Merge mozilla-central to autoland. CLOSED TREE

2024-10-19 16:25:38 +00:00 · 2019-09-18 13:05:29 +03:00 · 2019-09-18 13:05:29 +03:00 · a6faaf2933
commit a6faaf2933
parent 9be69aefcb 4218cb868d
5 changed files with 47 additions and 17 deletions
--- a/browser/locales/l10n-changesets.json
+++ b/browser/locales/l10n-changesets.json
@ -203,6 +203,23 @@
        ],
        "revision": "default"
    },
+    "ca-valencia": {
+        "platforms": [
+            "linux",
+            "linux-devedition",
+            "linux64",
+            "linux64-devedition",
+            "macosx64",
+            "macosx64-devedition",
+            "win32",
+            "win32-devedition",
+            "win64",
+            "win64-aarch64",
+            "win64-aarch64-devedition",
+            "win64-devedition"
+        ],
+        "revision": "default"
+    },
    "cak": {
        "platforms": [
            "linux",
--- a/dom/base/Location.cpp
+++ b/dom/base/Location.cpp
@ -40,10 +40,12 @@
 namespace mozilla {
 namespace dom {

-Location::Location(nsPIDOMWindowInner* aWindow, nsIDocShell* aDocShell)
+Location::Location(nsPIDOMWindowInner* aWindow, BrowsingContext* aBrowsingContext)
    : mInnerWindow(aWindow) {
-  // aDocShell can be null if it gets called after nsDocShell::Destory().
-  mDocShell = do_GetWeakReference(aDocShell);
+  // aBrowsingContext can be null if it gets called after nsDocShell::Destory().
+  if (aBrowsingContext) {
+    mBrowsingContextId = aBrowsingContext->Id();
+  }
 }

 Location::~Location() {}
@ -60,21 +62,21 @@ NS_IMPL_CYCLE_COLLECTING_ADDREF(Location)
 NS_IMPL_CYCLE_COLLECTING_RELEASE(Location)

 BrowsingContext* Location::GetBrowsingContext() {
-  if (nsCOMPtr<nsIDocShell> docShell = GetDocShell()) {
-    return docShell->GetBrowsingContext();
-  }
-  return nullptr;
+  RefPtr<BrowsingContext> bc = BrowsingContext::Get(mBrowsingContextId);
+  return bc.get();
 }

 already_AddRefed<nsIDocShell> Location::GetDocShell() {
-  nsCOMPtr<nsIDocShell> docShell = do_QueryReferent(mDocShell);
-  return docShell.forget();
+  if (RefPtr<BrowsingContext> bc = GetBrowsingContext()) {
+    return do_AddRef(bc->GetDocShell());
+  }
+  return nullptr;
 }

 nsresult Location::GetURI(nsIURI** aURI, bool aGetInnermostURI) {
  *aURI = nullptr;

-  nsCOMPtr<nsIDocShell> docShell(do_QueryReferent(mDocShell));
+  nsCOMPtr<nsIDocShell> docShell(GetDocShell());
  if (!docShell) {
    return NS_OK;
  }
@ -549,7 +551,7 @@ void Location::SetSearch(const nsAString& aSearch,
 }

 void Location::Reload(bool aForceget, ErrorResult& aRv) {
-  nsCOMPtr<nsIDocShell> docShell(do_QueryReferent(mDocShell));
+  nsCOMPtr<nsIDocShell> docShell(GetDocShell());
  if (!docShell) {
    return aRv.Throw(NS_ERROR_FAILURE);
  }
@ -603,13 +605,26 @@ void Location::Assign(const nsAString& aUrl, nsIPrincipal& aSubjectPrincipal,
 bool Location::CallerSubsumes(nsIPrincipal* aSubjectPrincipal) {
  MOZ_ASSERT(aSubjectPrincipal);

+  RefPtr<BrowsingContext> bc(GetBrowsingContext());
+  if (MOZ_UNLIKELY(!bc) || MOZ_UNLIKELY(bc->IsDiscarded())) {
+    // Per spec, operations on a Location object with a discarded BC are no-ops,
+    // not security errors, so we need to return true from the access check and
+    // let the caller do its own discarded docShell check.
+    return true;
+  }
+  if (MOZ_UNLIKELY(!bc->IsInProcess())) {
+    return false;
+  }
+
  // Get the principal associated with the location object.  Note that this is
  // the principal of the page which will actually be navigated, not the
  // principal of the Location object itself.  This is why we need this check
  // even though we only allow limited cross-origin access to Location objects
  // in general.
-  nsCOMPtr<nsPIDOMWindowOuter> outer = mInnerWindow->GetOuterWindow();
+  nsCOMPtr<nsPIDOMWindowOuter> outer = bc->GetDOMWindow();
+  MOZ_DIAGNOSTIC_ASSERT(outer);
  if (MOZ_UNLIKELY(!outer)) return false;
+
  nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(outer);
  bool subsumes = false;
  nsresult rv = aSubjectPrincipal->SubsumesConsideringDomain(
--- a/dom/base/Location.h
+++ b/dom/base/Location.h
@ -34,7 +34,7 @@ class Location final : public nsISupports,
 public:
  typedef BrowsingContext::LocationProxy RemoteProxy;

-  Location(nsPIDOMWindowInner* aWindow, nsIDocShell* aDocShell);
+  Location(nsPIDOMWindowInner* aWindow, BrowsingContext* aBrowsingContext);

  NS_DECL_CYCLE_COLLECTING_ISUPPORTS
  NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS(Location)
@ -144,7 +144,7 @@ class Location final : public nsISupports,

  nsString mCachedHash;
  nsCOMPtr<nsPIDOMWindowInner> mInnerWindow;
-  nsWeakPtr mDocShell;
+  uint64_t mBrowsingContextId = 0;
 };

 }  // namespace dom
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@ -4001,7 +4001,7 @@ nsGlobalWindowInner::GetExistingDebuggerNotificationManager() {

 Location* nsGlobalWindowInner::Location() {
  if (!mLocation) {
-    mLocation = new dom::Location(this, GetDocShell());
+    mLocation = new dom::Location(this, GetBrowsingContext());
  }

  return mLocation;
--- a/js/xpconnect/tests/mochitest/mochitest.ini
+++ b/js/xpconnect/tests/mochitest/mochitest.ini
@ -61,7 +61,6 @@ support-files =
 skip-if = fission # Times out.
 [test_bug629331.html]
 [test_bug636097.html]
-fail-if = fission # Bug 1573621: window.location access after cross-origin navigation.
 [test_bug650273.html]
 [test_bug655297-1.html]
 [test_bug655297-2.html]
@ -77,7 +76,6 @@ skip-if = toolkit == "android" && debug && !is_fennec
 [test_bug790732.html]
 [test_bug793969.html]
 [test_bug800864.html]
-fail-if = fission # Bug 1573621: window.location access after cross-origin navigation.
 [test_bug802557.html]
 fail-if = fission # Bug 1573621: window.location access after cross-origin navigation.
 [test_bug803730.html]