Popup permissions initialized with the result of checking if the
constructing WindowContext's principal is allowed to open a popup. The
field is updated for all WindowContexts sharing a principal whenever
the popup permission for that nsIPrincipal changes.
Differential Revision: https://phabricator.services.mozilla.com/D86378
A new `BrowsingContext` field, `isActiveBrowserWindow`, has been added
to track the active browser window for the `:-moz-window-inactive`
pseudoclass. This field takes the place of
`nsPIDOMWindowOuter::mIsActive`.
With this change `:-moz-window-inactive` is now fission compatible.
Differential Revision: https://phabricator.services.mozilla.com/D86422
We currently start with screen-relative coordinates, translate them to
widget-relative coordinates, and then translate them back to screen-relative
coordinates when actually showing the tooltip in XULBrowserWindow.showTooltip().
There's no reason for the extra conversions, so we can just send screen-relative
coordinates directly.
Since the widget origin for out-of-process frames is the origin of the frame
itself (instead of the tab, which is the case for in-process frames), the
screen-to-widget conversion was incorrect, and was causing a bug in how the
tooltip was being positioned. Avoiding that conversion altogether also fixes
that bug.
Differential Revision: https://phabricator.services.mozilla.com/D86750
This should help catch and/or prevent any cases where we're creating a new
subframe at an unfortunate time during `BrowsingContext` or `WindowContext`
teardown.
Differential Revision: https://phabricator.services.mozilla.com/D85896
`ReadyToExecuteParserBlockingScripts` was walking the ancestor chain but
would stop if it hit an OOP ancestor. With this change we walk the
`WindowContext` tree instead, so that we may skip over OOP ancestors
and continue checking all in process ancestors.
Differential Revision: https://phabricator.services.mozilla.com/D86436
Creating more than 2 nested iframes is not allowed and is now enforced for
about:blank loads because they now take place via DocumentChannel.
Differential Revision: https://phabricator.services.mozilla.com/D85084
This patch enables sandboxed srcdoc loads to take place via DocumentChannel,
and adds mechanisms for enabling unsandboxed ones.
Both unsandboxed srcdoc, and in subsequent patches, about:blank, loads require
that the triggering principal and the principal to inherit point to the same
instance if the load takes place in the same process as where we are inheriting
those principals from. We save those principals on a target browsing context before
we load the URI, and later, when we are deserializing LoadInfoArgs into
LoadInfo in the content process, we retrieve the saved principals if the
current load identifier of the target BC matches the load identifier saved
along with the principals.
We also need to make sure that during a process switch for about:srcdoc load,
we don't use the original URI for about:srcdoc to determine the remote type and
instead we use channel's result principal.
Differential Revision: https://phabricator.services.mozilla.com/D85079
This changes the set of types which can be passed as the second argument to
do_QueryActor to ones which can be unambiguously converted to a JSActorManager,
and combines nsCOMPtr_helper implementations.
Differential Revision: https://phabricator.services.mozilla.com/D84067
With fission enabled, walking the docshell tree to find unloaded
parents would stop at the first OOP parent. Instead we now walk
the `BrowsingContext`/`WindowContext` tree. To still check parents
which are OOP, we take advantage of the fact that a parent
`WindowContext` will no longer be the current `WindowContext` if
the parent was unloaded. For in process docshell's we additionally
check the docshell directly.
Differential Revision: https://phabricator.services.mozilla.com/D85328
With fission enabled, walking the docshell tree to find unloaded
parents would stop at the first OOP parent. Instead we now walk
the `BrowsingContext`/`WindowContext` tree. To still check parents
which are OOP, we take advantage of the fact that a parent
`WindowContext` will no longer be the current `WindowContext` if
the parent was unloaded. For in process docshell's we additionally
check the docshell directly.
Differential Revision: https://phabricator.services.mozilla.com/D85328
This builds on the new API added in bug 1652085 to reduce the chance of a
different BrowsingContextGroup instance being used for process selection at the
start of a process switch, and BrowsingContext creation at the end.
While this would probably not be a serious issue right now, as we always have
only a single "extension" process, it could become an issue in the future if the
specific group specifier is used in more places.
Differential Revision: https://phabricator.services.mozilla.com/D84549
This should ensure that any BrowsingContexts racily created during the discard
process don't end up creating a separate BrowsingContextGroup from their
relatives, and triggering group mismatch assertions.
Differential Revision: https://phabricator.services.mozilla.com/D84548
This requires keeping track of the current process used to host documents with a
particular remote type loaded in each BrowsingContextGroup. Due to lifecycle
oddities, this set is kept separate from the existing subscribers set on
BrowsingContextGroup.
Differential Revision: https://phabricator.services.mozilla.com/D84061
We now cache the shortcuts permission in a synced field on
`WindowContext`. This will allow checking the permission quickly and
without IPC when Fission is enabled and the top-level document is
in another process.
Differential Revision: https://phabricator.services.mozilla.com/D84182
CLOSED TREE
We don't need these macros anymore, for two reasons:
1. We have static analysis to provide the same sort of checks via `MOZ_RAII`
and friends.
2. clang now warns for the "temporary that should have been a declaration" case.
The extra requirements on class construction also show up during debug tests
as performance problems.
This change was automated by using the following sed script:
```
# Remove declarations in classes.
/MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER/d
/MOZ_GUARD_OBJECT_NOTIFIER_INIT/d
# Remove individual macros, carefully.
{
# We don't have to worry about substrings here because the closing
# parenthesis "anchors" the match.
s/MOZ_GUARD_OBJECT_NOTIFIER_PARAM)/)/g;
s/MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT)/)/g;
s/MOZ_GUARD_OBJECT_NOTIFIER_PARAM_IN_IMPL)/)/g;
s/MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_IN_IMPL)/)/g;
# Remove the longer identifier first.
s/MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_TO_PARENT//g;
s/MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM//g;
}
# Remove the actual include.
\@# *include "mozilla/GuardObjects.h"@d
```
and running:
```
find . -name \*.cpp -o -name \*.h | grep -v 'GuardObjects.h' |xargs sed -i -f script 2>/dev/null
mach clang-format
```
Differential Revision: https://phabricator.services.mozilla.com/D85168
We don't need these macros anymore, for two reasons:
1. We have static analysis to provide the same sort of checks via `MOZ_RAII`
and friends.
2. clang now warns for the "temporary that should have been a declaration" case.
The extra requirements on class construction also show up during debug tests
as performance problems.
This change was automated by using the following sed script:
```
# Remove declarations in classes.
/MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER/d
/MOZ_GUARD_OBJECT_NOTIFIER_INIT/d
# Remove individual macros, carefully.
{
# We don't have to worry about substrings here because the closing
# parenthesis "anchors" the match.
s/MOZ_GUARD_OBJECT_NOTIFIER_PARAM)/)/g;
s/MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT)/)/g;
s/MOZ_GUARD_OBJECT_NOTIFIER_PARAM_IN_IMPL)/)/g;
s/MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_IN_IMPL)/)/g;
# Remove the longer identifier first.
s/MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM_TO_PARENT//g;
s/MOZ_GUARD_OBJECT_NOTIFIER_ONLY_PARAM//g;
}
# Remove the actual include.
\@# *include "mozilla/GuardObjects.h"@d
```
and running:
```
find . -name \*.cpp -o -name \*.h | grep -v 'GuardObjects.h' |xargs sed -i -f script 2>/dev/null
mach clang-format
```
Differential Revision: https://phabricator.services.mozilla.com/D85168
This builds on the new API added in bug 1652085 to reduce the chance of a
different BrowsingContextGroup instance being used for process selection at the
start of a process switch, and BrowsingContext creation at the end.
While this would probably not be a serious issue right now, as we always have
only a single "extension" process, it could become an issue in the future if the
specific group specifier is used in more places.
Differential Revision: https://phabricator.services.mozilla.com/D84549
This should ensure that any BrowsingContexts racily created during the discard
process don't end up creating a separate BrowsingContextGroup from their
relatives, and triggering group mismatch assertions.
Differential Revision: https://phabricator.services.mozilla.com/D84548
This requires keeping track of the current process used to host documents with a
particular remote type loaded in each BrowsingContextGroup. Due to lifecycle
oddities, this set is kept separate from the existing subscribers set on
BrowsingContextGroup.
Differential Revision: https://phabricator.services.mozilla.com/D84061
Having two classes in the inheritance chain inherit from SupportsWeakPtr
now won't compile, but you can use WeakPtr<Derived> when any base class
inherits from SupportsWeakPtr.
Differential Revision: https://phabricator.services.mozilla.com/D83674
It has some properties which make it footgunny, especially in the face of
Fission. Callers should use WindowGlobalChild.innerWindowId instead.
Differential Revision: https://phabricator.services.mozilla.com/D82801
This avoids problems where a foreground tab tries to communicate with a background
tab via `window.opener`, but is unable to because the background tab
is suspended.
Differential Revision: https://phabricator.services.mozilla.com/D83693
It has some properties which make it footgunny, especially in the face of
Fission. Callers should use WindowGlobalChild.innerWindowId instead.
Differential Revision: https://phabricator.services.mozilla.com/D82801
Pass internal content policy type to DLL and switch behavior depending on type
being loaded. This implementation immediately redirects channel back to the
content process for further handling.
Depends on D80406
Differential Revision: https://phabricator.services.mozilla.com/D80407
After we enable Fissions, we can't always access the top level document because it might be in another process.
Therefore, we should move `mDocTreeHadAudibleMedia` from document to the top window context, which can ensure that we set the value correctly even if setting `mDocTreeHadAudibleMedia` happens in a different process which is different from the process where the top level document exists.
Differential Revision: https://phabricator.services.mozilla.com/D83162
Pass internal content policy type to DLL and switch behavior depending on type
being loaded. This implementation immediately redirects channel back to the
content process for further handling.
Differential Revision: https://phabricator.services.mozilla.com/D80407
Rather than constructing an nsIURIFixupInfo from the IPC call return valuess, and then immediately querying the same data, this just use the results directly.
It also moves the firing of "keyword-uri-fixup" observers to the parent process side. As far as I can tell, the only consumer was URIFixupChild, which was also forwarding them to the parent process.
Differential Revision: https://phabricator.services.mozilla.com/D81944
CLOSED TREE
Backed out changeset 51d7c644a1e6 (bug 1650163)
Backed out changeset 3d2b6908447a (bug 1650163)
Backed out changeset 79141707d47b (bug 1650163)