Backed out 2 changesets (bug 1558394) for perma failures on iframe_sandbox_anchor_download_block_downloads.sub.tentative.html. CLOSED TREE

Backed out changeset 79046ff8143b (bug 1558394)
Backed out changeset e13ede3c68d4 (bug 1558394)

browser/base/content/browser.js

@@ -1506,7 +1506,7 @@ function _loadURI(browser, uri, params = {}) {
     params.loadFlags || params.flags || Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
   let hasValidUserGestureActivation =
     document.hasValidTransientUserGestureActivation;
-  let triggeringSandboxFlags = document.sandboxFlags;
+
   if (!triggeringPrincipal) {
     throw new Error("Must load with a triggering Principal");
   }
@@ -1548,7 +1548,6 @@ function _loadURI(browser, uri, params = {}) {
     referrerInfo,
     postData,
     hasValidUserGestureActivation,
-    triggeringSandboxFlags,
   };
   try {
     if (!mustChangeProcess) {

docshell/base/nsDocShell.cpp

@@ -3890,15 +3890,13 @@ nsresult nsDocShell::LoadErrorPage(nsIURI* aErrorURI, nsIURI* aFailedURI,
 
   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(aErrorURI);
   loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
-  if (mBrowsingContext) {
-    loadState->SetTriggeringSandboxFlags(mBrowsingContext->GetSandboxFlags());
-  }
   loadState->SetLoadType(LOAD_ERROR_PAGE);
   loadState->SetFirstParty(true);
   loadState->SetSourceBrowsingContext(mBrowsingContext);
   loadState->SetHasValidUserGestureActivation(
       mBrowsingContext &&
       mBrowsingContext->HasValidTransientUserGestureActivation());
+
   return InternalLoad(loadState, nullptr, nullptr);
 }
 
@@ -3951,7 +3949,6 @@ nsDocShell::Reload(uint32_t aReloadFlags) {
 
     nsIPrincipal* triggeringPrincipal = doc->NodePrincipal();
     nsCOMPtr<nsIContentSecurityPolicy> csp = doc->GetCsp();
-    uint32_t triggeringSandboxFlags = doc->GetSandboxFlags();
 
     nsAutoString contentTypeHint;
     doc->GetContentType(contentTypeHint);
@@ -3994,7 +3991,6 @@ nsDocShell::Reload(uint32_t aReloadFlags) {
     loadState->SetMaybeResultPrincipalURI(emplacedResultPrincipalURI);
     loadState->SetLoadReplace(loadReplace);
     loadState->SetTriggeringPrincipal(triggeringPrincipal);
-    loadState->SetTriggeringSandboxFlags(triggeringSandboxFlags);
     loadState->SetPrincipalToInherit(triggeringPrincipal);
     loadState->SetCsp(csp);
     loadState->SetLoadFlags(flags);
@@ -5028,7 +5024,6 @@ nsDocShell::ForceRefreshURI(nsIURI* aURI, nsIPrincipal* aPrincipal,
     loadState->SetCsp(doc->GetCsp());
     loadState->SetHasValidUserGestureActivation(
         doc->HasValidTransientUserGestureActivation());
-    loadState->SetTriggeringSandboxFlags(doc->GetSandboxFlags());
   }
 
   loadState->SetPrincipalIsExplicit(true);
@@ -8166,8 +8161,6 @@ nsresult nsDocShell::PerformRetargeting(nsDocShellLoadState* aLoadState,
       // LoadReplace will always be false due to asserts above, skip setting
       // it.
       loadState->SetTriggeringPrincipal(aLoadState->TriggeringPrincipal());
-      loadState->SetTriggeringSandboxFlags(
-          aLoadState->TriggeringSandboxFlags());
       loadState->SetCsp(aLoadState->Csp());
       loadState->SetInheritPrincipal(
           aLoadState->HasLoadFlags(INTERNAL_LOAD_FLAGS_INHERIT_PRINCIPAL));
@@ -9640,7 +9633,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
       aLoadState->HasLoadFlags(LOAD_FLAGS_FROM_EXTERNAL)) {
     loadInfo->SetHasValidUserGestureActivation(true);
   }
-  loadInfo->SetTriggeringSandboxFlags(aLoadState->TriggeringSandboxFlags());
 
   /* Get the cache Key from SH */
   uint32_t cacheKey = 0;
@@ -11891,11 +11883,6 @@ nsresult nsDocShell::OnLinkClickSync(
   nsCOMPtr<nsIPrincipal> triggeringPrincipal =
       aTriggeringPrincipal ? aTriggeringPrincipal : aContent->NodePrincipal();
 
-  uint32_t triggeringSandboxFlags = 0;
-  if (mBrowsingContext) {
-    triggeringSandboxFlags = mBrowsingContext->GetSandboxFlags();
-  }
-
   nsCOMPtr<nsIContentSecurityPolicy> csp = aCsp;
   if (!csp) {
     // Currently, if no csp is passed explicitly we fall back to querying the
@@ -11996,7 +11983,6 @@ nsresult nsDocShell::OnLinkClickSync(
   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(aURI);
   loadState->SetReferrerInfo(referrerInfo);
   loadState->SetTriggeringPrincipal(triggeringPrincipal);
-  loadState->SetTriggeringSandboxFlags(triggeringSandboxFlags);
   loadState->SetPrincipalToInherit(aContent->NodePrincipal());
   loadState->SetCsp(csp);
   loadState->SetLoadFlags(flags);

docshell/base/nsDocShellLoadState.cpp

@@ -79,7 +79,6 @@ already_AddRefed<nsIURIFixupInfo> GetFixupURIInfo(const nsACString& aStringURI,
 nsDocShellLoadState::nsDocShellLoadState(nsIURI* aURI)
     : mURI(aURI),
       mResultPrincipalURIIsSome(false),
-      mTriggeringSandboxFlags(0),
       mKeepResultPrincipalURIIfSet(false),
       mLoadReplace(false),
       mInheritPrincipal(false),
@@ -129,7 +128,6 @@ nsDocShellLoadState::nsDocShellLoadState(
   mTriggeringPrincipal = aLoadState.TriggeringPrincipal();
   mPrincipalToInherit = aLoadState.PrincipalToInherit();
   mStoragePrincipalToInherit = aLoadState.StoragePrincipalToInherit();
-  mTriggeringSandboxFlags = aLoadState.TriggeringSandboxFlags();
   mCsp = aLoadState.Csp();
   mOriginalURIString = aLoadState.OriginalURIString();
   mCancelContentJSEpoch = aLoadState.CancelContentJSEpoch();
@@ -351,7 +349,6 @@ nsresult nsDocShellLoadState::CreateFromLoadURIOptions(
   loadState->SetFirstParty(true);
   loadState->SetHasValidUserGestureActivation(
       aLoadURIOptions.mHasValidUserGestureActivation);
-  loadState->SetTriggeringSandboxFlags(aLoadURIOptions.mTriggeringSandboxFlags);
   loadState->SetPostDataStream(postData);
   loadState->SetHeadersStream(aLoadURIOptions.mHeaders);
   loadState->SetBaseURI(aLoadURIOptions.mBaseURI);
@@ -455,14 +452,6 @@ void nsDocShellLoadState::SetCsp(nsIContentSecurityPolicy* aCsp) {
 
 nsIContentSecurityPolicy* nsDocShellLoadState::Csp() const { return mCsp; }
 
-void nsDocShellLoadState::SetTriggeringSandboxFlags(uint32_t flags) {
-  mTriggeringSandboxFlags = flags;
-}
-
-uint32_t nsDocShellLoadState::TriggeringSandboxFlags() const {
-  return mTriggeringSandboxFlags;
-}
-
 bool nsDocShellLoadState::InheritPrincipal() const { return mInheritPrincipal; }
 
 void nsDocShellLoadState::SetInheritPrincipal(bool aInheritPrincipal) {
@@ -879,7 +868,6 @@ DocShellLoadStateInit nsDocShellLoadState::Serialize() {
   loadState.TriggeringPrincipal() = mTriggeringPrincipal;
   loadState.PrincipalToInherit() = mPrincipalToInherit;
   loadState.StoragePrincipalToInherit() = mStoragePrincipalToInherit;
-  loadState.TriggeringSandboxFlags() = mTriggeringSandboxFlags;
   loadState.Csp() = mCsp;
   loadState.OriginalURIString() = mOriginalURIString;
   loadState.CancelContentJSEpoch() = mCancelContentJSEpoch;

docshell/base/nsDocShellLoadState.h

@@ -95,10 +95,6 @@ class nsDocShellLoadState final {
 
   void SetTriggeringPrincipal(nsIPrincipal* aTriggeringPrincipal);
 
-  uint32_t TriggeringSandboxFlags() const;
-
-  void SetTriggeringSandboxFlags(uint32_t aTriggeringSandboxFlags);
-
   nsIContentSecurityPolicy* Csp() const;
 
   void SetCsp(nsIContentSecurityPolicy* aCsp);
@@ -285,11 +281,6 @@ class nsDocShellLoadState final {
   // SystemPrincipal as the triggeringPrincipal.
   nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
 
-  // The SandboxFlags of the load, that are, the SandboxFlags of the entity
-  // responsible for causing the load to occur. Most likely this are the
-  // SandboxFlags of the document that started the load.
-  uint32_t mTriggeringSandboxFlags;
-
   // The CSP of the load, that is, the CSP of the entity responsible for causing
   // the load to occur. Most likely this is the CSP of the document that started
   // the load. In case the entity starting the load did not use a CSP, then mCsp

dom/base/IframeSandboxKeywordList.h

@@ -26,4 +26,3 @@ SANDBOX_KEYWORD("allow-popups-to-escape-sandbox", allowpopupstoescapesandbox,
 SANDBOX_KEYWORD("allow-presentation", allowpresentation, SANDBOXED_PRESENTATION)
 SANDBOX_KEYWORD("allow-storage-access-by-user-activation",
                 allowstorageaccessbyuseractivatetion, SANDBOXED_STORAGE_ACCESS)
-SANDBOX_KEYWORD("allow-downloads", allowdownloads, SANDBOXED_ALLOW_DOWNLOADS)

dom/base/LocationBase.cpp

@@ -99,7 +99,6 @@ already_AddRefed<nsDocShellLoadState> LocationBase::CheckURL(
     principal->CreateReferrerInfo(referrerPolicy, getter_AddRefs(referrerInfo));
   }
   loadState->SetTriggeringPrincipal(triggeringPrincipal);
-  loadState->SetTriggeringSandboxFlags(doc->GetSandboxFlags());
   loadState->SetCsp(doc->GetCsp());
   if (referrerInfo) {
     loadState->SetReferrerInfo(referrerInfo);

dom/base/nsSandboxFlags.h

@@ -116,12 +116,5 @@ const unsigned long SANDBOXED_PRESENTATION = 0x4000;
  */
 const unsigned long SANDBOXED_STORAGE_ACCESS = 0x8000;
 
-/**
- * This flag disables content from initiating or instantiating downloads,
- * whether through downloading hyperlinks or through navigation that gets
- * handled as a download.
- */
-const unsigned long SANDBOXED_ALLOW_DOWNLOADS = 0x10000;
-
-const unsigned long SANDBOX_ALL_FLAGS = 0xFFFFFF;
+const unsigned long SANDBOX_ALL_FLAGS = 0xFFFF;
 #endif

dom/clients/manager/ClientNavigateOpChild.cpp

@@ -248,7 +248,7 @@ RefPtr<ClientOpPromise> ClientNavigateOpChild::DoNavigate(
 
   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(url);
   loadState->SetTriggeringPrincipal(principal);
-  loadState->SetTriggeringSandboxFlags(doc->GetSandboxFlags());
+
   loadState->SetCsp(doc->GetCsp());
 
   auto referrerInfo = MakeRefPtr<ReferrerInfo>(*doc);

dom/ipc/DOMTypes.ipdlh

@@ -271,10 +271,6 @@ struct DocShellLoadStateInit
 
   MaybeDiscardedBrowsingContext SourceBrowsingContext;
 
-  // The TriggineringSandboxFlags are the SandboxFlags of the entity
-  // responsible for causing the load to occur.
-  uint32_t TriggeringSandboxFlags;
-
   nsCString? OriginalURIString;
   int32_t? CancelContentJSEpoch;
 

dom/locales/en-US/chrome/security/security.properties

@@ -133,6 +133,3 @@ HTTPSOnlyUpgradeRequest = Upgrading insecure request “%1$S” to use “%2$S
 HTTPSOnlyNoUpgradeException = Not upgrading insecure request “%1$S” because it is exempt.
 # LOCALIZATION NOTE: %1$S is the URL of the failed request; %2$S is an error-code.
 HTTPSOnlyFailedRequest = Upgrading insecure request “%1$S” failed. (%2$S)
-
-IframeSandboxBlockedDownload = Download was blocked because the triggering iframe has the sandbox flag set.
-IframeSandboxDeprecatedDownload = Downloading content inside sandboxed iframes is deprecated and will be blocked soon.

dom/webidl/LoadURIOptions.webidl

@@ -68,11 +68,6 @@ dictionary LoadURIOptions {
    */
   boolean hasValidUserGestureActivation = false;
 
-  /**
-   * The SandboxFlags of the entity thats
-   * responsible for causing the load.
-   */
-  long triggeringSandboxFlags = 0;
   /**
    * If non-0, a value to pass to nsIDocShell::setCancelContentJSEpoch
    * when initiating the load.

ipc/glue/BackgroundUtils.cpp

@@ -512,7 +512,6 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
       sandboxedLoadingPrincipalInfo, topLevelPrincipalInfo,
       topLevelStorageAreaPrincipalInfo, optionalResultPrincipalURI,
       aLoadInfo->GetSecurityFlags(), aLoadInfo->GetSandboxFlags(),
-      aLoadInfo->GetTriggeringSandboxFlags(),
       aLoadInfo->InternalContentPolicyType(),
       static_cast<uint32_t>(aLoadInfo->GetTainting()),
       aLoadInfo->GetBlockAllMixedContent(),
@@ -738,7 +737,7 @@ nsresult LoadInfoArgsToLoadInfo(
       topLevelStorageAreaPrincipal, resultPrincipalURI, cookieJarSettings,
       cspToInherit, clientInfo, reservedClientInfo, initialClientInfo,
       controller, loadInfoArgs.securityFlags(), loadInfoArgs.sandboxFlags(),
-      loadInfoArgs.triggeringSandboxFlags(), loadInfoArgs.contentPolicyType(),
+      loadInfoArgs.contentPolicyType(),
       static_cast<LoadTainting>(loadInfoArgs.tainting()),
       loadInfoArgs.blockAllMixedContent(),
       loadInfoArgs.upgradeInsecureRequests(),
@@ -811,7 +810,6 @@ void LoadInfoToParentLoadInfoForwarder(
       aLoadInfo->GetHasValidUserGestureActivation(),
       aLoadInfo->GetAllowDeprecatedSystemRequests(),
       aLoadInfo->GetParserCreatedScript(),
-      aLoadInfo->GetTriggeringSandboxFlags(),
       aLoadInfo->GetServiceWorkerTaintingSynthesized(),
       aLoadInfo->GetDocumentHasUserInteracted(),
       aLoadInfo->GetDocumentHasLoaded(),
@@ -851,10 +849,6 @@ nsresult MergeParentLoadInfoForwarder(
   rv = aLoadInfo->SetHttpsOnlyStatus(aForwarderArgs.httpsOnlyStatus());
   NS_ENSURE_SUCCESS(rv, rv);
 
-  rv = aLoadInfo->SetTriggeringSandboxFlags(
-      aForwarderArgs.triggeringSandboxFlags());
-  NS_ENSURE_SUCCESS(rv, rv);
-
   rv = aLoadInfo->SetHasValidUserGestureActivation(
       aForwarderArgs.hasValidUserGestureActivation());
   NS_ENSURE_SUCCESS(rv, rv);

modules/libpref/init/StaticPrefList.yaml

@@ -1433,12 +1433,6 @@
   value: true
   mirror: always
 
-# Block all downloads in iframes with the sandboxed attribute
-- name: dom.block_download_in_sandboxed_iframes
-  type: bool
-  value: @IS_NIGHTLY_BUILD@
-  mirror: always
-
 # Block multiple window.open() per single event.
 - name: dom.block_multiple_popups
   type: bool

netwerk/base/LoadInfo.cpp

@@ -73,7 +73,6 @@ LoadInfo::LoadInfo(
       mContextForTopLevelLoad(nullptr),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
-      mTriggeringSandboxFlags(0),
       mInternalContentPolicyType(aContentPolicyType),
       mTainting(LoadTainting::Basic),
       mBlockAllMixedContent(false),
@@ -351,7 +350,6 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
       mContextForTopLevelLoad(do_GetWeakReference(aContextForTopLevelLoad)),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
-      mTriggeringSandboxFlags(0),
       mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT),
       mTainting(LoadTainting::Basic),
       mBlockAllMixedContent(false),
@@ -458,7 +456,6 @@ LoadInfo::LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext,
       mContextForTopLevelLoad(nullptr),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
-      mTriggeringSandboxFlags(0),
       mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT),
       mTainting(LoadTainting::Basic),
       mBlockAllMixedContent(false),
@@ -740,7 +737,6 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
       mContextForTopLevelLoad(rhs.mContextForTopLevelLoad),
       mSecurityFlags(rhs.mSecurityFlags),
       mSandboxFlags(rhs.mSandboxFlags),
-      mTriggeringSandboxFlags(rhs.mTriggeringSandboxFlags),
       mInternalContentPolicyType(rhs.mInternalContentPolicyType),
       mTainting(rhs.mTainting),
       mBlockAllMixedContent(rhs.mBlockAllMixedContent),
@@ -806,9 +802,9 @@ LoadInfo::LoadInfo(
     const Maybe<ClientInfo>& aInitialClientInfo,
     const Maybe<ServiceWorkerDescriptor>& aController,
     nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags,
-    uint32_t aTriggeringSandboxFlags, nsContentPolicyType aContentPolicyType,
-    LoadTainting aTainting, bool aBlockAllMixedContent,
-    bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
+    nsContentPolicyType aContentPolicyType, LoadTainting aTainting,
+    bool aBlockAllMixedContent, bool aUpgradeInsecureRequests,
+    bool aBrowserUpgradeInsecureRequests,
     bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
     bool aAllowInsecureRedirectToDataURI, bool aBypassCORSChecks,
     bool aSkipContentPolicyCheckForWebRequest,
@@ -848,7 +844,6 @@ LoadInfo::LoadInfo(
       mLoadingContext(do_GetWeakReference(aLoadingContext)),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
-      mTriggeringSandboxFlags(aTriggeringSandboxFlags),
       mInternalContentPolicyType(aContentPolicyType),
       mTainting(aTainting),
       mBlockAllMixedContent(aBlockAllMixedContent),
@@ -1087,18 +1082,6 @@ LoadInfo::GetSandboxFlags(uint32_t* aResult) {
   return NS_OK;
 }
 
-NS_IMETHODIMP
-LoadInfo::GetTriggeringSandboxFlags(uint32_t* aResult) {
-  *aResult = mTriggeringSandboxFlags;
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-LoadInfo::SetTriggeringSandboxFlags(uint32_t aFlags) {
-  mTriggeringSandboxFlags = aFlags;
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 LoadInfo::GetSecurityMode(uint32_t* aFlags) {
   *aFlags =

netwerk/base/LoadInfo.h

@@ -146,7 +146,6 @@ class LoadInfo final : public nsILoadInfo {
            const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
            const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
            nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags,
-           uint32_t aTriggeringSandboxFlags,
            nsContentPolicyType aContentPolicyType, LoadTainting aTainting,
            bool aBlockAllMixedContent, bool aUpgradeInsecureRequests,
            bool aBrowserUpgradeInsecureRequests,
@@ -231,7 +230,6 @@ class LoadInfo final : public nsILoadInfo {
   nsWeakPtr mContextForTopLevelLoad;
   nsSecurityFlags mSecurityFlags;
   uint32_t mSandboxFlags;
-  uint32_t mTriggeringSandboxFlags;
   nsContentPolicyType mInternalContentPolicyType;
   LoadTainting mTainting;
   bool mBlockAllMixedContent;

netwerk/base/TRRLoadInfo.cpp

@@ -92,14 +92,6 @@ NS_IMETHODIMP
 TRRLoadInfo::GetSandboxFlags(uint32_t* aResult) {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
-NS_IMETHODIMP
-TRRLoadInfo::GetTriggeringSandboxFlags(uint32_t* aResult) {
-  return NS_ERROR_NOT_IMPLEMENTED;
-}
-NS_IMETHODIMP
-TRRLoadInfo::SetTriggeringSandboxFlags(uint32_t aResult) {
-  return NS_ERROR_NOT_IMPLEMENTED;
-}
 
 NS_IMETHODIMP
 TRRLoadInfo::GetSecurityMode(uint32_t* aFlags) {

netwerk/base/nsILoadInfo.idl

@@ -411,12 +411,6 @@ interface nsILoadInfo : nsISupports
    */
   [infallible] readonly attribute unsigned long sandboxFlags;
 
-  /**
-  *   The TriggingSandboxFlags are the SandboxFlags of the entity
-  *   responsible for causing the load to occur.
-  */
-  [infallible] attribute unsigned long triggeringSandboxFlags;
-
   /**
    * Allows to query only the security mode bits from above.
    */

netwerk/ipc/DocumentLoadListener.cpp

@@ -356,7 +356,6 @@ already_AddRefed<LoadInfo> DocumentLoadListener::CreateLoadInfo(
 
   loadInfo->SetHasValidUserGestureActivation(
       aLoadState->HasValidUserGestureActivation());
-  loadInfo->SetTriggeringSandboxFlags(aLoadState->TriggeringSandboxFlags());
 
   return loadInfo.forget();
 }

netwerk/ipc/NeckoChannelParams.ipdlh

@@ -79,7 +79,6 @@ struct LoadInfoArgs
   URIParams?                  resultPrincipalURI;
   uint32_t                    securityFlags;
   uint32_t                    sandboxFlags;
-  uint32_t                    triggeringSandboxFlags;
   uint32_t                    contentPolicyType;
   uint32_t                    tainting;
   bool                        blockAllMixedContent;
@@ -207,9 +206,6 @@ struct ParentLoadInfoForwarderArgs
   // the script was created by the HTML parser.
   bool parserCreatedScript;
 
-  // Sandbox Flags of the Document that triggered the load
-  uint32_t triggeringSandboxFlags;
-
   // We must also note that the tainting value was explicitly set
   // by the service worker.
   bool serviceWorkerTaintingSynthesized;

testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/__dir__.ini

@@ -1 +1 @@
-prefs: [dom.targetBlankNoOpener.enabled:false, dom.block_download_in_sandboxed_iframes:true ]
+prefs: [dom.targetBlankNoOpener.enabled:false]

testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_anchor_download_block_downloads.sub.tentative.html.ini

@@ -0,0 +1,4 @@
+[iframe_sandbox_anchor_download_block_downloads.sub.tentative.html]
+  [<a download> triggered download in sandbox is blocked.]
+    expected: FAIL
+

testing/web-platform/meta/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigation_download_block_downloads.sub.tentative.html.ini

@@ -0,0 +1,6 @@
+[iframe_sandbox_navigation_download_block_downloads.sub.tentative.html]
+  [Navigation resulted download in sandbox is blocked.]
+    expected:
+      if (os == "mac") and not debug: ["PASS", "FAIL"]
+      FAIL
+

testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_anchor_download_block_downloads.sub.tentative.html

@@ -19,32 +19,13 @@ async_test(t => {
         iframe.contentWindow.addEventListener(
             "unload", t.unreached_func("Unexpected navigation."));
         var anchor = iframe.contentDocument.getElementsByTagName('a')[0];
-        anchor.href = "support/download_stash.py?token=" + token + "&finish-delay=" + StreamDownloadFinishDelay();
-        anchor.download = null;
-        anchor.click();
-        AssertDownloadFailure(t, token, StreamDownloadFinishDelay() + DownloadVerifyDelay());
-    });
-
-    document.body.appendChild(iframe);
-}, "<a download> triggered download in sandbox is blocked.");
-
-async_test(t => {
-    const token = "{{$id:uuid()}}";
-    var iframe = document.createElement("iframe");
-    iframe.srcdoc = "<a>Download</a>";
-    iframe.sandbox = "allow-same-origin";
-    iframe.onload = t.step_func(function () {
-        iframe.contentWindow.addEventListener(
-            "unload", t.unreached_func("Unexpected navigation."));
-        var anchor = iframe.contentDocument.getElementsByTagName('a')[0];
-        anchor.href = "support/download_stash.py?token=" + token ;
+        anchor.href = "support/download_stash.py?token=" + token;
         anchor.download = null;
         anchor.click();
         AssertDownloadFailure(t, token, DownloadVerifyDelay());
     });
 
     document.body.appendChild(iframe);
-}, "<a download> triggered download in sandbox is blocked before a request is made");
-
+}, "<a download> triggered download in sandbox is blocked.");
 </script>
 </body>

testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigation_download_allow_downloads.sub.tentative.html

@@ -30,23 +30,5 @@ async_test(t => {
 
     document.body.appendChild(iframe);
 }, "Navigation resulted download in sandbox is allowed by allow-downloads.");
-
-async_test(t => {
-    const token = "{{$id:uuid()}}";
-    var iframe = document.createElement("iframe");
-
-    const folder = location.origin+"/html/semantics/embedded-content/the-iframe-element/";
-    const href = `${folder}support/download_stash.py?token=${token}&finish-delay=${StreamDownloadFinishDelay() }`;
-    const objectDoc =`<a href="${href}">download</a>
-    <${"script"}> document.querySelector("a").click(); </${"script"}>`;
-
-    iframe.srcdoc = `<object data='data:text/html,${objectDoc}'></object>`;
-    iframe.sandbox = "allow-same-origin  allow-scripts allow-downloads";
-    iframe.addEventListener("load",()=>{
-        AssertDownloadSuccess(t, token, StreamDownloadFinishDelay() + DownloadVerifyDelay());
-    })
-    document.body.appendChild(iframe);
-}, "Navigation resulted download in sandbox from <object> is allowed by allow-downloads.");
-
 </script>
 </body>

testing/web-platform/tests/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigation_download_block_downloads.sub.tentative.html

@@ -29,24 +29,5 @@ async_test(t => {
 
     document.body.appendChild(iframe);
 }, "Navigation resulted download in sandbox is blocked.");
-
-
-async_test(t => {
-    const token = "{{$id:uuid()}}";
-    var iframe = document.createElement("iframe");
-
-    const folder = location.origin+"/html/semantics/embedded-content/the-iframe-element/";
-    const href = `${folder}support/download_stash.py?token=${token}&finish-delay=${StreamDownloadFinishDelay() }`;
-    const objectDoc =`<a href="${href}">download</a>
-    <${"script"}> document.querySelector("a").click(); </${"script"}>`;
-
-    iframe.srcdoc = `<object data='data:text/html,${objectDoc}'></object>`;
-    iframe.sandbox = "allow-same-origin  allow-scripts";
-    iframe.addEventListener("load",()=>{
-        AssertDownloadFailure(t, token, StreamDownloadFinishDelay() + DownloadVerifyDelay());
-    })
-    document.body.appendChild(iframe);
-}, "Navigation resulted download in sandbox from <object> is blocked.");
-
 </script>
 </body>

toolkit/components/windowwatcher/nsWindowWatcher.cpp

@@ -1152,9 +1152,6 @@ nsresult nsWindowWatcher::OpenWindowInternal(
     loadState->SetSourceBrowsingContext(parentBC);
     loadState->SetHasValidUserGestureActivation(
         parentBC && parentBC->HasValidTransientUserGestureActivation());
-    if (parentBC) {
-      loadState->SetTriggeringSandboxFlags(parentBC->GetSandboxFlags());
-    }
 
     if (subjectPrincipal) {
       loadState->SetTriggeringPrincipal(subjectPrincipal);

uriloader/exthandler/nsExternalHelperAppService.cpp

@@ -45,8 +45,6 @@
 #include "nsIRedirectHistoryEntry.h"
 #include "nsOSHelperAppService.h"
 #include "nsOSHelperAppServiceChild.h"
-#include "nsSandboxFlags.h"
-#include "nsIConsoleService.h"
 
 // used to access our datastore of user-configured helper applications
 #include "nsIHandlerService.h"
@@ -1535,32 +1533,6 @@ NS_IMETHODIMP nsExternalAppHandler::OnStartRequest(nsIRequest* request) {
   }
 
   if (mBrowsingContext) {
-    nsCOMPtr<nsILoadInfo> loadinfo = aChannel->LoadInfo();
-    uint32_t triggeringFlags = loadinfo->GetTriggeringSandboxFlags();
-    uint32_t currentflags = mBrowsingContext->SandboxFlags();
-
-    if ((triggeringFlags & SANDBOXED_ALLOW_DOWNLOADS) ||
-        (currentflags & SANDBOXED_ALLOW_DOWNLOADS)) {
-      // If we encounter a download from within a sandboxed iframe, we
-      // cancel the request if dom.block_download_in_sandboxed_iframes is
-      // prefed on. Otherwise we log a warning that downloads within sandboxed
-      // iframes will be blocked soon.
-      nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(request);
-
-      if (StaticPrefs::dom_block_download_in_sandboxed_iframes()) {
-        mCanceled = true;
-        request->Cancel(NS_ERROR_ABORT);
-
-        if (httpChannel) {
-          LogMessageToConsole(httpChannel, "IframeSandboxBlockedDownload");
-        }
-        return NS_OK;
-      }
-      if (httpChannel) {
-        LogMessageToConsole(httpChannel, "IframeSandboxDeprecatedDownload");
-      }
-    }
-
     mMaybeCloseWindowHelper = new MaybeCloseWindowHelper(mBrowsingContext);
     mMaybeCloseWindowHelper->SetShouldCloseWindow(mShouldCloseWindow);
 
@@ -1961,43 +1933,6 @@ nsExternalAppHandler::OnDataAvailable(nsIRequest* request,
   return rv;
 }
 
-void nsExternalAppHandler::LogMessageToConsole(nsIHttpChannel* aChannel,
-                                               const char* aMsg) {
-  nsCOMPtr<nsIURI> uri;
-  nsresult rv = aChannel->GetURI(getter_AddRefs(uri));
-  if (NS_FAILED(rv)) {
-    return;
-  }
-  uint64_t windowID = 0;
-  rv = aChannel->GetTopLevelContentWindowId(&windowID);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return;
-  }
-  if (!windowID) {
-    nsCOMPtr<nsILoadGroup> loadGroup;
-    rv = aChannel->GetLoadGroup(getter_AddRefs(loadGroup));
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-      return;
-    }
-
-    if (loadGroup) {
-      windowID = nsContentUtils::GetInnerWindowID(loadGroup);
-    }
-  }
-
-  nsAutoString localizedMsg;
-  AutoTArray<nsString, 0> params;
-  rv = nsContentUtils::FormatLocalizedString(
-      nsContentUtils::eSECURITY_PROPERTIES, aMsg, params, localizedMsg);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return;
-  }
-
-  nsContentUtils::ReportToConsoleByWindowID(
-      localizedMsg, nsIScriptError::warningFlag, NS_LITERAL_CSTRING("Security"),
-      windowID, uri);
-}
-
 NS_IMETHODIMP nsExternalAppHandler::OnStopRequest(nsIRequest* request,
                                                   nsresult aStatus) {
   LOG(

uriloader/exthandler/nsExternalHelperAppService.h

@@ -24,7 +24,6 @@
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIChannel.h"
 #include "nsIBackgroundFileSaver.h"
-#include "nsIHttpChannel.h"
 
 #include "nsCOMPtr.h"
 #include "nsIObserver.h"
@@ -441,8 +440,6 @@ class nsExternalAppHandler final : public nsIStreamListener,
   void SendStatusChange(ErrorType type, nsresult aStatus, nsIRequest* aRequest,
                         const nsString& path);
 
-  void LogMessageToConsole(nsIHttpChannel* aChannel, const char* aMsg);
-
   /**
    * Set in nsHelperDlgApp.js. This is always null after the user has chosen an
    * action.

xpcom/ds/StaticAtoms.py

@@ -76,7 +76,6 @@ STATIC_ATOMS = [
     Atom("all", "all"),
     Atom("allow", "allow"),
     Atom("allowdirs", "allowdirs"),
-    Atom("allowdownloads", "allow-downloads"),
     Atom("allowevents", "allowevents"),
     Atom("allowforms", "allow-forms"),
     Atom("allowfullscreen", "allowfullscreen"),