/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

const lazy = {};

ChromeUtils.defineESModuleGetters(lazy, {
  EveryWindow: "resource:///modules/EveryWindow.sys.mjs",
});

const NOTIFICATION_VALUE = "unexpected-script-notification";

export let UnexpectedScriptObserver = {
  // EveryWindow has a race condition in early startup where a callback may be called twice
  // for the same window. This WeakSet is used to track which windows have already been
  // handled to avoid showing the notification bar multiple times. See Bug 1982859
  _windowsHandled: new WeakSet(),

  _notificationHasBeenShown: false,

  async observe(aSubject, aTopic, aScriptName) {
    if (
      aTopic != "UnexpectedJavaScriptLoad-Live" &&
      aTopic != "UnexpectedJavaScriptLoad-ResetNotification" &&
      aTopic != "UnexpectedJavaScriptLoad-UserTookAction"
    ) {
      return;
    }

    if (aTopic == "UnexpectedJavaScriptLoad-ResetNotification") {
      this._notificationHasBeenShown = false;
      this._windowsHandled = new WeakSet();
      return;
    }

    if (aTopic == "UnexpectedJavaScriptLoad-UserTookAction") {
      lazy.EveryWindow.unregisterCallback("UnexpectedScriptLoadPanel");
      return;
    }

    if (
      Services.prefs.getBoolPref(
        "security.hide_parent_unrestricted_js_loads_warning.temporary",
        false
      )
    ) {
      return;
    }

    if (this._notificationHasBeenShown) {
      // There is already a notification bar, or we showed one in the past and we
      // won't show it again until browser restart
      return;
    }

    GleanPings.unexpectedScriptLoad.setEnabled(true);

    let scriptOrigin;
    try {
      let scriptUrl = new URL(aScriptName);
      scriptOrigin = scriptUrl.hostname;

      if (scriptUrl.protocol != "http:" && scriptUrl.protocol != "https:") {
        // For this dialog, we only care about loading scripts from web origins
        return;
      }
    } catch (e) {
      console.error("Invalid scriptName URL:", aScriptName);
      // For this dialog, we only care about loading scripts from web origins,
      // so if we couldn't parse it, just exit.
      return;
    }

    lazy.EveryWindow.registerCallback(
      "UnexpectedScriptLoadPanel",
      async window => {
        if (this._windowsHandled.has(window)) {
          return;
        }
        this._windowsHandled.add(window);

        let MozXULElement = window.MozXULElement;
        let document = window.document;

        MozXULElement.insertFTLIfNeeded("browser/unexpectedScript.ftl");
        let messageFragment = document.createDocumentFragment();
        let message = document.createElement("span");
        document.l10n.setAttributes(message, "unexpected-script-load-message", {
          origin: scriptOrigin,
        });
        messageFragment.appendChild(message);

        // ----------------------------------------------------------------
        let openWindow = action => {
          let args = {
            action,
            scriptName: aScriptName,
          };
          window.gDialogBox.open(
            "chrome://browser/content/security/unexpectedScriptLoad.xhtml",
            args
          );
        };

        // ----------------------------------------------------------------
        let buttons = [
          {
            supportPage: "unexpected-script-load",
            callback: () => {
              Glean.unexpectedScriptLoad.moreInfoOpened.record();
            },
          },
        ];
        buttons.push({
          "l10n-id": "unexpected-script-load-message-button-allow",
          callback: () => {
            openWindow("allow");
            return true;
          },
        });
        buttons.push({
          "l10n-id": "unexpected-script-load-message-button-block",
          callback: () => {
            openWindow("block");
            return true; // Do not close the dialog bar until the user has done so explcitly or taken an action
          },
        });

        let notificationBox = window.gNotificationBox;

        if (!notificationBox.getNotificationWithValue(NOTIFICATION_VALUE)) {
          await notificationBox.appendNotification(
            NOTIFICATION_VALUE,
            {
              label: messageFragment,
              priority: notificationBox.PRIORITY_WARNING_HIGH,
              eventCallback: event => {
                if (event == "dismissed") {
                  Glean.unexpectedScriptLoad.infobarDismissed.record();
                  GleanPings.unexpectedScriptLoad.submit();
                }
              },
            },
            buttons
          );
        }
      },
      // Unregister Callback:
      // This is needed to remove the notification bar from all the windows
      // once the user has taken action on one of them, and ensure any open
      // dialog box is also closed.
      async window => {
        window.gNotificationBox
          .getNotificationWithValue(NOTIFICATION_VALUE)
          ?.close();
        if (
          window.gDialogBox?.dialog?._openedURL ==
          "chrome://browser/content/security/unexpectedScriptLoad.xhtml"
        ) {
          window.gDialogBox.dialog.close();
        }
        GleanPings.unexpectedScriptLoad.submit();
      }
    );

    Glean.unexpectedScriptLoad.infobarShown.record();

    this._notificationHasBeenShown = true;
  },
};