Bug 1905239 - Introduce HostGetCodeForEval hook for PerformEval. r=ts…

…chuster

See https://tc39.es/proposal-dynamic-code-brand-checks

Differential Revision: https://phabricator.services.mozilla.com/D229477

UltraBlame original commit: b575160525c1fe6d5beab39f995e88ba83df06a3

caps/nsScriptSecurityManager.cpp

@@ -6987,6 +6987,7 @@ securityCallbacks
 =
 {
 ContentSecurityPolicyPermitsJSAction
+nullptr
 JSPrincipalsSubsume
 }
 ;

js/public/Principals.h

@@ -244,12 +244,41 @@ HandleString
 code
 )
 ;
+typedef
+bool
+(
+*
+JSCodeForEvalOp
+)
+(
+JSContext
+*
+cx
+JS
+:
+:
+HandleObject
+code
+JS
+:
+:
+MutableHandle
+<
+JSString
+*
+>
+outCode
+)
+;
 struct
 JSSecurityCallbacks
 {
 JSCSPEvalChecker
 contentSecurityPolicyAllows
 ;
+JSCodeForEvalOp
+codeForEvalGets
+;
 JSSubsumesOp
 subsumes
 ;

js/src/builtin/Eval.cpp

@@ -1312,34 +1312,48 @@ cx
 env
 )
 ;
+RootedString
+str
+(
+cx
+)
+;
 if
 (
-!
 v
 .
 isString
 (
 )
 )
 {
-vp
+str
+=
+v
 .
-set
+toString
 (
-v
 )
 ;
-return
-true
-;
 }
-RootedString
-str
+else
+if
+(
+v
+.
+isObject
+(
+)
+)
+{
+RootedObject
+obj
 (
 cx
+&
 v
 .
-toString
+toObject
 (
 )
 )
@@ -1350,6 +1364,42 @@ if
 cx
 -
 >
+getCodeForEval
+(
+obj
+&
+str
+)
+)
+{
+return
+false
+;
+}
+}
+if
+(
+!
+str
+)
+{
+vp
+.
+set
+(
+v
+)
+;
+return
+true
+;
+}
+if
+(
+!
+cx
+-
+>
 isRuntimeCodeGenEnabled
 (
 JS

js/src/jsapi-tests/moz.build

@@ -190,6 +190,11 @@ testDifferentNewTargetInvokeConstructor
 cpp
 "
 "
+testDynamicCodeBrandChecks
+.
+cpp
+"
+"
 testEmptyWindowIsOmitted
 .
 cpp