mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 22:01:30 +00:00
Backed out 6 changesets (bug 1626404) for assertion failures on BrowsingContext.cpp . CLOSED TREE
Backed out changeset aed006ab4c20 (bug 1626404) Backed out changeset ad87dcb98637 (bug 1626404) Backed out changeset c065bd4594b4 (bug 1626404) Backed out changeset a248fc78ab0c (bug 1626404) Backed out changeset 52892d053ff1 (bug 1626404) Backed out changeset 440b9193338a (bug 1626404)
This commit is contained in:
Narcis Beleuzu
parent
882b49e414
commit
00218b8a49
@ -33,7 +33,6 @@
|
||||
#include "mozilla/Components.h"
|
||||
#include "mozilla/HashTable.h"
|
||||
#include "mozilla/Logging.h"
|
||||
#include "mozilla/ResultExtensions.h"
|
||||
#include "mozilla/Services.h"
|
||||
#include "mozilla/StaticPrefs_page_load.h"
|
||||
#include "mozilla/StaticPtr.h"
|
||||
@ -44,7 +43,6 @@
|
||||
#include "nsGlobalWindowOuter.h"
|
||||
#include "nsIObserverService.h"
|
||||
#include "nsContentUtils.h"
|
||||
#include "nsSandboxFlags.h"
|
||||
#include "nsScriptError.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "xpcprivate.h"
|
||||
@ -868,61 +866,6 @@ bool BrowsingContext::CanAccess(BrowsingContext* aTarget,
|
||||
return false;
|
||||
}
|
||||
|
||||
bool BrowsingContext::IsSandboxedFrom(BrowsingContext* aTarget) {
|
||||
// If no target then not sandboxed.
|
||||
if (!aTarget) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We cannot be sandboxed from ourselves.
|
||||
if (aTarget == this) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Default the sandbox flags to our flags, so that if we can't retrieve the
|
||||
// active document, we will still enforce our own.
|
||||
uint32_t sandboxFlags = GetSandboxFlags();
|
||||
if (mDocShell) {
|
||||
if (RefPtr<Document> doc = mDocShell->GetExtantDocument()) {
|
||||
sandboxFlags = doc->GetSandboxFlags();
|
||||
}
|
||||
}
|
||||
|
||||
// If no flags, we are not sandboxed at all.
|
||||
if (!sandboxFlags) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// If aTarget has an ancestor, it is not top level.
|
||||
if (RefPtr<BrowsingContext> ancestorOfTarget = aTarget->GetParent()) {
|
||||
do {
|
||||
// We are not sandboxed if we are an ancestor of target.
|
||||
if (ancestorOfTarget == this) {
|
||||
return false;
|
||||
}
|
||||
ancestorOfTarget = ancestorOfTarget->GetParent();
|
||||
} while (ancestorOfTarget);
|
||||
|
||||
// Otherwise, we are sandboxed from aTarget.
|
||||
return true;
|
||||
}
|
||||
|
||||
// aTarget is top level, are we the "one permitted sandboxed
|
||||
// navigator", i.e. did we open aTarget?
|
||||
if (aTarget->GetOnePermittedSandboxedNavigatorId() == Id()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// If SANDBOXED_TOPLEVEL_NAVIGATION flag is not on, we are not sandboxed
|
||||
// from our top.
|
||||
if (!(sandboxFlags & SANDBOXED_TOPLEVEL_NAVIGATION) && aTarget == Top()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Otherwise, we are sandboxed from aTarget.
|
||||
return true;
|
||||
}
|
||||
|
||||
RefPtr<SessionStorageManager> BrowsingContext::GetSessionStorageManager() {
|
||||
RefPtr<SessionStorageManager>& manager = Top()->mSessionStorageManager;
|
||||
if (!manager) {
|
||||
@ -1119,21 +1062,14 @@ void BrowsingContext::Location(JSContext* aCx,
|
||||
}
|
||||
}
|
||||
|
||||
nsresult BrowsingContext::CheckSandboxFlags(nsDocShellLoadState* aLoadState) {
|
||||
const auto& sourceBC = aLoadState->SourceBrowsingContext();
|
||||
if (sourceBC.IsDiscarded() || (sourceBC && sourceBC->IsSandboxedFrom(this))) {
|
||||
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult BrowsingContext::LoadURI(nsDocShellLoadState* aLoadState,
|
||||
nsresult BrowsingContext::LoadURI(BrowsingContext* aAccessor,
|
||||
nsDocShellLoadState* aLoadState,
|
||||
bool aSetNavigating) {
|
||||
// Per spec, most load attempts are silently ignored when a BrowsingContext is
|
||||
// null (which in our code corresponds to discarded), so we simply fail
|
||||
// silently in those cases. Regardless, we cannot trigger loads in/from
|
||||
// discarded BrowsingContexts via IPC, so we need to abort in any case.
|
||||
if (IsDiscarded()) {
|
||||
if (IsDiscarded() || (aAccessor && aAccessor->IsDiscarded())) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -1141,48 +1077,41 @@ nsresult BrowsingContext::LoadURI(nsDocShellLoadState* aLoadState,
|
||||
return mDocShell->LoadURI(aLoadState, aSetNavigating);
|
||||
}
|
||||
|
||||
// Note: We do this check both here and in `nsDocShell::InternalLoad`, since
|
||||
// document-specific sandbox flags are only available in the process
|
||||
// triggering the load, and we don't want the target process to have to trust
|
||||
// the triggering process to do the appropriate checks for the
|
||||
// BrowsingContext's sandbox flags.
|
||||
MOZ_TRY(CheckSandboxFlags(aLoadState));
|
||||
|
||||
if (const auto& sourceBC = aLoadState->SourceBrowsingContext()) {
|
||||
MOZ_DIAGNOSTIC_ASSERT(sourceBC->Group() == Group());
|
||||
|
||||
if (!sourceBC->CanAccess(this)) {
|
||||
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsPIDOMWindowOuter> win(sourceBC->GetDOMWindow());
|
||||
if (WindowGlobalChild* wgc =
|
||||
win->GetCurrentInnerWindow()->GetWindowGlobalChild()) {
|
||||
wgc->SendLoadURI(this, aLoadState, aSetNavigating);
|
||||
if (!aAccessor && XRE_IsParentProcess()) {
|
||||
if (ContentParent* cp = Canonical()->GetContentParent()) {
|
||||
Unused << cp->SendLoadURI(this, aLoadState, aSetNavigating);
|
||||
}
|
||||
} else {
|
||||
MOZ_DIAGNOSTIC_ASSERT(XRE_IsParentProcess());
|
||||
if (!XRE_IsParentProcess()) {
|
||||
MOZ_DIAGNOSTIC_ASSERT(aAccessor);
|
||||
MOZ_DIAGNOSTIC_ASSERT(aAccessor->Group() == Group());
|
||||
if (!aAccessor) {
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
|
||||
if (ContentParent* cp = Canonical()->GetContentParent()) {
|
||||
Unused << cp->SendLoadURI(this, aLoadState, aSetNavigating);
|
||||
if (!aAccessor->CanAccess(this)) {
|
||||
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsPIDOMWindowOuter> win(aAccessor->GetDOMWindow());
|
||||
MOZ_DIAGNOSTIC_ASSERT(win);
|
||||
if (WindowGlobalChild* wgc =
|
||||
win->GetCurrentInnerWindow()->GetWindowGlobalChild()) {
|
||||
wgc->SendLoadURI(this, aLoadState, aSetNavigating);
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult BrowsingContext::InternalLoad(nsDocShellLoadState* aLoadState,
|
||||
nsresult BrowsingContext::InternalLoad(BrowsingContext* aAccessor,
|
||||
nsDocShellLoadState* aLoadState,
|
||||
nsIDocShell** aDocShell,
|
||||
nsIRequest** aRequest) {
|
||||
if (IsDiscarded()) {
|
||||
if (IsDiscarded() || (aAccessor && aAccessor->IsDiscarded())) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
const auto& sourceBC = aLoadState->SourceBrowsingContext();
|
||||
bool isActive =
|
||||
sourceBC && sourceBC->GetIsActive() && !GetIsActive() &&
|
||||
aAccessor && aAccessor->GetIsActive() && !GetIsActive() &&
|
||||
!Preferences::GetBool("browser.tabs.loadDivertedInBackground", false);
|
||||
if (mDocShell) {
|
||||
nsresult rv = nsDocShell::Cast(mDocShell)->InternalLoad(
|
||||
@ -1203,26 +1132,20 @@ nsresult BrowsingContext::InternalLoad(nsDocShellLoadState* aLoadState,
|
||||
return rv;
|
||||
}
|
||||
|
||||
// Note: We do this check both here and in `nsDocShell::InternalLoad`, since
|
||||
// document-specific sandbox flags are only available in the process
|
||||
// triggering the load, and we don't want the target process to have to trust
|
||||
// the triggering process to do the appropriate checks for the
|
||||
// BrowsingContext's sandbox flags.
|
||||
MOZ_TRY(CheckSandboxFlags(aLoadState));
|
||||
|
||||
if (XRE_IsParentProcess()) {
|
||||
if (ContentParent* cp = Canonical()->GetContentParent()) {
|
||||
Unused << cp->SendInternalLoad(this, aLoadState, isActive);
|
||||
}
|
||||
} else {
|
||||
MOZ_DIAGNOSTIC_ASSERT(sourceBC);
|
||||
MOZ_DIAGNOSTIC_ASSERT(sourceBC->Group() == Group());
|
||||
MOZ_DIAGNOSTIC_ASSERT(aAccessor);
|
||||
MOZ_DIAGNOSTIC_ASSERT(aAccessor->Group() == Group());
|
||||
|
||||
if (!sourceBC->CanAccess(this)) {
|
||||
if (!aAccessor->CanAccess(this)) {
|
||||
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsPIDOMWindowOuter> win(sourceBC->GetDOMWindow());
|
||||
nsCOMPtr<nsPIDOMWindowOuter> win(aAccessor->GetDOMWindow());
|
||||
MOZ_DIAGNOSTIC_ASSERT(win);
|
||||
if (WindowGlobalChild* wgc =
|
||||
win->GetCurrentInnerWindow()->GetWindowGlobalChild()) {
|
||||
wgc->SendInternalLoad(this, aLoadState);
|
||||
|
||||
@ -251,16 +251,15 @@ class BrowsingContext : public nsISupports, public nsWrapperCache {
|
||||
void RestoreChildren(Children&& aChildren, bool aFromIPC = false);
|
||||
|
||||
// Triggers a load in the process which currently owns this BrowsingContext.
|
||||
nsresult LoadURI(nsDocShellLoadState* aLoadState, bool aSetNavigating = false);
|
||||
// aAccessor is the context which initiated the load, and may be null only for
|
||||
// in-process BrowsingContexts.
|
||||
nsresult LoadURI(BrowsingContext* aAccessor, nsDocShellLoadState* aLoadState,
|
||||
bool aSetNavigating = false);
|
||||
|
||||
nsresult InternalLoad(nsDocShellLoadState* aLoadState,
|
||||
nsresult InternalLoad(BrowsingContext* aAccessor,
|
||||
nsDocShellLoadState* aLoadState,
|
||||
nsIDocShell** aDocShell, nsIRequest** aRequest);
|
||||
|
||||
// If the load state includes a source BrowsingContext has been passed, check
|
||||
// to see if we are sandboxed from it as the result of an iframe or CSP
|
||||
// sandbox.
|
||||
nsresult CheckSandboxFlags(nsDocShellLoadState* aLoadState);
|
||||
|
||||
void DisplayLoadError(const nsAString& aURI);
|
||||
|
||||
// Determine if the current BrowsingContext was 'cached' by the logic in
|
||||
@ -537,8 +536,6 @@ class BrowsingContext : public nsISupports, public nsWrapperCache {
|
||||
// Performs access control to check that 'this' can access 'aTarget'.
|
||||
bool CanAccess(BrowsingContext* aTarget, bool aConsiderOpener = true);
|
||||
|
||||
bool IsSandboxedFrom(BrowsingContext* aTarget);
|
||||
|
||||
// The runnable will be called once there is idle time, or the top level
|
||||
// page has been loaded or if a timeout has fired.
|
||||
// Must be called only on the top level BrowsingContext.
|
||||
|
||||
@ -272,7 +272,9 @@ void CanonicalBrowsingContext::LoadURI(const nsAString& aURI,
|
||||
return;
|
||||
}
|
||||
|
||||
LoadURI(loadState, true);
|
||||
// NOTE: It's safe to call `LoadURI` without an accessor from the parent
|
||||
// process. The load will be performed with ambient "chrome" authority.
|
||||
LoadURI(nullptr, loadState, true);
|
||||
}
|
||||
|
||||
void CanonicalBrowsingContext::PendingRemotenessChange::Complete(
|
||||
|
||||
@ -2842,6 +2842,66 @@ void nsDocShell::AssertOriginAttributesMatchPrivateBrowsing() {
|
||||
}
|
||||
}
|
||||
|
||||
bool nsDocShell::IsSandboxedFrom(BrowsingContext* aTargetBC) {
|
||||
// If no target then not sandboxed.
|
||||
if (!aTargetBC) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// We cannot be sandboxed from ourselves.
|
||||
if (aTargetBC == mBrowsingContext) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Default the sandbox flags to our flags, so that if we can't retrieve the
|
||||
// active document, we will still enforce our own.
|
||||
uint32_t sandboxFlags = mBrowsingContext->GetSandboxFlags();
|
||||
if (mContentViewer) {
|
||||
RefPtr<Document> doc = mContentViewer->GetDocument();
|
||||
if (doc) {
|
||||
sandboxFlags = doc->GetSandboxFlags();
|
||||
}
|
||||
}
|
||||
|
||||
// If no flags, we are not sandboxed at all.
|
||||
if (!sandboxFlags) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// If aTargetBC has an ancestor, it is not top level.
|
||||
RefPtr<BrowsingContext> ancestorOfTarget(aTargetBC->GetParent());
|
||||
if (ancestorOfTarget) {
|
||||
do {
|
||||
// We are not sandboxed if we are an ancestor of target.
|
||||
if (ancestorOfTarget == mBrowsingContext) {
|
||||
return false;
|
||||
}
|
||||
ancestorOfTarget = ancestorOfTarget->GetParent();
|
||||
} while (ancestorOfTarget);
|
||||
|
||||
// Otherwise, we are sandboxed from aTargetBC.
|
||||
return true;
|
||||
}
|
||||
|
||||
// aTargetBC is top level, are we the "one permitted sandboxed
|
||||
// navigator", i.e. did we open aTargetBC?
|
||||
RefPtr<BrowsingContext> permittedNavigator(
|
||||
aTargetBC->GetOnePermittedSandboxedNavigator());
|
||||
if (permittedNavigator == mBrowsingContext) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// If SANDBOXED_TOPLEVEL_NAVIGATION flag is not on, we are not sandboxed
|
||||
// from our top.
|
||||
if (!(sandboxFlags & SANDBOXED_TOPLEVEL_NAVIGATION) &&
|
||||
aTargetBC == mBrowsingContext->Top()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Otherwise, we are sandboxed from aTargetBC.
|
||||
return true;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::GetTreeOwner(nsIDocShellTreeOwner** aTreeOwner) {
|
||||
NS_ENSURE_ARG_POINTER(aTreeOwner);
|
||||
@ -3253,10 +3313,6 @@ Document* nsDocShell::GetDocument() {
|
||||
return mContentViewer->GetDocument();
|
||||
}
|
||||
|
||||
Document* nsDocShell::GetExtantDocument() {
|
||||
return mContentViewer ? mContentViewer->GetDocument() : nullptr;
|
||||
}
|
||||
|
||||
nsPIDOMWindowOuter* nsDocShell::GetWindow() {
|
||||
if (NS_FAILED(EnsureScriptEnvironment())) {
|
||||
return nullptr;
|
||||
@ -4045,7 +4101,7 @@ nsresult nsDocShell::LoadErrorPage(nsIURI* aErrorURI, nsIURI* aFailedURI,
|
||||
loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
|
||||
loadState->SetLoadType(LOAD_ERROR_PAGE);
|
||||
loadState->SetFirstParty(true);
|
||||
loadState->SetSourceBrowsingContext(mBrowsingContext);
|
||||
loadState->SetSourceDocShell(this);
|
||||
|
||||
return InternalLoad(loadState, nullptr, nullptr);
|
||||
}
|
||||
@ -4148,7 +4204,7 @@ nsDocShell::Reload(uint32_t aReloadFlags) {
|
||||
loadState->SetLoadType(loadType);
|
||||
loadState->SetFirstParty(true);
|
||||
loadState->SetSrcdocData(srcdoc);
|
||||
loadState->SetSourceBrowsingContext(mBrowsingContext);
|
||||
loadState->SetSourceDocShell(this);
|
||||
loadState->SetBaseURI(baseURI);
|
||||
rv = InternalLoad(loadState, nullptr, nullptr);
|
||||
}
|
||||
@ -8417,7 +8473,8 @@ nsresult nsDocShell::PerformRetargeting(nsDocShellLoadState* aLoadState,
|
||||
aLoadState->SetTarget(EmptyString());
|
||||
// No forced download
|
||||
aLoadState->SetFileName(VoidString());
|
||||
return targetContext->InternalLoad(aLoadState, aDocShell, aRequest);
|
||||
return targetContext->InternalLoad(mBrowsingContext, aLoadState, aDocShell,
|
||||
aRequest);
|
||||
}
|
||||
|
||||
bool nsDocShell::IsSameDocumentNavigation(nsDocShellLoadState* aLoadState,
|
||||
@ -8790,12 +8847,12 @@ nsresult nsDocShell::InternalLoad(nsDocShellLoadState* aLoadState,
|
||||
}
|
||||
}
|
||||
|
||||
// Note: We do this check both here and in BrowsingContext::
|
||||
// LoadURI/InternalLoad, since document-specific sandbox flags are only
|
||||
// available in the process triggering the load, and we don't want the target
|
||||
// process to have to trust the triggering process to do the appropriate
|
||||
// checks for the BrowsingContext's sandbox flags.
|
||||
MOZ_TRY(mBrowsingContext->CheckSandboxFlags(aLoadState));
|
||||
// If a source docshell has been passed, check to see if we are sandboxed
|
||||
// from it as the result of an iframe or CSP sandbox.
|
||||
if (aLoadState->SourceDocShell() &&
|
||||
aLoadState->SourceDocShell()->IsSandboxedFrom(mBrowsingContext)) {
|
||||
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
}
|
||||
|
||||
NS_ENSURE_STATE(!HasUnloadedParent());
|
||||
|
||||
@ -12356,7 +12413,7 @@ nsresult nsDocShell::OnLinkClickSync(
|
||||
loadState->SetHeadersStream(aHeadersDataStream);
|
||||
loadState->SetLoadType(loadType);
|
||||
loadState->SetFirstParty(true);
|
||||
loadState->SetSourceBrowsingContext(mBrowsingContext);
|
||||
loadState->SetSourceDocShell(this);
|
||||
loadState->SetIsFormSubmission(aContent->IsHTMLElement(nsGkAtoms::form));
|
||||
nsresult rv = InternalLoad(loadState, aDocShell, aRequest);
|
||||
|
||||
|
||||
@ -66,7 +66,6 @@ nsDocShellLoadState::nsDocShellLoadState(
|
||||
mReferrerInfo = aLoadState.ReferrerInfo();
|
||||
mURI = aLoadState.URI();
|
||||
mOriginalURI = aLoadState.OriginalURI();
|
||||
mSourceBrowsingContext = aLoadState.SourceBrowsingContext();
|
||||
mBaseURI = aLoadState.BaseURI();
|
||||
mTriggeringPrincipal = aLoadState.TriggeringPrincipal();
|
||||
mPrincipalToInherit = aLoadState.PrincipalToInherit();
|
||||
@ -422,9 +421,12 @@ void nsDocShellLoadState::SetSrcdocData(const nsAString& aSrcdocData) {
|
||||
mSrcdocData = aSrcdocData;
|
||||
}
|
||||
|
||||
void nsDocShellLoadState::SetSourceBrowsingContext(
|
||||
BrowsingContext* aSourceBrowsingContext) {
|
||||
mSourceBrowsingContext = aSourceBrowsingContext;
|
||||
nsIDocShell* nsDocShellLoadState::SourceDocShell() const {
|
||||
return mSourceDocShell;
|
||||
}
|
||||
|
||||
void nsDocShellLoadState::SetSourceDocShell(nsIDocShell* aSourceDocShell) {
|
||||
mSourceDocShell = aSourceDocShell;
|
||||
}
|
||||
|
||||
nsIURI* nsDocShellLoadState::BaseURI() const { return mBaseURI; }
|
||||
@ -648,7 +650,6 @@ DocShellLoadStateInit nsDocShellLoadState::Serialize() {
|
||||
mIsFromProcessingFrameAttributes;
|
||||
loadState.URI() = mURI;
|
||||
loadState.OriginalURI() = mOriginalURI;
|
||||
loadState.SourceBrowsingContext() = mSourceBrowsingContext;
|
||||
loadState.BaseURI() = mBaseURI;
|
||||
loadState.TriggeringPrincipal() = mTriggeringPrincipal;
|
||||
loadState.PrincipalToInherit() = mPrincipalToInherit;
|
||||
|
||||
@ -33,10 +33,6 @@ class DocShellLoadStateInit;
|
||||
* call.
|
||||
*/
|
||||
class nsDocShellLoadState final {
|
||||
using BrowsingContext = mozilla::dom::BrowsingContext;
|
||||
template <typename T>
|
||||
using MaybeDiscarded = mozilla::dom::MaybeDiscarded<T>;
|
||||
|
||||
public:
|
||||
NS_INLINE_DECL_REFCOUNTING(nsDocShellLoadState);
|
||||
|
||||
@ -144,11 +140,9 @@ class nsDocShellLoadState final {
|
||||
|
||||
void SetSrcdocData(const nsAString& aSrcdocData);
|
||||
|
||||
const MaybeDiscarded<BrowsingContext>& SourceBrowsingContext() const {
|
||||
return mSourceBrowsingContext;
|
||||
}
|
||||
nsIDocShell* SourceDocShell() const;
|
||||
|
||||
void SetSourceBrowsingContext(BrowsingContext* aSourceBrowsingContext);
|
||||
void SetSourceDocShell(nsIDocShell* aSourceDocShell);
|
||||
|
||||
nsIURI* BaseURI() const;
|
||||
|
||||
@ -343,7 +337,7 @@ class nsDocShellLoadState final {
|
||||
nsString mSrcdocData;
|
||||
|
||||
// When set, this is the Source Browsing Context for the navigation.
|
||||
MaybeDiscarded<BrowsingContext> mSourceBrowsingContext;
|
||||
nsCOMPtr<nsIDocShell> mSourceDocShell;
|
||||
|
||||
// Used for srcdoc loads to give view-source knowledge of the load's base URI
|
||||
// as this information isn't embedded in the load's URI.
|
||||
|
||||
@ -746,6 +746,12 @@ interface nsIDocShell : nsIDocShellTreeItem
|
||||
*/
|
||||
readonly attribute bool asyncPanZoomEnabled;
|
||||
|
||||
/**
|
||||
* Returns true if we are sandboxed from aTargetDocShell.
|
||||
* aTargetDocShell - the browsing context we are attempting to navigate.
|
||||
*/
|
||||
[noscript,notxpcom,nostdcall] bool isSandboxedFrom(in BrowsingContext aTargetBC);
|
||||
|
||||
/**
|
||||
* This member variable determines whether a document has Mixed Active Content that
|
||||
* was initially blocked from loading, but the user has choosen to override the
|
||||
@ -884,8 +890,6 @@ interface nsIDocShell : nsIDocShellTreeItem
|
||||
*/
|
||||
[noscript,notxpcom,nostdcall] nsIScriptGlobalObject GetScriptGlobalObject();
|
||||
|
||||
[noscript,notxpcom,nostdcall] Document getExtantDocument();
|
||||
|
||||
/**
|
||||
* If deviceSizeIsPageSize is set to true, device-width/height media queries
|
||||
* will be calculated from the page size, not the device size.
|
||||
|
||||
@ -1029,7 +1029,7 @@ nsSHistory::EvictAllContentViewers() {
|
||||
|
||||
static void LoadURIs(nsTArray<nsSHistory::LoadEntryResult>& aLoadResults) {
|
||||
for (nsSHistory::LoadEntryResult& loadEntry : aLoadResults) {
|
||||
loadEntry.mBrowsingContext->LoadURI(loadEntry.mLoadState, false);
|
||||
loadEntry.mBrowsingContext->LoadURI(nullptr, loadEntry.mLoadState, false);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -129,14 +129,16 @@ void LocationBase::SetURI(nsIURI* aURI, nsIPrincipal& aSubjectPrincipal,
|
||||
// Get the incumbent script's browsing context to set as source.
|
||||
nsCOMPtr<nsPIDOMWindowInner> sourceWindow =
|
||||
nsContentUtils::CallerInnerWindow();
|
||||
RefPtr<BrowsingContext> accessingBC;
|
||||
if (sourceWindow) {
|
||||
loadState->SetSourceBrowsingContext(sourceWindow->GetBrowsingContext());
|
||||
accessingBC = sourceWindow->GetBrowsingContext();
|
||||
loadState->SetSourceDocShell(sourceWindow->GetDocShell());
|
||||
}
|
||||
|
||||
loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
|
||||
loadState->SetFirstParty(true);
|
||||
|
||||
nsresult rv = bc->LoadURI(loadState);
|
||||
nsresult rv = bc->LoadURI(accessingBC, loadState);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
aRv.Throw(rv);
|
||||
}
|
||||
|
||||
@ -255,7 +255,7 @@ RefPtr<ClientOpPromise> ClientNavigateOpChild::DoNavigate(
|
||||
|
||||
loadState->SetReferrerInfo(referrerInfo);
|
||||
loadState->SetLoadType(LOAD_STOP_CONTENT);
|
||||
loadState->SetSourceBrowsingContext(docShell->GetBrowsingContext());
|
||||
loadState->SetSourceDocShell(docShell);
|
||||
loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
|
||||
loadState->SetFirstParty(true);
|
||||
rv = docShell->LoadURI(loadState, false);
|
||||
|
||||
@ -4189,7 +4189,7 @@ mozilla::ipc::IPCResult ContentChild::RecvLoadURI(
|
||||
return IPC_OK();
|
||||
}
|
||||
|
||||
context->LoadURI(aLoadState, aSetNavigating);
|
||||
context->LoadURI(nullptr, aLoadState, aSetNavigating);
|
||||
|
||||
nsCOMPtr<nsPIDOMWindowOuter> window = context->GetDOMWindow();
|
||||
BrowserChild* bc = BrowserChild::GetFrom(window);
|
||||
@ -4226,7 +4226,7 @@ mozilla::ipc::IPCResult ContentChild::RecvInternalLoad(
|
||||
}
|
||||
BrowsingContext* context = aContext.get();
|
||||
|
||||
context->InternalLoad(aLoadState, nullptr, nullptr);
|
||||
context->InternalLoad(nullptr, aLoadState, nullptr, nullptr);
|
||||
|
||||
if (aTakeFocus) {
|
||||
if (nsCOMPtr<nsPIDOMWindowOuter> domWin = context->GetDOMWindow()) {
|
||||
|
||||
@ -266,8 +266,6 @@ struct DocShellLoadStateInit
|
||||
// encounters a server side redirect.
|
||||
nsIContentSecurityPolicy Csp;
|
||||
|
||||
MaybeDiscardedBrowsingContext SourceBrowsingContext;
|
||||
|
||||
nsCString? OriginalURIString;
|
||||
int32_t? CancelContentJSEpoch;
|
||||
|
||||
|
||||
@ -73,8 +73,6 @@ class MaybeDiscarded {
|
||||
bool IsDiscarded() const { return IsNullOrDiscarded() && !IsNull(); }
|
||||
bool IsNull() const { return mId == 0; }
|
||||
|
||||
explicit operator bool() const { return !IsNullOrDiscarded(); }
|
||||
|
||||
// Extract the wrapped |T|. Must not be called on a discarded |T|.
|
||||
T* get() const {
|
||||
MOZ_DIAGNOSTIC_ASSERT(!IsDiscarded());
|
||||
@ -85,11 +83,6 @@ class MaybeDiscarded {
|
||||
return mPtr.forget();
|
||||
}
|
||||
|
||||
T* operator->() const {
|
||||
MOZ_ASSERT(!IsNull());
|
||||
return get();
|
||||
}
|
||||
|
||||
// Like "get", but gets the "Canonical" version of the type. This method may
|
||||
// only be called in the parent process.
|
||||
auto get_canonical() const -> decltype(get()->Canonical()) {
|
||||
|
||||
@ -213,7 +213,7 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvLoadURI(
|
||||
// FIXME: We should really initiate the load in the parent before bouncing
|
||||
// back down to the child.
|
||||
|
||||
targetBC->LoadURI(aLoadState, aSetNavigating);
|
||||
targetBC->LoadURI(nullptr, aLoadState, aSetNavigating);
|
||||
return IPC_OK();
|
||||
}
|
||||
|
||||
@ -238,7 +238,7 @@ mozilla::ipc::IPCResult WindowGlobalParent::RecvInternalLoad(
|
||||
// FIXME: We should really initiate the load in the parent before bouncing
|
||||
// back down to the child.
|
||||
|
||||
targetBC->InternalLoad(aLoadState, nullptr, nullptr);
|
||||
targetBC->InternalLoad(BrowsingContext(), aLoadState, nullptr, nullptr);
|
||||
return IPC_OK();
|
||||
}
|
||||
|
||||
|
||||
@ -649,8 +649,6 @@ nsresult nsWindowWatcher::OpenWindowInternal(
|
||||
|
||||
RefPtr<BrowsingContext> parentBC(
|
||||
parentWindow ? parentWindow->GetBrowsingContext() : nullptr);
|
||||
nsCOMPtr<nsIDocShell> parentDocShell(parentBC ? parentBC->GetDocShell()
|
||||
: nullptr);
|
||||
|
||||
// Return null for any attempt to trigger a load from a discarded browsing
|
||||
// context. The spec is non-normative, and doesn't specify what should happen
|
||||
@ -671,8 +669,14 @@ nsresult nsWindowWatcher::OpenWindowInternal(
|
||||
// Do sandbox checks here, instead of waiting until nsIDocShell::LoadURI.
|
||||
// The state of the window can change before this call and if we are blocked
|
||||
// because of sandboxing, we wouldn't want that to happen.
|
||||
if (parentBC && parentBC->IsSandboxedFrom(newBC)) {
|
||||
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
nsCOMPtr<nsIDocShell> parentDocShell;
|
||||
if (parentWindow) {
|
||||
parentDocShell = parentWindow->GetDocShell();
|
||||
if (parentDocShell) {
|
||||
if (parentDocShell->IsSandboxedFrom(newBC)) {
|
||||
return NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// no extant window? make a new one.
|
||||
@ -1233,7 +1237,7 @@ nsresult nsWindowWatcher::OpenWindowInternal(
|
||||
loadState->SetFirstParty(true);
|
||||
|
||||
// Should this pay attention to errors returned by LoadURI?
|
||||
newBC->LoadURI(loadState);
|
||||
newBC->LoadURI(parentBC, loadState);
|
||||
}
|
||||
|
||||
// Copy the current session storage for the current domain. Don't perform the
|
||||
|
||||
Loading…
Reference in New Issue
Block a user