This expands Element with chrome-only setAttribute methods that give devtools
callers an ExtendedPrincipal with a CSP with a flag set to allow changes to
inline styles. This gives devtools the ability to modify documents with a
Content-Security-Policy.
Differential Revision: https://phabricator.services.mozilla.com/D41313
--HG--
extra : moz-landing-system : lando
For review purposes, the important changes are in dom/bindings/Configuration.py
and dom/bindings/parser.
The changes to the IDL files were done by running these in dom/webidl
and dom/bindings/test:
perl -pi -e 's/^interface ([A-Za-z0-9_]+)($| [:{])/[Exposed=Window]\ninterface \1\2/' *.webidl
perl -pi -e 'BEGIN { $/ = undef; } s/\[HTMLConstructor\]\n\[Exposed=Window\]/[HTMLConstructor,\n Exposed=Window]/g' *.webidl
perl -pi -e 'BEGIN { $/ = undef; } s/\[NoInterfaceObject\]\n\[Exposed=Window\]/[NoInterfaceObject,\n Exposed=Window]/g' *.webidl
perl -pi -e 'BEGIN { $/ = undef; } s/\[ChromeOnly\]\n\[Exposed=Window\]/[ChromeOnly,\n Exposed=Window]/g' *.webidl
And running this in dom/chrome-webidl:
perl -pi -e 'BEGIN { $/ = undef; } s/\[ChromeOnly\]\ninterface/[ChromeOnly, Exposed=Window]\ninterface/g' *.webidl
and then fixing all the resulting parser failures. I then verified that the
generated code is the same as before this change.
Differential Revision: https://phabricator.services.mozilla.com/D46697
--HG--
extra : moz-landing-system : lando
This patch converts NoInterfaceObject interfaces GlobalEventHandlers and
DocumentAndElementEventHandlers to mixins and introduce a new
ElementCSSInlineStyle mixin for the style IDL attribute. These are shared by
various existing interfaces but there is no web-exposed behavior change.
Differential Revision: https://phabricator.services.mozilla.com/D45029
--HG--
extra : moz-landing-system : lando
This commit renames `HTMLOrSVGOrXULElementMixin` to `HTMLOrForeignElement` and
actually makes it a mixin. dataset, tabIndex and blur() are moved from
HTMLElement, SVGElement and XULElement into this new mixin. As a consequence,
a few extended attributes for these interfaces are modified and the dataset
attribute is added to the XULElement one. However, none of these changes are
web-observable.
Differential Revision: https://phabricator.services.mozilla.com/D44879
--HG--
extra : moz-landing-system : lando
`= {}` can now be used to indicate that an optional dictionary should have the
default value of 'default-initialized dictionary'
Differential Revision: https://phabricator.services.mozilla.com/D36504
--HG--
extra : moz-landing-system : lando
`= {}` can now be used to indicate that an optional dictionary should have the
default value of 'default-initialized dictionary'
Differential Revision: https://phabricator.services.mozilla.com/D36504
--HG--
extra : moz-landing-system : lando
`= {}` can now be used to indicate that an optional dictionary should have the
default value of 'default-initialized dictionary'
Differential Revision: https://phabricator.services.mozilla.com/D36504
--HG--
extra : moz-landing-system : lando
According to the spec [1] 7.2.10.2, we should use the first line box's height or width as positioning unit to adjust box's position.
We will also use this value to adjust box when `snap-to-line` is false.
There, we implement a new chrome-only API to acquire this information, which would return the first line box's size in the `block` frame.
[1] https://www.w3.org/TR/webvtt1/#ref-for-webvtt-cue-snap-to-lines-flag-12
Differential Revision: https://phabricator.services.mozilla.com/D29745
--HG--
extra : moz-landing-system : lando
When adjusting cue's position, the goal is to place cue boxes fully inside the rendering area, and place in the right place.
In order to check whether the box is correctly inside the rendering area, we have to know the correct size of the cue box.
Therefore, we implement the new chrome-only APIs to acquire this information (box's height and width), and this returned value won't be affected by CSS transformation, which is good for positioning.
Differential Revision: https://phabricator.services.mozilla.com/D27178
--HG--
extra : moz-landing-system : lando
- Remove expectation that 'preventScroll.html' fails.
- Use '[NoInterfaceObject] interface' workaround to simulate missing 'mixin' support.
Differential Revision: https://phabricator.services.mozilla.com/D26922
--HG--
extra : moz-landing-system : lando
Summary: Really sorry for the size of the patch. It's mostly automatic
s/nsIDocument/Document/ but I had to fix up in a bunch of places manually to
add the right namespacing and such.
Overall it's not a very interesting patch I think.
nsDocument.cpp turns into Document.cpp, nsIDocument.h into Document.h and
nsIDocumentInlines.h into DocumentInlines.h.
I also changed a bunch of nsCOMPtr usage to RefPtr, but not all of it.
While fixing up some of the bits I also removed some unneeded OwnerDoc() null
checks and such, but I didn't do anything riskier than that.
This patch removes the dom.webcomponents.shadowdom.enabled pref and all its
references, including the following functions:
* nsContentUtils::IsShadowDOMEnabled()
* nsIDocument::IsShadowDOMEnabled()
* nsDocument::IsShadowDOMEnabled(JSContext* aCx, JSObject* aGlobal)
* nsDocument::IsShadowDOMEnabled(const nsINode* aNode)
* nsTextNode::IsShadowDOMEnabled(JSContext* aCx, JSObject* aObject)
This function is renamed and updated to nsDocument::IsCallerChromeOrAddon():
* nsDocument::IsShadowDOMEnabledAndCallerIsChromeOrAddon(JSContext* aCx, JSObject* aObject)
I didn't change the tests that load Shadow DOM tests in an iframe, in the interest of keeping hg annotation history.
Differential Revision: https://phabricator.services.mozilla.com/D11183
--HG--
extra : moz-landing-system : lando
This patch removes the dom.webcomponents.shadowdom.enabled pref and all its
references, including the following functions:
* nsContentUtils::IsShadowDOMEnabled()
* nsIDocument::IsShadowDOMEnabled()
* nsDocument::IsShadowDOMEnabled(JSContext* aCx, JSObject* aGlobal)
* nsDocument::IsShadowDOMEnabled(const nsINode* aNode)
* nsTextNode::IsShadowDOMEnabled(JSContext* aCx, JSObject* aObject)
This function is renamed and updated to nsDocument::IsCallerChromeOrAddon():
* nsDocument::IsShadowDOMEnabledAndCallerIsChromeOrAddon(JSContext* aCx, JSObject* aObject)
I didn't change the tests that load Shadow DOM tests in an iframe, in the interest of keeping hg annotation history.
Differential Revision: https://phabricator.services.mozilla.com/D11183
--HG--
extra : moz-landing-system : lando
Some steps in file_fullscreen-api.html are adjusted in order to test
the behavior that the event is correctly dispatched to the document
when element is disconnected.
Depends on D5415
Differential Revision: https://phabricator.services.mozilla.com/D5416
--HG--
extra : moz-landing-system : lando
This patch was generated by my modeline.py script.
MozReview-Commit-ID: EbVjPLwiUAT
Depends on D4159
Differential Revision: https://phabricator.services.mozilla.com/D4161
--HG--
extra : moz-landing-system : lando
The last remaining user is already turned off and being removed
in bug 1444395 so that we can finally remove this unsafe code and
sleep a little better knowing that XSS through markup injections
will be impossible in chrome contexts.
MozReview-Commit-ID: KcZq8fRPiD4
--HG--
extra : rebase_source : 5def3abb50ed8f1b43e17072088e38a44394488b
I moved the IgnoreErrors decl so it would come after the OOMReporter decl and I
could add the new conversion operator.
MozReview-Commit-ID: B1S6DXmZfvE
This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.
Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.
This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.
MozReview-Commit-ID: 5w17celRFr
--HG--
extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe
extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006
Most of the Shadow DOM related code are behind "dom.webcomponents.enabled" and
this pref is only used by Shadow DOM right now, so we should rename it to
"dom.webcomponents.shadowdom.enabled"
MozReview-Commit-ID: er1c7AsSSW
This is to fix the case where preference is restore to false when a testcase
ends, but nsDocument::DeleteShell is called afterwards. So, we make the
preference per-doc and set it when the document is created. The value does not
change for the lifetime of the document.
Brad Werth
Emilio Cobos Álvarez
Boris Zbarsky
Frederic Wang
Cosmin Sabou
Mihai Alexandru Michis
Jonathan Watt
alwu
Mirko Brodesser
Manish Goregaokar
Dorel Luca
Hiroyuki Ikezoe
Edgar Chen
Timothy Guan-tin Chien
Andreea Pavel
Andrea Marchesini
Xidorn Quan
Andrew McCreight
Coroiu Cristina
Olli Pettay
Jonathan Kingston
Johann Hofmann
Kris Maglione
Jessica Jong
Nika Layzell