In this case we should look for next highest tabindex or do end searching
handling, instead of just check the root content.
Differential Revision: https://phabricator.services.mozilla.com/D14798
--HG--
extra : moz-landing-system : lando
Avoid use-after-free by getting a RefPtr to a transaction before calling
content code that could cause its deallocation.
Differential Revision: https://phabricator.services.mozilla.com/D14427
--HG--
extra : moz-landing-system : lando
This initializes a one of the stats that lost its default initialization when it was changed from an Atomic to a plain old int.
Differential Revision: https://phabricator.services.mozilla.com/D14978
--HG--
extra : moz-landing-system : lando
JSStackFrames are C++ objects that are exposed to chrome JS and keep
alive content JS. This means that if chrome JS leaks a stack frame
then a window can be leaked.
The basic idea of this patch is to think of JSStackFrames as
cross-compartment wrappers, and do a "hueyfix" on them by dropping the
content JS reference when the associated content window is closed.
To do that, this patch modifies the realm private to keep a list of
all live JSStackFrames that have been created with objects in that
realm. When we nuke that realm, we also clear out all of the JS
pointers from the registered stack frames on that realm.
This adds a hash table lookup to the JSStackFrame ctor and dtor, which
is hopefully not too much overhead.
The test works by intentionally leaking a JSStackFrame from chrome JS
and making sure that the window still goes away.
Differential Revision: https://phabricator.services.mozilla.com/D14880
--HG--
extra : moz-landing-system : lando
JSStackFrames are C++ objects that are exposed to chrome JS and keep
alive content JS. This means that if chrome JS leaks a stack frame
then a window can be leaked.
The basic idea of this patch is to think of JSStackFrames as
cross-compartment wrappers, and do a "hueyfix" on them by dropping the
content JS reference when the associated content window is closed.
To do that, this patch modifies the realm private to keep a list of
all live JSStackFrames that have been created with objects in that
realm. When we nuke that realm, we also clear out all of the JS
pointers from the registered stack frames on that realm.
This adds a hash table lookup to the JSStackFrame ctor and dtor, which
is hopefully not too much overhead.
The test works by intentionally leaking a JSStackFrame from chrome JS
and making sure that the window still goes away.
Differential Revision: https://phabricator.services.mozilla.com/D14880
--HG--
extra : moz-landing-system : lando
This code dates back to when we had a concept of parent as distinct from the
concept of global. It was comparing compartments back then because in the
same-compartment case it would just JS_SetParent and return. When we got rid of
the concept of parents, the code was left as-is, even though at that point we
could just as easily compare the two globals.
I believe that in the same-compartment-different-globals case this is safe,
because in that case JS_TransplantObject will just keep using the original
object allocation but JSObject::swap it with the new object, so that it will
pick up the new global.
By forcing our subject principal to be that of the service worker, we confuse
the permissions-checking code in the new process we create for
clients.openWindow. We need to tell the new process about the principal that's
doing work before it does any work.
Further principals (such as the principal for the loaded page) will be passed
down to the child via the various networking channels that we create for it.
Differential Revision: https://phabricator.services.mozilla.com/D14799
--HG--
extra : moz-landing-system : lando
This change fixes a compiler warning, where a VRSensorState object is returned on the stack as a rather large object.
To address this warning, the return type of VRDisplayExternal::GetSensorState now returns a const reference to the member. The rest of the change are updates to uphold the new constness.
Differential Revision: https://phabricator.services.mozilla.com/D13586
--HG--
extra : moz-landing-system : lando
The pref dom.chrome_frame_access.enabled will default to true. When false, it will block various methods that chrome code can use to traverse subframes. The initial list is:
iframe.contentWindow
iframe.contentDocument
window.top
window.parent
window.opener
window.frames[i]
window.frames.length
MessageEvent.source
More blocks are likely to be added in the future.
Differential Revision: https://phabricator.services.mozilla.com/D13180
--HG--
extra : moz-landing-system : lando
By forcing our subject principal to be that of the service worker, we confuse
the permissions-checking code in the new process we create for
clients.openWindow. We need to tell the new process about the principal that's
doing work before it does any work.
Further principals (such as the principal for the loaded page) will be passed
down to the child via the various networking channels that we create for it.
Differential Revision: https://phabricator.services.mozilla.com/D14799
--HG--
extra : moz-landing-system : lando
By taking an rvalue reference and using std::move more aggressively, we can
avoid at least two copies of these closures, which avoids a bit of atomic
refcounting.
Differential Revision: https://phabricator.services.mozilla.com/D14807
--HG--
extra : moz-landing-system : lando
This makes the code much simpler, and also likely much more efficient, since
it does not involve creating a sandbox, and the resulting copies and
cross-compartment-wrapper overhead.
Differential Revision: https://phabricator.services.mozilla.com/D14213
--HG--
extra : rebase_source : d5def81411c651314fb10d19749ffe1642d78dcb
This assumes that all of the notifications for a given origin must be in the
same process. With this patch, we'll always go back to the parent process to
get the notifications. Up next is limiting our search in the parent process to
only the notifications we're looking for.
Differential Revision: https://phabricator.services.mozilla.com/D14774
--HG--
extra : moz-landing-system : lando
The current code assumes that it can get the ServiceWorkerManager in the child
process to send a message to the proper service worker. That isn't true, we
need to ask the parent to do it for us.
Differential Revision: https://phabricator.services.mozilla.com/D14773
--HG--
extra : moz-landing-system : lando
For a better user experience of auto-blocking canvas extraction, this
patch changes the behavior when detecting a canvas extraction without
user interaction. It will show a canvas identity block icon with a
hidden doorhanger when auto-blocking the canvas extraction. Users can
make their choice to either block or allow the canvas extraction by
clicking the identity block icon and then refresh the page to make
the canvas permission taking effect.
Differential Revision: https://phabricator.services.mozilla.com/D14259
--HG--
extra : moz-landing-system : lando
In libavcodec 58 and later, the old avcodec_decode_video2 is broken and only return the first visible frame found after a VP9 super-frame.
This resulted in some YouTube videos for about 10% of the frames to never be returned.
Only the new API properly behaves so we upgrade our code to use it.
Differential Revision: https://phabricator.services.mozilla.com/D14682
--HG--
extra : moz-landing-system : lando
These are undocumented and were only used for the about:webrtc page. They can
be removed without first deprecating them.
Differential Revision: https://phabricator.services.mozilla.com/D14464
--HG--
extra : moz-landing-system : lando
The value for mozAvSyncDelay has been broken since the branch 57 update
(Bug 1341285). We added SetCurrentSyncOffset() but never called it from
anywhere.
In the future we should be getting stats from AudioReceiveStream rather than
modifying the channel code, the delay_estimate_ms field provides almost the
same information.
Since we're attempting to get rid of moz prefixed stats, it makes sense to just
remove this code rather than fix it. The associated telemetry code has been
broken since Bug 1341285 as well so I think it is safe to remove.
Differential Revision: https://phabricator.services.mozilla.com/D14462
--HG--
extra : moz-landing-system : lando
This patch moves all UA Widget calls to helper functions in Element.cpp. The helper function AttachAndSetUAShadowRoot sets the shadow root in a runnable, so that it is in the same order of NotifyUAWidget* runnables.
Differential Revision: https://phabricator.services.mozilla.com/D13479
--HG--
extra : moz-landing-system : lando
This patch moves u2f-hid-rs to 0.2.3 [1], which changes the dependency graph of
u2f-hid-rs to not directly rely on the low-level core-foundation-sys library, as
core-foundation has all the features u2f-hid-rs needs in 0.6.1+.
This patch vendors core-foundation 0.6.3 and core-foundation-sys 0.6.2 as a
consequence.
[1] https://github.com/jcjones/u2f-hid-rs/releases/tag/v0.2.3
[2] d1d36d1044
Differential Revision: https://phabricator.services.mozilla.com/D14569
--HG--
extra : moz-landing-system : lando
Some prefs need to be available before IPC is started, so we serialize a
snapshot when we start launching the process, and then stream further
changes over IPC messages. However, async launch introduces a window
between the snapshot and when the parent can start sending messages,
during which other code can run on the main thread and change prefs.
In order to not lose those updates, they're queued and sent when the
launch is complete.
Depends on D14089
Differential Revision: https://phabricator.services.mozilla.com/D14090
--HG--
extra : moz-landing-system : lando
We need content processes that are created but not finished launching
(not "alive" yet) to be treated differently from ones that have exited
(no longer "alive"), so the boolean mIsAlive is expanded to a 3-state
enumeration, which could be expanded more in the future if needed.
(This is similar to GeckoChildProcessHost::mProcessState, but it's
synchronized with the rest of the ContentParent's state, which can lag
the GeckoChildProcessHost state due to runnable dispatch.)
This patch also removes mIsAvailable/IsAvailable/MarkAsTroubled, which
are unused as of bug 1459212.
Differential Revision: https://phabricator.services.mozilla.com/D14089
--HG--
extra : moz-landing-system : lando
The RTCP timestamps have different timebases and reporting sources, this makes the source and timebase the same for all RTCP stats
Differential Revision: https://phabricator.services.mozilla.com/D7354
--HG--
extra : moz-landing-system : lando
This patch move the actual widget construction to a onsetup method, allow UAWidgetsChild to hold the reference of the widget instance even if the actual setup (happens in the onsetup call) throws. With the reference of the widget kept, UAWidgetsChild will finally able to call its destructor later on.
Depends on D13607
Differential Revision: https://phabricator.services.mozilla.com/D13608
--HG--
extra : moz-landing-system : lando
1. Warning to browser console when calling with empty error fields.
2. Warning to browser console when calling with non-empty payer errors but
corresponding PaymentOptions.requestPayerXXX is false.
--HG--
extra : histedit_source : 816c44a0ceca5202886a48eee96d2ef7f7315487
When talking about autoplay, video without audio track should also be controlled by the pref "media.autoplay.allow-muted".
Differential Revision: https://phabricator.services.mozilla.com/D14480
--HG--
extra : moz-landing-system : lando
Due to the state watcher logic, mirror tasks can be dispatched while in stable state. We must not have visible aJS change during such stable state.
Differential Revision: https://phabricator.services.mozilla.com/D12699
--HG--
extra : moz-landing-system : lando
For *incoming* wrappers this preserves behavior. We nuke *outgoing* wrappers
when all realms in the compartment have been nuked. To implement this I moved
the wasNuked flag from XPConnect to JS::Compartment as nukedOutgoingWrappers and
to JS::Realm as nukedIncomingWrappers.
The code to create a dead wrapper in the nuked compartment/realm case was also
moved into the JS engine. I added a shell test for it.
Differential Revision: https://phabricator.services.mozilla.com/D14149
--HG--
extra : moz-landing-system : lando
For *incoming* wrappers this preserves behavior. We nuke *outgoing* wrappers
when all realms in the compartment have been nuked. To implement this I moved
the wasNuked flag from XPConnect to JS::Compartment as nukedOutgoingWrappers and
to JS::Realm as nukedIncomingWrappers.
The code to create a dead wrapper in the nuked compartment/realm case was also
moved into the JS engine. I added a shell test for it.
Differential Revision: https://phabricator.services.mozilla.com/D14149
--HG--
extra : moz-landing-system : lando
The topic will be skipped if the topic name appears anywhere as a substring
of the env var MOZ_LOG_MESSAGEMANAGER_SKIP.
Example:
MOZ_LOG_MESSAGEMANAGER_SKIP="foobar|extension"
Will match the topics 'foobar', 'foo', 'bar', and 'ten' (even though you may not
have intended to match the latter three) and it will not match the topics
'extensionresult' or 'Foo'.
--HG--
extra : histedit_source : 911b7572481c618551c6faeacfd4a46b6873ed8d
This logging topic will output the topic of MEssageManager data at log
level 4 (debug); and will output the entire content of the data at level
5 (verbose).
--HG--
extra : histedit_source : 7be60b456a1652f9a9985fd4a01571b207a5f9e6
This is done in order to block external protocol URLs in iframes, which cannot
be used to create documents, and they could exec external apps or show prompt
dialogs.
Update mp4parse-rust update script and pull the new version.
This update changes the mp4parse C-API. Specifically, each track can now
have multiple sample descriptions. Previously we'd just exposed the first for
the entire track, and if others were available they were not exposed via the
API. Because of the API change, we update the C++ interface with mp4parse-rust.
We now inspect the sample info to make sure they're consistent with the parsers
expectations:
- Only a single codec is present for a track, multiple codecs in a track will
result in us returning an error.
- Only 0 or 1 crypto info is present for a track, more than one set of info will
result in us returning an error.
We still generalize some of the first sample info to the samples of the track,
as we did before this patch. However, we will now catch the above cases
explicitly.
We now handle crypto information if it is not present on the first sample info.
The parser will iterate through sample infos and use the first set of crypto
info it finds (and fail if it finds 2+).
Differential Revision: https://phabricator.services.mozilla.com/D14107
--HG--
extra : moz-landing-system : lando
If video has not been within the potential visible range (which is larger than viewport) yet, its visibility state won't
be updated and would stay in 'UNTRACK'. As those kinds of video are still invisible to users, we don't need to decode
any video frames, we can suspend their video decoding until they're going to be visible.
Differential Revision: https://phabricator.services.mozilla.com/D13804
--HG--
extra : moz-landing-system : lando
To make sure media sink starts from the correct position, otherwise, we would incorrectly estimate the decoded audio
duration when we directly seek looping audio to EOS. That would results in MDSM continually dispatching decoding tasks
even if we've enough data.
Differential Revision: https://phabricator.services.mozilla.com/D13949
--HG--
extra : moz-landing-system : lando
We have a few places where C++ calls ChromeUtils::Import directly.
I fixed these to pass the target object directly instead of an empty Optional<>.
Differential Revision: https://phabricator.services.mozilla.com/D14180
--HG--
extra : moz-landing-system : lando
I was skimming over the patch in bug 1512043 and wrote this. I think it should
not really affect that patch in any meaningful way, so I may as well land it.
Differential Revision: https://phabricator.services.mozilla.com/D14129
--HG--
extra : moz-landing-system : lando
This is ultimately the root cause of the issue. I'm landing a test to ensure we
notice the behavior change if we make it, in addition to a test for this issue
itself, to ensure that we don't get stuck, since after bug 1510485 we don't
return such nodes from nsFind when window.find is called anyway.
This code made no sense, it only returned true if the binding parent is the node
itself, which as far as I can tell cannot happen, so it was just a very
expensive way to return false.
Differential Revision: https://phabricator.services.mozilla.com/D14122
--HG--
extra : moz-landing-system : lando
This should avoid a sometimes unnecessary heaps allocation and also avoids the
possibility of having a "none" previousBaseStyles.
Differential Revision: https://phabricator.services.mozilla.com/D13984
--HG--
extra : moz-landing-system : lando
Update WebRTC stat deprecation messages which were originally targeting 65, which are now targeting 66.
Differential Revision: https://phabricator.services.mozilla.com/D13950
--HG--
extra : moz-landing-system : lando
This is needed because content-language can affect the default
computed values for a given document.
Differential Revision: https://phabricator.services.mozilla.com/D13636
--HG--
extra : moz-landing-system : lando
Disable SkiaGL on WebRender, since there is a case that R8G8B8X8 is used, but WebRender does not support R8G8B8X8 yet. And SkiaGL is already disabled by Bug 1468801.
Differential Revision: https://phabricator.services.mozilla.com/D14366
The tracking is done using nsAtom origins, similarly to how updates to the
scroll offset are tracked.
Currently, APZ still uses some heuristics to deduce that the main thread
originated a resolution change in some cases, but the intention is to try
to remove those and rely only on this mechanism in the future.
Differential Revision: https://phabricator.services.mozilla.com/D13741
--HG--
extra : moz-landing-system : lando
This will be useful as both an ID for PWindowGlobal, as well as a mechanism for
taking advantage of already synchronized information. As an example, LoadInfo
objects contain the inner window IDs of the window requesting the load, which
can now be used to obtain a reference to the corresponding WindowGlobalParent
in the parent process.
Differential Revision: https://phabricator.services.mozilla.com/D9396
This should make BrowsingContext more usable by making it much easier to obtain
for a given frame or browser. BrowsingContext and nsFrameLoader should have
the same lifetime.
Differential Revision: https://phabricator.services.mozilla.com/D9395
This serves 2 purposes:
1. Provides an object corresponding to an inner window which Chrome JS can hold onto.
2. Provides the object to JS which Chrome JS per-window actors will be attached to.
3. Provides useful information to Chrome JS in the parent process.
Differential Revision: https://phabricator.services.mozilla.com/D9394
This allows getting the set of all window globals for a given browsing context.
This is less useful at the moment as the active window global is not exposed as
such. That will be added as a follow-up.
Differential Revision: https://phabricator.services.mozilla.com/D9393
This actor can be used for communicating with individual frames, without
depending on walking the tree in the content process.
This is not yet complete. No tests have been written for it, the
WindowGlobalParent objects need to be exposed to chrome JS, and a form of JS
actors should be installed under them.
In addition, BrowsingContextChrome objects should be updated to allow access to
the current WindowGlobalParent in that context.
Differential Revision: https://phabricator.services.mozilla.com/D4623
When entering into a Shadow DOM in backward navigation, the frame still points
to the last frame in Shadow DOM which could be a non-focusable frame, so move
the handling of backward navigation for Shadow DOM upward.
Differential Revision: https://phabricator.services.mozilla.com/D14069
--HG--
extra : moz-landing-system : lando
The missing return would have caused an assertion if OpenWindow had failed as you can't reject a promise twice.
Differential Revision: https://phabricator.services.mozilla.com/D14030
--HG--
extra : moz-landing-system : lando
Make consistent use of MozPromise chaining where possible and remove unnecessary refcount.
Differential Revision: https://phabricator.services.mozilla.com/D14029
--HG--
extra : moz-landing-system : lando
The VideoSink shares the AudioSink's own EndedPromise to notify its user that it has ended. As such, the MozPromise used must be non-exclusive.
Using the GenericPromise for such purpose only hid that requirement.
We also remove the MediaSink from the media namespace, and clarify the naming of some arguments and class members to accurately describe what they do.
Differential Revision: https://phabricator.services.mozilla.com/D14024
--HG--
extra : moz-landing-system : lando
MozPromise most common use is to have an single or exclusive listener. By making the MozPromise generated by IPDL exclusive we can also use move semantics.
While at it, we also use move semantics for the ResponseRejectReason and via the callback's reject method so that the lambda used with the MozPromise::Then can be identical to the one used by the IPDL callback.
As it currently is, it provides no advantage over a copy as it's just an enum; however, this will facilitate future changes where it may not be.
Differential Revision: https://phabricator.services.mozilla.com/D13906
--HG--
extra : moz-landing-system : lando
This patch allow nsXULPrototypeElement to set mIsAtom when the namespace is in XHTML.
The value is needed by XULDocument::CreateElementFromPrototype() so we could properly
pass it to NS_NewHTMLElement().
Differential Revision: https://phabricator.services.mozilla.com/D13987
--HG--
extra : moz-landing-system : lando
The webrtc.org capturer implementations do not allow Start to be called more
than once. Previously we worked around this by adding a Stop method that was
called from StopCapture. With this change, we instead free the capturer in
StopCapture and create or re-create it as needed from StartCapture or
FocusOnSelectedSource.
Depends on D14066
Differential Revision: https://phabricator.services.mozilla.com/D14067
--HG--
extra : moz-landing-system : lando