVE_XRAY_WRAPPER_FLAG))
         return false;
 
     // If the original object was not a cross-compartment wrapper, that means
     // that the caller explicitly created a waiver. Preserve it so that things
     // like WaiveXrayAndWrap work.
--- a/js/xpconnect/wrappers/XrayWrapper.cpp
+++ b/js/xpconnect/wrappers/XrayWrapper.cpp
@@ -89,17 +89,17 @@ IsJSXraySupported(JSProtoKey key)
       default:
         return false;
     }
 }
 
 XrayType
 GetXrayType(JSObject* obj)
 {
-    obj = js::UncheckedUnwrap(obj, /* stopAtOuter = */ false);
+    obj = js::UncheckedUnwrap(obj, /* stopAtWindowProxy = */ false);
     if (mozilla::dom::UseDOMXray(obj))
         return XrayForDOMObject;
 
     const js::Class* clasp = js::GetObjectClass(obj);
     if (IS_WN_CLASS(clasp) || clasp->ext.innerObject)
         return XrayForWrappedNative;
 
     JSProtoKey standardProto = IdentifyStandardInstanceOrPrototype(obj);
--- a/js/xpconnect/wrappers/XrayWrapper.h
+++ b/js/xpconnect/wrappers/XrayWrapper.h
@@ -59,17 +59,17 @@ enum XrayType {
 };
 
 class XrayTraits
 {
 public:
     XrayTraits() {}
 
     static JSObject* getTargetObject(JSObject* wrapper) {
-        return js::UncheckedUnwrap(wrapper, /* stopAtOuter = */ false);
+        return js::UncheckedUnwrap(wrapper, /* stopAtWindowProxy = */ false);
     }
 
     virtual bool resolveNativeProperty(JSContext* cx, JS::HandleObject wrapper,
                                        JS::HandleObject holder, JS::HandleId id,
                                        JS::MutableHandle<JSPropertyDescriptor> desc) = 0;
     // NB: resolveOwnProperty may decide whether or not to cache what it finds
     // on the holder. If the result is not cached, the lookup will happen afresh
     // for each access, which is the right thing for things like dynamic NodeList