The problem we're solving here: getting/entering the realm/global of a cross-compartment wrapper doesn't make sense once there are multiple realms in a compartment and the CCW will be shared by all of them. Because nsXPCWrappedJS can store a CCW, we will no longer be able to use this JSObject to enter the target realm.
What this patch does: we pass a JSContext* to nsXPCWrappedJS::GetNewOrUsed and we use this to store a global object in nsXPCWrappedJS (with the invariant that the object and global stored in nsXPCWrappedJS are same-compartment). Then when we want to enter the nsXPCWrappedJS's target realm, we use this global object instead of the maybe-CCW object. Because we currently still have one realm per compartment and the objects are same-compartment, this is guaranteed to preserve behavior for now.
nsXPCWrappedJS has some code to deal with weak pointers. Fortunately this applies only to root wrappers and root wrappers always store an unwrapped JSObject, so the extra global we store is guaranteed to be marked by the GC in that case (a global object is never collected when there are live JSObjects belonging to the same realm).
Allows top level non-XUL documents to share this code. Three tests had to
be adjusted to account for the attributes being chrome only now and not
available to content privilege XUL. In two tests, the values attributes
are now simply undefined. The crashtest was converted to a chrome
mochitest to preserve what it was testing.
MozReview-Commit-ID: 99w9Ax4et3C
--HG--
rename : dom/base/crashtests/473284.xul => dom/base/test/chrome/test_bug473284.xul
extra : rebase_source : 924d34a88fe8a48d766f78b02e64275f6e7cdc2b
At the moment, a tag that has document type capabilities will try to
load tag content with invalid MIME types as a document. This patch
will cause the load to fail silently instead.
This will cause failures in certain WPTs that expect plugins to be
present to fill in MIME type requirements, which we currently don't
have available on CI. These WPTs have been disabled for the moment.
MozReview-Commit-ID: 9JGR4LClE5x
Differential Revision: https://phabricator.services.mozilla.com/D2542
--HG--
extra : moz-landing-system : lando
We want to be able to enter the Realm we were in when the callback was created
before calling it, but if the callback stores a cross-compartment wrapper we
don't really have a good way to find that Realm. So we store it explicitly by
storing a global when the callback is created.
The changes to the constructor signatures to use JSObject* instead of
JS::Handle<JSObject*> are so we can avoid having to root the global for these
calls. These changes make two of the constructors ambiguous when nullptr is
being passed for the first arg; this patch adds casts to disambiguate.
Remove unused PromiseWindowProxy code and nsGlobalWindowInner::AddPendingPromise and nsGlobalWindowInner::RemovePendingPromise
Differential Revision: https://phabricator.services.mozilla.com/D2621
--HG--
extra : moz-landing-system : lando
I generally tried to preserve the behavior of consumers where they treated an
exception from getInterface(Ci.nsIContentFrameMessageManager) as a signal to use
some sort of fallback.
I did change the behavior of consumers that walked up to the root same-type
docshell before getting the message manager to just get it directly from the
docshell they have. Please review those parts carefully, and let me know if you
want me to ask some subject area experts to review those.
Copy over non-rule font faces to the static clone document that is used
during printing.
MozReview-Commit-ID: 8ggNrCcVpEK
--HG--
extra : rebase_source : 27e270edd28c3ecf19a99f4df5398a89e6c53e6a
Mostly automatic via sed. Only parts which I touched manually (apart from a
couple ones where I fixed indentation or which had mispelled arguments) are the
callers. I may have removed a couple redundant `virtual` keywords as well when
I started to do it manually, I can revert those if wanted.
Most of them are just removing the argument, but in Element.cpp I also added an
assertion for GetBindingParent when binding the ShadowRoot's kids (the binding
parent is set from the ShadowRoot constructor, and I don't think we bind a
shadow tree during unlink or what not which could cause a behavior difference).
Differential Revision: https://phabricator.services.mozilla.com/D2574
MozReview-Commit-ID: 2oIgatty2HU
In our autoplay shield-study, we want to collect the information which could tell us how many website
contains audible autoplay media, but there is no way to get this information on current API desigin.
Therefore, I would like to send a new notification when autoplay occurred.
The extension code could get the information by following way,
```
Services.obs.addObserver((subject, topic, data) => {
// DO SOMETHING
}, "AudibleAutoplayMediaOccurred");
```
MozReview-Commit-ID: 4bSYcxDZOGK
--HG--
extra : rebase_source : 2a4f060dbd582419bf0727408b04f2540155aa02
Always assume allowed-for-all-content. There are a couple callers which weren't
doing that:
* A unit test -> removed.
* ComputeAnimationDistance: Used for testing (in transitions_per_property), and
for the animation inspector. The animation inspector shouldn't show
non-enabled properties. The transitions_per_property test already relies on
getComputedStyle stuff which only uses eForAllContent.
* GetCSSImageURLs: I added this API for the context menu page and such. It
doesn't rely on non-enabled-everywhere properties, it was only using
eInChrome because it was a ChromeOnly API, but it doesn't really need this.
Differential Revision: https://phabricator.services.mozilla.com/D2514
MozReview-Commit-ID: 4VOi5Su3Bos
On the compositor we store animation values in a hash table and the hash is
the compositor animation id which is a unique id for each property respectively.
So we can get the corresponding animation value for the given property.
In this patch there are lots of duplicated code, but they will be removed in the
next patch.
MozReview-Commit-ID: 7EboVcculcg
--HG--
extra : rebase_source : 304ea80849af8af72a07437736041aeabbe47eeb
mozInlineSpellChecker::ReplaceWord() is used for replacing misspelled word
with a word. So, this is necessary to be distinguished from insertText
command when we implement InputEvent.inputType. So, we should make it
use TextEditor::ReplaceTextAsAction() instead (same as autocomplete).
This patch makes TextEditor::ReplaceTextAsAction() take optional argument
to make callers can specify replace range. Then, the range is a spellchecker
selection range if the caller is mozInlineSpellChecker::ReplaceWord().
Prior to this patch, it clones the range for normal selection, but it's
expensive and we may be able to reuse cached range of Selection in this case.
So, this patch makes Selection::AddRangeInternal() checks if given range is
in another Selection and use mCachedRange as far as possible.
MozReview-Commit-ID: JIOTTsxlj4Q
--HG--
extra : rebase_source : 7c26b0255f08608ebe8c7045c9bcdca1dc70cadf
This change also renames several related functions, as well as fields,
and the header is moved into EXPORTS.mozilla given it is defined under
mozilla namespace.
MozReview-Commit-ID: LqCdcW8fmUN
--HG--
rename : layout/base/ScrollbarStyles.cpp => layout/base/ScrollStyles.cpp
rename : layout/base/ScrollbarStyles.h => layout/base/ScrollStyles.h
extra : rebase_source : 8933f3bca88d5db4b9508e3947f695ecf7511b3e
In present web extension design (both Firefox and Chrome), background script can autoplay.
We don't want to break this design, so we would always allow it to autoplay.
MozReview-Commit-ID: 9BfWgll7PNx
--HG--
extra : rebase_source : 7996daa06c31a84a2aea9008daa9bddfcde98c74
Selection caches an nsRange instance for saving re-allocation cost and AddMutationObserver() and RemoveMutationObserver()'s cost when its RemoveAllRangesTemporarily() is called.
Then, the instance is detached from the Selection but still referring editing point. E.g., the only text node in TextEditor when its value is set. Therefore, it'll receive character data change notification and need to check whether the point is still valid with new text. However, the range will be always set new position later, i.e., immediately before going back to a part of Selection. Therefore, even if the point becomes invalid, nobody must not have any problems.
This patch makes Selection make the cached range not positioned, and makes nsRange ignore any mutations when it's not positioned.
Differential Revision: https://phabricator.services.mozilla.com/D2587
--HG--
extra : moz-landing-system : lando
This new id is added in the PerformanceInfo data and helps consumers distinguish
counters.
MozReview-Commit-ID: 7kEmqJcVggM
--HG--
extra : rebase_source : 40cca4c937f846db93ec1315036ad1bac04bc762
DocShells are associated with outer DOM Windows, rather than Documents, so
having the getter on the document is a bit odd to begin with. But it's also
considerably less convenient, since most of the times when we want a docShell
from JS, we're dealing most directly with a window, and have to detour through
the document to get it.
MozReview-Commit-ID: LUj1H9nG3QL
--HG--
extra : source : fcfb99baa0f0fb60a7c420a712c6ae7c72576871
extra : histedit_source : 5be9b7b29a52a4b8376ee0bdfc5c08b12e3c775a
DocShells are associated with outer DOM Windows, rather than Documents, so
having the getter on the document is a bit odd to begin with. But it's also
considerably less convenient, since most of the times when we want a docShell
from JS, we're dealing most directly with a window, and have to detour through
the document to get it.
MozReview-Commit-ID: LUj1H9nG3QL
--HG--
extra : rebase_source : a13c59d1a5ed000187c7fd8e7339408ad6e2dee6
Add BrowsingContext to allow the tree structure of docshells to exist
in several processes simultaneously. This is a first step towards
allowing a tree structure preserving separation of docshells across
processes.
--HG--
extra : histedit_source : d3c7f6ab4b9ae76f170c126d669ebd570e52f348
Added a new CoarseType that refers to DOM nodes. Updated the trees to represent the CoarseType. Created a new type of count in the heap snapshot that sorts the data by a more descriptive type name. Created the descriptive in JS::ubi::Base.
--HG--
extra : histedit_source : be24efa4d2ccb85e82046d7cf7d2c3a1e13b1fd7
It's currently only accessible on XULDocument and XULElement, but that makes porting existing
JS to run in an HTML document inconvenient. We could alternatively change calling JS, but
this can be easily moved and exposed in chrome contexts.
MozReview-Commit-ID: JitYET20NSE
--HG--
extra : rebase_source : 75d823c688cba8d84dc19705e83284be383962f2
Spinning on setting nsStyledElement::SetInlineStyleDeclaration causes
high malloc/free as MiscContainer is created for nsAttrValue passed to
Element::SetAttrAndNotify before the old one is delete'd.
Keep a cache of one MiscContainer in nsAttrValue to alleviate this
pattern.
MozReview-Commit-ID: 2RGaltPvVOn
--HG--
extra : rebase_source : a517035b1637ec7408b7b39bc7cce85074cabb44
Most of the deCOM work was handled in bug 458300, so we just need to
use the inline refcounting macro to remove nsISupports.
MozReview-Commit-ID: 7npo7RF68Vo
Differential Revision: https://phabricator.services.mozilla.com/D2309
--HG--
extra : moz-landing-system : lando
Created a runtime hook to handle DOM nodes. Specialized ubi::Concrete for nsINode-inheriting objects. Displayed outgoing nsISupports* edges on reflector JSObjects. Generated outgoing child edges from nsINodes by examining their children. Updated the UbiNodeCensus to ignore zone checks if there is no zone to be found in a node.
--HG--
extra : rebase_source : 319dccb3277a39e51a79588eac9c8f2b4ff97c2f
I generally tried to preserve the behavior of consumers where they treated an
exception from getInterface(Ci.nsIContentFrameMessageManager) as a signal to use
some sort of fallback.
I did change the behavior of consumers that walked up to the root same-type
docshell before getting the message manager to just get it directly from the
docshell they have. Please review those parts carefully, and let me know if you
want me to ask some subject area experts to review those.
Created a runtime hook to handle DOM nodes. Specialized ubi::Concrete for nsINode-inheriting objects. Displayed outgoing nsISupports* edges on reflector JSObjects. Generated outgoing child edges from nsINodes by examining their children. Updated the UbiNodeCensus to ignore zone checks if there is no zone to be found in a node.
Much like the component manager, many of the strings that we use for category
manager entries are statically allocated. There's no need to duplicate these
strings.
This patch changes the category manager APIs to take nsACStrings rather than
raw pointers, and to pass literal nsCStrings when we know we have a literal
string to begin with. When adding the category entry, it then skips making
copies of any strings with the LITERAL flag.
MozReview-Commit-ID: EJEcYSdNMWs
***
amend-catman
--HG--
extra : source : aa9a8f18e98f930a3d8359565eef02f3f6efc5f9
extra : absorb_source : 81a22ab26ee8017ac43321ff2c987d8096182d37
Much like the component manager, many of the strings that we use for category
manager entries are statically allocated. There's no need to duplicate these
strings.
This patch changes the category manager APIs to take nsACStrings rather than
raw pointers, and to pass literal nsCStrings when we know we have a literal
string to begin with. When adding the category entry, it then skips making
copies of any strings with the LITERAL flag.
MozReview-Commit-ID: EJEcYSdNMWs
***
amend-catman
--HG--
extra : rebase_source : 4f70e7b296ecf3b52a4892c92155c7c163d424d2
We'd like to add telemetry to help inform the decision as to how enabling
block autoplay will affect video playback in the wild.
Our data science team would also like some input to help them estimate the
rate at which our shield study would receive pings, and the telemetry
collected here will help them estimate that.
We'd like to collect the following, on a per session basis:
* Count of the number of top level content documents loaded, as denominator for
other stats collected here.
* Count of the number of top level content documents which contained (directly
or in a descendant document) playback of an audible media element.
* Count of the number of top level content documents which contained (directly
or in a descendant document) a muted media element that was paused by the
autoplay policy because it tried to unmute and it wasn't allowed to autoplay
audibly.
* Count of the total number of audible autoplay videos that would have not been
allowed to play if block autoplay was enabled. We'd either prompt for
permission on these videos, or block outright depending on user's settings.
* Count of the total number of audible autoplay videos that would have been
allowed to play if block autoplay was enabled.
MozReview-Commit-ID: vHWJPyqHjT
--HG--
extra : rebase_source : e1f22ec83fda8b65d78f1de9f02cf060d424019c
The patch introduces NS_GetURIWithNewRef and NS_GetURIWithNewRef which perform the same function.
Differential Revision: https://phabricator.services.mozilla.com/D2239
--HG--
extra : moz-landing-system : lando
This removes AutoMaybeEnterFrameRealm. Most places pass cx->realm->principals: it preserves behavior when the (possibly wrapped) SavedFrame and cx are same-compartment. The main exception is the JSStackFrame DOM bindings code where we have to be a bit smarter about which principals to use.
The stack object might be a CCW and we want to make it impossible to get a CCW's global. Now the caller has to supply a same-compartment global object, so we no longer rely on getting the CCW's global.
Summary:
This fixes a couple fuzz bugs and prevents special-casing <svg:use> even more in
bug 1431255.
Unfortunately not as many hacks went away as I'd have hoped, since we still need
to match document rules, see the linked SVGWG issues.
But blocks_ancestor_combinators goes away, which is nice since it's on a very
hot path.
Test Plan: WPT for style invalidation, covered by existing tests otherwise.
Reviewers: heycam
Tags: #secure-revision
Bug #: 1450250
Differential Revision: https://phabricator.services.mozilla.com/D2154
MozReview-Commit-ID: C4mthjoSNFh
Right now consumers can't know when the parent process has finished talking
to the permission manager. It would be nice to enable consumers to depend
on the status of the asynchronous task using a promise.
Right now consumers can't know when the parent process has finished talking
to the permission manager. It would be nice to enable consumers to depend
on the status of the asynchronous task using a promise.
Thought I had to update this as well, but nope. When basically any style changes
we already update transitions.
needs_transitions_update already handles the physical mapping changing by
checking whether any transition for the physical property remain there or not.
MozReview-Commit-ID: 6vKwal4yzRU
This is probably the last thing we will ship since it needs the most spec work.
MozReview-Commit-ID: LLmDBLCsCBJ
--HG--
extra : rebase_source : c06752c9201a9ede87e1ac200ab12577bf784ce6
Jon Coppeard
Brad Werth
Brindusan Cristian
Zibi Braniecki
Nika Layzell
arthur.iakab
Jan de Mooij
Edgar Chen
catalin.badea392@gmail.com
Olli Pettay
Ciure Andrei
Brendan Dahl
Kyle Machulis
Jean-Yves Avenard
Brian Hackett
Andrea Marchesini
Dorel Luca
Boris Zbarsky
Perry Jiang
Bogdan Tara
Kristen Wright
Cosmin Sabou
Masatoshi Kimura
Jeremy Lempereur
Ehsan Akhgari
Jonathan Kingston
Andreea Pavel
Kris Maglione
Noemi Erli
dvarga
Jorg K
Nicholas Nethercote
Dave Townsend
Brendan Dahl
Emilio Cobos Álvarez
alwu
shindli
Kearwood Gilbert
Hiroyuki Ikezoe
Anny Gakhokidze
Masayuki Nakano
Xidorn Quan
Coroiu Cristina
Tarek Ziadé
Thomas Wisniewski
Narcis Beleuzu
Gurzau Raul
Andreas Farre
Gijs Kruitbosch
Csoregi Natalia
Ian Moody
Brian Grinstead
Dan Glastonbury
Blake Kaplan
Julian Descottes
Chris Pearce
Robert Bartlensky
Valentin Gosu
Christoph Kerschbaumer
Jed Davis
Haik Aftandilian
Neil Deakin
Paolo Amadini
Margareta Eliza Balazs
Tiberius Oros
Brian Birtles