diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js index 0fed362dc3b5..7b6a7800e88f 100644 --- a/browser/base/content/browser.js +++ b/browser/base/content/browser.js @@ -3416,7 +3416,10 @@ var BrowserOnClick = { // Allow users to override and continue through to the site, // but add a notify bar as a reminder, so that they don't lose // track after, e.g., tab switching. - browsingContext.loadURI(blockedInfo.uri, { + // Note that we have to use the passed URI info and can't just + // rely on the document URI, because the latter contains + // additional query parameters that should be stripped. + browsingContext.fixupAndLoadURIString(blockedInfo.uri, { triggeringPrincipal, flags: Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CLASSIFIER, }); @@ -3507,7 +3510,7 @@ var BrowserOnClick = { * when their own homepage is infected, we can get them somewhere safe. */ function getMeOutOfHere(browsingContext) { - browsingContext.top.loadURI(getDefaultHomePage(), { + browsingContext.top.fixupAndLoadURIString(getDefaultHomePage(), { triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(), // Also needs to load homepage }); } diff --git a/browser/components/sessionstore/SessionStore.sys.mjs b/browser/components/sessionstore/SessionStore.sys.mjs index d64d485bc2c6..df2efe7509ac 100644 --- a/browser/components/sessionstore/SessionStore.sys.mjs +++ b/browser/components/sessionstore/SessionStore.sys.mjs @@ -251,6 +251,10 @@ XPCOMUtils.defineLazyModuleGetters(lazy, { TabCrashHandler: "resource:///modules/ContentCrashHandlers.jsm", }); +XPCOMUtils.defineLazyGetter(lazy, "blankURI", () => { + return Services.io.newURI("about:blank"); +}); + /** * |true| if we are in debug mode, |false| otherwise. * Debug mode is controlled by preference browser.sessionstore.debug @@ -3884,7 +3888,7 @@ var SessionStoreInternal = { aTab.removeAttribute("crashed"); gBrowser.tabContainer.updateTabIndicatorAttr(aTab); - browser.loadURI("about:blank", { + browser.loadURI(lazy.blankURI, { triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({ userContextId: aTab.userContextId, }), @@ -6342,24 +6346,32 @@ var SessionStoreInternal = { * If neither is possible, just load an empty document. */ _restoreTabEntry(browser, tabData) { - let url = "about:blank"; - let loadFlags = Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_HISTORY; - - if (tabData.userTypedValue && tabData.userTypedClear) { - url = tabData.userTypedValue; - loadFlags = Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP; - } else if (tabData.entries.length) { + let haveUserTypedValue = tabData.userTypedValue && tabData.userTypedClear; + // First take care of the common case where we load the history entry. + if (!haveUserTypedValue && tabData.entries.length) { return SessionStoreUtils.initializeRestore( browser.browsingContext, this.buildRestoreData(tabData.formdata, tabData.scroll) ); } + // Here, we need to load user data or about:blank instead. + // As it's user-typed (or blank), it gets system triggering principal: + let triggeringPrincipal = Services.scriptSecurityManager.getSystemPrincipal(); + // Bypass all the fixup goop for about:blank: + if (!haveUserTypedValue) { + let blankPromise = this._waitForStateStop(browser, "about:blank"); + browser.browsingContext.loadURI(lazy.blankURI, { + triggeringPrincipal, + loadFlags: Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_HISTORY, + }); + return blankPromise; + } - let loadPromise = this._waitForStateStop(browser, url); - - browser.browsingContext.loadURI(url, { - loadFlags, - triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(), + // We have a user typed value, load that with fixup: + let loadPromise = this._waitForStateStop(browser, tabData.userTypedValue); + browser.browsingContext.fixupAndLoadURIString(tabData.userTypedValue, { + loadFlags: Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP, + triggeringPrincipal, }); return loadPromise; diff --git a/docshell/test/navigation/browser_test_simultaneous_normal_and_history_loads.js b/docshell/test/navigation/browser_test_simultaneous_normal_and_history_loads.js index a35adf73857b..eed3a641170e 100644 --- a/docshell/test/navigation/browser_test_simultaneous_normal_and_history_loads.js +++ b/docshell/test/navigation/browser_test_simultaneous_normal_and_history_loads.js @@ -37,7 +37,7 @@ add_task(async function test_normal_and_history_loads() { await new Promise(r => { setTimeout(r, 10); }); - browser.browsingContext.loadURI(testPage + "?newload", { + browser.browsingContext.loadURI(Services.io.newURI(testPage + "?newload"), { triggeringPrincipal: browser.nodePrincipal, }); let newLoad = BrowserTestUtils.browserLoaded(browser); diff --git a/remote/cdp/domains/parent/Page.sys.mjs b/remote/cdp/domains/parent/Page.sys.mjs index 6f511434490f..0ef7e0ab244d 100644 --- a/remote/cdp/domains/parent/Page.sys.mjs +++ b/remote/cdp/domains/parent/Page.sys.mjs @@ -175,7 +175,7 @@ export class Page extends Domain { referrerURI: referrer, triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(), }; - this.session.browsingContext.loadURI(url, opts); + this.session.browsingContext.loadURI(validURL, opts); // clients expect loaderId == requestId for a document navigation request const { navigationRequestId: loaderId, errorCode } = await requestDone; const result = { diff --git a/remote/marionette/navigate.sys.mjs b/remote/marionette/navigate.sys.mjs index da756f1f1ab5..ede81fb3dafc 100644 --- a/remote/marionette/navigate.sys.mjs +++ b/remote/marionette/navigate.sys.mjs @@ -168,7 +168,7 @@ navigate.navigateTo = async function(browsingContext, url) { // Fake user activation. hasValidUserGestureActivation: true, }; - browsingContext.loadURI(url, opts); + browsingContext.fixupAndLoadURIString(url, opts); }; /** diff --git a/remote/webdriver-bidi/modules/root/browsingContext.sys.mjs b/remote/webdriver-bidi/modules/root/browsingContext.sys.mjs index cd8dff6ca02f..29704f7e399f 100644 --- a/remote/webdriver-bidi/modules/root/browsingContext.sys.mjs +++ b/remote/webdriver-bidi/modules/root/browsingContext.sys.mjs @@ -481,7 +481,7 @@ class BrowsingContextModule extends Module { } }); - context.loadURI(targetURI.spec, { + context.loadURI(targetURI, { loadFlags: Ci.nsIWebNavigation.LOAD_FLAGS_IS_LINK, triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(), hasValidUserGestureActivation: true, diff --git a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm index fbefd4fbffbb..4d54a642704f 100644 --- a/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm +++ b/toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm @@ -121,7 +121,7 @@ class RemoteWebNavigation { Ci.nsIRemoteTab.NAVIGATE_URL, { uri } ); - this._browser.browsingContext.loadURI(aURI, { + this._browser.browsingContext.fixupAndLoadURIString(aURI, { ...aLoadURIOptions, cancelContentJSEpoch, }); diff --git a/uriloader/exthandler/WebHandlerApp.sys.mjs b/uriloader/exthandler/WebHandlerApp.sys.mjs index 7412a047ebb7..48cbe2df8404 100644 --- a/uriloader/exthandler/WebHandlerApp.sys.mjs +++ b/uriloader/exthandler/WebHandlerApp.sys.mjs @@ -76,8 +76,9 @@ nsWebHandlerApp.prototype = { var escapedUriSpecToHandle = encodeURIComponent(aURI.spec); // insert the encoded URI and create the object version. - var uriSpecToSend = this.uriTemplate.replace("%s", escapedUriSpecToHandle); - var uriToSend = Services.io.newURI(uriSpecToSend); + var uriToSend = Services.io.newURI( + this.uriTemplate.replace("%s", escapedUriSpecToHandle) + ); let policy = WebExtensionPolicy.getByURI(uriToSend); let privateAllowed = !policy || policy.privateBrowsingAllowed; @@ -104,7 +105,7 @@ nsWebHandlerApp.prototype = { let triggeringPrincipal = Services.scriptSecurityManager.getSystemPrincipal(); Services.tm.dispatchToMainThread(() => - aBrowsingContext.loadURI(uriSpecToSend, { triggeringPrincipal }) + aBrowsingContext.loadURI(uriToSend, { triggeringPrincipal }) ); return; }