mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-10-24 01:53:20 +00:00

Our currently implementation of structured serialization has a design flaw, where if the serialized/transferred type was not used in the destination realm, it would not be seen as exposed and thus we would not re-create the type on the other side. This is very common, for example, transferring a MessagePort to a just inserted iframe, or the just inserted iframe transferring a MessagePort to it's parent. This is what Google reCAPTCHA does. This flaw occurred due to relying on lazily populated HashMaps of constructors, namespaces and interfaces. This commit changes it so that per-type "is exposed" implementations are generated. Since it no longer relies on interface name strings, this commit changes serializable types to indicate their type with an enum, in line with how transferrable types indicate their type. This makes Google reCAPTCHA work on https://www.google.com/recaptcha/api2/demo It currently doesn't work on non-Google origins due to a separate same-origin policy bug.
1567 lines
77 KiB
C++
1567 lines
77 KiB
C++
/*
|
|
* Copyright (c) 2022, Daniel Ehrenberg <dan@littledan.dev>
|
|
* Copyright (c) 2022, Andrew Kaster <akaster@serenityos.org>
|
|
* Copyright (c) 2023-2024, Kenneth Myhra <kennethmyhra@serenityos.org>
|
|
* Copyright (c) 2023, Idan Horowitz <idan.horowitz@serenityos.org>
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#include <AK/StdLibExtras.h>
|
|
#include <AK/String.h>
|
|
#include <AK/Vector.h>
|
|
#include <LibIPC/Decoder.h>
|
|
#include <LibIPC/Encoder.h>
|
|
#include <LibIPC/File.h>
|
|
#include <LibJS/Forward.h>
|
|
#include <LibJS/Runtime/Array.h>
|
|
#include <LibJS/Runtime/ArrayBuffer.h>
|
|
#include <LibJS/Runtime/ArrayBufferConstructor.h>
|
|
#include <LibJS/Runtime/BigInt.h>
|
|
#include <LibJS/Runtime/BigIntObject.h>
|
|
#include <LibJS/Runtime/BooleanObject.h>
|
|
#include <LibJS/Runtime/DataView.h>
|
|
#include <LibJS/Runtime/Date.h>
|
|
#include <LibJS/Runtime/Map.h>
|
|
#include <LibJS/Runtime/NumberObject.h>
|
|
#include <LibJS/Runtime/PrimitiveString.h>
|
|
#include <LibJS/Runtime/RegExpObject.h>
|
|
#include <LibJS/Runtime/Set.h>
|
|
#include <LibJS/Runtime/SharedArrayBufferConstructor.h>
|
|
#include <LibJS/Runtime/StringObject.h>
|
|
#include <LibJS/Runtime/TypedArray.h>
|
|
#include <LibJS/Runtime/VM.h>
|
|
#include <LibWeb/Bindings/DOMExceptionPrototype.h>
|
|
#include <LibWeb/Bindings/DOMMatrixPrototype.h>
|
|
#include <LibWeb/Bindings/DOMMatrixReadOnlyPrototype.h>
|
|
#include <LibWeb/Bindings/DOMPointPrototype.h>
|
|
#include <LibWeb/Bindings/DOMPointReadOnlyPrototype.h>
|
|
#include <LibWeb/Bindings/DOMQuadPrototype.h>
|
|
#include <LibWeb/Bindings/DOMRectPrototype.h>
|
|
#include <LibWeb/Bindings/DOMRectReadOnlyPrototype.h>
|
|
#include <LibWeb/Bindings/ExceptionOrUtils.h>
|
|
#include <LibWeb/Bindings/FileListPrototype.h>
|
|
#include <LibWeb/Bindings/FilePrototype.h>
|
|
#include <LibWeb/Bindings/ImageBitmapPrototype.h>
|
|
#include <LibWeb/Bindings/Intrinsics.h>
|
|
#include <LibWeb/Bindings/MessagePortPrototype.h>
|
|
#include <LibWeb/Bindings/ReadableStreamPrototype.h>
|
|
#include <LibWeb/Bindings/Serializable.h>
|
|
#include <LibWeb/Bindings/Transferable.h>
|
|
#include <LibWeb/Bindings/TransformStreamPrototype.h>
|
|
#include <LibWeb/Bindings/WritableStreamPrototype.h>
|
|
#include <LibWeb/Crypto/CryptoKey.h>
|
|
#include <LibWeb/FileAPI/Blob.h>
|
|
#include <LibWeb/FileAPI/File.h>
|
|
#include <LibWeb/FileAPI/FileList.h>
|
|
#include <LibWeb/Geometry/DOMMatrix.h>
|
|
#include <LibWeb/Geometry/DOMMatrixReadOnly.h>
|
|
#include <LibWeb/Geometry/DOMPoint.h>
|
|
#include <LibWeb/Geometry/DOMPointReadOnly.h>
|
|
#include <LibWeb/Geometry/DOMQuad.h>
|
|
#include <LibWeb/Geometry/DOMRect.h>
|
|
#include <LibWeb/Geometry/DOMRectReadOnly.h>
|
|
#include <LibWeb/HTML/ImageBitmap.h>
|
|
#include <LibWeb/HTML/ImageData.h>
|
|
#include <LibWeb/HTML/MessagePort.h>
|
|
#include <LibWeb/HTML/StructuredSerialize.h>
|
|
#include <LibWeb/Streams/ReadableStream.h>
|
|
#include <LibWeb/Streams/TransformStream.h>
|
|
#include <LibWeb/Streams/WritableStream.h>
|
|
#include <LibWeb/WebIDL/DOMException.h>
|
|
#include <LibWeb/WebIDL/ExceptionOr.h>
|
|
|
|
namespace Web::HTML {
|
|
|
|
// Binary format:
|
|
// A list of adjacent shallow values, which may contain references to other
|
|
// values (noted by their position in the list, one value following another).
|
|
// This list represents the "memory" in the StructuredSerialize algorithm.
|
|
// The first item in the list is the root, i.e., the value of everything.
|
|
// The format is generally u32-aligned (hence this leaking out into the type)
|
|
// Each value has a length based on its type, as defined below.
|
|
//
|
|
// (Should more redundancy be added, e.g., for lengths/positions of values?)
|
|
|
|
enum ValueTag {
|
|
// Unused, for ease of catching bugs.
|
|
Empty,
|
|
|
|
// UndefinedPrimitive is serialized indicating that the Type is Undefined, no value is serialized.
|
|
UndefinedPrimitive,
|
|
|
|
// NullPrimitive is serialized indicating that the Type is Null, no value is serialized.
|
|
NullPrimitive,
|
|
|
|
// Following u32 is the boolean value.
|
|
BooleanPrimitive,
|
|
|
|
// Following two u32s are the double value.
|
|
NumberPrimitive,
|
|
|
|
// The BigIntPrimitive is serialized as a string in base 10 representation.
|
|
// Following two u32s representing the length of the string, then the following u32s, equal to size, is the string representation.
|
|
BigIntPrimitive,
|
|
|
|
// Following two u32s representing the length of the string, then the following u32s, equal to size, is the string representation.
|
|
StringPrimitive,
|
|
|
|
BooleanObject,
|
|
|
|
NumberObject,
|
|
|
|
BigIntObject,
|
|
|
|
StringObject,
|
|
|
|
DateObject,
|
|
|
|
RegExpObject,
|
|
|
|
GrowableSharedArrayBuffer,
|
|
|
|
SharedArrayBuffer,
|
|
|
|
ResizeableArrayBuffer,
|
|
|
|
ArrayBuffer,
|
|
|
|
ArrayBufferView,
|
|
|
|
MapObject,
|
|
|
|
SetObject,
|
|
|
|
ErrorObject,
|
|
|
|
ArrayObject,
|
|
|
|
Object,
|
|
|
|
ObjectReference,
|
|
|
|
SerializableObject,
|
|
|
|
// TODO: Define many more types
|
|
|
|
// This tag or higher are understood to be errors
|
|
ValueTagMax,
|
|
};
|
|
|
|
enum ErrorType {
|
|
Error,
|
|
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, ArrayType) \
|
|
ClassName,
|
|
JS_ENUMERATE_NATIVE_ERRORS
|
|
#undef __JS_ENUMERATE
|
|
};
|
|
|
|
static ErrorType error_name_to_type(String const& name)
|
|
{
|
|
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, ArrayType) \
|
|
if (name == #ClassName##sv) \
|
|
return ErrorType::ClassName;
|
|
JS_ENUMERATE_NATIVE_ERRORS
|
|
#undef __JS_ENUMERATE
|
|
return Error;
|
|
}
|
|
|
|
// Serializing and deserializing are each two passes:
|
|
// 1. Fill up the memory with all the values, but without translating references
|
|
// 2. Translate all the references into the appropriate form
|
|
|
|
class Serializer {
|
|
public:
|
|
Serializer(JS::VM& vm, SerializationMemory& memory, bool for_storage)
|
|
: m_vm(vm)
|
|
, m_memory(memory)
|
|
, m_next_id(memory.size())
|
|
, m_for_storage(for_storage)
|
|
{
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializeinternal
|
|
// https://whatpr.org/html/9893/structured-data.html#structuredserializeinternal
|
|
WebIDL::ExceptionOr<SerializationRecord> serialize(JS::Value value)
|
|
{
|
|
// 2. If memory[value] exists, then return memory[value].
|
|
if (m_memory.contains(value)) {
|
|
auto index = m_memory.get(value).value();
|
|
return Vector<u32> { ValueTag::ObjectReference, index };
|
|
}
|
|
|
|
// 3. Let deep be false.
|
|
auto deep = false;
|
|
|
|
bool return_primitive_type = true;
|
|
// 4. If value is undefined, null, a Boolean, a Number, a BigInt, or a String, then return { [[Type]]: "primitive", [[Value]]: value }.
|
|
if (value.is_undefined()) {
|
|
serialize_enum(m_serialized, ValueTag::UndefinedPrimitive);
|
|
} else if (value.is_null()) {
|
|
serialize_enum(m_serialized, ValueTag::NullPrimitive);
|
|
} else if (value.is_boolean()) {
|
|
serialize_enum(m_serialized, ValueTag::BooleanPrimitive);
|
|
serialize_boolean_primitive(m_serialized, value);
|
|
} else if (value.is_number()) {
|
|
serialize_enum(m_serialized, ValueTag::NumberPrimitive);
|
|
serialize_number_primitive(m_serialized, value);
|
|
} else if (value.is_bigint()) {
|
|
serialize_enum(m_serialized, ValueTag::BigIntPrimitive);
|
|
TRY(serialize_big_int_primitive(m_vm, m_serialized, value));
|
|
} else if (value.is_string()) {
|
|
serialize_enum(m_serialized, ValueTag::StringPrimitive);
|
|
TRY(serialize_string_primitive(m_vm, m_serialized, value));
|
|
} else {
|
|
return_primitive_type = false;
|
|
}
|
|
|
|
if (return_primitive_type)
|
|
return m_serialized;
|
|
|
|
// 5. If value is a Symbol, then throw a "DataCloneError" DOMException.
|
|
if (value.is_symbol())
|
|
return WebIDL::DataCloneError::create(*m_vm.current_realm(), "Cannot serialize Symbol"_string);
|
|
|
|
// 6. Let serialized be an uninitialized value.
|
|
|
|
// 7. If value has a [[BooleanData]] internal slot, then set serialized to { [[Type]]: "Boolean", [[BooleanData]]: value.[[BooleanData]] }.
|
|
if (value.is_object() && is<JS::BooleanObject>(value.as_object())) {
|
|
serialize_enum(m_serialized, ValueTag::BooleanObject);
|
|
serialize_boolean_object(m_serialized, value);
|
|
}
|
|
|
|
// 8. Otherwise, if value has a [[NumberData]] internal slot, then set serialized to { [[Type]]: "Number", [[NumberData]]: value.[[NumberData]] }.
|
|
else if (value.is_object() && is<JS::NumberObject>(value.as_object())) {
|
|
serialize_enum(m_serialized, ValueTag::NumberObject);
|
|
serialize_number_object(m_serialized, value);
|
|
}
|
|
|
|
// 9. Otherwise, if value has a [[BigIntData]] internal slot, then set serialized to { [[Type]]: "BigInt", [[BigIntData]]: value.[[BigIntData]] }.
|
|
else if (value.is_object() && is<JS::BigIntObject>(value.as_object())) {
|
|
serialize_enum(m_serialized, ValueTag::BigIntObject);
|
|
TRY(serialize_big_int_object(m_vm, m_serialized, value));
|
|
}
|
|
|
|
// 10. Otherwise, if value has a [[StringData]] internal slot, then set serialized to { [[Type]]: "String", [[StringData]]: value.[[StringData]] }.
|
|
else if (value.is_object() && is<JS::StringObject>(value.as_object())) {
|
|
serialize_enum(m_serialized, ValueTag::StringObject);
|
|
TRY(serialize_string_object(m_vm, m_serialized, value));
|
|
}
|
|
|
|
// 11. Otherwise, if value has a [[DateValue]] internal slot, then set serialized to { [[Type]]: "Date", [[DateValue]]: value.[[DateValue]] }.
|
|
else if (value.is_object() && is<JS::Date>(value.as_object())) {
|
|
serialize_enum(m_serialized, ValueTag::DateObject);
|
|
serialize_date_object(m_serialized, value);
|
|
}
|
|
|
|
// 12. Otherwise, if value has a [[RegExpMatcher]] internal slot, then set serialized to
|
|
// { [[Type]]: "RegExp", [[RegExpMatcher]]: value.[[RegExpMatcher]], [[OriginalSource]]: value.[[OriginalSource]],
|
|
// [[OriginalFlags]]: value.[[OriginalFlags]] }.
|
|
else if (value.is_object() && is<JS::RegExpObject>(value.as_object())) {
|
|
serialize_enum(m_serialized, ValueTag::RegExpObject);
|
|
TRY(serialize_reg_exp_object(m_vm, m_serialized, value));
|
|
}
|
|
|
|
// 13. Otherwise, if value has an [[ArrayBufferData]] internal slot, then:
|
|
else if (value.is_object() && is<JS::ArrayBuffer>(value.as_object())) {
|
|
TRY(serialize_array_buffer(m_vm, m_serialized, static_cast<JS::ArrayBuffer&>(value.as_object()), m_for_storage));
|
|
}
|
|
|
|
// 14. Otherwise, if value has a [[ViewedArrayBuffer]] internal slot, then:
|
|
else if (value.is_object() && is<JS::TypedArrayBase>(value.as_object())) {
|
|
TRY(serialize_viewed_array_buffer(m_vm, m_serialized, static_cast<JS::TypedArrayBase&>(value.as_object()), m_for_storage, m_memory));
|
|
} else if (value.is_object() && is<JS::DataView>(value.as_object())) {
|
|
TRY(serialize_viewed_array_buffer(m_vm, m_serialized, static_cast<JS::DataView&>(value.as_object()), m_for_storage, m_memory));
|
|
}
|
|
|
|
// 15. Otherwise, if value has a [[MapData]] internal slot, then:
|
|
else if (value.is_object() && is<JS::Map>(value.as_object())) {
|
|
// 1. Set serialized to { [[Type]]: "Map", [[MapData]]: a new empty List }.
|
|
serialize_enum(m_serialized, ValueTag::MapObject);
|
|
// 2. Set deep to true.
|
|
deep = true;
|
|
}
|
|
|
|
// 16. Otherwise, if value has a [[SetData]] internal slot, then:
|
|
else if (value.is_object() && is<JS::Set>(value.as_object())) {
|
|
// 1. Set serialized to { [[Type]]: "Set", [[SetData]]: a new empty List }.
|
|
serialize_enum(m_serialized, ValueTag::SetObject);
|
|
// 2. Set deep to true.
|
|
deep = true;
|
|
}
|
|
|
|
// 17. Otherwise, if value has an [[ErrorData]] internal slot and value is not a platform object, then:
|
|
else if (value.is_object() && is<JS::Error>(value.as_object()) && !is<Bindings::PlatformObject>(value.as_object())) {
|
|
// 1. Let name be ? Get(value, "name").
|
|
auto name_property = TRY(value.as_object().get(m_vm.names.name));
|
|
|
|
// FIXME: Spec bug - https://github.com/whatwg/html/issues/9923
|
|
// MISSING STEP: Set name to ? ToString(name).
|
|
auto name = TRY(name_property.to_string(m_vm));
|
|
|
|
// 2. If name is not one of "Error", "EvalError", "RangeError", "ReferenceError", "SyntaxError", "TypeError", or "URIError", then set name to "Error".
|
|
auto type = error_name_to_type(name);
|
|
|
|
// 3. Let valueMessageDesc be ? value.[[GetOwnProperty]]("message").
|
|
auto value_message_descriptor = TRY(value.as_object().internal_get_own_property(m_vm.names.message));
|
|
|
|
// 4. Let message be undefined if IsDataDescriptor(valueMessageDesc) is false, and ? ToString(valueMessageDesc.[[Value]]) otherwise.
|
|
Optional<String> message;
|
|
if (value_message_descriptor.has_value() && value_message_descriptor->is_data_descriptor())
|
|
message = TRY(value_message_descriptor->value->to_string(m_vm));
|
|
|
|
// 5. Set serialized to { [[Type]]: "Error", [[Name]]: name, [[Message]]: message }.
|
|
// FIXME: 6. User agents should attach a serialized representation of any interesting accompanying data which are not yet specified, notably the stack property, to serialized.
|
|
serialize_enum(m_serialized, ValueTag::ErrorObject);
|
|
serialize_enum(m_serialized, type);
|
|
serialize_primitive_type(m_serialized, message.has_value());
|
|
if (message.has_value())
|
|
TRY(serialize_string(m_vm, m_serialized, *message));
|
|
}
|
|
|
|
// 18. Otherwise, if value is an Array exotic object, then:
|
|
else if (value.is_object() && is<JS::Array>(value.as_object())) {
|
|
// 1. Let valueLenDescriptor be ? OrdinaryGetOwnProperty(value, "length").
|
|
// 2. Let valueLen be valueLenDescriptor.[[Value]].
|
|
// NON-STANDARD: Array objects in LibJS do not have a real length property, so it must be accessed the usual way
|
|
u64 length = MUST(JS::length_of_array_like(m_vm, value.as_object()));
|
|
|
|
// 3. Set serialized to { [[Type]]: "Array", [[Length]]: valueLen, [[Properties]]: a new empty List }.
|
|
serialize_enum(m_serialized, ValueTag::ArrayObject);
|
|
serialize_primitive_type(m_serialized, length);
|
|
|
|
// 4. Set deep to true.
|
|
deep = true;
|
|
}
|
|
|
|
// 19. Otherwise, if value is a platform object that is a serializable object:
|
|
else if (value.is_object() && is<Bindings::Serializable>(value.as_object())) {
|
|
auto& serializable = dynamic_cast<Bindings::Serializable&>(value.as_object());
|
|
|
|
// FIXME: 1. If value has a [[Detached]] internal slot whose value is true, then throw a "DataCloneError" DOMException.
|
|
|
|
// 2. Let typeString be the identifier of the primary interface of value.
|
|
// 3. Set serialized to { [[Type]]: typeString }.
|
|
serialize_enum(m_serialized, ValueTag::SerializableObject);
|
|
serialize_enum(m_serialized, serializable.serialize_type());
|
|
|
|
// 4. Set deep to true
|
|
deep = true;
|
|
}
|
|
|
|
// 20. Otherwise, if value is a platform object, then throw a "DataCloneError" DOMException.
|
|
else if (value.is_object() && is<Bindings::PlatformObject>(value.as_object())) {
|
|
return throw_completion(WebIDL::DataCloneError::create(*m_vm.current_realm(), "Cannot serialize platform objects"_string));
|
|
}
|
|
|
|
// 21. Otherwise, if IsCallable(value) is true, then throw a "DataCloneError" DOMException.
|
|
else if (value.is_function()) {
|
|
return throw_completion(WebIDL::DataCloneError::create(*m_vm.current_realm(), "Cannot serialize functions"_string));
|
|
}
|
|
|
|
// FIXME: 22. Otherwise, if value has any internal slot other than [[Prototype]] or [[Extensible]], then throw a "DataCloneError" DOMException.
|
|
|
|
// FIXME: 23. Otherwise, if value is an exotic object and value is not the %Object.prototype% intrinsic object associated with any realm, then throw a "DataCloneError" DOMException.
|
|
|
|
// 24. Otherwise:
|
|
else {
|
|
// 1. Set serialized to { [[Type]]: "Object", [[Properties]]: a new empty List }.
|
|
serialize_enum(m_serialized, ValueTag::Object);
|
|
|
|
// 2. Set deep to true.
|
|
deep = true;
|
|
}
|
|
|
|
// 25. Set memory[value] to serialized.
|
|
m_memory.set(make_root(value), m_next_id++);
|
|
|
|
// 26. If deep is true, then:
|
|
if (deep) {
|
|
// 1. If value has a [[MapData]] internal slot, then:
|
|
if (value.is_object() && is<JS::Map>(value.as_object())) {
|
|
auto const& map = static_cast<JS::Map const&>(value.as_object());
|
|
// 1. Let copiedList be a new empty List.
|
|
Vector<JS::Value> copied_list;
|
|
copied_list.ensure_capacity(map.map_size() * 2);
|
|
// 2. For each Record { [[Key]], [[Value]] } entry of value.[[MapData]]:
|
|
for (auto const& entry : static_cast<JS::Map const&>(value.as_object())) {
|
|
// 1. Let copiedEntry be a new Record { [[Key]]: entry.[[Key]], [[Value]]: entry.[[Value]] }.
|
|
// 2. If copiedEntry.[[Key]] is not the special value empty, append copiedEntry to copiedList.
|
|
copied_list.append(entry.key);
|
|
copied_list.append(entry.value);
|
|
}
|
|
u64 size = map.map_size();
|
|
m_serialized.append(bit_cast<u32*>(&size), 2);
|
|
// 3. For each Record { [[Key]], [[Value]] } entry of copiedList:
|
|
for (auto copied_value : copied_list) {
|
|
// 1. Let serializedKey be ? StructuredSerializeInternal(entry.[[Key]], forStorage, memory).
|
|
// 2. Let serializedValue be ? StructuredSerializeInternal(entry.[[Value]], forStorage, memory).
|
|
auto serialized_value = TRY(structured_serialize_internal(m_vm, copied_value, m_for_storage, m_memory));
|
|
|
|
// 3. Append { [[Key]]: serializedKey, [[Value]]: serializedValue } to serialized.[[MapData]].
|
|
m_serialized.extend(serialized_value);
|
|
}
|
|
}
|
|
|
|
// 2. Otherwise, if value has a [[SetData]] internal slot, then:
|
|
else if (value.is_object() && is<JS::Set>(value.as_object())) {
|
|
auto const& set = static_cast<JS::Set const&>(value.as_object());
|
|
// 1. Let copiedList be a new empty List.
|
|
Vector<JS::Value> copied_list;
|
|
copied_list.ensure_capacity(set.set_size());
|
|
// 2. For each entry of value.[[SetData]]:
|
|
for (auto const& entry : static_cast<JS::Set const&>(value.as_object())) {
|
|
// 1. If entry is not the special value empty, append entry to copiedList.
|
|
copied_list.append(entry.key);
|
|
}
|
|
serialize_primitive_type(m_serialized, set.set_size());
|
|
// 3. For each entry of copiedList:
|
|
for (auto copied_value : copied_list) {
|
|
// 1. Let serializedEntry be ? StructuredSerializeInternal(entry, forStorage, memory).
|
|
auto serialized_value = TRY(structured_serialize_internal(m_vm, copied_value, m_for_storage, m_memory));
|
|
|
|
// 2. Append serializedEntry to serialized.[[SetData]].
|
|
m_serialized.extend(serialized_value);
|
|
}
|
|
}
|
|
|
|
// 3. Otherwise, if value is a platform object that is a serializable object, then perform the serialization steps for value's primary interface, given value, serialized, and forStorage.
|
|
else if (value.is_object() && is<Bindings::Serializable>(value.as_object())) {
|
|
auto& serializable = dynamic_cast<Bindings::Serializable&>(value.as_object());
|
|
TRY(serializable.serialization_steps(m_serialized, m_for_storage, m_memory));
|
|
}
|
|
|
|
// 4. Otherwise, for each key in ! EnumerableOwnProperties(value, key):
|
|
else {
|
|
u64 property_count = 0;
|
|
auto count_offset = m_serialized.size();
|
|
serialize_primitive_type(m_serialized, property_count);
|
|
for (auto key : MUST(value.as_object().enumerable_own_property_names(JS::Object::PropertyKind::Key))) {
|
|
auto property_key = MUST(JS::PropertyKey::from_value(m_vm, key));
|
|
|
|
// 1. If ! HasOwnProperty(value, key) is true, then:
|
|
if (MUST(value.as_object().has_own_property(property_key))) {
|
|
// 1. Let inputValue be ? value.[[Get]](key, value).
|
|
auto input_value = TRY(value.as_object().internal_get(property_key, value));
|
|
|
|
// 2. Let outputValue be ? StructuredSerializeInternal(inputValue, forStorage, memory).
|
|
auto output_value = TRY(structured_serialize_internal(m_vm, input_value, m_for_storage, m_memory));
|
|
|
|
// 3. Append { [[Key]]: key, [[Value]]: outputValue } to serialized.[[Properties]].
|
|
TRY(serialize_string(m_vm, m_serialized, key.as_string()));
|
|
m_serialized.extend(output_value);
|
|
|
|
property_count++;
|
|
}
|
|
}
|
|
memcpy(m_serialized.data() + count_offset, &property_count, sizeof(property_count));
|
|
}
|
|
}
|
|
|
|
// 27. Return serialized.
|
|
return m_serialized;
|
|
}
|
|
|
|
private:
|
|
JS::VM& m_vm;
|
|
SerializationMemory& m_memory; // JS value -> index
|
|
u32 m_next_id { 0 };
|
|
SerializationRecord m_serialized;
|
|
bool m_for_storage { false };
|
|
};
|
|
|
|
void serialize_boolean_primitive(SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_boolean());
|
|
serialize_primitive_type(serialized, value.as_bool());
|
|
}
|
|
|
|
void serialize_number_primitive(SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_number());
|
|
serialize_primitive_type(serialized, value.as_double());
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_big_int_primitive(JS::VM& vm, SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_bigint());
|
|
auto& val = value.as_bigint();
|
|
TRY(serialize_string(vm, serialized, TRY_OR_THROW_OOM(vm, val.to_string())));
|
|
return {};
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_string_primitive(JS::VM& vm, SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_string());
|
|
TRY(serialize_string(vm, serialized, value.as_string()));
|
|
return {};
|
|
}
|
|
|
|
void serialize_boolean_object(SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_object() && is<JS::BooleanObject>(value.as_object()));
|
|
auto& boolean_object = static_cast<JS::BooleanObject&>(value.as_object());
|
|
serialize_primitive_type(serialized, boolean_object.boolean());
|
|
}
|
|
|
|
void serialize_number_object(SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_object() && is<JS::NumberObject>(value.as_object()));
|
|
auto& number_object = static_cast<JS::NumberObject&>(value.as_object());
|
|
serialize_primitive_type(serialized, number_object.number());
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_big_int_object(JS::VM& vm, SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_object() && is<JS::BigIntObject>(value.as_object()));
|
|
auto& bigint_object = static_cast<JS::BigIntObject&>(value.as_object());
|
|
TRY(serialize_string(vm, serialized, TRY_OR_THROW_OOM(vm, bigint_object.bigint().to_string())));
|
|
return {};
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_string_object(JS::VM& vm, SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_object() && is<JS::StringObject>(value.as_object()));
|
|
auto& string_object = static_cast<JS::StringObject&>(value.as_object());
|
|
TRY(serialize_string(vm, serialized, string_object.primitive_string()));
|
|
return {};
|
|
}
|
|
|
|
void serialize_date_object(SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_object() && is<JS::Date>(value.as_object()));
|
|
auto& date_object = static_cast<JS::Date&>(value.as_object());
|
|
serialize_primitive_type(serialized, date_object.date_value());
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_reg_exp_object(JS::VM& vm, SerializationRecord& serialized, JS::Value& value)
|
|
{
|
|
VERIFY(value.is_object() && is<JS::RegExpObject>(value.as_object()));
|
|
auto& regexp_object = static_cast<JS::RegExpObject&>(value.as_object());
|
|
// Note: A Regex<ECMA262> object is perfectly happy to be reconstructed with just the source+flags
|
|
// In the future, we could optimize the work being done on the deserialize step by serializing
|
|
// more of the internal state (the [[RegExpMatcher]] internal slot)
|
|
TRY(serialize_string(vm, serialized, regexp_object.pattern()));
|
|
TRY(serialize_string(vm, serialized, regexp_object.flags()));
|
|
return {};
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_bytes(JS::VM& vm, Vector<u32>& vector, ReadonlyBytes bytes)
|
|
{
|
|
// Append size of the buffer to the serialized structure.
|
|
u64 const size = bytes.size();
|
|
serialize_primitive_type(vector, size);
|
|
// Append the bytes of the buffer to the serialized structure.
|
|
u64 byte_position = 0;
|
|
while (byte_position < size) {
|
|
u32 combined_value = 0;
|
|
for (u8 i = 0; i < 4; ++i) {
|
|
u8 const byte = bytes[byte_position];
|
|
combined_value |= byte << (i * 8);
|
|
byte_position++;
|
|
if (byte_position == size)
|
|
break;
|
|
}
|
|
TRY_OR_THROW_OOM(vm, vector.try_append(combined_value));
|
|
}
|
|
return {};
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_string(JS::VM& vm, Vector<u32>& vector, StringView string)
|
|
{
|
|
return serialize_bytes(vm, vector, string.bytes());
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_string(JS::VM& vm, Vector<u32>& vector, String const& string)
|
|
{
|
|
return serialize_bytes(vm, vector, { string.code_points().bytes(), string.code_points().byte_length() });
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_string(JS::VM& vm, Vector<u32>& vector, JS::PrimitiveString const& primitive_string)
|
|
{
|
|
auto string = primitive_string.utf8_string();
|
|
TRY(serialize_string(vm, vector, string));
|
|
return {};
|
|
}
|
|
|
|
WebIDL::ExceptionOr<void> serialize_array_buffer(JS::VM& vm, Vector<u32>& vector, JS::ArrayBuffer const& array_buffer, bool for_storage)
|
|
{
|
|
// 13. Otherwise, if value has an [[ArrayBufferData]] internal slot, then:
|
|
|
|
// 1. If IsSharedArrayBuffer(value) is true, then:
|
|
if (array_buffer.is_shared_array_buffer()) {
|
|
// 1. If the current principal settings object's cross-origin isolated capability is false, then throw a "DataCloneError" DOMException.
|
|
// NOTE: This check is only needed when serializing (and not when deserializing) as the cross-origin isolated capability cannot change
|
|
// over time and a SharedArrayBuffer cannot leave an agent cluster.
|
|
if (current_principal_settings_object().cross_origin_isolated_capability() == CanUseCrossOriginIsolatedAPIs::No)
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Cannot serialize SharedArrayBuffer when cross-origin isolated"_string);
|
|
|
|
// 2. If forStorage is true, then throw a "DataCloneError" DOMException.
|
|
if (for_storage)
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Cannot serialize SharedArrayBuffer for storage"_string);
|
|
|
|
if (!array_buffer.is_fixed_length()) {
|
|
// 3. If value has an [[ArrayBufferMaxByteLength]] internal slot, then set serialized to { [[Type]]: "GrowableSharedArrayBuffer",
|
|
// [[ArrayBufferData]]: value.[[ArrayBufferData]], [[ArrayBufferByteLengthData]]: value.[[ArrayBufferByteLengthData]],
|
|
// [[ArrayBufferMaxByteLength]]: value.[[ArrayBufferMaxByteLength]],
|
|
// FIXME: [[AgentCluster]]: the surrounding agent's agent cluster }.
|
|
serialize_enum(vector, ValueTag::GrowableSharedArrayBuffer);
|
|
TRY(serialize_bytes(vm, vector, array_buffer.buffer().bytes()));
|
|
serialize_primitive_type(vector, array_buffer.max_byte_length());
|
|
} else {
|
|
// 4. Otherwise, set serialized to { [[Type]]: "SharedArrayBuffer", [[ArrayBufferData]]: value.[[ArrayBufferData]],
|
|
// [[ArrayBufferByteLength]]: value.[[ArrayBufferByteLength]],
|
|
// FIXME: [[AgentCluster]]: the surrounding agent's agent cluster }.
|
|
serialize_enum(vector, ValueTag::SharedArrayBuffer);
|
|
TRY(serialize_bytes(vm, vector, array_buffer.buffer().bytes()));
|
|
}
|
|
}
|
|
|
|
// 2. Otherwise:
|
|
else {
|
|
// 1. If IsDetachedBuffer(value) is true, then throw a "DataCloneError" DOMException.
|
|
if (array_buffer.is_detached())
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Cannot serialize detached ArrayBuffer"_string);
|
|
|
|
// 2. Let size be value.[[ArrayBufferByteLength]].
|
|
auto size = array_buffer.byte_length();
|
|
|
|
// 3. Let dataCopy be ? CreateByteDataBlock(size).
|
|
// NOTE: This can throw a RangeError exception upon allocation failure.
|
|
auto data_copy = TRY(JS::create_byte_data_block(vm, size));
|
|
|
|
// 4. Perform CopyDataBlockBytes(dataCopy, 0, value.[[ArrayBufferData]], 0, size).
|
|
JS::copy_data_block_bytes(data_copy.buffer(), 0, array_buffer.buffer(), 0, size);
|
|
|
|
// 5. If value has an [[ArrayBufferMaxByteLength]] internal slot, then set serialized to { [[Type]]: "ResizableArrayBuffer",
|
|
// [[ArrayBufferData]]: dataCopy, [[ArrayBufferByteLength]]: size, [[ArrayBufferMaxByteLength]]: value.[[ArrayBufferMaxByteLength]] }.
|
|
if (!array_buffer.is_fixed_length()) {
|
|
serialize_enum(vector, ValueTag::ResizeableArrayBuffer);
|
|
TRY(serialize_bytes(vm, vector, data_copy.buffer().bytes()));
|
|
serialize_primitive_type(vector, array_buffer.max_byte_length());
|
|
}
|
|
// 6. Otherwise, set serialized to { [[Type]]: "ArrayBuffer", [[ArrayBufferData]]: dataCopy, [[ArrayBufferByteLength]]: size }.
|
|
else {
|
|
serialize_enum(vector, ValueTag::ArrayBuffer);
|
|
TRY(serialize_bytes(vm, vector, data_copy.buffer().bytes()));
|
|
}
|
|
}
|
|
return {};
|
|
}
|
|
|
|
template<OneOf<JS::TypedArrayBase, JS::DataView> ViewType>
|
|
WebIDL::ExceptionOr<void> serialize_viewed_array_buffer(JS::VM& vm, Vector<u32>& vector, ViewType const& view, bool for_storage, SerializationMemory& memory)
|
|
{
|
|
// 14. Otherwise, if value has a [[ViewedArrayBuffer]] internal slot, then:
|
|
|
|
auto view_record = [&]() {
|
|
if constexpr (IsSame<ViewType, JS::DataView>) {
|
|
return JS::make_data_view_with_buffer_witness_record(view, JS::ArrayBuffer::Order::SeqCst);
|
|
} else {
|
|
return JS::make_typed_array_with_buffer_witness_record(view, JS::ArrayBuffer::Order::SeqCst);
|
|
}
|
|
}();
|
|
|
|
// 1. If IsArrayBufferViewOutOfBounds(value) is true, then throw a "DataCloneError" DOMException.
|
|
if constexpr (IsSame<ViewType, JS::DataView>) {
|
|
if (JS::is_view_out_of_bounds(view_record))
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), MUST(String::formatted(JS::ErrorType::BufferOutOfBounds.message(), "DataView"sv)));
|
|
} else {
|
|
if (JS::is_typed_array_out_of_bounds(view_record))
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), MUST(String::formatted(JS::ErrorType::BufferOutOfBounds.message(), "TypedArray"sv)));
|
|
}
|
|
|
|
// 2. Let buffer be the value of value's [[ViewedArrayBuffer]] internal slot.
|
|
JS::Value buffer = view.viewed_array_buffer();
|
|
|
|
// 3. Let bufferSerialized be ? StructuredSerializeInternal(buffer, forStorage, memory).
|
|
auto buffer_serialized = TRY(structured_serialize_internal(vm, buffer, for_storage, memory));
|
|
|
|
// 4. Assert: bufferSerialized.[[Type]] is "ArrayBuffer", "ResizableArrayBuffer", "SharedArrayBuffer", or "GrowableSharedArrayBuffer".
|
|
// NOTE: Object reference + memory check is required when ArrayBuffer is transferred.
|
|
auto tag = buffer_serialized[0];
|
|
VERIFY(tag == ValueTag::ArrayBuffer
|
|
|| tag == ValueTag::ResizeableArrayBuffer
|
|
|| tag == ValueTag::SharedArrayBuffer
|
|
|| tag == ValueTag::GrowableSharedArrayBuffer
|
|
|| (tag == ValueTag::ObjectReference && memory.contains(buffer)));
|
|
|
|
// 5. If value has a [[DataView]] internal slot, then set serialized to { [[Type]]: "ArrayBufferView", [[Constructor]]: "DataView",
|
|
// [[ArrayBufferSerialized]]: bufferSerialized, [[ByteLength]]: value.[[ByteLength]], [[ByteOffset]]: value.[[ByteOffset]] }.
|
|
if constexpr (IsSame<ViewType, JS::DataView>) {
|
|
serialize_enum(vector, ValueTag::ArrayBufferView);
|
|
vector.extend(move(buffer_serialized)); // [[ArrayBufferSerialized]]
|
|
TRY(serialize_string(vm, vector, "DataView"_string)); // [[Constructor]]
|
|
serialize_primitive_type(vector, JS::get_view_byte_length(view_record));
|
|
serialize_primitive_type(vector, view.byte_offset());
|
|
}
|
|
|
|
// 6. Otherwise:
|
|
else {
|
|
// 1. Assert: value has a [[TypedArrayName]] internal slot.
|
|
// NOTE: Handled by constexpr check and template constraints
|
|
// 2. Set serialized to { [[Type]]: "ArrayBufferView", [[Constructor]]: value.[[TypedArrayName]],
|
|
// [[ArrayBufferSerialized]]: bufferSerialized, [[ByteLength]]: value.[[ByteLength]],
|
|
// [[ByteOffset]]: value.[[ByteOffset]], [[ArrayLength]]: value.[[ArrayLength]] }.
|
|
serialize_enum(vector, ValueTag::ArrayBufferView);
|
|
vector.extend(move(buffer_serialized)); // [[ArrayBufferSerialized]]
|
|
TRY(serialize_string(vm, vector, view.element_name().to_string())); // [[Constructor]]
|
|
serialize_primitive_type(vector, JS::typed_array_byte_length(view_record));
|
|
serialize_primitive_type(vector, view.byte_offset());
|
|
serialize_primitive_type(vector, JS::typed_array_length(view_record));
|
|
}
|
|
return {};
|
|
}
|
|
template WebIDL::ExceptionOr<void> serialize_viewed_array_buffer(JS::VM& vm, Vector<u32>& vector, JS::TypedArrayBase const& view, bool for_storage, SerializationMemory& memory);
|
|
template WebIDL::ExceptionOr<void> serialize_viewed_array_buffer(JS::VM& vm, Vector<u32>& vector, JS::DataView const& view, bool for_storage, SerializationMemory& memory);
|
|
|
|
class Deserializer {
|
|
public:
|
|
Deserializer(JS::VM& vm, JS::Realm& target_realm, ReadonlySpan<u32> serialized, DeserializationMemory& memory, Optional<size_t> position = {})
|
|
: m_vm(vm)
|
|
, m_serialized(serialized)
|
|
, m_memory(memory)
|
|
, m_position(position.value_or(0))
|
|
{
|
|
VERIFY(vm.current_realm() == &target_realm);
|
|
}
|
|
|
|
size_t position() const { return m_position; }
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structureddeserialize
|
|
WebIDL::ExceptionOr<JS::Value> deserialize()
|
|
{
|
|
auto tag = deserialize_primitive_type<ValueTag>(m_serialized, m_position);
|
|
|
|
// 2. If memory[serialized] exists, then return memory[serialized].
|
|
if (tag == ValueTag::ObjectReference) {
|
|
auto index = m_serialized[m_position++];
|
|
if (index == NumericLimits<u32>::max()) {
|
|
return JS::Object::create(*m_vm.current_realm(), nullptr);
|
|
}
|
|
return m_memory[index];
|
|
}
|
|
|
|
// 3. Let deep be false.
|
|
auto deep = false;
|
|
|
|
// 4. Let value be an uninitialized value.
|
|
JS::Value value;
|
|
|
|
auto is_primitive = false;
|
|
switch (tag) {
|
|
// 5. If serialized.[[Type]] is "primitive", then set value to serialized.[[Value]].
|
|
case ValueTag::UndefinedPrimitive: {
|
|
value = JS::js_undefined();
|
|
is_primitive = true;
|
|
break;
|
|
}
|
|
case ValueTag::NullPrimitive: {
|
|
value = JS::js_null();
|
|
is_primitive = true;
|
|
break;
|
|
}
|
|
case ValueTag::BooleanPrimitive: {
|
|
value = JS::Value { deserialize_boolean_primitive(m_serialized, m_position) };
|
|
is_primitive = true;
|
|
break;
|
|
}
|
|
case ValueTag::NumberPrimitive: {
|
|
value = JS::Value { deserialize_number_primitive(m_serialized, m_position) };
|
|
is_primitive = true;
|
|
break;
|
|
}
|
|
case ValueTag::BigIntPrimitive: {
|
|
auto big_int = TRY(deserialize_big_int_primitive(m_vm, m_serialized, m_position));
|
|
value = JS::Value { big_int };
|
|
is_primitive = true;
|
|
break;
|
|
}
|
|
case ValueTag::StringPrimitive: {
|
|
auto string = TRY(deserialize_string_primitive(m_vm, m_serialized, m_position));
|
|
value = JS::Value { string };
|
|
is_primitive = true;
|
|
break;
|
|
}
|
|
// 6. Otherwise, if serialized.[[Type]] is "Boolean", then set value to a new Boolean object in targetRealm whose [[BooleanData]] internal slot value is serialized.[[BooleanData]].
|
|
case BooleanObject: {
|
|
value = deserialize_boolean_object(*m_vm.current_realm(), m_serialized, m_position);
|
|
break;
|
|
}
|
|
// 7. Otherwise, if serialized.[[Type]] is "Number", then set value to a new Number object in targetRealm whose [[NumberData]] internal slot value is serialized.[[NumberData]].
|
|
case ValueTag::NumberObject: {
|
|
value = deserialize_number_object(*m_vm.current_realm(), m_serialized, m_position);
|
|
break;
|
|
}
|
|
// 8. Otherwise, if serialized.[[Type]] is "BigInt", then set value to a new BigInt object in targetRealm whose [[BigIntData]] internal slot value is serialized.[[BigIntData]].
|
|
case ValueTag::BigIntObject: {
|
|
value = TRY(deserialize_big_int_object(*m_vm.current_realm(), m_serialized, m_position));
|
|
break;
|
|
}
|
|
// 9. Otherwise, if serialized.[[Type]] is "String", then set value to a new String object in targetRealm whose [[StringData]] internal slot value is serialized.[[StringData]].
|
|
case ValueTag::StringObject: {
|
|
value = TRY(deserialize_string_object(*m_vm.current_realm(), m_serialized, m_position));
|
|
break;
|
|
}
|
|
// 10. Otherwise, if serialized.[[Type]] is "Date", then set value to a new Date object in targetRealm whose [[DateValue]] internal slot value is serialized.[[DateValue]].
|
|
case ValueTag::DateObject: {
|
|
value = deserialize_date_object(*m_vm.current_realm(), m_serialized, m_position);
|
|
break;
|
|
}
|
|
// 11. Otherwise, if serialized.[[Type]] is "RegExp", then set value to a new RegExp object in targetRealm whose [[RegExpMatcher]] internal slot value is serialized.[[RegExpMatcher]],
|
|
// whose [[OriginalSource]] internal slot value is serialized.[[OriginalSource]], and whose [[OriginalFlags]] internal slot value is serialized.[[OriginalFlags]].
|
|
case ValueTag::RegExpObject: {
|
|
value = TRY(deserialize_reg_exp_object(*m_vm.current_realm(), m_serialized, m_position));
|
|
break;
|
|
}
|
|
// 12. Otherwise, if serialized.[[Type]] is "SharedArrayBuffer", then:
|
|
case ValueTag::SharedArrayBuffer: {
|
|
// FIXME: 1. If targetRealm's corresponding agent cluster is not serialized.[[AgentCluster]], then throw a "DataCloneError" DOMException.
|
|
// 2. Otherwise, set value to a new SharedArrayBuffer object in targetRealm whose [[ArrayBufferData]] internal slot value is serialized.[[ArrayBufferData]]
|
|
// and whose [[ArrayBufferByteLength]] internal slot value is serialized.[[ArrayBufferByteLength]].
|
|
auto* realm = m_vm.current_realm();
|
|
auto bytes_or_error = deserialize_bytes(m_vm, m_serialized, m_position);
|
|
if (bytes_or_error.is_error())
|
|
return WebIDL::DataCloneError::create(*realm, "out of memory"_string);
|
|
auto bytes = bytes_or_error.release_value();
|
|
JS::ArrayBuffer* buffer = TRY(JS::allocate_shared_array_buffer(m_vm, realm->intrinsics().shared_array_buffer_constructor(), bytes.size()));
|
|
bytes.span().copy_to(buffer->buffer().span());
|
|
value = buffer;
|
|
break;
|
|
}
|
|
// 13. Otherwise, if serialized.[[Type]] is "GrowableSharedArrayBuffer", then:
|
|
case ValueTag::GrowableSharedArrayBuffer: {
|
|
// FIXME: 1. If targetRealm's corresponding agent cluster is not serialized.[[AgentCluster]], then throw a "DataCloneError" DOMException.
|
|
// 2. Otherwise, set value to a new SharedArrayBuffer object in targetRealm whose [[ArrayBufferData]] internal slot value is serialized.[[ArrayBufferData]],
|
|
// whose [[ArrayBufferByteLengthData]] internal slot value is serialized.[[ArrayBufferByteLengthData]],
|
|
// and whose [[ArrayBufferMaxByteLength]] internal slot value is serialized.[[ArrayBufferMaxByteLength]].
|
|
auto* realm = m_vm.current_realm();
|
|
auto bytes_or_error = deserialize_bytes(m_vm, m_serialized, m_position);
|
|
if (bytes_or_error.is_error())
|
|
return WebIDL::DataCloneError::create(*realm, "out of memory"_string);
|
|
size_t max_byte_length = deserialize_primitive_type<size_t>(m_serialized, m_position);
|
|
auto bytes = bytes_or_error.release_value();
|
|
JS::ArrayBuffer* buffer = TRY(JS::allocate_shared_array_buffer(m_vm, realm->intrinsics().shared_array_buffer_constructor(), bytes.size()));
|
|
bytes.span().copy_to(buffer->buffer().span());
|
|
buffer->set_max_byte_length(max_byte_length);
|
|
value = buffer;
|
|
break;
|
|
}
|
|
// 14. Otherwise, if serialized.[[Type]] is "ArrayBuffer", then set value to a new ArrayBuffer object in targetRealm whose [[ArrayBufferData]] internal slot value is serialized.[[ArrayBufferData]], and whose [[ArrayBufferByteLength]] internal slot value is serialized.[[ArrayBufferByteLength]].
|
|
case ValueTag::ArrayBuffer: {
|
|
auto* realm = m_vm.current_realm();
|
|
// If this throws an exception, catch it, and then throw a "DataCloneError" DOMException.
|
|
auto bytes_or_error = deserialize_bytes(m_vm, m_serialized, m_position);
|
|
if (bytes_or_error.is_error())
|
|
return WebIDL::DataCloneError::create(*m_vm.current_realm(), "out of memory"_string);
|
|
value = JS::ArrayBuffer::create(*realm, bytes_or_error.release_value());
|
|
break;
|
|
}
|
|
// 15. Otherwise, if serialized.[[Type]] is "ResizableArrayBuffer", then set value to a new ArrayBuffer object in targetRealm whose [[ArrayBufferData]] internal slot value is serialized.[[ArrayBufferData]], whose [[ArrayBufferByteLength]] internal slot value is serialized.[[ArrayBufferByteLength]], and whose [[ArrayBufferMaxByteLength]] internal slot value is a serialized.[[ArrayBufferMaxByteLength]].
|
|
case ValueTag::ResizeableArrayBuffer: {
|
|
auto* realm = m_vm.current_realm();
|
|
// If this throws an exception, catch it, and then throw a "DataCloneError" DOMException.
|
|
auto bytes_or_error = deserialize_bytes(m_vm, m_serialized, m_position);
|
|
if (bytes_or_error.is_error())
|
|
return WebIDL::DataCloneError::create(*m_vm.current_realm(), "out of memory"_string);
|
|
size_t max_byte_length = deserialize_primitive_type<size_t>(m_serialized, m_position);
|
|
auto buffer = JS::ArrayBuffer::create(*realm, bytes_or_error.release_value());
|
|
buffer->set_max_byte_length(max_byte_length);
|
|
value = buffer;
|
|
break;
|
|
}
|
|
// 16. Otherwise, if serialized.[[Type]] is "ArrayBufferView", then:
|
|
case ValueTag::ArrayBufferView: {
|
|
auto* realm = m_vm.current_realm();
|
|
auto array_buffer_value = TRY(deserialize());
|
|
auto& array_buffer = as<JS::ArrayBuffer>(array_buffer_value.as_object());
|
|
auto constructor_name = TRY(deserialize_string(m_vm, m_serialized, m_position));
|
|
u32 byte_length = deserialize_primitive_type<u32>(m_serialized, m_position);
|
|
u32 byte_offset = deserialize_primitive_type<u32>(m_serialized, m_position);
|
|
|
|
if (constructor_name == "DataView"sv) {
|
|
value = JS::DataView::create(*realm, &array_buffer, byte_length, byte_offset);
|
|
} else {
|
|
u32 array_length = deserialize_primitive_type<u32>(m_serialized, m_position);
|
|
GC::Ptr<JS::TypedArrayBase> typed_array_ptr;
|
|
#define CREATE_TYPED_ARRAY(ClassName) \
|
|
if (constructor_name == #ClassName##sv) \
|
|
typed_array_ptr = JS::ClassName::create(*realm, array_length, array_buffer);
|
|
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, Type) \
|
|
CREATE_TYPED_ARRAY(ClassName)
|
|
JS_ENUMERATE_TYPED_ARRAYS
|
|
#undef __JS_ENUMERATE
|
|
#undef CREATE_TYPED_ARRAY
|
|
VERIFY(typed_array_ptr != nullptr); // FIXME: Handle errors better here? Can a fuzzer put weird stuff in the buffer?
|
|
typed_array_ptr->set_byte_length(byte_length);
|
|
typed_array_ptr->set_byte_offset(byte_offset);
|
|
value = typed_array_ptr;
|
|
}
|
|
break;
|
|
}
|
|
// 17. Otherwise, if serialized.[[Type]] is "Map", then:
|
|
case ValueTag::MapObject: {
|
|
auto& realm = *m_vm.current_realm();
|
|
// 1. Set value to a new Map object in targetRealm whose [[MapData]] internal slot value is a new empty List.
|
|
value = JS::Map::create(realm);
|
|
// 2. Set deep to true.
|
|
deep = true;
|
|
break;
|
|
}
|
|
// 18. Otherwise, if serialized.[[Type]] is "Set", then:
|
|
case ValueTag::SetObject: {
|
|
auto& realm = *m_vm.current_realm();
|
|
// 1. Set value to a new Set object in targetRealm whose [[SetData]] internal slot value is a new empty List.
|
|
value = JS::Set::create(realm);
|
|
// 2. Set deep to true.
|
|
deep = true;
|
|
break;
|
|
}
|
|
// 19. Otherwise, if serialized.[[Type]] is "Array", then:
|
|
case ValueTag::ArrayObject: {
|
|
auto& realm = *m_vm.current_realm();
|
|
// 1. Let outputProto be targetRealm.[[Intrinsics]].[[%Array.prototype%]].
|
|
// 2. Set value to ! ArrayCreate(serialized.[[Length]], outputProto).
|
|
auto length = deserialize_primitive_type<u64>(m_serialized, m_position);
|
|
value = MUST(JS::Array::create(realm, length));
|
|
// 3. Set deep to true.
|
|
deep = true;
|
|
break;
|
|
}
|
|
// 20. Otherwise, if serialized.[[Type]] is "Object", then:
|
|
case ValueTag::Object: {
|
|
auto& realm = *m_vm.current_realm();
|
|
// 1. Set value to a new Object in targetRealm.
|
|
value = JS::Object::create(realm, realm.intrinsics().object_prototype());
|
|
// 2. Set deep to true.
|
|
deep = true;
|
|
break;
|
|
}
|
|
// 21. Otherwise, if serialized.[[Type]] is "Error", then:
|
|
case ValueTag::ErrorObject: {
|
|
auto& realm = *m_vm.current_realm();
|
|
auto type = deserialize_primitive_type<ErrorType>(m_serialized, m_position);
|
|
auto has_message = deserialize_primitive_type<bool>(m_serialized, m_position);
|
|
if (has_message) {
|
|
auto message = TRY(deserialize_string(m_vm, m_serialized, m_position));
|
|
switch (type) {
|
|
case ErrorType::Error:
|
|
value = JS::Error::create(realm, message);
|
|
break;
|
|
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, ArrayType) \
|
|
case ErrorType::ClassName: \
|
|
value = JS::ClassName::create(realm, message); \
|
|
break;
|
|
JS_ENUMERATE_NATIVE_ERRORS
|
|
#undef __JS_ENUMERATE
|
|
}
|
|
} else {
|
|
switch (type) {
|
|
case ErrorType::Error:
|
|
value = JS::Error::create(realm);
|
|
break;
|
|
#define __JS_ENUMERATE(ClassName, snake_name, PrototypeName, ConstructorName, ArrayType) \
|
|
case ErrorType::ClassName: \
|
|
value = JS::ClassName::create(realm); \
|
|
break;
|
|
JS_ENUMERATE_NATIVE_ERRORS
|
|
#undef __JS_ENUMERATE
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
// 22. Otherwise:
|
|
default:
|
|
VERIFY(tag == ValueTag::SerializableObject);
|
|
|
|
auto& realm = *m_vm.current_realm();
|
|
// 1. Let interfaceName be serialized.[[Type]].
|
|
auto interface_name = deserialize_primitive_type<SerializeType>(m_serialized, m_position);
|
|
// 2. If the interface identified by interfaceName is not exposed in targetRealm, then throw a "DataCloneError" DOMException.
|
|
if (!is_serializable_interface_exposed_on_target_realm(interface_name, realm))
|
|
return WebIDL::DataCloneError::create(realm, "Unsupported type"_string);
|
|
|
|
// 3. Set value to a new instance of the interface identified by interfaceName, created in targetRealm.
|
|
value = create_serialized_type(interface_name, realm);
|
|
|
|
// 4. Set deep to true.
|
|
deep = true;
|
|
}
|
|
|
|
// 23. Set memory[serialized] to value.
|
|
// IMPLEMENTATION DEFINED: We don't add primitive values to the memory to match the serialization indices (which also doesn't add them)
|
|
if (!is_primitive)
|
|
m_memory.append(value);
|
|
|
|
// 24. If deep is true, then:
|
|
if (deep) {
|
|
// 1. If serialized.[[Type]] is "Map", then:
|
|
if (tag == ValueTag::MapObject) {
|
|
auto& map = static_cast<JS::Map&>(value.as_object());
|
|
auto length = deserialize_primitive_type<u64>(m_serialized, m_position);
|
|
// 1. For each Record { [[Key]], [[Value]] } entry of serialized.[[MapData]]:
|
|
for (u64 i = 0u; i < length; ++i) {
|
|
// 1. Let deserializedKey be ? StructuredDeserialize(entry.[[Key]], targetRealm, memory).
|
|
auto deserialized_key = TRY(deserialize());
|
|
|
|
// 2. Let deserializedValue be ? StructuredDeserialize(entry.[[Value]], targetRealm, memory).
|
|
auto deserialized_value = TRY(deserialize());
|
|
|
|
// 3. Append { [[Key]]: deserializedKey, [[Value]]: deserializedValue } to value.[[MapData]].
|
|
map.map_set(deserialized_key, deserialized_value);
|
|
}
|
|
}
|
|
|
|
// 2. Otherwise, if serialized.[[Type]] is "Set", then:
|
|
else if (tag == ValueTag::SetObject) {
|
|
auto& set = static_cast<JS::Set&>(value.as_object());
|
|
auto length = deserialize_primitive_type<u64>(m_serialized, m_position);
|
|
// 1. For each entry of serialized.[[SetData]]:
|
|
for (u64 i = 0u; i < length; ++i) {
|
|
// 1. Let deserializedEntry be ? StructuredDeserialize(entry, targetRealm, memory).
|
|
auto deserialized_entry = TRY(deserialize());
|
|
|
|
// 2. Append deserializedEntry to value.[[SetData]].
|
|
set.set_add(deserialized_entry);
|
|
}
|
|
}
|
|
|
|
// 3. Otherwise, if serialized.[[Type]] is "Array" or "Object", then:
|
|
else if (tag == ValueTag::ArrayObject || tag == ValueTag::Object) {
|
|
auto& object = value.as_object();
|
|
auto length = deserialize_primitive_type<u64>(m_serialized, m_position);
|
|
// 1. For each Record { [[Key]], [[Value]] } entry of serialized.[[Properties]]:
|
|
for (u64 i = 0u; i < length; ++i) {
|
|
auto key = TRY(deserialize_string(m_vm, m_serialized, m_position));
|
|
|
|
// 1. Let deserializedValue be ? StructuredDeserialize(entry.[[Value]], targetRealm, memory).
|
|
auto deserialized_value = TRY(deserialize());
|
|
|
|
// 2. Let result be ! CreateDataProperty(value, entry.[[Key]], deserializedValue).
|
|
auto result = MUST(object.create_data_property(key, deserialized_value));
|
|
|
|
// 3. Assert: result is true.
|
|
VERIFY(result);
|
|
}
|
|
}
|
|
|
|
// 4. Otherwise:
|
|
else {
|
|
// 1. Perform the appropriate deserialization steps for the interface identified by serialized.[[Type]], given serialized, value, and targetRealm.
|
|
auto& serializable = dynamic_cast<Bindings::Serializable&>(value.as_object());
|
|
TRY(serializable.deserialization_steps(m_serialized, m_position, m_memory));
|
|
}
|
|
}
|
|
|
|
// 25. Return value.
|
|
return value;
|
|
}
|
|
|
|
private:
|
|
JS::VM& m_vm;
|
|
ReadonlySpan<u32> m_serialized;
|
|
GC::RootVector<JS::Value> m_memory; // Index -> JS value
|
|
size_t m_position { 0 };
|
|
|
|
static bool is_serializable_interface_exposed_on_target_realm(SerializeType name, JS::Realm& realm)
|
|
{
|
|
auto const& intrinsics = Bindings::host_defined_intrinsics(realm);
|
|
switch (name) {
|
|
case SerializeType::Blob:
|
|
return intrinsics.is_interface_exposed<Bindings::BlobPrototype>(realm);
|
|
case SerializeType::File:
|
|
return intrinsics.is_interface_exposed<Bindings::FilePrototype>(realm);
|
|
case SerializeType::FileList:
|
|
return intrinsics.is_interface_exposed<Bindings::FileListPrototype>(realm);
|
|
case SerializeType::DOMException:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMExceptionPrototype>(realm);
|
|
case SerializeType::DOMMatrixReadOnly:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMMatrixReadOnlyPrototype>(realm);
|
|
case SerializeType::DOMMatrix:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMMatrixPrototype>(realm);
|
|
case SerializeType::DOMPointReadOnly:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMPointReadOnlyPrototype>(realm);
|
|
case SerializeType::DOMPoint:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMPointPrototype>(realm);
|
|
case SerializeType::DOMRectReadOnly:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMRectReadOnlyPrototype>(realm);
|
|
case SerializeType::DOMRect:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMRectPrototype>(realm);
|
|
case SerializeType::CryptoKey:
|
|
return intrinsics.is_interface_exposed<Bindings::CryptoKeyPrototype>(realm);
|
|
case SerializeType::DOMQuad:
|
|
return intrinsics.is_interface_exposed<Bindings::DOMQuadPrototype>(realm);
|
|
case SerializeType::ImageData:
|
|
return intrinsics.is_interface_exposed<Bindings::ImageDataPrototype>(realm);
|
|
case SerializeType::ImageBitmap:
|
|
return intrinsics.is_interface_exposed<Bindings::ImageBitmapPrototype>(realm);
|
|
case SerializeType::Unknown:
|
|
dbgln("Unknown interface type for serialization: {}", to_underlying(name));
|
|
break;
|
|
default:
|
|
VERIFY_NOT_REACHED();
|
|
}
|
|
return false;
|
|
}
|
|
|
|
static GC::Ref<Bindings::PlatformObject> create_serialized_type(SerializeType serialize_type, JS::Realm& realm)
|
|
{
|
|
switch (serialize_type) {
|
|
case SerializeType::Blob:
|
|
return FileAPI::Blob::create(realm);
|
|
case SerializeType::File:
|
|
return FileAPI::File::create(realm);
|
|
case SerializeType::FileList:
|
|
return FileAPI::FileList::create(realm);
|
|
case SerializeType::DOMException:
|
|
return WebIDL::DOMException::create(realm);
|
|
case SerializeType::DOMMatrixReadOnly:
|
|
return Geometry::DOMMatrixReadOnly::create(realm);
|
|
case SerializeType::DOMMatrix:
|
|
return Geometry::DOMMatrix::create(realm);
|
|
case SerializeType::DOMPointReadOnly:
|
|
return Geometry::DOMPointReadOnly::create(realm);
|
|
case SerializeType::DOMPoint:
|
|
return Geometry::DOMPoint::create(realm);
|
|
case SerializeType::DOMRectReadOnly:
|
|
return Geometry::DOMRectReadOnly::create(realm);
|
|
case SerializeType::DOMRect:
|
|
return Geometry::DOMRect::create(realm);
|
|
case SerializeType::CryptoKey:
|
|
return Crypto::CryptoKey::create(realm);
|
|
case SerializeType::DOMQuad:
|
|
return Geometry::DOMQuad::create(realm);
|
|
case SerializeType::ImageData:
|
|
return ImageData::create(realm);
|
|
case SerializeType::ImageBitmap:
|
|
return ImageBitmap::create(realm);
|
|
case SerializeType::Unknown:
|
|
default:
|
|
VERIFY_NOT_REACHED();
|
|
}
|
|
}
|
|
};
|
|
|
|
bool deserialize_boolean_primitive(ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
return deserialize_primitive_type<bool>(serialized, position);
|
|
}
|
|
|
|
double deserialize_number_primitive(ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
return deserialize_primitive_type<double>(serialized, position);
|
|
}
|
|
|
|
GC::Ref<JS::BooleanObject> deserialize_boolean_object(JS::Realm& realm, ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
auto boolean_primitive = deserialize_boolean_primitive(serialized, position);
|
|
return JS::BooleanObject::create(realm, boolean_primitive);
|
|
}
|
|
|
|
GC::Ref<JS::NumberObject> deserialize_number_object(JS::Realm& realm, ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
auto number_primitive = deserialize_number_primitive(serialized, position);
|
|
return JS::NumberObject::create(realm, number_primitive);
|
|
}
|
|
|
|
WebIDL::ExceptionOr<GC::Ref<JS::BigIntObject>> deserialize_big_int_object(JS::Realm& realm, ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
auto big_int_primitive = TRY(deserialize_big_int_primitive(realm.vm(), serialized, position));
|
|
return JS::BigIntObject::create(realm, big_int_primitive);
|
|
}
|
|
|
|
WebIDL::ExceptionOr<GC::Ref<JS::StringObject>> deserialize_string_object(JS::Realm& realm, ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
auto string_primitive = TRY(deserialize_string_primitive(realm.vm(), serialized, position));
|
|
return JS::StringObject::create(realm, string_primitive, realm.intrinsics().string_prototype());
|
|
}
|
|
|
|
GC::Ref<JS::Date> deserialize_date_object(JS::Realm& realm, ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
auto double_value = deserialize_primitive_type<double>(serialized, position);
|
|
return JS::Date::create(realm, double_value);
|
|
}
|
|
|
|
WebIDL::ExceptionOr<GC::Ref<JS::RegExpObject>> deserialize_reg_exp_object(JS::Realm& realm, ReadonlySpan<u32> const& serialized, size_t& position)
|
|
{
|
|
auto pattern = TRY(deserialize_string_primitive(realm.vm(), serialized, position));
|
|
auto flags = TRY(deserialize_string_primitive(realm.vm(), serialized, position));
|
|
return TRY(JS::regexp_create(realm.vm(), move(pattern), move(flags)));
|
|
}
|
|
|
|
WebIDL::ExceptionOr<ByteBuffer> deserialize_bytes(JS::VM& vm, ReadonlySpan<u32> vector, size_t& position)
|
|
{
|
|
u64 const size = deserialize_primitive_type<u64>(vector, position);
|
|
|
|
auto bytes = TRY_OR_THROW_OOM(vm, ByteBuffer::create_uninitialized(size));
|
|
u64 byte_position = 0;
|
|
while (position < vector.size() && byte_position < size) {
|
|
for (u8 i = 0; i < 4; ++i) {
|
|
bytes[byte_position++] = (vector[position] >> (i * 8) & 0xFF);
|
|
if (byte_position == size)
|
|
break;
|
|
}
|
|
position++;
|
|
}
|
|
return bytes;
|
|
}
|
|
|
|
WebIDL::ExceptionOr<String> deserialize_string(JS::VM& vm, ReadonlySpan<u32> vector, size_t& position)
|
|
{
|
|
auto bytes = TRY(deserialize_bytes(vm, vector, position));
|
|
return TRY_OR_THROW_OOM(vm, String::from_utf8(StringView { bytes }));
|
|
}
|
|
|
|
WebIDL::ExceptionOr<GC::Ref<JS::PrimitiveString>> deserialize_string_primitive(JS::VM& vm, ReadonlySpan<u32> vector, size_t& position)
|
|
{
|
|
auto bytes = TRY(deserialize_bytes(vm, vector, position));
|
|
|
|
return TRY(Bindings::throw_dom_exception_if_needed(vm, [&vm, &bytes]() {
|
|
return JS::PrimitiveString::create(vm, StringView { bytes });
|
|
}));
|
|
}
|
|
|
|
WebIDL::ExceptionOr<GC::Ref<JS::BigInt>> deserialize_big_int_primitive(JS::VM& vm, ReadonlySpan<u32> vector, size_t& position)
|
|
{
|
|
auto string = TRY(deserialize_string_primitive(vm, vector, position));
|
|
auto string_view = TRY(Bindings::throw_dom_exception_if_needed(vm, [&string]() {
|
|
return string->utf8_string_view();
|
|
}));
|
|
auto bigint = MUST(::Crypto::SignedBigInteger::from_base(10, string_view.substring_view(0, string_view.length() - 1)));
|
|
return JS::BigInt::create(vm, bigint);
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializewithtransfer
|
|
WebIDL::ExceptionOr<SerializedTransferRecord> structured_serialize_with_transfer(JS::VM& vm, JS::Value value, Vector<GC::Root<JS::Object>> const& transfer_list)
|
|
{
|
|
// 1. Let memory be an empty map.
|
|
SerializationMemory memory = {};
|
|
|
|
// 2. For each transferable of transferList:
|
|
for (auto const& transferable : transfer_list) {
|
|
auto is_array_buffer = is<JS::ArrayBuffer>(*transferable);
|
|
|
|
// 1. If transferable has neither an [[ArrayBufferData]] internal slot nor a [[Detached]] internal slot, then throw a "DataCloneError" DOMException.
|
|
// FIXME: Handle transferring objects with [[Detached]] internal slot.
|
|
if (!is_array_buffer && !is<Bindings::Transferable>(*transferable)) {
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Cannot transfer type"_string);
|
|
}
|
|
|
|
// 2. If transferable has an [[ArrayBufferData]] internal slot and IsSharedArrayBuffer(transferable) is true, then throw a "DataCloneError" DOMException.
|
|
if (is_array_buffer && dynamic_cast<JS::ArrayBuffer&>(*transferable).is_shared_array_buffer()) {
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Cannot transfer shared array buffer"_string);
|
|
}
|
|
|
|
// 3. If memory[transferable] exists, then throw a "DataCloneError" DOMException.
|
|
auto transferable_value = JS::Value(transferable);
|
|
if (memory.contains(transferable_value)) {
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Cannot transfer value twice"_string);
|
|
}
|
|
|
|
// 4. Set memory[transferable] to { [[Type]]: an uninitialized value }.
|
|
memory.set(GC::make_root(transferable_value), memory.size());
|
|
}
|
|
|
|
// 3. Let serialized be ? StructuredSerializeInternal(value, false, memory).
|
|
auto serialized = TRY(structured_serialize_internal(vm, value, false, memory));
|
|
|
|
// 4. Let transferDataHolders be a new empty List.
|
|
Vector<TransferDataHolder> transfer_data_holders;
|
|
transfer_data_holders.ensure_capacity(transfer_list.size());
|
|
|
|
// 5. For each transferable of transferList:
|
|
for (auto& transferable : transfer_list) {
|
|
auto array_buffer = as_if<JS::ArrayBuffer>(*transferable);
|
|
auto is_detached = array_buffer && array_buffer->is_detached();
|
|
|
|
// 1. If transferable has an [[ArrayBufferData]] internal slot and IsDetachedBuffer(transferable) is true, then throw a "DataCloneError" DOMException.
|
|
if (is_detached) {
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Cannot transfer detached buffer"_string);
|
|
}
|
|
|
|
// 2. If transferable has a [[Detached]] internal slot and transferable.[[Detached]] is true, then throw a "DataCloneError" DOMException.
|
|
if (auto* transferable_object = as_if<Bindings::Transferable>(*transferable)) {
|
|
if (transferable_object->is_detached()) {
|
|
return WebIDL::DataCloneError::create(*vm.current_realm(), "Value already transferred"_string);
|
|
}
|
|
}
|
|
|
|
// 3. Let dataHolder be memory[transferable].
|
|
// IMPLEMENTATION DEFINED: We just create a data holder here, our memory holds indices into the SerializationRecord
|
|
TransferDataHolder data_holder;
|
|
|
|
// 4. If transferable has an [[ArrayBufferData]] internal slot, then:
|
|
if (array_buffer) {
|
|
// 1. If transferable has an [[ArrayBufferMaxByteLength]] internal slot, then:
|
|
if (!array_buffer->is_fixed_length()) {
|
|
// 1. Set dataHolder.[[Type]] to "ResizableArrayBuffer".
|
|
// 2. Set dataHolder.[[ArrayBufferData]] to transferable.[[ArrayBufferData]].
|
|
// 3. Set dataHolder.[[ArrayBufferByteLength]] to transferable.[[ArrayBufferByteLength]].
|
|
// 4. Set dataHolder.[[ArrayBufferMaxByteLength]] to transferable.[[ArrayBufferMaxByteLength]].
|
|
serialize_enum<TransferType>(data_holder.data, TransferType::ResizableArrayBuffer);
|
|
MUST(serialize_bytes(vm, data_holder.data, array_buffer->buffer().bytes())); // serializes both byte length and bytes
|
|
serialize_primitive_type<size_t>(data_holder.data, array_buffer->max_byte_length());
|
|
}
|
|
|
|
// 2. Otherwise:
|
|
else {
|
|
// 1. Set dataHolder.[[Type]] to "ArrayBuffer".
|
|
// 2. Set dataHolder.[[ArrayBufferData]] to transferable.[[ArrayBufferData]].
|
|
// 3. Set dataHolder.[[ArrayBufferByteLength]] to transferable.[[ArrayBufferByteLength]].
|
|
serialize_enum<TransferType>(data_holder.data, TransferType::ArrayBuffer);
|
|
MUST(serialize_bytes(vm, data_holder.data, array_buffer->buffer().bytes())); // serializes both byte length and bytes
|
|
}
|
|
|
|
// 3. Perform ? DetachArrayBuffer(transferable).
|
|
// NOTE: Specifications can use the [[ArrayBufferDetachKey]] internal slot to prevent ArrayBuffers from being detached. This is used in WebAssembly JavaScript Interface, for example. See: https://html.spec.whatwg.org/multipage/references.html#refsWASMJS
|
|
TRY(JS::detach_array_buffer(vm, *array_buffer));
|
|
}
|
|
|
|
// 5. Otherwise:
|
|
else {
|
|
// 1. Assert: transferable is a platform object that is a transferable object.
|
|
auto& transferable_object = dynamic_cast<Bindings::Transferable&>(*transferable);
|
|
VERIFY(is<Bindings::PlatformObject>(*transferable));
|
|
|
|
// 2. Let interfaceName be the identifier of the primary interface of transferable.
|
|
auto interface_name = transferable_object.primary_interface();
|
|
|
|
// 3. Set dataHolder.[[Type]] to interfaceName.
|
|
serialize_enum<TransferType>(data_holder.data, interface_name);
|
|
|
|
// 4. Perform the appropriate transfer steps for the interface identified by interfaceName, given transferable and dataHolder.
|
|
TRY(transferable_object.transfer_steps(data_holder));
|
|
|
|
// 5. Set transferable.[[Detached]] to true.
|
|
transferable_object.set_detached(true);
|
|
}
|
|
|
|
// 6. Append dataHolder to transferDataHolders.
|
|
transfer_data_holders.append(move(data_holder));
|
|
}
|
|
|
|
// 6. Return { [[Serialized]]: serialized, [[TransferDataHolders]]: transferDataHolders }.
|
|
return SerializedTransferRecord { .serialized = move(serialized), .transfer_data_holders = move(transfer_data_holders) };
|
|
}
|
|
|
|
static bool is_transferable_interface_exposed_on_target_realm(TransferType name, JS::Realm& realm)
|
|
{
|
|
auto const& intrinsics = Bindings::host_defined_intrinsics(realm);
|
|
switch (name) {
|
|
case TransferType::MessagePort:
|
|
return intrinsics.is_interface_exposed<Bindings::MessagePortPrototype>(realm);
|
|
case TransferType::ReadableStream:
|
|
return intrinsics.is_interface_exposed<Bindings::ReadableStreamPrototype>(realm);
|
|
case TransferType::WritableStream:
|
|
return intrinsics.is_interface_exposed<Bindings::WritableStreamPrototype>(realm);
|
|
case TransferType::TransformStream:
|
|
return intrinsics.is_interface_exposed<Bindings::TransformStreamPrototype>(realm);
|
|
case TransferType::Unknown:
|
|
dbgln("Unknown interface type for transfer: {}", to_underlying(name));
|
|
break;
|
|
default:
|
|
VERIFY_NOT_REACHED();
|
|
}
|
|
return false;
|
|
}
|
|
|
|
static WebIDL::ExceptionOr<GC::Ref<Bindings::PlatformObject>> create_transferred_value(TransferType name, JS::Realm& target_realm, TransferDataHolder& transfer_data_holder)
|
|
{
|
|
switch (name) {
|
|
case TransferType::MessagePort: {
|
|
auto message_port = HTML::MessagePort::create(target_realm);
|
|
TRY(message_port->transfer_receiving_steps(transfer_data_holder));
|
|
return message_port;
|
|
}
|
|
case TransferType::ReadableStream: {
|
|
auto readable_stream = target_realm.create<Streams::ReadableStream>(target_realm);
|
|
TRY(readable_stream->transfer_receiving_steps(transfer_data_holder));
|
|
return readable_stream;
|
|
}
|
|
case TransferType::WritableStream: {
|
|
auto writable_stream = target_realm.create<Streams::WritableStream>(target_realm);
|
|
TRY(writable_stream->transfer_receiving_steps(transfer_data_holder));
|
|
return writable_stream;
|
|
}
|
|
case TransferType::TransformStream: {
|
|
auto transform_stream = target_realm.create<Streams::TransformStream>(target_realm);
|
|
TRY(transform_stream->transfer_receiving_steps(transfer_data_holder));
|
|
return transform_stream;
|
|
}
|
|
case TransferType::ArrayBuffer:
|
|
case TransferType::ResizableArrayBuffer:
|
|
dbgln("ArrayBuffer ({}) is not a platform object.", to_underlying(name));
|
|
break;
|
|
case TransferType::Unknown:
|
|
break;
|
|
}
|
|
VERIFY_NOT_REACHED();
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structureddeserializewithtransfer
|
|
WebIDL::ExceptionOr<DeserializedTransferRecord> structured_deserialize_with_transfer(SerializedTransferRecord& serialize_with_transfer_result, JS::Realm& target_realm)
|
|
{
|
|
auto& vm = target_realm.vm();
|
|
|
|
// 1. Let memory be an empty map.
|
|
auto memory = DeserializationMemory(vm.heap());
|
|
|
|
// 2. Let transferredValues be a new empty List.
|
|
Vector<GC::Root<JS::Object>> transferred_values;
|
|
|
|
// 3. For each transferDataHolder of serializeWithTransferResult.[[TransferDataHolders]]:
|
|
for (auto& transfer_data_holder : serialize_with_transfer_result.transfer_data_holders) {
|
|
if (transfer_data_holder.data.is_empty())
|
|
continue;
|
|
|
|
// 1. Let value be an uninitialized value.
|
|
JS::Value value;
|
|
|
|
size_t data_holder_position = 0;
|
|
auto type = deserialize_primitive_type<TransferType>(transfer_data_holder.data.span(), data_holder_position);
|
|
|
|
// 2. If transferDataHolder.[[Type]] is "ArrayBuffer", then set value to a new ArrayBuffer object in targetRealm
|
|
// whose [[ArrayBufferData]] internal slot value is transferDataHolder.[[ArrayBufferData]], and
|
|
// whose [[ArrayBufferByteLength]] internal slot value is transferDataHolder.[[ArrayBufferByteLength]].
|
|
// NOTE: In cases where the original memory occupied by [[ArrayBufferData]] is accessible during the deserialization,
|
|
// this step is unlikely to throw an exception, as no new memory needs to be allocated: the memory occupied by
|
|
// [[ArrayBufferData]] is instead just getting transferred into the new ArrayBuffer. This could be true, for example,
|
|
// when both the source and target realms are in the same process.
|
|
if (type == TransferType::ArrayBuffer) {
|
|
auto bytes = TRY(deserialize_bytes(vm, transfer_data_holder.data, data_holder_position));
|
|
JS::ArrayBuffer* data = TRY(JS::allocate_array_buffer(vm, target_realm.intrinsics().array_buffer_constructor(), bytes.size()));
|
|
bytes.span().copy_to(data->buffer().span());
|
|
value = JS::Value(data);
|
|
}
|
|
|
|
// 3. Otherwise, if transferDataHolder.[[Type]] is "ResizableArrayBuffer", then set value to a new ArrayBuffer object
|
|
// in targetRealm whose [[ArrayBufferData]] internal slot value is transferDataHolder.[[ArrayBufferData]], whose
|
|
// [[ArrayBufferByteLength]] internal slot value is transferDataHolder.[[ArrayBufferByteLength]], and whose
|
|
// [[ArrayBufferMaxByteLength]] internal slot value is transferDataHolder.[[ArrayBufferMaxByteLength]].
|
|
// NOTE: For the same reason as the previous step, this step is also unlikely to throw an exception.
|
|
else if (type == TransferType::ResizableArrayBuffer) {
|
|
auto bytes = TRY(deserialize_bytes(vm, transfer_data_holder.data, data_holder_position));
|
|
auto max_byte_length = deserialize_primitive_type<size_t>(transfer_data_holder.data, data_holder_position);
|
|
JS::ArrayBuffer* data = TRY(JS::allocate_array_buffer(vm, target_realm.intrinsics().array_buffer_constructor(), bytes.size()));
|
|
data->set_max_byte_length(max_byte_length);
|
|
bytes.span().copy_to(data->buffer().span());
|
|
value = JS::Value(data);
|
|
}
|
|
|
|
// 4. Otherwise:
|
|
else {
|
|
// 1. Let interfaceName be transferDataHolder.[[Type]].
|
|
// 2. If the interface identified by interfaceName is not exposed in targetRealm, then throw a "DataCloneError" DOMException.
|
|
if (!is_transferable_interface_exposed_on_target_realm(type, target_realm))
|
|
return WebIDL::DataCloneError::create(target_realm, "Unknown type transferred"_string);
|
|
|
|
// 3. Set value to a new instance of the interface identified by interfaceName, created in targetRealm.
|
|
// 4. Perform the appropriate transfer-receiving steps for the interface identified by interfaceName given transferDataHolder and value.
|
|
transfer_data_holder.data.remove(0, data_holder_position);
|
|
value = TRY(create_transferred_value(type, target_realm, transfer_data_holder));
|
|
}
|
|
|
|
// 5. Set memory[transferDataHolder] to value.
|
|
memory.append(value);
|
|
|
|
// 6. Append value to transferredValues.
|
|
transferred_values.append(GC::make_root(value.as_object()));
|
|
}
|
|
|
|
// 4. Let deserialized be ? StructuredDeserialize(serializeWithTransferResult.[[Serialized]], targetRealm, memory).
|
|
auto deserialized = TRY(structured_deserialize(vm, serialize_with_transfer_result.serialized, target_realm, memory));
|
|
|
|
// 5. Return { [[Deserialized]]: deserialized, [[TransferredValues]]: transferredValues }.
|
|
return DeserializedTransferRecord { .deserialized = move(deserialized), .transferred_values = move(transferred_values) };
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structuredserialize
|
|
WebIDL::ExceptionOr<SerializationRecord> structured_serialize(JS::VM& vm, JS::Value value)
|
|
{
|
|
// 1. Return ? StructuredSerializeInternal(value, false).
|
|
SerializationMemory memory = {};
|
|
return structured_serialize_internal(vm, value, false, memory);
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializeforstorage
|
|
WebIDL::ExceptionOr<SerializationRecord> structured_serialize_for_storage(JS::VM& vm, JS::Value value)
|
|
{
|
|
// 1. Return ? StructuredSerializeInternal(value, true).
|
|
SerializationMemory memory = {};
|
|
return structured_serialize_internal(vm, value, true, memory);
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structuredserializeinternal
|
|
WebIDL::ExceptionOr<SerializationRecord> structured_serialize_internal(JS::VM& vm, JS::Value value, bool for_storage, SerializationMemory& memory)
|
|
{
|
|
// 1. If memory was not supplied, let memory be an empty map.
|
|
// IMPLEMENTATION DEFINED: We move this requirement up to the callers to make recursion easier
|
|
|
|
Serializer serializer(vm, memory, for_storage);
|
|
return serializer.serialize(value);
|
|
}
|
|
|
|
// https://html.spec.whatwg.org/multipage/structured-data.html#structureddeserialize
|
|
WebIDL::ExceptionOr<JS::Value> structured_deserialize(JS::VM& vm, SerializationRecord const& serialized, JS::Realm& target_realm, Optional<DeserializationMemory> memory)
|
|
{
|
|
if (!memory.has_value())
|
|
memory = DeserializationMemory { vm.heap() };
|
|
|
|
// IMPLEMENTATION DEFINED: We need to make sure there's an execution context for target_realm on the stack before constructing these JS objects
|
|
prepare_to_run_script(target_realm);
|
|
|
|
auto result = TRY(structured_deserialize_internal(vm, serialized.span(), target_realm, *memory));
|
|
|
|
clean_up_after_running_script(target_realm);
|
|
VERIFY(result.value.has_value());
|
|
return *result.value;
|
|
}
|
|
|
|
WebIDL::ExceptionOr<DeserializedRecord> structured_deserialize_internal(JS::VM& vm, ReadonlySpan<u32> const& serialized, JS::Realm& target_realm, DeserializationMemory& memory, Optional<size_t> position)
|
|
{
|
|
Deserializer deserializer(vm, target_realm, serialized, memory, move(position));
|
|
auto value = TRY(deserializer.deserialize());
|
|
auto deserialized_record = DeserializedRecord {
|
|
.value = value,
|
|
.position = deserializer.position(),
|
|
};
|
|
return deserialized_record;
|
|
}
|
|
|
|
}
|
|
|
|
namespace IPC {
|
|
|
|
template<>
|
|
ErrorOr<void> encode(Encoder& encoder, ::Web::HTML::TransferDataHolder const& data_holder)
|
|
{
|
|
TRY(encoder.encode(data_holder.data));
|
|
TRY(encoder.encode(data_holder.fds));
|
|
return {};
|
|
}
|
|
|
|
template<>
|
|
ErrorOr<void> encode(Encoder& encoder, ::Web::HTML::SerializedTransferRecord const& record)
|
|
{
|
|
TRY(encoder.encode(record.serialized));
|
|
TRY(encoder.encode(record.transfer_data_holders));
|
|
return {};
|
|
}
|
|
|
|
template<>
|
|
ErrorOr<::Web::HTML::TransferDataHolder> decode(Decoder& decoder)
|
|
{
|
|
auto data = TRY(decoder.decode<Vector<u32>>());
|
|
auto fds = TRY(decoder.decode<Vector<IPC::File>>());
|
|
return ::Web::HTML::TransferDataHolder { move(data), move(fds) };
|
|
}
|
|
|
|
template<>
|
|
ErrorOr<::Web::HTML::SerializedTransferRecord> decode(Decoder& decoder)
|
|
{
|
|
auto serialized = TRY(decoder.decode<Vector<u32>>());
|
|
auto transfer_data_holders = TRY(decoder.decode<Vector<::Web::HTML::TransferDataHolder>>());
|
|
return ::Web::HTML::SerializedTransferRecord { move(serialized), move(transfer_data_holders) };
|
|
}
|
|
|
|
}
|