SoftwareType
diff --git a/‎dom/base/StructuredCloneHolder.cpp
Lines changed: 196 additions & 10 deletions b/‎dom/base/StructuredCloneHolder.cpp
Lines changed: 196 additions & 10 deletions
diff --git a/‎dom/base/StructuredCloneHolder.h
Lines changed: 2 additions & 0 deletions b/‎dom/base/StructuredCloneHolder.h
Lines changed: 2 additions & 0 deletions
diff --git a/‎dom/base/StructuredCloneTags.h
Lines changed: 6 additions & 0 deletions b/‎dom/base/StructuredCloneTags.h
Lines changed: 6 additions & 0 deletions
diff --git a/‎dom/events/Event.h
Lines changed: 4 additions & 0 deletions b/‎dom/events/Event.h
Lines changed: 4 additions & 0 deletions
diff --git a/‎dom/events/MessageEvent.h
Lines changed: 4 additions & 2 deletions b/‎dom/events/MessageEvent.h
Lines changed: 4 additions & 2 deletions
diff --git a/‎dom/streams/ReadableByteStreamController.cpp
Lines changed: 0 additions & 1 deletion b/‎dom/streams/ReadableByteStreamController.cpp
Lines changed: 0 additions & 1 deletion
diff --git a/‎dom/streams/ReadableStream.h
Lines changed: 11 additions & 0 deletions b/‎dom/streams/ReadableStream.h
Lines changed: 11 additions & 0 deletions
diff --git a/‎dom/streams/ReadableStreamDefaultController.cpp
Lines changed: 2 additions & 2 deletions b/‎dom/streams/ReadableStreamDefaultController.cpp
Lines changed: 2 additions & 2 deletions
diff --git a/‎dom/streams/ReadableStreamTee.cpp
Lines changed: 0 additions & 1 deletion b/‎dom/streams/ReadableStreamTee.cpp
Lines changed: 0 additions & 1 deletion
@@ -46,12 +46,18 @@
 #include "mozilla/dom/MessagePortBinding.h"
 #include "mozilla/dom/OffscreenCanvas.h"
 #include "mozilla/dom/OffscreenCanvasBinding.h"
+#include "mozilla/dom/ReadableStream.h"
+#include "mozilla/dom/ReadableStreamBinding.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/StructuredCloneBlob.h"
 #include "mozilla/dom/StructuredCloneHolderBinding.h"
 #include "mozilla/dom/StructuredCloneTags.h"
 #include "mozilla/dom/ToJSValue.h"
+#include "mozilla/dom/TransformStream.h"
+#include "mozilla/dom/TransformStreamBinding.h"
 #include "mozilla/dom/WebIDLSerializable.h"
+#include "mozilla/dom/WritableStream.h"
+#include "mozilla/dom/WritableStreamBinding.h"
 #include "mozilla/dom/WorkerCommon.h"
 #include "mozilla/dom/WorkerPrivate.h"
 #include "mozilla/fallible.h"
@@ -1115,7 +1121,26 @@ bool StructuredCloneHolder::CustomWriteHandler(
   return WriteFullySerializableObjects(aCx, aWriter, aObj);
 }
 
-bool StructuredCloneHolder::CustomReadTransferHandler(
+already_AddRefed<MessagePort> StructuredCloneHolder::ReceiveMessagePort(
+    uint64_t aIndex) {
+  if (NS_WARN_IF(aIndex >= mPortIdentifiers.Length())) {
+    return nullptr;
+  }
+  UniqueMessagePortId portId(mPortIdentifiers[aIndex]);
+
+  ErrorResult rv;
+  RefPtr<MessagePort> port = MessagePort::Create(mGlobal, portId, rv);
+  if (NS_WARN_IF(rv.Failed())) {
+    rv.SuppressException();
+    return nullptr;
+  }
+
+  return port.forget();
+}
+
+// TODO: Convert this to MOZ_CAN_RUN_SCRIPT (bug 1415230)
+MOZ_CAN_RUN_SCRIPT_BOUNDARY bool
+StructuredCloneHolder::CustomReadTransferHandler(
     JSContext* aCx, JSStructuredCloneReader* aReader, uint32_t aTag,
     void* aContent, uint64_t aExtraData,
     JS::MutableHandleObject aReturnObject) {
@@ -1127,16 +1152,10 @@ bool StructuredCloneHolder::CustomReadTransferHandler(
       return false;
     }
 #endif
-    MOZ_ASSERT(aExtraData < mPortIdentifiers.Length());
-    UniqueMessagePortId portIdentifier(mPortIdentifiers[aExtraData]);
-
-    ErrorResult rv;
-    RefPtr<MessagePort> port = MessagePort::Create(mGlobal, portIdentifier, rv);
-    if (NS_WARN_IF(rv.Failed())) {
-      rv.SuppressException();
+    RefPtr<MessagePort> port = ReceiveMessagePort(aExtraData);
+    if (!port) {
       return false;
     }
-
     mTransferredPorts.AppendElement(port);
 
     JS::Rooted<JS::Value> value(aCx);
@@ -1186,10 +1205,56 @@ bool StructuredCloneHolder::CustomReadTransferHandler(
     return true;
   }
 
+  if (aTag == SCTAG_DOM_READABLESTREAM) {
+#ifdef FUZZING
+    if (aExtraData >= mPortIdentifiers.Length()) {
+      return false;
+    }
+#endif
+    RefPtr<MessagePort> port = ReceiveMessagePort(aExtraData);
+    if (!port) {
+      return false;
+    }
+    nsCOMPtr<nsIGlobalObject> global = mGlobal;
+    return ReadableStream::ReceiveTransfer(aCx, global, *port, aReturnObject);
+  }
+
+  if (aTag == SCTAG_DOM_WRITABLESTREAM) {
+#ifdef FUZZING
+    if (aExtraData >= mPortIdentifiers.Length()) {
+      return false;
+    }
+#endif
+    RefPtr<MessagePort> port = ReceiveMessagePort(aExtraData);
+    if (!port) {
+      return false;
+    }
+    nsCOMPtr<nsIGlobalObject> global = mGlobal;
+    return WritableStream::ReceiveTransfer(aCx, global, *port, aReturnObject);
+  }
+
+  if (aTag == SCTAG_DOM_TRANSFORMSTREAM) {
+#ifdef FUZZING
+    if (aExtraData + 1 >= mPortIdentifiers.Length()) {
+      return false;
+    }
+#endif
+    RefPtr<MessagePort> port1 = ReceiveMessagePort(aExtraData);
+    RefPtr<MessagePort> port2 = ReceiveMessagePort(aExtraData + 1);
+    if (!port1 || !port2) {
+      return false;
+    }
+    nsCOMPtr<nsIGlobalObject> global = mGlobal;
+    return TransformStream::ReceiveTransfer(aCx, global, *port1, *port2,
+                                            aReturnObject);
+  }
+
   return false;
 }
 
-bool StructuredCloneHolder::CustomWriteTransferHandler(
+// TODO: Convert this to MOZ_CAN_RUN_SCRIPT (bug 1415230)
+MOZ_CAN_RUN_SCRIPT_BOUNDARY bool
+StructuredCloneHolder::CustomWriteTransferHandler(
     JSContext* aCx, JS::Handle<JSObject*> aObj, uint32_t* aTag,
     JS::TransferableOwnership* aOwnership, void** aContent,
     uint64_t* aExtraData) {
@@ -1263,6 +1328,68 @@ bool StructuredCloneHolder::CustomWriteTransferHandler(
         return true;
       }
     }
+
+    {
+      RefPtr<ReadableStream> stream;
+      rv = UNWRAP_OBJECT(ReadableStream, &obj, stream);
+      if (NS_SUCCEEDED(rv)) {
+        MOZ_ASSERT(stream);
+
+        *aTag = SCTAG_DOM_READABLESTREAM;
+        *aOwnership = JS::SCTAG_TMO_CUSTOM;
+        *aContent = nullptr;
+
+        UniqueMessagePortId id;
+        if (!stream->Transfer(aCx, id)) {
+          return false;
+        }
+        *aExtraData = mPortIdentifiers.Length();
+        mPortIdentifiers.AppendElement(id.release());
+        return true;
+      }
+    }
+
+    {
+      RefPtr<WritableStream> stream;
+      rv = UNWRAP_OBJECT(WritableStream, &obj, stream);
+      if (NS_SUCCEEDED(rv)) {
+        MOZ_ASSERT(stream);
+
+        *aTag = SCTAG_DOM_WRITABLESTREAM;
+        *aOwnership = JS::SCTAG_TMO_CUSTOM;
+        *aContent = nullptr;
+
+        UniqueMessagePortId id;
+        if (!stream->Transfer(aCx, id)) {
+          return false;
+        }
+        *aExtraData = mPortIdentifiers.Length();
+        mPortIdentifiers.AppendElement(id.release());
+        return true;
+      }
+    }
+
+    {
+      RefPtr<TransformStream> stream;
+      rv = UNWRAP_OBJECT(TransformStream, &obj, stream);
+      if (NS_SUCCEEDED(rv)) {
+        MOZ_ASSERT(stream);
+
+        *aTag = SCTAG_DOM_TRANSFORMSTREAM;
+        *aOwnership = JS::SCTAG_TMO_CUSTOM;
+        *aContent = nullptr;
+
+        UniqueMessagePortId id1;
+        UniqueMessagePortId id2;
+        if (!stream->Transfer(aCx, id1, id2)) {
+          return false;
+        }
+        *aExtraData = mPortIdentifiers.Length();
+        mPortIdentifiers.AppendElement(id1.release());
+        mPortIdentifiers.AppendElement(id2.release());
+        return true;
+      }
+    }
   }
 
   return false;
@@ -1301,6 +1428,31 @@ void StructuredCloneHolder::CustomFreeTransferHandler(
     delete data;
     return;
   }
+
+  if (aTag == SCTAG_DOM_READABLESTREAM || aTag == SCTAG_DOM_WRITABLESTREAM) {
+    MOZ_ASSERT(!aContent);
+#ifdef FUZZING
+    if (aExtraData >= mPortIdentifiers.Length()) {
+      return;
+    }
+#endif
+    MOZ_ASSERT(aExtraData < mPortIdentifiers.Length());
+    MessagePort::ForceClose(mPortIdentifiers[aExtraData]);
+    return;
+  }
+
+  if (aTag == SCTAG_DOM_TRANSFORMSTREAM) {
+    MOZ_ASSERT(!aContent);
+#ifdef FUZZING
+    if (aExtraData + 1 >= mPortIdentifiers.Length()) {
+      return;
+    }
+#endif
+    MOZ_ASSERT(aExtraData + 1 < mPortIdentifiers.Length());
+    MessagePort::ForceClose(mPortIdentifiers[aExtraData]);
+    MessagePort::ForceClose(mPortIdentifiers[aExtraData + 1]);
+    return;
+  }
 }
 
 bool StructuredCloneHolder::CustomCanTransferHandler(
@@ -1342,6 +1494,40 @@ bool StructuredCloneHolder::CustomCanTransferHandler(
     }
   }
 
+  {
+    ReadableStream* stream = nullptr;
+    nsresult rv = UNWRAP_OBJECT(ReadableStream, &obj, stream);
+    if (NS_SUCCEEDED(rv)) {
+      // https://streams.spec.whatwg.org/#ref-for-transfer-steps
+      // Step 1: If ! IsReadableStreamLocked(value) is true, throw a
+      // "DataCloneError" DOMException.
+      return !IsReadableStreamLocked(stream);
+    }
+  }
+
+  {
+    WritableStream* stream = nullptr;
+    nsresult rv = UNWRAP_OBJECT(WritableStream, &obj, stream);
+    if (NS_SUCCEEDED(rv)) {
+      // https://streams.spec.whatwg.org/#ref-for-transfer-steps①
+      // Step 1: If ! IsWritableStreamLocked(value) is true, throw a
+      // "DataCloneError" DOMException.
+      return !IsWritableStreamLocked(stream);
+    }
+  }
+
+  {
+    TransformStream* stream = nullptr;
+    nsresult rv = UNWRAP_OBJECT(TransformStream, &obj, stream);
+    if (NS_SUCCEEDED(rv)) {
+      // https://streams.spec.whatwg.org/#ref-for-transfer-steps②
+      // Step 3 + 4: If ! Is{Readable,Writable}StreamLocked(value) is true,
+      // throw a "DataCloneError" DOMException.
+      return !IsReadableStreamLocked(stream->Readable()) &&
+             !IsWritableStreamLocked(stream->Writable());
+    }
+  }
+
   return false;
 }
 
 
@@ -335,6 +335,8 @@ class StructuredCloneHolder : public StructuredCloneHolderBase {
 
   void SameProcessScopeRequired(bool* aSameProcessScopeRequired);
 
+  already_AddRefed<MessagePort> ReceiveMessagePort(uint64_t aIndex);
+
   bool mSupportsCloning;
   bool mSupportsTransferring;
 
 
@@ -140,6 +140,12 @@ enum StructuredCloneTags : uint32_t {
 
   SCTAG_DOM_CLONED_ERROR_OBJECT,
 
+  SCTAG_DOM_READABLESTREAM,
+
+  SCTAG_DOM_WRITABLESTREAM,
+
+  SCTAG_DOM_TRANSFORMSTREAM,
+
   // IMPORTANT: If you plan to add an new IDB tag, it _must_ be add before the
   // "less stable" tags!
 };
 
@@ -51,6 +51,7 @@ class EventMessageAutoOverride;
 class ExtendableEvent;
 class KeyboardEvent;
 class MouseEvent;
+class MessageEvent;
 class TimeEvent;
 class UIEvent;
 class WantsPopupControlCheck;
@@ -127,6 +128,9 @@ class Event : public nsISupports, public nsWrapperCache {
   // CustomEvent has a non-autogeneratable initCustomEvent.
   virtual CustomEvent* AsCustomEvent() { return nullptr; }
 
+  // MessageEvent has a non-autogeneratable initMessageEvent and more.
+  virtual MessageEvent* AsMessageEvent() { return nullptr; }
+
   void InitEvent(const nsAString& aEventTypeArg, bool aCanBubble,
                  bool aCancelable) {
     InitEvent(aEventTypeArg, aCanBubble ? CanBubble::eYes : CanBubble::eNo,
 
@@ -43,8 +43,10 @@ class MessageEvent final : public Event {
   NS_DECL_ISUPPORTS_INHERITED
   NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS_INHERITED(MessageEvent, Event)
 
-  virtual JSObject* WrapObjectInternal(
-      JSContext* aCx, JS::Handle<JSObject*> aGivenProto) override;
+  JSObject* WrapObjectInternal(JSContext* aCx,
+                               JS::Handle<JSObject*> aGivenProto) override;
+
+  MessageEvent* AsMessageEvent() override { return this; }
 
   void GetData(JSContext* aCx, JS::MutableHandle<JS::Value> aData,
                ErrorResult& aRv);
 
@@ -19,7 +19,6 @@
 #include "mozilla/dom/ByteStreamHelpers.h"
 #include "mozilla/dom/Promise.h"
 #include "mozilla/dom/Promise-inl.h"
-#include "mozilla/dom/PromiseNativeHandler.h"
 #include "mozilla/dom/ReadableByteStreamController.h"
 #include "mozilla/dom/ReadableByteStreamControllerBinding.h"
 #include "mozilla/dom/ReadIntoRequest.h"
 
@@ -37,6 +37,8 @@ using OwningReadableStreamReader =
     OwningReadableStreamDefaultReaderOrReadableStreamBYOBReader;
 class NativeUnderlyingSource;
 class BodyStreamHolder;
+class UniqueMessagePortId;
+class MessagePort;
 
 class ReadableStream final : public nsISupports, public nsWrapperCache {
  public:
@@ -95,6 +97,15 @@ class ReadableStream final : public nsISupports, public nsWrapperCache {
 
   void ReleaseObjects();
 
+  // [Transferable]
+  // https://html.spec.whatwg.org/multipage/structured-data.html#transfer-steps
+  MOZ_CAN_RUN_SCRIPT bool Transfer(JSContext* aCx,
+                                   UniqueMessagePortId& aPortId);
+  // https://html.spec.whatwg.org/multipage/structured-data.html#transfer-receiving-steps
+  static MOZ_CAN_RUN_SCRIPT bool ReceiveTransfer(
+      JSContext* aCx, nsIGlobalObject* aGlobal, MessagePort& aPort,
+      JS::MutableHandle<JSObject*> aReturnObject);
+
  public:
   nsIGlobalObject* GetParentObject() const { return mGlobal; }
 
 
@@ -12,7 +12,6 @@
 #include "mozilla/HoldDropJSObjects.h"
 #include "mozilla/dom/Promise.h"
 #include "mozilla/dom/Promise-inl.h"
-#include "mozilla/dom/PromiseNativeHandler.h"
 #include "mozilla/dom/ReadableStream.h"
 #include "mozilla/dom/ReadableStreamController.h"
 #include "mozilla/dom/ReadableStreamDefaultController.h"
@@ -503,7 +502,8 @@ void SetUpReadableStreamDefaultController(
   }
 
   // Step 10.
-  RefPtr<Promise> startPromise = Promise::Create(GetIncumbentGlobal(), aRv);
+  RefPtr<Promise> startPromise =
+      Promise::Create(aStream->GetParentObject(), aRv);
   if (aRv.Failed()) {
     return;
   }
 
@@ -8,7 +8,6 @@
 #include "js/TypeDecls.h"
 #include "js/experimental/TypedData.h"
 #include "mozilla/dom/ByteStreamHelpers.h"
-#include "mozilla/dom/PromiseNativeHandler.h"
 #include "mozilla/dom/Promise-inl.h"
 #include "mozilla/dom/ReadIntoRequest.h"
 #include "mozilla/dom/ReadableStream.h"