The first checking condition in the IsAllowedPlay() is used to prevent the play() operation
is called by untrusted JS when media.autoplay.enabled=false. Therefore, we don't need to check
that in CanActivateAutoplay().
MozReview-Commit-ID: 6yqoG8ISyra
--HG--
extra : rebase_source : a3e52a1a5591691f503d7d4ca78dda63c05aef27
The Web-facing methods perform access checks which blow up when the
stars are aligned such that we run this code under a subject principal
that doesn't have access to the anchor node of the selection.
Bug 1259889 Part 2 [1] cannot be reverted cleanly, so I manually undo those
changes in this patch. That is, remove the ability for html.css to
invalidate dynamically since it was added specifically for details element.
Although reftest-stylo.list explicit mentions "DO NOT EDIT!", but I still
remove details pref from the file, since it doesn't harm to edit it anyway.
[1] https://hg.mozilla.org/mozilla-central/rev/30aaf3805b56
MozReview-Commit-ID: FsyTGQTxujh
--HG--
extra : rebase_source : 25e5a05a8a5a47642772da69f427631fa07e232d
This patch removes support for mozapp iframes, leaving support for
mozbrowser iframes intact. Some of the code has been rewritten in order
to phrase things in terms of mozbrowser only, as opposed to mozbrowser
or app. In some places, code that was only useful with apps has been
completely removed, so that the APIs consumed can also be removed. In
some places where the notion of appId was bleeding out of this API, now
we use NO_APP_ID. Other notions of appId which were restricted to this
API have been removed.
The previous changeset against this bug relaxed the conditions under which the
CDM and associated objects were shut down. This was to address moving a tab to a
new window breaking EME videos. However, this had the unwanted side effect of
not shutting down those objects early enough when pages are closed.
This changeset introduces a new check to see if the containing document is
currently active, if not we shutdown the CDM. This means CDMs are shutdown on
time, while retaining the desired behaviour that CDMs should not be shut down on
moving tabs to new windows. Shutdowns previously happened because we shut down
if a page hide happened, which took place during a reparent.
MozReview-Commit-ID: K5CD3ej43Y0
--HG--
extra : rebase_source : 28fdc277a89c371ad204d5e545779a5950063494
This changeset relaxes the shutting down of decoders and removal of mediakeys
when suspending HTMLMediaElements. This should now only happen for adobe
primetime. This alleviates, for non-primetime CDMs, the issue of videos
breaking when moving an EME protected video from a tab to a new window.
These conditions can be relaxed as neither clearkey or widevine support
secure stop. This means we don't need to shutdown their decoders and keys to
signal a stoppage, as at this stage, doing so doesn't give us secure stop and
instead means that playback is busted when we try to resume.
MozReview-Commit-ID: 3MGNXGGDVLS
--HG--
extra : rebase_source : cbf46b3da089f79d9b6729a02997d1a0a12b68a7
This patch removes support for mozapp iframes, leaving support for
mozbrowser iframes intact. Some of the code has been rewritten in order
to phrase things in terms of mozbrowser only, as opposed to mozbrowser
or app. In some places, code that was only useful with apps has been
completely removed, so that the APIs consumed can also be removed. In
some places where the notion of appId was bleeding out of this API, now
we use NO_APP_ID. Other notions of appId which were restricted to this
API have been removed.
I'm not 100% sure that I'm being very consistent in my handling of
mFocusedValue, but since that's not used for file inputs, I don't think it
matters much...
A bigger problem is if people start using this caller type for things other than
file inputs.
The only nsGenericHTMLElement::GetEditor callers are
HTMLInputElement::GetEditor/HTMLTextareaElement::GetEditor (the XPCOM-y
versions), which are only called from C++ and only from two places: a11y code,
which forces itself to look like system, and typeaheadfind, which would break
badly if it could not get an editor. So that security check simply shouldn't
exist.
The script API doesn't call down into here _and_ is [ChromeOnly] in the webidl
already.