We cancel the permission request in the AutoplayPermissionRequest destructor,
and if we get a genuine cancel from the doorhanger. The Request reports the
cancel to the AutoplayPermissionManager, but we reuse the same manager across
different requests. So if a second request for permission comes in, we create a
new AutoplayPermissionRequest and fire that off to the front end code, but the
first request could be destroyed after the second request is dispatched but
before the response for the second request has retuned. Thus and the cancel in
the first's destructor could be reported to the manager as the second's result.
We should clear the AutoplayPermissionRequest's reference to the Manager in
Approve() and Cancel() so that we can't mixup the responses like this.
MozReview-Commit-ID: 1qYJfLOaqST
--HG--
extra : rebase_source : 871889da5420aff83c50933863ee3dd3d496bc12
Instead of unconditionally flushing layout, flush style and skip flush
layout unless any frame state bits on the element, or ancestors,
indicate that a flush is required.
MozReview-Commit-ID: 4zaB1eaE0fm
--HG--
extra : rebase_source : a02b014e127f8fc3e27afedb2012e09a7e8905b8
We'd like to add telemetry to help inform the decision as to how enabling
block autoplay will affect video playback in the wild.
Our data science team would also like some input to help them estimate the
rate at which our shield study would receive pings, and the telemetry
collected here will help them estimate that.
We'd like to collect the following, on a per session basis:
* Count of the number of top level content documents loaded, as denominator for
other stats collected here.
* Count of the number of top level content documents which contained (directly
or in a descendant document) playback of an audible media element.
* Count of the number of top level content documents which contained (directly
or in a descendant document) a muted media element that was paused by the
autoplay policy because it tried to unmute and it wasn't allowed to autoplay
audibly.
* Count of the total number of audible autoplay videos that would have not been
allowed to play if block autoplay was enabled. We'd either prompt for
permission on these videos, or block outright depending on user's settings.
* Count of the total number of audible autoplay videos that would have been
allowed to play if block autoplay was enabled.
MozReview-Commit-ID: vHWJPyqHjT
--HG--
extra : rebase_source : e1f22ec83fda8b65d78f1de9f02cf060d424019c
For reducing virtual calls of nsIPlaintextEditor::OutputToString(),
TextEditor should have new non-virtual public method, ComputeTextValue() and
shared code between it and OutputToString() as ComputeValueInternal().
MozReview-Commit-ID: KFeovQ568bf
--HG--
extra : rebase_source : a5cfb24cefe44f7c60e649959ed49350ed00d4d6
EditorBase::GetDocumentIsEmpty() is never called since it's overridden by
TextEditor::GetDocumentIsEmtpy() and never called directly. So, we can remove
its implementation.
Additionally, DocumentIsEmpty() is redundant. We can make it just IsEmpty().
MozReview-Commit-ID: CGsNzCHyVf
--HG--
extra : rebase_source : 3a8eeaf108bb387ea559e0643acfa96e26768577
We can start playing while we're awaiting a response to an autoplay-media
permission prompt, for example if the user clicks on a play button. In such
cases, it doesn't make sense to keep the autoplay permission request promise
connected in HTMLMediaElement, as since we're playing we'll be resolving the
play() promises and thus we won't be taking action on the autoplay request
promise's result. So we should just disconnect the autoplay permission request
promise if it's connected when we start playing.
MozReview-Commit-ID: 1aiCLXV7Ja9
--HG--
extra : rebase_source : c439e8f084ac8cc01db578d712e15d3174a08e71
The front end code can't always guarantee to give us an allow/cancel response
to a permission request. In particular in these cases:
* if we close a tab while showing a doorhanger, or
* if we navigate a tab while showing a doorhanger, or
* if the permission prompt requested in a background tab and never shown.
Handling all of these cases is problematic; we don't get events for all of
these where it's easy and cheap to determine that we should cancel the
permission request.
Canceling the permission request is important in the autoplay-media permission
request case as there's objects waiting on the resolution of the permission
request, and they leak in ASan builds while running chrome tests if the Gecko
size of the permission request doesn't get a notification telling it to stop
waiting.
But we can however rely on the doorhanger code to drop its reference to the
nsIContentPermissionRequest object that we pass to it when the doorhanger goes
away. So we can cancel the permission request in our
nsIContentPermissionRequest's implementation's destructor in order to easily
catch all the above cases.
In order to do that, we need to split AutoplayRequest into two; one part being
the implementation of nsIContentPermissionRequest (AutoplayPermissionRequest),
and the other part being the code to own the PromiseHolder and manage the
permission request (AutoplayPermissionManager).
AutoplayPermissionRequest keeps a weak reference to AutoplayPermissionManager,
so that it can tell the AutoplayPermissionManager to reject the request promise
when it's destroyed.
This fixes the ASan leak for which I got backed out from earlier in this bug,
and also fixes the cases above.
MozReview-Commit-ID: KoVkgIqDleW
--HG--
rename : dom/html/AutoplayRequest.cpp => dom/html/AutoplayPermissionManager.cpp
rename : dom/html/AutoplayRequest.h => dom/html/AutoplayPermissionManager.h
extra : rebase_source : dbca520a93d8c416f6d64c2da027630181bb5910
nsICommandParams is implemented only by nsCommandParams. So, all C++ users
can treat all instances of nsICommandParams as nsCommandParams. Therefore,
this patch makes all set/get value calls use non-virtual methods and all
constructors directly create nsCommandParams instance.
MozReview-Commit-ID: CscgK0gKp5g
--HG--
extra : rebase_source : 62eb0f60aada795a44cf5496cdafbff6cba80013
nsICommandParams::GetCStringValue() and nsICommandParams::SetCStringValue()
treat char. However, this makes their callers complicated. So, they should
be rewritten as treating nsACString.
MozReview-Commit-ID: DWO9veSyzyG
--HG--
extra : rebase_source : fbea13f6d7116ea1887434c0842b7768a7dc59ec
When setting contenteditable to false, editing session destroys HTMLEditor.
Destroying HTMLEditor means that selection visibility is reset by
FinalizeSelection.
So after calling TearDownEditorOnWindow on nsHTMLDocument, we should initialize
selection visibility if current focus is text control that has editor.
MozReview-Commit-ID: 4V8kZtOtKO3
--HG--
extra : rebase_source : 9d90c12b3c93e4dfd95095ce29a26e5fdd83f952
The change to test_bug558726.html is because we always serialize mapped
attributes after non-mapped ones. So this change is actually improving our
serialization in that test.
Calling EditorBase::EnableUndoRedo() without argument means that editor supports
unlimited undo/redo stack. AutoDisableUndo class calls it without argument
when it needs to restore undo/redo feature.
However, <input type="text"> and <textarea> limits number of maximum
transactions up to 1,000, perhaps for footprint. So, AutoDisableUndo should
store the last number of maximum transactions before disabling undo/redo from
the constructor.
MozReview-Commit-ID: CoI6ZXyTd3X
--HG--
extra : rebase_source : e2b9af17e5857dcc0a6781e254e45fdb790c9a9e
Test that a video which tries to autoplay via either a play() call or via
an autoplay attribute:
* Plays when it has a pre-existing "allow" autoplay-media permission.
* Is blocked when it has a pre-existing "block" autoplay-media permission.
* Plays when it doesn't have a pre-existing autoplay-media permission and
"allow" is pressed on the door hanger.
* Is blocked when it doesn't have a pre-existing autoplay-media permission and
"block" is pressed on the door hanger.
MozReview-Commit-ID: CpftV6RQbtU
--HG--
extra : rebase_source : a9c38a7e7071e3ebd34f10175f4f22cd84c4c303
When autoplay is requested by setting the "autoplay" attribute, we should
check whether autoplay is allowed in HTMLMediaElement::CheckAutoplayDataReady()
and if not we should prompt for user consent.
This ensures that <video ... autoplay/> will prompt for consent when used on
a page without a pre-existing allow/block permission.
MozReview-Commit-ID: 77pJR2Ybn2i
--HG--
extra : rebase_source : 5cf26822c9e5f23a83d69f5f52c39be6ab6f9eb0
Add an implementation of nsIContentPermissionRequest to encapsulate requesting
permission from the user to autoplay audible media.
All documents in the tab request permission using the top level document's
origin, so the AutoplayRequest instance for a tab is stored on the top level
content window of the tab.
AutoplayRequest ensures that there's only a single prompt shown at once.
MozReview-Commit-ID: 2u3aLnEa21z
--HG--
extra : rebase_source : a3db3a1ef87a09442b47ae1b1034b4a0143289fb
extra : source : ae572bf618155a92b136fc5f12c1f8c9ab31f89c
