Merge backout.

b2g/components/DirectoryProvider.js

@@ -10,8 +10,13 @@ const Cr = Components.results;
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource://gre/modules/Services.jsm");
 
+const XRE_OS_UPDATE_APPLY_TO_DIR = "OSUpdApplyToD"
 const LOCAL_DIR = "/data/local";
 
+XPCOMUtils.defineLazyServiceGetter(Services, "env",
+                                   "@mozilla.org/process/environment;1",
+                                   "nsIEnvironment");
+
 function DirectoryProvider() {
 }
 
@@ -35,10 +40,40 @@ DirectoryProvider.prototype = {
       file.initWithPath("/system/b2g");
       persistent.value = true;
       return file;
+    } else if (prop == XRE_OS_UPDATE_APPLY_TO_DIR) {
+      return this.getOSUpdateApplyToDir(persistent);
     }
 #endif
 
     return null;
+  },
+
+  getOSUpdateApplyToDir: function dp_getOSUpdateApplyToDir(persistent) {
+    // TODO add logic to check available storage space,
+    // and iterate through pref(s) to find alternative dirs if
+    // necessary.
+
+    let path = Services.env.get("EXTERNAL_STORAGE");
+    if (!path) {
+      path = LOCAL_PATH;
+    }
+
+    let dir = Cc["@mozilla.org/file/local;1"]
+                 .createInstance(Ci.nsILocalFile)
+    dir.initWithPath(path);
+
+    if (!dir.exists() && path != LOCAL_PATH) {
+      // Fallback to LOCAL_PATH if we didn't fallback earlier
+      dir.initWithPath(LOCAL_PATH);
+
+      if (!dir.exists()) {
+        throw Cr.NS_ERROR_FILE_NOT_FOUND;
+      }
+    }
+
+    dir.appendRelativePath("updates");
+    persistent.value = false;
+    return dir;
   }
 };
 

b2g/components/UpdatePrompt.js

@@ -168,7 +168,7 @@ UpdatePrompt.prototype = {
         this._applyWaitTimer = this.createTimer(APPLY_WAIT_TIMEOUT);
         break;
       case "restart":
-        this.restartProcess();
+        this.finishUpdate();
         break;
     }
   },
@@ -178,6 +178,34 @@ UpdatePrompt.prototype = {
     Services.aus.addDownloadListener(this);
   },
 
+  finishUpdate: function UP_finishUpdate() {
+    if (!this._update.isOSUpdate) {
+      // Standard gecko+gaia updates will just need to restart the process
+      this.restartProcess();
+      return;
+    }
+
+    let osApplyToDir;
+    try {
+      this._update.QueryInterface(Ci.nsIWritablePropertyBag);
+      osApplyToDir = this._update.getProperty("osApplyToDir");
+    } catch (e) {}
+
+    if (!osApplyToDir) {
+      log("Error: Update has no osApplyToDir");
+      return;
+    }
+
+    let updateFile = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+    updateFile.initWithPath(osApplyToDir + "/update.zip");
+    if (!updateFile.exists()) {
+      log("Error: FOTA update not found at " + updateFile.path);
+      return;
+    }
+
+    this.finishOSUpdate(updateFile.path);
+  },
+
   restartProcess: function UP_restartProcess() {
     log("Update downloaded, restarting to apply it");
 
@@ -194,11 +222,25 @@ UpdatePrompt.prototype = {
       );
   },
 
+  finishOSUpdate: function UP_finishOSUpdate(aOsUpdatePath) {
+    let recoveryService = Cc["@mozilla.org/recovery-service;1"]
+                            .getService(Ci.nsIRecoveryService);
+
+    log("Rebooting into recovery to apply FOTA update: " + aOsUpdatePath);
+
+    try {
+      recoveryService.installFotaUpdate(aOsUpdatePath);
+    } catch(e) {
+      log("Error: Couldn't reboot into recovery to apply FOTA update " +
+          aOsUpdatePath);
+    }
+  },
+
   notify: function UP_notify(aTimer) {
     if (aTimer == this._applyPromptTimer) {
       log("Timed out waiting for result, restarting");
       this._applyPromptTimer = null;
-      this.restartProcess();
+      this.finishUpdate();
     } else if (aTimer == this._applyWaitTimer) {
       this._applyWaitTimer = null;
       this.showUpdatePrompt();

browser/base/content/abouthome/aboutHome.css

@@ -81,7 +81,7 @@ a {
   border-radius: 2.5px 0 0 2.5px;
 }
 
-#searchText:dir(rtl) {
+#searchText:-moz-dir(rtl) {
   border-radius: 0 2.5px 2.5px 0;
 }
 
@@ -105,7 +105,7 @@ a {
   transition-duration: 150ms;
 }
 
-#searchSubmit:dir(rtl) {
+#searchSubmit:-moz-dir(rtl) {
   border-radius: 2.5px 0 0 2.5px;
 }
 
@@ -147,8 +147,8 @@ a {
   -moz-padding-start: 79px;
 }
 
-#defaultSnippet1:dir(rtl),
-#defaultSnippet2:dir(rtl) {
+#defaultSnippet1:-moz-dir(rtl),
+#defaultSnippet2:-moz-dir(rtl) {
   background-position: right 30px center;
 }
 
@@ -312,7 +312,7 @@ body[narrow] #restorePreviousSession {
   -moz-margin-end: 8px;
 }
 
-#restorePreviousSession:dir(rtl)::before {
+#restorePreviousSession:-moz-dir(rtl)::before {
   transform: scaleX(-1);
 }
 

browser/devtools/layoutview/view.css

@@ -22,7 +22,7 @@ body {
   vertical-align: top;
 }
 
-#header:dir(rtl) {
+#header:-moz-dir(rtl) {
   -moz-box-direction: reverse;
 }
 
@@ -34,7 +34,7 @@ body {
   -moz-box-flex: 1;
 }
 
-#element-size:dir(rtl) {
+#element-size:-moz-dir(rtl) {
   -moz-box-pack: end;
 }
 

browser/devtools/webconsole/test/Makefile.in

@@ -107,6 +107,8 @@ MOCHITEST_BROWSER_FILES = \
 	browser_webconsole_bug_658368_time_methods.js \
 	browser_webconsole_bug_764572_output_open_url.js \
 	browser_webconsole_bug_622303_persistent_filters.js \
+        browser_webconsole_bug_770099_bad_policyuri.js \
+        browser_webconsole_bug_770099_violation.js \
 	browser_webconsole_window_zombie.js \
 	browser_cached_messages.js \
 	browser_bug664688_sandbox_update_after_navigation.js \
@@ -188,6 +190,10 @@ MOCHITEST_BROWSER_FILES += \
 	test-bug-658368-time-methods.html \
 	test-webconsole-error-observer.html \
 	test-for-of.html \
+        test_bug_770099_violation.html \
+        test_bug_770099_violation.html^headers^ \
+        test_bug_770099_bad_policy_uri.html \
+        test_bug_770099_bad_policy_uri.html^headers^ \
 	test-result-format-as-string.html \
 	test-bug-737873-mixedcontent.html \
 	$(NULL)

browser/devtools/webconsole/test/browser_webconsole_bug_770099_bad_policyuri.js

@@ -0,0 +1,55 @@
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+// Tests that the Web Console CSP messages are displayed
+
+const TEST_BAD_POLICY_URI = "https://example.com/browser/browser/devtools/webconsole/test/test_bug_770099_bad_policy_uri.html";
+
+let hud = undefined;
+
+function test() {
+  addTab("data:text/html;charset=utf8,Web Console CSP bad policy URI test");
+  browser.addEventListener("load", function _onLoad() {
+    browser.removeEventListener("load", _onLoad, true);
+    openConsole(null, loadDocument);
+  }, true);
+}
+
+function loadDocument(theHud) {
+  hud = theHud;
+  hud.jsterm.clearOutput();
+  browser.addEventListener("load", onLoad, true);
+  content.location = TEST_BAD_POLICY_URI;
+}
+
+function onLoad(aEvent) {
+  browser.removeEventListener("load", onLoad, true);
+  testPolicyURIMessage();
+}
+
+function testPolicyURIMessage() {
+  let aOutputNode = hud.outputNode;
+ 
+  waitForSuccess(
+    {
+      name: "CSP policy URI warning displayed successfully",
+      validatorFn: function() {
+        return aOutputNode.querySelector(".webconsole-msg-error");
+      },
+
+      successFn: function() {
+        //tests on the urlnode
+        let node = aOutputNode.querySelector(".webconsole-msg-error");
+        isnot(node.textContent.indexOf("can't fetch policy"), -1,
+                                       "CSP Policy URI message found");
+        finishTest();
+      },
+
+      failureFn: finishTest,
+    }
+  );
+}

browser/devtools/webconsole/test/browser_webconsole_bug_770099_violation.js

@@ -0,0 +1,55 @@
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* ***** BEGIN LICENSE BLOCK *****
+ * Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+// Tests that the Web Console CSP messages are displayed
+
+const TEST_VIOLATION = "https://example.com/browser/browser/devtools/webconsole/test/test_bug_770099_violation.html";
+
+let hud = undefined;
+
+function test() {
+  addTab("data:text/html;charset=utf8,Web Console CSP violation test");
+  browser.addEventListener("load", function _onLoad() {
+    browser.removeEventListener("load", _onLoad, true);
+    openConsole(null, loadDocument);
+  }, true);
+}
+
+function loadDocument(theHud){
+  hud = theHud;
+  hud.jsterm.clearOutput()
+  browser.addEventListener("load", onLoad, true);
+  content.location = TEST_VIOLATION;
+}
+
+function onLoad(aEvent) {
+  browser.removeEventListener("load", onLoad, true);
+  testViolationMessage();
+}
+
+function testViolationMessage(){
+  let aOutputNode = hud.outputNode;
+
+  waitForSuccess(
+    {
+      name: "CSP policy URI warning displayed successfully",
+      validatorFn: function() {
+        return aOutputNode.querySelector(".webconsole-msg-warn");
+      },
+
+      successFn: function() {
+        //tests on the urlnode
+        let node = aOutputNode.querySelector(".webconsole-msg-warn");
+        isnot(node.textContent.indexOf("violated"), -1,
+                                       "CSP violation message found");
+        finishTest();
+      },
+
+      failureFn: finishTest,
+    }
+  );
+}

browser/devtools/webconsole/test/test_bug_770099_bad_policy_uri.html

@@ -0,0 +1,12 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Test for Bug 770099 - bad policy-uri</title>
+<!-- Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/ -->
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=770099">Mozilla Bug 770099</a>
+</body>
+</html>

browser/devtools/webconsole/test/test_bug_770099_bad_policy_uri.html^headers^

@@ -0,0 +1,2 @@
+X-Content-Security-Policy: policy-uri http://example.com/some_policy
+Content-type: text/html; charset=utf-8

browser/devtools/webconsole/test/test_bug_770099_violation.html

@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <title>Test for Bug 770099 - policy violation</title>
+<!-- Any copyright is dedicated to the Public Domain.
+     http://creativecommons.org/publicdomain/zero/1.0/ -->
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=770099">Mozilla Bug 770099</a>
+<img src="http://some.example.com/test.png">
+</body>
+</html>

browser/devtools/webconsole/test/test_bug_770099_violation.html^headers^

@@ -0,0 +1 @@
+X-Content-Security-Policy: default-src 'self'

browser/themes/gnomestripe/aboutCertError.css

@@ -37,7 +37,7 @@ h2 {
   background-origin: content-box;
 }
 
-#errorPageContainer:dir(rtl) {
+#errorPageContainer:-moz-dir(rtl) {
   background-position: right 0;
 }
 
@@ -59,7 +59,7 @@ h2 {
   cursor: pointer;
 }
 
-.expander > button:dir(rtl) {
+.expander > button:-moz-dir(rtl) {
   background-position: right center;
 }
 
@@ -67,6 +67,6 @@ h2 {
   background-image: url("chrome://browser/skin/aboutCertError_sectionCollapsed.png");
 }
 
-.expander[collapsed] > button:dir(rtl) {
+.expander[collapsed] > button:-moz-dir(rtl) {
   background-image: url("chrome://browser/skin/aboutCertError_sectionCollapsed-rtl.png");
 }

browser/themes/gnomestripe/aboutPrivateBrowsing.css

@@ -34,7 +34,7 @@ body.normal > #errorPageContainer {
   background: url("moz-icon://stock/gtk-dialog-info?size=menu") no-repeat top left;
 }
 
-#moreInfo:dir(rtl) {
+#moreInfo:-moz-dir(rtl) {
   background-position: top right;
 }
 

browser/themes/pinstripe/aboutCertError.css

@@ -37,7 +37,7 @@ h2 {
   background-origin: content-box;
 }
 
-#errorPageContainer:dir(rtl) {
+#errorPageContainer:-moz-dir(rtl) {
   background-position: right 0;
 }
 
@@ -59,7 +59,7 @@ h2 {
   cursor: pointer;
 }
 
-.expander > button:dir(rtl) {
+.expander > button:-moz-dir(rtl) {
   background-position: right center;
 }
 
@@ -67,6 +67,6 @@ h2 {
   background-image: url("chrome://browser/skin/aboutCertError_sectionCollapsed.png");
 }
 
-.expander[collapsed] > button:dir(rtl) {
+.expander[collapsed] > button:-moz-dir(rtl) {
   background-image: url("chrome://browser/skin/aboutCertError_sectionCollapsed-rtl.png");
 }

browser/themes/pinstripe/aboutPrivateBrowsing.css

@@ -34,7 +34,7 @@ body.normal > #errorPageContainer {
   background: url("chrome://global/skin/icons/information-16.png") no-repeat top left;
 }
 
-#moreInfo:dir(rtl) {
+#moreInfo:-moz-dir(rtl) {
   background-position: top right;
 }
 

browser/themes/pinstripe/devtools/debugger.css

@@ -299,6 +299,14 @@
   opacity: 0.5;
 }
 
+@media (min-resolution: 2dppx) {
+  .variable[non-writable] > .title:after,
+  .property[non-writable] > .title:after {
+    background-image: url("chrome://browser/skin/identity-icons-https@2x.png");
+    background-size: 32px;
+  }
+}
+
 #element-tooltip > label {
   margin: 0 2px 0 2px;
 }

browser/themes/pinstripe/downloads/downloads.css

@@ -206,6 +206,17 @@ richlistitem[type="download"][state="1"]:hover {
                                     14, 34, 34, 14);
 }
 
+@media (min-resolution: 2dppx) {
+  #downloads-indicator-icon:not(:-moz-lwtheme-brighttext) {
+    background-image: -moz-image-rect(url("chrome://browser/skin/Toolbar@2x.png"), 0, 280, 40, 240);
+    background-size: 20px;
+  }
+
+  #downloads-indicator:not([counter]) #downloads-indicator-counter {
+    background-image: -moz-image-rect(url("chrome://browser/skin/Toolbar@2x.png"), 0, 280, 40, 240);
+  }
+}
+
 /*** Event notification ***/
 
 #downloads-indicator-notification {

browser/themes/pinstripe/jar.mn

@@ -17,38 +17,55 @@ browser.jar:
   skin/classic/browser/aboutSyncTabs.css
 #endif
   skin/classic/browser/actionicon-tab.png
+  skin/classic/browser/actionicon-tab@2x.png
 * skin/classic/browser/browser.css                          (browser.css)
 * skin/classic/browser/engineManager.css                    (engineManager.css)
   skin/classic/browser/Geolocation-16.png
+  skin/classic/browser/Geolocation-16@2x.png
   skin/classic/browser/Geolocation-64.png
+  skin/classic/browser/Geolocation-64@2x.png
   skin/classic/browser/home.png
   skin/classic/browser/identity.png
+  skin/classic/browser/identity@2x.png
   skin/classic/browser/identity-icons-generic.png
+  skin/classic/browser/identity-icons-generic@2x.png
   skin/classic/browser/identity-icons-https.png
+  skin/classic/browser/identity-icons-https@2x.png
   skin/classic/browser/identity-icons-https-ev.png
+  skin/classic/browser/identity-icons-https-ev@2x.png
   skin/classic/browser/Info.png
   skin/classic/browser/KUI-background.png
   skin/classic/browser/KUI-close.png
   skin/classic/browser/menu-back.png
   skin/classic/browser/menu-forward.png
   skin/classic/browser/panel-expander-closed.png
+  skin/classic/browser/panel-expander-closed@2x.png
   skin/classic/browser/panel-expander-open.png
+  skin/classic/browser/panel-expander-open@2x.png
   skin/classic/browser/panel-plus-sign.png
   skin/classic/browser/page-livemarks.png
+  skin/classic/browser/page-livemarks@2x.png
   skin/classic/browser/pageInfo.css
   skin/classic/browser/Privacy-16.png
   skin/classic/browser/Privacy-48.png
   skin/classic/browser/reload-stop-go.png
+  skin/classic/browser/reload-stop-go@2x.png
   skin/classic/browser/searchbar-dropmarker.png
+  skin/classic/browser/searchbar-dropmarker@2x.png
   skin/classic/browser/searchbar.css
   skin/classic/browser/Search.png
+  skin/classic/browser/Search@2x.png
   skin/classic/browser/Secure-Glyph.png
+  skin/classic/browser/Secure-Glyph@2x.png
   skin/classic/browser/keyhole-circle.png
   skin/classic/browser/Toolbar.png
   skin/classic/browser/toolbarbutton-dropmarker.png
   skin/classic/browser/urlbar-history-dropmarker.png
+  skin/classic/browser/urlbar-history-dropmarker@2x.png
   skin/classic/browser/urlbar-arrow.png
+  skin/classic/browser/urlbar-arrow@2x.png
   skin/classic/browser/urlbar-popup-blocked.png
+  skin/classic/browser/urlbar-popup-blocked@2x.png
   skin/classic/browser/downloads/buttons.png                (downloads/buttons.png)
   skin/classic/browser/downloads/download-glow.png          (downloads/download-glow.png)
   skin/classic/browser/downloads/download-notification.png  (downloads/download-notification.png)
@@ -63,6 +80,7 @@ browser.jar:
   skin/classic/browser/feeds/audioFeedIcon16.png            (feeds/feedIcon16.png)
   skin/classic/browser/newtab/newTab.css                    (newtab/newTab.css)
   skin/classic/browser/newtab/controls.png                  (newtab/controls.png)
+  skin/classic/browser/newtab/controls@2x.png               (newtab/controls@2x.png)
   skin/classic/browser/newtab/noise.png                     (newtab/noise.png)
   skin/classic/browser/setDesktopBackground.css
   skin/classic/browser/monitor.png
@@ -71,13 +89,18 @@ browser.jar:
 * skin/classic/browser/places/places.css                    (places/places.css)
 * skin/classic/browser/places/organizer.css                 (places/organizer.css)
   skin/classic/browser/places/query.png                     (places/query.png)
+  skin/classic/browser/places/query@2x.png                  (places/query@2x.png)
   skin/classic/browser/places/bookmarksMenu.png             (places/bookmarksMenu.png)
   skin/classic/browser/places/bookmarksToolbar.png          (places/bookmarksToolbar.png)
+  skin/classic/browser/places/bookmarksToolbar@2x.png       (places/bookmarksToolbar@2x.png)
   skin/classic/browser/places/history.png                   (places/history.png)
+  skin/classic/browser/places/history@2x.png                (places/history@2x.png)
   skin/classic/browser/places/star-icons.png                (places/star-icons.png)
+  skin/classic/browser/places/star-icons@2x.png             (places/star-icons@2x.png)
   skin/classic/browser/places/toolbar.png                   (places/toolbar.png)
   skin/classic/browser/places/toolbarDropMarker.png         (places/toolbarDropMarker.png)
   skin/classic/browser/places/folderDropArrow.png           (places/folderDropArrow.png)
+  skin/classic/browser/places/folderDropArrow@2x.png        (places/folderDropArrow@2x.png)
   skin/classic/browser/places/editBookmarkOverlay.css       (places/editBookmarkOverlay.css)
   skin/classic/browser/places/minus.png                     (places/minus.png)
   skin/classic/browser/places/minus-active.png              (places/minus-active.png)
@@ -86,9 +109,11 @@ browser.jar:
   skin/classic/browser/places/starred48.png                 (places/starred48.png)
   skin/classic/browser/places/unstarred48.png               (places/unstarred48.png)
   skin/classic/browser/places/unfiledBookmarks.png          (places/unfiledBookmarks.png)
+  skin/classic/browser/places/unfiledBookmarks@2x.png       (places/unfiledBookmarks@2x.png)
   skin/classic/browser/places/twisty-open.gif               (places/twisty-open.gif)
   skin/classic/browser/places/twisty-closed.gif             (places/twisty-closed.gif)
   skin/classic/browser/places/tag.png                       (places/tag.png)
+  skin/classic/browser/places/tag@2x.png                    (places/tag@2x.png)
   skin/classic/browser/places/downloads.png                 (places/downloads.png)
   skin/classic/browser/places/expander-closed-active.png    (places/expander-closed-active.png)
   skin/classic/browser/places/expander-closed.png           (places/expander-closed.png)
@@ -110,10 +135,15 @@ browser.jar:
   skin/classic/browser/social/chat-close.png                             (social/chat-close.png)
   skin/classic/browser/tabbrowser/alltabs-box-bkgnd-icon.png             (tabbrowser/alltabs-box-bkgnd-icon.png)
   skin/classic/browser/tabbrowser/newtab.png                             (tabbrowser/newtab.png)
+  skin/classic/browser/tabbrowser/newtab@2x.png                          (tabbrowser/newtab@2x.png)
   skin/classic/browser/tabbrowser/connecting.png                         (tabbrowser/connecting.png)
+  skin/classic/browser/tabbrowser/connecting@2x.png                      (tabbrowser/connecting@2x.png)
   skin/classic/browser/tabbrowser/loading.png                            (tabbrowser/loading.png)
+  skin/classic/browser/tabbrowser/loading@2x.png                         (tabbrowser/loading@2x.png)
   skin/classic/browser/tabbrowser/tab-arrow-left.png                     (tabbrowser/tab-arrow-left.png)
+  skin/classic/browser/tabbrowser/tab-arrow-left@2x.png                  (tabbrowser/tab-arrow-left@2x.png)
   skin/classic/browser/tabbrowser/tab-arrow-right.png                    (tabbrowser/tab-arrow-right.png)
+  skin/classic/browser/tabbrowser/tab-arrow-right@2x.png                 (tabbrowser/tab-arrow-right@2x.png)
   skin/classic/browser/tabbrowser/tabbar-bottom-bg-active.png            (tabbrowser/tabbar-bottom-bg-active.png)
   skin/classic/browser/tabbrowser/tabbar-bottom-bg-inactive.png          (tabbrowser/tabbar-bottom-bg-inactive.png)
   skin/classic/browser/tabbrowser/tab-bottom-normal-active.png           (tabbrowser/tab-bottom-normal-active.png)
@@ -122,10 +152,14 @@ browser.jar:
   skin/classic/browser/tabbrowser/tabbar-top-bg-active.png               (tabbrowser/tabbar-top-bg-active.png)
   skin/classic/browser/tabbrowser/tabbar-top-bg-inactive.png             (tabbrowser/tabbar-top-bg-inactive.png)
   skin/classic/browser/tabbrowser/tab-top-normal-active.png              (tabbrowser/tab-top-normal-active.png)
+  skin/classic/browser/tabbrowser/tab-top-normal-active@2x.png           (tabbrowser/tab-top-normal-active@2x.png)
   skin/classic/browser/tabbrowser/tab-top-hover-active.png               (tabbrowser/tab-top-hover-active.png)
+  skin/classic/browser/tabbrowser/tab-top-hover-active@2x.png            (tabbrowser/tab-top-hover-active@2x.png)
   skin/classic/browser/tabbrowser/tab-top-selected-active.png            (tabbrowser/tab-top-selected-active.png)
+  skin/classic/browser/tabbrowser/tab-top-selected-active@2x.png         (tabbrowser/tab-top-selected-active@2x.png)
   skin/classic/browser/tabbrowser/tab-overflow-border.png                (tabbrowser/tab-overflow-border.png)
   skin/classic/browser/tabbrowser/tabDragIndicator.png                   (tabbrowser/tabDragIndicator.png)
+  skin/classic/browser/tabbrowser/tabDragIndicator@2x.png                (tabbrowser/tabDragIndicator.png)
   skin/classic/browser/tabview/close.png                    (tabview/close.png)
   skin/classic/browser/tabview/edit-light.png               (tabview/edit-light.png)
   skin/classic/browser/tabview/search.png                   (tabview/search.png)
@@ -216,12 +250,17 @@ browser.jar:
   skin/classic/browser/syncProgress.css
 #endif
   skin/classic/browser/lion/keyhole-circle.png              (keyhole-circle-lion.png)
+  skin/classic/browser/keyhole-circle@2x.png                (keyhole-circle-lion@2x.png)
   skin/classic/browser/lion/Toolbar.png                     (Toolbar-lion.png)
+  skin/classic/browser/Toolbar@2x.png                       (Toolbar-lion@2x.png)
   skin/classic/browser/lion/toolbarbutton-dropmarker.png    (toolbarbutton-dropmarker-lion.png)
+  skin/classic/browser/toolbarbutton-dropmarker@2x.png      (toolbarbutton-dropmarker-lion@2x.png)
   skin/classic/browser/lion/tabbrowser/alltabs-box-bkgnd-icon.png      (tabbrowser/alltabs-box-bkgnd-icon-lion.png)
+  skin/classic/browser/tabbrowser/alltabs-box-bkgnd-icon@2x.png        (tabbrowser/alltabs-box-bkgnd-icon-lion@2x.png)
   skin/classic/browser/lion/tabview/tabview.png                        (tabview/tabview-lion.png)
   skin/classic/browser/lion/places/toolbar.png              (places/toolbar-lion.png)
   skin/classic/browser/webapps-16.png
+  skin/classic/browser/webapps-16@2x.png
   skin/classic/browser/webapps-64.png
 
 % override chrome://browser/skin/keyhole-circle.png                        chrome://browser/skin/lion/keyhole-circle.png                           os=Darwin osversion>=10.7

browser/themes/pinstripe/newtab/newTab.css

@@ -28,6 +28,13 @@
   background-position: -232px 0;
 }
 
+@media (min-resolution: 2dppx) {
+  #newtab-toggle {
+    background-image: url(chrome://browser/skin/newtab/controls@2x.png);
+    background-size: 248px;
+  }
+}
+
 /* ROWS */
 .newtab-row {
   margin-bottom: 20px;
@@ -102,6 +109,13 @@
   background: transparent url(chrome://browser/skin/newtab/controls.png);
 }
 
+@media (min-resolution: 2dppx) {
+  .newtab-control {
+    background-image: url(chrome://browser/skin/newtab/controls@2x.png);
+    background-size: 248px;
+  }
+}
+
 .newtab-control-pin:hover {
   background-position: -24px 0;
 }

browser/themes/pinstripe/places/editBookmarkOverlay.css

@@ -20,6 +20,12 @@
   list-style-image: url("chrome://global/skin/tree/folder.png") !important;
 }
 
+@media (min-resolution: 2dppx) {
+  .folder-icon {
+    list-style-image: url("chrome://global/skin/tree/folder@2x.png") !important;
+  }
+}
+
 .menulist-icon {
   margin: 0 !important;
 }
@@ -85,3 +91,15 @@
 #editBMPanel_unfiledRootItem {
   list-style-image: url("chrome://browser/skin/places/unfiledBookmarks.png") !important;  
 }
+
+@media (min-resolution: 2dppx) {
+  #editBMPanel_folderMenuList[selectedIndex="0"],
+  #editBMPanel_toolbarFolderItem {
+    list-style-image: url("chrome://browser/skin/places/bookmarksToolbar@2x.png") !important;
+  }
+
+  #editBMPanel_folderMenuList[selectedIndex="2"],
+  #editBMPanel_unfiledRootItem {
+    list-style-image: url("chrome://browser/skin/places/unfiledBookmarks@2x.png") !important;
+  }
+}

browser/themes/pinstripe/places/organizer.css

@@ -108,6 +108,16 @@
   -moz-margin-end: 2px;
 }
 
+@media (min-resolution: 2dppx) {
+  #placesToolbar > toolbarbutton[type="menu"] > .toolbarbutton-menu-dropmarker {
+    list-style-image: url(chrome://browser/skin/toolbarbutton-dropmarker@2x.png);
+  }
+
+  #placesToolbar > toolbarbutton[type="menu"] > .toolbarbutton-menu-dropmarker > .dropmarker-icon {
+    width: 7px;
+  }
+}
+
 @media (-moz-mac-lion-theme) {
   #placesToolbar > toolbarbutton[disabled="true"] > .toolbarbutton-icon,
   #placesToolbar > toolbarbutton:not(:hover):-moz-window-inactive > .toolbarbutton-icon,

browser/themes/pinstripe/preferences/aboutPermissions.css

@@ -36,6 +36,12 @@
   list-style-image: url("chrome://mozapps/skin/places/defaultFavicon.png");
 }
 
+@media (min-resolution: 2dppx) {
+  .site-favicon {
+    list-style-image: url("chrome://mozapps/skin/places/defaultFavicon@2x.png");
+  }
+}
+
 #all-sites-item > .site-container > .site-favicon {
   list-style-image: none;
 }
@@ -102,6 +108,12 @@
   list-style-image: url(chrome://global/skin/icons/question-64.png);
 }
 
+@media (min-resolution: 2dppx) {
+  .pref-icon[type="geo"] {
+    list-style-image: url(chrome://browser/skin/Geolocation-64@2x.png);
+  }
+}
+
 .pref-title {
   font-size: 125%;
   margin-bottom: 0;

browser/themes/pinstripe/searchbar.css

@@ -45,3 +45,19 @@
 .search-go-button {
   list-style-image: url("chrome://browser/skin/Search.png");
 }
+
+@media (min-resolution: 2dppx) {
+  .searchbar-engine-image {
+    list-style-image: url("chrome://mozapps/skin/places/defaultFavicon@2x.png");
+  }
+
+  .searchbar-dropmarker-image {
+    list-style-image: url("chrome://browser/skin/searchbar-dropmarker@2x.png");
+    width: 7px;
+  }
+
+  .search-go-button {
+    list-style-image: url("chrome://browser/skin/Search@2x.png");
+    width: 14px;
+  }
+}

browser/themes/winstripe/aboutCertError.css

@@ -37,7 +37,7 @@ h2 {
   background-origin: content-box;
 }
 
-#errorPageContainer:dir(rtl) {
+#errorPageContainer:-moz-dir(rtl) {
   background-position: right 0;
 }
 
@@ -59,7 +59,7 @@ h2 {
   cursor: pointer;
 }
 
-.expander > button:dir(rtl) {
+.expander > button:-moz-dir(rtl) {
   background-position: right center;
 }
 
@@ -67,6 +67,6 @@ h2 {
   background-image: url("chrome://browser/skin/aboutCertError_sectionCollapsed.png");
 }
 
-.expander[collapsed] > button:dir(rtl) {
+.expander[collapsed] > button:-moz-dir(rtl) {
   background-image: url("chrome://browser/skin/aboutCertError_sectionCollapsed-rtl.png");
 }

browser/themes/winstripe/aboutPrivateBrowsing.css

@@ -34,7 +34,7 @@ body.normal > #errorPageContainer {
   background: url("chrome://global/skin/icons/information-16.png") no-repeat top left;
 }
 
-#moreInfo:dir(rtl) {
+#moreInfo:-moz-dir(rtl) {
   background-position: top right;
 }
 

build/automation.py.in

@@ -449,6 +449,9 @@ user_pref("extensions.getAddons.search.url", "http://%(server)s/extensions-dummy
 
 // Make enablePrivilege continue to work for test code. :-(
 user_pref("security.enablePrivilege.enable_for_tests", true);
+
+// Get network events.
+user_pref("network.activity.blipIntervalMilliseconds", 250);
 """ % { "server" : self.webServer + ":" + str(self.httpPort) }
     prefs.append(part)
 

build/valgrind/cross-architecture.sup

@@ -251,19 +251,3 @@
    fun:_ZN22nsComponentManagerImpl17ManifestComponentERNS_25ManifestProcessingContextEiPKPc
    ...
 }
-{
-   Bug 795395
-   Memcheck:Addr4
-   fun:PR_UnloadLibrary
-   fun:_ZN18nsGSettingsServiceD1Ev
-   fun:_ZN18nsGSettingsService7ReleaseEv
-   fun:_ZL29nsGSettingsServiceConstructorP11nsISupportsRK4nsIDPPv
-   ...
-}
-{
-   Bug 795631
-   Memcheck:Cond
-   fun:_ZN7mozilla17FrameLayerBuilder18ClippedDisplayItemD1Ev
-   fun:_ZN12nsTHashtableIN7mozilla17FrameLayerBuilder21ThebesLayerItemsEntryEE12s_ClearEntryEP12PLDHashTableP15PLDHashEntryHdr
-   ...
-}

content/base/public/FragmentOrElement.h

@@ -348,6 +348,8 @@ public:
     void Traverse(nsCycleCollectionTraversalCallback &cb, bool aIsXUL);
     void Unlink(bool aIsXUL);
 
+    size_t SizeOfIncludingThis(nsMallocSizeOfFun aMallocSizeOf) const;
+
     /**
      * The .style attribute (an interface that forwards to the actual
      * style rules)

content/base/src/CSPUtils.jsm

@@ -11,6 +11,7 @@
  */
 
 const Cu = Components.utils;
+const Ci = Components.interfaces;
 
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource://gre/modules/Services.jsm");
@@ -20,17 +21,16 @@ XPCOMUtils.defineLazyModuleGetter(this, "Services",
 
 // Module stuff
 var EXPORTED_SYMBOLS = ["CSPRep", "CSPSourceList", "CSPSource", "CSPHost",
-                        "CSPWarning", "CSPError", "CSPdebug",
-                        "CSPViolationReportListener", "CSPLocalizer"];
+                        "CSPdebug", "CSPViolationReportListener", "CSPLocalizer"];
 
 var STRINGS_URI = "chrome://global/locale/security/csp.properties";
 
 // these are not exported
 var gIoService = Components.classes["@mozilla.org/network/io-service;1"]
-                 .getService(Components.interfaces.nsIIOService);
+                 .getService(Ci.nsIIOService);
 
 var gETLDService = Components.classes["@mozilla.org/network/effective-tld-service;1"]
-                   .getService(Components.interfaces.nsIEffectiveTLDService);
+                   .getService(Ci.nsIEffectiveTLDService);
 
 // These regexps represent the concrete syntax on the w3 spec as of 7-5-2012
 // scheme          = <scheme production from RFC 3986>
@@ -76,58 +76,30 @@ var gPrefObserver = {
 
   _initialize: function() {
     var prefSvc = Components.classes["@mozilla.org/preferences-service;1"]
-                    .getService(Components.interfaces.nsIPrefService);
+                    .getService(Ci.nsIPrefService);
     this._branch = prefSvc.getBranch("security.csp.");
     this._branch.addObserver("", this, false);
     this._debugEnabled = this._branch.getBoolPref("debug");
   },
 
   unregister: function() {
-    if(!this._branch) return;
+    if (!this._branch) return;
     this._branch.removeObserver("", this);
   },
 
   observe: function(aSubject, aTopic, aData) {
-    if(aTopic != "nsPref:changed") return;
-    if(aData === "debug")
+    if (aTopic != "nsPref:changed") return;
+    if (aData === "debug")
       this._debugEnabled = this._branch.getBoolPref("debug");
   },
-
 };
 
-
-function CSPWarning(aMsg, aWindowID, aSource, aScriptSample, aLineNum) {
-  var textMessage = 'CSP WARN:  ' + aMsg + "\n";
-
-  var consoleMsg = Components.classes["@mozilla.org/scripterror;1"]
-                    .createInstance(Components.interfaces.nsIScriptError);
-  consoleMsg.initWithWindowID(textMessage, aSource, aScriptSample, aLineNum, 0,
-                  Components.interfaces.nsIScriptError.warningFlag,
-                  "Content Security Policy", aWindowID);
-  Components.classes["@mozilla.org/consoleservice;1"]
-                    .getService(Components.interfaces.nsIConsoleService)
-                    .logMessage(consoleMsg);
-}
-
-function CSPError(aMsg, aWindowID) {
-  var textMessage = 'CSP ERROR:  ' + aMsg + "\n";
-
-  var consoleMsg = Components.classes["@mozilla.org/scripterror;1"]
-                    .createInstance(Components.interfaces.nsIScriptError);
-  consoleMsg.initWithWindowID(textMessage, null, null, 0, 0,
-                  Components.interfaces.nsIScriptError.errorFlag,
-                  "Content Security Policy", aWindowID);
-  Components.classes["@mozilla.org/consoleservice;1"]
-                    .getService(Components.interfaces.nsIConsoleService)
-                    .logMessage(consoleMsg);
-}
-
 function CSPdebug(aMsg) {
   if (!gPrefObserver.debugEnabled) return;
 
   aMsg = 'CSP debug: ' + aMsg + "\n";
   Components.classes["@mozilla.org/consoleservice;1"]
-                    .getService(Components.interfaces.nsIConsoleService)
+                    .getService(Ci.nsIConsoleService)
                     .logStringMessage(aMsg);
 }
 
@@ -138,16 +110,16 @@ function CSPPolicyURIListener(policyURI, docRequest, csp) {
   this._csp = csp;                // parent document's CSP
   this._policy = "";              // contents fetched from policyURI
   this._wrapper = null;           // nsIScriptableInputStream
-  this._docURI = docRequest.QueryInterface(Components.interfaces.nsIChannel)
+  this._docURI = docRequest.QueryInterface(Ci.nsIChannel)
                  .URI;    // parent document URI (to be used as 'self')
 }
 
 CSPPolicyURIListener.prototype = {
 
   QueryInterface: function(iid) {
-    if (iid.equals(Components.interfaces.nsIStreamListener) ||
-        iid.equals(Components.interfaces.nsIRequestObserver) ||
-        iid.equals(Components.interfaces.nsISupports))
+    if (iid.equals(Ci.nsIStreamListener) ||
+        iid.equals(Ci.nsIRequestObserver) ||
+        iid.equals(Ci.nsISupports))
       return this;
     throw Components.results.NS_ERROR_NO_INTERFACE;
   },
@@ -159,7 +131,7 @@ CSPPolicyURIListener.prototype = {
   function(request, context, inputStream, offset, count) {
     if (this._wrapper == null) {
       this._wrapper = Components.classes["@mozilla.org/scriptableinputstream;1"]
-                      .createInstance(Components.interfaces.nsIScriptableInputStream);
+                      .createInstance(Ci.nsIScriptableInputStream);
       this._wrapper.init(inputStream);
     }
     // store the remote policy as it becomes available
@@ -241,9 +213,10 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
   var UD = CSPRep.URI_DIRECTIVES;
   var aCSPR = new CSPRep();
   aCSPR._originalText = aStr;
+  aCSPR._innerWindowID = innerWindowFromRequest(docRequest);
 
   var selfUri = null;
-  if (self instanceof Components.interfaces.nsIURI)
+  if (self instanceof Ci.nsIURI)
     selfUri = self.clone();
 
   var dirs = aStr.split(";");
@@ -258,7 +231,8 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
 
     if (aCSPR._directives.hasOwnProperty(dirname)) {
       // Check for (most) duplicate directives
-      CSPError(CSPLocalizer.getFormatStr("duplicateDirective", [dirname]));
+      cspError(aCSPR, CSPLocalizer.getFormatStr("duplicateDirective",
+                                                [dirname]));
       CSPdebug("Skipping duplicate directive: \"" + dir + "\"");
       continue directive;
     }
@@ -267,7 +241,8 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
     if (dirname === CSPRep.OPTIONS_DIRECTIVE) {
       if (aCSPR._allowInlineScripts || aCSPR._allowEval) {
         // Check for duplicate options directives
-        CSPError(CSPLocalizer.getFormatStr("duplicateDirective", [dirname]));
+        cspError(aCSPR, CSPLocalizer.getFormatStr("duplicateDirective",
+                                                  [dirname]));
         CSPdebug("Skipping duplicate directive: \"" + dir + "\"");
         continue directive;
       }
@@ -280,7 +255,8 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
         else if (opt === "eval-script")
           aCSPR._allowEval = true;
         else
-          CSPWarning(CSPLocalizer.getFormatStr("doNotUnderstandOption", [opt]));
+          cspWarn(aCSPR, CSPLocalizer.getFormatStr("doNotUnderstandOption",
+                                                   [opt]));
       }
       continue directive;
     }
@@ -289,14 +265,15 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
     // parse "allow" as equivalent to "default-src", at least until the spec
     // stabilizes, at which time we can stop parsing "allow"
     if (dirname === CSPRep.ALLOW_DIRECTIVE) {
-      CSPWarning(CSPLocalizer.getStr("allowDirectiveDeprecated"));
+      cspWarn(aCSPR, CSPLocalizer.getStr("allowDirectiveDeprecated"));
       if (aCSPR._directives.hasOwnProperty(SD.DEFAULT_SRC)) {
         // Check for duplicate default-src and allow directives
-        CSPError(CSPLocalizer.getFormatStr("duplicateDirective", [dirname]));
+        cspError(aCSPR, CSPLocalizer.getFormatStr("duplicateDirective",
+                                                  [dirname]));
         CSPdebug("Skipping duplicate directive: \"" + dir + "\"");
         continue directive;
       }
-      var dv = CSPSourceList.fromString(dirvalue, self, true);
+      var dv = CSPSourceList.fromString(dirvalue, aCSPR, self, true);
       if (dv) {
         aCSPR._directives[SD.DEFAULT_SRC] = dv;
         continue directive;
@@ -307,7 +284,7 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
     for each(var sdi in SD) {
       if (dirname === sdi) {
         // process dirs, and enforce that 'self' is defined.
-        var dv = CSPSourceList.fromString(dirvalue, self, true);
+        var dv = CSPSourceList.fromString(dirvalue, aCSPR, self, true);
         if (dv) {
           aCSPR._directives[sdi] = dv;
           continue directive;
@@ -340,18 +317,19 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
           if (self) {
             if (gETLDService.getBaseDomain(uri) !==
                 gETLDService.getBaseDomain(selfUri)) {
-              CSPWarning(CSPLocalizer.getFormatStr("notETLDPlus1",
-                         [gETLDService.getBaseDomain(uri)]));
+              cspWarn(aCSPR,
+                      CSPLocalizer.getFormatStr("notETLDPlus1",
+                                            [gETLDService.getBaseDomain(uri)]));
               continue;
             }
             if (!uri.schemeIs(selfUri.scheme)) {
-              CSPWarning(CSPLocalizer.getFormatStr("notSameScheme",
-                         [uri.asciiSpec]));
+              cspWarn(aCSPR, CSPLocalizer.getFormatStr("notSameScheme",
+                                                       [uri.asciiSpec]));
               continue;
             }
             if (uri.port && uri.port !== selfUri.port) {
-              CSPWarning(CSPLocalizer.getFormatStr("notSamePort",
-                         [uri.asciiSpec]));
+              cspWarn(aCSPR, CSPLocalizer.getFormatStr("notSamePort",
+                                                       [uri.asciiSpec]));
               continue;
             }
           }
@@ -360,15 +338,16 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
             case Components.results.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS:
             case Components.results.NS_ERROR_HOST_IS_IP_ADDRESS:
               if (uri.host !== selfUri.host) {
-                CSPWarning(CSPLocalizer.getFormatStr("pageCannotSendReportsTo",
-                         [selfUri.host, uri.host]));
+                cspWarn(aCSPR,
+                        CSPLocalizer.getFormatStr("pageCannotSendReportsTo",
+                                                  [selfUri.host, uri.host]));
                 continue;
               }
               break;
 
             default:
-              CSPWarning(CSPLocalizer.getFormatStr("couldNotParseReportURI",
-                        [uriStrings[i]]));
+              cspWarn(aCSPR, CSPLocalizer.getFormatStr("couldNotParseReportURI",
+                                                       [uriStrings[i]]));
               continue;
           }
         }
@@ -383,13 +362,13 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
     if (dirname === UD.POLICY_URI) {
       // POLICY_URI can only be alone
       if (aCSPR._directives.length > 0 || dirs.length > 1) {
-        CSPError(CSPLocalizer.getStr("policyURINotAlone"));
+        cspError(aCSPR, CSPLocalizer.getStr("policyURINotAlone"));
         return CSPRep.fromString("default-src 'none'");
       }
       // if we were called without a reference to the parent document request
       // we won't be able to suspend it while we fetch the policy -> fail closed
       if (!docRequest || !csp) {
-        CSPError(CSPLocalizer.getStr("noParentRequest"));
+        cspError(aCSPR, CSPLocalizer.getStr("noParentRequest"));
         return CSPRep.fromString("default-src 'none'");
       }
 
@@ -397,22 +376,26 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
       try {
         uri = gIoService.newURI(dirvalue, null, selfUri);
       } catch(e) {
-        CSPError(CSPLocalizer.getFormatStr("policyURIParseError", [dirvalue]));
+        cspError(aCSPR, CSPLocalizer.getFormatStr("policyURIParseError",
+                                                  [dirvalue]));
         return CSPRep.fromString("default-src 'none'");
       }
 
       // Verify that policy URI comes from the same origin
       if (selfUri) {
-        if (selfUri.host !== uri.host){
-          CSPError(CSPLocalizer.getFormatStr("nonMatchingHost", [uri.host]));
+        if (selfUri.host !== uri.host) {
+          cspError(aCSPR, CSPLocalizer.getFormatStr("nonMatchingHost",
+                                                    [uri.host]));
           return CSPRep.fromString("default-src 'none'");
         }
-        if (selfUri.port !== uri.port){
-          CSPError(CSPLocalizer.getFormatStr("nonMatchingPort", [uri.port.toString()]));
+        if (selfUri.port !== uri.port) {
+          cspError(aCSPR, CSPLocalizer.getFormatStr("nonMatchingPort",
+                                                    [uri.port.toString()]));
           return CSPRep.fromString("default-src 'none'");
         }
-        if (selfUri.scheme !== uri.scheme){
-          CSPError(CSPLocalizer.getFormatStr("nonMatchingScheme", [uri.scheme]));
+        if (selfUri.scheme !== uri.scheme) {
+          cspError(aCSPR, CSPLocalizer.getFormatStr("nonMatchingScheme",
+                                                    [uri.scheme]));
           return CSPRep.fromString("default-src 'none'");
         }
       }
@@ -423,13 +406,14 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
         var chan = gIoService.newChannel(uri.asciiSpec, null, null);
         // make request anonymous (no cookies, etc.) so the request for the
         // policy-uri can't be abused for CSRF
-        chan.loadFlags |= Components.interfaces.nsIChannel.LOAD_ANONYMOUS;
+        chan.loadFlags |= Ci.nsIChannel.LOAD_ANONYMOUS;
         chan.asyncOpen(new CSPPolicyURIListener(uri, docRequest, csp), null);
       }
       catch (e) {
         // resume the document request and apply most restrictive policy
         docRequest.resume();
-        CSPError(CSPLocalizer.getFormatStr("errorFetchingPolicy", [e.toString()]));
+        cspError(aCSPR, CSPLocalizer.getFormatStr("errorFetchingPolicy",
+                                                  [e.toString()]));
         return CSPRep.fromString("default-src 'none'");
       }
 
@@ -439,7 +423,8 @@ CSPRep.fromString = function(aStr, self, docRequest, csp) {
     }
 
     // UNIDENTIFIED DIRECTIVE /////////////////////////////////////////////
-    CSPWarning(CSPLocalizer.getFormatStr("couldNotProcessUnknownDirective", [dirname]));
+    cspWarn(aCSPR, CSPLocalizer.getFormatStr("couldNotProcessUnknownDirective",
+                                             [dirname]));
 
   } // end directive: loop
 
@@ -511,7 +496,7 @@ CSPRep.prototype = {
     // GLOBALLY ALLOW "about:" SCHEME
     if (aURI instanceof String && aURI.substring(0,6) === "about:")
       return true;
-    if (aURI instanceof Components.interfaces.nsIURI && aURI.scheme === "about")
+    if (aURI instanceof Ci.nsIURI && aURI.scheme === "about")
       return true;
 
     // make sure the context is valid
@@ -563,6 +548,9 @@ CSPRep.prototype = {
 
     newRep._allowInlineScripts = this.allowsInlineScripts
                            && aCSPRep.allowsInlineScripts;
+ 
+    newRep._innerWindowID = this._innerWindowID ?
+                              this._innerWindowID : aCSPRep._innerWindowID;
 
     return newRep;
   },
@@ -578,7 +566,7 @@ CSPRep.prototype = {
     var SD = CSPRep.SRC_DIRECTIVES;
     var defaultSrcDir = this._directives[SD.DEFAULT_SRC];
     if (!defaultSrcDir) {
-      CSPWarning(CSPLocalizer.getStr("allowOrDefaultSrcRequired"));
+      this.warn(CSPLocalizer.getStr("allowOrDefaultSrcRequired"));
       return false;
     }
 
@@ -589,7 +577,7 @@ CSPRep.prototype = {
         // implicit directive, make explicit.
         // All but frame-ancestors directive inherit from 'allow' (bug 555068)
         if (dirv === SD.FRAME_ANCESTORS)
-          this._directives[dirv] = CSPSourceList.fromString("*");
+          this._directives[dirv] = CSPSourceList.fromString("*",this);
         else
           this._directives[dirv] = defaultSrcDir.clone();
         this._directives[dirv]._isImplicit = true;
@@ -613,6 +601,62 @@ CSPRep.prototype = {
   get allowsInlineScripts () {
     return this._allowInlineScripts;
   },
+
+  /**
+   * Sends a warning message to the error console and web developer console.
+   * @param aMsg
+   *        The message to send
+   * @param aSource (optional)
+   *        The URL of the file in which the error occurred
+   * @param aScriptLine (optional)
+   *        The line in the source file which the error occurred
+   * @param aLineNum (optional)
+   *        The number of the line where the error occurred
+   */
+  warn:
+  function cspd_warn(aMsg, aSource, aScriptLine, aLineNum) {
+    var textMessage = 'CSP WARN:  ' + aMsg + "\n";
+
+    var consoleMsg = Components.classes["@mozilla.org/scripterror;1"]
+                               .createInstance(Ci.nsIScriptError);
+    if (this._innerWindowID) {
+      consoleMsg.initWithWindowID(textMessage, aSource, aScriptLine, aLineNum,
+                                  0, Ci.nsIScriptError.warningFlag,
+                                  "Content Security Policy",
+                                  this._innerWindowID);
+    } else {
+      consoleMsg.init(textMessage, aSource, aScriptLine, aLineNum, 0,
+                      Ci.nsIScriptError.warningFlag,
+                      "Content Security Policy");
+    }
+    Components.classes["@mozilla.org/consoleservice;1"]
+              .getService(Ci.nsIConsoleService).logMessage(consoleMsg);
+  },
+
+  /**
+   * Sends an error message to the error console and web developer console.
+   * @param aMsg
+   *        The message to send
+   */
+  error:
+  function cspsd_error(aMsg) {
+    var textMessage = 'CSP ERROR:  ' + aMsg + "\n";
+
+    var consoleMsg = Components.classes["@mozilla.org/scripterror;1"]
+                               .createInstance(Ci.nsIScriptError);
+    if (this._innerWindowID) {
+      consoleMsg.initWithWindowID(textMessage, null, null, 0, 0,
+                                  Ci.nsIScriptError.errorFlag,
+                                  "Content Security Policy",
+                                  this._innerWindowID);
+    }
+    else {
+      consoleMsg.init(textMessage, null, null, 0, 0,
+                      Ci.nsIScriptError.errorFlag, "Content Security Policy");
+    }
+    Components.classes["@mozilla.org/consoleservice;1"]
+              .getService(Ci.nsIConsoleService).logMessage(consoleMsg);
+  },
 };
 
 //////////////////////////////////////////////////////////////////////
@@ -633,6 +677,9 @@ function CSPSourceList() {
  *
  * @param aStr
  *        string rep of a CSP Source List
+ * @param aCSPRep
+ *        the CSPRep to which this souce list belongs. If null, CSP errors and
+ *        warnings will not be sent to the web console.
  * @param self (optional)
  *        URI or CSPSource representing the "self" source
  * @param enforceSelfChecks (optional)
@@ -641,39 +688,42 @@ function CSPSourceList() {
  * @returns
  *        an instance of CSPSourceList
  */
-CSPSourceList.fromString = function(aStr, self, enforceSelfChecks) {
+CSPSourceList.fromString = function(aStr, aCSPRep, self, enforceSelfChecks) {
   // source-list = *WSP [ source-expression *( 1*WSP source-expression ) *WSP ]
   //             / *WSP "'none'" *WSP
 
   /* If self parameter is passed, convert to CSPSource,
      unless it is already a CSPSource. */
-  if(self && !(self instanceof CSPSource)) {
-     self = CSPSource.create(self);
+  if (self && !(self instanceof CSPSource)) {
+     self = CSPSource.create(self, aCSPRep);
   }
 
   var slObj = new CSPSourceList();
+  slObj._CSPRep = aCSPRep;
   aStr = aStr.trim();
   // w3 specifies case insensitive equality
-  if (aStr.toUpperCase() === "'NONE'"){
+  if (aStr.toUpperCase() === "'NONE'") {
     slObj._permitAllSources = false;
     return slObj;
   }
 
   var tokens = aStr.split(/\s+/);
   for (var i in tokens) {
-    if (!R_SOURCEEXP.test(tokens[i])){
-      CSPWarning(CSPLocalizer.getFormatStr("failedToParseUnrecognizedSource",
-                                           [tokens[i]]));
+    if (!R_SOURCEEXP.test(tokens[i])) {
+      cspWarn(aCSPRep,
+              CSPLocalizer.getFormatStr("failedToParseUnrecognizedSource",
+                                        [tokens[i]]));
       continue;
     }
-    var src = CSPSource.create(tokens[i], self, enforceSelfChecks);
+    var src = CSPSource.create(tokens[i], aCSPRep, self, enforceSelfChecks);
     if (!src) {
-      CSPWarning(CSPLocalizer.getFormatStr("failedToParseUnrecognizedSource",
-                                           [tokens[i]]));
+      cspWarn(aCSPRep,
+              CSPLocalizer.getFormatStr("failedToParseUnrecognizedSource",
+                                        [tokens[i]]));
       continue;
     }
     // if a source is a *, then we can permit all sources
-    if (src.permitAll){
+    if (src.permitAll) {
       slObj._permitAllSources = true;
       return slObj;
     } else {
@@ -758,6 +808,7 @@ CSPSourceList.prototype = {
   function() {
     var aSL = new CSPSourceList();
     aSL._permitAllSources = this._permitAllSources;
+    aSL._CSPRep = this._CSPRep;
     for (var i in this._sources) {
       aSL._sources[i] = this._sources[i].clone();
     }
@@ -800,7 +851,7 @@ CSPSourceList.prototype = {
     if (!that) return this.clone();
 
     if (this.isNone() || that.isNone())
-      newCSPSrcList = CSPSourceList.fromString("'none'");
+      newCSPSrcList = CSPSourceList.fromString("'none'", this._CSPRep);
 
     if (this.isAll()) newCSPSrcList = that.clone();
     if (that.isAll()) newCSPSrcList = this.clone();
@@ -837,6 +888,9 @@ CSPSourceList.prototype = {
     // if either was explicit, so is this.
     newCSPSrcList._isImplicit = this._isImplicit && that._isImplicit;
 
+    if ((!newCSPSrcList._CSPRep) && that._CSPRep) {
+      newCSPSrcList._CSPRep = that._CSPRep;
+    }
     return newCSPSrcList;
   }
 }
@@ -865,6 +919,9 @@ function CSPSource() {
  *  - CSPSource (clone)
  * @param aData
  *        string, nsURI, or CSPSource
+ * @param aCSPRep
+ *        The CSPRep this source belongs to. If null, CSP errors and warnings
+ *        will not be sent to the web console.
  * @param self (optional)
  *	  if present, string, URI, or CSPSource representing the "self" resource
  * @param enforceSelfChecks (optional)
@@ -873,12 +930,12 @@ function CSPSource() {
  * @returns
  *        an instance of CSPSource
  */
-CSPSource.create = function(aData, self, enforceSelfChecks) {
+CSPSource.create = function(aData, aCSPRep, self, enforceSelfChecks) {
   if (typeof aData === 'string')
-    return CSPSource.fromString(aData, self, enforceSelfChecks);
+    return CSPSource.fromString(aData, aCSPRep, self, enforceSelfChecks);
 
-  if (aData instanceof Components.interfaces.nsIURI)
-    return CSPSource.fromURI(aData, self, enforceSelfChecks);
+  if (aData instanceof Ci.nsIURI)
+    return CSPSource.fromURI(aData, aCSPRep, self, enforceSelfChecks);
 
   if (aData instanceof CSPSource) {
     var ns = aData.clone();
@@ -896,6 +953,9 @@ CSPSource.create = function(aData, self, enforceSelfChecks) {
  *
  * @param aURI
  *        nsIURI rep of a URI
+ * @param aCSPRep
+ *        The policy this source belongs to. If null, CSP errors and warnings
+ *        will not be sent to the web console.
  * @param self (optional)
  *        string or CSPSource representing the "self" source
  * @param enforceSelfChecks (optional)
@@ -904,23 +964,24 @@ CSPSource.create = function(aData, self, enforceSelfChecks) {
  * @returns
  *        an instance of CSPSource
  */
-CSPSource.fromURI = function(aURI, self, enforceSelfChecks) {
-  if (!(aURI instanceof Components.interfaces.nsIURI)){
-    CSPError(CSPLocalizer.getStr("cspSourceNotURI"));
+CSPSource.fromURI = function(aURI, aCSPRep, self, enforceSelfChecks) {
+  if (!(aURI instanceof Ci.nsIURI)) {
+    cspError(aCSPRep, CSPLocalizer.getStr("cspSourceNotURI"));
     return null;
   }
 
   if (!self && enforceSelfChecks) {
-    CSPError(CSPLocalizer.getStr("selfDataNotProvided"));
+    cspError(aCSPRep, CSPLocalizer.getStr("selfDataNotProvided"));
     return null;
   }
 
   if (self && !(self instanceof CSPSource)) {
-    self = CSPSource.create(self, undefined, false);
+    self = CSPSource.create(self, aCSPRep, undefined, false);
   }
 
   var sObj = new CSPSource();
   sObj._self = self;
+  sObj._CSPRep = aCSPRep;
 
   // PARSE
   // If 'self' is undefined, then use default port for scheme if there is one.
@@ -930,7 +991,8 @@ CSPSource.fromURI = function(aURI, self, enforceSelfChecks) {
     sObj._scheme = aURI.scheme;
   } catch(e) {
     sObj._scheme = undefined;
-    CSPError(CSPLocalizer.getFormatStr("uriWithoutScheme", [aURI.asciiSpec]));
+    cspError(aCSPRep, CSPLocalizer.getFormatStr("uriWithoutScheme",
+                                                [aURI.asciiSpec]));
     return null;
   }
 
@@ -973,6 +1035,8 @@ CSPSource.fromURI = function(aURI, self, enforceSelfChecks) {
  *
  * @param aStr
  *        string rep of a CSP Source
+ * @param aCSPRep
+ *        the CSPRep this CSPSource belongs to
  * @param self (optional)
  *        string, URI, or CSPSource representing the "self" source
  * @param enforceSelfChecks (optional)
@@ -981,35 +1045,37 @@ CSPSource.fromURI = function(aURI, self, enforceSelfChecks) {
  * @returns
  *        an instance of CSPSource
  */
-CSPSource.fromString = function(aStr, self, enforceSelfChecks) {
+CSPSource.fromString = function(aStr, aCSPRep, self, enforceSelfChecks) {
   if (!aStr)
     return null;
 
   if (!(typeof aStr === 'string')) {
-    CSPError(CSPLocalizer.getStr("argumentIsNotString"));
+    cspError(aCSPRep, CSPLocalizer.getStr("argumentIsNotString"));
     return null;
   }
 
   var sObj = new CSPSource();
   sObj._self = self;
+  sObj._CSPRep = aCSPRep;
+
 
   // if equal, return does match
-  if (aStr === "*"){
+  if (aStr === "*") {
     sObj._permitAll = true;
     return sObj;
   }
 
   if (!self && enforceSelfChecks) {
-    CSPError(CSPLocalizer.getStr("selfDataNotProvided"));
+    cspError(aCSPRep, CSPLocalizer.getStr("selfDataNotProvided"));
     return null;
   }
 
   if (self && !(self instanceof CSPSource)) {
-    self = CSPSource.create(self, undefined, false);
+    self = CSPSource.create(self, aCSPRep, undefined, false);
   }
 
   // check for scheme-source match
-  if (R_SCHEMESRC.test(aStr)){
+  if (R_SCHEMESRC.test(aStr)) {
     var schemeSrcMatch = R_GETSCHEME.exec(aStr);
     sObj._scheme = schemeSrcMatch[0];
     if (!sObj._host) sObj._host = CSPHost.fromString("*");
@@ -1031,8 +1097,9 @@ CSPSource.fromString = function(aStr, self, enforceSelfChecks) {
 
     // get array of matches to the R_HOST regular expression
     var hostMatch = R_HOST.exec(aStr);
-    if (!hostMatch){
-      CSPError(CSPLocalizer.getFormatStr("couldntParseInvalidSource", [aStr]));
+    if (!hostMatch) {
+      cspError(aCSPRep, CSPLocalizer.getFormatStr("couldntParseInvalidSource",
+                                                  [aStr]));
       return null;
     }
     // host regex gets scheme, so remove scheme from aStr. Add 3 for '://'
@@ -1044,7 +1111,9 @@ CSPSource.fromString = function(aStr, self, enforceSelfChecks) {
       // gets the default port for the given scheme
       defPort = Services.io.getProtocolHandler(sObj._scheme).defaultPort;
       if (!defPort) {
-        CSPError(CSPLocalizer.getFormatStr("couldntParseInvalidSource", [aStr]));
+        cspError(aCSPRep,
+                 CSPLocalizer.getFormatStr("couldntParseInvalidSource",
+                                           [aStr]));
         return null;
       }
       sObj._port = defPort;
@@ -1057,16 +1126,17 @@ CSPSource.fromString = function(aStr, self, enforceSelfChecks) {
   }
 
   // check for 'self' (case insensitive)
-  if (aStr.toUpperCase() === "'SELF'"){
-    if (!self){
-      CSPError(CSPLocalizer.getStr("selfKeywordNoSelfData"));
+  if (aStr.toUpperCase() === "'SELF'") {
+    if (!self) {
+      cspError(aCSPRep, CSPLocalizer.getStr("selfKeywordNoSelfData"));
       return null;
     }
     sObj._self = self.clone();
     sObj._isSelf = true;
     return sObj;
   }
-  CSPError(CSPLocalizer.getFormatStr("couldntParseInvalidSource",[aStr]));
+  cspError(aCSPRep, CSPLocalizer.getFormatStr("couldntParseInvalidSource",
+                                              [aStr]));
   return null;
 };
 
@@ -1156,6 +1226,7 @@ CSPSource.prototype = {
     aClone._port = this._port;
     aClone._host = this._host ? this._host.clone() : undefined;
     aClone._isSelf = this._isSelf;
+    aClone._CSPRep = this._CSPRep;
     return aClone;
   },
 
@@ -1171,7 +1242,7 @@ CSPSource.prototype = {
     if (!aSource) return false;
 
     if (!(aSource instanceof CSPSource))
-      return this.permits(CSPSource.create(aSource));
+      return this.permits(CSPSource.create(aSource, this._CSPRep));
 
     // verify scheme
     if (this.scheme != aSource.scheme)
@@ -1225,7 +1296,9 @@ CSPSource.prototype = {
     else if (that.port === this.port)
       newSource._port = this.port;
     else {
-      CSPError(CSPLocalizer.getFormatStr("notIntersectPort", [this.toString(), that.toString()]));
+      let msg = CSPLocalizer.getFormatStr("notIntersectPort",
+                                          [this.toString(), that.toString()]);
+      cspError(this._CSPRep, msg);
       return null;
     }
 
@@ -1241,7 +1314,9 @@ CSPSource.prototype = {
     else if (that.scheme === this.scheme)
       newSource._scheme = this.scheme;
     else {
-      CSPError(CSPLocalizer.getFormatStr("notIntersectScheme", [this.toString(), that.toString()]));
+      var msg = CSPLocalizer.getFormatStr("notIntersectScheme",
+                                          [this.toString(), that.toString()]);
+      cspError(this._CSPRep, msg);
       return null;
     }
 
@@ -1257,13 +1332,19 @@ CSPSource.prototype = {
     if (this.host && that.host) {
       newSource._host = this.host.intersectWith(that.host);
     } else if (this.host) {
-      CSPError(CSPLocalizer.getFormatStr("intersectingSourceWithUndefinedHost", [that.toString()]));
+      let msg = CSPLocalizer.getFormatStr("intersectingSourceWithUndefinedHost",
+                                          [that.toString()]);
+      cspError(this._CSPRep, msg);
       newSource._host = this.host.clone();
     } else if (that.host) {
-      CSPError(CSPLocalizer.getFormatStr("intersectingSourceWithUndefinedHost", [this.toString()]));
+      let msg = CSPLocalizer.getFormatStr("intersectingSourceWithUndefinedHost",
+                                          [this.toString()]);
+      cspError(this._CSPRep, msg);
       newSource._host = that.host.clone();
     } else {
-      CSPError(CSPLocalizer.getFormatStr("intersectingSourcesWithUndefinedHosts", [this.toString(), that.toString()]));
+      let msg = CSPLocalizer.getFormatStr("intersectingSourcesWithUndefinedHosts",
+                                          [this.toString(), that.toString()]);
+      cspError(this._CSPRep, msg);
       newSource._host = CSPHost.fromString("*");
     }
 
@@ -1482,7 +1563,7 @@ CSPViolationReportListener.prototype = {
   _reportURI:   null,
 
   QueryInterface: function(iid) {
-    if(iid.equals(Ci.nsIStreamListener) ||
+    if (iid.equals(Ci.nsIStreamListener) ||
         iid.equals(Ci.nsIRequestObserver) ||
         iid.equals(Ci.nsISupports))
       return this;
@@ -1508,6 +1589,52 @@ CSPViolationReportListener.prototype = {
 
 //////////////////////////////////////////////////////////////////////
 
+function innerWindowFromRequest(docRequest) {
+  let win = null;
+  let loadContext = null;
+
+  try {
+    loadContext = docRequest.notificationCallbacks.getInterface(Ci.nsILoadContext);
+  } catch (ex) {
+    try {
+      loadContext = docRequest.loadGroup.notificationCallbacks.getInterface(Ci.nsILoadContext);
+    } catch (ex) {
+      return null;
+    }
+  }
+
+  if (loadContext) {
+    win = loadContext.associatedWindow;
+  }
+  if (win) {
+    try {
+       let winUtils = win.QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDOMWindowUtils);
+       return winUtils.currentInnerWindowID;
+    } catch (ex) {
+      return null;
+    }
+  }
+  return null;
+}
+
+function cspError(aCSPRep, aMessage) {
+  if (aCSPRep) {
+    aCSPRep.error(aMessage);
+  } else {
+    (new CSPRep()).error(aMessage);
+  }
+}
+
+function cspWarn(aCSPRep, aMessage) {
+  if (aCSPRep) {
+    aCSPRep.warn(aMessage);
+  } else {
+    (new CSPRep()).warn(aMessage);
+  }
+}
+
+//////////////////////////////////////////////////////////////////////
+
 CSPLocalizer = {
   /**
    * Retrieve a localized string.

content/base/src/FragmentOrElement.cpp

@@ -99,6 +99,7 @@
 #include "nsRuleProcessorData.h"
 #include "nsAsyncDOMEvent.h"
 #include "nsTextNode.h"
+#include "mozilla/dom/NodeListBinding.h"
 #include "dombindings.h"
 
 #ifdef MOZ_XUL
@@ -389,7 +390,13 @@ JSObject*
 nsChildContentList::WrapObject(JSContext *cx, JSObject *scope,
                                bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::NodeList::create(cx, scope, this, triedToWrap);
+  JSObject* obj = NodeListBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::NodeList::create(cx, scope, this);
 }
 
 NS_IMETHODIMP
@@ -598,6 +605,30 @@ FragmentOrElement::nsDOMSlots::Unlink(bool aIsXUL)
   }
 }
 
+size_t
+FragmentOrElement::nsDOMSlots::SizeOfIncludingThis(nsMallocSizeOfFun aMallocSizeOf) const
+{
+  size_t n = aMallocSizeOf(this);
+
+  if (mAttributeMap) {
+    n += mAttributeMap->SizeOfIncludingThis(aMallocSizeOf);
+  }
+
+  // Measurement of the following members may be added later if DMD finds it is
+  // worthwhile:
+  // - Superclass members (nsINode::nsSlots)
+  // - mStyle
+  // - mDataSet
+  // - mSMILOverrideStyle
+  // - mSMILOverrideStyleRule
+  // - mChildrenList
+  // - mClassList
+
+  // The following members are not measured:
+  // - mBindingParent / mControllers: because they're   non-owning
+  return n;
+}
+
 FragmentOrElement::FragmentOrElement(already_AddRefed<nsINodeInfo> aNodeInfo)
   : nsIContent(aNodeInfo)
 {
@@ -1938,6 +1969,14 @@ FragmentOrElement::FireNodeRemovedForChildren()
 size_t
 FragmentOrElement::SizeOfExcludingThis(nsMallocSizeOfFun aMallocSizeOf) const
 {
-  return nsIContent::SizeOfExcludingThis(aMallocSizeOf) +
-         mAttrsAndChildren.SizeOfExcludingThis(aMallocSizeOf);
+  size_t n = 0;
+  n += nsIContent::SizeOfExcludingThis(aMallocSizeOf);
+  n += mAttrsAndChildren.SizeOfExcludingThis(aMallocSizeOf);
+
+  nsDOMSlots* slots = GetExistingDOMSlots();
+  if (slots) {
+    n += slots->SizeOfIncludingThis(aMallocSizeOf);
+  }
+
+  return n;
 }

content/base/src/Makefile.in

@@ -35,6 +35,7 @@ EXPORTS		= \
 		nsFrameMessageManager.h \
 		nsAttrAndChildArray.h \
 		nsAttrValue.h \
+		nsAttrValueInlines.h \
 		nsCrossSiteListenerProxy.h \
 		nsDOMAttributeMap.h \
 		nsGenericElement.h \

content/base/src/contentSecurityPolicy.js

@@ -104,34 +104,6 @@ ContentSecurityPolicy.prototype = {
     return this._reportOnlyMode || this._policy.allowsEvalInScripts;
   },
 
-  get innerWindowID() {
-    let win = null;
-    let loadContext = null;
-
-    try {
-      loadContext = this._docRequest
-                        .notificationCallbacks.getInterface(Ci.nsILoadContext);
-    } catch (ex) {
-      try {
-        loadContext = this._docRequest.loadGroup
-                          .notificationCallbacks.getInterface(Ci.nsILoadContext);
-      } catch (ex) {
-      }
-    }
-
-    if (loadContext) {
-      win = loadContext.associatedWindow;
-    }
-    if (win) {
-      try {
-         let winUtils = win.QueryInterface(Ci.nsIInterfaceRequestor).getInterface(Ci.nsIDOMWindowUtils);
-         return winUtils.currentInnerWindowID;
-      } catch (ex) {
-      }
-    }
-    return null;
-  },
-
   /**
    * Log policy violation on the Error Console and send a report if a report-uri
    * is present in the policy
@@ -302,16 +274,15 @@ ContentSecurityPolicy.prototype = {
       CSPdebug("Constructed violation report:\n" + reportString);
 
       var violationMessage = null;
-      if(blockedUri["asciiSpec"]){
+      if (blockedUri["asciiSpec"]) {
          violationMessage = CSPLocalizer.getFormatStr("directiveViolatedWithURI", [violatedDirective, blockedUri.asciiSpec]);
       } else {
          violationMessage = CSPLocalizer.getFormatStr("directiveViolated", [violatedDirective]);
       }
-      CSPWarning(violationMessage,
-                 this.innerWindowID,
-                 (aSourceFile) ? aSourceFile : null,
-                 (aScriptSample) ? decodeURIComponent(aScriptSample) : null,
-                 (aLineNum) ? aLineNum : null);
+      this._policy.warn(violationMessage,
+                        (aSourceFile) ? aSourceFile : null,
+                        (aScriptSample) ? decodeURIComponent(aScriptSample) : null,
+                        (aLineNum) ? aLineNum : null);
 
       // For each URI in the report list, send out a report.
       // We make the assumption that all of the URIs are absolute URIs; this
@@ -323,7 +294,7 @@ ContentSecurityPolicy.prototype = {
 
         try {
           var chan = Services.io.newChannel(uris[i], null, null);
-          if(!chan) {
+          if (!chan) {
             CSPdebug("Error creating channel for " + uris[i]);
             continue;
           }
@@ -338,7 +309,7 @@ ContentSecurityPolicy.prototype = {
 
           // we need to set an nsIChannelEventSink on the channel object
           // so we can tell it to not follow redirects when posting the reports
-          chan.notificationCallbacks = new CSPReportRedirectSink();
+          chan.notificationCallbacks = new CSPReportRedirectSink(this._policy);
 
           chan.QueryInterface(Ci.nsIUploadChannel)
               .setUploadStream(content, "application/json", content.available());
@@ -369,8 +340,8 @@ ContentSecurityPolicy.prototype = {
         } catch(e) {
           // it's possible that the URI was invalid, just log a
           // warning and skip over that.
-          CSPWarning(CSPLocalizer.getFormatStr("triedToSendReport", [uris[i]]), this.innerWindowID);
-          CSPWarning(CSPLocalizer.getFormatStr("errorWas", [e.toString()]), this.innerWindowID);
+          this._policy.warn(CSPLocalizer.getFormatStr("triedToSendReport", [uris[i]]));
+          this._policy.warn(CSPLocalizer.getFormatStr("errorWas", [e.toString()]));
         }
       }
     }
@@ -552,7 +523,8 @@ ContentSecurityPolicy.prototype = {
 // The POST of the violation report (if it happens) should not follow
 // redirects, per the spec. hence, we implement an nsIChannelEventSink
 // with an object so we can tell XHR to abort if a redirect happens.
-function CSPReportRedirectSink() {
+function CSPReportRedirectSink(policy) {
+  this._policy = policy;
 }
 
 CSPReportRedirectSink.prototype = {
@@ -575,7 +547,7 @@ CSPReportRedirectSink.prototype = {
   // nsIChannelEventSink
   asyncOnChannelRedirect: function channel_redirect(oldChannel, newChannel,
                                                     flags, callback) {
-    CSPWarning(CSPLocalizer.getFormatStr("reportPostRedirect", [oldChannel.URI.asciiSpec]));
+    this._policy.warn(CSPLocalizer.getFormatStr("reportPostRedirect", [oldChannel.URI.asciiSpec]));
 
     // cancel the old channel so XHR failure callback happens
     oldChannel.cancel(Cr.NS_ERROR_ABORT);

content/base/src/nsAttrValue.cpp

@@ -9,6 +9,7 @@
  */
 
 #include "nsAttrValue.h"
+#include "nsAttrValueInlines.h"
 #include "nsIAtom.h"
 #include "nsUnicharUtils.h"
 #include "mozilla/css/StyleRule.h"
@@ -17,12 +18,101 @@
 #include "nsReadableUtils.h"
 #include "prprf.h"
 #include "mozilla/HashFunctions.h"
+#include "nsHTMLCSSStyleSheet.h"
+#include "nsCSSParser.h"
+#include "nsStyledElement.h"
 
 using namespace mozilla;
 
 #define MISC_STR_PTR(_cont) \
   reinterpret_cast<void*>((_cont)->mStringBits & NS_ATTRVALUE_POINTERVALUE_MASK)
 
+bool
+MiscContainer::GetString(nsDependentString& aString) const
+{
+  void* ptr = MISC_STR_PTR(this);
+
+  if (!ptr) {
+    return false;
+  }
+
+  if (static_cast<nsAttrValue::ValueBaseType>(mStringBits &
+                                              NS_ATTRVALUE_BASETYPE_MASK) ==
+      nsAttrValue::eStringBase) {
+    nsStringBuffer* buffer = static_cast<nsStringBuffer*>(ptr);
+    if (!buffer) {
+      return false;
+    }
+
+    aString.Rebind(reinterpret_cast<PRUnichar*>(buffer->Data()),
+                   buffer->StorageSize() / sizeof(PRUnichar) - 1);
+    return true;
+  }
+
+  nsIAtom* atom = static_cast<nsIAtom*>(ptr);
+  if (!atom) {
+    return false;
+  }
+
+  aString.Rebind(atom->GetUTF16String(), atom->GetLength());
+  return true;
+}
+
+void
+MiscContainer::Cache()
+{
+  // Not implemented for anything else yet.
+  MOZ_ASSERT(mType == nsAttrValue::eCSSStyleRule);
+  MOZ_ASSERT(IsRefCounted());
+  MOZ_ASSERT(mValue.mRefCount > 0);
+  MOZ_ASSERT(!mValue.mCached);
+
+  css::StyleRule* rule = mValue.mCSSStyleRule;
+  nsHTMLCSSStyleSheet* sheet = rule->GetHTMLCSSStyleSheet();
+  if (!sheet) {
+    return;
+  }
+
+  nsDependentString str;
+  bool gotString = GetString(str);
+  if (!gotString) {
+    return;
+  }
+
+  sheet->CacheStyleAttr(str, this);
+  mValue.mCached = 1;
+
+  // This has to be immutable once it goes into the cache.
+  css::Declaration* decl = rule->GetDeclaration();
+  if (decl) {
+    decl->SetImmutable();
+  }
+}
+
+void
+MiscContainer::Evict()
+{
+  // Not implemented for anything else yet.
+  MOZ_ASSERT(mType == nsAttrValue::eCSSStyleRule);
+  MOZ_ASSERT(IsRefCounted());
+  MOZ_ASSERT(mValue.mRefCount == 0);
+
+  if (!mValue.mCached) {
+    return;
+  }
+
+  css::StyleRule* rule = mValue.mCSSStyleRule;
+  nsHTMLCSSStyleSheet* sheet = rule->GetHTMLCSSStyleSheet();
+  MOZ_ASSERT(sheet);
+
+  nsDependentString str;
+  DebugOnly<bool> gotString = GetString(str);
+  MOZ_ASSERT(gotString);
+
+  sheet->EvictStyleAttr(str, this);
+  mValue.mCached = 0;
+}
+
 nsTArray<const nsAttrValue::EnumTable*>* nsAttrValue::sEnumTableArray = nullptr;
 
 nsAttrValue::nsAttrValue()
@@ -119,8 +209,13 @@ nsAttrValue::Reset()
     }
     case eOtherBase:
     {
-      EnsureEmptyMiscContainer();
-      delete GetMiscContainer();
+      MiscContainer* cont = GetMiscContainer();
+      if (cont->IsRefCounted() && cont->mValue.mRefCount > 1) {
+        NS_RELEASE(cont);
+        break;
+      }
+
+      delete ClearMiscContainer();
 
       break;
     }
@@ -179,51 +274,54 @@ nsAttrValue::SetTo(const nsAttrValue& aOther)
   }
 
   MiscContainer* otherCont = aOther.GetMiscContainer();
-  if (!EnsureEmptyMiscContainer()) {
+  if (otherCont->IsRefCounted()) {
+    delete ClearMiscContainer();
+    NS_ADDREF(otherCont);
+    SetPtrValueAndType(otherCont, eOtherBase);
     return;
   }
 
-  MiscContainer* cont = GetMiscContainer();
+  MiscContainer* cont = EnsureEmptyMiscContainer();
   switch (otherCont->mType) {
     case eInteger:
     {
-      cont->mInteger = otherCont->mInteger;
+      cont->mValue.mInteger = otherCont->mValue.mInteger;
       break;
     }
     case eEnum:
     {
-      cont->mEnumValue = otherCont->mEnumValue;
+      cont->mValue.mEnumValue = otherCont->mValue.mEnumValue;
       break;
     }
     case ePercent:
     {
-      cont->mPercent = otherCont->mPercent;
+      cont->mValue.mPercent = otherCont->mValue.mPercent;
       break;
     }
     case eColor:
     {
-      cont->mColor = otherCont->mColor;
+      cont->mValue.mColor = otherCont->mValue.mColor;
       break;
     }
     case eCSSStyleRule:
     {
-      NS_ADDREF(cont->mCSSStyleRule = otherCont->mCSSStyleRule);
+      MOZ_NOT_REACHED("These should be refcounted!");
       break;
     }
     case eURL:
     {
-      NS_ADDREF(cont->mURL = otherCont->mURL);
+      NS_ADDREF(cont->mValue.mURL = otherCont->mValue.mURL);
       break;
     }
     case eImage:
     {
-      NS_ADDREF(cont->mImage = otherCont->mImage);
+      NS_ADDREF(cont->mValue.mImage = otherCont->mValue.mImage);
       break;
     }
     case eAtomArray:
     {
       if (!EnsureEmptyAtomArray() ||
-          !GetAtomArrayValue()->AppendElements(*otherCont->mAtomArray)) {
+          !GetAtomArrayValue()->AppendElements(*otherCont->mValue.mAtomArray)) {
         Reset();
         return;
       }
@@ -236,8 +334,9 @@ nsAttrValue::SetTo(const nsAttrValue& aOther)
     }
     case eIntMarginValue:
     {
-      if (otherCont->mIntMargin)
-        cont->mIntMargin = new nsIntMargin(*otherCont->mIntMargin);
+      if (otherCont->mValue.mIntMargin)
+        cont->mValue.mIntMargin =
+          new nsIntMargin(*otherCont->mValue.mIntMargin);
       break;
     }
     default:
@@ -245,7 +344,7 @@ nsAttrValue::SetTo(const nsAttrValue& aOther)
       if (IsSVGType(otherCont->mType)) {
         // All SVG types are just pointers to classes and will therefore have
         // the same size so it doesn't really matter which one we assign
-        cont->mSVGAngle = otherCont->mSVGAngle;
+        cont->mValue.mSVGAngle = otherCont->mValue.mSVGAngle;
       } else {
         NS_NOTREACHED("unknown type stored in MiscContainer");
       }
@@ -305,44 +404,39 @@ nsAttrValue::SetTo(int32_t aInt, const nsAString* aSerialized)
 void
 nsAttrValue::SetTo(double aValue, const nsAString* aSerialized)
 {
-  if (EnsureEmptyMiscContainer()) {
-    MiscContainer* cont = GetMiscContainer();
-    cont->mDoubleValue = aValue;
-    cont->mType = eDoubleValue;
-    SetMiscAtomOrString(aSerialized);
-  }
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  cont->mDoubleValue = aValue;
+  cont->mType = eDoubleValue;
+  SetMiscAtomOrString(aSerialized);
 }
 
 void
 nsAttrValue::SetTo(css::StyleRule* aValue, const nsAString* aSerialized)
 {
-  if (EnsureEmptyMiscContainer()) {
-    MiscContainer* cont = GetMiscContainer();
-    NS_ADDREF(cont->mCSSStyleRule = aValue);
-    cont->mType = eCSSStyleRule;
-    SetMiscAtomOrString(aSerialized);
-  }
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  MOZ_ASSERT(cont->mValue.mRefCount == 0);
+  NS_ADDREF(cont->mValue.mCSSStyleRule = aValue);
+  cont->mType = eCSSStyleRule;
+  NS_ADDREF(cont);
+  SetMiscAtomOrString(aSerialized);
+  MOZ_ASSERT(cont->mValue.mRefCount == 1);
 }
 
 void
 nsAttrValue::SetTo(css::URLValue* aValue, const nsAString* aSerialized)
 {
-  if (EnsureEmptyMiscContainer()) {
-    MiscContainer* cont = GetMiscContainer();
-    NS_ADDREF(cont->mURL = aValue);
-    cont->mType = eURL;
-    SetMiscAtomOrString(aSerialized);
-  }
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  NS_ADDREF(cont->mValue.mURL = aValue);
+  cont->mType = eURL;
+  SetMiscAtomOrString(aSerialized);
 }
 
 void
 nsAttrValue::SetTo(const nsIntMargin& aValue)
 {
-  if (EnsureEmptyMiscContainer()) {
-    MiscContainer* cont = GetMiscContainer();
-    cont->mIntMargin = new nsIntMargin(aValue);
-    cont->mType = eIntMarginValue;
-  }
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  cont->mValue.mIntMargin = new nsIntMargin(aValue);
+  cont->mType = eIntMarginValue;
 }
 
 void
@@ -481,20 +575,11 @@ nsAttrValue::ToString(nsAString& aResult) const
   MiscContainer* cont = nullptr;
   if (BaseType() == eOtherBase) {
     cont = GetMiscContainer();
-    void* ptr = MISC_STR_PTR(cont);
-    if (ptr) {
-      if (static_cast<ValueBaseType>(cont->mStringBits & NS_ATTRVALUE_BASETYPE_MASK) ==
-          eStringBase) {
-        nsStringBuffer* str = static_cast<nsStringBuffer*>(ptr);
-        if (str) {
-          str->ToString(str->StorageSize()/sizeof(PRUnichar) - 1, aResult);
-          return;
-        }
-      } else {
-        nsIAtom *atom = static_cast<nsIAtom*>(ptr);
-        atom->ToString(aResult);
-        return;
-      }
+
+    nsDependentString str;
+    if (cont->GetString(str)) {
+      aResult = str;
+      return;
     }
   }
 
@@ -541,7 +626,7 @@ nsAttrValue::ToString(nsAString& aResult) const
     case ePercent:
     {
       nsAutoString intStr;
-      intStr.AppendInt(cont ? cont->mPercent : GetIntInternal());
+      intStr.AppendInt(cont ? cont->mValue.mPercent : GetIntInternal());
       aResult = intStr + NS_LITERAL_STRING("%");
 
       break;
@@ -550,7 +635,8 @@ nsAttrValue::ToString(nsAString& aResult) const
     {
       aResult.Truncate();
       MiscContainer *container = GetMiscContainer();
-      css::Declaration *decl = container->mCSSStyleRule->GetDeclaration();
+      css::Declaration *decl =
+        container->mValue.mCSSStyleRule->GetDeclaration();
       if (decl) {
         decl->ToString(aResult);
       }
@@ -566,69 +652,74 @@ nsAttrValue::ToString(nsAString& aResult) const
     }
     case eSVGAngle:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGAngle, aResult);
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGAngle,
+                                    aResult);
       break;
     }
     case eSVGIntegerPair:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGIntegerPair,
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGIntegerPair,
                                     aResult);
       break;
     }
     case eSVGLength:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGLength, aResult);
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGLength,
+                                    aResult);
       break;
     }
     case eSVGLengthList:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGLengthList,
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGLengthList,
                                     aResult);
       break;
     }
     case eSVGNumberList:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGNumberList,
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGNumberList,
                                     aResult);
       break;
     }
     case eSVGNumberPair:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGNumberPair,
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGNumberPair,
                                     aResult);
       break;
     }
     case eSVGPathData:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGPathData, aResult);
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGPathData,
+                                    aResult);
       break;
     }
     case eSVGPointList:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGPointList, aResult);
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGPointList,
+                                    aResult);
       break;
     }
     case eSVGPreserveAspectRatio:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGPreserveAspectRatio,
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGPreserveAspectRatio,
                                     aResult);
       break;
     }
     case eSVGStringList:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGStringList,
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGStringList,
                                     aResult);
       break;
     }
     case eSVGTransformList:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGTransformList,
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGTransformList,
                                     aResult);
       break;
     }
     case eSVGViewBox:
     {
-      SVGAttrValueWrapper::ToString(GetMiscContainer()->mSVGViewBox, aResult);
+      SVGAttrValueWrapper::ToString(GetMiscContainer()->mValue.mSVGViewBox,
+                                    aResult);
       break;
     }
     default:
@@ -679,7 +770,7 @@ nsAttrValue::GetColorValue(nscolor& aColor) const
     return false;
   }
 
-  aColor = GetMiscContainer()->mColor;
+  aColor = GetMiscContainer()->mValue.mColor;
   return true;
 }
 
@@ -690,7 +781,7 @@ nsAttrValue::GetEnumString(nsAString& aResult, bool aRealTag) const
 
   uint32_t allEnumBits =
     (BaseType() == eIntegerBase) ? static_cast<uint32_t>(GetIntInternal())
-                                   : GetMiscContainer()->mEnumValue;
+                                   : GetMiscContainer()->mValue.mEnumValue;
   int16_t val = allEnumBits >> NS_ATTRVALUE_ENUMTABLEINDEX_BITS;
   const EnumTable* table = sEnumTableArray->
     ElementAt(allEnumBits & NS_ATTRVALUE_ENUMTABLEINDEX_MASK);
@@ -777,23 +868,23 @@ nsAttrValue::HashValue() const
   switch (cont->mType) {
     case eInteger:
     {
-      return cont->mInteger;
+      return cont->mValue.mInteger;
     }
     case eEnum:
     {
-      return cont->mEnumValue;
+      return cont->mValue.mEnumValue;
     }
     case ePercent:
     {
-      return cont->mPercent;
+      return cont->mValue.mPercent;
     }
     case eColor:
     {
-      return cont->mColor;
+      return cont->mValue.mColor;
     }
     case eCSSStyleRule:
     {
-      return NS_PTR_TO_INT32(cont->mCSSStyleRule);
+      return NS_PTR_TO_INT32(cont->mValue.mCSSStyleRule);
     }
     // Intentionally identical, so that loading the image does not change the
     // hash code.
@@ -807,8 +898,8 @@ nsAttrValue::HashValue() const
     case eAtomArray:
     {
       uint32_t hash = 0;
-      uint32_t count = cont->mAtomArray->Length();
-      for (nsCOMPtr<nsIAtom> *cur = cont->mAtomArray->Elements(),
+      uint32_t count = cont->mValue.mAtomArray->Length();
+      for (nsCOMPtr<nsIAtom> *cur = cont->mValue.mAtomArray->Elements(),
                              *end = cur + count;
            cur != end; ++cur) {
         hash = AddToHash(hash, cur->get());
@@ -822,13 +913,13 @@ nsAttrValue::HashValue() const
     }
     case eIntMarginValue:
     {
-      return NS_PTR_TO_INT32(cont->mIntMargin);
+      return NS_PTR_TO_INT32(cont->mValue.mIntMargin);
     }
     default:
     {
       if (IsSVGType(cont->mType)) {
         // All SVG types are just pointers to classes so we can treat them alike
-        return NS_PTR_TO_INT32(cont->mSVGAngle);
+        return NS_PTR_TO_INT32(cont->mValue.mSVGAngle);
       }
       NS_NOTREACHED("unknown type stored in MiscContainer");
       return 0;
@@ -861,6 +952,10 @@ nsAttrValue::Equals(const nsAttrValue& aOther) const
 
   MiscContainer* thisCont = GetMiscContainer();
   MiscContainer* otherCont = aOther.GetMiscContainer();
+  if (thisCont == otherCont) {
+    return true;
+  }
+
   if (thisCont->mType != otherCont->mType) {
     return false;
   }
@@ -870,50 +965,50 @@ nsAttrValue::Equals(const nsAttrValue& aOther) const
   switch (thisCont->mType) {
     case eInteger:
     {
-      if (thisCont->mInteger == otherCont->mInteger) {
+      if (thisCont->mValue.mInteger == otherCont->mValue.mInteger) {
         needsStringComparison = true;
       }
       break;
     }
     case eEnum:
     {
-      if (thisCont->mEnumValue == otherCont->mEnumValue) {
+      if (thisCont->mValue.mEnumValue == otherCont->mValue.mEnumValue) {
         needsStringComparison = true;
       }
       break;
     }
     case ePercent:
     {
-      if (thisCont->mPercent == otherCont->mPercent) {
+      if (thisCont->mValue.mPercent == otherCont->mValue.mPercent) {
         needsStringComparison = true;
       }
       break;
     }
     case eColor:
     {
-      if (thisCont->mColor == otherCont->mColor) {
+      if (thisCont->mValue.mColor == otherCont->mValue.mColor) {
         needsStringComparison = true;
       }
       break;
     }
     case eCSSStyleRule:
     {
-      return thisCont->mCSSStyleRule == otherCont->mCSSStyleRule;
+      return thisCont->mValue.mCSSStyleRule == otherCont->mValue.mCSSStyleRule;
     }
     case eURL:
     {
-      return thisCont->mURL == otherCont->mURL;
+      return thisCont->mValue.mURL == otherCont->mValue.mURL;
     }
     case eImage:
     {
-      return thisCont->mImage == otherCont->mImage;
+      return thisCont->mValue.mImage == otherCont->mValue.mImage;
     }
     case eAtomArray:
     {
       // For classlists we could be insensitive to order, however
       // classlists are never mapped attributes so they are never compared.
 
-      if (!(*thisCont->mAtomArray == *otherCont->mAtomArray)) {
+      if (!(*thisCont->mValue.mAtomArray == *otherCont->mValue.mAtomArray)) {
         return false;
       }
 
@@ -926,7 +1021,7 @@ nsAttrValue::Equals(const nsAttrValue& aOther) const
     }
     case eIntMarginValue:
     {
-      return thisCont->mIntMargin == otherCont->mIntMargin;
+      return thisCont->mValue.mIntMargin == otherCont->mValue.mIntMargin;
     }
     default:
     {
@@ -1243,33 +1338,31 @@ nsAttrValue::SetIntValueAndType(int32_t aValue, ValueType aType,
 {
   if (aStringValue || aValue > NS_ATTRVALUE_INTEGERTYPE_MAXVALUE ||
       aValue < NS_ATTRVALUE_INTEGERTYPE_MINVALUE) {
-    if (EnsureEmptyMiscContainer()) {
-      MiscContainer* cont = GetMiscContainer();
-      switch (aType) {
-        case eInteger:
-        {
-          cont->mInteger = aValue;
-          break;
-        }
-        case ePercent:
-        {
-          cont->mPercent = aValue;
-          break;
-        }
-        case eEnum:
-        {
-          cont->mEnumValue = aValue;
-          break;
-        }
-        default:
-        {
-          NS_NOTREACHED("unknown integer type");
-          break;
-        }
+    MiscContainer* cont = EnsureEmptyMiscContainer();
+    switch (aType) {
+      case eInteger:
+      {
+        cont->mValue.mInteger = aValue;
+        break;
+      }
+      case ePercent:
+      {
+        cont->mValue.mPercent = aValue;
+        break;
+      }
+      case eEnum:
+      {
+        cont->mValue.mEnumValue = aValue;
+        break;
+      }
+      default:
+      {
+        NS_NOTREACHED("unknown integer type");
+        break;
       }
-      cont->mType = aType;
-      SetMiscAtomOrString(aStringValue);
     }
+    cont->mType = aType;
+    SetMiscAtomOrString(aStringValue);
   } else {
     NS_ASSERTION(!mBits, "Reset before calling SetIntValueAndType!");
     mBits = (aValue * NS_ATTRVALUE_INTEGERTYPE_MULTIPLIER) | aType;
@@ -1438,13 +1531,8 @@ nsAttrValue::SetColorValue(nscolor aColor, const nsAString& aString)
     return;
   }
 
-  if (!EnsureEmptyMiscContainer()) {
-    buf->Release();
-    return;
-  }
-
-  MiscContainer* cont = GetMiscContainer();
-  cont->mColor = aColor;
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  cont->mValue.mColor = aColor;
   cont->mType = eColor;
 
   // Save the literal string we were passed for round-tripping.
@@ -1505,17 +1593,14 @@ bool nsAttrValue::ParseDoubleValue(const nsAString& aString)
   if (NS_FAILED(ec)) {
     return false;
   }
-  if (EnsureEmptyMiscContainer()) {
-    MiscContainer* cont = GetMiscContainer();
-    cont->mDoubleValue = val;
-    cont->mType = eDoubleValue;
-    nsAutoString serializedFloat;
-    serializedFloat.AppendFloat(val);
-    SetMiscAtomOrString(serializedFloat.Equals(aString) ? nullptr : &aString);
-    return true;
-  }
 
-  return false;
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  cont->mDoubleValue = val;
+  cont->mType = eDoubleValue;
+  nsAutoString serializedFloat;
+  serializedFloat.AppendFloat(val);
+  SetMiscAtomOrString(serializedFloat.Equals(aString) ? nullptr : &aString);
+  return true;
 }
 
 bool
@@ -1527,15 +1612,11 @@ nsAttrValue::ParseIntMarginValue(const nsAString& aString)
   if (!nsContentUtils::ParseIntMarginValue(aString, margins))
     return false;
 
-  if (EnsureEmptyMiscContainer()) {
-    MiscContainer* cont = GetMiscContainer();
-    cont->mIntMargin = new nsIntMargin(margins);
-    cont->mType = eIntMarginValue;
-    SetMiscAtomOrString(&aString);
-    return true;
-  }
-
-  return false;
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  cont->mValue.mIntMargin = new nsIntMargin(margins);
+  cont->mType = eIntMarginValue;
+  SetMiscAtomOrString(&aString);
+  return true;
 }
 
 void
@@ -1553,17 +1634,65 @@ nsAttrValue::LoadImage(nsIDocument* aDocument)
 #endif
 
   MiscContainer* cont = GetMiscContainer();
-  mozilla::css::URLValue* url = cont->mURL;
+  mozilla::css::URLValue* url = cont->mValue.mURL;
   mozilla::css::ImageValue* image = 
     new css::ImageValue(url->GetURI(), url->mString, url->mReferrer,
                         url->mOriginPrincipal, aDocument);
 
   NS_ADDREF(image);
-  cont->mImage = image;
+  cont->mValue.mImage = image;
   NS_RELEASE(url);
   cont->mType = eImage;
 }
 
+bool
+nsAttrValue::ParseStyleAttribute(const nsAString& aString,
+                                 nsStyledElementNotElementCSSInlineStyle* aElement)
+{
+  nsIDocument* ownerDoc = aElement->OwnerDoc();
+  nsHTMLCSSStyleSheet* sheet = ownerDoc->GetInlineStyleSheet();
+  nsCOMPtr<nsIURI> baseURI = aElement->GetBaseURI();
+  nsIURI* docURI = ownerDoc->GetDocumentURI();
+
+  NS_ASSERTION(aElement->NodePrincipal() == ownerDoc->NodePrincipal(),
+               "This is unexpected");
+
+  // If the (immutable) document URI does not match the element's base URI
+  // (the common case is that they do match) do not cache the rule.  This is
+  // because the results of the CSS parser are dependent on these URIs, and we
+  // do not want to have to account for the URIs in the hash lookup.
+  bool cachingAllowed = sheet && baseURI == docURI;
+  if (cachingAllowed) {
+    MiscContainer* cont = sheet->LookupStyleAttr(aString);
+    if (cont) {
+      // Set our MiscContainer to the cached one.
+      NS_ADDREF(cont);
+      SetPtrValueAndType(cont, eOtherBase);
+      return true;
+    }
+  }
+
+  css::Loader* cssLoader = ownerDoc->CSSLoader();
+  nsCSSParser cssParser(cssLoader);
+
+  nsRefPtr<css::StyleRule> rule;
+  cssParser.ParseStyleAttribute(aString, docURI, baseURI,
+                                aElement->NodePrincipal(),
+                                getter_AddRefs(rule));
+  if (rule) {
+    rule->SetHTMLCSSStyleSheet(sheet);
+    SetTo(rule, &aString);
+    if (cachingAllowed) {
+      MiscContainer* cont = GetMiscContainer();
+      cont->Cache();
+    }
+
+    return true;
+  }
+
+  return false;
+}
+
 void
 nsAttrValue::SetMiscAtomOrString(const nsAString* aValue)
 {
@@ -1615,71 +1744,90 @@ void
 nsAttrValue::SetSVGType(ValueType aType, const void* aValue,
                         const nsAString* aSerialized) {
   NS_ABORT_IF_FALSE(IsSVGType(aType), "Not an SVG type");
-  if (EnsureEmptyMiscContainer()) {
-    MiscContainer* cont = GetMiscContainer();
-    // All SVG types are just pointers to classes so just setting any of them
-    // will do. We'll lose type-safety but the signature of the calling
-    // function should ensure we don't get anything unexpected, and once we
-    // stick aValue in a union we lose type information anyway.
-    cont->mSVGAngle = static_cast<const nsSVGAngle*>(aValue);
-    cont->mType = aType;
-    SetMiscAtomOrString(aSerialized);
-  }
+
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  // All SVG types are just pointers to classes so just setting any of them
+  // will do. We'll lose type-safety but the signature of the calling
+  // function should ensure we don't get anything unexpected, and once we
+  // stick aValue in a union we lose type information anyway.
+  cont->mValue.mSVGAngle = static_cast<const nsSVGAngle*>(aValue);
+  cont->mType = aType;
+  SetMiscAtomOrString(aSerialized);
 }
 
-bool
-nsAttrValue::EnsureEmptyMiscContainer()
+MiscContainer*
+nsAttrValue::ClearMiscContainer()
 {
-  MiscContainer* cont;
+  MiscContainer* cont = nullptr;
   if (BaseType() == eOtherBase) {
-    ResetMiscAtomOrString();
     cont = GetMiscContainer();
-    switch (cont->mType) {
-      case eCSSStyleRule:
-      {
-        NS_RELEASE(cont->mCSSStyleRule);
-        break;
-      }
-      case eURL:
-      {
-        NS_RELEASE(cont->mURL);
-        break;
-      }
-      case eImage:
-      {
-        NS_RELEASE(cont->mImage);
-        break;
-      }
-      case eAtomArray:
-      {
-        delete cont->mAtomArray;
-        break;
-      }
-      case eIntMarginValue:
-      {
-        delete cont->mIntMargin;
-        break;
-      }
-      default:
-      {
-        break;
+    if (cont->IsRefCounted() && cont->mValue.mRefCount > 1) {
+      // This MiscContainer is shared, we need a new one.
+      NS_RELEASE(cont);
+
+      cont = new MiscContainer;
+      SetPtrValueAndType(cont, eOtherBase);
+    }
+    else {
+      switch (cont->mType) {
+        case eCSSStyleRule:
+        {
+          MOZ_ASSERT(cont->mValue.mRefCount == 1);
+          cont->Release();
+          cont->Evict();
+          NS_RELEASE(cont->mValue.mCSSStyleRule);
+          break;
+        }
+        case eURL:
+        {
+          NS_RELEASE(cont->mValue.mURL);
+          break;
+        }
+        case eImage:
+        {
+          NS_RELEASE(cont->mValue.mImage);
+          break;
+        }
+        case eAtomArray:
+        {
+          delete cont->mValue.mAtomArray;
+          break;
+        }
+        case eIntMarginValue:
+        {
+          delete cont->mValue.mIntMargin;
+          break;
+        }
+        default:
+        {
+          break;
+        }
       }
     }
+    ResetMiscAtomOrString();
   }
   else {
     ResetIfSet();
+  }
 
+  return cont;
+}
+
+MiscContainer*
+nsAttrValue::EnsureEmptyMiscContainer()
+{
+  MiscContainer* cont = ClearMiscContainer();
+  if (cont) {
+    MOZ_ASSERT(BaseType() == eOtherBase);
+    ResetMiscAtomOrString();
+    cont = GetMiscContainer();
+  }
+  else {
     cont = new MiscContainer;
-    NS_ENSURE_TRUE(cont, false);
-
     SetPtrValueAndType(cont, eOtherBase);
   }
 
-  cont->mType = eColor;
-  cont->mStringBits = 0;
-  cont->mColor = 0;
-
-  return true;
+  return cont;
 }
 
 bool
@@ -1691,19 +1839,14 @@ nsAttrValue::EnsureEmptyAtomArray()
     return true;
   }
 
-  if (!EnsureEmptyMiscContainer()) {
-    // should already be reset
-    return false;
-  }
-
   AtomArray* array = new AtomArray;
   if (!array) {
     Reset();
     return false;
   }
 
-  MiscContainer* cont = GetMiscContainer();
-  cont->mAtomArray = array;
+  MiscContainer* cont = EnsureEmptyMiscContainer();
+  cont->mValue.mAtomArray = array;
   cont->mType = eAtomArray;
 
   return true;
@@ -1834,13 +1977,13 @@ nsAttrValue::SizeOfExcludingThis(nsMallocSizeOfFun aMallocSizeOf) const
         n += str ? str->SizeOfIncludingThisIfUnshared(aMallocSizeOf) : 0;
       }
 
-      if (Type() == eCSSStyleRule && container->mCSSStyleRule) {
+      if (Type() == eCSSStyleRule && container->mValue.mCSSStyleRule) {
         // TODO: mCSSStyleRule might be owned by another object which would
         //       make us count them twice, bug 677493.
         //n += container->mCSSStyleRule->SizeOfIncludingThis(aMallocSizeOf);
-      } else if (Type() == eAtomArray && container->mAtomArray) {
+      } else if (Type() == eAtomArray && container->mValue.mAtomArray) {
         // Don't measure each nsIAtom, they are measured separatly.
-        n += container->mAtomArray->SizeOfIncludingThis(aMallocSizeOf);
+        n += container->mValue.mAtomArray->SizeOfIncludingThis(aMallocSizeOf);
       }
       break;
     }

content/base/src/nsAttrValue.h

@@ -26,6 +26,8 @@ class nsIAtom;
 class nsIDocument;
 template<class E, class A> class nsTArray;
 struct nsTArrayDefaultAllocator;
+class nsStyledElementNotElementCSSInlineStyle;
+struct MiscContainer;
 
 namespace mozilla {
 namespace css {
@@ -66,22 +68,10 @@ public:
 };
 
 class nsAttrValue {
+  friend struct MiscContainer;
 public:
   typedef nsTArray< nsCOMPtr<nsIAtom> > AtomArray;
 
-  nsAttrValue();
-  nsAttrValue(const nsAttrValue& aOther);
-  explicit nsAttrValue(const nsAString& aValue);
-  explicit nsAttrValue(nsIAtom* aValue);
-  nsAttrValue(mozilla::css::StyleRule* aValue, const nsAString* aSerialized);
-  explicit nsAttrValue(const nsIntMargin& aValue);
-  ~nsAttrValue();
-
-  inline const nsAttrValue& operator=(const nsAttrValue& aOther);
-
-  static nsresult Init();
-  static void Shutdown();
-
   // This has to be the same as in ValueBaseType
   enum ValueType {
     eString =       0x00, //   00
@@ -115,6 +105,19 @@ public:
     ,eSVGTypesEnd =    0x34
   };
 
+  nsAttrValue();
+  nsAttrValue(const nsAttrValue& aOther);
+  explicit nsAttrValue(const nsAString& aValue);
+  explicit nsAttrValue(nsIAtom* aValue);
+  nsAttrValue(mozilla::css::StyleRule* aValue, const nsAString* aSerialized);
+  explicit nsAttrValue(const nsIntMargin& aValue);
+  ~nsAttrValue();
+
+  inline const nsAttrValue& operator=(const nsAttrValue& aOther);
+
+  static nsresult Init();
+  static void Shutdown();
+
   ValueType Type() const;
 
   void Reset();
@@ -357,6 +360,15 @@ public:
    */
   void LoadImage(nsIDocument* aDocument);
 
+  /**
+   * Parse a string into a CSS style rule.
+   *
+   * @param aString the style attribute value to be parsed.
+   * @param aElement the element the attribute is set on.
+   */
+  bool ParseStyleAttribute(const nsAString& aString,
+                           nsStyledElementNotElementCSSInlineStyle* aElement);
+
   size_t SizeOfExcludingThis(nsMallocSizeOfFun aMallocSizeOf) const;
 
 private:
@@ -368,40 +380,6 @@ private:
     eIntegerBase =   0x03        // 11
   };
 
-  struct MiscContainer
-  {
-    ValueType mType;
-    // mStringBits points to either nsIAtom* or nsStringBuffer* and is used when
-    // mType isn't mCSSStyleRule.
-    // Note eStringBase and eAtomBase is used also to handle the type of
-    // mStringBits.
-    PtrBits mStringBits;
-    union {
-      int32_t mInteger;
-      nscolor mColor;
-      uint32_t mEnumValue;
-      int32_t mPercent;
-      mozilla::css::StyleRule* mCSSStyleRule;
-      mozilla::css::URLValue* mURL;
-      mozilla::css::ImageValue* mImage;
-      AtomArray* mAtomArray;
-      double mDoubleValue;
-      nsIntMargin* mIntMargin;
-      const nsSVGAngle* mSVGAngle;
-      const nsSVGIntegerPair* mSVGIntegerPair;
-      const nsSVGLength2* mSVGLength;
-      const mozilla::SVGLengthList* mSVGLengthList;
-      const mozilla::SVGNumberList* mSVGNumberList;
-      const nsSVGNumberPair* mSVGNumberPair;
-      const mozilla::SVGPathData* mSVGPathData;
-      const mozilla::SVGPointList* mSVGPointList;
-      const mozilla::SVGAnimatedPreserveAspectRatio* mSVGPreserveAspectRatio;
-      const mozilla::SVGStringList* mSVGStringList;
-      const mozilla::SVGTransformList* mSVGTransformList;
-      const nsSVGViewBox* mSVGViewBox;
-    };
-  };
-
   inline ValueBaseType BaseType() const;
   inline bool IsSVGType(ValueType aType) const;
 
@@ -428,7 +406,12 @@ private:
   inline MiscContainer* GetMiscContainer() const;
   inline int32_t GetIntInternal() const;
 
-  bool EnsureEmptyMiscContainer();
+  // Clears the current MiscContainer.  This will return null if there is no
+  // existing container.
+  MiscContainer* ClearMiscContainer();
+  // Like ClearMiscContainer, except allocates a new container if one does not
+  // exist already.
+  MiscContainer* EnsureEmptyMiscContainer();
   bool EnsureEmptyAtomArray();
   nsStringBuffer* GetStringBuffer(const nsAString& aValue) const;
   // aStrict is set true if stringifying the return value equals with
@@ -448,10 +431,6 @@ private:
   PtrBits mBits;
 };
 
-/**
- * Implementation of inline methods
- */
-
 inline const nsAttrValue&
 nsAttrValue::operator=(const nsAttrValue& aOther)
 {
@@ -466,112 +445,12 @@ nsAttrValue::GetAtomValue() const
   return reinterpret_cast<nsIAtom*>(GetPtr());
 }
 
-inline int32_t
-nsAttrValue::GetIntegerValue() const
-{
-  NS_PRECONDITION(Type() == eInteger, "wrong type");
-  return (BaseType() == eIntegerBase)
-         ? GetIntInternal()
-         : GetMiscContainer()->mInteger;
-}
-
-inline int16_t
-nsAttrValue::GetEnumValue() const
-{
-  NS_PRECONDITION(Type() == eEnum, "wrong type");
-  // We don't need to worry about sign extension here since we're
-  // returning an int16_t which will cut away the top bits.
-  return static_cast<int16_t>((
-    (BaseType() == eIntegerBase)
-    ? static_cast<uint32_t>(GetIntInternal())
-    : GetMiscContainer()->mEnumValue)
-      >> NS_ATTRVALUE_ENUMTABLEINDEX_BITS);
-}
-
-inline float
-nsAttrValue::GetPercentValue() const
-{
-  NS_PRECONDITION(Type() == ePercent, "wrong type");
-  return ((BaseType() == eIntegerBase)
-          ? GetIntInternal()
-          : GetMiscContainer()->mPercent)
-            / 100.0f;
-}
-
-inline nsAttrValue::AtomArray*
-nsAttrValue::GetAtomArrayValue() const
-{
-  NS_PRECONDITION(Type() == eAtomArray, "wrong type");
-  return GetMiscContainer()->mAtomArray;
-}
-
-inline mozilla::css::StyleRule*
-nsAttrValue::GetCSSStyleRuleValue() const
-{
-  NS_PRECONDITION(Type() == eCSSStyleRule, "wrong type");
-  return GetMiscContainer()->mCSSStyleRule;
-}
-
-inline mozilla::css::URLValue*
-nsAttrValue::GetURLValue() const
-{
-  NS_PRECONDITION(Type() == eURL, "wrong type");
-  return GetMiscContainer()->mURL;
-}
-
-inline mozilla::css::ImageValue*
-nsAttrValue::GetImageValue() const
-{
-  NS_PRECONDITION(Type() == eImage, "wrong type");
-  return GetMiscContainer()->mImage;
-}
-
-inline double
-nsAttrValue::GetDoubleValue() const
-{
-  NS_PRECONDITION(Type() == eDoubleValue, "wrong type");
-  return GetMiscContainer()->mDoubleValue;
-}
-
-inline bool
-nsAttrValue::GetIntMarginValue(nsIntMargin& aMargin) const
-{
-  NS_PRECONDITION(Type() == eIntMarginValue, "wrong type");
-  nsIntMargin* m = GetMiscContainer()->mIntMargin;
-  if (!m)
-    return false;
-  aMargin = *m;
-  return true;
-}
-
 inline nsAttrValue::ValueBaseType
 nsAttrValue::BaseType() const
 {
   return static_cast<ValueBaseType>(mBits & NS_ATTRVALUE_BASETYPE_MASK);
 }
 
-inline bool
-nsAttrValue::IsSVGType(ValueType aType) const
-{
-  return aType >= eSVGTypesBegin && aType <= eSVGTypesEnd;
-}
-
-inline void
-nsAttrValue::SetPtrValueAndType(void* aValue, ValueBaseType aType)
-{
-  NS_ASSERTION(!(NS_PTR_TO_INT32(aValue) & ~NS_ATTRVALUE_POINTERVALUE_MASK),
-               "pointer not properly aligned, this will crash");
-  mBits = reinterpret_cast<PtrBits>(aValue) | aType;
-}
-
-inline void
-nsAttrValue::ResetIfSet()
-{
-  if (mBits) {
-    Reset();
-  }
-}
-
 inline void*
 nsAttrValue::GetPtr() const
 {
@@ -580,25 +459,6 @@ nsAttrValue::GetPtr() const
   return reinterpret_cast<void*>(mBits & NS_ATTRVALUE_POINTERVALUE_MASK);
 }
 
-inline nsAttrValue::MiscContainer*
-nsAttrValue::GetMiscContainer() const
-{
-  NS_ASSERTION(BaseType() == eOtherBase, "wrong type");
-  return static_cast<MiscContainer*>(GetPtr());
-}
-
-inline int32_t
-nsAttrValue::GetIntInternal() const
-{
-  NS_ASSERTION(BaseType() == eIntegerBase,
-               "getting integer from non-integer");
-  // Make sure we get a signed value.
-  // Lets hope the optimizer optimizes this into a shift. Unfortunatly signed
-  // bitshift right is implementaion dependant.
-  return static_cast<int32_t>(mBits & ~NS_ATTRVALUE_INTEGERTYPE_MASK) /
-         NS_ATTRVALUE_INTEGERTYPE_MULTIPLIER;
-}
-
 inline bool
 nsAttrValue::IsEmptyString() const
 {

content/base/src/nsAttrValueInlines.h

@@ -0,0 +1,216 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsAttrValueInlines_h__
+#define nsAttrValueInlines_h__
+
+struct MiscContainer
+{
+  typedef nsAttrValue::ValueType ValueType;
+
+  ValueType mType;
+  // mStringBits points to either nsIAtom* or nsStringBuffer* and is used when
+  // mType isn't mCSSStyleRule.
+  // Note eStringBase and eAtomBase is used also to handle the type of
+  // mStringBits.
+  PtrBits mStringBits;
+  union {
+    struct {
+      union {
+        int32_t mInteger;
+        nscolor mColor;
+        uint32_t mEnumValue;
+        int32_t mPercent;
+        mozilla::css::StyleRule* mCSSStyleRule;
+        mozilla::css::URLValue* mURL;
+        mozilla::css::ImageValue* mImage;
+        nsAttrValue::AtomArray* mAtomArray;
+        nsIntMargin* mIntMargin;
+        const nsSVGAngle* mSVGAngle;
+        const nsSVGIntegerPair* mSVGIntegerPair;
+        const nsSVGLength2* mSVGLength;
+        const mozilla::SVGLengthList* mSVGLengthList;
+        const mozilla::SVGNumberList* mSVGNumberList;
+        const nsSVGNumberPair* mSVGNumberPair;
+        const mozilla::SVGPathData* mSVGPathData;
+        const mozilla::SVGPointList* mSVGPointList;
+        const mozilla::SVGAnimatedPreserveAspectRatio* mSVGPreserveAspectRatio;
+        const mozilla::SVGStringList* mSVGStringList;
+        const mozilla::SVGTransformList* mSVGTransformList;
+        const nsSVGViewBox* mSVGViewBox;
+      };
+      uint32_t mRefCount : 31;
+      uint32_t mCached : 1;
+    } mValue;
+    double mDoubleValue;
+  };
+
+  MiscContainer()
+    : mType(nsAttrValue::eColor),
+      mStringBits(0)
+  {
+    MOZ_COUNT_CTOR(MiscContainer);
+    mValue.mColor = 0;
+    mValue.mRefCount = 0;
+    mValue.mCached = 0;
+  }
+
+  ~MiscContainer()
+  {
+    if (IsRefCounted()) {
+      MOZ_ASSERT(mValue.mRefCount == 0);
+      MOZ_ASSERT(!mValue.mCached);
+    }
+    MOZ_COUNT_DTOR(MiscContainer);
+  }
+
+  bool GetString(nsDependentString& aString) const;
+
+  inline bool IsRefCounted() const
+  {
+    // Nothing stops us from refcounting (and sharing) other types of
+    // MiscContainer (except eDoubleValue types) but there's no compelling
+    // reason to 
+    return mType == nsAttrValue::eCSSStyleRule;
+  }
+
+  inline int32_t AddRef() {
+    MOZ_ASSERT(IsRefCounted());
+    return ++mValue.mRefCount;
+  }
+
+  inline int32_t Release() {
+    MOZ_ASSERT(IsRefCounted());
+    return --mValue.mRefCount;
+  }
+
+  void Cache();
+  void Evict();
+};
+
+
+/**
+ * Implementation of inline methods
+ */
+
+inline int32_t
+nsAttrValue::GetIntegerValue() const
+{
+  NS_PRECONDITION(Type() == eInteger, "wrong type");
+  return (BaseType() == eIntegerBase)
+         ? GetIntInternal()
+         : GetMiscContainer()->mValue.mInteger;
+}
+
+inline int16_t
+nsAttrValue::GetEnumValue() const
+{
+  NS_PRECONDITION(Type() == eEnum, "wrong type");
+  // We don't need to worry about sign extension here since we're
+  // returning an int16_t which will cut away the top bits.
+  return static_cast<int16_t>((
+    (BaseType() == eIntegerBase)
+    ? static_cast<uint32_t>(GetIntInternal())
+    : GetMiscContainer()->mValue.mEnumValue)
+      >> NS_ATTRVALUE_ENUMTABLEINDEX_BITS);
+}
+
+inline float
+nsAttrValue::GetPercentValue() const
+{
+  NS_PRECONDITION(Type() == ePercent, "wrong type");
+  return ((BaseType() == eIntegerBase)
+          ? GetIntInternal()
+          : GetMiscContainer()->mValue.mPercent)
+            / 100.0f;
+}
+
+inline nsAttrValue::AtomArray*
+nsAttrValue::GetAtomArrayValue() const
+{
+  NS_PRECONDITION(Type() == eAtomArray, "wrong type");
+  return GetMiscContainer()->mValue.mAtomArray;
+}
+
+inline mozilla::css::StyleRule*
+nsAttrValue::GetCSSStyleRuleValue() const
+{
+  NS_PRECONDITION(Type() == eCSSStyleRule, "wrong type");
+  return GetMiscContainer()->mValue.mCSSStyleRule;
+}
+
+inline mozilla::css::URLValue*
+nsAttrValue::GetURLValue() const
+{
+  NS_PRECONDITION(Type() == eURL, "wrong type");
+  return GetMiscContainer()->mValue.mURL;
+}
+
+inline mozilla::css::ImageValue*
+nsAttrValue::GetImageValue() const
+{
+  NS_PRECONDITION(Type() == eImage, "wrong type");
+  return GetMiscContainer()->mValue.mImage;
+}
+
+inline double
+nsAttrValue::GetDoubleValue() const
+{
+  NS_PRECONDITION(Type() == eDoubleValue, "wrong type");
+  return GetMiscContainer()->mDoubleValue;
+}
+
+inline bool
+nsAttrValue::GetIntMarginValue(nsIntMargin& aMargin) const
+{
+  NS_PRECONDITION(Type() == eIntMarginValue, "wrong type");
+  nsIntMargin* m = GetMiscContainer()->mValue.mIntMargin;
+  if (!m)
+    return false;
+  aMargin = *m;
+  return true;
+}
+
+inline bool
+nsAttrValue::IsSVGType(ValueType aType) const
+{
+  return aType >= eSVGTypesBegin && aType <= eSVGTypesEnd;
+}
+
+inline void
+nsAttrValue::SetPtrValueAndType(void* aValue, ValueBaseType aType)
+{
+  NS_ASSERTION(!(NS_PTR_TO_INT32(aValue) & ~NS_ATTRVALUE_POINTERVALUE_MASK),
+               "pointer not properly aligned, this will crash");
+  mBits = reinterpret_cast<PtrBits>(aValue) | aType;
+}
+
+inline void
+nsAttrValue::ResetIfSet()
+{
+  if (mBits) {
+    Reset();
+  }
+}
+
+inline MiscContainer*
+nsAttrValue::GetMiscContainer() const
+{
+  NS_ASSERTION(BaseType() == eOtherBase, "wrong type");
+  return static_cast<MiscContainer*>(GetPtr());
+}
+
+inline int32_t
+nsAttrValue::GetIntInternal() const
+{
+  NS_ASSERTION(BaseType() == eIntegerBase,
+               "getting integer from non-integer");
+  // Make sure we get a signed value.
+  // Lets hope the optimizer optimizes this into a shift. Unfortunatly signed
+  // bitshift right is implementaion dependant.
+  return static_cast<int32_t>(mBits & ~NS_ATTRVALUE_INTEGERTYPE_MASK) /
+         NS_ATTRVALUE_INTEGERTYPE_MULTIPLIER;
+}
+
+#endif

content/base/src/nsContentList.cpp

@@ -19,9 +19,9 @@
 #include "nsContentUtils.h"
 #include "nsCCUncollectableMarker.h"
 #include "nsGkAtoms.h"
-
+#include "mozilla/dom/HTMLCollectionBinding.h"
+#include "mozilla/dom/NodeListBinding.h"
 #include "dombindings.h"
-#include "mozilla/dom/BindingUtils.h"
 
 // Form related includes
 #include "nsIDOMHTMLFormElement.h"
@@ -163,7 +163,13 @@ JSObject*
 nsSimpleContentList::WrapObject(JSContext *cx, JSObject *scope,
                                 bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::NodeList::create(cx, scope, this, triedToWrap);
+  JSObject* obj = NodeListBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::NodeList::create(cx, scope, this);
 }
 
 // nsFormContentList
@@ -297,7 +303,13 @@ JSObject*
 nsCacheableFuncStringNodeList::WrapObject(JSContext *cx, JSObject *scope,
                                           bool *triedToWrap)
 {
-  return oldproxybindings::NodeList::create(cx, scope, this, triedToWrap);
+  JSObject* obj = NodeListBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::NodeList::create(cx, scope, this);
 }
 
 
@@ -305,7 +317,13 @@ JSObject*
 nsCacheableFuncStringHTMLCollection::WrapObject(JSContext *cx, JSObject *scope,
                                                 bool *triedToWrap)
 {
-  return oldproxybindings::HTMLCollection::create(cx, scope, this, triedToWrap);
+  JSObject* obj = HTMLCollectionBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::HTMLCollection::create(cx, scope, this);
 }
 
 // Hashtable for storing nsCacheableFuncStringContentList
@@ -534,8 +552,13 @@ nsContentList::~nsContentList()
 JSObject*
 nsContentList::WrapObject(JSContext *cx, JSObject *scope, bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::HTMLCollection::create(cx, scope, this,
-                                                       triedToWrap);
+  JSObject* obj = HTMLCollectionBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::HTMLCollection::create(cx, scope, this);
 }
 
 DOMCI_DATA(ContentList, nsContentList)

content/base/src/nsContentUtils.cpp

@@ -99,6 +99,7 @@ static NS_DEFINE_CID(kXTFServiceCID, NS_XTFSERVICE_CID);
 #include "nsDOMJSUtils.h"
 #include "nsGenericHTMLElement.h"
 #include "nsAttrValue.h"
+#include "nsAttrValueInlines.h"
 #include "nsReferencedElement.h"
 #include "nsIDragService.h"
 #include "nsIChannelEventSink.h"

content/base/src/nsDOMAttributeMap.cpp

@@ -501,3 +501,23 @@ nsDOMAttributeMap::Enumerate(AttrCache::EnumReadFunction aFunc,
 {
   return mAttributeCache.EnumerateRead(aFunc, aUserArg);
 }
+
+size_t
+AttrCacheSizeEnumerator(const nsAttrKey& aKey,
+                        const nsRefPtr<nsDOMAttribute>& aValue,
+                        nsMallocSizeOfFun aMallocSizeOf,
+                        void* aUserArg)
+{
+  return aMallocSizeOf(aValue.get());
+}
+
+size_t
+nsDOMAttributeMap::SizeOfIncludingThis(nsMallocSizeOfFun aMallocSizeOf) const
+{
+  size_t n = aMallocSizeOf(this);
+  n += mAttributeCache.SizeOfExcludingThis(AttrCacheSizeEnumerator,
+                                           aMallocSizeOf);
+
+  // NB: mContent is non-owning and thus not counted.
+  return n;
+}

content/base/src/nsDOMAttributeMap.h

@@ -159,6 +159,8 @@ public:
 
   NS_DECL_CYCLE_COLLECTION_CLASS(nsDOMAttributeMap)
 
+  size_t SizeOfIncludingThis(nsMallocSizeOfFun aMallocSizeOf) const;
+
 private:
   Element *mContent; // Weak reference
 

content/base/src/nsDOMFile.cpp

@@ -35,6 +35,7 @@
 
 #include "plbase64.h"
 #include "prmem.h"
+#include "mozilla/dom/FileListBinding.h"
 #include "dombindings.h"
 
 using namespace mozilla;
@@ -680,7 +681,13 @@ JSObject*
 nsDOMFileList::WrapObject(JSContext *cx, JSObject *scope,
                           bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::FileList::create(cx, scope, this, triedToWrap);
+  JSObject* obj = FileListBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::FileList::create(cx, scope, this);
 }
 
 nsIDOMFile*

content/base/src/nsDOMSettableTokenList.cpp

@@ -7,6 +7,7 @@
  */
 
 #include "nsDOMSettableTokenList.h"
+#include "mozilla/dom/DOMSettableTokenListBinding.h"
 #include "dombindings.h"
 
 
@@ -51,6 +52,14 @@ JSObject*
 nsDOMSettableTokenList::WrapObject(JSContext *cx, JSObject *scope,
                                    bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::DOMSettableTokenList::create(cx, scope, this,
-                                                             triedToWrap);
+  JSObject* obj = mozilla::dom::DOMSettableTokenListBinding::Wrap(cx, scope,
+                                                                  this,
+                                                                  triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return mozilla::dom::oldproxybindings::DOMSettableTokenList::create(cx, scope,
+                                                                      this);
 }

content/base/src/nsDOMTokenList.cpp

@@ -12,6 +12,7 @@
 #include "nsContentUtils.h"
 #include "nsError.h"
 #include "nsGenericElement.h"
+#include "mozilla/dom/DOMTokenListBinding.h"
 #include "dombindings.h"
 #include "mozilla/ErrorResult.h"
 
@@ -312,7 +313,12 @@ nsDOMTokenList::ToString(nsAString& aResult)
 JSObject*
 nsDOMTokenList::WrapObject(JSContext *cx, JSObject *scope, bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::DOMTokenList::create(cx, scope, this,
-                                                     triedToWrap);
+  JSObject* obj = DOMTokenListBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::DOMTokenList::create(cx, scope, this);
 }
 

content/base/src/nsGenericElement.cpp

@@ -54,6 +54,7 @@
 #include "mozilla/dom/DirectionalityUtils.h"
 #include "nsDocument.h"
 #include "nsAttrValueOrString.h"
+#include "nsAttrValueInlines.h"
 #ifdef MOZ_XUL
 #include "nsXULElement.h"
 #endif /* MOZ_XUL */
@@ -101,7 +102,6 @@
 #include "nsRuleProcessorData.h"
 #include "nsAsyncDOMEvent.h"
 #include "nsTextNode.h"
-#include "dombindings.h"
 
 #ifdef MOZ_XUL
 #include "nsIXULDocument.h"

content/base/src/nsGkAtomList.h

@@ -727,6 +727,8 @@ GK_ATOM(onmozpointerlockerror, "onmozpointerlockerror")
 GK_ATOM(onmoztimechange, "onmoztimechange")
 GK_ATOM(onMozMousePixelScroll, "onMozMousePixelScroll")
 GK_ATOM(onMozScrolledAreaChanged, "onMozScrolledAreaChanged")
+GK_ATOM(onmoznetworkupload, "onmoznetworkupload")
+GK_ATOM(onmoznetworkdownload, "onmoznetworkdownload")
 GK_ATOM(onnoupdate, "onnoupdate")
 GK_ATOM(onobsolete, "onobsolete")
 GK_ATOM(ononline, "ononline")

content/base/src/nsStyledElement.cpp

@@ -7,6 +7,7 @@
 #include "nsStyledElement.h"
 #include "nsGkAtoms.h"
 #include "nsAttrValue.h"
+#include "nsAttrValueInlines.h"
 #include "nsGenericElement.h"
 #include "nsMutationEvent.h"
 #include "nsDOMCSSDeclaration.h"
@@ -251,21 +252,8 @@ nsStyledElementNotElementCSSInlineStyle::ParseStyleAttribute(const nsAString& aV
       }
     }
 
-    if (isCSS) {
-      css::Loader* cssLoader = doc->CSSLoader();
-      nsCSSParser cssParser(cssLoader);
-
-      nsCOMPtr<nsIURI> baseURI = GetBaseURI();
-
-      nsRefPtr<css::StyleRule> rule;
-      cssParser.ParseStyleAttribute(aValue, doc->GetDocumentURI(),
-                                    baseURI,
-                                    NodePrincipal(),
-                                    getter_AddRefs(rule));
-      if (rule) {
-        aResult.SetTo(rule, &aValue);
-        return;
-      }
+    if (isCSS && aResult.ParseStyleAttribute(aValue, this)) {
+      return;
     }
   }
 

content/base/test/unit/test_csputils.js

@@ -159,29 +159,29 @@ test(
     function test_CSPSource_fromString() {
     // can't do these tests because "self" is not defined.
       //"basic source should not be null.");
-      do_check_neq(null, CSPSource.fromString("a.com", "http://abc.com"));
+      do_check_neq(null, CSPSource.fromString("a.com", undefined, "http://abc.com"));
 
       //"ldh characters should all work for host.");
-      do_check_neq(null, CSPSource.fromString("a2-c.com", "https://a.com"));
+      do_check_neq(null, CSPSource.fromString("a2-c.com", undefined, "https://a.com"));
 
       //"wildcard should work in first token for host.");
-      do_check_neq(null, CSPSource.fromString("*.a.com", "http://abc.com"));
+      do_check_neq(null, CSPSource.fromString("*.a.com", undefined, "http://abc.com"));
 
       //print(" --- Ignore the following two errors if they print ---");
       //"wildcard should not work in non-first token for host.");
-      do_check_eq(null, CSPSource.fromString("x.*.a.com", "http://a.com"));
+      do_check_eq(null, CSPSource.fromString("x.*.a.com", undefined, "http://a.com"));
 
       //"funny characters (#) should not work for host.");
-      do_check_eq(null, CSPSource.fromString("a#2-c.com", "http://a.com"));
+      do_check_eq(null, CSPSource.fromString("a#2-c.com", undefined, "http://a.com"));
 
       //print(" --- Stop ignoring errors that print ---\n");
 
       //"failed to parse host with port.");
-      do_check_neq(null, CSPSource.create("a.com:23", "http://a.com"));
+      do_check_neq(null, CSPSource.create("a.com:23", undefined, "http://a.com"));
       //"failed to parse host with scheme.");
-      do_check_neq(null, CSPSource.create("https://a.com", "http://a.com"));
+      do_check_neq(null, CSPSource.create("https://a.com", undefined, "http://a.com"));
       //"failed to parse host with scheme and port.");
-      do_check_neq(null, CSPSource.create("https://a.com:200", "http://a.com"));
+      do_check_neq(null, CSPSource.create("https://a.com:200", undefined, "http://a.com"));
 
       //Check to make sure we don't match multiple instances with regex
       do_check_eq(null, CSPSource.create("http://foo.com:bar.com:23"));
@@ -193,7 +193,7 @@ test(
 test(
     function test_CSPSource_fromString_withSelf() {
       var src;
-      src = CSPSource.create("a.com", "https://foobar.com:443");
+      src = CSPSource.create("a.com", undefined, "https://foobar.com:443");
       //"src should inherit port *
       do_check_true(src.permits("https://a.com:443"));
       //"src should inherit and require https scheme
@@ -201,7 +201,7 @@ test(
       //"src should inherit scheme 'https'"
       do_check_true(src.permits("https://a.com"));
 
-      src = CSPSource.create("http://a.com", "https://foobar.com:443");
+      src = CSPSource.create("http://a.com", undefined, "https://foobar.com:443");
       //"src should inherit and require http scheme"
       do_check_false(src.permits("https://a.com"));
       //"src should inherit scheme 'http'"
@@ -210,7 +210,7 @@ test(
       //"src should inherit default port for 'http'"
       do_check_true(src.permits("http://a.com:80"));
 
-      src = CSPSource.create("'self'", "https://foobar.com:443");
+      src = CSPSource.create("'self'", undefined, "https://foobar.com:443");
       //"src should inherit port *
       do_check_true(src.permits("https://foobar.com:443"));
       //"src should inherit and require https scheme
@@ -220,7 +220,7 @@ test(
       //"src should reject other hosts"
       do_check_false(src.permits("https://a.com"));
 
-      src = CSPSource.create("javascript:", "https://foobar.com:443");
+      src = CSPSource.create("javascript:", undefined, "https://foobar.com:443");
       //"hostless schemes should be parseable."
       var aUri = NetUtil.newURI("javascript:alert('foo');");
       do_check_true(src.permits(aUri));
@@ -260,7 +260,7 @@ test(
     function test_CSPSourceList_fromString_twohost() {
       var str = "foo.bar:21 https://ras.bar";
       var parsed = "http://foo.bar:21 https://ras.bar:443";
-      var sd = CSPSourceList.fromString(str, URI("http://self.com:80"));
+      var sd = CSPSourceList.fromString(str, undefined, URI("http://self.com:80"));
       //"two-host list should parse"
       do_check_neq(null,sd);
       //"two-host list should parse to two hosts"
@@ -272,8 +272,9 @@ test(
 test(
     function test_CSPSourceList_permits() {
       var nullSourceList = CSPSourceList.fromString("'none'");
-      var simpleSourceList = CSPSourceList.fromString("a.com", URI("http://self.com"));
+      var simpleSourceList = CSPSourceList.fromString("a.com", undefined, URI("http://self.com"));
       var doubleSourceList = CSPSourceList.fromString("https://foo.com http://bar.com:88",
+                                                      undefined,
                                                       URI("http://self.com:88"));
       var allSourceList = CSPSourceList.fromString("*");
       var allAndMoreSourceList = CSPSourceList.fromString("* https://bar.com 'none'");
@@ -680,7 +681,7 @@ test(
        */
 
       var src;
-      src = CSPSource.create("a.com", "https://foobar.com:4443");
+      src = CSPSource.create("a.com", undefined, "https://foobar.com:4443");
       //"src should inherit and require https scheme
       do_check_false(src.permits("http://a.com"));
       //"src should inherit scheme 'https'"
@@ -688,7 +689,7 @@ test(
       //"src should get default port
       do_check_true(src.permits("https://a.com:443"));
 
-      src = CSPSource.create("http://a.com", "https://foobar.com:4443");
+      src = CSPSource.create("http://a.com", undefined, "https://foobar.com:4443");
       //"src should require http scheme"
       do_check_false(src.permits("https://a.com"));
       //"src should keep scheme 'http'"
@@ -696,7 +697,7 @@ test(
       //"src should inherit default port for 'http'"
       do_check_true(src.permits("http://a.com:80"));
 
-      src = CSPSource.create("'self'", "https://foobar.com:4443");
+      src = CSPSource.create("'self'", undefined, "https://foobar.com:4443");
       //"src should inherit nonstandard port from self
       do_check_true(src.permits("https://foobar.com:4443"));
       do_check_false(src.permits("https://foobar.com"));
@@ -716,9 +717,9 @@ test(
        * doesn't happen.
        */
 
-      var p_none = CSPSourceList.fromString("'none'", "http://foo.com", false);
-      var p_all = CSPSourceList.fromString("*", "http://foo.com", false);
-      var p_one = CSPSourceList.fromString("bar.com", "http://foo.com", false);
+      var p_none = CSPSourceList.fromString("'none'", undefined, "http://foo.com", false);
+      var p_all = CSPSourceList.fromString("*", undefined, "http://foo.com", false);
+      var p_one = CSPSourceList.fromString("bar.com", undefined, "http://foo.com", false);
 
       do_check_false(p_none.equals(p_all));
       do_check_false(p_none.equals(p_one));

content/events/public/nsEventNameList.h

@@ -467,6 +467,14 @@ WINDOW_ONLY_EVENT(moztimechange,
                   NS_MOZ_TIME_CHANGE_EVENT,
                   EventNameType_None,
                   NS_EVENT)
+WINDOW_ONLY_EVENT(moznetworkupload,
+                  NS_NETWORK_UPLOAD_EVENT,
+                  EventNameType_None,
+                  NS_EVENT)
+WINDOW_ONLY_EVENT(moznetworkdownload,
+                  NS_NETWORK_DOWNLOAD_EVENT,
+                  EventNameType_None,
+                  NS_EVENT)
 
 TOUCH_EVENT(touchstart,
             NS_TOUCH_START,

content/events/src/nsEventListenerManager.cpp

@@ -173,13 +173,20 @@ nsEventListenerManager::GetInnerWindowForTarget()
     return node->OwnerDoc()->GetInnerWindow();
   }
 
+  nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
+  return window;
+}
+
+already_AddRefed<nsPIDOMWindow>
+nsEventListenerManager::GetTargetAsInnerWindow() const
+{
   nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(mTarget);
-  if (window) {
-    NS_ASSERTION(window->IsInnerWindow(), "Target should not be an outer window");
-    return window;
+  if (!window) {
+    return nullptr;
   }
 
-  return nullptr;
+  NS_ASSERTION(window->IsInnerWindow(), "Target should not be an outer window");
+  return window.forget();
 }
 
 void
@@ -278,7 +285,20 @@ nsEventListenerManager::AddEventListener(nsIDOMEventListener *aListener,
   } else if (aTypeAtom == nsGkAtoms::ondevicemotion) {
     EnableDevice(NS_DEVICE_MOTION);
   } else if (aTypeAtom == nsGkAtoms::onmoztimechange) {
-    EnableTimeChangeNotifications();
+    nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
+    if (window) {
+      window->EnableTimeChangeNotifications();
+    }
+  } else if (aTypeAtom == nsGkAtoms::onmoznetworkupload) {
+    nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
+    if (window) {
+      window->EnableNetworkEvent(NS_NETWORK_UPLOAD_EVENT);
+    }
+  } else if (aTypeAtom == nsGkAtoms::onmoznetworkdownload) {
+    nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
+    if (window) {
+      window->EnableNetworkEvent(NS_NETWORK_DOWNLOAD_EVENT);
+    }
   } else if (aTypeAtom == nsGkAtoms::ontouchstart ||
              aTypeAtom == nsGkAtoms::ontouchend ||
              aTypeAtom == nsGkAtoms::ontouchmove ||
@@ -326,13 +346,11 @@ nsEventListenerManager::IsDeviceType(uint32_t aType)
 void
 nsEventListenerManager::EnableDevice(uint32_t aType)
 {
-  nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(mTarget);
+  nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
   if (!window) {
     return;
   }
 
-  NS_ASSERTION(window->IsInnerWindow(), "Target should not be an outer window");
-
   switch (aType) {
     case NS_DEVICE_ORIENTATION:
       window->EnableDeviceSensor(SENSOR_ORIENTATION);
@@ -358,13 +376,11 @@ nsEventListenerManager::EnableDevice(uint32_t aType)
 void
 nsEventListenerManager::DisableDevice(uint32_t aType)
 {
-  nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(mTarget);
+  nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
   if (!window) {
     return;
   }
 
-  NS_ASSERTION(window->IsInnerWindow(), "Target should not be an outer window");
-
   switch (aType) {
     case NS_DEVICE_ORIENTATION:
       window->DisableDeviceSensor(SENSOR_ORIENTATION);
@@ -404,6 +420,8 @@ nsEventListenerManager::RemoveEventListener(nsIDOMEventListener *aListener,
   uint32_t typeCount = 0;
   bool deviceType = IsDeviceType(aType);
   bool timeChangeEvent = (aType == NS_MOZ_TIME_CHANGE_EVENT);
+  bool networkEvent = (aType == NS_NETWORK_UPLOAD_EVENT ||
+                       aType == NS_NETWORK_DOWNLOAD_EVENT);
 
   for (uint32_t i = 0; i < count; ++i) {
     ls = &mListeners.ElementAt(i);
@@ -417,7 +435,7 @@ nsEventListenerManager::RemoveEventListener(nsIDOMEventListener *aListener,
         mNoListenerForEvent = NS_EVENT_TYPE_NULL;
         mNoListenerForEventAtom = nullptr;
 
-        if (!deviceType && !timeChangeEvent) {
+        if (!deviceType && !timeChangeEvent && !networkEvent) {
           return;
         }
         --typeCount;
@@ -428,7 +446,15 @@ nsEventListenerManager::RemoveEventListener(nsIDOMEventListener *aListener,
   if (deviceType && typeCount == 0) {
     DisableDevice(aType);
   } else if (timeChangeEvent && typeCount == 0) {
-    DisableTimeChangeNotifications();
+    nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
+    if (window) {
+      window->DisableTimeChangeNotifications();
+    }
+  } else if (networkEvent && typeCount == 0) {
+    nsCOMPtr<nsPIDOMWindow> window = GetTargetAsInnerWindow();
+    if (window) {
+      window->DisableNetworkEvent(aType);
+    }
   }
 }
 
@@ -595,11 +621,8 @@ nsEventListenerManager::SetEventHandler(nsIAtom *aName,
     doc = node->OwnerDoc();
     global = doc->GetScriptGlobalObject();
   } else {
-    nsCOMPtr<nsPIDOMWindow> win(do_QueryInterface(mTarget));
+    nsCOMPtr<nsPIDOMWindow> win = GetTargetAsInnerWindow();
     if (win) {
-      NS_ASSERTION(win->IsInnerWindow(),
-                   "Event listener added to outer window!");
-
       nsCOMPtr<nsIDOMDocument> domdoc;
       win->GetDocument(getter_AddRefs(domdoc));
       doc = do_QueryInterface(domdoc);
@@ -1170,27 +1193,3 @@ nsEventListenerManager::UnmarkGrayJSListeners()
     }
   }
 }
-
-void
-nsEventListenerManager::EnableTimeChangeNotifications()
-{
-  nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(mTarget);
-  if (!window) {
-    return;
-  }
-
-  NS_ASSERTION(window->IsInnerWindow(), "Target should not be an outer window");
-  window->EnableTimeChangeNotifications();
-}
-
-void
-nsEventListenerManager::DisableTimeChangeNotifications()
-{
-  nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(mTarget);
-  if (!window) {
-    return;
-  }
-
-  NS_ASSERTION(window->IsInnerWindow(), "Target should not be an outer window");
-  window->DisableTimeChangeNotifications();
-}

content/events/src/nsEventListenerManager.h

@@ -269,9 +269,6 @@ protected:
   void EnableDevice(uint32_t aType);
   void DisableDevice(uint32_t aType);
 
-  void EnableTimeChangeNotifications();
-  void DisableTimeChangeNotifications();
-
 public:
   /**
    * Set the "inline" event listener for aEventName to |v|.  This
@@ -304,6 +301,7 @@ protected:
   const EventTypeData* GetTypeDataForIID(const nsIID& aIID);
   const EventTypeData* GetTypeDataForEventName(nsIAtom* aName);
   nsPIDOMWindow* GetInnerWindowForTarget();
+  already_AddRefed<nsPIDOMWindow> GetTargetAsInnerWindow() const;
 
   uint32_t mMayHavePaintEventListener : 1;
   uint32_t mMayHaveMutationListeners : 1;

content/events/src/nsEventStateManager.cpp

@@ -111,6 +111,8 @@ using namespace mozilla::dom;
 
 #define NS_USER_INTERACTION_INTERVAL 5000 // ms
 
+static const nsIntPoint kInvalidRefPoint = nsIntPoint(-1,-1);
+
 static bool sLeftClickOnly = true;
 static bool sKeyCausesActivation = true;
 static uint32_t sESMInstanceCount = 0;
@@ -120,9 +122,9 @@ bool nsEventStateManager::sNormalLMouseEventInProcess = false;
 nsEventStateManager* nsEventStateManager::sActiveESM = nullptr;
 nsIDocument* nsEventStateManager::sMouseOverDocument = nullptr;
 nsWeakFrame nsEventStateManager::sLastDragOverFrame = nullptr;
-nsIntPoint nsEventStateManager::sLastRefPoint = nsIntPoint(0,0);
+nsIntPoint nsEventStateManager::sLastRefPoint = kInvalidRefPoint;
 nsIntPoint nsEventStateManager::sLastScreenPoint = nsIntPoint(0,0);
-nsIntPoint nsEventStateManager::sSynthCenteringPoint = nsIntPoint(-1,-1);
+nsIntPoint nsEventStateManager::sSynthCenteringPoint = kInvalidRefPoint;
 nsIntPoint nsEventStateManager::sLastClientPoint = nsIntPoint(0,0);
 bool nsEventStateManager::sIsPointerLocked = false;
 // Reference to the pointer locked element.
@@ -4162,8 +4164,14 @@ nsEventStateManager::GenerateMouseEnterExit(nsGUIEvent* aEvent)
           aEvent->flags |= NS_EVENT_FLAG_STOP_DISPATCH;
           // Clear sSynthCenteringPoint so we don't cancel other events
           // targeted at the center.
-          sSynthCenteringPoint = nsIntPoint(-1,-1);
+          sSynthCenteringPoint = kInvalidRefPoint;
         }
+      } else if (sLastRefPoint == kInvalidRefPoint) {
+        // We don't have a valid previous mousemove refPoint. This is either
+        // the first move we've encountered, or the mouse has just re-entered
+        // the application window. We should report (0,0) movement for this
+        // case, so make the current and previous refPoints the same.
+        aEvent->lastRefPoint = aEvent->refPoint;
       } else {
         aEvent->lastRefPoint = sLastRefPoint;
       }
@@ -4197,6 +4205,10 @@ nsEventStateManager::GenerateMouseEnterExit(nsGUIEvent* aEvent)
         break;
       }
 
+      // Reset sLastRefPoint, so that we'll know not to report any
+      // movement the next time we re-enter the window.
+      sLastRefPoint = kInvalidRefPoint;
+
       NotifyMouseOut(aEvent, nullptr);
     }
     break;

content/events/src/nsPaintRequest.cpp

@@ -9,6 +9,8 @@
 #include "nsClientRect.h"
 #include "nsIFrame.h"
 #include "nsContentUtils.h"
+#include "mozilla/dom/PaintRequestListBinding.h"
+#include "dombindings.h"
 
 DOMCI_DATA(PaintRequest, nsPaintRequest)
 
@@ -53,6 +55,21 @@ NS_INTERFACE_MAP_END
 NS_IMPL_CYCLE_COLLECTING_ADDREF(nsPaintRequestList)
 NS_IMPL_CYCLE_COLLECTING_RELEASE(nsPaintRequestList)
 
+JSObject*
+nsPaintRequestList::WrapObject(JSContext *cx, JSObject *scope,
+                               bool *triedToWrap)
+{
+  JSObject* obj = mozilla::dom::PaintRequestListBinding::Wrap(cx, scope, this,
+                                                              triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return mozilla::dom::oldproxybindings::PaintRequestList::create(cx, scope,
+                                                                  this);
+}
+
 NS_IMETHODIMP    
 nsPaintRequestList::GetLength(uint32_t* aLength)
 {

content/events/src/nsPaintRequest.h

@@ -10,8 +10,8 @@
 #include "nsIDOMPaintRequestList.h"
 #include "nsPresContext.h"
 #include "nsIDOMEvent.h"
-#include "dombindings.h"
 #include "mozilla/Attributes.h"
+#include "nsWrapperCache.h"
 
 class nsPaintRequest MOZ_FINAL : public nsIDOMPaintRequest
 {
@@ -44,12 +44,7 @@ public:
   NS_DECL_NSIDOMPAINTREQUESTLIST
   
   virtual JSObject* WrapObject(JSContext *cx, JSObject *scope,
-                               bool *triedToWrap)
-  {
-    return mozilla::dom::oldproxybindings::PaintRequestList::create(cx, scope, this,
-                                                           triedToWrap);
-  }
-
+                               bool *triedToWrap);
   nsISupports* GetParentObject()
   {
     return mParent;

content/html/content/src/HTMLPropertiesCollection.cpp

@@ -12,8 +12,8 @@
 #include "nsVariant.h"
 #include "nsDOMSettableTokenList.h"
 #include "nsAttrValue.h"
-#include "mozilla/ErrorResult.h"
 #include "nsWrapperCacheInlines.h"
+#include "mozilla/dom/HTMLPropertiesCollectionBinding.h"
 
 DOMCI_DATA(HTMLPropertiesCollection, mozilla::dom::HTMLPropertiesCollection)
 DOMCI_DATA(PropertyNodeList, mozilla::dom::PropertyNodeList)
@@ -110,8 +110,14 @@ JSObject*
 HTMLPropertiesCollection::WrapObject(JSContext* cx, JSObject* scope,
                                      bool* triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::HTMLPropertiesCollection::create(cx, scope, this,
-                                                                 triedToWrap);
+  JSObject* obj = HTMLPropertiesCollectionBinding::Wrap(cx, scope, this,
+                                                        triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::HTMLPropertiesCollection::create(cx, scope, this);
 }
 
 NS_IMETHODIMP
@@ -446,8 +452,13 @@ JSObject*
 PropertyNodeList::WrapObject(JSContext *cx, JSObject *scope,
                              bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::PropertyNodeList::create(cx, scope, this,
-                                                         triedToWrap);
+  JSObject* obj = PropertyNodeListBinding::Wrap(cx, scope, this, triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return oldproxybindings::PropertyNodeList::create(cx, scope, this);
 }
 
 NS_IMPL_CYCLE_COLLECTION_CLASS(PropertyNodeList)

content/html/content/src/nsClientRect.cpp

@@ -8,6 +8,7 @@
 #include "nsDOMClassInfoID.h"
 
 #include "nsPresContext.h"
+#include "mozilla/dom/ClientRectListBinding.h"
 #include "dombindings.h"
 
 DOMCI_DATA(ClientRect, nsClientRect)
@@ -106,8 +107,14 @@ nsClientRectList::GetItemAt(uint32_t aIndex)
 JSObject*
 nsClientRectList::WrapObject(JSContext *cx, JSObject *scope, bool *triedToWrap)
 {
-  return mozilla::dom::oldproxybindings::ClientRectList::create(cx, scope, this,
-                                                       triedToWrap);
+  JSObject* obj = mozilla::dom::ClientRectListBinding::Wrap(cx, scope, this,
+                                                            triedToWrap);
+  if (obj || *triedToWrap) {
+    return obj;
+  }
+
+  *triedToWrap = true;
+  return mozilla::dom::oldproxybindings::ClientRectList::create(cx, scope, this);
 }
 
 static double