Bug 1626404: Part 2a - Store source BrowsingContext rather than DocShell in LoadState. r=nika CLOSED TREE

Differential Revision: https://phabricator.services.mozilla.com/D69418 --HG-- extra : source : 6fb384961b99821bacfd2702d36bff27231c96a7 extra : intermediate-source : b0d4b213b819d2346b1026122335553b77d63cae
2020-04-04 02:42:44 +00:00 · 2020-04-04 02:42:44 +00:00 · 9742588080
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -3931,7 +3931,7 @@ nsresult nsDocShell::LoadErrorPage(nsIURI* aErrorURI, nsIURI* aFailedURI,
  loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
  loadState->SetLoadType(LOAD_ERROR_PAGE);
  loadState->SetFirstParty(true);
-  loadState->SetSourceDocShell(this);
+  loadState->SetSourceBrowsingContext(mBrowsingContext);

  return InternalLoad(loadState, nullptr, nullptr);
 }
@ -4034,7 +4034,7 @@ nsDocShell::Reload(uint32_t aReloadFlags) {
    loadState->SetLoadType(loadType);
    loadState->SetFirstParty(true);
    loadState->SetSrcdocData(srcdoc);
-    loadState->SetSourceDocShell(this);
+    loadState->SetSourceBrowsingContext(mBrowsingContext);
    loadState->SetBaseURI(baseURI);
    rv = InternalLoad(loadState, nullptr, nullptr);
  }
@ -8730,9 +8730,9 @@ nsresult nsDocShell::InternalLoad(nsDocShellLoadState* aLoadState,

  // If a source docshell has been passed, check to see if we are sandboxed
  // from it as the result of an iframe or CSP sandbox.
-  if (aLoadState->SourceDocShell() &&
-      aLoadState->SourceDocShell()->GetBrowsingContext()->IsSandboxedFrom(
-          mBrowsingContext)) {
+  const auto& sourceBC = aLoadState->SourceBrowsingContext();
+  if (sourceBC.IsDiscarded() ||
+      (sourceBC && sourceBC->IsSandboxedFrom(mBrowsingContext))) {
    return NS_ERROR_DOM_INVALID_ACCESS_ERR;
  }

@ -12244,7 +12244,7 @@ nsresult nsDocShell::OnLinkClickSync(
  loadState->SetHeadersStream(aHeadersDataStream);
  loadState->SetLoadType(loadType);
  loadState->SetFirstParty(true);
-  loadState->SetSourceDocShell(this);
+  loadState->SetSourceBrowsingContext(mBrowsingContext);
  loadState->SetIsFormSubmission(aContent->IsHTMLElement(nsGkAtoms::form));
  nsresult rv = InternalLoad(loadState, aDocShell, aRequest);

--- a/docshell/base/nsDocShellLoadState.cpp
+++ b/docshell/base/nsDocShellLoadState.cpp
@ -441,12 +441,9 @@ void nsDocShellLoadState::SetSrcdocData(const nsAString& aSrcdocData) {
  mSrcdocData = aSrcdocData;
 }

-nsIDocShell* nsDocShellLoadState::SourceDocShell() const {
-  return mSourceDocShell;
-}
-
-void nsDocShellLoadState::SetSourceDocShell(nsIDocShell* aSourceDocShell) {
-  mSourceDocShell = aSourceDocShell;
+void nsDocShellLoadState::SetSourceBrowsingContext(
+    BrowsingContext* aSourceBrowsingContext) {
+  mSourceBrowsingContext = aSourceBrowsingContext;
 }

 nsIURI* nsDocShellLoadState::BaseURI() const { return mBaseURI; }
--- a/docshell/base/nsDocShellLoadState.h
+++ b/docshell/base/nsDocShellLoadState.h
@ -33,6 +33,10 @@ class DocShellLoadStateInit;
 * call.
 */
 class nsDocShellLoadState final {
+  using BrowsingContext = mozilla::dom::BrowsingContext;
+  template <typename T>
+  using MaybeDiscarded = mozilla::dom::MaybeDiscarded<T>;
+
 public:
  NS_INLINE_DECL_REFCOUNTING(nsDocShellLoadState);

@ -140,9 +144,11 @@ class nsDocShellLoadState final {

  void SetSrcdocData(const nsAString& aSrcdocData);

-  nsIDocShell* SourceDocShell() const;
+  const MaybeDiscarded<BrowsingContext>& SourceBrowsingContext() const {
+    return mSourceBrowsingContext;
+  }

-  void SetSourceDocShell(nsIDocShell* aSourceDocShell);
+  void SetSourceBrowsingContext(BrowsingContext* aSourceBrowsingContext);

  nsIURI* BaseURI() const;

@ -337,7 +343,7 @@ class nsDocShellLoadState final {
  nsString mSrcdocData;

  // When set, this is the Source Browsing Context for the navigation.
-  nsCOMPtr<nsIDocShell> mSourceDocShell;
+  MaybeDiscarded<BrowsingContext> mSourceBrowsingContext;

  // Used for srcdoc loads to give view-source knowledge of the load's base URI
  // as this information isn't embedded in the load's URI.
--- a/dom/base/LocationBase.cpp
+++ b/dom/base/LocationBase.cpp
@ -132,7 +132,7 @@ void LocationBase::SetURI(nsIURI* aURI, nsIPrincipal& aSubjectPrincipal,
  RefPtr<BrowsingContext> accessingBC;
  if (sourceWindow) {
    accessingBC = sourceWindow->GetBrowsingContext();
-    loadState->SetSourceDocShell(sourceWindow->GetDocShell());
+    loadState->SetSourceBrowsingContext(sourceWindow->GetBrowsingContext());
  }

  loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
--- a/dom/clients/manager/ClientNavigateOpChild.cpp
+++ b/dom/clients/manager/ClientNavigateOpChild.cpp
@ -255,7 +255,7 @@ RefPtr<ClientOpPromise> ClientNavigateOpChild::DoNavigate(

  loadState->SetReferrerInfo(referrerInfo);
  loadState->SetLoadType(LOAD_STOP_CONTENT);
-  loadState->SetSourceDocShell(docShell);
+  loadState->SetSourceBrowsingContext(docShell->GetBrowsingContext());
  loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
  loadState->SetFirstParty(true);
  rv = docShell->LoadURI(loadState, false);