This patch is going to neutralize the threat of fingerprinting of performance API
by spoofing the value of performance timing into 0, making getEntries* functions
always returns an empty list and making mark() and measure() into NOP methods.
In addition, this patch changes nsContentUtils::ShouldResistFingerprinting() to
allow it can be called in both main thread and worker threads.
MozReview-Commit-ID: C8Jt7KEMe5e
--HG--
extra : rebase_source : 85cbf66881c868ca5109022ffd4af81e3ab0a049
With nsIDocument::IsScriptTracking, we know that whether a script is a tracking script. If the XHR is created by a tracking script, we want to lower the priority of the http channel.
--HG--
extra : rebase_source : 7c9d2a545968a50c8ec34a3395132f0d99087058
Currently, we only correctly support remote layer trees for frameloaders that
use the same layer manager as their document. Since we need to be able to host
remote <browser> content in popup widgets for remote WebExtensions, we need to
tie the frameloaders to the layer manager of their host element, rather than
the root layer manager for the document.
MozReview-Commit-ID: 4RCsamFBiQw
This part is mainly to mark the channel as urgent-start if src related
attributes in HTMLImageElement and HTMLInputElement is set and the channel is
open due to user interaction. Unfortunately, we cannot just check the event
state just after creating channel since some loading image tasks will be queue
and execute in stable state. Thus, I store the event state in elements and
pass it to the place where create the channel.
MozReview-Commit-ID: GBdAkPfVzsn
--HG--
extra : rebase_source : 715352317b4b600f8a7f78b7bc22b894bb272d27
This patch adds a new service for fingerprinting resistance, which is called
nsRFPService. This service will be put in /toolkit/components/resistfingerprinting.
This service is responsible for observing the change of pref 'privacy.resistfingerprinting'
and doing underlying jobs. And it also in charge of caching pref setting of
'privacy.resistfingerprinting' and changing environment value 'TZ'.
This service will be initialized within nsContentUtils::Init(). During initialization,
it will store the original TZ value and set the value according to 'privacy.resistfingerprinting'.
It also changes environment value 'TZ' and calls nsJSUtils::ResetTimeZone() in
response to the change of the pref.
This service is only a nsIObserver for now. In the future, however, it will be
responsible for more fingerprinting resistance jobs, like changing prefs after
'privacy.resistfingerprinting' is changed.
The environment variable 'TZ' will be set to 'UTC' when 'privacy.resistFingerprinting'
is true. By doing so, Firefox will use UTC as its local time zone instead of the
default local time zone. This prevents a browser be fingerprinted through the local time zone.
After the 'privacy.resistFingerprinting' is turned off, the service will restore
'TZ' back to the original TZ setting, the user's setting or the default system timezone.
MozReview-Commit-ID: 8V47ZATgrKE
--HG--
extra : rebase_source : a35d35e8f8bbf5f5015271d3df3c32420702506c
Currently, we only correctly support remote layer trees for frameloaders that
use the same layer manager as their document. Since we need to be able to host
remote <browser> content in popup widgets for remote WebExtensions, we need to
tie the frameloaders to the layer manager of their host element, rather than
the root layer manager for the document.
MozReview-Commit-ID: 4RCsamFBiQw
--HG--
extra : rebase_source : 86bca4ae1c012ff1bb84a9ad796be311cfe580f6
extra : histedit_source : 19577d69430adc8cb38c195f13db2c6de6605c4c
We need to use this API in the front-end code, and in the off-chance
that we end up turning it off for the Web for whatever reason, or if
someone has turned off the pref, we should make sure our UI code does
not break.
Discussion at <https://github.com/whatwg/dom/issues/319>. In short, the
specification used to say to throw sometimes InvalidCharacterError and
sometimes NamespaceError, but browsers disagreed on which to throw in
corner cases, and everyone agreed it wasn't worth the effort to spec the
distinction, so we just changed it to InvalidCharacterError across the
board.
The test changes are already upstream.
MozReview-Commit-ID: AWSZBznQprG
--HG--
extra : rebase_source : 2f0051f48124380f17300a38ceb8c2ab23015ca1
In the next patch in this series we would like to use this functionality in
nsSMILController as well so this patch moves it to somewhere we can share it.
MozReview-Commit-ID: 1IzWoCCw4aD
--HG--
extra : rebase_source : 9f2b230f774135c0c5bf60ebdff358ce0a6bc087
Remove sync protocol AllocateTabId. Instead we generate tabId in
each process with nsContentUtils::GenerateTabId, and register
RemoteFrameInfo in parent process. If the tab id was generated from
a content process, it's sent parent through either PBrowserConstructor
or PContent::CreateChildProcess.
MozReview-Commit-ID: D3W2fK9eCNH
--HG--
extra : rebase_source : 1913f8f586537be1c82a70a19cc8c6351671d0df
Other browsers do not support any of these (IIRC), telemetry reports
essentially zero usage, and supporting them is contrary to the DOM spec.
Notes on specific events:
CommandEvent and SimpleGestureEvent: These are not supposed to be
web-exposed APIs, so I hid the interfaces from web content too
(necessary to avoid test_all_synthetic_events.html failures).
DataContainerEvent: This was a non-standard substitute for CustomEvent
that seemed to have only one user, so I removed it entirely and switched
the user (MozillaFileLogger.js) to CustomEvent.
ScrollAreaEvent: This is entirely non-standard, but we apparently expose
it deliberately to web content, so I didn't see any reason to remove it
from createEvent.
SimpleGestureEvent and XULCommandEvent: Can still be created from
createEvent(), but not by content.
TimeEvent: This is still in because it has no constructor, so there's no
other way to create it. Ideally we'd update the SMIL spec to add a
constructor. I did remove TimeEvents.
MozReview-Commit-ID: 7Yi2oCl9SM2
--HG--
extra : rebase_source : 199ab921acfc531b8b85e77f90fcd799b03c887b
IsLocalRefURL is originally designed to be used by URLValue only. Since we need
this function in SVGUseElement::LookupHref too, move it to nsContentUtils as a
util function.
MozReview-Commit-ID: FDjWVbTfB0V
--HG--
extra : rebase_source : a3e1133f08ffad59a05c6e829f4ff416b897b917
I looked at the wrong try push before pushing this change to inbound. Backing it
out hopefully before it turns too many pushes orange.
MozReview-Commit-ID: 5cREsyfWrmb
Permissions should fully override the default behavior from preferences for
lifetimePolicy and cookie behavior. This is consistent with the previous
behaviour from before this bug was implemented.
MozReview-Commit-ID: 9FfOrN6XV6q
Since the Shumway project is dead, we no longer register a stream converter for flash files. We can remove this check, as it will always return false.
MozReview-Commit-ID: CzC7wYmWEFp
--HG--
extra : rebase_source : 24373bc48da66fccb616864a6f03a5fc5d57ba9c
This patch makes the size of inner windows will be automatically rounded for
either window.open() with window features or setting window size through
innerWidth/Height and outerWidth/Height when fingerprinting resistance is
enabled. If the given value is greater the maximum available rounded size, then
it will be set to the maximum value. Otherwise, the size will be set to the
nearest upper 200x100.
This patch also adds one helper function in nsContentUtils for calculating the
rounded window dimensions.
MozReview-Commit-ID: J2r3951vuNN
--HG--
extra : rebase_source : a44b19bdf2ce7e90fc831ddc2b85a86d594cb0c3
Merge "DOMServiceWorkerFocusClient" & "DOMWebNotificationClicked"
to "DOMWindowFocus" event. Utilize the event to switch tab when
loading links to an existing target tab.
MozReview-Commit-ID: Hd1NkVkrJA1
--HG--
extra : rebase_source : 745c0d66c3afd8e487c616891c0f10bd820da1fe
These prefs have been added close to two years ago:
dom.url.encode_decode_hash and dom.url.getters_decode_hash
The main reason for their existence was in case we encounter any web-compat issues. At this point the extra code is mostly useless, and flipping the pref may lead to crashes.
MozReview-Commit-ID: LhAHkYmv0TR
--HG--
extra : rebase_source : 8f2d50d5633496cf165b3925d952bb6475bce3e0
Currently, we use alias NS_VK_* for WidgetKeyboardEvent::mKeyCode. Similarly, we should create alias enum for nsIDOMKeyEvent::DOM_KEY_LOCATION_*. Then, we can reduce the length and avoid to include nsIDOMKeyEvent in some cpp files.
MozReview-Commit-ID: 5cs4zQ061Lc
--HG--
extra : rebase_source : e6a6edd27718b9e3d4a40b07902d029791876999
nsContentUtils::IsPatternMatching is the most common by far, but the
other is a generic location that may cover a number of issues.
MozReview-Commit-ID: Kli39btsqdd
--HG--
extra : rebase_source : 9ffdafb1f6654a90ab5e93594ffcb11e987f2b5e
nsContentUtils::IsPatternMatching is the most common by far, but the
other two are generic locations that may cover a number of issues.
MozReview-Commit-ID: Kli39btsqdd
--HG--
extra : rebase_source : 1a7eda2a711f079978b54012d9c7466bbd6de36f
This patch removes support for mozapp iframes, leaving support for
mozbrowser iframes intact. Some of the code has been rewritten in order
to phrase things in terms of mozbrowser only, as opposed to mozbrowser
or app. In some places, code that was only useful with apps has been
completely removed, so that the APIs consumed can also be removed. In
some places where the notion of appId was bleeding out of this API, now
we use NO_APP_ID. Other notions of appId which were restricted to this
API have been removed.
This converts |nsITransferable.flavorsTransferableCanExport| and
|nsITransferable.flavorsTransferableCanImport| to return a |nsIArray|.
|nsIFormatConverter.getInputDataFlavors| and
|nsIFormatConverter.getOutputDataFlavors| are updated as well.
GetType() and GetParameter() don't actually modify the nsContentTypeParser
object, so we can make them const.
It makes it possible to pass the parser as a const-ref, which I think makes
sense as getters (even those doing some actual work) are usually const.
MozReview-Commit-ID: 9vmqKbmt8y8
--HG--
extra : rebase_source : d07371c8cdcf116952bffafad0cd6cda78f59b20
The implementation of Is8bit, with its multiply-nested loops, dates from
the time when string iterators could be fragmented into multiple pieces.
We no longer have such iterators, so we can write Is8bit much more
straightforwardly, with the single loop you would expect.
Enable nsAttrValue::EnumTable to be initialized with enum. So, we could get rid
of the castings in EnumTable. Fix EnumTable initialization comment.
For those untyped enumerations, declare them with uint8_t, as to other typed
enumerations with type size larger than int16_t, force casting to int16_t.
Use {nullptr,0} instead of {0} to represent the last entry.
MozReview-Commit-ID: 7Dma3Apkmxj
--HG--
extra : rebase_source : b2289866c4c33d80c8e170727bf109d018d92f67
hasFeature() always returning true matches the current DOM spec. SVG 2
has removed requiredFeatures. Chrome has had both of these always
return true since 2014, and they seem to have had no problems.
Even requiredFeatures="" (empty string) now returns true, matching
Chrome.
MozReview-Commit-ID: 1LEu3iK4R94
This change avoids lots of false positives for Coverity's CHECKED_RETURN
warning, caused by NS_WARN_IF's current use in both statement-style and
expression-style.
In the case where the code within the NS_WARN_IF has side-effects, I made the
following change.
> NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));
> -->
> Unused << NS_WARN_IF(NS_FAILED(FunctionWithSideEffects()));
In the case where the code within the NS_WARN_IF lacks side-effects, I made the
following change.
> NS_WARN_IF(!condWithoutSideEffects);
> -->
> NS_WARNING_ASSERTION(condWithoutSideEffects, "msg");
This has two improvements.
- The condition is not evaluated in non-debug builds.
- The sense of the condition is inverted to the familiar "this condition should
be true" sense used in assertions.
A common variation on the side-effect-free case is the following.
> nsresult rv = Fn();
> NS_WARN_IF_(NS_FAILED(rv));
> -->
> DebugOnly<nsresult rv> = Fn();
> NS_WARNING_ASSERTION(NS_SUCCEEDED(rv), "Fn failed");
--HG--
extra : rebase_source : 58788245021096efa8372a9dc1d597a611d45611
This patch removes checking of all the callback calls in memory reporter
CollectReport() functions, because it's not useful.
The patch also does some associated clean-up.
- Replaces some uses of nsIMemoryReporterCallback with the preferred
nsIHandleReportCallback typedef.
- Replaces aCallback/aCb/aClosure with aHandleRepor/aData for CollectReports()
parameter names, for consistency.
- Adds MOZ_MUST_USE/[must_use] in a few places in nsIMemoryReporter.idl.
- Uses the MOZ_COLLECT_REPORT macro in all suitable places.
Overall the patch reduces code size by ~300 lines and reduces the size of
libxul by about 37 KiB on my Linux64 builds.
--HG--
extra : rebase_source : e94323614bd10463a0c5134a7276238a7ca1cf23
This makes a lot of code more compact, and also avoids some redundant nsresult
checks.
The patch also removes a handful of redundant checks on infallible setters.
--HG--
extra : rebase_source : f82426e7584d0d5cddf7c2524356f0f318fbea7d
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.
As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.
--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
If the mathml.disabled preference is true, treat <math> and other MathML
elements as generic XML elements.
This patch disables the rendering code of MathML however preserves the
namespace so to reduce the breakage.
Original patch by: Kathy Brade <brade@pearlcrescent.com>
MozReview-Commit-ID: A2f2Q2b4eqR
--HG--
extra : rebase_source : 3c8530816727c01b68a831d560bfe16e7b02bd9d
Unfortunately couldn't add all the debug checks that I'd want, since we can't
assert that is not safe to run script in quite a few places :(
MozReview-Commit-ID: 8m3Wm1WntZs
Add an error message of the following form for when a register/update job
fails for network reasons:
Failed to register/update a ServiceWorker for scope
‘http://mochi.test:8888/tests/dom/workers/test/serviceworkers/network_error/’:
Load failed with status 404 for script
‘http://mochi.test:8888/tests/dom/workers/test/serviceworkers/404.js’.
A mochitest is added that verifies this.
To simplify the process of logging error messages, ServiceWorkerManager gains
a new LocalizeAndReportToAllClients method that always provides the SW scope as
the first argument to the localized string since all good error messages should
include it.
Its argument list takes an nsTArray<nsString> in order to reduce the potential
for use-after-free scenarios from the char16_t** signature that unfortunately
has rippled outwards from the nsIStringBundle interface. This potentially
results in more memory allocation and byte shuffling than is strictly
necessary, but we're also talking about rare error logging where it's
better to optimize for easily adding the messages without needing to get hung
up on the life-cycle of temporaries.
nsTArray gained a std::initializer_list in bug 1228641. It is explicit, so
inline argument usages may take a form along the lines of:
`nsTArray<nsString> { string1, string2, ... }`
This change did necessitate a change to nsContentUtils to add an nsTArray
variant of FormatLocalizedString since the existing public function was
slightly too clever. It used a template function to statically acquire the
number of arguments at compile time, which is not compatible with the dynamic
nsTArray usage. Since nsTArray may be useful to other consumers as well, I
placed the conversion logic in nsContentUtils.
nsContentUtils::ParseSandboxAttributeToFlags is not used anywhere else,
and given that sandbox flags would also be affected by allowfullscreen
attribute, this function alone could be misused.
MozReview-Commit-ID: EzlGQ7iY8WG
--HG--
extra : source : 3d58c6e5372e360706045e23c601604c49fc3b43
And mCharCode shouldn't be compared with NS_VK_*, nsIDOMKeyEvent::DOM_VK_*. Additionally, when it's compared with a character constant, cast isn't necessary.
MozReview-Commit-ID: JMT614copjG
--HG--
extra : rebase_source : 69ee3c589e5a71c814ec9a40ac3aab39c789c11d
And also WidgetKeyboardEvent::mKeyCode should be compared with NS_VK_* rather than nsIDOMKeyEvent::DOM_VK_*.
MozReview-Commit-ID: IKjQ1nr8XYe
--HG--
extra : rebase_source : 83125cd2523f6b70759f621470aad23b00aae8ae
Ehsan Akhgari
Carsten "Tomcat" Book
Bill McCloskey
Masatoshi Kimura
Tim Huang
Cameron McCormack
Sebastian Hengst
Emilio Cobos Álvarez
Henri Sivonen
Ben Kelly
Eric Rahm
Nicolas B. Pierron
Michael Layzell
Xidorn Quan
Oriol
John Schoenick
Kershaw Chang
Aryeh Gregor
Boris Zbarsky
Nicolas Silva
Kris Maglione
Wes Kocher
johndai1984
Milan Sreckovic
Kartikaya Gupta
Tom Tung
Iris Hsiao
btian
Ehsan Akhgari
Brian Birtles
Samael Wang
Andrea Marchesini
Edgar Chen
cku
Olli Pettay
Kyle Machulis
Cervantes Yu
Valentin Gosu
Jessica Jong
Sylvestre Ledru
Tomislav Jovanovic
Masayuki Nakano
Christoph Kerschbaumer
Thomas Nguyen
Ho-Pang
Catalin Badea
Andrew McCreight
Andi-Bogdan Postelnicu
Shih-Chiang Chien
Gerald Squelart
Phil Ringnalda
Nathan Froyd
Arthur Edelstein
Jan de Mooij
Nicholas Nethercote
Jeremy Chen
Jimmy Wang
Stone Shih
Ryan VanderMeulen
Bobby Holley
Rob Wu
Thomas Wisniewski
Jonathan Kingston
Emilio Cobos Álvarez
Chris Peterson
Andrew Sutherland
Paul Roberts
Gordon Su
Neil Deakin
dimi
Jonathan Watt