From 595fee0d91295c6ac6cd1fab383921232bb438f1 Mon Sep 17 00:00:00 2001
From: Andrea Marchesini <amarchesini@mozilla.com>
Date: Wed, 18 Jul 2018 16:49:18 +0200
Subject: [PATCH 01/14] Bug 1476280 - SecurityPolicyViolationEvent.blockedURI
 should contain the original URL in case of redirects, r=ckerschb

---
 dom/security/nsCSPContext.cpp                 | 150 ++++++++++--------
 dom/security/nsCSPContext.h                   |  11 +-
 .../test/csp/test_blocked_uri_in_reports.html |   2 +-
 .../test/csp/test_report_for_import.html      |   2 +-
 dom/security/test/unit/test_csp_reports.js    |   4 +-
 .../media-src/media-src-7_1_2.sub.html.ini    |   4 +-
 .../media-src/media-src-7_2_2.sub.html.ini    |   4 +-
 .../media-src/media-src-7_3_2.sub.html.ini    |   4 -
 .../media-src/media-src-blocked.sub.html.ini  |   4 +-
 .../report-original-url.sub.html.ini          |   5 +-
 .../reporting/report-strips-fragment.html.ini |   4 -
 ...double_policy_honor_whitelist.sub.html.ini |   3 +-
 .../inside-dedicated-worker.html.ini          |   5 -
 .../inside-service-worker.https.html.ini      |   5 -
 .../inside-shared-worker.html.ini             |   5 -
 ...ross-origin-image-from-script.sub.html.ini |   4 -
 ...tion-block-cross-origin-image.sub.html.ini |   4 -
 ...ation-block-image-from-script.sub.html.ini |   4 -
 ...-src-redirect-upgrade-reporting.https.html |   6 +-
 .../support/inside-worker.sub.js              |  13 ++
 20 files changed, 125 insertions(+), 118 deletions(-)
 delete mode 100644 testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini
 delete mode 100644 testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini
 delete mode 100644 testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini
 delete mode 100644 testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini
 delete mode 100644 testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini
 delete mode 100644 testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini
 delete mode 100644 testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini
 delete mode 100644 testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini

diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
index 8abeb782f4bc..2cc173ab933b 100644
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -91,6 +91,29 @@ ValidateDirectiveName(const nsAString& aDirective)
 }
 #endif // DEBUG
 
+static void
+BlockedContentSourceToString(nsCSPContext::BlockedContentSource aSource,
+                             nsACString& aString)
+{
+  switch (aSource) {
+    case nsCSPContext::BlockedContentSource::eUnknown:
+      aString.Truncate();
+      break;
+
+    case nsCSPContext::BlockedContentSource::eInline:
+      aString.AssignLiteral("inline");
+      break;
+
+    case nsCSPContext::BlockedContentSource::eEval:
+      aString.AssignLiteral("eval");
+      break;
+
+    case nsCSPContext::BlockedContentSource::eSelf:
+      aString.AssignLiteral("self");
+      break;
+  }
+}
+
 /**
  * Creates a key for use in the ShouldLoad cache.
  * Looks like: <uri>!<nsIContentPolicy::LOAD_TYPE>
@@ -275,6 +298,7 @@ nsCSPContext::permitsInternal(CSPDirective aDir,
         AsyncReportViolation(aTriggeringElement,
                              (aSendContentLocationInViolationReports ?
                               aContentLocation : nullptr),
+                             BlockedContentSource::eUnknown, /* a BlockedContentSource */
                              aOriginalURI,  /* in case of redirect originalURI is not null */
                              violatedDirective,
                              p,             /* policy index        */
@@ -481,12 +505,6 @@ nsCSPContext::reportInlineViolation(nsContentPolicyType aContentType,
                       : NS_LITERAL_STRING(STYLE_HASH_VIOLATION_OBSERVER_TOPIC);
   }
 
-  nsCOMPtr<nsISupportsCString> selfICString(do_CreateInstance(NS_SUPPORTS_CSTRING_CONTRACTID));
-  if (selfICString) {
-    selfICString->SetData(nsDependentCString("inline"));
-  }
-  nsCOMPtr<nsISupports> selfISupports(do_QueryInterface(selfICString));
-
   // use selfURI as the sourceFile
   nsAutoCString sourceFile;
   if (mSelfURI) {
@@ -494,7 +512,8 @@ nsCSPContext::reportInlineViolation(nsContentPolicyType aContentType,
   }
 
   AsyncReportViolation(aTriggeringElement,
-                       selfISupports,                      // aBlockedContentSource
+                       nullptr,                            // aBlockedURI
+                       BlockedContentSource::eInline,      // aBloeckedSource
                        mSelfURI,                           // aOriginalURI
                        aViolatedDirective,                 // aViolatedDirective
                        aViolatedPolicyIndex,               // aViolatedPolicyIndex
@@ -595,7 +614,7 @@ nsCSPContext::GetAllowsInline(nsContentPolicyType aContentType,
  *
  * Note: This macro uses some parameters from its caller's context:
  * p, mPolicies, this, aSourceFile, aScriptSample, aLineNum, aColumnNum,
- * selfISupports
+ * blockedContentSource
  *
  * @param violationType: the VIOLATION_TYPE_* constant (partial symbol)
  *                 such as INLINE_SCRIPT
@@ -622,8 +641,8 @@ nsCSPContext::GetAllowsInline(nsContentPolicyType aContentType,
       mPolicies[p]->getDirectiveStringAndReportSampleForContentType(           \
                         nsIContentPolicy::TYPE_ ## contentPolicyType,          \
                         violatedDirective, &reportSample);                     \
-      AsyncReportViolation(aTriggeringElement, selfISupports, nullptr,         \
-                           violatedDirective, p,                               \
+      AsyncReportViolation(aTriggeringElement, nullptr, blockedContentSource,  \
+                           nullptr, violatedDirective, p,                      \
                            NS_LITERAL_STRING(observerTopic),                   \
                            aSourceFile,                                        \
                            reportSample                                        \
@@ -670,20 +689,17 @@ nsCSPContext::LogViolationDetails(uint16_t aViolationType,
   for (uint32_t p = 0; p < mPolicies.Length(); p++) {
     NS_ASSERTION(mPolicies[p], "null pointer in nsTArray<nsCSPPolicy>");
 
-    nsCOMPtr<nsISupportsCString> selfICString(do_CreateInstance(NS_SUPPORTS_CSTRING_CONTRACTID));
-    if (selfICString) {
-      if (aViolationType == nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL) {
-        selfICString->SetData(nsDependentCString("eval"));
-      } else if (aViolationType == nsIContentSecurityPolicy::VIOLATION_TYPE_INLINE_SCRIPT ||
-                 aViolationType == nsIContentSecurityPolicy::VIOLATION_TYPE_INLINE_STYLE) {
-        selfICString->SetData(nsDependentCString("inline"));
-      } else {
-        // All the other types should have a URL, but just in case, let's use
-        // 'self' here.
-        selfICString->SetData(nsDependentCString("self"));
-      }
+    BlockedContentSource blockedContentSource = BlockedContentSource::eUnknown;
+    if (aViolationType == nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL) {
+      blockedContentSource = BlockedContentSource::eEval;
+    } else if (aViolationType == nsIContentSecurityPolicy::VIOLATION_TYPE_INLINE_SCRIPT ||
+               aViolationType == nsIContentSecurityPolicy::VIOLATION_TYPE_INLINE_STYLE) {
+      blockedContentSource = BlockedContentSource::eInline;
+    } else {
+      // All the other types should have a URL, but just in case, let's use
+      // 'self' here.
+      blockedContentSource = BlockedContentSource::eSelf;
     }
-    nsCOMPtr<nsISupports> selfISupports(do_QueryInterface(selfICString));
 
     switch (aViolationType) {
       CASE_CHECK_AND_REPORT(EVAL,              SCRIPT,     NS_LITERAL_STRING(""),
@@ -874,16 +890,7 @@ StripURIForReporting(nsIURI* aURI,
     return;
   }
 
-  // 2) If the origin of uri is not the same as the origin of the protected
-  // resource, then return the ASCII serialization of uri’s origin.
-  if (!NS_SecurityCompareURIs(aSelfURI, aURI, false)) {
-    // cross origin redirects also fall into this category, see:
-    // http://www.w3.org/TR/CSP/#violation-reports
-    aURI->GetPrePath(outStrippedURI);
-    return;
-  }
-
-  // 3) Return uri, with any fragment component removed.
+  // Return uri, with any fragment component removed.
   aURI->GetSpecIgnoringRef(outStrippedURI);
 }
 
@@ -917,7 +924,8 @@ nsCSPContext::GatherSecurityPolicyViolationEventData(
   // blocked-uri
   if (aBlockedURI) {
     nsAutoCString reportBlockedURI;
-    StripURIForReporting(aBlockedURI, mSelfURI, reportBlockedURI);
+    StripURIForReporting(aOriginalURI ? aOriginalURI : aBlockedURI,
+                         mSelfURI, reportBlockedURI);
     aViolationEventInit.mBlockedURI = NS_ConvertUTF8toUTF16(reportBlockedURI);
   } else {
     aViolationEventInit.mBlockedURI = NS_ConvertUTF8toUTF16(aBlockedString);
@@ -1252,7 +1260,8 @@ class CSPReportSenderRunnable final : public Runnable
 {
   public:
     CSPReportSenderRunnable(Element* aTriggeringElement,
-                            nsISupports* aBlockedContentSource,
+                            nsIURI* aBlockedURI,
+                            nsCSPContext::BlockedContentSource aBlockedContentSource,
                             nsIURI* aOriginalURI,
                             uint32_t aViolatedPolicyIndex,
                             bool aReportOnlyFlag,
@@ -1265,6 +1274,7 @@ class CSPReportSenderRunnable final : public Runnable
                             nsCSPContext* aCSPContext)
       : mozilla::Runnable("CSPReportSenderRunnable")
       , mTriggeringElement(aTriggeringElement)
+      , mBlockedURI(aBlockedURI)
       , mBlockedContentSource(aBlockedContentSource)
       , mOriginalURI(aOriginalURI)
       , mViolatedPolicyIndex(aViolatedPolicyIndex)
@@ -1280,13 +1290,22 @@ class CSPReportSenderRunnable final : public Runnable
       // the observer subject is an nsISupports: either an nsISupportsCString
       // from the arg passed in directly, or if that's empty, it's the blocked
       // source.
+      if (aObserverSubject.IsEmpty() && mBlockedURI) {
+        mObserverSubject = aBlockedURI;
+        return;
+      }
+
+      nsAutoCString subject;
       if (aObserverSubject.IsEmpty()) {
-        mObserverSubject = aBlockedContentSource;
+        BlockedContentSourceToString(aBlockedContentSource, subject);
       } else {
-        nsCOMPtr<nsISupportsCString> supportscstr =
-          do_CreateInstance(NS_SUPPORTS_CSTRING_CONTRACTID);
-        NS_ASSERTION(supportscstr, "Couldn't allocate nsISupportsCString");
-        supportscstr->SetData(NS_ConvertUTF16toUTF8(aObserverSubject));
+        CopyUTF16toUTF8(aObserverSubject, subject);
+      }
+
+      nsCOMPtr<nsISupportsCString> supportscstr =
+        do_CreateInstance(NS_SUPPORTS_CSTRING_CONTRACTID);
+      if (supportscstr) {
+        supportscstr->SetData(subject);
         mObserverSubject = do_QueryInterface(supportscstr);
       }
     }
@@ -1299,17 +1318,12 @@ class CSPReportSenderRunnable final : public Runnable
 
       // 0) prepare violation data
       mozilla::dom::SecurityPolicyViolationEventInit init;
-      // mBlockedContentSource could be a URI or a string.
-      nsCOMPtr<nsIURI> blockedURI = do_QueryInterface(mBlockedContentSource);
-      // if mBlockedContentSource is not a URI, it could be a string
-      nsCOMPtr<nsISupportsCString> blockedICString = do_QueryInterface(mBlockedContentSource);
-      nsAutoCString blockedDataStr;
-      if (blockedICString) {
-        blockedICString->GetData(blockedDataStr);
-      }
+
+      nsAutoCString blockedContentSource;
+      BlockedContentSourceToString(mBlockedContentSource, blockedContentSource);
 
       rv = mCSPContext->GatherSecurityPolicyViolationEventData(
-        blockedURI, blockedDataStr, mOriginalURI,
+        mBlockedURI, blockedContentSource, mOriginalURI,
         mViolatedDirective, mViolatedPolicyIndex,
         mSourceFile, mScriptSample, mLineNum, mColumnNum,
         init);
@@ -1317,34 +1331,35 @@ class CSPReportSenderRunnable final : public Runnable
 
       // 1) notify observers
       nsCOMPtr<nsIObserverService> observerService = mozilla::services::GetObserverService();
-      NS_ASSERTION(observerService, "needs observer service");
-      rv = observerService->NotifyObservers(mObserverSubject,
-                                            CSP_VIOLATION_TOPIC,
-                                            mViolatedDirective.get());
-      NS_ENSURE_SUCCESS(rv, rv);
+      if (mObserverSubject && observerService) {
+        rv = observerService->NotifyObservers(mObserverSubject,
+                                              CSP_VIOLATION_TOPIC,
+                                              mViolatedDirective.get());
+        NS_ENSURE_SUCCESS(rv, rv);
+      }
 
       // 2) send reports for the policy that was violated
       mCSPContext->SendReports(init, mViolatedPolicyIndex);
 
       // 3) log to console (one per policy violation)
 
-      if (blockedURI) {
-        blockedURI->GetSpec(blockedDataStr);
-        if (blockedDataStr.Length() > nsCSPContext::ScriptSampleMaxLength()) {
+      if (mBlockedURI) {
+        mBlockedURI->GetSpec(blockedContentSource);
+        if (blockedContentSource.Length() > nsCSPContext::ScriptSampleMaxLength()) {
           bool isData = false;
-          rv = blockedURI->SchemeIs("data", &isData);
+          rv = mBlockedURI->SchemeIs("data", &isData);
           if (NS_SUCCEEDED(rv) && isData &&
-              blockedDataStr.Length() > nsCSPContext::ScriptSampleMaxLength()) {
-            blockedDataStr.Truncate(nsCSPContext::ScriptSampleMaxLength());
-            blockedDataStr.Append(NS_ConvertUTF16toUTF8(nsContentUtils::GetLocalizedEllipsis()));
+              blockedContentSource.Length() > nsCSPContext::ScriptSampleMaxLength()) {
+            blockedContentSource.Truncate(nsCSPContext::ScriptSampleMaxLength());
+            blockedContentSource.Append(NS_ConvertUTF16toUTF8(nsContentUtils::GetLocalizedEllipsis()));
           }
         }
       }
 
-      if (blockedDataStr.Length() > 0) {
-        nsString blockedDataChar16 = NS_ConvertUTF8toUTF16(blockedDataStr);
+      if (blockedContentSource.Length() > 0) {
+        nsString blockedContentSource16 = NS_ConvertUTF8toUTF16(blockedContentSource);
         const char16_t* params[] = { mViolatedDirective.get(),
-                                     blockedDataChar16.get() };
+                                     blockedContentSource16.get() };
         mCSPContext->logToConsole(mReportOnlyFlag ? "CSPROViolationWithURI" :
                                                     "CSPViolationWithURI",
                                   params, ArrayLength(params), mSourceFile, mScriptSample,
@@ -1359,7 +1374,8 @@ class CSPReportSenderRunnable final : public Runnable
 
   private:
     RefPtr<Element>         mTriggeringElement;
-    nsCOMPtr<nsISupports>   mBlockedContentSource;
+    nsCOMPtr<nsIURI>        mBlockedURI;
+    nsCSPContext::BlockedContentSource mBlockedContentSource;
     nsCOMPtr<nsIURI>        mOriginalURI;
     uint32_t                mViolatedPolicyIndex;
     bool                    mReportOnlyFlag;
@@ -1403,7 +1419,8 @@ class CSPReportSenderRunnable final : public Runnable
  */
 nsresult
 nsCSPContext::AsyncReportViolation(Element* aTriggeringElement,
-                                   nsISupports* aBlockedContentSource,
+                                   nsIURI* aBlockedURI,
+                                   BlockedContentSource aBlockedContentSource,
                                    nsIURI* aOriginalURI,
                                    const nsAString& aViolatedDirective,
                                    uint32_t aViolatedPolicyIndex,
@@ -1417,6 +1434,7 @@ nsCSPContext::AsyncReportViolation(Element* aTriggeringElement,
 
   nsCOMPtr<nsIRunnable> task =
     new CSPReportSenderRunnable(aTriggeringElement,
+                                aBlockedURI,
                                 aBlockedContentSource,
                                 aOriginalURI,
                                 aViolatedPolicyIndex,
diff --git a/dom/security/nsCSPContext.h b/dom/security/nsCSPContext.h
index b14df7b8c862..cd3676a4d95e 100644
--- a/dom/security/nsCSPContext.h
+++ b/dom/security/nsCSPContext.h
@@ -107,8 +107,17 @@ class nsCSPContext : public nsIContentSecurityPolicy
       mozilla::dom::Element* aTriggeringElement,
       const mozilla::dom::SecurityPolicyViolationEventInit& aViolationEventInit);
 
+    enum BlockedContentSource
+    {
+      eUnknown,
+      eInline,
+      eEval,
+      eSelf,
+    };
+
     nsresult AsyncReportViolation(mozilla::dom::Element* aTriggeringElement,
-                                  nsISupports* aBlockedContentSource,
+                                  nsIURI* aBlockedURI,
+                                  BlockedContentSource aBlockedContentSource,
                                   nsIURI* aOriginalURI,
                                   const nsAString& aViolatedDirective,
                                   uint32_t aViolatedPolicyIndex,
diff --git a/dom/security/test/csp/test_blocked_uri_in_reports.html b/dom/security/test/csp/test_blocked_uri_in_reports.html
index 7e656509e244..11b1e29a82d8 100644
--- a/dom/security/test/csp/test_blocked_uri_in_reports.html
+++ b/dom/security/test/csp/test_blocked_uri_in_reports.html
@@ -50,7 +50,7 @@ script.addMessageListener('opening-request-completed', function ml(msg) {
       var cspReport = reportObj["csp-report"];
       // blocked-uri should only be the asciiHost instead of:
       // http://test1.example.com/tests/dom/security/test/csp/file_path_matching.js
-      is(cspReport["blocked-uri"], "http://test1.example.com", "Incorrect blocked-uri");
+      is(cspReport["blocked-uri"], "http://example.com/tests/dom/security/test/csp/file_path_matching_redirect_server.sjs", "Incorrect blocked-uri");
     } catch (e) {
       ok(false, "Could not query report (exception: " + e + ")");
     }
diff --git a/dom/security/test/csp/test_report_for_import.html b/dom/security/test/csp/test_report_for_import.html
index 452dc5f745d0..7d95acbd3953 100644
--- a/dom/security/test/csp/test_report_for_import.html
+++ b/dom/security/test/csp/test_report_for_import.html
@@ -57,7 +57,7 @@ function checkResults(reportStr) {
        "http://mochi.test:8888/tests/dom/security/test/csp/file_report_for_import_server.sjs?report",
        "Incorrect original-policy");
     is(cspReport["blocked-uri"],
-       "http://example.com",
+       "http://example.com/tests/dom/security/test/csp/file_report_for_import_server.sjs?stylesheet",
        "Incorrect blocked-uri");
 
     // we do not always set the following fields
diff --git a/dom/security/test/unit/test_csp_reports.js b/dom/security/test/unit/test_csp_reports.js
index 0d2e29bc58f4..05e845e9f294 100644
--- a/dom/security/test/unit/test_csp_reports.js
+++ b/dom/security/test/unit/test_csp_reports.js
@@ -147,7 +147,7 @@ function run_test() {
         }
       });
 
-  makeTest(2, {"blocked-uri": "http://blocked.test"}, false,
+  makeTest(2, {"blocked-uri": "http://blocked.test/foo.js"}, false,
       function(csp) {
         // shouldLoad creates and sends out the report here.
         csp.shouldLoad(Ci.nsIContentPolicy.TYPE_SCRIPT,
@@ -226,7 +226,7 @@ function run_test() {
       });
 
   // test scheme of ftp:
-  makeTest(8, {"blocked-uri": "ftp://blocked.test"}, false,
+  makeTest(8, {"blocked-uri": "ftp://blocked.test/profile.png"}, false,
     function(csp) {
       // shouldLoad creates and sends out the report here.
       csp.shouldLoad(Ci.nsIContentPolicy.TYPE_SCRIPT,
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini
index d08fe125c549..cb39752b7cf5 100644
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini
@@ -1,4 +1,4 @@
 [media-src-7_1_2.sub.html]
+  expected: TIMEOUT
   [Test that securitypolicyviolation events are fired]
-    expected: FAIL
-
+    expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini
index e4b35bae287c..8b32d976d816 100644
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini
@@ -1,4 +1,4 @@
 [media-src-7_2_2.sub.html]
+  expected: TIMEOUT
   [Test that securitypolicyviolation events are fired]
-    expected: FAIL
-
+    expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini
deleted file mode 100644
index cd02dea03260..000000000000
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-7_3_2.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[media-src-7_3_2.sub.html]
-  [Test that securitypolicyviolation events are fired]
-    expected: FAIL
-
diff --git a/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
index 5dfca0e88b38..2d80128a361b 100644
--- a/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
@@ -1,4 +1,4 @@
 [media-src-blocked.sub.html]
+  expected: TIMEOUT
   [Test that securitypolicyviolation events are fired]
-    expected: FAIL
-
+    expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini
index 52b95feb6c74..a8137eb3cb0e 100644
--- a/testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/reporting/report-original-url.sub.html.ini
@@ -1,4 +1,7 @@
 [report-original-url.sub.html]
   expected: TIMEOUT
-  [Direct block, cross-origin = full URL in report]
+  [Block after redirect, same-origin = original URL in report]
+    expected: TIMEOUT
+
+  [Block after redirect, cross-origin = original URL in report]
     expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini b/testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini
deleted file mode 100644
index 1aab8623c954..000000000000
--- a/testing/web-platform/meta/content-security-policy/reporting/report-strips-fragment.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[report-strips-fragment.html]
-  expected: TIMEOUT
-  [Reported document URI does not contain fragments.]
-    expected: TIMEOUT
diff --git a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.ini b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.ini
index c39ada01df6f..c85e80d8ca55 100644
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.ini
@@ -1,4 +1,3 @@
 [script-src-strict_dynamic_double_policy_honor_whitelist.sub.html]
-  expected: TIMEOUT
   [Non-whitelisted script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce+whitelist double policy.]
-    expected: TIMEOUT
+    expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini
deleted file mode 100644
index 7cdce71572cf..000000000000
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-dedicated-worker.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[inside-dedicated-worker.html]
-  expected: TIMEOUT
-  [SecurityPolicyViolation event fired on global.]
-    expected: TIMEOUT
-
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini
deleted file mode 100644
index 0fc292a6db6b..000000000000
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-service-worker.https.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[inside-service-worker.https.html]
-  expected: TIMEOUT
-  [SecurityPolicyViolation event fired on global.]
-    expected: TIMEOUT
-
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini
deleted file mode 100644
index dd86fc219e18..000000000000
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/inside-shared-worker.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[inside-shared-worker.html]
-  expected: TIMEOUT
-  [SecurityPolicyViolation event fired on global.]
-    expected: TIMEOUT
-
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini
deleted file mode 100644
index 3e49588f4e24..000000000000
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[securitypolicyviolation-block-cross-origin-image-from-script.sub.html]
-  [Non-redirected cross-origin URLs are not stripped.]
-    expected: FAIL
-
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini
deleted file mode 100644
index 0f3438585ff1..000000000000
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[securitypolicyviolation-block-cross-origin-image.sub.html]
-  [Non-redirected cross-origin URLs are not stripped.]
-    expected: FAIL
-
diff --git a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini b/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini
deleted file mode 100644
index b06250790692..000000000000
--- a/testing/web-platform/meta/content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[securitypolicyviolation-block-image-from-script.sub.html]
-  [Non-redirected cross-origin URLs are not stripped.]
-    expected: FAIL
-
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html
index 27611273babc..c63206db4643 100644
--- a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html
+++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/img-src-redirect-upgrade-reporting.https.html
@@ -4,10 +4,10 @@
 <script src="./support/testharness-helper.sub.js"></script>
 <body></body>
 <script>
-    function waitForViolation(el, t, policy, blocked_origin) {
+    function waitForViolation(el, t, policy, blockedURI) {
       return new Promise(resolve => {
         el.addEventListener('securitypolicyviolation', e => {
-          if (e.originalPolicy == policy && (new URL(e.blockedURI)).origin == blocked_origin)
+          if (e.originalPolicy == policy && e.blockedURI == blockedURI)
             resolve(e);
           else
             t.unreached_func("Unexpected violation event for " + e.blockedURI)();
@@ -21,7 +21,7 @@
       i.src = redirect.url;
 
       // Report-only policy should trigger a violation on the redirected request.
-      waitForViolation(window, t, "img-src https:", (new URL(redirect.target)).origin).then(t.step_func(e => {
+      waitForViolation(window, t, "img-src https:", new URL(redirect.url, window.location).href).then(t.step_func(e => {
         t.done();
       }));
 
diff --git a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js
index 6e0d98c9577f..58bd02fd9ec8 100644
--- a/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js
+++ b/testing/web-platform/tests/content-security-policy/securitypolicyviolation/support/inside-worker.sub.js
@@ -40,5 +40,18 @@ async_test(t => {
     .catch(t.step_func(e => assert_true(e instanceof TypeError)));
 }, "SecurityPolicyViolation event fired on global.");
 
+async_test(t => {
+  var url = "{{location[scheme]}}://{{host}}:{{location[port]}}/common/redirect.py?location={{location[scheme]}}://{{domains[www]}}:{{location[port]}}/content-security-policy/support/ping.js";
+  waitUntilCSPEventForURL(t, url)
+    .then(t.step_func_done(e => {
+      assert_equals(e.blockedURI, url);
+      assert_false(cspEventFiredInDocument);
+    }));
+
+  fetch(url)
+    .then(t.unreached_func("Fetch should not succeed."))
+    .catch(t.step_func(e => assert_true(e instanceof TypeError)));
+}, "SecurityPolicyViolation event fired on global with the correct blockedURI.");
+
 // Worker tests need an explicit `done()`.
 done();

From 76b07b62c3822c3c14f7c9232baa2ffb050731b7 Mon Sep 17 00:00:00 2001
From: Nicolas Silva <nsilva@mozilla.com>
Date: Fri, 13 Jul 2018 14:40:58 +0200
Subject: [PATCH 02/14] Bug 1474722 - Prevent large rect integer overflows
 without forbidding large nine-patches. r=Bas

---
 gfx/2d/Rect.h          |  7 +++++++
 gfx/thebes/gfxBlur.cpp | 21 ++++++++-------------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/gfx/2d/Rect.h b/gfx/2d/Rect.h
index b1f9a71a7be2..89b98f78560f 100644
--- a/gfx/2d/Rect.h
+++ b/gfx/2d/Rect.h
@@ -292,6 +292,13 @@ IntRectTyped<units> RoundedToInt(const RectTyped<units>& aRect)
                              int32_t(copy.Height()));
 }
 
+template<class units>
+bool RectIsInt32Safe(const RectTyped<units>& aRect) {
+  float min = (float)std::numeric_limits<std::int32_t>::min();
+  float max = (float)std::numeric_limits<std::int32_t>::max();
+  return aRect.x > min && aRect.y > min && aRect.XMost() < max && aRect.YMost() < max;
+}
+
 template<class units>
 IntRectTyped<units> RoundedIn(const RectTyped<units>& aRect)
 {
diff --git a/gfx/thebes/gfxBlur.cpp b/gfx/thebes/gfxBlur.cpp
index 15ce9d7a9e3e..91ff23412efc 100644
--- a/gfx/thebes/gfxBlur.cpp
+++ b/gfx/thebes/gfxBlur.cpp
@@ -594,6 +594,12 @@ GetBlur(gfxContext* aDestinationCtx,
   if (useDestRect) {
     minSize = aRectSize;
   }
+
+  int32_t maxTextureSize = gfxPlatform::MaxTextureSize();
+  if (minSize.width > maxTextureSize || minSize.height > maxTextureSize) {
+    return nullptr;
+  }
+
   aOutMinSize = minSize;
 
   DrawTarget* destDT = aDestinationCtx->GetDrawTarget();
@@ -955,13 +961,7 @@ gfxAlphaBoxBlur::BlurRectangle(gfxContext* aDestinationCtx,
                                const gfxRect& aDirtyRect,
                                const gfxRect& aSkipRect)
 {
-  const double maxSize = (double)gfxPlatform::MaxTextureSize();
-  const double maxPos = (double)std::numeric_limits<std::int16_t>::max();
-  if (aRect.width > maxSize || aRect.height > maxSize ||
-      std::abs(aRect.x) > maxPos || std::abs(aRect.y) > maxPos) {
-    // The rectangle is huge, perhaps due to a very strong perspective or some other
-    // transform. We won't be able to blur something this big so give up now before
-    // overflowing or running into texture size limits later.
+  if (!RectIsInt32Safe(ToRect(aRect))) {
     return;
   }
 
@@ -1020,17 +1020,12 @@ gfxAlphaBoxBlur::BlurRectangle(gfxContext* aDestinationCtx,
   // so if there's a transform on destDrawTarget that is not pixel-aligned,
   // there will be seams between adjacent parts of the box-shadow. It's hard to
   // avoid those without the use of an intermediate surface.
-  // You might think that we could avoid those by just turning of AA, but there
+  // You might think that we could avoid those by just turning off AA, but there
   // is a problem with that: Box-shadow rendering needs to clip out the
   // element's border box, and we'd like that clip to have anti-aliasing -
   // especially if the element has rounded corners! So we can't do that unless
   // we have a way to say "Please anti-alias the clip, but don't antialias the
   // destination rect of the DrawSurface call".
-  // On OS X there is an additional problem with turning off AA: CoreGraphics
-  // will not just fill the pixels that have their pixel center inside the
-  // filled shape. Instead, it will fill all the pixels which are partially
-  // covered by the shape. So for pixels on the edge between two adjacent parts,
-  // all those pixels will be painted to by both parts, which looks very bad.
 
   destDrawTarget->PopClip();
 }

From c0e0b96fbec43fd7a76d006409ca19b3674c5920 Mon Sep 17 00:00:00 2001
From: Nicolas Silva <nsilva@mozilla.com>
Date: Fri, 13 Jul 2018 14:41:44 +0200
Subject: [PATCH 03/14] Bug 1474722 - Add a reftest. r=Bas

---
 gfx/tests/reftest/1474722-ref.html | 17 +++++++++++++++++
 gfx/tests/reftest/1474722.html     | 17 +++++++++++++++++
 gfx/tests/reftest/reftest.list     |  1 +
 3 files changed, 35 insertions(+)
 create mode 100644 gfx/tests/reftest/1474722-ref.html
 create mode 100644 gfx/tests/reftest/1474722.html

diff --git a/gfx/tests/reftest/1474722-ref.html b/gfx/tests/reftest/1474722-ref.html
new file mode 100644
index 000000000000..e0fadcf53f22
--- /dev/null
+++ b/gfx/tests/reftest/1474722-ref.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <style>
+    .shadowed {
+      box-shadow: 0 0 35px rgba(0, 0, 0, .9);
+      border: 1px solid lightgray;
+      margin: 0 2em;
+      float: left;
+    }
+  </style>
+</head>
+<body style = "overflow:hidden">
+<div class="shadowed" style="height: 200vh"> long shadow </div>
+</body>
+</html>
diff --git a/gfx/tests/reftest/1474722.html b/gfx/tests/reftest/1474722.html
new file mode 100644
index 000000000000..9920eee23841
--- /dev/null
+++ b/gfx/tests/reftest/1474722.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <style>
+    .shadowed {
+      box-shadow: 0 0 35px rgba(0, 0, 0, .9);
+      border: 1px solid lightgray;
+      margin: 0 2em;
+      float: left;
+    }
+  </style>
+</head>
+<body style = "overflow:hidden">
+<div class="shadowed" style="height: 100000px"> long shadow </div>
+</body>
+</html>
diff --git a/gfx/tests/reftest/reftest.list b/gfx/tests/reftest/reftest.list
index b29dd3bfae44..1c6e15f95b0e 100644
--- a/gfx/tests/reftest/reftest.list
+++ b/gfx/tests/reftest/reftest.list
@@ -13,5 +13,6 @@ fuzzy(100,30) == 1149923.html 1149923-ref.html # use fuzzy due to few distorted
 == 1435143.html 1435143-ref.html
 == 1444904.html 1444904-ref.html
 == 1451168.html 1451168-ref.html
+== 1474722.html 1474722-ref.html
 fuzzy(5-32,21908-26354) fuzzy-if(webrender,0-1,0-3) == 1463802.html 1463802-ref.html
 == 1461313.html 1461313-ref.html

From dd4332f07c58155666aa8821986a47811446cf8f Mon Sep 17 00:00:00 2001
From: Trisha Gupta <guptatrisha97@gmail.com>
Date: Tue, 17 Jul 2018 21:36:53 +0530
Subject: [PATCH 04/14] Bug 1475025 - Vertically center the various error pages
 r=johannh

--HG--
extra : rebase_source : 3f43e92511c39a58e7bcb1e524175490dcf24639
---
 browser/base/content/aboutNetError.js               | 2 --
 browser/themes/shared/aboutNetError-new.css         | 1 +
 toolkit/themes/shared/in-content/info-pages.inc.css | 1 +
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/browser/base/content/aboutNetError.js b/browser/base/content/aboutNetError.js
index 7dac762a5022..ebc4267b6c85 100644
--- a/browser/base/content/aboutNetError.js
+++ b/browser/base/content/aboutNetError.js
@@ -178,7 +178,6 @@ function initPage() {
   }
   if (showCaptivePortalUI) {
     initPageCaptivePortal();
-    updateContainerPosition();
     return;
   }
   if (gIsCertError) {
@@ -295,7 +294,6 @@ function initPage() {
       span.textContent = document.location.hostname;
     }
   }
-  updateContainerPosition();
 }
 
 function updateContainerPosition() {
diff --git a/browser/themes/shared/aboutNetError-new.css b/browser/themes/shared/aboutNetError-new.css
index 52f2a6bd7a3e..6d3aeb5922fa 100644
--- a/browser/themes/shared/aboutNetError-new.css
+++ b/browser/themes/shared/aboutNetError-new.css
@@ -13,6 +13,7 @@ body.certerror {
   border-color: #ffe900;
   border-width: 16px;
   width: 100%;
+  justify-content: normal;
 }
 
 body.captiveportal .title {
diff --git a/toolkit/themes/shared/in-content/info-pages.inc.css b/toolkit/themes/shared/in-content/info-pages.inc.css
index 05e69b237a0c..d261777ab108 100644
--- a/toolkit/themes/shared/in-content/info-pages.inc.css
+++ b/toolkit/themes/shared/in-content/info-pages.inc.css
@@ -17,6 +17,7 @@ body {
   min-height: 100vh;
   padding: 40px 48px;
   align-items: center;
+  justify-content: center;
 }
 
 body.wide-container {

From 46dbbe67cef638e7777865d6966ed734a4a45058 Mon Sep 17 00:00:00 2001
From: Paolo Amadini <paolo.mozmail@amadzone.org>
Date: Wed, 18 Jul 2018 13:51:57 +0100
Subject: [PATCH 05/14] Bug 1381706 - Don't wait for XBL construction in the
 handler applications list tests. r=bgrins

MozReview-Commit-ID: GL2SruwqBDs

--HG--
extra : rebase_source : 8376331823fa8e4eecdfb50a10f4ccbcb0a28060
---
 .../preferences/in-content/tests/browser.ini  |  5 +----
 .../tests/browser_applications_selection.js   | 21 ++++++-------------
 .../tests/browser_change_app_handler.js       |  6 +-----
 3 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/browser/components/preferences/in-content/tests/browser.ini b/browser/components/preferences/in-content/tests/browser.ini
index 97e9a09d6a4c..373f1ecc0162 100644
--- a/browser/components/preferences/in-content/tests/browser.ini
+++ b/browser/components/preferences/in-content/tests/browser.ini
@@ -9,7 +9,6 @@ support-files =
   addons/set_newtab.xpi
 
 [browser_applications_selection.js]
-skip-if = os == 'linux' || verify # bug 1382057
 [browser_advanced_update.js]
 skip-if = !updater
 [browser_basic_rebuild_fonts_test.js]
@@ -36,9 +35,7 @@ skip-if = !updater
 support-files =
   browser_bug1184989_prevent_scrolling_when_preferences_flipped.xul
 [browser_change_app_handler.js]
-skip-if = os != "win" || (os == "win" && os_version == "6.1") || (verify && debug)
-# This test tests the windows-specific app selection dialog, so can't run on non-Windows.
-# Skip the test on Window 7, see the detail at Bug 1381706.
+skip-if = os != "win" # Windows-specific handler application selection dialog
 [browser_checkspelling.js]
 [browser_connection.js]
 [browser_connection_bug388287.js]
diff --git a/browser/components/preferences/in-content/tests/browser_applications_selection.js b/browser/components/preferences/in-content/tests/browser_applications_selection.js
index f10d53690848..353abba2a70f 100644
--- a/browser/components/preferences/in-content/tests/browser_applications_selection.js
+++ b/browser/components/preferences/in-content/tests/browser_applications_selection.js
@@ -30,10 +30,7 @@ add_task(async function selectInternalOptionForFeed() {
   container.selectItem(feedItem);
   Assert.ok(feedItem.selected, "Should be able to select our item.");
 
-  // Wait for the menu.
-  let list = await TestUtils.waitForCondition(() =>
-    win.document.getAnonymousElementByAttribute(feedItem, "class", "actionsMenu"));
-  info("Got list after item was selected");
+  let list = feedItem.querySelector(".actionsMenu");
 
   // Find the "Add Live bookmarks option".
   let chooseItems = list.getElementsByAttribute("action", Ci.nsIHandlerInfo.handleInternally);
@@ -45,9 +42,6 @@ add_task(async function selectInternalOptionForFeed() {
   chooseItems[0].dispatchEvent(cmdEvent);
 
   // Check that we display the correct result.
-  list = await TestUtils.waitForCondition(() =>
-    win.document.getAnonymousElementByAttribute(feedItem, "class", "actionsMenu"));
-  info("Got list after item was selected");
   Assert.ok(list.selectedItem, "Should have a selected item.");
   Assert.equal(list.selectedItem.getAttribute("action"),
                Ci.nsIHandlerInfo.handleInternally,
@@ -62,17 +56,10 @@ add_task(async function reselectInternalOptionForFeed() {
 
   container.selectItem(anotherItem);
 
-  // Wait for the menu so that we don't hit race conditions.
-  await TestUtils.waitForCondition(() =>
-    win.document.getAnonymousElementByAttribute(anotherItem, "class", "actionsMenu"));
-  info("Got list after item was selected");
-
   // Now select the feed item again, and check what it is displaying.
   container.selectItem(feedItem);
 
-  let list = await TestUtils.waitForCondition(() =>
-    win.document.getAnonymousElementByAttribute(feedItem, "class", "actionsMenu"));
-  info("Got list after item was selected");
+  let list = feedItem.querySelector(".actionsMenu");
 
   Assert.ok(list.selectedItem,
             "Should have a selected item");
@@ -118,6 +105,10 @@ add_task(async function sortingCheck() {
   actionColumn.click();
   assertSortByAction("descending");
 
+  // Restore the default sort order
+  typeColumn.click();
+  assertSortByType("ascending");
+
   function assertSortByAction(order) {
   Assert.equal(actionColumn.getAttribute("sortDirection"),
                order,
diff --git a/browser/components/preferences/in-content/tests/browser_change_app_handler.js b/browser/components/preferences/in-content/tests/browser_change_app_handler.js
index db5cb8f34716..ced29279bc42 100644
--- a/browser/components/preferences/in-content/tests/browser_change_app_handler.js
+++ b/browser/components/preferences/in-content/tests/browser_change_app_handler.js
@@ -28,8 +28,7 @@ add_task(async function() {
   container.selectItem(ourItem);
   ok(ourItem.selected, "Should be able to select our item.");
 
-  let list = await TestUtils.waitForCondition(() => win.document.getAnonymousElementByAttribute(ourItem, "class", "actionsMenu"));
-  info("Got list after item was selected");
+  let list = ourItem.querySelector(".actionsMenu");
 
   let chooseItem = list.firstChild.querySelector(".choose-app-item");
   let dialogLoadedPromise = promiseLoadSubDialog("chrome://global/content/appPicker.xul");
@@ -51,8 +50,6 @@ add_task(async function() {
   ok(mimeInfo.preferredApplicationHandler.equals(selectedApp), "App should be set as preferred.");
 
   // Check that we display this result:
-  list = await TestUtils.waitForCondition(() => win.document.getAnonymousElementByAttribute(ourItem, "class", "actionsMenu"));
-  info("Got list after item was selected");
   ok(list.selectedItem, "Should have a selected item");
   ok(mimeInfo.preferredApplicationHandler.equals(list.selectedItem.handlerApp),
      "App should be visible as preferred item.");
@@ -84,7 +81,6 @@ add_task(async function() {
   ok(!mimeInfo.preferredApplicationHandler, "App should no longer be set as preferred.");
 
   // Check that we display this result:
-  list = await TestUtils.waitForCondition(() => win.document.getAnonymousElementByAttribute(ourItem, "class", "actionsMenu"));
   ok(list.selectedItem, "Should have a selected item");
   ok(!list.selectedItem.handlerApp,
      "No app should be visible as preferred item.");

From f473f4d5603cc1e78385b3e81b76b86a47491d9d Mon Sep 17 00:00:00 2001
From: Paolo Amadini <paolo.mozmail@amadzone.org>
Date: Sat, 7 Jul 2018 12:45:55 +0100
Subject: [PATCH 06/14] Bug 1472555 - Part 1 - Remove listbox crashtests and
 reftests. r=bz

Most of the removed tests are specific to listbox code, some are related to fixes already covered elsewhere, and some have no associated fix and were originally checked in just for good measure.

MozReview-Commit-ID: 3AQXoKy6HhU

--HG--
extra : rebase_source : 88781275bfdb436c0bb4249972435ad74e95002e
---
 dom/xbl/crashtests/404125-1.xhtml           |  29 ---
 dom/xbl/crashtests/415301-1.xul             |  34 ---
 dom/xbl/crashtests/463511-1.xhtml           |   9 -
 dom/xbl/crashtests/crashtests.list          |   3 -
 layout/base/crashtests/354771-1.xul         |  28 ---
 layout/base/crashtests/373919.xhtml         |  29 ---
 layout/base/crashtests/376223-1.xhtml       |  29 ---
 layout/base/crashtests/383102-1.xhtml       |  13 --
 layout/base/crashtests/383806-1.xhtml       |  29 ---
 layout/base/crashtests/400185-1.xul         |  21 --
 layout/base/crashtests/414175-1.xul         |  26 ---
 layout/base/crashtests/428113.xhtml         |   2 -
 layout/base/crashtests/514104-1.xul         |  22 --
 layout/base/crashtests/crashtests.list      |   9 -
 layout/generic/crashtests/363848-1.xhtml    |  10 -
 layout/generic/crashtests/472957.xhtml      |  14 --
 layout/generic/crashtests/494300-1.xul      |  49 ----
 layout/generic/crashtests/547338.xul        |  27 ---
 layout/generic/crashtests/crashtests.list   |   4 -
 layout/reftests/bugs/486848-1-ref.xul       |  12 -
 layout/reftests/bugs/486848-1.xul           |  25 --
 layout/reftests/bugs/498228-1-ref.xul       |  27 ---
 layout/reftests/bugs/498228-1.xul           |  31 ---
 layout/reftests/bugs/reftest.list           |   2 -
 layout/xul/crashtests/265161-1.xul          |   9 -
 layout/xul/crashtests/326834-1-inner.xul    |  17 --
 layout/xul/crashtests/326834-1.html         |   9 -
 layout/xul/crashtests/360642-1.xul          |   9 -
 layout/xul/crashtests/383236-1.xul          |   5 -
 layout/xul/crashtests/384491-1.xhtml        |   8 -
 layout/xul/crashtests/394120-1.xhtml        |  19 --
 layout/xul/crashtests/397293.xhtml          |  21 --
 layout/xul/crashtests/397304-1.html         |   1 -
 layout/xul/crashtests/398326-1.xhtml        |  17 --
 layout/xul/crashtests/400779-1.xhtml        |  16 --
 layout/xul/crashtests/415394-1.xhtml        |  28 ---
 layout/xul/crashtests/420424-1.xul          |   6 -
 layout/xul/crashtests/431738.xhtml          |   7 -
 layout/xul/crashtests/432058-1.xul          |  31 ---
 layout/xul/crashtests/432068-1.xul          |  31 ---
 layout/xul/crashtests/432068-2.xul          |  24 --
 layout/xul/crashtests/433296-1.xul          |   5 -
 layout/xul/crashtests/433429.xul            |  23 --
 layout/xul/crashtests/464149-1.xul          |  24 --
 layout/xul/crashtests/467481-1.xul          |   6 -
 layout/xul/crashtests/488210-1.xhtml        |  19 --
 layout/xul/crashtests/495728-1.xul          | 239 --------------------
 layout/xul/crashtests/508927-1.xul          |   6 -
 layout/xul/crashtests/508927-2.xul          |   6 -
 layout/xul/crashtests/514300-1.xul          |  14 --
 layout/xul/crashtests/536931-1.xhtml        |   4 -
 layout/xul/crashtests/crashtests.list       |  26 ---
 layout/xul/grid/crashtests/306911-crash.xul |   4 -
 layout/xul/grid/crashtests/321073-1.xul     |   7 -
 layout/xul/grid/crashtests/382750-1.xul     |   5 -
 layout/xul/grid/crashtests/400790-1.xul     |  20 --
 layout/xul/grid/crashtests/crashtests.list  |   4 -
 57 files changed, 1154 deletions(-)
 delete mode 100644 dom/xbl/crashtests/404125-1.xhtml
 delete mode 100644 dom/xbl/crashtests/415301-1.xul
 delete mode 100644 dom/xbl/crashtests/463511-1.xhtml
 delete mode 100644 layout/base/crashtests/354771-1.xul
 delete mode 100644 layout/base/crashtests/373919.xhtml
 delete mode 100644 layout/base/crashtests/376223-1.xhtml
 delete mode 100644 layout/base/crashtests/383102-1.xhtml
 delete mode 100644 layout/base/crashtests/383806-1.xhtml
 delete mode 100644 layout/base/crashtests/400185-1.xul
 delete mode 100644 layout/base/crashtests/414175-1.xul
 delete mode 100644 layout/base/crashtests/428113.xhtml
 delete mode 100644 layout/base/crashtests/514104-1.xul
 delete mode 100644 layout/generic/crashtests/363848-1.xhtml
 delete mode 100644 layout/generic/crashtests/472957.xhtml
 delete mode 100644 layout/generic/crashtests/494300-1.xul
 delete mode 100644 layout/generic/crashtests/547338.xul
 delete mode 100644 layout/reftests/bugs/486848-1-ref.xul
 delete mode 100644 layout/reftests/bugs/486848-1.xul
 delete mode 100644 layout/reftests/bugs/498228-1-ref.xul
 delete mode 100644 layout/reftests/bugs/498228-1.xul
 delete mode 100644 layout/xul/crashtests/265161-1.xul
 delete mode 100644 layout/xul/crashtests/326834-1-inner.xul
 delete mode 100644 layout/xul/crashtests/326834-1.html
 delete mode 100644 layout/xul/crashtests/360642-1.xul
 delete mode 100644 layout/xul/crashtests/383236-1.xul
 delete mode 100644 layout/xul/crashtests/384491-1.xhtml
 delete mode 100644 layout/xul/crashtests/394120-1.xhtml
 delete mode 100644 layout/xul/crashtests/397293.xhtml
 delete mode 100644 layout/xul/crashtests/397304-1.html
 delete mode 100644 layout/xul/crashtests/398326-1.xhtml
 delete mode 100644 layout/xul/crashtests/400779-1.xhtml
 delete mode 100644 layout/xul/crashtests/415394-1.xhtml
 delete mode 100644 layout/xul/crashtests/420424-1.xul
 delete mode 100644 layout/xul/crashtests/431738.xhtml
 delete mode 100644 layout/xul/crashtests/432058-1.xul
 delete mode 100644 layout/xul/crashtests/432068-1.xul
 delete mode 100644 layout/xul/crashtests/432068-2.xul
 delete mode 100644 layout/xul/crashtests/433296-1.xul
 delete mode 100644 layout/xul/crashtests/433429.xul
 delete mode 100644 layout/xul/crashtests/464149-1.xul
 delete mode 100644 layout/xul/crashtests/467481-1.xul
 delete mode 100644 layout/xul/crashtests/488210-1.xhtml
 delete mode 100644 layout/xul/crashtests/495728-1.xul
 delete mode 100644 layout/xul/crashtests/508927-1.xul
 delete mode 100644 layout/xul/crashtests/508927-2.xul
 delete mode 100644 layout/xul/crashtests/514300-1.xul
 delete mode 100644 layout/xul/crashtests/536931-1.xhtml
 delete mode 100644 layout/xul/grid/crashtests/306911-crash.xul
 delete mode 100644 layout/xul/grid/crashtests/321073-1.xul
 delete mode 100644 layout/xul/grid/crashtests/382750-1.xul
 delete mode 100644 layout/xul/grid/crashtests/400790-1.xul

diff --git a/dom/xbl/crashtests/404125-1.xhtml b/dom/xbl/crashtests/404125-1.xhtml
deleted file mode 100644
index 46b0fd6f8d5b..000000000000
--- a/dom/xbl/crashtests/404125-1.xhtml
+++ /dev/null
@@ -1,29 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<head>
-
-<bindings xmlns="http://www.mozilla.org/xbl">
-  <binding id="lc">
-    <content>
-      <xul:listcell> t <children/></xul:listcell>
-    </content>
-  </binding>
-</bindings>
-
-<script>
-function boom()
-{
-  var hbox = document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", "hbox");
-  document.getElementById("vv").appendChild(hbox);
-}
-</script>
-
-</head>
-
-<body onload="boom();">
-
-<div style="-moz-binding: url(#lc);" id="vv"></div>
-
-</body>
-
-</html>
diff --git a/dom/xbl/crashtests/415301-1.xul b/dom/xbl/crashtests/415301-1.xul
deleted file mode 100644
index cee274fcd3af..000000000000
--- a/dom/xbl/crashtests/415301-1.xul
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet href="chrome://global/skin/global.css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        onload="boom();">
-
-
-<bindings xmlns="http://www.mozilla.org/xbl">
-
-<binding id="chil"><content><children/></content></binding>
-
-<binding id="ichil"><content>
-<xul:hbox style="-moz-binding: url(#chil)"><children/></xul:hbox>
-</content></binding>
-
-</bindings>
-
-
-<script type="text/javascript">
-
-function boom()
-{
-  document.getElementById("inner").removeChild(document.getElementById("lbb"));
-  document.getElementById("outer").style.MozBinding = "";
-}
-
-</script>
-
-
-<hbox id="outer" style="-moz-binding: url(#chil)"><hbox id="inner" style="-moz-binding: url(#ichil)"><listboxbody id="lbb" /></hbox></hbox>
-
-
-</window>
diff --git a/dom/xbl/crashtests/463511-1.xhtml b/dom/xbl/crashtests/463511-1.xhtml
deleted file mode 100644
index a9fec3b5099b..000000000000
--- a/dom/xbl/crashtests/463511-1.xhtml
+++ /dev/null
@@ -1,9 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" style="-moz-binding: url(#foo)">
-<head>
-<bindings xmlns="http://www.mozilla.org/xbl">
-<binding id="foo"><content><listcell xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"><children xmlns="http://www.mozilla.org/xbl"/></listcell></content></binding>
-</bindings>
-</head>
-
-<body onload="document.documentElement.innerHTML = 'x';"></body>
-</html>
diff --git a/dom/xbl/crashtests/crashtests.list b/dom/xbl/crashtests/crashtests.list
index bc53bd2811d0..434d7300c044 100644
--- a/dom/xbl/crashtests/crashtests.list
+++ b/dom/xbl/crashtests/crashtests.list
@@ -14,19 +14,16 @@ load 378521-1.xhtml
 load 382376-1.xhtml
 load 382376-2.xhtml
 load 397596-1.xhtml
-load 404125-1.xhtml
 load 406900-1.xul
 load 406904-1.xhtml
 load 406904-2.xhtml
 load 415192-1.xul
-load 415301-1.xul
 load 418133-1.xhtml
 load 420233-1.xhtml
 load 421997-1.xhtml
 load 432813-1.xhtml
 load 454820-1.html
 load 460665-1.xhtml
-load 463511-1.xhtml
 load 464863-1.xhtml
 load 472260-1.xhtml
 load 477878-1.html
diff --git a/layout/base/crashtests/354771-1.xul b/layout/base/crashtests/354771-1.xul
deleted file mode 100644
index 0ff2ba8e7910..000000000000
--- a/layout/base/crashtests/354771-1.xul
+++ /dev/null
@@ -1,28 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<listbox flex="1" style="float: right">
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="foo"/>
-  <listitem label="b" style="float: left;"/>
-  <listitem label="c" style="position: absolute"/>
-</listbox>
-
-</window>
diff --git a/layout/base/crashtests/373919.xhtml b/layout/base/crashtests/373919.xhtml
deleted file mode 100644
index 42b194b9e530..000000000000
--- a/layout/base/crashtests/373919.xhtml
+++ /dev/null
@@ -1,29 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-
-<object id="mw_ij" xmlns="http://www.w3.org/1999/xhtml" style="display: none;"/>
-
-<textnode xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-  <dir xmlns="http://www.w3.org/1999/xhtml" style="overflow: scroll;position: fixed;"/>
-</textnode>
-
-<wizardpage id="mw_ab" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-  <label id="mw_kl">
-    <toolbox style="float: right;"/>
-  </label>
-</wizardpage>
-
-<listbox id="mw_cd" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"/>
-
-<script xmlns="http://www.w3.org/1999/xhtml">
-function doe() {
-document.getElementById('mw_ab').insertBefore(document.getElementById('mw_cd'), document.getElementById('mw_ab').childNodes[0]);
-document.documentElement.offsetHeight;
-document.getElementById('mw_ij').appendChild(document.getElementById('mw_kl'));
-document.documentElement.offsetHeight;
-}
-setTimeout(doe, 100);
-
-setTimeout(function() {window.location=window.location;}, 500);
-</script>
-
-</html>
\ No newline at end of file
diff --git a/layout/base/crashtests/376223-1.xhtml b/layout/base/crashtests/376223-1.xhtml
deleted file mode 100644
index 91d72b1ffe82..000000000000
--- a/layout/base/crashtests/376223-1.xhtml
+++ /dev/null
@@ -1,29 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml"
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<head>
-<script>
-
-function boom()
-{
-  var listbox = document.getElementById("listbox");
-  var td = document.getElementById("td");
-
-  var listitem = document.createElementNS(XUL_NS, "listitem");
-
-  listbox.appendChild(listitem);
-  listbox.appendChild(td);
-}
-
-var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-</script>
-</head>
-
-<body onload="boom();">
-
-<table><tbody><tr><td id="td">X</td></tr></tbody></table>
-
-<xul:listbox id="listbox"/>
-
-</body>
-</html>
diff --git a/layout/base/crashtests/383102-1.xhtml b/layout/base/crashtests/383102-1.xhtml
deleted file mode 100644
index a7661ef7df8e..000000000000
--- a/layout/base/crashtests/383102-1.xhtml
+++ /dev/null
@@ -1,13 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml"
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" >
-<body>
-
-<xul:hbox>
-  <xul:hbox>
-    <xul:listboxbody><xul:hbox/><span><div></div></span></xul:listboxbody>
-  </xul:hbox>
-  <xul:toolbarbutton/>
-</xul:hbox>
-
-</body>
-</html>
diff --git a/layout/base/crashtests/383806-1.xhtml b/layout/base/crashtests/383806-1.xhtml
deleted file mode 100644
index 91d72b1ffe82..000000000000
--- a/layout/base/crashtests/383806-1.xhtml
+++ /dev/null
@@ -1,29 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml"
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<head>
-<script>
-
-function boom()
-{
-  var listbox = document.getElementById("listbox");
-  var td = document.getElementById("td");
-
-  var listitem = document.createElementNS(XUL_NS, "listitem");
-
-  listbox.appendChild(listitem);
-  listbox.appendChild(td);
-}
-
-var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-</script>
-</head>
-
-<body onload="boom();">
-
-<table><tbody><tr><td id="td">X</td></tr></tbody></table>
-
-<xul:listbox id="listbox"/>
-
-</body>
-</html>
diff --git a/layout/base/crashtests/400185-1.xul b/layout/base/crashtests/400185-1.xul
deleted file mode 100644
index 1ca9442402a2..000000000000
--- a/layout/base/crashtests/400185-1.xul
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml-stylesheet href="chrome://browser/skin/" type="text/css"?>
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="setTimeout(doe, 30);" class="reftest-wait">
-<popupgroup id="a"/>
-<listcols>
-<nativescrollbar id="c">
-<treecols/>
-</nativescrollbar>
-</listcols>
-
-<script>
-function doe() {
-  document.documentElement.id = "true";
-  document.documentElement.removeChild(document.getElementById('a')); 
-  var ne = document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", 'popupgroup'); 
-  document.documentElement.appendChild(ne); 
-  document.getElementById('c').appendChild(document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", 'treecols'));
-  document.documentElement.removeChild(ne);
-  document.documentElement.removeAttribute("class");
-}
-</script>
-</window>
diff --git a/layout/base/crashtests/414175-1.xul b/layout/base/crashtests/414175-1.xul
deleted file mode 100644
index 6d3c3d31f3b7..000000000000
--- a/layout/base/crashtests/414175-1.xul
+++ /dev/null
@@ -1,26 +0,0 @@
-<xul xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="boom();">
-
-<script type="text/javascript">
-
-function boom()
-{
-  var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-  var oldListbox = document.getElementById("oldListbox");
-  var listitem = document.getElementById("listitem");
-  var newListbox = document.createElementNS(XUL_NS, "listbox");
-  var newHbox = document.createElementNS(XUL_NS, "hbox");
-
-  oldListbox.appendChild(newListbox);
-  listitem.appendChild(newHbox);
-
-  newListbox.style.display = "inline";
-  oldListbox.style.display = "block";
-  newHbox.style.display = "inline";
-}
-
-</script>
-
-<listbox id="oldListbox"><listitem id="listitem" /></listbox>
-
-</xul>
diff --git a/layout/base/crashtests/428113.xhtml b/layout/base/crashtests/428113.xhtml
deleted file mode 100644
index a319676a3c93..000000000000
--- a/layout/base/crashtests/428113.xhtml
+++ /dev/null
@@ -1,2 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-<listbox xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" style="float: right;"><listitem/><listitem/><listitem/><listitem/><listitem/><listitem label="foo"/><listitem style="position: absolute;"/></listbox></html>
diff --git a/layout/base/crashtests/514104-1.xul b/layout/base/crashtests/514104-1.xul
deleted file mode 100644
index bb410b5ce0fe..000000000000
--- a/layout/base/crashtests/514104-1.xul
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
-
-<!-- there must be no extra elements in the document -->
-
-<window onload="
-            document.documentElement.removeChild(document.getElementById('b'));
-            document.getElementById('l').removeChild(document.getElementById('h'));
-            document.documentElement.appendChild(document.createElementNS('http://www.w3.org/1999/xhtml', 'span'));"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<bindings xmlns="http://www.mozilla.org/xbl" id="b">
-    <binding id="foo">
-        <content><listitem xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"><children xmlns="http://www.mozilla.org/xbl"/></listitem></content>
-    </binding>
-</bindings>
-
-<listbox id="l" style="-moz-binding: url(&quot;#foo&quot;);"><hbox id="h"/></listbox>
-
-<listitem/>
-
-</window>
diff --git a/layout/base/crashtests/crashtests.list b/layout/base/crashtests/crashtests.list
index 6d81793dd099..ede2b5d6718f 100644
--- a/layout/base/crashtests/crashtests.list
+++ b/layout/base/crashtests/crashtests.list
@@ -116,7 +116,6 @@ load 350128-1.xhtml
 load 350267-1.html
 load 354133-1.html
 load 354766-1.xhtml
-load 354771-1.xul
 load 355989-1.xhtml
 load 355993-1.xhtml
 load 356325-1.xul
@@ -145,11 +144,9 @@ load 372237-1.html
 load 372475-1.xhtml
 load 372550-1.html
 load 373628-1.html
-load 373919.xhtml
 load 374193-1.xhtml
 load 374297-1.html
 load 374297-2.html
-load 376223-1.xhtml
 load 378325-1.html
 load 378682.html
 load 379105-1.xhtml
@@ -161,9 +158,7 @@ load 379920-2.svg
 load 379975.html
 load 380096-1.html
 load 382204-1.html # bug 1323680
-load 383102-1.xhtml
 load 383129-1.html
-load 383806-1.xhtml
 load 384344-1.html
 load 384392-1.xhtml
 load 384392-2.svg
@@ -197,7 +192,6 @@ load 399940-1.xhtml
 load 399946-1.xhtml
 load 399951-1.html
 load 399994-1.html
-load 400185-1.xul
 load 400445-1.xhtml
 load 400904-1.xhtml
 load 401589-1.xul
@@ -228,7 +222,6 @@ load 411870-1.html
 load 412651-1.html
 load 413587-1.svg
 load 414058-1.html
-load 414175-1.xul
 load 415503.xhtml
 load 416107.xhtml # bug 1323652
 HTTP load 419985.html
@@ -241,7 +234,6 @@ load 421432.html
 load 422276.html
 asserts(0-1) load 423107-1.xhtml # bug 866955
 load 425981-1.html
-load 428113.xhtml
 load 428138-1.html
 load 428448-1.html
 load 429088-1.html
@@ -327,7 +319,6 @@ load 500467-1.html
 load 501878-1.html
 load 503936-1.html
 load 507119.html
-load 514104-1.xul
 load 522374-1.html
 load 522374-2.html
 load 526378-1.xul
diff --git a/layout/generic/crashtests/363848-1.xhtml b/layout/generic/crashtests/363848-1.xhtml
deleted file mode 100644
index 0af2085ef91c..000000000000
--- a/layout/generic/crashtests/363848-1.xhtml
+++ /dev/null
@@ -1,10 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml"
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-      
-<body>
-
-<xul:listbox />
-
-</body>
-
-</html>
\ No newline at end of file
diff --git a/layout/generic/crashtests/472957.xhtml b/layout/generic/crashtests/472957.xhtml
deleted file mode 100644
index 7b4fbd0369f3..000000000000
--- a/layout/generic/crashtests/472957.xhtml
+++ /dev/null
@@ -1,14 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<head>
-
-<bindings xmlns="http://www.mozilla.org/xbl">
-  <binding id="b">
-    <content><xul:hbox><children/></xul:hbox></content>
-  </binding>  
-</bindings>
-
-</head>
-
-<body><xul:listboxbody height="168178912813" style="-moz-binding: url(#b);"><xul:iframe/></xul:listboxbody></body>
-
-</html>
diff --git a/layout/generic/crashtests/494300-1.xul b/layout/generic/crashtests/494300-1.xul
deleted file mode 100644
index 8aa9701ddd50..000000000000
--- a/layout/generic/crashtests/494300-1.xul
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="boom();" class="reftest-wait">
-<script type="text/javascript">
-// <![CDATA[
-
-var HTML_NS   = "http://www.w3.org/1999/xhtml";
-var MATHML_NS = "http://www.w3.org/1998/Math/MathML";
-var XUL_NS    = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-function boom()
-{
-    var listbox = document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", "listbox");
-    var listitem = document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", "listitem");
-    listbox.appendChild(listitem);
-    document.documentElement.appendChild(listbox);
-    var hbox = document.createElementNS(XUL_NS, "hbox");
-    listbox.appendChild(hbox);
-    var mphantom = document.createElementNS(MATHML_NS, 'mphantom');
-    listbox.appendChild(mphantom);
-    var wax = document.createElementNS(MATHML_NS, 'wax');
-    hbox.appendChild(wax);
-    var msub = document.createElementNS(MATHML_NS, 'msub');
-    wax.appendChild(msub);
-    var merror = document.createElementNS(MATHML_NS, 'merror');
-    wax.appendChild(merror);
-    var span = document.createElementNS(HTML_NS, 'span');
-    mphantom.appendChild(span);
-    var vbox = document.createElementNS(XUL_NS, 'vbox');
-    span.appendChild(vbox);
-
-    setTimeout(boom2, 0);
-
-    function boom2()
-    {
-        var munderover = document.createElementNS(MATHML_NS, 'munderover'); 
-        msub.appendChild(munderover);
-        var mtext = document.createElementNS(MATHML_NS, 'mtext');
-        span.appendChild(mtext);
-
-        document.documentElement.removeAttribute("class");
-    }
-}
-
-// ]]>
-</script>
-</window>
diff --git a/layout/generic/crashtests/547338.xul b/layout/generic/crashtests/547338.xul
deleted file mode 100644
index f977049a3055..000000000000
--- a/layout/generic/crashtests/547338.xul
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<script type="text/javascript">
-<![CDATA[
-
-function boom()
-{
-  document.getElementById("list").ensureIndexIsVisible(4);
-  document.getElementById("i4").style.fontSize = "10000%";
-}
-
-window.addEventListener("load", boom, false);
-
-]]>
-</script>
-
-<listbox id="list" rows="3">
-  <listitem/>
-  <listitem/>
-  <listitem/>
-  <listitem id="i4" label="Item 4"/><listitem/>
-</listbox>
-
-</window>
diff --git a/layout/generic/crashtests/crashtests.list b/layout/generic/crashtests/crashtests.list
index 125278241141..0142b21a31d9 100644
--- a/layout/generic/crashtests/crashtests.list
+++ b/layout/generic/crashtests/crashtests.list
@@ -62,7 +62,6 @@ load 360599.html
 load 363448.html
 load 363722-1.html
 load 363722-2.html
-load 363848-1.xhtml
 load 364220.html
 load 364407-1.html
 load 364686-1.xhtml
@@ -342,7 +341,6 @@ load 472617-1.xhtml
 load 472774-1.html
 load 472776-1.html
 load 472950-1.html
-load 472957.xhtml
 load 473278-1.xhtml
 load 473894-1.html
 load 476241-1.html
@@ -364,7 +362,6 @@ load 493118-1.html
 load 493649.html
 load 494283-1.xhtml
 load 494283-2.html
-load 494300-1.xul
 load 494332-1.html
 load 495875-1.html
 load 495875-2.html
@@ -411,7 +408,6 @@ load 541714-1.html
 load 541714-2.html
 load 542136-1.html
 load 545571-1.html
-load 547338.xul
 load 547843-1.xhtml
 load 551635-1.html
 load 553504-1.xhtml
diff --git a/layout/reftests/bugs/486848-1-ref.xul b/layout/reftests/bugs/486848-1-ref.xul
deleted file mode 100644
index 2f6657495c1a..000000000000
--- a/layout/reftests/bugs/486848-1-ref.xul
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<listbox id="listbox">
-  <listitem id="a">a</listitem>
-  <listitem>b</listitem>
-  <listitem id="c">c</listitem>
-</listbox>
-
-</window>
diff --git a/layout/reftests/bugs/486848-1.xul b/layout/reftests/bugs/486848-1.xul
deleted file mode 100644
index ec9f1d0e13d5..000000000000
--- a/layout/reftests/bugs/486848-1.xul
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-	onload="boom();">
-
-<script type="text/javascript">
-
-function boom()
-{
-  var c = document.getElementById("c");
-  var n = document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", "listitem");
-  n.textContent = "b";
-  c.parentNode.insertBefore(n, c);
-}
-
-</script>
-
-<listbox id="listbox">
-  <listitem id="a">a</listitem>
-  <listitem id="c">c</listitem>
-</listbox>
-
-</window>
diff --git a/layout/reftests/bugs/498228-1-ref.xul b/layout/reftests/bugs/498228-1-ref.xul
deleted file mode 100644
index 323acf86671d..000000000000
--- a/layout/reftests/bugs/498228-1-ref.xul
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0"?>
-
-<window id="list-testcase" title="Testcase"
-        xmlns:html="http://www.w3.org/1999/xhtml"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        class="reftest-wait">
-
-<script>
-function dotest() {
-  var list = document.getElementById('list');
-  list.ensureIndexIsVisible(4);
-  setTimeout("document.documentElement.className = ''", 0);
-}
-
-window.addEventListener("load", dotest, false);
-
-</script>
-		
-<listbox id="list" rows="3" seltype="single">
-<listitem label="Item 1"/>
-<listitem label="Item 2"/>
-<listitem label="Item 3"/>
-<listitem label="Item 4"/>
-<listitem label="Item 5" selected="true"/>
-</listbox>
-
-</window>
diff --git a/layout/reftests/bugs/498228-1.xul b/layout/reftests/bugs/498228-1.xul
deleted file mode 100644
index c11a634f0b84..000000000000
--- a/layout/reftests/bugs/498228-1.xul
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0"?>
-
-<window id="list-testcase" title="Testcase"
-        xmlns:html="http://www.w3.org/1999/xhtml"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        class="reftest-wait">
-
-<script>
-function fill() {
-  var list = document.getElementById('list');
-  for (var i = 1; i != 6; i++) {
-    list.appendItem("Item " + i, "");
-  }
-}
-
-function dotest() {
-  fill();
-  var list = document.getElementById('list');
-  list.ensureIndexIsVisible(4);
-  list.selectItem(list.getItemAtIndex(4));
-  setTimeout("document.documentElement.className = ''", 0);
-}
-
-window.addEventListener("load", dotest, false);
-
-</script>
-		
-<listbox id="list" rows="3" seltype="single">
-</listbox>
-
-</window>
diff --git a/layout/reftests/bugs/reftest.list b/layout/reftests/bugs/reftest.list
index b5753a2ced04..e1d2012057e8 100644
--- a/layout/reftests/bugs/reftest.list
+++ b/layout/reftests/bugs/reftest.list
@@ -1342,7 +1342,6 @@ fuzzy-if(skiaContent,1,5) == 482659-1d.html 482659-1-ref.html
 == 486052-2f.html 486052-2-ref.html
 == 486052-2g.html 486052-2-ref.html
 == 486065-1.html 486065-1-ref.html
-== 486848-1.xul 486848-1-ref.xul
 == 487539-1.html about:blank
 == 488390-1.html 488390-1-ref.html
 == 488649-1.html 488649-1-ref.html
@@ -1385,7 +1384,6 @@ random-if(/^Windows\x20NT\x206\.1/.test(http.oscpu)) == 495385-3.html 495385-3-r
 random-if(/^Windows\x20NT\x206\.1/.test(http.oscpu)) == 495385-4.html 495385-4-ref.html # Bug 1392106
 == 496032-1.html 496032-1-ref.html
 == 496840-1.html 496840-1-ref.html
-fuzzy-if(skiaContent,1,17000) == 498228-1.xul 498228-1-ref.xul
 == 501037.html 501037-ref.html
 == 501257-1a.html 501257-1-ref.html
 == 501257-1b.html 501257-1-ref.html
diff --git a/layout/xul/crashtests/265161-1.xul b/layout/xul/crashtests/265161-1.xul
deleted file mode 100644
index 75a995790fef..000000000000
--- a/layout/xul/crashtests/265161-1.xul
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0"?>
-<window
-	xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-	xmlns:html="http://www.w3.org/1999/xhtml">
-			<html:div>
-				<listitem>
-				</listitem>
-			</html:div>
-</window>
diff --git a/layout/xul/crashtests/326834-1-inner.xul b/layout/xul/crashtests/326834-1-inner.xul
deleted file mode 100644
index 0fbdca7ab24d..000000000000
--- a/layout/xul/crashtests/326834-1-inner.xul
+++ /dev/null
@@ -1,17 +0,0 @@
-<window title="Testcase bug 326834 - Crash with evil xul testcase, using listbox/listitem and display: table-cell"
-        xmlns:html="http://www.w3.org/1999/xhtml"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<listbox>
-  <listitem label="This page should not crash Mozilla"/>
-</listbox>
-<html:script>
-function doe() {
-var el=document.getElementsByTagName('*');
-document.getElementsByTagName('listbox')[0].style.display = 'table-cell';
-document.getElementsByTagName('listitem')[0].style.display = 'table-cell';
-window.getComputedStyle(document.getElementsByTagName('listitem')[0], '').getPropertyValue("height");
-document.getElementsByTagName('listitem')[0].style.display = '';
-}
-setTimeout(doe,500);
-</html:script>
-</window>
diff --git a/layout/xul/crashtests/326834-1.html b/layout/xul/crashtests/326834-1.html
deleted file mode 100644
index ca531caa61c2..000000000000
--- a/layout/xul/crashtests/326834-1.html
+++ /dev/null
@@ -1,9 +0,0 @@
-<html class="reftest-wait">
-<head>
-<script>
-setTimeout('document.documentElement.className = ""', 1000);
-</script>
-<body>
-<iframe src="326834-1-inner.xul"></iframe>
-</body>
-</html>
diff --git a/layout/xul/crashtests/360642-1.xul b/layout/xul/crashtests/360642-1.xul
deleted file mode 100644
index 5e37020a5517..000000000000
--- a/layout/xul/crashtests/360642-1.xul
+++ /dev/null
@@ -1,9 +0,0 @@
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
-        class="reftest-wait"
-        onload="setTimeout(function() { var foo = document.getElementById('foo'); foo.parentNode.removeChild(foo); document.documentElement.removeAttribute('class'); }, 30);">
-        
-  <listboxbody>
-    <hbox id="foo"/>
-  </listboxbody>
-  
-</window>
diff --git a/layout/xul/crashtests/383236-1.xul b/layout/xul/crashtests/383236-1.xul
deleted file mode 100644
index 244df65f1197..000000000000
--- a/layout/xul/crashtests/383236-1.xul
+++ /dev/null
@@ -1,5 +0,0 @@
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<listbox><listhead>x</listhead></listbox>
-
-</window>
\ No newline at end of file
diff --git a/layout/xul/crashtests/384491-1.xhtml b/layout/xul/crashtests/384491-1.xhtml
deleted file mode 100644
index 2eb065f8d204..000000000000
--- a/layout/xul/crashtests/384491-1.xhtml
+++ /dev/null
@@ -1,8 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" 
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<body>
-
-<xul:listboxbody style="overflow: hidden" />
-
-</body>
-</html>
diff --git a/layout/xul/crashtests/394120-1.xhtml b/layout/xul/crashtests/394120-1.xhtml
deleted file mode 100644
index 9df44786218b..000000000000
--- a/layout/xul/crashtests/394120-1.xhtml
+++ /dev/null
@@ -1,19 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" 
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<head>
-<script>
-function boom()
-{
-  var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-  var xultext = document.createElementNS(XUL_NS, "text");
-  var hbox = document.getElementById("hbox")
-  hbox.appendChild(xultext);
-}
-</script>
-</head>
-<body onload="boom();">
-
-<xul:listboxbody><xul:hbox id="hbox" /></xul:listboxbody>
-
-</body>
-</html>
diff --git a/layout/xul/crashtests/397293.xhtml b/layout/xul/crashtests/397293.xhtml
deleted file mode 100644
index cfd18192152f..000000000000
--- a/layout/xul/crashtests/397293.xhtml
+++ /dev/null
@@ -1,21 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml"  
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-      style="opacity: 0.2;">
-<head>
-<script>
-
-function x()
-{
-  document.documentElement.style.counterReset = "chicken";
-  
-  document.body.offsetHeight;
-}
-
-</script>
-</head>
-
-<body onload="setTimeout(x, 0);">Foo</body>
-
-<xul:listbox/>
-
-</html>
diff --git a/layout/xul/crashtests/397304-1.html b/layout/xul/crashtests/397304-1.html
deleted file mode 100644
index 3501f0581199..000000000000
--- a/layout/xul/crashtests/397304-1.html
+++ /dev/null
@@ -1 +0,0 @@
-<html><body><listboxbody style="display: -moz-grid-group;"></listboxbody></body></html>
\ No newline at end of file
diff --git a/layout/xul/crashtests/398326-1.xhtml b/layout/xul/crashtests/398326-1.xhtml
deleted file mode 100644
index a265ae4e007e..000000000000
--- a/layout/xul/crashtests/398326-1.xhtml
+++ /dev/null
@@ -1,17 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<script>
-var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-function boom()
-{
-  var listbox = document.createElementNS(XUL_NS, 'listbox');
-  document.body.appendChild(listbox);
-  var listitem = document.createElementNS(XUL_NS, 'listitem');
-  listbox.appendChild(listitem);
-}
-</script>
-</head>
-<body onload="boom();">
-</body>
-</html>
diff --git a/layout/xul/crashtests/400779-1.xhtml b/layout/xul/crashtests/400779-1.xhtml
deleted file mode 100644
index c0f5d493c791..000000000000
--- a/layout/xul/crashtests/400779-1.xhtml
+++ /dev/null
@@ -1,16 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<head>
-<script>
-
-function boom()
-{
-  var menulist = document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", "menulist");
-  document.getElementById("h").appendChild(menulist);
-}
-
-</script>
-</head>
-<body onload="boom();">
-<xul:listboxbody><xul:hbox id="h"/></xul:listboxbody>
-</body>
-</html>
diff --git a/layout/xul/crashtests/415394-1.xhtml b/layout/xul/crashtests/415394-1.xhtml
deleted file mode 100644
index 7dc24dc9f7d7..000000000000
--- a/layout/xul/crashtests/415394-1.xhtml
+++ /dev/null
@@ -1,28 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" 
-      xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-      class="reftest-wait">
-<head>
-<script type="text/javascript">
-
-function boom()
-{
-  document.execCommand("justifycenter", false, null);
-
-  var listboxbody = document.getElementById("lbb");
-  listboxbody.height = 9;
-  setTimeout(boom2, 0);
-
-  function boom2()
-  {
-    var td = document.createElementNS("http://www.w3.org/1999/xhtml", "td");
-    listboxbody.appendChild(td);
-    document.documentElement.removeAttribute("class");
-  }
-}
-
-</script>
-</head>
-
-<body onload="setTimeout(boom, 0);" contenteditable="true"><xul:listboxbody id="lbb"><xul:hbox/><span><col style="width: 100px;" /></span></xul:listboxbody></body>
-
-</html>
diff --git a/layout/xul/crashtests/420424-1.xul b/layout/xul/crashtests/420424-1.xul
deleted file mode 100644
index e608417065e9..000000000000
--- a/layout/xul/crashtests/420424-1.xul
+++ /dev/null
@@ -1,6 +0,0 @@
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        onload="document.getElementById('a').ensureElementIsVisible(null);">
-
-<listbox id="a"/>
-
-</window>
diff --git a/layout/xul/crashtests/431738.xhtml b/layout/xul/crashtests/431738.xhtml
deleted file mode 100644
index 9ce917a3fb31..000000000000
--- a/layout/xul/crashtests/431738.xhtml
+++ /dev/null
@@ -1,7 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<body>
-<div>
-<span style="font-size: 0pt;"><xul:listboxbody><span style="border: 1px solid red;"/></xul:listboxbody></span>
-</div>
-</body>
-</html>
diff --git a/layout/xul/crashtests/432058-1.xul b/layout/xul/crashtests/432058-1.xul
deleted file mode 100644
index a7f63adf8d90..000000000000
--- a/layout/xul/crashtests/432058-1.xul
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="boom();">
-
-<script type="text/javascript">
-// <![CDATA[
-
-var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-function boom()
-{
-  var lb = document.getElementById("lb");
-  var firstli = document.getElementById("firstli");
-  lb.appendChild(document.createElementNS(XUL_NS, "hbox"));
-  lb.appendChild(document.createElementNS(XUL_NS, "listitem"));
-  firstli.style.display = "none";
-
-  // Flush layout.
-  document.getBoxObjectFor(document.documentElement).height;
-
-  lb.removeChild(firstli);
-}
-
-// ]]>
-</script>
-
-<listbox id="lb"><listitem id="firstli"/></listbox>
-
-</window>
diff --git a/layout/xul/crashtests/432068-1.xul b/layout/xul/crashtests/432068-1.xul
deleted file mode 100644
index 02c3114e61a8..000000000000
--- a/layout/xul/crashtests/432068-1.xul
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="boom();">
-
-<hbox style="display: none;">
-  <bindings xmlns="http://www.mozilla.org/xbl">
-    <binding id="x">
-      <content><listitem xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"/></content>
-    </binding>
-  </bindings>
-</hbox>
-
-<script type="text/javascript">
-
-function boom()
-{
-  document.getElementById("b").style.MozBinding = "url('#x')";
-  
-  // Flush layout.
-  document.documentElement.boxObject.height;
-  
-  document.getElementById("listbox").removeChild(document.getElementById("c"));
-}
-
-</script>
-
-<listbox id="listbox"><listitem/><listitem id="b"/><listitem id="c"/></listbox>
-
-</window>
diff --git a/layout/xul/crashtests/432068-2.xul b/layout/xul/crashtests/432068-2.xul
deleted file mode 100644
index c75984bae951..000000000000
--- a/layout/xul/crashtests/432068-2.xul
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="boom();">
-
-<script type="text/javascript">
-
-function boom()
-{
-  var l = document.createElementNS("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul", "listitem");
-  l.style.display = "none";
-
-  var c = document.getElementById("c");
-  c.parentNode.insertBefore(l, c);
-  
-  document.getElementById("listbox").removeChild(document.getElementById("c"));
-}
-
-</script>
-
-<listbox id="listbox"><listitem/><listitem id="c"/></listbox>
-
-</window>
diff --git a/layout/xul/crashtests/433296-1.xul b/layout/xul/crashtests/433296-1.xul
deleted file mode 100644
index 10fd0ec7b39c..000000000000
--- a/layout/xul/crashtests/433296-1.xul
+++ /dev/null
@@ -1,5 +0,0 @@
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<hbox><listboxbody><listheader/><hbox><iframe/></hbox></listboxbody><tabpanels><tabpanels/></tabpanels></hbox>
-
-</window>
diff --git a/layout/xul/crashtests/433429.xul b/layout/xul/crashtests/433429.xul
deleted file mode 100644
index a52bce68f9b1..000000000000
--- a/layout/xul/crashtests/433429.xul
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="boom();">
-
-<script type="text/javascript">
-
-function boom()
-{
-  var listbox = document.getElementById("listbox");
-
-  listbox.removeChild(listbox.childNodes[1]);
-  document.documentElement.style.MozBinding = "url('data:text/xml,%3Cbindings%20xmlns%3D%22http%3A%2F%2Fwww.mozilla.org%2Fxbl%22%3E%3Cbinding%20id%3D%22foo%22%3E%3Ccontent%3E%0A%3Chbox%20xmlns%3D%22http%3A%2F%2Fwww.mozilla.org%2Fkeymaster%2Fgatekeeper%2Fthere.is.only.xul%22%2F%3E%0A%3C%2Fcontent%3E%3C%2Fbinding%3E%3C%2Fbindings%3E%0A')";
-  document.documentElement.boxObject.height;
-  listbox.removeChild(listbox.childNodes[0]);
-}
-
-</script>
-
-<listbox id="listbox" style="-moz-binding: url(data:text/xml,%3Cbindings%20xmlns%3D%22http%3A%2F%2Fwww.mozilla.org%2Fxbl%22%3E%3Cbinding%20id%3D%22foo%22%3E%3Ccontent%3E%0A%3Clistbox%20xmlns%3D%22http%3A%2F%2Fwww.mozilla.org%2Fkeymaster%2Fgatekeeper%2Fthere.is.only.xul%22%3E%3Cchildren%20xmlns%3D%22http%3A%2F%2Fwww.mozilla.org%2Fxbl%22%2F%3E%3C%2Flistbox%3E%0A%3C%2Fcontent%3E%3C%2Fbinding%3E%3C%2Fbindings%3E%0A);"><listitem/><listitem/></listbox>
-
-</window>
diff --git a/layout/xul/crashtests/464149-1.xul b/layout/xul/crashtests/464149-1.xul
deleted file mode 100644
index 556656f0217c..000000000000
--- a/layout/xul/crashtests/464149-1.xul
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window onload="boom();" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<bindings xmlns="http://www.mozilla.org/xbl">
-  <binding id="m"><content><xul:textbox type="text"><children/></xul:textbox></content></binding>
-</bindings>
-
-<script type="text/javascript">
-<![CDATA[
-
-function boom()
-{
-  document.getElementById("b").style.MozBinding = 'url("data:text/xml,' + encodeURIComponent("<bindings xmlns='http://www.mozilla.org/xbl'><binding id='foo'><content><hbox xmlns='http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul'><children xmlns='http://www.mozilla.org/xbl'/></hbox></content></binding></bindings>\n") + '")';
-}
-
-]]>
-</script>
-
-<listbox style="float: right;"><listitem/><listitem id="b"/><listitem><hbox style="-moz-binding: url(#m);"/></listitem></listbox>
-
-</window>
diff --git a/layout/xul/crashtests/467481-1.xul b/layout/xul/crashtests/467481-1.xul
deleted file mode 100644
index 56fbd44413d0..000000000000
--- a/layout/xul/crashtests/467481-1.xul
+++ /dev/null
@@ -1,6 +0,0 @@
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="document.getElementById('a').setAttribute('ordinal', 30);">
-  <listbox>
-    <listitem id="a"/>
-    <listitem><iframe/></listitem>
-  </listbox>
-</window>
diff --git a/layout/xul/crashtests/488210-1.xhtml b/layout/xul/crashtests/488210-1.xhtml
deleted file mode 100644
index 9c8e2640c1eb..000000000000
--- a/layout/xul/crashtests/488210-1.xhtml
+++ /dev/null
@@ -1,19 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<script type="text/javascript">
-
-function boom()
-{
-  var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-  var listbox = document.createElementNS(XUL_NS, 'listbox');
-  document.body.appendChild(listbox);
-  listbox.appendChild(document.createElementNS(XUL_NS, 'listitem'));
-  listbox.appendChild(document.createElementNS(XUL_NS, 'listboxbody'));
-  listbox.appendChild(document.createElementNS(XUL_NS, 'hbox'));
-}
-
-</script>
-</head>
-
-<body onload="boom();"></body>
-</html>
diff --git a/layout/xul/crashtests/495728-1.xul b/layout/xul/crashtests/495728-1.xul
deleted file mode 100644
index ee8498d054d5..000000000000
--- a/layout/xul/crashtests/495728-1.xul
+++ /dev/null
@@ -1,239 +0,0 @@
-<?xml version="1.0"?>
-
-<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
-
-<window id="list-testcase" title="Testcase"
-        xmlns:html="http://www.w3.org/1999/xhtml"
-        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
-        class="reftest-wait">
-
-<script>
-function scrollup() {
-  var list = document.getElementById('list');
-  var firstindex = list.getIndexOfItem(document.getElementById('first'));
-  list.ensureIndexIsVisible(firstindex);
-  setTimeout("document.documentElement.removeAttribute('class')",1);
-}
-
-function scrolldown() {
-  var list = document.getElementById('list');
-  var lastindex = list.getIndexOfItem(document.getElementById('last'));
-  list.ensureIndexIsVisible(lastindex);
-  setTimeout("scrollup()",1);
-}
-
-window.addEventListener("load", scrolldown, false);
-</script>
-		
-<listbox id="list">
-<listitem label="Item x" id="first"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x"/>
-<listitem label="Item x" id="last"/>
-</listbox>
-
-</window>
diff --git a/layout/xul/crashtests/508927-1.xul b/layout/xul/crashtests/508927-1.xul
deleted file mode 100644
index 98faff4a6c11..000000000000
--- a/layout/xul/crashtests/508927-1.xul
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<bindings xmlns="http://www.mozilla.org/xbl"><binding id="foo"><content><xul:listrows xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"><xul:listboxbody/><children xmlns="http://www.mozilla.org/xbl"/></xul:listrows></content></binding></bindings>
-<hbox style="-moz-binding: url(#foo);"><listitem/><listitem/></hbox>
-</window>
diff --git a/layout/xul/crashtests/508927-2.xul b/layout/xul/crashtests/508927-2.xul
deleted file mode 100644
index 5bf4f9a0c775..000000000000
--- a/layout/xul/crashtests/508927-2.xul
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-<bindings xmlns="http://www.mozilla.org/xbl"><binding id="foo"><content><xul:listrows xmlns:xul="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"><xul:listboxbody/><children xmlns="http://www.mozilla.org/xbl"/></xul:listrows></content></binding></bindings>
-<hbox style="-moz-binding: url(#foo);"><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/><listitem/></hbox>
-</window>
diff --git a/layout/xul/crashtests/514300-1.xul b/layout/xul/crashtests/514300-1.xul
deleted file mode 100644
index d0d655011e59..000000000000
--- a/layout/xul/crashtests/514300-1.xul
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
-
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="document.getElementById('listbox').removeChild(document.getElementById('span'));">
-
-<bindings xmlns="http://www.mozilla.org/xbl">
-  <binding id="foo">
-    <content><listitem xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"><children xmlns="http://www.mozilla.org/xbl"/></listitem></content>
-  </binding>
-</bindings>
-
-<listbox id="listbox" style="-moz-binding: url(#foo)"><span xmlns="http://www.w3.org/1999/xhtml" id="span"/></listbox>
-
-</window>
diff --git a/layout/xul/crashtests/536931-1.xhtml b/layout/xul/crashtests/536931-1.xhtml
deleted file mode 100644
index 6f3fc1396a56..000000000000
--- a/layout/xul/crashtests/536931-1.xhtml
+++ /dev/null
@@ -1,4 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-<listbox id="listbox" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"><tab/></listbox>
-<script>window.addEventListener("load", function() { document.documentElement.appendChild(document.getElementById("listbox")); }, false);</script>
-</html>
diff --git a/layout/xul/crashtests/crashtests.list b/layout/xul/crashtests/crashtests.list
index 156acc360f90..6ff450aa8e8f 100644
--- a/layout/xul/crashtests/crashtests.list
+++ b/layout/xul/crashtests/crashtests.list
@@ -5,7 +5,6 @@ load 151826-1.xul
 load 168724-1.xul
 load 189814-1.xul
 load 237787-1.xul
-load 265161-1.xul
 load 289410-1.xul
 load 290743.html
 load 291702-1.xul
@@ -16,7 +15,6 @@ load 311457-1.html
 load 321056-1.xhtml
 load 322786-1.xul
 load 325377.xul
-load 326834-1.html
 load 326879-1.xul
 load 327776-1.xul
 load 328135-1.xul
@@ -28,7 +26,6 @@ load 344228-1.xul
 load 346083-1.xul
 load 346281-1.xul
 load 350460.xul
-load 360642-1.xul
 load 365151.xul
 load 366112-1.xul
 load 366203-1.xul
@@ -42,52 +39,29 @@ load 378961.html
 load 381862.html
 load 382746-1.xul
 load 382899-1.xul
-load 383236-1.xul
 load 384037-1.xhtml
 load 384105-1.html
 load 384373.html
-load 384491-1.xhtml
 load 384871-1.html
 load 386642.xul
 load 387033-1.xhtml
 load 387080-1.xul
 load 391974-1.html
-load 394120-1.xhtml
-load 397293.xhtml # bug 1323652
-load 397304-1.html
-load 398326-1.xhtml
 load 399013.xul
-load 400779-1.xhtml
 load 402912-1.xhtml
 load 404192.xhtml
 load 407152.xul
 load 408904-1.xul
 load 412479-1.xhtml
-load 415394-1.xhtml
 load 417509.xul
-load 420424-1.xul
 load 430356-1.xhtml
-load 431738.xhtml
-load 432058-1.xul
-load 432068-1.xul
-load 432068-2.xul
-load 433296-1.xul
-load 433429.xul
 load 452185.html
-load 464149-1.xul
 asserts(0-1) load 464407-1.xhtml # Bugs 450974, 1267054, 718883
 load 467080.xul
-load 467481-1.xul
 load 470063-1.html
 load 470272.html
 load 472189.xul
 load 475133.html
-load 488210-1.xhtml
-load 495728-1.xul
-load 508927-1.xul
-load 508927-2.xul
-load 514300-1.xul
-load 536931-1.xhtml
 load 538308-1.xul
 load 557174-1.xml
 load 564705-1.xul
diff --git a/layout/xul/grid/crashtests/306911-crash.xul b/layout/xul/grid/crashtests/306911-crash.xul
deleted file mode 100644
index cf55dfdf876f..000000000000
--- a/layout/xul/grid/crashtests/306911-crash.xul
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0"?>

<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>

<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">

<listbox id="thelist" flex="1">
  <listitem label="Item1" value="item1">
-     <listitem label="Item2" value="item2"/>
-  </listitem>
</listbox>

-</window>
\ No newline at end of file
diff --git a/layout/xul/grid/crashtests/321073-1.xul b/layout/xul/grid/crashtests/321073-1.xul
deleted file mode 100644
index b92098b623ee..000000000000
--- a/layout/xul/grid/crashtests/321073-1.xul
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0"?>
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-  <listcols>
-    <grid/>
-    <listitem/>
-  </listcols>
-</window>
\ No newline at end of file
diff --git a/layout/xul/grid/crashtests/382750-1.xul b/layout/xul/grid/crashtests/382750-1.xul
deleted file mode 100644
index 7a9da73ec713..000000000000
--- a/layout/xul/grid/crashtests/382750-1.xul
+++ /dev/null
@@ -1,5 +0,0 @@
-<window xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-<grid><rows><listbox/></rows></grid>
-
-</window>
diff --git a/layout/xul/grid/crashtests/400790-1.xul b/layout/xul/grid/crashtests/400790-1.xul
deleted file mode 100644
index 4de709428644..000000000000
--- a/layout/xul/grid/crashtests/400790-1.xul
+++ /dev/null
@@ -1,20 +0,0 @@
-<xul xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" onload="boom();">
-
-<script>
-
-function boom()
-{
-  var XUL_NS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-  var newListbox = document.createElementNS(XUL_NS, "listbox");
-  document.getElementById("listbox").appendChild(newListbox);
-
-  var newHbox = document.createElementNS(XUL_NS, "hbox");
-  document.getElementById("listitem").appendChild(newHbox);
-}
-
-</script>
-
-<listbox id="listbox"><listitem id="listitem" /></listbox>
-
-</xul>
diff --git a/layout/xul/grid/crashtests/crashtests.list b/layout/xul/grid/crashtests/crashtests.list
index afe8e1002753..5007bc2eacfe 100644
--- a/layout/xul/grid/crashtests/crashtests.list
+++ b/layout/xul/grid/crashtests/crashtests.list
@@ -1,11 +1,7 @@
-load 306911-crash.xul
 load 306911-grid-testcases.xul
 load 306911-grid-testcases2.xul
 load 311710-1.xul
 load 312784-1.xul
 load 313173-1.html
 load 321066-1.xul
-load 321073-1.xul
-load 382750-1.xul
-load 400790-1.xul
 load 423802-crash.xul

From 4999d683f44ea13d525b49d9b3ec5147aecfc7d4 Mon Sep 17 00:00:00 2001
From: Paolo Amadini <paolo.mozmail@amadzone.org>
Date: Sat, 7 Jul 2018 19:21:41 +0100
Subject: [PATCH 07/14] Bug 1472555 - Part 2 - Convert DOM tests to use the
 "richlistbox" element. r=bz

MozReview-Commit-ID: 4byIEZCsyw7

--HG--
extra : rebase_source : b538bdae42307002d01334fbc0220a65c6e901bd
---
 dom/tests/mochitest/chrome/window_focus.xul    | 18 +++++++++---------
 .../mochitest/general/test_focusrings.xul      |  6 +++---
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/dom/tests/mochitest/chrome/window_focus.xul b/dom/tests/mochitest/chrome/window_focus.xul
index fc68c35a3054..989694495b0a 100644
--- a/dom/tests/mochitest/chrome/window_focus.xul
+++ b/dom/tests/mochitest/chrome/window_focus.xul
@@ -299,7 +299,7 @@ function mouseWillTriggerFocus(element)
                                          element.type == "password")) {
       return true;
     }
-  } else if (element.localName == "listbox") {
+  } else if (element.localName == "richlistbox") {
     return true;
   }
 
@@ -457,7 +457,7 @@ function startTest()
 
     mouseOnElement(element, getById("t" + idx), true, "mouse on element t" + idx);
     var expectedWindow = (element.ownerGlobal == gChildWindow) ? gChildWindow : window;
-    if (element.localName == "listbox" && expectedWindow == window &&
+    if (element.localName == "richlistbox" && expectedWindow == window &&
         navigator.platform.indexOf("Mac") == 0) {
       // after focusing a listbox on Mac, clear the focus before continuing.
       setFocusTo(null, window);
@@ -1634,9 +1634,9 @@ SimpleTest.waitForFocus(startTest);
 <hbox id="innerbox">
   <button id="t4" accesskey="h" label="no tabindex"/>
   <button id="o1" accesskey="i" label="tabindex = -1" tabindex="-1"/>
-  <listbox id="t5" label="tabindex = 0" tabindex="0" rows="1">
-    <listitem/>
-  </listbox>
+  <richlistbox id="t5" label="tabindex = 0" tabindex="0" width="50">
+    <richlistitem height="10"/>
+  </richlistbox>
   <button id="t1" label="tabindex = 2" tabindex="2"/>
 </hbox>
 <hbox>
@@ -1649,9 +1649,9 @@ SimpleTest.waitForFocus(startTest);
   <button id="t7" style="-moz-user-focus: normal;" label="no tabindex"/>
   <button id="o3" style="-moz-user-focus: normal;" label="tabindex = -1" tabindex="-1"/>
   <button id="t8" style="-moz-user-focus: normal;" label="tabindex = 0" tabindex="0"/>
-  <listbox id="t3" style="-moz-user-focus: normal;" label="tabindex = 2" tabindex="2" rows="1">
-    <listitem/>
-  </listbox>
+  <richlistbox id="t3" style="-moz-user-focus: normal;" label="tabindex = 2" tabindex="2" width="50">
+    <richlistitem height="10"/>
+  </richlistbox>
 </hbox>
 <hbox>
   <button accesskey="p" style="display: none;"/> <button accesskey="q" style="visibility: collapse;"/>
@@ -1709,7 +1709,7 @@ SimpleTest.waitForFocus(startTest);
 <checkbox id="o5"/><checkbox id="o7"/><hbox><checkbox id="o9"/></hbox>
 <checkbox id="o13"/><checkbox id="o15"/><checkbox id="o17"/><checkbox id="o19"/><checkbox id="o21"/><checkbox id="o23"/><checkbox id="o25"/>
 <checkbox id="n2"/><checkbox id="n4"/>
-<listbox id="last" width="20" rows="1"/>
+<richlistbox id="last" width="20" height="20"/>
 
 <iframe id="ifa" width="40" height="60" style="-moz-user-focus: ignore;" type="content"
         src="data:text/html,&lt;input id=fra size='2'&gt;&lt;input id='fra-b' size='2'&gt;
diff --git a/dom/tests/mochitest/general/test_focusrings.xul b/dom/tests/mochitest/general/test_focusrings.xul
index a4c4673092ac..1818fd9a8464 100644
--- a/dom/tests/mochitest/general/test_focusrings.xul
+++ b/dom/tests/mochitest/general/test_focusrings.xul
@@ -161,9 +161,9 @@ SimpleTest.waitForFocus(runTest);
 ]]>
 </script>
 
-<listbox id="l1" class="plain" height="20"/>
-<listbox id="l2" class="plain" height="20"/>
-<listbox id="l3" class="plain" height="20"/>
+<richlistbox id="l1" class="plain" height="20"/>
+<richlistbox id="l2" class="plain" height="20"/>
+<richlistbox id="l3" class="plain" height="20"/>
 <button id="b1" label="Button"/>
 <button id="b2" label="Button"/>
 <button id="b3" label="Button"/>

From 84701651c4aa0d33a433f9003fc108b91cbb5d37 Mon Sep 17 00:00:00 2001
From: Paolo Amadini <paolo.mozmail@amadzone.org>
Date: Sat, 7 Jul 2018 19:43:17 +0100
Subject: [PATCH 08/14] Bug 1472555 - Part 3 - Convert Toolkit tests to use the
 "richlistbox" element. r=bgrins

MozReview-Commit-ID: By1FhB70wOh

--HG--
extra : rebase_source : 629275e04d7ffef82307f32dee219771e18617f4
---
 .../content/tests/chrome/test_hiddenitems.xul | 13 +--
 .../tests/chrome/test_hiddenpaging.xul        | 80 +------------------
 .../content/tests/chrome/test_menulist.xul    | 18 ++---
 .../content/tests/chrome/test_mousescroll.xul | 57 -------------
 .../content/tests/chrome/test_tabindex.xul    |  6 +-
 5 files changed, 14 insertions(+), 160 deletions(-)

diff --git a/toolkit/content/tests/chrome/test_hiddenitems.xul b/toolkit/content/tests/chrome/test_hiddenitems.xul
index 7e44852df931..952d49ab51cf 100644
--- a/toolkit/content/tests/chrome/test_hiddenitems.xul
+++ b/toolkit/content/tests/chrome/test_hiddenitems.xul
@@ -24,17 +24,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=317422
     <richlistitem id="richlistbox_item6"><label value="Item 6"/></richlistitem>
     <richlistitem id="richlistbox_item7" hidden="true"><label value="Item 7"/></richlistitem>
   </richlistbox>
-  
-  <listbox id="listbox" seltype="multiple">
-    <listitem id="listbox_item1" label="Item 1"/>
-    <listitem id="listbox_item2" label="Item 2"/>
-    <listitem id="listbox_item3" label="Item 3" hidden="true"/>
-    <listitem id="listbox_item4" label="Item 4"/>
-    <listitem id="listbox_item5" label="Item 5" collapsed="true"/>
-    <listitem id="listbox_item6" label="Item 6"/>
-    <listitem id="listbox_item7" label="Item 7" hidden="true"/>
-  </listbox>
-  
+
   <!-- test code goes here -->
   <script type="application/javascript"><![CDATA[
 
@@ -82,7 +72,6 @@ function testListbox(id)
 
 window.onload = function runTests() {
   testListbox("richlistbox");
-  testListbox("listbox");
   SimpleTest.finish();
 };
   ]]></script>
diff --git a/toolkit/content/tests/chrome/test_hiddenpaging.xul b/toolkit/content/tests/chrome/test_hiddenpaging.xul
index 37b10971831d..ef1b4d208e0f 100644
--- a/toolkit/content/tests/chrome/test_hiddenpaging.xul
+++ b/toolkit/content/tests/chrome/test_hiddenpaging.xul
@@ -42,25 +42,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=317422
     <richlistitem id="richlistbox_item14"><label value="Item 14"/></richlistitem>
     <richlistitem id="richlistbox_item15" hidden="true"><label value="Item 15"/></richlistitem>
   </richlistbox>
-  
-  <listbox id="listbox" seltype="multiple" rows="5">
-    <listitem id="listbox_item1" label="Item 1"/>
-    <listitem id="listbox_item2" label="Item 2"/>
-    <listitem id="listbox_item3" label="Item 3" hidden="true"/>
-    <listitem id="listbox_item4" label="Item 4"/>
-    <listitem id="listbox_item5" label="Item 5" hidden="true"/>
-    <listitem id="listbox_item6" label="Item 6"/>
-    <listitem id="listbox_item7" label="Item 7"/>
-    <listitem id="listbox_item8" label="Item 8"/>
-    <listitem id="listbox_item9" label="Item 9"/>
-    <listitem id="listbox_item10" label="Item 10"/>
-    <listitem id="listbox_item11" label="Item 11"/>
-    <listitem id="listbox_item12" label="Item 12"/>
-    <listitem id="listbox_item13" label="Item 13"/>
-    <listitem id="listbox_item14" label="Item 14"/>
-    <listitem id="listbox_item15" label="Item 15" hidden="true"/>
-  </listbox>
-  
+
   <!-- test code goes here -->
   <script type="application/javascript"><![CDATA[
 
@@ -93,68 +75,8 @@ function testRichlistbox()
   is(listbox.getIndexOfFirstVisibleRow(), 0, id + ": Third page up should not have scrolled at all");
 }
 
-function testListbox()
-{
-  var id = "listbox";
-  var listbox = document.getElementById(id);
-
-  if (!window.matchMedia("(-moz-overlay-scrollbars)").matches) {
-   // Check that a scrollbar is visible by comparing the width of the listitem
-   // with the width of the listbox. This is a simple way to do this without
-   // checking the anonymous content.
-   ok(listbox.firstChild.getBoundingClientRect().width < listbox.getBoundingClientRect().width - 10,
-      id + ": Scrollbar visible");
- }
-
-  var rowHeight = listbox.firstChild.getBoundingClientRect().height;
-
-  listbox.focus();
-  listbox.selectedIndex = 0;
-  sendKey("PAGE_DOWN");
-  is(listbox.selectedItem.id, id + "_item8", id + ": Page down should go to the item one visible page away");
-  is(listbox.getIndexOfFirstVisibleRow(), 7, id + ": Page down should have scrolled down a visible page");
-  sendKey("PAGE_DOWN");
-  is(listbox.selectedItem.id, id + "_item13", id + ": Second page down should go to the item two visible pages away");
-  is(listbox.getIndexOfFirstVisibleRow(), 9, id + ": Second page down should not scroll beyond the end");
-  sendKey("PAGE_DOWN");
-  is(listbox.selectedItem.id, id + "_item14", id + ": Third page down should go to the last visible item");
-  is(listbox.getIndexOfFirstVisibleRow(), 9, id + ": Third page down should not have scrolled at all");
-  sendKey("PAGE_UP");
-  is(listbox.selectedItem.id, id + "_item9", id + ": Page up should go to the item one visible page away");
-  // the listScrollbox seems to go haywire when scrolling up with hidden listitems
-  todo_is(listbox.getIndexOfFirstVisibleRow(), 3, id + ": Page up should scroll up a visible page");
-  sendKey("PAGE_UP");
-  is(listbox.selectedItem.id, id + "_item2", id + ": Second page up should go to the item two visible pages away");
-  is(listbox.getIndexOfFirstVisibleRow(), 0, id + ": Second page up should not scroll beyond the start");
-  sendKey("PAGE_UP");
-  is(listbox.selectedItem.id, id + "_item1", id + ": Third page up should return to the first visible item");
-  is(listbox.getIndexOfFirstVisibleRow(), 0, id + ": Third page up should not have scrolled at all");
-
-  var scrollHeight = document.getAnonymousNodes(listbox)[1].lastChild.scrollHeight;
-  is(scrollHeight, rowHeight * 15, id + ": scrollHeight when rows set");
-
-  listbox.minHeight = 50;
-  scrollHeight = document.getAnonymousNodes(listbox)[1].lastChild.scrollHeight;
-  is(scrollHeight, rowHeight * 15, id + ": scrollHeight when rows and minimium height set");
-
-  listbox.removeAttribute("rows");
-
-  var availHeight = document.getAnonymousNodes(listbox)[1].lastChild.getBoundingClientRect().height;
-  // The listbox layout adds this extra height in GetPrefSize. Not sure what it's for though.
-  var e = (rowHeight * 15 - availHeight) % rowHeight;
-  var extraHeight = (e == 0) ? 0 : rowHeight - e;
-
-  scrollHeight = document.getAnonymousNodes(listbox)[1].lastChild.scrollHeight;
-  is(scrollHeight, rowHeight * 15 + extraHeight, id + ": scrollHeight when minimium height set");
-
-  listbox.removeAttribute("minheight");
-  scrollHeight = document.getAnonymousNodes(listbox)[1].lastChild.scrollHeight;
-  is(scrollHeight, rowHeight * 15 + extraHeight, id + ": scrollHeight");
-}
-
 window.onload = function runTests() {
   testRichlistbox();
-  testListbox();
   SimpleTest.finish();
 };
   ]]></script>
diff --git a/toolkit/content/tests/chrome/test_menulist.xul b/toolkit/content/tests/chrome/test_menulist.xul
index 079d586c9ae9..356aa0e51f43 100644
--- a/toolkit/content/tests/chrome/test_menulist.xul
+++ b/toolkit/content/tests/chrome/test_menulist.xul
@@ -18,8 +18,8 @@
   <button label="Two"/>
   <button label="Three"/>
 </vbox>
-<listbox id="scroller-in-listbox" style="overflow: auto" height="60">
-  <listitem allowevents="true">
+<richlistbox id="scroller-in-listbox" style="overflow: auto" height="60">
+  <richlistitem allowevents="true">
     <menulist id="menulist-in-listbox" onpopupshown="test_menulist_open(this, this.parentNode.parentNode)"
               onpopuphidden="SimpleTest.executeSoon(checkScrollAndFinish)">
       <menupopup id="menulist-in-listbox-popup">
@@ -27,13 +27,13 @@
         <menuitem label="Two" value="two"/>
       </menupopup>
     </menulist>
-  </listitem>
-  <listitem label="Two"/>
-  <listitem label="Three"/>
-  <listitem label="Four"/>
-  <listitem label="Five"/>
-  <listitem label="Six"/>
-</listbox>
+  </richlistitem>
+  <richlistitem><label value="Two"/></richlistitem>
+  <richlistitem><label value="Three"/></richlistitem>
+  <richlistitem><label value="Four"/></richlistitem>
+  <richlistitem><label value="Five"/></richlistitem>
+  <richlistitem><label value="Six"/></richlistitem>
+</richlistbox>
 
 <hbox>
   <menulist id="menulist-size">
diff --git a/toolkit/content/tests/chrome/test_mousescroll.xul b/toolkit/content/tests/chrome/test_mousescroll.xul
index 5a901257dd86..2555591057d6 100644
--- a/toolkit/content/tests/chrome/test_mousescroll.xul
+++ b/toolkit/content/tests/chrome/test_mousescroll.xul
@@ -31,18 +31,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=378028
     <richlistitem id="richlistbox_item8"><label value="Item 8"/></richlistitem>
   </richlistbox>
 
-  <listbox id="listbox" rows="2">
-    <listitem id="listbox_item0" label="Item 0" hidden="true"/>
-    <listitem id="listbox_item1" label="Item 1"/>
-    <listitem id="listbox_item2" label="Item 2"/>
-    <listitem id="listbox_item3" label="Item 3"/>
-    <listitem id="listbox_item4" label="Item 4"/>
-    <listitem id="listbox_item5" label="Item 5"/>
-    <listitem id="listbox_item6" label="Item 6"/>
-    <listitem id="listbox_item7" label="Item 7"/>
-    <listitem id="listbox_item8" label="Item 8"/>
-  </listbox>
-
   <box orient="horizontal">
     <arrowscrollbox id="hscrollbox" clicktoscroll="true" orient="horizontal"
      smoothscroll="false" style="max-width:80px;" flex="1">
@@ -110,50 +98,6 @@ function sendWheelAndWait(aScrollTaget, aX, aY, aEvent, aChecker)
   });
 }
 
-function* testListbox(id)
-{
-  var listbox = document.getElementById(id);
-
-  function* helper(aStart, aDelta, aIntDelta, aDeltaMode)
-  {
-    listbox.scrollToIndex(aStart);
-    var expectedPos = aStart;
-    if (aIntDelta) {
-      if (aDeltaMode == WheelEvent.DOM_DELTA_PAGE) {
-        expectedPos += aIntDelta > 0 ? listbox.getNumberOfVisibleRows() :
-                                       -listbox.getNumberOfVisibleRows();
-      } else {
-        expectedPos += aIntDelta;
-      }
-    }
-    yield sendWheelAndWait(listbox, 10, 10,
-                           { deltaMode: aDeltaMode, deltaY: aDelta,
-                             lineOrPageDeltaY: aIntDelta },
-                           ()=>{ return listbox.getIndexOfFirstVisibleRow() == expectedPos; });
-    is(listbox.getIndexOfFirstVisibleRow(), expectedPos,
-       "testListbox(" + id +  "): vertical, starting " + aStart +
-         " delta " + aDelta + " lineOrPageDelta " + aIntDelta +
-         " aDeltaMode " + aDeltaMode);
-
-    // Check that horizontal scrolling has no effect
-    listbox.scrollToIndex(aStart);
-    yield sendWheelAndWait(listbox, 10, 10,
-                           { deltaMode: aDeltaMode, deltaX: aDelta,
-                             lineOrPageDeltaX: aIntDelta }, ()=>{ return true; });
-    is(listbox.getIndexOfFirstVisibleRow(), aStart,
-       "testListbox(" + id +  "): horizontal, starting " + aStart +
-         " delta " + aDelta + " lineOrPageDelta " + aIntDelta +
-         " aDeltaMode " + aDeltaMode);
-  }
-  for (let i = 0; i < deltaModes.length; i++) {
-    let delta = (deltaModes[i] == WheelEvent.DOM_DELTA_PIXEL) ? 5.0 : 0.3;
-    yield* helper(5, -delta,  0, deltaModes[i]);
-    yield* helper(5, -delta, -1, deltaModes[i]);
-    yield* helper(5,  delta,  1, deltaModes[i]);
-    yield* helper(5,  delta,  0, deltaModes[i]);
-  }
-}
-
 function* testRichListbox(id)
 {
   var listbox = document.getElementById(id);
@@ -360,7 +304,6 @@ async function prepareRunningTests()
 function* testBody()
 {
   yield* testRichListbox("richlistbox");
-  yield* testListbox("listbox");
   yield* testArrowScrollbox("hscrollbox");
   yield* testArrowScrollbox("vscrollbox");
 }
diff --git a/toolkit/content/tests/chrome/test_tabindex.xul b/toolkit/content/tests/chrome/test_tabindex.xul
index ce746906df28..39e384effb4f 100644
--- a/toolkit/content/tests/chrome/test_tabindex.xul
+++ b/toolkit/content/tests/chrome/test_tabindex.xul
@@ -39,9 +39,9 @@
   <textbox id="t11" idmod="t6" style="-moz-user-focus: ignore;" size="3" tabindex="0"/>
   <textbox id="t4" idmod="t2" style="-moz-user-focus: ignore;" size="3" tabindex="1"/>
 </hbox>
-<listbox id="t12" idmod="t7">
-  <listitem label="Item One"/>
-</listbox>
+<richlistbox id="t12" idmod="t7">
+  <richlistitem><label value="Item One"/></richlistitem>
+</richlistbox>
 
 <hbox>
   <!-- the tabindex attribute does not apply to non-controls, so it

From 98b8539d107725b46a5bb986d56c513d4c20bbbe Mon Sep 17 00:00:00 2001
From: Paolo Amadini <paolo.mozmail@amadzone.org>
Date: Wed, 18 Jul 2018 11:23:22 +0100
Subject: [PATCH 09/14] Bug 1472555 - Part 4 - Remove the "listbox" bindings.
 r=bgrins

MozReview-Commit-ID: Cw90DjEMJpn

--HG--
extra : rebase_source : 74a64794699d65b2a9fe5ae4cb215403657d9e4a
---
 browser/installer/allowed-dupes.mn            |   1 -
 testing/marionette/element.js                 |   2 -
 toolkit/content/widgets/listbox.xml           | 359 ------------------
 toolkit/content/widgets/richlistbox.xml       |   4 -
 toolkit/content/xul.css                       |  82 ----
 toolkit/themes/linux/global/jar.mn            |   1 -
 toolkit/themes/linux/global/listbox.css       |  68 ----
 toolkit/themes/mobile/jar.mn                  |   1 -
 .../osx/global/checkbox/cbox-check-dis.gif    | Bin 60 -> 0 bytes
 toolkit/themes/osx/global/jar.mn              |   2 -
 toolkit/themes/osx/global/listbox.css         |  72 ----
 .../shared/extensions/extensions.inc.css      |   3 +-
 toolkit/themes/windows/global/jar.mn          |   1 -
 toolkit/themes/windows/global/listbox.css     | 167 --------
 14 files changed, 1 insertion(+), 762 deletions(-)
 delete mode 100644 toolkit/themes/linux/global/listbox.css
 delete mode 100644 toolkit/themes/osx/global/checkbox/cbox-check-dis.gif
 delete mode 100644 toolkit/themes/osx/global/listbox.css
 delete mode 100644 toolkit/themes/windows/global/listbox.css

diff --git a/browser/installer/allowed-dupes.mn b/browser/installer/allowed-dupes.mn
index 39a19d85dd60..09fc28e6d86b 100644
--- a/browser/installer/allowed-dupes.mn
+++ b/browser/installer/allowed-dupes.mn
@@ -94,7 +94,6 @@ chrome/toolkit/skin/classic/global/dropmarker.css
 chrome/toolkit/skin/classic/global/global.css
 chrome/toolkit/skin/classic/global/groupbox.css
 chrome/toolkit/skin/classic/global/icons/close-win7.png
-chrome/toolkit/skin/classic/global/listbox.css
 chrome/toolkit/skin/classic/global/menu.css
 chrome/toolkit/skin/classic/global/menulist.css
 chrome/toolkit/skin/classic/global/numberbox.css
diff --git a/testing/marionette/element.js b/testing/marionette/element.js
index 889fd9dc9158..c537c6db76e1 100644
--- a/testing/marionette/element.js
+++ b/testing/marionette/element.js
@@ -38,13 +38,11 @@ const XULNS = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
 const XUL_CHECKED_ELS = new Set([
   "button",
   "checkbox",
-  "listitem",
   "toolbarbutton",
 ]);
 
 /** XUL elements that support selected property. */
 const XUL_SELECTED_ELS = new Set([
-  "listitem",
   "menu",
   "menuitem",
   "menuseparator",
diff --git a/toolkit/content/widgets/listbox.xml b/toolkit/content/widgets/listbox.xml
index 6b44dc00d0bb..9dfcb760a650 100644
--- a/toolkit/content/widgets/listbox.xml
+++ b/toolkit/content/widgets/listbox.xml
@@ -635,293 +635,8 @@
     </handlers>
   </binding>
 
-
-  <!-- Binding for xul:listbox element.
-  -->
-  <binding id="listbox"
-           extends="#listbox-base">
-
-    <resources>
-      <stylesheet src="chrome://global/skin/listbox.css"/>
-    </resources>
-
-    <content>
-      <children includes="listcols">
-        <xul:listcols>
-          <xul:listcol flex="1"/>
-        </xul:listcols>
-      </children>
-      <xul:listrows>
-        <children includes="listhead"/>
-        <xul:listboxbody xbl:inherits="rows,size,minheight">
-          <children includes="listitem"/>
-        </xul:listboxbody>
-      </xul:listrows>
-    </content>
-
-    <implementation>
-
-      <!-- ///////////////// public listbox members ///////////////// -->
-
-      <property name="listBoxObject"
-                onget="return this.boxObject;"
-                readonly="true"/>
-
-      <!-- ///////////////// private listbox members ///////////////// -->
-
-      <field name="_touchY">-1</field>
-
-      <method name="_fireOnSelect">
-        <body>
-        <![CDATA[
-          if (!this._suppressOnSelect && !this.suppressOnSelect) {
-            var event = document.createEvent("Events");
-            event.initEvent("select", true, true);
-            this.dispatchEvent(event);
-          }
-        ]]>
-        </body>
-      </method>
-
-      <constructor>
-      <![CDATA[
-        var count = this.itemCount;
-        for (var index = 0; index < count; index++) {
-          var item = this.getItemAtIndex(index);
-          if (item.getAttribute("selected") == "true")
-            this.selectedItems.append(item);
-        }
-      ]]>
-      </constructor>
-
-      <!-- ///////////////// nsIDOMXULSelectControlElement ///////////////// -->
-
-      <method name="appendItem">
-        <parameter name="aLabel"/>
-        <parameter name="aValue"/>
-        <body>
-          const XULNS =
-            "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul";
-
-          var item = this.ownerDocument.createElementNS(XULNS, "listitem");
-          item.setAttribute("label", aLabel);
-          item.setAttribute("value", aValue);
-          this.appendChild(item);
-          return item;
-        </body>
-      </method>
-
-      <property name="itemCount" readonly="true"
-                onget="return this.listBoxObject.getRowCount()"/>
-
-      <!-- ///////////////// nsIListBoxObject ///////////////// -->
-      <method name="getIndexOfItem">
-        <parameter name="item"/>
-        <body>
-          <![CDATA[
-            if (this._selecting && this._selecting.item == item)
-              return this._selecting.index;
-            return this.listBoxObject.getIndexOfItem(item);
-          ]]>
-        </body>
-      </method>
-      <method name="getItemAtIndex">
-        <parameter name="index"/>
-        <body>
-          <![CDATA[
-            if (this._selecting && this._selecting.index == index)
-              return this._selecting.item;
-            return this.listBoxObject.getItemAtIndex(index);
-          ]]>
-        </body>
-      </method>
-      <method name="ensureIndexIsVisible">
-        <parameter name="index"/>
-        <body>
-          return this.listBoxObject.ensureIndexIsVisible(index);
-        </body>
-      </method>
-      <method name="ensureElementIsVisible">
-        <parameter name="element"/>
-        <body>
-          return this.ensureIndexIsVisible(this.listBoxObject.getIndexOfItem(element));
-        </body>
-      </method>
-      <method name="scrollToIndex">
-        <parameter name="index"/>
-        <body>
-          return this.listBoxObject.scrollToIndex(index);
-        </body>
-      </method>
-      <method name="getNumberOfVisibleRows">
-        <body>
-          return this.listBoxObject.getNumberOfVisibleRows();
-        </body>
-      </method>
-      <method name="getIndexOfFirstVisibleRow">
-        <body>
-          return this.listBoxObject.getIndexOfFirstVisibleRow();
-        </body>
-      </method>
-      <method name="getRowCount">
-        <body>
-          return this.listBoxObject.getRowCount();
-        </body>
-      </method>
-
-      <method name="scrollOnePage">
-        <parameter name="direction"/>  <!-- Must be -1 or 1 -->
-        <body>
-          <![CDATA[
-            var pageOffset = this.getNumberOfVisibleRows() * direction;
-            // skip over invisible elements - the user won't care about them
-            for (var i = 0; i != pageOffset; i += direction) {
-              var item = this.getItemAtIndex(this.currentIndex + i);
-              if (item && !this._canUserSelect(item))
-                pageOffset += direction;
-            }
-            var newTop = this.getIndexOfFirstVisibleRow() + pageOffset;
-            if (direction == 1) {
-              var maxTop = this.getRowCount() - this.getNumberOfVisibleRows();
-              for (i = this.getRowCount(); i >= 0 && i > maxTop; i--) {
-                item = this.getItemAtIndex(i);
-                if (item && !this._canUserSelect(item))
-                  maxTop--;
-              }
-              if (newTop >= maxTop)
-                newTop = maxTop;
-            }
-            if (newTop < 0)
-              newTop = 0;
-            this.scrollToIndex(newTop);
-            return pageOffset;
-          ]]>
-        </body>
-      </method>
-    </implementation>
-
-    <handlers>
-      <handler event="keypress" key=" " phase="target">
-        <![CDATA[
-          if (this.currentItem) {
-            if (this.currentItem.getAttribute("type") != "checkbox") {
-              this.addItemToSelection(this.currentItem);
-              // Prevent page from scrolling on the space key.
-              event.preventDefault();
-            } else if (!this.currentItem.disabled) {
-              this.currentItem.checked = !this.currentItem.checked;
-              this.currentItem.doCommand();
-              // Prevent page from scrolling on the space key.
-              event.preventDefault();
-            }
-          }
-        ]]>
-      </handler>
-
-      <handler event="MozSwipeGesture">
-        <![CDATA[
-          // Figure out which index to show
-          let targetIndex = 0;
-
-          // Only handle swipe gestures up and down
-          switch (event.direction) {
-            case event.DIRECTION_DOWN:
-              targetIndex = this.itemCount - 1;
-              // Fall through for actual action
-            case event.DIRECTION_UP:
-              this.ensureIndexIsVisible(targetIndex);
-              break;
-          }
-        ]]>
-      </handler>
-
-      <handler event="touchstart">
-        <![CDATA[
-          if (event.touches.length > 1) {
-            // Multiple touch points detected, abort. In particular this aborts
-            // the panning gesture when the user puts a second finger down after
-            // already panning with one finger. Aborting at this point prevents
-            // the pan gesture from being resumed until all fingers are lifted
-            // (as opposed to when the user is back down to one finger).
-            this._touchY = -1;
-          } else {
-            this._touchY = event.touches[0].screenY;
-          }
-        ]]>
-      </handler>
-      <handler event="touchmove">
-        <![CDATA[
-          if (event.touches.length == 1 &&
-              this._touchY >= 0) {
-            let deltaY = this._touchY - event.touches[0].screenY;
-            let lines = Math.trunc(deltaY / this.listBoxObject.getRowHeight());
-            if (Math.abs(lines) > 0) {
-              this.listBoxObject.scrollByLines(lines);
-              deltaY -= lines * this.listBoxObject.getRowHeight();
-              this._touchY = event.touches[0].screenY + deltaY;
-            }
-            event.preventDefault();
-          }
-        ]]>
-      </handler>
-      <handler event="touchend">
-        <![CDATA[
-          this._touchY = -1;
-        ]]>
-      </handler>
-
-    </handlers>
-  </binding>
-
-  <binding id="listrows">
-
-    <resources>
-      <stylesheet src="chrome://global/skin/listbox.css"/>
-    </resources>
-
-    <handlers>
-      <handler event="DOMMouseScroll" phase="capturing">
-      <![CDATA[
-        if (event.axis == event.HORIZONTAL_AXIS)
-          return;
-
-        var listBox = this.parentNode.listBoxObject;
-        var rows = event.detail;
-        if (rows == UIEvent.SCROLL_PAGE_UP)
-          rows = -listBox.getNumberOfVisibleRows();
-        else if (rows == UIEvent.SCROLL_PAGE_DOWN)
-          rows = listBox.getNumberOfVisibleRows();
-
-        listBox.scrollByLines(rows);
-        event.preventDefault();
-      ]]>
-      </handler>
-
-      <handler event="MozMousePixelScroll" phase="capturing">
-      <![CDATA[
-        if (event.axis == event.HORIZONTAL_AXIS)
-          return;
-
-        // shouldn't be scrolled by pixel scrolling events before a line/page
-        // scrolling event.
-        event.preventDefault();
-      ]]>
-      </handler>
-    </handlers>
-  </binding>
-
   <binding id="listitem"
            extends="chrome://global/content/bindings/general.xml#basetext">
-    <resources>
-      <stylesheet src="chrome://global/skin/listbox.css"/>
-    </resources>
-
-    <content>
-      <children>
-        <xul:listcell xbl:inherits="label,crop,disabled,flexlabel"/>
-      </children>
-    </content>
-
     <implementation implements="nsIDOMXULSelectControlItemElement">
       <property name="current" onget="return this.getAttribute('current') == 'true';">
         <setter><![CDATA[
@@ -1029,78 +744,4 @@
       </handler>
     </handlers>
   </binding>
-
-  <binding id="listitem-checkbox"
-           extends="chrome://global/content/bindings/listbox.xml#listitem">
-    <content>
-      <children>
-        <xul:listcell type="checkbox" xbl:inherits="label,crop,checked,disabled,flexlabel"/>
-      </children>
-    </content>
-
-    <implementation>
-      <property name="checked"
-                onget="return this.getAttribute('checked') == 'true';">
-        <setter><![CDATA[
-          if (val)
-            this.setAttribute("checked", "true");
-          else
-            this.removeAttribute("checked");
-          var event = document.createEvent("Events");
-          event.initEvent("CheckboxStateChange", true, true);
-          this.dispatchEvent(event);
-          return val;
-        ]]></setter>
-      </property>
-    </implementation>
-
-    <handlers>
-      <handler event="mousedown" button="0">
-      <![CDATA[
-        if (!this.disabled && !this.control.disabled) {
-          this.checked = !this.checked;
-          this.doCommand();
-        }
-      ]]>
-      </handler>
-    </handlers>
-  </binding>
-
-  <binding id="listcell"
-           extends="chrome://global/content/bindings/general.xml#basecontrol">
-
-    <resources>
-      <stylesheet src="chrome://global/skin/listbox.css"/>
-    </resources>
-
-    <content>
-      <children>
-        <xul:label class="listcell-label" xbl:inherits="value=label,flex=flexlabel,crop,disabled" flex="1" crop="right"/>
-      </children>
-    </content>
-  </binding>
-
-  <binding id="listcell-checkbox"
-           extends="chrome://global/content/bindings/listbox.xml#listcell">
-    <content>
-      <children>
-        <xul:image class="listcell-check" xbl:inherits="checked,disabled"/>
-        <xul:label class="listcell-label" xbl:inherits="value=label,flex=flexlabel,crop,disabled" flex="1" crop="right"/>
-      </children>
-    </content>
-  </binding>
-
-  <binding id="listhead">
-
-    <resources>
-      <stylesheet src="chrome://global/skin/listbox.css"/>
-    </resources>
-
-    <content>
-      <xul:listheaditem>
-        <children includes="listheader"/>
-      </xul:listheaditem>
-    </content>
-  </binding>
-
 </bindings>
diff --git a/toolkit/content/widgets/richlistbox.xml b/toolkit/content/widgets/richlistbox.xml
index f6fc985296ed..fafe184f4ae5 100644
--- a/toolkit/content/widgets/richlistbox.xml
+++ b/toolkit/content/widgets/richlistbox.xml
@@ -505,10 +505,6 @@
 
   <binding id="richlistitem"
            extends="chrome://global/content/bindings/listbox.xml#listitem">
-    <content>
-      <children/>
-    </content>
-
     <implementation>
       <field name="selectedByMouseOver">false</field>
 
diff --git a/toolkit/content/xul.css b/toolkit/content/xul.css
index 914849d7163a..7a017c71147b 100644
--- a/toolkit/content/xul.css
+++ b/toolkit/content/xul.css
@@ -478,88 +478,6 @@ column {
   -moz-box-orient: vertical;
 }
 
-/******** listbox **********/
-
-listbox {
-  -moz-binding: url("chrome://global/content/bindings/listbox.xml#listbox");
-}
-
-listhead {
-  -moz-binding: url("chrome://global/content/bindings/listbox.xml#listhead");
-}
-
-listrows {
-  -moz-binding: url("chrome://global/content/bindings/listbox.xml#listrows");
-}
-
-listitem {
-  -moz-binding: url("chrome://global/content/bindings/listbox.xml#listitem");
-}
-
-listitem[type="checkbox"] {
-  -moz-binding: url("chrome://global/content/bindings/listbox.xml#listitem-checkbox");
-}
-
-listcell {
-  -moz-binding: url("chrome://global/content/bindings/listbox.xml#listcell");
-}
-
-listcell[type="checkbox"] {
-  -moz-binding: url("chrome://global/content/bindings/listbox.xml#listcell-checkbox");
-}
-
-listbox {
-  display: -moz-grid;
-}
-
-listbox[rows] {
-  height: auto;
-}
-
-listcols, listhead, listrows, listboxbody {
-  display: -moz-grid-group;
-}
-
-listcol, listitem, listheaditem {
-  display: -moz-grid-line;
-}
-
-listbox {
-  -moz-user-focus: normal;
-  -moz-box-orient: vertical;
-  min-width: 0px;
-  min-height: 0px;
-  width: 200px;
-  height: 200px;
-}
-
-listhead {
-  -moz-box-orient: vertical;
-}
-
-listrows {
-  -moz-box-orient: vertical;
-  -moz-box-flex: 1;
-}
-
-listboxbody {
-  -moz-box-orient: vertical;
-  -moz-box-flex: 1;
-  /* Don't permit a horizontal scrollbar. See bug 285449 */
-  overflow-x: hidden !important;
-  overflow-y: auto;
-  min-height: 0px;
-}
-
-listcol {
-  -moz-box-orient: vertical;
-  min-width: 16px;
-}
-
-listcell {
-  -moz-box-align: center;
-}
-
 /******** tree ******/
 
 tree {
diff --git a/toolkit/themes/linux/global/jar.mn b/toolkit/themes/linux/global/jar.mn
index b963dcd76191..4ce6eddefdc5 100644
--- a/toolkit/themes/linux/global/jar.mn
+++ b/toolkit/themes/linux/global/jar.mn
@@ -14,7 +14,6 @@ toolkit.jar:
 *  skin/classic/global/findBar.css
 *  skin/classic/global/global.css
    skin/classic/global/groupbox.css
-   skin/classic/global/listbox.css
    skin/classic/global/menu.css
    skin/classic/global/menulist.css
    skin/classic/global/netError.css
diff --git a/toolkit/themes/linux/global/listbox.css b/toolkit/themes/linux/global/listbox.css
deleted file mode 100644
index f4a81300270a..000000000000
--- a/toolkit/themes/linux/global/listbox.css
+++ /dev/null
@@ -1,68 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* ===== listbox.css =======================================================
-  == Styles used by XUL listbox-related elements.
-  ======================================================================= */
-
-@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
-
-/* ::::: listbox ::::: */
-
-listbox {
-  -moz-appearance: listbox;
-  margin: 2px 4px;
-  background-color: -moz-Field;
-  color: -moz-FieldText;
-}
-
-listbox[disabled="true"] {
-  color: GrayText;
-}
-
-/* ::::: listitem ::::: */
-
-listbox:focus > listitem[selected="true"][current="true"] {
-  outline: 1px dotted #F3D982;
-}
-
-listbox:focus > listitem[current="true"] {
-  outline: 1px dotted Highlight;
-  outline-offset: -1px;
-}
-
-listitem[selected="true"] {
-  background-color: -moz-cellhighlight;
-  color: -moz-cellhighlighttext;
-}
-
-listbox:focus > listitem[selected="true"] {
-  background-color: Highlight;
-  color: HighlightText;
-}
-
-/* ::::: listcell ::::: */
-
-.listcell-label {
-  margin: 0 !important;
-  padding-top: 0;
-  padding-bottom: 1px;
-  padding-inline-start: 4px;
-  padding-inline-end: 0;
-  white-space: nowrap;
-}
-
-.listcell-label[disabled="true"] {
-  color: GrayText;
-}
-
-/* ::::: listcell checkbox ::::: */
-
-.listcell-check {
-  -moz-appearance: checkbox;
-  -moz-box-align: center;
-  margin: 0 2px;
-  min-width: 13px;
-  min-height: 13px;
-}
diff --git a/toolkit/themes/mobile/jar.mn b/toolkit/themes/mobile/jar.mn
index e0d1b18ac5e4..94e8d56b5aa1 100644
--- a/toolkit/themes/mobile/jar.mn
+++ b/toolkit/themes/mobile/jar.mn
@@ -12,7 +12,6 @@ toolkit.jar:
    skin/classic/global/dropmarker.css                      (global/empty.css)
    skin/classic/global/global.css                          (global/empty.css)
    skin/classic/global/groupbox.css                        (global/empty.css)
-   skin/classic/global/listbox.css                         (global/empty.css)
    skin/classic/global/menu.css                            (global/empty.css)
    skin/classic/global/menulist.css                        (global/empty.css)
    skin/classic/global/numberbox.css                       (global/empty.css)
diff --git a/toolkit/themes/osx/global/checkbox/cbox-check-dis.gif b/toolkit/themes/osx/global/checkbox/cbox-check-dis.gif
deleted file mode 100644
index bd43dd17c3bd07b1787baca148442ec777797d8c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 60
zcmZ?wbhEHbWM^P!X!y@?;J|@~h6cr-EQ}05paUX6G7d~UE%GbHX4EJ}bB6>lFj#vT
KMK9N8um%9ts19BL

diff --git a/toolkit/themes/osx/global/jar.mn b/toolkit/themes/osx/global/jar.mn
index 8fad026d8281..4f149953fb02 100644
--- a/toolkit/themes/osx/global/jar.mn
+++ b/toolkit/themes/osx/global/jar.mn
@@ -15,7 +15,6 @@ toolkit.jar:
 * skin/classic/global/findBar.css
 * skin/classic/global/global.css
   skin/classic/global/groupbox.css
-  skin/classic/global/listbox.css
   skin/classic/global/menu.css
   skin/classic/global/menulist.css
 * skin/classic/global/notification.css
@@ -52,7 +51,6 @@ toolkit.jar:
   skin/classic/global/arrow/panelarrow-horizontal.svg                (arrow/panelarrow-horizontal.svg)
   skin/classic/global/arrow/panelarrow-vertical.svg                  (arrow/panelarrow-vertical.svg)
   skin/classic/global/checkbox/cbox-check.gif                        (checkbox/cbox-check.gif)
-  skin/classic/global/checkbox/cbox-check-dis.gif                    (checkbox/cbox-check-dis.gif)
   skin/classic/global/dirListing/dirListing.css                      (dirListing/dirListing.css)
   skin/classic/global/dirListing/folder.png                          (dirListing/folder.png)
   skin/classic/global/dirListing/up.png                              (dirListing/up.png)
diff --git a/toolkit/themes/osx/global/listbox.css b/toolkit/themes/osx/global/listbox.css
deleted file mode 100644
index 6d1dd0b63eda..000000000000
--- a/toolkit/themes/osx/global/listbox.css
+++ /dev/null
@@ -1,72 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
-
-listbox {
-  -moz-appearance: listbox;
-  margin: 2px 4px;
-  background-color: #FFFFFF;
-  color: -moz-FieldText;
-}
-
-.listcell-label {
-  margin: 0px !important;
-  padding-bottom: 1px;
-  padding-inline-start: 4px;
-  white-space: nowrap;
-}
-
-/* ::::: listitem ::::: */
-
-listitem {
-  border: 1px solid transparent;
-}
-
-listitem[selected="true"] {
-  background-color: -moz-mac-secondaryhighlight;
-  color: -moz-DialogText;
-}
-
-listbox:focus > listitem[selected="true"] {
-   background-color: Highlight;
-   color: HighlightText;
-}
-
-/* ::::: listcell ::::: */
-
-.listcell-label {
-  margin: 0px !important;
-  padding-bottom: 1px;
-  padding-inline-start: 4px;
-  white-space: nowrap;
-}
-
-.listcell-label[disabled="true"] {
-  color: GrayText;
-}
-
-/* ::::: listcell checkbox ::::: */
-
-.listcell-check {
-  -moz-appearance: checkbox;
-  -moz-box-align: center;
-  margin: 0px 2px;
-  border: 1px solid -moz-DialogText;
-  min-width: 13px;
-  min-height: 13px;
-  background: -moz-Field no-repeat 50% 50%;
-}
-
-.listcell-check[checked="true"] {
-  background-image: url("chrome://global/skin/checkbox/cbox-check.gif");
-}
-
-.listcell-check[disabled="true"] {
-  border-color: GrayText;
-}
-
-.listcell-check[disabled="true"][checked="true"] {
-  background-image: url("chrome://global/skin/checkbox/cbox-check-dis.gif");
-}
diff --git a/toolkit/themes/shared/extensions/extensions.inc.css b/toolkit/themes/shared/extensions/extensions.inc.css
index d132f0b28820..a3c245ad82c8 100644
--- a/toolkit/themes/shared/extensions/extensions.inc.css
+++ b/toolkit/themes/shared/extensions/extensions.inc.css
@@ -1034,8 +1034,7 @@ button.button-link:not([disabled="true"]):active:hover {
 
 /*** Reset PopupAutoComplete richlistbox styles ***/
 
-#PopupAutoComplete richlistbox,
-#PopupAutoComplete listbox {
+#PopupAutoComplete richlistbox {
   -moz-appearance: initial;
   margin-inline-start: 0;
   border: none;
diff --git a/toolkit/themes/windows/global/jar.mn b/toolkit/themes/windows/global/jar.mn
index c1e49cec9de2..c142255cd514 100644
--- a/toolkit/themes/windows/global/jar.mn
+++ b/toolkit/themes/windows/global/jar.mn
@@ -20,7 +20,6 @@ toolkit.jar:
   skin/classic/global/commonDialog.css
 * skin/classic/global/findBar.css
 * skin/classic/global/global.css
-  skin/classic/global/listbox.css
   skin/classic/global/netError.css
 * skin/classic/global/numberbox.css
 * skin/classic/global/notification.css
diff --git a/toolkit/themes/windows/global/listbox.css b/toolkit/themes/windows/global/listbox.css
deleted file mode 100644
index 392371b068e2..000000000000
--- a/toolkit/themes/windows/global/listbox.css
+++ /dev/null
@@ -1,167 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-/* ===== listbox.css =======================================================
-  == Styles used by XUL listbox-related elements.
-  ======================================================================= */
-
-
-@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
-
-/* ::::: listbox ::::: */
-
-listbox {
-  -moz-appearance: listbox;
-  margin: 2px 4px;
-  color: -moz-FieldText;
-}
-
-listbox[disabled="true"] {
-  color: GrayText;
-}
-
-/* ::::: listitem ::::: */
-
-listitem {
-  border: 1px solid transparent;
-}
-
-listbox:focus > listitem[selected="true"][current="true"] {
-  outline: 1px dotted #F3D982;
-}
-
-listbox:focus > listitem[current="true"] {
-  outline: 1px dotted Highlight;
-  outline-offset: -1px;
-}
-
-listitem[selected="true"] {
-  background-color: -moz-cellhighlight;
-  color: -moz-cellhighlighttext;
-}
-
-listbox:focus > listitem[selected="true"] {
-  background-color: Highlight;
-  color: HighlightText;
-}
-
-/* ::::: listcell ::::: */
-
-.listcell-label {
-  margin: 0px !important;
-  padding-top: 0px;
-  padding-bottom: 1px;
-  padding-inline-start: 4px;
-  padding-inline-end: 0px;
-  white-space: nowrap;
-}
-
-.listcell-label[disabled="true"] {
-  color: GrayText;
-}
-
-/* ::::: listcell checkbox ::::: */
-
-.listcell-check {
-  -moz-appearance: checkbox;
-  -moz-box-align: center;
-  margin: 0px 2px;
-  border: 1px solid -moz-DialogText;
-  min-width: 13px;
-  min-height: 13px;
-  background: -moz-Field no-repeat 50% 50%;
-}
-
-@media (-moz-windows-default-theme) {
-  listitem {
-    --listitem-selectedColor: rgb(217,217,217);
-    --listitem-selectedBorder: var(--listitem-selectedColor);
-    --listitem-selectedBottomBorder: rgb(204,204,204);
-    --listitem-selectedBackground: var(--listitem-selectedColor);
-    --listitem-selectedImage: none;
-    --listitem-selectedCurrentBorder: rgb(123,195,255);
-    --listitem-selectedFocusColor: rgb(205,232,255);
-    --listitem-selectedFocusBorder: var(--listitem-selectedFocusColor);
-    --listitem-selectedFocusBottomBorder: rgb(165,214,255);
-    --listitem-selectedFocusBackground: var(--listitem-selectedFocusColor);
-    --listitem-selectedFocusImage: none;
-    --listitem-selectedFocusCurrentBorder: var(--listitem-selectedFocusColor);
-    --listitem-selectedFocusCurrentBottomBorder: var(--listitem-selectedFocusBottomBorder);
-    --listitem-selectedFocusCurrentBackground: var(--listitem-selectedFocusColor);
-
-    color: -moz-FieldText;
-    margin-inline-start: 1px;
-    margin-inline-end: 1px;
-    padding-top: 1px;
-    padding-bottom: 1px;
-    border-width: 1px;
-    background-repeat: no-repeat;
-    background-size: 100% 100%;
-  }
-
-  listitem[selected="true"] {
-    border-top-color: var(--listitem-selectedBorder);
-    border-right-color: var(--listitem-selectedBorder);
-    border-left-color: var(--listitem-selectedBorder);
-    border-bottom-color: var(--listitem-selectedBottomBorder);
-    background-image: var(--listitem-selectedImage);
-    background-color: var(--listitem-selectedBackground);
-    color: -moz-DialogText;
-  }
-
-  listbox:focus > listitem[selected="true"] {
-    border-top-color: var(--listitem-selectedFocusBorder);
-    border-right-color: var(--listitem-selectedFocusBorder);
-    border-left-color: var(--listitem-selectedFocusBorder);
-    border-bottom-color: var(--listitem-selectedFocusBottomBorder);
-    background-image: var(--listitem-selectedFocusImage);
-    background-color: var(--listitem-selectedFocusBackground);
-    color: -moz-DialogText;
-  }
-
-  listbox:focus > listitem[current="true"] {
-    border-color: var(--listitem-selectedCurrentBorder);
-    outline: none;
-  }
-
-  listbox:focus > listitem[selected="true"][current="true"] {
-    border-top-color: var(--listitem-selectedFocusCurrentBorder);
-    border-right-color: var(--listitem-selectedFocusCurrentBorder);
-    border-left-color: var(--listitem-selectedFocusCurrentBorder);
-    border-bottom-color: var(--listitem-selectedFocusCurrentBottomBorder);
-    background-color: var(--listitem-selectedFocusCurrentBackground);
-    outline: none;
-  }
-
-  @media (-moz-os-version: windows-win7) {
-    listitem {
-      --listitem-selectedBottomBorder: var(--listitem-selectedColor);
-      --listitem-selectedBackground: rgba(190,190,190,.15);
-      --listitem-selectedImage: linear-gradient(rgba(190,190,190,.1), rgba(190,190,190,.4));
-      --listitem-selectedCurrentBorder: rgb(125,162,206);
-      --listitem-selectedFocusColor: rgb(132,172,221);
-      --listitem-selectedFocusBottomBorder: var(--listitem-selectedFocusColor);
-      --listitem-selectedFocusBackground: rgba(131,183,249,.02);
-      --listitem-selectedFocusImage: linear-gradient(rgba(131,183,249,.16), rgba(131,183,249,.375));
-      --listitem-selectedFocusCurrentBackground: rgba(131,183,249,.15);
-
-      border-radius: 3px;
-      box-shadow: inset 0 0 0 1px rgba(255,255,255,.4), inset 0 -1px 0 1px rgba(255,255,255,.2);
-    }
-  }
-
-  @media (-moz-os-version: windows-win8) {
-    listitem {
-      --listitem-selectedBottomBorder: var(--listitem-selectedColor);
-      --listitem-selectedBackground: rgba(190,190,190,.15);
-      --listitem-selectedImage: linear-gradient(rgba(190,190,190,.4), rgba(190,190,190,.4));
-      --listitem-selectedCurrentBorder: rgb(125,162,206);
-      --listitem-selectedFocusColor: rgb(132,172,221);
-      --listitem-selectedFocusBottomBorder: var(--listitem-selectedFocusColor);
-      --listitem-selectedFocusBackground: rgba(131,183,249,.02);
-      --listitem-selectedFocusImage: linear-gradient(rgba(131,183,249,.375), rgba(131,183,249,.375));
-      --listitem-selectedFocusCurrentBackground: rgba(131,183,249,.15);
-    }
-  }
-}

From dc49387df8cb2bc9b20d135274f1d5eb84345a30 Mon Sep 17 00:00:00 2001
From: Paolo Amadini <paolo.mozmail@amadzone.org>
Date: Wed, 18 Jul 2018 11:23:32 +0100
Subject: [PATCH 10/14] Bug 1472555 - Part 5 - Remove the listbox layout.
 r=bz,surkov

MozReview-Commit-ID: Bx1p1nTurCz

--HG--
extra : rebase_source : 6910e500f30eb42b45032dbab85a3dc9c014390b
---
 accessible/atk/XULListboxAccessibleWrap.h     |    1 -
 accessible/base/Role.h                        |    4 +-
 accessible/base/XULMap.h                      |   25 +-
 accessible/interfaces/nsIAccessibleRole.idl   |    4 +-
 accessible/mac/XULListboxAccessibleWrap.h     |    1 -
 accessible/other/XULListboxAccessibleWrap.h   |    1 -
 .../windows/msaa/XULListboxAccessibleWrap.cpp |   18 -
 .../windows/msaa/XULListboxAccessibleWrap.h   |   22 -
 accessible/xul/XULListboxAccessible.cpp       |  179 +-
 accessible/xul/XULListboxAccessible.h         |   33 +-
 dom/base/nsDocument.cpp                       |    3 -
 dom/webidl/ListBoxObject.webidl               |   22 -
 dom/webidl/moz.build                          |    1 -
 dom/xul/nsXULElement.cpp                      |  112 --
 dom/xul/nsXULElement.h                        |    4 -
 layout/base/nsCSSFrameConstructor.cpp         |  204 +--
 layout/base/nsCSSFrameConstructor.h           |   10 -
 layout/build/nsLayoutCID.h                    |    4 -
 layout/build/nsLayoutModule.cpp               |    5 -
 layout/generic/nsFrameIdList.h                |    2 -
 layout/xul/ListBoxObject.cpp                  |  247 ---
 layout/xul/ListBoxObject.h                    |   55 -
 layout/xul/moz.build                          |    7 -
 layout/xul/nsBoxFrame.cpp                     |   12 +-
 layout/xul/nsBoxFrame.h                       |    6 -
 layout/xul/nsIListBoxObject.idl               |   19 -
 layout/xul/nsListBoxBodyFrame.cpp             | 1532 -----------------
 layout/xul/nsListBoxBodyFrame.h               |  226 ---
 layout/xul/nsListBoxLayout.cpp                |  213 ---
 layout/xul/nsListBoxLayout.h                  |   33 -
 layout/xul/nsListItemFrame.cpp                |   72 -
 layout/xul/nsListItemFrame.h                  |   34 -
 layout/xul/nsPIListBoxObject.h                |   31 -
 layout/xul/nsPopupSetFrame.cpp                |    2 +
 layout/xul/nsRootBoxFrame.cpp                 |    1 +
 layout/xul/nsSliderFrame.cpp                  |    1 +
 layout/xul/nsXULPopupManager.h                |    1 +
 layout/xul/nsXULTooltipListener.cpp           |    1 +
 xpcom/ds/nsGkAtomList.h                       |    5 -
 39 files changed, 19 insertions(+), 3134 deletions(-)
 delete mode 100644 dom/webidl/ListBoxObject.webidl
 delete mode 100644 layout/xul/ListBoxObject.cpp
 delete mode 100644 layout/xul/ListBoxObject.h
 delete mode 100644 layout/xul/nsIListBoxObject.idl
 delete mode 100644 layout/xul/nsListBoxBodyFrame.cpp
 delete mode 100644 layout/xul/nsListBoxBodyFrame.h
 delete mode 100644 layout/xul/nsListBoxLayout.cpp
 delete mode 100644 layout/xul/nsListBoxLayout.h
 delete mode 100644 layout/xul/nsListItemFrame.cpp
 delete mode 100644 layout/xul/nsListItemFrame.h
 delete mode 100644 layout/xul/nsPIListBoxObject.h

diff --git a/accessible/atk/XULListboxAccessibleWrap.h b/accessible/atk/XULListboxAccessibleWrap.h
index c0a7594527b4..6fedab9a3abb 100644
--- a/accessible/atk/XULListboxAccessibleWrap.h
+++ b/accessible/atk/XULListboxAccessibleWrap.h
@@ -13,7 +13,6 @@ namespace mozilla {
 namespace a11y {
 
 typedef class XULListboxAccessible XULListboxAccessibleWrap;
-typedef class XULListCellAccessible XULListCellAccessibleWrap;
 
 } // namespace a11y
 } // namespace mozilla
diff --git a/accessible/base/Role.h b/accessible/base/Role.h
index 834bb432079e..9e73986ada79 100644
--- a/accessible/base/Role.h
+++ b/accessible/base/Role.h
@@ -201,8 +201,8 @@ enum Role {
   ROW = 28,
 
   /**
-   * Represents a cell within a table. It is used for html:td,
-   * xul:tree cell and xul:listcell. Also, see TABLE.
+   * Represents a cell within a table. It is used for html:td and xul:tree cell.
+   * Also, see TABLE.
    */
   CELL = 29,
 
diff --git a/accessible/base/XULMap.h b/accessible/base/XULMap.h
index 8c08191f87c9..09c968084699 100644
--- a/accessible/base/XULMap.h
+++ b/accessible/base/XULMap.h
@@ -11,10 +11,7 @@ XULMAP_TYPE(editor, OuterDocAccessible)
 XULMAP_TYPE(findbar, XULToolbarAccessible)
 XULMAP_TYPE(groupbox, XULGroupboxAccessible)
 XULMAP_TYPE(iframe, OuterDocAccessible)
-XULMAP_TYPE(listbox, XULListboxAccessibleWrap)
-XULMAP_TYPE(listhead, XULColumAccessible)
-XULMAP_TYPE(listheader, XULColumnItemAccessible)
-XULMAP_TYPE(listitem, XULListitemAccessible)
+XULMAP_TYPE(listheader, XULColumAccessible)
 XULMAP_TYPE(menu, XULMenuitemAccessibleWrap)
 XULMAP_TYPE(menubar, XULMenubarAccessible)
 XULMAP_TYPE(menucaption, XULMenuitemAccessibleWrap)
@@ -82,26 +79,6 @@ XULMAP(
   }
 )
 
-XULMAP(
-  listcell,
-  [](Element* aElement, Accessible* aContext) -> Accessible* {
-    // Only create cells if there's more than one per row.
-    nsIContent* listItem = aElement->GetParent();
-    if (!listItem) {
-      return nullptr;
-    }
-
-    for (nsIContent* child = listItem->GetFirstChild(); child;
-         child = child->GetNextSibling()) {
-      if (child->IsXULElement(nsGkAtoms::listcell) && child != aElement) {
-        return new XULListCellAccessibleWrap(aElement, aContext->Document());
-      }
-    }
-
-    return nullptr;
-  }
-)
-
 XULMAP(
   menupopup,
   [](Element* aElement, Accessible* aContext) {
diff --git a/accessible/interfaces/nsIAccessibleRole.idl b/accessible/interfaces/nsIAccessibleRole.idl
index 2f48c9739d67..c21cc9043e06 100644
--- a/accessible/interfaces/nsIAccessibleRole.idl
+++ b/accessible/interfaces/nsIAccessibleRole.idl
@@ -194,8 +194,8 @@ interface nsIAccessibleRole : nsISupports
   const unsigned long ROLE_ROW = 28;
 
   /**
-   * Represents a cell within a table. It is used for html:td,
-   * xul:tree cell and xul:listcell. Also, see ROLE_TABLE.
+   * Represents a cell within a table. It is used for html:td and xul:tree cell.
+   * Also, see ROLE_TABLE.
    */
   const unsigned long ROLE_CELL = 29;
 
diff --git a/accessible/mac/XULListboxAccessibleWrap.h b/accessible/mac/XULListboxAccessibleWrap.h
index f7dc6cc5477f..eea22c646918 100644
--- a/accessible/mac/XULListboxAccessibleWrap.h
+++ b/accessible/mac/XULListboxAccessibleWrap.h
@@ -12,7 +12,6 @@ namespace mozilla {
 namespace a11y {
 
 typedef class XULListboxAccessible XULListboxAccessibleWrap;
-typedef class XULListCellAccessible XULListCellAccessibleWrap;
 
 } // namespace a11y
 } // namespace mozilla
diff --git a/accessible/other/XULListboxAccessibleWrap.h b/accessible/other/XULListboxAccessibleWrap.h
index f7dc6cc5477f..eea22c646918 100644
--- a/accessible/other/XULListboxAccessibleWrap.h
+++ b/accessible/other/XULListboxAccessibleWrap.h
@@ -12,7 +12,6 @@ namespace mozilla {
 namespace a11y {
 
 typedef class XULListboxAccessible XULListboxAccessibleWrap;
-typedef class XULListCellAccessible XULListCellAccessibleWrap;
 
 } // namespace a11y
 } // namespace mozilla
diff --git a/accessible/windows/msaa/XULListboxAccessibleWrap.cpp b/accessible/windows/msaa/XULListboxAccessibleWrap.cpp
index 3e476eae8763..3318ca7ccdbe 100644
--- a/accessible/windows/msaa/XULListboxAccessibleWrap.cpp
+++ b/accessible/windows/msaa/XULListboxAccessibleWrap.cpp
@@ -28,21 +28,3 @@ XULListboxAccessibleWrap::Shutdown()
   ia2AccessibleTable::mTable = nullptr;
   XULListboxAccessible::Shutdown();
 }
-
-////////////////////////////////////////////////////////////////////////////////
-// XULListCellAccessibleWrap
-////////////////////////////////////////////////////////////////////////////////
-
-NS_IMPL_ISUPPORTS_INHERITED0(XULListCellAccessibleWrap,
-                             XULListCellAccessible)
-
-IMPL_IUNKNOWN_INHERITED1(XULListCellAccessibleWrap,
-                         HyperTextAccessibleWrap,
-                         ia2AccessibleTableCell)
-
-void
-XULListCellAccessibleWrap::Shutdown()
-{
-  ia2AccessibleTableCell::mTableCell = nullptr;
-  XULListCellAccessible::Shutdown();
-}
diff --git a/accessible/windows/msaa/XULListboxAccessibleWrap.h b/accessible/windows/msaa/XULListboxAccessibleWrap.h
index 37db2d70a64a..010cb9cd4e90 100644
--- a/accessible/windows/msaa/XULListboxAccessibleWrap.h
+++ b/accessible/windows/msaa/XULListboxAccessibleWrap.h
@@ -36,28 +36,6 @@ public:
   virtual void Shutdown() override;
 };
 
-/**
- * IA2 wrapper class for XULListCellAccessible class, implements
- * IAccessibleTableCell interface.
- */
-class XULListCellAccessibleWrap : public XULListCellAccessible,
-                                  public ia2AccessibleTableCell
-{
-  ~XULListCellAccessibleWrap() {}
-
-public:
-  XULListCellAccessibleWrap(nsIContent* aContent, DocAccessible* aDoc) :
-    XULListCellAccessible(aContent, aDoc), ia2AccessibleTableCell(this) {}
-
-  // IUnknown
-  DECL_IUNKNOWN_INHERITED
-
-  // nsISupports
-  NS_DECL_ISUPPORTS_INHERITED
-
-  virtual void Shutdown() override;
-};
-
 } // namespace a11y
 } // namespace mozilla
 
diff --git a/accessible/xul/XULListboxAccessible.cpp b/accessible/xul/XULListboxAccessible.cpp
index b57e4a0eaac7..2f829a0fde3b 100644
--- a/accessible/xul/XULListboxAccessible.cpp
+++ b/accessible/xul/XULListboxAccessible.cpp
@@ -168,27 +168,7 @@ XULListboxAccessible::NativeRole() const
 uint32_t
 XULListboxAccessible::ColCount() const
 {
-  nsIContent* headContent = nullptr;
-  for (nsIContent* childContent = mContent->GetFirstChild(); childContent;
-       childContent = childContent->GetNextSibling()) {
-    if (childContent->NodeInfo()->Equals(nsGkAtoms::listcols,
-                                         kNameSpaceID_XUL)) {
-      headContent = childContent;
-    }
-  }
-  if (!headContent)
-    return 0;
-
-  uint32_t columnCount = 0;
-  for (nsIContent* childContent = headContent->GetFirstChild(); childContent;
-       childContent = childContent->GetNextSibling()) {
-    if (childContent->NodeInfo()->Equals(nsGkAtoms::listcol,
-                                         kNameSpaceID_XUL)) {
-      columnCount++;
-    }
-  }
-
-  return columnCount;
+  return 0;
 }
 
 uint32_t
@@ -569,21 +549,11 @@ XULListitemAccessible::Description(nsString& aDesc)
 // XULListitemAccessible: Accessible
 
 /**
-  * If there is a Listcell as a child ( not anonymous ) use it, otherwise
-  *   default to getting the name from GetXULName
-  */
+ * Get the name from GetXULName.
+ */
 ENameValueFlag
 XULListitemAccessible::NativeName(nsString& aName) const
 {
-  nsIContent* childContent = mContent->GetFirstChild();
-  if (childContent) {
-    if (childContent->NodeInfo()->Equals(nsGkAtoms::listcell,
-                                         kNameSpaceID_XUL)) {
-      childContent->AsElement()->GetAttr(kNameSpaceID_None, nsGkAtoms::label, aName);
-      return eNameOK;
-    }
-  }
-
   return Accessible::NativeName(aName);
 }
 
@@ -659,146 +629,3 @@ XULListitemAccessible::ContainerWidget() const
 {
   return Parent();
 }
-
-
-////////////////////////////////////////////////////////////////////////////////
-// XULListCellAccessible
-////////////////////////////////////////////////////////////////////////////////
-
-XULListCellAccessible::
-  XULListCellAccessible(nsIContent* aContent, DocAccessible* aDoc) :
-  HyperTextAccessibleWrap(aContent, aDoc)
-{
-  mGenericTypes |= eTableCell;
-}
-
-////////////////////////////////////////////////////////////////////////////////
-// nsISupports
-
-////////////////////////////////////////////////////////////////////////////////
-// XULListCellAccessible: TableCell
-
-TableAccessible*
-XULListCellAccessible::Table() const
-{
-  Accessible* thisRow = Parent();
-  if (!thisRow || thisRow->Role() != roles::ROW)
-    return nullptr;
-
-  Accessible* table = thisRow->Parent();
-  if (!table || table->Role() != roles::TABLE)
-    return nullptr;
-
-  return table->AsTable();
-}
-
-uint32_t
-XULListCellAccessible::ColIdx() const
-{
-  Accessible* row = Parent();
-  if (!row)
-    return 0;
-
-  int32_t indexInRow = IndexInParent();
-  uint32_t colIdx = 0;
-  for (int32_t idx = 0; idx < indexInRow; idx++) {
-    Accessible* cell = row->GetChildAt(idx);
-    roles::Role role = cell->Role();
-    if (role == roles::CELL || role == roles::GRID_CELL ||
-        role == roles::ROWHEADER || role == roles::COLUMNHEADER)
-      colIdx++;
-  }
-
-  return colIdx;
-}
-
-uint32_t
-XULListCellAccessible::RowIdx() const
-{
-  Accessible* row = Parent();
-  if (!row)
-    return 0;
-
-  Accessible* table = row->Parent();
-  if (!table)
-    return 0;
-
-  int32_t indexInTable = row->IndexInParent();
-  uint32_t rowIdx = 0;
-  for (int32_t idx = 0; idx < indexInTable; idx++) {
-    row = table->GetChildAt(idx);
-    if (row->Role() == roles::ROW)
-      rowIdx++;
-  }
-
-  return rowIdx;
-}
-
-void
-XULListCellAccessible::ColHeaderCells(nsTArray<Accessible*>* aCells)
-{
-  TableAccessible* table = Table();
-  NS_ASSERTION(table, "cell not in a table!");
-  if (!table)
-    return;
-
-  // Get column header cell from XUL listhead.
-  Accessible* list = nullptr;
-
-  Accessible* tableAcc = table->AsAccessible();
-  uint32_t tableChildCount = tableAcc->ChildCount();
-  for (uint32_t childIdx = 0; childIdx < tableChildCount; childIdx++) {
-    Accessible* child = tableAcc->GetChildAt(childIdx);
-    if (child->Role() == roles::LIST) {
-      list = child;
-      break;
-    }
-  }
-
-  if (list) {
-    Accessible* headerCell = list->GetChildAt(ColIdx());
-    if (headerCell) {
-      aCells->AppendElement(headerCell);
-      return;
-    }
-  }
-
-  // No column header cell from XUL markup, try to get it from ARIA markup.
-  TableCellAccessible::ColHeaderCells(aCells);
-}
-
-bool
-XULListCellAccessible::Selected()
-{
-  TableAccessible* table = Table();
-  NS_ENSURE_TRUE(table, false); // we expect to be in a listbox (table)
-
-  return table->IsRowSelected(RowIdx());
-}
-
-////////////////////////////////////////////////////////////////////////////////
-// XULListCellAccessible. Accessible implementation
-
-role
-XULListCellAccessible::NativeRole() const
-{
-  return roles::CELL;
-}
-
-already_AddRefed<nsIPersistentProperties>
-XULListCellAccessible::NativeAttributes()
-{
-  nsCOMPtr<nsIPersistentProperties> attributes =
-    HyperTextAccessibleWrap::NativeAttributes();
-
-  // "table-cell-index" attribute
-  TableAccessible* table = Table();
-  if (!table) // we expect to be in a listbox (table)
-    return attributes.forget();
-
-  nsAutoString stringIdx;
-  stringIdx.AppendInt(table->CellIndexAt(RowIdx(), ColIdx()));
-  nsAccUtils::SetAccAttr(attributes, nsGkAtoms::tableCellIndex, stringIdx);
-
-  return attributes.forget();
-}
diff --git a/accessible/xul/XULListboxAccessible.h b/accessible/xul/XULListboxAccessible.h
index ab4d2dbc3b74..7fe0c48cb25c 100644
--- a/accessible/xul/XULListboxAccessible.h
+++ b/accessible/xul/XULListboxAccessible.h
@@ -19,7 +19,7 @@ namespace a11y {
 
 /**
  * XULColumAccessible are accessible for list and tree columns elements
- * (xul:treecols and xul:listcols).
+ * (xul:treecols and xul:listheader).
  */
 class XULColumAccessible : public AccessibleWrap
 {
@@ -33,7 +33,7 @@ public:
 
 /**
  * XULColumnItemAccessible are accessibles for list and tree column elements
- * (xul:listcol and xul:treecol).
+ * (xul:treecol).
  */
 class XULColumnItemAccessible : public LeafAccessible
 {
@@ -140,35 +140,6 @@ private:
   bool mIsCheckbox;
 };
 
-/**
- * Class represents xul:listcell.
- */
-class XULListCellAccessible : public HyperTextAccessibleWrap,
-                              public TableCellAccessible
-{
-public:
-  XULListCellAccessible(nsIContent* aContent, DocAccessible* aDoc);
-
-  // nsISupports
-  NS_INLINE_DECL_REFCOUNTING_INHERITED(XULListCellAccessible,
-                                       HyperTextAccessibleWrap)
-
-  // Accessible
-  virtual TableCellAccessible* AsTableCell() override { return this; }
-  virtual already_AddRefed<nsIPersistentProperties> NativeAttributes() override;
-  virtual a11y::role NativeRole() const override;
-
-  // TableCellAccessible
-  virtual TableAccessible* Table() const override;
-  virtual uint32_t ColIdx() const override;
-  virtual uint32_t RowIdx() const override;
-  virtual void ColHeaderCells(nsTArray<Accessible*>* aHeaderCells) override;
-  virtual bool Selected() override;
-
-protected:
-  virtual ~XULListCellAccessible() {}
-};
-
 } // namespace a11y
 } // namespace mozilla
 
diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp
index 9e03a9776aec..a8ce4dcdf8fc 100644
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -255,7 +255,6 @@
 #include "mozilla/dom/DocGroup.h"
 #include "mozilla/dom/TabGroup.h"
 #ifdef MOZ_XUL
-#include "mozilla/dom/ListBoxObject.h"
 #include "mozilla/dom/MenuBoxObject.h"
 #include "mozilla/dom/TreeBoxObject.h"
 #include "nsIXULWindow.h"
@@ -6361,8 +6360,6 @@ nsIDocument::GetBoxObjectFor(Element* aElement, ErrorResult& aRv)
       boxObject = new MenuBoxObject();
     } else if (tag == nsGkAtoms::tree) {
       boxObject = new TreeBoxObject();
-    } else if (tag == nsGkAtoms::listbox) {
-      boxObject = new ListBoxObject();
     } else {
       boxObject = new BoxObject();
     }
diff --git a/dom/webidl/ListBoxObject.webidl b/dom/webidl/ListBoxObject.webidl
deleted file mode 100644
index b433760aa67f..000000000000
--- a/dom/webidl/ListBoxObject.webidl
+++ /dev/null
@@ -1,22 +0,0 @@
-
-/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/.
- */
-
-[NoInterfaceObject]
-interface ListBoxObject : BoxObject {
-
-  long getRowCount();
-  long getRowHeight();
-  long getNumberOfVisibleRows();
-  long getIndexOfFirstVisibleRow();
-
-  void ensureIndexIsVisible(long rowIndex);
-  void scrollToIndex(long rowIndex);
-  void scrollByLines(long numLines);
-
-  Element? getItemAtIndex(long index);
-  long getIndexOfItem(Element item);
-};
diff --git a/dom/webidl/moz.build b/dom/webidl/moz.build
index d79ffb94ff88..3f6578b6238e 100644
--- a/dom/webidl/moz.build
+++ b/dom/webidl/moz.build
@@ -633,7 +633,6 @@ WEBIDL_FILES = [
     'L10nUtils.webidl',
     'LegacyQueryInterface.webidl',
     'LinkStyle.webidl',
-    'ListBoxObject.webidl',
     'LocalMediaStream.webidl',
     'Location.webidl',
     'MediaCapabilities.webidl',
diff --git a/dom/xul/nsXULElement.cpp b/dom/xul/nsXULElement.cpp
index 7272bda69693..c0ca13f6c364 100644
--- a/dom/xul/nsXULElement.cpp
+++ b/dom/xul/nsXULElement.cpp
@@ -42,7 +42,6 @@
 #include "nsPIBoxObject.h"
 #include "XULDocument.h"
 #include "nsXULPopupListener.h"
-#include "ListBoxObject.h"
 #include "nsContentUtils.h"
 #include "nsContentList.h"
 #include "mozilla/InternalMutationEvent.h"
@@ -447,7 +446,6 @@ nsXULElement::GetEventListenerManagerForAttr(nsAtom* aAttrName, bool* aDefer)
 static bool IsNonList(mozilla::dom::NodeInfo* aNodeInfo)
 {
   return !aNodeInfo->Equals(nsGkAtoms::tree) &&
-         !aNodeInfo->Equals(nsGkAtoms::listbox) &&
          !aNodeInfo->Equals(nsGkAtoms::richlistbox);
 }
 
@@ -794,98 +792,6 @@ nsXULElement::UnbindFromTree(bool aDeep, bool aNullParent)
     nsStyledElement::UnbindFromTree(aDeep, aNullParent);
 }
 
-void
-nsXULElement::RemoveChildNode(nsIContent* aKid, bool aNotify)
-{
-    // On the removal of a <treeitem>, <treechildren>, or <treecell> element,
-    // the possibility exists that some of the items in the removed subtree
-    // are selected (and therefore need to be deselected). We need to account for this.
-    nsCOMPtr<nsIDOMXULMultiSelectControlElement> controlElement;
-    nsCOMPtr<nsIListBoxObject> listBox;
-    bool fireSelectionHandler = false;
-
-    // -1 = do nothing, -2 = null out current item
-    // anything else = index to re-set as current
-    int32_t newCurrentIndex = -1;
-
-    if (aKid->NodeInfo()->Equals(nsGkAtoms::listitem, kNameSpaceID_XUL)) {
-      // This is the nasty case. We have (potentially) a slew of selected items
-      // and cells going away.
-      // First, retrieve the tree.
-      // Check first whether this element IS the tree
-      controlElement = do_QueryObject(this);
-
-      // If it's not, look at our parent
-      if (!controlElement)
-        GetParentTree(getter_AddRefs(controlElement));
-      nsCOMPtr<nsIContent> controlContent(do_QueryInterface(controlElement));
-      RefPtr<nsXULElement> xulElement = FromNodeOrNull(controlContent);
-
-      if (xulElement) {
-        // Iterate over all of the items and find out if they are contained inside
-        // the removed subtree.
-        int32_t length;
-        controlElement->GetSelectedCount(&length);
-        for (int32_t i = 0; i < length; i++) {
-          nsCOMPtr<nsIDOMXULSelectControlItemElement> item;
-          controlElement->MultiGetSelectedItem(i, getter_AddRefs(item));
-          nsCOMPtr<nsINode> node = do_QueryInterface(item);
-          if (node == aKid &&
-              NS_SUCCEEDED(controlElement->RemoveItemFromSelection(item))) {
-            length--;
-            i--;
-            fireSelectionHandler = true;
-          }
-        }
-
-        nsCOMPtr<nsIDOMXULSelectControlItemElement> curItem;
-        controlElement->GetCurrentItem(getter_AddRefs(curItem));
-        nsCOMPtr<nsIContent> curNode = do_QueryInterface(curItem);
-        if (curNode && nsContentUtils::ContentIsDescendantOf(curNode, aKid)) {
-            // Current item going away
-            nsCOMPtr<nsIBoxObject> box = xulElement->GetBoxObject(IgnoreErrors());
-            listBox = do_QueryInterface(box);
-            if (listBox) {
-              listBox->GetIndexOfItem(aKid->AsElement(), &newCurrentIndex);
-            }
-
-            // If any of this fails, we'll just set the current item to null
-            if (newCurrentIndex == -1)
-              newCurrentIndex = -2;
-        }
-      }
-    }
-
-    nsStyledElement::RemoveChildNode(aKid, aNotify);
-
-    if (newCurrentIndex == -2) {
-        controlElement->SetCurrentItem(nullptr);
-    } else if (newCurrentIndex > -1) {
-        // Make sure the index is still valid
-        int32_t treeRows;
-        listBox->GetRowCount(&treeRows);
-        if (treeRows > 0) {
-            newCurrentIndex = std::min((treeRows - 1), newCurrentIndex);
-            RefPtr<Element> newCurrentItem;
-            listBox->GetItemAtIndex(newCurrentIndex, getter_AddRefs(newCurrentItem));
-            nsCOMPtr<nsIDOMXULSelectControlItemElement> xulCurItem = do_QueryInterface(newCurrentItem);
-            if (xulCurItem)
-                controlElement->SetCurrentItem(xulCurItem);
-        } else {
-            controlElement->SetCurrentItem(nullptr);
-        }
-    }
-
-    nsIDocument* doc;
-    if (fireSelectionHandler && (doc = GetComposedDoc())) {
-      nsContentUtils::DispatchTrustedEvent(doc,
-                                           static_cast<nsIContent*>(this),
-                                           NS_LITERAL_STRING("select"),
-                                           CanBubble::eNo,
-                                           Cancelable::eYes);
-    }
-}
-
 void
 nsXULElement::UnregisterAccessKey(const nsAString& aOldValue)
 {
@@ -1318,24 +1224,6 @@ nsXULElement::GetBoxObject(ErrorResult& rv)
     return OwnerDoc()->GetBoxObjectFor(this, rv);
 }
 
-NS_IMETHODIMP
-nsXULElement::GetParentTree(nsIDOMXULMultiSelectControlElement** aTreeElement)
-{
-    for (nsIContent* current = GetParent(); current;
-         current = current->GetParent()) {
-        if (current->NodeInfo()->Equals(nsGkAtoms::listbox,
-                                        kNameSpaceID_XUL)) {
-            CallQueryInterface(current, aTreeElement);
-            // XXX returning NS_OK because that's what the code used to do;
-            // is that the right thing, though?
-
-            return NS_OK;
-        }
-    }
-
-    return NS_OK;
-}
-
 void
 nsXULElement::Click(CallerType aCallerType)
 {
diff --git a/dom/xul/nsXULElement.h b/dom/xul/nsXULElement.h
index bcc0ee41dd88..87f683c60f6d 100644
--- a/dom/xul/nsXULElement.h
+++ b/dom/xul/nsXULElement.h
@@ -366,7 +366,6 @@ public:
                                 nsIContent* aBindingParent,
                                 bool aCompileEventHandlers) override;
     virtual void UnbindFromTree(bool aDeep, bool aNullParent) override;
-    virtual void RemoveChildNode(nsIContent* aKid, bool aNotify) override;
     virtual void DestroyContent() override;
 
 #ifdef DEBUG
@@ -644,9 +643,6 @@ protected:
     // Implementation methods
     nsresult EnsureContentsGenerated(void) const;
 
-    // Helper routine that crawls a parent chain looking for a tree element.
-    NS_IMETHOD GetParentTree(nsIDOMXULMultiSelectControlElement** aTreeElement);
-
     nsresult AddPopupListener(nsAtom* aName);
 
     /**
diff --git a/layout/base/nsCSSFrameConstructor.cpp b/layout/base/nsCSSFrameConstructor.cpp
index 5f18dc60f9d6..e43e1fca7574 100644
--- a/layout/base/nsCSSFrameConstructor.cpp
+++ b/layout/base/nsCSSFrameConstructor.cpp
@@ -228,9 +228,6 @@ static FrameCtorDebugFlags gFlags[] = {
 #include "nsPopupSetFrame.h"
 #include "nsTreeColFrame.h"
 #include "nsIBoxObject.h"
-#include "nsPIListBoxObject.h"
-#include "nsListBoxBodyFrame.h"
-#include "nsListItemFrame.h"
 #include "nsXULLabelFrame.h"
 
 //------------------------------------------------------------------
@@ -336,33 +333,6 @@ static int32_t FFWC_recursions=0;
 static int32_t FFWC_nextInFlows=0;
 #endif
 
-#ifdef MOZ_XUL
-
-static bool
-IsXULListBox(nsIContent* aContainer)
-{
-  return aContainer->IsXULElement(nsGkAtoms::listbox);
-}
-
-static
-nsListBoxBodyFrame*
-MaybeGetListBoxBodyFrame(nsIContent* aChild)
-{
-  if (aChild->IsXULElement(nsGkAtoms::listitem) && aChild->GetParent() &&
-      IsXULListBox(aChild->GetParent())) {
-    RefPtr<nsXULElement> xulElement =
-      nsXULElement::FromNode(aChild->GetParent());
-    nsCOMPtr<nsIBoxObject> boxObject = xulElement->GetBoxObject(IgnoreErrors());
-    nsCOMPtr<nsPIListBoxObject> listBoxObject = do_QueryInterface(boxObject);
-    if (listBoxObject) {
-      return listBoxObject->GetListBoxBody(false);
-    }
-  }
-
-  return nullptr;
-}
-#endif // MOZ_XUL
-
 // Returns true if aFrame is an anonymous flex/grid item.
 static inline bool
 IsAnonymousFlexOrGridItem(const nsIFrame* aFrame)
@@ -4345,9 +4315,6 @@ nsCSSFrameConstructor::FindXULTagData(Element* aElement,
     SIMPLE_XUL_CREATE(browser, NS_NewSubDocumentFrame),
     SIMPLE_XUL_CREATE(progressmeter, NS_NewProgressMeterFrame),
     SIMPLE_XUL_CREATE(splitter, NS_NewSplitterFrame),
-    SIMPLE_TAG_CHAIN(listboxbody,
-                     nsCSSFrameConstructor::FindXULListBoxBodyData),
-    SIMPLE_TAG_CHAIN(listitem, nsCSSFrameConstructor::FindXULListItemData),
 #endif /* MOZ_XUL */
     SIMPLE_XUL_CREATE(slider, NS_NewSliderFrame),
     SIMPLE_XUL_CREATE(scrollbar, NS_NewScrollbarFrame),
@@ -4437,35 +4404,6 @@ nsCSSFrameConstructor::FindXULMenubarData(Element* aElement,
 }
 #endif /* XP_MACOSX */
 
-/* static */
-const nsCSSFrameConstructor::FrameConstructionData*
-nsCSSFrameConstructor::FindXULListBoxBodyData(Element* aElement,
-                                              ComputedStyle* aComputedStyle)
-{
-  if (aComputedStyle->StyleDisplay()->mDisplay !=
-        StyleDisplay::MozGridGroup) {
-    return nullptr;
-  }
-
-  static const FrameConstructionData sListBoxBodyData =
-    SCROLLABLE_XUL_FCDATA(NS_NewListBoxBodyFrame);
-  return &sListBoxBodyData;
-}
-
-/* static */
-const nsCSSFrameConstructor::FrameConstructionData*
-nsCSSFrameConstructor::FindXULListItemData(Element* aElement,
-                                           ComputedStyle* aComputedStyle)
-{
-  if (aComputedStyle->StyleDisplay()->mDisplay != StyleDisplay::MozGridLine) {
-    return nullptr;
-  }
-
-  static const FrameConstructionData sListItemData =
-    SCROLLABLE_XUL_FCDATA(NS_NewListItemFrame);
-  return &sListItemData;
-}
-
 #endif /* MOZ_XUL */
 
 /* static */
@@ -5517,13 +5455,9 @@ nsCSSFrameConstructor::ShouldCreateItemsForChild(nsFrameConstructorState& aState
   if (aContent->GetPrimaryFrame() &&
       aContent->GetPrimaryFrame()->GetContent() == aContent &&
       !aState.mCreatingExtraFrames) {
-    // This condition is known to be reachable for listitems, assert fatally
-    // elsewhere.
-    MOZ_ASSERT(MaybeGetListBoxBodyFrame(aContent),
+    MOZ_ASSERT(false,
                "asked to create frame construction item for a node that "
                "already has a frame");
-    NS_ERROR("asked to create frame construction item for a node that already "
-             "has a frame");
     return false;
   }
 
@@ -6906,8 +6840,7 @@ nsCSSFrameConstructor::IssueSingleInsertNofications(nsIContent* aStartChild,
   for (nsIContent* child = aStartChild;
        child != aEndChild;
        child = child->GetNextSibling()) {
-    // listboxes suck.
-    MOZ_ASSERT(MaybeGetListBoxBodyFrame(child) || !child->GetPrimaryFrame());
+    MOZ_ASSERT(!child->GetPrimaryFrame());
 
     // Call ContentRangeInserted with this node.
     ContentRangeInserted(child, child->GetNextSibling(),
@@ -7357,44 +7290,6 @@ nsCSSFrameConstructor::ContentAppended(nsIContent* aFirstNewContent,
 #endif
 }
 
-#ifdef MOZ_XUL
-
-enum content_operation
-{
-    CONTENT_INSERTED,
-    CONTENT_REMOVED
-};
-
-// Helper function to lookup the listbox body frame and send a notification
-// for insertion or removal of content
-static bool
-NotifyListBoxBody(nsPresContext*    aPresContext,
-                  nsIContent*        aChild,
-                  // Only used for the removed notification
-                  nsIContent*        aOldNextSibling,
-                  nsIFrame*          aChildFrame,
-                  content_operation  aOperation)
-{
-  nsListBoxBodyFrame* listBoxBodyFrame = MaybeGetListBoxBodyFrame(aChild);
-  if (listBoxBodyFrame) {
-    if (aOperation == CONTENT_REMOVED) {
-      // Except if we have an aChildFrame and its parent is not the right
-      // thing, then we don't do this.  Pseudo frames are so much fun....
-      if (!aChildFrame || aChildFrame->GetParent() == listBoxBodyFrame) {
-        listBoxBodyFrame->OnContentRemoved(aPresContext, aChild->GetParent(),
-                                           aChildFrame, aOldNextSibling);
-        return true;
-      }
-    } else {
-      listBoxBodyFrame->OnContentInserted(aChild);
-      return true;
-    }
-  }
-
-  return false;
-}
-#endif // MOZ_XUL
-
 void
 nsCSSFrameConstructor::ContentInserted(nsIContent* aChild,
                                        nsILayoutHistoryState* aFrameState,
@@ -7473,25 +7368,6 @@ nsCSSFrameConstructor::ContentRangeInserted(nsIContent* aStartChild,
   NS_ASSERTION(isSingleInsert || aEndChild,
                "range should not include all nodes after aStartChild");
 
-#ifdef MOZ_XUL
-  if (aStartChild->GetParent() && IsXULListBox(aStartChild->GetParent())) {
-    if (isSingleInsert) {
-      // The insert case in NotifyListBoxBody doesn't use "old next sibling".
-      if (NotifyListBoxBody(mPresShell->GetPresContext(),
-                            aStartChild, nullptr, nullptr, CONTENT_INSERTED)) {
-        return;
-      }
-    } else {
-      // We don't handle a range insert to a listbox parent, issue single
-      // ContertInserted calls for each node inserted.
-      LAYOUT_PHASE_TEMP_EXIT();
-      IssueSingleInsertNofications(aStartChild, aEndChild, InsertionKind::Sync);
-      LAYOUT_PHASE_TEMP_REENTER();
-      return;
-    }
-  }
-#endif // MOZ_XUL
-
   // If we have a null parent, then this must be the document element being
   // inserted, or some other child of the document in the DOM (might be a PI,
   // say).
@@ -7960,13 +7836,6 @@ nsCSSFrameConstructor::ContentRemoved(nsIContent* aChild,
     childFrame = nullptr;
   }
 
-#ifdef MOZ_XUL
-  if (NotifyListBoxBody(presContext, aChild, aOldNextSibling,
-                        childFrame, CONTENT_REMOVED)) {
-    return false;
-  }
-#endif // MOZ_XUL
-
   // If we're removing the root, then make sure to remove things starting at
   // the viewport's child instead of the primary frame (which might even be
   // null if the root had an XBL binding or display:none, even though the
@@ -11137,75 +11006,6 @@ nsCSSFrameConstructor::RecoverLetterFrames(nsContainerFrame* aBlockFrame)
 
 //----------------------------------------------------------------------
 
-// listbox Widget Routines
-
-void
-nsCSSFrameConstructor::CreateListBoxContent(nsContainerFrame*      aParentFrame,
-                                            nsIFrame*              aPrevFrame,
-                                            nsIContent*            aChild,
-                                            nsIFrame**             aNewFrame,
-                                            bool                   aIsAppend)
-{
-#ifdef MOZ_XUL
-  // Construct a new frame
-  if (aParentFrame) {
-    nsFrameItems            frameItems;
-    nsFrameConstructorState state(mPresShell,
-                                  GetAbsoluteContainingBlock(aParentFrame, FIXED_POS),
-                                  GetAbsoluteContainingBlock(aParentFrame, ABS_POS),
-                                  GetFloatContainingBlock(aParentFrame),
-                                  do_AddRef(mTempFrameTreeState));
-
-    if (aChild->IsElement() && !aChild->AsElement()->HasServoData()) {
-      mPresShell->StyleSet()->StyleNewSubtree(aChild->AsElement());
-    }
-
-    RefPtr<ComputedStyle> computedStyle = ResolveComputedStyle(aChild);
-
-    // Pre-check for display "none" - only if we find that, do we create
-    // any frame at all
-    const nsStyleDisplay* display = computedStyle->StyleDisplay();
-
-    if (StyleDisplay::None == display->mDisplay) {
-      *aNewFrame = nullptr;
-      return;
-    }
-
-    AutoFrameConstructionItemList items(this);
-    AddFrameConstructionItemsInternal(state, aChild, aParentFrame,
-                                      true, computedStyle,
-                                      ITEM_ALLOW_XBL_BASE, nullptr, items);
-    ConstructFramesFromItemList(state, items, aParentFrame,
-                                /* aParentIsWrapperAnonBox = */ false,
-                                frameItems);
-
-    nsIFrame* newFrame = frameItems.FirstChild();
-    *aNewFrame = newFrame;
-
-    if (newFrame) {
-      // Notify the parent frame
-      if (aIsAppend)
-        ((nsListBoxBodyFrame*)aParentFrame)->ListBoxAppendFrames(frameItems);
-      else
-        ((nsListBoxBodyFrame*)aParentFrame)->ListBoxInsertFrames(aPrevFrame, frameItems);
-    }
-
-#ifdef ACCESSIBILITY
-    if (newFrame) {
-      nsAccessibilityService* accService = nsIPresShell::AccService();
-      if (accService) {
-        accService->ContentRangeInserted(mPresShell,
-                                         aChild,
-                                         aChild->GetNextSibling());
-      }
-    }
-#endif
-  }
-#endif
-}
-
-//----------------------------------------
-
 void
 nsCSSFrameConstructor::ConstructBlock(nsFrameConstructorState& aState,
                                       nsIContent*              aContent,
diff --git a/layout/base/nsCSSFrameConstructor.h b/layout/base/nsCSSFrameConstructor.h
index e9c89ae3ba25..913e5d7c4eae 100644
--- a/layout/base/nsCSSFrameConstructor.h
+++ b/layout/base/nsCSSFrameConstructor.h
@@ -349,12 +349,6 @@ public:
    */
   nsContainerFrame* GetContentInsertionFrameFor(nsIContent* aContent);
 
-  void CreateListBoxContent(nsContainerFrame* aParentFrame,
-                            nsIFrame*         aPrevFrame,
-                            nsIContent*       aChild,
-                            nsIFrame**        aResult,
-                            bool              aIsAppend);
-
   // GetInitialContainingBlock() is deprecated in favor of GetRootElementFrame();
   // nsIFrame* GetInitialContainingBlock() { return mRootElementFrame; }
   // This returns the outermost frame for the root element
@@ -1565,10 +1559,6 @@ private:
   static const FrameConstructionData*
     FindXULMenubarData(Element* aElement, ComputedStyle* aComputedStyle);
 #endif /* XP_MACOSX */
-  static const FrameConstructionData*
-    FindXULListBoxBodyData(Element* aElement, ComputedStyle* aComputedStyle);
-  static const FrameConstructionData*
-    FindXULListItemData(Element* aElement, ComputedStyle* aComputedStyle);
 #endif /* MOZ_XUL */
 
   // Function to find FrameConstructionData for aContent using one of the XUL
diff --git a/layout/build/nsLayoutCID.h b/layout/build/nsLayoutCID.h
index dc3eb7c5d1d2..2ee8b6e8b390 100644
--- a/layout/build/nsLayoutCID.h
+++ b/layout/build/nsLayoutCID.h
@@ -19,10 +19,6 @@
 #define NS_BOXOBJECT_CID \
 { 0xd750a964, 0x2d14, 0x484c, { 0xb3, 0xaa, 0x8e, 0xd7, 0x82, 0x3b, 0x5c, 0x7b } }
 
-// {C2710D40-6F4D-4b7f-9778-76AE5166648C}
-#define NS_LISTBOXOBJECT_CID \
-{ 0xc2710d40, 0x6f4d, 0x4b7f, { 0x97, 0x78, 0x76, 0xae, 0x51, 0x66, 0x64, 0x8c } }
-
 // {AA40253B-4C42-4056-8132-37BCD07862FD}
 #define NS_MENUBOXOBJECT_CID \
 { 0xaa40253b, 0x4c42, 0x4056, { 0x81, 0x32, 0x37, 0xbc, 0xd0, 0x78, 0x62, 0xfd } }
diff --git a/layout/build/nsLayoutModule.cpp b/layout/build/nsLayoutModule.cpp
index fd397f42d0fa..130c18a95df2 100644
--- a/layout/build/nsLayoutModule.cpp
+++ b/layout/build/nsLayoutModule.cpp
@@ -300,7 +300,6 @@ nsresult NS_NewLayoutDebugger(nsILayoutDebugger** aResult);
 nsresult NS_NewBoxObject(nsIBoxObject** aResult);
 
 #ifdef MOZ_XUL
-nsresult NS_NewListBoxObject(nsIBoxObject** aResult);
 nsresult NS_NewMenuBoxObject(nsIBoxObject** aResult);
 nsresult NS_NewTreeBoxObject(nsIBoxObject** aResult);
 #endif
@@ -361,7 +360,6 @@ MAKE_CTOR(CreateNewFrameTraversal,      nsIFrameTraversal,      NS_CreateFrameTr
 MAKE_CTOR(CreateNewBoxObject,           nsIBoxObject,           NS_NewBoxObject)
 
 #ifdef MOZ_XUL
-MAKE_CTOR(CreateNewListBoxObject,       nsIBoxObject,           NS_NewListBoxObject)
 MAKE_CTOR(CreateNewMenuBoxObject,       nsIBoxObject,           NS_NewMenuBoxObject)
 MAKE_CTOR(CreateNewTreeBoxObject,       nsIBoxObject,           NS_NewTreeBoxObject)
 #endif // MOZ_XUL
@@ -503,7 +501,6 @@ NS_DEFINE_NAMED_CID(NS_LAYOUT_DEBUGGER_CID);
 NS_DEFINE_NAMED_CID(NS_FRAMETRAVERSAL_CID);
 NS_DEFINE_NAMED_CID(NS_BOXOBJECT_CID);
 #ifdef MOZ_XUL
-NS_DEFINE_NAMED_CID(NS_LISTBOXOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_MENUBOXOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_TREEBOXOBJECT_CID);
 #endif // MOZ_XUL
@@ -744,7 +741,6 @@ static const mozilla::Module::CIDEntry kLayoutCIDs[] = {
   { &kNS_FRAMETRAVERSAL_CID, false, nullptr, CreateNewFrameTraversal },
   { &kNS_BOXOBJECT_CID, false, nullptr, CreateNewBoxObject },
 #ifdef MOZ_XUL
-  { &kNS_LISTBOXOBJECT_CID, false, nullptr, CreateNewListBoxObject },
   { &kNS_MENUBOXOBJECT_CID, false, nullptr, CreateNewMenuBoxObject },
   { &kNS_TREEBOXOBJECT_CID, false, nullptr, CreateNewTreeBoxObject },
 #endif // MOZ_XUL
@@ -851,7 +847,6 @@ static const mozilla::Module::ContractIDEntry kLayoutContracts[] = {
   XPCONNECT_CONTRACTS
   { "@mozilla.org/layout/xul-boxobject;1", &kNS_BOXOBJECT_CID },
 #ifdef MOZ_XUL
-  { "@mozilla.org/layout/xul-boxobject-listbox;1", &kNS_LISTBOXOBJECT_CID },
   { "@mozilla.org/layout/xul-boxobject-menu;1", &kNS_MENUBOXOBJECT_CID },
   { "@mozilla.org/layout/xul-boxobject-tree;1", &kNS_TREEBOXOBJECT_CID },
 #endif // MOZ_XUL
diff --git a/layout/generic/nsFrameIdList.h b/layout/generic/nsFrameIdList.h
index abda8a43ddf3..669f1cf4acca 100644
--- a/layout/generic/nsFrameIdList.h
+++ b/layout/generic/nsFrameIdList.h
@@ -46,9 +46,7 @@ FRAME_ID(nsImageFrame, Image, Leaf)
 FRAME_ID(nsInlineFrame, Inline, NotLeaf)
 FRAME_ID(nsLeafBoxFrame, LeafBox, Leaf)
 FRAME_ID(nsLegendFrame, Legend, NotLeaf)
-FRAME_ID(nsListBoxBodyFrame, Box, NotLeaf)
 FRAME_ID(nsListControlFrame, ListControl, NotLeaf)
-FRAME_ID(nsListItemFrame, Box, NotLeaf)
 FRAME_ID(nsMathMLFrame, None, NotLeaf)
 FRAME_ID(nsMathMLmactionFrame, None, NotLeaf)
 FRAME_ID(nsMathMLmathBlockFrame, Block, NotLeaf)
diff --git a/layout/xul/ListBoxObject.cpp b/layout/xul/ListBoxObject.cpp
deleted file mode 100644
index 1609c74c565a..000000000000
--- a/layout/xul/ListBoxObject.cpp
+++ /dev/null
@@ -1,247 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "mozilla/dom/ListBoxObject.h"
-#include "nsCOMPtr.h"
-#include "nsIFrame.h"
-#include "nsGkAtoms.h"
-#include "nsIScrollableFrame.h"
-#include "nsListBoxBodyFrame.h"
-#include "ChildIterator.h"
-#include "mozilla/dom/Element.h"
-#include "mozilla/dom/ListBoxObjectBinding.h"
-
-namespace mozilla {
-namespace dom {
-
-NS_IMPL_ISUPPORTS_INHERITED(ListBoxObject, BoxObject, nsIListBoxObject,
-                            nsPIListBoxObject)
-
-ListBoxObject::ListBoxObject()
-  : mListBoxBody(nullptr)
-{
-}
-
-ListBoxObject::~ListBoxObject()
-{
-}
-
-JSObject* ListBoxObject::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
-{
-  return ListBoxObject_Binding::Wrap(aCx, this, aGivenProto);
-}
-
-// nsIListBoxObject
-NS_IMETHODIMP
-ListBoxObject::GetRowCount(int32_t *aResult)
-{
-  *aResult = GetRowCount();
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-ListBoxObject::GetItemAtIndex(int32_t index, Element **_retval)
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    return body->GetItemAtIndex(index, _retval);
-  }
-  return NS_OK;
- }
-
-NS_IMETHODIMP
-ListBoxObject::GetIndexOfItem(Element* aElement, int32_t *aResult)
-{
-  *aResult = 0;
-
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    return body->GetIndexOfItem(aElement, aResult);
-  }
-  return NS_OK;
-}
-
-// ListBoxObject
-
-int32_t
-ListBoxObject::GetRowCount()
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    return body->GetRowCount();
-  }
-  return 0;
-}
-
-int32_t
-ListBoxObject::GetRowHeight()
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    return body->GetRowHeightPixels();
-  }
-  return 0;
-}
-
-int32_t
-ListBoxObject::GetNumberOfVisibleRows()
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    return body->GetNumberOfVisibleRows();
-  }
-  return 0;
-}
-
-int32_t
-ListBoxObject::GetIndexOfFirstVisibleRow()
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    return body->GetIndexOfFirstVisibleRow();
-  }
-  return 0;
-}
-
-void
-ListBoxObject::EnsureIndexIsVisible(int32_t aRowIndex)
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    body->EnsureIndexIsVisible(aRowIndex);
-  }
-}
-
-void
-ListBoxObject::ScrollToIndex(int32_t aRowIndex)
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    body->ScrollToIndex(aRowIndex);
-  }
-}
-
-void
-ListBoxObject::ScrollByLines(int32_t aNumLines)
-{
-  nsListBoxBodyFrame* body = GetListBoxBody(true);
-  if (body) {
-    body->ScrollByLines(aNumLines);
-  }
-}
-
-already_AddRefed<Element>
-ListBoxObject::GetItemAtIndex(int32_t index)
-{
-  RefPtr<Element> el;
-  GetItemAtIndex(index, getter_AddRefs(el));
-  return el.forget();
-}
-
-int32_t
-ListBoxObject::GetIndexOfItem(Element& aElement)
-{
-  int32_t ret;
-  GetIndexOfItem(&aElement, &ret);
-  return ret;
-}
-
-//////////////////////
-
-static nsIContent*
-FindBodyContent(nsIContent* aParent)
-{
-  if (aParent->IsXULElement(nsGkAtoms::listboxbody)) {
-    return aParent;
-  }
-
-  mozilla::dom::FlattenedChildIterator iter(aParent);
-  for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-    nsIContent* result = FindBodyContent(child);
-    if (result) {
-      return result;
-    }
-  }
-
-  return nullptr;
-}
-
-nsListBoxBodyFrame*
-ListBoxObject::GetListBoxBody(bool aFlush)
-{
-  if (mListBoxBody) {
-    return mListBoxBody;
-  }
-
-  nsIPresShell* shell = GetPresShell(false);
-  if (!shell) {
-    return nullptr;
-  }
-
-  nsIFrame* frame = aFlush ?
-                      GetFrame(false) /* does FlushType::Frames */ :
-                      mContent->GetPrimaryFrame();
-  if (!frame) {
-    return nullptr;
-  }
-
-  // Iterate over our content model children looking for the body.
-  nsCOMPtr<nsIContent> content = FindBodyContent(frame->GetContent());
-
-  if (!content) {
-    return nullptr;
-  }
-
-  // this frame will be a nsGFXScrollFrame
-  frame = content->GetPrimaryFrame();
-  if (!frame) {
-     return nullptr;
-  }
-
-  nsIScrollableFrame* scrollFrame = do_QueryFrame(frame);
-  if (!scrollFrame) {
-    return nullptr;
-  }
-
-  // this frame will be the one we want
-  nsIFrame* yeahBaby = scrollFrame->GetScrolledFrame();
-  if (!yeahBaby) {
-     return nullptr;
-  }
-
-  // It's a frame. Refcounts are irrelevant.
-  nsListBoxBodyFrame* listBoxBody = do_QueryFrame(yeahBaby);
-  NS_ENSURE_TRUE(listBoxBody &&
-                 listBoxBody->SetBoxObject(this),
-                 nullptr);
-  mListBoxBody = listBoxBody;
-  return mListBoxBody;
-}
-
-void
-ListBoxObject::Clear()
-{
-  ClearCachedValues();
-  BoxObject::Clear();
-}
-
-void
-ListBoxObject::ClearCachedValues()
-{
-  mListBoxBody = nullptr;
-}
-
-} // namespace dom
-} // namespace mozilla
-
-// Creation Routine ///////////////////////////////////////////////////////////////////////
-
-nsresult
-NS_NewListBoxObject(nsIBoxObject** aResult)
-{
-  NS_ADDREF(*aResult = new mozilla::dom::ListBoxObject());
-  return NS_OK;
-}
diff --git a/layout/xul/ListBoxObject.h b/layout/xul/ListBoxObject.h
deleted file mode 100644
index 7cadcbcc19f6..000000000000
--- a/layout/xul/ListBoxObject.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef mozilla_dom_ListBoxObject_h
-#define mozilla_dom_ListBoxObject_h
-
-#include "mozilla/dom/BoxObject.h"
-#include "nsPIListBoxObject.h"
-
-namespace mozilla {
-namespace dom {
-
-class ListBoxObject final : public BoxObject,
-                            public nsPIListBoxObject
-{
-public:
-  NS_DECL_ISUPPORTS_INHERITED
-  NS_DECL_NSILISTBOXOBJECT
-
-  ListBoxObject();
-
-  virtual JSObject* WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto) override;
-
-  // nsPIListBoxObject
-  virtual nsListBoxBodyFrame* GetListBoxBody(bool aFlush) override;
-
-  // nsPIBoxObject
-  virtual void Clear() override;
-  virtual void ClearCachedValues() override;
-
-  // ListBoxObject.webidl
-  int32_t GetRowCount();
-  int32_t GetRowHeight();
-  int32_t GetNumberOfVisibleRows();
-  int32_t GetIndexOfFirstVisibleRow();
-  void EnsureIndexIsVisible(int32_t rowIndex);
-  void ScrollToIndex(int32_t rowIndex);
-  void ScrollByLines(int32_t numLines);
-  already_AddRefed<Element> GetItemAtIndex(int32_t index);
-  int32_t GetIndexOfItem(Element& item);
-
-protected:
-  nsListBoxBodyFrame *mListBoxBody;
-
-private:
-  ~ListBoxObject();
-};
-
-} // namespace dom
-} // namespace mozilla
-
-#endif // mozilla_dom_ListBoxObject_h
diff --git a/layout/xul/moz.build b/layout/xul/moz.build
index d8d8139a2df1..33aac98e8151 100644
--- a/layout/xul/moz.build
+++ b/layout/xul/moz.build
@@ -17,7 +17,6 @@ if CONFIG['ENABLE_TESTS']:
 
 XPIDL_SOURCES += [
     'nsIBoxObject.idl',
-    'nsIListBoxObject.idl',
 ]
 
 XPIDL_MODULE = 'layout_xul'
@@ -26,14 +25,12 @@ EXPORTS += [
     'nsBox.h',
     'nsIScrollbarMediator.h',
     'nsPIBoxObject.h',
-    'nsPIListBoxObject.h',
     'nsXULPopupManager.h',
     'nsXULTooltipListener.h',
 ]
 
 EXPORTS.mozilla.dom += [
     'BoxObject.h',
-    'ListBoxObject.h',
     'MenuBoxObject.h',
 ]
 
@@ -57,16 +54,12 @@ UNIFIED_SOURCES += [
 
 if CONFIG['MOZ_XUL']:
     UNIFIED_SOURCES += [
-        'ListBoxObject.cpp',
         'MenuBoxObject.cpp',
         'nsDeckFrame.cpp',
         'nsDocElementBoxFrame.cpp',
         'nsGroupBoxFrame.cpp',
         'nsImageBoxFrame.cpp',
         'nsLeafBoxFrame.cpp',
-        'nsListBoxBodyFrame.cpp',
-        'nsListBoxLayout.cpp',
-        'nsListItemFrame.cpp',
         'nsMenuBarFrame.cpp',
         'nsMenuBarListener.cpp',
         'nsMenuFrame.cpp',
diff --git a/layout/xul/nsBoxFrame.cpp b/layout/xul/nsBoxFrame.cpp
index cbee7afca0ac..c3c7621623bf 100644
--- a/layout/xul/nsBoxFrame.cpp
+++ b/layout/xul/nsBoxFrame.cpp
@@ -1264,12 +1264,6 @@ nsBoxFrame::RegUnregAccessKey(bool aDoReg)
     esm->UnregisterAccessKey(mContent->AsElement(), key);
 }
 
-bool
-nsBoxFrame::SupportsOrdinalsInChildren()
-{
-  return true;
-}
-
 void
 nsBoxFrame::AppendDirectlyOwnedAnonBoxes(nsTArray<OwnedAnonBox>& aResult)
 {
@@ -1293,8 +1287,7 @@ IsBoxOrdinalLEQ(nsIFrame* aFrame1,
 void
 nsBoxFrame::CheckBoxOrder()
 {
-  if (SupportsOrdinalsInChildren() &&
-      !nsIFrame::IsFrameListSorted<IsBoxOrdinalLEQ>(mFrames)) {
+  if (!nsIFrame::IsFrameListSorted<IsBoxOrdinalLEQ>(mFrames)) {
     nsIFrame::SortFrameList<IsBoxOrdinalLEQ>(mFrames);
   }
 }
@@ -1318,9 +1311,6 @@ nsBoxFrame::LayoutChildAt(nsBoxLayoutState& aState, nsIFrame* aBox, const nsRect
 nsresult
 nsBoxFrame::XULRelayoutChildAtOrdinal(nsIFrame* aChild)
 {
-  if (!SupportsOrdinalsInChildren())
-    return NS_OK;
-
   uint32_t ord = aChild->GetXULOrdinal();
 
   nsIFrame* child = mFrames.FirstChild();
diff --git a/layout/xul/nsBoxFrame.h b/layout/xul/nsBoxFrame.h
index 3a17fd07a2a8..adf9bd2d28e2 100644
--- a/layout/xul/nsBoxFrame.h
+++ b/layout/xul/nsBoxFrame.h
@@ -153,12 +153,6 @@ public:
                              const nsDisplayListSet& aIn,
                              const nsDisplayListSet& aOut);
 
-  /**
-   * This defaults to true, but some box frames (nsListBoxBodyFrame for
-   * example) don't support ordinals in their children.
-   */
-  virtual bool SupportsOrdinalsInChildren();
-
   /**
    * Return our wrapper block, if any.
    */
diff --git a/layout/xul/nsIListBoxObject.idl b/layout/xul/nsIListBoxObject.idl
deleted file mode 100644
index 5055c2970967..000000000000
--- a/layout/xul/nsIListBoxObject.idl
+++ /dev/null
@@ -1,19 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-// DEPRECATED: see ListBoxObject.webidl
-
-webidl Element;
-
-[shim(ListBoxObject), uuid(AA9DEF4E-2E59-412d-A6DF-B76F52167795)]
-interface nsIListBoxObject : nsISupports
-{
-  long getRowCount();
-
-  Element getItemAtIndex(in long index);
-  long getIndexOfItem(in Element item);
-};
diff --git a/layout/xul/nsListBoxBodyFrame.cpp b/layout/xul/nsListBoxBodyFrame.cpp
deleted file mode 100644
index 742bc1c0fbc4..000000000000
--- a/layout/xul/nsListBoxBodyFrame.cpp
+++ /dev/null
@@ -1,1532 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsListBoxBodyFrame.h"
-
-#include "nsListBoxLayout.h"
-
-#include "mozilla/MathAlgorithms.h"
-#include "nsCOMPtr.h"
-#include "nsGridRowGroupLayout.h"
-#include "nsIServiceManager.h"
-#include "nsGkAtoms.h"
-#include "nsIContent.h"
-#include "nsNameSpaceManager.h"
-#include "nsIDocument.h"
-#include "nsCSSFrameConstructor.h"
-#include "nsIScrollableFrame.h"
-#include "nsScrollbarFrame.h"
-#include "nsView.h"
-#include "nsViewManager.h"
-#include "mozilla/ComputedStyle.h"
-#include "nsFontMetrics.h"
-#include "nsITimer.h"
-#include "mozilla/ServoStyleSet.h"
-#include "mozilla/dom/Element.h"
-#include "mozilla/dom/Text.h"
-#include "nsPIBoxObject.h"
-#include "nsLayoutUtils.h"
-#include "nsPIListBoxObject.h"
-#include "nsContentUtils.h"
-#include "ChildIterator.h"
-#include "gfxContext.h"
-#include "prtime.h"
-#include <algorithm>
-
-#ifdef ACCESSIBILITY
-#include "nsAccessibilityService.h"
-#endif
-
-using namespace mozilla;
-using namespace mozilla::dom;
-
-/////////////// nsListScrollSmoother //////////////////
-
-/* A mediator used to smooth out scrolling. It works by seeing if
- * we have time to scroll the amount of rows requested. This is determined
- * by measuring how long it takes to scroll a row. If we can scroll the
- * rows in time we do so. If not we start a timer and skip the request. We
- * do this until the timer finally first because the user has stopped moving
- * the mouse. Then do all the queued requests in on shot.
- */
-
-// the longest amount of time that can go by before the use
-// notices it as a delay.
-#define USER_TIME_THRESHOLD 150000
-
-// how long it takes to layout a single row initial value.
-// we will time this after we scroll a few rows.
-#define TIME_PER_ROW_INITAL  50000
-
-// if we decide we can't layout the rows in the amount of time. How long
-// do we wait before checking again?
-#define SMOOTH_INTERVAL 100
-
-class nsListScrollSmoother final
-{
-private:
-  ~nsListScrollSmoother();
-
-public:
-  NS_INLINE_DECL_REFCOUNTING(nsListScrollSmoother)
-
-  explicit nsListScrollSmoother(nsListBoxBodyFrame* aOuter);
-
-  void Start();
-  void Stop();
-  bool IsRunning();
-
-  nsCOMPtr<nsITimer> mRepeatTimer;
-  int32_t mDelta;
-  nsListBoxBodyFrame* mOuter;
-};
-
-nsListScrollSmoother::nsListScrollSmoother(nsListBoxBodyFrame* aOuter)
-{
-  mDelta = 0;
-  mOuter = aOuter;
-}
-
-nsListScrollSmoother::~nsListScrollSmoother()
-{
-  Stop();
-}
-
-bool
-nsListScrollSmoother::IsRunning()
-{
-  return mRepeatTimer ? true : false;
-}
-
-void
-nsListScrollSmoother::Start()
-{
-  nsTimerCallbackFunc scrollSmootherCallback = [](nsITimer* aTimer,
-                                                  void* aClosure) {
-    // The passed-in nsListScrollSmoother is always alive here. Because if
-    // nsListScrollSmoother died, mRepeatTimer->Stop() would be called during
-    // the destruction and this callback would never be invoked.
-    auto self = static_cast<nsListScrollSmoother*>(aClosure);
-
-    self->Stop();
-
-    NS_ASSERTION(self->mOuter, "mOuter is null, see bug #68365");
-    if (self->mOuter) {
-      // actually do some work.
-      self->mOuter->InternalPositionChangedCallback();
-    }
-  };
-
-  Stop();
-  nsIEventTarget* target = nullptr;
-  if (mOuter) {
-    if (nsIContent* content = mOuter->GetContent()) {
-      target = content->OwnerDoc()->EventTargetFor(TaskCategory::Other);
-    }
-  }
-  NS_NewTimerWithFuncCallback(getter_AddRefs(mRepeatTimer),
-                              scrollSmootherCallback,
-                              this,
-                              SMOOTH_INTERVAL,
-                              nsITimer::TYPE_ONE_SHOT,
-                              "scrollSmootherCallback",
-                              target);
-}
-
-void
-nsListScrollSmoother::Stop()
-{
-  if ( mRepeatTimer ) {
-    mRepeatTimer->Cancel();
-    mRepeatTimer = nullptr;
-  }
-}
-
-/////////////// nsListBoxBodyFrame //////////////////
-
-nsListBoxBodyFrame::nsListBoxBodyFrame(ComputedStyle* aStyle,
-                                       nsBoxLayout* aLayoutManager)
-  : nsBoxFrame(aStyle, kClassID, false, aLayoutManager),
-    mTopFrame(nullptr),
-    mBottomFrame(nullptr),
-    mLinkupFrame(nullptr),
-    mScrollSmoother(nullptr),
-    mRowsToPrepend(0),
-    mRowCount(-1),
-    mRowHeight(0),
-    mAvailableHeight(0),
-    mStringWidth(-1),
-    mCurrentIndex(0),
-    mOldIndex(0),
-    mYPosition(0),
-    mTimePerRow(TIME_PER_ROW_INITAL),
-    mRowHeightWasSet(false),
-    mScrolling(false),
-    mAdjustScroll(false),
-    mReflowCallbackPosted(false)
-{
-}
-
-nsListBoxBodyFrame::~nsListBoxBodyFrame()
-{
-  NS_IF_RELEASE(mScrollSmoother);
-
-#if USE_TIMER_TO_DELAY_SCROLLING
-  StopScrollTracking();
-  mAutoScrollTimer = nullptr;
-#endif
-
-}
-
-NS_QUERYFRAME_HEAD(nsListBoxBodyFrame)
-  NS_QUERYFRAME_ENTRY(nsIScrollbarMediator)
-  NS_QUERYFRAME_ENTRY(nsListBoxBodyFrame)
-NS_QUERYFRAME_TAIL_INHERITING(nsBoxFrame)
-
-////////// nsIFrame /////////////////
-
-void
-nsListBoxBodyFrame::Init(nsIContent*       aContent,
-                         nsContainerFrame* aParent,
-                         nsIFrame*         aPrevInFlow)
-{
-  nsBoxFrame::Init(aContent, aParent, aPrevInFlow);
-  // Don't call nsLayoutUtils::GetScrollableFrameFor since we are not its
-  // scrollframe child yet.
-  nsIScrollableFrame* scrollFrame = do_QueryFrame(aParent);
-  if (scrollFrame) {
-    nsIFrame* verticalScrollbar = scrollFrame->GetScrollbarBox(true);
-    nsScrollbarFrame* scrollbarFrame = do_QueryFrame(verticalScrollbar);
-    if (scrollbarFrame) {
-      scrollbarFrame->SetScrollbarMediatorContent(GetContent());
-    }
-  }
-  RefPtr<nsFontMetrics> fm =
-    nsLayoutUtils::GetFontMetricsForFrame(this, 1.0f);
-  mRowHeight = fm->MaxHeight();
-}
-
-void
-nsListBoxBodyFrame::DestroyFrom(nsIFrame* aDestructRoot, PostDestroyData& aPostDestroyData)
-{
-  // make sure we cancel any posted callbacks.
-  if (mReflowCallbackPosted)
-     PresShell()->CancelReflowCallback(this);
-
-  // Revoke any pending position changed events
-  for (uint32_t i = 0; i < mPendingPositionChangeEvents.Length(); ++i) {
-    mPendingPositionChangeEvents[i]->Revoke();
-  }
-
-  // Make sure we tell our listbox's box object we're being destroyed.
-  if (mBoxObject) {
-    mBoxObject->ClearCachedValues();
-  }
-
-  nsBoxFrame::DestroyFrom(aDestructRoot, aPostDestroyData);
-}
-
-nsresult
-nsListBoxBodyFrame::AttributeChanged(int32_t aNameSpaceID,
-                                     nsAtom* aAttribute,
-                                     int32_t aModType)
-{
-  nsresult rv = NS_OK;
-
-  if (aAttribute == nsGkAtoms::rows) {
-    PresShell()->
-      FrameNeedsReflow(this, nsIPresShell::eStyleChange, NS_FRAME_IS_DIRTY);
-  }
-  else
-    rv = nsBoxFrame::AttributeChanged(aNameSpaceID, aAttribute, aModType);
-
-  return rv;
-
-}
-
-/* virtual */ void
-nsListBoxBodyFrame::MarkIntrinsicISizesDirty()
-{
-  mStringWidth = -1;
-  nsBoxFrame::MarkIntrinsicISizesDirty();
-}
-
-/////////// nsBox ///////////////
-
-NS_IMETHODIMP
-nsListBoxBodyFrame::DoXULLayout(nsBoxLayoutState& aBoxLayoutState)
-{
-  if (mScrolling)
-    aBoxLayoutState.SetPaintingDisabled(true);
-
-  nsresult rv = nsBoxFrame::DoXULLayout(aBoxLayoutState);
-
-  // determine the real height for the scrollable area from the total number
-  // of rows, since non-visible rows don't yet have frames
-  nsRect rect(nsPoint(0, 0), GetSize());
-  nsOverflowAreas overflow(rect, rect);
-  if (mLayoutManager) {
-    nsIFrame* childFrame = mFrames.FirstChild();
-    while (childFrame) {
-      ConsiderChildOverflow(overflow, childFrame);
-      childFrame = childFrame->GetNextSibling();
-    }
-
-    nsSize prefSize = mLayoutManager->GetXULPrefSize(this, aBoxLayoutState);
-    NS_FOR_FRAME_OVERFLOW_TYPES(otype) {
-      nsRect& o = overflow.Overflow(otype);
-      o.height = std::max(o.height, prefSize.height);
-    }
-  }
-  FinishAndStoreOverflow(overflow, GetSize());
-
-  if (mScrolling)
-    aBoxLayoutState.SetPaintingDisabled(false);
-
-  // if we are scrolled and the row height changed
-  // make sure we are scrolled to a correct index.
-  if (mAdjustScroll)
-     PostReflowCallback();
-
-  return rv;
-}
-
-nsSize
-nsListBoxBodyFrame::GetXULMinSizeForScrollArea(nsBoxLayoutState& aBoxLayoutState)
-{
-  nsSize result(0, 0);
-  if (nsContentUtils::HasNonEmptyAttr(GetContent(), kNameSpaceID_None,
-                                      nsGkAtoms::sizemode)) {
-    result = GetXULPrefSize(aBoxLayoutState);
-    result.height = 0;
-    nsIScrollableFrame* scrollFrame = nsLayoutUtils::GetScrollableFrameFor(this);
-    if (scrollFrame &&
-        scrollFrame->GetScrollbarStyles().mVertical == NS_STYLE_OVERFLOW_AUTO) {
-      nsMargin scrollbars =
-        scrollFrame->GetDesiredScrollbarSizes(&aBoxLayoutState);
-      result.width += scrollbars.left + scrollbars.right;
-    }
-  }
-  return result;
-}
-
-nsSize
-nsListBoxBodyFrame::GetXULPrefSize(nsBoxLayoutState& aBoxLayoutState)
-{
-  nsSize pref = nsBoxFrame::GetXULPrefSize(aBoxLayoutState);
-
-  int32_t size = GetFixedRowSize();
-  if (size > -1)
-    pref.height = size*GetRowHeightAppUnits();
-
-  nsIScrollableFrame* scrollFrame = nsLayoutUtils::GetScrollableFrameFor(this);
-  if (scrollFrame &&
-      scrollFrame->GetScrollbarStyles().mVertical == NS_STYLE_OVERFLOW_AUTO) {
-    nsMargin scrollbars = scrollFrame->GetDesiredScrollbarSizes(&aBoxLayoutState);
-    pref.width += scrollbars.left + scrollbars.right;
-  }
-  return pref;
-}
-
-///////////// nsIScrollbarMediator ///////////////
-
-void
-nsListBoxBodyFrame::ScrollByPage(nsScrollbarFrame* aScrollbar, int32_t aDirection,
-                                 nsIScrollbarMediator::ScrollSnapMode aSnap)
-{
-  // CSS Scroll Snapping is not enabled for XUL, aSnap is ignored
-  MOZ_ASSERT(aScrollbar != nullptr);
-  aScrollbar->SetIncrementToPage(aDirection);
-  AutoWeakFrame weakFrame(this);
-  int32_t newPos = aScrollbar->MoveToNewPosition();
-  if (!weakFrame.IsAlive()) {
-    return;
-  }
-  UpdateIndex(newPos);
-}
-
-void
-nsListBoxBodyFrame::ScrollByWhole(nsScrollbarFrame* aScrollbar, int32_t aDirection,
-                                  nsIScrollbarMediator::ScrollSnapMode aSnap)
-{
-  // CSS Scroll Snapping is not enabled for XUL, aSnap is ignored
-  MOZ_ASSERT(aScrollbar != nullptr);
-  aScrollbar->SetIncrementToWhole(aDirection);
-  AutoWeakFrame weakFrame(this);
-  int32_t newPos = aScrollbar->MoveToNewPosition();
-  if (!weakFrame.IsAlive()) {
-    return;
-  }
-  UpdateIndex(newPos);
-}
-
-void
-nsListBoxBodyFrame::ScrollByLine(nsScrollbarFrame* aScrollbar, int32_t aDirection,
-                                 nsIScrollbarMediator::ScrollSnapMode aSnap)
-{
-  // CSS Scroll Snapping is not enabled for XUL, aSnap is ignored
-  MOZ_ASSERT(aScrollbar != nullptr);
-  aScrollbar->SetIncrementToLine(aDirection);
-  AutoWeakFrame weakFrame(this);
-  int32_t newPos = aScrollbar->MoveToNewPosition();
-  if (!weakFrame.IsAlive()) {
-    return;
-  }
-  UpdateIndex(newPos);
-}
-
-void
-nsListBoxBodyFrame::RepeatButtonScroll(nsScrollbarFrame* aScrollbar)
-{
-  AutoWeakFrame weakFrame(this);
-  int32_t newPos = aScrollbar->MoveToNewPosition();
-  if (!weakFrame.IsAlive()) {
-    return;
-  }
-  UpdateIndex(newPos);
-}
-
-int32_t
-nsListBoxBodyFrame::ToRowIndex(nscoord aPos) const
-{
-  return NS_roundf(float(std::max(aPos, 0)) / mRowHeight);
-}
-
-void
-nsListBoxBodyFrame::ThumbMoved(nsScrollbarFrame* aScrollbar,
-                               nscoord aOldPos,
-                               nscoord aNewPos)
-{
-  if (mScrolling || mRowHeight == 0)
-    return;
-
-  int32_t newIndex = ToRowIndex(aNewPos);
-  if (newIndex == mCurrentIndex) {
-    return;
-  }
-  int32_t rowDelta = newIndex - mCurrentIndex;
-
-  nsListScrollSmoother* smoother = GetSmoother();
-
-  // if we can't scroll the rows in time then start a timer. We will eat
-  // events until the user stops moving and the timer stops.
-  if (smoother->IsRunning() || Abs(rowDelta)*mTimePerRow > USER_TIME_THRESHOLD) {
-
-     smoother->Stop();
-
-     smoother->mDelta = rowDelta;
-
-     smoother->Start();
-
-     return;
-  }
-
-  smoother->Stop();
-
-  mCurrentIndex = newIndex;
-  smoother->mDelta = 0;
-
-  if (mCurrentIndex < 0) {
-    mCurrentIndex = 0;
-    return;
-  }
-  InternalPositionChanged(rowDelta < 0, Abs(rowDelta));
-}
-
-void
-nsListBoxBodyFrame::VisibilityChanged(bool aVisible)
-{
-  if (mRowHeight == 0)
-    return;
-
-  int32_t lastPageTopRow = GetRowCount() - (GetAvailableHeight() / mRowHeight);
-  if (lastPageTopRow < 0)
-    lastPageTopRow = 0;
-  int32_t delta = mCurrentIndex - lastPageTopRow;
-  if (delta > 0) {
-    mCurrentIndex = lastPageTopRow;
-    InternalPositionChanged(true, delta);
-  }
-}
-
-nsIFrame*
-nsListBoxBodyFrame::GetScrollbarBox(bool aVertical)
-{
-  nsIScrollableFrame* scrollFrame = nsLayoutUtils::GetScrollableFrameFor(this);
-  return scrollFrame ? scrollFrame->GetScrollbarBox(true) : nullptr;
-}
-
-void
-nsListBoxBodyFrame::UpdateIndex(int32_t aNewPos)
-{
-  int32_t newIndex = ToRowIndex(nsPresContext::CSSPixelsToAppUnits(aNewPos));
-  if (newIndex == mCurrentIndex) {
-    return;
-  }
-  bool up = newIndex < mCurrentIndex;
-  int32_t indexDelta = Abs(newIndex - mCurrentIndex);
-  mCurrentIndex = newIndex;
-  InternalPositionChanged(up, indexDelta);
-}
-
-///////////// nsIReflowCallback ///////////////
-
-bool
-nsListBoxBodyFrame::ReflowFinished()
-{
-  nsAutoScriptBlocker scriptBlocker;
-  // now create or destroy any rows as needed
-  CreateRows();
-
-  // keep scrollbar in sync
-  if (mAdjustScroll) {
-     VerticalScroll(mYPosition);
-     mAdjustScroll = false;
-  }
-
-  // if the row height changed then mark everything as a style change.
-  // That will dirty the entire listbox
-  if (mRowHeightWasSet) {
-    PresShell()->
-      FrameNeedsReflow(this, nsIPresShell::eStyleChange, NS_FRAME_IS_DIRTY);
-     int32_t pos = mCurrentIndex * mRowHeight;
-     if (mYPosition != pos)
-       mAdjustScroll = true;
-    mRowHeightWasSet = false;
-  }
-
-  mReflowCallbackPosted = false;
-  return true;
-}
-
-void
-nsListBoxBodyFrame::ReflowCallbackCanceled()
-{
-  mReflowCallbackPosted = false;
-}
-
-///////// ListBoxObject ///////////////
-
-int32_t
-nsListBoxBodyFrame::GetNumberOfVisibleRows()
-{
-  return mRowHeight ? GetAvailableHeight() / mRowHeight : 0;
-}
-
-int32_t
-nsListBoxBodyFrame::GetIndexOfFirstVisibleRow()
-{
-  return mCurrentIndex;
-}
-
-nsresult
-nsListBoxBodyFrame::EnsureIndexIsVisible(int32_t aRowIndex)
-{
-  if (aRowIndex < 0)
-    return NS_ERROR_ILLEGAL_VALUE;
-
-  int32_t rows = 0;
-  if (mRowHeight)
-    rows = GetAvailableHeight()/mRowHeight;
-  if (rows <= 0)
-    rows = 1;
-  int32_t bottomIndex = mCurrentIndex + rows;
-
-  // if row is visible, ignore
-  if (mCurrentIndex <= aRowIndex && aRowIndex < bottomIndex)
-    return NS_OK;
-
-  int32_t delta;
-
-  bool up = aRowIndex < mCurrentIndex;
-  if (up) {
-    delta = mCurrentIndex - aRowIndex;
-    mCurrentIndex = aRowIndex;
-  }
-  else {
-    // Check to be sure we're not scrolling off the bottom of the tree
-    if (aRowIndex >= GetRowCount())
-      return NS_ERROR_ILLEGAL_VALUE;
-
-    // Bring it just into view.
-    delta = 1 + (aRowIndex-bottomIndex);
-    mCurrentIndex += delta;
-  }
-
-  // Safe to not go off an event here, since this is coming from the
-  // box object.
-  DoInternalPositionChangedSync(up, delta);
-  return NS_OK;
-}
-
-nsresult
-nsListBoxBodyFrame::ScrollByLines(int32_t aNumLines)
-{
-  int32_t scrollIndex = GetIndexOfFirstVisibleRow(),
-    visibleRows = GetNumberOfVisibleRows();
-
-  scrollIndex += aNumLines;
-
-  if (scrollIndex < 0)
-    scrollIndex = 0;
-  else {
-    int32_t numRows = GetRowCount();
-    int32_t lastPageTopRow = numRows - visibleRows;
-    if (scrollIndex > lastPageTopRow)
-      scrollIndex = lastPageTopRow;
-  }
-
-  ScrollToIndex(scrollIndex);
-
-  return NS_OK;
-}
-
-// walks the DOM to get the zero-based row index of the content
-nsresult
-nsListBoxBodyFrame::GetIndexOfItem(Element* aItem, int32_t* _retval)
-{
-  if (aItem) {
-    *_retval = 0;
-
-    FlattenedChildIterator iter(mContent);
-    for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-      // we hit a list row, count it
-      if (child->IsXULElement(nsGkAtoms::listitem)) {
-        // is this it?
-        if (child == aItem)
-          return NS_OK;
-
-        ++(*_retval);
-      }
-    }
-  }
-
-  // not found
-  *_retval = -1;
-  return NS_OK;
-}
-
-nsresult
-nsListBoxBodyFrame::GetItemAtIndex(int32_t aIndex, Element** aItem)
-{
-  *aItem = nullptr;
-  if (aIndex < 0)
-    return NS_OK;
-
-  int32_t itemCount = 0;
-  FlattenedChildIterator iter(mContent);
-  for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-    // we hit a list row, check if it is the one we are looking for
-    if (child->IsXULElement(nsGkAtoms::listitem)) {
-      // is this it?
-      if (itemCount == aIndex) {
-        *aItem = do_AddRef(child->AsElement()).take();
-        return NS_OK;
-      }
-      ++itemCount;
-    }
-  }
-
-  // not found
-  return NS_OK;
-}
-
-/////////// nsListBoxBodyFrame ///////////////
-
-int32_t
-nsListBoxBodyFrame::GetRowCount()
-{
-  if (mRowCount < 0)
-    ComputeTotalRowCount();
-  return mRowCount;
-}
-
-int32_t
-nsListBoxBodyFrame::GetRowHeightPixels() const
-{
-  return nsPresContext::AppUnitsToIntCSSPixels(mRowHeight);
-}
-
-int32_t
-nsListBoxBodyFrame::GetFixedRowSize()
-{
-  nsresult dummy;
-
-  nsAutoString rows;
-  mContent->AsElement()->GetAttr(kNameSpaceID_None, nsGkAtoms::rows, rows);
-  if (!rows.IsEmpty())
-    return rows.ToInteger(&dummy);
-
-  mContent->AsElement()->GetAttr(kNameSpaceID_None, nsGkAtoms::size, rows);
-  if (!rows.IsEmpty())
-    return rows.ToInteger(&dummy);
-
-  return -1;
-}
-
-void
-nsListBoxBodyFrame::SetRowHeight(nscoord aRowHeight)
-{
-  if (aRowHeight > mRowHeight) {
-    mRowHeight = aRowHeight;
-
-    // signal we need to dirty everything
-    // and we want to be notified after reflow
-    // so we can create or destory rows as needed
-    mRowHeightWasSet = true;
-    PostReflowCallback();
-  }
-}
-
-nscoord
-nsListBoxBodyFrame::GetAvailableHeight()
-{
-  nsIScrollableFrame* scrollFrame =
-    nsLayoutUtils::GetScrollableFrameFor(this);
-  if (scrollFrame) {
-    return scrollFrame->GetScrollPortRect().height;
-  }
-  return 0;
-}
-
-nscoord
-nsListBoxBodyFrame::GetYPosition()
-{
-  return mYPosition;
-}
-
-nscoord
-nsListBoxBodyFrame::ComputeIntrinsicISize(nsBoxLayoutState& aBoxLayoutState)
-{
-  if (mStringWidth != -1)
-    return mStringWidth;
-
-  nscoord largestWidth = 0;
-
-  int32_t index = 0;
-  RefPtr<Element> firstRowEl;
-  GetItemAtIndex(index, getter_AddRefs(firstRowEl));
-
-  if (firstRowEl) {
-    nsPresContext* presContext = aBoxLayoutState.PresContext();
-    RefPtr<ComputedStyle> computedStyle =
-      presContext->StyleSet()->ResolveStyleFor(
-          firstRowEl, nullptr, LazyComputeBehavior::Allow);
-
-    nscoord width = 0;
-    nsMargin margin(0,0,0,0);
-
-    if (computedStyle->StylePadding()->GetPadding(margin))
-      width += margin.LeftRight();
-    width += computedStyle->StyleBorder()->GetComputedBorder().LeftRight();
-    if (computedStyle->StyleMargin()->GetMargin(margin))
-      width += margin.LeftRight();
-
-    FlattenedChildIterator iter(mContent);
-    for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-      if (child->IsXULElement(nsGkAtoms::listitem)) {
-        gfxContext* rendContext = aBoxLayoutState.GetRenderingContext();
-        if (rendContext) {
-          nsAutoString value;
-          for (nsIContent* content = child->GetFirstChild();
-               content; content = content->GetNextSibling()) {
-            if (Text* text = content->GetAsText()) {
-              text->AppendTextTo(value);
-            }
-          }
-
-          RefPtr<nsFontMetrics> fm =
-            nsLayoutUtils::GetFontMetricsForComputedStyle(computedStyle,
-                                                          presContext);
-
-          nscoord textWidth =
-            nsLayoutUtils::AppUnitWidthOfStringBidi(value, this, *fm,
-                                                    *rendContext);
-          textWidth += width;
-
-          if (textWidth > largestWidth)
-            largestWidth = textWidth;
-        }
-      }
-    }
-  }
-
-  mStringWidth = largestWidth;
-  return mStringWidth;
-}
-
-void
-nsListBoxBodyFrame::ComputeTotalRowCount()
-{
-  mRowCount = 0;
-  FlattenedChildIterator iter(mContent);
-  for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-    if (child->IsXULElement(nsGkAtoms::listitem)) {
-      ++mRowCount;
-    }
-  }
-}
-
-void
-nsListBoxBodyFrame::PostReflowCallback()
-{
-  if (!mReflowCallbackPosted) {
-    mReflowCallbackPosted = true;
-    PresShell()->PostReflowCallback(this);
-  }
-}
-
-////////// scrolling
-
-nsresult
-nsListBoxBodyFrame::ScrollToIndex(int32_t aRowIndex)
-{
-  if (( aRowIndex < 0 ) || (mRowHeight == 0))
-    return NS_OK;
-
-  int32_t newIndex = aRowIndex;
-  int32_t delta = mCurrentIndex > newIndex ? mCurrentIndex - newIndex : newIndex - mCurrentIndex;
-  bool up = newIndex < mCurrentIndex;
-
-  // Check to be sure we're not scrolling off the bottom of the tree
-  int32_t lastPageTopRow = GetRowCount() - (GetAvailableHeight() / mRowHeight);
-  if (lastPageTopRow < 0)
-    lastPageTopRow = 0;
-
-  if (aRowIndex > lastPageTopRow)
-    return NS_OK;
-
-  mCurrentIndex = newIndex;
-
-  AutoWeakFrame weak(this);
-
-  // Since we're going to flush anyway, we need to not do this off an event
-  DoInternalPositionChangedSync(up, delta);
-
-  if (!weak.IsAlive()) {
-    return NS_OK;
-  }
-
-  // This change has to happen immediately.
-  // Flush any pending reflow commands.
-  // XXXbz why, exactly?
-  mContent->GetComposedDoc()->FlushPendingNotifications(FlushType::Layout);
-
-  return NS_OK;
-}
-
-nsresult
-nsListBoxBodyFrame::InternalPositionChangedCallback()
-{
-  nsListScrollSmoother* smoother = GetSmoother();
-
-  if (smoother->mDelta == 0)
-    return NS_OK;
-
-  mCurrentIndex += smoother->mDelta;
-
-  if (mCurrentIndex < 0)
-    mCurrentIndex = 0;
-
-  return DoInternalPositionChangedSync(smoother->mDelta < 0,
-                                       smoother->mDelta < 0 ?
-                                         -smoother->mDelta : smoother->mDelta);
-}
-
-nsresult
-nsListBoxBodyFrame::InternalPositionChanged(bool aUp, int32_t aDelta)
-{
-  RefPtr<nsPositionChangedEvent> event =
-    new nsPositionChangedEvent(this, aUp, aDelta);
-  nsresult rv = mContent->OwnerDoc()->Dispatch(TaskCategory::Other,
-                                               do_AddRef(event));
-  if (NS_SUCCEEDED(rv)) {
-    if (!mPendingPositionChangeEvents.AppendElement(event)) {
-      rv = NS_ERROR_OUT_OF_MEMORY;
-      event->Revoke();
-    }
-  }
-  return rv;
-}
-
-nsresult
-nsListBoxBodyFrame::DoInternalPositionChangedSync(bool aUp, int32_t aDelta)
-{
-  AutoWeakFrame weak(this);
-
-  // Process all the pending position changes first
-  nsTArray< RefPtr<nsPositionChangedEvent> > temp;
-  temp.SwapElements(mPendingPositionChangeEvents);
-  for (uint32_t i = 0; i < temp.Length(); ++i) {
-    if (weak.IsAlive()) {
-      temp[i]->Run();
-    }
-    temp[i]->Revoke();
-  }
-
-  if (!weak.IsAlive()) {
-    return NS_OK;
-  }
-
-  return DoInternalPositionChanged(aUp, aDelta);
-}
-
-nsresult
-nsListBoxBodyFrame::DoInternalPositionChanged(bool aUp, int32_t aDelta)
-{
-  if (aDelta == 0)
-    return NS_OK;
-
-  RefPtr<nsPresContext> presContext(PresContext());
-  nsBoxLayoutState state(presContext);
-
-  // begin timing how long it takes to scroll a row
-  PRTime start = PR_Now();
-
-  AutoWeakFrame weakThis(this);
-  mContent->GetComposedDoc()->FlushPendingNotifications(FlushType::Layout);
-  if (!weakThis.IsAlive()) {
-    return NS_OK;
-  }
-
-  {
-    nsAutoScriptBlocker scriptBlocker;
-
-    int32_t visibleRows = 0;
-    if (mRowHeight)
-      visibleRows = GetAvailableHeight()/mRowHeight;
-
-    if (aDelta < visibleRows) {
-      int32_t loseRows = aDelta;
-      if (aUp) {
-        // scrolling up, destroy rows from the bottom downwards
-        ReverseDestroyRows(loseRows);
-        mRowsToPrepend += aDelta;
-        mLinkupFrame = nullptr;
-      }
-      else {
-        // scrolling down, destroy rows from the top upwards
-        DestroyRows(loseRows);
-        mRowsToPrepend = 0;
-      }
-    }
-    else {
-      // We have scrolled so much that all of our current frames will
-      // go off screen, so blow them all away. Weeee!
-      nsIFrame *currBox = mFrames.FirstChild();
-      while (currBox) {
-        nsIFrame *nextBox = currBox->GetNextSibling();
-        RemoveChildFrame(state, currBox);
-        currBox = nextBox;
-      }
-    }
-
-    // clear frame markers so that CreateRows will re-create
-    mTopFrame = mBottomFrame = nullptr;
-
-    mYPosition = mCurrentIndex*mRowHeight;
-    mScrolling = true;
-    presContext->PresShell()->
-      FrameNeedsReflow(this, nsIPresShell::eResize, NS_FRAME_HAS_DIRTY_CHILDREN);
-  }
-  if (!weakThis.IsAlive()) {
-    return NS_OK;
-  }
-  // Flush calls CreateRows
-  // XXXbz there has to be a better way to do this than flushing!
-  presContext->PresShell()->FlushPendingNotifications(FlushType::Layout);
-  if (!weakThis.IsAlive()) {
-    return NS_OK;
-  }
-
-  mScrolling = false;
-
-  VerticalScroll(mYPosition);
-
-  PRTime end = PR_Now();
-
-  int32_t newTime = int32_t(end - start) / aDelta;
-
-  // average old and new
-  mTimePerRow = (newTime + mTimePerRow)/2;
-
-  return NS_OK;
-}
-
-nsListScrollSmoother*
-nsListBoxBodyFrame::GetSmoother()
-{
-  if (!mScrollSmoother) {
-    mScrollSmoother = new nsListScrollSmoother(this);
-    NS_ASSERTION(mScrollSmoother, "out of memory");
-    NS_IF_ADDREF(mScrollSmoother);
-  }
-
-  return mScrollSmoother;
-}
-
-void
-nsListBoxBodyFrame::VerticalScroll(int32_t aPosition)
-{
-  nsIScrollableFrame* scrollFrame
-    = nsLayoutUtils::GetScrollableFrameFor(this);
-  if (!scrollFrame) {
-    return;
-  }
-
-  nsPoint scrollPosition = scrollFrame->GetScrollPosition();
-
-  AutoWeakFrame weakFrame(this);
-  scrollFrame->ScrollTo(nsPoint(scrollPosition.x, aPosition),
-                        nsIScrollableFrame::INSTANT);
-  if (!weakFrame.IsAlive()) {
-    return;
-  }
-
-  mYPosition = aPosition;
-}
-
-////////// frame and box retrieval
-
-nsIFrame*
-nsListBoxBodyFrame::GetFirstFrame()
-{
-  mTopFrame = mFrames.FirstChild();
-  return mTopFrame;
-}
-
-nsIFrame*
-nsListBoxBodyFrame::GetLastFrame()
-{
-  return mFrames.LastChild();
-}
-
-bool
-nsListBoxBodyFrame::SupportsOrdinalsInChildren()
-{
-  return false;
-}
-
-////////// lazy row creation and destruction
-
-void
-nsListBoxBodyFrame::CreateRows()
-{
-  // Get our client rect.
-  nsRect clientRect;
-  GetXULClientRect(clientRect);
-
-  // Get the starting y position and the remaining available
-  // height.
-  nscoord availableHeight = GetAvailableHeight();
-
-  if (availableHeight <= 0) {
-    bool fixed = (GetFixedRowSize() != -1);
-    if (fixed)
-      availableHeight = 10;
-    else
-      return;
-  }
-
-  // get the first tree box. If there isn't one create one.
-  bool created = false;
-  nsIFrame* box = GetFirstItemBox(0, &created);
-  nscoord rowHeight = GetRowHeightAppUnits();
-  while (box) {
-    if (created && mRowsToPrepend > 0)
-      --mRowsToPrepend;
-
-    // if the row height is 0 then fail. Wait until someone
-    // laid out and sets the row height.
-    if (rowHeight == 0)
-        return;
-
-    availableHeight -= rowHeight;
-
-    // should we continue? Is the enought height?
-    if (!ContinueReflow(availableHeight))
-      break;
-
-    // get the next tree box. Create one if needed.
-    box = GetNextItemBox(box, 0, &created);
-  }
-
-  mRowsToPrepend = 0;
-  mLinkupFrame = nullptr;
-}
-
-void
-nsListBoxBodyFrame::DestroyRows(int32_t& aRowsToLose)
-{
-  // We need to destroy frames until our row count has been properly
-  // reduced.  A reflow will then pick up and create the new frames.
-  nsIFrame* childFrame = GetFirstFrame();
-  nsBoxLayoutState state(PresContext());
-
-  while (childFrame && aRowsToLose > 0) {
-    --aRowsToLose;
-
-    nsIFrame* nextFrame = childFrame->GetNextSibling();
-    RemoveChildFrame(state, childFrame);
-
-    mTopFrame = childFrame = nextFrame;
-  }
-
-  PresShell()->
-    FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-                     NS_FRAME_HAS_DIRTY_CHILDREN);
-}
-
-void
-nsListBoxBodyFrame::ReverseDestroyRows(int32_t& aRowsToLose)
-{
-  // We need to destroy frames until our row count has been properly
-  // reduced.  A reflow will then pick up and create the new frames.
-  nsIFrame* childFrame = GetLastFrame();
-  nsBoxLayoutState state(PresContext());
-
-  while (childFrame && aRowsToLose > 0) {
-    --aRowsToLose;
-
-    nsIFrame* prevFrame;
-    prevFrame = childFrame->GetPrevSibling();
-    RemoveChildFrame(state, childFrame);
-
-    mBottomFrame = childFrame = prevFrame;
-  }
-
-  PresShell()->
-    FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-                     NS_FRAME_HAS_DIRTY_CHILDREN);
-}
-
-static bool
-IsListItemChild(nsListBoxBodyFrame* aParent, nsIContent* aChild,
-                nsIFrame** aChildFrame)
-{
-  *aChildFrame = nullptr;
-  if (!aChild->IsXULElement(nsGkAtoms::listitem)) {
-    return false;
-  }
-  nsIFrame* existingFrame = aChild->GetPrimaryFrame();
-  if (existingFrame && existingFrame->GetParent() != aParent) {
-    return false;
-  }
-  *aChildFrame = existingFrame;
-  return true;
-}
-
-//
-// Get the nsIFrame for the first visible listitem, and if none exists,
-// create one.
-//
-nsIFrame*
-nsListBoxBodyFrame::GetFirstItemBox(int32_t aOffset, bool* aCreated)
-{
-  if (aCreated)
-   *aCreated = false;
-
-  // Clear ourselves out.
-  mBottomFrame = mTopFrame;
-
-  if (mTopFrame) {
-    return mTopFrame->IsXULBoxFrame() ? mTopFrame.GetFrame() : nullptr;
-  }
-
-  // top frame was cleared out
-  mTopFrame = GetFirstFrame();
-  mBottomFrame = mTopFrame;
-
-  if (mTopFrame && mRowsToPrepend <= 0) {
-    return mTopFrame->IsXULBoxFrame() ? mTopFrame.GetFrame() : nullptr;
-  }
-
-  // At this point, we either have no frames at all,
-  // or the user has scrolled upwards, leaving frames
-  // to be created at the top.  Let's determine which
-  // content needs a new frame first.
-
-  nsCOMPtr<nsIContent> startContent;
-  if (mTopFrame && mRowsToPrepend > 0) {
-    // We need to insert rows before the top frame
-    nsIContent* topContent = mTopFrame->GetContent();
-    nsIContent* topParent = topContent->GetParent();
-    int32_t contentIndex = topParent->ComputeIndexOf(topContent);
-    contentIndex -= aOffset;
-    if (contentIndex < 0)
-      return nullptr;
-    startContent = topParent->GetChildAt_Deprecated(contentIndex - mRowsToPrepend);
-  } else {
-    // This will be the first item frame we create.  Use the content
-    // at the current index, which is the first index scrolled into view
-    GetListItemContentAt(mCurrentIndex+aOffset, getter_AddRefs(startContent));
-  }
-
-  if (startContent) {
-    nsIFrame* existingFrame;
-    if (!IsListItemChild(this, startContent, &existingFrame)) {
-      return GetFirstItemBox(++aOffset, aCreated);
-    }
-    if (existingFrame) {
-      return existingFrame->IsXULBoxFrame() ? existingFrame : nullptr;
-    }
-
-    // Either append the new frame, or prepend it (at index 0)
-    // XXX check here if frame was even created, it may not have been if
-    //     display: none was on listitem content
-    bool isAppend = mRowsToPrepend <= 0;
-
-    nsIFrame* topFrame = nullptr;
-    PresContext()->FrameConstructor()->CreateListBoxContent(
-        this, nullptr, startContent, &topFrame, isAppend);
-    mTopFrame = topFrame;
-    if (mTopFrame) {
-      if (aCreated)
-        *aCreated = true;
-
-      mBottomFrame = mTopFrame;
-
-      return mTopFrame->IsXULBoxFrame() ? mTopFrame.GetFrame() : nullptr;
-    } else
-      return GetFirstItemBox(++aOffset, 0);
-  }
-
-  return nullptr;
-}
-
-//
-// Get the nsIFrame for the next visible listitem after aBox, and if none
-// exists, create one.
-//
-nsIFrame*
-nsListBoxBodyFrame::GetNextItemBox(nsIFrame* aBox, int32_t aOffset,
-                                   bool* aCreated)
-{
-  if (aCreated)
-    *aCreated = false;
-
-  nsIFrame* result = aBox->GetNextSibling();
-
-  if (!result || result == mLinkupFrame || mRowsToPrepend > 0) {
-    // No result found. See if there's a content node that wants a frame.
-    nsIContent* prevContent = aBox->GetContent();
-    nsIContent* parentContent = prevContent->GetParent();
-
-    int32_t i = parentContent->ComputeIndexOf(prevContent);
-
-    uint32_t childCount = parentContent->GetChildCount();
-    if (((uint32_t)i + aOffset + 1) < childCount) {
-      // There is a content node that wants a frame.
-      nsIContent *nextContent = parentContent->GetChildAt_Deprecated(i + aOffset + 1);
-
-      nsIFrame* existingFrame;
-      if (!IsListItemChild(this, nextContent, &existingFrame)) {
-        return GetNextItemBox(aBox, ++aOffset, aCreated);
-      }
-      if (!existingFrame) {
-        // Either append the new frame, or insert it after the current frame
-        bool isAppend = result != mLinkupFrame && mRowsToPrepend <= 0;
-        nsIFrame* prevFrame = isAppend ? nullptr : aBox;
-
-        PresContext()->FrameConstructor()->CreateListBoxContent(
-            this, prevFrame, nextContent, &result, isAppend);
-
-        if (result) {
-          if (aCreated)
-            *aCreated = true;
-        } else
-          return GetNextItemBox(aBox, ++aOffset, aCreated);
-      } else {
-        result = existingFrame;
-      }
-
-      mLinkupFrame = nullptr;
-    }
-  }
-
-  if (!result)
-    return nullptr;
-
-  mBottomFrame = result;
-
-  NS_ASSERTION(!result->IsXULBoxFrame() || result->GetParent() == this,
-               "returning frame that is not in childlist");
-
-  return result->IsXULBoxFrame() ? result : nullptr;
-}
-
-bool
-nsListBoxBodyFrame::ContinueReflow(nscoord height)
-{
-#ifdef ACCESSIBILITY
-  if (nsIPresShell::IsAccessibilityActive()) {
-    // Create all the frames at once so screen readers and
-    // onscreen keyboards can see the full list right away
-    return true;
-  }
-#endif
-
-  if (height <= 0) {
-    nsIFrame* lastChild = GetLastFrame();
-    nsIFrame* startingPoint = mBottomFrame;
-    if (startingPoint == nullptr) {
-      // We just want to delete everything but the first item.
-      startingPoint = GetFirstFrame();
-    }
-
-    if (lastChild != startingPoint) {
-      // We have some hangers on (probably caused by shrinking the size of the window).
-      // Nuke them.
-      nsIFrame* currFrame = startingPoint->GetNextSibling();
-      nsBoxLayoutState state(PresContext());
-
-      while (currFrame) {
-        nsIFrame* nextFrame = currFrame->GetNextSibling();
-        RemoveChildFrame(state, currFrame);
-        currFrame = nextFrame;
-      }
-
-      PresShell()->
-        FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-                         NS_FRAME_HAS_DIRTY_CHILDREN);
-    }
-    return false;
-  }
-  else
-    return true;
-}
-
-NS_IMETHODIMP
-nsListBoxBodyFrame::ListBoxAppendFrames(nsFrameList& aFrameList)
-{
-  // append them after
-  nsBoxLayoutState state(PresContext());
-  const nsFrameList::Slice& newFrames = mFrames.AppendFrames(nullptr, aFrameList);
-  if (mLayoutManager)
-    mLayoutManager->ChildrenAppended(this, state, newFrames);
-  PresShell()->
-    FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-                     NS_FRAME_HAS_DIRTY_CHILDREN);
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsListBoxBodyFrame::ListBoxInsertFrames(nsIFrame* aPrevFrame,
-                                        nsFrameList& aFrameList)
-{
-  // insert the frames to our info list
-  nsBoxLayoutState state(PresContext());
-  const nsFrameList::Slice& newFrames =
-    mFrames.InsertFrames(nullptr, aPrevFrame, aFrameList);
-  if (mLayoutManager)
-    mLayoutManager->ChildrenInserted(this, state, aPrevFrame, newFrames);
-  PresShell()->
-    FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-                     NS_FRAME_HAS_DIRTY_CHILDREN);
-
-  return NS_OK;
-}
-
-//
-// Called by nsCSSFrameConstructor when a new listitem content is inserted.
-//
-void
-nsListBoxBodyFrame::OnContentInserted(nsIContent* aChildContent)
-{
-  if (mRowCount >= 0)
-    ++mRowCount;
-
-  // The RDF content builder will build content nodes such that they are all
-  // ready when OnContentInserted is first called, meaning the first call
-  // to CreateRows will create all the frames, but OnContentInserted will
-  // still be called again for each content node - so we need to make sure
-  // that the frame for each content node hasn't already been created.
-  nsIFrame* childFrame = aChildContent->GetPrimaryFrame();
-  if (childFrame)
-    return;
-
-  int32_t siblingIndex;
-  nsCOMPtr<nsIContent> nextSiblingContent;
-  GetListItemNextSibling(aChildContent, getter_AddRefs(nextSiblingContent), siblingIndex);
-
-  // if we're inserting our item before the first visible content,
-  // then we need to shift all rows down by one
-  if (siblingIndex >= 0 &&  siblingIndex-1 <= mCurrentIndex) {
-    mTopFrame = nullptr;
-    mRowsToPrepend = 1;
-  } else if (nextSiblingContent) {
-    // we may be inserting before a frame that is on screen
-    nsIFrame* nextSiblingFrame = nextSiblingContent->GetPrimaryFrame();
-    mLinkupFrame = nextSiblingFrame;
-  }
-
-  CreateRows();
-  PresShell()->
-    FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-                     NS_FRAME_HAS_DIRTY_CHILDREN);
-}
-
-//
-// Called by nsCSSFrameConstructor when listitem content is removed.
-//
-void
-nsListBoxBodyFrame::OnContentRemoved(nsPresContext* aPresContext,
-                                     nsIContent* aContainer,
-                                     nsIFrame* aChildFrame,
-                                     nsIContent* aOldNextSibling)
-{
-  NS_ASSERTION(!aChildFrame || aChildFrame->GetParent() == this,
-               "Removing frame that's not our child... Not good");
-
-  if (mRowCount >= 0)
-    --mRowCount;
-
-  if (aContainer) {
-    if (!aChildFrame) {
-      // The row we are removing is out of view, so we need to try to
-      // determine the index of its next sibling.
-      int32_t siblingIndex = -1;
-      if (aOldNextSibling) {
-        nsCOMPtr<nsIContent> nextSiblingContent;
-        GetListItemNextSibling(aOldNextSibling,
-                               getter_AddRefs(nextSiblingContent),
-                               siblingIndex);
-      }
-
-      // if the row being removed is off-screen and above the top frame, we need to
-      // adjust our top index and tell the scrollbar to shift up one row.
-      if (siblingIndex >= 0 && siblingIndex-1 < mCurrentIndex) {
-        MOZ_ASSERT(mCurrentIndex > 0, "mCurrentIndex > 0");
-        --mCurrentIndex;
-        mYPosition = mCurrentIndex*mRowHeight;
-        AutoWeakFrame weakChildFrame(aChildFrame);
-        VerticalScroll(mYPosition);
-        if (!weakChildFrame.IsAlive()) {
-          return;
-        }
-      }
-    } else if (mCurrentIndex > 0) {
-      // At this point, we know we have a scrollbar, and we need to know
-      // if we are scrolled to the last row.  In this case, the behavior
-      // of the scrollbar is to stay locked to the bottom.  Since we are
-      // removing visible content, the first visible row will have to move
-      // down by one, and we will have to insert a new frame at the top.
-
-      // if the last content node has a frame, we are scrolled to the bottom
-      nsIContent* lastChild = nullptr;
-      FlattenedChildIterator iter(mContent);
-      for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-        lastChild = child;
-      }
-
-      if (lastChild) {
-        nsIFrame* lastChildFrame = lastChild->GetPrimaryFrame();
-
-        if (lastChildFrame) {
-          mTopFrame = nullptr;
-          mRowsToPrepend = 1;
-          --mCurrentIndex;
-          mYPosition = mCurrentIndex*mRowHeight;
-          AutoWeakFrame weakChildFrame(aChildFrame);
-          VerticalScroll(mYPosition);
-          if (!weakChildFrame.IsAlive()) {
-            return;
-          }
-        }
-      }
-    }
-  }
-
-  // if we're removing the top row, the new top row is the next row
-  if (mTopFrame && mTopFrame == aChildFrame)
-    mTopFrame = mTopFrame->GetNextSibling();
-
-  // Go ahead and delete the frame.
-  nsBoxLayoutState state(aPresContext);
-  if (aChildFrame) {
-    RemoveChildFrame(state, aChildFrame);
-  }
-
-  PresShell()->
-    FrameNeedsReflow(this, nsIPresShell::eTreeChange,
-                     NS_FRAME_HAS_DIRTY_CHILDREN);
-}
-
-void
-nsListBoxBodyFrame::GetListItemContentAt(int32_t aIndex, nsIContent** aContent)
-{
-  *aContent = nullptr;
-
-  int32_t itemsFound = 0;
-  FlattenedChildIterator iter(mContent);
-  for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-    if (child->IsXULElement(nsGkAtoms::listitem)) {
-      ++itemsFound;
-      if (itemsFound-1 == aIndex) {
-        *aContent = child;
-        NS_IF_ADDREF(*aContent);
-        return;
-      }
-    }
-  }
-}
-
-void
-nsListBoxBodyFrame::GetListItemNextSibling(nsIContent* aListItem, nsIContent** aContent, int32_t& aSiblingIndex)
-{
-  *aContent = nullptr;
-  aSiblingIndex = -1;
-  nsIContent *prevKid = nullptr;
-  FlattenedChildIterator iter(mContent);
-  for (nsIContent* child = iter.GetNextChild(); child; child = iter.GetNextChild()) {
-    if (child->IsXULElement(nsGkAtoms::listitem)) {
-      ++aSiblingIndex;
-      if (prevKid == aListItem) {
-        *aContent = child;
-        NS_IF_ADDREF(*aContent);
-        return;
-      }
-    }
-    prevKid = child;
-  }
-
-  aSiblingIndex = -1; // no match, so there is no next sibling
-}
-
-void
-nsListBoxBodyFrame::RemoveChildFrame(nsBoxLayoutState &aState,
-                                     nsIFrame         *aFrame)
-{
-  MOZ_ASSERT(mFrames.ContainsFrame(aFrame));
-  MOZ_ASSERT(aFrame != GetContentInsertionFrame());
-
-#ifdef ACCESSIBILITY
-  nsAccessibilityService* accService = nsIPresShell::AccService();
-  if (accService) {
-    nsIContent* content = aFrame->GetContent();
-    accService->ContentRemoved(PresShell(), content);
-  }
-#endif
-
-  mFrames.RemoveFrame(aFrame);
-  if (mLayoutManager)
-    mLayoutManager->ChildrenRemoved(this, aState, aFrame);
-  aFrame->Destroy();
-}
-
-// Creation Routines ///////////////////////////////////////////////////////////////////////
-
-already_AddRefed<nsBoxLayout> NS_NewListBoxLayout();
-
-nsIFrame*
-NS_NewListBoxBodyFrame(nsIPresShell* aPresShell, ComputedStyle* aStyle)
-{
-  nsCOMPtr<nsBoxLayout> layout = NS_NewListBoxLayout();
-  return new (aPresShell) nsListBoxBodyFrame(aStyle, layout);
-}
-
-NS_IMPL_FRAMEARENA_HELPERS(nsListBoxBodyFrame)
diff --git a/layout/xul/nsListBoxBodyFrame.h b/layout/xul/nsListBoxBodyFrame.h
deleted file mode 100644
index b9f183b6bbaf..000000000000
--- a/layout/xul/nsListBoxBodyFrame.h
+++ /dev/null
@@ -1,226 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef nsListBoxBodyFrame_h
-#define nsListBoxBodyFrame_h
-
-#include "mozilla/Attributes.h"
-#include "nsCOMPtr.h"
-#include "nsBoxFrame.h"
-#include "nsIScrollbarMediator.h"
-#include "nsIReflowCallback.h"
-#include "nsBoxLayoutState.h"
-#include "nsThreadUtils.h"
-#include "nsPIBoxObject.h"
-
-class nsPresContext;
-class nsListScrollSmoother;
-nsIFrame* NS_NewListBoxBodyFrame(nsIPresShell* aPresShell,
-                                 mozilla::ComputedStyle* aStyle);
-
-namespace mozilla {
-namespace dom {
-class Element;
-} // namespace dom
-} // namespace mozilla
-
-class nsListBoxBodyFrame final : public nsBoxFrame,
-                                 public nsIScrollbarMediator,
-                                 public nsIReflowCallback
-{
-  nsListBoxBodyFrame(ComputedStyle* aStyle,
-                     nsBoxLayout* aLayoutManager);
-  virtual ~nsListBoxBodyFrame();
-
-public:
-  NS_DECL_QUERYFRAME
-  NS_DECL_FRAMEARENA_HELPERS(nsListBoxBodyFrame)
-
-  // non-virtual ListBoxObject
-  int32_t GetNumberOfVisibleRows();
-  int32_t GetIndexOfFirstVisibleRow();
-  nsresult EnsureIndexIsVisible(int32_t aRowIndex);
-  nsresult ScrollToIndex(int32_t aRowIndex);
-  nsresult ScrollByLines(int32_t aNumLines);
-  nsresult GetItemAtIndex(int32_t aIndex, mozilla::dom::Element **aResult);
-  nsresult GetIndexOfItem(mozilla::dom::Element *aItem, int32_t *aResult);
-
-  friend nsIFrame* NS_NewListBoxBodyFrame(nsIPresShell* aPresShell,
-                                          ComputedStyle* aStyle);
-
-  // nsIFrame
-  virtual void Init(nsIContent*       aContent,
-                    nsContainerFrame* aParent,
-                    nsIFrame*         aPrevInFlow) override;
-  virtual void DestroyFrom(nsIFrame* aDestructRoot, PostDestroyData& aPostDestroyData) override;
-
-  virtual nsresult AttributeChanged(int32_t aNameSpaceID, nsAtom* aAttribute, int32_t aModType) override;
-
-  // nsIScrollbarMediator
-  virtual void ScrollByPage(nsScrollbarFrame* aScrollbar, int32_t aDirection,
-                            nsIScrollbarMediator::ScrollSnapMode snapMode
-                              = nsIScrollbarMediator::DISABLE_SNAP) override;
-  virtual void ScrollByWhole(nsScrollbarFrame* aScrollbar, int32_t aDirection,
-                             nsIScrollbarMediator::ScrollSnapMode snapMode
-                               = nsIScrollbarMediator::DISABLE_SNAP) override;
-  virtual void ScrollByLine(nsScrollbarFrame* aScrollbar, int32_t aDirection,
-                            nsIScrollbarMediator::ScrollSnapMode snapMode
-                              = nsIScrollbarMediator::DISABLE_SNAP) override;
-  virtual void RepeatButtonScroll(nsScrollbarFrame* aScrollbar) override;
-  virtual void ThumbMoved(nsScrollbarFrame* aScrollbar,
-                          int32_t aOldPos,
-                          int32_t aNewPos) override;
-  virtual void ScrollbarReleased(nsScrollbarFrame* aScrollbar) override {}
-  virtual void VisibilityChanged(bool aVisible) override;
-  virtual nsIFrame* GetScrollbarBox(bool aVertical) override;
-  virtual void ScrollbarActivityStarted() const override {}
-  virtual void ScrollbarActivityStopped() const override {}
-  virtual bool IsScrollbarOnRight() const override {
-    return (StyleVisibility()->mDirection == NS_STYLE_DIRECTION_LTR);
-  }
-  virtual bool ShouldSuppressScrollbarRepaints() const override {
-    return false;
-  }
-
-
-  // nsIReflowCallback
-  virtual bool ReflowFinished() override;
-  virtual void ReflowCallbackCanceled() override;
-
-  NS_IMETHOD DoXULLayout(nsBoxLayoutState& aBoxLayoutState) override;
-  virtual void MarkIntrinsicISizesDirty() override;
-
-  virtual nsSize GetXULMinSizeForScrollArea(nsBoxLayoutState& aBoxLayoutState) override;
-  virtual nsSize GetXULPrefSize(nsBoxLayoutState& aBoxLayoutState) override;
-
-  // size calculation
-  int32_t GetRowCount();
-  int32_t GetRowHeightAppUnits() { return mRowHeight; }
-  int32_t GetRowHeightPixels() const;
-  int32_t GetFixedRowSize();
-  void SetRowHeight(nscoord aRowHeight);
-  nscoord GetYPosition();
-  nscoord GetAvailableHeight();
-  nscoord ComputeIntrinsicISize(nsBoxLayoutState& aBoxLayoutState);
-
-  // scrolling
-  nsresult InternalPositionChangedCallback();
-  nsresult InternalPositionChanged(bool aUp, int32_t aDelta);
-  // Process pending position changed events, then do the position change.
-  // This can wipe out the frametree.
-  nsresult DoInternalPositionChangedSync(bool aUp, int32_t aDelta);
-  // Actually do the internal position change.  This can wipe out the frametree
-  nsresult DoInternalPositionChanged(bool aUp, int32_t aDelta);
-  nsListScrollSmoother* GetSmoother();
-  void VerticalScroll(int32_t aDelta);
-  // Update the scroll index given a position, in CSS pixels
-  void UpdateIndex(int32_t aNewPos);
-
-  // frames
-  nsIFrame* GetFirstFrame();
-  nsIFrame* GetLastFrame();
-
-  // lazy row creation and destruction
-  void CreateRows();
-  void DestroyRows(int32_t& aRowsToLose);
-  void ReverseDestroyRows(int32_t& aRowsToLose);
-  nsIFrame* GetFirstItemBox(int32_t aOffset, bool* aCreated);
-  nsIFrame* GetNextItemBox(nsIFrame* aBox, int32_t aOffset, bool* aCreated);
-  bool ContinueReflow(nscoord height);
-  NS_IMETHOD ListBoxAppendFrames(nsFrameList& aFrameList);
-  NS_IMETHOD ListBoxInsertFrames(nsIFrame* aPrevFrame, nsFrameList& aFrameList);
-  void OnContentInserted(nsIContent* aContent);
-  void OnContentRemoved(nsPresContext* aPresContext,  nsIContent* aContainer,
-                        nsIFrame* aChildFrame, nsIContent* aOldNextSibling);
-
-  void GetListItemContentAt(int32_t aIndex, nsIContent** aContent);
-  void GetListItemNextSibling(nsIContent* aListItem, nsIContent** aContent, int32_t& aSiblingIndex);
-
-  void PostReflowCallback();
-
-  bool SetBoxObject(nsPIBoxObject* aBoxObject)
-  {
-    NS_ENSURE_TRUE(!mBoxObject, false);
-    mBoxObject = aBoxObject;
-    return true;
-  }
-
-  virtual bool SupportsOrdinalsInChildren() override;
-
-  virtual bool ComputesOwnOverflowArea() override { return true; }
-
-protected:
-  class nsPositionChangedEvent;
-  friend class nsPositionChangedEvent;
-
-  class nsPositionChangedEvent : public mozilla::Runnable
-  {
-  public:
-    nsPositionChangedEvent(nsListBoxBodyFrame* aFrame, bool aUp, int32_t aDelta)
-      : mozilla::Runnable("nsListBoxBodyFrame::nsPositionChangedEvent")
-      , mFrame(aFrame)
-      , mUp(aUp)
-      , mDelta(aDelta)
-    {}
-
-    NS_IMETHOD Run() override
-    {
-      if (!mFrame) {
-        return NS_OK;
-      }
-
-      mFrame->mPendingPositionChangeEvents.RemoveElement(this);
-
-      return mFrame->DoInternalPositionChanged(mUp, mDelta);
-    }
-
-    void Revoke() {
-      mFrame = nullptr;
-    }
-
-    nsListBoxBodyFrame* mFrame;
-    bool mUp;
-    int32_t mDelta;
-  };
-
-  void ComputeTotalRowCount();
-  int32_t ToRowIndex(nscoord aPos) const;
-  void RemoveChildFrame(nsBoxLayoutState &aState, nsIFrame *aChild);
-
-  nsTArray< RefPtr<nsPositionChangedEvent> > mPendingPositionChangeEvents;
-  nsCOMPtr<nsPIBoxObject> mBoxObject;
-
-  // frame markers
-  WeakFrame mTopFrame;
-  nsIFrame* mBottomFrame;
-  nsIFrame* mLinkupFrame;
-
-  nsListScrollSmoother* mScrollSmoother;
-
-  int32_t mRowsToPrepend;
-
-  // row height
-  int32_t mRowCount;
-  nscoord mRowHeight;
-  nscoord mAvailableHeight;
-  nscoord mStringWidth;
-
-  // scrolling
-  int32_t mCurrentIndex; // Row-based
-  int32_t mOldIndex;
-  int32_t mYPosition;
-  int32_t mTimePerRow;
-
-  // row height
-  bool mRowHeightWasSet;
-  // scrolling
-  bool mScrolling;
-  bool mAdjustScroll;
-
-  bool mReflowCallbackPosted;
-};
-
-#endif // nsListBoxBodyFrame_h
diff --git a/layout/xul/nsListBoxLayout.cpp b/layout/xul/nsListBoxLayout.cpp
deleted file mode 100644
index 2050e4e834b9..000000000000
--- a/layout/xul/nsListBoxLayout.cpp
+++ /dev/null
@@ -1,213 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsListBoxLayout.h"
-
-#include "nsListBoxBodyFrame.h"
-#include "nsBox.h"
-#include "nsBoxLayoutState.h"
-#include "nsIScrollableFrame.h"
-#include "nsIReflowCallback.h"
-#include "mozilla/dom/NameSpaceConstants.h"
-#include "nsGkAtoms.h"
-#include "nsContentUtils.h"
-
-nsListBoxLayout::nsListBoxLayout() : nsGridRowGroupLayout()
-{
-}
-
-////////// nsBoxLayout //////////////
-
-nsSize
-nsListBoxLayout::GetXULPrefSize(nsIFrame* aBox, nsBoxLayoutState& aBoxLayoutState)
-{
-  nsSize pref = nsGridRowGroupLayout::GetXULPrefSize(aBox, aBoxLayoutState);
-
-  nsListBoxBodyFrame* frame = static_cast<nsListBoxBodyFrame*>(aBox);
-  if (frame) {
-    nscoord rowheight = frame->GetRowHeightAppUnits();
-    pref.height = frame->GetRowCount() * rowheight;
-    // Pad the height.
-    nscoord y = frame->GetAvailableHeight();
-    if (pref.height > y && y > 0 && rowheight > 0) {
-      nscoord m = (pref.height-y)%rowheight;
-      nscoord remainder = m == 0 ? 0 : rowheight - m;
-      pref.height += remainder;
-    }
-    if (nsContentUtils::HasNonEmptyAttr(frame->GetContent(), kNameSpaceID_None,
-                                        nsGkAtoms::sizemode)) {
-      nscoord width = frame->ComputeIntrinsicISize(aBoxLayoutState);
-      if (width > pref.width)
-        pref.width = width;
-    }
-  }
-  return pref;
-}
-
-nsSize
-nsListBoxLayout::GetXULMinSize(nsIFrame* aBox, nsBoxLayoutState& aBoxLayoutState)
-{
-  nsSize minSize = nsGridRowGroupLayout::GetXULMinSize(aBox, aBoxLayoutState);
-
-  nsListBoxBodyFrame* frame = static_cast<nsListBoxBodyFrame*>(aBox);
-  if (frame) {
-    nscoord rowheight = frame->GetRowHeightAppUnits();
-    minSize.height = frame->GetRowCount() * rowheight;
-    // Pad the height.
-    nscoord y = frame->GetAvailableHeight();
-    if (minSize.height > y && y > 0 && rowheight > 0) {
-      nscoord m = (minSize.height-y)%rowheight;
-      nscoord remainder = m == 0 ? 0 : rowheight - m;
-      minSize.height += remainder;
-    }
-    if (nsContentUtils::HasNonEmptyAttr(frame->GetContent(), kNameSpaceID_None,
-                                        nsGkAtoms::sizemode)) {
-      nscoord width = frame->ComputeIntrinsicISize(aBoxLayoutState);
-      if (width > minSize.width)
-        minSize.width = width;
-    }
-  }
-  return minSize;
-}
-
-nsSize
-nsListBoxLayout::GetXULMaxSize(nsIFrame* aBox, nsBoxLayoutState& aBoxLayoutState)
-{
-  nsSize maxSize = nsGridRowGroupLayout::GetXULMaxSize(aBox, aBoxLayoutState);
-
-  nsListBoxBodyFrame* frame = static_cast<nsListBoxBodyFrame*>(aBox);
-  if (frame) {
-    nscoord rowheight = frame->GetRowHeightAppUnits();
-    maxSize.height = frame->GetRowCount() * rowheight;
-    // Pad the height.
-    nscoord y = frame->GetAvailableHeight();
-    if (maxSize.height > y && y > 0 && rowheight > 0) {
-      nscoord m = (maxSize.height-y)%rowheight;
-      nscoord remainder = m == 0 ? 0 : rowheight - m;
-      maxSize.height += remainder;
-    }
-  }
-  return maxSize;
-}
-
-NS_IMETHODIMP
-nsListBoxLayout::XULLayout(nsIFrame* aBox, nsBoxLayoutState& aState)
-{
-  return LayoutInternal(aBox, aState);
-}
-
-
-/////////// nsListBoxLayout /////////////////////////
-
-/**
- * Called to layout our our children. Does no frame construction
- */
-NS_IMETHODIMP
-nsListBoxLayout::LayoutInternal(nsIFrame* aBox, nsBoxLayoutState& aState)
-{
-  int32_t redrawStart = -1;
-
-  // Get the start y position.
-  nsListBoxBodyFrame* body = static_cast<nsListBoxBodyFrame*>(aBox);
-  if (!body) {
-    NS_ERROR("Frame encountered that isn't a listboxbody!");
-    return NS_ERROR_FAILURE;
-  }
-
-  nsMargin margin;
-
-  // Get our client rect.
-  nsRect clientRect;
-  aBox->GetXULClientRect(clientRect);
-
-  // Get the starting y position and the remaining available
-  // height.
-  nscoord availableHeight = body->GetAvailableHeight();
-  nscoord yOffset = body->GetYPosition();
-
-  if (availableHeight <= 0) {
-    bool fixed = (body->GetFixedRowSize() != -1);
-    if (fixed)
-      availableHeight = 10;
-    else
-      return NS_OK;
-  }
-
-  // run through all our currently created children
-  nsIFrame* box = nsBox::GetChildXULBox(body);
-
-  // if the reason is resize or initial we must relayout.
-  nscoord rowHeight = body->GetRowHeightAppUnits();
-
-  while (box) {
-    // If this box is dirty or if it has dirty children, we
-    // call layout on it.
-    nsRect childRect(box->GetRect());
-    box->GetXULMargin(margin);
-
-    // relayout if we must or we are dirty or some of our children are dirty
-    //   or the client area is wider than us
-    // XXXldb There should probably be a resize check here too!
-    if (NS_SUBTREE_DIRTY(box) || childRect.width < clientRect.width) {
-      childRect.x = 0;
-      childRect.y = yOffset;
-      childRect.width = clientRect.width;
-
-      nsSize size = box->GetXULPrefSize(aState);
-      body->SetRowHeight(size.height);
-
-      childRect.height = rowHeight;
-
-      childRect.Deflate(margin);
-      box->SetXULBounds(aState, childRect);
-      box->XULLayout(aState);
-    } else {
-      // if the child did not need to be relayed out. Then its easy.
-      // Place the child by just grabbing its rect and adjusting the y.
-      int32_t newPos = yOffset+margin.top;
-
-      // are we pushing down or pulling up any rows?
-      // Then we may have to redraw everything below the moved
-      // rows.
-      if (redrawStart == -1 && childRect.y != newPos)
-        redrawStart = newPos;
-
-      childRect.y = newPos;
-      box->SetXULBounds(aState, childRect);
-    }
-
-    // Ok now the available size gets smaller and we move the
-    // starting position of the next child down some.
-    nscoord size = childRect.height + margin.top + margin.bottom;
-
-    yOffset += size;
-    availableHeight -= size;
-
-    box = nsBox::GetNextXULBox(box);
-  }
-
-  // We have enough available height left to add some more rows
-  // Since we can't do this during layout, we post a callback
-  // that will be processed after the reflow completes.
-  body->PostReflowCallback();
-
-  // if rows were pushed down or pulled up because some rows were added
-  // before them then redraw everything under the inserted rows. The inserted
-  // rows will automatically be redrawn because the were marked dirty on insertion.
-  if (redrawStart > -1) {
-    aBox->XULRedraw(aState);
-  }
-
-  return NS_OK;
-}
-
-// Creation Routines ///////////////////////////////////////////////////////////////////////
-
-already_AddRefed<nsBoxLayout> NS_NewListBoxLayout()
-{
-  RefPtr<nsBoxLayout> layout = new nsListBoxLayout();
-  return layout.forget();
-}
diff --git a/layout/xul/nsListBoxLayout.h b/layout/xul/nsListBoxLayout.h
deleted file mode 100644
index 2f53fd47e068..000000000000
--- a/layout/xul/nsListBoxLayout.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef nsListBoxLayout_h___
-#define nsListBoxLayout_h___
-
-#include "mozilla/Attributes.h"
-#include "nsGridRowGroupLayout.h"
-
-class nsIFrame;
-typedef class nsIFrame nsIFrame;
-class nsBoxLayoutState;
-
-class nsListBoxLayout final : public nsGridRowGroupLayout
-{
-public:
-  nsListBoxLayout();
-
-  // nsBoxLayout
-  NS_IMETHOD XULLayout(nsIFrame* aBox, nsBoxLayoutState& aState) override;
-  virtual nsSize GetXULPrefSize(nsIFrame* aBox, nsBoxLayoutState& aBoxLayoutState) override;
-  virtual nsSize GetXULMinSize(nsIFrame* aBox, nsBoxLayoutState& aBoxLayoutState) override;
-  virtual nsSize GetXULMaxSize(nsIFrame* aBox, nsBoxLayoutState& aBoxLayoutState) override;
-
-protected:
-  NS_IMETHOD LayoutInternal(nsIFrame* aBox, nsBoxLayoutState& aState);
-};
-
-#endif
-
diff --git a/layout/xul/nsListItemFrame.cpp b/layout/xul/nsListItemFrame.cpp
deleted file mode 100644
index c4bfa23f43e0..000000000000
--- a/layout/xul/nsListItemFrame.cpp
+++ /dev/null
@@ -1,72 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsListItemFrame.h"
-
-#include <algorithm>
-
-#include "nsCOMPtr.h"
-#include "nsNameSpaceManager.h"
-#include "nsGkAtoms.h"
-#include "nsDisplayList.h"
-#include "nsBoxLayout.h"
-#include "nsIContent.h"
-
-using namespace mozilla;
-
-nsListItemFrame::nsListItemFrame(ComputedStyle* aStyle,
-                                 bool aIsRoot,
-                                 nsBoxLayout* aLayoutManager)
-  : nsGridRowLeafFrame(aStyle, aIsRoot, aLayoutManager, kClassID)
-{
-}
-
-nsListItemFrame::~nsListItemFrame()
-{
-}
-
-nsSize
-nsListItemFrame::GetXULPrefSize(nsBoxLayoutState& aState)
-{
-  nsSize size = nsBoxFrame::GetXULPrefSize(aState);
-  DISPLAY_PREF_SIZE(this, size);
-
-  // guarantee that our preferred height doesn't exceed the standard
-  // listbox row height
-  size.height = std::max(mRect.height, size.height);
-  return size;
-}
-
-void
-nsListItemFrame::BuildDisplayListForChildren(nsDisplayListBuilder*   aBuilder,
-                                             const nsDisplayListSet& aLists)
-{
-  if (aBuilder->IsForEventDelivery()) {
-    if (!mContent->AsElement()->AttrValueIs(kNameSpaceID_None,
-                                            nsGkAtoms::allowevents,
-                                            nsGkAtoms::_true, eCaseMatters))
-      return;
-  }
-
-  nsGridRowLeafFrame::BuildDisplayListForChildren(aBuilder, aLists);
-}
-
-// Creation Routine ///////////////////////////////////////////////////////////////////////
-
-already_AddRefed<nsBoxLayout> NS_NewGridRowLeafLayout();
-
-nsIFrame*
-NS_NewListItemFrame(nsIPresShell* aPresShell, ComputedStyle* aStyle)
-{
-  nsCOMPtr<nsBoxLayout> layout = NS_NewGridRowLeafLayout();
-  if (!layout) {
-    return nullptr;
-  }
-
-  return new (aPresShell) nsListItemFrame(aStyle, false, layout);
-}
-
-NS_IMPL_FRAMEARENA_HELPERS(nsListItemFrame)
diff --git a/layout/xul/nsListItemFrame.h b/layout/xul/nsListItemFrame.h
deleted file mode 100644
index 036a608b9ec5..000000000000
--- a/layout/xul/nsListItemFrame.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "mozilla/Attributes.h"
-#include "nsGridRowLeafFrame.h"
-
-nsIFrame* NS_NewListItemFrame(nsIPresShell* aPresShell,
-                              mozilla::ComputedStyle* aStyle);
-
-class nsListItemFrame final : public nsGridRowLeafFrame
-{
-public:
-  NS_DECL_FRAMEARENA_HELPERS(nsListItemFrame)
-
-  friend nsIFrame* NS_NewListItemFrame(nsIPresShell* aPresShell,
-                                       ComputedStyle* aStyle);
-
-  // overridden so that children of listitems don't handle mouse events,
-  // unless allowevents="true" is specified on the listitem
-  virtual void BuildDisplayListForChildren(nsDisplayListBuilder*   aBuilder,
-                                           const nsDisplayListSet& aLists) override;
-
-  virtual nsSize GetXULPrefSize(nsBoxLayoutState& aState) override;
-
-protected:
-  explicit nsListItemFrame(ComputedStyle* aStyle,
-                           bool aIsRoot = false,
-                           nsBoxLayout* aLayoutManager = nullptr);
-  virtual ~nsListItemFrame();
-
-}; // class nsListItemFrame
diff --git a/layout/xul/nsPIListBoxObject.h b/layout/xul/nsPIListBoxObject.h
deleted file mode 100644
index 715279d6f300..000000000000
--- a/layout/xul/nsPIListBoxObject.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef nsPIListBoxObject_h__
-#define nsPIListBoxObject_h__
-
-class nsListBoxBodyFrame;
-
-// fa9549f7-ee09-48fc-89f7-30cceee21c15
-#define NS_PILISTBOXOBJECT_IID \
-{ 0xfa9549f7, 0xee09, 0x48fc, \
-  { 0x89, 0xf7, 0x30, 0xcc, 0xee, 0xe2, 0x1c, 0x15 } }
-
-#include "nsIListBoxObject.h"
-
-class nsPIListBoxObject : public nsIListBoxObject {
- public:
-  NS_DECLARE_STATIC_IID_ACCESSOR(NS_PILISTBOXOBJECT_IID)
-  /**
-   * Get the list box body.  This will search for it as needed.
-   * If aFlush is false we don't FlushType::Frames though.
-   */
-  virtual nsListBoxBodyFrame* GetListBoxBody(bool aFlush) = 0;
-};
-
-NS_DEFINE_STATIC_IID_ACCESSOR(nsPIListBoxObject, NS_PILISTBOXOBJECT_IID)
-
-#endif // nsPIListBoxObject_h__
diff --git a/layout/xul/nsPopupSetFrame.cpp b/layout/xul/nsPopupSetFrame.cpp
index 9602de7f35d7..4f9e8592746b 100644
--- a/layout/xul/nsPopupSetFrame.cpp
+++ b/layout/xul/nsPopupSetFrame.cpp
@@ -15,6 +15,8 @@
 #include "nsIPopupContainer.h"
 #include "nsMenuPopupFrame.h"
 
+typedef mozilla::ComputedStyle ComputedStyle;
+
 nsIFrame*
 NS_NewPopupSetFrame(nsIPresShell* aPresShell, ComputedStyle* aStyle)
 {
diff --git a/layout/xul/nsRootBoxFrame.cpp b/layout/xul/nsRootBoxFrame.cpp
index 30fc17c7ac5a..33e92651178c 100644
--- a/layout/xul/nsRootBoxFrame.cpp
+++ b/layout/xul/nsRootBoxFrame.cpp
@@ -9,6 +9,7 @@
 #include "nsGkAtoms.h"
 #include "nsIPresShell.h"
 #include "nsBoxFrame.h"
+#include "nsDisplayList.h"
 #include "nsStackLayout.h"
 #include "nsIPopupContainer.h"
 #include "nsIContent.h"
diff --git a/layout/xul/nsSliderFrame.cpp b/layout/xul/nsSliderFrame.cpp
index f0010b8ec5ee..d0af09ac7c68 100644
--- a/layout/xul/nsSliderFrame.cpp
+++ b/layout/xul/nsSliderFrame.cpp
@@ -54,6 +54,7 @@ using mozilla::layers::AsyncDragMetrics;
 using mozilla::layers::InputAPZContext;
 using mozilla::layers::ScrollDirection;
 using mozilla::layers::ScrollbarData;
+using mozilla::dom::Event;
 
 bool nsSliderFrame::gMiddlePref = false;
 int32_t nsSliderFrame::gSnapMultiplier;
diff --git a/layout/xul/nsXULPopupManager.h b/layout/xul/nsXULPopupManager.h
index 4f1e5ba3bbc2..d7c5a330d2b6 100644
--- a/layout/xul/nsXULPopupManager.h
+++ b/layout/xul/nsXULPopupManager.h
@@ -22,6 +22,7 @@
 #include "nsITimer.h"
 #include "nsIReflowCallback.h"
 #include "nsThreadUtils.h"
+#include "nsPresContext.h"
 #include "nsStyleConsts.h"
 #include "nsWidgetInitData.h"
 #include "mozilla/Attributes.h"
diff --git a/layout/xul/nsXULTooltipListener.cpp b/layout/xul/nsXULTooltipListener.cpp
index 0a04dcce631f..98dc96671320 100644
--- a/layout/xul/nsXULTooltipListener.cpp
+++ b/layout/xul/nsXULTooltipListener.cpp
@@ -24,6 +24,7 @@
 #include "nsIPopupContainer.h"
 #include "nsIBoxObject.h"
 #include "nsTreeColumns.h"
+#include "nsContentUtils.h"
 #include "mozilla/ErrorResult.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/LookAndFeel.h"
diff --git a/xpcom/ds/nsGkAtomList.h b/xpcom/ds/nsGkAtomList.h
index d6cd51db9d06..cd7dad34cc7f 100644
--- a/xpcom/ds/nsGkAtomList.h
+++ b/xpcom/ds/nsGkAtomList.h
@@ -550,12 +550,7 @@ GK_ATOM(line, "line")
 GK_ATOM(link, "link")
 //GK_ATOM(list, "list")  # "list" is present below
 GK_ATOM(listbox, "listbox")
-GK_ATOM(listboxbody, "listboxbody")
-GK_ATOM(listcell, "listcell")
-GK_ATOM(listcol, "listcol")
-GK_ATOM(listcols, "listcols")
 GK_ATOM(listener, "listener")
-GK_ATOM(listhead, "listhead")
 GK_ATOM(listheader, "listheader")
 GK_ATOM(listing, "listing")
 GK_ATOM(listitem, "listitem")

From ecc4a026dcdf81e07282ff351f747c72783c25bc Mon Sep 17 00:00:00 2001
From: "arthur.iakab" <aiakab@mozilla.com>
Date: Wed, 18 Jul 2018 19:48:21 +0300
Subject: [PATCH 11/14] Backed out 2 changesets (bug 1474722)For freqvently
 failing test verify on gfx/tests/reftest/1474722.html CLOSED TREE

Backed out changeset 53d0bbb455cb (bug 1474722)
Backed out changeset 315d75c42ef0 (bug 1474722)
---
 gfx/2d/Rect.h                      |  7 -------
 gfx/tests/reftest/1474722-ref.html | 17 -----------------
 gfx/tests/reftest/1474722.html     | 17 -----------------
 gfx/tests/reftest/reftest.list     |  1 -
 gfx/thebes/gfxBlur.cpp             | 21 +++++++++++++--------
 5 files changed, 13 insertions(+), 50 deletions(-)
 delete mode 100644 gfx/tests/reftest/1474722-ref.html
 delete mode 100644 gfx/tests/reftest/1474722.html

diff --git a/gfx/2d/Rect.h b/gfx/2d/Rect.h
index 89b98f78560f..b1f9a71a7be2 100644
--- a/gfx/2d/Rect.h
+++ b/gfx/2d/Rect.h
@@ -292,13 +292,6 @@ IntRectTyped<units> RoundedToInt(const RectTyped<units>& aRect)
                              int32_t(copy.Height()));
 }
 
-template<class units>
-bool RectIsInt32Safe(const RectTyped<units>& aRect) {
-  float min = (float)std::numeric_limits<std::int32_t>::min();
-  float max = (float)std::numeric_limits<std::int32_t>::max();
-  return aRect.x > min && aRect.y > min && aRect.XMost() < max && aRect.YMost() < max;
-}
-
 template<class units>
 IntRectTyped<units> RoundedIn(const RectTyped<units>& aRect)
 {
diff --git a/gfx/tests/reftest/1474722-ref.html b/gfx/tests/reftest/1474722-ref.html
deleted file mode 100644
index e0fadcf53f22..000000000000
--- a/gfx/tests/reftest/1474722-ref.html
+++ /dev/null
@@ -1,17 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <style>
-    .shadowed {
-      box-shadow: 0 0 35px rgba(0, 0, 0, .9);
-      border: 1px solid lightgray;
-      margin: 0 2em;
-      float: left;
-    }
-  </style>
-</head>
-<body style = "overflow:hidden">
-<div class="shadowed" style="height: 200vh"> long shadow </div>
-</body>
-</html>
diff --git a/gfx/tests/reftest/1474722.html b/gfx/tests/reftest/1474722.html
deleted file mode 100644
index 9920eee23841..000000000000
--- a/gfx/tests/reftest/1474722.html
+++ /dev/null
@@ -1,17 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <style>
-    .shadowed {
-      box-shadow: 0 0 35px rgba(0, 0, 0, .9);
-      border: 1px solid lightgray;
-      margin: 0 2em;
-      float: left;
-    }
-  </style>
-</head>
-<body style = "overflow:hidden">
-<div class="shadowed" style="height: 100000px"> long shadow </div>
-</body>
-</html>
diff --git a/gfx/tests/reftest/reftest.list b/gfx/tests/reftest/reftest.list
index 1c6e15f95b0e..b29dd3bfae44 100644
--- a/gfx/tests/reftest/reftest.list
+++ b/gfx/tests/reftest/reftest.list
@@ -13,6 +13,5 @@ fuzzy(100,30) == 1149923.html 1149923-ref.html # use fuzzy due to few distorted
 == 1435143.html 1435143-ref.html
 == 1444904.html 1444904-ref.html
 == 1451168.html 1451168-ref.html
-== 1474722.html 1474722-ref.html
 fuzzy(5-32,21908-26354) fuzzy-if(webrender,0-1,0-3) == 1463802.html 1463802-ref.html
 == 1461313.html 1461313-ref.html
diff --git a/gfx/thebes/gfxBlur.cpp b/gfx/thebes/gfxBlur.cpp
index 91ff23412efc..15ce9d7a9e3e 100644
--- a/gfx/thebes/gfxBlur.cpp
+++ b/gfx/thebes/gfxBlur.cpp
@@ -594,12 +594,6 @@ GetBlur(gfxContext* aDestinationCtx,
   if (useDestRect) {
     minSize = aRectSize;
   }
-
-  int32_t maxTextureSize = gfxPlatform::MaxTextureSize();
-  if (minSize.width > maxTextureSize || minSize.height > maxTextureSize) {
-    return nullptr;
-  }
-
   aOutMinSize = minSize;
 
   DrawTarget* destDT = aDestinationCtx->GetDrawTarget();
@@ -961,7 +955,13 @@ gfxAlphaBoxBlur::BlurRectangle(gfxContext* aDestinationCtx,
                                const gfxRect& aDirtyRect,
                                const gfxRect& aSkipRect)
 {
-  if (!RectIsInt32Safe(ToRect(aRect))) {
+  const double maxSize = (double)gfxPlatform::MaxTextureSize();
+  const double maxPos = (double)std::numeric_limits<std::int16_t>::max();
+  if (aRect.width > maxSize || aRect.height > maxSize ||
+      std::abs(aRect.x) > maxPos || std::abs(aRect.y) > maxPos) {
+    // The rectangle is huge, perhaps due to a very strong perspective or some other
+    // transform. We won't be able to blur something this big so give up now before
+    // overflowing or running into texture size limits later.
     return;
   }
 
@@ -1020,12 +1020,17 @@ gfxAlphaBoxBlur::BlurRectangle(gfxContext* aDestinationCtx,
   // so if there's a transform on destDrawTarget that is not pixel-aligned,
   // there will be seams between adjacent parts of the box-shadow. It's hard to
   // avoid those without the use of an intermediate surface.
-  // You might think that we could avoid those by just turning off AA, but there
+  // You might think that we could avoid those by just turning of AA, but there
   // is a problem with that: Box-shadow rendering needs to clip out the
   // element's border box, and we'd like that clip to have anti-aliasing -
   // especially if the element has rounded corners! So we can't do that unless
   // we have a way to say "Please anti-alias the clip, but don't antialias the
   // destination rect of the DrawSurface call".
+  // On OS X there is an additional problem with turning off AA: CoreGraphics
+  // will not just fill the pixels that have their pixel center inside the
+  // filled shape. Instead, it will fill all the pixels which are partially
+  // covered by the shape. So for pixels on the edge between two adjacent parts,
+  // all those pixels will be painted to by both parts, which looks very bad.
 
   destDrawTarget->PopClip();
 }

From 5c9acf58b608de613b756cb0433d830e571856c3 Mon Sep 17 00:00:00 2001
From: "Nicolas B. Pierron" <nicolas.b.pierron@gmail.com>
Date: Mon, 16 Jul 2018 18:13:51 +0000
Subject: [PATCH 12/14] Bug 1473289 - Work around page table fragmentation
 caused by mprotect / VirtualProtect using LifoAlloc r=tcampbell

---
 js/src/ds/LifoAlloc.cpp                       |   8 +
 .../consume-interpreter-stack-bug1473289.js   | 495 ++++++++++++++++++
 .../tests/basic/expr-decompiler-bug1475953.js |  36 ++
 3 files changed, 539 insertions(+)
 create mode 100644 js/src/jit-test/tests/basic/consume-interpreter-stack-bug1473289.js
 create mode 100644 js/src/jit-test/tests/basic/expr-decompiler-bug1475953.js

diff --git a/js/src/ds/LifoAlloc.cpp b/js/src/ds/LifoAlloc.cpp
index 0f9208f936e8..9a4780fe88b8 100644
--- a/js/src/ds/LifoAlloc.cpp
+++ b/js/src/ds/LifoAlloc.cpp
@@ -208,6 +208,14 @@ LifoAlloc::newChunkWithCapacity(size_t n)
     bool protect = false;
 #ifdef LIFO_CHUNK_PROTECT
     protect = protect_;
+    // In a few cases where we keep adding memory protection, we might OOM while
+    // doing a mprotect / VirtualProtect due to the consumption of space in the
+    // page table reserved by the system. This error appears as an OOM on Linux,
+    // as an Invalid parameters on Windows and as a crash on OS/X. This code caps
+    // the amount of memory protected in order to limit occurences of this issue.
+    const size_t MaxPeakSize = 32 * 1024 * 1024;
+    if (protect && MaxPeakSize <= this->peakSize_)
+        protect = false;
 #endif
 
     // Create a new BumpChunk, and allocate space for it.
diff --git a/js/src/jit-test/tests/basic/consume-interpreter-stack-bug1473289.js b/js/src/jit-test/tests/basic/consume-interpreter-stack-bug1473289.js
new file mode 100644
index 000000000000..0c96277a43fa
--- /dev/null
+++ b/js/src/jit-test/tests/basic/consume-interpreter-stack-bug1473289.js
@@ -0,0 +1,495 @@
+// |jit-test| allow-overrecursed
+
+(function f(x) {
+    f(x - 1);
+    Array.prototype.unshift.call(a1, s2, a1, t2, a0, p2, t2);
+    var r2;
+    var r3;
+    var r4;
+    var r5;
+    var r6;
+    var r7;
+    var r8;
+    var r9;
+    var r10;
+    var r11;
+    var r12;
+    var r13;
+    var r14;
+    var r15;
+    var r16;
+    var r17;
+    var r18;
+    var r19;
+    var r20;
+    var r21;
+    var r22;
+    var r23;
+    var r24;
+    var r25;
+    var r26;
+    var r27;
+    var r28;
+    var r29;
+    var r30;
+    var r31;
+    var r32;
+    var r33;
+    var r34;
+    var r35;
+    var r36;
+    var r37;
+    var r38;
+    var r39;
+    var r40;
+    var r41;
+    var r42;
+    var r43;
+    var r44;
+    var r45;
+    var r46;
+    var r47;
+    var r48;
+    var r49;
+    var r50;
+    var r51;
+    var r52;
+    var r53;
+    var r54;
+    var r55;
+    var r56;
+    var r57;
+    var r58;
+    var r59;
+    var r60;
+    var r61;
+    var r62;
+    var r63;
+    var r64;
+    var r65;
+    var r66;
+    var r67;
+    var r68;
+    var r69;
+    var r70;
+    var r71;
+    var r72;
+    var r73;
+    var r74;
+    var r75;
+    var r76;
+    var r77;
+    var r78;
+    var r79;
+    var r80;
+    var r81;
+    var r82;
+    var r83;
+    var r84;
+    var r85;
+    var r86;
+    var r87;
+    var r88;
+    var r89;
+    var r90;
+    var r91;
+    var r92;
+    var r93;
+    var r149;
+    var r150;
+    var r151;
+    var r152;
+    var r153;
+    var r154;
+    var r155;
+    var r156;
+    var r157;
+    var r158;
+    var r159;
+    var r160;
+    var r161;
+    var r162;
+    var r163;
+    var r164;
+    var r165;
+    var r166;
+    var r167;
+    var r168;
+    var r169;
+    var r170;
+    var r171;
+    var r172;
+    var r173;
+    var r174;
+    var r175;
+    var r176;
+    var r177;
+    var r178;
+    var r179;
+    var r180;
+    var r181;
+    var r182;
+    var r183;
+    var r184;
+    var r185;
+    var r186;
+    var r187;
+    var r188;
+    var r189;
+    var r190;
+    var r191;
+    var r192;
+    var r193;
+    var r194;
+    var r195;
+    var r196;
+    var r197;
+    var r198;
+    var r199;
+    var r200;
+    var r201;
+    var r202;
+    var r203;
+    var r204;
+    var r205;
+    var r206;
+    var r207;
+    var r208;
+    var r209;
+    var r210;
+    var r211;
+    var r212;
+    var r213;
+    var r214;
+    var r215;
+    var r216;
+    var r217;
+    var r218;
+    var r219;
+    var r220;
+    var r221;
+    var r222;
+    var r223;
+    var r224;
+    var r225;
+    var r226;
+    var r227;
+    var r228;
+    var r229;
+    var r230;
+    var r231;
+    var r232;
+    var r233;
+    var r234;
+    var r235;
+    var r236;
+    var r237;
+    var r238;
+    var r239;
+    var r240;
+    var r241;
+    var r242;
+    var r243;
+    var r244;
+    var r245;
+    var r246;
+    var r247;
+    var r248;
+    var r249;
+    var r250;
+    var r251;
+    var r252;
+    var r253;
+    var r254;
+    var r255;
+    var r256;
+    var r257;
+    var r258;
+    var r259;
+    var r260;
+    var r261;
+    var r262;
+    var r263;
+    var r264;
+    var r265;
+    var r266;
+    var r267;
+    var r268;
+    var r269;
+    var r270;
+    var r271;
+    var r272;
+    var r273;
+    var r274;
+    var r275;
+    var r276;
+    var r277;
+    var r278;
+    var r279;
+    var r280;
+    var r281;
+    var r282;
+    var r283;
+    var r284;
+    var r285;
+    var r286;
+    var r287;
+    var r288;
+    var r289;
+    var r290;
+    var r291;
+    var r292;
+    var r293;
+    var r294;
+    var r295;
+    var r296;
+    var r297;
+    var r298;
+    var r299;
+    var r300;
+    var r301;
+    var r302;
+    var r303;
+    var r304;
+    var r305;
+    var r306;
+    var r307;
+    var r308;
+    var r309;
+    var r310;
+    var r311;
+    var r312;
+    var r313;
+    var r314;
+    var r315;
+    var r316;
+    var r317;
+    var r318;
+    var r319;
+    var r320;
+    var r321;
+    var r322;
+    var r323;
+    var r324;
+    var r325;
+    var r326;
+    var r327;
+    var r328;
+    var r329;
+    var r330;
+    var r331;
+    var r332;
+    var r333;
+    var r334;
+    var r335;
+    var r336;
+    var r337;
+    var r338;
+    var r339;
+    var r340;
+    var r341;
+    var r342;
+    var r343;
+    var r344;
+    var r345;
+    var r346;
+    var r347;
+    var r348;
+    var r349;
+    var r350;
+    var r351;
+    var r352;
+    var r353;
+    var r354;
+    var r355;
+    var r356;
+    var r357;
+    var r358;
+    var r359;
+    var r360;
+    var r361;
+    var r362;
+    var r363;
+    var r364;
+    var r365;
+    var r366;
+    var r367;
+    var r368;
+    var r369;
+    var r370;
+    var r371;
+    var r372;
+    var r373;
+    var r374;
+    var r375;
+    var r376;
+    var r377;
+    var r378;
+    var r379;
+    var r380;
+    var r381;
+    var r382;
+    var r383;
+    var r384;
+    var r385;
+    var r386;
+    var r387;
+    var r388;
+    var r389;
+    var r390;
+    var r391;
+    var r392;
+    var r393;
+    var r394;
+    var r395;
+    var r396;
+    var r397;
+    var r398;
+    var r399;
+    var r400;
+    var r401;
+    var r402;
+    var r403;
+    var r404;
+    var r405;
+    var r406;
+    var r407;
+    var r408;
+    var r409;
+    var r410;
+    var r411;
+    var r412;
+    var r413;
+    var r414;
+    var r415;
+    var r416;
+    var r417;
+    var r418;
+    var r419;
+    var r420;
+    var r421;
+    var r422;
+    var r423;
+    var r424;
+    var r425;
+    var r426;
+    var r427;
+    var r428;
+    var r429;
+    var r430;
+    var r431;
+    var r432;
+    var r433;
+    var r434;
+    var r435;
+    var r436;
+    var r437;
+    var r438;
+    var r439;
+    var r440;
+    var r441;
+    var r442;
+    var r443;
+    var r444;
+    var r445;
+    var r446;
+    var r447;
+    var r448;
+    var r449;
+    var r450;
+    var r451;
+    var r452;
+    var r453;
+    var r454;
+    var r455;
+    var r456;
+    var r457;
+    var r458;
+    var r459;
+    var r460;
+    var r461;
+    var r462;
+    var r463;
+    var r464;
+    var r465;
+    var r466;
+    var r467;
+    var r468;
+    var r469;
+    var r470;
+    var r471;
+    var r472;
+    var r473;
+    var r474;
+    var r475;
+    var r476;
+    var r477;
+    var r478;
+    var r479;
+    var r480;
+    var r481;
+    var r482;
+    var r483;
+    var r484;
+    var r485;
+    var r486;
+    var r487;
+    var r488;
+    var r489;
+    var r490;
+    var r491;
+    var r492;
+    var r493;
+    var r494;
+    var r495;
+    var r496;
+    var r497;
+    var r498;
+    var r499;
+    var r500;
+    var r501;
+    var r502;
+    var r503;
+    var r504;
+    var r505;
+    var r506;
+    var r507;
+    var r508;
+    var r509;
+    var r510;
+    var r511;
+    var r512;
+    var r513;
+    var r514;
+    var r515;
+    var r516;
+    var r517;
+    var r518;
+    var r519;
+    var r520;
+    var r521;
+    var r522;
+    var r523;
+    var r524;
+    var r525;
+    var r526;
+    var r527;
+    var r528;
+    var r529;
+    var r530;
+    var r531;
+    var r532;
+    var r533;
+    var r534;
+    var r535;
+    var r536;
+    var r537;
+    var r538;
+    var r539;
+    var r540;
+    var r541;
+    var r542;
+    var r543;
+    var r544;
+    var r545;
+})(32769);
diff --git a/js/src/jit-test/tests/basic/expr-decompiler-bug1475953.js b/js/src/jit-test/tests/basic/expr-decompiler-bug1475953.js
new file mode 100644
index 000000000000..5cd4cd0844fc
--- /dev/null
+++ b/js/src/jit-test/tests/basic/expr-decompiler-bug1475953.js
@@ -0,0 +1,36 @@
+Object.defineProperty(this, "fuzzutils", { value:{} });
+setModuleResolveHook(function(module, specifier) {});
+try { evaluate(`
+  var f = 396684;
+  var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
+  var result = new Function(src)();
+`);
+} catch (exc) {}
+try {
+  evalInWorker(`
+    function lfEvalInCache(lfCode, lfIncremental = false, lfRunOnce = false) {
+      ctx = Object.create(ctx, {});
+    }
+    try { evaluate(\`
+      var f = 396684;
+      var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
+      var result = new Function(src)();
+      \`); } catch(exc) {}
+  `);
+  evalInWorker(`
+    Object.defineProperty(this, "fuzzutils", { value:{} });
+    try { evaluate(\`
+    var f = 396684;
+    var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
+    var result = new Function(src)();
+    \`); } catch(exc) {}
+  `);
+} catch (exc) {}
+try { evalInWorker(`
+  try { evaluate(\`
+    var f = 396684;
+    var src = "return f(" +Array(10*1000).join("0,")+"Math.atan2());";
+    var result = new Function(src)();
+  \`); } catch(exc) {}
+`);
+} catch (exc) {}

From 41f7f579b76aaec04985dc20000cae03824a901d Mon Sep 17 00:00:00 2001
From: Ryan Hunt <rhunt@eqrion.net>
Date: Tue, 26 Jun 2018 17:12:56 -0500
Subject: [PATCH 13/14] Bug 1471639 - Move edge padding to the paint thread.
 r=nical

This commit ports over the last remaining operation for tiling that doesn't work
on the paint thread.

The difficult part for edge padding is that it is done outside of ValidateTile
so it doesn't have an associated CapturedTilePaintState to be added to as an
operation. We need it to be in the same paint state so that it's guaranteed
to be run after painting has finished.

This commit changes edge padding to instead be decided inside of ValidateTile
and either sent to the paint thread if there is OMTP or executed right away.

MozReview-Commit-ID: JDD4rH1fVwW

--HG--
extra : source : 9b0a54842d3169960a606fa1dd335acf6aa70dbe
extra : intermediate-source : bcbab66c16c5cc2b917f12b4481bbbb8fe3eb097
---
 gfx/layers/BufferEdgePad.cpp                  |  93 +++++++++
 gfx/layers/BufferEdgePad.h                    |  21 ++
 gfx/layers/PaintThread.cpp                    |  51 +++--
 gfx/layers/PaintThread.h                      |  18 ++
 gfx/layers/SourceSurfaceSharedData.cpp        |   2 +
 gfx/layers/client/MultiTiledContentClient.cpp | 187 +++++-------------
 gfx/layers/moz.build                          |   2 +
 7 files changed, 223 insertions(+), 151 deletions(-)
 create mode 100644 gfx/layers/BufferEdgePad.cpp
 create mode 100644 gfx/layers/BufferEdgePad.h

diff --git a/gfx/layers/BufferEdgePad.cpp b/gfx/layers/BufferEdgePad.cpp
new file mode 100644
index 000000000000..ad3600262b1f
--- /dev/null
+++ b/gfx/layers/BufferEdgePad.cpp
@@ -0,0 +1,93 @@
+#include "BufferEdgePad.h"
+
+#include "mozilla/gfx/Point.h" // for IntSize
+#include "mozilla/gfx/Types.h" // for SurfaceFormat
+
+namespace mozilla {
+namespace layers {
+
+using namespace gfx;
+
+void
+PadDrawTargetOutFromRegion(RefPtr<DrawTarget> aDrawTarget, nsIntRegion &aRegion)
+{
+  struct LockedBits {
+    uint8_t *data;
+    IntSize size;
+    int32_t stride;
+    SurfaceFormat format;
+    static int clamp(int x, int min, int max)
+    {
+      if (x < min)
+        x = min;
+      if (x > max)
+        x = max;
+      return x;
+    }
+
+    static void ensure_memcpy(uint8_t *dst, uint8_t *src, size_t n, uint8_t *bitmap, int stride, int height)
+    {
+        if (src + n > bitmap + stride*height) {
+            MOZ_CRASH("GFX: long src memcpy");
+        }
+        if (src < bitmap) {
+            MOZ_CRASH("GFX: short src memcpy");
+        }
+        if (dst + n > bitmap + stride*height) {
+            MOZ_CRASH("GFX: long dst mempcy");
+        }
+        if (dst < bitmap) {
+            MOZ_CRASH("GFX: short dst mempcy");
+        }
+    }
+
+    static void visitor(void *closure, VisitSide side, int x1, int y1, int x2, int y2) {
+      LockedBits *lb = static_cast<LockedBits*>(closure);
+      uint8_t *bitmap = lb->data;
+      const int bpp = gfx::BytesPerPixel(lb->format);
+      const int stride = lb->stride;
+      const int width = lb->size.width;
+      const int height = lb->size.height;
+
+      if (side == VisitSide::TOP) {
+        if (y1 > 0) {
+          x1 = clamp(x1, 0, width - 1);
+          x2 = clamp(x2, 0, width - 1);
+          ensure_memcpy(&bitmap[x1*bpp + (y1-1) * stride], &bitmap[x1*bpp + y1 * stride], (x2 - x1) * bpp, bitmap, stride, height);
+          memcpy(&bitmap[x1*bpp + (y1-1) * stride], &bitmap[x1*bpp + y1 * stride], (x2 - x1) * bpp);
+        }
+      } else if (side == VisitSide::BOTTOM) {
+        if (y1 < height) {
+          x1 = clamp(x1, 0, width - 1);
+          x2 = clamp(x2, 0, width - 1);
+          ensure_memcpy(&bitmap[x1*bpp + y1 * stride], &bitmap[x1*bpp + (y1-1) * stride], (x2 - x1) * bpp, bitmap, stride, height);
+          memcpy(&bitmap[x1*bpp + y1 * stride], &bitmap[x1*bpp + (y1-1) * stride], (x2 - x1) * bpp);
+        }
+      } else if (side == VisitSide::LEFT) {
+        if (x1 > 0) {
+          while (y1 != y2) {
+            memcpy(&bitmap[(x1-1)*bpp + y1 * stride], &bitmap[x1*bpp + y1*stride], bpp);
+            y1++;
+          }
+        }
+      } else if (side == VisitSide::RIGHT) {
+        if (x1 < width) {
+          while (y1 != y2) {
+            memcpy(&bitmap[x1*bpp + y1 * stride], &bitmap[(x1-1)*bpp + y1*stride], bpp);
+            y1++;
+          }
+        }
+      }
+
+    }
+  } lb;
+
+  if (aDrawTarget->LockBits(&lb.data, &lb.size, &lb.stride, &lb.format)) {
+    // we can only pad software targets so if we can't lock the bits don't pad
+    aRegion.VisitEdges(lb.visitor, &lb);
+    aDrawTarget->ReleaseBits(lb.data);
+  }
+}
+
+} // namespace layers
+} // namespace mozilla
diff --git a/gfx/layers/BufferEdgePad.h b/gfx/layers/BufferEdgePad.h
new file mode 100644
index 000000000000..05b6e0526215
--- /dev/null
+++ b/gfx/layers/BufferEdgePad.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef MOZILLA_LAYERS_BUFFER_EDGE_PAD_H
+#define MOZILLA_LAYERS_BUFFER_EDGE_PAD_H
+
+#include "mozilla/gfx/2D.h"
+#include "nsRegion.h"
+
+namespace mozilla {
+namespace layers {
+
+void PadDrawTargetOutFromRegion(RefPtr<gfx::DrawTarget> aDrawTarget, nsIntRegion &aRegion);
+
+} // namespace layers
+} // namespace mozilla
+
+#endif // MOZILLA_LAYERS_BUFFER_EDGE_PAD_H
diff --git a/gfx/layers/PaintThread.cpp b/gfx/layers/PaintThread.cpp
index 27026afe693d..ef268f47651b 100644
--- a/gfx/layers/PaintThread.cpp
+++ b/gfx/layers/PaintThread.cpp
@@ -12,6 +12,7 @@
 #include "gfxPlatform.h"
 #include "gfxPrefs.h"
 #include "GeckoProfiler.h"
+#include "mozilla/layers/BufferEdgePad.h"
 #include "mozilla/layers/CompositorBridgeChild.h"
 #include "mozilla/layers/ShadowLayers.h"
 #include "mozilla/layers/SyncObject.h"
@@ -101,6 +102,39 @@ CapturedTiledPaintState::Clear::ClearBuffer()
   mTarget->SetTransform(oldTransform);
 }
 
+void
+CapturedTiledPaintState::EdgePad::EdgePadBuffer()
+{
+  PadDrawTargetOutFromRegion(mTarget, mValidRegion);
+}
+
+void
+CapturedTiledPaintState::PrePaint()
+{
+  for (auto& copy : mCopies) {
+    copy.CopyBuffer();
+  }
+
+  for (auto& clear : mClears) {
+    clear.ClearBuffer();
+  }
+}
+
+void
+CapturedTiledPaintState::Paint()
+{
+  mTarget->DrawCapturedDT(mCapture, Matrix());
+  mTarget->Flush();
+}
+
+void
+CapturedTiledPaintState::PostPaint()
+{
+  if (mEdgePad) {
+    mEdgePad->EdgePadBuffer();
+  }
+}
+
 StaticAutoPtr<PaintThread> PaintThread::sSingleton;
 StaticRefPtr<nsIThread> PaintThread::sThread;
 PlatformThreadId PaintThread::sThreadId;
@@ -419,20 +453,9 @@ PaintThread::AsyncPaintTiledContents(CompositorBridgeChild* aBridge,
   MOZ_ASSERT(IsOnPaintWorkerThread());
   MOZ_ASSERT(aState);
 
-  for (auto& copy : aState->mCopies) {
-    copy.CopyBuffer();
-  }
-
-  for (auto& clear : aState->mClears) {
-    clear.ClearBuffer();
-  }
-
-  DrawTarget* target = aState->mTarget;
-  DrawTargetCapture* capture = aState->mCapture;
-
-  // Draw all the things into the actual dest target.
-  target->DrawCapturedDT(capture, Matrix());
-  target->Flush();
+  aState->PrePaint();
+  aState->Paint();
+  aState->PostPaint();
 
   if (gfxPrefs::LayersOMTPReleaseCaptureOnMainThread()) {
     // This should ensure the capture drawtarget, which may hold on to UnscaledFont objects,
diff --git a/gfx/layers/PaintThread.h b/gfx/layers/PaintThread.h
index cd6af44d2445..74dda7b41291 100644
--- a/gfx/layers/PaintThread.h
+++ b/gfx/layers/PaintThread.h
@@ -223,6 +223,19 @@ public:
     nsIntRegion mDirtyRegion;
   };
 
+  struct EdgePad {
+    EdgePad(RefPtr<gfx::DrawTarget> aTarget,
+            nsIntRegion&& aValidRegion)
+      : mTarget(aTarget)
+      , mValidRegion(aValidRegion)
+    {}
+
+    void EdgePadBuffer();
+
+    RefPtr<gfx::DrawTarget> mTarget;
+    nsIntRegion mValidRegion;
+  };
+
   CapturedTiledPaintState()
   {}
   CapturedTiledPaintState(gfx::DrawTarget* aTarget,
@@ -244,10 +257,15 @@ public:
     mClients.clear();
   }
 
+  void PrePaint();
+  void Paint();
+  void PostPaint();
+
   RefPtr<gfx::DrawTarget> mTarget;
   RefPtr<gfx::DrawTargetCapture> mCapture;
   std::vector<Copy> mCopies;
   std::vector<Clear> mClears;
+  Maybe<EdgePad> mEdgePad;
 
   std::vector<RefPtr<TextureClient>> mClients;
 
diff --git a/gfx/layers/SourceSurfaceSharedData.cpp b/gfx/layers/SourceSurfaceSharedData.cpp
index 02f945f7b176..cd8304b785eb 100644
--- a/gfx/layers/SourceSurfaceSharedData.cpp
+++ b/gfx/layers/SourceSurfaceSharedData.cpp
@@ -10,6 +10,8 @@
 #include "mozilla/Types.h" // for decltype
 #include "mozilla/layers/SharedSurfacesChild.h"
 
+#include "base/process_util.h"
+
 #ifdef DEBUG
 /**
  * If defined, this makes SourceSurfaceSharedData::Finalize memory protect the
diff --git a/gfx/layers/client/MultiTiledContentClient.cpp b/gfx/layers/client/MultiTiledContentClient.cpp
index 5d0ee320efb8..36ceed2a484d 100644
--- a/gfx/layers/client/MultiTiledContentClient.cpp
+++ b/gfx/layers/client/MultiTiledContentClient.cpp
@@ -8,6 +8,7 @@
 
 #include "ClientTiledPaintedLayer.h"
 #include "mozilla/layers/LayerMetricsWrapper.h"
+#include "mozilla/layers/BufferEdgePad.h"
 
 namespace mozilla {
 
@@ -139,86 +140,6 @@ ClientMultiTiledLayerBuffer::PaintThebes(const nsIntRegion& aNewValidRegion,
   mCallbackData = nullptr;
 }
 
-void PadDrawTargetOutFromRegion(RefPtr<DrawTarget> drawTarget, nsIntRegion &region)
-{
-  struct LockedBits {
-    uint8_t *data;
-    IntSize size;
-    int32_t stride;
-    SurfaceFormat format;
-    static int clamp(int x, int min, int max)
-    {
-      if (x < min)
-        x = min;
-      if (x > max)
-        x = max;
-      return x;
-    }
-
-    static void ensure_memcpy(uint8_t *dst, uint8_t *src, size_t n, uint8_t *bitmap, int stride, int height)
-    {
-        if (src + n > bitmap + stride*height) {
-            MOZ_CRASH("GFX: long src memcpy");
-        }
-        if (src < bitmap) {
-            MOZ_CRASH("GFX: short src memcpy");
-        }
-        if (dst + n > bitmap + stride*height) {
-            MOZ_CRASH("GFX: long dst mempcy");
-        }
-        if (dst < bitmap) {
-            MOZ_CRASH("GFX: short dst mempcy");
-        }
-    }
-
-    static void visitor(void *closure, VisitSide side, int x1, int y1, int x2, int y2) {
-      LockedBits *lb = static_cast<LockedBits*>(closure);
-      uint8_t *bitmap = lb->data;
-      const int bpp = gfx::BytesPerPixel(lb->format);
-      const int stride = lb->stride;
-      const int width = lb->size.width;
-      const int height = lb->size.height;
-
-      if (side == VisitSide::TOP) {
-        if (y1 > 0) {
-          x1 = clamp(x1, 0, width - 1);
-          x2 = clamp(x2, 0, width - 1);
-          ensure_memcpy(&bitmap[x1*bpp + (y1-1) * stride], &bitmap[x1*bpp + y1 * stride], (x2 - x1) * bpp, bitmap, stride, height);
-          memcpy(&bitmap[x1*bpp + (y1-1) * stride], &bitmap[x1*bpp + y1 * stride], (x2 - x1) * bpp);
-        }
-      } else if (side == VisitSide::BOTTOM) {
-        if (y1 < height) {
-          x1 = clamp(x1, 0, width - 1);
-          x2 = clamp(x2, 0, width - 1);
-          ensure_memcpy(&bitmap[x1*bpp + y1 * stride], &bitmap[x1*bpp + (y1-1) * stride], (x2 - x1) * bpp, bitmap, stride, height);
-          memcpy(&bitmap[x1*bpp + y1 * stride], &bitmap[x1*bpp + (y1-1) * stride], (x2 - x1) * bpp);
-        }
-      } else if (side == VisitSide::LEFT) {
-        if (x1 > 0) {
-          while (y1 != y2) {
-            memcpy(&bitmap[(x1-1)*bpp + y1 * stride], &bitmap[x1*bpp + y1*stride], bpp);
-            y1++;
-          }
-        }
-      } else if (side == VisitSide::RIGHT) {
-        if (x1 < width) {
-          while (y1 != y2) {
-            memcpy(&bitmap[x1*bpp + y1 * stride], &bitmap[(x1-1)*bpp + y1*stride], bpp);
-            y1++;
-          }
-        }
-      }
-
-    }
-  } lb;
-
-  if (drawTarget->LockBits(&lb.data, &lb.size, &lb.stride, &lb.format)) {
-    // we can only pad software targets so if we can't lock the bits don't pad
-    region.VisitEdges(lb.visitor, &lb);
-    drawTarget->ReleaseBits(lb.data);
-  }
-}
-
 void ClientMultiTiledLayerBuffer::Update(const nsIntRegion& newValidRegion,
                                          const nsIntRegion& aPaintRegion,
                                          const nsIntRegion& aDirtyRegion,
@@ -284,6 +205,13 @@ void ClientMultiTiledLayerBuffer::Update(const nsIntRegion& newValidRegion,
     }
 
     if (!mPaintTiles.empty()) {
+      // Perform buffer copies and clears if we don't have the paint thread
+      if (!(aFlags & TilePaintFlags::Async)) {
+        for (const auto& state : mPaintStates) {
+          state->PrePaint();
+        }
+      }
+
       // Create a tiled draw target
       gfx::TileSet tileset;
       for (size_t i = 0; i < mPaintTiles.size(); ++i) {
@@ -308,16 +236,18 @@ void ClientMultiTiledLayerBuffer::Update(const nsIntRegion& newValidRegion,
                 DrawRegionClip::DRAW, nsIntRegion(), mCallbackData);
       ctx = nullptr;
 
+      // Dispatch to the paint thread or do any work left over
       if (aFlags & TilePaintFlags::Async) {
         for (const auto& state : mPaintStates) {
           PaintThread::Get()->PaintTiledContents(state);
         }
         mManager->SetQueuedAsyncPaints();
-        MOZ_ASSERT(mPaintStates.size() > 0);
-        mPaintStates.clear();
       } else {
-        MOZ_ASSERT(mPaintStates.size() == 0);
+        for (const auto& state : mPaintStates) {
+          state->PostPaint();
+        }
       }
+      mPaintStates.clear();
 
       // Reset
       mPaintTiles.clear();
@@ -325,38 +255,8 @@ void ClientMultiTiledLayerBuffer::Update(const nsIntRegion& newValidRegion,
                                std::numeric_limits<int32_t>::max());
     }
 
-    bool edgePaddingEnabled = gfxPrefs::TileEdgePaddingEnabled();
     for (uint32_t i = 0; i < mRetainedTiles.Length(); ++i) {
       TileClient& tile = mRetainedTiles[i];
-
-      // Only worry about padding when not doing low-res because it simplifies
-      // the math and the artifacts won't be noticable
-      // Edge padding prevents sampling artifacts when compositing.
-      if (edgePaddingEnabled && mResolution == 1 &&
-          tile.mFrontBuffer && tile.mFrontBuffer->IsLocked()) {
-
-        const TileCoordIntPoint tileCoord = newTiles.TileCoord(i);
-        IntPoint tileOffset = GetTileOffset(tileCoord);
-        // Strictly speakig we want the unscaled rect here, but it doesn't matter
-        // because we only run this code when the resolution is equal to 1.
-        IntRect tileRect = IntRect(tileOffset.x, tileOffset.y,
-                                   GetTileSize().width, GetTileSize().height);
-
-        nsIntRegion tileDrawRegion = IntRect(tileOffset, scaledTileSize);
-        tileDrawRegion.AndWith(paintRegion);
-
-        nsIntRegion tileValidRegion = mValidRegion;
-        tileValidRegion.OrWith(tileDrawRegion);
-
-        // We only need to pad out if the tile has area that's not valid
-        if (!tileValidRegion.Contains(tileRect)) {
-          tileValidRegion = tileValidRegion.Intersect(tileRect);
-          // translate the region into tile space and pad
-          tileValidRegion.MoveBy(-IntPoint(tileOffset.x, tileOffset.y));
-          RefPtr<DrawTarget> drawTarget = tile.mFrontBuffer->BorrowDrawTarget();
-          PadDrawTargetOutFromRegion(drawTarget, tileValidRegion);
-        }
-      }
       UnlockTile(tile);
     }
   }
@@ -461,51 +361,64 @@ ClientMultiTiledLayerBuffer::ValidateTile(TileClient& aTile,
     drawTarget = dt;
   }
 
+  // Create the paint operation that will be either dispatched to the paint
+  // thread, or executed synchronously
+  RefPtr<CapturedTiledPaintState> paintState = new CapturedTiledPaintState();
+
+  paintState->mCopies = std::move(asyncPaintCopies);
+
   // We need to clear the dirty region of the tile before painting
   // if we are painting non-opaque content
-  Maybe<CapturedTiledPaintState::Clear> clear = Nothing();
   if (mode != SurfaceMode::SURFACE_OPAQUE) {
-    clear = Some(CapturedTiledPaintState::Clear{
+    auto clear = CapturedTiledPaintState::Clear{
       dt,
       dtOnWhite,
       tileDirtyRegion
-    });
+    };
+    paintState->mClears.push_back(clear);
+  }
+
+  // Only worry about padding when not doing low-res because it simplifies
+  // the math and the artifacts won't be noticable
+  // Edge padding prevents sampling artifacts when compositing.
+  if (gfxPrefs::TileEdgePaddingEnabled() && mResolution == 1) {
+    IntRect tileRect = IntRect(0, 0,
+                               GetScaledTileSize().width,
+                               GetScaledTileSize().height);
+
+    // We only need to pad out if the tile has area that's not valid
+    if (!tileVisibleRegion.Contains(tileRect)) {
+      tileVisibleRegion = tileVisibleRegion.Intersect(tileRect);
+
+      paintState->mEdgePad = Some(CapturedTiledPaintState::EdgePad{
+        drawTarget,
+        std::move(tileVisibleRegion),
+      });
+    }
+  }
+
+  paintState->mClients = std::move(asyncPaintClients);
+  paintState->mClients.push_back(backBuffer);
+  if (backBufferOnWhite) {
+    paintState->mClients.push_back(backBufferOnWhite);
   }
 
-  // Queue or execute the paint operation
   gfx::Tile paintTile;
   paintTile.mTileOrigin = gfx::IntPoint(aTileOrigin.x, aTileOrigin.y);
 
   if (aFlags & TilePaintFlags::Async) {
-    RefPtr<CapturedTiledPaintState> asyncPaint = new CapturedTiledPaintState();
-
     RefPtr<DrawTargetCapture> captureDT =
       Factory::CreateCaptureDrawTarget(drawTarget->GetBackendType(),
                                        drawTarget->GetSize(),
                                        drawTarget->GetFormat());
     paintTile.mDrawTarget = captureDT;
-    asyncPaint->mTarget = drawTarget;
-    asyncPaint->mCapture = captureDT;
-
-    asyncPaint->mCopies = std::move(asyncPaintCopies);
-    if (clear) {
-      asyncPaint->mClears.push_back(*clear);
-    }
-
-    asyncPaint->mClients = std::move(asyncPaintClients);
-    asyncPaint->mClients.push_back(backBuffer);
-    if (backBufferOnWhite) {
-      asyncPaint->mClients.push_back(backBufferOnWhite);
-    }
-
-    mPaintStates.push_back(asyncPaint);
+    paintState->mTarget = drawTarget;
+    paintState->mCapture = captureDT;
   } else {
     paintTile.mDrawTarget = drawTarget;
-    if (clear) {
-      clear->ClearBuffer();
-    }
   }
 
+  mPaintStates.push_back(paintState);
   mPaintTiles.push_back(paintTile);
 
   mTilingOrigin.x = std::min(mTilingOrigin.x, paintTile.mTileOrigin.x);
diff --git a/gfx/layers/moz.build b/gfx/layers/moz.build
index 225d0cf5561b..6f6075345198 100755
--- a/gfx/layers/moz.build
+++ b/gfx/layers/moz.build
@@ -125,6 +125,7 @@ EXPORTS.mozilla.layers += [
     'basic/MacIOSurfaceTextureHostBasic.h',
     'basic/TextureHostBasic.h',
     'BSPTree.h',
+    'BufferEdgePad.h',
     'BufferTexture.h',
     'CanvasRenderer.h',
     'client/CanvasClient.h',
@@ -350,6 +351,7 @@ UNIFIED_SOURCES += [
     'basic/BasicPaintedLayer.cpp',
     'basic/TextureHostBasic.cpp',
     'BSPTree.cpp',
+    'BufferEdgePad.cpp',
     'BufferTexture.cpp',
     'BufferUnrotate.cpp',
     'CanvasRenderer.cpp',

From c7eb70ba65a9172da1d3d251706c6cf80438cb2c Mon Sep 17 00:00:00 2001
From: Ryan Hunt <rhunt@eqrion.net>
Date: Mon, 16 Jul 2018 15:01:26 -0500
Subject: [PATCH 14/14] Bug 1471639 - Allow OMTP with edge-padding. r=nical

MozReview-Commit-ID: JUNk79jLQcj

--HG--
extra : source : a6aacf58c4a6dc5621c3faa0387f775d699aa6f1
---
 gfx/thebes/gfxPlatform.cpp | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/gfx/thebes/gfxPlatform.cpp b/gfx/thebes/gfxPlatform.cpp
index 85f5f8c70374..9fcd43dc4467 100644
--- a/gfx/thebes/gfxPlatform.cpp
+++ b/gfx/thebes/gfxPlatform.cpp
@@ -2728,9 +2728,6 @@ gfxPlatform::InitOMTPConfig()
   if (InSafeMode()) {
     omtp.ForceDisable(FeatureStatus::Blocked, "OMTP blocked by safe-mode",
                       NS_LITERAL_CSTRING("FEATURE_FAILURE_COMP_SAFEMODE"));
-  } else if (gfxPrefs::TileEdgePaddingEnabled()) {
-    omtp.ForceDisable(FeatureStatus::Blocked, "OMTP does not yet support tiling with edge padding",
-                      NS_LITERAL_CSTRING("FEATURE_FAILURE_OMTP_TILING"));
   }
 
   if (omtp.IsEnabled()) {