By making image loading in <embed> and <object> behave more like when
an <iframe> loads an image, we can make sure that the synthetic
document generated is process switched if the image is cross
origin. This is done by making image loading in nsObjectLoadingContent
follow the document loading path.
We also make sure that we pass the image size back to the embedder
element to not get stuck with the intrinsic size.
To avoid named targeting being able to target these synthetic
documents, as well as showing up in `Window.frames` and being counted
in `Window.length`, we keep a filtered list of non-synthetic browsing
contexts for that use-case.
This feature is controlled by two prefs:
* browser.opaqueResponseBlocking.syntheticBrowsingContext
This triggers the creation of synthetic documents for images loaded
in <object> or embed.
* browser.opaqueResponseBlocking.syntheticBrowsingContext.filter
This turns on the filtering of synthetic browsing contexts in named
targeting, `Window.length` and `Window.frames`.
Differential Revision: https://phabricator.services.mozilla.com/D148117
Preparation for part 3).
The return type of `GetUserGestureStart` is a class, the return type of
`LastUserGestureTimeStamp` a `double`. Hence using the former is safer.
Differential Revision: https://phabricator.services.mozilla.com/D148758
Automatically generated rewrites of all ParamTraits and IPDLParamTraits
implementations in-tree to use IPC::Message{Reader,Writer}.
Differential Revision: https://phabricator.services.mozilla.com/D140004
TabUnloader.jsm can directly call windowGlobal.hasActivePeerConnections(),
so windowContext.hasActivePeerConnections is not needed.
Differential Revision: https://phabricator.services.mozilla.com/D132654
This patch makes sure the Tab Unloading feature does not unload tabs that have
active peer connections not to disrupt browsing experience based on WebRTC peer
connections.
To enable JS code to access the number of active peer connections, this patch
moves `nsPIDOMWindowInner::mTotalActivePeerConnections` to `WindowGlobalParent`.
Differential Revision: https://phabricator.services.mozilla.com/D128761
This field will be useful to JS code such as JSWindowActors which need to be
able to detect when their WindowContext is no longer active.
Differential Revision: https://phabricator.services.mozilla.com/D124098
This method actually tracks whether the context is current, so it has been
renamed, and the behaviour has been inverted.
Depends on D124210
Differential Revision: https://phabricator.services.mozilla.com/D124211
This is slightly complicated by the fact that the editor code wants to be able
to set this from the content process, so we really need separate
BrowsingContext and WindowContext flags, the latter of which can be set by the
owning process.
Differential Revision: https://phabricator.services.mozilla.com/D114899
Theoretically this change shouldn't be necessary, however frequent
intermittents suggest that there are still cases where holding a strong
reference here can lead to memory leaks.
Differential Revision: https://phabricator.services.mozilla.com/D109445
This allows for the WindowGlobalChild getter in WindowContext to be acquired
more efficiently without performing hashtable lookups, and should generally
simplify things.
The patch also removes the unnecessary XRE_IsContentProcess assertions, and
removes the global hashtable for tracking WindowGlobalChild instances which is
no longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D108120
Note that this patch only transforms the use of the nsDataHashtable type alias
to a directly equivalent use of nsTHashMap. It does not change the specification
of the hash key type to make use of the key class deduction that nsTHashMap
allows for in some cases. That can be done in a separate step, but requires more
attention.
Differential Revision: https://phabricator.services.mozilla.com/D106008
In some cases, a content process may think they should be able to make a change
to a synced field, but in the meantime something in the parent process has
changed and the change can no longer be applied. This was the cause of a number
of issues around the in-flight process ID, and can cause issues such as crashes
if the CanSet method was made too strict.
This patch introduces a new possible return type from `CanSet` which allows
requesting a `Revert`. A reverted field change will either be cancelled at the
source (if the CanSet fails in the setting process), or will be cancelled by
sending a new transaction back to the source process reverting the change to
ensure consistency.
In addition, some additional logging is added which made it easier to locate the
underlying bug and verify the correctness of the change.
The current primary use-case for this new feature is the CurrentInnerWindowId
field which can be updated by the previous process' docshell after the parent
process has already performed a switch to a new process. This can lead to the
current WindowContext being inaccurate for a BrowsingContext in some edge cases
as we allow the flawed set due the in-flight process ID matching.
This patch changes the logic to no longer check the in-flight process ID, and
instead revert any changes to the CurrentInnerWindowId field coming from a
process which is not currently active in the BrowsingContext.
No tests were added as it is very timing-sensitive, and difficult to create the
specific scenario, however without these changes my patch for bug 1663757
consistently causes geckoview-junit crashes due to currentWindowGlobal being
incorrect.
Differential Revision: https://phabricator.services.mozilla.com/D105553
Syncing the container FeaturePolicy across BrowsingContext is actually
a bit more heavy-handed than necessary. We only ever need a container
FeaturePolicy when inheriting a FeaturePolicy in exactly the document
the container contains. Not every process that the tree the container
is a part of. So instead of storing a FeaturePolicy in a synced field,
we manually send it to the correct WindowGlobalChild (which
corresponds to a document) and retrieve it from there.
Differential Revision: https://phabricator.services.mozilla.com/D61479
When a user clicks a form, the password manager popups a warning when the
form is not in a secure context. However, there is an exception when
a form is in an iframe. When both the url of the iframe and the top-level
are both local ip addresses, we consider it is safe.
This patch adds isLocalIP to WindowContext and WindowGlobalActor.webidl
so password manager can identify whether the top-level url is a local ip
address under fission.
Differential Revision: https://phabricator.services.mozilla.com/D99041
Only for top windows because for nested iframes they could get around
this without being noticed by reloading themselves which is not great.
Differential Revision: https://phabricator.services.mozilla.com/D98775
This patch fixes two issues, described below:
First, the GetTopLevelDocument function was looking at the browsing
context tree. It should look at the window context tree, as looking at
the browsing context tree means that if you're in a discarded or
about-to-get-discarded document, you can end up with a document from a
different tree. Computing intersections between those of course makes no
sense and triggers the assertion we're enabling.
Second, this patch fixes an issue when you have fission enabled, and a
setup such as:
A1 -> B1 -> A2
If you try to use IntersectionObserver from A2 with the implicit root,
we'd end up with:
* rootRect: A1's root scrollport rect (this is fine, because it's only
used to compute the root margin and bounds and so on, not
to compute geometry).
* rootFrame: A1's root scroll frame (this is _not_ fine, see below).
Then, we'd try to map rects from A2's target to A1's viewport, and we
can't really do that sensibly with the existing nsLayoutUtils functions,
because we're not accounting for all the OOP iframe transforms that may
be going on. This also triggers the assertion that this patch enables in
same-origin-grand-child-iframe.sub.html.
To fix it, for the A2 case, use the same code that we have for other OOP
iframes. The test tweaks fails with fission enabled without the patch
(because we don't account for the OOP iframe clip).
Differential Revision: https://phabricator.services.mozilla.com/D92089
We would like to remove `page_had_media_count` and use a new probe `in_page_count` to record the total number of top level content documents using media.
Therefore, we would rename WindowContext's `DocTreeHadAudibleMedia` to `DocTreeHadMedia` in order to support the new usage.
In the future, if we want to know something like "the percentage of media element is being used for MSE/EME?", then this scalar can be the base and used to calculate the answser.
Differential Revision: https://phabricator.services.mozilla.com/D83225
We determine which media session is active media session in chrome process, but the media session in content process doesn't know the detail.
This patch would store the active session context Id on the top level WindowContext, so that media session in content process can know if it's an active context or not, which helps to trigger the action handler only on active media session, after changing our propagation mechanism in following patches.
Differential Revision: https://phabricator.services.mozilla.com/D88106
If we're after shutdown, then this variable will have been cleared.
This is the remaining use that was failing to do a null check, and
it was manifesting as a very low-volume crash.
Differential Revision: https://phabricator.services.mozilla.com/D87503
Popup permissions initialized with the result of checking if the
constructing WindowContext's principal is allowed to open a popup. The
field is updated for all WindowContexts sharing a principal whenever
the popup permission for that nsIPrincipal changes.
Differential Revision: https://phabricator.services.mozilla.com/D86378
`ReadyToExecuteParserBlockingScripts` was walking the ancestor chain but
would stop if it hit an OOP ancestor. With this change we walk the
`WindowContext` tree instead, so that we may skip over OOP ancestors
and continue checking all in process ancestors.
Differential Revision: https://phabricator.services.mozilla.com/D86436
Tom Schuster
Andreas Farre
Olli Pettay
Sean Feng
Mirko Brodesser
Edgar Chen
Nika Layzell
Toshihito Kikuchi
Andi-Bogdan Postelnicu
Kris Maglione
Simon Giesecke
Mihai Alexandru Michis
Razvan Maries
Emilio Cobos Álvarez
Narcis Beleuzu
Andi-Bogdan Postelnicu
Dimi Lee
Johann Hofmann
Sylvestre Ledru
julianwels
Brindusan Cristian
alwu
Andrew McCreight
Jean-Yves Avenard
Steven MacLeod