This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
MozReview-Commit-ID: 1Nc3XDu0wGl
--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
extra : intermediate-source : 34c999fa006bffe8705cf50c54708aa21a962e62
extra : histedit_source : b2be2c5e5d226e6c347312456a6ae339c1e634b0
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
MozReview-Commit-ID: 1Nc3XDu0wGl
--HG--
extra : source : 12fc4dee861c812fd2bd032c63ef17af61800c70
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
MozReview-Commit-ID: 1Nc3XDu0wGl
--HG--
extra : rebase_source : c004a023389f1f6bf3d2f3efe93c13d423b23ccd
This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.
Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.
This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.
MozReview-Commit-ID: 5w17celRFr
--HG--
extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe
extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006
Recognize the graphics-document, graphics-object, and graphics-symbol
ARIA roles, mapping them to the DOCUMENT, GROUPING, and GRAPHIC internal
roles respectively.
JAWS uses QueryService for these.
Using QI avoids a cross-process call, since we have these interfaces cached.
More importantly, if QS is used, the handler won't get used for that object, so our caching won't be used.
MozReview-Commit-ID: Ejc2Bjp7NSv
--HG--
extra : rebase_source : f0154a6691d4d6be97e9aa60b0613ff04f76b7ff
We just return failure for these, thus avoiding a pointless cross-process call.
I also updated the comment for an existing service, since I discovered its constant name.
MozReview-Commit-ID: E5hjhR6nYtv
--HG--
extra : rebase_source : 8f01da6b98a881809a106a03eb611aadc90a6d20
Most of the Shadow DOM related code are behind "dom.webcomponents.enabled" and
this pref is only used by Shadow DOM right now, so we should rename it to
"dom.webcomponents.shadowdom.enabled"
MozReview-Commit-ID: er1c7AsSSW
In theory other radixes can be passed in but we don't actually handle them.
This asserts that the radix is supported and just switches over to using 10 and
16 directly.
--HG--
extra : rebase_source : 71891302d499bfd108a5bb41626d921b3be193ce
When switching from a tab to another, accessibility layers needs to get
events about the tab switch before events about the newly-focused
element of the document.
This changeset does it so by first making IsUpdatePending() not only
watch for the document's pending updates, but also its parent's pending
updates, so that the document doesn't process focus events immediately,
but queue them.
Then, WillRefresh for the document should not process events until its
parent chrome has finished processing its content insertion events
(corresponding to the tab switch).
Eventually, ScheduleContentInsertion can not afford leaving an empty
array of notifications and not a schedule processing any more.
(was introduced by c2aeece5eb10 'Bug 1242989 - keep content insertions
in a hash')
We weren't checking for null previously, thus causing a crash when there was no caret.
MozReview-Commit-ID: 6NNRafcVPhb
--HG--
extra : rebase_source : 7d6bfc8c776c1be1429da8c2c94f4bda232c6314
Bug 1422201 changed GetIAccessibleFor so it only handles remote ids when called on the root accessible.
However, this breaks webextension popup documents.
These popups have their own HWND, so the root accessible of that HWND needs to handle accChild for ids in remote documents within that HWND.
Therefore, expand the restriction to cover the root accessible of any HWND, not just the main HWND.
MozReview-Commit-ID: 69v4XSeQLcS
--HG--
extra : rebase_source : bf5c5e0a475424b2276800d1a10ab1a46c136bd6
In the next changeset we will remove the nsIDOMXULPopupElement interface, which
was only used to make sure that this role is set. There wasn't a test covering
this case yet, so this changeset adds one.
Note that we are using a mochitest-browser test as opposed to directly testing
markup like `<panel><richlistbox /></panel>` in a mochitest-chrome test so that
we'll actually be able to catch a regression if the markup for the awesomebar changes.
MozReview-Commit-ID: KGaxQZTDq69
--HG--
extra : rebase_source : 671b718fd010b5f6a2036a695d2c4c03c8b64654
Previously, in the parent process, we were treating positive child ids as remote unique ids.
This of course failed when searching remote documents and returned early.
Make sure we only treat ids as remote if they are less than 0.
Ids above 0 are child indices and are handled later in the code for both local and remote children.
MozReview-Commit-ID: 2KmFj6rTXTV
--HG--
extra : rebase_source : 273496a3f6420d184f71795095937638e1e3e2ca
Previously, we could return remote accessibles which weren't actually descendants of the accessible on which accChild was called.
For example, calling accChild on a local document with the id of a remote document would happily return the remote accessible.
This confused clients such as NVDA which use accChild to check whether something is a descendant of a document.
MozReview-Commit-ID: 8mJ4m6RC3r2
--HG--
extra : rebase_source : c56040d84e09c2b9ede94985cdd94606c27160a3
When querying text attributes, Gecko can return an end offset less than the requested offset in some rare cases, which isn't valid.
This is perhaps because the text mutated during the attribute fetching loop for some reason, making the requested offset invalid.
We now check the end offset and break out of the loop in this case.
This fixes a freeze after sending a message in OX Mail with NVDA.
MozReview-Commit-ID: 1lVSLAdOcS7
--HG--
extra : rebase_source : 048fbed8ddc591f62c17d559483bfe2f1542431c
Both Provider and Handler need to release the interfaces in StaticIA2Data.
Therefore, move this into a common function to avoid duplication pain in future.
MozReview-Commit-ID: 7J4iuvDa8m2
--HG--
extra : rebase_source : 98c97b51c27c318ba987787518cfd70bda8967d4
We need to clean up the VARIANT and BSTRs in DynamicIA2Data in the handler as well.
We do this in two places:
1. Before reading a new payload (because we need to clean up the existing payload); and
2. When we're being destroyed.
MozReview-Commit-ID: GvO7csuxtwZ
--HG--
extra : rebase_source : 92cc9a64deddee07bbbc77e53117c15351816778
DynamicIA2Data contains several BSTRs that need to be freed with SysFreeString.
Previously, we just did a ZeroMemory without actually freeing them.
This cleanup code is placed in a header file so it can be used by AccessibleHandler as well.
MozReview-Commit-ID: 4SWuK9oMRYZ
--HG--
extra : rebase_source : e7358752e7eee1bae000e4005832bfc48c9342af
If a client requests all text (via IAccessibleText::text with IA2_TEXT_OFFSET_LENGTH), it's quite likely they will want all other information about the text as well; i.e. embedded objects and attributes.
Therefore, fetch all of this using a single cross-process call.
The text is immediately returned to the client.
The hyperlinks and attributes are cached for later return to the client when they call the appropriate methods.
They are only cached for one call; i.e. after the client retrieves them, the cache is dropped.
This makes memory management simpler and lowers the risk of cache invalidation problems.
MozReview-Commit-ID: FgFkX8J7wg1
--HG--
extra : rebase_source : e521d6ca7b00fcf1aad1f0ada299bac4c4b85c50
This allows the handler to fetch all text information in a single cross-process call when appropriate.
Normally, it would be a minimum of 3 calls, plus one call for each additional attribute run.
MozReview-Commit-ID: K5x9bAWiWWJ
--HG--
extra : rebase_source : fbf89ff79d7afcff6bcc32ff940f9e06c1e7f136
We want to be able to cache data related to both IAccessibleText and IAccessibleHypertext2 in a single call.
This is difficult with the tearoff because separate instances of the tearoff get created for the two interfaces.
Ensuring we use the same instance means working around reference cycles.
We could maintain a separate cache object, but that makes things more complex.
Therefore, it's much simpler to get rid of the tearoff.
A few things to note:
1. ResolveAccHypertext has been renamed to ResolveIAHypertext for consistency with the rest of AccessibleHandler.
2. mAccHypertextProxy has been renamed to mIAHypertextPassThru for consistency with the rest of AccessibleHandler.
3. mIAHypertextPassThru is a weak reference (just like the rest of the passthru pointers) because it refers to a proxy interface and the proxy aggregates the handler.
Thus, we release it immediately to avoid reference cycles.
When it was a tearoff, this was not the case; it was a strong reference.
MozReview-Commit-ID: 8NwPA0T1MFX
--HG--
extra : rebase_source : 57c4d19516d01b820bb3b4c1a9974ff3b889ed64
As per the spec, if there are no hyperlinks, the hyperlinks array should be set to null and S_FALSE should be returned.
This saves pointless memory management when there are no hyperlinks.
MozReview-Commit-ID: 9wsiXBely6G
--HG--
extra : rebase_source : bc1f6b8a04205939b322393674414365fd89f39a
For elements such as divs which have no enumerated MSAA role, we return a string.
First, we try the ARIA role, and failing that, we use the tag name.
However, if the author specifies role="", we previously failed.
Instead, we now fall back to the tag name for an empty role string.
That is, we treat the non-existence of the attribute or an empty string value the same way.
Although this is invalid markup, it occurs in the wild, and accRole failing breaks handler caching.
Note that this patch also removes a check for msaaRole != ROLE_SYSTEM_CLIENT when getting a string role.
This check is now pointless because we've already returned earlier if msaaRole != USE_ROLE_STRING.
That is, msaaRole can only be USE_ROLE_STRING at this point.
MozReview-Commit-ID: 7PVvU5V2uO4
--HG--
extra : rebase_source : 7aa1baee31393291ed15e8d6687e6a2d576f858c
Previously, it was querying for IID_IAccessibleHypertext, but this is actually an IAccessibleHypertext2 pointer.
This meant we were crashing when trying to call an IAccessibleHypertext2 method.
This was a regression introduced in bug 1419362.
MozReview-Commit-ID: 7akjIfNuIh3
--HG--
extra : rebase_source : 18e126e3b47bc5a8f486870a285668a7f85e95c9
The base implementation of accFocus can't handle the case when a remote document has focus and just returns no focus (VT_EMPTY).
Override accFocus on the root accessible to try the accessible for the remote document in the active tab in this case.
This fixes focus loss with NVDA when dismissing the System menu.
MozReview-Commit-ID: 1jhAv08rDFU
--HG--
extra : rebase_source : 7381b397724f21ba894dc94a051996e5d96c642d
Key accessibility off of the tag name instead of the role attribute
and load styles in global.css instead of <resources>
MozReview-Commit-ID: Epv0rHHzbz0
--HG--
extra : rebase_source : 2239c8ccca8d899b4c4144faab7212f120f00e23
1. Bug 1363595 added support for retrieving accDefaultAction from the cache, but the value was never cached in the first place.
This would have meant that accDefaultAction was returning nothing to clients.
2. Since accDefaultAction is the name of the first action, we can also use this cached value for IAccessibleAction::name for index 0.
MozReview-Commit-ID: 6PGRH45kKdB
--HG--
extra : rebase_source : 52688f1e44ad7613c5dd14903b6240a51aa2d4eb
The handler's implementation of IAHyperlink just forwards calls through to the proxy.
However, it exists because we want the cache to be used when a hyperlink is retrieved.
When querying from the handler to IAHyperlink, we should use the same implementation.
This is mostly about consistency/correctness, especially as we're increasing complexity.
MozReview-Commit-ID: AwYibrFzUyf
--HG--
extra : rebase_source : 3d8f33639190a4220a21d0a6eeac401829d8345c
The proxy manager caches interfaces marshaled in the payload and returns them on QI without a cross-process call.
However, it doesn't know about interfaces which don't exist.
We can determine this from the payload, since interfaces which don't exist will have a null pointer.
We use this information to avoid querying the proxy in this case.
MozReview-Commit-ID: FnzDetmTiPP
--HG--
extra : rebase_source : 076ce714a69d3883a149487e5f9235ff495eedd0
Now that virtual buffers have to render across processes, we want to eliminate as many cross-process calls as possible.
This includes QueryInterface calls, since buffers query for several interfaces on every node they visit.
To avoid these cross-process QI calls, we include interfaces clients are likely to request in the handler payload.
This way, they get marshaled in the single call used to retrieve the object.
This patch does the following:
1. Passes the interceptor when building the payload.
We need this so we can get interceptors for other interfaces.
2. Splits the payload into two main parts: a static part and a dynamic part.
The (new) static part contains the interface pointers. The dynamic part contains the rest.
This is necessary because the refresh call cannot pass the interceptor, but the interceptor is needed to build the static part.
Also, re-building the static part is pointless when refreshing.
3. Includes the interface pointers in the payload (BuildStaticIA2Data).
The pointers also have to be cleaned up after marshaling.
4. Releases the interface pointers in the handler after the payload is received.
We do this because they're aggregated by the proxy manager as they're unmarshaled.
MozReview-Commit-ID: 6VRLMNScgwW
--HG--
extra : rebase_source : 249589643b7a69e870962ea55a44849bf03a2693
Reorder DocAccessibleParent's and DocAccessibleChild's constructor initializer lists to fix these VS2017 warnings:
a11y/DocAccessibleParent.h(32): warning C5038: data member 'mozilla::a11y::DocAccessibleParent::mShutdown' will be initialized after data member 'mozilla::a11y::DocAccessibleParent::mEmulatedWindowHandle'
accessible/ipc/win/DocAccessibleChild.cpp(22): warning C5038: data member 'mozilla::a11y::DocAccessibleChild::mEmulatedWindowHandle' will be initialized after data member 'mozilla::a11y::DocAccessibleChild::mIsRemoteConstructed'
MozReview-Commit-ID: 8flWtpe13ob
--HG--
extra : rebase_source : 96528a886c099897df691623948d755eecda119f
The Compatibility code previously only tested for OsmHooks.dll to detect Baum Cobra.
However, the 64 bit dll is called OsmHks64.dll.
Update the code to test for both so that detection works in 64 bit processes.
Aside from telemetry, this is also needed to ensure that the InSendMessageEx hook is used to work around RPC_E_CANTCALLOUT_ININPUTSYNCCALL.
MozReview-Commit-ID: FjliZybHrZH
--HG--
extra : rebase_source : a4b53abf86206dd8ecb4965a6ce1ba31545f0197
This is a large patch which tries to switch many of the external consumers of
nsGlobalWindow to instead use the new Inner or Outer variants.
MozReview-Commit-ID: 99648Lm46T5
Bug 873444 implemented support for IAccessibleHypertext2.
AccessibleHandler's AccessibleTextTearoff needs to be updated accordingly, thus eliminating an additional cross-process QueryInterface for IAHypertext2 when the client also wants IAText.
MozReview-Commit-ID: EGqYX7jY9Cp
--HG--
extra : rebase_source : cc79b605bf75538bebc10b104e5f6771bc52d2f4
This also adds the lookup infrastructure required for converting other XUL elements to this method of creating accessibles.
MozReview-Commit-ID: GAO63iUNMAn
--HG--
extra : rebase_source : cc3194eae7881d1b041c4241e1e8ed4aee37ef7c
AccessibleHandler's AccessibleTextTearoff currently makes separate queries for the IAccessibleText and IAccessibleHypertext interfaces.
However, IAccessibleHypertext inherits from IAccessibleText, and wherever one of these interfaces are present, Gecko always implements both.
Therefore, we should just query for and use IAccessibleHypertext for all of these methods, thus saving a cross-process call should a client want both interfaces.
MozReview-Commit-ID: Fb5P7IGDAZZ
--HG--
extra : rebase_source : 08c9484989eaf8b810ef6f9ababf354eee8fa7f8
This allows for fetching of all hyperlinks instead of one at a time, which improves performance for a cross-process client.
MozReview-Commit-ID: 8wso3EqBqwP
--HG--
extra : rebase_source : f972076e5b65a8c882f9a07a82b67eeefc85d8a4
IAccessibleHypertext::hyperlink returns an IAccessibleHyperlink, not an IAccessible2.
previously, the handler didn't know about this interface, so it wasn't used.
Thus, any accessibles retrieved in this way did not benefit from the cache.
This patch teaches the handler about IAccessibleHyperlink so the handler gets used in this case.
MozReview-Commit-ID: 17CxxGyCLrE
--HG--
extra : rebase_source : 7f933bfd880c9ee009eafe8cee4ece4ef83004cd
IAccessible2_2::get_attribute is not implemented yet in Gecko.
However, the handler still passes this through, thus resulting in a pointless cross-process call.
Instead, just return E_NOTIMPL in the handler for this method.
MozReview-Commit-ID: 5XHieUC4cuz
--HG--
extra : rebase_source : 814ceda6d9dd4ec26f05a4ff90bbd4af2a6eb84e
It's a sub-class of nsAtom, useful for cases where you know you are dealing
exclusively with static atoms. The nice thing about it is that you can use
raw nsStaticAtom pointers instead of RefPtr<>. (In fact, the AddRef/Release
implementations ensure that we'll crash if we use RefPtr<nsStaticAtom>.)
MozReview-Commit-ID: 4Q6QHX5h44V
--HG--
extra : rebase_source : e4237f85b4821b684db0ef84d1f9c5e17cdee428