Backed out 16 changesets (bug 1770944) as req by asuth.

Backed out changeset 61af32f40777 (bug 1770944) Backed out changeset 4ff0c45db93b (bug 1770944) Backed out changeset 8a217eff7bcd (bug 1770944) Backed out changeset 6435f48c96bf (bug 1770944) Backed out changeset 0d2432765ca0 (bug 1770944) Backed out changeset 58e02566db85 (bug 1770944) Backed out changeset 0a8c4c2460ee (bug 1770944) Backed out changeset 9416bafd9982 (bug 1770944) Backed out changeset 79de4f83fe2e (bug 1770944) Backed out changeset 63ac518aceb0 (bug 1770944) Backed out changeset 14952f872b77 (bug 1770944) Backed out changeset f65e0967ad75 (bug 1770944) Backed out changeset bd53c42038f7 (bug 1770944) Backed out changeset 36c378ba8212 (bug 1770944) Backed out changeset 9ba54ab06348 (bug 1770944) Backed out changeset fb5a54b3cbe9 (bug 1770944)
dothq · Feb 23, 2024 · 7eae8c1 · 7eae8c1
1 parent 57c8f70
commit 7eae8c1
Show file tree

Hide file tree

Showing 99 changed files with 3,020 additions and 273 deletions.
diff --git a/browser/actors/ContextMenuChild.sys.mjs b/browser/actors/ContextMenuChild.sys.mjs
@@ -471,6 +471,17 @@ export class ContextMenuChild extends JSWindowActorChild {
     return this.contentWindow.HTMLTextAreaElement.isInstance(node);
   }
 
+  /**
+   * Check if we are in the parent process and the current iframe is the RDM iframe.
+   */
+  _isTargetRDMFrame(node) {
+    return (
+      Services.appinfo.processType === Services.appinfo.PROCESS_TYPE_DEFAULT &&
+      node.tagName === "iframe" &&
+      node.hasAttribute("mozbrowser")
+    );
+  }
+
   _isSpellCheckEnabled(aNode) {
     // We can always force-enable spellchecking on textboxes
     if (this._isTargetATextBox(aNode)) {
@@ -534,6 +545,12 @@ export class ContextMenuChild extends JSWindowActorChild {
       return;
     }
 
+    if (this._isTargetRDMFrame(aEvent.composedTarget)) {
+      // The target is in the DevTools RDM iframe, a proper context menu event
+      // will be created from the RDM browser.
+      return;
+    }
+
     let doc = aEvent.composedTarget.ownerDocument;
     let {
       mozDocumentURIIfNotForErrorPages: docLocation,

diff --git a/browser/base/content/test/static/browser_all_files_referenced.js b/browser/base/content/test/static/browser_all_files_referenced.js
@@ -874,6 +874,9 @@ add_task(async function checkAllTheFiles() {
   // Wait for all manifest to be parsed
   await PerfTestHelpers.throttledMapPromises(manifestURIs, parseManifest);
 
+  for (let jsm of Components.manager.getComponentJSMs()) {
+    gReferencesFromCode.set(jsm, null);
+  }
   for (let esModule of Components.manager.getComponentESModules()) {
     gReferencesFromCode.set(esModule, null);
   }

diff --git a/build/non-unified-compat b/build/non-unified-compat
@@ -23,6 +23,7 @@ dom/base/
 dom/battery/
 dom/bindings/
 dom/broadcastchannel/
+dom/browser-element/
 dom/cache/
 dom/canvas/
 dom/clients/

diff --git a/caps/BasePrincipal.cpp b/caps/BasePrincipal.cpp
@@ -1190,6 +1190,13 @@ BasePrincipal::GetPrivateBrowsingId(uint32_t* aPrivateBrowsingId) {
   return NS_OK;
 }
 
+NS_IMETHODIMP
+BasePrincipal::GetIsInIsolatedMozBrowserElement(
+    bool* aIsInIsolatedMozBrowserElement) {
+  *aIsInIsolatedMozBrowserElement = IsInIsolatedMozBrowserElement();
+  return NS_OK;
+}
+
 nsresult BasePrincipal::GetAddonPolicy(
     extensions::WebExtensionPolicy** aResult) {
   AssertIsOnMainThread();

diff --git a/caps/BasePrincipal.h b/caps/BasePrincipal.h
@@ -163,6 +163,8 @@ class BasePrincipal : public nsJSPrincipals {
   NS_IMETHOD GetIsIpAddress(bool* aIsIpAddress) override;
   NS_IMETHOD GetIsLocalIpAddress(bool* aIsIpAddress) override;
   NS_IMETHOD GetIsOnion(bool* aIsOnion) override;
+  NS_IMETHOD GetIsInIsolatedMozBrowserElement(
+      bool* aIsInIsolatedMozBrowserElement) final;
   NS_IMETHOD GetUserContextId(uint32_t* aUserContextId) final;
   NS_IMETHOD GetPrivateBrowsingId(uint32_t* aPrivateBrowsingId) final;
   NS_IMETHOD GetSiteOrigin(nsACString& aSiteOrigin) final;
@@ -248,6 +250,9 @@ class BasePrincipal : public nsJSPrincipals {
   uint32_t PrivateBrowsingId() const {
     return mOriginAttributes.mPrivateBrowsingId;
   }
+  bool IsInIsolatedMozBrowserElement() const {
+    return mOriginAttributes.mInIsolatedMozBrowser;
+  }
 
   PrincipalKind Kind() const { return mKind; }
 

diff --git a/caps/OriginAttributes.cpp b/caps/OriginAttributes.cpp
@@ -229,6 +229,10 @@ void OriginAttributes::CreateSuffix(nsACString& aStr) const {
   // naming.
   //
 
+  if (mInIsolatedMozBrowser) {
+    params.Set(u"inBrowser"_ns, u"1"_ns);
+  }
+
   if (mUserContextId != nsIScriptSecurityManager::DEFAULT_USER_CONTEXT_ID) {
     value.Truncate();
     value.AppendInt(mUserContextId);
@@ -331,6 +335,7 @@ bool OriginAttributes::PopulateFromSuffix(const nsACString& aStr) {
             return false;
           }
 
+          mInIsolatedMozBrowser = true;
           return true;
         }
 

diff --git a/caps/OriginAttributes.h b/caps/OriginAttributes.h
@@ -17,6 +17,10 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
  public:
   OriginAttributes() = default;
 
+  explicit OriginAttributes(bool aInIsolatedMozBrowser) {
+    mInIsolatedMozBrowser = aInIsolatedMozBrowser;
+  }
+
   explicit OriginAttributes(const OriginAttributesDictionary& aOther)
       : OriginAttributesDictionary(aOther) {}
 
@@ -70,7 +74,8 @@ class OriginAttributes : public dom::OriginAttributesDictionary {
   }
 
   [[nodiscard]] bool EqualsIgnoringFPD(const OriginAttributes& aOther) const {
-    return mUserContextId == aOther.mUserContextId &&
+    return mInIsolatedMozBrowser == aOther.mInIsolatedMozBrowser &&
+           mUserContextId == aOther.mUserContextId &&
            mPrivateBrowsingId == aOther.mPrivateBrowsingId &&
            mGeckoViewSessionContextId == aOther.mGeckoViewSessionContextId;
   }
@@ -154,6 +159,11 @@ class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary {
 
   // Performs a match of |aAttrs| against this pattern.
   bool Matches(const OriginAttributes& aAttrs) const {
+    if (mInIsolatedMozBrowser.WasPassed() &&
+        mInIsolatedMozBrowser.Value() != aAttrs.mInIsolatedMozBrowser) {
+      return false;
+    }
+
     if (mUserContextId.WasPassed() &&
         mUserContextId.Value() != aAttrs.mUserContextId) {
       return false;
@@ -217,6 +227,12 @@ class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary {
   }
 
   bool Overlaps(const OriginAttributesPattern& aOther) const {
+    if (mInIsolatedMozBrowser.WasPassed() &&
+        aOther.mInIsolatedMozBrowser.WasPassed() &&
+        mInIsolatedMozBrowser.Value() != aOther.mInIsolatedMozBrowser.Value()) {
+      return false;
+    }
+
     if (mUserContextId.WasPassed() && aOther.mUserContextId.WasPassed() &&
         mUserContextId.Value() != aOther.mUserContextId.Value()) {
       return false;

diff --git a/caps/nsIPrincipal.idl b/caps/nsIPrincipal.idl
@@ -586,6 +586,17 @@ interface nsIPrincipal : nsISupports
      */
     [infallible] readonly attribute unsigned long privateBrowsingId;
 
+    /**
+     * Returns true iff the principal is inside an isolated mozbrowser element.
+     * <xul:browser> is not considered to be a mozbrowser element.
+     * <iframe mozbrowser noisolation> does not count as isolated since
+     * isolation is disabled.  Isolation can only be disabled if the
+     * containing document is chrome.
+     *
+     * May be called from any thread.
+     */
+    [infallible] readonly attribute boolean isInIsolatedMozBrowserElement;
+
     /**
      * Returns true iff this is a null principal (corresponding to an
      * unknown, hence assumed minimally privileged, security context).

diff --git a/caps/tests/gtest/TestOriginAttributes.cpp b/caps/tests/gtest/TestOriginAttributes.cpp
@@ -45,6 +45,12 @@ TEST(OriginAttributes, Suffix_default)
   TestSuffix(attrs);
 }
 
+TEST(OriginAttributes, Suffix_inIsolatedMozBrowser)
+{
+  OriginAttributes attrs(true);
+  TestSuffix(attrs);
+}
+
 TEST(OriginAttributes, FirstPartyDomain_default)
 {
   bool oldFpiPref = Preferences::GetBool(FPI_PREF);

diff --git a/caps/tests/unit/test_origin.js b/caps/tests/unit/test_origin.js
@@ -24,6 +24,10 @@ function checkCrossOrigin(a, b) {
 
 function checkOriginAttributes(prin, attrs, suffix) {
   attrs = attrs || {};
+  Assert.equal(
+    prin.originAttributes.inIsolatedMozBrowser,
+    attrs.inIsolatedMozBrowser || false
+  );
   Assert.equal(prin.originSuffix, suffix || "");
   Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), suffix || "");
   Assert.ok(
@@ -55,6 +59,9 @@ function printAttrs(name, attrs) {
       "\tuserContextId: " +
       attrs.userContextId +
       ",\n" +
+      "\tinIsolatedMozBrowser: " +
+      attrs.inIsolatedMozBrowser +
+      ",\n" +
       "\tprivateBrowsingId: '" +
       attrs.privateBrowsingId +
       "',\n" +
@@ -69,6 +76,10 @@ function checkValues(attrs, values) {
   // printAttrs("attrs", attrs);
   // printAttrs("values", values);
   Assert.equal(attrs.userContextId, values.userContextId || 0);
+  Assert.equal(
+    attrs.inIsolatedMozBrowser,
+    values.inIsolatedMozBrowser || false
+  );
   Assert.equal(attrs.privateBrowsingId, values.privateBrowsingId || "");
   Assert.equal(attrs.firstPartyDomain, values.firstPartyDomain || "");
 }
@@ -130,6 +141,26 @@ function run_test() {
   // Test origin attributes.
   //
 
+  // Just browser.
+  var exampleOrg_browser = ssm.createContentPrincipal(
+    makeURI("http://example.org"),
+    { inIsolatedMozBrowser: true }
+  );
+  var nullPrin_browser = ssm.createNullPrincipal({
+    inIsolatedMozBrowser: true,
+  });
+  checkOriginAttributes(
+    exampleOrg_browser,
+    { inIsolatedMozBrowser: true },
+    "^inBrowser=1"
+  );
+  checkOriginAttributes(
+    nullPrin_browser,
+    { inIsolatedMozBrowser: true },
+    "^inBrowser=1"
+  );
+  Assert.equal(exampleOrg_browser.origin, "http://example.org^inBrowser=1");
+
   // First party Uri
   var exampleOrg_firstPartyDomain = ssm.createContentPrincipal(
     makeURI("http://example.org"),
@@ -175,6 +206,7 @@ function run_test() {
   );
 
   // Check that all of the above are cross-origin.
+  checkCrossOrigin(exampleOrg_browser, nullPrin_browser);
   checkCrossOrigin(exampleOrg_firstPartyDomain, exampleOrg);
   checkCrossOrigin(exampleOrg_userContext, exampleOrg);
 
@@ -213,6 +245,7 @@ function run_test() {
   var tests = [
     ["", {}],
     ["^userContextId=3", { userContextId: 3 }],
+    ["^inBrowser=1", { inIsolatedMozBrowser: true }],
     ["^firstPartyDomain=example.org", { firstPartyDomain: "example.org" }],
   ];
 

diff --git a/dom/base/ChromeUtils.h b/dom/base/ChromeUtils.h
@@ -129,7 +129,8 @@ class ChromeUtils {
   static bool IsOriginAttributesEqualIgnoringFPD(
       const dom::OriginAttributesDictionary& aA,
       const dom::OriginAttributesDictionary& aB) {
-    return aA.mUserContextId == aB.mUserContextId &&
+    return aA.mInIsolatedMozBrowser == aB.mInIsolatedMozBrowser &&
+           aA.mUserContextId == aB.mUserContextId &&
            aA.mPrivateBrowsingId == aB.mPrivateBrowsingId;
   }
 

diff --git a/dom/base/Element.h b/dom/base/Element.h
@@ -90,6 +90,7 @@ class nsIDOMXULSelectControlElement;
 class nsIDOMXULSelectControlItemElement;
 class nsIFrame;
 class nsIHTMLCollection;
+class nsIMozBrowserFrame;
 class nsIPrincipal;
 class nsIScreen;
 class nsIScrollableFrame;
@@ -457,6 +458,16 @@ class Element : public FragmentOrElement {
    */
   virtual bool IsInteractiveHTMLContent() const;
 
+  /**
+   * Returns |this| as an nsIMozBrowserFrame* if the element is a frame or
+   * iframe element.
+   *
+   * We have this method, rather than using QI, so that we can use it during
+   * the servo traversal, where we can't QI DOM nodes because of non-thread-safe
+   * refcounts.
+   */
+  virtual nsIMozBrowserFrame* GetAsMozBrowserFrame() { return nullptr; }
+
   /**
    * Is the attribute named aAttribute a mapped attribute?
    */

diff --git a/dom/base/InProcessBrowserChildMessageManager.cpp b/dom/base/InProcessBrowserChildMessageManager.cpp
@@ -13,6 +13,7 @@
 #include "nsFrameLoaderOwner.h"
 #include "nsQueryObject.h"
 #include "xpcpublic.h"
+#include "nsIMozBrowserFrame.h"
 #include "mozilla/EventDispatcher.h"
 #include "mozilla/dom/ChromeMessageSender.h"
 #include "mozilla/dom/Document.h"
@@ -99,6 +100,15 @@ InProcessBrowserChildMessageManager::InProcessBrowserChildMessageManager(
       mOwner(aOwner),
       mChromeMessageManager(aChrome) {
   mozilla::HoldJSObjects(this);
+
+  // If owner corresponds to an <iframe mozbrowser>, we'll have to tweak our
+  // GetEventTargetParent implementation.
+  nsCOMPtr<nsIMozBrowserFrame> browserFrame = do_QueryInterface(mOwner);
+  if (browserFrame) {
+    mIsBrowserFrame = browserFrame->GetReallyIsBrowser();
+  } else {
+    mIsBrowserFrame = false;
+  }
 }
 
 InProcessBrowserChildMessageManager::~InProcessBrowserChildMessageManager() {
@@ -226,7 +236,19 @@ void InProcessBrowserChildMessageManager::GetEventTargetParent(
     return;
   }
 
-  aVisitor.SetParentTarget(mOwner, false);
+  if (mIsBrowserFrame &&
+      (!mOwner || !nsContentUtils::IsInChromeDocshell(mOwner->OwnerDoc()))) {
+    if (mOwner) {
+      if (nsPIDOMWindowInner* innerWindow =
+              mOwner->OwnerDoc()->GetInnerWindow()) {
+        // 'this' is already a "chrome handler", so we consider window's
+        // parent target to be part of that same part of the event path.
+        aVisitor.SetParentTarget(innerWindow->GetParentTarget(), false);
+      }
+    }
+  } else {
+    aVisitor.SetParentTarget(mOwner, false);
+  }
 }
 
 class nsAsyncScriptLoad : public Runnable {

diff --git a/dom/base/InProcessBrowserChildMessageManager.h b/dom/base/InProcessBrowserChildMessageManager.h
@@ -108,6 +108,9 @@ class InProcessBrowserChildMessageManager final
   RefPtr<nsDocShell> mDocShell;
   bool mLoadingScript;
 
+  // Is this the message manager for an in-process <iframe mozbrowser>? This
+  // affects where events get sent, so it affects GetEventTargetParent.
+  bool mIsBrowserFrame;
   bool mPreventEventsEscaping;
 
   // We keep a strong reference to the frameloader after we've started