If we can't reach the outer window from the document, then also can't reach the chrome <browser> either.
Therefore, there's no point in firing the event.
Differential Revision: https://phabricator.services.mozilla.com/D2891
--HG--
extra : moz-landing-system : lando
They'll be reopened, so there's no security benefit, but this causes Activity
Monitor to not report the processes as 'not responding'.
Differential Revision: https://phabricator.services.mozilla.com/D2855
--HG--
extra : moz-landing-system : lando
Screen's MediaCapabilities extensions aren't fully defined yet, but we don't want this to be blocking the release of the remaining features.
As such, we place those extensions behind a new pref: media.media-capabilities.screen.enabled
Differential Revision: https://phabricator.services.mozilla.com/D3060
--HG--
extra : moz-landing-system : lando
This patch was written entirely by the following script:
#!/bin/bash
if [ ! -d "./.hg" ]
then
echo "Not in a source tree." 1>&2
exit 1
fi
find . -regex '.*\(ref\|crash\)test.*\.list' | while read FILENAME
do
echo "Processing ${FILENAME}."
# The following has four substitutions:
# * The first one replaces the *first* argument to fuzzy() when it doesn't
# have a - in it, by replacing it with an explicit 0-N range.
# * The second one does the same for the *second* argument to fuzzy().
# * The third does the same for the *second* argument to fuzzy-if().
# * The fourth does the same for the *third* argument to fuzzy-if().
#
# Note that this is using perl rather than sed because perl doesn't
# support non-greedy matching, which is needed for the first argument to
# fuzzy-if.
perl -pi -e 's/(fuzzy\()([^ ,()-]*)(,[^ ,()]*\))/${1}0-${2}${3}/g;s/(fuzzy\([^ ,()]*,)([^ ,()-]*)(\))/${1}0-${2}${3}/g;s/(fuzzy-if\([^ ]*?,)([^ ,()-]*)(,[^ ,()]*\))/${1}0-${2}${3}/g;s/(fuzzy-if\([^ ]*?,[^ ,()]*,)([^ ,()-]*)(\))/${1}0-${2}${3}/g' "${FILENAME}"
done
Differential Revision: https://phabricator.services.mozilla.com/D2974
--HG--
extra : moz-landing-system : lando
The MediaCache reads content by block of BLOCK_SIZE bytes (currently 32kB). As such, if a content being fetched is less than BLOCK_SIZE, it will always be fully read from offset = 0. We can then seek within this buffered content regardless of the underlying HTTP connection supporting request-range or not.
test_bug686942.html is ultimately testing a racy behaviour: it attempts to seek into a resource that isn't always seekable (http.js doesn't report Range -Request support for small files). The seekable range becomes then the buffered range which at the time of loadedmetadata may not be set yet.
Differential Revision: https://phabricator.services.mozilla.com/D3028
--HG--
extra : moz-landing-system : lando
If PeerConnection initialization terminates early due to an excpetion localIdp, and remoteIdp aren't created.
This causes another exception in close(). The patch checks that they each exist in close before attempting to
access them.
Differential Revision: https://phabricator.services.mozilla.com/D2686
--HG--
extra : moz-landing-system : lando
This renames the RTCRTPStreamStats partial dictionary to match the recent spec changes
Differential Revision: https://phabricator.services.mozilla.com/D2682
--HG--
extra : moz-landing-system : lando
Right now, a lot of test code relies on side-effects of SpecialPowers being
loaded into frame script globals. In particular:
- It forces permissive COWs from those scopes, which allows frame scripts to
pass objects from those scopes to unprivileged content that they otherwise
wouldn't.
- It imports a bunch of helper modules and WebIDL globals which would
otherwise not be available.
Fortunately, this seems to only impact test code at this point. But there's a
real down-the-road risk of it impacting shipping code, which ends up working
in automation due to the side-effects of SpecialPowers, but failing in real
world use.
MozReview-Commit-ID: G27eSSOHymX
--HG--
extra : rebase_source : 1702e63fed719fc92def2bdbbb8a7c53572432db
extra : source : 41bedc526dd6ec6b7e8c7be1c832ac60c81d6263
Allows non-XUL chrome privilege documents to also use the command
dispatcher. The command dispatcher is created lazily since it will not
always be used.
Update test to reflect removal of the XUL attribute "commandDispatcher"
from content privilege XUL.
MozReview-Commit-ID: HUXMG9kx4ft
Create a "commandset" custom element that performs the job of adding and
removing command updaters that XULDocument use to do. Previously, the
"commandupdater" attribute was allowed on any element, but in tree it is
only every used on "commandset" elements.
MozReview-Commit-ID: HUXMG9kx4ft
The next part in this series depends on this to implement the
HTMLImageElement's decoding attribute. This functionality allows the
caller to force an nsImageLoadingContent and its associated nsImageFrame
and nsSVGImageFrame objects to synchronously decode an image at draw
time. It will only synchronously decode if it has completed metadata
decoding (i.e. knows its size) and has received all of the encoded data;
this mirrors the load event criteria for an image.
Summary:
Only implemented by nsWebBrowser, only 2 methods used in TabChild.
Move methods to nsWebBrowser implementation and remove unused methods,
change names to something more obvious, and remove interface.
MozReview-Commit-ID: 4WwBrVWQEVy
Test Plan: Try run
Reviewers: nika
Tags: #secure-revision
Bug #: 1480645
Differential Revision: https://phabricator.services.mozilla.com/D2752
Summary:
We only use one branch of the property set method in
nsIWebBrowserSetup, in one place. Expose this setting in the C++ API
and remove the XPCOM interface.
This patch also exposes the nsWebBrowser.h header to the codebase,
meaning we can possibly start removing some uses of nsIWebBrowser
elsewhere.
MozReview-Commit-ID: G3gnRWJUx6M
Test Plan: Try run
Reviewers: nika
Tags: #secure-revision
Bug #: 1480643
Differential Revision: https://phabricator.services.mozilla.com/D2736
Summary:
nsIWebShellServices is only implemented by nsDocShell, and only used
in one place in C++. Move definitions to nsIDocShell, and rename
functions to show they are only used as part of Charset changes.
MozReview-Commit-ID: DOSeE3Doc51
Test Plan: Try run
Reviewers: nika
Tags: #secure-revision
Bug #: 1480628
Differential Revision: https://phabricator.services.mozilla.com/D2692
Right now, a lot of test code relies on side-effects of SpecialPowers being
loaded into frame script globals. In particular:
- It forces permissive COWs from those scopes, which allows frame scripts to
pass objects from those scopes to unprivileged content that they otherwise
wouldn't.
- It imports a bunch of helper modules and WebIDL globals which would
otherwise not be available.
Fortunately, this seems to only impact test code at this point. But there's a
real down-the-road risk of it impacting shipping code, which ends up working
in automation due to the side-effects of SpecialPowers, but failing in real
world use.
MozReview-Commit-ID: G27eSSOHymX
--HG--
extra : rebase_source : c528dffe3a54eec75ad6cb358980b783b00eb4a4
Summary: When removing frames from the trackbuffer we may remove frames outside the original removal interval as we must remove all frames depending on the removed frames.
Differential Revision: https://phabricator.services.mozilla.com/D2837
PresShell does this already.
I updated the scroll / drag code as well, but I need to admit I didn't figure
out how to write a test for it. The rest of the codepaths are needed for the
added test to pass.
Differential Revision: https://phabricator.services.mozilla.com/D2871
We shouldn't fire mouseenter / leave based on the light tree, but the
flattened tree, the same way as the rest of the hover code works.
Differential Revision: https://phabricator.services.mozilla.com/D2866
nsJSObjWrapper::mJSObj can be a cross-compartment wrapper, so we can't use it with JSAutoRealm. Store a (same-compartment) global and use that instead.
We want to be able to enter the Realm we were in when the callback was created
before calling it, but if the callback stores a cross-compartment wrapper we
don't really have a good way to find that Realm. So we store it explicitly by
storing a global when the callback is created.
The changes to the constructor signatures to use JSObject* instead of
JS::Handle<JSObject*> are so we can avoid having to root the global for these
calls. These changes make two of the constructors ambiguous when nullptr is
being passed for the first arg; this patch adds casts to disambiguate.
Remove unused PromiseWindowProxy code and nsGlobalWindowInner::AddPendingPromise and nsGlobalWindowInner::RemovePendingPromise
Differential Revision: https://phabricator.services.mozilla.com/D2621
--HG--
extra : moz-landing-system : lando
We originally thought that this would enable us to disconnect from the
windowserver local service (which is a significant sandbox escape risk),
however investigations revealed that that requires changes to WebGL and thus
will be handled separately.
This also corrects an incorrect usage of the (undocumented) APIs for closing
windowserver connections. If CGSSetDenyWindowServerConnections is called while
there are open connections it is a no-op, so it must be called after
disconnecting any open connections.
Differential Revision: https://phabricator.services.mozilla.com/D2478
--HG--
extra : moz-landing-system : lando
Add new log module which allow us to debug by using "MOZ_LOG=Autoplay:5".
MozReview-Commit-ID: 9CG5JyCw21G
--HG--
extra : rebase_source : c71c4bbed88b07a7803d93b661bfeac37cb94035
This introduces the machinery needed to generate crash annotations from a YAML
file. The relevant C++ functions are updated to take a typed enum. JavaScript
calls are unaffected but they will throw if the string argument does not
correspond to one of the known entries in the C++ enum. The existing whitelists
and blacklists of annotations are also generated from the YAML file and all
duplicate code related to them has been consolidated. Once written out to the
.extra file the annotations are converted in string form and are no different
than the existing ones.
All existing annotations have been included in the list (and some obsolete ones
have been removed) and all call sites have been updated including tests where
appropriate.
--HG--
extra : source : 4f6c43f2830701ec5552e08e3f1b06fe6d045860
This introduces the machinery needed to generate crash annotations from a YAML
file. The relevant functions are updated to take a typed enum (in C++) and an
integer constant (in JavaScript). A JavaScript wrapper around the crash
reporter service is provided to hold the constants. The existing whitelists
and blacklists of annotations are also generated from the YAML file and the
existing duplicate code has been consolidated. Once written out to the .extra
file the annotations are converted in string form and are no different than
the existing ones.
All existing annotations have been included (and some obsolete ones removed)
and all call sites have been updated including tests.
--HG--
extra : rebase_source : b4f0d4bf83c64851028c271d3fab3ebcb6fbcd3e
This introduces the machinery needed to generate crash annotations from a YAML
file. The relevant functions are updated to take a typed enum (in C++) and an
integer constant (in JavaScript). A JavaScript wrapper around the crash
reporter service is provided to hold the constants. The existing whitelists
and blacklists of annotations are also generated from the YAML file and the
existing duplicate code has been consolidated. Once written out to the .extra
file the annotations are converted in string form and are no different than
the existing ones.
All existing annotations have been included (and some obsolete ones removed)
and all call sites have been updated including tests.
--HG--
extra : rebase_source : f0e8d229581ac5c0daa0e0454cb258746108e28d
I generally tried to preserve the behavior of consumers where they treated an
exception from getInterface(Ci.nsIContentFrameMessageManager) as a signal to use
some sort of fallback.
I did change the behavior of consumers that walked up to the root same-type
docshell before getting the message manager to just get it directly from the
docshell they have. Please review those parts carefully, and let me know if you
want me to ask some subject area experts to review those.
This is based on the same rules as for the majority of the rest of mozilla-central.
MozReview-Commit-ID: 2O1jH8cNXIj
--HG--
extra : rebase_source : b6788a231f70521398ef8783bebce99384a344d9
This is done by implementing a fake cubeb backend that implements the subset of
operations we need, while offering an API to be able to control what this
backend is doing.
Because we're reimplementing the private cubeb API, it is necessary to copy
part of a cubeb internal header, and mimick exactly how the vtable mechanism to
do the dynamic dispatch to the diffferent backends in cubeb works. This is not
ideal but works.
When the cubeb API functions are called (from deep in the Gecko process), we
re-bind the call to the mock cubeb backend object and behave exactly like a
normal backend (calling various callbacks and returning fake objects).
Finally, we inject this mock cubeb backend to the running Gecko process (in lieu
of the real one that would have been picked) by setting the global sCubebBackend
variable via a private API exposed only in the test in CubebUtils.h.
MozReview-Commit-ID: 8ZbJhl7pZ2t
--HG--
extra : rebase_source : 922a03fa84803ed04aed633795a54b8d2a305e15
Also, clear the array that's been passed in before appending the new devices.
MozReview-Commit-ID: BTnwzyKBrb5
--HG--
extra : rebase_source : 23dbd11720804a30188389bc4408be4b40ad70b2
This is for testing purposes only. Defining ENABLE_SET_CUBEB_BACKEND before
including CubebUtils.h will expose the function. This is not to be set outside
of test files.
MozReview-Commit-ID: D0V8oLj9xo6
--HG--
extra : rebase_source : e80d4c01ff3b28c300de1e6819477ea732c2f157
This is slightly slower, especially if the main thread is busy, but it's cleaner
and actually safe.
MozReview-Commit-ID: 4C2FalxmE3L
--HG--
extra : rebase_source : 3f1341397bede31fcc35dab5a0cbf59b893f9b81
The logic here intends to (as is written in the comment) append one block of
silence to the track to allow for us to underrun one full scratch buffer.
The code doesn't match this behavior however, because if we are not underrunning
by less than a block, we end up appending *less* than a block. This causes us to
append at a later time as the scratch buffer can swallow more (up to a full
block) than we appended.
Without processing this seems to work because of timing and ordering, but
with processing (aec/agc/ns) we tend to add 71
(512 for an iteration - 441 packed) samples of silence,
leaving us to hit the assert with a 44% ((128-71)/128) chance during subsequent
iterations.
Differential Revision: https://phabricator.services.mozilla.com/D2644
--HG--
extra : moz-landing-system : lando
Copy over non-rule font faces to the static clone document that is used
during printing.
MozReview-Commit-ID: 8ggNrCcVpEK
--HG--
extra : rebase_source : 27e270edd28c3ecf19a99f4df5398a89e6c53e6a
Various web authors have expressed desire to know in advance whether autoplay
will work.
They want this in order to avoid paying the price for downloading media that
won't play. Or they want to take other action such as showing a poster image
instead.
This is of particular interest to Firefox, as we're planning on showing a
prompt to ask the user whether they would like a site to play. If sites want to
determine whether they can autoplay but avoid the prompt showing, they won't be
able to just call play() in Firefox and see whether it works, as that would
likely show the prompt if the user doesn't already have a stored permission.
We've been working out a spec here:
https://github.com/whatwg/html/issues/3617#issuecomment-398613484
This implements what is the consensus to date there;
HTMLMediaElement.allowedToPlay, which returns true when a play() call would not
be blocked with NotAllowedError by autoplay blocking policies.
MozReview-Commit-ID: AkBu0G7uCJ0
--HG--
extra : rebase_source : 3f31db79aa1e570fdd9fc7062d0ddac7c96a8931
AutoSafeJSContext enters the unprivileged junk scope, so CreateSandbox returned a wrapper and then we used the wrapper's global instead of the sandbox global. We now use AutoJSAPI with a null realm.
Mostly automatic via sed. Only parts which I touched manually (apart from a
couple ones where I fixed indentation or which had mispelled arguments) are the
callers. I may have removed a couple redundant `virtual` keywords as well when
I started to do it manually, I can revert those if wanted.
Most of them are just removing the argument, but in Element.cpp I also added an
assertion for GetBindingParent when binding the ShadowRoot's kids (the binding
parent is set from the ShadowRoot constructor, and I don't think we bind a
shadow tree during unlink or what not which could cause a behavior difference).
Differential Revision: https://phabricator.services.mozilla.com/D2574
MozReview-Commit-ID: 2oIgatty2HU
dvarga
alwu
Imanol Fernandez
Alex Gaynor
Jean-Yves Avenard
L. David Baron
Jeremy Lempereur
Ciure Andrei
Nico Grunbaum
Philipp Hancke
Kris Maglione
Brindusan Cristian
Luke Wagner
Jonathan Kingston
Brendan Dahl
Andrew Osmond
Csoregi Natalia
Jon Coppeard
Olli Pettay
Kyle Machulis
Emilio Cobos Álvarez
Jeff Gilbert
Jan de Mooij
Noemi Erli
Andrea Marchesini
Brian Hackett
Dorel Luca
Boris Zbarsky
Bryce Van Dyk
Perry Jiang
Bogdan Tara
Kristen Wright
Narcis Beleuzu
Kartikaya Gupta
Cosmin Sabou
Masatoshi Kimura
Dave Townsend
Andreas Pehrson
Gabriele Svelto
Thi Huynh
Himanshu Teli
Ehsan Akhgari
Coroiu Cristina
Paul Adenot
Mark Banner
Jan-Ivar Bruaroey
Andreea Pavel
Nika Layzell
Tooru Fujisawa
Jorg K
Nicholas Nethercote
Brendan Dahl
Chris Pearce
Zibi Braniecki