summaryrefslogtreecommitdiffstats
path: root/dom/base/Document.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:29:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:29:10 +0000
commit2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
treeb80bf8bf13c3766139fbacc530efd0dd9d54394c /dom/base/Document.cpp
parentInitial commit. (diff)
downloadfirefox-2aa4a82499d4becd2284cdb482213d541b8804dd.tar.xz
firefox-2aa4a82499d4becd2284cdb482213d541b8804dd.zip
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/base/Document.cpp')
-rw-r--r--dom/base/Document.cpp17276
1 files changed, 17276 insertions, 0 deletions
diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
new file mode 100644
index 0000000000..3ca1805306
--- /dev/null
+++ b/dom/base/Document.cpp
@@ -0,0 +1,17276 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Base class for all our document implementations.
+ */
+
+#include "mozilla/dom/Document.h"
+#include "mozilla/dom/DocumentInlines.h"
+
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include <algorithm>
+#include <cstddef>
+#include <cstdint>
+#include <initializer_list>
+#include <iterator>
+#include <limits>
+#include <type_traits>
+#include "Attr.h"
+#include "AutoplayPolicy.h"
+#include "ErrorList.h"
+#include "ExpandedPrincipal.h"
+#include "MainThreadUtils.h"
+#include "MobileViewportManager.h"
+#include "NodeUbiReporting.h"
+#include "PLDHashTable.h"
+#include "StorageAccessPermissionRequest.h"
+#include "ThirdPartyUtil.h"
+#include "domstubs.h"
+#include "gfxPlatform.h"
+#include "imgIContainer.h"
+#include "imgLoader.h"
+#include "imgRequestProxy.h"
+#include "js/Value.h"
+#include "jsapi.h"
+#include "mozAutoDocUpdate.h"
+#include "mozIDOMWindow.h"
+#include "mozIThirdPartyUtil.h"
+#include "mozilla/AbstractTimelineMarker.h"
+#include "mozilla/AntiTrackingUtils.h"
+#include "mozilla/ArrayIterator.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/AsyncEventDispatcher.h"
+#include "mozilla/Base64.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/CSSEnabledState.h"
+#include "mozilla/ContentBlocking.h"
+#include "mozilla/ContentBlockingAllowList.h"
+#include "mozilla/ContentBlockingNotifier.h"
+#include "mozilla/ContentBlockingUserInteraction.h"
+#include "mozilla/CycleCollectedJSContext.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/DocLoadingTimelineMarker.h"
+#include "mozilla/DocumentStyleRootIterator.h"
+#include "mozilla/EditorCommands.h"
+#include "mozilla/Encoding.h"
+#include "mozilla/ErrorResult.h"
+#include "mozilla/EventDispatcher.h"
+#include "mozilla/EventListenerManager.h"
+#include "mozilla/EventQueue.h"
+#include "mozilla/EventStateManager.h"
+#include "mozilla/ExtensionPolicyService.h"
+#include "mozilla/FullscreenChange.h"
+#include "mozilla/GlobalStyleSheetCache.h"
+#include "mozilla/HTMLEditor.h"
+#include "mozilla/HoldDropJSObjects.h"
+#include "mozilla/IdentifierMapEntry.h"
+#include "mozilla/InputTaskManager.h"
+#include "mozilla/IntegerRange.h"
+#include "mozilla/InternalMutationEvent.h"
+#include "mozilla/Likely.h"
+#include "mozilla/Logging.h"
+#include "mozilla/LookAndFeel.h"
+#include "mozilla/MacroForEach.h"
+#include "mozilla/MediaFeatureChange.h"
+#include "mozilla/MediaManager.h"
+#include "mozilla/MemoryReporting.h"
+#include "mozilla/NullPrincipal.h"
+#include "mozilla/OriginAttributes.h"
+#include "mozilla/OwningNonNull.h"
+#include "mozilla/PendingAnimationTracker.h"
+#include "mozilla/PendingFullscreenEvent.h"
+#include "mozilla/PermissionDelegateHandler.h"
+#include "mozilla/PermissionManager.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/PreloadHashKey.h"
+#include "mozilla/PresShell.h"
+#include "mozilla/PresShellForwards.h"
+#include "mozilla/PresShellInlines.h"
+#include "mozilla/PseudoStyleType.h"
+#include "mozilla/RefCountType.h"
+#include "mozilla/RelativeTo.h"
+#include "mozilla/RestyleManager.h"
+#include "mozilla/ReverseIterator.h"
+#include "mozilla/SMILAnimationController.h"
+#include "mozilla/SMILTimeContainer.h"
+#include "mozilla/ScopeExit.h"
+#include "mozilla/Services.h"
+#include "mozilla/ServoCSSPropList.h"
+#include "mozilla/ServoStyleConsts.h"
+#include "mozilla/ServoStyleSet.h"
+#include "mozilla/ServoTypes.h"
+#include "mozilla/SizeOfState.h"
+#include "mozilla/Span.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/StaticAnalysisFunctions.h"
+#include "mozilla/StaticPrefs_apz.h"
+#include "mozilla/StaticPrefs_browser.h"
+#include "mozilla/StaticPrefs_docshell.h"
+#include "mozilla/StaticPrefs_dom.h"
+#include "mozilla/StaticPrefs_full_screen_api.h"
+#include "mozilla/StaticPrefs_layout.h"
+#include "mozilla/StaticPrefs_network.h"
+#include "mozilla/StaticPrefs_page_load.h"
+#include "mozilla/StaticPrefs_plugins.h"
+#include "mozilla/StaticPrefs_privacy.h"
+#include "mozilla/StaticPrefs_security.h"
+#include "mozilla/StaticPrefs_widget.h"
+#include "mozilla/StaticPresData.h"
+#include "mozilla/StorageAccess.h"
+#include "mozilla/StoragePrincipalHelper.h"
+#include "mozilla/StyleSheet.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/TelemetryHistogramEnums.h"
+#include "mozilla/TelemetryScalarEnums.h"
+#include "mozilla/TextControlElement.h"
+#include "mozilla/TextEditor.h"
+#include "mozilla/TimelineConsumers.h"
+#include "mozilla/TypedEnumBits.h"
+#include "mozilla/URLDecorationStripper.h"
+#include "mozilla/URLExtraData.h"
+#include "mozilla/Unused.h"
+#include "mozilla/css/ImageLoader.h"
+#include "mozilla/css/Loader.h"
+#include "mozilla/css/Rule.h"
+#include "mozilla/css/SheetParsingMode.h"
+#include "mozilla/dom/AnonymousContent.h"
+#include "mozilla/dom/BrowserChild.h"
+#include "mozilla/dom/BrowsingContext.h"
+#include "mozilla/dom/BrowsingContextGroup.h"
+#include "mozilla/dom/CDATASection.h"
+#include "mozilla/dom/CSPDictionariesBinding.h"
+#include "mozilla/dom/CanonicalBrowsingContext.h"
+#include "mozilla/dom/ChromeObserver.h"
+#include "mozilla/dom/ClientInfo.h"
+#include "mozilla/dom/ClientState.h"
+#include "mozilla/dom/Comment.h"
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/dom/DOMImplementation.h"
+#include "mozilla/dom/DOMIntersectionObserver.h"
+#include "mozilla/dom/DOMStringList.h"
+#include "mozilla/dom/DocGroup.h"
+#include "mozilla/dom/DocumentBinding.h"
+#include "mozilla/dom/DocumentFragment.h"
+#include "mozilla/dom/DocumentL10n.h"
+#include "mozilla/dom/DocumentTimeline.h"
+#include "mozilla/dom/DocumentType.h"
+#include "mozilla/dom/ElementBinding.h"
+#include "mozilla/dom/Event.h"
+#include "mozilla/dom/EventListenerBinding.h"
+#include "mozilla/dom/FailedCertSecurityInfoBinding.h"
+#include "mozilla/dom/FeaturePolicy.h"
+#include "mozilla/dom/FeaturePolicyUtils.h"
+#include "mozilla/dom/FontFaceSet.h"
+#include "mozilla/dom/FromParser.h"
+#include "mozilla/dom/HTMLAllCollection.h"
+#include "mozilla/dom/HTMLBodyElement.h"
+#include "mozilla/dom/HTMLCollectionBinding.h"
+#include "mozilla/dom/HTMLDialogElement.h"
+#include "mozilla/dom/HTMLFormElement.h"
+#include "mozilla/dom/HTMLIFrameElement.h"
+#include "mozilla/dom/HTMLImageElement.h"
+#include "mozilla/dom/HTMLInputElement.h"
+#include "mozilla/dom/HTMLLinkElement.h"
+#include "mozilla/dom/HTMLMediaElement.h"
+#include "mozilla/dom/HTMLMetaElement.h"
+#include "mozilla/dom/HTMLSharedElement.h"
+#include "mozilla/dom/HTMLTextAreaElement.h"
+#include "mozilla/dom/ImageTracker.h"
+#include "mozilla/dom/Link.h"
+#include "mozilla/dom/MediaQueryList.h"
+#include "mozilla/dom/MediaSource.h"
+#include "mozilla/dom/MutationObservers.h"
+#include "mozilla/dom/NameSpaceConstants.h"
+#include "mozilla/dom/Navigator.h"
+#include "mozilla/dom/NetErrorInfoBinding.h"
+#include "mozilla/dom/NodeInfo.h"
+#include "mozilla/dom/NodeIterator.h"
+#include "mozilla/dom/PContentChild.h"
+#include "mozilla/dom/PWindowGlobalChild.h"
+#include "mozilla/dom/PageTransitionEvent.h"
+#include "mozilla/dom/PageTransitionEventBinding.h"
+#include "mozilla/dom/Performance.h"
+#include "mozilla/dom/PermissionMessageUtils.h"
+#include "mozilla/dom/PostMessageEvent.h"
+#include "mozilla/dom/ProcessingInstruction.h"
+#include "mozilla/dom/Promise.h"
+#include "mozilla/dom/PromiseNativeHandler.h"
+#include "mozilla/dom/ResizeObserverController.h"
+#include "mozilla/dom/SVGElement.h"
+#include "mozilla/dom/SVGSVGElement.h"
+#include "mozilla/dom/SVGUseElement.h"
+#include "mozilla/dom/ScriptLoader.h"
+#include "mozilla/dom/ScriptSettings.h"
+#include "mozilla/dom/Selection.h"
+#include "mozilla/dom/ServiceWorkerContainer.h"
+#include "mozilla/dom/ServiceWorkerDescriptor.h"
+#include "mozilla/dom/ServiceWorkerManager.h"
+#include "mozilla/dom/ShadowIncludingTreeIterator.h"
+#include "mozilla/dom/ShadowRoot.h"
+#include "mozilla/dom/StyleSheetApplicableStateChangeEvent.h"
+#include "mozilla/dom/StyleSheetApplicableStateChangeEventBinding.h"
+#include "mozilla/dom/StyleSheetList.h"
+#include "mozilla/dom/TimeoutManager.h"
+#include "mozilla/dom/Touch.h"
+#include "mozilla/dom/TouchEvent.h"
+#include "mozilla/dom/TreeOrderedArray.h"
+#include "mozilla/dom/TreeOrderedArrayInlines.h"
+#include "mozilla/dom/TreeWalker.h"
+#include "mozilla/dom/URL.h"
+#include "mozilla/dom/UserActivation.h"
+#include "mozilla/dom/WindowBinding.h"
+#include "mozilla/dom/WindowContext.h"
+#include "mozilla/dom/WindowGlobalChild.h"
+#include "mozilla/dom/WindowProxyHolder.h"
+#include "mozilla/dom/XPathEvaluator.h"
+#include "mozilla/dom/nsCSPContext.h"
+#include "mozilla/dom/nsCSPUtils.h"
+#include "mozilla/extensions/WebExtensionPolicy.h"
+#include "mozilla/fallible.h"
+#include "mozilla/gfx/BaseCoord.h"
+#include "mozilla/gfx/BaseSize.h"
+#include "mozilla/gfx/Coord.h"
+#include "mozilla/gfx/Point.h"
+#include "mozilla/gfx/ScaleFactor.h"
+#include "mozilla/intl/LocaleService.h"
+#include "mozilla/ipc/IdleSchedulerChild.h"
+#include "mozilla/ipc/MessageChannel.h"
+#include "mozilla/net/ChannelEventQueue.h"
+#include "mozilla/net/CookieJarSettings.h"
+#include "mozilla/net/NeckoChannelParams.h"
+#include "mozilla/net/RequestContextService.h"
+#include "nsAboutProtocolUtils.h"
+#include "nsAlgorithm.h"
+#include "nsAttrValue.h"
+#include "nsAttrValueInlines.h"
+#include "nsBaseHashtable.h"
+#include "nsBidiUtils.h"
+#include "nsCRT.h"
+#include "nsCSSPropertyID.h"
+#include "nsCSSProps.h"
+#include "nsCSSPseudoElements.h"
+#include "nsCanvasFrame.h"
+#include "nsCaseTreatment.h"
+#include "nsCharsetSource.h"
+#include "nsCommandManager.h"
+#include "nsCommandParams.h"
+#include "nsComponentManagerUtils.h"
+#include "nsContentCreatorFunctions.h"
+#include "nsContentList.h"
+#include "nsContentPermissionHelper.h"
+#include "nsContentSecurityUtils.h"
+#include "nsContentUtils.h"
+#include "nsCoord.h"
+#include "nsCycleCollectionNoteChild.h"
+#include "nsCycleCollectionTraversalCallback.h"
+#include "nsDOMAttributeMap.h"
+#include "nsDOMCaretPosition.h"
+#include "nsDOMNavigationTiming.h"
+#include "nsDOMString.h"
+#include "nsDeviceContext.h"
+#include "nsDocShell.h"
+#include "nsError.h"
+#include "nsEscape.h"
+#include "nsFocusManager.h"
+#include "nsFrameLoader.h"
+#include "nsFrameLoaderOwner.h"
+#include "nsGenericHTMLElement.h"
+#include "nsGlobalWindowInner.h"
+#include "nsGlobalWindowOuter.h"
+#include "nsHTMLCSSStyleSheet.h"
+#include "nsHTMLDocument.h"
+#include "nsHTMLStyleSheet.h"
+#include "nsHtml5Module.h"
+#include "nsHtml5Parser.h"
+#include "nsHtml5TreeOpExecutor.h"
+#include "nsIApplicationCache.h"
+#include "nsIAsyncShutdown.h"
+#include "nsIAuthPrompt.h"
+#include "nsIAuthPrompt2.h"
+#include "nsIBFCacheEntry.h"
+#include "nsIBaseWindow.h"
+#include "nsIBrowserChild.h"
+#include "nsIBrowserUsage.h"
+#include "nsICSSLoaderObserver.h"
+#include "nsICategoryManager.h"
+#include "nsICertOverrideService.h"
+#include "nsIContent.h"
+#include "nsIContentPolicy.h"
+#include "nsIContentSecurityPolicy.h"
+#include "nsIContentSink.h"
+#include "nsICookieJarSettings.h"
+#include "nsICookieService.h"
+#include "nsIDOMXULCommandDispatcher.h"
+#include "nsIDocShell.h"
+#include "nsIDocShellTreeItem.h"
+#include "nsIDocumentActivity.h"
+#include "nsIDocumentEncoder.h"
+#include "nsIDocumentLoader.h"
+#include "nsIDocumentLoaderFactory.h"
+#include "nsIDocumentObserver.h"
+#include "nsIEditingSession.h"
+#include "nsIEditor.h"
+#include "nsIEffectiveTLDService.h"
+#include "nsIFile.h"
+#include "nsIFileChannel.h"
+#include "nsIFrame.h"
+#include "nsIGlobalObject.h"
+#include "nsIHTMLCollection.h"
+#include "nsIHttpChannel.h"
+#include "nsIHttpChannelInternal.h"
+#include "nsIIOService.h"
+#include "nsIImageLoadingContent.h"
+#include "nsIInlineSpellChecker.h"
+#include "nsIInputStreamChannel.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsILayoutHistoryState.h"
+#include "nsIMultiPartChannel.h"
+#include "nsIMutationObserver.h"
+#include "nsINSSErrorsService.h"
+#include "nsINamed.h"
+#include "nsINodeList.h"
+#include "nsIObjectLoadingContent.h"
+#include "nsIObserverService.h"
+#include "nsIPermission.h"
+#include "nsIPrompt.h"
+#include "nsIPropertyBag2.h"
+#include "nsIReferrerInfo.h"
+#include "nsIRefreshURI.h"
+#include "nsIRequest.h"
+#include "nsIRequestContext.h"
+#include "nsIRunnable.h"
+#include "nsISHEntry.h"
+#include "nsIScriptElement.h"
+#include "nsIScriptError.h"
+#include "nsIScriptGlobalObject.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsISecurityConsoleMessage.h"
+#include "nsISelectionController.h"
+#include "nsISerialEventTarget.h"
+#include "nsISerializable.h"
+#include "nsISimpleEnumerator.h"
+#include "nsISiteSecurityService.h"
+#include "nsISocketProvider.h"
+#include "nsISpeculativeConnect.h"
+#include "nsIStructuredCloneContainer.h"
+#include "nsIThread.h"
+#include "nsITimedChannel.h"
+#include "nsITimer.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIURIMutator.h"
+#include "nsIVariant.h"
+#include "nsIWeakReference.h"
+#include "nsIWebNavigation.h"
+#include "nsIWidget.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertValidity.h"
+#include "nsIXMLContentSink.h"
+#include "nsIXULRuntime.h"
+#include "nsImageLoadingContent.h"
+#include "nsImportModule.h"
+#include "nsLanguageAtomService.h"
+#include "nsLayoutUtils.h"
+#include "nsNetCID.h"
+#include "nsNetUtil.h"
+#include "nsNodeInfoManager.h"
+#include "nsObjectLoadingContent.h"
+#include "nsPIDOMWindowInlines.h"
+#include "nsPIWindowRoot.h"
+#include "nsPoint.h"
+#include "nsPointerHashKeys.h"
+#include "nsPresContext.h"
+#include "nsQueryFrame.h"
+#include "nsQueryObject.h"
+#include "nsRange.h"
+#include "nsRect.h"
+#include "nsRefreshDriver.h"
+#include "nsSandboxFlags.h"
+#include "nsSerializationHelper.h"
+#include "nsServiceManagerUtils.h"
+#include "nsStringFlags.h"
+#include "nsStringIterator.h"
+#include "nsStyleSheetService.h"
+#include "nsStyleStruct.h"
+#include "nsTextNode.h"
+#include "nsUnicharUtils.h"
+#include "nsWrapperCache.h"
+#include "nsWrapperCacheInlines.h"
+#include "nsXPCOMCID.h"
+#include "nsXULAppAPI.h"
+#include "prthread.h"
+#include "prtime.h"
+#include "prtypes.h"
+#include "xpcpublic.h"
+
+// XXX Must be included after mozilla/Encoding.h
+#include "encoding_rs.h"
+
+#ifdef MOZ_XUL
+# include "mozilla/dom/XULBroadcastManager.h"
+# include "mozilla/dom/XULPersist.h"
+# include "nsIAppWindow.h"
+# include "nsXULPrototypeDocument.h"
+# include "nsXULCommandDispatcher.h"
+# include "nsXULPopupManager.h"
+# include "nsIDocShellTreeOwner.h"
+#endif
+
+#define XML_DECLARATION_BITS_DECLARATION_EXISTS (1 << 0)
+#define XML_DECLARATION_BITS_ENCODING_EXISTS (1 << 1)
+#define XML_DECLARATION_BITS_STANDALONE_EXISTS (1 << 2)
+#define XML_DECLARATION_BITS_STANDALONE_YES (1 << 3)
+
+#define NS_MAX_DOCUMENT_WRITE_DEPTH 20
+
+mozilla::LazyLogModule gPageCacheLog("PageCache");
+mozilla::LazyLogModule gTimeoutDeferralLog("TimeoutDefer");
+mozilla::LazyLogModule gUseCountersLog("UseCounters");
+
+namespace mozilla {
+namespace dom {
+
+typedef nsTArray<Link*> LinkArray;
+
+AutoTArray<Document*, 8>* Document::sLoadingForegroundTopLevelContentDocument =
+ nullptr;
+
+static LazyLogModule gDocumentLeakPRLog("DocumentLeak");
+static LazyLogModule gCspPRLog("CSP");
+LazyLogModule gUserInteractionPRLog("UserInteraction");
+
+static nsresult GetHttpChannelHelper(nsIChannel* aChannel,
+ nsIHttpChannel** aHttpChannel) {
+ nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
+ if (httpChannel) {
+ httpChannel.forget(aHttpChannel);
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIMultiPartChannel> multipart = do_QueryInterface(aChannel);
+ if (!multipart) {
+ *aHttpChannel = nullptr;
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIChannel> baseChannel;
+ nsresult rv = multipart->GetBaseChannel(getter_AddRefs(baseChannel));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ httpChannel = do_QueryInterface(baseChannel);
+ httpChannel.forget(aHttpChannel);
+
+ return NS_OK;
+}
+
+} // namespace dom
+
+#define NAME_NOT_VALID ((nsSimpleContentList*)1)
+
+IdentifierMapEntry::IdentifierMapEntry(
+ const IdentifierMapEntry::DependentAtomOrString* aKey)
+ : mKey(aKey ? *aKey : nullptr) {}
+
+void IdentifierMapEntry::Traverse(
+ nsCycleCollectionTraversalCallback* aCallback) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback,
+ "mIdentifierMap mNameContentList");
+ aCallback->NoteXPCOMChild(static_cast<nsINodeList*>(mNameContentList));
+
+ if (mImageElement) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback,
+ "mIdentifierMap mImageElement element");
+ nsIContent* imageElement = mImageElement;
+ aCallback->NoteXPCOMChild(imageElement);
+ }
+}
+
+bool IdentifierMapEntry::IsEmpty() {
+ return mIdContentList->IsEmpty() && !mNameContentList && !mChangeCallbacks &&
+ !mImageElement;
+}
+
+bool IdentifierMapEntry::HasNameElement() const {
+ return mNameContentList && mNameContentList->Length() != 0;
+}
+
+void IdentifierMapEntry::AddContentChangeCallback(
+ Document::IDTargetObserver aCallback, void* aData, bool aForImage) {
+ if (!mChangeCallbacks) {
+ mChangeCallbacks = MakeUnique<nsTHashtable<ChangeCallbackEntry>>();
+ }
+
+ ChangeCallback cc = {aCallback, aData, aForImage};
+ mChangeCallbacks->PutEntry(cc);
+}
+
+void IdentifierMapEntry::RemoveContentChangeCallback(
+ Document::IDTargetObserver aCallback, void* aData, bool aForImage) {
+ if (!mChangeCallbacks) return;
+ ChangeCallback cc = {aCallback, aData, aForImage};
+ mChangeCallbacks->RemoveEntry(cc);
+ if (mChangeCallbacks->Count() == 0) {
+ mChangeCallbacks = nullptr;
+ }
+}
+
+void IdentifierMapEntry::FireChangeCallbacks(Element* aOldElement,
+ Element* aNewElement,
+ bool aImageOnly) {
+ if (!mChangeCallbacks) return;
+
+ for (auto iter = mChangeCallbacks->ConstIter(); !iter.Done(); iter.Next()) {
+ IdentifierMapEntry::ChangeCallbackEntry* entry = iter.Get();
+ // Don't fire image changes for non-image observers, and don't fire element
+ // changes for image observers when an image override is active.
+ if (entry->mKey.mForImage ? (mImageElement && !aImageOnly) : aImageOnly) {
+ continue;
+ }
+
+ if (!entry->mKey.mCallback(aOldElement, aNewElement, entry->mKey.mData)) {
+ iter.Remove();
+ }
+ }
+}
+
+void IdentifierMapEntry::AddIdElement(Element* aElement) {
+ MOZ_ASSERT(aElement, "Must have element");
+ MOZ_ASSERT(!mIdContentList->Contains(nullptr), "Why is null in our list?");
+
+ size_t index = mIdContentList.Insert(*aElement);
+ if (index == 0) {
+ Element* oldElement = mIdContentList->SafeElementAt(1);
+ FireChangeCallbacks(oldElement, aElement);
+ }
+}
+
+void IdentifierMapEntry::RemoveIdElement(Element* aElement) {
+ MOZ_ASSERT(aElement, "Missing element");
+
+ // This should only be called while the document is in an update.
+ // Assertions near the call to this method guarantee this.
+
+ // This could fire in OOM situations
+ // Only assert this in HTML documents for now as XUL does all sorts of weird
+ // crap.
+ NS_ASSERTION(!aElement->OwnerDoc()->IsHTMLDocument() ||
+ mIdContentList->Contains(aElement),
+ "Removing id entry that doesn't exist");
+
+ // XXXbz should this ever Compact() I guess when all the content is gone
+ // we'll just get cleaned up in the natural order of things...
+ Element* currentElement = mIdContentList->SafeElementAt(0);
+ mIdContentList.RemoveElement(*aElement);
+ if (currentElement == aElement) {
+ FireChangeCallbacks(currentElement, mIdContentList->SafeElementAt(0));
+ }
+}
+
+void IdentifierMapEntry::SetImageElement(Element* aElement) {
+ Element* oldElement = GetImageIdElement();
+ mImageElement = aElement;
+ Element* newElement = GetImageIdElement();
+ if (oldElement != newElement) {
+ FireChangeCallbacks(oldElement, newElement, true);
+ }
+}
+
+void IdentifierMapEntry::ClearAndNotify() {
+ Element* currentElement = mIdContentList->SafeElementAt(0);
+ mIdContentList.Clear();
+ if (currentElement) {
+ FireChangeCallbacks(currentElement, nullptr);
+ }
+ mNameContentList = nullptr;
+ if (mImageElement) {
+ SetImageElement(nullptr);
+ }
+ mChangeCallbacks = nullptr;
+}
+
+namespace dom {
+
+class SimpleHTMLCollection final : public nsSimpleContentList,
+ public nsIHTMLCollection {
+ public:
+ explicit SimpleHTMLCollection(nsINode* aRoot) : nsSimpleContentList(aRoot) {}
+
+ NS_DECL_ISUPPORTS_INHERITED
+
+ virtual nsINode* GetParentObject() override {
+ return nsSimpleContentList::GetParentObject();
+ }
+ virtual uint32_t Length() override { return nsSimpleContentList::Length(); }
+ virtual Element* GetElementAt(uint32_t aIndex) override {
+ return mElements.SafeElementAt(aIndex)->AsElement();
+ }
+
+ virtual Element* GetFirstNamedElement(const nsAString& aName,
+ bool& aFound) override {
+ aFound = false;
+ RefPtr<nsAtom> name = NS_Atomize(aName);
+ for (uint32_t i = 0; i < mElements.Length(); i++) {
+ MOZ_DIAGNOSTIC_ASSERT(mElements[i]);
+ Element* element = mElements[i]->AsElement();
+ if (element->GetID() == name ||
+ (element->HasName() &&
+ element->GetParsedAttr(nsGkAtoms::name)->GetAtomValue() == name)) {
+ aFound = true;
+ return element;
+ }
+ }
+ return nullptr;
+ }
+
+ virtual void GetSupportedNames(nsTArray<nsString>& aNames) override {
+ AutoTArray<nsAtom*, 8> atoms;
+ for (uint32_t i = 0; i < mElements.Length(); i++) {
+ MOZ_DIAGNOSTIC_ASSERT(mElements[i]);
+ Element* element = mElements[i]->AsElement();
+
+ nsAtom* id = element->GetID();
+ MOZ_ASSERT(id != nsGkAtoms::_empty);
+ if (id && !atoms.Contains(id)) {
+ atoms.AppendElement(id);
+ }
+
+ if (element->HasName()) {
+ nsAtom* name = element->GetParsedAttr(nsGkAtoms::name)->GetAtomValue();
+ MOZ_ASSERT(name && name != nsGkAtoms::_empty);
+ if (name && !atoms.Contains(name)) {
+ atoms.AppendElement(name);
+ }
+ }
+ }
+
+ nsString* names = aNames.AppendElements(atoms.Length());
+ for (uint32_t i = 0; i < atoms.Length(); i++) {
+ atoms[i]->ToString(names[i]);
+ }
+ }
+
+ virtual JSObject* GetWrapperPreserveColorInternal() override {
+ return nsWrapperCache::GetWrapperPreserveColor();
+ }
+ virtual void PreserveWrapperInternal(
+ nsISupports* aScriptObjectHolder) override {
+ nsWrapperCache::PreserveWrapper(aScriptObjectHolder);
+ }
+ virtual JSObject* WrapObject(JSContext* aCx,
+ JS::Handle<JSObject*> aGivenProto) override {
+ return HTMLCollection_Binding::Wrap(aCx, this, aGivenProto);
+ }
+
+ using nsBaseContentList::Item;
+
+ private:
+ virtual ~SimpleHTMLCollection() = default;
+};
+
+NS_IMPL_ISUPPORTS_INHERITED(SimpleHTMLCollection, nsSimpleContentList,
+ nsIHTMLCollection)
+
+} // namespace dom
+
+void IdentifierMapEntry::AddNameElement(nsINode* aNode, Element* aElement) {
+ if (!mNameContentList) {
+ mNameContentList = new dom::SimpleHTMLCollection(aNode);
+ }
+
+ mNameContentList->AppendElement(aElement);
+}
+
+void IdentifierMapEntry::RemoveNameElement(Element* aElement) {
+ if (mNameContentList) {
+ mNameContentList->RemoveElement(aElement);
+ }
+}
+
+bool IdentifierMapEntry::HasIdElementExposedAsHTMLDocumentProperty() {
+ Element* idElement = GetIdElement();
+ return idElement &&
+ nsGenericHTMLElement::ShouldExposeIdAsHTMLDocumentProperty(idElement);
+}
+
+size_t IdentifierMapEntry::SizeOfExcludingThis(
+ MallocSizeOf aMallocSizeOf) const {
+ return mKey.mString.SizeOfExcludingThisIfUnshared(aMallocSizeOf);
+}
+
+// Helper structs for the content->subdoc map
+
+class SubDocMapEntry : public PLDHashEntryHdr {
+ public:
+ // Both of these are strong references
+ Element* mKey; // must be first, to look like PLDHashEntryStub
+ dom::Document* mSubDocument;
+};
+
+class OnloadBlocker final : public nsIRequest {
+ public:
+ OnloadBlocker() = default;
+
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSIREQUEST
+
+ private:
+ ~OnloadBlocker() = default;
+};
+
+NS_IMPL_ISUPPORTS(OnloadBlocker, nsIRequest)
+
+NS_IMETHODIMP
+OnloadBlocker::GetName(nsACString& aResult) {
+ aResult.AssignLiteral("about:document-onload-blocker");
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+OnloadBlocker::IsPending(bool* _retval) {
+ *_retval = true;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+OnloadBlocker::GetStatus(nsresult* status) {
+ *status = NS_OK;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+OnloadBlocker::Cancel(nsresult status) { return NS_OK; }
+NS_IMETHODIMP
+OnloadBlocker::Suspend(void) { return NS_OK; }
+NS_IMETHODIMP
+OnloadBlocker::Resume(void) { return NS_OK; }
+
+NS_IMETHODIMP
+OnloadBlocker::GetLoadGroup(nsILoadGroup** aLoadGroup) {
+ *aLoadGroup = nullptr;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+OnloadBlocker::SetLoadGroup(nsILoadGroup* aLoadGroup) { return NS_OK; }
+
+NS_IMETHODIMP
+OnloadBlocker::GetLoadFlags(nsLoadFlags* aLoadFlags) {
+ *aLoadFlags = nsIRequest::LOAD_NORMAL;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+OnloadBlocker::GetTRRMode(nsIRequest::TRRMode* aTRRMode) {
+ return GetTRRModeImpl(aTRRMode);
+}
+
+NS_IMETHODIMP
+OnloadBlocker::SetTRRMode(nsIRequest::TRRMode aTRRMode) {
+ return SetTRRModeImpl(aTRRMode);
+}
+
+NS_IMETHODIMP
+OnloadBlocker::SetLoadFlags(nsLoadFlags aLoadFlags) { return NS_OK; }
+
+// ==================================================================
+
+namespace dom {
+
+ExternalResourceMap::ExternalResourceMap() : mHaveShutDown(false) {}
+
+Document* ExternalResourceMap::RequestResource(
+ nsIURI* aURI, nsIReferrerInfo* aReferrerInfo, nsINode* aRequestingNode,
+ Document* aDisplayDocument, ExternalResourceLoad** aPendingLoad) {
+ // If we ever start allowing non-same-origin loads here, we might need to do
+ // something interesting with aRequestingPrincipal even for the hashtable
+ // gets.
+ MOZ_ASSERT(aURI, "Must have a URI");
+ MOZ_ASSERT(aRequestingNode, "Must have a node");
+ MOZ_ASSERT(aReferrerInfo, "Must have a referrerInfo");
+ *aPendingLoad = nullptr;
+ if (mHaveShutDown) {
+ return nullptr;
+ }
+
+ // First, make sure we strip the ref from aURI.
+ nsCOMPtr<nsIURI> clone;
+ nsresult rv = NS_GetURIWithoutRef(aURI, getter_AddRefs(clone));
+ if (NS_FAILED(rv) || !clone) {
+ return nullptr;
+ }
+
+ ExternalResource* resource;
+ mMap.Get(clone, &resource);
+ if (resource) {
+ return resource->mDocument;
+ }
+
+ RefPtr<PendingLoad>& loadEntry = mPendingLoads.GetOrInsert(clone);
+ if (loadEntry) {
+ RefPtr<PendingLoad> load(loadEntry);
+ load.forget(aPendingLoad);
+ return nullptr;
+ }
+
+ RefPtr<PendingLoad> load(new PendingLoad(aDisplayDocument));
+ loadEntry = load;
+
+ if (NS_FAILED(load->StartLoad(clone, aReferrerInfo, aRequestingNode))) {
+ // Make sure we don't thrash things by trying this load again, since
+ // chances are it failed for good reasons (security check, etc).
+ AddExternalResource(clone, nullptr, nullptr, aDisplayDocument);
+ } else {
+ load.forget(aPendingLoad);
+ }
+
+ return nullptr;
+}
+
+void ExternalResourceMap::EnumerateResources(SubDocEnumFunc aCallback) {
+ nsTArray<RefPtr<Document>> docs(mMap.Count());
+ for (const auto& entry : mMap) {
+ if (Document* doc = entry.GetData()->mDocument) {
+ docs.AppendElement(doc);
+ }
+ }
+
+ for (auto& doc : docs) {
+ if (aCallback(*doc) == CallState::Stop) {
+ return;
+ }
+ }
+}
+
+void ExternalResourceMap::Traverse(
+ nsCycleCollectionTraversalCallback* aCallback) const {
+ // mPendingLoads will get cleared out as the requests complete, so
+ // no need to worry about those here.
+ for (auto iter = mMap.ConstIter(); !iter.Done(); iter.Next()) {
+ ExternalResourceMap::ExternalResource* resource = iter.UserData();
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback,
+ "mExternalResourceMap.mMap entry"
+ "->mDocument");
+ aCallback->NoteXPCOMChild(ToSupports(resource->mDocument));
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback,
+ "mExternalResourceMap.mMap entry"
+ "->mViewer");
+ aCallback->NoteXPCOMChild(resource->mViewer);
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback,
+ "mExternalResourceMap.mMap entry"
+ "->mLoadGroup");
+ aCallback->NoteXPCOMChild(resource->mLoadGroup);
+ }
+}
+
+void ExternalResourceMap::HideViewers() {
+ for (auto iter = mMap.Iter(); !iter.Done(); iter.Next()) {
+ nsCOMPtr<nsIContentViewer> viewer = iter.UserData()->mViewer;
+ if (viewer) {
+ viewer->Hide();
+ }
+ }
+}
+
+void ExternalResourceMap::ShowViewers() {
+ for (auto iter = mMap.Iter(); !iter.Done(); iter.Next()) {
+ nsCOMPtr<nsIContentViewer> viewer = iter.UserData()->mViewer;
+ if (viewer) {
+ viewer->Show();
+ }
+ }
+}
+
+void TransferOverrideDPPX(Document* aFromDoc, Document* aToDoc) {
+ MOZ_ASSERT(aFromDoc && aToDoc, "transferring zoom levels from/to null doc");
+
+ nsPresContext* fromCtxt = aFromDoc->GetPresContext();
+ if (!fromCtxt) return;
+
+ nsPresContext* toCtxt = aToDoc->GetPresContext();
+ if (!toCtxt) return;
+
+ toCtxt->SetOverrideDPPX(fromCtxt->GetOverrideDPPX());
+}
+
+void TransferShowingState(Document* aFromDoc, Document* aToDoc) {
+ MOZ_ASSERT(aFromDoc && aToDoc, "transferring showing state from/to null doc");
+
+ if (aFromDoc->IsShowing()) {
+ aToDoc->OnPageShow(true, nullptr);
+ }
+}
+
+nsresult ExternalResourceMap::AddExternalResource(nsIURI* aURI,
+ nsIContentViewer* aViewer,
+ nsILoadGroup* aLoadGroup,
+ Document* aDisplayDocument) {
+ MOZ_ASSERT(aURI, "Unexpected call");
+ MOZ_ASSERT((aViewer && aLoadGroup) || (!aViewer && !aLoadGroup),
+ "Must have both or neither");
+
+ RefPtr<PendingLoad> load;
+ mPendingLoads.Remove(aURI, getter_AddRefs(load));
+
+ nsresult rv = NS_OK;
+
+ nsCOMPtr<Document> doc;
+ if (aViewer) {
+ doc = aViewer->GetDocument();
+ NS_ASSERTION(doc, "Must have a document");
+
+ doc->SetDisplayDocument(aDisplayDocument);
+
+ // Make sure that hiding our viewer will tear down its presentation.
+ aViewer->SetSticky(false);
+
+ rv = aViewer->Init(nullptr, nsIntRect(0, 0, 0, 0), nullptr);
+ if (NS_SUCCEEDED(rv)) {
+ rv = aViewer->Open(nullptr, nullptr);
+ }
+
+ if (NS_FAILED(rv)) {
+ doc = nullptr;
+ aViewer = nullptr;
+ aLoadGroup = nullptr;
+ }
+ }
+
+ ExternalResource* newResource = new ExternalResource();
+ mMap.Put(aURI, newResource);
+
+ newResource->mDocument = doc;
+ newResource->mViewer = aViewer;
+ newResource->mLoadGroup = aLoadGroup;
+ if (doc) {
+ if (nsPresContext* pc = doc->GetPresContext()) {
+ pc->RecomputeBrowsingContextDependentData();
+ }
+ TransferOverrideDPPX(aDisplayDocument, doc);
+ TransferShowingState(aDisplayDocument, doc);
+ }
+
+ const nsTArray<nsCOMPtr<nsIObserver>>& obs = load->Observers();
+ for (uint32_t i = 0; i < obs.Length(); ++i) {
+ obs[i]->Observe(ToSupports(doc), "external-resource-document-created",
+ nullptr);
+ }
+
+ return rv;
+}
+
+NS_IMPL_ISUPPORTS(ExternalResourceMap::PendingLoad, nsIStreamListener,
+ nsIRequestObserver)
+
+NS_IMETHODIMP
+ExternalResourceMap::PendingLoad::OnStartRequest(nsIRequest* aRequest) {
+ ExternalResourceMap& map = mDisplayDocument->ExternalResourceMap();
+ if (map.HaveShutDown()) {
+ return NS_BINDING_ABORTED;
+ }
+
+ nsCOMPtr<nsIContentViewer> viewer;
+ nsCOMPtr<nsILoadGroup> loadGroup;
+ nsresult rv =
+ SetupViewer(aRequest, getter_AddRefs(viewer), getter_AddRefs(loadGroup));
+
+ // Make sure to do this no matter what
+ nsresult rv2 =
+ map.AddExternalResource(mURI, viewer, loadGroup, mDisplayDocument);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ if (NS_FAILED(rv2)) {
+ mTargetListener = nullptr;
+ return rv2;
+ }
+
+ return mTargetListener->OnStartRequest(aRequest);
+}
+
+nsresult ExternalResourceMap::PendingLoad::SetupViewer(
+ nsIRequest* aRequest, nsIContentViewer** aViewer,
+ nsILoadGroup** aLoadGroup) {
+ MOZ_ASSERT(!mTargetListener, "Unexpected call to OnStartRequest");
+ *aViewer = nullptr;
+ *aLoadGroup = nullptr;
+
+ nsCOMPtr<nsIChannel> chan(do_QueryInterface(aRequest));
+ NS_ENSURE_TRUE(chan, NS_ERROR_UNEXPECTED);
+
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aRequest));
+ if (httpChannel) {
+ bool requestSucceeded;
+ if (NS_FAILED(httpChannel->GetRequestSucceeded(&requestSucceeded)) ||
+ !requestSucceeded) {
+ // Bail out on this load, since it looks like we have an HTTP error page
+ return NS_BINDING_ABORTED;
+ }
+ }
+
+ nsAutoCString type;
+ chan->GetContentType(type);
+
+ nsCOMPtr<nsILoadGroup> loadGroup;
+ chan->GetLoadGroup(getter_AddRefs(loadGroup));
+
+ // Give this document its own loadgroup
+ nsCOMPtr<nsILoadGroup> newLoadGroup =
+ do_CreateInstance(NS_LOADGROUP_CONTRACTID);
+ NS_ENSURE_TRUE(newLoadGroup, NS_ERROR_OUT_OF_MEMORY);
+ newLoadGroup->SetLoadGroup(loadGroup);
+
+ nsCOMPtr<nsIInterfaceRequestor> callbacks;
+ loadGroup->GetNotificationCallbacks(getter_AddRefs(callbacks));
+
+ nsCOMPtr<nsIInterfaceRequestor> newCallbacks =
+ new LoadgroupCallbacks(callbacks);
+ newLoadGroup->SetNotificationCallbacks(newCallbacks);
+
+ // This is some serious hackery cribbed from docshell
+ nsCOMPtr<nsICategoryManager> catMan =
+ do_GetService(NS_CATEGORYMANAGER_CONTRACTID);
+ NS_ENSURE_TRUE(catMan, NS_ERROR_NOT_AVAILABLE);
+ nsCString contractId;
+ nsresult rv =
+ catMan->GetCategoryEntry("Gecko-Content-Viewers", type, contractId);
+ NS_ENSURE_SUCCESS(rv, rv);
+ nsCOMPtr<nsIDocumentLoaderFactory> docLoaderFactory =
+ do_GetService(contractId.get());
+ NS_ENSURE_TRUE(docLoaderFactory, NS_ERROR_NOT_AVAILABLE);
+
+ nsCOMPtr<nsIContentViewer> viewer;
+ nsCOMPtr<nsIStreamListener> listener;
+ rv = docLoaderFactory->CreateInstance(
+ "external-resource", chan, newLoadGroup, type, nullptr, nullptr,
+ getter_AddRefs(listener), getter_AddRefs(viewer));
+ NS_ENSURE_SUCCESS(rv, rv);
+ NS_ENSURE_TRUE(viewer, NS_ERROR_UNEXPECTED);
+
+ nsCOMPtr<nsIParser> parser = do_QueryInterface(listener);
+ if (!parser) {
+ /// We don't want to deal with the various fake documents yet
+ return NS_ERROR_NOT_IMPLEMENTED;
+ }
+
+ // We can't handle HTML and other weird things here yet.
+ nsIContentSink* sink = parser->GetContentSink();
+ nsCOMPtr<nsIXMLContentSink> xmlSink = do_QueryInterface(sink);
+ if (!xmlSink) {
+ return NS_ERROR_NOT_IMPLEMENTED;
+ }
+
+ listener.swap(mTargetListener);
+ viewer.forget(aViewer);
+ newLoadGroup.forget(aLoadGroup);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+ExternalResourceMap::PendingLoad::OnDataAvailable(nsIRequest* aRequest,
+ nsIInputStream* aStream,
+ uint64_t aOffset,
+ uint32_t aCount) {
+ // mTargetListener might be null if SetupViewer or AddExternalResource failed.
+ NS_ENSURE_TRUE(mTargetListener, NS_ERROR_FAILURE);
+ if (mDisplayDocument->ExternalResourceMap().HaveShutDown()) {
+ return NS_BINDING_ABORTED;
+ }
+ return mTargetListener->OnDataAvailable(aRequest, aStream, aOffset, aCount);
+}
+
+NS_IMETHODIMP
+ExternalResourceMap::PendingLoad::OnStopRequest(nsIRequest* aRequest,
+ nsresult aStatus) {
+ // mTargetListener might be null if SetupViewer or AddExternalResource failed
+ if (mTargetListener) {
+ nsCOMPtr<nsIStreamListener> listener;
+ mTargetListener.swap(listener);
+ return listener->OnStopRequest(aRequest, aStatus);
+ }
+
+ return NS_OK;
+}
+
+nsresult ExternalResourceMap::PendingLoad::StartLoad(
+ nsIURI* aURI, nsIReferrerInfo* aReferrerInfo, nsINode* aRequestingNode) {
+ MOZ_ASSERT(aURI, "Must have a URI");
+ MOZ_ASSERT(aRequestingNode, "Must have a node");
+ MOZ_ASSERT(aReferrerInfo, "Must have a referrerInfo");
+
+ nsCOMPtr<nsILoadGroup> loadGroup =
+ aRequestingNode->OwnerDoc()->GetDocumentLoadGroup();
+
+ nsresult rv = NS_OK;
+ nsCOMPtr<nsIChannel> channel;
+ rv = NS_NewChannel(getter_AddRefs(channel), aURI, aRequestingNode,
+ nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
+ nsIContentPolicy::TYPE_OTHER,
+ nullptr, // aPerformanceStorage
+ loadGroup);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel));
+ if (httpChannel) {
+ rv = httpChannel->SetReferrerInfo(aReferrerInfo);
+ Unused << NS_WARN_IF(NS_FAILED(rv));
+ }
+
+ mURI = aURI;
+
+ return channel->AsyncOpen(this);
+}
+
+NS_IMPL_ISUPPORTS(ExternalResourceMap::LoadgroupCallbacks,
+ nsIInterfaceRequestor)
+
+#define IMPL_SHIM(_i) \
+ NS_IMPL_ISUPPORTS(ExternalResourceMap::LoadgroupCallbacks::_i##Shim, _i)
+
+IMPL_SHIM(nsILoadContext)
+IMPL_SHIM(nsIProgressEventSink)
+IMPL_SHIM(nsIChannelEventSink)
+IMPL_SHIM(nsIApplicationCacheContainer)
+
+#undef IMPL_SHIM
+
+#define IID_IS(_i) aIID.Equals(NS_GET_IID(_i))
+
+#define TRY_SHIM(_i) \
+ PR_BEGIN_MACRO \
+ if (IID_IS(_i)) { \
+ nsCOMPtr<_i> real = do_GetInterface(mCallbacks); \
+ if (!real) { \
+ return NS_NOINTERFACE; \
+ } \
+ nsCOMPtr<_i> shim = new _i##Shim(this, real); \
+ shim.forget(aSink); \
+ return NS_OK; \
+ } \
+ PR_END_MACRO
+
+NS_IMETHODIMP
+ExternalResourceMap::LoadgroupCallbacks::GetInterface(const nsIID& aIID,
+ void** aSink) {
+ if (mCallbacks && (IID_IS(nsIPrompt) || IID_IS(nsIAuthPrompt) ||
+ IID_IS(nsIAuthPrompt2) || IID_IS(nsIBrowserChild))) {
+ return mCallbacks->GetInterface(aIID, aSink);
+ }
+
+ *aSink = nullptr;
+
+ TRY_SHIM(nsILoadContext);
+ TRY_SHIM(nsIProgressEventSink);
+ TRY_SHIM(nsIChannelEventSink);
+ TRY_SHIM(nsIApplicationCacheContainer);
+
+ return NS_NOINTERFACE;
+}
+
+#undef TRY_SHIM
+#undef IID_IS
+
+ExternalResourceMap::ExternalResource::~ExternalResource() {
+ if (mViewer) {
+ mViewer->Close(nullptr);
+ mViewer->Destroy();
+ }
+}
+
+// ==================================================================
+// =
+// ==================================================================
+
+// If we ever have an nsIDocumentObserver notification for stylesheet title
+// changes we should update the list from that instead of overriding
+// EnsureFresh.
+class DOMStyleSheetSetList final : public DOMStringList {
+ public:
+ explicit DOMStyleSheetSetList(Document* aDocument);
+
+ void Disconnect() { mDocument = nullptr; }
+
+ virtual void EnsureFresh() override;
+
+ protected:
+ Document* mDocument; // Our document; weak ref. It'll let us know if it
+ // dies.
+};
+
+DOMStyleSheetSetList::DOMStyleSheetSetList(Document* aDocument)
+ : mDocument(aDocument) {
+ NS_ASSERTION(mDocument, "Must have document!");
+}
+
+void DOMStyleSheetSetList::EnsureFresh() {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ mNames.Clear();
+
+ if (!mDocument) {
+ return; // Spec says "no exceptions", and we have no style sets if we have
+ // no document, for sure
+ }
+
+ size_t count = mDocument->SheetCount();
+ nsAutoString title;
+ for (size_t index = 0; index < count; index++) {
+ StyleSheet* sheet = mDocument->SheetAt(index);
+ NS_ASSERTION(sheet, "Null sheet in sheet list!");
+ sheet->GetTitle(title);
+ if (!title.IsEmpty() && !mNames.Contains(title) && !Add(title)) {
+ return;
+ }
+ }
+}
+
+// ==================================================================
+Document::SelectorCache::SelectorCache(nsIEventTarget* aEventTarget)
+ : nsExpirationTracker<SelectorCacheKey, 4>(1000, "Document::SelectorCache",
+ aEventTarget) {}
+
+Document::SelectorCache::~SelectorCache() { AgeAllGenerations(); }
+
+void Document::SelectorCache::NotifyExpired(SelectorCacheKey* aSelector) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(aSelector);
+
+ // There is no guarantee that this method won't be re-entered when selector
+ // matching is ongoing because "memory-pressure" could be notified immediately
+ // when OOM happens according to the design of nsExpirationTracker.
+ // The perfect solution is to delete the |aSelector| and its
+ // RawServoSelectorList in mTable asynchronously.
+ // We remove these objects synchronously for now because NotifyExpired() will
+ // never be triggered by "memory-pressure" which is not implemented yet in
+ // the stage 2 of mozalloc_handle_oom().
+ // Once these objects are removed asynchronously, we should update the warning
+ // added in mozalloc_handle_oom() as well.
+ RemoveObject(aSelector);
+ mTable.Remove(aSelector->mKey);
+ delete aSelector;
+}
+
+Document::FrameRequest::FrameRequest(FrameRequestCallback& aCallback,
+ int32_t aHandle)
+ : mCallback(&aCallback), mHandle(aHandle) {
+ LogFrameRequestCallback::LogDispatch(mCallback);
+}
+
+Document::FrameRequest::~FrameRequest() = default;
+
+Document::PendingFrameStaticClone::~PendingFrameStaticClone() = default;
+
+struct Document::MetaViewportElementAndData {
+ RefPtr<HTMLMetaElement> mElement;
+ ViewportMetaData mData;
+
+ bool operator==(const MetaViewportElementAndData& aOther) const {
+ return mElement == aOther.mElement && mData == aOther.mData;
+ }
+};
+
+// ==================================================================
+// =
+// ==================================================================
+
+Document::InternalCommandDataHashtable*
+ Document::sInternalCommandDataHashtable = nullptr;
+
+// static
+void Document::Shutdown() {
+ if (sInternalCommandDataHashtable) {
+ sInternalCommandDataHashtable->Clear();
+ delete sInternalCommandDataHashtable;
+ sInternalCommandDataHashtable = nullptr;
+ }
+}
+
+Document::Document(const char* aContentType)
+ : nsINode(nullptr),
+ DocumentOrShadowRoot(this),
+ mBlockAllMixedContent(false),
+ mBlockAllMixedContentPreloads(false),
+ mUpgradeInsecureRequests(false),
+ mUpgradeInsecurePreloads(false),
+ mDontWarnAboutMutationEventsAndAllowSlowDOMMutations(false),
+ mCharacterSet(WINDOWS_1252_ENCODING),
+ mCharacterSetSource(0),
+ mParentDocument(nullptr),
+ mCachedRootElement(nullptr),
+ mNodeInfoManager(nullptr),
+#ifdef DEBUG
+ mStyledLinksCleared(false),
+#endif
+ mBidiEnabled(false),
+ mMayNeedFontPrefsUpdate(true),
+ mMathMLEnabled(false),
+ mIsInitialDocumentInWindow(false),
+ mIgnoreDocGroupMismatches(false),
+ mLoadedAsData(false),
+ mMayStartLayout(true),
+ mHaveFiredTitleChange(false),
+ mIsShowing(false),
+ mVisible(true),
+ mRemovedFromDocShell(false),
+ // mAllowDNSPrefetch starts true, so that we can always reliably && it
+ // with various values that might disable it. Since we never prefetch
+ // unless we get a window, and in that case the docshell value will get
+ // &&-ed in, this is safe.
+ mAllowDNSPrefetch(true),
+ mIsStaticDocument(false),
+ mCreatingStaticClone(false),
+ mHasPrintCallbacks(false),
+ mInUnlinkOrDeletion(false),
+ mHasHadScriptHandlingObject(false),
+ mIsBeingUsedAsImage(false),
+ mDocURISchemeIsChrome(false),
+ mInChromeDocShell(false),
+ mIsDevToolsDocument(false),
+ mIsSyntheticDocument(false),
+ mHasLinksToUpdateRunnable(false),
+ mFlushingPendingLinkUpdates(false),
+ mMayHaveDOMMutationObservers(false),
+ mMayHaveAnimationObservers(false),
+ mHasCSP(false),
+ mHasUnsafeEvalCSP(false),
+ mHasUnsafeInlineCSP(false),
+ mHasCSPDeliveredThroughHeader(false),
+ mBFCacheDisallowed(false),
+ mHasHadDefaultView(false),
+ mStyleSheetChangeEventsEnabled(false),
+ mIsSrcdocDocument(false),
+ mHasDisplayDocument(false),
+ mFontFaceSetDirty(true),
+ mDidFireDOMContentLoaded(true),
+ mHasScrollLinkedEffect(false),
+ mFrameRequestCallbacksScheduled(false),
+ mIsTopLevelContentDocument(false),
+ mIsContentDocument(false),
+ mDidCallBeginLoad(false),
+ mEncodingMenuDisabled(false),
+ mLinksEnabled(true),
+ mIsSVGGlyphsDocument(false),
+ mInDestructor(false),
+ mIsGoingAway(false),
+ mInXBLUpdate(false),
+ mNeedsReleaseAfterStackRefCntRelease(false),
+ mStyleSetFilled(false),
+ mQuirkSheetAdded(false),
+ mContentEditableSheetAdded(false),
+ mDesignModeSheetAdded(false),
+ mSSApplicableStateNotificationPending(false),
+ mMayHaveTitleElement(false),
+ mDOMLoadingSet(false),
+ mDOMInteractiveSet(false),
+ mDOMCompleteSet(false),
+ mAutoFocusFired(false),
+ mScrolledToRefAlready(false),
+ mChangeScrollPosWhenScrollingToRef(false),
+ mDelayFrameLoaderInitialization(false),
+ mSynchronousDOMContentLoaded(false),
+ mMaybeServiceWorkerControlled(false),
+ mAllowZoom(false),
+ mValidScaleFloat(false),
+ mValidMinScale(false),
+ mValidMaxScale(false),
+ mWidthStrEmpty(false),
+ mParserAborted(false),
+ mReportedDocumentUseCounters(false),
+ mHasReportedShadowDOMUsage(false),
+ mHasDelayedRefreshEvent(false),
+ mLoadEventFiring(false),
+ mSkipLoadEventAfterClose(false),
+ mDisableCookieAccess(false),
+ mDisableDocWrite(false),
+ mTooDeepWriteRecursion(false),
+ mPendingMaybeEditingStateChanged(false),
+ mHasBeenEditable(false),
+ mHasWarnedAboutZoom(false),
+ mIsRunningExecCommand(false),
+ mSetCompleteAfterDOMContentLoaded(false),
+ mPendingFullscreenRequests(0),
+ mXMLDeclarationBits(0),
+ mOnloadBlockCount(0),
+ mAsyncOnloadBlockCount(0),
+ mWriteLevel(0),
+ mContentEditableCount(0),
+ mEditingState(EditingState::eOff),
+ mCompatMode(eCompatibility_FullStandards),
+ mReadyState(ReadyState::READYSTATE_UNINITIALIZED),
+ mAncestorIsLoading(false),
+ mVisibilityState(dom::VisibilityState::Hidden),
+ mType(eUnknown),
+ mDefaultElementType(0),
+ mAllowXULXBL(eTriUnset),
+ mSkipDTDSecurityChecks(false),
+ mBidiOptions(IBMBIDI_DEFAULT_BIDI_OPTIONS),
+ mSandboxFlags(0),
+ mPartID(0),
+ mMarkedCCGeneration(0),
+ mPresShell(nullptr),
+ mSubtreeModifiedDepth(0),
+ mPreloadPictureDepth(0),
+ mEventsSuppressed(0),
+ mIgnoreDestructiveWritesCounter(0),
+ mFrameRequestCallbackCounter(0),
+ mStaticCloneCount(0),
+ mWindow(nullptr),
+ mBFCacheEntry(nullptr),
+ mInSyncOperationCount(0),
+ mBlockDOMContentLoaded(0),
+ mUseCountersInitialized(false),
+ mShouldReportUseCounters(false),
+ mShouldSendPageUseCounters(false),
+ mUserHasInteracted(false),
+ mHasUserInteractionTimerScheduled(false),
+ mStackRefCnt(0),
+ mUpdateNestLevel(0),
+ mHttpsOnlyStatus(nsILoadInfo::HTTPS_ONLY_UNINITIALIZED),
+ mViewportType(Unknown),
+ mViewportFit(ViewportFitType::Auto),
+ mSubDocuments(nullptr),
+ mHeaderData(nullptr),
+ mFlashClassification(FlashClassification::Unknown),
+ mServoRestyleRootDirtyBits(0),
+ mThrowOnDynamicMarkupInsertionCounter(0),
+ mIgnoreOpensDuringUnloadCounter(0),
+ mDocLWTheme(Doc_Theme_Uninitialized),
+ mSavedResolution(1.0f),
+ mSavedResolutionBeforeMVM(1.0f),
+ mGeneration(0),
+ mCachedTabSizeGeneration(0),
+ mNextFormNumber(0),
+ mNextControlNumber(0),
+ mPreloadService(this) {
+ MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, ("DOCUMENT %p created", this));
+
+ SetIsInDocument();
+ SetIsConnected(true);
+
+ // Create these unconditionally, they will be used to warn about the `zoom`
+ // property, even if use counters are disabled.
+ mStyleUseCounters = Servo_UseCounters_Create().Consume();
+
+ SetContentTypeInternal(nsDependentCString(aContentType));
+
+ // Start out mLastStyleSheetSet as null, per spec
+ SetDOMStringToNull(mLastStyleSheetSet);
+
+ // void state used to differentiate an empty source from an unselected source
+ mPreloadPictureFoundSource.SetIsVoid(true);
+
+ RecomputeLanguageFromCharset();
+
+ mPreloadReferrerInfo = new dom::ReferrerInfo(nullptr);
+ mReferrerInfo = new dom::ReferrerInfo(nullptr);
+}
+
+#ifndef ANDROID
+// unused by GeckoView
+static bool IsAboutErrorPage(nsGlobalWindowInner* aWin, const char* aSpec) {
+ if (NS_WARN_IF(!aWin)) {
+ return false;
+ }
+
+ nsIURI* uri = aWin->GetDocumentURI();
+ if (NS_WARN_IF(!uri)) {
+ return false;
+ }
+ // getSpec is an expensive operation, hence we first check the scheme
+ // to see if the caller is actually an about: page.
+ if (!uri->SchemeIs("about")) {
+ return false;
+ }
+
+ nsAutoCString aboutSpec;
+ nsresult rv = NS_GetAboutModuleName(uri, aboutSpec);
+ NS_ENSURE_SUCCESS(rv, false);
+
+ return aboutSpec.EqualsASCII(aSpec);
+}
+#endif
+
+bool Document::CallerIsTrustedAboutNetError(JSContext* aCx, JSObject* aObject) {
+ nsGlobalWindowInner* win = xpc::WindowOrNull(aObject);
+#ifdef ANDROID
+ // GeckoView uses data URLs for error pages, so for now just check for any
+ // error page
+ return win && win->GetDocument() && win->GetDocument()->IsErrorPage();
+#else
+ return win && IsAboutErrorPage(win, "neterror");
+#endif
+}
+
+already_AddRefed<mozilla::dom::Promise> Document::AddCertException(
+ bool aIsTemporary) {
+ nsIGlobalObject* global = GetScopeObject();
+ if (!global) {
+ return nullptr;
+ }
+
+ ErrorResult er;
+ RefPtr<Promise> promise =
+ Promise::Create(global, er, Promise::ePropagateUserInteraction);
+ if (er.Failed()) {
+ return nullptr;
+ }
+
+ nsCOMPtr<nsISupports> info;
+ nsCOMPtr<nsITransportSecurityInfo> tsi;
+ nsresult rv = NS_OK;
+ if (NS_WARN_IF(!mFailedChannel)) {
+ promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return promise.forget();
+ }
+
+ rv = mFailedChannel->GetSecurityInfo(getter_AddRefs(info));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ promise->MaybeReject(rv);
+ return promise.forget();
+ }
+ nsCOMPtr<nsIURI> failedChannelURI;
+ NS_GetFinalChannelURI(mFailedChannel, getter_AddRefs(failedChannelURI));
+ if (!failedChannelURI) {
+ promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return promise.forget();
+ }
+
+ nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(failedChannelURI);
+ if (!innerURI) {
+ promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return promise.forget();
+ }
+
+ nsAutoCString host;
+ innerURI->GetAsciiHost(host);
+ int32_t port;
+ innerURI->GetPort(&port);
+
+ tsi = do_QueryInterface(info);
+ if (NS_WARN_IF(!tsi)) {
+ promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return promise.forget();
+ }
+
+ bool isUntrusted = true;
+ rv = tsi->GetIsUntrusted(&isUntrusted);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ promise->MaybeReject(rv);
+ return promise.forget();
+ }
+
+ bool isDomainMismatch = true;
+ rv = tsi->GetIsDomainMismatch(&isDomainMismatch);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ promise->MaybeReject(rv);
+ return promise.forget();
+ }
+
+ bool isNotValidAtThisTime = true;
+ rv = tsi->GetIsNotValidAtThisTime(&isNotValidAtThisTime);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ promise->MaybeReject(rv);
+ return promise.forget();
+ }
+
+ nsCOMPtr<nsIX509Cert> cert;
+ rv = tsi->GetServerCert(getter_AddRefs(cert));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ promise->MaybeReject(rv);
+ return promise.forget();
+ }
+ if (NS_WARN_IF(!cert)) {
+ promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return promise.forget();
+ }
+
+ uint32_t flags = 0;
+ if (isUntrusted) {
+ flags |= nsICertOverrideService::ERROR_UNTRUSTED;
+ }
+ if (isDomainMismatch) {
+ flags |= nsICertOverrideService::ERROR_MISMATCH;
+ }
+ if (isNotValidAtThisTime) {
+ flags |= nsICertOverrideService::ERROR_TIME;
+ }
+
+ if (XRE_IsContentProcess()) {
+ nsCOMPtr<nsISerializable> certSer = do_QueryInterface(cert);
+ nsCString certSerialized;
+ NS_SerializeToString(certSer, certSerialized);
+
+ ContentChild* cc = ContentChild::GetSingleton();
+ MOZ_ASSERT(cc);
+ cc->SendAddCertException(certSerialized, flags, host, port, aIsTemporary)
+ ->Then(GetCurrentSerialEventTarget(), __func__,
+ [promise](const mozilla::MozPromise<
+ nsresult, mozilla::ipc::ResponseRejectReason,
+ true>::ResolveOrRejectValue& aValue) {
+ if (aValue.IsResolve()) {
+ promise->MaybeResolve(aValue.ResolveValue());
+ } else {
+ promise->MaybeRejectWithUndefined();
+ }
+ });
+ return promise.forget();
+ }
+
+ if (XRE_IsParentProcess()) {
+ nsCOMPtr<nsICertOverrideService> overrideService =
+ do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+ if (!overrideService) {
+ promise->MaybeReject(NS_ERROR_FAILURE);
+ return promise.forget();
+ }
+
+ rv = overrideService->RememberValidityOverride(host, port, cert, flags,
+ aIsTemporary);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ promise->MaybeReject(rv);
+ return promise.forget();
+ }
+
+ promise->MaybeResolveWithUndefined();
+ return promise.forget();
+ }
+
+ promise->MaybeReject(NS_ERROR_FAILURE);
+ return promise.forget();
+}
+
+void Document::GetNetErrorInfo(NetErrorInfo& aInfo, ErrorResult& aRv) {
+ nsCOMPtr<nsISupports> info;
+ nsCOMPtr<nsITransportSecurityInfo> tsi;
+ nsresult rv = NS_OK;
+ if (NS_WARN_IF(!mFailedChannel)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ rv = mFailedChannel->GetSecurityInfo(getter_AddRefs(info));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ tsi = do_QueryInterface(info);
+ if (NS_WARN_IF(!tsi)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ nsAutoString errorCodeString;
+ rv = tsi->GetErrorCodeString(errorCodeString);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ aInfo.mErrorCodeString.Assign(errorCodeString);
+}
+
+bool Document::CallerIsTrustedAboutCertError(JSContext* aCx,
+ JSObject* aObject) {
+ nsGlobalWindowInner* win = xpc::WindowOrNull(aObject);
+#ifdef ANDROID
+ // GeckoView uses data URLs for error pages, so for now just check for any
+ // error page
+ return win && win->GetDocument() && win->GetDocument()->IsErrorPage();
+#else
+ return win && IsAboutErrorPage(win, "certerror");
+#endif
+}
+
+bool Document::IsErrorPage() const {
+ nsCOMPtr<nsILoadInfo> loadInfo = mChannel ? mChannel->LoadInfo() : nullptr;
+ return loadInfo && loadInfo->GetLoadErrorPage();
+}
+
+void Document::GetFailedCertSecurityInfo(FailedCertSecurityInfo& aInfo,
+ ErrorResult& aRv) {
+ nsCOMPtr<nsISupports> info;
+ nsCOMPtr<nsITransportSecurityInfo> tsi;
+ nsresult rv = NS_OK;
+ if (NS_WARN_IF(!mFailedChannel)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ rv = mFailedChannel->GetSecurityInfo(getter_AddRefs(info));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ tsi = do_QueryInterface(info);
+ if (NS_WARN_IF(!tsi)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ nsAutoString errorCodeString;
+ rv = tsi->GetErrorCodeString(errorCodeString);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ aInfo.mErrorCodeString.Assign(errorCodeString);
+
+ rv = tsi->GetIsUntrusted(&aInfo.mIsUntrusted);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ rv = tsi->GetIsDomainMismatch(&aInfo.mIsDomainMismatch);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ rv = tsi->GetIsNotValidAtThisTime(&aInfo.mIsNotValidAtThisTime);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ nsCOMPtr<nsIX509Cert> cert;
+ nsCOMPtr<nsIX509CertValidity> validity;
+ rv = tsi->GetServerCert(getter_AddRefs(cert));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ if (NS_WARN_IF(!cert)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ rv = cert->GetValidity(getter_AddRefs(validity));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ if (NS_WARN_IF(!validity)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ PRTime validityResult;
+ rv = validity->GetNotBefore(&validityResult);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ aInfo.mValidNotBefore = DOMTimeStamp(validityResult / PR_USEC_PER_MSEC);
+
+ rv = validity->GetNotAfter(&validityResult);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ aInfo.mValidNotAfter = DOMTimeStamp(validityResult / PR_USEC_PER_MSEC);
+
+ nsAutoString issuerCommonName;
+ nsAutoString certChainPEMString;
+ Sequence<nsString>& certChainStrings = aInfo.mCertChainStrings.Construct();
+ int64_t maxValidity = std::numeric_limits<int64_t>::max();
+ int64_t minValidity = 0;
+ PRTime notBefore, notAfter;
+ nsTArray<RefPtr<nsIX509Cert>> failedCertArray;
+ rv = tsi->GetFailedCertChain(failedCertArray);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ if (NS_WARN_IF(failedCertArray.IsEmpty())) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ for (const auto& certificate : failedCertArray) {
+ rv = certificate->GetIssuerCommonName(issuerCommonName);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ rv = certificate->GetValidity(getter_AddRefs(validity));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ if (NS_WARN_IF(!validity)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ rv = validity->GetNotBefore(&notBefore);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ rv = validity->GetNotAfter(&notAfter);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ notBefore = std::max(minValidity, notBefore);
+ notAfter = std::min(maxValidity, notAfter);
+ nsTArray<uint8_t> certArray;
+ rv = certificate->GetRawDER(certArray);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ nsAutoString der64;
+ rv = Base64Encode(reinterpret_cast<const char*>(certArray.Elements()),
+ certArray.Length(), der64);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ if (!certChainStrings.AppendElement(der64, fallible)) {
+ aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
+ return;
+ }
+ }
+
+ aInfo.mIssuerCommonName.Assign(issuerCommonName);
+ aInfo.mCertValidityRangeNotAfter = DOMTimeStamp(notAfter / PR_USEC_PER_MSEC);
+ aInfo.mCertValidityRangeNotBefore =
+ DOMTimeStamp(notBefore / PR_USEC_PER_MSEC);
+
+ int32_t errorCode;
+ rv = tsi->GetErrorCode(&errorCode);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ nsCOMPtr<nsINSSErrorsService> nsserr =
+ do_GetService("@mozilla.org/nss_errors_service;1");
+ if (NS_WARN_IF(!nsserr)) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+ nsresult res;
+ rv = nsserr->GetXPCOMFromNSSError(errorCode, &res);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+ rv = nsserr->GetErrorMessage(res, aInfo.mErrorMessage);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aRv.Throw(rv);
+ return;
+ }
+
+ bool isPrivateBrowsing = nsContentUtils::IsInPrivateBrowsing(this);
+ uint32_t flags =
+ isPrivateBrowsing ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
+ OriginAttributes attrs;
+ StoragePrincipalHelper::GetRegularPrincipalOriginAttributes(this, attrs);
+ nsCOMPtr<nsIURI> aURI;
+ mFailedChannel->GetURI(getter_AddRefs(aURI));
+ if (XRE_IsContentProcess()) {
+ ContentChild* cc = ContentChild::GetSingleton();
+ MOZ_ASSERT(cc);
+ cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags, attrs,
+ &aInfo.mHasHSTS);
+ cc->SendIsSecureURI(nsISiteSecurityService::STATIC_PINNING, aURI, flags,
+ attrs, &aInfo.mHasHPKP);
+ } else {
+ nsCOMPtr<nsISiteSecurityService> sss =
+ do_GetService(NS_SSSERVICE_CONTRACTID);
+ if (NS_WARN_IF(!sss)) {
+ return;
+ }
+ Unused << NS_WARN_IF(NS_FAILED(
+ sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags,
+ attrs, nullptr, nullptr, &aInfo.mHasHSTS)));
+ Unused << NS_WARN_IF(NS_FAILED(
+ sss->IsSecureURI(nsISiteSecurityService::STATIC_PINNING, aURI, flags,
+ attrs, nullptr, nullptr, &aInfo.mHasHPKP)));
+ }
+}
+
+bool Document::AllowDeprecatedTls() {
+ return Preferences::GetBool("security.tls.version.enable-deprecated", false);
+}
+
+void Document::SetAllowDeprecatedTls(bool value) {
+ if (!IsErrorPage()) {
+ return;
+ }
+
+ auto docShell = GetDocShell();
+ if (!docShell) {
+ return;
+ }
+
+ auto child = BrowserChild::GetFrom(docShell);
+ if (!child) {
+ return;
+ }
+
+ child->SendSetAllowDeprecatedTls(value);
+}
+
+bool Document::IsAboutPage() const {
+ nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
+ return principal->SchemeIs("about");
+}
+
+void Document::ConstructUbiNode(void* storage) {
+ JS::ubi::Concrete<Document>::construct(storage, this);
+}
+
+void Document::LoadEventFired() {
+ // Accumulate timing data located in each document's realm and report to
+ // telemetry.
+ AccumulateJSTelemetry();
+
+ // Collect page load timings
+ AccumulatePageLoadTelemetry();
+
+ // Release the JS bytecode cache from its wait on the load event, and
+ // potentially dispatch the encoding of the bytecode.
+ if (ScriptLoader()) {
+ ScriptLoader()->LoadEventFired();
+ }
+}
+
+static uint32_t CalcPercentage(TimeDuration aSubTimer,
+ TimeDuration aTotalTimer) {
+ return static_cast<uint32_t>(100.0 * aSubTimer.ToMilliseconds() /
+ aTotalTimer.ToMilliseconds());
+}
+
+void Document::AccumulatePageLoadTelemetry() {
+ // Interested only in top level documents for real websites that are in the
+ // foreground.
+ if (!ShouldIncludeInTelemetry(false) || !IsTopLevelContentDocument() ||
+ !GetNavigationTiming() ||
+ !GetNavigationTiming()->DocShellHasBeenActiveSinceNavigationStart()) {
+ return;
+ }
+
+ if (!GetChannel()) {
+ return;
+ }
+
+ nsCOMPtr<nsITimedChannel> timedChannel(do_QueryInterface(GetChannel()));
+ if (!timedChannel) {
+ return;
+ }
+
+ TimeStamp responseStart;
+ timedChannel->GetResponseStart(&responseStart);
+
+ TimeStamp navigationStart =
+ GetNavigationTiming()->GetNavigationStartTimeStamp();
+
+ if (!responseStart || !navigationStart) {
+ return;
+ }
+
+ nsCString http3Key;
+ nsCOMPtr<nsIHttpChannelInternal> httpChannel =
+ do_QueryInterface(GetChannel());
+ if (httpChannel) {
+ uint32_t major;
+ uint32_t minor;
+ if (NS_SUCCEEDED(httpChannel->GetResponseVersion(&major, &minor))) {
+ if (major == 3) {
+ http3Key = "http3"_ns;
+ } else if (major == 2) {
+ bool supportHttp3 = false;
+ if (NS_FAILED(httpChannel->GetSupportsHTTP3(&supportHttp3))) {
+ supportHttp3 = false;
+ }
+ if (supportHttp3) {
+ http3Key = "supports_http3"_ns;
+ }
+ }
+ }
+ }
+
+ // First Contentful Paint
+ if (TimeStamp firstContentfulPaint =
+ GetNavigationTiming()->GetFirstContentfulPaintTimeStamp()) {
+ Telemetry::AccumulateTimeDelta(Telemetry::PERF_FIRST_CONTENTFUL_PAINT_MS,
+ navigationStart, firstContentfulPaint);
+
+ if (!http3Key.IsEmpty()) {
+ Telemetry::AccumulateTimeDelta(
+ Telemetry::HTTP3_PERF_FIRST_CONTENTFUL_PAINT_MS, http3Key,
+ navigationStart, firstContentfulPaint);
+ }
+
+ Telemetry::AccumulateTimeDelta(
+ Telemetry::PERF_FIRST_CONTENTFUL_PAINT_FROM_RESPONSESTART_MS,
+ responseStart, firstContentfulPaint);
+ }
+
+ // DOM Content Loaded event
+ if (TimeStamp dclEventStart =
+ GetNavigationTiming()->GetDOMContentLoadedEventStartTimeStamp()) {
+ Telemetry::AccumulateTimeDelta(Telemetry::PERF_DOM_CONTENT_LOADED_TIME_MS,
+ navigationStart, dclEventStart);
+ Telemetry::AccumulateTimeDelta(
+ Telemetry::PERF_DOM_CONTENT_LOADED_TIME_FROM_RESPONSESTART_MS,
+ responseStart, dclEventStart);
+ }
+
+ // Load event
+ if (TimeStamp loadEventStart =
+ GetNavigationTiming()->GetLoadEventStartTimeStamp()) {
+ Telemetry::AccumulateTimeDelta(Telemetry::PERF_PAGE_LOAD_TIME_MS,
+ navigationStart, loadEventStart);
+ if (!http3Key.IsEmpty()) {
+ Telemetry::AccumulateTimeDelta(Telemetry::HTTP3_PERF_PAGE_LOAD_TIME_MS,
+ http3Key, navigationStart, loadEventStart);
+ }
+
+ Telemetry::AccumulateTimeDelta(
+ Telemetry::PERF_PAGE_LOAD_TIME_FROM_RESPONSESTART_MS, responseStart,
+ loadEventStart);
+ }
+}
+
+void Document::AccumulateJSTelemetry() {
+ if (!IsTopLevelContentDocument() || !ShouldIncludeInTelemetry(false)) {
+ return;
+ }
+
+ if (!GetScopeObject() || !GetScopeObject()->GetGlobalJSObject()) {
+ return;
+ }
+
+ AutoJSContext cx;
+ JSObject* globalObject = GetScopeObject()->GetGlobalJSObject();
+ JSAutoRealm ar(cx, globalObject);
+ JS::JSTimers timers = JS::GetJSTimers(cx);
+
+ TimeDuration totalExecutionTime = timers.executionTime;
+ TimeDuration totalDelazificationTime = timers.delazificationTime;
+ TimeDuration totalXDREncodingTime = timers.xdrEncodingTime;
+ TimeDuration totalBaselineCompileTime = timers.baselineCompileTime;
+
+ if (totalExecutionTime.IsZero()) {
+ return;
+ }
+
+ if (!totalDelazificationTime.IsZero()) {
+ Telemetry::Accumulate(
+ Telemetry::JS_DELAZIFICATION_PROPORTION,
+ CalcPercentage(totalDelazificationTime, totalExecutionTime));
+ }
+
+ if (!totalXDREncodingTime.IsZero()) {
+ Telemetry::Accumulate(
+ Telemetry::JS_XDR_ENCODING_PROPORTION,
+ CalcPercentage(totalXDREncodingTime, totalExecutionTime));
+ }
+
+ if (!totalBaselineCompileTime.IsZero()) {
+ Telemetry::Accumulate(
+ Telemetry::JS_BASELINE_COMPILE_PROPORTION,
+ CalcPercentage(totalBaselineCompileTime, totalExecutionTime));
+ }
+
+ if (GetNavigationTiming()) {
+ TimeStamp loadEventStart =
+ GetNavigationTiming()->GetLoadEventStartTimeStamp();
+ TimeStamp navigationStart =
+ GetNavigationTiming()->GetNavigationStartTimeStamp();
+
+ if (loadEventStart && navigationStart) {
+ TimeDuration pageLoadTime = loadEventStart - navigationStart;
+ Telemetry::Accumulate(Telemetry::JS_EXECUTION_PROPORTION,
+ CalcPercentage(totalExecutionTime, pageLoadTime));
+ }
+ }
+}
+
+Document::~Document() {
+ MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, ("DOCUMENT %p destroyed", this));
+ MOZ_ASSERT(!IsTopLevelContentDocument() || !IsResourceDoc(),
+ "Can't be top-level and a resource doc at the same time");
+
+ NS_ASSERTION(!mIsShowing, "Destroying a currently-showing document");
+
+ if (IsTopLevelContentDocument()) {
+ RemoveToplevelLoadingDocument(this);
+
+ // don't report for about: pages
+ if (!IsAboutPage()) {
+ // record CSP telemetry on this document
+ if (mHasCSP) {
+ Accumulate(Telemetry::CSP_DOCUMENTS_COUNT, 1);
+ }
+ if (mHasUnsafeInlineCSP) {
+ Accumulate(Telemetry::CSP_UNSAFE_INLINE_DOCUMENTS_COUNT, 1);
+ }
+ if (mHasUnsafeEvalCSP) {
+ Accumulate(Telemetry::CSP_UNSAFE_EVAL_DOCUMENTS_COUNT, 1);
+ }
+
+ if (MOZ_UNLIKELY(mMathMLEnabled)) {
+ ScalarAdd(Telemetry::ScalarID::MATHML_DOC_COUNT, 1);
+ }
+
+ if (IsHTMLDocument()) {
+ switch (GetCompatibilityMode()) {
+ case eCompatibility_FullStandards:
+ Telemetry::AccumulateCategorical(
+ Telemetry::LABELS_QUIRKS_MODE::FullStandards);
+ break;
+ case eCompatibility_AlmostStandards:
+ Telemetry::AccumulateCategorical(
+ Telemetry::LABELS_QUIRKS_MODE::AlmostStandards);
+ break;
+ case eCompatibility_NavQuirks:
+ Telemetry::AccumulateCategorical(
+ Telemetry::LABELS_QUIRKS_MODE::NavQuirks);
+ break;
+ default:
+ MOZ_ASSERT_UNREACHABLE("Unknown quirks mode");
+ break;
+ }
+ }
+ }
+ }
+
+ mInDestructor = true;
+ mInUnlinkOrDeletion = true;
+
+ mozilla::DropJSObjects(this);
+
+ // Clear mObservers to keep it in sync with the mutationobserver list
+ mObservers.Clear();
+
+ mIntersectionObservers.Clear();
+
+ if (mStyleSheetSetList) {
+ mStyleSheetSetList->Disconnect();
+ }
+
+ if (mAnimationController) {
+ mAnimationController->Disconnect();
+ }
+
+ MOZ_ASSERT(mTimelines.isEmpty());
+
+ mParentDocument = nullptr;
+
+ // Kill the subdocument map, doing this will release its strong
+ // references, if any.
+ delete mSubDocuments;
+ mSubDocuments = nullptr;
+
+ nsAutoScriptBlocker scriptBlocker;
+
+ // Destroy link map now so we don't waste time removing
+ // links one by one
+ DestroyElementMaps();
+
+ // Invalidate cached array of child nodes
+ InvalidateChildNodes();
+
+ // We should not have child nodes when destructor is called,
+ // since child nodes keep their owner document alive.
+ MOZ_ASSERT(!HasChildren());
+
+ mCachedRootElement = nullptr;
+
+ for (auto& sheets : mAdditionalSheets) {
+ UnlinkStyleSheets(sheets);
+ }
+
+ if (mAttrStyleSheet) {
+ mAttrStyleSheet->SetOwningDocument(nullptr);
+ }
+
+ if (mListenerManager) {
+ mListenerManager->Disconnect();
+ UnsetFlags(NODE_HAS_LISTENERMANAGER);
+ }
+
+ if (mScriptLoader) {
+ mScriptLoader->DropDocumentReference();
+ }
+
+ if (mCSSLoader) {
+ // Could be null here if Init() failed or if we have been unlinked.
+ mCSSLoader->DropDocumentReference();
+ }
+
+ if (mStyleImageLoader) {
+ mStyleImageLoader->DropDocumentReference();
+ }
+
+ if (mXULBroadcastManager) {
+ mXULBroadcastManager->DropDocumentReference();
+ }
+
+ if (mXULPersist) {
+ mXULPersist->DropDocumentReference();
+ }
+
+ if (mPermissionDelegateHandler) {
+ mPermissionDelegateHandler->DropDocumentReference();
+ }
+
+ delete mHeaderData;
+
+ mPendingTitleChangeEvent.Revoke();
+
+ mPlugins.Clear();
+
+ MOZ_ASSERT(mDOMMediaQueryLists.isEmpty(),
+ "must not have media query lists left");
+
+ if (mNodeInfoManager) {
+ mNodeInfoManager->DropDocumentReference();
+ }
+
+ if (mDocGroup) {
+ MOZ_ASSERT(mDocGroup->GetBrowsingContextGroup());
+ mDocGroup->GetBrowsingContextGroup()->RemoveDocument(mDocGroup->GetKey(),
+ this);
+ }
+
+ UnlinkOriginalDocumentIfStatic();
+}
+
+NS_INTERFACE_TABLE_HEAD(Document)
+ NS_WRAPPERCACHE_INTERFACE_TABLE_ENTRY
+ NS_INTERFACE_TABLE_BEGIN
+ NS_INTERFACE_TABLE_ENTRY_AMBIGUOUS(Document, nsISupports, nsINode)
+ NS_INTERFACE_TABLE_ENTRY(Document, nsINode)
+ NS_INTERFACE_TABLE_ENTRY(Document, Document)
+ NS_INTERFACE_TABLE_ENTRY(Document, nsIScriptObjectPrincipal)
+ NS_INTERFACE_TABLE_ENTRY(Document, EventTarget)
+ NS_INTERFACE_TABLE_ENTRY(Document, nsISupportsWeakReference)
+ NS_INTERFACE_TABLE_ENTRY(Document, nsIRadioGroupContainer)
+ NS_INTERFACE_TABLE_ENTRY(Document, nsIMutationObserver)
+ NS_INTERFACE_TABLE_ENTRY(Document, nsIApplicationCacheContainer)
+ NS_INTERFACE_TABLE_END
+ NS_INTERFACE_TABLE_TO_MAP_SEGUE_CYCLE_COLLECTION(Document)
+NS_INTERFACE_MAP_END
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(Document)
+NS_IMETHODIMP_(MozExternalRefCountType)
+Document::Release() {
+ MOZ_ASSERT(0 != mRefCnt, "dup release");
+ NS_ASSERT_OWNINGTHREAD(Document);
+ nsISupports* base = NS_CYCLE_COLLECTION_CLASSNAME(Document)::Upcast(this);
+ bool shouldDelete = false;
+ nsrefcnt count = mRefCnt.decr(base, &shouldDelete);
+ NS_LOG_RELEASE(this, count, "Document");
+ if (count == 0) {
+ if (mStackRefCnt && !mNeedsReleaseAfterStackRefCntRelease) {
+ mNeedsReleaseAfterStackRefCntRelease = true;
+ NS_ADDREF_THIS();
+ return mRefCnt.get();
+ }
+ mRefCnt.incr(base);
+ LastRelease();
+ mRefCnt.decr(base);
+ if (shouldDelete) {
+ mRefCnt.stabilizeForDeletion();
+ DeleteCycleCollectable();
+ }
+ }
+ return count;
+}
+
+NS_IMETHODIMP_(void)
+Document::DeleteCycleCollectable() { delete this; }
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_BEGIN(Document)
+ if (Element::CanSkip(tmp, aRemovingAllowed)) {
+ EventListenerManager* elm = tmp->GetExistingListenerManager();
+ if (elm) {
+ elm->MarkForCC();
+ }
+ return true;
+ }
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_BEGIN(Document)
+ return Element::CanSkipInCC(tmp);
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(Document)
+ return Element::CanSkipThis(tmp);
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END
+
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INTERNAL(Document)
+ if (MOZ_UNLIKELY(cb.WantDebugInfo())) {
+ char name[512];
+ nsAutoCString loadedAsData;
+ if (tmp->IsLoadedAsData()) {
+ loadedAsData.AssignLiteral("data");
+ } else {
+ loadedAsData.AssignLiteral("normal");
+ }
+ uint32_t nsid = tmp->GetDefaultNamespaceID();
+ nsAutoCString uri;
+ if (tmp->mDocumentURI) uri = tmp->mDocumentURI->GetSpecOrDefault();
+ static const char* kNSURIs[] = {"([none])", "(xmlns)", "(xml)",
+ "(xhtml)", "(XLink)", "(XSLT)",
+ "(MathML)", "(RDF)", "(XUL)"};
+ if (nsid < ArrayLength(kNSURIs)) {
+ SprintfLiteral(name, "Document %s %s %s", loadedAsData.get(),
+ kNSURIs[nsid], uri.get());
+ } else {
+ SprintfLiteral(name, "Document %s %s", loadedAsData.get(), uri.get());
+ }
+ cb.DescribeRefCountedNode(tmp->mRefCnt.get(), name);
+ } else {
+ NS_IMPL_CYCLE_COLLECTION_DESCRIBE(Document, tmp->mRefCnt.get())
+ }
+
+ if (!nsINode::Traverse(tmp, cb)) {
+ return NS_SUCCESS_INTERRUPTED_TRAVERSE;
+ }
+
+ tmp->mExternalResourceMap.Traverse(&cb);
+
+ // Traverse all Document pointer members.
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mSecurityInfo)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDisplayDocument)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mFontFaceSet)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mReadyForIdle)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDocumentL10n)
+
+ // Traverse all Document nsCOMPtrs.
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mParser)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mScriptGlobalObject)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mListenerManager)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mStyleSheetSetList)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mScriptLoader)
+
+ DocumentOrShadowRoot::Traverse(tmp, cb);
+
+ for (auto& sheets : tmp->mAdditionalSheets) {
+ tmp->TraverseStyleSheets(sheets, "mAdditionalSheets[<origin>][i]", cb);
+ }
+
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mOnloadBlocker)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mLazyLoadImageObserver)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDOMImplementation)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mImageMaps)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mOrientationPendingPromise)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mOriginalDocument)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mCachedEncoder)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mStateObjectCached)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDocumentTimeline)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPendingAnimationTracker)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mTemplateContentsOwner)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mChildrenCollection)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mImages);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mEmbeds);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mLinks);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mForms);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mScripts);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mApplets);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mAnchors);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mAnonymousContents)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mCommandDispatcher)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mFeaturePolicy)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mSuppressedEventListener)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPrototypeDocument)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mMidasCommandManager)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mAll)
+
+ // Traverse all our nsCOMArrays.
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPreloadingImages)
+
+ for (uint32_t i = 0; i < tmp->mFrameRequestCallbacks.Length(); ++i) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mFrameRequestCallbacks[i]");
+ cb.NoteXPCOMChild(tmp->mFrameRequestCallbacks[i].mCallback);
+ }
+
+ // Traverse animation components
+ if (tmp->mAnimationController) {
+ tmp->mAnimationController->Traverse(&cb);
+ }
+
+ if (tmp->mSubDocuments) {
+ for (auto iter = tmp->mSubDocuments->Iter(); !iter.Done(); iter.Next()) {
+ auto entry = static_cast<SubDocMapEntry*>(iter.Get());
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mSubDocuments entry->mKey");
+ cb.NoteXPCOMChild(entry->mKey);
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb,
+ "mSubDocuments entry->mSubDocument");
+ cb.NoteXPCOMChild(ToSupports(entry->mSubDocument));
+ }
+ }
+
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mCSSLoader)
+
+ // We own only the items in mDOMMediaQueryLists that have listeners;
+ // this reference is managed by their AddListener and RemoveListener
+ // methods.
+ for (MediaQueryList* mql = tmp->mDOMMediaQueryLists.getFirst(); mql;
+ mql = static_cast<LinkedListElement<MediaQueryList>*>(mql)->getNext()) {
+ if (mql->HasListeners() &&
+ NS_SUCCEEDED(mql->CheckCurrentGlobalCorrectness())) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mDOMMediaQueryLists item");
+ cb.NoteXPCOMChild(mql);
+ }
+ }
+
+ if (tmp->mResizeObserverController) {
+ tmp->mResizeObserverController->Traverse(cb);
+ }
+ for (size_t i = 0; i < tmp->mMetaViewports.Length(); i++) {
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mMetaViewports[i].mElement);
+ }
+
+ // XXX: This should be not needed once bug 1569185 lands.
+ for (auto it = tmp->mL10nProtoElements.ConstIter(); !it.Done(); it.Next()) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mL10nProtoElements key");
+ cb.NoteXPCOMChild(it.Key());
+ CycleCollectionNoteChild(cb, it.UserData(), "mL10nProtoElements value");
+ }
+
+ for (size_t i = 0; i < tmp->mPendingFrameStaticClones.Length(); ++i) {
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPendingFrameStaticClones[i].mElement);
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(
+ mPendingFrameStaticClones[i].mStaticCloneOf);
+ }
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+
+NS_IMPL_CYCLE_COLLECTION_CLASS(Document)
+
+NS_IMPL_CYCLE_COLLECTION_TRACE_WRAPPERCACHE(Document)
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Document)
+ tmp->mInUnlinkOrDeletion = true;
+
+ // Clear out our external resources
+ tmp->mExternalResourceMap.Shutdown();
+
+ nsAutoScriptBlocker scriptBlocker;
+
+ nsINode::Unlink(tmp);
+
+ while (tmp->HasChildren()) {
+ // Hold a strong ref to the node when we remove it, because we may be
+ // the last reference to it.
+ // If this code changes, change the corresponding code in Document's
+ // unlink impl and ContentUnbinder::UnbindSubtree.
+ nsCOMPtr<nsIContent> child = tmp->GetLastChild();
+ tmp->DisconnectChild(child);
+ child->UnbindFromTree();
+ }
+
+ tmp->UnlinkOriginalDocumentIfStatic();
+
+ tmp->mCachedRootElement = nullptr; // Avoid a dangling pointer
+
+ tmp->SetScriptGlobalObject(nullptr);
+
+ for (auto& sheets : tmp->mAdditionalSheets) {
+ tmp->UnlinkStyleSheets(sheets);
+ }
+
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mSecurityInfo)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mDisplayDocument)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mLazyLoadImageObserver)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mFontFaceSet)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mReadyForIdle)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mDocumentL10n)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mParser)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mOnloadBlocker)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mDOMImplementation)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mImageMaps)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mOrientationPendingPromise)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mOriginalDocument)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mCachedEncoder)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mStateObjectCached)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mDocumentTimeline)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mPendingAnimationTracker)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mTemplateContentsOwner)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mChildrenCollection)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mImages);
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mEmbeds);
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mLinks);
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mForms);
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mScripts);
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mApplets);
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mAnchors);
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mAnonymousContents)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mCommandDispatcher)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mFeaturePolicy)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mSuppressedEventListener)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mPrototypeDocument)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mMidasCommandManager)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mAll)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mReferrerInfo)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mPreloadReferrerInfo)
+
+ if (tmp->IsTopLevelContentDocument()) {
+ RemoveToplevelLoadingDocument(tmp);
+ }
+
+ tmp->mParentDocument = nullptr;
+
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mPreloadingImages)
+
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mIntersectionObservers)
+
+ if (tmp->mListenerManager) {
+ tmp->mListenerManager->Disconnect();
+ tmp->UnsetFlags(NODE_HAS_LISTENERMANAGER);
+ tmp->mListenerManager = nullptr;
+ }
+
+ if (tmp->mStyleSheetSetList) {
+ tmp->mStyleSheetSetList->Disconnect();
+ tmp->mStyleSheetSetList = nullptr;
+ }
+
+ delete tmp->mSubDocuments;
+ tmp->mSubDocuments = nullptr;
+
+ tmp->mFrameRequestCallbacks.Clear();
+ MOZ_RELEASE_ASSERT(!tmp->mFrameRequestCallbacksScheduled,
+ "How did we get here without our presshell going away "
+ "first?");
+
+ DocumentOrShadowRoot::Unlink(tmp);
+
+ // Document has a pretty complex destructor, so we're going to
+ // assume that *most* cycles you actually want to break somewhere
+ // else, and not unlink an awful lot here.
+
+ tmp->mExpandoAndGeneration.OwnerUnlinked();
+
+ if (tmp->mAnimationController) {
+ tmp->mAnimationController->Unlink();
+ }
+
+ tmp->mPendingTitleChangeEvent.Revoke();
+
+ if (tmp->mCSSLoader) {
+ tmp->mCSSLoader->DropDocumentReference();
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mCSSLoader)
+ }
+
+ // We own only the items in mDOMMediaQueryLists that have listeners;
+ // this reference is managed by their AddListener and RemoveListener
+ // methods.
+ for (MediaQueryList* mql = tmp->mDOMMediaQueryLists.getFirst(); mql;) {
+ MediaQueryList* next =
+ static_cast<LinkedListElement<MediaQueryList>*>(mql)->getNext();
+ mql->Disconnect();
+ mql = next;
+ }
+
+ tmp->mPendingFrameStaticClones.Clear();
+
+ tmp->mInUnlinkOrDeletion = false;
+
+ if (tmp->mResizeObserverController) {
+ tmp->mResizeObserverController->Unlink();
+ }
+ tmp->mMetaViewports.Clear();
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mL10nProtoElements)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_PTR
+ NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+nsresult Document::Init() {
+ if (mCSSLoader || mStyleImageLoader || mNodeInfoManager || mScriptLoader) {
+ return NS_ERROR_ALREADY_INITIALIZED;
+ }
+
+ // Force initialization.
+ nsINode::nsSlots* slots = Slots();
+
+ // Prepend self as mutation-observer whether we need it or not (some
+ // subclasses currently do, other don't). This is because the code in
+ // MutationObservers always notifies the first observer first, expecting the
+ // first observer to be the document.
+ slots->mMutationObservers.PrependElementUnlessExists(
+ static_cast<nsIMutationObserver*>(this));
+
+ mOnloadBlocker = new OnloadBlocker();
+ mStyleImageLoader = new css::ImageLoader(this);
+
+ mNodeInfoManager = new nsNodeInfoManager();
+ nsresult rv = mNodeInfoManager->Init(this);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // mNodeInfo keeps NodeInfoManager alive!
+ mNodeInfo = mNodeInfoManager->GetDocumentNodeInfo();
+ NS_ENSURE_TRUE(mNodeInfo, NS_ERROR_OUT_OF_MEMORY);
+ MOZ_ASSERT(mNodeInfo->NodeType() == DOCUMENT_NODE,
+ "Bad NodeType in aNodeInfo");
+
+ NS_ASSERTION(OwnerDoc() == this, "Our nodeinfo is busted!");
+
+ mCSSLoader = new css::Loader(this);
+ // Assume we're not quirky, until we know otherwise
+ mCSSLoader->SetCompatibilityMode(eCompatibility_FullStandards);
+
+ // If after creation the owner js global is not set for a document
+ // we use the default compartment for this document, instead of creating
+ // wrapper in some random compartment when the document is exposed to js
+ // via some events.
+ nsCOMPtr<nsIGlobalObject> global =
+ xpc::NativeGlobal(xpc::PrivilegedJunkScope());
+ NS_ENSURE_TRUE(global, NS_ERROR_FAILURE);
+ mScopeObject = do_GetWeakReference(global);
+ MOZ_ASSERT(mScopeObject);
+
+ mScriptLoader = new dom::ScriptLoader(this);
+
+ // we need to create a policy here so getting the policy within
+ // ::Policy() can *always* return a non null policy
+ mFeaturePolicy = new dom::FeaturePolicy(this);
+ mFeaturePolicy->SetDefaultOrigin(NodePrincipal());
+
+ mStyleSet = MakeUnique<ServoStyleSet>(*this);
+
+ mozilla::HoldJSObjects(this);
+
+ return NS_OK;
+}
+
+void Document::RemoveAllProperties() { PropertyTable().RemoveAllProperties(); }
+
+void Document::RemoveAllPropertiesFor(nsINode* aNode) {
+ PropertyTable().RemoveAllPropertiesFor(aNode);
+}
+
+bool Document::IsVisibleConsideringAncestors() const {
+ const Document* parent = this;
+ do {
+ if (!parent->IsVisible()) {
+ return false;
+ }
+ } while ((parent = parent->GetInProcessParentDocument()));
+
+ return true;
+}
+
+void Document::Reset(nsIChannel* aChannel, nsILoadGroup* aLoadGroup) {
+ nsCOMPtr<nsIURI> uri;
+ nsCOMPtr<nsIPrincipal> principal;
+ nsCOMPtr<nsIPrincipal> partitionedPrincipal;
+ if (aChannel) {
+ // Note: this code is duplicated in PrototypeDocumentContentSink::Init and
+ // nsScriptSecurityManager::GetChannelResultPrincipals.
+ // Note: this should match the uri used for the OnNewURI call in
+ // nsDocShell::CreateContentViewer.
+ NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
+
+ nsIScriptSecurityManager* securityManager =
+ nsContentUtils::GetSecurityManager();
+ if (securityManager) {
+ securityManager->GetChannelResultPrincipals(
+ aChannel, getter_AddRefs(principal),
+ getter_AddRefs(partitionedPrincipal));
+ }
+ }
+
+ bool equal = principal->Equals(partitionedPrincipal);
+
+ principal = MaybeDowngradePrincipal(principal);
+ if (equal) {
+ partitionedPrincipal = principal;
+ } else {
+ partitionedPrincipal = MaybeDowngradePrincipal(partitionedPrincipal);
+ }
+
+ ResetToURI(uri, aLoadGroup, principal, partitionedPrincipal);
+
+ // Note that, since mTiming does not change during a reset, the
+ // navigationStart time remains unchanged and therefore any future new
+ // timeline will have the same global clock time as the old one.
+ mDocumentTimeline = nullptr;
+
+ nsCOMPtr<nsIPropertyBag2> bag = do_QueryInterface(aChannel);
+ if (bag) {
+ nsCOMPtr<nsIURI> baseURI;
+ bag->GetPropertyAsInterface(u"baseURI"_ns, NS_GET_IID(nsIURI),
+ getter_AddRefs(baseURI));
+ if (baseURI) {
+ mDocumentBaseURI = baseURI;
+ mChromeXHRDocBaseURI = nullptr;
+ }
+ }
+
+ mChannel = aChannel;
+}
+
+void Document::DisconnectNodeTree() {
+ // Delete references to sub-documents and kill the subdocument map,
+ // if any. This is not strictly needed, but makes the node tree
+ // teardown a bit faster.
+ delete mSubDocuments;
+ mSubDocuments = nullptr;
+
+ bool oldVal = mInUnlinkOrDeletion;
+ mInUnlinkOrDeletion = true;
+ { // Scope for update
+ MOZ_AUTO_DOC_UPDATE(this, true);
+
+ // Destroy link map now so we don't waste time removing
+ // links one by one
+ DestroyElementMaps();
+
+ // Invalidate cached array of child nodes
+ InvalidateChildNodes();
+
+ while (HasChildren()) {
+ nsMutationGuard::DidMutate();
+ nsCOMPtr<nsIContent> content = GetLastChild();
+ nsIContent* previousSibling = content->GetPreviousSibling();
+ DisconnectChild(content);
+ if (content == mCachedRootElement) {
+ // Immediately clear mCachedRootElement, now that it's been removed
+ // from mChildren, so that GetRootElement() will stop returning this
+ // now-stale value.
+ mCachedRootElement = nullptr;
+ }
+ MutationObservers::NotifyContentRemoved(this, content, previousSibling);
+ content->UnbindFromTree();
+ }
+ MOZ_ASSERT(!mCachedRootElement,
+ "After removing all children, there should be no root elem");
+ }
+ mInUnlinkOrDeletion = oldVal;
+}
+
+void Document::ResetToURI(nsIURI* aURI, nsILoadGroup* aLoadGroup,
+ nsIPrincipal* aPrincipal,
+ nsIPrincipal* aPartitionedPrincipal) {
+ MOZ_ASSERT(aURI, "Null URI passed to ResetToURI");
+ MOZ_ASSERT(!!aPrincipal == !!aPartitionedPrincipal);
+
+ MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug,
+ ("DOCUMENT %p ResetToURI %s", this, aURI->GetSpecOrDefault().get()));
+
+ mSecurityInfo = nullptr;
+
+ nsCOMPtr<nsILoadGroup> group = do_QueryReferent(mDocumentLoadGroup);
+ if (!aLoadGroup || group != aLoadGroup) {
+ mDocumentLoadGroup = nullptr;
+ }
+
+ DisconnectNodeTree();
+
+ // Reset our stylesheets
+ ResetStylesheetsToURI(aURI);
+
+ // Release the listener manager
+ if (mListenerManager) {
+ mListenerManager->Disconnect();
+ mListenerManager = nullptr;
+ }
+
+ // Release the stylesheets list.
+ mDOMStyleSheets = nullptr;
+
+ // Release our principal after tearing down the document, rather than before.
+ // This ensures that, during teardown, the document and the dying window
+ // (which already nulled out its document pointer and cached the principal)
+ // have matching principals.
+ SetPrincipals(nullptr, nullptr);
+
+ // Clear the original URI so SetDocumentURI sets it.
+ mOriginalURI = nullptr;
+
+ SetDocumentURI(aURI);
+ mChromeXHRDocURI = nullptr;
+ // If mDocumentBaseURI is null, Document::GetBaseURI() returns
+ // mDocumentURI.
+ mDocumentBaseURI = nullptr;
+ mChromeXHRDocBaseURI = nullptr;
+
+ // Check if the current document is the top-level DevTools document.
+ // For inner DevTools frames, mIsDevToolsDocument will be set when
+ // calling SetDocumentParent.
+ if (aURI && aURI->SchemeIs("about") &&
+ aURI->GetSpecOrDefault().EqualsLiteral("about:devtools-toolbox")) {
+ mIsDevToolsDocument = true;
+ }
+
+ if (aLoadGroup) {
+ mDocumentLoadGroup = do_GetWeakReference(aLoadGroup);
+ // there was an assertion here that aLoadGroup was not null. This
+ // is no longer valid: nsDocShell::SetDocument does not create a
+ // load group, and it works just fine
+
+ // XXXbz what does "just fine" mean exactly? And given that there
+ // is no nsDocShell::SetDocument, what is this talking about?
+
+ if (IsContentDocument()) {
+ // Inform the associated request context about this load start so
+ // any of its internal load progress flags gets reset.
+ nsCOMPtr<nsIRequestContextService> rcsvc =
+ net::RequestContextService::GetOrCreate();
+ if (rcsvc) {
+ nsCOMPtr<nsIRequestContext> rc;
+ rcsvc->GetRequestContextFromLoadGroup(aLoadGroup, getter_AddRefs(rc));
+ if (rc) {
+ rc->BeginLoad();
+ }
+ }
+ }
+ }
+
+ mLastModified.Truncate();
+ // XXXbz I guess we're assuming that the caller will either pass in
+ // a channel with a useful type or call SetContentType?
+ SetContentTypeInternal(""_ns);
+ mContentLanguage.Truncate();
+ mBaseTarget.Truncate();
+
+ mXMLDeclarationBits = 0;
+
+ // Now get our new principal
+ if (aPrincipal) {
+ SetPrincipals(aPrincipal, aPartitionedPrincipal);
+ } else {
+ nsIScriptSecurityManager* securityManager =
+ nsContentUtils::GetSecurityManager();
+ if (securityManager) {
+ nsCOMPtr<nsILoadContext> loadContext(mDocumentContainer);
+
+ if (!loadContext && aLoadGroup) {
+ nsCOMPtr<nsIInterfaceRequestor> cbs;
+ aLoadGroup->GetNotificationCallbacks(getter_AddRefs(cbs));
+ loadContext = do_GetInterface(cbs);
+ }
+
+ MOZ_ASSERT(loadContext,
+ "must have a load context or pass in an explicit principal");
+
+ nsCOMPtr<nsIPrincipal> principal;
+ nsresult rv = securityManager->GetLoadContextContentPrincipal(
+ mDocumentURI, loadContext, getter_AddRefs(principal));
+ if (NS_SUCCEEDED(rv)) {
+ SetPrincipals(principal, principal);
+ }
+ }
+ }
+
+ if (mFontFaceSet) {
+ mFontFaceSet->RefreshStandardFontLoadPrincipal();
+ }
+
+ // Refresh the principal on the realm.
+ if (nsPIDOMWindowInner* win = GetInnerWindow()) {
+ nsGlobalWindowInner::Cast(win)->RefreshRealmPrincipal();
+ }
+}
+
+already_AddRefed<nsIPrincipal> Document::MaybeDowngradePrincipal(
+ nsIPrincipal* aPrincipal) {
+ if (!aPrincipal) {
+ return nullptr;
+ }
+
+ // We can't load a document with an expanded principal. If we're given one,
+ // automatically downgrade it to the last principal it subsumes (which is the
+ // extension principal, in the case of extension content scripts).
+ auto* basePrin = BasePrincipal::Cast(aPrincipal);
+ if (basePrin->Is<ExpandedPrincipal>()) {
+ MOZ_DIAGNOSTIC_ASSERT(false,
+ "Should never try to create a document with "
+ "an expanded principal");
+
+ auto* expanded = basePrin->As<ExpandedPrincipal>();
+ return do_AddRef(expanded->AllowList().LastElement());
+ }
+
+ if (aPrincipal->IsSystemPrincipal() && mDocumentContainer) {
+ // We basically want the parent document here, but because this is very
+ // early in the load, GetInProcessParentDocument() returns null, so we use
+ // the docshell hierarchy to get this information instead.
+ if (RefPtr<BrowsingContext> parent =
+ mDocumentContainer->GetBrowsingContext()->GetParent()) {
+ auto* parentWin = nsGlobalWindowOuter::Cast(parent->GetDOMWindow());
+ if (!parentWin || !parentWin->GetPrincipal()->IsSystemPrincipal()) {
+ nsCOMPtr<nsIPrincipal> nullPrincipal =
+ do_CreateInstance("@mozilla.org/nullprincipal;1");
+ return nullPrincipal.forget();
+ }
+ }
+ }
+ nsCOMPtr<nsIPrincipal> principal(aPrincipal);
+ return principal.forget();
+}
+
+size_t Document::FindDocStyleSheetInsertionPoint(const StyleSheet& aSheet) {
+ nsStyleSheetService* sheetService = nsStyleSheetService::GetInstance();
+
+ // lowest index first
+ int32_t newDocIndex = StyleOrderIndexOfSheet(aSheet);
+
+ size_t count = mStyleSet->SheetCount(StyleOrigin::Author);
+ size_t index = 0;
+ for (; index < count; index++) {
+ auto* sheet = mStyleSet->SheetAt(StyleOrigin::Author, index);
+ MOZ_ASSERT(sheet);
+ int32_t sheetDocIndex = StyleOrderIndexOfSheet(*sheet);
+ if (sheetDocIndex > newDocIndex) {
+ break;
+ }
+
+ // If the sheet is not owned by the document it can be an author
+ // sheet registered at nsStyleSheetService or an additional author
+ // sheet on the document, which means the new
+ // doc sheet should end up before it.
+ if (sheetDocIndex < 0) {
+ if (sheetService) {
+ auto& authorSheets = *sheetService->AuthorStyleSheets();
+ if (authorSheets.IndexOf(sheet) != authorSheets.NoIndex) {
+ break;
+ }
+ }
+ if (sheet == GetFirstAdditionalAuthorSheet()) {
+ break;
+ }
+ }
+ }
+
+ return index;
+}
+
+void Document::ResetStylesheetsToURI(nsIURI* aURI) {
+ MOZ_ASSERT(aURI);
+
+ ClearAdoptedStyleSheets();
+
+ auto ClearSheetList = [&](nsTArray<RefPtr<StyleSheet>>& aSheetList) {
+ for (auto& sheet : Reversed(aSheetList)) {
+ sheet->ClearAssociatedDocumentOrShadowRoot();
+ if (mStyleSetFilled) {
+ mStyleSet->RemoveStyleSheet(*sheet);
+ }
+ }
+ aSheetList.Clear();
+ };
+ ClearSheetList(mStyleSheets);
+ for (auto& sheets : mAdditionalSheets) {
+ ClearSheetList(sheets);
+ }
+ if (mStyleSetFilled) {
+ if (auto* ss = nsStyleSheetService::GetInstance()) {
+ for (auto& sheet : Reversed(*ss->AuthorStyleSheets())) {
+ MOZ_ASSERT(!sheet->GetAssociatedDocumentOrShadowRoot());
+ if (sheet->IsApplicable()) {
+ mStyleSet->RemoveStyleSheet(*sheet);
+ }
+ }
+ }
+ }
+
+ // Now reset our inline style and attribute sheets.
+ if (mAttrStyleSheet) {
+ mAttrStyleSheet->Reset();
+ mAttrStyleSheet->SetOwningDocument(this);
+ } else {
+ mAttrStyleSheet = new nsHTMLStyleSheet(this);
+ }
+
+ if (!mStyleAttrStyleSheet) {
+ mStyleAttrStyleSheet = new nsHTMLCSSStyleSheet();
+ }
+
+ if (mStyleSetFilled) {
+ FillStyleSetDocumentSheets();
+
+ if (mStyleSet->StyleSheetsHaveChanged()) {
+ ApplicableStylesChanged();
+ }
+ }
+}
+
+static void AppendSheetsToStyleSet(
+ ServoStyleSet* aStyleSet, const nsTArray<RefPtr<StyleSheet>>& aSheets) {
+ for (StyleSheet* sheet : Reversed(aSheets)) {
+ aStyleSet->AppendStyleSheet(*sheet);
+ }
+}
+
+void Document::FillStyleSetUserAndUASheets() {
+ // Make sure this does the same thing as PresShell::Add{User,Agent}Sheet wrt
+ // ordering.
+
+ // The document will fill in the document sheets when we create the presshell
+ auto* cache = GlobalStyleSheetCache::Singleton();
+
+ nsStyleSheetService* sheetService = nsStyleSheetService::GetInstance();
+ MOZ_ASSERT(sheetService,
+ "should never be creating a StyleSet after the style sheet "
+ "service has gone");
+
+ for (StyleSheet* sheet : *sheetService->UserStyleSheets()) {
+ mStyleSet->AppendStyleSheet(*sheet);
+ }
+
+ StyleSheet* sheet = IsInChromeDocShell() ? cache->GetUserChromeSheet()
+ : cache->GetUserContentSheet();
+ if (sheet) {
+ mStyleSet->AppendStyleSheet(*sheet);
+ }
+
+ mStyleSet->AppendStyleSheet(*cache->UASheet());
+
+ if (MOZ_LIKELY(NodeInfoManager()->MathMLEnabled())) {
+ mStyleSet->AppendStyleSheet(*cache->MathMLSheet());
+ }
+
+ if (MOZ_LIKELY(NodeInfoManager()->SVGEnabled())) {
+ mStyleSet->AppendStyleSheet(*cache->SVGSheet());
+ }
+
+ mStyleSet->AppendStyleSheet(*cache->HTMLSheet());
+
+ if (nsLayoutUtils::ShouldUseNoFramesSheet(this)) {
+ mStyleSet->AppendStyleSheet(*cache->NoFramesSheet());
+ }
+
+ if (nsLayoutUtils::ShouldUseNoScriptSheet(this)) {
+ mStyleSet->AppendStyleSheet(*cache->NoScriptSheet());
+ }
+
+ mStyleSet->AppendStyleSheet(*cache->CounterStylesSheet());
+
+ // Load the minimal XUL rules for scrollbars and a few other XUL things
+ // that non-XUL (typically HTML) documents commonly use.
+ mStyleSet->AppendStyleSheet(*cache->MinimalXULSheet());
+
+ // Only load the full XUL sheet if we'll need it.
+ if (LoadsFullXULStyleSheetUpFront()) {
+ mStyleSet->AppendStyleSheet(*cache->XULSheet());
+ }
+
+ mStyleSet->AppendStyleSheet(*cache->FormsSheet());
+ mStyleSet->AppendStyleSheet(*cache->ScrollbarsSheet());
+ mStyleSet->AppendStyleSheet(*cache->PluginProblemSheet());
+
+ for (StyleSheet* sheet : *sheetService->AgentStyleSheets()) {
+ mStyleSet->AppendStyleSheet(*sheet);
+ }
+
+ MOZ_ASSERT(!mQuirkSheetAdded);
+ if (NeedsQuirksSheet()) {
+ mStyleSet->AppendStyleSheet(*cache->QuirkSheet());
+ mQuirkSheetAdded = true;
+ }
+}
+
+void Document::FillStyleSet() {
+ MOZ_ASSERT(!mStyleSetFilled);
+ FillStyleSetUserAndUASheets();
+ FillStyleSetDocumentSheets();
+ mStyleSetFilled = true;
+}
+
+void Document::RemoveContentEditableStyleSheets() {
+ MOZ_ASSERT(IsHTMLOrXHTML());
+
+ auto* cache = GlobalStyleSheetCache::Singleton();
+ bool changed = false;
+ if (mDesignModeSheetAdded) {
+ mStyleSet->RemoveStyleSheet(*cache->DesignModeSheet());
+ mDesignModeSheetAdded = false;
+ changed = true;
+ }
+ if (mContentEditableSheetAdded) {
+ mStyleSet->RemoveStyleSheet(*cache->ContentEditableSheet());
+ mContentEditableSheetAdded = false;
+ changed = true;
+ }
+ if (changed) {
+ MOZ_ASSERT(mStyleSetFilled);
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::AddContentEditableStyleSheetsToStyleSet(bool aDesignMode) {
+ MOZ_ASSERT(IsHTMLOrXHTML());
+ MOZ_DIAGNOSTIC_ASSERT(mStyleSetFilled,
+ "Caller should ensure we're being rendered");
+
+ auto* cache = GlobalStyleSheetCache::Singleton();
+ bool changed = false;
+ if (!mContentEditableSheetAdded) {
+ mStyleSet->AppendStyleSheet(*cache->ContentEditableSheet());
+ mContentEditableSheetAdded = true;
+ changed = true;
+ }
+ if (mDesignModeSheetAdded != aDesignMode) {
+ if (mDesignModeSheetAdded) {
+ mStyleSet->RemoveStyleSheet(*cache->DesignModeSheet());
+ } else {
+ mStyleSet->AppendStyleSheet(*cache->DesignModeSheet());
+ }
+ mDesignModeSheetAdded = !mDesignModeSheetAdded;
+ changed = true;
+ }
+ if (changed) {
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::FillStyleSetDocumentSheets() {
+ MOZ_ASSERT(mStyleSet->SheetCount(StyleOrigin::Author) == 0,
+ "Style set already has document sheets?");
+
+ // Sheets are added in reverse order to avoid worst-case time complexity when
+ // looking up the index of a sheet.
+ //
+ // Note that usually appending is faster (rebuilds less stuff in the
+ // styleset), but in this case it doesn't matter since we're filling the
+ // styleset from scratch anyway.
+ for (StyleSheet* sheet : Reversed(mStyleSheets)) {
+ if (sheet->IsApplicable()) {
+ mStyleSet->AddDocStyleSheet(*sheet);
+ }
+ }
+
+ EnumerateUniqueAdoptedStyleSheetsBackToFront([&](StyleSheet& aSheet) {
+ if (aSheet.IsApplicable()) {
+ mStyleSet->AddDocStyleSheet(aSheet);
+ }
+ });
+
+ nsStyleSheetService* sheetService = nsStyleSheetService::GetInstance();
+ for (StyleSheet* sheet : *sheetService->AuthorStyleSheets()) {
+ mStyleSet->AppendStyleSheet(*sheet);
+ }
+
+ AppendSheetsToStyleSet(mStyleSet.get(), mAdditionalSheets[eAgentSheet]);
+ AppendSheetsToStyleSet(mStyleSet.get(), mAdditionalSheets[eUserSheet]);
+ AppendSheetsToStyleSet(mStyleSet.get(), mAdditionalSheets[eAuthorSheet]);
+}
+
+void Document::CompatibilityModeChanged() {
+ MOZ_ASSERT(IsHTMLOrXHTML());
+ CSSLoader()->SetCompatibilityMode(mCompatMode);
+ mStyleSet->CompatibilityModeChanged();
+ if (PresShell* presShell = GetPresShell()) {
+ // Selectors may have become case-sensitive / case-insensitive, the stylist
+ // has already performed the relevant invalidation.
+ presShell->EnsureStyleFlush();
+ }
+ if (!mStyleSetFilled) {
+ MOZ_ASSERT(!mQuirkSheetAdded);
+ return;
+ }
+ if (mQuirkSheetAdded == NeedsQuirksSheet()) {
+ return;
+ }
+ auto* cache = GlobalStyleSheetCache::Singleton();
+ StyleSheet* sheet = cache->QuirkSheet();
+ if (mQuirkSheetAdded) {
+ mStyleSet->RemoveStyleSheet(*sheet);
+ } else {
+ mStyleSet->AppendStyleSheet(*sheet);
+ }
+ mQuirkSheetAdded = !mQuirkSheetAdded;
+ ApplicableStylesChanged();
+}
+
+void Document::SetCompatibilityMode(nsCompatibility aMode) {
+ NS_ASSERTION(IsHTMLDocument() || aMode == eCompatibility_FullStandards,
+ "Bad compat mode for XHTML document!");
+
+ if (mCompatMode == aMode) {
+ return;
+ }
+ mCompatMode = aMode;
+ CompatibilityModeChanged();
+}
+
+static void WarnIfSandboxIneffective(nsIDocShell* aDocShell,
+ uint32_t aSandboxFlags,
+ nsIChannel* aChannel) {
+ // If the document permits allow-top-navigation and
+ // allow-top-navigation-by-user-activation this will permit all top
+ // navigation.
+ if (aSandboxFlags != SANDBOXED_NONE &&
+ !(aSandboxFlags & SANDBOXED_TOPLEVEL_NAVIGATION) &&
+ !(aSandboxFlags & SANDBOXED_TOPLEVEL_NAVIGATION_USER_ACTIVATION)) {
+ nsContentUtils::ReportToConsole(
+ nsIScriptError::warningFlag, "Iframe Sandbox"_ns,
+ aDocShell->GetDocument(), nsContentUtils::eSECURITY_PROPERTIES,
+ "BothAllowTopNavigationAndUserActivationPresent");
+ }
+ // If the document is sandboxed (via the HTML5 iframe sandbox
+ // attribute) and both the allow-scripts and allow-same-origin
+ // keywords are supplied, the sandboxed document can call into its
+ // parent document and remove its sandboxing entirely - we print a
+ // warning to the web console in this case.
+ if (aSandboxFlags & SANDBOXED_NAVIGATION &&
+ !(aSandboxFlags & SANDBOXED_SCRIPTS) &&
+ !(aSandboxFlags & SANDBOXED_ORIGIN)) {
+ RefPtr<BrowsingContext> bc = aDocShell->GetBrowsingContext();
+ MOZ_ASSERT(bc->IsInProcess());
+
+ RefPtr<BrowsingContext> parentBC = bc->GetParent();
+ if (!parentBC || !parentBC->IsInProcess()) {
+ // If parent document is not in process, then by construction it
+ // cannot be same origin.
+ return;
+ }
+
+ // Don't warn if our parent is not the top-level document.
+ if (!parentBC->IsTopContent()) {
+ return;
+ }
+
+ nsCOMPtr<nsIDocShell> parentDocShell = parentBC->GetDocShell();
+ MOZ_ASSERT(parentDocShell);
+
+ nsCOMPtr<nsIChannel> parentChannel;
+ parentDocShell->GetCurrentDocumentChannel(getter_AddRefs(parentChannel));
+ if (!parentChannel) {
+ return;
+ }
+ nsresult rv = nsContentUtils::CheckSameOrigin(aChannel, parentChannel);
+ if (NS_FAILED(rv)) {
+ return;
+ }
+
+ nsCOMPtr<Document> parentDocument = parentDocShell->GetDocument();
+ nsCOMPtr<nsIURI> iframeUri;
+ parentChannel->GetURI(getter_AddRefs(iframeUri));
+ nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
+ "Iframe Sandbox"_ns, parentDocument,
+ nsContentUtils::eSECURITY_PROPERTIES,
+ "BothAllowScriptsAndSameOriginPresent",
+ nsTArray<nsString>(), iframeUri);
+ }
+}
+
+bool Document::IsSynthesized() {
+ nsCOMPtr<nsILoadInfo> loadInfo = mChannel ? mChannel->LoadInfo() : nullptr;
+ return loadInfo && loadInfo->GetServiceWorkerTaintingSynthesized();
+}
+
+// static
+bool Document::IsCallerChromeOrAddon(JSContext* aCx, JSObject* aObject) {
+ nsIPrincipal* principal = nsContentUtils::SubjectPrincipal(aCx);
+ return principal && (principal->IsSystemPrincipal() ||
+ principal->GetIsAddonOrExpandedAddonPrincipal());
+}
+
+nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
+ nsILoadGroup* aLoadGroup,
+ nsISupports* aContainer,
+ nsIStreamListener** aDocListener,
+ bool aReset, nsIContentSink* aSink) {
+ if (MOZ_LOG_TEST(gDocumentLeakPRLog, LogLevel::Debug)) {
+ nsCOMPtr<nsIURI> uri;
+ aChannel->GetURI(getter_AddRefs(uri));
+ MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug,
+ ("DOCUMENT %p StartDocumentLoad %s", this,
+ uri ? uri->GetSpecOrDefault().get() : ""));
+ }
+
+ MOZ_ASSERT(GetReadyStateEnum() == Document::READYSTATE_UNINITIALIZED,
+ "Bad readyState");
+ SetReadyStateInternal(READYSTATE_LOADING);
+
+ if (nsCRT::strcmp(kLoadAsData, aCommand) == 0) {
+ mLoadedAsData = true;
+ // We need to disable script & style loading in this case.
+ // We leave them disabled even in EndLoad(), and let anyone
+ // who puts the document on display to worry about enabling.
+
+ // Do not load/process scripts when loading as data
+ ScriptLoader()->SetEnabled(false);
+
+ // styles
+ CSSLoader()->SetEnabled(
+ false); // Do not load/process styles when loading as data
+ } else if (nsCRT::strcmp("external-resource", aCommand) == 0) {
+ // Allow CSS, but not scripts
+ ScriptLoader()->SetEnabled(false);
+ }
+
+ mMayStartLayout = false;
+ MOZ_ASSERT(!mReadyForIdle,
+ "We should never hit DOMContentLoaded before this point");
+
+ if (aReset) {
+ Reset(aChannel, aLoadGroup);
+ }
+
+ nsAutoCString contentType;
+ nsCOMPtr<nsIPropertyBag2> bag = do_QueryInterface(aChannel);
+ if ((bag && NS_SUCCEEDED(bag->GetPropertyAsACString(u"contentType"_ns,
+ contentType))) ||
+ NS_SUCCEEDED(aChannel->GetContentType(contentType))) {
+ // XXX this is only necessary for viewsource:
+ nsACString::const_iterator start, end, semicolon;
+ contentType.BeginReading(start);
+ contentType.EndReading(end);
+ semicolon = start;
+ FindCharInReadable(';', semicolon, end);
+ SetContentTypeInternal(Substring(start, semicolon));
+ }
+
+ RetrieveRelevantHeaders(aChannel);
+
+ mChannel = aChannel;
+ nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(mChannel);
+ if (inStrmChan) {
+ bool isSrcdocChannel;
+ inStrmChan->GetIsSrcdocChannel(&isSrcdocChannel);
+ if (isSrcdocChannel) {
+ mIsSrcdocDocument = true;
+ }
+ }
+
+ if (mChannel) {
+ nsLoadFlags loadFlags;
+ mChannel->GetLoadFlags(&loadFlags);
+ bool isDocument = false;
+ mChannel->GetIsDocument(&isDocument);
+ if (loadFlags & nsIRequest::LOAD_DOCUMENT_NEEDS_COOKIE && isDocument &&
+ IsSynthesized() && XRE_IsContentProcess()) {
+ ContentChild::UpdateCookieStatus(mChannel);
+ }
+
+ // Store the security info for future use.
+ mChannel->GetSecurityInfo(getter_AddRefs(mSecurityInfo));
+ }
+
+ // If this document is being loaded by a docshell, copy its sandbox flags
+ // to the document, and store the fullscreen enabled flag. These are
+ // immutable after being set here.
+ nsCOMPtr<nsIDocShell> docShell = do_QueryInterface(aContainer);
+
+ // If this is an error page, don't inherit sandbox flags
+ nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+ if (docShell && !loadInfo->GetLoadErrorPage()) {
+ mSandboxFlags = loadInfo->GetSandboxFlags();
+ WarnIfSandboxIneffective(docShell, mSandboxFlags, GetChannel());
+ }
+
+ // Set the opener policy for the top level content document.
+ nsCOMPtr<nsIHttpChannelInternal> httpChan = do_QueryInterface(mChannel);
+ nsILoadInfo::CrossOriginOpenerPolicy policy =
+ nsILoadInfo::OPENER_POLICY_UNSAFE_NONE;
+ if (IsTopLevelContentDocument() && httpChan &&
+ NS_SUCCEEDED(httpChan->GetCrossOriginOpenerPolicy(&policy)) && docShell &&
+ docShell->GetBrowsingContext()) {
+ // Setting the opener policy on a discarded context has no effect.
+ Unused << docShell->GetBrowsingContext()->SetOpenerPolicy(policy);
+ }
+
+ // The CSP directives upgrade-insecure-requests as well as
+ // block-all-mixed-content not only apply to the toplevel document,
+ // but also to nested documents. The loadInfo of a subdocument
+ // load already holds the correct flag, so let's just set it here
+ // on the document. Please note that we set the appropriate preload
+ // bits just for the sake of completeness here, because the preloader
+ // does not reach into subdocuments.
+ mUpgradeInsecureRequests = loadInfo->GetUpgradeInsecureRequests();
+ mUpgradeInsecurePreloads = mUpgradeInsecureRequests;
+ mBlockAllMixedContent = loadInfo->GetBlockAllMixedContent();
+ mBlockAllMixedContentPreloads = mBlockAllMixedContent;
+
+ // HTTPS-Only Mode flags
+ // The HTTPS_ONLY_EXEMPT flag of the HTTPS-Only state gets propagated to all
+ // sub-resources and sub-documents.
+ mHttpsOnlyStatus = loadInfo->GetHttpsOnlyStatus();
+
+ nsresult rv = InitReferrerInfo(aChannel);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ rv = InitCOEP(aChannel);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Check CSP navigate-to
+ // We need to enforce the CSP of the document that initiated the load,
+ // which is the CSP to inherit.
+ nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit();
+ if (cspToInherit) {
+ bool allowsNavigateTo = false;
+ rv = cspToInherit->GetAllowsNavigateTo(
+ mDocumentURI, loadInfo->GetIsFormSubmission(),
+ !loadInfo->RedirectChain().IsEmpty(), /* aWasRedirected */
+ true, /* aEnforceWhitelist */
+ &allowsNavigateTo);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (!allowsNavigateTo) {
+ aChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
+ return NS_OK;
+ }
+ }
+
+ rv = InitCSP(aChannel);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Initialize FeaturePolicy
+ rv = InitFeaturePolicy(aChannel);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ rv = loadInfo->GetCookieJarSettings(getter_AddRefs(mCookieJarSettings));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Generally XFO and CSP frame-ancestors is handled within
+ // DocumentLoadListener. However, the DocumentLoadListener can not handle
+ // object and embed. Until then we have to enforce it here (See Bug 1646899).
+ nsContentPolicyType internalContentType =
+ loadInfo->InternalContentPolicyType();
+ if (internalContentType == nsIContentPolicy::TYPE_INTERNAL_OBJECT ||
+ internalContentType == nsIContentPolicy::TYPE_INTERNAL_EMBED) {
+ nsContentSecurityUtils::PerformCSPFrameAncestorAndXFOCheck(aChannel);
+
+ nsresult status;
+ aChannel->GetStatus(&status);
+ if (status == NS_ERROR_XFO_VIOLATION) {
+ // stop! ERROR page!
+ // But before we have to reset the principal of the document
+ // because the onload() event fires before the error page
+ // is displayed and we do not want the enclosing document
+ // to access the contentDocument.
+ RefPtr<NullPrincipal> nullPrincipal =
+ NullPrincipal::CreateWithInheritedAttributes(NodePrincipal());
+ // Before calling SetPrincipals() we should ensure that mFontFaceSet
+ // and also GetInnerWindow() is still null at this point, before
+ // we can fix Bug 1614735: Evaluate calls to SetPrincipal
+ // within Document.cpp
+ MOZ_ASSERT(!mFontFaceSet && !GetInnerWindow());
+ SetPrincipals(nullPrincipal, nullPrincipal);
+ }
+ }
+
+ return NS_OK;
+}
+
+nsIContentSecurityPolicy* Document::GetCsp() const { return mCSP; }
+
+void Document::SetCsp(nsIContentSecurityPolicy* aCSP) { mCSP = aCSP; }
+
+nsIContentSecurityPolicy* Document::GetPreloadCsp() const {
+ return mPreloadCSP;
+}
+
+void Document::SetPreloadCsp(nsIContentSecurityPolicy* aPreloadCSP) {
+ mPreloadCSP = aPreloadCSP;
+}
+
+void Document::GetCspJSON(nsString& aJSON) {
+ aJSON.Truncate();
+
+ if (!mCSP) {
+ dom::CSPPolicies jsonPolicies;
+ jsonPolicies.ToJSON(aJSON);
+ return;
+ }
+ mCSP->ToJSON(aJSON);
+}
+
+void Document::SendToConsole(nsCOMArray<nsISecurityConsoleMessage>& aMessages) {
+ for (uint32_t i = 0; i < aMessages.Length(); ++i) {
+ nsAutoString messageTag;
+ aMessages[i]->GetTag(messageTag);
+
+ nsAutoString category;
+ aMessages[i]->GetCategory(category);
+
+ nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
+ NS_ConvertUTF16toUTF8(category), this,
+ nsContentUtils::eSECURITY_PROPERTIES,
+ NS_ConvertUTF16toUTF8(messageTag).get());
+ }
+}
+
+void Document::ApplySettingsFromCSP(bool aSpeculative) {
+ nsresult rv = NS_OK;
+ if (!aSpeculative) {
+ // 1) apply settings from regular CSP
+ if (mCSP) {
+ // Set up 'block-all-mixed-content' if not already inherited
+ // from the parent context or set by any other CSP.
+ if (!mBlockAllMixedContent) {
+ rv = mCSP->GetBlockAllMixedContent(&mBlockAllMixedContent);
+ NS_ENSURE_SUCCESS_VOID(rv);
+ }
+ if (!mBlockAllMixedContentPreloads) {
+ mBlockAllMixedContentPreloads = mBlockAllMixedContent;
+ }
+
+ // Set up 'upgrade-insecure-requests' if not already inherited
+ // from the parent context or set by any other CSP.
+ if (!mUpgradeInsecureRequests) {
+ rv = mCSP->GetUpgradeInsecureRequests(&mUpgradeInsecureRequests);
+ NS_ENSURE_SUCCESS_VOID(rv);
+ }
+ if (!mUpgradeInsecurePreloads) {
+ mUpgradeInsecurePreloads = mUpgradeInsecureRequests;
+ }
+ // Update csp settings in the parent process
+ if (auto* wgc = GetWindowGlobalChild()) {
+ wgc->SendUpdateDocumentCspSettings(mBlockAllMixedContent,
+ mUpgradeInsecureRequests);
+ }
+ }
+ return;
+ }
+
+ // 2) apply settings from speculative csp
+ if (mPreloadCSP) {
+ if (!mBlockAllMixedContentPreloads) {
+ rv = mPreloadCSP->GetBlockAllMixedContent(&mBlockAllMixedContentPreloads);
+ NS_ENSURE_SUCCESS_VOID(rv);
+ }
+ if (!mUpgradeInsecurePreloads) {
+ rv = mPreloadCSP->GetUpgradeInsecureRequests(&mUpgradeInsecurePreloads);
+ NS_ENSURE_SUCCESS_VOID(rv);
+ }
+ }
+}
+
+nsresult Document::InitCSP(nsIChannel* aChannel) {
+ MOZ_ASSERT(!mScriptGlobalObject,
+ "CSP must be initialized before mScriptGlobalObject is set!");
+ if (!StaticPrefs::security_csp_enable()) {
+ MOZ_LOG(gCspPRLog, LogLevel::Debug,
+ ("CSP is disabled, skipping CSP init for document %p", this));
+ return NS_OK;
+ }
+
+ // If this is a data document - no need to set CSP.
+ if (mLoadedAsData) {
+ return NS_OK;
+ }
+
+ // If this is an image, no need to set a CSP. Otherwise SVG images
+ // served with a CSP might block internally applied inline styles.
+ nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+ if (loadInfo->GetExternalContentPolicyType() ==
+ ExtContentPolicy::TYPE_IMAGE) {
+ return NS_OK;
+ }
+
+ MOZ_ASSERT(!mCSP, "where did mCSP get set if not here?");
+
+ // If there is a CSP that needs to be inherited from whatever
+ // global is considered the client of the document fetch then
+ // we query it here from the loadinfo in case the newly created
+ // document needs to inherit the CSP. See:
+ // https://w3c.github.io/webappsec-csp/#initialize-document-csp
+ if (CSP_ShouldResponseInheritCSP(aChannel)) {
+ mCSP = loadInfo->GetCspToInherit();
+ }
+
+ // If there is no CSP to inherit, then we create a new CSP here so
+ // that history entries always have the right reference in case a
+ // Meta CSP gets dynamically added after the history entry has
+ // already been created.
+ if (!mCSP) {
+ mCSP = new nsCSPContext();
+ }
+
+ // Always overwrite the requesting context of the CSP so that any new
+ // 'self' keyword added to an inherited CSP translates correctly.
+ nsresult rv = mCSP->SetRequestContextWithDocument(this);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsAutoCString tCspHeaderValue, tCspROHeaderValue;
+
+ nsCOMPtr<nsIHttpChannel> httpChannel;
+ rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ if (httpChannel) {
+ Unused << httpChannel->GetResponseHeader("content-security-policy"_ns,
+ tCspHeaderValue);
+
+ Unused << httpChannel->GetResponseHeader(
+ "content-security-policy-report-only"_ns, tCspROHeaderValue);
+ }
+ NS_ConvertASCIItoUTF16 cspHeaderValue(tCspHeaderValue);
+ NS_ConvertASCIItoUTF16 cspROHeaderValue(tCspROHeaderValue);
+
+ // Check if this is a document from a WebExtension.
+ nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
+ auto addonPolicy = BasePrincipal::Cast(principal)->AddonPolicy();
+
+ // If there's no CSP to apply, go ahead and return early
+ if (!addonPolicy && cspHeaderValue.IsEmpty() && cspROHeaderValue.IsEmpty()) {
+ if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) {
+ nsCOMPtr<nsIURI> chanURI;
+ aChannel->GetURI(getter_AddRefs(chanURI));
+ nsAutoCString aspec;
+ chanURI->GetAsciiSpec(aspec);
+ MOZ_LOG(gCspPRLog, LogLevel::Debug,
+ ("no CSP for document, %s", aspec.get()));
+ }
+
+ return NS_OK;
+ }
+
+ MOZ_LOG(gCspPRLog, LogLevel::Debug,
+ ("Document is an add-on or CSP header specified %p", this));
+
+ // ----- if the doc is an addon, apply its CSP.
+ if (addonPolicy) {
+ mCSP->AppendPolicy(addonPolicy->BaseCSP(), false, false);
+
+ mCSP->AppendPolicy(addonPolicy->ExtensionPageCSP(), false, false);
+ // Bug 1548468: Move CSP off ExpandedPrincipal
+ // Currently the LoadInfo holds the source of truth for every resource load
+ // because LoadInfo::GetCSP() queries the CSP from an ExpandedPrincipal
+ // (and not from the Client) if the load was triggered by an extension.
+ auto* basePrin = BasePrincipal::Cast(principal);
+ if (basePrin->Is<ExpandedPrincipal>()) {
+ basePrin->As<ExpandedPrincipal>()->SetCsp(mCSP);
+ }
+ }
+
+ // ----- if there's a full-strength CSP header, apply it.
+ if (!cspHeaderValue.IsEmpty()) {
+ mHasCSPDeliveredThroughHeader = true;
+ rv = CSP_AppendCSPFromHeader(mCSP, cspHeaderValue, false);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // ----- if there's a report-only CSP header, apply it.
+ if (!cspROHeaderValue.IsEmpty()) {
+ rv = CSP_AppendCSPFromHeader(mCSP, cspROHeaderValue, true);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // ----- Enforce sandbox policy if supplied in CSP header
+ // The document may already have some sandbox flags set (e.g. if the document
+ // is an iframe with the sandbox attribute set). If we have a CSP sandbox
+ // directive, intersect the CSP sandbox flags with the existing flags. This
+ // corresponds to the _least_ permissive policy.
+ uint32_t cspSandboxFlags = SANDBOXED_NONE;
+ rv = mCSP->GetCSPSandboxFlags(&cspSandboxFlags);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Probably the iframe sandbox attribute already caused the creation of a
+ // new NullPrincipal. Only create a new NullPrincipal if CSP requires so
+ // and no one has been created yet.
+ bool needNewNullPrincipal = (cspSandboxFlags & SANDBOXED_ORIGIN) &&
+ !(mSandboxFlags & SANDBOXED_ORIGIN);
+
+ mSandboxFlags |= cspSandboxFlags;
+
+ if (needNewNullPrincipal) {
+ principal = NullPrincipal::CreateWithInheritedAttributes(principal);
+ // Skip setting the content blocking allowlist principal to NullPrincipal.
+ // The principal is only used to enable/disable trackingprotection via
+ // permission and can be shared with the top level sandboxed site.
+ // See Bug 1654546.
+ SetPrincipals(principal, principal);
+ }
+
+ ApplySettingsFromCSP(false);
+ return NS_OK;
+}
+
+already_AddRefed<dom::FeaturePolicy> Document::GetParentFeaturePolicy() {
+ BrowsingContext* browsingContext = GetBrowsingContext();
+ if (!browsingContext) {
+ return nullptr;
+ }
+ if (!browsingContext->IsContentSubframe()) {
+ return nullptr;
+ }
+
+ HTMLIFrameElement* iframe =
+ HTMLIFrameElement::FromNodeOrNull(browsingContext->GetEmbedderElement());
+ if (iframe) {
+ return do_AddRef(iframe->FeaturePolicy());
+ }
+
+ if (XRE_IsParentProcess()) {
+ return do_AddRef(browsingContext->Canonical()->GetContainerFeaturePolicy());
+ }
+
+ WindowContext* windowContext = browsingContext->GetCurrentWindowContext();
+ if (!windowContext) {
+ return nullptr;
+ }
+
+ WindowGlobalChild* child = windowContext->GetWindowGlobalChild();
+ if (!child) {
+ return nullptr;
+ }
+
+ return do_AddRef(child->GetContainerFeaturePolicy());
+}
+
+nsresult Document::InitFeaturePolicy(nsIChannel* aChannel) {
+ MOZ_ASSERT(mFeaturePolicy, "we should only call init once");
+
+ mFeaturePolicy->ResetDeclaredPolicy();
+
+ mFeaturePolicy->SetDefaultOrigin(NodePrincipal());
+
+ RefPtr<mozilla::dom::FeaturePolicy> parentPolicy = GetParentFeaturePolicy();
+ if (parentPolicy) {
+ // Let's inherit the policy from the parent HTMLIFrameElement if it exists.
+ mFeaturePolicy->InheritPolicy(parentPolicy);
+ mFeaturePolicy->SetSrcOrigin(parentPolicy->GetSrcOrigin());
+ }
+
+ // We don't want to parse the http Feature-Policy header if this pref is off.
+ if (!StaticPrefs::dom_security_featurePolicy_header_enabled()) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIHttpChannel> httpChannel;
+ nsresult rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ if (!httpChannel) {
+ return NS_OK;
+ }
+
+ // query the policy from the header
+ nsAutoCString value;
+ rv = httpChannel->GetResponseHeader("Feature-Policy"_ns, value);
+ if (NS_SUCCEEDED(rv)) {
+ mFeaturePolicy->SetDeclaredPolicy(this, NS_ConvertUTF8toUTF16(value),
+ NodePrincipal(), nullptr);
+ }
+
+ return NS_OK;
+}
+
+nsresult Document::InitReferrerInfo(nsIChannel* aChannel) {
+ MOZ_ASSERT(mReferrerInfo);
+ MOZ_ASSERT(mPreloadReferrerInfo);
+
+ if (ReferrerInfo::ShouldResponseInheritReferrerInfo(aChannel)) {
+ // The channel is loading `about:srcdoc`. Srcdoc loads should respond with
+ // their parent's ReferrerInfo when asked for their ReferrerInfo, unless
+ // they have an opaque origin.
+ // https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer
+ if (BrowsingContext* bc = GetBrowsingContext()) {
+ // At this point the document is not fully created and mParentDocument has
+ // not been set yet,
+ Document* parentDoc = bc->GetEmbedderElement()
+ ? bc->GetEmbedderElement()->OwnerDoc()
+ : nullptr;
+ if (parentDoc) {
+ mReferrerInfo = parentDoc->GetReferrerInfo();
+ mPreloadReferrerInfo = mReferrerInfo;
+ return NS_OK;
+ }
+
+ MOZ_ASSERT(bc->IsInProcess() || NodePrincipal()->GetIsNullPrincipal(),
+ "srcdoc without null principal as toplevel!");
+ }
+ }
+
+ nsCOMPtr<nsIHttpChannel> httpChannel;
+ nsresult rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ if (!httpChannel) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIReferrerInfo> referrerInfo = httpChannel->GetReferrerInfo();
+ if (referrerInfo) {
+ mReferrerInfo = referrerInfo;
+ }
+
+ // Override policy if we get one from Referrerr-Policy header
+ mozilla::dom::ReferrerPolicy policy =
+ nsContentUtils::GetReferrerPolicyFromChannel(aChannel);
+ mReferrerInfo = static_cast<dom::ReferrerInfo*>(mReferrerInfo.get())
+ ->CloneWithNewPolicy(policy);
+
+ mPreloadReferrerInfo = mReferrerInfo;
+ return NS_OK;
+}
+
+nsresult Document::InitCOEP(nsIChannel* aChannel) {
+ nsCOMPtr<nsIHttpChannel> httpChannel;
+ nsresult rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel));
+ if (NS_FAILED(rv)) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIHttpChannelInternal> intChannel = do_QueryInterface(httpChannel);
+
+ if (!intChannel) {
+ return NS_OK;
+ }
+
+ nsILoadInfo::CrossOriginEmbedderPolicy policy =
+ nsILoadInfo::EMBEDDER_POLICY_NULL;
+ if (NS_SUCCEEDED(intChannel->GetResponseEmbedderPolicy(&policy))) {
+ mEmbedderPolicy = Some(policy);
+ }
+
+ return NS_OK;
+}
+
+void Document::StopDocumentLoad() {
+ if (mParser) {
+ mParserAborted = true;
+ mParser->Terminate();
+ }
+}
+
+void Document::SetDocumentURI(nsIURI* aURI) {
+ nsCOMPtr<nsIURI> oldBase = GetDocBaseURI();
+ mDocumentURI = aURI;
+ nsIURI* newBase = GetDocBaseURI();
+
+ mDocURISchemeIsChrome = aURI && IsChromeURI(aURI);
+
+ bool equalBases = false;
+ // Changing just the ref of a URI does not change how relative URIs would
+ // resolve wrt to it, so we can treat the bases as equal as long as they're
+ // equal ignoring the ref.
+ if (oldBase && newBase) {
+ oldBase->EqualsExceptRef(newBase, &equalBases);
+ } else {
+ equalBases = !oldBase && !newBase;
+ }
+
+ // If this is the first time we're setting the document's URI, set the
+ // document's original URI.
+ if (!mOriginalURI) mOriginalURI = mDocumentURI;
+
+ // If changing the document's URI changed the base URI of the document, we
+ // need to refresh the hrefs of all the links on the page.
+ if (!equalBases) {
+ RefreshLinkHrefs();
+ }
+
+ // Recalculate our base domain
+ mBaseDomain.Truncate();
+ ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance();
+ if (thirdPartyUtil) {
+ Unused << thirdPartyUtil->GetBaseDomain(mDocumentURI, mBaseDomain);
+ }
+
+ // Tell our WindowGlobalParent that the document's URI has been changed.
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ if (inner && inner->GetWindowGlobalChild()) {
+ inner->GetWindowGlobalChild()->SetDocumentURI(mDocumentURI);
+ }
+}
+
+static void GetFormattedTimeString(PRTime aTime,
+ nsAString& aFormattedTimeString) {
+ PRExplodedTime prtime;
+ PR_ExplodeTime(aTime, PR_LocalTimeParameters, &prtime);
+ // "MM/DD/YYYY hh:mm:ss"
+ char formatedTime[24];
+ if (SprintfLiteral(formatedTime, "%02d/%02d/%04d %02d:%02d:%02d",
+ prtime.tm_month + 1, prtime.tm_mday, int(prtime.tm_year),
+ prtime.tm_hour, prtime.tm_min, prtime.tm_sec)) {
+ CopyASCIItoUTF16(nsDependentCString(formatedTime), aFormattedTimeString);
+ } else {
+ // If we for whatever reason failed to find the last modified time
+ // (or even the current time), fall back to what NS4.x returned.
+ aFormattedTimeString.AssignLiteral(u"01/01/1970 00:00:00");
+ }
+}
+
+void Document::GetLastModified(nsAString& aLastModified) const {
+ if (!mLastModified.IsEmpty()) {
+ aLastModified.Assign(mLastModified);
+ } else {
+ GetFormattedTimeString(PR_Now(), aLastModified);
+ }
+}
+
+static void IncrementExpandoGeneration(Document& aDoc) {
+ ++aDoc.mExpandoAndGeneration.generation;
+}
+
+void Document::AddToNameTable(Element* aElement, nsAtom* aName) {
+ MOZ_ASSERT(
+ nsGenericHTMLElement::ShouldExposeNameAsHTMLDocumentProperty(aElement),
+ "Only put elements that need to be exposed as document['name'] in "
+ "the named table.");
+
+ IdentifierMapEntry* entry = mIdentifierMap.PutEntry(aName);
+
+ // Null for out-of-memory
+ if (entry) {
+ if (!entry->HasNameElement() &&
+ !entry->HasIdElementExposedAsHTMLDocumentProperty()) {
+ IncrementExpandoGeneration(*this);
+ }
+ entry->AddNameElement(this, aElement);
+ }
+}
+
+void Document::RemoveFromNameTable(Element* aElement, nsAtom* aName) {
+ // Speed up document teardown
+ if (mIdentifierMap.Count() == 0) return;
+
+ IdentifierMapEntry* entry = mIdentifierMap.GetEntry(aName);
+ if (!entry) // Could be false if the element was anonymous, hence never added
+ return;
+
+ entry->RemoveNameElement(aElement);
+ if (!entry->HasNameElement() &&
+ !entry->HasIdElementExposedAsHTMLDocumentProperty()) {
+ IncrementExpandoGeneration(*this);
+ }
+}
+
+void Document::AddToIdTable(Element* aElement, nsAtom* aId) {
+ IdentifierMapEntry* entry = mIdentifierMap.PutEntry(aId);
+
+ if (entry) { /* True except on OOM */
+ if (nsGenericHTMLElement::ShouldExposeIdAsHTMLDocumentProperty(aElement) &&
+ !entry->HasNameElement() &&
+ !entry->HasIdElementExposedAsHTMLDocumentProperty()) {
+ IncrementExpandoGeneration(*this);
+ }
+ entry->AddIdElement(aElement);
+ }
+}
+
+void Document::RemoveFromIdTable(Element* aElement, nsAtom* aId) {
+ NS_ASSERTION(aId, "huhwhatnow?");
+
+ // Speed up document teardown
+ if (mIdentifierMap.Count() == 0) {
+ return;
+ }
+
+ IdentifierMapEntry* entry = mIdentifierMap.GetEntry(aId);
+ if (!entry) // Can be null for XML elements with changing ids.
+ return;
+
+ entry->RemoveIdElement(aElement);
+ if (nsGenericHTMLElement::ShouldExposeIdAsHTMLDocumentProperty(aElement) &&
+ !entry->HasNameElement() &&
+ !entry->HasIdElementExposedAsHTMLDocumentProperty()) {
+ IncrementExpandoGeneration(*this);
+ }
+ if (entry->IsEmpty()) {
+ mIdentifierMap.RemoveEntry(entry);
+ }
+}
+
+void Document::UpdateReferrerInfoFromMeta(const nsAString& aMetaReferrer,
+ bool aPreload) {
+ ReferrerPolicyEnum policy =
+ ReferrerInfo::ReferrerPolicyFromMetaString(aMetaReferrer);
+ // The empty string "" corresponds to no referrer policy, causing a fallback
+ // to a referrer policy defined elsewhere.
+ if (policy == ReferrerPolicy::_empty) {
+ return;
+ }
+
+ MOZ_ASSERT(mReferrerInfo);
+ MOZ_ASSERT(mPreloadReferrerInfo);
+
+ if (aPreload) {
+ mPreloadReferrerInfo =
+ static_cast<mozilla::dom::ReferrerInfo*>((mPreloadReferrerInfo).get())
+ ->CloneWithNewPolicy(policy);
+ } else {
+ mReferrerInfo =
+ static_cast<mozilla::dom::ReferrerInfo*>((mReferrerInfo).get())
+ ->CloneWithNewPolicy(policy);
+ }
+}
+
+void Document::SetPrincipals(nsIPrincipal* aNewPrincipal,
+ nsIPrincipal* aNewPartitionedPrincipal) {
+ MOZ_ASSERT(!!aNewPrincipal == !!aNewPartitionedPrincipal);
+ if (aNewPrincipal && mAllowDNSPrefetch &&
+ StaticPrefs::network_dns_disablePrefetchFromHTTPS()) {
+ if (aNewPrincipal->SchemeIs("https")) {
+ mAllowDNSPrefetch = false;
+ }
+ }
+
+ mCSSLoader->DeregisterFromSheetCache();
+
+ mNodeInfoManager->SetDocumentPrincipal(aNewPrincipal);
+ mPartitionedPrincipal = aNewPartitionedPrincipal;
+
+ mCSSLoader->RegisterInSheetCache();
+
+#ifdef DEBUG
+ // Validate that the docgroup is set correctly by calling its getter and
+ // triggering its sanity check.
+ //
+ // If we're setting the principal to null, we don't want to perform the check,
+ // as the document is entering an intermediate state where it does not have a
+ // principal. It will be given another real principal shortly which we will
+ // check. It's not unsafe to have a document which has a null principal in the
+ // same docgroup as another document, so this should not be a problem.
+ if (aNewPrincipal) {
+ GetDocGroup();
+ }
+#endif
+}
+
+#ifdef DEBUG
+void Document::AssertDocGroupMatchesKey() const {
+ // Sanity check that we have an up-to-date and accurate docgroup
+ // We only check if the principal when we can get the browsing context.
+ if (!GetBrowsingContext()) {
+ return;
+ }
+
+ if (mDocGroup) {
+ nsAutoCString docGroupKey;
+
+ // GetKey() can fail, e.g. after the TLD service has shut down.
+ nsresult rv = mozilla::dom::DocGroup::GetKey(
+ NodePrincipal(), CrossOriginIsolated(), docGroupKey);
+ if (NS_SUCCEEDED(rv)) {
+ MOZ_ASSERT(mDocGroup->MatchesKey(docGroupKey));
+ }
+ }
+}
+#endif
+
+nsresult Document::Dispatch(TaskCategory aCategory,
+ already_AddRefed<nsIRunnable>&& aRunnable) {
+ // Note that this method may be called off the main thread.
+ if (mDocGroup) {
+ return mDocGroup->Dispatch(aCategory, std::move(aRunnable));
+ }
+ return DispatcherTrait::Dispatch(aCategory, std::move(aRunnable));
+}
+
+nsISerialEventTarget* Document::EventTargetFor(TaskCategory aCategory) const {
+ if (mDocGroup) {
+ return mDocGroup->EventTargetFor(aCategory);
+ }
+ return DispatcherTrait::EventTargetFor(aCategory);
+}
+
+AbstractThread* Document::AbstractMainThreadFor(
+ mozilla::TaskCategory aCategory) {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (mDocGroup) {
+ return mDocGroup->AbstractMainThreadFor(aCategory);
+ }
+ return DispatcherTrait::AbstractMainThreadFor(aCategory);
+}
+
+void Document::NoteScriptTrackingStatus(const nsACString& aURL,
+ bool aIsTracking) {
+ if (aIsTracking) {
+ mTrackingScripts.PutEntry(aURL);
+ } else {
+ MOZ_ASSERT(!mTrackingScripts.Contains(aURL));
+ }
+}
+
+bool Document::IsScriptTracking(JSContext* aCx) const {
+ JS::AutoFilename filename;
+ uint32_t line = 0;
+ uint32_t column = 0;
+ if (!JS::DescribeScriptedCaller(aCx, &filename, &line, &column)) {
+ return false;
+ }
+ return mTrackingScripts.Contains(nsDependentCString(filename.get()));
+}
+
+NS_IMETHODIMP
+Document::GetApplicationCache(nsIApplicationCache** aApplicationCache) {
+ NS_IF_ADDREF(*aApplicationCache = mApplicationCache);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+Document::SetApplicationCache(nsIApplicationCache* aApplicationCache) {
+ mApplicationCache = aApplicationCache;
+ return NS_OK;
+}
+
+void Document::GetContentType(nsAString& aContentType) {
+ CopyUTF8toUTF16(GetContentTypeInternal(), aContentType);
+}
+
+void Document::SetContentType(const nsAString& aContentType) {
+ SetContentTypeInternal(NS_ConvertUTF16toUTF8(aContentType));
+}
+
+bool Document::GetAllowPlugins() {
+ // First, we ask our docshell if it allows plugins.
+ auto* browsingContext = GetBrowsingContext();
+
+ if (browsingContext) {
+ if (!browsingContext->GetAllowPlugins()) {
+ return false;
+ }
+
+ // If the docshell allows plugins, we check whether
+ // we are sandboxed and plugins should not be allowed.
+ if (mSandboxFlags & SANDBOXED_PLUGINS) {
+ return false;
+ }
+ }
+
+ FlashClassification classification = DocumentFlashClassification();
+ if (classification == FlashClassification::Denied) {
+ return false;
+ }
+
+ return true;
+}
+
+void Document::EnsureL10n() {
+ if (!mDocumentL10n) {
+ Element* elem = GetDocumentElement();
+ if (NS_WARN_IF(!elem)) {
+ return;
+ }
+ bool isSync = elem->HasAttr(kNameSpaceID_None, nsGkAtoms::datal10nsync);
+ mDocumentL10n = DocumentL10n::Create(this, isSync);
+ MOZ_ASSERT(mDocumentL10n);
+ }
+}
+
+bool Document::HasPendingInitialTranslation() {
+ return mDocumentL10n && mDocumentL10n->GetState() != DocumentL10nState::Ready;
+}
+
+DocumentL10n* Document::GetL10n() { return mDocumentL10n; }
+
+bool Document::DocumentSupportsL10n(JSContext* aCx, JSObject* aObject) {
+ JS::Rooted<JSObject*> object(aCx, aObject);
+ nsCOMPtr<nsIPrincipal> callerPrincipal =
+ nsContentUtils::SubjectPrincipal(aCx);
+ nsGlobalWindowInner* win = xpc::WindowOrNull(object);
+ bool allowed = false;
+ callerPrincipal->IsL10nAllowed(win ? win->GetDocumentURI() : nullptr,
+ &allowed);
+ return allowed;
+}
+
+void Document::LocalizationLinkAdded(Element* aLinkElement) {
+ if (!AllowsL10n()) {
+ return;
+ }
+
+ EnsureL10n();
+
+ nsAutoString href;
+ aLinkElement->GetAttr(kNameSpaceID_None, nsGkAtoms::href, href);
+
+ mDocumentL10n->AddResourceId(href);
+
+ if (mReadyState >= READYSTATE_INTERACTIVE) {
+ mDocumentL10n->Activate(true);
+ mDocumentL10n->TriggerInitialTranslation();
+ } else {
+ if (!mDocumentL10n->mBlockingLayout) {
+ // Our initial translation is going to block layout start. Make sure
+ // we don't fire the load event until after that stops happening and
+ // layout has a chance to start.
+ BlockOnload();
+ mDocumentL10n->mBlockingLayout = true;
+ }
+ }
+}
+
+void Document::LocalizationLinkRemoved(Element* aLinkElement) {
+ if (!AllowsL10n()) {
+ return;
+ }
+
+ if (mDocumentL10n) {
+ nsAutoString href;
+ aLinkElement->GetAttr(kNameSpaceID_None, nsGkAtoms::href, href);
+ uint32_t remaining = mDocumentL10n->RemoveResourceId(href);
+ if (remaining == 0) {
+ if (mDocumentL10n->mBlockingLayout) {
+ mDocumentL10n->mBlockingLayout = false;
+ UnblockOnload(/* aFireSync = */ false);
+ }
+ mDocumentL10n = nullptr;
+ }
+ }
+}
+
+/**
+ * This method should be called once the end of the l10n
+ * resource container has been parsed.
+ *
+ * In XUL this is the end of the first </linkset>,
+ * In XHTML/HTML this is the end of </head>.
+ *
+ * This milestone is used to allow for batch
+ * localization context I/O and building done
+ * once when all resources in the document have been
+ * collected.
+ */
+void Document::OnL10nResourceContainerParsed() {
+ if (mDocumentL10n) {
+ mDocumentL10n->Activate(false);
+ }
+}
+
+void Document::OnParsingCompleted() {
+ // Let's call it again, in case the resource
+ // container has not been closed, and only
+ // now we're closing the document.
+ OnL10nResourceContainerParsed();
+
+ if (mDocumentL10n) {
+ mDocumentL10n->TriggerInitialTranslation();
+ }
+}
+
+void Document::InitialTranslationCompleted(bool aL10nCached) {
+ if (mDocumentL10n && mDocumentL10n->mBlockingLayout) {
+ // This means we blocked the load event in LocalizationLinkAdded. It's
+ // important that the load blocker removal here be async, because our caller
+ // will notify the content sink after us, and we want the content sync's
+ // work to happen before the load event fires.
+ mDocumentL10n->mBlockingLayout = false;
+ UnblockOnload(/* aFireSync = */ false);
+ }
+
+ mL10nProtoElements.Clear();
+
+ nsXULPrototypeDocument* proto = GetPrototype();
+ if (proto) {
+ proto->SetIsL10nCached(aL10nCached);
+ }
+}
+
+bool Document::AllowsL10n() const {
+ if (IsStaticDocument()) {
+ // We don't allow l10n on static documents, because the nodes are already
+ // cloned translated, and static docs don't get parsed so we never
+ // TriggerInitialTranslation, etc, so a load blocker would keep hanging
+ // forever.
+ return false;
+ }
+ bool allowed = false;
+ NodePrincipal()->IsL10nAllowed(GetDocumentURI(), &allowed);
+ return allowed;
+}
+
+bool Document::IsWebAnimationsEnabled(JSContext* aCx, JSObject* /*unused*/) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return nsContentUtils::IsSystemCaller(aCx) ||
+ StaticPrefs::dom_animations_api_core_enabled();
+}
+
+bool Document::IsWebAnimationsEnabled(CallerType aCallerType) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return aCallerType == dom::CallerType::System ||
+ StaticPrefs::dom_animations_api_core_enabled();
+}
+
+bool Document::IsWebAnimationsGetAnimationsEnabled(JSContext* aCx,
+ JSObject* /*unused*/
+) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return nsContentUtils::IsSystemCaller(aCx) ||
+ StaticPrefs::dom_animations_api_getAnimations_enabled();
+}
+
+bool Document::AreWebAnimationsImplicitKeyframesEnabled(JSContext* aCx,
+ JSObject* /*unused*/
+) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return nsContentUtils::IsSystemCaller(aCx) ||
+ StaticPrefs::dom_animations_api_implicit_keyframes_enabled();
+}
+
+bool Document::AreWebAnimationsTimelinesEnabled(JSContext* aCx,
+ JSObject* /*unused*/
+) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ return nsContentUtils::IsSystemCaller(aCx) ||
+ StaticPrefs::dom_animations_api_timelines_enabled();
+}
+
+DocumentTimeline* Document::Timeline() {
+ if (!mDocumentTimeline) {
+ mDocumentTimeline = new DocumentTimeline(this, TimeDuration(0));
+ }
+
+ return mDocumentTimeline;
+}
+
+SVGSVGElement* Document::GetSVGRootElement() const {
+ Element* root = GetRootElement();
+ if (!root || !root->IsSVGElement(nsGkAtoms::svg)) {
+ return nullptr;
+ }
+ return static_cast<SVGSVGElement*>(root);
+}
+
+/* Return true if the document is in the focused top-level window, and is an
+ * ancestor of the focused DOMWindow. */
+bool Document::HasFocus(ErrorResult& rv) const {
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (!fm) {
+ rv.Throw(NS_ERROR_NOT_AVAILABLE);
+ return false;
+ }
+
+ // Is there a focused DOMWindow?
+ nsCOMPtr<mozIDOMWindowProxy> focusedWindow;
+ fm->GetFocusedWindow(getter_AddRefs(focusedWindow));
+ if (!focusedWindow) {
+ return false;
+ }
+
+ nsPIDOMWindowOuter* piWindow = nsPIDOMWindowOuter::From(focusedWindow);
+
+ // Are we an ancestor of the focused DOMWindow?
+ for (Document* currentDoc = piWindow->GetDoc(); currentDoc;
+ currentDoc = currentDoc->GetInProcessParentDocument()) {
+ if (currentDoc == this) {
+ // Yes, we are an ancestor
+ return true;
+ }
+ }
+
+ return false;
+}
+
+void Document::GetDesignMode(nsAString& aDesignMode) {
+ if (HasFlag(NODE_IS_EDITABLE)) {
+ aDesignMode.AssignLiteral("on");
+ } else {
+ aDesignMode.AssignLiteral("off");
+ }
+}
+
+void Document::SetDesignMode(const nsAString& aDesignMode,
+ nsIPrincipal& aSubjectPrincipal, ErrorResult& rv) {
+ SetDesignMode(aDesignMode, Some(&aSubjectPrincipal), rv);
+}
+
+static void NotifyEditableStateChange(Document& aDoc) {
+#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
+ nsMutationGuard g;
+#endif
+ for (nsIContent* node = aDoc.GetNextNode(&aDoc); node;
+ node = node->GetNextNode(&aDoc)) {
+ if (auto* element = Element::FromNode(node)) {
+ element->UpdateState(true);
+ }
+ }
+ MOZ_DIAGNOSTIC_ASSERT(!g.Mutated(0));
+}
+
+void Document::SetDesignMode(const nsAString& aDesignMode,
+ const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+ ErrorResult& rv) {
+ if (aSubjectPrincipal.isSome() &&
+ !aSubjectPrincipal.value()->Subsumes(NodePrincipal())) {
+ rv.Throw(NS_ERROR_DOM_PROP_ACCESS_DENIED);
+ return;
+ }
+ bool editableMode = HasFlag(NODE_IS_EDITABLE);
+ if (aDesignMode.LowerCaseEqualsASCII(editableMode ? "off" : "on")) {
+ SetEditableFlag(!editableMode);
+ // Changing the NODE_IS_EDITABLE flags on document changes the intrinsic
+ // state of all descendant elements of it. Update that now.
+ NotifyEditableStateChange(*this);
+ rv = EditingStateChanged();
+ }
+}
+
+nsCommandManager* Document::GetMidasCommandManager() {
+ // check if we have it cached
+ if (mMidasCommandManager) {
+ return mMidasCommandManager;
+ }
+
+ nsPIDOMWindowOuter* window = GetWindow();
+ if (!window) {
+ return nullptr;
+ }
+
+ nsIDocShell* docshell = window->GetDocShell();
+ if (!docshell) {
+ return nullptr;
+ }
+
+ mMidasCommandManager = docshell->GetCommandManager();
+ return mMidasCommandManager;
+}
+
+// static
+void Document::EnsureInitializeInternalCommandDataHashtable() {
+ if (sInternalCommandDataHashtable) {
+ return;
+ }
+ sInternalCommandDataHashtable = new InternalCommandDataHashtable();
+ // clang-format off
+ sInternalCommandDataHashtable->Put(
+ u"bold"_ns,
+ InternalCommandData(
+ "cmd_bold",
+ Command::FormatBold,
+ ExecCommandParam::Ignore,
+ StyleUpdatingCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"italic"_ns,
+ InternalCommandData(
+ "cmd_italic",
+ Command::FormatItalic,
+ ExecCommandParam::Ignore,
+ StyleUpdatingCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"underline"_ns,
+ InternalCommandData(
+ "cmd_underline",
+ Command::FormatUnderline,
+ ExecCommandParam::Ignore,
+ StyleUpdatingCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"strikethrough"_ns,
+ InternalCommandData(
+ "cmd_strikethrough",
+ Command::FormatStrikeThrough,
+ ExecCommandParam::Ignore,
+ StyleUpdatingCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"subscript"_ns,
+ InternalCommandData(
+ "cmd_subscript",
+ Command::FormatSubscript,
+ ExecCommandParam::Ignore,
+ StyleUpdatingCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"superscript"_ns,
+ InternalCommandData(
+ "cmd_superscript",
+ Command::FormatSuperscript,
+ ExecCommandParam::Ignore,
+ StyleUpdatingCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"cut"_ns,
+ InternalCommandData(
+ "cmd_cut",
+ Command::Cut,
+ ExecCommandParam::Ignore,
+ CutCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"copy"_ns,
+ InternalCommandData(
+ "cmd_copy",
+ Command::Copy,
+ ExecCommandParam::Ignore,
+ CopyCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"paste"_ns,
+ InternalCommandData(
+ "cmd_paste",
+ Command::Paste,
+ ExecCommandParam::Ignore,
+ PasteCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"delete"_ns,
+ InternalCommandData(
+ "cmd_deleteCharBackward",
+ Command::DeleteCharBackward,
+ ExecCommandParam::Ignore,
+ DeleteCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"forwarddelete"_ns,
+ InternalCommandData(
+ "cmd_deleteCharForward",
+ Command::DeleteCharForward,
+ ExecCommandParam::Ignore,
+ DeleteCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"selectall"_ns,
+ InternalCommandData(
+ "cmd_selectAll",
+ Command::SelectAll,
+ ExecCommandParam::Ignore,
+ SelectAllCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"undo"_ns,
+ InternalCommandData(
+ "cmd_undo",
+ Command::HistoryUndo,
+ ExecCommandParam::Ignore,
+ UndoCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"redo"_ns,
+ InternalCommandData(
+ "cmd_redo",
+ Command::HistoryRedo,
+ ExecCommandParam::Ignore,
+ RedoCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"indent"_ns,
+ InternalCommandData("cmd_indent",
+ Command::FormatIndent,
+ ExecCommandParam::Ignore,
+ IndentCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"outdent"_ns,
+ InternalCommandData(
+ "cmd_outdent",
+ Command::FormatOutdent,
+ ExecCommandParam::Ignore,
+ OutdentCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"backcolor"_ns,
+ InternalCommandData(
+ "cmd_highlight",
+ Command::FormatBackColor,
+ ExecCommandParam::String,
+ HighlightColorStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"hilitecolor"_ns,
+ InternalCommandData(
+ "cmd_highlight",
+ Command::FormatBackColor,
+ ExecCommandParam::String,
+ HighlightColorStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"forecolor"_ns,
+ InternalCommandData(
+ "cmd_fontColor",
+ Command::FormatFontColor,
+ ExecCommandParam::String,
+ FontColorStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"fontname"_ns,
+ InternalCommandData(
+ "cmd_fontFace",
+ Command::FormatFontName,
+ ExecCommandParam::String,
+ FontFaceStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"fontsize"_ns,
+ InternalCommandData(
+ "cmd_fontSize",
+ Command::FormatFontSize,
+ ExecCommandParam::String,
+ FontSizeStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"increasefontsize"_ns,
+ InternalCommandData(
+ "cmd_increaseFont",
+ Command::FormatIncreaseFontSize,
+ ExecCommandParam::Ignore,
+ IncreaseFontSizeCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"decreasefontsize"_ns,
+ InternalCommandData(
+ "cmd_decreaseFont",
+ Command::FormatDecreaseFontSize,
+ ExecCommandParam::Ignore,
+ DecreaseFontSizeCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"inserthorizontalrule"_ns,
+ InternalCommandData(
+ "cmd_insertHR",
+ Command::InsertHorizontalRule,
+ ExecCommandParam::Ignore,
+ InsertTagCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"createlink"_ns,
+ InternalCommandData(
+ "cmd_insertLinkNoUI",
+ Command::InsertLink,
+ ExecCommandParam::String,
+ InsertTagCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"insertimage"_ns,
+ InternalCommandData(
+ "cmd_insertImageNoUI",
+ Command::InsertImage,
+ ExecCommandParam::String,
+ InsertTagCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"inserthtml"_ns,
+ InternalCommandData(
+ "cmd_insertHTML",
+ Command::InsertHTML,
+ ExecCommandParam::String,
+ InsertHTMLCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"inserttext"_ns,
+ InternalCommandData(
+ "cmd_insertText",
+ Command::InsertText,
+ ExecCommandParam::String,
+ InsertPlaintextCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"gethtml"_ns,
+ InternalCommandData(
+ "cmd_getContents",
+ Command::GetHTML,
+ ExecCommandParam::Ignore,
+ nullptr)); // Not defined in EditorCommands.h
+ sInternalCommandDataHashtable->Put(
+ u"justifyleft"_ns,
+ InternalCommandData(
+ "cmd_align",
+ Command::FormatJustifyLeft,
+ ExecCommandParam::Ignore, // Will be set to "left"
+ AlignCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"justifyright"_ns,
+ InternalCommandData(
+ "cmd_align",
+ Command::FormatJustifyRight,
+ ExecCommandParam::Ignore, // Will be set to "right"
+ AlignCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"justifycenter"_ns,
+ InternalCommandData(
+ "cmd_align",
+ Command::FormatJustifyCenter,
+ ExecCommandParam::Ignore, // Will be set to "center"
+ AlignCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"justifyfull"_ns,
+ InternalCommandData(
+ "cmd_align",
+ Command::FormatJustifyFull,
+ ExecCommandParam::Ignore, // Will be set to "justify"
+ AlignCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"removeformat"_ns,
+ InternalCommandData(
+ "cmd_removeStyles",
+ Command::FormatRemove,
+ ExecCommandParam::Ignore,
+ RemoveStylesCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"unlink"_ns,
+ InternalCommandData(
+ "cmd_removeLinks",
+ Command::FormatRemoveLink,
+ ExecCommandParam::Ignore,
+ StyleUpdatingCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"insertorderedlist"_ns,
+ InternalCommandData(
+ "cmd_ol",
+ Command::InsertOrderedList,
+ ExecCommandParam::Ignore,
+ ListCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"insertunorderedlist"_ns,
+ InternalCommandData(
+ "cmd_ul",
+ Command::InsertUnorderedList,
+ ExecCommandParam::Ignore,
+ ListCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"insertparagraph"_ns,
+ InternalCommandData(
+ "cmd_insertParagraph",
+ Command::InsertParagraph,
+ ExecCommandParam::Ignore,
+ InsertParagraphCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"insertlinebreak"_ns,
+ InternalCommandData(
+ "cmd_insertLineBreak",
+ Command::InsertLineBreak,
+ ExecCommandParam::Ignore,
+ InsertLineBreakCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"formatblock"_ns,
+ InternalCommandData(
+ "cmd_paragraphState",
+ Command::FormatBlock,
+ ExecCommandParam::String,
+ ParagraphStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"heading"_ns,
+ InternalCommandData(
+ "cmd_paragraphState",
+ Command::FormatBlock,
+ ExecCommandParam::String,
+ ParagraphStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"styleWithCSS"_ns,
+ InternalCommandData(
+ "cmd_setDocumentUseCSS",
+ Command::SetDocumentUseCSS,
+ ExecCommandParam::Boolean,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"usecss"_ns, // Legacy command
+ InternalCommandData(
+ "cmd_setDocumentUseCSS",
+ Command::SetDocumentUseCSS,
+ ExecCommandParam::InvertedBoolean,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"contentReadOnly"_ns,
+ InternalCommandData(
+ "cmd_setDocumentReadOnly",
+ Command::SetDocumentReadOnly,
+ ExecCommandParam::Boolean,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"readonly"_ns, // Legacy command
+ InternalCommandData(
+ "cmd_setDocumentReadOnly",
+ Command::SetDocumentReadOnly,
+ ExecCommandParam::InvertedBoolean,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"insertBrOnReturn"_ns,
+ InternalCommandData(
+ "cmd_insertBrOnReturn",
+ Command::SetDocumentInsertBROnEnterKeyPress,
+ ExecCommandParam::Boolean,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"defaultParagraphSeparator"_ns,
+ InternalCommandData(
+ "cmd_defaultParagraphSeparator",
+ Command::SetDocumentDefaultParagraphSeparator,
+ ExecCommandParam::String,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"enableObjectResizing"_ns,
+ InternalCommandData(
+ "cmd_enableObjectResizing",
+ Command::ToggleObjectResizers,
+ ExecCommandParam::Boolean,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"enableInlineTableEditing"_ns,
+ InternalCommandData(
+ "cmd_enableInlineTableEditing",
+ Command::ToggleInlineTableEditor,
+ ExecCommandParam::Boolean,
+ SetDocumentStateCommand::GetInstance));
+ sInternalCommandDataHashtable->Put(
+ u"enableAbsolutePositionEditing"_ns,
+ InternalCommandData(
+ "cmd_enableAbsolutePositionEditing",
+ Command::ToggleAbsolutePositionEditor,
+ ExecCommandParam::Boolean,
+ SetDocumentStateCommand::GetInstance));
+#if 0
+ // with empty string
+ sInternalCommandDataHashtable->Put(
+ u"justifynone"_ns,
+ InternalCommandData(
+ "cmd_align",
+ Command::Undefined,
+ ExecCommandParam::Ignore,
+ nullptr)); // Not implemented yet.
+ // REQUIRED SPECIAL REVIEW special review
+ sInternalCommandDataHashtable->Put(
+ u"saveas"_ns,
+ InternalCommandData(
+ "cmd_saveAs",
+ Command::Undefined,
+ ExecCommandParam::Boolean,
+ nullptr)); // Not implemented yet.
+ // REQUIRED SPECIAL REVIEW special review
+ sInternalCommandDataHashtable->Put(
+ u"print"_ns,
+ InternalCommandData(
+ "cmd_print",
+ Command::Undefined,
+ ExecCommandParam::Boolean,
+ nullptr)); // Not implemented yet.
+#endif // #if 0
+ // clang-format on
+}
+
+Document::InternalCommandData Document::ConvertToInternalCommand(
+ const nsAString& aHTMLCommandName, const nsAString& aValue /* = u""_ns */,
+ nsAString* aAdjustedValue /* = nullptr */) {
+ MOZ_ASSERT(!aAdjustedValue || aAdjustedValue->IsEmpty());
+ EnsureInitializeInternalCommandDataHashtable();
+ InternalCommandData commandData;
+ if (!sInternalCommandDataHashtable->Get(aHTMLCommandName, &commandData)) {
+ return InternalCommandData();
+ }
+ if (!aAdjustedValue) {
+ // No further work to do
+ return commandData;
+ }
+ switch (commandData.mExecCommandParam) {
+ case ExecCommandParam::Ignore:
+ // Just have to copy it, no checking
+ switch (commandData.mCommand) {
+ case Command::FormatJustifyLeft:
+ aAdjustedValue->AssignLiteral("left");
+ break;
+ case Command::FormatJustifyRight:
+ aAdjustedValue->AssignLiteral("right");
+ break;
+ case Command::FormatJustifyCenter:
+ aAdjustedValue->AssignLiteral("center");
+ break;
+ case Command::FormatJustifyFull:
+ aAdjustedValue->AssignLiteral("justify");
+ break;
+ default:
+ MOZ_ASSERT(EditorCommand::GetParamType(commandData.mCommand) ==
+ EditorCommandParamType::None);
+ break;
+ }
+ return commandData;
+
+ case ExecCommandParam::Boolean:
+ MOZ_ASSERT(!!(EditorCommand::GetParamType(commandData.mCommand) &
+ EditorCommandParamType::Bool));
+ // If this is a boolean value and it's not explicitly false (e.g. no
+ // value). We default to "true" (see bug 301490).
+ if (!aValue.LowerCaseEqualsLiteral("false")) {
+ aAdjustedValue->AssignLiteral("true");
+ } else {
+ aAdjustedValue->AssignLiteral("false");
+ }
+ return commandData;
+
+ case ExecCommandParam::InvertedBoolean:
+ MOZ_ASSERT(!!(EditorCommand::GetParamType(commandData.mCommand) &
+ EditorCommandParamType::Bool));
+ // For old backwards commands we invert the check.
+ if (aValue.LowerCaseEqualsLiteral("false")) {
+ aAdjustedValue->AssignLiteral("true");
+ } else {
+ aAdjustedValue->AssignLiteral("false");
+ }
+ return commandData;
+
+ case ExecCommandParam::String:
+ MOZ_ASSERT(!!(
+ EditorCommand::GetParamType(commandData.mCommand) &
+ (EditorCommandParamType::String | EditorCommandParamType::CString)));
+ switch (commandData.mCommand) {
+ case Command::FormatBlock: {
+ const char16_t* start = aValue.BeginReading();
+ const char16_t* end = aValue.EndReading();
+ if (start != end && *start == '<' && *(end - 1) == '>') {
+ ++start;
+ --end;
+ }
+ // XXX Should we reorder this array with actual usage?
+ static const nsStaticAtom* kFormattableBlockTags[] = {
+ // clang-format off
+ nsGkAtoms::address,
+ nsGkAtoms::blockquote,
+ nsGkAtoms::dd,
+ nsGkAtoms::div,
+ nsGkAtoms::dl,
+ nsGkAtoms::dt,
+ nsGkAtoms::h1,
+ nsGkAtoms::h2,
+ nsGkAtoms::h3,
+ nsGkAtoms::h4,
+ nsGkAtoms::h5,
+ nsGkAtoms::h6,
+ nsGkAtoms::p,
+ nsGkAtoms::pre,
+ // clang-format on
+ };
+ nsAutoString value(nsDependentSubstring(start, end));
+ ToLowerCase(value);
+ const nsStaticAtom* valueAtom = NS_GetStaticAtom(value);
+ for (const nsStaticAtom* kTag : kFormattableBlockTags) {
+ if (valueAtom == kTag) {
+ kTag->ToString(*aAdjustedValue);
+ return commandData;
+ }
+ }
+ return InternalCommandData();
+ }
+ case Command::FormatFontSize: {
+ // Per editing spec as of April 23, 2012, we need to reject the value
+ // if it's not a valid floating-point number surrounded by optional
+ // whitespace. Otherwise, we parse it as a legacy font size. For
+ // now, we just parse as a legacy font size regardless (matching
+ // WebKit) -- bug 747879.
+ int32_t size = nsContentUtils::ParseLegacyFontSize(aValue);
+ if (!size) {
+ return InternalCommandData();
+ }
+ MOZ_ASSERT(aAdjustedValue->IsEmpty());
+ aAdjustedValue->AppendInt(size);
+ return commandData;
+ }
+ case Command::InsertImage:
+ case Command::InsertLink:
+ if (aValue.IsEmpty()) {
+ // Invalid value, return false
+ return InternalCommandData();
+ }
+ aAdjustedValue->Assign(aValue);
+ return commandData;
+ case Command::SetDocumentDefaultParagraphSeparator:
+ if (!aValue.LowerCaseEqualsLiteral("div") &&
+ !aValue.LowerCaseEqualsLiteral("p") &&
+ !aValue.LowerCaseEqualsLiteral("br")) {
+ // Invalid value
+ return InternalCommandData();
+ }
+ aAdjustedValue->Assign(aValue);
+ return commandData;
+ default:
+ aAdjustedValue->Assign(aValue);
+ return commandData;
+ }
+
+ default:
+ MOZ_ASSERT_UNREACHABLE("New ExecCommandParam value hasn't been handled");
+ return InternalCommandData();
+ }
+}
+
+bool Document::ExecCommand(const nsAString& aHTMLCommandName, bool aShowUI,
+ const nsAString& aValue,
+ nsIPrincipal& aSubjectPrincipal, ErrorResult& aRv) {
+ // Only allow on HTML documents.
+ if (!IsHTMLOrXHTML()) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_DOCUMENT_EXEC_COMMAND);
+ return false;
+ }
+
+ // if they are requesting UI from us, let's fail since we have no UI
+ if (aShowUI) {
+ return false;
+ }
+
+ // If we're running an execCommand, we should just return false.
+ // https://github.com/w3c/editing/issues/200#issuecomment-575241816
+ if (!StaticPrefs::dom_document_exec_command_nested_calls_allowed() &&
+ mIsRunningExecCommand) {
+ return false;
+ }
+
+ // for optional parameters see dom/src/base/nsHistory.cpp: HistoryImpl::Go()
+ // this might add some ugly JS dependencies?
+
+ nsAutoString adjustedValue;
+ InternalCommandData commandData =
+ ConvertToInternalCommand(aHTMLCommandName, aValue, &adjustedValue);
+ if (commandData.mCommand == Command::DoNothing) {
+ return false;
+ }
+
+ // if editing is not on, bail
+ if (commandData.IsAvailableOnlyWhenEditable() && !IsEditingOnAfterFlush()) {
+ return false;
+ }
+
+ if (commandData.mCommand == Command::GetHTML) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ // Do security check first.
+ if (commandData.IsCutOrCopyCommand()) {
+ if (!nsContentUtils::IsCutCopyAllowed(this, aSubjectPrincipal)) {
+ // We have rejected the event due to it not being performed in an
+ // input-driven context therefore, we report the error to the console.
+ nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns,
+ this, nsContentUtils::eDOM_PROPERTIES,
+ "ExecCommandCutCopyDeniedNotInputDriven");
+ return false;
+ }
+ } else if (commandData.IsPasteCommand()) {
+ if (!nsContentUtils::PrincipalHasPermission(aSubjectPrincipal,
+ nsGkAtoms::clipboardRead)) {
+ return false;
+ }
+ }
+
+ // Next, consider context of command handling which is automatically resolved
+ // by order of controllers in `nsCommandManager::GetControllerForCommand()`.
+ // The order is:
+ // 1. HTMLEditor for the document, if there is.
+ // 2. TextEditor if there is an active element and it has TextEditor like
+ // <input type="text"> or <textarea>.
+ // 3. Retarget to the DocShell or nsCommandManager as what we've done.
+ // XXX Chromium handles `execCommand()` in <input type="text"> or
+ // <textarea> when it's in an editing host and has focus. So, our
+ // traditional behavior is different and does not make sense.
+ RefPtr<TextEditor> maybeHTMLEditor;
+ if (nsPresContext* presContext = GetPresContext()) {
+ if (commandData.IsCutOrCopyCommand()) {
+ // Note that we used to use DocShell to handle `cut` and `copy` command
+ // for dispatching corresponding events for making possible web apps to
+ // implement their own editor without editable elements but supports
+ // standard shortcut keys, etc. In this case, we prefer to use active
+ // element's editor to keep same behavior.
+ maybeHTMLEditor = nsContentUtils::GetActiveEditor(presContext);
+ } else {
+ maybeHTMLEditor = nsContentUtils::GetHTMLEditor(presContext);
+ if (!maybeHTMLEditor) {
+ maybeHTMLEditor = nsContentUtils::GetActiveEditor(presContext);
+ }
+ }
+ }
+
+ // Then, retrieve editor command class instance which should handle it
+ // and can handle it now.
+ RefPtr<EditorCommand> editorCommand;
+ if (!maybeHTMLEditor) {
+ // If the command is available without editor, we should redirect the
+ // command to focused descendant with DocShell.
+ if (commandData.IsAvailableOnlyWhenEditable()) {
+ return false;
+ }
+ } else {
+ // Otherwise, we should use EditorCommand instance (which is singleton
+ // instance) when it's enabled.
+ editorCommand = commandData.mGetEditorCommandFunc();
+ if (NS_WARN_IF(!editorCommand)) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ if (!editorCommand->IsCommandEnabled(commandData.mCommand,
+ maybeHTMLEditor)) {
+ // If the EditorCommand instance is disabled, we should do nothing if
+ // the command requires an editor.
+ if (commandData.IsAvailableOnlyWhenEditable()) {
+ // Return false if editor specific commands is disabled (bug 760052).
+ return false;
+ }
+ // Otherwise, we should redirect it to focused descendant with DocShell.
+ editorCommand = nullptr;
+ }
+ }
+
+ AutoRunningExecCommandMarker markRunningExecCommand(*this);
+
+ // If we cannot use EditorCommand instance directly, we need to handle the
+ // command with traditional path (i.e., with DocShell or nsCommandManager).
+ if (!editorCommand) {
+ MOZ_ASSERT(!commandData.IsAvailableOnlyWhenEditable());
+
+ // Special case clipboard write commands like Command::Cut and
+ // Command::Copy. For such commands, we need the behaviour from
+ // nsWindowRoot::GetControllers() which is to look at the focused element,
+ // and defer to a focused textbox's controller. The code past taken by
+ // other commands in ExecCommand() always uses the window directly, rather
+ // than deferring to the textbox, which is desireable for most editor
+ // commands, but not these commands (as those should allow copying out of
+ // embedded editors). This behaviour is invoked if we call DoCommand()
+ // directly on the docShell.
+ // XXX This means that we allow web app to pick up selected content in
+ // descendant document and write it into the clipboard when a
+ // descendant document has focus. However, Chromium does not allow
+ // this and this seems that it's not good behavior from point of view
+ // of security. We should treat this issue in another bug.
+ if (commandData.IsCutOrCopyCommand()) {
+ nsCOMPtr<nsIDocShell> docShell(mDocumentContainer);
+ if (!docShell) {
+ return false;
+ }
+ nsresult rv = docShell->DoCommand(commandData.mXULCommandName);
+ if (rv == NS_SUCCESS_DOM_NO_OPERATION) {
+ return false;
+ }
+ return NS_SUCCEEDED(rv);
+ }
+
+ // Otherwise (currently, only clipboard read commands like Command::Paste),
+ // we don't need to redirect the command to focused subdocument.
+ // Therefore, we should handle it with nsCommandManager as used to be.
+ // It may dispatch only preceding event of editing on non-editable element
+ // to make web apps possible to handle standard shortcut key, etc in
+ // their own editor.
+ RefPtr<nsCommandManager> commandManager = GetMidasCommandManager();
+ if (!commandManager) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow();
+ if (!window) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ // Return false for disabled commands (bug 760052)
+ if (!commandManager->IsCommandEnabled(
+ nsDependentCString(commandData.mXULCommandName), window)) {
+ return false;
+ }
+
+ MOZ_ASSERT(commandData.IsPasteCommand());
+ aRv =
+ commandManager->DoCommand(commandData.mXULCommandName, nullptr, window);
+ return !aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION) && !aRv.Failed();
+ }
+
+ // Now, our target is fixed to the editor. So, we can use EditorCommand
+ // with the editor directly.
+ MOZ_ASSERT(maybeHTMLEditor);
+
+ EditorCommandParamType paramType =
+ EditorCommand::GetParamType(commandData.mCommand);
+
+ // If we don't have meaningful parameter or the EditorCommand does not
+ // require additional parameter, we can use `DoCommand()`.
+ if (adjustedValue.IsEmpty() || paramType == EditorCommandParamType::None) {
+ MOZ_ASSERT(!(paramType & EditorCommandParamType::Bool));
+ aRv = editorCommand->DoCommand(commandData.mCommand, *maybeHTMLEditor,
+ &aSubjectPrincipal);
+ return !aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION) && !aRv.Failed();
+ }
+
+ // If the EditorCommand requires `bool` parameter, `adjustedValue` must be
+ // "true" or "false" here. So, we can use `DoCommandParam()` which takes
+ // a `bool` value.
+ if (!!(paramType & EditorCommandParamType::Bool)) {
+ MOZ_ASSERT(adjustedValue.EqualsLiteral("true") ||
+ adjustedValue.EqualsLiteral("false"));
+ aRv = editorCommand->DoCommandParam(
+ commandData.mCommand, Some(adjustedValue.EqualsLiteral("true")),
+ *maybeHTMLEditor, &aSubjectPrincipal);
+ return !aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION) && !aRv.Failed();
+ }
+
+ // Now, the EditorCommand requires `nsAString` or `nsACString` parameter
+ // in this case. However, `paramType` may contain both `String` and
+ // `CString` but in such case, we should use `DoCommandParam()` which
+ // takes `nsAString`. So, we should check whether `paramType` contains
+ // `String` or not first.
+ if (!!(paramType & EditorCommandParamType::String)) {
+ MOZ_ASSERT(!adjustedValue.IsVoid());
+ aRv = editorCommand->DoCommandParam(commandData.mCommand, adjustedValue,
+ *maybeHTMLEditor, &aSubjectPrincipal);
+ return !aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION) && !aRv.Failed();
+ }
+
+ // Finally, `paramType` should have `CString`. We should use
+ // `DoCommandParam()` which takes `nsACString`.
+ if (!!(paramType & EditorCommandParamType::CString)) {
+ NS_ConvertUTF16toUTF8 utf8Value(adjustedValue);
+ MOZ_ASSERT(!utf8Value.IsVoid());
+ aRv = editorCommand->DoCommandParam(commandData.mCommand, utf8Value,
+ *maybeHTMLEditor, &aSubjectPrincipal);
+ return !aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION) && !aRv.Failed();
+ }
+
+ MOZ_ASSERT_UNREACHABLE(
+ "Not yet implemented to handle new EditorCommandParamType");
+ return false;
+}
+
+bool Document::QueryCommandEnabled(const nsAString& aHTMLCommandName,
+ nsIPrincipal& aSubjectPrincipal,
+ ErrorResult& aRv) {
+ // Only allow on HTML documents.
+ if (!IsHTMLOrXHTML()) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_DOCUMENT_QUERY_COMMAND_ENABLED);
+ return false;
+ }
+
+ InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName);
+ if (commandData.mCommand == Command::DoNothing) {
+ return false;
+ }
+
+ // cut & copy are always allowed
+ if (commandData.IsCutOrCopyCommand()) {
+ return nsContentUtils::IsCutCopyAllowed(this, aSubjectPrincipal);
+ }
+
+ // Report false for restricted commands
+ if (commandData.IsPasteCommand() && !aSubjectPrincipal.IsSystemPrincipal()) {
+ return false;
+ }
+
+ // if editing is not on, bail
+ if (!IsEditingOnAfterFlush()) {
+ return false;
+ }
+
+ // get command manager and dispatch command to our window if it's acceptable
+ RefPtr<nsCommandManager> commandManager = GetMidasCommandManager();
+ if (!commandManager) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ nsPIDOMWindowOuter* window = GetWindow();
+ if (!window) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ return commandManager->IsCommandEnabled(
+ nsDependentCString(commandData.mXULCommandName), window);
+}
+
+bool Document::QueryCommandIndeterm(const nsAString& aHTMLCommandName,
+ ErrorResult& aRv) {
+ // Only allow on HTML documents.
+ if (!IsHTMLOrXHTML()) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_DOCUMENT_QUERY_COMMAND_INDETERM);
+ return false;
+ }
+
+ InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName);
+ if (commandData.mCommand == Command::DoNothing) {
+ return false;
+ }
+
+ // if editing is not on, bail
+ if (!IsEditingOnAfterFlush()) {
+ return false;
+ }
+
+ // get command manager and dispatch command to our window if it's acceptable
+ RefPtr<nsCommandManager> commandManager = GetMidasCommandManager();
+ if (!commandManager) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ nsPIDOMWindowOuter* window = GetWindow();
+ if (!window) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ RefPtr<nsCommandParams> params = new nsCommandParams();
+ aRv = commandManager->GetCommandState(commandData.mXULCommandName, window,
+ params);
+ if (aRv.Failed()) {
+ return false;
+ }
+
+ // If command does not have a state_mixed value, this call fails and sets
+ // retval to false. This is fine -- we want to return false in that case
+ // anyway (bug 738385), so we just don't throw regardless.
+ return params->GetBool("state_mixed");
+}
+
+bool Document::QueryCommandState(const nsAString& aHTMLCommandName,
+ ErrorResult& aRv) {
+ // Only allow on HTML documents.
+ if (!IsHTMLOrXHTML()) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_DOCUMENT_QUERY_COMMAND_STATE);
+ return false;
+ }
+
+ InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName);
+ if (commandData.mCommand == Command::DoNothing) {
+ return false;
+ }
+
+ // if editing is not on, bail
+ if (!IsEditingOnAfterFlush()) {
+ return false;
+ }
+
+ // get command manager and dispatch command to our window if it's acceptable
+ RefPtr<nsCommandManager> commandManager = GetMidasCommandManager();
+ if (!commandManager) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ nsPIDOMWindowOuter* window = GetWindow();
+ if (!window) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return false;
+ }
+
+ if (aHTMLCommandName.LowerCaseEqualsLiteral("usecss")) {
+ // Per spec, state is supported for styleWithCSS but not useCSS, so we just
+ // return false always.
+ return false;
+ }
+
+ RefPtr<nsCommandParams> params = new nsCommandParams();
+ aRv = commandManager->GetCommandState(commandData.mXULCommandName, window,
+ params);
+ if (aRv.Failed()) {
+ return false;
+ }
+
+ // handle alignment as a special case (possibly other commands too?)
+ // Alignment is special because the external api is individual
+ // commands but internally we use cmd_align with different
+ // parameters. When getting the state of this command, we need to
+ // return the boolean for this particular alignment rather than the
+ // string of 'which alignment is this?'
+ switch (commandData.mCommand) {
+ case Command::FormatJustifyLeft: {
+ nsAutoCString currentValue;
+ aRv = params->GetCString("state_attribute", currentValue);
+ if (aRv.Failed()) {
+ return false;
+ }
+ return currentValue.EqualsLiteral("left");
+ }
+ case Command::FormatJustifyRight: {
+ nsAutoCString currentValue;
+ aRv = params->GetCString("state_attribute", currentValue);
+ if (aRv.Failed()) {
+ return false;
+ }
+ return currentValue.EqualsLiteral("right");
+ }
+ case Command::FormatJustifyCenter: {
+ nsAutoCString currentValue;
+ aRv = params->GetCString("state_attribute", currentValue);
+ if (aRv.Failed()) {
+ return false;
+ }
+ return currentValue.EqualsLiteral("center");
+ }
+ case Command::FormatJustifyFull: {
+ nsAutoCString currentValue;
+ aRv = params->GetCString("state_attribute", currentValue);
+ if (aRv.Failed()) {
+ return false;
+ }
+ return currentValue.EqualsLiteral("justify");
+ }
+ default:
+ break;
+ }
+
+ // If command does not have a state_all value, this call fails and sets
+ // retval to false. This is fine -- we want to return false in that case
+ // anyway (bug 738385), so we just succeed and return false regardless.
+ return params->GetBool("state_all");
+}
+
+bool Document::QueryCommandSupported(const nsAString& aHTMLCommandName,
+ CallerType aCallerType, ErrorResult& aRv) {
+ // Only allow on HTML documents.
+ if (!IsHTMLOrXHTML()) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_DOCUMENT_QUERY_COMMAND_SUPPORTED);
+ return false;
+ }
+
+ InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName);
+ if (commandData.mCommand == Command::DoNothing) {
+ return false;
+ }
+
+ // Gecko technically supports all the clipboard commands including
+ // cut/copy/paste, but non-privileged content will be unable to call
+ // paste, and depending on the pref "dom.allow_cut_copy", cut and copy
+ // may also be disallowed to be called from non-privileged content.
+ // For that reason, we report the support status of corresponding
+ // command accordingly.
+ if (aCallerType != CallerType::System) {
+ if (commandData.IsPasteCommand()) {
+ return false;
+ }
+ if (commandData.IsCutOrCopyCommand() &&
+ !StaticPrefs::dom_allow_cut_copy()) {
+ // XXXbz should we worry about correctly reporting "true" in the
+ // "restricted, but we're an addon with clipboardWrite permissions" case?
+ // See also nsContentUtils::IsCutCopyAllowed.
+ return false;
+ }
+ }
+
+ // aHTMLCommandName is supported if it can be converted to a Midas command
+ return true;
+}
+
+void Document::QueryCommandValue(const nsAString& aHTMLCommandName,
+ nsAString& aValue, ErrorResult& aRv) {
+ aValue.Truncate();
+
+ // Only allow on HTML documents.
+ if (!IsHTMLOrXHTML()) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_DOCUMENT_QUERY_COMMAND_VALUE);
+ return;
+ }
+
+ InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName);
+ if (commandData.mCommand == Command::DoNothing) {
+ // Return empty string
+ return;
+ }
+
+ // if editing is not on, bail
+ if (!IsEditingOnAfterFlush()) {
+ return;
+ }
+
+ // get command manager and dispatch command to our window if it's acceptable
+ RefPtr<nsCommandManager> commandManager = GetMidasCommandManager();
+ if (!commandManager) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow();
+ if (!window) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return;
+ }
+
+ // this is a special command since we are calling DoCommand rather than
+ // GetCommandState like the other commands
+ RefPtr<nsCommandParams> params = new nsCommandParams();
+ if (commandData.mCommand == Command::GetHTML) {
+ aRv = params->SetBool("selection_only", true);
+ if (aRv.Failed()) {
+ return;
+ }
+ aRv = params->SetCString("format", "text/html"_ns);
+ if (aRv.Failed()) {
+ return;
+ }
+ aRv =
+ commandManager->DoCommand(commandData.mXULCommandName, params, window);
+ if (aRv.Failed()) {
+ return;
+ }
+ params->GetString("result", aValue);
+ return;
+ }
+
+ aRv = params->SetCString("state_attribute", ""_ns);
+ if (aRv.Failed()) {
+ return;
+ }
+
+ aRv = commandManager->GetCommandState(commandData.mXULCommandName, window,
+ params);
+ if (aRv.Failed()) {
+ return;
+ }
+
+ // If command does not have a state_attribute value, this call fails, and
+ // aValue will wind up being the empty string. This is fine -- we want to
+ // return "" in that case anyway (bug 738385), so we just return NS_OK
+ // regardless.
+ nsAutoCString result;
+ params->GetCString("state_attribute", result);
+ CopyUTF8toUTF16(result, aValue);
+}
+
+bool Document::IsEditingOnAfterFlush() {
+ RefPtr<Document> doc = GetInProcessParentDocument();
+ if (doc) {
+ // Make sure frames are up to date, since that can affect whether
+ // we're editable.
+ doc->FlushPendingNotifications(FlushType::Frames);
+ }
+
+ return IsEditingOn();
+}
+
+void Document::MaybeEditingStateChanged() {
+ if (!mPendingMaybeEditingStateChanged && mMayStartLayout &&
+ mUpdateNestLevel == 0 && (mContentEditableCount > 0) != IsEditingOn()) {
+ if (nsContentUtils::IsSafeToRunScript()) {
+ EditingStateChanged();
+ } else if (!mInDestructor) {
+ nsContentUtils::AddScriptRunner(
+ NewRunnableMethod("Document::MaybeEditingStateChanged", this,
+ &Document::MaybeEditingStateChanged));
+ }
+ }
+}
+
+void Document::TearingDownEditor() {
+ if (IsEditingOn()) {
+ mEditingState = EditingState::eTearingDown;
+ if (IsHTMLOrXHTML()) {
+ RemoveContentEditableStyleSheets();
+ }
+ }
+}
+
+nsresult Document::TurnEditingOff() {
+ NS_ASSERTION(mEditingState != EditingState::eOff, "Editing is already off.");
+
+ nsPIDOMWindowOuter* window = GetWindow();
+ if (!window) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsIDocShell* docshell = window->GetDocShell();
+ if (!docshell) {
+ return NS_ERROR_FAILURE;
+ }
+
+ bool isBeingDestroyed = false;
+ docshell->IsBeingDestroyed(&isBeingDestroyed);
+ if (isBeingDestroyed) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIEditingSession> editSession;
+ nsresult rv = docshell->GetEditingSession(getter_AddRefs(editSession));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // turn editing off
+ rv = editSession->TearDownEditorOnWindow(window);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ mEditingState = EditingState::eOff;
+
+ // Editor resets selection since it is being destroyed. But if focus is
+ // still into editable control, we have to initialize selection again.
+ if (nsFocusManager* fm = nsFocusManager::GetFocusManager()) {
+ if (RefPtr<TextControlElement> textControlElement =
+ TextControlElement::FromNodeOrNull(fm->GetFocusedElement())) {
+ RefPtr<TextEditor> textEditor = textControlElement->GetTextEditor();
+ if (textEditor) {
+ textEditor->ReinitializeSelection(*textControlElement);
+ }
+ }
+ }
+
+ return NS_OK;
+}
+
+static bool HasPresShell(nsPIDOMWindowOuter* aWindow) {
+ nsIDocShell* docShell = aWindow->GetDocShell();
+ if (!docShell) {
+ return false;
+ }
+ return docShell->GetPresShell() != nullptr;
+}
+
+nsresult Document::EditingStateChanged() {
+ if (mRemovedFromDocShell) {
+ return NS_OK;
+ }
+
+ if (mEditingState == EditingState::eSettingUp ||
+ mEditingState == EditingState::eTearingDown) {
+ // XXX We shouldn't recurse
+ return NS_OK;
+ }
+
+ bool designMode = HasFlag(NODE_IS_EDITABLE);
+ EditingState newState =
+ designMode ? EditingState::eDesignMode
+ : (mContentEditableCount > 0 ? EditingState::eContentEditable
+ : EditingState::eOff);
+ if (mEditingState == newState) {
+ // No changes in editing mode.
+ return NS_OK;
+ }
+
+ if (newState == EditingState::eOff) {
+ // Editing is being turned off.
+ nsAutoScriptBlocker scriptBlocker;
+ NotifyEditableStateChange(*this);
+ return TurnEditingOff();
+ }
+
+ // Flush out style changes on our _parent_ document, if any, so that
+ // our check for a presshell won't get stale information.
+ if (mParentDocument) {
+ mParentDocument->FlushPendingNotifications(FlushType::Style);
+ }
+
+ // get editing session, make sure this is a strong reference so the
+ // window can't get deleted during the rest of this call.
+ nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow();
+ if (!window) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsIDocShell* docshell = window->GetDocShell();
+ if (!docshell) {
+ return NS_ERROR_FAILURE;
+ }
+
+ // FlushPendingNotifications might destroy our docshell.
+ bool isBeingDestroyed = false;
+ docshell->IsBeingDestroyed(&isBeingDestroyed);
+ if (isBeingDestroyed) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIEditingSession> editSession;
+ nsresult rv = docshell->GetEditingSession(getter_AddRefs(editSession));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ RefPtr<HTMLEditor> htmlEditor = editSession->GetHTMLEditorForWindow(window);
+ if (htmlEditor) {
+ // We might already have an editor if it was set up for mail, let's see
+ // if this is actually the case.
+ uint32_t flags = 0;
+ htmlEditor->GetFlags(&flags);
+ if (flags & nsIEditor::eEditorMailMask) {
+ // We already have a mail editor, then we should not attempt to create
+ // another one.
+ return NS_OK;
+ }
+ }
+
+ if (!HasPresShell(window)) {
+ // We should not make the window editable or setup its editor.
+ // It's probably style=display:none.
+ return NS_OK;
+ }
+
+ bool makeWindowEditable = mEditingState == EditingState::eOff;
+ bool spellRecheckAll = false;
+ bool putOffToRemoveScriptBlockerUntilModifyingEditingState = false;
+ htmlEditor = nullptr;
+
+ {
+ EditingState oldState = mEditingState;
+ nsAutoEditingState push(this, EditingState::eSettingUp);
+
+ RefPtr<PresShell> presShell = GetPresShell();
+ NS_ENSURE_TRUE(presShell, NS_ERROR_FAILURE);
+
+ // If we're entering the design mode from non-editable state, put the
+ // selection at the beginning of the document for compatibility reasons.
+ bool collapseSelectionAtBeginningOfDocument =
+ designMode && oldState == EditingState::eOff;
+ // However, mEditingState may be eOff even if there is some
+ // `contenteditable` area and selection has been initialized for it because
+ // mEditingState for `contenteditable` may have been scheduled to modify
+ // when safe. In such case, we should not reinitialize selection.
+ if (collapseSelectionAtBeginningOfDocument && mContentEditableCount) {
+ Selection* selection =
+ presShell->GetSelection(nsISelectionController::SELECTION_NORMAL);
+ NS_WARNING_ASSERTION(selection, "Why don't we have Selection?");
+ if (selection && selection->RangeCount()) {
+ // Perhaps, we don't need to check whether the selection is in
+ // an editing host or not because all contents will be editable
+ // in designMode. (And we don't want to make this code so complicated
+ // because of legacy API.)
+ collapseSelectionAtBeginningOfDocument = false;
+ }
+ }
+
+ MOZ_ASSERT(mStyleSetFilled);
+
+ // Before making this window editable, we need to modify UA style sheet
+ // because new style may change whether focused element will be focusable
+ // or not.
+ if (IsHTMLOrXHTML()) {
+ AddContentEditableStyleSheetsToStyleSet(designMode);
+ }
+
+ if (designMode) {
+ // designMode is being turned on (overrides contentEditable).
+ spellRecheckAll = oldState == EditingState::eContentEditable;
+ }
+
+ // Adjust focused element with new style but blur event shouldn't be fired
+ // until mEditingState is modified with newState.
+ nsAutoScriptBlocker scriptBlocker;
+ if (designMode) {
+ nsCOMPtr<nsPIDOMWindowOuter> focusedWindow;
+ nsIContent* focusedContent = nsFocusManager::GetFocusedDescendant(
+ window, nsFocusManager::eOnlyCurrentWindow,
+ getter_AddRefs(focusedWindow));
+ if (focusedContent) {
+ nsIFrame* focusedFrame = focusedContent->GetPrimaryFrame();
+ bool clearFocus = focusedFrame ? !focusedFrame->IsFocusable()
+ : !focusedContent->IsFocusable();
+ if (clearFocus) {
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (fm) {
+ fm->ClearFocus(window);
+ // If we need to dispatch blur event, we should put off after
+ // modifying mEditingState since blur event handler may change
+ // designMode state again.
+ putOffToRemoveScriptBlockerUntilModifyingEditingState = true;
+ }
+ }
+ }
+ }
+
+ if (makeWindowEditable) {
+ // Editing is being turned on (through designMode or contentEditable)
+ // Turn on editor.
+ // XXX This can cause flushing which can change the editing state, so make
+ // sure to avoid recursing.
+ rv = editSession->MakeWindowEditable(window, "html", false, false, true);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // XXX Need to call TearDownEditorOnWindow for all failures.
+ htmlEditor = docshell->GetHTMLEditor();
+ if (!htmlEditor) {
+ // Return NS_OK even though we've failed to create an editor here. This
+ // is so that the setter of designMode on non-HTML documents does not
+ // fail.
+ // This is OK to do because in nsEditingSession::SetupEditorOnWindow() we
+ // would detect that we can't support the mimetype if appropriate and
+ // would fall onto the eEditorErrorCantEditMimeType path.
+ return NS_OK;
+ }
+
+ if (collapseSelectionAtBeginningOfDocument) {
+ htmlEditor->BeginningOfDocument();
+ }
+
+ if (putOffToRemoveScriptBlockerUntilModifyingEditingState) {
+ nsContentUtils::AddScriptBlocker();
+ }
+ }
+
+ mEditingState = newState;
+ if (putOffToRemoveScriptBlockerUntilModifyingEditingState) {
+ nsContentUtils::RemoveScriptBlocker();
+ // If mEditingState is overwritten by another call and already disabled
+ // the editing, we shouldn't keep making window editable.
+ if (mEditingState == EditingState::eOff) {
+ return NS_OK;
+ }
+ }
+
+ if (makeWindowEditable) {
+ // Set the editor to not insert br's on return when in p
+ // elements by default.
+ // XXX Do we only want to do this for designMode?
+ // Note that it doesn't matter what CallerType we pass, because the callee
+ // doesn't use it for this command. Play it safe and pass the more
+ // restricted one.
+ ErrorResult errorResult;
+ nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
+ Unused << ExecCommand(u"insertBrOnReturn"_ns, false, u"false"_ns,
+ // Principal doesn't matter here, because the
+ // insertBrOnReturn command doesn't use it. Still
+ // it's too bad we can't easily grab a nullprincipal
+ // from somewhere without allocating one..
+ *principal, errorResult);
+
+ if (errorResult.Failed()) {
+ // Editor setup failed. Editing is not on after all.
+ // XXX Should we reset the editable flag on nodes?
+ editSession->TearDownEditorOnWindow(window);
+ mEditingState = EditingState::eOff;
+
+ return errorResult.StealNSResult();
+ }
+ }
+
+ // Resync the editor's spellcheck state.
+ if (spellRecheckAll) {
+ nsCOMPtr<nsISelectionController> selectionController =
+ htmlEditor->GetSelectionController();
+ if (NS_WARN_IF(!selectionController)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ RefPtr<Selection> spellCheckSelection = selectionController->GetSelection(
+ nsISelectionController::SELECTION_SPELLCHECK);
+ if (spellCheckSelection) {
+ spellCheckSelection->RemoveAllRanges(IgnoreErrors());
+ }
+ }
+ htmlEditor->SyncRealTimeSpell();
+
+ MaybeDispatchCheckKeyPressEventModelEvent();
+
+ return NS_OK;
+}
+
+// Helper class, used below in ChangeContentEditableCount().
+class DeferredContentEditableCountChangeEvent : public Runnable {
+ public:
+ DeferredContentEditableCountChangeEvent(Document* aDoc, Element* aElement)
+ : mozilla::Runnable("DeferredContentEditableCountChangeEvent"),
+ mDoc(aDoc),
+ mElement(aElement) {}
+
+ NS_IMETHOD Run() override {
+ if (mElement && mElement->OwnerDoc() == mDoc) {
+ mDoc->DeferredContentEditableCountChange(mElement);
+ }
+ return NS_OK;
+ }
+
+ private:
+ RefPtr<Document> mDoc;
+ RefPtr<Element> mElement;
+};
+
+void Document::ChangeContentEditableCount(Element* aElement, int32_t aChange) {
+ NS_ASSERTION(int32_t(mContentEditableCount) + aChange >= 0,
+ "Trying to decrement too much.");
+
+ mContentEditableCount += aChange;
+
+ nsContentUtils::AddScriptRunner(
+ new DeferredContentEditableCountChangeEvent(this, aElement));
+}
+
+void Document::DeferredContentEditableCountChange(Element* aElement) {
+ if (mParser ||
+ (mUpdateNestLevel > 0 && (mContentEditableCount > 0) != IsEditingOn())) {
+ return;
+ }
+
+ EditingState oldState = mEditingState;
+
+ nsresult rv = EditingStateChanged();
+ NS_ENSURE_SUCCESS_VOID(rv);
+
+ if (oldState == mEditingState &&
+ mEditingState == EditingState::eContentEditable) {
+ // We just changed the contentEditable state of a node, we need to reset
+ // the spellchecking state of that node.
+ if (aElement) {
+ nsPIDOMWindowOuter* window = GetWindow();
+ if (!window) {
+ return;
+ }
+
+ nsIDocShell* docshell = window->GetDocShell();
+ if (!docshell) {
+ return;
+ }
+
+ RefPtr<HTMLEditor> htmlEditor = docshell->GetHTMLEditor();
+ if (htmlEditor) {
+ RefPtr<nsRange> range = nsRange::Create(aElement);
+ IgnoredErrorResult res;
+ range->SelectNode(*aElement, res);
+ if (res.Failed()) {
+ // The node might be detached from the document at this point,
+ // which would cause this call to fail. In this case, we can
+ // safely ignore the contenteditable count change.
+ return;
+ }
+
+ nsCOMPtr<nsIInlineSpellChecker> spellChecker;
+ rv = htmlEditor->GetInlineSpellChecker(false,
+ getter_AddRefs(spellChecker));
+ NS_ENSURE_SUCCESS_VOID(rv);
+
+ if (spellChecker) {
+ rv = spellChecker->SpellCheckRange(range);
+ NS_ENSURE_SUCCESS_VOID(rv);
+ }
+ }
+ }
+ }
+}
+
+void Document::MaybeDispatchCheckKeyPressEventModelEvent() {
+ // Currently, we need to check only when we're becoming editable for
+ // contenteditable.
+ if (mEditingState != EditingState::eContentEditable) {
+ return;
+ }
+
+ if (mHasBeenEditable) {
+ return;
+ }
+ mHasBeenEditable = true;
+
+ // Dispatch "CheckKeyPressEventModel" event. That is handled only by
+ // KeyPressEventModelCheckerChild. Then, it calls SetKeyPressEventModel()
+ // with proper keypress event for the active web app.
+ WidgetEvent checkEvent(true, eUnidentifiedEvent);
+ checkEvent.mSpecifiedEventType = nsGkAtoms::onCheckKeyPressEventModel;
+ checkEvent.mFlags.mCancelable = false;
+ checkEvent.mFlags.mBubbles = false;
+ checkEvent.mFlags.mOnlySystemGroupDispatch = true;
+ // Post the event rather than dispatching it synchronously because we need
+ // a call of SetKeyPressEventModel() before first key input. Therefore, we
+ // can avoid paying unnecessary runtime cost for most web apps.
+ (new AsyncEventDispatcher(this, checkEvent))->PostDOMEvent();
+}
+
+void Document::SetKeyPressEventModel(uint16_t aKeyPressEventModel) {
+ PresShell* presShell = GetPresShell();
+ if (!presShell) {
+ return;
+ }
+ presShell->SetKeyPressEventModel(aKeyPressEventModel);
+}
+
+TimeStamp Document::LastFocusTime() const { return mLastFocusTime; }
+
+void Document::SetLastFocusTime(const TimeStamp& aFocusTime) {
+ MOZ_DIAGNOSTIC_ASSERT(!aFocusTime.IsNull());
+ MOZ_DIAGNOSTIC_ASSERT(mLastFocusTime.IsNull() ||
+ aFocusTime >= mLastFocusTime);
+ mLastFocusTime = aFocusTime;
+}
+
+void Document::GetReferrer(nsAString& aReferrer) const {
+ aReferrer.Truncate();
+ if (!mReferrerInfo) {
+ return;
+ }
+
+ nsCOMPtr<nsIURI> referrer = mReferrerInfo->GetComputedReferrer();
+ if (!referrer) {
+ return;
+ }
+
+ nsAutoCString uri;
+ nsresult rv = URLDecorationStripper::StripTrackingIdentifiers(referrer, uri);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return;
+ }
+
+ CopyUTF8toUTF16(uri, aReferrer);
+}
+
+void Document::GetCookie(nsAString& aCookie, ErrorResult& rv) {
+ aCookie.Truncate(); // clear current cookie in case service fails;
+ // no cookie isn't an error condition.
+
+ if (mDisableCookieAccess) {
+ return;
+ }
+
+ // If the document's sandboxed origin flag is set, access to read cookies
+ // is prohibited.
+ if (mSandboxFlags & SANDBOXED_ORIGIN) {
+ rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
+ }
+
+ StorageAccess storageAccess = StorageAllowedForDocument(this);
+ if (storageAccess == StorageAccess::eDeny) {
+ return;
+ }
+
+ if (ShouldPartitionStorage(storageAccess) &&
+ !StoragePartitioningEnabled(storageAccess, CookieJarSettings())) {
+ return;
+ }
+
+ // If the document is a cookie-averse Document... return the empty string.
+ if (IsCookieAverse()) {
+ return;
+ }
+
+ // not having a cookie service isn't an error
+ nsCOMPtr<nsICookieService> service =
+ do_GetService(NS_COOKIESERVICE_CONTRACTID);
+ if (service) {
+ nsAutoCString cookie;
+ service->GetCookieStringFromDocument(this, cookie);
+ // CopyUTF8toUTF16 doesn't handle error
+ // because it assumes that the input is valid.
+ UTF_8_ENCODING->DecodeWithoutBOMHandling(cookie, aCookie);
+ }
+}
+
+void Document::SetCookie(const nsAString& aCookie, ErrorResult& aRv) {
+ if (mDisableCookieAccess) {
+ return;
+ }
+
+ // If the document's sandboxed origin flag is set, access to write cookies
+ // is prohibited.
+ if (mSandboxFlags & SANDBOXED_ORIGIN) {
+ aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
+ }
+
+ StorageAccess storageAccess = StorageAllowedForDocument(this);
+ if (storageAccess == StorageAccess::eDeny) {
+ return;
+ }
+
+ if (ShouldPartitionStorage(storageAccess) &&
+ !StoragePartitioningEnabled(storageAccess, CookieJarSettings())) {
+ return;
+ }
+
+ // If the document is a cookie-averse Document... do nothing.
+ if (IsCookieAverse()) {
+ return;
+ }
+
+ if (!mDocumentURI) {
+ return;
+ }
+
+ // not having a cookie service isn't an error
+ nsCOMPtr<nsICookieService> service =
+ do_GetService(NS_COOKIESERVICE_CONTRACTID);
+ if (!service) {
+ return;
+ }
+
+ NS_ConvertUTF16toUTF8 cookie(aCookie);
+ nsresult rv = service->SetCookieStringFromDocument(this, cookie);
+
+ // No warning messages here.
+ if (NS_FAILED(rv)) {
+ return;
+ }
+
+ nsCOMPtr<nsIObserverService> observerService =
+ mozilla::services::GetObserverService();
+ if (observerService) {
+ observerService->NotifyObservers(ToSupports(this), "document-set-cookie",
+ nsString(aCookie).get());
+ }
+}
+
+ReferrerPolicy Document::GetReferrerPolicy() const {
+ return mReferrerInfo ? mReferrerInfo->ReferrerPolicy()
+ : ReferrerPolicy::_empty;
+}
+
+void Document::GetAlinkColor(nsAString& aAlinkColor) {
+ aAlinkColor.Truncate();
+
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->GetALink(aAlinkColor);
+ }
+}
+
+void Document::SetAlinkColor(const nsAString& aAlinkColor) {
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->SetALink(aAlinkColor);
+ }
+}
+
+void Document::GetLinkColor(nsAString& aLinkColor) {
+ aLinkColor.Truncate();
+
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->GetLink(aLinkColor);
+ }
+}
+
+void Document::SetLinkColor(const nsAString& aLinkColor) {
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->SetLink(aLinkColor);
+ }
+}
+
+void Document::GetVlinkColor(nsAString& aVlinkColor) {
+ aVlinkColor.Truncate();
+
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->GetVLink(aVlinkColor);
+ }
+}
+
+void Document::SetVlinkColor(const nsAString& aVlinkColor) {
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->SetVLink(aVlinkColor);
+ }
+}
+
+void Document::GetBgColor(nsAString& aBgColor) {
+ aBgColor.Truncate();
+
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->GetBgColor(aBgColor);
+ }
+}
+
+void Document::SetBgColor(const nsAString& aBgColor) {
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->SetBgColor(aBgColor);
+ }
+}
+
+void Document::GetFgColor(nsAString& aFgColor) {
+ aFgColor.Truncate();
+
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->GetText(aFgColor);
+ }
+}
+
+void Document::SetFgColor(const nsAString& aFgColor) {
+ HTMLBodyElement* body = GetBodyElement();
+ if (body) {
+ body->SetText(aFgColor);
+ }
+}
+
+void Document::CaptureEvents() {
+ WarnOnceAbout(DeprecatedOperations::eUseOfCaptureEvents);
+}
+
+void Document::ReleaseEvents() {
+ WarnOnceAbout(DeprecatedOperations::eUseOfReleaseEvents);
+}
+
+HTMLAllCollection* Document::All() {
+ if (!mAll) {
+ mAll = new HTMLAllCollection(this);
+ }
+ return mAll;
+}
+
+nsresult Document::GetSrcdocData(nsAString& aSrcdocData) {
+ if (mIsSrcdocDocument) {
+ nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(mChannel);
+ if (inStrmChan) {
+ return inStrmChan->GetSrcdocData(aSrcdocData);
+ }
+ }
+ aSrcdocData = VoidString();
+ return NS_OK;
+}
+
+Nullable<WindowProxyHolder> Document::GetDefaultView() const {
+ nsPIDOMWindowOuter* win = GetWindow();
+ if (!win) {
+ return nullptr;
+ }
+ return WindowProxyHolder(win->GetBrowsingContext());
+}
+
+nsIContent* Document::GetUnretargetedFocusedContent() const {
+ nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow();
+ if (!window) {
+ return nullptr;
+ }
+ nsCOMPtr<nsPIDOMWindowOuter> focusedWindow;
+ nsIContent* focusedContent = nsFocusManager::GetFocusedDescendant(
+ window, nsFocusManager::eOnlyCurrentWindow,
+ getter_AddRefs(focusedWindow));
+ if (!focusedContent) {
+ return nullptr;
+ }
+ // be safe and make sure the element is from this document
+ if (focusedContent->OwnerDoc() != this) {
+ return nullptr;
+ }
+
+ if (focusedContent->ChromeOnlyAccess()) {
+ return focusedContent->FindFirstNonChromeOnlyAccessContent();
+ }
+ return focusedContent;
+}
+
+Element* Document::GetActiveElement() {
+ // Get the focused element.
+ Element* focusedElement = GetRetargetedFocusedElement();
+ if (focusedElement) {
+ return focusedElement;
+ }
+
+ // No focused element anywhere in this document. Try to get the BODY.
+ if (IsHTMLOrXHTML()) {
+ Element* bodyElement = AsHTMLDocument()->GetBody();
+ if (bodyElement) {
+ return bodyElement;
+ }
+ // Special case to handle the transition to XHTML from XUL documents
+ // where there currently isn't a body element, but we need to match the
+ // XUL behavior. This should be removed when bug 1540278 is resolved.
+ if (nsContentUtils::IsChromeDoc(this)) {
+ Element* docElement = GetDocumentElement();
+ if (docElement && docElement->IsXULElement()) {
+ return docElement;
+ }
+ }
+ // Because of IE compatibility, return null when html document doesn't have
+ // a body.
+ return nullptr;
+ }
+
+ // If we couldn't get a BODY, return the root element.
+ return GetDocumentElement();
+}
+
+Element* Document::GetCurrentScript() {
+ nsCOMPtr<Element> el(do_QueryInterface(ScriptLoader()->GetCurrentScript()));
+ return el;
+}
+
+void Document::ReleaseCapture() const {
+ // only release the capture if the caller can access it. This prevents a
+ // page from stopping a scrollbar grab for example.
+ nsCOMPtr<nsINode> node = PresShell::GetCapturingContent();
+ if (node && nsContentUtils::CanCallerAccess(node)) {
+ PresShell::ReleaseCapturingContent();
+ }
+}
+
+nsIURI* Document::GetBaseURI(bool aTryUseXHRDocBaseURI) const {
+ if (aTryUseXHRDocBaseURI && mChromeXHRDocBaseURI) {
+ return mChromeXHRDocBaseURI;
+ }
+
+ return GetDocBaseURI();
+}
+
+void Document::SetBaseURI(nsIURI* aURI) {
+ if (!aURI && !mDocumentBaseURI) {
+ return;
+ }
+
+ // Don't do anything if the URI wasn't actually changed.
+ if (aURI && mDocumentBaseURI) {
+ bool equalBases = false;
+ mDocumentBaseURI->Equals(aURI, &equalBases);
+ if (equalBases) {
+ return;
+ }
+ }
+
+ mDocumentBaseURI = aURI;
+ RefreshLinkHrefs();
+}
+
+Result<OwningNonNull<nsIURI>, nsresult> Document::ResolveWithBaseURI(
+ const nsAString& aURI) {
+ RefPtr<nsIURI> resolvedURI;
+ MOZ_TRY(
+ NS_NewURI(getter_AddRefs(resolvedURI), aURI, nullptr, GetDocBaseURI()));
+ return OwningNonNull<nsIURI>(std::move(resolvedURI));
+}
+
+URLExtraData* Document::DefaultStyleAttrURLData() {
+ MOZ_ASSERT(NS_IsMainThread());
+ nsIURI* baseURI = GetDocBaseURI();
+ nsIPrincipal* principal = NodePrincipal();
+ bool equals;
+ if (!mCachedURLData || mCachedURLData->BaseURI() != baseURI ||
+ mCachedURLData->Principal() != principal || !mCachedReferrerInfo ||
+ NS_FAILED(mCachedURLData->ReferrerInfo()->Equals(mCachedReferrerInfo,
+ &equals)) ||
+ !equals) {
+ mCachedReferrerInfo = ReferrerInfo::CreateForInternalCSSResources(this);
+ mCachedURLData = new URLExtraData(baseURI, mCachedReferrerInfo, principal);
+ }
+ return mCachedURLData;
+}
+
+void Document::SetDocumentCharacterSet(NotNull<const Encoding*> aEncoding) {
+ if (mCharacterSet != aEncoding) {
+ mCharacterSet = aEncoding;
+ mEncodingMenuDisabled = aEncoding == UTF_8_ENCODING;
+ RecomputeLanguageFromCharset();
+
+ if (nsPresContext* context = GetPresContext()) {
+ context->DocumentCharSetChanged(aEncoding);
+ }
+ }
+}
+
+void Document::GetSandboxFlagsAsString(nsAString& aFlags) {
+ nsContentUtils::SandboxFlagsToString(mSandboxFlags, aFlags);
+}
+
+void Document::GetHeaderData(nsAtom* aHeaderField, nsAString& aData) const {
+ aData.Truncate();
+ const DocHeaderData* data = mHeaderData;
+ while (data) {
+ if (data->mField == aHeaderField) {
+ aData = data->mData;
+
+ break;
+ }
+ data = data->mNext;
+ }
+}
+
+void Document::SetHeaderData(nsAtom* aHeaderField, const nsAString& aData) {
+ if (!aHeaderField) {
+ NS_ERROR("null headerField");
+ return;
+ }
+
+ if (!mHeaderData) {
+ if (!aData.IsEmpty()) { // don't bother storing empty string
+ mHeaderData = new DocHeaderData(aHeaderField, aData);
+ }
+ } else {
+ DocHeaderData* data = mHeaderData;
+ DocHeaderData** lastPtr = &mHeaderData;
+ bool found = false;
+ do { // look for existing and replace
+ if (data->mField == aHeaderField) {
+ if (!aData.IsEmpty()) {
+ data->mData.Assign(aData);
+ } else { // don't store empty string
+ *lastPtr = data->mNext;
+ data->mNext = nullptr;
+ delete data;
+ }
+ found = true;
+
+ break;
+ }
+ lastPtr = &(data->mNext);
+ data = *lastPtr;
+ } while (data);
+
+ if (!aData.IsEmpty() && !found) {
+ // didn't find, append
+ *lastPtr = new DocHeaderData(aHeaderField, aData);
+ }
+ }
+
+ if (aHeaderField == nsGkAtoms::headerContentLanguage) {
+ CopyUTF16toUTF8(aData, mContentLanguage);
+ mMayNeedFontPrefsUpdate = true;
+ if (auto* presContext = GetPresContext()) {
+ presContext->ContentLanguageChanged();
+ }
+ }
+
+ if (aHeaderField == nsGkAtoms::headerDefaultStyle) {
+ SetPreferredStyleSheetSet(aData);
+ }
+
+ if (aHeaderField == nsGkAtoms::refresh && !IsStaticDocument()) {
+ // We get into this code before we have a script global yet, so get to our
+ // container via mDocumentContainer.
+ if (nsCOMPtr<nsIRefreshURI> refresher = mDocumentContainer.get()) {
+ // Note: using mDocumentURI instead of mBaseURI here, for consistency
+ // (used to just use the current URI of our webnavigation, but that
+ // should really be the same thing). Note that this code can run
+ // before the current URI of the webnavigation has been updated, so we
+ // can't assert equality here.
+ refresher->SetupRefreshURIFromHeader(mDocumentURI, NodePrincipal(),
+ InnerWindowID(),
+ NS_ConvertUTF16toUTF8(aData));
+ }
+ }
+
+ if (aHeaderField == nsGkAtoms::headerDNSPrefetchControl &&
+ mAllowDNSPrefetch) {
+ // Chromium treats any value other than 'on' (case insensitive) as 'off'.
+ mAllowDNSPrefetch = aData.IsEmpty() || aData.LowerCaseEqualsLiteral("on");
+ }
+
+ if (aHeaderField == nsGkAtoms::viewport ||
+ aHeaderField == nsGkAtoms::handheldFriendly) {
+ mViewportType = Unknown;
+ }
+}
+
+void Document::TryChannelCharset(nsIChannel* aChannel, int32_t& aCharsetSource,
+ NotNull<const Encoding*>& aEncoding,
+ nsHtml5TreeOpExecutor* aExecutor) {
+ if (aChannel) {
+ nsAutoCString charsetVal;
+ nsresult rv = aChannel->GetContentCharset(charsetVal);
+ if (NS_SUCCEEDED(rv)) {
+ const Encoding* preferred = Encoding::ForLabel(charsetVal);
+ if (preferred) {
+ aEncoding = WrapNotNull(preferred);
+ aCharsetSource = kCharsetFromChannel;
+ return;
+ } else if (aExecutor && !charsetVal.IsEmpty()) {
+ aExecutor->ComplainAboutBogusProtocolCharset(this);
+ }
+ }
+ }
+}
+
+static inline void AssertNoStaleServoDataIn(nsINode& aSubtreeRoot) {
+#ifdef DEBUG
+ for (nsINode* node : ShadowIncludingTreeIterator(aSubtreeRoot)) {
+ const Element* element = Element::FromNode(node);
+ if (!element) {
+ continue;
+ }
+ MOZ_ASSERT(!element->HasServoData());
+ }
+#endif
+}
+
+already_AddRefed<PresShell> Document::CreatePresShell(
+ nsPresContext* aContext, nsViewManager* aViewManager) {
+ MOZ_DIAGNOSTIC_ASSERT(!mPresShell, "We have a presshell already!");
+
+ NS_ENSURE_FALSE(GetBFCacheEntry(), nullptr);
+
+ AssertNoStaleServoDataIn(*this);
+
+ RefPtr<PresShell> presShell = new PresShell(this);
+ // Note: we don't hold a ref to the shell (it holds a ref to us)
+ mPresShell = presShell;
+
+ if (!mStyleSetFilled) {
+ FillStyleSet();
+ }
+
+ presShell->Init(aContext, aViewManager);
+
+ // Gaining a shell causes changes in how media queries are evaluated, so
+ // invalidate that.
+ aContext->MediaFeatureValuesChanged(
+ {MediaFeatureChange::kAllChanges},
+ MediaFeatureChangePropagation::JustThisDocument);
+
+ // Make sure to never paint if we belong to an invisible DocShell.
+ nsCOMPtr<nsIDocShell> docShell(mDocumentContainer);
+ if (docShell && docShell->IsInvisible()) {
+ presShell->SetNeverPainting(true);
+ }
+
+ MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug,
+ ("DOCUMENT %p with PressShell %p and DocShell %p", this,
+ presShell.get(), docShell.get()));
+
+ mExternalResourceMap.ShowViewers();
+
+ UpdateFrameRequestCallbackSchedulingState();
+
+ if (mDocumentL10n) {
+ // In case we already accumulated mutations,
+ // we'll trigger the refresh driver now.
+ mDocumentL10n->OnCreatePresShell();
+ }
+
+ // Now that we have a shell, we might have @font-face rules (the presence of a
+ // shell may change which rules apply to us). We don't need to do anything
+ // like EnsureStyleFlush or such, there's nothing to update yet and when stuff
+ // is ready to update we'll flush the font set.
+ MarkUserFontSetDirty();
+
+ // Take the author style disabled state from the top browsing cvontext.
+ // (PageStyleChild.jsm ensures this is up to date.)
+ if (BrowsingContext* bc = GetBrowsingContext()) {
+ presShell->SetAuthorStyleDisabled(bc->Top()->AuthorStyleDisabledDefault());
+ }
+
+ return presShell.forget();
+}
+
+void Document::UpdateFrameRequestCallbackSchedulingState(
+ PresShell* aOldPresShell) {
+ // If this condition changes to depend on some other variable, make sure to
+ // call UpdateFrameRequestCallbackSchedulingState() calls to the places where
+ // that variable can change. Also consider if you should change
+ // WouldScheduleFrameRequestCallbacks() instead of adding more stuff to this
+ // condition.
+ bool shouldBeScheduled =
+ WouldScheduleFrameRequestCallbacks() && !mFrameRequestCallbacks.IsEmpty();
+ if (shouldBeScheduled == mFrameRequestCallbacksScheduled) {
+ // nothing to do
+ return;
+ }
+
+ PresShell* presShell = aOldPresShell ? aOldPresShell : mPresShell;
+ MOZ_RELEASE_ASSERT(presShell);
+
+ nsRefreshDriver* rd = presShell->GetPresContext()->RefreshDriver();
+ if (shouldBeScheduled) {
+ rd->ScheduleFrameRequestCallbacks(this);
+ } else {
+ rd->RevokeFrameRequestCallbacks(this);
+ }
+
+ mFrameRequestCallbacksScheduled = shouldBeScheduled;
+}
+
+void Document::TakeFrameRequestCallbacks(nsTArray<FrameRequest>& aCallbacks) {
+ MOZ_ASSERT(aCallbacks.IsEmpty());
+ aCallbacks = std::move(mFrameRequestCallbacks);
+ mCanceledFrameRequestCallbacks.clear();
+ // No need to manually remove ourselves from the refresh driver; it will
+ // handle that part. But we do have to update our state.
+ mFrameRequestCallbacksScheduled = false;
+}
+
+bool Document::ShouldThrottleFrameRequests() const {
+ if (mStaticCloneCount > 0) {
+ // Even if we're not visible, a static clone may be, so run at full speed.
+ return false;
+ }
+
+ if (Hidden()) {
+ // We're not visible (probably in a background tab or the bf cache).
+ return true;
+ }
+
+ if (!mPresShell) {
+ return false; // Can't do anything smarter.
+ }
+
+ if (!mPresShell->IsActive()) {
+ // The pres shell is not active (we're an invisible OOP iframe or such), so
+ // throttle.
+ return true;
+ }
+
+ nsIFrame* frame = mPresShell->GetRootFrame();
+ if (!frame) {
+ return false; // Can't do anything smarter.
+ }
+
+ nsIFrame* displayRootFrame = nsLayoutUtils::GetDisplayRootFrame(frame);
+ if (!displayRootFrame) {
+ return false; // Can't do anything smarter.
+ }
+
+ if (!displayRootFrame->DidPaintPresShell(mPresShell)) {
+ // We didn't get painted during the last paint, so we're not visible.
+ // Throttle. Note that because we have to paint this document at least
+ // once to unthrottle it, we will drop one requestAnimationFrame frame
+ // when a document that previously wasn't visible scrolls into view. This
+ // is acceptable since it would happen outside the viewport on APZ
+ // platforms and is unlikely to be human-perceivable on non-APZ platforms.
+ return true;
+ }
+
+ // We got painted during the last paint, so run at full speed.
+ return false;
+}
+
+void Document::DeletePresShell() {
+ mExternalResourceMap.HideViewers();
+ if (nsPresContext* presContext = mPresShell->GetPresContext()) {
+ presContext->RefreshDriver()->CancelPendingFullscreenEvents(this);
+ }
+
+ // When our shell goes away, request that all our images be immediately
+ // discarded, so we don't carry around decoded image data for a document we
+ // no longer intend to paint.
+ ImageTracker()->RequestDiscardAll();
+
+ // Now that we no longer have a shell, we need to forget about any FontFace
+ // objects for @font-face rules that came from the style set. There's no need
+ // to call EnsureStyleFlush either, the shell is going away anyway, so there's
+ // no point on it.
+ MarkUserFontSetDirty();
+
+ if (mResizeObserverController) {
+ mResizeObserverController->ShellDetachedFromDocument();
+ }
+
+ if (IsEditingOn()) {
+ TurnEditingOff();
+ }
+
+ PresShell* oldPresShell = mPresShell;
+ mPresShell = nullptr;
+ UpdateFrameRequestCallbackSchedulingState(oldPresShell);
+
+ ClearStaleServoData();
+ AssertNoStaleServoDataIn(*this);
+
+ mStyleSet->ShellDetachedFromDocument();
+ mStyleSetFilled = false;
+ mQuirkSheetAdded = false;
+ mContentEditableSheetAdded = false;
+ mDesignModeSheetAdded = false;
+}
+
+void Document::SetBFCacheEntry(nsIBFCacheEntry* aEntry) {
+ MOZ_ASSERT(IsBFCachingAllowed() || !aEntry, "You should have checked!");
+
+ if (mPresShell) {
+ if (aEntry) {
+ mPresShell->StopObservingRefreshDriver();
+ } else if (mBFCacheEntry) {
+ mPresShell->StartObservingRefreshDriver();
+ }
+ }
+ mBFCacheEntry = aEntry;
+}
+
+bool Document::RemoveFromBFCacheSync() {
+ if (nsCOMPtr<nsIBFCacheEntry> entry = GetBFCacheEntry()) {
+ entry->RemoveFromBFCacheSync();
+ return true;
+ }
+ return false;
+}
+
+static void SubDocClearEntry(PLDHashTable* table, PLDHashEntryHdr* entry) {
+ SubDocMapEntry* e = static_cast<SubDocMapEntry*>(entry);
+
+ NS_RELEASE(e->mKey);
+ if (e->mSubDocument) {
+ e->mSubDocument->SetParentDocument(nullptr);
+ NS_RELEASE(e->mSubDocument);
+ }
+}
+
+static void SubDocInitEntry(PLDHashEntryHdr* entry, const void* key) {
+ SubDocMapEntry* e =
+ const_cast<SubDocMapEntry*>(static_cast<const SubDocMapEntry*>(entry));
+
+ e->mKey = const_cast<Element*>(static_cast<const Element*>(key));
+ NS_ADDREF(e->mKey);
+
+ e->mSubDocument = nullptr;
+}
+
+nsresult Document::SetSubDocumentFor(Element* aElement, Document* aSubDoc) {
+ NS_ENSURE_TRUE(aElement, NS_ERROR_UNEXPECTED);
+
+ if (!aSubDoc) {
+ // aSubDoc is nullptr, remove the mapping
+
+ if (mSubDocuments) {
+ mSubDocuments->Remove(aElement);
+ }
+ } else {
+ if (!mSubDocuments) {
+ // Create a new hashtable
+
+ static const PLDHashTableOps hash_table_ops = {
+ PLDHashTable::HashVoidPtrKeyStub, PLDHashTable::MatchEntryStub,
+ PLDHashTable::MoveEntryStub, SubDocClearEntry, SubDocInitEntry};
+
+ mSubDocuments = new PLDHashTable(&hash_table_ops, sizeof(SubDocMapEntry));
+ }
+
+ // Add a mapping to the hash table
+ auto entry =
+ static_cast<SubDocMapEntry*>(mSubDocuments->Add(aElement, fallible));
+
+ if (!entry) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ if (entry->mSubDocument) {
+ entry->mSubDocument->SetParentDocument(nullptr);
+
+ // Release the old sub document
+ NS_RELEASE(entry->mSubDocument);
+ }
+
+ entry->mSubDocument = aSubDoc;
+ NS_ADDREF(entry->mSubDocument);
+
+ aSubDoc->SetParentDocument(this);
+ }
+
+ return NS_OK;
+}
+
+Document* Document::GetSubDocumentFor(nsIContent* aContent) const {
+ if (mSubDocuments && aContent->IsElement()) {
+ auto entry = static_cast<SubDocMapEntry*>(
+ mSubDocuments->Search(aContent->AsElement()));
+
+ if (entry) {
+ return entry->mSubDocument;
+ }
+ }
+
+ return nullptr;
+}
+
+Element* Document::FindContentForSubDocument(Document* aDocument) const {
+ NS_ENSURE_TRUE(aDocument, nullptr);
+
+ if (!mSubDocuments) {
+ return nullptr;
+ }
+
+ for (auto iter = mSubDocuments->Iter(); !iter.Done(); iter.Next()) {
+ auto entry = static_cast<SubDocMapEntry*>(iter.Get());
+ if (entry->mSubDocument == aDocument) {
+ return entry->mKey;
+ }
+ }
+ return nullptr;
+}
+
+bool Document::IsNodeOfType(uint32_t aFlags) const { return false; }
+
+Element* Document::GetRootElement() const {
+ return (mCachedRootElement && mCachedRootElement->GetParentNode() == this)
+ ? mCachedRootElement
+ : GetRootElementInternal();
+}
+
+Element* Document::GetUnfocusedKeyEventTarget() { return GetRootElement(); }
+
+Element* Document::GetRootElementInternal() const {
+ // We invoke GetRootElement() immediately before the servo traversal, so we
+ // should always have a cache hit from Servo.
+ MOZ_ASSERT(NS_IsMainThread());
+
+ // Loop backwards because any non-elements, such as doctypes and PIs
+ // are likely to appear before the root element.
+ for (nsIContent* child = GetLastChild(); child;
+ child = child->GetPreviousSibling()) {
+ if (Element* element = Element::FromNode(child)) {
+ const_cast<Document*>(this)->mCachedRootElement = element;
+ return element;
+ }
+ }
+
+ const_cast<Document*>(this)->mCachedRootElement = nullptr;
+ return nullptr;
+}
+
+nsresult Document::InsertChildBefore(nsIContent* aKid, nsIContent* aBeforeThis,
+ bool aNotify) {
+ if (aKid->IsElement() && GetRootElement()) {
+ NS_WARNING("Inserting root element when we already have one");
+ return NS_ERROR_DOM_HIERARCHY_REQUEST_ERR;
+ }
+
+ return nsINode::InsertChildBefore(aKid, aBeforeThis, aNotify);
+}
+
+void Document::RemoveChildNode(nsIContent* aKid, bool aNotify) {
+ Maybe<mozAutoDocUpdate> updateBatch;
+ if (aKid->IsElement()) {
+ updateBatch.emplace(this, aNotify);
+ // Destroy the link map up front before we mess with the child list.
+ DestroyElementMaps();
+ }
+
+ // Preemptively clear mCachedRootElement, since we may be about to remove it
+ // from our child list, and we don't want to return this maybe-obsolete value
+ // from any GetRootElement() calls that happen inside of RemoveChildNode().
+ // (NOTE: for this to be useful, RemoveChildNode() must NOT trigger any
+ // GetRootElement() calls until after it's removed the child from mChildren.
+ // Any call before that point would restore this soon-to-be-obsolete cached
+ // answer, and our clearing here would be fruitless.)
+ mCachedRootElement = nullptr;
+ nsINode::RemoveChildNode(aKid, aNotify);
+ MOZ_ASSERT(mCachedRootElement != aKid,
+ "Stale pointer in mCachedRootElement, after we tried to clear it "
+ "(maybe somebody called GetRootElement() too early?)");
+}
+
+void Document::AddStyleSheetToStyleSets(StyleSheet& aSheet) {
+ if (mStyleSetFilled) {
+ mStyleSet->AddDocStyleSheet(aSheet);
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::RecordShadowStyleChange(ShadowRoot& aShadowRoot) {
+ mStyleSet->RecordShadowStyleChange(aShadowRoot);
+ ApplicableStylesChanged();
+}
+
+void Document::ApplicableStylesChanged() {
+ // TODO(emilio): if we decide to resolve style in display: none iframes, then
+ // we need to always track style changes and remove the mStyleSetFilled.
+ if (!mStyleSetFilled) {
+ return;
+ }
+
+ MarkUserFontSetDirty();
+ PresShell* ps = GetPresShell();
+ if (!ps) {
+ return;
+ }
+
+ ps->EnsureStyleFlush();
+ nsPresContext* pc = ps->GetPresContext();
+ if (!pc) {
+ return;
+ }
+
+ pc->MarkCounterStylesDirty();
+ pc->MarkFontFeatureValuesDirty();
+ pc->RestyleManager()->NextRestyleIsForCSSRuleChanges();
+}
+
+void Document::RemoveStyleSheetFromStyleSets(StyleSheet& aSheet) {
+ if (mStyleSetFilled) {
+ mStyleSet->RemoveStyleSheet(aSheet);
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::InsertSheetAt(size_t aIndex, StyleSheet& aSheet) {
+ DocumentOrShadowRoot::InsertSheetAt(aIndex, aSheet);
+
+ if (aSheet.IsApplicable()) {
+ AddStyleSheetToStyleSets(aSheet);
+ }
+}
+
+void Document::StyleSheetApplicableStateChanged(StyleSheet& aSheet) {
+ const bool applicable = aSheet.IsApplicable();
+ // If we're actually in the document style sheet list
+ if (StyleOrderIndexOfSheet(aSheet) >= 0) {
+ if (applicable) {
+ AddStyleSheetToStyleSets(aSheet);
+ } else {
+ RemoveStyleSheetFromStyleSets(aSheet);
+ }
+ }
+
+ PostStyleSheetApplicableStateChangeEvent(aSheet);
+
+ if (!mSSApplicableStateNotificationPending) {
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIRunnable> notification = NewRunnableMethod(
+ "Document::NotifyStyleSheetApplicableStateChanged", this,
+ &Document::NotifyStyleSheetApplicableStateChanged);
+ mSSApplicableStateNotificationPending =
+ NS_SUCCEEDED(Dispatch(TaskCategory::Other, notification.forget()));
+ }
+}
+
+void Document::PostStyleSheetApplicableStateChangeEvent(StyleSheet& aSheet) {
+ if (!StyleSheetChangeEventsEnabled()) {
+ return;
+ }
+
+ StyleSheetApplicableStateChangeEventInit init;
+ init.mBubbles = true;
+ init.mCancelable = true;
+ init.mStylesheet = &aSheet;
+ init.mApplicable = aSheet.IsApplicable();
+
+ RefPtr<StyleSheetApplicableStateChangeEvent> event =
+ StyleSheetApplicableStateChangeEvent::Constructor(
+ this, u"StyleSheetApplicableStateChanged"_ns, init);
+ event->SetTrusted(true);
+ event->SetTarget(this);
+ RefPtr<AsyncEventDispatcher> asyncDispatcher =
+ new AsyncEventDispatcher(this, event);
+ asyncDispatcher->mOnlyChromeDispatch = ChromeOnlyDispatch::eYes;
+ asyncDispatcher->PostDOMEvent();
+}
+
+void Document::NotifyStyleSheetApplicableStateChanged() {
+ mSSApplicableStateNotificationPending = false;
+ nsCOMPtr<nsIObserverService> observerService =
+ mozilla::services::GetObserverService();
+ if (observerService) {
+ observerService->NotifyObservers(
+ ToSupports(this), "style-sheet-applicable-state-changed", nullptr);
+ }
+}
+
+static int32_t FindSheet(const nsTArray<RefPtr<StyleSheet>>& aSheets,
+ nsIURI* aSheetURI) {
+ for (int32_t i = aSheets.Length() - 1; i >= 0; i--) {
+ bool bEqual;
+ nsIURI* uri = aSheets[i]->GetSheetURI();
+
+ if (uri && NS_SUCCEEDED(uri->Equals(aSheetURI, &bEqual)) && bEqual)
+ return i;
+ }
+
+ return -1;
+}
+
+nsresult Document::LoadAdditionalStyleSheet(additionalSheetType aType,
+ nsIURI* aSheetURI) {
+ MOZ_ASSERT(aSheetURI, "null arg");
+
+ // Checking if we have loaded this one already.
+ if (FindSheet(mAdditionalSheets[aType], aSheetURI) >= 0)
+ return NS_ERROR_INVALID_ARG;
+
+ // Loading the sheet sync.
+ RefPtr<css::Loader> loader = new css::Loader(GetDocGroup());
+
+ css::SheetParsingMode parsingMode;
+ switch (aType) {
+ case Document::eAgentSheet:
+ parsingMode = css::eAgentSheetFeatures;
+ break;
+
+ case Document::eUserSheet:
+ parsingMode = css::eUserSheetFeatures;
+ break;
+
+ case Document::eAuthorSheet:
+ parsingMode = css::eAuthorSheetFeatures;
+ break;
+
+ default:
+ MOZ_CRASH("impossible value for aType");
+ }
+
+ auto result = loader->LoadSheetSync(aSheetURI, parsingMode,
+ css::Loader::UseSystemPrincipal::Yes);
+ if (result.isErr()) {
+ return result.unwrapErr();
+ }
+
+ RefPtr<StyleSheet> sheet = result.unwrap();
+
+ sheet->SetAssociatedDocumentOrShadowRoot(this);
+ MOZ_ASSERT(sheet->IsApplicable());
+
+ return AddAdditionalStyleSheet(aType, sheet);
+}
+
+nsresult Document::AddAdditionalStyleSheet(additionalSheetType aType,
+ StyleSheet* aSheet) {
+ if (mAdditionalSheets[aType].Contains(aSheet)) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ if (!aSheet->IsApplicable()) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ mAdditionalSheets[aType].AppendElement(aSheet);
+
+ if (mStyleSetFilled) {
+ mStyleSet->AppendStyleSheet(*aSheet);
+ ApplicableStylesChanged();
+ }
+ return NS_OK;
+}
+
+void Document::RemoveAdditionalStyleSheet(additionalSheetType aType,
+ nsIURI* aSheetURI) {
+ MOZ_ASSERT(aSheetURI);
+
+ nsTArray<RefPtr<StyleSheet>>& sheets = mAdditionalSheets[aType];
+
+ int32_t i = FindSheet(mAdditionalSheets[aType], aSheetURI);
+ if (i >= 0) {
+ RefPtr<StyleSheet> sheetRef = std::move(sheets[i]);
+ sheets.RemoveElementAt(i);
+
+ if (!mIsGoingAway) {
+ MOZ_ASSERT(sheetRef->IsApplicable());
+ if (mStyleSetFilled) {
+ mStyleSet->RemoveStyleSheet(*sheetRef);
+ ApplicableStylesChanged();
+ }
+ }
+ sheetRef->ClearAssociatedDocumentOrShadowRoot();
+ }
+}
+
+nsIGlobalObject* Document::GetScopeObject() const {
+ nsCOMPtr<nsIGlobalObject> scope(do_QueryReferent(mScopeObject));
+ return scope;
+}
+
+bool Document::CrossOriginIsolated() const {
+ // For a data document, it doesn't have a browsing context so that we check
+ // the cross-origin-isolated state from its creator's inner window.
+ if (mLoadedAsData) {
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(GetScopeObject());
+
+ return window && window->GetBrowsingContext() &&
+ window->GetBrowsingContext()->CrossOriginIsolated();
+ }
+
+ return GetBrowsingContext() && GetBrowsingContext()->CrossOriginIsolated();
+}
+
+DocGroup* Document::GetDocGroupOrCreate() {
+ if (!mDocGroup) {
+ nsAutoCString docGroupKey;
+ nsresult rv = mozilla::dom::DocGroup::GetKey(
+ NodePrincipal(), CrossOriginIsolated(), docGroupKey);
+ if (NS_SUCCEEDED(rv) && mDocumentContainer) {
+ BrowsingContextGroup* group = GetBrowsingContext()->Group();
+ if (group) {
+ mDocGroup = group->AddDocument(docGroupKey, this);
+ }
+ }
+ }
+ return mDocGroup;
+}
+
+void Document::SetScopeObject(nsIGlobalObject* aGlobal) {
+ mScopeObject = do_GetWeakReference(aGlobal);
+ if (aGlobal) {
+ mHasHadScriptHandlingObject = true;
+
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(aGlobal);
+ if (!window) {
+ return;
+ }
+ BrowsingContextGroup* browsingContextGroup =
+ window->GetBrowsingContextGroup();
+
+ // We should already have the principal, and now that we have been added
+ // to a window, we should be able to join a DocGroup!
+ nsAutoCString docGroupKey;
+ nsresult rv = mozilla::dom::DocGroup::GetKey(
+ NodePrincipal(), CrossOriginIsolated(), docGroupKey);
+ if (mDocGroup) {
+ if (NS_SUCCEEDED(rv)) {
+ MOZ_RELEASE_ASSERT(mDocGroup->MatchesKey(docGroupKey));
+ }
+ MOZ_RELEASE_ASSERT(mDocGroup->GetBrowsingContextGroup() ==
+ browsingContextGroup);
+ } else {
+ mDocGroup = browsingContextGroup->AddDocument(docGroupKey, this);
+
+ MOZ_ASSERT(mDocGroup);
+ }
+
+ MOZ_ASSERT_IF(
+ mNodeInfoManager->GetArenaAllocator(),
+ mNodeInfoManager->GetArenaAllocator() == mDocGroup->ArenaAllocator());
+ }
+}
+
+bool Document::ContainsEMEContent() {
+ nsPIDOMWindowInner* win = GetInnerWindow();
+ // Note this case is different from checking just media elements in that
+ // it covers when we've created MediaKeys but not associated them with a
+ // media element.
+ return win && win->HasActiveMediaKeysInstance();
+}
+
+bool Document::ContainsMSEContent() {
+ bool containsMSE = false;
+
+ auto check = [&containsMSE](nsISupports* aSupports) {
+ nsCOMPtr<nsIContent> content(do_QueryInterface(aSupports));
+ if (auto* mediaElem = HTMLMediaElement::FromNodeOrNull(content)) {
+ RefPtr<MediaSource> ms = mediaElem->GetMozMediaSourceObject();
+ if (ms) {
+ containsMSE = true;
+ }
+ }
+ };
+
+ EnumerateActivityObservers(check);
+ return containsMSE;
+}
+
+static void NotifyActivityChanged(nsISupports* aSupports) {
+ nsCOMPtr<nsIContent> content(do_QueryInterface(aSupports));
+ if (auto mediaElem = HTMLMediaElement::FromNodeOrNull(content)) {
+ mediaElem->NotifyOwnerDocumentActivityChanged();
+ }
+ nsCOMPtr<nsIObjectLoadingContent> objectLoadingContent(
+ do_QueryInterface(aSupports));
+ if (objectLoadingContent) {
+ nsObjectLoadingContent* olc =
+ static_cast<nsObjectLoadingContent*>(objectLoadingContent.get());
+ olc->NotifyOwnerDocumentActivityChanged();
+ }
+ nsCOMPtr<nsIDocumentActivity> objectDocumentActivity(
+ do_QueryInterface(aSupports));
+ if (objectDocumentActivity) {
+ objectDocumentActivity->NotifyOwnerDocumentActivityChanged();
+ } else {
+ nsCOMPtr<nsIImageLoadingContent> imageLoadingContent(
+ do_QueryInterface(aSupports));
+ if (imageLoadingContent) {
+ auto ilc = static_cast<nsImageLoadingContent*>(imageLoadingContent.get());
+ ilc->NotifyOwnerDocumentActivityChanged();
+ }
+ }
+}
+
+bool Document::IsTopLevelWindowInactive() const {
+ if (BrowsingContext* bc = GetBrowsingContext()) {
+ return !bc->GetIsActiveBrowserWindow();
+ }
+
+ return false;
+}
+
+void Document::SetContainer(nsDocShell* aContainer) {
+ if (aContainer) {
+ mDocumentContainer = aContainer;
+ } else {
+ mDocumentContainer = WeakPtr<nsDocShell>();
+ }
+
+ mInChromeDocShell =
+ aContainer && aContainer->GetBrowsingContext()->IsChrome();
+
+ EnumerateActivityObservers(NotifyActivityChanged);
+
+ // IsTopLevelWindowInactive depends on the docshell, so
+ // update the cached value now that it's available.
+ UpdateDocumentStates(NS_DOCUMENT_STATE_WINDOW_INACTIVE, false);
+ if (!aContainer) {
+ return;
+ }
+
+ BrowsingContext* context = aContainer->GetBrowsingContext();
+ if (context && context->IsContent()) {
+ SetIsTopLevelContentDocument(context->IsTopContent());
+ SetIsContentDocument(true);
+ } else {
+ SetIsTopLevelContentDocument(false);
+ SetIsContentDocument(false);
+ }
+}
+
+nsISupports* Document::GetContainer() const {
+ return static_cast<nsIDocShell*>(mDocumentContainer);
+}
+
+void Document::SetScriptGlobalObject(
+ nsIScriptGlobalObject* aScriptGlobalObject) {
+ MOZ_ASSERT(aScriptGlobalObject || !mAnimationController ||
+ mAnimationController->IsPausedByType(
+ SMILTimeContainer::PAUSE_PAGEHIDE |
+ SMILTimeContainer::PAUSE_BEGIN),
+ "Clearing window pointer while animations are unpaused");
+
+ if (mScriptGlobalObject && !aScriptGlobalObject) {
+ // We're detaching from the window. We need to grab a pointer to
+ // our layout history state now.
+ mLayoutHistoryState = GetLayoutHistoryState();
+
+ // Also make sure to remove our onload blocker now if we haven't done it yet
+ if (mOnloadBlockCount != 0) {
+ nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
+ if (loadGroup) {
+ loadGroup->RemoveRequest(mOnloadBlocker, nullptr, NS_OK);
+ }
+ }
+
+ if (GetController().isSome()) {
+ if (imgLoader* loader = nsContentUtils::GetImgLoaderForDocument(this)) {
+ loader->ClearCacheForControlledDocument(this);
+ }
+
+ // We may become controlled again if this document comes back out
+ // of bfcache. Clear our state to allow that to happen. Only
+ // clear this flag if we are actually controlled, though, so pages
+ // that were force reloaded don't become controlled when they
+ // come out of bfcache.
+ mMaybeServiceWorkerControlled = false;
+ }
+
+ if (GetWindowContext()) {
+ // The document is about to lose its window, so this is a good time to
+ // send our page use counters, while we still have access to our
+ // WindowContext.
+ //
+ // (We also do this in nsGlobalWindowInner::FreeInnerObjects(), which
+ // catches some cases of documents losing their window that don't
+ // get in here.)
+ SendPageUseCounters();
+ }
+ }
+
+ // BlockOnload() might be called before mScriptGlobalObject is set.
+ // We may need to add the blocker once mScriptGlobalObject is set.
+ bool needOnloadBlocker = !mScriptGlobalObject && aScriptGlobalObject;
+
+ mScriptGlobalObject = aScriptGlobalObject;
+
+ if (needOnloadBlocker) {
+ EnsureOnloadBlocker();
+ }
+
+ UpdateFrameRequestCallbackSchedulingState();
+
+ if (aScriptGlobalObject) {
+ // Go back to using the docshell for the layout history state
+ mLayoutHistoryState = nullptr;
+ SetScopeObject(aScriptGlobalObject);
+ mHasHadDefaultView = true;
+
+ if (mAllowDNSPrefetch) {
+ nsCOMPtr<nsIDocShell> docShell(mDocumentContainer);
+ if (docShell) {
+#ifdef DEBUG
+ nsCOMPtr<nsIWebNavigation> webNav =
+ do_GetInterface(aScriptGlobalObject);
+ NS_ASSERTION(SameCOMIdentity(webNav, docShell),
+ "Unexpected container or script global?");
+#endif
+ bool allowDNSPrefetch;
+ docShell->GetAllowDNSPrefetch(&allowDNSPrefetch);
+ mAllowDNSPrefetch = allowDNSPrefetch;
+ }
+ }
+
+ // If we are set in a window that is already focused we should remember this
+ // as the time the document gained focus.
+ if (HasFocus(IgnoreErrors())) {
+ SetLastFocusTime(TimeStamp::Now());
+ }
+ }
+
+ // Remember the pointer to our window (or lack there of), to avoid
+ // having to QI every time it's asked for.
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mScriptGlobalObject);
+ mWindow = window;
+
+ // Now that we know what our window is, we can flush the CSP errors to the
+ // Web Console. We are flushing all messages that occurred and were stored in
+ // the queue prior to this point.
+ if (mCSP) {
+ static_cast<nsCSPContext*>(mCSP.get())->flushConsoleMessages();
+ }
+
+ nsCOMPtr<nsIHttpChannelInternal> internalChannel =
+ do_QueryInterface(GetChannel());
+ if (internalChannel) {
+ nsCOMArray<nsISecurityConsoleMessage> messages;
+ DebugOnly<nsresult> rv = internalChannel->TakeAllSecurityMessages(messages);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+ SendToConsole(messages);
+ }
+
+ // Set our visibility state, but do not fire the event. This is correct
+ // because either we're coming out of bfcache (in which case IsVisible() will
+ // still test false at this point and no state change will happen) or we're
+ // doing the initial document load and don't want to fire the event for this
+ // change.
+ //
+ // When the visibility is changed, notify it to observers.
+ // Some observers need the notification, for example HTMLMediaElement uses
+ // it to update internal media resource allocation.
+ // When video is loaded via VideoDocument, HTMLMediaElement and MediaDecoder
+ // creation are already done before Document::SetScriptGlobalObject() call.
+ // MediaDecoder decides whether starting decoding is decided based on
+ // document's visibility. When the MediaDecoder is created,
+ // Document::SetScriptGlobalObject() is not yet called and document is
+ // hidden state. Therefore the MediaDecoder decides that decoding is
+ // not yet necessary. But soon after Document::SetScriptGlobalObject()
+ // call, the document becomes not hidden. At the time, MediaDecoder needs
+ // to know it and needs to start updating decoding.
+ UpdateVisibilityState(DispatchVisibilityChange::No);
+
+ // The global in the template contents owner document should be the same.
+ if (mTemplateContentsOwner && mTemplateContentsOwner != this) {
+ mTemplateContentsOwner->SetScriptGlobalObject(aScriptGlobalObject);
+ }
+
+ if (!mMaybeServiceWorkerControlled && mDocumentContainer &&
+ mScriptGlobalObject && GetChannel()) {
+ // If we are shift-reloaded, don't associate with a ServiceWorker.
+ if (mDocumentContainer->IsForceReloading()) {
+ NS_WARNING("Page was shift reloaded, skipping ServiceWorker control");
+ return;
+ }
+
+ mMaybeServiceWorkerControlled = true;
+ }
+}
+
+nsIScriptGlobalObject* Document::GetScriptHandlingObjectInternal() const {
+ MOZ_ASSERT(!mScriptGlobalObject,
+ "Do not call this when mScriptGlobalObject is set!");
+ if (mHasHadDefaultView) {
+ return nullptr;
+ }
+
+ nsCOMPtr<nsIScriptGlobalObject> scriptHandlingObject =
+ do_QueryReferent(mScopeObject);
+ nsCOMPtr<nsPIDOMWindowInner> win = do_QueryInterface(scriptHandlingObject);
+ if (win) {
+ nsPIDOMWindowOuter* outer = win->GetOuterWindow();
+ if (!outer || outer->GetCurrentInnerWindow() != win) {
+ NS_WARNING("Wrong inner/outer window combination!");
+ return nullptr;
+ }
+ }
+ return scriptHandlingObject;
+}
+void Document::SetScriptHandlingObject(nsIScriptGlobalObject* aScriptObject) {
+ NS_ASSERTION(!mScriptGlobalObject || mScriptGlobalObject == aScriptObject,
+ "Wrong script object!");
+ if (aScriptObject) {
+ SetScopeObject(aScriptObject);
+ mHasHadDefaultView = false;
+ }
+}
+
+nsPIDOMWindowOuter* Document::GetWindowInternal() const {
+ MOZ_ASSERT(!mWindow, "This should not be called when mWindow is not null!");
+ // Let's use mScriptGlobalObject. Even if the document is already removed from
+ // the docshell, the outer window might be still obtainable from the it.
+ nsCOMPtr<nsPIDOMWindowOuter> win;
+ if (mRemovedFromDocShell) {
+ // The docshell returns the outer window we are done.
+ nsCOMPtr<nsIDocShell> kungFuDeathGrip(mDocumentContainer);
+ if (kungFuDeathGrip) {
+ win = kungFuDeathGrip->GetWindow();
+ }
+ } else {
+ if (nsCOMPtr<nsPIDOMWindowInner> inner =
+ do_QueryInterface(mScriptGlobalObject)) {
+ // mScriptGlobalObject is always the inner window, let's get the outer.
+ win = inner->GetOuterWindow();
+ }
+ }
+
+ return win;
+}
+
+bool Document::InternalAllowXULXBL() {
+ if (nsContentUtils::AllowXULXBLForPrincipal(NodePrincipal())) {
+ mAllowXULXBL = eTriTrue;
+ return true;
+ }
+
+ mAllowXULXBL = eTriFalse;
+ return false;
+}
+
+// Note: We don't hold a reference to the document observer; we assume
+// that it has a live reference to the document.
+void Document::AddObserver(nsIDocumentObserver* aObserver) {
+ NS_ASSERTION(mObservers.IndexOf(aObserver) == nsTArray<int>::NoIndex,
+ "Observer already in the list");
+ mObservers.AppendElement(aObserver);
+ AddMutationObserver(aObserver);
+}
+
+bool Document::RemoveObserver(nsIDocumentObserver* aObserver) {
+ // If we're in the process of destroying the document (and we're
+ // informing the observers of the destruction), don't remove the
+ // observers from the list. This is not a big deal, since we
+ // don't hold a live reference to the observers.
+ if (!mInDestructor) {
+ RemoveMutationObserver(aObserver);
+ return mObservers.RemoveElement(aObserver);
+ }
+
+ return mObservers.Contains(aObserver);
+}
+
+void Document::BeginUpdate() {
+ ++mUpdateNestLevel;
+ nsContentUtils::AddScriptBlocker();
+ NS_DOCUMENT_NOTIFY_OBSERVERS(BeginUpdate, (this));
+}
+
+void Document::EndUpdate() {
+ const bool reset = !mPendingMaybeEditingStateChanged;
+ mPendingMaybeEditingStateChanged = true;
+
+ NS_DOCUMENT_NOTIFY_OBSERVERS(EndUpdate, (this));
+
+ --mUpdateNestLevel;
+
+ nsContentUtils::RemoveScriptBlocker();
+
+ if (mXULBroadcastManager) {
+ mXULBroadcastManager->MaybeBroadcast();
+ }
+
+ if (reset) {
+ mPendingMaybeEditingStateChanged = false;
+ }
+ MaybeEditingStateChanged();
+}
+
+void Document::BeginLoad() {
+ if (IsEditingOn()) {
+ // Reset() blows away all event listeners in the document, and our
+ // editor relies heavily on those. Midas is turned on, to make it
+ // work, re-initialize it to give it a chance to add its event
+ // listeners again.
+
+ TurnEditingOff();
+ EditingStateChanged();
+ }
+
+ MOZ_ASSERT(!mDidCallBeginLoad);
+ mDidCallBeginLoad = true;
+
+ // Block onload here to prevent having to deal with blocking and
+ // unblocking it while we know the document is loading.
+ BlockOnload();
+ mDidFireDOMContentLoaded = false;
+ BlockDOMContentLoaded();
+
+ if (mScriptLoader) {
+ mScriptLoader->BeginDeferringScripts();
+ }
+
+ NS_DOCUMENT_NOTIFY_OBSERVERS(BeginLoad, (this));
+}
+
+void Document::MozSetImageElement(const nsAString& aImageElementId,
+ Element* aElement) {
+ if (aImageElementId.IsEmpty()) return;
+
+ // Hold a script blocker while calling SetImageElement since that can call
+ // out to id-observers
+ nsAutoScriptBlocker scriptBlocker;
+
+ IdentifierMapEntry* entry = mIdentifierMap.PutEntry(aImageElementId);
+ if (entry) {
+ entry->SetImageElement(aElement);
+ if (entry->IsEmpty()) {
+ mIdentifierMap.RemoveEntry(entry);
+ }
+ }
+}
+
+void Document::DispatchContentLoadedEvents() {
+ // If you add early returns from this method, make sure you're
+ // calling UnblockOnload properly.
+
+ // Unpin references to preloaded images
+ mPreloadingImages.Clear();
+
+ // DOM manipulation after content loaded should not care if the element
+ // came from the preloader.
+ mPreloadedPreconnects.Clear();
+
+ if (mTiming) {
+ mTiming->NotifyDOMContentLoadedStart(Document::GetDocumentURI());
+ }
+
+ // Dispatch observer notification to notify observers document is interactive.
+ nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+ if (os) {
+ nsIPrincipal* principal = NodePrincipal();
+ os->NotifyObservers(ToSupports(this),
+ principal->IsSystemPrincipal()
+ ? "chrome-document-interactive"
+ : "content-document-interactive",
+ nullptr);
+ }
+
+ // Fire a DOM event notifying listeners that this document has been
+ // loaded (excluding images and other loads initiated by this
+ // document).
+ nsContentUtils::DispatchTrustedEvent(this, ToSupports(this),
+ u"DOMContentLoaded"_ns, CanBubble::eYes,
+ Cancelable::eNo);
+
+ if (auto* const window = GetInnerWindow()) {
+ const RefPtr<ServiceWorkerContainer> serviceWorker =
+ window->Navigator()->ServiceWorker();
+
+ // This could cause queued messages from a service worker to get
+ // dispatched on serviceWorker.
+ serviceWorker->StartMessages();
+ }
+
+ if (MayStartLayout()) {
+ MaybeResolveReadyForIdle();
+ }
+
+ RefPtr<TimelineConsumers> timelines = TimelineConsumers::Get();
+ nsIDocShell* docShell = this->GetDocShell();
+
+ if (timelines && timelines->HasConsumer(docShell)) {
+ timelines->AddMarkerForDocShell(
+ docShell,
+ MakeUnique<DocLoadingTimelineMarker>("document::DOMContentLoaded"));
+ }
+
+ if (mTiming) {
+ mTiming->NotifyDOMContentLoadedEnd(Document::GetDocumentURI());
+ }
+
+ // If this document is a [i]frame, fire a DOMFrameContentLoaded
+ // event on all parent documents notifying that the HTML (excluding
+ // other external files such as images and stylesheets) in a frame
+ // has finished loading.
+
+ // target_frame is the [i]frame element that will be used as the
+ // target for the event. It's the [i]frame whose content is done
+ // loading.
+ nsCOMPtr<EventTarget> target_frame;
+
+ if (mParentDocument) {
+ target_frame = mParentDocument->FindContentForSubDocument(this);
+ }
+
+ if (target_frame) {
+ nsCOMPtr<Document> parent = mParentDocument;
+ do {
+ RefPtr<Event> event;
+ if (parent) {
+ IgnoredErrorResult ignored;
+ event = parent->CreateEvent(u"Events"_ns, CallerType::System, ignored);
+ }
+
+ if (event) {
+ event->InitEvent(u"DOMFrameContentLoaded"_ns, true, true);
+
+ event->SetTarget(target_frame);
+ event->SetTrusted(true);
+
+ // To dispatch this event we must manually call
+ // EventDispatcher::Dispatch() on the ancestor document since the
+ // target is not in the same document, so the event would never reach
+ // the ancestor document if we used the normal event
+ // dispatching code.
+
+ WidgetEvent* innerEvent = event->WidgetEventPtr();
+ if (innerEvent) {
+ nsEventStatus status = nsEventStatus_eIgnore;
+
+ if (RefPtr<nsPresContext> context = parent->GetPresContext()) {
+ EventDispatcher::Dispatch(ToSupports(parent), context, innerEvent,
+ event, &status);
+ }
+ }
+ }
+
+ parent = parent->GetInProcessParentDocument();
+ } while (parent);
+ }
+
+ // If the document has a manifest attribute, fire a MozApplicationManifest
+ // event.
+ Element* root = GetRootElement();
+ if (root && root->HasAttr(kNameSpaceID_None, nsGkAtoms::manifest)) {
+ nsContentUtils::DispatchChromeEvent(this, ToSupports(this),
+ u"MozApplicationManifest"_ns,
+ CanBubble::eYes, Cancelable::eYes);
+ }
+
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ if (inner) {
+ inner->NoteDOMContentLoaded();
+ }
+
+ // TODO
+ if (mMaybeServiceWorkerControlled) {
+ using mozilla::dom::ServiceWorkerManager;
+ RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
+ if (swm) {
+ Maybe<ClientInfo> clientInfo = GetClientInfo();
+ if (clientInfo.isSome()) {
+ swm->MaybeCheckNavigationUpdate(clientInfo.ref());
+ }
+ }
+ }
+
+ if (mSetCompleteAfterDOMContentLoaded) {
+ SetReadyStateInternal(ReadyState::READYSTATE_COMPLETE);
+ mSetCompleteAfterDOMContentLoaded = false;
+ }
+
+ UnblockOnload(true);
+}
+
+void Document::EndLoad() {
+ bool turnOnEditing =
+ mParser && (HasFlag(NODE_IS_EDITABLE) || mContentEditableCount > 0);
+
+#if defined(DEBUG)
+ // only assert if nothing stopped the load on purpose
+ if (!mParserAborted) {
+ nsContentSecurityUtils::AssertAboutPageHasCSP(this);
+ }
+#endif
+
+ // EndLoad may have been called without a matching call to BeginLoad, in the
+ // case of a failed parse (for example, due to timeout). In such a case, we
+ // still want to execute part of this code to do appropriate cleanup, but we
+ // gate part of it because it is intended to match 1-for-1 with calls to
+ // BeginLoad. We have an explicit flag bit for this purpose, since it's
+ // complicated and error prone to derive this condition from other related
+ // flags that can be manipulated outside of a BeginLoad/EndLoad pair.
+
+ // Part 1: Code that always executes to cleanup end of parsing, whether
+ // that parsing was successful or not.
+
+ // Drop the ref to our parser, if any, but keep hold of the sink so that we
+ // can flush it from FlushPendingNotifications as needed. We might have to
+ // do that to get a StartLayout() to happen.
+ if (mParser) {
+ mWeakSink = do_GetWeakReference(mParser->GetContentSink());
+ mParser = nullptr;
+ }
+
+ // Update the attributes on the PerformanceNavigationTiming before notifying
+ // the onload observers.
+ if (nsPIDOMWindowInner* window = GetInnerWindow()) {
+ if (RefPtr<Performance> performance = window->GetPerformance()) {
+ performance->UpdateNavigationTimingEntry();
+ }
+ }
+
+ NS_DOCUMENT_NOTIFY_OBSERVERS(EndLoad, (this));
+
+ // Part 2: Code that only executes when this EndLoad matches a BeginLoad.
+
+ if (!mDidCallBeginLoad) {
+ return;
+ }
+ mDidCallBeginLoad = false;
+
+ UnblockDOMContentLoaded();
+
+ if (turnOnEditing) {
+ EditingStateChanged();
+ }
+
+ if (!GetWindow()) {
+ // This is a document that's not in a window. For example, this could be an
+ // XMLHttpRequest responseXML document, or a document created via DOMParser
+ // or DOMImplementation. We don't reach this code normally for such
+ // documents (which is not obviously correct), but can reach it via
+ // document.open()/document.close().
+ //
+ // Such documents don't fire load events, but per spec should set their
+ // readyState to "complete" when parsing and all loading of subresources is
+ // done. Parsing is done now, and documents not in a window don't load
+ // subresources, so just go ahead and mark ourselves as complete.
+ SetReadyStateInternal(Document::READYSTATE_COMPLETE,
+ /* updateTimingInformation = */ false);
+
+ // Reset mSkipLoadEventAfterClose just in case.
+ mSkipLoadEventAfterClose = false;
+ }
+}
+
+void Document::UnblockDOMContentLoaded() {
+ MOZ_ASSERT(mBlockDOMContentLoaded);
+ if (--mBlockDOMContentLoaded != 0 || mDidFireDOMContentLoaded) {
+ return;
+ }
+
+ MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug,
+ ("DOCUMENT %p UnblockDOMContentLoaded", this));
+
+ mDidFireDOMContentLoaded = true;
+ if (PresShell* presShell = GetPresShell()) {
+ presShell->GetRefreshDriver()->NotifyDOMContentLoaded();
+ }
+
+ MOZ_ASSERT(mReadyState == READYSTATE_INTERACTIVE);
+ if (!mSynchronousDOMContentLoaded) {
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIRunnable> ev =
+ NewRunnableMethod("Document::DispatchContentLoadedEvents", this,
+ &Document::DispatchContentLoadedEvents);
+ Dispatch(TaskCategory::Other, ev.forget());
+ } else {
+ DispatchContentLoadedEvents();
+ }
+}
+
+void Document::ContentStateChanged(nsIContent* aContent,
+ EventStates aStateMask) {
+ MOZ_ASSERT(!nsContentUtils::IsSafeToRunScript(),
+ "Someone forgot a scriptblocker");
+ NS_DOCUMENT_NOTIFY_OBSERVERS(ContentStateChanged,
+ (this, aContent, aStateMask));
+}
+
+void Document::RuleChanged(StyleSheet& aSheet, css::Rule*,
+ StyleRuleChangeKind) {
+ if (aSheet.IsApplicable()) {
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::RuleAdded(StyleSheet& aSheet, css::Rule& aRule) {
+ if (aRule.IsIncompleteImportRule()) {
+ return;
+ }
+
+ if (aSheet.IsApplicable()) {
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::ImportRuleLoaded(dom::CSSImportRule& aRule, StyleSheet& aSheet) {
+ if (aSheet.IsApplicable()) {
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::RuleRemoved(StyleSheet& aSheet, css::Rule& aRule) {
+ if (aSheet.IsApplicable()) {
+ ApplicableStylesChanged();
+ }
+}
+
+static Element* GetCustomContentContainer(PresShell* aPresShell) {
+ if (!aPresShell || !aPresShell->GetCanvasFrame()) {
+ return nullptr;
+ }
+
+ return aPresShell->GetCanvasFrame()->GetCustomContentContainer();
+}
+
+static void InsertAnonContentIntoCanvas(AnonymousContent& aAnonContent,
+ PresShell* aPresShell) {
+ Element* container = GetCustomContentContainer(aPresShell);
+ if (!container) {
+ return;
+ }
+
+ nsresult rv = container->AppendChildTo(&aAnonContent.ContentNode(), true);
+ if (NS_FAILED(rv)) {
+ return;
+ }
+
+ aPresShell->GetCanvasFrame()->ShowCustomContentContainer();
+}
+
+already_AddRefed<AnonymousContent> Document::InsertAnonymousContent(
+ Element& aElement, ErrorResult& aRv) {
+ nsAutoScriptBlocker scriptBlocker;
+
+ // Clone the node to avoid returning a direct reference.
+ nsCOMPtr<nsINode> clone = aElement.CloneNode(true, aRv);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+
+ auto anonContent =
+ MakeRefPtr<AnonymousContent>(clone.forget().downcast<Element>());
+ mAnonymousContents.AppendElement(anonContent);
+
+ InsertAnonContentIntoCanvas(*anonContent, GetPresShell());
+
+ return anonContent.forget();
+}
+
+static void RemoveAnonContentFromCanvas(AnonymousContent& aAnonContent,
+ PresShell* aPresShell) {
+ RefPtr<Element> container = GetCustomContentContainer(aPresShell);
+ if (!container) {
+ return;
+ }
+ container->RemoveChild(aAnonContent.ContentNode(), IgnoreErrors());
+}
+
+void Document::RemoveAnonymousContent(AnonymousContent& aContent,
+ ErrorResult& aRv) {
+ nsAutoScriptBlocker scriptBlocker;
+
+ auto index = mAnonymousContents.IndexOf(&aContent);
+ if (index == mAnonymousContents.NoIndex) {
+ return;
+ }
+
+ mAnonymousContents.RemoveElementAt(index);
+ RemoveAnonContentFromCanvas(aContent, GetPresShell());
+
+ if (mAnonymousContents.IsEmpty() &&
+ GetCustomContentContainer(GetPresShell())) {
+ GetPresShell()->GetCanvasFrame()->HideCustomContentContainer();
+ }
+}
+
+Element* Document::GetAnonRootIfInAnonymousContentContainer(
+ nsINode* aNode) const {
+ if (!aNode->IsInNativeAnonymousSubtree()) {
+ return nullptr;
+ }
+
+ PresShell* presShell = GetPresShell();
+ if (!presShell || !presShell->GetCanvasFrame()) {
+ return nullptr;
+ }
+
+ nsAutoScriptBlocker scriptBlocker;
+ nsCOMPtr<Element> customContainer =
+ presShell->GetCanvasFrame()->GetCustomContentContainer();
+ if (!customContainer) {
+ return nullptr;
+ }
+
+ // An arbitrary number of elements can be inserted as children of the custom
+ // container frame. We want the one that was added that contains aNode, so
+ // we need to keep track of the last child separately using |child| here.
+ nsINode* child = aNode;
+ nsINode* parent = aNode->GetParentNode();
+ while (parent && parent->IsInNativeAnonymousSubtree()) {
+ if (parent == customContainer) {
+ return Element::FromNode(child);
+ }
+ child = parent;
+ parent = child->GetParentNode();
+ }
+ return nullptr;
+}
+
+Maybe<ClientInfo> Document::GetClientInfo() const {
+ if (const Document* orig = GetOriginalDocument()) {
+ if (Maybe<ClientInfo> info = orig->GetClientInfo()) {
+ return info;
+ }
+ }
+
+ if (nsPIDOMWindowInner* inner = GetInnerWindow()) {
+ return inner->GetClientInfo();
+ }
+
+ return Maybe<ClientInfo>();
+}
+
+Maybe<ClientState> Document::GetClientState() const {
+ if (const Document* orig = GetOriginalDocument()) {
+ if (Maybe<ClientState> state = orig->GetClientState()) {
+ return state;
+ }
+ }
+
+ if (nsPIDOMWindowInner* inner = GetInnerWindow()) {
+ return inner->GetClientState();
+ }
+
+ return Maybe<ClientState>();
+}
+
+Maybe<ServiceWorkerDescriptor> Document::GetController() const {
+ if (const Document* orig = GetOriginalDocument()) {
+ if (Maybe<ServiceWorkerDescriptor> controller = orig->GetController()) {
+ return controller;
+ }
+ }
+
+ if (nsPIDOMWindowInner* inner = GetInnerWindow()) {
+ return inner->GetController();
+ }
+
+ return Maybe<ServiceWorkerDescriptor>();
+}
+
+//
+// Document interface
+//
+DocumentType* Document::GetDoctype() const {
+ for (nsIContent* child = GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ if (child->NodeType() == DOCUMENT_TYPE_NODE) {
+ return static_cast<DocumentType*>(child);
+ }
+ }
+ return nullptr;
+}
+
+DOMImplementation* Document::GetImplementation(ErrorResult& rv) {
+ if (!mDOMImplementation) {
+ nsCOMPtr<nsIURI> uri;
+ NS_NewURI(getter_AddRefs(uri), "about:blank");
+ if (!uri) {
+ rv.Throw(NS_ERROR_OUT_OF_MEMORY);
+ return nullptr;
+ }
+ bool hasHadScriptObject = true;
+ nsIScriptGlobalObject* scriptObject =
+ GetScriptHandlingObject(hasHadScriptObject);
+ if (!scriptObject && hasHadScriptObject) {
+ rv.Throw(NS_ERROR_UNEXPECTED);
+ return nullptr;
+ }
+ mDOMImplementation = new DOMImplementation(
+ this, scriptObject ? scriptObject : GetScopeObject(), uri, uri);
+ }
+
+ return mDOMImplementation;
+}
+
+bool IsLowercaseASCII(const nsAString& aValue) {
+ int32_t len = aValue.Length();
+ for (int32_t i = 0; i < len; ++i) {
+ char16_t c = aValue[i];
+ if (!(0x0061 <= (c) && ((c) <= 0x007a))) {
+ return false;
+ }
+ }
+ return true;
+}
+
+// We only support pseudo-elements with two colons in this function.
+static PseudoStyleType GetPseudoElementType(const nsString& aString,
+ ErrorResult& aRv) {
+ MOZ_ASSERT(!aString.IsEmpty(),
+ "GetPseudoElementType aString should be non-null");
+ if (aString.Length() <= 2 || aString[0] != ':' || aString[1] != ':') {
+ aRv.Throw(NS_ERROR_DOM_SYNTAX_ERR);
+ return PseudoStyleType::NotPseudo;
+ }
+ RefPtr<nsAtom> pseudo = NS_Atomize(Substring(aString, 1));
+ return nsCSSPseudoElements::GetPseudoType(pseudo,
+ CSSEnabledState::InUASheets);
+}
+
+already_AddRefed<Element> Document::CreateElement(
+ const nsAString& aTagName, const ElementCreationOptionsOrString& aOptions,
+ ErrorResult& rv) {
+ rv = nsContentUtils::CheckQName(aTagName, false);
+ if (rv.Failed()) {
+ return nullptr;
+ }
+
+ bool needsLowercase = IsHTMLDocument() && !IsLowercaseASCII(aTagName);
+ nsAutoString lcTagName;
+ if (needsLowercase) {
+ nsContentUtils::ASCIIToLower(aTagName, lcTagName);
+ }
+
+ const nsString* is = nullptr;
+ PseudoStyleType pseudoType = PseudoStyleType::NotPseudo;
+ if (aOptions.IsElementCreationOptions()) {
+ const ElementCreationOptions& options =
+ aOptions.GetAsElementCreationOptions();
+
+ if (options.mIs.WasPassed()) {
+ is = &options.mIs.Value();
+ }
+
+ // Check 'pseudo' and throw an exception if it's not one allowed
+ // with CSS_PSEUDO_ELEMENT_IS_JS_CREATED_NAC.
+ if (options.mPseudo.WasPassed()) {
+ pseudoType = GetPseudoElementType(options.mPseudo.Value(), rv);
+ if (rv.Failed() || pseudoType == PseudoStyleType::NotPseudo ||
+ !nsCSSPseudoElements::PseudoElementIsJSCreatedNAC(pseudoType)) {
+ rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return nullptr;
+ }
+ }
+ }
+
+ RefPtr<Element> elem = CreateElem(needsLowercase ? lcTagName : aTagName,
+ nullptr, mDefaultElementType, is);
+
+ if (pseudoType != PseudoStyleType::NotPseudo) {
+ elem->SetPseudoElementType(pseudoType);
+ }
+
+ return elem.forget();
+}
+
+already_AddRefed<Element> Document::CreateElementNS(
+ const nsAString& aNamespaceURI, const nsAString& aQualifiedName,
+ const ElementCreationOptionsOrString& aOptions, ErrorResult& rv) {
+ RefPtr<mozilla::dom::NodeInfo> nodeInfo;
+ rv = nsContentUtils::GetNodeInfoFromQName(aNamespaceURI, aQualifiedName,
+ mNodeInfoManager, ELEMENT_NODE,
+ getter_AddRefs(nodeInfo));
+ if (rv.Failed()) {
+ return nullptr;
+ }
+
+ const nsString* is = nullptr;
+ if (aOptions.IsElementCreationOptions()) {
+ const ElementCreationOptions& options =
+ aOptions.GetAsElementCreationOptions();
+ if (options.mIs.WasPassed()) {
+ is = &options.mIs.Value();
+ }
+ }
+
+ nsCOMPtr<Element> element;
+ rv = NS_NewElement(getter_AddRefs(element), nodeInfo.forget(),
+ NOT_FROM_PARSER, is);
+ if (rv.Failed()) {
+ return nullptr;
+ }
+
+ return element.forget();
+}
+
+already_AddRefed<Element> Document::CreateXULElement(
+ const nsAString& aTagName, const ElementCreationOptionsOrString& aOptions,
+ ErrorResult& aRv) {
+ aRv = nsContentUtils::CheckQName(aTagName, false);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+
+ const nsString* is = nullptr;
+ if (aOptions.IsElementCreationOptions()) {
+ const ElementCreationOptions& options =
+ aOptions.GetAsElementCreationOptions();
+ if (options.mIs.WasPassed()) {
+ is = &options.mIs.Value();
+ }
+ }
+
+ RefPtr<Element> elem = CreateElem(aTagName, nullptr, kNameSpaceID_XUL, is);
+ if (!elem) {
+ aRv.Throw(NS_ERROR_NOT_AVAILABLE);
+ return nullptr;
+ }
+ return elem.forget();
+}
+
+already_AddRefed<nsTextNode> Document::CreateEmptyTextNode() const {
+ RefPtr<nsTextNode> text = new (mNodeInfoManager) nsTextNode(mNodeInfoManager);
+ return text.forget();
+}
+
+already_AddRefed<nsTextNode> Document::CreateTextNode(
+ const nsAString& aData) const {
+ RefPtr<nsTextNode> text = new (mNodeInfoManager) nsTextNode(mNodeInfoManager);
+ // Don't notify; this node is still being created.
+ text->SetText(aData, false);
+ return text.forget();
+}
+
+already_AddRefed<DocumentFragment> Document::CreateDocumentFragment() const {
+ RefPtr<DocumentFragment> frag =
+ new (mNodeInfoManager) DocumentFragment(mNodeInfoManager);
+ return frag.forget();
+}
+
+// Unfortunately, bareword "Comment" is ambiguous with some Mac system headers.
+already_AddRefed<dom::Comment> Document::CreateComment(
+ const nsAString& aData) const {
+ RefPtr<dom::Comment> comment =
+ new (mNodeInfoManager) dom::Comment(mNodeInfoManager);
+
+ // Don't notify; this node is still being created.
+ comment->SetText(aData, false);
+ return comment.forget();
+}
+
+already_AddRefed<CDATASection> Document::CreateCDATASection(
+ const nsAString& aData, ErrorResult& rv) {
+ if (IsHTMLDocument()) {
+ rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return nullptr;
+ }
+
+ if (FindInReadable(u"]]>"_ns, aData)) {
+ rv.Throw(NS_ERROR_DOM_INVALID_CHARACTER_ERR);
+ return nullptr;
+ }
+
+ RefPtr<CDATASection> cdata =
+ new (mNodeInfoManager) CDATASection(mNodeInfoManager);
+
+ // Don't notify; this node is still being created.
+ cdata->SetText(aData, false);
+
+ return cdata.forget();
+}
+
+already_AddRefed<ProcessingInstruction> Document::CreateProcessingInstruction(
+ const nsAString& aTarget, const nsAString& aData, ErrorResult& rv) const {
+ nsresult res = nsContentUtils::CheckQName(aTarget, false);
+ if (NS_FAILED(res)) {
+ rv.Throw(res);
+ return nullptr;
+ }
+
+ if (FindInReadable(u"?>"_ns, aData)) {
+ rv.Throw(NS_ERROR_DOM_INVALID_CHARACTER_ERR);
+ return nullptr;
+ }
+
+ RefPtr<ProcessingInstruction> pi =
+ NS_NewXMLProcessingInstruction(mNodeInfoManager, aTarget, aData);
+
+ return pi.forget();
+}
+
+already_AddRefed<Attr> Document::CreateAttribute(const nsAString& aName,
+ ErrorResult& rv) {
+ if (!mNodeInfoManager) {
+ rv.Throw(NS_ERROR_NOT_INITIALIZED);
+ return nullptr;
+ }
+
+ nsresult res = nsContentUtils::CheckQName(aName, false);
+ if (NS_FAILED(res)) {
+ rv.Throw(res);
+ return nullptr;
+ }
+
+ nsAutoString name;
+ if (IsHTMLDocument()) {
+ nsContentUtils::ASCIIToLower(aName, name);
+ } else {
+ name = aName;
+ }
+
+ RefPtr<mozilla::dom::NodeInfo> nodeInfo;
+ res = mNodeInfoManager->GetNodeInfo(name, nullptr, kNameSpaceID_None,
+ ATTRIBUTE_NODE, getter_AddRefs(nodeInfo));
+ if (NS_FAILED(res)) {
+ rv.Throw(res);
+ return nullptr;
+ }
+
+ RefPtr<Attr> attribute =
+ new (mNodeInfoManager) Attr(nullptr, nodeInfo.forget(), u""_ns);
+ return attribute.forget();
+}
+
+already_AddRefed<Attr> Document::CreateAttributeNS(
+ const nsAString& aNamespaceURI, const nsAString& aQualifiedName,
+ ErrorResult& rv) {
+ RefPtr<mozilla::dom::NodeInfo> nodeInfo;
+ rv = nsContentUtils::GetNodeInfoFromQName(aNamespaceURI, aQualifiedName,
+ mNodeInfoManager, ATTRIBUTE_NODE,
+ getter_AddRefs(nodeInfo));
+ if (rv.Failed()) {
+ return nullptr;
+ }
+
+ RefPtr<Attr> attribute =
+ new (mNodeInfoManager) Attr(nullptr, nodeInfo.forget(), u""_ns);
+ return attribute.forget();
+}
+
+void Document::ResolveScheduledSVGPresAttrs() {
+ for (auto iter = mLazySVGPresElements.Iter(); !iter.Done(); iter.Next()) {
+ SVGElement* svg = iter.Get()->GetKey();
+ svg->UpdateContentDeclarationBlock();
+ }
+ mLazySVGPresElements.Clear();
+}
+
+already_AddRefed<nsSimpleContentList> Document::BlockedNodesByClassifier()
+ const {
+ RefPtr<nsSimpleContentList> list = new nsSimpleContentList(nullptr);
+
+ const nsTArray<nsWeakPtr> blockedNodes = mBlockedNodesByClassifier.Clone();
+
+ for (unsigned long i = 0; i < blockedNodes.Length(); i++) {
+ nsWeakPtr weakNode = blockedNodes[i];
+ nsCOMPtr<nsIContent> node = do_QueryReferent(weakNode);
+ // Consider only nodes to which we have managed to get strong references.
+ // Coping with nullptrs since it's expected for nodes to disappear when
+ // nobody else is referring to them.
+ if (node) {
+ list->AppendElement(node);
+ }
+ }
+
+ return list.forget();
+}
+
+void Document::GetSelectedStyleSheetSet(nsAString& aSheetSet) {
+ aSheetSet.Truncate();
+
+ // Look through our sheets, find the selected set title
+ size_t count = SheetCount();
+ nsAutoString title;
+ for (size_t index = 0; index < count; index++) {
+ StyleSheet* sheet = SheetAt(index);
+ NS_ASSERTION(sheet, "Null sheet in sheet list!");
+
+ if (sheet->Disabled()) {
+ // Disabled sheets don't affect the currently selected set
+ continue;
+ }
+
+ sheet->GetTitle(title);
+
+ if (aSheetSet.IsEmpty()) {
+ aSheetSet = title;
+ } else if (!title.IsEmpty() && !aSheetSet.Equals(title)) {
+ // Sheets from multiple sets enabled; return null string, per spec.
+ SetDOMStringToNull(aSheetSet);
+ return;
+ }
+ }
+}
+
+void Document::SetSelectedStyleSheetSet(const nsAString& aSheetSet) {
+ if (DOMStringIsNull(aSheetSet)) {
+ return;
+ }
+
+ // Must update mLastStyleSheetSet before doing anything else with stylesheets
+ // or CSSLoaders.
+ mLastStyleSheetSet = aSheetSet;
+ EnableStyleSheetsForSetInternal(aSheetSet, true);
+}
+
+void Document::SetPreferredStyleSheetSet(const nsAString& aSheetSet) {
+ mPreferredStyleSheetSet = aSheetSet;
+ // Only mess with our stylesheets if we don't have a lastStyleSheetSet, per
+ // spec.
+ if (DOMStringIsNull(mLastStyleSheetSet)) {
+ // Calling EnableStyleSheetsForSetInternal, not SetSelectedStyleSheetSet,
+ // per spec. The idea here is that we're changing our preferred set and
+ // that shouldn't change the value of lastStyleSheetSet. Also, we're
+ // using the Internal version so we can update the CSSLoader and not have
+ // to worry about null strings.
+ EnableStyleSheetsForSetInternal(aSheetSet, true);
+ }
+}
+
+DOMStringList* Document::StyleSheetSets() {
+ if (!mStyleSheetSetList) {
+ mStyleSheetSetList = new DOMStyleSheetSetList(this);
+ }
+ return mStyleSheetSetList;
+}
+
+void Document::EnableStyleSheetsForSet(const nsAString& aSheetSet) {
+ // Per spec, passing in null is a no-op.
+ if (!DOMStringIsNull(aSheetSet)) {
+ // Note: must make sure to not change the CSSLoader's preferred sheet --
+ // that value should be equal to either our lastStyleSheetSet (if that's
+ // non-null) or to our preferredStyleSheetSet. And this method doesn't
+ // change either of those.
+ EnableStyleSheetsForSetInternal(aSheetSet, false);
+ }
+}
+
+void Document::EnableStyleSheetsForSetInternal(const nsAString& aSheetSet,
+ bool aUpdateCSSLoader) {
+ size_t count = SheetCount();
+ nsAutoString title;
+ for (size_t index = 0; index < count; index++) {
+ StyleSheet* sheet = SheetAt(index);
+ NS_ASSERTION(sheet, "Null sheet in sheet list!");
+
+ sheet->GetTitle(title);
+ if (!title.IsEmpty()) {
+ sheet->SetEnabled(title.Equals(aSheetSet));
+ }
+ }
+ if (aUpdateCSSLoader) {
+ CSSLoader()->DocumentStyleSheetSetChanged();
+ }
+ if (mStyleSet->StyleSheetsHaveChanged()) {
+ ApplicableStylesChanged();
+ }
+}
+
+void Document::GetCharacterSet(nsAString& aCharacterSet) const {
+ nsAutoCString charset;
+ GetDocumentCharacterSet()->Name(charset);
+ CopyASCIItoUTF16(charset, aCharacterSet);
+}
+
+already_AddRefed<nsINode> Document::ImportNode(nsINode& aNode, bool aDeep,
+ ErrorResult& rv) const {
+ nsINode* imported = &aNode;
+
+ switch (imported->NodeType()) {
+ case DOCUMENT_NODE: {
+ break;
+ }
+ case DOCUMENT_FRAGMENT_NODE:
+ case ATTRIBUTE_NODE:
+ case ELEMENT_NODE:
+ case PROCESSING_INSTRUCTION_NODE:
+ case TEXT_NODE:
+ case CDATA_SECTION_NODE:
+ case COMMENT_NODE:
+ case DOCUMENT_TYPE_NODE: {
+ return imported->Clone(aDeep, mNodeInfoManager, rv);
+ }
+ default: {
+ NS_WARNING("Don't know how to clone this nodetype for importNode.");
+ }
+ }
+
+ rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return nullptr;
+}
+
+already_AddRefed<nsRange> Document::CreateRange(ErrorResult& rv) {
+ return nsRange::Create(this, 0, this, 0, rv);
+}
+
+already_AddRefed<NodeIterator> Document::CreateNodeIterator(
+ nsINode& aRoot, uint32_t aWhatToShow, NodeFilter* aFilter,
+ ErrorResult& rv) const {
+ RefPtr<NodeIterator> iterator =
+ new NodeIterator(&aRoot, aWhatToShow, aFilter);
+ return iterator.forget();
+}
+
+already_AddRefed<TreeWalker> Document::CreateTreeWalker(nsINode& aRoot,
+ uint32_t aWhatToShow,
+ NodeFilter* aFilter,
+ ErrorResult& rv) const {
+ RefPtr<TreeWalker> walker = new TreeWalker(&aRoot, aWhatToShow, aFilter);
+ return walker.forget();
+}
+
+already_AddRefed<Location> Document::GetLocation() const {
+ nsCOMPtr<nsPIDOMWindowInner> w = do_QueryInterface(mScriptGlobalObject);
+
+ if (!w) {
+ return nullptr;
+ }
+
+ return do_AddRef(w->Location());
+}
+
+already_AddRefed<nsIURI> Document::GetDomainURI() {
+ nsIPrincipal* principal = NodePrincipal();
+
+ nsCOMPtr<nsIURI> uri;
+ principal->GetDomain(getter_AddRefs(uri));
+ if (uri) {
+ return uri.forget();
+ }
+ auto* basePrin = BasePrincipal::Cast(principal);
+ basePrin->GetURI(getter_AddRefs(uri));
+ return uri.forget();
+}
+
+void Document::GetDomain(nsAString& aDomain) {
+ nsCOMPtr<nsIURI> uri = GetDomainURI();
+
+ if (!uri) {
+ aDomain.Truncate();
+ return;
+ }
+
+ nsAutoCString hostName;
+ nsresult rv = nsContentUtils::GetHostOrIPv6WithBrackets(uri, hostName);
+ if (NS_SUCCEEDED(rv)) {
+ CopyUTF8toUTF16(hostName, aDomain);
+ } else {
+ // If we can't get the host from the URI (e.g. about:, javascript:,
+ // etc), just return an empty string.
+ aDomain.Truncate();
+ }
+}
+
+void Document::SetDomain(const nsAString& aDomain, ErrorResult& rv) {
+ if (!GetBrowsingContext()) {
+ // If our browsing context is null; disallow setting domain
+ rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
+ }
+
+ if (mSandboxFlags & SANDBOXED_DOMAIN) {
+ // We're sandboxed; disallow setting domain
+ rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
+ }
+
+ if (!FeaturePolicyUtils::IsFeatureAllowed(this, u"document-domain"_ns)) {
+ rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
+ }
+
+ if (aDomain.IsEmpty()) {
+ rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
+ }
+
+ nsCOMPtr<nsIURI> uri = GetDomainURI();
+ if (!uri) {
+ rv.Throw(NS_ERROR_FAILURE);
+ return;
+ }
+
+ // Check new domain - must be a superdomain of the current host
+ // For example, a page from foo.bar.com may set domain to bar.com,
+ // but not to ar.com, baz.com, or fi.foo.bar.com.
+
+ nsCOMPtr<nsIURI> newURI = RegistrableDomainSuffixOfInternal(aDomain, uri);
+ if (!newURI) {
+ // Error: illegal domain
+ rv.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return;
+ }
+
+ if (CrossOriginIsolated()) {
+ WarnOnceAbout(Document::eDocumentSetDomainNotAllowed);
+ return;
+ }
+
+ MOZ_ALWAYS_SUCCEEDS(NodePrincipal()->SetDomain(newURI));
+ MOZ_ALWAYS_SUCCEEDS(PartitionedPrincipal()->SetDomain(newURI));
+}
+
+already_AddRefed<nsIURI> Document::CreateInheritingURIForHost(
+ const nsACString& aHostString) {
+ if (aHostString.IsEmpty()) {
+ return nullptr;
+ }
+
+ // Create new URI
+ nsCOMPtr<nsIURI> uri = GetDomainURI();
+ if (!uri) {
+ return nullptr;
+ }
+
+ nsresult rv;
+ rv = NS_MutateURI(uri)
+ .SetUserPass(""_ns)
+ .SetPort(-1) // we want to reset the port number if needed.
+ .SetHostPort(aHostString)
+ .Finalize(uri);
+ if (NS_FAILED(rv)) {
+ return nullptr;
+ }
+
+ return uri.forget();
+}
+
+already_AddRefed<nsIURI> Document::RegistrableDomainSuffixOfInternal(
+ const nsAString& aNewDomain, nsIURI* aOrigHost) {
+ if (NS_WARN_IF(!aOrigHost)) {
+ return nullptr;
+ }
+
+ nsCOMPtr<nsIURI> newURI =
+ CreateInheritingURIForHost(NS_ConvertUTF16toUTF8(aNewDomain));
+ if (!newURI) {
+ // Error: failed to parse input domain
+ return nullptr;
+ }
+
+ // Check new domain - must be a superdomain of the current host
+ // For example, a page from foo.bar.com may set domain to bar.com,
+ // but not to ar.com, baz.com, or fi.foo.bar.com.
+ nsAutoCString current;
+ nsAutoCString domain;
+ if (NS_FAILED(aOrigHost->GetAsciiHost(current))) {
+ current.Truncate();
+ }
+ if (NS_FAILED(newURI->GetAsciiHost(domain))) {
+ domain.Truncate();
+ }
+
+ bool ok = current.Equals(domain);
+ if (current.Length() > domain.Length() && StringEndsWith(current, domain) &&
+ current.CharAt(current.Length() - domain.Length() - 1) == '.') {
+ // We're golden if the new domain is the current page's base domain or a
+ // subdomain of it.
+ nsCOMPtr<nsIEffectiveTLDService> tldService =
+ do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
+ if (!tldService) {
+ return nullptr;
+ }
+
+ nsAutoCString currentBaseDomain;
+ ok = NS_SUCCEEDED(
+ tldService->GetBaseDomain(aOrigHost, 0, currentBaseDomain));
+ NS_ASSERTION(StringEndsWith(domain, currentBaseDomain) ==
+ (domain.Length() >= currentBaseDomain.Length()),
+ "uh-oh! slight optimization wasn't valid somehow!");
+ ok = ok && domain.Length() >= currentBaseDomain.Length();
+ }
+
+ if (!ok) {
+ // Error: illegal domain
+ return nullptr;
+ }
+
+ return CreateInheritingURIForHost(domain);
+}
+
+Element* Document::GetHtmlElement() const {
+ Element* rootElement = GetRootElement();
+ if (rootElement && rootElement->IsHTMLElement(nsGkAtoms::html))
+ return rootElement;
+ return nullptr;
+}
+
+Element* Document::GetHtmlChildElement(nsAtom* aTag) {
+ Element* html = GetHtmlElement();
+ if (!html) return nullptr;
+
+ // Look for the element with aTag inside html. This needs to run
+ // forwards to find the first such element.
+ for (nsIContent* child = html->GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ if (child->IsHTMLElement(aTag)) return child->AsElement();
+ }
+ return nullptr;
+}
+
+nsGenericHTMLElement* Document::GetBody() {
+ Element* html = GetHtmlElement();
+ if (!html) {
+ return nullptr;
+ }
+
+ for (nsIContent* child = html->GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ if (child->IsHTMLElement(nsGkAtoms::body) ||
+ child->IsHTMLElement(nsGkAtoms::frameset)) {
+ return static_cast<nsGenericHTMLElement*>(child);
+ }
+ }
+
+ return nullptr;
+}
+
+void Document::SetBody(nsGenericHTMLElement* newBody, ErrorResult& rv) {
+ nsCOMPtr<Element> root = GetRootElement();
+
+ // The body element must be either a body tag or a frameset tag. And we must
+ // have a root element to be able to add kids to it.
+ if (!newBody ||
+ !newBody->IsAnyOfHTMLElements(nsGkAtoms::body, nsGkAtoms::frameset) ||
+ !root) {
+ rv.Throw(NS_ERROR_DOM_HIERARCHY_REQUEST_ERR);
+ return;
+ }
+
+ // Use DOM methods so that we pass through the appropriate security checks.
+ nsCOMPtr<Element> currentBody = GetBody();
+ if (currentBody) {
+ root->ReplaceChild(*newBody, *currentBody, rv);
+ } else {
+ root->AppendChild(*newBody, rv);
+ }
+}
+
+HTMLSharedElement* Document::GetHead() {
+ return static_cast<HTMLSharedElement*>(GetHeadElement());
+}
+
+Element* Document::GetTitleElement() {
+ // mMayHaveTitleElement will have been set to true if any HTML or SVG
+ // <title> element has been bound to this document. So if it's false,
+ // we know there is nothing to do here. This avoids us having to search
+ // the whole DOM if someone calls document.title on a large document
+ // without a title.
+ if (!mMayHaveTitleElement) return nullptr;
+
+ Element* root = GetRootElement();
+ if (root && root->IsSVGElement(nsGkAtoms::svg)) {
+ // In SVG, the document's title must be a child
+ for (nsIContent* child = root->GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ if (child->IsSVGElement(nsGkAtoms::title)) {
+ return child->AsElement();
+ }
+ }
+ return nullptr;
+ }
+
+ // We check the HTML namespace even for non-HTML documents, except SVG. This
+ // matches the spec and the behavior of all tested browsers.
+ // We avoid creating a live nsContentList since we don't need to watch for DOM
+ // tree mutations.
+ RefPtr<nsContentList> list = new nsContentList(
+ this, kNameSpaceID_XHTML, nsGkAtoms::title, nsGkAtoms::title,
+ /* aDeep = */ true,
+ /* aLiveList = */ false);
+
+ nsIContent* first = list->Item(0, false);
+
+ return first ? first->AsElement() : nullptr;
+}
+
+void Document::GetTitle(nsAString& aTitle) {
+ aTitle.Truncate();
+
+ Element* rootElement = GetRootElement();
+ if (!rootElement) {
+ return;
+ }
+
+ nsAutoString tmp;
+
+#ifdef MOZ_XUL
+ if (rootElement->IsXULElement()) {
+ rootElement->GetAttr(kNameSpaceID_None, nsGkAtoms::title, tmp);
+ } else
+#endif
+ {
+ Element* title = GetTitleElement();
+ if (!title) {
+ return;
+ }
+ nsContentUtils::GetNodeTextContent(title, false, tmp);
+ }
+
+ tmp.CompressWhitespace();
+ aTitle = tmp;
+}
+
+void Document::SetTitle(const nsAString& aTitle, ErrorResult& aRv) {
+ Element* rootElement = GetRootElement();
+ if (!rootElement) {
+ return;
+ }
+
+#ifdef MOZ_XUL
+ if (rootElement->IsXULElement()) {
+ aRv =
+ rootElement->SetAttr(kNameSpaceID_None, nsGkAtoms::title, aTitle, true);
+ return;
+ }
+#endif
+
+ Maybe<mozAutoDocUpdate> updateBatch;
+ nsCOMPtr<Element> title = GetTitleElement();
+ if (rootElement->IsSVGElement(nsGkAtoms::svg)) {
+ if (!title) {
+ // Batch updates so that mutation events don't change "the title
+ // element" under us
+ updateBatch.emplace(this, true);
+ RefPtr<mozilla::dom::NodeInfo> titleInfo = mNodeInfoManager->GetNodeInfo(
+ nsGkAtoms::title, nullptr, kNameSpaceID_SVG, ELEMENT_NODE);
+ NS_NewSVGElement(getter_AddRefs(title), titleInfo.forget(),
+ NOT_FROM_PARSER);
+ if (!title) {
+ return;
+ }
+ rootElement->InsertChildBefore(title, rootElement->GetFirstChild(), true);
+ }
+ } else if (rootElement->IsHTMLElement()) {
+ if (!title) {
+ // Batch updates so that mutation events don't change "the title
+ // element" under us
+ updateBatch.emplace(this, true);
+ Element* head = GetHeadElement();
+ if (!head) {
+ return;
+ }
+
+ RefPtr<mozilla::dom::NodeInfo> titleInfo;
+ titleInfo = mNodeInfoManager->GetNodeInfo(
+ nsGkAtoms::title, nullptr, kNameSpaceID_XHTML, ELEMENT_NODE);
+ title = NS_NewHTMLTitleElement(titleInfo.forget());
+ if (!title) {
+ return;
+ }
+
+ head->AppendChildTo(title, true);
+ }
+ } else {
+ return;
+ }
+
+ aRv = nsContentUtils::SetNodeTextContent(title, aTitle, false);
+}
+
+void Document::NotifyPossibleTitleChange(bool aBoundTitleElement) {
+ NS_ASSERTION(!mInUnlinkOrDeletion || !aBoundTitleElement,
+ "Setting a title while unlinking or destroying the element?");
+ if (mInUnlinkOrDeletion) {
+ return;
+ }
+
+ if (aBoundTitleElement) {
+ mMayHaveTitleElement = true;
+ }
+ if (mPendingTitleChangeEvent.IsPending()) return;
+
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ RefPtr<nsRunnableMethod<Document, void, false>> event =
+ NewNonOwningRunnableMethod("Document::DoNotifyPossibleTitleChange", this,
+ &Document::DoNotifyPossibleTitleChange);
+ nsresult rv = Dispatch(TaskCategory::Other, do_AddRef(event));
+ if (NS_SUCCEEDED(rv)) {
+ mPendingTitleChangeEvent = std::move(event);
+ }
+}
+
+void Document::DoNotifyPossibleTitleChange() {
+ mPendingTitleChangeEvent.Forget();
+ mHaveFiredTitleChange = true;
+
+ nsAutoString title;
+ GetTitle(title);
+
+ RefPtr<PresShell> presShell = GetPresShell();
+ if (presShell) {
+ nsCOMPtr<nsISupports> container =
+ presShell->GetPresContext()->GetContainerWeak();
+ if (container) {
+ nsCOMPtr<nsIBaseWindow> docShellWin = do_QueryInterface(container);
+ if (docShellWin) {
+ docShellWin->SetTitle(title);
+ }
+ }
+ }
+
+ if (nsPIDOMWindowInner* inner = GetInnerWindow()) {
+ if (WindowGlobalChild* child = inner->GetWindowGlobalChild()) {
+ child->SendUpdateDocumentTitle(title);
+ }
+ }
+
+ // Fire a DOM event for the title change.
+ nsContentUtils::DispatchChromeEvent(this, ToSupports(this),
+ u"DOMTitleChanged"_ns, CanBubble::eYes,
+ Cancelable::eYes);
+}
+
+already_AddRefed<MediaQueryList> Document::MatchMedia(
+ const nsACString& aMediaQueryList, CallerType aCallerType) {
+ RefPtr<MediaQueryList> result =
+ new MediaQueryList(this, aMediaQueryList, aCallerType);
+
+ mDOMMediaQueryLists.insertBack(result);
+
+ return result.forget();
+}
+
+void Document::SetMayStartLayout(bool aMayStartLayout) {
+ mMayStartLayout = aMayStartLayout;
+ if (MayStartLayout()) {
+ // Before starting layout, check whether we're a toplevel chrome
+ // window. If we are, setup some state so that we don't have to restyle
+ // the whole tree after StartLayout.
+ if (nsCOMPtr<nsIAppWindow> win = GetAppWindowIfToplevelChrome()) {
+ // We're the chrome document!
+ win->BeforeStartLayout();
+ }
+ ReadyState state = GetReadyStateEnum();
+ if (state >= READYSTATE_INTERACTIVE) {
+ // DOMContentLoaded has fired already.
+ MaybeResolveReadyForIdle();
+ }
+ }
+
+ MaybeEditingStateChanged();
+}
+
+nsresult Document::InitializeFrameLoader(nsFrameLoader* aLoader) {
+ mInitializableFrameLoaders.RemoveElement(aLoader);
+ // Don't even try to initialize.
+ if (mInDestructor) {
+ NS_WARNING(
+ "Trying to initialize a frame loader while"
+ "document is being deleted");
+ return NS_ERROR_FAILURE;
+ }
+
+ mInitializableFrameLoaders.AppendElement(aLoader);
+ if (!mFrameLoaderRunner) {
+ mFrameLoaderRunner =
+ NewRunnableMethod("Document::MaybeInitializeFinalizeFrameLoaders", this,
+ &Document::MaybeInitializeFinalizeFrameLoaders);
+ NS_ENSURE_TRUE(mFrameLoaderRunner, NS_ERROR_OUT_OF_MEMORY);
+ nsContentUtils::AddScriptRunner(mFrameLoaderRunner);
+ }
+ return NS_OK;
+}
+
+nsresult Document::FinalizeFrameLoader(nsFrameLoader* aLoader,
+ nsIRunnable* aFinalizer) {
+ mInitializableFrameLoaders.RemoveElement(aLoader);
+ if (mInDestructor) {
+ return NS_ERROR_FAILURE;
+ }
+
+ LogRunnable::LogDispatch(aFinalizer);
+ mFrameLoaderFinalizers.AppendElement(aFinalizer);
+ if (!mFrameLoaderRunner) {
+ mFrameLoaderRunner =
+ NewRunnableMethod("Document::MaybeInitializeFinalizeFrameLoaders", this,
+ &Document::MaybeInitializeFinalizeFrameLoaders);
+ NS_ENSURE_TRUE(mFrameLoaderRunner, NS_ERROR_OUT_OF_MEMORY);
+ nsContentUtils::AddScriptRunner(mFrameLoaderRunner);
+ }
+ return NS_OK;
+}
+
+void Document::MaybeInitializeFinalizeFrameLoaders() {
+ if (mDelayFrameLoaderInitialization) {
+ // This method will be recalled when !mDelayFrameLoaderInitialization.
+ mFrameLoaderRunner = nullptr;
+ return;
+ }
+
+ // We're not in an update, but it is not safe to run scripts, so
+ // postpone frameloader initialization and finalization.
+ if (!nsContentUtils::IsSafeToRunScript()) {
+ if (!mInDestructor && !mFrameLoaderRunner &&
+ (mInitializableFrameLoaders.Length() ||
+ mFrameLoaderFinalizers.Length())) {
+ mFrameLoaderRunner = NewRunnableMethod(
+ "Document::MaybeInitializeFinalizeFrameLoaders", this,
+ &Document::MaybeInitializeFinalizeFrameLoaders);
+ nsContentUtils::AddScriptRunner(mFrameLoaderRunner);
+ }
+ return;
+ }
+ mFrameLoaderRunner = nullptr;
+
+ // Don't use a temporary array for mInitializableFrameLoaders, because
+ // loading a frame may cause some other frameloader to be removed from the
+ // array. But be careful to keep the loader alive when starting the load!
+ while (mInitializableFrameLoaders.Length()) {
+ RefPtr<nsFrameLoader> loader = mInitializableFrameLoaders[0];
+ mInitializableFrameLoaders.RemoveElementAt(0);
+ NS_ASSERTION(loader, "null frameloader in the array?");
+ loader->ReallyStartLoading();
+ }
+
+ uint32_t length = mFrameLoaderFinalizers.Length();
+ if (length > 0) {
+ nsTArray<nsCOMPtr<nsIRunnable>> finalizers =
+ std::move(mFrameLoaderFinalizers);
+ for (uint32_t i = 0; i < length; ++i) {
+ LogRunnable::Run run(finalizers[i]);
+ finalizers[i]->Run();
+ }
+ }
+}
+
+void Document::TryCancelFrameLoaderInitialization(nsIDocShell* aShell) {
+ uint32_t length = mInitializableFrameLoaders.Length();
+ for (uint32_t i = 0; i < length; ++i) {
+ if (mInitializableFrameLoaders[i]->GetExistingDocShell() == aShell) {
+ mInitializableFrameLoaders.RemoveElementAt(i);
+ return;
+ }
+ }
+}
+
+void Document::SetPrototypeDocument(nsXULPrototypeDocument* aPrototype) {
+ mPrototypeDocument = aPrototype;
+ mSynchronousDOMContentLoaded = true;
+}
+
+nsIPermissionDelegateHandler* Document::PermDelegateHandler() {
+ return GetPermissionDelegateHandler();
+}
+
+Document* Document::RequestExternalResource(
+ nsIURI* aURI, nsIReferrerInfo* aReferrerInfo, nsINode* aRequestingNode,
+ ExternalResourceLoad** aPendingLoad) {
+ MOZ_ASSERT(aURI, "Must have a URI");
+ MOZ_ASSERT(aRequestingNode, "Must have a node");
+ MOZ_ASSERT(aReferrerInfo, "Must have a referrerInfo");
+ if (mDisplayDocument) {
+ return mDisplayDocument->RequestExternalResource(
+ aURI, aReferrerInfo, aRequestingNode, aPendingLoad);
+ }
+
+ return mExternalResourceMap.RequestResource(
+ aURI, aReferrerInfo, aRequestingNode, this, aPendingLoad);
+}
+
+void Document::EnumerateExternalResources(SubDocEnumFunc aCallback) {
+ mExternalResourceMap.EnumerateResources(aCallback);
+}
+
+SMILAnimationController* Document::GetAnimationController() {
+ // We create the animation controller lazily because most documents won't want
+ // one and only SVG documents and the like will call this
+ if (mAnimationController) return mAnimationController;
+ // Refuse to create an Animation Controller for data documents.
+ if (mLoadedAsData) return nullptr;
+
+ mAnimationController = new SMILAnimationController(this);
+
+ // If there's a presContext then check the animation mode and pause if
+ // necessary.
+ nsPresContext* context = GetPresContext();
+ if (mAnimationController && context &&
+ context->ImageAnimationMode() == imgIContainer::kDontAnimMode) {
+ mAnimationController->Pause(SMILTimeContainer::PAUSE_USERPREF);
+ }
+
+ // If we're hidden (or being hidden), notify the newly-created animation
+ // controller. (Skip this check for SVG-as-an-image documents, though,
+ // because they don't get OnPageShow / OnPageHide calls).
+ if (!mIsShowing && !mIsBeingUsedAsImage) {
+ mAnimationController->OnPageHide();
+ }
+
+ return mAnimationController;
+}
+
+PendingAnimationTracker* Document::GetOrCreatePendingAnimationTracker() {
+ if (!mPendingAnimationTracker) {
+ mPendingAnimationTracker = new PendingAnimationTracker(this);
+ }
+
+ return mPendingAnimationTracker;
+}
+
+/**
+ * Retrieve the "direction" property of the document.
+ *
+ * @lina 01/09/2001
+ */
+void Document::GetDir(nsAString& aDirection) const {
+ aDirection.Truncate();
+ Element* rootElement = GetHtmlElement();
+ if (rootElement) {
+ static_cast<nsGenericHTMLElement*>(rootElement)->GetDir(aDirection);
+ }
+}
+
+/**
+ * Set the "direction" property of the document.
+ *
+ * @lina 01/09/2001
+ */
+void Document::SetDir(const nsAString& aDirection) {
+ Element* rootElement = GetHtmlElement();
+ if (rootElement) {
+ rootElement->SetAttr(kNameSpaceID_None, nsGkAtoms::dir, aDirection, true);
+ }
+}
+
+nsIHTMLCollection* Document::Images() {
+ if (!mImages) {
+ mImages = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::img,
+ nsGkAtoms::img);
+ }
+ return mImages;
+}
+
+nsIHTMLCollection* Document::Embeds() {
+ if (!mEmbeds) {
+ mEmbeds = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::embed,
+ nsGkAtoms::embed);
+ }
+ return mEmbeds;
+}
+
+static bool MatchLinks(Element* aElement, int32_t aNamespaceID, nsAtom* aAtom,
+ void* aData) {
+ return aElement->IsAnyOfHTMLElements(nsGkAtoms::a, nsGkAtoms::area) &&
+ aElement->HasAttr(kNameSpaceID_None, nsGkAtoms::href);
+}
+
+nsIHTMLCollection* Document::Links() {
+ if (!mLinks) {
+ mLinks = new nsContentList(this, MatchLinks, nullptr, nullptr);
+ }
+ return mLinks;
+}
+
+nsIHTMLCollection* Document::Forms() {
+ if (!mForms) {
+ // Please keep this in sync with nsHTMLDocument::GetFormsAndFormControls.
+ mForms = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::form,
+ nsGkAtoms::form);
+ }
+
+ return mForms;
+}
+
+nsIHTMLCollection* Document::Scripts() {
+ if (!mScripts) {
+ mScripts = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::script,
+ nsGkAtoms::script);
+ }
+ return mScripts;
+}
+
+nsIHTMLCollection* Document::Applets() {
+ if (!mApplets) {
+ mApplets = new nsEmptyContentList(this);
+ }
+ return mApplets;
+}
+
+static bool MatchAnchors(Element* aElement, int32_t aNamespaceID, nsAtom* aAtom,
+ void* aData) {
+ return aElement->IsHTMLElement(nsGkAtoms::a) &&
+ aElement->HasAttr(kNameSpaceID_None, nsGkAtoms::name);
+}
+
+nsIHTMLCollection* Document::Anchors() {
+ if (!mAnchors) {
+ mAnchors = new nsContentList(this, MatchAnchors, nullptr, nullptr);
+ }
+ return mAnchors;
+}
+
+mozilla::dom::Nullable<mozilla::dom::WindowProxyHolder> Document::Open(
+ const nsAString& aURL, const nsAString& aName, const nsAString& aFeatures,
+ ErrorResult& rv) {
+ MOZ_ASSERT(nsContentUtils::CanCallerAccess(this),
+ "XOW should have caught this!");
+
+ nsCOMPtr<nsPIDOMWindowInner> window = GetInnerWindow();
+ if (!window) {
+ rv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR);
+ return nullptr;
+ }
+ nsCOMPtr<nsPIDOMWindowOuter> outer =
+ nsPIDOMWindowOuter::GetFromCurrentInner(window);
+ if (!outer) {
+ rv.Throw(NS_ERROR_NOT_INITIALIZED);
+ return nullptr;
+ }
+ RefPtr<nsGlobalWindowOuter> win = nsGlobalWindowOuter::Cast(outer);
+ RefPtr<BrowsingContext> newBC;
+ rv = win->OpenJS(aURL, aName, aFeatures, getter_AddRefs(newBC));
+ if (!newBC) {
+ return nullptr;
+ }
+ return WindowProxyHolder(std::move(newBC));
+}
+
+Document* Document::Open(const Optional<nsAString>& /* unused */,
+ const Optional<nsAString>& /* unused */,
+ ErrorResult& aError) {
+ // Implements
+ // <https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-open-steps>
+
+ MOZ_ASSERT(nsContentUtils::CanCallerAccess(this),
+ "XOW should have caught this!");
+
+ // Step 1 -- throw if we're an XML document.
+ if (!IsHTMLDocument() || mDisableDocWrite) {
+ aError.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return nullptr;
+ }
+
+ // Step 2 -- throw if dynamic markup insertion should throw.
+ if (ShouldThrowOnDynamicMarkupInsertion()) {
+ aError.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return nullptr;
+ }
+
+ // Step 3 -- get the entry document, so we can use it for security checks.
+ nsCOMPtr<Document> callerDoc = GetEntryDocument();
+ if (!callerDoc) {
+ // If we're called from C++ or in some other way without an originating
+ // document we can't do a document.open w/o changing the principal of the
+ // document to something like about:blank (as that's the only sane thing to
+ // do when we don't know the origin of this call), and since we can't
+ // change the principals of a document for security reasons we'll have to
+ // refuse to go ahead with this call.
+
+ aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return nullptr;
+ }
+
+ // Step 4 -- make sure we're same-origin (not just same origin-domain) with
+ // the entry document.
+ if (!callerDoc->NodePrincipal()->Equals(NodePrincipal())) {
+ aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
+ return nullptr;
+ }
+
+ // Step 5 -- if we have an active parser with a nonzero script nesting level,
+ // just no-op.
+ if ((mParser && mParser->HasNonzeroScriptNestingLevel()) || mParserAborted) {
+ return this;
+ }
+
+ // Step 6 -- check for open() during unload. Per spec, this is just a check
+ // of the ignore-opens-during-unload counter, but our unload event code
+ // doesn't affect that counter yet (unlike pagehide and beforeunload, which
+ // do), so we check for unload directly.
+ if (ShouldIgnoreOpens()) {
+ return this;
+ }
+
+ nsCOMPtr<nsIDocShell> shell(mDocumentContainer);
+ if (shell) {
+ bool inUnload;
+ shell->GetIsInUnload(&inUnload);
+ if (inUnload) {
+ return this;
+ }
+ }
+
+ // document.open() inherits the CSP from the opening document.
+ // Please create an actual copy of the CSP (do not share the same
+ // reference) otherwise appending a new policy within the opened
+ // document will be incorrectly propagated to the opening doc.
+ nsCOMPtr<nsIContentSecurityPolicy> csp = callerDoc->GetCsp();
+ if (csp) {
+ RefPtr<nsCSPContext> cspToInherit = new nsCSPContext();
+ cspToInherit->InitFromOther(static_cast<nsCSPContext*>(csp.get()));
+ mCSP = cspToInherit;
+ }
+
+ // At this point we know this is a valid-enough document.open() call
+ // and not a no-op. Increment our use counter.
+ SetUseCounter(eUseCounter_custom_DocumentOpen);
+
+ // Step 7 -- stop existing navigation of our browsing context (and all other
+ // loads it's doing) if we're the active document of our browsing context.
+ // Note that we do not want to stop anything if there is no existing
+ // navigation.
+ if (shell && IsCurrentActiveDocument() &&
+ shell->GetIsAttemptingToNavigate()) {
+ nsCOMPtr<nsIWebNavigation> webnav(do_QueryInterface(shell));
+ webnav->Stop(nsIWebNavigation::STOP_NETWORK);
+
+ // The Stop call may have cancelled the onload blocker request or
+ // prevented it from getting added, so we need to make sure it gets added
+ // to the document again otherwise the document could have a non-zero
+ // onload block count without the onload blocker request being in the
+ // loadgroup.
+ EnsureOnloadBlocker();
+ }
+
+ // Step 8 -- clear event listeners out of our DOM tree
+ for (nsINode* node : ShadowIncludingTreeIterator(*this)) {
+ if (EventListenerManager* elm = node->GetExistingListenerManager()) {
+ elm->RemoveAllListeners();
+ }
+ }
+
+ // Step 9 -- clear event listeners from our window, if we have one.
+ //
+ // Note that we explicitly want the inner window, and only if we're its
+ // document. We want to do this (per spec) even when we're not the "active
+ // document", so we can't go through GetWindow(), because it might forward to
+ // the wrong inner.
+ if (nsPIDOMWindowInner* win = GetInnerWindow()) {
+ if (win->GetExtantDoc() == this) {
+ if (EventListenerManager* elm =
+ nsGlobalWindowInner::Cast(win)->GetExistingListenerManager()) {
+ elm->RemoveAllListeners();
+ }
+ }
+ }
+
+ // If we have a parser that has a zero script nesting level, we need to
+ // properly terminate it. We do that after we've removed all the event
+ // listeners (so termination won't trigger event listeners if it does
+ // something to the DOM), but before we remove all elements from the document
+ // (so if termination does modify the DOM in some way we will just blow it
+ // away immediately. See the similar code in WriteCommon that handles the
+ // !IsInsertionPointDefined() case and should stay in sync with this code.
+ if (mParser) {
+ MOZ_ASSERT(!mParser->HasNonzeroScriptNestingLevel(),
+ "Why didn't we take the early return?");
+ // Make sure we don't re-enter.
+ IgnoreOpensDuringUnload ignoreOpenGuard(this);
+ mParser->Terminate();
+ MOZ_RELEASE_ASSERT(!mParser, "mParser should have been null'd out");
+ }
+
+ // Step 10 -- remove all our DOM kids without firing any mutation events.
+ {
+ // We want to ignore any recursive calls to Open() that happen while
+ // disconnecting the node tree. The spec doesn't say to do this, but the
+ // spec also doesn't envision unload events on subframes firing while we do
+ // this, while all browsers fire them in practice. See
+ // <https://github.com/whatwg/html/issues/4611>.
+ IgnoreOpensDuringUnload ignoreOpenGuard(this);
+ DisconnectNodeTree();
+ }
+
+ // Step 11 -- if we're the current document in our docshell, do the
+ // equivalent of pushState() with the new URL we should have.
+ if (shell && IsCurrentActiveDocument()) {
+ nsCOMPtr<nsIURI> newURI = callerDoc->GetDocumentURI();
+ if (callerDoc != this) {
+ nsCOMPtr<nsIURI> noFragmentURI;
+ nsresult rv = NS_GetURIWithoutRef(newURI, getter_AddRefs(noFragmentURI));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aError.Throw(rv);
+ return nullptr;
+ }
+ newURI = std::move(noFragmentURI);
+ }
+
+ // UpdateURLAndHistory might do various member-setting, so make sure we're
+ // holding strong refs to all the refcounted args on the stack. We can
+ // assume that our caller is holding on to "this" already.
+ nsCOMPtr<nsIURI> currentURI = GetDocumentURI();
+ bool equalURIs;
+ nsresult rv = currentURI->Equals(newURI, &equalURIs);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aError.Throw(rv);
+ return nullptr;
+ }
+ nsCOMPtr<nsIStructuredCloneContainer> stateContainer(mStateObjectContainer);
+ rv = shell->UpdateURLAndHistory(this, newURI, stateContainer, u""_ns,
+ /* aReplace = */ true, currentURI,
+ equalURIs);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aError.Throw(rv);
+ return nullptr;
+ }
+
+ // And use the security info of the caller document as well, since
+ // it's the thing providing our data.
+ mSecurityInfo = callerDoc->GetSecurityInfo();
+
+ // This is not mentioned in the spec, but I think that's a spec bug. See
+ // <https://github.com/whatwg/html/issues/4299>. In any case, since our
+ // URL may be changing away from about:blank here, we really want to unset
+ // this flag no matter what, since only about:blank can be an initial
+ // document.
+ SetIsInitialDocument(false);
+
+ // And let our docloader know that it will need to track our load event.
+ nsDocShell::Cast(shell)->SetDocumentOpenedButNotLoaded();
+ }
+
+ // Per spec nothing happens with our URI in other cases, though note
+ // <https://github.com/whatwg/html/issues/4286>.
+
+ // Note that we don't need to do anything here with base URIs per spec.
+ // That said, this might be assuming that we implement
+ // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#fallback-base-url
+ // correctly, which we don't right now for the about:blank case.
+
+ // Step 12, but note <https://github.com/whatwg/html/issues/4292>.
+ mSkipLoadEventAfterClose = mLoadEventFiring;
+
+ // Preliminary to steps 13-16. Set our ready state to uninitialized before
+ // we do anything else, so we can then proceed to later ready state levels.
+ SetReadyStateInternal(READYSTATE_UNINITIALIZED,
+ /* updateTimingInformation = */ false);
+ // Reset a flag that affects readyState behavior.
+ mSetCompleteAfterDOMContentLoaded = false;
+
+ // Step 13 -- set our compat mode to standards.
+ SetCompatibilityMode(eCompatibility_FullStandards);
+
+ // Step 14 -- create a new parser associated with document. This also does
+ // step 16 implicitly.
+ mParserAborted = false;
+ RefPtr<nsHtml5Parser> parser = nsHtml5Module::NewHtml5Parser();
+ mParser = parser;
+ parser->Initialize(this, GetDocumentURI(), shell, nullptr);
+ nsresult rv = parser->StartExecutor();
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ aError.Throw(rv);
+ return nullptr;
+ }
+
+ // Clear out our form control state, because the state of controls
+ // in the pre-open() document should not affect the state of
+ // controls that are now going to be written.
+ mLayoutHistoryState = nullptr;
+
+ if (shell) {
+ // Prepare the docshell and the document viewer for the impending
+ // out-of-band document.write()
+ shell->PrepareForNewContentModel();
+
+ nsCOMPtr<nsIContentViewer> cv;
+ shell->GetContentViewer(getter_AddRefs(cv));
+ if (cv) {
+ cv->LoadStart(this);
+ }
+ }
+
+ // Step 15.
+ SetReadyStateInternal(Document::READYSTATE_LOADING,
+ /* updateTimingInformation = */ false);
+
+ // Step 16 happened with step 14 above.
+
+ // Step 17.
+ return this;
+}
+
+void Document::Close(ErrorResult& rv) {
+ if (!IsHTMLDocument()) {
+ // No calling document.close() on XHTML!
+
+ rv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ if (ShouldThrowOnDynamicMarkupInsertion()) {
+ rv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ if (!mParser || !mParser->IsScriptCreated()) {
+ return;
+ }
+
+ ++mWriteLevel;
+ rv = (static_cast<nsHtml5Parser*>(mParser.get()))
+ ->Parse(u""_ns, nullptr, true);
+ --mWriteLevel;
+}
+
+void Document::WriteCommon(const Sequence<nsString>& aText,
+ bool aNewlineTerminate, mozilla::ErrorResult& rv) {
+ // Fast path the common case
+ if (aText.Length() == 1) {
+ WriteCommon(aText[0], aNewlineTerminate, rv);
+ } else {
+ // XXXbz it would be nice if we could pass all the strings to the parser
+ // without having to do all this copying and then ask it to start
+ // parsing....
+ nsString text;
+ for (size_t i = 0; i < aText.Length(); ++i) {
+ text.Append(aText[i]);
+ }
+ WriteCommon(text, aNewlineTerminate, rv);
+ }
+}
+
+void Document::WriteCommon(const nsAString& aText, bool aNewlineTerminate,
+ ErrorResult& aRv) {
+#ifdef DEBUG
+ {
+ // Assert that we do not use or accidentally introduce doc.write()
+ // in system privileged context or in any of our about: pages.
+ nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
+ bool isAboutOrPrivContext = principal->IsSystemPrincipal();
+ if (!isAboutOrPrivContext) {
+ if (principal->SchemeIs("about")) {
+ // about:blank inherits the security contetext and this assertion
+ // is only meant for actual about: pages.
+ nsAutoCString host;
+ principal->GetHost(host);
+ isAboutOrPrivContext = !host.EqualsLiteral("blank");
+ }
+ }
+ // Some automated tests use an empty string to kick off some parsing
+ // mechansims, but they do not do any harm since they use an empty string.
+ MOZ_ASSERT(!isAboutOrPrivContext || aText.IsEmpty(),
+ "do not use doc.write in privileged context!");
+ }
+#endif
+
+ mTooDeepWriteRecursion =
+ (mWriteLevel > NS_MAX_DOCUMENT_WRITE_DEPTH || mTooDeepWriteRecursion);
+ if (NS_WARN_IF(mTooDeepWriteRecursion)) {
+ aRv.Throw(NS_ERROR_UNEXPECTED);
+ return;
+ }
+
+ if (!IsHTMLDocument() || mDisableDocWrite) {
+ // No calling document.write*() on XHTML!
+
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ if (ShouldThrowOnDynamicMarkupInsertion()) {
+ aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR);
+ return;
+ }
+
+ if (mParserAborted) {
+ // Hixie says aborting the parser doesn't undefine the insertion point.
+ // However, since we null out mParser in that case, we track the
+ // theoretically defined insertion point using mParserAborted.
+ return;
+ }
+
+ // Implement Step 4.1 of:
+ // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-write-steps
+ if (ShouldIgnoreOpens()) {
+ return;
+ }
+
+ void* key = GenerateParserKey();
+ if (mParser && !mParser->IsInsertionPointDefined()) {
+ if (mIgnoreDestructiveWritesCounter) {
+ // Instead of implying a call to document.open(), ignore the call.
+ nsContentUtils::ReportToConsole(
+ nsIScriptError::warningFlag, "DOM Events"_ns, this,
+ nsContentUtils::eDOM_PROPERTIES, "DocumentWriteIgnored");
+ return;
+ }
+ // The spec doesn't tell us to ignore opens from here, but we need to
+ // ensure opens are ignored here. See similar code in Open() that handles
+ // the case of an existing parser which is not currently running script and
+ // should stay in sync with this code.
+ IgnoreOpensDuringUnload ignoreOpenGuard(this);
+ mParser->Terminate();
+ MOZ_RELEASE_ASSERT(!mParser, "mParser should have been null'd out");
+ }
+
+ if (!mParser) {
+ if (mIgnoreDestructiveWritesCounter) {
+ // Instead of implying a call to document.open(), ignore the call.
+ nsContentUtils::ReportToConsole(
+ nsIScriptError::warningFlag, "DOM Events"_ns, this,
+ nsContentUtils::eDOM_PROPERTIES, "DocumentWriteIgnored");
+ return;
+ }
+
+ Open({}, {}, aRv);
+
+ // If Open() fails, or if it didn't create a parser (as it won't
+ // if the user chose to not discard the current document through
+ // onbeforeunload), don't write anything.
+ if (aRv.Failed() || !mParser) {
+ return;
+ }
+ }
+
+ static constexpr auto new_line = u"\n"_ns;
+
+ ++mWriteLevel;
+
+ // This could be done with less code, but for performance reasons it
+ // makes sense to have the code for two separate Parse() calls here
+ // since the concatenation of strings costs more than we like. And
+ // why pay that price when we don't need to?
+ if (aNewlineTerminate) {
+ aRv = (static_cast<nsHtml5Parser*>(mParser.get()))
+ ->Parse(aText + new_line, key, false);
+ } else {
+ aRv =
+ (static_cast<nsHtml5Parser*>(mParser.get()))->Parse(aText, key, false);
+ }
+
+ --mWriteLevel;
+
+ mTooDeepWriteRecursion = (mWriteLevel != 0 && mTooDeepWriteRecursion);
+}
+
+void Document::Write(const Sequence<nsString>& aText, ErrorResult& rv) {
+ WriteCommon(aText, false, rv);
+}
+
+void Document::Writeln(const Sequence<nsString>& aText, ErrorResult& rv) {
+ WriteCommon(aText, true, rv);
+}
+
+void* Document::GenerateParserKey(void) {
+ if (!mScriptLoader) {
+ // If we don't have a script loader, then the parser probably isn't parsing
+ // anything anyway, so just return null.
+ return nullptr;
+ }
+
+ // The script loader provides us with the currently executing script element,
+ // which is guaranteed to be unique per script.
+ nsIScriptElement* script = mScriptLoader->GetCurrentParserInsertedScript();
+ if (script && mParser && mParser->IsScriptCreated()) {
+ nsCOMPtr<nsIParser> creatorParser = script->GetCreatorParser();
+ if (creatorParser != mParser) {
+ // Make scripts that aren't inserted by the active parser of this document
+ // participate in the context of the script that document.open()ed
+ // this document.
+ return nullptr;
+ }
+ }
+ return script;
+}
+
+/* static */
+bool Document::MatchNameAttribute(Element* aElement, int32_t aNamespaceID,
+ nsAtom* aAtom, void* aData) {
+ MOZ_ASSERT(aElement, "Must have element to work with!");
+
+ if (!aElement->HasName()) {
+ return false;
+ }
+
+ nsString* elementName = static_cast<nsString*>(aData);
+ return aElement->GetNameSpaceID() == kNameSpaceID_XHTML &&
+ aElement->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name, *elementName,
+ eCaseMatters);
+}
+
+/* static */
+void* Document::UseExistingNameString(nsINode* aRootNode,
+ const nsString* aName) {
+ return const_cast<nsString*>(aName);
+}
+
+nsresult Document::GetDocumentURI(nsString& aDocumentURI) const {
+ if (mDocumentURI) {
+ nsAutoCString uri;
+ nsresult rv = mDocumentURI->GetSpec(uri);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ CopyUTF8toUTF16(uri, aDocumentURI);
+ } else {
+ aDocumentURI.Truncate();
+ }
+
+ return NS_OK;
+}
+
+// Alias of above
+nsresult Document::GetURL(nsString& aURL) const { return GetDocumentURI(aURL); }
+
+void Document::GetDocumentURIFromJS(nsString& aDocumentURI,
+ CallerType aCallerType,
+ ErrorResult& aRv) const {
+ if (!mChromeXHRDocURI || aCallerType != CallerType::System) {
+ aRv = GetDocumentURI(aDocumentURI);
+ return;
+ }
+
+ nsAutoCString uri;
+ nsresult res = mChromeXHRDocURI->GetSpec(uri);
+ if (NS_FAILED(res)) {
+ aRv.Throw(res);
+ return;
+ }
+ CopyUTF8toUTF16(uri, aDocumentURI);
+}
+
+nsIURI* Document::GetDocumentURIObject() const {
+ if (!mChromeXHRDocURI) {
+ return GetDocumentURI();
+ }
+
+ return mChromeXHRDocURI;
+}
+
+void Document::GetCompatMode(nsString& aCompatMode) const {
+ NS_ASSERTION(mCompatMode == eCompatibility_NavQuirks ||
+ mCompatMode == eCompatibility_AlmostStandards ||
+ mCompatMode == eCompatibility_FullStandards,
+ "mCompatMode is neither quirks nor strict for this document");
+
+ if (mCompatMode == eCompatibility_NavQuirks) {
+ aCompatMode.AssignLiteral("BackCompat");
+ } else {
+ aCompatMode.AssignLiteral("CSS1Compat");
+ }
+}
+
+} // namespace dom
+} // namespace mozilla
+
+void nsDOMAttributeMap::BlastSubtreeToPieces(nsINode* aNode) {
+ if (Element* element = Element::FromNode(aNode)) {
+ if (const nsDOMAttributeMap* map = element->GetAttributeMap()) {
+ while (true) {
+ RefPtr<Attr> attr;
+ {
+ // Use an iterator to get an arbitrary attribute from the
+ // cache. The iterator must be destroyed before any other
+ // operations on mAttributeCache, to avoid hash table
+ // assertions.
+ auto iter = map->mAttributeCache.ConstIter();
+ if (iter.Done()) {
+ break;
+ }
+ attr = iter.UserData();
+ }
+
+ BlastSubtreeToPieces(attr);
+
+ mozilla::DebugOnly<nsresult> rv =
+ element->UnsetAttr(attr->NodeInfo()->NamespaceID(),
+ attr->NodeInfo()->NameAtom(), false);
+
+ // XXX Should we abort here?
+ NS_ASSERTION(NS_SUCCEEDED(rv), "Uh-oh, UnsetAttr shouldn't fail!");
+ }
+ }
+
+ if (mozilla::dom::ShadowRoot* shadow = element->GetShadowRoot()) {
+ BlastSubtreeToPieces(shadow);
+ element->UnattachShadow();
+ }
+ }
+
+ while (aNode->HasChildren()) {
+ nsIContent* node = aNode->GetFirstChild();
+ BlastSubtreeToPieces(node);
+ aNode->RemoveChildNode(node, false);
+ }
+}
+
+namespace mozilla::dom {
+
+nsINode* Document::AdoptNode(nsINode& aAdoptedNode, ErrorResult& rv) {
+ nsINode* adoptedNode = &aAdoptedNode;
+
+ // Scope firing mutation events so that we don't carry any state that
+ // might be stale
+ {
+ nsINode* parent = adoptedNode->GetParentNode();
+ if (parent) {
+ nsContentUtils::MaybeFireNodeRemoved(adoptedNode, parent);
+ }
+ }
+
+ nsAutoScriptBlocker scriptBlocker;
+
+ switch (adoptedNode->NodeType()) {
+ case ATTRIBUTE_NODE: {
+ // Remove from ownerElement.
+ RefPtr<Attr> adoptedAttr = static_cast<Attr*>(adoptedNode);
+
+ nsCOMPtr<Element> ownerElement = adoptedAttr->GetOwnerElement(rv);
+ if (rv.Failed()) {
+ return nullptr;
+ }
+
+ if (ownerElement) {
+ RefPtr<Attr> newAttr =
+ ownerElement->RemoveAttributeNode(*adoptedAttr, rv);
+ if (rv.Failed()) {
+ return nullptr;
+ }
+
+ newAttr.swap(adoptedAttr);
+ }
+
+ break;
+ }
+ case DOCUMENT_FRAGMENT_NODE: {
+ if (adoptedNode->IsShadowRoot()) {
+ rv.Throw(NS_ERROR_DOM_HIERARCHY_REQUEST_ERR);
+ return nullptr;
+ }
+ [[fallthrough]];
+ }
+ case ELEMENT_NODE:
+ case PROCESSING_INSTRUCTION_NODE:
+ case TEXT_NODE:
+ case CDATA_SECTION_NODE:
+ case COMMENT_NODE:
+ case DOCUMENT_TYPE_NODE: {
+ // Don't allow adopting a node's anonymous subtree out from under it.
+ if (adoptedNode->IsRootOfNativeAnonymousSubtree()) {
+ rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return nullptr;
+ }
+
+ // We don't want to adopt an element into its own contentDocument or into
+ // a descendant contentDocument, so we check if the frameElement of this
+ // document or any of its parents is the adopted node or one of its
+ // descendants.
+ Document* doc = this;
+ do {
+ if (nsPIDOMWindowOuter* win = doc->GetWindow()) {
+ nsCOMPtr<nsINode> node = win->GetFrameElementInternal();
+ if (node && node->IsInclusiveDescendantOf(adoptedNode)) {
+ rv.Throw(NS_ERROR_DOM_HIERARCHY_REQUEST_ERR);
+ return nullptr;
+ }
+ }
+ } while ((doc = doc->GetInProcessParentDocument()));
+
+ // Remove from parent.
+ nsCOMPtr<nsINode> parent = adoptedNode->GetParentNode();
+ if (parent) {
+ parent->RemoveChildNode(adoptedNode->AsContent(), true);
+ } else {
+ MOZ_ASSERT(!adoptedNode->IsInUncomposedDoc());
+ }
+
+ break;
+ }
+ case DOCUMENT_NODE: {
+ rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return nullptr;
+ }
+ default: {
+ NS_WARNING("Don't know how to adopt this nodetype for adoptNode.");
+
+ rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return nullptr;
+ }
+ }
+
+ nsCOMPtr<Document> oldDocument = adoptedNode->OwnerDoc();
+ bool sameDocument = oldDocument == this;
+
+ AutoJSContext cx;
+ JS::Rooted<JSObject*> newScope(cx, nullptr);
+ if (!sameDocument) {
+ newScope = GetWrapper();
+ if (!newScope && GetScopeObject() && GetScopeObject()->HasJSGlobal()) {
+ // Make sure cx is in a semi-sane compartment before we call WrapNative.
+ // It's kind of irrelevant, given that we're passing aAllowWrapping =
+ // false, and documents should always insist on being wrapped in an
+ // canonical scope. But we try to pass something sane anyway.
+ JSObject* globalObject = GetScopeObject()->GetGlobalJSObject();
+ JSAutoRealm ar(cx, globalObject);
+ JS::Rooted<JS::Value> v(cx);
+ rv = nsContentUtils::WrapNative(cx, ToSupports(this), this, &v,
+ /* aAllowWrapping = */ false);
+ if (rv.Failed()) return nullptr;
+ newScope = &v.toObject();
+ }
+ }
+
+ adoptedNode->Adopt(sameDocument ? nullptr : mNodeInfoManager, newScope, rv);
+ if (rv.Failed()) {
+ // Disconnect all nodes from their parents, since some have the old document
+ // as their ownerDocument and some have this as their ownerDocument.
+ nsDOMAttributeMap::BlastSubtreeToPieces(adoptedNode);
+ return nullptr;
+ }
+
+ MOZ_ASSERT(adoptedNode->OwnerDoc() == this,
+ "Should still be in the document we just got adopted into");
+
+ return adoptedNode;
+}
+
+bool Document::UseWidthDeviceWidthFallbackViewport() const { return false; }
+
+static Maybe<LayoutDeviceToScreenScale> ParseScaleString(
+ const nsString& aScaleString) {
+ // https://drafts.csswg.org/css-device-adapt/#min-scale-max-scale
+ if (aScaleString.EqualsLiteral("device-width") ||
+ aScaleString.EqualsLiteral("device-height")) {
+ return Some(LayoutDeviceToScreenScale(10.0f));
+ } else if (aScaleString.EqualsLiteral("yes")) {
+ return Some(LayoutDeviceToScreenScale(1.0f));
+ } else if (aScaleString.EqualsLiteral("no")) {
+ return Some(LayoutDeviceToScreenScale(kViewportMinScale));
+ } else if (aScaleString.IsEmpty()) {
+ return Nothing();
+ }
+
+ nsresult scaleErrorCode;
+ float scale = aScaleString.ToFloatAllowTrailingChars(&scaleErrorCode);
+ if (NS_FAILED(scaleErrorCode)) {
+ return Some(LayoutDeviceToScreenScale(kViewportMinScale));
+ }
+
+ if (scale < 0) {
+ return Nothing();
+ }
+ return Some(clamped(LayoutDeviceToScreenScale(scale), kViewportMinScale,
+ kViewportMaxScale));
+}
+
+void Document::ParseScalesInViewportMetaData(
+ const ViewportMetaData& aViewportMetaData) {
+ Maybe<LayoutDeviceToScreenScale> scale;
+
+ scale = ParseScaleString(aViewportMetaData.mInitialScale);
+ mScaleFloat = scale.valueOr(LayoutDeviceToScreenScale(0.0f));
+ mValidScaleFloat = scale.isSome();
+
+ scale = ParseScaleString(aViewportMetaData.mMaximumScale);
+ // Chrome uses '5' for the fallback value of maximum-scale, we might
+ // consider matching it in future.
+ // https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/html_meta_element.cc?l=452&rcl=65ca4278b42d269ca738fc93ef7ae04a032afeb0
+ mScaleMaxFloat = scale.valueOr(kViewportMaxScale);
+ mValidMaxScale = scale.isSome();
+
+ scale = ParseScaleString(aViewportMetaData.mMinimumScale);
+ mScaleMinFloat = scale.valueOr(kViewportMinScale);
+ mValidMinScale = scale.isSome();
+
+ // Resolve min-zoom and max-zoom values.
+ // https://drafts.csswg.org/css-device-adapt/#constraining-min-max-zoom
+ if (mValidMaxScale && mValidMinScale) {
+ mScaleMaxFloat = std::max(mScaleMinFloat, mScaleMaxFloat);
+ }
+}
+
+void Document::ParseWidthAndHeightInMetaViewport(const nsAString& aWidthString,
+ const nsAString& aHeightString,
+ bool aHasValidScale) {
+ // The width and height properties
+ // https://drafts.csswg.org/css-device-adapt/#width-and-height-properties
+ //
+ // The width and height viewport <META> properties are translated into width
+ // and height descriptors, setting the min-width/min-height value to
+ // extend-to-zoom and the max-width/max-height value to the length from the
+ // viewport <META> property as follows:
+ //
+ // 1. Non-negative number values are translated to pixel lengths, clamped to
+ // the range: [1px, 10000px]
+ // 2. Negative number values are dropped
+ // 3. device-width and device-height translate to 100vw and 100vh respectively
+ // 4. Other keywords and unknown values are also dropped
+ mMinWidth = nsViewportInfo::Auto;
+ mMaxWidth = nsViewportInfo::Auto;
+ if (!aWidthString.IsEmpty()) {
+ mMinWidth = nsViewportInfo::ExtendToZoom;
+ if (aWidthString.EqualsLiteral("device-width")) {
+ mMaxWidth = nsViewportInfo::DeviceSize;
+ } else {
+ nsresult widthErrorCode;
+ mMaxWidth = aWidthString.ToInteger(&widthErrorCode);
+ if (NS_FAILED(widthErrorCode)) {
+ mMaxWidth = nsViewportInfo::Auto;
+ } else if (mMaxWidth >= 0.0f) {
+ mMaxWidth = clamped(mMaxWidth, CSSCoord(1.0f), CSSCoord(10000.0f));
+ } else {
+ mMaxWidth = nsViewportInfo::Auto;
+ }
+ }
+ } else if (aHasValidScale) {
+ if (aHeightString.IsEmpty()) {
+ mMinWidth = nsViewportInfo::ExtendToZoom;
+ mMaxWidth = nsViewportInfo::ExtendToZoom;
+ }
+ } else if (aHeightString.IsEmpty() && UseWidthDeviceWidthFallbackViewport()) {
+ mMinWidth = nsViewportInfo::ExtendToZoom;
+ mMaxWidth = nsViewportInfo::DeviceSize;
+ }
+
+ mMinHeight = nsViewportInfo::Auto;
+ mMaxHeight = nsViewportInfo::Auto;
+ if (!aHeightString.IsEmpty()) {
+ mMinHeight = nsViewportInfo::ExtendToZoom;
+ if (aHeightString.EqualsLiteral("device-height")) {
+ mMaxHeight = nsViewportInfo::DeviceSize;
+ } else {
+ nsresult heightErrorCode;
+ mMaxHeight = aHeightString.ToInteger(&heightErrorCode);
+ if (NS_FAILED(heightErrorCode)) {
+ mMaxHeight = nsViewportInfo::Auto;
+ } else if (mMaxHeight >= 0.0f) {
+ mMaxHeight = clamped(mMaxHeight, CSSCoord(1.0f), CSSCoord(10000.0f));
+ } else {
+ mMaxHeight = nsViewportInfo::Auto;
+ }
+ }
+ }
+}
+
+nsViewportInfo Document::GetViewportInfo(const ScreenIntSize& aDisplaySize) {
+ MOZ_ASSERT(mPresShell);
+
+ // Compute the CSS-to-LayoutDevice pixel scale as the product of the
+ // widget scale and the full zoom.
+ nsPresContext* context = mPresShell->GetPresContext();
+ // When querying the full zoom, get it from the device context rather than
+ // directly from the pres context, because the device context's value can
+ // include an adjustment necessay to keep the number of app units per device
+ // pixel an integer, and we want the adjusted value.
+ float fullZoom = context ? context->DeviceContext()->GetFullZoom() : 1.0;
+ fullZoom = (fullZoom == 0.0) ? 1.0 : fullZoom;
+ CSSToLayoutDeviceScale layoutDeviceScale =
+ context ? context->CSSToDevPixelScale() : CSSToLayoutDeviceScale(1);
+
+ CSSToScreenScale defaultScale =
+ layoutDeviceScale * LayoutDeviceToScreenScale(1.0);
+
+ // Special behaviour for desktop mode, provided we are not on an about: page
+ nsPIDOMWindowOuter* win = GetWindow();
+ if (win && win->IsDesktopModeViewport() && !IsAboutPage()) {
+ CSSCoord viewportWidth =
+ StaticPrefs::browser_viewport_desktopWidth() / fullZoom;
+ CSSToScreenScale scaleToFit(aDisplaySize.width / viewportWidth);
+ float aspectRatio = (float)aDisplaySize.height / aDisplaySize.width;
+ CSSSize viewportSize(viewportWidth, viewportWidth * aspectRatio);
+ ScreenIntSize fakeDesktopSize = RoundedToInt(viewportSize * scaleToFit);
+ return nsViewportInfo(fakeDesktopSize, scaleToFit,
+ nsViewportInfo::ZoomFlag::AllowZoom,
+ nsViewportInfo::ZoomBehaviour::Mobile);
+ }
+
+ if (!nsLayoutUtils::ShouldHandleMetaViewport(this)) {
+ return nsViewportInfo(aDisplaySize, defaultScale,
+ nsLayoutUtils::AllowZoomingForDocument(this)
+ ? nsViewportInfo::ZoomFlag::AllowZoom
+ : nsViewportInfo::ZoomFlag::DisallowZoom,
+ StaticPrefs::apz_allow_zooming_out()
+ ? nsViewportInfo::ZoomBehaviour::Mobile
+ : nsViewportInfo::ZoomBehaviour::Desktop);
+ }
+
+ // In cases where the width of the CSS viewport is less than or equal to the
+ // width of the display (i.e. width <= device-width) then we disable
+ // double-tap-to-zoom behaviour. See bug 941995 for details.
+
+ switch (mViewportType) {
+ case DisplayWidthHeight:
+ return nsViewportInfo(aDisplaySize, defaultScale,
+ nsViewportInfo::ZoomFlag::AllowZoom,
+ nsViewportInfo::ZoomBehaviour::Mobile);
+ case Unknown: {
+ nsAutoString viewport;
+ GetHeaderData(nsGkAtoms::viewport, viewport);
+ // We might early exit if the viewport is empty. Even if we don't,
+ // at the end of this case we'll note that it was empty. Later, when
+ // we're using the cached values, this will trigger alternate code paths.
+ if (viewport.IsEmpty()) {
+ // If the docType specifies that we are on a site optimized for mobile,
+ // then we want to return specially crafted defaults for the viewport
+ // info.
+ RefPtr<DocumentType> docType = GetDoctype();
+ if (docType) {
+ nsAutoString docId;
+ docType->GetPublicId(docId);
+ if ((docId.Find("WAP") != -1) || (docId.Find("Mobile") != -1) ||
+ (docId.Find("WML") != -1)) {
+ // We're making an assumption that the docType can't change here
+ mViewportType = DisplayWidthHeight;
+ return nsViewportInfo(aDisplaySize, defaultScale,
+ nsViewportInfo::ZoomFlag::AllowZoom,
+ nsViewportInfo::ZoomBehaviour::Mobile);
+ }
+ }
+
+ nsAutoString handheldFriendly;
+ GetHeaderData(nsGkAtoms::handheldFriendly, handheldFriendly);
+ if (handheldFriendly.EqualsLiteral("true")) {
+ mViewportType = DisplayWidthHeight;
+ return nsViewportInfo(aDisplaySize, defaultScale,
+ nsViewportInfo::ZoomFlag::AllowZoom,
+ nsViewportInfo::ZoomBehaviour::Mobile);
+ }
+ }
+
+ ViewportMetaData metaData = GetViewportMetaData();
+
+ // Parse initial-scale, minimum-scale and maximum-scale.
+ ParseScalesInViewportMetaData(metaData);
+
+ // Parse width and height properties
+ // This function sets m{Min,Max}{Width,Height}.
+ ParseWidthAndHeightInMetaViewport(metaData.mWidth, metaData.mHeight,
+ mValidScaleFloat);
+
+ mAllowZoom = true;
+ if ((metaData.mUserScalable.EqualsLiteral("0")) ||
+ (metaData.mUserScalable.EqualsLiteral("no")) ||
+ (metaData.mUserScalable.EqualsLiteral("false"))) {
+ mAllowZoom = false;
+ }
+
+ // Resolve viewport-fit value.
+ // https://drafts.csswg.org/css-round-display/#viewport-fit-descriptor
+ mViewportFit = ViewportFitType::Auto;
+ if (!metaData.mViewportFit.IsEmpty()) {
+ if (metaData.mViewportFit.EqualsLiteral("contain")) {
+ mViewportFit = ViewportFitType::Contain;
+ } else if (metaData.mViewportFit.EqualsLiteral("cover")) {
+ mViewportFit = ViewportFitType::Cover;
+ }
+ }
+
+ mWidthStrEmpty = metaData.mWidth.IsEmpty();
+
+ mViewportType = Specified;
+ [[fallthrough]];
+ }
+ case Specified:
+ default:
+ LayoutDeviceToScreenScale effectiveMinScale = mScaleMinFloat;
+ LayoutDeviceToScreenScale effectiveMaxScale = mScaleMaxFloat;
+ bool effectiveValidMaxScale = mValidMaxScale;
+
+ nsViewportInfo::ZoomFlag effectiveZoomFlag =
+ mAllowZoom ? nsViewportInfo::ZoomFlag::AllowZoom
+ : nsViewportInfo::ZoomFlag::DisallowZoom;
+ if (StaticPrefs::browser_ui_zoom_force_user_scalable()) {
+ // If the pref to force user-scalable is enabled, we ignore the values
+ // from the meta-viewport tag for these properties and just assume they
+ // allow the page to be scalable. Note in particular that this code is
+ // in the "Specified" branch of the enclosing switch statement, so that
+ // calls to GetViewportInfo always use the latest value of the
+ // browser_ui_zoom_force_user_scalable pref. Other codepaths that
+ // return nsViewportInfo instances are all consistent with
+ // browser_ui_zoom_force_user_scalable() already.
+ effectiveMinScale = kViewportMinScale;
+ effectiveMaxScale = kViewportMaxScale;
+ effectiveValidMaxScale = true;
+ effectiveZoomFlag = nsViewportInfo::ZoomFlag::AllowZoom;
+ }
+
+ // Returns extend-zoom value which is MIN(mScaleFloat, mScaleMaxFloat).
+ auto ComputeExtendZoom = [&]() -> float {
+ if (mValidScaleFloat && effectiveValidMaxScale) {
+ return std::min(mScaleFloat.scale, effectiveMaxScale.scale);
+ }
+ if (mValidScaleFloat) {
+ return mScaleFloat.scale;
+ }
+ if (effectiveValidMaxScale) {
+ return effectiveMaxScale.scale;
+ }
+ return nsViewportInfo::Auto;
+ };
+
+ // Resolving 'extend-to-zoom'
+ // https://drafts.csswg.org/css-device-adapt/#resolve-extend-to-zoom
+ float extendZoom = ComputeExtendZoom();
+
+ CSSCoord minWidth = mMinWidth;
+ CSSCoord maxWidth = mMaxWidth;
+ CSSCoord minHeight = mMinHeight;
+ CSSCoord maxHeight = mMaxHeight;
+
+ // aDisplaySize is in screen pixels; convert them to CSS pixels for the
+ // viewport size. We need to use this scaled size for any clamping of
+ // width or height.
+ CSSSize displaySize = ScreenSize(aDisplaySize) / defaultScale;
+
+ // Our min and max width and height values are mostly as specified by
+ // the viewport declaration, but we make an exception for max width.
+ // Max width, if auto, and if there's no initial-scale, will be set
+ // to a default size. This is to support legacy site design with no
+ // viewport declaration, and to do that using the same scheme as
+ // Chrome does, in order to maintain web compatibility. Since the
+ // default size has a complicated calculation, we fixup the maxWidth
+ // value after setting it, above.
+ if (maxWidth == nsViewportInfo::Auto && !mValidScaleFloat) {
+ BrowsingContext* bc = GetBrowsingContext();
+ if (bc && bc->TouchEventsOverride() == TouchEventsOverride::Enabled &&
+ bc->InRDMPane()) {
+ // If RDM and touch simulation are active, then use the simulated
+ // screen width to accomodate for cases where the screen width is
+ // larger than the desktop viewport default.
+ maxWidth = nsViewportInfo::Max(
+ displaySize.width, StaticPrefs::browser_viewport_desktopWidth());
+ } else {
+ maxWidth = StaticPrefs::browser_viewport_desktopWidth();
+ }
+ // Divide by fullZoom to stretch CSS pixel size of viewport in order
+ // to keep device pixel size unchanged after full zoom applied.
+ // See bug 974242.
+ maxWidth /= fullZoom;
+
+ // We set minWidth to ExtendToZoom, which will cause our later width
+ // calculation to expand to maxWidth, if scale restrictions allow it.
+ minWidth = nsViewportInfo::ExtendToZoom;
+ }
+
+ // Resolve device-width and device-height first.
+ if (maxWidth == nsViewportInfo::DeviceSize) {
+ maxWidth = displaySize.width;
+ }
+ if (maxHeight == nsViewportInfo::DeviceSize) {
+ maxHeight = displaySize.height;
+ }
+ if (extendZoom == nsViewportInfo::Auto) {
+ if (maxWidth == nsViewportInfo::ExtendToZoom) {
+ maxWidth = nsViewportInfo::Auto;
+ }
+ if (maxHeight == nsViewportInfo::ExtendToZoom) {
+ maxHeight = nsViewportInfo::Auto;
+ }
+ if (minWidth == nsViewportInfo::ExtendToZoom) {
+ minWidth = maxWidth;
+ }
+ if (minHeight == nsViewportInfo::ExtendToZoom) {
+ minHeight = maxHeight;
+ }
+ } else {
+ CSSSize extendSize = displaySize / extendZoom;
+ if (maxWidth == nsViewportInfo::ExtendToZoom) {
+ maxWidth = extendSize.width;
+ }
+ if (maxHeight == nsViewportInfo::ExtendToZoom) {
+ maxHeight = extendSize.height;
+ }
+ if (minWidth == nsViewportInfo::ExtendToZoom) {
+ minWidth = nsViewportInfo::Max(extendSize.width, maxWidth);
+ }
+ if (minHeight == nsViewportInfo::ExtendToZoom) {
+ minHeight = nsViewportInfo::Max(extendSize.height, maxHeight);
+ }
+ }
+
+ // Resolve initial width and height from min/max descriptors
+ // https://drafts.csswg.org/css-device-adapt/#resolve-initial-width-height
+ CSSCoord width = nsViewportInfo::Auto;
+ if (minWidth != nsViewportInfo::Auto ||
+ maxWidth != nsViewportInfo::Auto) {
+ width = nsViewportInfo::Max(
+ minWidth, nsViewportInfo::Min(maxWidth, displaySize.width));
+ }
+ CSSCoord height = nsViewportInfo::Auto;
+ if (minHeight != nsViewportInfo::Auto ||
+ maxHeight != nsViewportInfo::Auto) {
+ height = nsViewportInfo::Max(
+ minHeight, nsViewportInfo::Min(maxHeight, displaySize.height));
+ }
+
+ // Resolve width value
+ // https://drafts.csswg.org/css-device-adapt/#resolve-width
+ if (width == nsViewportInfo::Auto) {
+ if (height == nsViewportInfo::Auto || aDisplaySize.height == 0) {
+ width = displaySize.width;
+ } else {
+ width = height * aDisplaySize.width / aDisplaySize.height;
+ }
+ }
+
+ // Resolve height value
+ // https://drafts.csswg.org/css-device-adapt/#resolve-height
+ if (height == nsViewportInfo::Auto) {
+ if (aDisplaySize.width == 0) {
+ height = displaySize.height;
+ } else {
+ height = width * aDisplaySize.height / aDisplaySize.width;
+ }
+ }
+ MOZ_ASSERT(width != nsViewportInfo::Auto &&
+ height != nsViewportInfo::Auto);
+
+ CSSSize size(width, height);
+
+ CSSToScreenScale scaleFloat = mScaleFloat * layoutDeviceScale;
+ CSSToScreenScale scaleMinFloat = effectiveMinScale * layoutDeviceScale;
+ CSSToScreenScale scaleMaxFloat = effectiveMaxScale * layoutDeviceScale;
+
+ nsViewportInfo::AutoSizeFlag sizeFlag =
+ nsViewportInfo::AutoSizeFlag::FixedSize;
+ if (mMaxWidth == nsViewportInfo::DeviceSize ||
+ (mWidthStrEmpty && (mMaxHeight == nsViewportInfo::DeviceSize ||
+ mScaleFloat.scale == 1.0f)) ||
+ (!mWidthStrEmpty && mMaxWidth == nsViewportInfo::Auto &&
+ mMaxHeight < 0)) {
+ sizeFlag = nsViewportInfo::AutoSizeFlag::AutoSize;
+ }
+
+ // FIXME: Resolving width and height should be done above 'Resolve width
+ // value' and 'Resolve height value'.
+ if (sizeFlag == nsViewportInfo::AutoSizeFlag::AutoSize) {
+ size = displaySize;
+ }
+
+ // The purpose of clamping the viewport width to a minimum size is to
+ // prevent page authors from setting it to a ridiculously small value.
+ // If the page is actually being rendered in a very small area (as might
+ // happen in e.g. Android 8's picture-in-picture mode), we don't want to
+ // prevent the viewport from taking on that size.
+ CSSSize effectiveMinSize = Min(CSSSize(kViewportMinSize), displaySize);
+
+ size.width = clamped(size.width, effectiveMinSize.width,
+ float(kViewportMaxSize.width));
+
+ // Also recalculate the default zoom, if it wasn't specified in the
+ // metadata, and the width is specified.
+ if (!mValidScaleFloat && !mWidthStrEmpty) {
+ CSSToScreenScale bestFitScale(float(aDisplaySize.width) / size.width);
+ scaleFloat = (scaleFloat > bestFitScale) ? scaleFloat : bestFitScale;
+ }
+
+ size.height = clamped(size.height, effectiveMinSize.height,
+ float(kViewportMaxSize.height));
+
+ // In cases of user-scalable=no, if we have a positive scale, clamp it to
+ // min and max, and then use the clamped value for the scale, the min, and
+ // the max. If we don't have a positive scale, assert that we are setting
+ // the auto scale flag.
+ if (effectiveZoomFlag == nsViewportInfo::ZoomFlag::DisallowZoom &&
+ scaleFloat > CSSToScreenScale(0.0f)) {
+ scaleFloat = scaleMinFloat = scaleMaxFloat =
+ clamped(scaleFloat, scaleMinFloat, scaleMaxFloat);
+ }
+ MOZ_ASSERT(
+ scaleFloat > CSSToScreenScale(0.0f) || !mValidScaleFloat,
+ "If we don't have a positive scale, we should be using auto scale.");
+
+ // We need to perform a conversion, but only if the initial or maximum
+ // scale were set explicitly by the user.
+ if (mValidScaleFloat && scaleFloat >= scaleMinFloat &&
+ scaleFloat <= scaleMaxFloat) {
+ CSSSize displaySize = ScreenSize(aDisplaySize) / scaleFloat;
+ size.width = std::max(size.width, displaySize.width);
+ size.height = std::max(size.height, displaySize.height);
+ } else if (effectiveValidMaxScale) {
+ CSSSize displaySize = ScreenSize(aDisplaySize) / scaleMaxFloat;
+ size.width = std::max(size.width, displaySize.width);
+ size.height = std::max(size.height, displaySize.height);
+ }
+
+ return nsViewportInfo(
+ scaleFloat, scaleMinFloat, scaleMaxFloat, size, sizeFlag,
+ mValidScaleFloat ? nsViewportInfo::AutoScaleFlag::FixedScale
+ : nsViewportInfo::AutoScaleFlag::AutoScale,
+ effectiveZoomFlag, mViewportFit);
+ }
+}
+
+ViewportMetaData Document::GetViewportMetaData() const {
+ // The order of mMetaViewport is first-modified is first. We want the last
+ // modified since Chrome uses the last one.
+ // See https://webcompat.com/issues/20701#issuecomment-436054739
+ return !mMetaViewports.IsEmpty() ? mMetaViewports.LastElement().mData
+ : ViewportMetaData();
+}
+
+void Document::AddMetaViewportElement(HTMLMetaElement* aElement,
+ ViewportMetaData&& aData) {
+ for (size_t i = 0; i < mMetaViewports.Length(); i++) {
+ MetaViewportElementAndData& viewport = mMetaViewports[i];
+ if (viewport.mElement == aElement) {
+ if (viewport.mData == aData) {
+ return;
+ }
+ // Move the existing one to the tail since Chrome uses the last modified
+ // viewport meta tag.
+ mMetaViewports.RemoveElementAt(i);
+ break;
+ }
+ }
+
+ mMetaViewports.AppendElement(MetaViewportElementAndData{aElement, aData});
+ // Trigger recomputation of the nsViewportInfo the next time it's queried.
+ mViewportType = Unknown;
+
+ RefPtr<AsyncEventDispatcher> asyncDispatcher =
+ new AsyncEventDispatcher(this, u"DOMMetaViewportFitChanged"_ns,
+ CanBubble::eYes, ChromeOnlyDispatch::eYes);
+ asyncDispatcher->RunDOMEventWhenSafe();
+}
+
+void Document::RemoveMetaViewportElement(HTMLMetaElement* aElement) {
+ for (MetaViewportElementAndData& viewport : mMetaViewports) {
+ if (viewport.mElement == aElement) {
+ mMetaViewports.RemoveElement(viewport);
+ // Trigger recomputation of the nsViewportInfo the next time it's queried.
+ mViewportType = Unknown;
+
+ RefPtr<AsyncEventDispatcher> asyncDispatcher =
+ new AsyncEventDispatcher(this, u"DOMMetaViewportFitChanged"_ns,
+ CanBubble::eYes, ChromeOnlyDispatch::eYes);
+ asyncDispatcher->RunDOMEventWhenSafe();
+ return;
+ }
+ }
+}
+
+EventListenerManager* Document::GetOrCreateListenerManager() {
+ if (!mListenerManager) {
+ mListenerManager =
+ new EventListenerManager(static_cast<EventTarget*>(this));
+ SetFlags(NODE_HAS_LISTENERMANAGER);
+ }
+
+ return mListenerManager;
+}
+
+EventListenerManager* Document::GetExistingListenerManager() const {
+ return mListenerManager;
+}
+
+void Document::GetEventTargetParent(EventChainPreVisitor& aVisitor) {
+ aVisitor.mCanHandle = true;
+ // FIXME! This is a hack to make middle mouse paste working also in Editor.
+ // Bug 329119
+ aVisitor.mForceContentDispatch = true;
+
+ // Load events must not propagate to |window| object, see bug 335251.
+ if (aVisitor.mEvent->mMessage != eLoad) {
+ nsGlobalWindowOuter* window = nsGlobalWindowOuter::Cast(GetWindow());
+ aVisitor.SetParentTarget(
+ window ? window->GetTargetForEventTargetChain() : nullptr, false);
+ }
+}
+
+already_AddRefed<Event> Document::CreateEvent(const nsAString& aEventType,
+ CallerType aCallerType,
+ ErrorResult& rv) const {
+ nsPresContext* presContext = GetPresContext();
+
+ // Create event even without presContext.
+ RefPtr<Event> ev =
+ EventDispatcher::CreateEvent(const_cast<Document*>(this), presContext,
+ nullptr, aEventType, aCallerType);
+ if (!ev) {
+ rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
+ return nullptr;
+ }
+ WidgetEvent* e = ev->WidgetEventPtr();
+ e->mFlags.mBubbles = false;
+ e->mFlags.mCancelable = false;
+ return ev.forget();
+}
+
+void Document::FlushPendingNotifications(FlushType aType) {
+ mozilla::ChangesToFlush flush(aType, aType >= FlushType::Style);
+ FlushPendingNotifications(flush);
+}
+
+class nsDocumentOnStack {
+ public:
+ explicit nsDocumentOnStack(Document* aDoc) : mDoc(aDoc) {
+ mDoc->IncreaseStackRefCnt();
+ }
+ ~nsDocumentOnStack() { mDoc->DecreaseStackRefCnt(); }
+
+ private:
+ Document* mDoc;
+};
+
+void Document::FlushPendingNotifications(mozilla::ChangesToFlush aFlush) {
+ FlushType flushType = aFlush.mFlushType;
+
+ nsDocumentOnStack dos(this);
+
+ // We need to flush the sink for non-HTML documents (because the XML
+ // parser still does insertion with deferred notifications). We
+ // also need to flush the sink if this is a layout-related flush, to
+ // make sure that layout is started as needed. But we can skip that
+ // part if we have no presshell or if it's already done an initial
+ // reflow.
+ if ((!IsHTMLDocument() || (flushType > FlushType::ContentAndNotify &&
+ mPresShell && !mPresShell->DidInitialize())) &&
+ (mParser || mWeakSink)) {
+ nsCOMPtr<nsIContentSink> sink;
+ if (mParser) {
+ sink = mParser->GetContentSink();
+ } else {
+ sink = do_QueryReferent(mWeakSink);
+ if (!sink) {
+ mWeakSink = nullptr;
+ }
+ }
+ // Determine if it is safe to flush the sink notifications
+ // by determining if it safe to flush all the presshells.
+ if (sink && (flushType == FlushType::Content || IsSafeToFlush())) {
+ sink->FlushPendingNotifications(flushType);
+ }
+ }
+
+ // Should we be flushing pending binding constructors in here?
+
+ if (flushType <= FlushType::ContentAndNotify) {
+ // Nothing to do here
+ return;
+ }
+
+ // If we have a parent we must flush the parent too to ensure that our
+ // container is reflowed if its size was changed.
+ //
+ // We do it only if the subdocument and the parent can observe each other
+ // synchronously (that is, if we're not cross-origin), to avoid work that is
+ // not observable, and if the parent document has finished loading all its
+ // render-blocking stylesheets and may start laying out the document, to avoid
+ // unnecessary flashes of unstyled content on the parent document. Note that
+ // this last bit means that size-dependent media queries in this document may
+ // produce incorrect results temporarily.
+ //
+ // But if it's not safe to flush ourselves, then don't flush the parent, since
+ // that can cause things like resizes of our frame's widget, which we can't
+ // handle while flushing is unsafe.
+ if (StyleOrLayoutObservablyDependsOnParentDocumentLayout() &&
+ mParentDocument->MayStartLayout() && IsSafeToFlush()) {
+ ChangesToFlush parentFlush = aFlush;
+ if (flushType >= FlushType::Style) {
+ // Since media queries mean that a size change of our container can affect
+ // style, we need to promote a style flush on ourself to a layout flush on
+ // our parent, since we need our container to be the correct size to
+ // determine the correct style.
+ parentFlush.mFlushType = std::max(FlushType::Layout, flushType);
+ }
+ mParentDocument->FlushPendingNotifications(parentFlush);
+ }
+
+ if (RefPtr<PresShell> presShell = GetPresShell()) {
+ presShell->FlushPendingNotifications(aFlush);
+ }
+}
+
+void Document::FlushExternalResources(FlushType aType) {
+ NS_ASSERTION(
+ aType >= FlushType::Style,
+ "should only need to flush for style or higher in external resources");
+ if (GetDisplayDocument()) {
+ return;
+ }
+
+ auto flush = [aType](Document& aDoc) {
+ aDoc.FlushPendingNotifications(aType);
+ return CallState::Continue;
+ };
+
+ EnumerateExternalResources(flush);
+}
+
+void Document::SetXMLDeclaration(const char16_t* aVersion,
+ const char16_t* aEncoding,
+ const int32_t aStandalone) {
+ if (!aVersion || *aVersion == '\0') {
+ mXMLDeclarationBits = 0;
+ return;
+ }
+
+ mXMLDeclarationBits = XML_DECLARATION_BITS_DECLARATION_EXISTS;
+
+ if (aEncoding && *aEncoding != '\0') {
+ mXMLDeclarationBits |= XML_DECLARATION_BITS_ENCODING_EXISTS;
+ }
+
+ if (aStandalone == 1) {
+ mXMLDeclarationBits |= XML_DECLARATION_BITS_STANDALONE_EXISTS |
+ XML_DECLARATION_BITS_STANDALONE_YES;
+ } else if (aStandalone == 0) {
+ mXMLDeclarationBits |= XML_DECLARATION_BITS_STANDALONE_EXISTS;
+ }
+}
+
+void Document::GetXMLDeclaration(nsAString& aVersion, nsAString& aEncoding,
+ nsAString& aStandalone) {
+ aVersion.Truncate();
+ aEncoding.Truncate();
+ aStandalone.Truncate();
+
+ if (!(mXMLDeclarationBits & XML_DECLARATION_BITS_DECLARATION_EXISTS)) {
+ return;
+ }
+
+ // always until we start supporting 1.1 etc.
+ aVersion.AssignLiteral("1.0");
+
+ if (mXMLDeclarationBits & XML_DECLARATION_BITS_ENCODING_EXISTS) {
+ // This is what we have stored, not necessarily what was written
+ // in the original
+ GetCharacterSet(aEncoding);
+ }
+
+ if (mXMLDeclarationBits & XML_DECLARATION_BITS_STANDALONE_EXISTS) {
+ if (mXMLDeclarationBits & XML_DECLARATION_BITS_STANDALONE_YES) {
+ aStandalone.AssignLiteral("yes");
+ } else {
+ aStandalone.AssignLiteral("no");
+ }
+ }
+}
+
+bool Document::IsScriptEnabled() {
+ // If this document is sandboxed without 'allow-scripts'
+ // script is not enabled
+ if (HasScriptsBlockedBySandbox()) {
+ return false;
+ }
+
+ nsCOMPtr<nsIScriptGlobalObject> globalObject =
+ do_QueryInterface(GetInnerWindow());
+ if (!globalObject || !globalObject->HasJSGlobal()) {
+ return false;
+ }
+
+ return xpc::Scriptability::Get(globalObject->GetGlobalJSObjectPreserveColor())
+ .Allowed();
+}
+
+void Document::RetrieveRelevantHeaders(nsIChannel* aChannel) {
+ PRTime modDate = 0;
+ nsresult rv;
+
+ nsCOMPtr<nsIHttpChannel> httpChannel;
+ rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return;
+ }
+
+ if (httpChannel) {
+ nsAutoCString tmp;
+ rv = httpChannel->GetResponseHeader("last-modified"_ns, tmp);
+
+ if (NS_SUCCEEDED(rv)) {
+ PRTime time;
+ PRStatus st = PR_ParseTimeString(tmp.get(), true, &time);
+ if (st == PR_SUCCESS) {
+ modDate = time;
+ }
+ }
+
+ static const char* const headers[] = {
+ "default-style", "content-style-type", "content-language",
+ "content-disposition", "refresh", "x-dns-prefetch-control",
+ "x-frame-options",
+ // add more http headers if you need
+ // XXXbz don't add content-location support without reading bug
+ // 238654 and its dependencies/dups first.
+ 0};
+
+ nsAutoCString headerVal;
+ const char* const* name = headers;
+ while (*name) {
+ rv = httpChannel->GetResponseHeader(nsDependentCString(*name), headerVal);
+ if (NS_SUCCEEDED(rv) && !headerVal.IsEmpty()) {
+ RefPtr<nsAtom> key = NS_Atomize(*name);
+ SetHeaderData(key, NS_ConvertASCIItoUTF16(headerVal));
+ }
+ ++name;
+ }
+ } else {
+ nsCOMPtr<nsIFileChannel> fileChannel = do_QueryInterface(aChannel);
+ if (fileChannel) {
+ nsCOMPtr<nsIFile> file;
+ fileChannel->GetFile(getter_AddRefs(file));
+ if (file) {
+ PRTime msecs;
+ rv = file->GetLastModifiedTime(&msecs);
+
+ if (NS_SUCCEEDED(rv)) {
+ modDate = msecs * int64_t(PR_USEC_PER_MSEC);
+ }
+ }
+ } else {
+ nsAutoCString contentDisp;
+ rv = aChannel->GetContentDispositionHeader(contentDisp);
+ if (NS_SUCCEEDED(rv)) {
+ SetHeaderData(nsGkAtoms::headerContentDisposition,
+ NS_ConvertASCIItoUTF16(contentDisp));
+ }
+ }
+ }
+
+ mLastModified.Truncate();
+ if (modDate != 0) {
+ GetFormattedTimeString(modDate, mLastModified);
+ }
+}
+
+void Document::ProcessMETATag(HTMLMetaElement* aMetaElement) {
+ // set any HTTP-EQUIV data into document's header data as well as url
+ nsAutoString header;
+ aMetaElement->GetAttr(kNameSpaceID_None, nsGkAtoms::httpEquiv, header);
+ if (!header.IsEmpty()) {
+ // Ignore META REFRESH when document is sandboxed from automatic features.
+ nsContentUtils::ASCIIToLower(header);
+ if (nsGkAtoms::refresh->Equals(header) &&
+ (GetSandboxFlags() & SANDBOXED_AUTOMATIC_FEATURES)) {
+ return;
+ }
+
+ nsAutoString result;
+ aMetaElement->GetAttr(kNameSpaceID_None, nsGkAtoms::content, result);
+ if (!result.IsEmpty()) {
+ RefPtr<nsAtom> fieldAtom(NS_Atomize(header));
+ SetHeaderData(fieldAtom, result);
+ }
+ }
+
+ if (aMetaElement->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name,
+ nsGkAtoms::handheldFriendly, eIgnoreCase)) {
+ nsAutoString result;
+ aMetaElement->GetAttr(kNameSpaceID_None, nsGkAtoms::content, result);
+ if (!result.IsEmpty()) {
+ nsContentUtils::ASCIIToLower(result);
+ SetHeaderData(nsGkAtoms::handheldFriendly, result);
+ }
+ }
+}
+
+already_AddRefed<Element> Document::CreateElem(const nsAString& aName,
+ nsAtom* aPrefix,
+ int32_t aNamespaceID,
+ const nsAString* aIs) {
+#ifdef DEBUG
+ nsAutoString qName;
+ if (aPrefix) {
+ aPrefix->ToString(qName);
+ qName.Append(':');
+ }
+ qName.Append(aName);
+
+ // Note: "a:b:c" is a valid name in non-namespaces XML, and
+ // Document::CreateElement can call us with such a name and no prefix,
+ // which would cause an error if we just used true here.
+ bool nsAware = aPrefix != nullptr || aNamespaceID != GetDefaultNamespaceID();
+ NS_ASSERTION(NS_SUCCEEDED(nsContentUtils::CheckQName(qName, nsAware)),
+ "Don't pass invalid prefixes to Document::CreateElem, "
+ "check caller.");
+#endif
+
+ RefPtr<mozilla::dom::NodeInfo> nodeInfo;
+ mNodeInfoManager->GetNodeInfo(aName, aPrefix, aNamespaceID, ELEMENT_NODE,
+ getter_AddRefs(nodeInfo));
+ NS_ENSURE_TRUE(nodeInfo, nullptr);
+
+ nsCOMPtr<Element> element;
+ nsresult rv = NS_NewElement(getter_AddRefs(element), nodeInfo.forget(),
+ NOT_FROM_PARSER, aIs);
+ return NS_SUCCEEDED(rv) ? element.forget() : nullptr;
+}
+
+bool Document::IsSafeToFlush() const {
+ PresShell* presShell = GetPresShell();
+ if (!presShell) {
+ return true;
+ }
+ return presShell->IsSafeToFlush();
+}
+
+void Document::Sanitize() {
+ // Sanitize the document by resetting all (current and former) password fields
+ // and any form fields with autocomplete=off to their default values. We do
+ // this now, instead of when the presentation is restored, to offer some
+ // protection in case there is ever an exploit that allows a cached document
+ // to be accessed from a different document.
+
+ // First locate all input elements, regardless of whether they are
+ // in a form, and reset the password and autocomplete=off elements.
+
+ RefPtr<nsContentList> nodes = GetElementsByTagName(u"input"_ns);
+
+ nsAutoString value;
+
+ uint32_t length = nodes->Length(true);
+ for (uint32_t i = 0; i < length; ++i) {
+ NS_ASSERTION(nodes->Item(i), "null item in node list!");
+
+ RefPtr<HTMLInputElement> input =
+ HTMLInputElement::FromNodeOrNull(nodes->Item(i));
+ if (!input) continue;
+
+ input->GetAttr(nsGkAtoms::autocomplete, value);
+ if (value.LowerCaseEqualsLiteral("off") || input->HasBeenTypePassword()) {
+ input->Reset();
+ }
+ }
+
+ // Now locate all _form_ elements that have autocomplete=off and reset them
+ nodes = GetElementsByTagName(u"form"_ns);
+
+ length = nodes->Length(true);
+ for (uint32_t i = 0; i < length; ++i) {
+ // Reset() may change the list dynamically.
+ RefPtr<HTMLFormElement> form =
+ HTMLFormElement::FromNodeOrNull(nodes->Item(i));
+ if (!form) continue;
+
+ form->GetAttr(kNameSpaceID_None, nsGkAtoms::autocomplete, value);
+ if (value.LowerCaseEqualsLiteral("off")) form->Reset();
+ }
+}
+
+void Document::EnumerateSubDocuments(SubDocEnumFunc aCallback) {
+ if (!mSubDocuments) {
+ return;
+ }
+
+ // PLDHashTable::Iterator can't handle modifications while iterating so we
+ // copy all entries to an array first before calling any callbacks.
+ AutoTArray<RefPtr<Document>, 8> subdocs;
+ for (auto iter = mSubDocuments->Iter(); !iter.Done(); iter.Next()) {
+ auto entry = static_cast<SubDocMapEntry*>(iter.Get());
+ if (Document* subdoc = entry->mSubDocument) {
+ subdocs.AppendElement(subdoc);
+ }
+ }
+ for (auto& subdoc : subdocs) {
+ if (aCallback(*subdoc) == CallState::Stop) {
+ break;
+ }
+ }
+}
+
+void Document::CollectDescendantDocuments(
+ nsTArray<RefPtr<Document>>& aDescendants, nsDocTestFunc aCallback) const {
+ if (!mSubDocuments) {
+ return;
+ }
+
+ for (auto iter = mSubDocuments->Iter(); !iter.Done(); iter.Next()) {
+ auto entry = static_cast<SubDocMapEntry*>(iter.Get());
+ const Document* subdoc = entry->mSubDocument;
+ if (subdoc) {
+ if (aCallback(subdoc)) {
+ aDescendants.AppendElement(entry->mSubDocument);
+ }
+ subdoc->CollectDescendantDocuments(aDescendants, aCallback);
+ }
+ }
+}
+
+bool Document::CanSavePresentation(nsIRequest* aNewRequest,
+ uint16_t& aBFCacheCombo) {
+ bool ret = true;
+
+ if (!IsBFCachingAllowed()) {
+ aBFCacheCombo |= BFCacheStatus::NOT_ALLOWED;
+ ret = false;
+ }
+
+ nsAutoCString uri;
+ if (MOZ_UNLIKELY(MOZ_LOG_TEST(gPageCacheLog, LogLevel::Verbose))) {
+ if (mDocumentURI) {
+ mDocumentURI->GetSpec(uri);
+ }
+ }
+
+ if (EventHandlingSuppressed()) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked on event handling suppression", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::EVENT_HANDLING_SUPPRESSED;
+ ret = false;
+ }
+
+ // Do not allow suspended windows to be placed in the
+ // bfcache. This method is also used to verify a document
+ // coming out of the bfcache is ok to restore, though. So
+ // we only want to block suspend windows that aren't also
+ // frozen.
+ nsPIDOMWindowInner* win = GetInnerWindow();
+ if (win && win->IsSuspended() && !win->IsFrozen()) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked on suspended Window", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::SUSPENDED;
+ ret = false;
+ }
+
+ // Check our event listener manager for unload/beforeunload listeners.
+ nsCOMPtr<EventTarget> piTarget = do_QueryInterface(mScriptGlobalObject);
+ if (!StaticPrefs::docshell_shistory_bfcache_allow_unload_listeners() &&
+ piTarget) {
+ EventListenerManager* manager = piTarget->GetExistingListenerManager();
+ if (manager && manager->HasUnloadListeners()) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked due to unload handlers", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::UNLOAD_LISTENER;
+ ret = false;
+ }
+ }
+
+ // Check if we have pending network requests
+ nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
+ if (loadGroup) {
+ nsCOMPtr<nsISimpleEnumerator> requests;
+ loadGroup->GetRequests(getter_AddRefs(requests));
+
+ bool hasMore = false;
+
+ // We want to bail out if we have any requests other than aNewRequest (or
+ // in the case when aNewRequest is a part of a multipart response the base
+ // channel the multipart response is coming in on).
+ nsCOMPtr<nsIChannel> baseChannel;
+ nsCOMPtr<nsIMultiPartChannel> part(do_QueryInterface(aNewRequest));
+ if (part) {
+ part->GetBaseChannel(getter_AddRefs(baseChannel));
+ }
+
+ while (NS_SUCCEEDED(requests->HasMoreElements(&hasMore)) && hasMore) {
+ nsCOMPtr<nsISupports> elem;
+ requests->GetNext(getter_AddRefs(elem));
+
+ nsCOMPtr<nsIRequest> request = do_QueryInterface(elem);
+ if (request && request != aNewRequest && request != baseChannel) {
+ // Favicon loads don't need to block caching.
+ nsCOMPtr<nsIChannel> channel = do_QueryInterface(request);
+ if (channel) {
+ nsCOMPtr<nsILoadInfo> li = channel->LoadInfo();
+ if (li->InternalContentPolicyType() ==
+ nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) {
+ continue;
+ }
+ }
+
+ if (MOZ_UNLIKELY(MOZ_LOG_TEST(gPageCacheLog, LogLevel::Verbose))) {
+ nsAutoCString requestName;
+ request->GetName(requestName);
+ MOZ_LOG(gPageCacheLog, LogLevel::Verbose,
+ ("Save of %s blocked because document has request %s",
+ uri.get(), requestName.get()));
+ }
+ aBFCacheCombo |= BFCacheStatus::REQUEST;
+ ret = false;
+ }
+ }
+ }
+
+ // Check if we have active GetUserMedia use
+ if (MediaManager::Exists() && win &&
+ MediaManager::Get()->IsWindowStillActive(win->WindowID())) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked due to GetUserMedia", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::ACTIVE_GET_USER_MEDIA;
+ ret = false;
+ }
+
+#ifdef MOZ_WEBRTC
+ // Check if we have active PeerConnections
+ if (win && win->HasActivePeerConnections()) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked due to PeerConnection", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::ACTIVE_PEER_CONNECTION;
+ ret = false;
+ }
+#endif // MOZ_WEBRTC
+
+ // Don't save presentations for documents containing EME content, so that
+ // CDMs reliably shutdown upon user navigation.
+ if (ContainsEMEContent()) {
+ aBFCacheCombo |= BFCacheStatus::CONTAINS_EME_CONTENT;
+ ret = false;
+ }
+
+ // Don't save presentations for documents containing MSE content, to
+ // reduce memory usage.
+ if (ContainsMSEContent()) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked due to MSE use", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::CONTAINS_MSE_CONTENT;
+ ret = false;
+ }
+
+ if (mSubDocuments) {
+ for (auto iter = mSubDocuments->Iter(); !iter.Done(); iter.Next()) {
+ auto entry = static_cast<SubDocMapEntry*>(iter.Get());
+ Document* subdoc = entry->mSubDocument;
+
+ uint16_t subDocBFCacheCombo = 0;
+ // The aIgnoreRequest we were passed is only for us, so don't pass it on.
+ bool canCache =
+ subdoc ? subdoc->CanSavePresentation(nullptr, subDocBFCacheCombo)
+ : false;
+ if (!canCache) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked due to subdocument blocked", uri.get()));
+ aBFCacheCombo |= subDocBFCacheCombo;
+ ret = false;
+ }
+ }
+ }
+
+ // BFCache is currently not compatible with remote subframes (bug 1609324)
+ if (RefPtr<BrowsingContext> browsingContext = GetBrowsingContext()) {
+ for (auto& child : browsingContext->Children()) {
+ if (!child->IsInProcess()) {
+ aBFCacheCombo |= BFCacheStatus::CONTAINS_REMOTE_SUBFRAMES;
+ ret = false;
+ break;
+ }
+ }
+ }
+
+ if (win) {
+ auto* globalWindow = nsGlobalWindowInner::Cast(win);
+#ifdef MOZ_WEBSPEECH
+ if (globalWindow->HasActiveSpeechSynthesis()) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked due to Speech use", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::HAS_ACTIVE_SPEECH_SYNTHESIS;
+ ret = false;
+ }
+#endif
+ if (globalWindow->HasUsedVR()) {
+ MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose,
+ ("Save of %s blocked due to having used VR", uri.get()));
+ aBFCacheCombo |= BFCacheStatus::HAS_USED_VR;
+ ret = false;
+ }
+ }
+
+ return ret;
+}
+
+void Document::Destroy() {
+ // The ContentViewer wants to release the document now. So, tell our content
+ // to drop any references to the document so that it can be destroyed.
+ if (mIsGoingAway) return;
+
+ ReportDocumentUseCounters();
+
+ mIsGoingAway = true;
+
+ ScriptLoader()->Destroy();
+ SetScriptGlobalObject(nullptr);
+ RemovedFromDocShell();
+
+ bool oldVal = mInUnlinkOrDeletion;
+ mInUnlinkOrDeletion = true;
+
+#ifdef DEBUG
+ uint32_t oldChildCount = GetChildCount();
+#endif
+
+ for (nsIContent* child = GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ child->DestroyContent();
+ MOZ_ASSERT(child->GetParentNode() == this);
+ }
+ MOZ_ASSERT(oldChildCount == GetChildCount());
+ MOZ_ASSERT(!mSubDocuments || mSubDocuments->EntryCount() == 0);
+
+ mInUnlinkOrDeletion = oldVal;
+
+ mLayoutHistoryState = nullptr;
+
+ if (mOriginalDocument) {
+ mOriginalDocument->mLatestStaticClone = nullptr;
+ }
+
+ if (IsStaticDocument()) {
+ RemoveProperty(nsGkAtoms::printselectionranges);
+ }
+
+ // Shut down our external resource map. We might not need this for
+ // leak-fixing if we fix nsDocumentViewer to do cycle-collection, but
+ // tearing down all those frame trees right now is the right thing to do.
+ mExternalResourceMap.Shutdown();
+
+ // Manually break cycles via promise's global object pointer.
+ mReadyForIdle = nullptr;
+ mOrientationPendingPromise = nullptr;
+
+ // To break cycles.
+ mPreloadService.ClearAllPreloads();
+
+ if (mDocumentL10n) {
+ mDocumentL10n->Destroy();
+ }
+}
+
+void Document::RemovedFromDocShell() {
+ mEditingState = EditingState::eOff;
+
+ if (mRemovedFromDocShell) return;
+
+ mRemovedFromDocShell = true;
+ EnumerateActivityObservers(NotifyActivityChanged);
+
+ for (nsIContent* child = GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ child->SaveSubtreeState();
+ }
+
+ nsIDocShell* docShell = GetDocShell();
+ if (docShell) {
+ docShell->SynchronizeLayoutHistoryState();
+ }
+}
+
+already_AddRefed<nsILayoutHistoryState> Document::GetLayoutHistoryState()
+ const {
+ nsCOMPtr<nsILayoutHistoryState> state;
+ if (!mScriptGlobalObject) {
+ state = mLayoutHistoryState;
+ } else {
+ nsCOMPtr<nsIDocShell> docShell(mDocumentContainer);
+ if (docShell) {
+ docShell->GetLayoutHistoryState(getter_AddRefs(state));
+ }
+ }
+
+ return state.forget();
+}
+
+void Document::EnsureOnloadBlocker() {
+ // If mScriptGlobalObject is null, we shouldn't be messing with the loadgroup
+ // -- it's not ours.
+ if (mOnloadBlockCount != 0 && mScriptGlobalObject) {
+ nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
+ if (loadGroup) {
+ // Check first to see if mOnloadBlocker is in the loadgroup.
+ nsCOMPtr<nsISimpleEnumerator> requests;
+ loadGroup->GetRequests(getter_AddRefs(requests));
+
+ bool hasMore = false;
+ while (NS_SUCCEEDED(requests->HasMoreElements(&hasMore)) && hasMore) {
+ nsCOMPtr<nsISupports> elem;
+ requests->GetNext(getter_AddRefs(elem));
+ nsCOMPtr<nsIRequest> request = do_QueryInterface(elem);
+ if (request && request == mOnloadBlocker) {
+ return;
+ }
+ }
+
+ // Not in the loadgroup, so add it.
+ loadGroup->AddRequest(mOnloadBlocker, nullptr);
+ }
+ }
+}
+
+void Document::AsyncBlockOnload() {
+ while (mAsyncOnloadBlockCount) {
+ --mAsyncOnloadBlockCount;
+ BlockOnload();
+ }
+}
+
+void Document::BlockOnload() {
+ if (mDisplayDocument) {
+ mDisplayDocument->BlockOnload();
+ return;
+ }
+
+ // If mScriptGlobalObject is null, we shouldn't be messing with the loadgroup
+ // -- it's not ours.
+ if (mOnloadBlockCount == 0 && mScriptGlobalObject) {
+ if (!nsContentUtils::IsSafeToRunScript()) {
+ // Because AddRequest may lead to OnStateChange calls in chrome,
+ // block onload only when there are no script blockers.
+ ++mAsyncOnloadBlockCount;
+ if (mAsyncOnloadBlockCount == 1) {
+ nsContentUtils::AddScriptRunner(NewRunnableMethod(
+ "Document::AsyncBlockOnload", this, &Document::AsyncBlockOnload));
+ }
+ return;
+ }
+ nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
+ if (loadGroup) {
+ loadGroup->AddRequest(mOnloadBlocker, nullptr);
+ }
+ }
+ ++mOnloadBlockCount;
+}
+
+void Document::UnblockOnload(bool aFireSync) {
+ if (mDisplayDocument) {
+ mDisplayDocument->UnblockOnload(aFireSync);
+ return;
+ }
+
+ if (mOnloadBlockCount == 0 && mAsyncOnloadBlockCount == 0) {
+ MOZ_ASSERT_UNREACHABLE(
+ "More UnblockOnload() calls than BlockOnload() "
+ "calls; dropping call");
+ return;
+ }
+
+ --mOnloadBlockCount;
+
+ if (mOnloadBlockCount == 0) {
+ if (mScriptGlobalObject) {
+ // Only manipulate the loadgroup in this case, because if
+ // mScriptGlobalObject is null, it's not ours.
+ if (aFireSync && mAsyncOnloadBlockCount == 0) {
+ // Increment mOnloadBlockCount, since DoUnblockOnload will decrement it
+ ++mOnloadBlockCount;
+ DoUnblockOnload();
+ } else {
+ PostUnblockOnloadEvent();
+ }
+ } else if (mIsBeingUsedAsImage) {
+ // To correctly unblock onload for a document that contains an SVG
+ // image, we need to know when all of the SVG document's resources are
+ // done loading, in a way comparable to |window.onload|. We fire this
+ // event to indicate that the SVG should be considered fully loaded.
+ // Because scripting is disabled on SVG-as-image documents, this event
+ // is not accessible to content authors. (See bug 837315.)
+ RefPtr<AsyncEventDispatcher> asyncDispatcher =
+ new AsyncEventDispatcher(this, u"MozSVGAsImageDocumentLoad"_ns,
+ CanBubble::eNo, ChromeOnlyDispatch::eNo);
+ asyncDispatcher->PostDOMEvent();
+ }
+ }
+}
+
+class nsUnblockOnloadEvent : public Runnable {
+ public:
+ explicit nsUnblockOnloadEvent(Document* aDoc)
+ : mozilla::Runnable("nsUnblockOnloadEvent"), mDoc(aDoc) {}
+ NS_IMETHOD Run() override {
+ mDoc->DoUnblockOnload();
+ return NS_OK;
+ }
+
+ private:
+ RefPtr<Document> mDoc;
+};
+
+void Document::PostUnblockOnloadEvent() {
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIRunnable> evt = new nsUnblockOnloadEvent(this);
+ nsresult rv = Dispatch(TaskCategory::Other, evt.forget());
+ if (NS_SUCCEEDED(rv)) {
+ // Stabilize block count so we don't post more events while this one is up
+ ++mOnloadBlockCount;
+ } else {
+ NS_WARNING("failed to dispatch nsUnblockOnloadEvent");
+ }
+}
+
+void Document::DoUnblockOnload() {
+ MOZ_ASSERT(!mDisplayDocument, "Shouldn't get here for resource document");
+ MOZ_ASSERT(mOnloadBlockCount != 0,
+ "Shouldn't have a count of zero here, since we stabilized in "
+ "PostUnblockOnloadEvent");
+
+ --mOnloadBlockCount;
+
+ if (mOnloadBlockCount != 0) {
+ // We blocked again after the last unblock. Nothing to do here. We'll
+ // post a new event when we unblock again.
+ return;
+ }
+
+ if (mAsyncOnloadBlockCount != 0) {
+ // We need to wait until the async onload block has been handled.
+ //
+ // FIXME(emilio): Shouldn't we return here??
+ PostUnblockOnloadEvent();
+ }
+
+ // If mScriptGlobalObject is null, we shouldn't be messing with the loadgroup
+ // -- it's not ours.
+ if (mScriptGlobalObject) {
+ nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
+ if (loadGroup) {
+ loadGroup->RemoveRequest(mOnloadBlocker, nullptr, NS_OK);
+ }
+ }
+}
+
+nsIContent* Document::GetContentInThisDocument(nsIFrame* aFrame) const {
+ for (nsIFrame* f = aFrame; f;
+ f = nsLayoutUtils::GetParentOrPlaceholderForCrossDoc(f)) {
+ nsIContent* content = f->GetContent();
+ if (!content || content->IsInNativeAnonymousSubtree()) continue;
+
+ if (content->OwnerDoc() == this) {
+ return content;
+ }
+ // We must be in a subdocument so jump directly to the root frame.
+ // GetParentOrPlaceholderForCrossDoc gets called immediately to jump up to
+ // the containing document.
+ f = f->PresContext()->GetPresShell()->GetRootFrame();
+ }
+
+ return nullptr;
+}
+
+void Document::DispatchPageTransition(EventTarget* aDispatchTarget,
+ const nsAString& aType, bool aInFrameSwap,
+ bool aPersisted, bool aOnlySystemGroup) {
+ if (!aDispatchTarget) {
+ return;
+ }
+
+ PageTransitionEventInit init;
+ init.mBubbles = true;
+ init.mCancelable = true;
+ init.mPersisted = aPersisted;
+ init.mInFrameSwap = aInFrameSwap;
+
+ RefPtr<PageTransitionEvent> event =
+ PageTransitionEvent::Constructor(this, aType, init);
+
+ event->SetTrusted(true);
+ event->SetTarget(this);
+ if (aOnlySystemGroup) {
+ event->WidgetEventPtr()->mFlags.mOnlySystemGroupDispatchInContent = true;
+ }
+ EventDispatcher::DispatchDOMEvent(aDispatchTarget, nullptr, event, nullptr,
+ nullptr);
+}
+
+void Document::OnPageShow(bool aPersisted, EventTarget* aDispatchStartTarget,
+ bool aOnlySystemGroup) {
+ const bool inFrameLoaderSwap = !!aDispatchStartTarget;
+ MOZ_DIAGNOSTIC_ASSERT(
+ inFrameLoaderSwap ==
+ (mDocumentContainer && mDocumentContainer->InFrameSwap()));
+
+ Element* root = GetRootElement();
+ if (aPersisted && root) {
+ // Send out notifications that our <link> elements are attached.
+ RefPtr<nsContentList> links =
+ NS_GetContentList(root, kNameSpaceID_XHTML, u"link"_ns);
+
+ uint32_t linkCount = links->Length(true);
+ for (uint32_t i = 0; i < linkCount; ++i) {
+ static_cast<HTMLLinkElement*>(links->Item(i, false))->LinkAdded();
+ }
+ }
+
+ // See Document
+ if (!inFrameLoaderSwap) {
+ if (aPersisted) {
+ ImageTracker()->SetAnimatingState(true);
+ }
+
+ // Set mIsShowing before firing events, in case those event handlers
+ // move us around.
+ mIsShowing = true;
+ mVisible = true;
+
+ UpdateVisibilityState();
+ }
+
+ EnumerateActivityObservers(NotifyActivityChanged);
+
+ auto notifyExternal = [aPersisted](Document& aExternalResource) {
+ aExternalResource.OnPageShow(aPersisted, nullptr);
+ return CallState::Continue;
+ };
+ EnumerateExternalResources(notifyExternal);
+
+ if (mAnimationController) {
+ mAnimationController->OnPageShow();
+ }
+
+ if (!mIsBeingUsedAsImage) {
+ // Dispatch observer notification to notify observers page is shown.
+ nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+ if (os) {
+ nsIPrincipal* principal = NodePrincipal();
+ os->NotifyObservers(ToSupports(this),
+ principal->IsSystemPrincipal() ? "chrome-page-shown"
+ : "content-page-shown",
+ nullptr);
+ }
+
+ nsCOMPtr<EventTarget> target = aDispatchStartTarget;
+ if (!target) {
+ target = do_QueryInterface(GetWindow());
+ }
+ DispatchPageTransition(target, u"pageshow"_ns, inFrameLoaderSwap,
+ aPersisted, aOnlySystemGroup);
+ }
+}
+
+static void DispatchFullscreenChange(Document& aDocument, nsINode* aTarget) {
+ if (nsPresContext* presContext = aDocument.GetPresContext()) {
+ auto pendingEvent = MakeUnique<PendingFullscreenEvent>(
+ FullscreenEventType::Change, &aDocument, aTarget);
+ presContext->RefreshDriver()->ScheduleFullscreenEvent(
+ std::move(pendingEvent));
+ }
+}
+
+static void ClearPendingFullscreenRequests(Document* aDoc);
+
+void Document::OnPageHide(bool aPersisted, EventTarget* aDispatchStartTarget,
+ bool aOnlySystemGroup) {
+ const bool inFrameLoaderSwap = !!aDispatchStartTarget;
+ MOZ_DIAGNOSTIC_ASSERT(
+ inFrameLoaderSwap ==
+ (mDocumentContainer && mDocumentContainer->InFrameSwap()));
+
+ // Send out notifications that our <link> elements are detached,
+ // but only if this is not a full unload.
+ Element* root = GetRootElement();
+ if (aPersisted && root) {
+ RefPtr<nsContentList> links =
+ NS_GetContentList(root, kNameSpaceID_XHTML, u"link"_ns);
+
+ uint32_t linkCount = links->Length(true);
+ for (uint32_t i = 0; i < linkCount; ++i) {
+ static_cast<HTMLLinkElement*>(links->Item(i, false))->LinkRemoved();
+ }
+ }
+
+ if (mAnimationController) {
+ mAnimationController->OnPageHide();
+ }
+
+ if (!inFrameLoaderSwap) {
+ if (aPersisted) {
+ // We do not stop the animations (bug 1024343) when the page is refreshing
+ // while being dragged out.
+ ImageTracker()->SetAnimatingState(false);
+ }
+
+ // Set mIsShowing before firing events, in case those event handlers
+ // move us around.
+ mIsShowing = false;
+ mVisible = false;
+ }
+
+ ExitPointerLock();
+
+ if (!mIsBeingUsedAsImage) {
+ // Dispatch observer notification to notify observers page is hidden.
+ nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+ if (os) {
+ nsIPrincipal* principal = NodePrincipal();
+ os->NotifyObservers(ToSupports(this),
+ principal->IsSystemPrincipal()
+ ? "chrome-page-hidden"
+ : "content-page-hidden",
+ nullptr);
+ }
+
+ // Now send out a PageHide event.
+ nsCOMPtr<EventTarget> target = aDispatchStartTarget;
+ if (!target) {
+ target = do_QueryInterface(GetWindow());
+ }
+ {
+ PageUnloadingEventTimeStamp timeStamp(this);
+ DispatchPageTransition(target, u"pagehide"_ns, inFrameLoaderSwap,
+ aPersisted, aOnlySystemGroup);
+ }
+ }
+
+ if (!inFrameLoaderSwap) {
+ UpdateVisibilityState();
+ }
+
+ auto notifyExternal = [aPersisted](Document& aExternalResource) {
+ aExternalResource.OnPageHide(aPersisted, nullptr);
+ return CallState::Continue;
+ };
+ EnumerateExternalResources(notifyExternal);
+ EnumerateActivityObservers(NotifyActivityChanged);
+
+ ClearPendingFullscreenRequests(this);
+ if (GetUnretargetedFullScreenElement()) {
+ // If this document was fullscreen, we should exit fullscreen in this
+ // doctree branch. This ensures that if the user navigates while in
+ // fullscreen mode we don't leave its still visible ancestor documents
+ // in fullscreen mode. So exit fullscreen in the document's fullscreen
+ // root document, as this will exit fullscreen in all the root's
+ // descendant documents. Note that documents are removed from the
+ // doctree by the time OnPageHide() is called, so we must store a
+ // reference to the root (in Document::mFullscreenRoot) since we can't
+ // just traverse the doctree to get the root.
+ Document::ExitFullscreenInDocTree(this);
+
+ // Since the document is removed from the doctree before OnPageHide() is
+ // called, ExitFullscreen() can't traverse from the root down to *this*
+ // document, so we must manually call CleanupFullscreenState() below too.
+ // Note that CleanupFullscreenState() clears Document::mFullscreenRoot,
+ // so we *must* call it after ExitFullscreen(), not before.
+ // OnPageHide() is called in every hidden (i.e. descendant) document,
+ // so calling CleanupFullscreenState() here will ensure all hidden
+ // documents have their fullscreen state reset.
+ CleanupFullscreenState();
+
+ // The fullscreenchange event is to be queued in the refresh driver,
+ // however a hidden page wouldn't trigger that again, so it makes no
+ // sense to dispatch such event here.
+ }
+}
+
+void Document::WillDispatchMutationEvent(nsINode* aTarget) {
+ NS_ASSERTION(
+ mSubtreeModifiedDepth != 0 || mSubtreeModifiedTargets.Count() == 0,
+ "mSubtreeModifiedTargets not cleared after dispatching?");
+ ++mSubtreeModifiedDepth;
+ if (aTarget) {
+ // MayDispatchMutationEvent is often called just before this method,
+ // so it has already appended the node to mSubtreeModifiedTargets.
+ int32_t count = mSubtreeModifiedTargets.Count();
+ if (!count || mSubtreeModifiedTargets[count - 1] != aTarget) {
+ mSubtreeModifiedTargets.AppendObject(aTarget);
+ }
+ }
+}
+
+void Document::MutationEventDispatched(nsINode* aTarget) {
+ --mSubtreeModifiedDepth;
+ if (mSubtreeModifiedDepth == 0) {
+ int32_t count = mSubtreeModifiedTargets.Count();
+ if (!count) {
+ return;
+ }
+
+ nsPIDOMWindowInner* window = GetInnerWindow();
+ if (window &&
+ !window->HasMutationListeners(NS_EVENT_BITS_MUTATION_SUBTREEMODIFIED)) {
+ mSubtreeModifiedTargets.Clear();
+ return;
+ }
+
+ nsCOMArray<nsINode> realTargets;
+ for (int32_t i = 0; i < count; ++i) {
+ nsINode* possibleTarget = mSubtreeModifiedTargets[i];
+ nsCOMPtr<nsIContent> content = do_QueryInterface(possibleTarget);
+ if (content && content->ChromeOnlyAccess()) {
+ continue;
+ }
+
+ nsINode* commonAncestor = nullptr;
+ int32_t realTargetCount = realTargets.Count();
+ for (int32_t j = 0; j < realTargetCount; ++j) {
+ commonAncestor = nsContentUtils::GetClosestCommonInclusiveAncestor(
+ possibleTarget, realTargets[j]);
+ if (commonAncestor) {
+ realTargets.ReplaceObjectAt(commonAncestor, j);
+ break;
+ }
+ }
+ if (!commonAncestor) {
+ realTargets.AppendObject(possibleTarget);
+ }
+ }
+
+ mSubtreeModifiedTargets.Clear();
+
+ int32_t realTargetCount = realTargets.Count();
+ for (int32_t k = 0; k < realTargetCount; ++k) {
+ InternalMutationEvent mutation(true, eLegacySubtreeModified);
+ (new AsyncEventDispatcher(realTargets[k], mutation))
+ ->RunDOMEventWhenSafe();
+ }
+ }
+}
+
+void Document::DestroyElementMaps() {
+#ifdef DEBUG
+ mStyledLinksCleared = true;
+#endif
+ mStyledLinks.Clear();
+ // Notify ID change listeners before clearing the identifier map.
+ for (auto iter = mIdentifierMap.Iter(); !iter.Done(); iter.Next()) {
+ iter.Get()->ClearAndNotify();
+ }
+ mIdentifierMap.Clear();
+ mComposedShadowRoots.Clear();
+ mResponsiveContent.Clear();
+ IncrementExpandoGeneration(*this);
+}
+
+void Document::RefreshLinkHrefs() {
+ // Get a list of all links we know about. We will reset them, which will
+ // remove them from the document, so we need a copy of what is in the
+ // hashtable.
+ LinkArray linksToNotify(mStyledLinks.Count());
+ for (auto iter = mStyledLinks.ConstIter(); !iter.Done(); iter.Next()) {
+ linksToNotify.AppendElement(iter.Get()->GetKey());
+ }
+
+ // Reset all of our styled links.
+ nsAutoScriptBlocker scriptBlocker;
+ for (LinkArray::size_type i = 0; i < linksToNotify.Length(); i++) {
+ linksToNotify[i]->ResetLinkState(true, linksToNotify[i]->ElementHasHref());
+ }
+}
+
+nsresult Document::CloneDocHelper(Document* clone) const {
+ clone->mIsStaticDocument = mCreatingStaticClone;
+
+ // Init document
+ nsresult rv = clone->Init();
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (mCreatingStaticClone) {
+ if (mOriginalDocument) {
+ clone->mOriginalDocument = mOriginalDocument;
+ } else {
+ clone->mOriginalDocument = const_cast<Document*>(this);
+ }
+ clone->mOriginalDocument->mLatestStaticClone = clone;
+ clone->mOriginalDocument->mStaticCloneCount++;
+
+ nsCOMPtr<nsILoadGroup> loadGroup;
+
+ // |mDocumentContainer| is the container of the document that is being
+ // created and not the original container. See CreateStaticClone function().
+ nsCOMPtr<nsIDocumentLoader> docLoader(mDocumentContainer);
+ if (docLoader) {
+ docLoader->GetLoadGroup(getter_AddRefs(loadGroup));
+ }
+ nsCOMPtr<nsIChannel> channel = GetChannel();
+ nsCOMPtr<nsIURI> uri;
+ if (channel) {
+ NS_GetFinalChannelURI(channel, getter_AddRefs(uri));
+ } else {
+ uri = Document::GetDocumentURI();
+ }
+ clone->mChannel = channel;
+ if (uri) {
+ clone->ResetToURI(uri, loadGroup, NodePrincipal(), mPartitionedPrincipal);
+ }
+
+ clone->SetContainer(mDocumentContainer);
+
+ // Setup the navigation time. This will be needed by any animations in the
+ // document, even if they are only paused.
+ MOZ_ASSERT(!clone->GetNavigationTiming(),
+ "Navigation time was already set?");
+ if (mTiming) {
+ RefPtr<nsDOMNavigationTiming> timing =
+ mTiming->CloneNavigationTime(nsDocShell::Cast(clone->GetDocShell()));
+ clone->SetNavigationTiming(timing);
+ }
+ clone->SetCsp(mCSP);
+ }
+
+ // Now ensure that our clone has the same URI, base URI, and principal as us.
+ // We do this after the mCreatingStaticClone block above, because that block
+ // can set the base URI to an incorrect value in cases when base URI
+ // information came from the channel. So we override explicitly, and do it
+ // for all these properties, in case ResetToURI messes with any of the rest of
+ // them.
+ clone->SetDocumentURI(Document::GetDocumentURI());
+ clone->SetChromeXHRDocURI(mChromeXHRDocURI);
+ clone->SetPrincipals(NodePrincipal(), mPartitionedPrincipal);
+ clone->mActiveStoragePrincipal = mActiveStoragePrincipal;
+ clone->mDocumentBaseURI = mDocumentBaseURI;
+ clone->SetChromeXHRDocBaseURI(mChromeXHRDocBaseURI);
+ clone->mReferrerInfo =
+ static_cast<dom::ReferrerInfo*>(mReferrerInfo.get())->Clone();
+ clone->mPreloadReferrerInfo = clone->mReferrerInfo;
+
+ bool hasHadScriptObject = true;
+ nsIScriptGlobalObject* scriptObject =
+ GetScriptHandlingObject(hasHadScriptObject);
+ NS_ENSURE_STATE(scriptObject || !hasHadScriptObject);
+ if (mCreatingStaticClone) {
+ // If we're doing a static clone (print, print preview), then we're going to
+ // be setting a scope object after the clone. It's better to set it only
+ // once, so we don't do that here. However, we do want to act as if there is
+ // a script handling object. So we set mHasHadScriptHandlingObject.
+ clone->mHasHadScriptHandlingObject = true;
+ } else if (scriptObject) {
+ clone->SetScriptHandlingObject(scriptObject);
+ } else {
+ clone->SetScopeObject(GetScopeObject());
+ }
+ // Make the clone a data document
+ clone->SetLoadedAsData(true);
+
+ // Misc state
+
+ // State from Document
+ clone->mCharacterSet = mCharacterSet;
+ clone->mCharacterSetSource = mCharacterSetSource;
+ clone->SetCompatibilityMode(mCompatMode);
+ clone->mBidiOptions = mBidiOptions;
+ clone->mContentLanguage = mContentLanguage;
+ clone->SetContentTypeInternal(GetContentTypeInternal());
+ clone->mSecurityInfo = mSecurityInfo;
+
+ // State from Document
+ clone->mType = mType;
+ clone->mXMLDeclarationBits = mXMLDeclarationBits;
+ clone->mBaseTarget = mBaseTarget;
+
+ return NS_OK;
+}
+
+void Document::NotifyLoading(bool aNewParentIsLoading,
+ const ReadyState& aCurrentState,
+ ReadyState aNewState) {
+ // Mirror the top-level loading state down to all subdocuments
+ bool was_loading = mAncestorIsLoading ||
+ aCurrentState == READYSTATE_LOADING ||
+ aCurrentState == READYSTATE_INTERACTIVE;
+ bool is_loading = aNewParentIsLoading || aNewState == READYSTATE_LOADING ||
+ aNewState == READYSTATE_INTERACTIVE; // new value for state
+ bool set_load_state = was_loading != is_loading;
+
+ MOZ_LOG(
+ gTimeoutDeferralLog, mozilla::LogLevel::Debug,
+ ("NotifyLoading for doc %p: currentAncestor: %d, newParent: %d, "
+ "currentState %d newState: %d, was_loading: %d, is_loading: %d, "
+ "set_load_state: %d",
+ (void*)this, mAncestorIsLoading, aNewParentIsLoading, (int)aCurrentState,
+ (int)aNewState, was_loading, is_loading, set_load_state));
+
+ mAncestorIsLoading = aNewParentIsLoading;
+ if (set_load_state && StaticPrefs::dom_timeout_defer_during_load()) {
+ // Tell our innerwindow (and thus TimeoutManager)
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ if (inner) {
+ inner->SetActiveLoadingState(is_loading);
+ }
+ BrowsingContext* context = GetBrowsingContext();
+ if (context) {
+ // Don't use PreOrderWalk to mirror this down; go down one level as a
+ // time so we can set mAncestorIsLoading and take into account the
+ // readystates of the subdocument. In the child process it will call
+ // NotifyLoading() to notify the innerwindow/TimeoutManager, and then
+ // iterate it's children
+ for (auto& child : context->Children()) {
+ MOZ_LOG(gTimeoutDeferralLog, mozilla::LogLevel::Debug,
+ ("bc: %p SetAncestorLoading(%d)", (void*)child, is_loading));
+ // Setting ancestor loading on a discarded browsing context has no
+ // effect.
+ Unused << child->SetAncestorLoading(is_loading);
+ }
+ }
+ }
+}
+
+void Document::SetReadyStateInternal(ReadyState aReadyState,
+ bool aUpdateTimingInformation) {
+ if (aReadyState == READYSTATE_UNINITIALIZED) {
+ // Transition back to uninitialized happens only to keep assertions happy
+ // right before readyState transitions to something else. Make this
+ // transition undetectable by Web content.
+ mReadyState = aReadyState;
+ return;
+ }
+
+ if (IsTopLevelContentDocument()) {
+ if (aReadyState == READYSTATE_LOADING) {
+ AddToplevelLoadingDocument(this);
+ } else if (aReadyState == READYSTATE_COMPLETE) {
+ RemoveToplevelLoadingDocument(this);
+ }
+ }
+
+ if (aUpdateTimingInformation && READYSTATE_LOADING == aReadyState) {
+ mLoadingTimeStamp = TimeStamp::Now();
+ }
+ NotifyLoading(mAncestorIsLoading, mReadyState, aReadyState);
+ mReadyState = aReadyState;
+ if (aUpdateTimingInformation && mTiming) {
+ switch (aReadyState) {
+ case READYSTATE_LOADING:
+ mTiming->NotifyDOMLoading(GetDocumentURI());
+ break;
+ case READYSTATE_INTERACTIVE:
+ mTiming->NotifyDOMInteractive(GetDocumentURI());
+ break;
+ case READYSTATE_COMPLETE:
+ mTiming->NotifyDOMComplete(GetDocumentURI());
+ break;
+ default:
+ MOZ_ASSERT_UNREACHABLE("Unexpected ReadyState value");
+ break;
+ }
+ }
+ // At the time of loading start, we don't have timing object, record time.
+
+ if (READYSTATE_INTERACTIVE == aReadyState &&
+ NodePrincipal()->IsSystemPrincipal()) {
+ if (!mXULPersist) {
+ mXULPersist = new XULPersist(this);
+ mXULPersist->Init();
+ }
+ if (!mChromeObserver) {
+ mChromeObserver = new ChromeObserver(this);
+ mChromeObserver->Init();
+ }
+ }
+
+ if (aUpdateTimingInformation) {
+ RecordNavigationTiming(aReadyState);
+ }
+
+ RefPtr<AsyncEventDispatcher> asyncDispatcher = new AsyncEventDispatcher(
+ this, u"readystatechange"_ns, CanBubble::eNo, ChromeOnlyDispatch::eNo);
+ asyncDispatcher->RunDOMEventWhenSafe();
+}
+
+void Document::GetReadyState(nsAString& aReadyState) const {
+ switch (mReadyState) {
+ case READYSTATE_LOADING:
+ aReadyState.AssignLiteral(u"loading");
+ break;
+ case READYSTATE_INTERACTIVE:
+ aReadyState.AssignLiteral(u"interactive");
+ break;
+ case READYSTATE_COMPLETE:
+ aReadyState.AssignLiteral(u"complete");
+ break;
+ default:
+ aReadyState.AssignLiteral(u"uninitialized");
+ }
+}
+
+void Document::SuppressEventHandling(uint32_t aIncrease) {
+ mEventsSuppressed += aIncrease;
+ UpdateFrameRequestCallbackSchedulingState();
+ for (uint32_t i = 0; i < aIncrease; ++i) {
+ ScriptLoader()->AddExecuteBlocker();
+ }
+
+ auto suppressInSubDoc = [aIncrease](Document& aSubDoc) {
+ aSubDoc.SuppressEventHandling(aIncrease);
+ return CallState::Continue;
+ };
+
+ EnumerateSubDocuments(suppressInSubDoc);
+}
+
+void Document::NotifyAbortedLoad() {
+ // If we still have outstanding work blocking DOMContentLoaded,
+ // then don't try to change the readystate now, but wait until
+ // they finish and then do so.
+ if (mBlockDOMContentLoaded > 0 && !mDidFireDOMContentLoaded) {
+ mSetCompleteAfterDOMContentLoaded = true;
+ return;
+ }
+
+ // Otherwise we're fully done at this point, so set the
+ // readystate to complete.
+ if (GetReadyStateEnum() == Document::READYSTATE_INTERACTIVE) {
+ SetReadyStateInternal(Document::READYSTATE_COMPLETE);
+ }
+}
+
+static void FireOrClearDelayedEvents(nsTArray<nsCOMPtr<Document>>& aDocuments,
+ bool aFireEvents) {
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (!fm) return;
+
+ for (uint32_t i = 0; i < aDocuments.Length(); ++i) {
+ // NB: Don't bother trying to fire delayed events on documents that were
+ // closed before this event ran.
+ if (!aDocuments[i]->EventHandlingSuppressed()) {
+ fm->FireDelayedEvents(aDocuments[i]);
+ RefPtr<PresShell> presShell = aDocuments[i]->GetPresShell();
+ if (presShell) {
+ // Only fire events for active documents.
+ bool fire = aFireEvents && aDocuments[i]->GetInnerWindow() &&
+ aDocuments[i]->GetInnerWindow()->IsCurrentInnerWindow();
+ presShell->FireOrClearDelayedEvents(fire);
+ }
+ aDocuments[i]->FireOrClearPostMessageEvents(aFireEvents);
+ }
+ }
+}
+
+void Document::PreloadPictureClosed() {
+ MOZ_ASSERT(mPreloadPictureDepth > 0);
+ mPreloadPictureDepth--;
+ if (mPreloadPictureDepth == 0) {
+ mPreloadPictureFoundSource.SetIsVoid(true);
+ }
+}
+
+void Document::PreloadPictureImageSource(const nsAString& aSrcsetAttr,
+ const nsAString& aSizesAttr,
+ const nsAString& aTypeAttr,
+ const nsAString& aMediaAttr) {
+ // Nested pictures are not valid syntax, so while we'll eventually load them,
+ // it's not worth tracking sources mixed between nesting levels to preload
+ // them effectively.
+ if (mPreloadPictureDepth == 1 && mPreloadPictureFoundSource.IsVoid()) {
+ // <picture> selects the first matching source, so if this returns a URI we
+ // needn't consider new sources until a new <picture> is encountered.
+ bool found = HTMLImageElement::SelectSourceForTagWithAttrs(
+ this, true, VoidString(), aSrcsetAttr, aSizesAttr, aTypeAttr,
+ aMediaAttr, mPreloadPictureFoundSource);
+ if (found && mPreloadPictureFoundSource.IsVoid()) {
+ // Found an empty source, which counts
+ mPreloadPictureFoundSource.SetIsVoid(false);
+ }
+ }
+}
+
+already_AddRefed<nsIURI> Document::ResolvePreloadImage(
+ nsIURI* aBaseURI, const nsAString& aSrcAttr, const nsAString& aSrcsetAttr,
+ const nsAString& aSizesAttr, bool* aIsImgSet) {
+ nsString sourceURL;
+ bool isImgSet;
+ if (mPreloadPictureDepth == 1 && !mPreloadPictureFoundSource.IsVoid()) {
+ // We're in a <picture> element and found a URI from a source previous to
+ // this image, use it.
+ sourceURL = mPreloadPictureFoundSource;
+ isImgSet = true;
+ } else {
+ // Otherwise try to use this <img> as a source
+ HTMLImageElement::SelectSourceForTagWithAttrs(
+ this, false, aSrcAttr, aSrcsetAttr, aSizesAttr, VoidString(),
+ VoidString(), sourceURL);
+ isImgSet = !aSrcsetAttr.IsEmpty();
+ }
+
+ // Empty sources are not loaded by <img> (i.e. not resolved to the baseURI)
+ if (sourceURL.IsEmpty()) {
+ return nullptr;
+ }
+
+ // Construct into URI using passed baseURI (the parser may know of base URI
+ // changes that have not reached us)
+ nsresult rv;
+ nsCOMPtr<nsIURI> uri;
+ rv = nsContentUtils::NewURIWithDocumentCharset(getter_AddRefs(uri), sourceURL,
+ this, aBaseURI);
+ if (NS_FAILED(rv)) {
+ return nullptr;
+ }
+
+ *aIsImgSet = isImgSet;
+
+ // We don't clear mPreloadPictureFoundSource because subsequent <img> tags in
+ // this this <picture> share the same <sources> (though this is not valid per
+ // spec)
+ return uri.forget();
+}
+
+void Document::PreLoadImage(nsIURI* aUri, const nsAString& aCrossOriginAttr,
+ ReferrerPolicyEnum aReferrerPolicy, bool aIsImgSet,
+ bool aLinkPreload) {
+ nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL |
+ nsContentUtils::CORSModeToLoadImageFlags(
+ Element::StringToCORSMode(aCrossOriginAttr));
+
+ nsContentPolicyType policyType =
+ aIsImgSet ? nsIContentPolicy::TYPE_IMAGESET
+ : nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD;
+
+ nsCOMPtr<nsIReferrerInfo> referrerInfo =
+ ReferrerInfo::CreateFromDocumentAndPolicyOverride(this, aReferrerPolicy);
+
+ RefPtr<imgRequestProxy> request;
+ nsresult rv = nsContentUtils::LoadImage(
+ aUri, static_cast<nsINode*>(this), this, NodePrincipal(), 0, referrerInfo,
+ nullptr /* no observer */, loadFlags,
+ aLinkPreload ? u"link"_ns : u"img"_ns, getter_AddRefs(request),
+ policyType, false /* urgent */, aLinkPreload);
+
+ // Pin image-reference to avoid evicting it from the img-cache before
+ // the "real" load occurs. Unpinned in DispatchContentLoadedEvents and
+ // unlink
+ if (!aLinkPreload && NS_SUCCEEDED(rv)) {
+ mPreloadingImages.Put(aUri, std::move(request));
+ }
+}
+
+void Document::MaybePreLoadImage(nsIURI* aUri,
+ const nsAString& aCrossOriginAttr,
+ ReferrerPolicyEnum aReferrerPolicy,
+ bool aIsImgSet, bool aLinkPreload) {
+ if (aLinkPreload) {
+ // Check if the image was already preloaded in this document to avoid
+ // duplicate preloading.
+ PreloadHashKey key = PreloadHashKey::CreateAsImage(
+ aUri, NodePrincipal(),
+ dom::Element::StringToCORSMode(aCrossOriginAttr));
+ if (!mPreloadService.PreloadExists(key)) {
+ PreLoadImage(aUri, aCrossOriginAttr, aReferrerPolicy, aIsImgSet,
+ aLinkPreload);
+ }
+ return;
+ }
+
+ // Early exit if the img is already present in the img-cache
+ // which indicates that the "real" load has already started and
+ // that we shouldn't preload it.
+ if (nsContentUtils::IsImageInCache(aUri, this)) {
+ return;
+ }
+
+ // Image not in cache - trigger preload
+ PreLoadImage(aUri, aCrossOriginAttr, aReferrerPolicy, aIsImgSet,
+ aLinkPreload);
+}
+
+void Document::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) {
+ NS_MutateURI mutator(aOrigURI);
+ if (NS_FAILED(mutator.GetStatus())) {
+ return;
+ }
+
+ // The URI created here is used in 2 contexts. One is nsISpeculativeConnect
+ // which ignores the path and uses only the origin. The other is for the
+ // document mPreloadedPreconnects de-duplication hash. Anonymous vs
+ // non-Anonymous preconnects create different connections on the wire and
+ // therefore should not be considred duplicates of each other and we
+ // normalize the path before putting it in the hash to accomplish that.
+
+ if (aCORSMode == CORS_ANONYMOUS) {
+ mutator.SetPathQueryRef("/anonymous"_ns);
+ } else {
+ mutator.SetPathQueryRef("/"_ns);
+ }
+
+ nsCOMPtr<nsIURI> uri;
+ nsresult rv = mutator.Finalize(uri);
+ if (NS_FAILED(rv)) {
+ return;
+ }
+
+ auto entry = mPreloadedPreconnects.LookupForAdd(uri);
+ if (entry) {
+ return; // we found an existing entry
+ }
+ entry.OrInsert([]() { return true; });
+
+ nsCOMPtr<nsISpeculativeConnect> speculator(
+ do_QueryInterface(nsContentUtils::GetIOService()));
+ if (!speculator) {
+ return;
+ }
+
+ if (aCORSMode == CORS_ANONYMOUS) {
+ speculator->SpeculativeAnonymousConnect(uri, NodePrincipal(), nullptr);
+ } else {
+ speculator->SpeculativeConnect(uri, NodePrincipal(), nullptr);
+ }
+}
+
+void Document::ForgetImagePreload(nsIURI* aURI) {
+ // Checking count is faster than hashing the URI in the common
+ // case of empty table.
+ if (mPreloadingImages.Count() != 0) {
+ nsCOMPtr<imgIRequest> req;
+ mPreloadingImages.Remove(aURI, getter_AddRefs(req));
+ if (req) {
+ // Make sure to cancel the request so imagelib knows it's gone.
+ req->CancelAndForgetObserver(NS_BINDING_ABORTED);
+ }
+ }
+}
+
+void Document::UpdateDocumentStates(EventStates aMaybeChangedStates,
+ bool aNotify) {
+ EventStates oldStates = mDocumentState;
+ if (aMaybeChangedStates.HasState(NS_DOCUMENT_STATE_RTL_LOCALE)) {
+ if (IsDocumentRightToLeft()) {
+ mDocumentState |= NS_DOCUMENT_STATE_RTL_LOCALE;
+ } else {
+ mDocumentState &= ~NS_DOCUMENT_STATE_RTL_LOCALE;
+ }
+ }
+
+ if (aMaybeChangedStates.HasState(NS_DOCUMENT_STATE_WINDOW_INACTIVE)) {
+ if (IsTopLevelWindowInactive()) {
+ mDocumentState |= NS_DOCUMENT_STATE_WINDOW_INACTIVE;
+ } else {
+ mDocumentState &= ~NS_DOCUMENT_STATE_WINDOW_INACTIVE;
+ }
+ }
+
+ EventStates changedStates = oldStates ^ mDocumentState;
+ if (aNotify && !changedStates.IsEmpty()) {
+ if (PresShell* ps = GetObservingPresShell()) {
+ ps->DocumentStatesChanged(changedStates);
+ }
+ }
+}
+
+namespace {
+
+/**
+ * Stub for LoadSheet(), since all we want is to get the sheet into
+ * the CSSLoader's style cache
+ */
+class StubCSSLoaderObserver final : public nsICSSLoaderObserver {
+ ~StubCSSLoaderObserver() = default;
+
+ public:
+ NS_IMETHOD
+ StyleSheetLoaded(StyleSheet*, bool, nsresult) override { return NS_OK; }
+ NS_DECL_ISUPPORTS
+};
+NS_IMPL_ISUPPORTS(StubCSSLoaderObserver, nsICSSLoaderObserver)
+
+} // namespace
+
+SheetPreloadStatus Document::PreloadStyle(
+ nsIURI* uri, const Encoding* aEncoding, const nsAString& aCrossOriginAttr,
+ const enum ReferrerPolicy aReferrerPolicy, const nsAString& aIntegrity,
+ bool aIsLinkPreload) {
+ // The CSSLoader will retain this object after we return.
+ nsCOMPtr<nsICSSLoaderObserver> obs = new StubCSSLoaderObserver();
+
+ nsCOMPtr<nsIReferrerInfo> referrerInfo =
+ ReferrerInfo::CreateFromDocumentAndPolicyOverride(this, aReferrerPolicy);
+
+ auto preloadType = aIsLinkPreload ? css::Loader::IsPreload::FromLink
+ : css::Loader::IsPreload::FromParser;
+
+ // Charset names are always ASCII.
+ auto result = CSSLoader()->LoadSheet(
+ uri, preloadType, aEncoding, referrerInfo, obs,
+ Element::StringToCORSMode(aCrossOriginAttr), aIntegrity);
+ if (result.isErr()) {
+ return SheetPreloadStatus::Errored;
+ }
+ RefPtr<StyleSheet> sheet = result.unwrap();
+ if (sheet->IsComplete()) {
+ return SheetPreloadStatus::AlreadyComplete;
+ }
+ return SheetPreloadStatus::InProgress;
+}
+
+RefPtr<StyleSheet> Document::LoadChromeSheetSync(nsIURI* uri) {
+ return CSSLoader()
+ ->LoadSheetSync(uri, css::eAuthorSheetFeatures)
+ .unwrapOr(nullptr);
+}
+
+void Document::ResetDocumentDirection() {
+ if (!nsContentUtils::IsChromeDoc(this)) {
+ return;
+ }
+ UpdateDocumentStates(NS_DOCUMENT_STATE_RTL_LOCALE, true);
+}
+
+bool Document::IsDocumentRightToLeft() {
+ if (!nsContentUtils::IsChromeDoc(this)) {
+ return false;
+ }
+ // setting the localedir attribute on the root element forces a
+ // specific direction for the document.
+ Element* element = GetRootElement();
+ if (element) {
+ static Element::AttrValuesArray strings[] = {nsGkAtoms::ltr, nsGkAtoms::rtl,
+ nullptr};
+ switch (element->FindAttrValueIn(kNameSpaceID_None, nsGkAtoms::localedir,
+ strings, eCaseMatters)) {
+ case 0:
+ return false;
+ case 1:
+ return true;
+ default:
+ break; // otherwise, not a valid value, so fall through
+ }
+ }
+
+ if (!mDocumentURI->SchemeIs("chrome") && !mDocumentURI->SchemeIs("about") &&
+ !mDocumentURI->SchemeIs("resource")) {
+ return false;
+ }
+
+ return intl::LocaleService::GetInstance()->IsAppLocaleRTL();
+}
+
+class nsDelayedEventDispatcher : public Runnable {
+ public:
+ explicit nsDelayedEventDispatcher(nsTArray<nsCOMPtr<Document>>&& aDocuments)
+ : mozilla::Runnable("nsDelayedEventDispatcher"),
+ mDocuments(std::move(aDocuments)) {}
+ virtual ~nsDelayedEventDispatcher() = default;
+
+ NS_IMETHOD Run() override {
+ FireOrClearDelayedEvents(mDocuments, true);
+ return NS_OK;
+ }
+
+ private:
+ nsTArray<nsCOMPtr<Document>> mDocuments;
+};
+
+static void GetAndUnsuppressSubDocuments(
+ Document& aDocument, nsTArray<nsCOMPtr<Document>>& aDocuments) {
+ if (aDocument.EventHandlingSuppressed() > 0) {
+ aDocument.DecreaseEventSuppression();
+ aDocument.ScriptLoader()->RemoveExecuteBlocker();
+ }
+ aDocuments.AppendElement(&aDocument);
+ auto recurse = [&aDocuments](Document& aSubDoc) {
+ GetAndUnsuppressSubDocuments(aSubDoc, aDocuments);
+ return CallState::Continue;
+ };
+ aDocument.EnumerateSubDocuments(recurse);
+}
+
+void Document::UnsuppressEventHandlingAndFireEvents(bool aFireEvents) {
+ nsTArray<nsCOMPtr<Document>> documents;
+ GetAndUnsuppressSubDocuments(*this, documents);
+
+ if (aFireEvents) {
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIRunnable> ded =
+ new nsDelayedEventDispatcher(std::move(documents));
+ Dispatch(TaskCategory::Other, ded.forget());
+ } else {
+ FireOrClearDelayedEvents(documents, false);
+ }
+
+ if (!EventHandlingSuppressed()) {
+ MOZ_ASSERT(NS_IsMainThread());
+ nsTArray<RefPtr<net::ChannelEventQueue>> queues =
+ std::move(mSuspendedQueues);
+ for (net::ChannelEventQueue* queue : queues) {
+ queue->Resume();
+ }
+
+ // If there have been any events driven by the refresh driver which were
+ // delayed due to events being suppressed in this document, make sure there
+ // is a refresh scheduled soon so the events will run.
+ if (mHasDelayedRefreshEvent) {
+ mHasDelayedRefreshEvent = false;
+
+ if (mPresShell) {
+ nsRefreshDriver* rd = mPresShell->GetPresContext()->RefreshDriver();
+ rd->RunDelayedEventsSoon();
+ }
+ }
+ }
+}
+
+bool Document::AreClipboardCommandsUnconditionallyEnabled() const {
+ return IsHTMLOrXHTML() && !nsContentUtils::IsChromeDoc(this);
+}
+
+void Document::AddSuspendedChannelEventQueue(net::ChannelEventQueue* aQueue) {
+ MOZ_ASSERT(NS_IsMainThread());
+ MOZ_ASSERT(EventHandlingSuppressed());
+ mSuspendedQueues.AppendElement(aQueue);
+}
+
+bool Document::SuspendPostMessageEvent(PostMessageEvent* aEvent) {
+ MOZ_ASSERT(NS_IsMainThread());
+
+ if (EventHandlingSuppressed() || !mSuspendedPostMessageEvents.IsEmpty()) {
+ mSuspendedPostMessageEvents.AppendElement(aEvent);
+ return true;
+ }
+ return false;
+}
+
+void Document::FireOrClearPostMessageEvents(bool aFireEvents) {
+ nsTArray<RefPtr<PostMessageEvent>> events =
+ std::move(mSuspendedPostMessageEvents);
+
+ if (aFireEvents) {
+ for (PostMessageEvent* event : events) {
+ event->Run();
+ }
+ }
+}
+
+void Document::SetSuppressedEventListener(EventListener* aListener) {
+ mSuppressedEventListener = aListener;
+ auto setOnSubDocs = [&](Document& aDocument) {
+ aDocument.SetSuppressedEventListener(aListener);
+ return CallState::Continue;
+ };
+ EnumerateSubDocuments(setOnSubDocs);
+}
+
+nsISupports* Document::GetCurrentContentSink() {
+ return mParser ? mParser->GetContentSink() : nullptr;
+}
+
+Document* Document::GetTemplateContentsOwner() {
+ if (!mTemplateContentsOwner) {
+ bool hasHadScriptObject = true;
+ nsIScriptGlobalObject* scriptObject =
+ GetScriptHandlingObject(hasHadScriptObject);
+
+ nsCOMPtr<Document> document;
+ nsresult rv = NS_NewDOMDocument(getter_AddRefs(document),
+ u""_ns, // aNamespaceURI
+ u""_ns, // aQualifiedName
+ nullptr, // aDoctype
+ Document::GetDocumentURI(),
+ Document::GetDocBaseURI(), NodePrincipal(),
+ true, // aLoadedAsData
+ scriptObject, // aEventObject
+ DocumentFlavorHTML);
+ NS_ENSURE_SUCCESS(rv, nullptr);
+
+ mTemplateContentsOwner = document;
+ NS_ENSURE_TRUE(mTemplateContentsOwner, nullptr);
+
+ if (!scriptObject) {
+ mTemplateContentsOwner->SetScopeObject(GetScopeObject());
+ }
+
+ mTemplateContentsOwner->mHasHadScriptHandlingObject = hasHadScriptObject;
+
+ // Set |mTemplateContentsOwner| as the template contents owner of itself so
+ // that it is the template contents owner of nested template elements.
+ mTemplateContentsOwner->mTemplateContentsOwner = mTemplateContentsOwner;
+ }
+
+ return mTemplateContentsOwner;
+}
+
+static already_AddRefed<nsPIDOMWindowOuter> FindTopWindowForElement(
+ Element* element) {
+ Document* document = element->OwnerDoc();
+ if (!document) {
+ return nullptr;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> window = document->GetWindow();
+ if (!window) {
+ return nullptr;
+ }
+
+ // Trying to find the top window (equivalent to window.top).
+ if (nsCOMPtr<nsPIDOMWindowOuter> top = window->GetInProcessTop()) {
+ window = std::move(top);
+ }
+ return window.forget();
+}
+
+/**
+ * nsAutoFocusEvent is used to dispatch a focus event for an
+ * nsGenericHTMLFormElement with the autofocus attribute enabled.
+ */
+class nsAutoFocusEvent : public Runnable {
+ public:
+ explicit nsAutoFocusEvent(nsCOMPtr<Element>&& aElement,
+ nsCOMPtr<nsPIDOMWindowOuter>&& aTopWindow)
+ : mozilla::Runnable("nsAutoFocusEvent"),
+ mElement(std::move(aElement)),
+ mTopWindow(std::move(aTopWindow)) {}
+
+ NS_IMETHOD Run() override {
+ nsCOMPtr<nsPIDOMWindowOuter> currentTopWindow =
+ FindTopWindowForElement(mElement);
+ if (currentTopWindow != mTopWindow) {
+ // The element's top window changed from when the event was queued.
+ // Don't take away focus from an unrelated window.
+ return NS_OK;
+ }
+
+ if (Document* doc = mTopWindow->GetExtantDoc()) {
+ if (doc->IsAutoFocusFired()) {
+ return NS_OK;
+ }
+ doc->SetAutoFocusFired();
+ }
+
+ // Don't steal focus from the user.
+ if (mTopWindow->GetFocusedElement()) {
+ return NS_OK;
+ }
+
+ FocusOptions options;
+ ErrorResult rv;
+ mElement->Focus(options, CallerType::System, rv);
+ return rv.StealNSResult();
+ }
+
+ private:
+ nsCOMPtr<Element> mElement;
+ nsCOMPtr<nsPIDOMWindowOuter> mTopWindow;
+};
+
+void Document::SetAutoFocusElement(Element* aAutoFocusElement) {
+ if (mAutoFocusFired) {
+ // Too late.
+ return;
+ }
+
+ if (mAutoFocusElement) {
+ // The spec disallows multiple autofocus elements, so we consider only the
+ // first one to preserve the old behavior.
+ return;
+ }
+
+ mAutoFocusElement = do_GetWeakReference(aAutoFocusElement);
+ TriggerAutoFocus();
+}
+
+void Document::SetAutoFocusFired() { mAutoFocusFired = true; }
+
+bool Document::IsAutoFocusFired() { return mAutoFocusFired; }
+
+void Document::TriggerAutoFocus() {
+ if (mAutoFocusFired) {
+ return;
+ }
+
+ if (!mPresShell || !mPresShell->DidInitialize()) {
+ // Delay autofocus until frames are constructed so that we don't thrash
+ // style and layout calculations.
+ return;
+ }
+
+ nsCOMPtr<Element> autoFocusElement = do_QueryReferent(mAutoFocusElement);
+ if (autoFocusElement && autoFocusElement->OwnerDoc() == this) {
+ nsCOMPtr<nsPIDOMWindowOuter> topWindow =
+ FindTopWindowForElement(autoFocusElement);
+ if (!topWindow) {
+ return;
+ }
+
+ // NOTE: This may be removed in the future since the spec technically
+ // allows autofocus after load.
+ nsCOMPtr<Document> topDoc = topWindow->GetExtantDoc();
+ if (topDoc &&
+ topDoc->GetReadyStateEnum() == Document::READYSTATE_COMPLETE) {
+ return;
+ }
+
+ nsCOMPtr<nsIRunnable> event =
+ new nsAutoFocusEvent(std::move(autoFocusElement), topWindow.forget());
+ nsresult rv = NS_DispatchToCurrentThread(event.forget());
+ NS_ENSURE_SUCCESS_VOID(rv);
+ }
+}
+
+void Document::SetScrollToRef(nsIURI* aDocumentURI) {
+ if (!aDocumentURI) {
+ return;
+ }
+
+ nsAutoCString ref;
+
+ // Since all URI's that pass through here aren't URL's we can't
+ // rely on the nsIURI implementation for providing a way for
+ // finding the 'ref' part of the URI, we'll haveto revert to
+ // string routines for finding the data past '#'
+
+ nsresult rv = aDocumentURI->GetSpec(ref);
+ if (NS_FAILED(rv)) {
+ Unused << aDocumentURI->GetRef(mScrollToRef);
+ return;
+ }
+
+ nsReadingIterator<char> start, end;
+
+ ref.BeginReading(start);
+ ref.EndReading(end);
+
+ if (FindCharInReadable('#', start, end)) {
+ ++start; // Skip over the '#'
+
+ mScrollToRef = Substring(start, end);
+ }
+}
+
+void Document::ScrollToRef() {
+ if (mScrolledToRefAlready) {
+ RefPtr<PresShell> presShell = GetPresShell();
+ if (presShell) {
+ presShell->ScrollToAnchor();
+ }
+ return;
+ }
+
+ if (mScrollToRef.IsEmpty()) {
+ return;
+ }
+
+ RefPtr<PresShell> presShell = GetPresShell();
+ if (presShell) {
+ nsresult rv = NS_ERROR_FAILURE;
+ // We assume that the bytes are in UTF-8, as it says in the spec:
+ // http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.1
+ NS_ConvertUTF8toUTF16 ref(mScrollToRef);
+ // Check an empty string which might be caused by the UTF-8 conversion
+ if (!ref.IsEmpty()) {
+ // Note that GoToAnchor will handle flushing layout as needed.
+ rv = presShell->GoToAnchor(ref, mChangeScrollPosWhenScrollingToRef);
+ } else {
+ rv = NS_ERROR_FAILURE;
+ }
+
+ if (NS_FAILED(rv)) {
+ nsAutoCString buff;
+ const bool unescaped =
+ NS_UnescapeURL(mScrollToRef.BeginReading(), mScrollToRef.Length(),
+ /*aFlags =*/0, buff);
+
+ // This attempt is only necessary if characters were unescaped.
+ if (unescaped) {
+ NS_ConvertUTF8toUTF16 utf16Str(buff);
+ if (!utf16Str.IsEmpty()) {
+ rv = presShell->GoToAnchor(utf16Str,
+ mChangeScrollPosWhenScrollingToRef);
+ }
+ }
+
+ // If UTF-8 URI failed then try to assume the string as a
+ // document's charset.
+ if (NS_FAILED(rv)) {
+ const Encoding* encoding = GetDocumentCharacterSet();
+ rv = encoding->DecodeWithoutBOMHandling(unescaped ? buff : mScrollToRef,
+ ref);
+ if (NS_SUCCEEDED(rv) && !ref.IsEmpty()) {
+ rv = presShell->GoToAnchor(ref, mChangeScrollPosWhenScrollingToRef);
+ }
+ }
+ }
+ if (NS_SUCCEEDED(rv)) {
+ mScrolledToRefAlready = true;
+ }
+ }
+}
+
+void Document::RegisterActivityObserver(nsISupports* aSupports) {
+ if (!mActivityObservers) {
+ mActivityObservers = MakeUnique<nsTHashtable<nsPtrHashKey<nsISupports>>>();
+ }
+ mActivityObservers->PutEntry(aSupports);
+}
+
+bool Document::UnregisterActivityObserver(nsISupports* aSupports) {
+ if (!mActivityObservers) {
+ return false;
+ }
+ nsPtrHashKey<nsISupports>* entry = mActivityObservers->GetEntry(aSupports);
+ if (!entry) {
+ return false;
+ }
+ mActivityObservers->RemoveEntry(entry);
+ return true;
+}
+
+void Document::EnumerateActivityObservers(
+ ActivityObserverEnumerator aEnumerator) {
+ if (!mActivityObservers) {
+ return;
+ }
+
+ nsTArray<nsCOMPtr<nsISupports>> observers(mActivityObservers->Count());
+ for (auto iter = mActivityObservers->ConstIter(); !iter.Done(); iter.Next()) {
+ observers.AppendElement(iter.Get()->GetKey());
+ }
+
+ for (auto& observer : observers) {
+ aEnumerator(observer.get());
+ }
+}
+
+void Document::RegisterPendingLinkUpdate(Link* aLink) {
+ if (aLink->HasPendingLinkUpdate()) {
+ return;
+ }
+
+ aLink->SetHasPendingLinkUpdate();
+
+ if (!mHasLinksToUpdateRunnable && !mFlushingPendingLinkUpdates) {
+ nsCOMPtr<nsIRunnable> event =
+ NewRunnableMethod("Document::FlushPendingLinkUpdates", this,
+ &Document::FlushPendingLinkUpdates);
+ // Do this work in a second in the worst case.
+ nsresult rv = NS_DispatchToCurrentThreadQueue(event.forget(), 1000,
+ EventQueuePriority::Idle);
+ if (NS_FAILED(rv)) {
+ // If during shutdown posting a runnable doesn't succeed, we probably
+ // don't need to update link states.
+ return;
+ }
+ mHasLinksToUpdateRunnable = true;
+ }
+
+ mLinksToUpdate.InfallibleAppend(aLink);
+}
+
+void Document::FlushPendingLinkUpdates() {
+ MOZ_DIAGNOSTIC_ASSERT(!mFlushingPendingLinkUpdates);
+ MOZ_ASSERT(mHasLinksToUpdateRunnable);
+ mHasLinksToUpdateRunnable = false;
+
+ auto restore = MakeScopeExit([&] { mFlushingPendingLinkUpdates = false; });
+ mFlushingPendingLinkUpdates = true;
+
+ while (!mLinksToUpdate.IsEmpty()) {
+ LinksToUpdateList links(std::move(mLinksToUpdate));
+ for (auto iter = links.Iter(); !iter.Done(); iter.Next()) {
+ Link* link = iter.Get();
+ Element* element = link->GetElement();
+ if (element->OwnerDoc() == this) {
+ link->ClearHasPendingLinkUpdate();
+ if (element->IsInComposedDoc()) {
+ element->UpdateLinkState(link->LinkState());
+ }
+ }
+ }
+ }
+}
+
+/**
+ * Retrieves the node in a static-clone document that corresponds to aOrigNode,
+ * which is a node in the original document from which aStaticClone was cloned.
+ */
+static nsINode* GetCorrespondingNodeInDocument(const nsINode* aOrigNode,
+ Document& aStaticClone) {
+ MOZ_ASSERT(aOrigNode);
+
+ // Selections in anonymous subtrees aren't supported.
+ if (NS_WARN_IF(aOrigNode->IsInNativeAnonymousSubtree())) {
+ return nullptr;
+ }
+
+ // If the node is disconnected, this is a bug in the selection code, but it
+ // can happen with shadow DOM so handle it.
+ if (NS_WARN_IF(!aOrigNode->IsInComposedDoc())) {
+ return nullptr;
+ }
+
+ nsTArray<int32_t> indexArray;
+ const nsINode* current = aOrigNode;
+ while (const nsINode* parent = current->GetParentNode()) {
+ int32_t index = parent->ComputeIndexOf(current);
+ MOZ_ASSERT(index >= 0);
+ indexArray.AppendElement(index);
+ current = parent;
+ }
+ MOZ_ASSERT(current->IsDocument() || current->IsShadowRoot());
+ nsINode* correspondingNode = [&]() -> nsINode* {
+ if (current->IsDocument()) {
+ return &aStaticClone;
+ }
+ const auto* shadow = ShadowRoot::FromNode(*current);
+ if (!shadow) {
+ return nullptr;
+ }
+ nsINode* correspondingHost =
+ GetCorrespondingNodeInDocument(shadow->Host(), aStaticClone);
+ if (NS_WARN_IF(!correspondingHost || !correspondingHost->IsElement())) {
+ return nullptr;
+ }
+ return correspondingHost->AsElement()->GetShadowRoot();
+ }();
+
+ if (NS_WARN_IF(!correspondingNode)) {
+ return nullptr;
+ }
+ for (int32_t i : Reversed(indexArray)) {
+ correspondingNode = correspondingNode->GetChildAt_Deprecated(i);
+ NS_ENSURE_TRUE(correspondingNode, nullptr);
+ }
+ return correspondingNode;
+}
+
+/**
+ * Caches the selection ranges from the source document onto the static clone in
+ * case the "Print Selection Only" functionality is invoked.
+ *
+ * Note that we cannot use the selection obtained from GetOriginalDocument()
+ * since that selection may have mutated after the print was invoked.
+ *
+ * Note also that because nsRange objects point into a specific document's
+ * nodes, we cannot reuse an array of nsRange objects across multiple static
+ * clone documents. For that reason we cache a new array of ranges on each
+ * static clone that we create.
+ *
+ * TODO(emilio): This can be simplified once we don't re-clone from static
+ * documents.
+ *
+ * @param aSourceDoc the document from which we are caching selection ranges
+ * @param aStaticClone the document that will hold the cache
+ * @return true if a selection range was cached
+ */
+static void CachePrintSelectionRanges(const Document& aSourceDoc,
+ Document& aStaticClone) {
+ MOZ_ASSERT(aStaticClone.IsStaticDocument());
+ MOZ_ASSERT(!aStaticClone.GetProperty(nsGkAtoms::printselectionranges));
+
+ const Selection* origSelection = nullptr;
+ const nsTArray<RefPtr<nsRange>>* origRanges = nullptr;
+ bool sourceDocIsStatic = aSourceDoc.IsStaticDocument();
+
+ if (sourceDocIsStatic) {
+ origRanges = static_cast<nsTArray<RefPtr<nsRange>>*>(
+ aSourceDoc.GetProperty(nsGkAtoms::printselectionranges));
+ } else if (PresShell* shell = aSourceDoc.GetPresShell()) {
+ origSelection = shell->GetCurrentSelection(SelectionType::eNormal);
+ }
+
+ if (!origSelection && !origRanges) {
+ return;
+ }
+
+ size_t rangeCount =
+ sourceDocIsStatic ? origRanges->Length() : origSelection->RangeCount();
+ auto printRanges = MakeUnique<nsTArray<RefPtr<nsRange>>>(rangeCount);
+
+ for (size_t i = 0; i < rangeCount; ++i) {
+ const nsRange* range = sourceDocIsStatic ? origRanges->ElementAt(i).get()
+ : origSelection->GetRangeAt(i);
+ nsINode* startContainer = range->GetStartContainer();
+ nsINode* endContainer = range->GetEndContainer();
+
+ if (!startContainer || !endContainer) {
+ continue;
+ }
+
+ nsINode* startNode =
+ GetCorrespondingNodeInDocument(startContainer, aStaticClone);
+ nsINode* endNode =
+ GetCorrespondingNodeInDocument(endContainer, aStaticClone);
+
+ if (NS_WARN_IF(!startNode || !endNode)) {
+ continue;
+ }
+
+ RefPtr<nsRange> clonedRange =
+ nsRange::Create(startNode, range->StartOffset(), endNode,
+ range->EndOffset(), IgnoreErrors());
+ if (clonedRange && !clonedRange->Collapsed()) {
+ printRanges->AppendElement(std::move(clonedRange));
+ }
+ }
+
+ if (printRanges->IsEmpty()) {
+ return;
+ }
+
+ aStaticClone.SetProperty(nsGkAtoms::printselectionranges,
+ printRanges.release(),
+ nsINode::DeleteProperty<nsTArray<RefPtr<nsRange>>>);
+}
+
+already_AddRefed<Document> Document::CreateStaticClone(
+ nsIDocShell* aCloneContainer, nsIContentViewer* aViewer,
+ bool* aOutHasInProcessPrintCallbacks) {
+ MOZ_ASSERT(!mCreatingStaticClone);
+ MOZ_ASSERT(!GetProperty(nsGkAtoms::adoptedsheetclones));
+ MOZ_DIAGNOSTIC_ASSERT(aViewer);
+
+ mCreatingStaticClone = true;
+ SetProperty(nsGkAtoms::adoptedsheetclones, new AdoptedStyleSheetCloneCache(),
+ nsINode::DeleteProperty<AdoptedStyleSheetCloneCache>);
+
+ auto raii = MakeScopeExit([&] {
+ RemoveProperty(nsGkAtoms::adoptedsheetclones);
+ mCreatingStaticClone = false;
+ });
+
+ // Make document use different container during cloning.
+ //
+ // FIXME(emilio): Why is this needed?
+ RefPtr<nsDocShell> originalShell = mDocumentContainer.get();
+ SetContainer(nsDocShell::Cast(aCloneContainer));
+ IgnoredErrorResult rv;
+ nsCOMPtr<nsINode> clonedNode = this->CloneNode(true, rv);
+ SetContainer(originalShell);
+ if (rv.Failed()) {
+ return nullptr;
+ }
+
+ nsCOMPtr<Document> clonedDoc = do_QueryInterface(clonedNode);
+ if (!clonedDoc) {
+ return nullptr;
+ }
+
+ size_t sheetsCount = SheetCount();
+ for (size_t i = 0; i < sheetsCount; ++i) {
+ RefPtr<StyleSheet> sheet = SheetAt(i);
+ if (sheet) {
+ if (sheet->IsApplicable()) {
+ RefPtr<StyleSheet> clonedSheet =
+ sheet->Clone(nullptr, nullptr, clonedDoc, nullptr);
+ NS_WARNING_ASSERTION(clonedSheet, "Cloning a stylesheet didn't work!");
+ if (clonedSheet) {
+ clonedDoc->AddStyleSheet(clonedSheet);
+ }
+ }
+ }
+ }
+ clonedDoc->CloneAdoptedSheetsFrom(*this);
+
+ for (int t = 0; t < AdditionalSheetTypeCount; ++t) {
+ auto& sheets = mAdditionalSheets[additionalSheetType(t)];
+ for (StyleSheet* sheet : sheets) {
+ if (sheet->IsApplicable()) {
+ RefPtr<StyleSheet> clonedSheet =
+ sheet->Clone(nullptr, nullptr, clonedDoc, nullptr);
+ NS_WARNING_ASSERTION(clonedSheet, "Cloning a stylesheet didn't work!");
+ if (clonedSheet) {
+ clonedDoc->AddAdditionalStyleSheet(additionalSheetType(t),
+ clonedSheet);
+ }
+ }
+ }
+ }
+
+ // Font faces created with the JS API will not be reflected in the
+ // stylesheets and need to be copied over to the cloned document.
+ if (const FontFaceSet* set = GetFonts()) {
+ set->CopyNonRuleFacesTo(clonedDoc->Fonts());
+ }
+
+ clonedDoc->mReferrerInfo =
+ static_cast<dom::ReferrerInfo*>(mReferrerInfo.get())->Clone();
+ clonedDoc->mPreloadReferrerInfo = clonedDoc->mReferrerInfo;
+ CachePrintSelectionRanges(*this, *clonedDoc);
+
+ // We're done with the clone, embed ourselves into the document viewer and
+ // clone our children. The order here is pretty important, because our
+ // document our document needs to have an owner global before we can create
+ // the frame loaders for subdocuments.
+ aViewer->SetDocument(clonedDoc);
+
+ *aOutHasInProcessPrintCallbacks |= clonedDoc->HasPrintCallbacks();
+
+ auto pendingClones = std::move(clonedDoc->mPendingFrameStaticClones);
+ for (const auto& clone : pendingClones) {
+ RefPtr<Element> element = do_QueryObject(clone.mElement);
+ RefPtr<nsFrameLoader> frameLoader =
+ nsFrameLoader::Create(element, /* aNetworkCreated */ false);
+
+ if (NS_WARN_IF(!frameLoader)) {
+ continue;
+ }
+
+ clone.mElement->SetFrameLoader(frameLoader);
+
+ nsresult rv = frameLoader->FinishStaticClone(
+ clone.mStaticCloneOf, aOutHasInProcessPrintCallbacks);
+ Unused << NS_WARN_IF(NS_FAILED(rv));
+ }
+
+ return clonedDoc.forget();
+}
+
+void Document::UnlinkOriginalDocumentIfStatic() {
+ if (IsStaticDocument() && mOriginalDocument) {
+ MOZ_ASSERT(mOriginalDocument->mStaticCloneCount > 0);
+ mOriginalDocument->mStaticCloneCount--;
+ mOriginalDocument = nullptr;
+ }
+ MOZ_ASSERT(!mOriginalDocument);
+}
+
+nsresult Document::ScheduleFrameRequestCallback(FrameRequestCallback& aCallback,
+ int32_t* aHandle) {
+ if (mFrameRequestCallbackCounter == INT32_MAX) {
+ // Can't increment without overflowing; bail out
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ int32_t newHandle = ++mFrameRequestCallbackCounter;
+
+ mFrameRequestCallbacks.AppendElement(FrameRequest(aCallback, newHandle));
+ UpdateFrameRequestCallbackSchedulingState();
+
+ *aHandle = newHandle;
+ return NS_OK;
+}
+
+void Document::CancelFrameRequestCallback(int32_t aHandle) {
+ // mFrameRequestCallbacks is stored sorted by handle
+ if (mFrameRequestCallbacks.RemoveElementSorted(aHandle)) {
+ UpdateFrameRequestCallbackSchedulingState();
+ } else {
+ Unused << mCanceledFrameRequestCallbacks.put(aHandle);
+ }
+}
+
+bool Document::IsCanceledFrameRequestCallback(int32_t aHandle) const {
+ return !mCanceledFrameRequestCallbacks.empty() &&
+ mCanceledFrameRequestCallbacks.has(aHandle);
+}
+
+nsresult Document::GetStateObject(nsIVariant** aState) {
+ // Get the document's current state object. This is the object backing both
+ // history.state and popStateEvent.state.
+ //
+ // mStateObjectContainer may be null; this just means that there's no
+ // current state object.
+
+ if (!mStateObjectCached && mStateObjectContainer) {
+ AutoJSAPI jsapi;
+ // Init with null is "OK" in the sense that it will just fail.
+ if (!jsapi.Init(GetScopeObject())) {
+ return NS_ERROR_UNEXPECTED;
+ }
+ mStateObjectContainer->DeserializeToVariant(
+ jsapi.cx(), getter_AddRefs(mStateObjectCached));
+ }
+
+ NS_IF_ADDREF(*aState = mStateObjectCached);
+ return NS_OK;
+}
+
+void Document::SetNavigationTiming(nsDOMNavigationTiming* aTiming) {
+ mTiming = aTiming;
+ if (!mLoadingTimeStamp.IsNull() && mTiming) {
+ mTiming->SetDOMLoadingTimeStamp(GetDocumentURI(), mLoadingTimeStamp);
+ }
+}
+
+nsContentList* Document::ImageMapList() {
+ if (!mImageMaps) {
+ mImageMaps = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::map,
+ nsGkAtoms::map);
+ }
+
+ return mImageMaps;
+}
+
+#define DEPRECATED_OPERATION(_op) #_op "Warning",
+static const char* kDeprecationWarnings[] = {
+#include "nsDeprecatedOperationList.h"
+ nullptr};
+#undef DEPRECATED_OPERATION
+
+#define DOCUMENT_WARNING(_op) #_op "Warning",
+static const char* kDocumentWarnings[] = {
+#include "nsDocumentWarningList.h"
+ nullptr};
+#undef DOCUMENT_WARNING
+
+static UseCounter OperationToUseCounter(DeprecatedOperations aOperation) {
+ switch (aOperation) {
+#define DEPRECATED_OPERATION(_op) \
+ case DeprecatedOperations::e##_op: \
+ return eUseCounter_##_op;
+#include "nsDeprecatedOperationList.h"
+#undef DEPRECATED_OPERATION
+ default:
+ MOZ_CRASH();
+ }
+}
+
+bool Document::HasWarnedAbout(DeprecatedOperations aOperation) const {
+ return mDeprecationWarnedAbout[static_cast<size_t>(aOperation)];
+}
+
+void Document::WarnOnceAbout(
+ DeprecatedOperations aOperation, bool asError /* = false */,
+ const nsTArray<nsString>& aParams /* = empty array */) const {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (HasWarnedAbout(aOperation)) {
+ return;
+ }
+ mDeprecationWarnedAbout[static_cast<size_t>(aOperation)] = true;
+ // Don't count deprecated operations for about pages since those pages
+ // are almost in our control, and we always need to remove uses there
+ // before we remove the operation itself anyway.
+ if (!IsAboutPage()) {
+ const_cast<Document*>(this)->SetUseCounter(
+ OperationToUseCounter(aOperation));
+ }
+ uint32_t flags =
+ asError ? nsIScriptError::errorFlag : nsIScriptError::warningFlag;
+ nsContentUtils::ReportToConsole(
+ flags, "DOM Core"_ns, this, nsContentUtils::eDOM_PROPERTIES,
+ kDeprecationWarnings[static_cast<size_t>(aOperation)], aParams);
+}
+
+bool Document::HasWarnedAbout(DocumentWarnings aWarning) const {
+ return mDocWarningWarnedAbout[aWarning];
+}
+
+void Document::WarnOnceAbout(
+ DocumentWarnings aWarning, bool asError /* = false */,
+ const nsTArray<nsString>& aParams /* = empty array */) const {
+ MOZ_ASSERT(NS_IsMainThread());
+ if (HasWarnedAbout(aWarning)) {
+ return;
+ }
+ mDocWarningWarnedAbout[aWarning] = true;
+ uint32_t flags =
+ asError ? nsIScriptError::errorFlag : nsIScriptError::warningFlag;
+ nsContentUtils::ReportToConsole(flags, "DOM Core"_ns, this,
+ nsContentUtils::eDOM_PROPERTIES,
+ kDocumentWarnings[aWarning], aParams);
+}
+
+mozilla::dom::ImageTracker* Document::ImageTracker() {
+ if (!mImageTracker) {
+ mImageTracker = new mozilla::dom::ImageTracker;
+ }
+ return mImageTracker;
+}
+
+void Document::GetPlugins(nsTArray<nsIObjectLoadingContent*>& aPlugins) {
+ aPlugins.SetCapacity(aPlugins.Length() + mPlugins.Count());
+ for (auto iter = mPlugins.ConstIter(); !iter.Done(); iter.Next()) {
+ aPlugins.AppendElement(iter.Get()->GetKey());
+ }
+ auto recurse = [&aPlugins](Document& aSubDoc) {
+ aSubDoc.GetPlugins(aPlugins);
+ return CallState::Continue;
+ };
+ EnumerateSubDocuments(recurse);
+}
+
+void Document::ScheduleSVGUseElementShadowTreeUpdate(
+ SVGUseElement& aUseElement) {
+ MOZ_ASSERT(aUseElement.IsInComposedDoc());
+
+ mSVGUseElementsNeedingShadowTreeUpdate.PutEntry(&aUseElement);
+
+ if (PresShell* presShell = GetPresShell()) {
+ presShell->EnsureStyleFlush();
+ }
+}
+
+void Document::DoUpdateSVGUseElementShadowTrees() {
+ MOZ_ASSERT(!mSVGUseElementsNeedingShadowTreeUpdate.IsEmpty());
+ nsTArray<RefPtr<SVGUseElement>> useElementsToUpdate;
+
+ do {
+ useElementsToUpdate.Clear();
+ useElementsToUpdate.SetCapacity(
+ mSVGUseElementsNeedingShadowTreeUpdate.Count());
+
+ {
+ for (auto iter = mSVGUseElementsNeedingShadowTreeUpdate.ConstIter();
+ !iter.Done(); iter.Next()) {
+ useElementsToUpdate.AppendElement(iter.Get()->GetKey());
+ }
+ mSVGUseElementsNeedingShadowTreeUpdate.Clear();
+ }
+
+ for (auto& useElement : useElementsToUpdate) {
+ if (MOZ_UNLIKELY(!useElement->IsInComposedDoc())) {
+ // The element was in another <use> shadow tree which we processed
+ // already and also needed an update, and is removed from the document
+ // now, so nothing to do here.
+ MOZ_ASSERT(useElementsToUpdate.Length() > 1);
+ continue;
+ }
+ useElement->UpdateShadowTree();
+ }
+ } while (!mSVGUseElementsNeedingShadowTreeUpdate.IsEmpty());
+}
+
+void Document::NotifyMediaFeatureValuesChanged() {
+ for (auto iter = mResponsiveContent.ConstIter(); !iter.Done(); iter.Next()) {
+ RefPtr<HTMLImageElement> imageElement = iter.Get()->GetKey();
+ imageElement->MediaFeatureValuesChanged();
+ }
+}
+
+already_AddRefed<Touch> Document::CreateTouch(
+ nsGlobalWindowInner* aView, EventTarget* aTarget, int32_t aIdentifier,
+ int32_t aPageX, int32_t aPageY, int32_t aScreenX, int32_t aScreenY,
+ int32_t aClientX, int32_t aClientY, int32_t aRadiusX, int32_t aRadiusY,
+ float aRotationAngle, float aForce) {
+ RefPtr<Touch> touch =
+ new Touch(aTarget, aIdentifier, aPageX, aPageY, aScreenX, aScreenY,
+ aClientX, aClientY, aRadiusX, aRadiusY, aRotationAngle, aForce);
+ return touch.forget();
+}
+
+already_AddRefed<TouchList> Document::CreateTouchList() {
+ RefPtr<TouchList> retval = new TouchList(ToSupports(this));
+ return retval.forget();
+}
+
+already_AddRefed<TouchList> Document::CreateTouchList(
+ Touch& aTouch, const Sequence<OwningNonNull<Touch>>& aTouches) {
+ RefPtr<TouchList> retval = new TouchList(ToSupports(this));
+ retval->Append(&aTouch);
+ for (uint32_t i = 0; i < aTouches.Length(); ++i) {
+ retval->Append(aTouches[i].get());
+ }
+ return retval.forget();
+}
+
+already_AddRefed<TouchList> Document::CreateTouchList(
+ const Sequence<OwningNonNull<Touch>>& aTouches) {
+ RefPtr<TouchList> retval = new TouchList(ToSupports(this));
+ for (uint32_t i = 0; i < aTouches.Length(); ++i) {
+ retval->Append(aTouches[i].get());
+ }
+ return retval.forget();
+}
+
+already_AddRefed<nsDOMCaretPosition> Document::CaretPositionFromPoint(
+ float aX, float aY) {
+ using FrameForPointOption = nsLayoutUtils::FrameForPointOption;
+
+ nscoord x = nsPresContext::CSSPixelsToAppUnits(aX);
+ nscoord y = nsPresContext::CSSPixelsToAppUnits(aY);
+ nsPoint pt(x, y);
+
+ FlushPendingNotifications(FlushType::Layout);
+
+ PresShell* presShell = GetPresShell();
+ if (!presShell) {
+ return nullptr;
+ }
+
+ nsIFrame* rootFrame = presShell->GetRootFrame();
+
+ // XUL docs, unlike HTML, have no frame tree until everything's done loading
+ if (!rootFrame) {
+ return nullptr;
+ }
+
+ nsIFrame* ptFrame = nsLayoutUtils::GetFrameForPoint(
+ RelativeTo{rootFrame}, pt,
+ {{FrameForPointOption::IgnorePaintSuppression,
+ FrameForPointOption::IgnoreCrossDoc}});
+ if (!ptFrame) {
+ return nullptr;
+ }
+
+ // We require frame-relative coordinates for GetContentOffsetsFromPoint.
+ nsPoint aOffset;
+ nsCOMPtr<nsIWidget> widget = nsContentUtils::GetWidget(presShell, &aOffset);
+ LayoutDeviceIntPoint refPoint = nsContentUtils::ToWidgetPoint(
+ CSSPoint(aX, aY), aOffset, GetPresContext());
+ nsPoint adjustedPoint = nsLayoutUtils::GetEventCoordinatesRelativeTo(
+ widget, refPoint, RelativeTo{ptFrame});
+
+ nsIFrame::ContentOffsets offsets =
+ ptFrame->GetContentOffsetsFromPoint(adjustedPoint);
+
+ nsCOMPtr<nsIContent> node = offsets.content;
+ uint32_t offset = offsets.offset;
+ nsCOMPtr<nsIContent> anonNode = node;
+ bool nodeIsAnonymous = node && node->IsInNativeAnonymousSubtree();
+ if (nodeIsAnonymous) {
+ node = ptFrame->GetContent();
+ nsIContent* nonanon = node->FindFirstNonChromeOnlyAccessContent();
+ HTMLTextAreaElement* textArea = HTMLTextAreaElement::FromNode(nonanon);
+ nsITextControlFrame* textFrame = do_QueryFrame(nonanon->GetPrimaryFrame());
+ if (textFrame) {
+ // If the anonymous content node has a child, then we need to make sure
+ // that we get the appropriate child, as otherwise the offset may not be
+ // correct when we construct a range for it.
+ nsCOMPtr<nsIContent> firstChild = anonNode->GetFirstChild();
+ if (firstChild) {
+ anonNode = firstChild;
+ }
+
+ if (textArea) {
+ offset =
+ nsContentUtils::GetAdjustedOffsetInTextControl(ptFrame, offset);
+ }
+
+ node = nonanon;
+ } else {
+ node = nullptr;
+ offset = 0;
+ }
+ }
+
+ RefPtr<nsDOMCaretPosition> aCaretPos = new nsDOMCaretPosition(node, offset);
+ if (nodeIsAnonymous) {
+ aCaretPos->SetAnonymousContentNode(anonNode);
+ }
+ return aCaretPos.forget();
+}
+
+bool Document::IsPotentiallyScrollable(HTMLBodyElement* aBody) {
+ // We rely on correct frame information here, so need to flush frames.
+ FlushPendingNotifications(FlushType::Frames);
+
+ // An element that is the HTML body element is potentially scrollable if all
+ // of the following conditions are true:
+
+ // The element has an associated CSS layout box.
+ nsIFrame* bodyFrame = nsLayoutUtils::GetStyleFrame(aBody);
+ if (!bodyFrame) {
+ return false;
+ }
+
+ // The element's parent element's computed value of the overflow-x and
+ // overflow-y properties are visible.
+ MOZ_ASSERT(aBody->GetParent() == aBody->OwnerDoc()->GetRootElement());
+ nsIFrame* parentFrame = nsLayoutUtils::GetStyleFrame(aBody->GetParent());
+ if (parentFrame &&
+ parentFrame->StyleDisplay()->OverflowIsVisibleInBothAxis()) {
+ return false;
+ }
+
+ // The element's computed value of the overflow-x or overflow-y properties is
+ // not visible.
+ return !bodyFrame->StyleDisplay()->OverflowIsVisibleInBothAxis();
+}
+
+Element* Document::GetScrollingElement() {
+ // Keep this in sync with IsScrollingElement.
+ if (GetCompatibilityMode() == eCompatibility_NavQuirks) {
+ RefPtr<HTMLBodyElement> body = GetBodyElement();
+ if (body && !IsPotentiallyScrollable(body)) {
+ return body;
+ }
+
+ return nullptr;
+ }
+
+ return GetRootElement();
+}
+
+bool Document::IsScrollingElement(Element* aElement) {
+ // Keep this in sync with GetScrollingElement.
+ MOZ_ASSERT(aElement);
+
+ if (GetCompatibilityMode() != eCompatibility_NavQuirks) {
+ return aElement == GetRootElement();
+ }
+
+ // In the common case when aElement != body, avoid refcounting.
+ HTMLBodyElement* body = GetBodyElement();
+ if (aElement != body) {
+ return false;
+ }
+
+ // Now we know body is non-null, since aElement is not null. It's the
+ // scrolling element for the document if it itself is not potentially
+ // scrollable.
+ RefPtr<HTMLBodyElement> strongBody(body);
+ return !IsPotentiallyScrollable(strongBody);
+}
+
+class UnblockParsingPromiseHandler final : public PromiseNativeHandler {
+ public:
+ NS_DECL_CYCLE_COLLECTING_ISUPPORTS
+ NS_DECL_CYCLE_COLLECTION_CLASS(UnblockParsingPromiseHandler)
+
+ explicit UnblockParsingPromiseHandler(Document* aDocument, Promise* aPromise,
+ const BlockParsingOptions& aOptions)
+ : mPromise(aPromise) {
+ nsCOMPtr<nsIParser> parser = aDocument->CreatorParserOrNull();
+ if (parser &&
+ (aOptions.mBlockScriptCreated || !parser->IsScriptCreated())) {
+ parser->BlockParser();
+ mParser = do_GetWeakReference(parser);
+ mDocument = aDocument;
+ mDocument->BlockOnload();
+ mDocument->BlockDOMContentLoaded();
+ }
+ }
+
+ void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override {
+ MaybeUnblockParser();
+
+ mPromise->MaybeResolve(aValue);
+ }
+
+ void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue) override {
+ MaybeUnblockParser();
+
+ mPromise->MaybeReject(aValue);
+ }
+
+ protected:
+ virtual ~UnblockParsingPromiseHandler() {
+ // If we're being cleaned up by the cycle collector, our mDocument reference
+ // may have been unlinked while our mParser weak reference is still alive.
+ if (mDocument) {
+ MaybeUnblockParser();
+ }
+ }
+
+ private:
+ void MaybeUnblockParser() {
+ nsCOMPtr<nsIParser> parser = do_QueryReferent(mParser);
+ if (parser) {
+ MOZ_DIAGNOSTIC_ASSERT(mDocument);
+ nsCOMPtr<nsIParser> docParser = mDocument->CreatorParserOrNull();
+ if (parser == docParser) {
+ parser->UnblockParser();
+ parser->ContinueInterruptedParsingAsync();
+ }
+ }
+ if (mDocument) {
+ // We blocked DOMContentLoaded and load events on this document. Unblock
+ // them. Note that we want to do that no matter what's going on with the
+ // parser state for this document. Maybe someone caused it to stop being
+ // parsed, so CreatorParserOrNull() is returning null, but we still want
+ // to unblock these.
+ mDocument->UnblockDOMContentLoaded();
+ mDocument->UnblockOnload(false);
+ }
+ mParser = nullptr;
+ mDocument = nullptr;
+ }
+
+ nsWeakPtr mParser;
+ RefPtr<Promise> mPromise;
+ RefPtr<Document> mDocument;
+};
+
+NS_IMPL_CYCLE_COLLECTION(UnblockParsingPromiseHandler, mDocument, mPromise)
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(UnblockParsingPromiseHandler)
+ NS_INTERFACE_MAP_ENTRY(nsISupports)
+NS_INTERFACE_MAP_END
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(UnblockParsingPromiseHandler)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(UnblockParsingPromiseHandler)
+
+already_AddRefed<Promise> Document::BlockParsing(
+ Promise& aPromise, const BlockParsingOptions& aOptions, ErrorResult& aRv) {
+ RefPtr<Promise> resultPromise =
+ Promise::Create(aPromise.GetParentObject(), aRv);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+
+ RefPtr<PromiseNativeHandler> promiseHandler =
+ new UnblockParsingPromiseHandler(this, resultPromise, aOptions);
+ aPromise.AppendNativeHandler(promiseHandler);
+
+ return resultPromise.forget();
+}
+
+already_AddRefed<nsIURI> Document::GetMozDocumentURIIfNotForErrorPages() {
+ if (mFailedChannel) {
+ nsCOMPtr<nsIURI> failedURI;
+ if (NS_SUCCEEDED(mFailedChannel->GetURI(getter_AddRefs(failedURI)))) {
+ return failedURI.forget();
+ }
+ }
+
+ nsCOMPtr<nsIURI> uri = GetDocumentURIObject();
+ if (!uri) {
+ return nullptr;
+ }
+
+ return uri.forget();
+}
+
+Promise* Document::GetDocumentReadyForIdle(ErrorResult& aRv) {
+ if (mIsGoingAway) {
+ aRv.Throw(NS_ERROR_NOT_AVAILABLE);
+ return nullptr;
+ }
+
+ if (!mReadyForIdle) {
+ nsIGlobalObject* global = GetScopeObject();
+ if (!global) {
+ aRv.Throw(NS_ERROR_NOT_AVAILABLE);
+ return nullptr;
+ }
+
+ mReadyForIdle = Promise::Create(global, aRv);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+ }
+
+ return mReadyForIdle;
+}
+
+void Document::MaybeResolveReadyForIdle() {
+ IgnoredErrorResult rv;
+ Promise* readyPromise = GetDocumentReadyForIdle(rv);
+ if (readyPromise) {
+ readyPromise->MaybeResolve(this);
+ }
+}
+
+mozilla::dom::FeaturePolicy* Document::FeaturePolicy() const {
+ // The policy is created when the document is initialized. We _must_ have a
+ // policy here even if the featurePolicy pref is off. If this assertion fails,
+ // it means that ::FeaturePolicy() is called before ::StartDocumentLoad().
+ MOZ_ASSERT(mFeaturePolicy);
+ return mFeaturePolicy;
+}
+
+nsIDOMXULCommandDispatcher* Document::GetCommandDispatcher() {
+ // Only chrome documents are allowed to use command dispatcher.
+ if (!nsContentUtils::IsChromeDoc(this)) {
+ return nullptr;
+ }
+ if (!mCommandDispatcher) {
+ // Create our command dispatcher and hook it up.
+ mCommandDispatcher = new nsXULCommandDispatcher(this);
+ }
+ return mCommandDispatcher;
+}
+
+void Document::InitializeXULBroadcastManager() {
+ if (mXULBroadcastManager) {
+ return;
+ }
+ mXULBroadcastManager = new XULBroadcastManager(this);
+}
+
+static bool NodeHasScopeObject(nsINode* node) {
+ MOZ_ASSERT(node, "Must not be called with null.");
+
+ // Window root occasionally keeps alive a node of a document whose
+ // window is already dead. If in this brief period someone calls
+ // GetPopupNode and we return that node, we can end up creating a
+ // reflector for the node in the wrong global (the current global,
+ // not the document global, because we won't know what the document
+ // global is). Returning an orphan node like that to JS would be a
+ // bug anyway, so to avoid this, let's do the same check as fetching
+ // GetParentObject() on the document does to determine the scope and
+ // if there is no usable scope object let's report that and return
+ // null from Document::GetPopupNode instead of returning a node that
+ // will get a reflector in the wrong scope.
+ Document* doc = node->OwnerDoc();
+ MOZ_ASSERT(doc, "This should never happen.");
+
+ nsIGlobalObject* global = doc->GetScopeObject();
+ return global ? global->HasJSGlobal() : false;
+}
+
+already_AddRefed<nsPIWindowRoot> Document::GetWindowRoot() {
+ if (!mDocumentContainer) {
+ return nullptr;
+ }
+ // XXX It's unclear why this can't just use GetWindow().
+ nsCOMPtr<nsPIDOMWindowOuter> piWin = mDocumentContainer->GetWindow();
+ return piWin ? piWin->GetTopWindowRoot() : nullptr;
+}
+
+already_AddRefed<nsINode> Document::GetPopupNode() {
+ nsCOMPtr<nsINode> node;
+ nsCOMPtr<nsPIWindowRoot> rootWin = GetWindowRoot();
+ if (rootWin) {
+ node = rootWin->GetPopupNode(); // addref happens here
+ }
+
+ if (!node) {
+ nsXULPopupManager* pm = nsXULPopupManager::GetInstance();
+ if (pm) {
+ node = pm->GetLastTriggerPopupNode(this);
+ }
+ }
+
+ if (node && NodeHasScopeObject(node)) {
+ return node.forget();
+ }
+
+ return nullptr;
+}
+
+void Document::SetPopupNode(nsINode* aNode) {
+ nsCOMPtr<nsPIWindowRoot> rootWin = GetWindowRoot();
+ if (rootWin) {
+ rootWin->SetPopupNode(aNode);
+ }
+}
+
+// Returns the rangeOffset element from the XUL Popup Manager. This is for
+// chrome callers only.
+nsINode* Document::GetPopupRangeParent(ErrorResult& aRv) {
+ nsXULPopupManager* pm = nsXULPopupManager::GetInstance();
+ if (!pm) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return nullptr;
+ }
+
+ return pm->GetMouseLocationParent();
+}
+
+// Returns the rangeOffset element from the XUL Popup Manager.
+int32_t Document::GetPopupRangeOffset(ErrorResult& aRv) {
+ nsXULPopupManager* pm = nsXULPopupManager::GetInstance();
+ if (!pm) {
+ aRv.Throw(NS_ERROR_FAILURE);
+ return 0;
+ }
+
+ return pm->MouseLocationOffset();
+}
+
+already_AddRefed<nsINode> Document::GetTooltipNode() {
+ nsXULPopupManager* pm = nsXULPopupManager::GetInstance();
+ if (pm) {
+ nsCOMPtr<nsINode> node = pm->GetLastTriggerTooltipNode(this);
+ if (node) {
+ return node.forget();
+ }
+ }
+
+ return nullptr;
+}
+
+void Document::MaybeWarnAboutZoom() {
+ if (mHasWarnedAboutZoom) {
+ return;
+ }
+ const bool usedZoom = Servo_IsPropertyIdRecordedInUseCounter(
+ mStyleUseCounters.get(), eCSSProperty_zoom);
+ if (!usedZoom) {
+ return;
+ }
+
+ mHasWarnedAboutZoom = true;
+ nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "Layout"_ns,
+ this, nsContentUtils::eLAYOUT_PROPERTIES,
+ "ZoomPropertyWarning");
+}
+
+nsIHTMLCollection* Document::Children() {
+ if (!mChildrenCollection) {
+ mChildrenCollection =
+ new nsContentList(this, kNameSpaceID_Wildcard, nsGkAtoms::_asterisk,
+ nsGkAtoms::_asterisk, false);
+ }
+
+ return mChildrenCollection;
+}
+
+uint32_t Document::ChildElementCount() { return Children()->Length(); }
+
+// Singleton class to manage the list of fullscreen documents which are the
+// root of a branch which contains fullscreen documents. We maintain this list
+// so that we can easily exit all windows from fullscreen when the user
+// presses the escape key.
+class FullscreenRoots {
+ public:
+ // Adds the root of given document to the manager. Calling this method
+ // with a document whose root is already contained has no effect.
+ static void Add(Document* aDoc);
+
+ // Iterates over every root in the root list, and calls aFunction, passing
+ // each root once to aFunction. It is safe to call Add() and Remove() while
+ // iterating over the list (i.e. in aFunction). Documents that are removed
+ // from the manager during traversal are not traversed, and documents that
+ // are added to the manager during traversal are also not traversed.
+ static void ForEach(void (*aFunction)(Document* aDoc));
+
+ // Removes the root of a specific document from the manager.
+ static void Remove(Document* aDoc);
+
+ // Returns true if all roots added to the list have been removed.
+ static bool IsEmpty();
+
+ private:
+ MOZ_COUNTED_DEFAULT_CTOR(FullscreenRoots)
+ MOZ_COUNTED_DTOR(FullscreenRoots)
+
+ enum { NotFound = uint32_t(-1) };
+ // Looks in mRoots for aRoot. Returns the index if found, otherwise NotFound.
+ static uint32_t Find(Document* aRoot);
+
+ // Returns true if aRoot is in the list of fullscreen roots.
+ static bool Contains(Document* aRoot);
+
+ // Singleton instance of the FullscreenRoots. This is instantiated when a
+ // root is added, and it is deleted when the last root is removed.
+ static FullscreenRoots* sInstance;
+
+ // List of weak pointers to roots.
+ nsTArray<nsWeakPtr> mRoots;
+};
+
+FullscreenRoots* FullscreenRoots::sInstance = nullptr;
+
+/* static */
+void FullscreenRoots::ForEach(void (*aFunction)(Document* aDoc)) {
+ if (!sInstance) {
+ return;
+ }
+ // Create a copy of the roots array, and iterate over the copy. This is so
+ // that if an element is removed from mRoots we don't mess up our iteration.
+ nsTArray<nsWeakPtr> roots(sInstance->mRoots.Clone());
+ // Call aFunction on all entries.
+ for (uint32_t i = 0; i < roots.Length(); i++) {
+ nsCOMPtr<Document> root = do_QueryReferent(roots[i]);
+ // Check that the root isn't in the manager. This is so that new additions
+ // while we were running don't get traversed.
+ if (root && FullscreenRoots::Contains(root)) {
+ aFunction(root);
+ }
+ }
+}
+
+/* static */
+bool FullscreenRoots::Contains(Document* aRoot) {
+ return FullscreenRoots::Find(aRoot) != NotFound;
+}
+
+/* static */
+void FullscreenRoots::Add(Document* aDoc) {
+ nsCOMPtr<Document> root = nsContentUtils::GetRootDocument(aDoc);
+ if (!FullscreenRoots::Contains(root)) {
+ if (!sInstance) {
+ sInstance = new FullscreenRoots();
+ }
+ sInstance->mRoots.AppendElement(do_GetWeakReference(root));
+ }
+}
+
+/* static */
+uint32_t FullscreenRoots::Find(Document* aRoot) {
+ if (!sInstance) {
+ return NotFound;
+ }
+ nsTArray<nsWeakPtr>& roots = sInstance->mRoots;
+ for (uint32_t i = 0; i < roots.Length(); i++) {
+ nsCOMPtr<Document> otherRoot(do_QueryReferent(roots[i]));
+ if (otherRoot == aRoot) {
+ return i;
+ }
+ }
+ return NotFound;
+}
+
+/* static */
+void FullscreenRoots::Remove(Document* aDoc) {
+ nsCOMPtr<Document> root = nsContentUtils::GetRootDocument(aDoc);
+ uint32_t index = Find(root);
+ NS_ASSERTION(index != NotFound,
+ "Should only try to remove roots which are still added!");
+ if (index == NotFound || !sInstance) {
+ return;
+ }
+ sInstance->mRoots.RemoveElementAt(index);
+ if (sInstance->mRoots.IsEmpty()) {
+ delete sInstance;
+ sInstance = nullptr;
+ }
+}
+
+/* static */
+bool FullscreenRoots::IsEmpty() { return !sInstance; }
+
+// Any fullscreen change waiting for the widget to finish transition
+// is queued here. This is declared static instead of a member of
+// Document because in the majority of time, there would be at most
+// one document requesting or exiting fullscreen. We shouldn't waste
+// the space to hold for it in every document.
+class PendingFullscreenChangeList {
+ public:
+ PendingFullscreenChangeList() = delete;
+
+ template <typename T>
+ static void Add(UniquePtr<T> aChange) {
+ sList.insertBack(aChange.release());
+ }
+
+ static const FullscreenChange* GetLast() { return sList.getLast(); }
+
+ enum IteratorOption {
+ // When we are committing fullscreen changes or preparing for
+ // that, we generally want to iterate all requests in the same
+ // window with eDocumentsWithSameRoot option.
+ eDocumentsWithSameRoot,
+ // If we are removing a document from the tree, we would only
+ // want to remove the requests from the given document and its
+ // descendants. For that case, use eInclusiveDescendants.
+ eInclusiveDescendants
+ };
+
+ template <typename T>
+ class Iterator {
+ public:
+ explicit Iterator(Document* aDoc, IteratorOption aOption)
+ : mCurrent(PendingFullscreenChangeList::sList.getFirst()) {
+ if (mCurrent) {
+ if (aDoc->GetBrowsingContext()) {
+ mRootBCForIteration = aDoc->GetBrowsingContext();
+ if (aOption == eDocumentsWithSameRoot) {
+ RefPtr<BrowsingContext> bc =
+ GetParentIgnoreChromeBoundary(mRootBCForIteration);
+ while (bc) {
+ mRootBCForIteration = bc;
+ bc = GetParentIgnoreChromeBoundary(mRootBCForIteration);
+ }
+ }
+ }
+ SkipToNextMatch();
+ }
+ }
+
+ UniquePtr<T> TakeAndNext() {
+ auto thisChange = TakeAndNextInternal();
+ SkipToNextMatch();
+ return thisChange;
+ }
+ bool AtEnd() const { return mCurrent == nullptr; }
+
+ private:
+ already_AddRefed<BrowsingContext> GetParentIgnoreChromeBoundary(
+ BrowsingContext* aBC) {
+ // Chrome BrowsingContexts are only available in the parent process, so if
+ // we're in a content process, we only worry about the context tree.
+ if (XRE_IsParentProcess()) {
+ return aBC->Canonical()->GetParentCrossChromeBoundary();
+ }
+ return do_AddRef(aBC->GetParent());
+ }
+
+ UniquePtr<T> TakeAndNextInternal() {
+ FullscreenChange* thisChange = mCurrent;
+ MOZ_ASSERT(thisChange->Type() == T::kType);
+ mCurrent = mCurrent->removeAndGetNext();
+ return WrapUnique(static_cast<T*>(thisChange));
+ }
+ void SkipToNextMatch() {
+ while (mCurrent) {
+ if (mCurrent->Type() == T::kType) {
+ RefPtr<BrowsingContext> bc =
+ mCurrent->Document()->GetBrowsingContext();
+ if (!bc) {
+ // Always automatically drop fullscreen changes which are
+ // from a document detached from the doc shell.
+ UniquePtr<T> change = TakeAndNextInternal();
+ change->MayRejectPromise("Document is not active");
+ continue;
+ }
+ while (bc && bc != mRootBCForIteration) {
+ bc = GetParentIgnoreChromeBoundary(bc);
+ }
+ if (bc) {
+ break;
+ }
+ }
+ // The current one either don't have matched type, or isn't
+ // inside the given subtree, so skip this item.
+ mCurrent = mCurrent->getNext();
+ }
+ }
+
+ FullscreenChange* mCurrent;
+ RefPtr<BrowsingContext> mRootBCForIteration;
+ };
+
+ private:
+ static LinkedList<FullscreenChange> sList;
+};
+
+/* static */
+LinkedList<FullscreenChange> PendingFullscreenChangeList::sList;
+
+Document* Document::GetFullscreenRoot() {
+ nsCOMPtr<Document> root = do_QueryReferent(mFullscreenRoot);
+ return root;
+}
+
+size_t Document::CountFullscreenElements() const {
+ size_t count = 0;
+ for (const nsWeakPtr& ptr : mTopLayer) {
+ if (nsCOMPtr<Element> elem = do_QueryReferent(ptr)) {
+ if (elem->State().HasState(NS_EVENT_STATE_FULLSCREEN)) {
+ count++;
+ }
+ }
+ }
+ return count;
+}
+
+void Document::SetFullscreenRoot(Document* aRoot) {
+ mFullscreenRoot = do_GetWeakReference(aRoot);
+}
+
+void Document::TryCancelDialog() {
+ // Check if the document is blocked by modal dialog
+ for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) {
+ nsCOMPtr<Element> element(do_QueryReferent(weakPtr));
+ if (HTMLDialogElement* dialog =
+ HTMLDialogElement::FromNodeOrNull(element)) {
+ dialog->QueueCancelDialog();
+ break;
+ }
+ }
+}
+
+already_AddRefed<Promise> Document::ExitFullscreen(ErrorResult& aRv) {
+ UniquePtr<FullscreenExit> exit = FullscreenExit::Create(this, aRv);
+ RefPtr<Promise> promise = exit->GetPromise();
+ RestorePreviousFullscreenState(std::move(exit));
+ return promise.forget();
+}
+
+static void AskWindowToExitFullscreen(Document* aDoc) {
+ if (XRE_GetProcessType() == GeckoProcessType_Content) {
+ nsContentUtils::DispatchEventOnlyToChrome(
+ aDoc, ToSupports(aDoc), u"MozDOMFullscreen:Exit"_ns, CanBubble::eYes,
+ Cancelable::eNo, /* DefaultAction */ nullptr);
+ } else {
+ if (nsPIDOMWindowOuter* win = aDoc->GetWindow()) {
+ win->SetFullscreenInternal(FullscreenReason::ForFullscreenAPI, false);
+ }
+ }
+}
+
+class nsCallExitFullscreen : public Runnable {
+ public:
+ explicit nsCallExitFullscreen(Document* aDoc)
+ : mozilla::Runnable("nsCallExitFullscreen"), mDoc(aDoc) {}
+
+ NS_IMETHOD Run() final {
+ if (!mDoc) {
+ FullscreenRoots::ForEach(&AskWindowToExitFullscreen);
+ } else {
+ AskWindowToExitFullscreen(mDoc);
+ }
+ return NS_OK;
+ }
+
+ private:
+ nsCOMPtr<Document> mDoc;
+};
+
+/* static */
+void Document::AsyncExitFullscreen(Document* aDoc) {
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIRunnable> exit = new nsCallExitFullscreen(aDoc);
+ if (aDoc) {
+ aDoc->Dispatch(TaskCategory::Other, exit.forget());
+ } else {
+ NS_DispatchToCurrentThread(exit.forget());
+ }
+}
+
+static uint32_t CountFullscreenSubDocuments(Document& aDoc) {
+ uint32_t count = 0;
+ // FIXME(emilio): Should this be recursive and dig into our nested subdocs?
+ auto subDoc = [&count](Document& aSubDoc) {
+ if (aSubDoc.GetUnretargetedFullScreenElement()) {
+ count++;
+ }
+ return CallState::Continue;
+ };
+ aDoc.EnumerateSubDocuments(subDoc);
+ return count;
+}
+
+bool Document::IsFullscreenLeaf() {
+ // A fullscreen leaf document is fullscreen, and has no fullscreen
+ // subdocuments.
+ if (!GetUnretargetedFullScreenElement()) {
+ return false;
+ }
+ return CountFullscreenSubDocuments(*this) == 0;
+}
+
+static Document* GetFullscreenLeaf(Document& aDoc) {
+ if (aDoc.IsFullscreenLeaf()) {
+ return &aDoc;
+ }
+ if (!aDoc.GetUnretargetedFullScreenElement()) {
+ return nullptr;
+ }
+ Document* leaf = nullptr;
+ auto recurse = [&leaf](Document& aSubDoc) {
+ leaf = GetFullscreenLeaf(aSubDoc);
+ return leaf ? CallState::Stop : CallState::Continue;
+ };
+ aDoc.EnumerateSubDocuments(recurse);
+ return leaf;
+}
+
+static Document* GetFullscreenLeaf(Document* aDoc) {
+ if (Document* leaf = GetFullscreenLeaf(*aDoc)) {
+ return leaf;
+ }
+ // Otherwise we could be either in a non-fullscreen doc tree, or we're
+ // below the fullscreen doc. Start the search from the root.
+ Document* root = nsContentUtils::GetRootDocument(aDoc);
+ return GetFullscreenLeaf(*root);
+}
+
+static CallState ResetFullscreen(Document& aDocument) {
+ if (Element* fsElement = aDocument.GetUnretargetedFullScreenElement()) {
+ NS_ASSERTION(CountFullscreenSubDocuments(aDocument) <= 1,
+ "Should have at most 1 fullscreen subdocument.");
+ aDocument.CleanupFullscreenState();
+ NS_ASSERTION(!aDocument.GetUnretargetedFullScreenElement(),
+ "Should reset fullscreen");
+ DispatchFullscreenChange(aDocument, fsElement);
+ aDocument.EnumerateSubDocuments(ResetFullscreen);
+ }
+ return CallState::Continue;
+}
+
+// Since Document::ExitFullscreenInDocTree() could be called from
+// Element::UnbindFromTree() where it is not safe to synchronously run
+// script. This runnable is the script part of that function.
+class ExitFullscreenScriptRunnable : public Runnable {
+ public:
+ explicit ExitFullscreenScriptRunnable(Document* aRoot, Document* aLeaf)
+ : mozilla::Runnable("ExitFullscreenScriptRunnable"),
+ mRoot(aRoot),
+ mLeaf(aLeaf) {}
+
+ NS_IMETHOD Run() override {
+ // Dispatch MozDOMFullscreen:Exited to the original fullscreen leaf
+ // document since we want this event to follow the same path that
+ // MozDOMFullscreen:Entered was dispatched.
+ nsContentUtils::DispatchEventOnlyToChrome(
+ mLeaf, ToSupports(mLeaf), u"MozDOMFullscreen:Exited"_ns,
+ CanBubble::eYes, Cancelable::eNo, /* DefaultAction */ nullptr);
+ // Ensure the window exits fullscreen.
+ if (nsPIDOMWindowOuter* win = mRoot->GetWindow()) {
+ win->SetFullscreenInternal(FullscreenReason::ForForceExitFullscreen,
+ false);
+ }
+ return NS_OK;
+ }
+
+ private:
+ nsCOMPtr<Document> mRoot;
+ nsCOMPtr<Document> mLeaf;
+};
+
+/* static */
+void Document::ExitFullscreenInDocTree(Document* aMaybeNotARootDoc) {
+ MOZ_ASSERT(aMaybeNotARootDoc);
+
+ // Unlock the pointer
+ UnlockPointer();
+
+ // Resolve all promises which waiting for exit fullscreen.
+ PendingFullscreenChangeList::Iterator<FullscreenExit> iter(
+ aMaybeNotARootDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot);
+ while (!iter.AtEnd()) {
+ UniquePtr<FullscreenExit> exit = iter.TakeAndNext();
+ exit->MayResolvePromise();
+ }
+
+ nsCOMPtr<Document> root = aMaybeNotARootDoc->GetFullscreenRoot();
+ if (!root || !root->GetUnretargetedFullScreenElement()) {
+ // If a document was detached before exiting from fullscreen, it is
+ // possible that the root had left fullscreen state. In this case,
+ // we would not get anything from the ResetFullscreen() call. Root's
+ // not being a fullscreen doc also means the widget should have
+ // exited fullscreen state. It means even if we do not return here,
+ // we would actually do nothing below except crashing ourselves via
+ // dispatching the "MozDOMFullscreen:Exited" event to an nonexistent
+ // document.
+ return;
+ }
+
+ // Record the fullscreen leaf document for MozDOMFullscreen:Exited.
+ // See ExitFullscreenScriptRunnable::Run for details. We have to
+ // record it here because we don't have such information after we
+ // reset the fullscreen state below.
+ Document* fullscreenLeaf = GetFullscreenLeaf(root);
+
+ // Walk the tree of fullscreen documents, and reset their fullscreen state.
+ ResetFullscreen(*root);
+
+ NS_ASSERTION(!root->GetUnretargetedFullScreenElement(),
+ "Fullscreen root should no longer be a fullscreen doc...");
+
+ // Move the top-level window out of fullscreen mode.
+ FullscreenRoots::Remove(root);
+
+ nsContentUtils::AddScriptRunner(
+ new ExitFullscreenScriptRunnable(root, fullscreenLeaf));
+}
+
+static void DispatchFullscreenNewOriginEvent(Document* aDoc) {
+ RefPtr<AsyncEventDispatcher> asyncDispatcher =
+ new AsyncEventDispatcher(aDoc, u"MozDOMFullscreen:NewOrigin"_ns,
+ CanBubble::eYes, ChromeOnlyDispatch::eYes);
+ asyncDispatcher->PostDOMEvent();
+}
+
+void Document::RestorePreviousFullscreenState(UniquePtr<FullscreenExit> aExit) {
+ NS_ASSERTION(
+ !GetUnretargetedFullScreenElement() || !FullscreenRoots::IsEmpty(),
+ "Should have at least 1 fullscreen root when fullscreen!");
+
+ if (!GetWindow()) {
+ aExit->MayRejectPromise("No active window");
+ return;
+ }
+ if (!GetUnretargetedFullScreenElement() || FullscreenRoots::IsEmpty()) {
+ aExit->MayRejectPromise("Not in fullscreen mode");
+ return;
+ }
+
+ nsCOMPtr<Document> fullScreenDoc = GetFullscreenLeaf(this);
+ AutoTArray<Element*, 8> exitElements;
+
+ Document* doc = fullScreenDoc;
+ // Collect all subdocuments.
+ for (; doc != this; doc = doc->GetInProcessParentDocument()) {
+ Element* fsElement = doc->GetUnretargetedFullScreenElement();
+ MOZ_ASSERT(fsElement,
+ "Parent document of "
+ "a fullscreen document without fullscreen element?");
+ exitElements.AppendElement(fsElement);
+ }
+ MOZ_ASSERT(doc == this, "Must have reached this doc");
+ // Collect all ancestor documents which we are going to change.
+ for (; doc; doc = doc->GetInProcessParentDocument()) {
+ Element* fsElement = doc->GetUnretargetedFullScreenElement();
+ MOZ_ASSERT(fsElement,
+ "Ancestor of fullscreen document must also be in fullscreen");
+ if (doc != this) {
+ if (auto* iframe = HTMLIFrameElement::FromNode(fsElement)) {
+ if (iframe->FullscreenFlag()) {
+ // If this is an iframe, and it explicitly requested
+ // fullscreen, don't rollback it automatically.
+ break;
+ }
+ }
+ }
+ exitElements.AppendElement(fsElement);
+ if (doc->CountFullscreenElements() > 1) {
+ break;
+ }
+ }
+
+ Document* lastDoc = exitElements.LastElement()->OwnerDoc();
+ size_t fullscreenCount = lastDoc->CountFullscreenElements();
+ if (!lastDoc->GetInProcessParentDocument() && fullscreenCount == 1) {
+ // If we are fully exiting fullscreen, don't touch anything here,
+ // just wait for the window to get out from fullscreen first.
+ PendingFullscreenChangeList::Add(std::move(aExit));
+ AskWindowToExitFullscreen(this);
+ return;
+ }
+
+ // If fullscreen mode is updated the pointer should be unlocked
+ UnlockPointer();
+ // All documents listed in the array except the last one are going to
+ // completely exit from the fullscreen state.
+ for (auto i : IntegerRange(exitElements.Length() - 1)) {
+ exitElements[i]->OwnerDoc()->CleanupFullscreenState();
+ }
+ // The last document will either rollback one fullscreen element, or
+ // completely exit from the fullscreen state as well.
+ Document* newFullscreenDoc;
+ if (fullscreenCount > 1) {
+ lastDoc->UnsetFullscreenElement();
+ newFullscreenDoc = lastDoc;
+ } else {
+ lastDoc->CleanupFullscreenState();
+ newFullscreenDoc = lastDoc->GetInProcessParentDocument();
+ }
+ // Dispatch the fullscreenchange event to all document listed. Note
+ // that the loop order is reversed so that events are dispatched in
+ // the tree order as indicated in the spec.
+ for (Element* e : Reversed(exitElements)) {
+ DispatchFullscreenChange(*e->OwnerDoc(), e);
+ }
+ aExit->MayResolvePromise();
+
+ MOZ_ASSERT(newFullscreenDoc,
+ "If we were going to exit from fullscreen on "
+ "all documents in this doctree, we should've asked the window to "
+ "exit first instead of reaching here.");
+ if (fullScreenDoc != newFullscreenDoc &&
+ !nsContentUtils::HaveEqualPrincipals(fullScreenDoc, newFullscreenDoc)) {
+ // We've popped so enough off the stack that we've rolled back to
+ // a fullscreen element in a parent document. If this document is
+ // cross origin, dispatch an event to chrome so it knows to show
+ // the warning UI.
+ DispatchFullscreenNewOriginEvent(newFullscreenDoc);
+ }
+}
+
+class nsCallRequestFullscreen : public Runnable {
+ public:
+ explicit nsCallRequestFullscreen(UniquePtr<FullscreenRequest> aRequest)
+ : mozilla::Runnable("nsCallRequestFullscreen"),
+ mRequest(std::move(aRequest)) {}
+
+ NS_IMETHOD Run() override {
+ Document* doc = mRequest->Document();
+ doc->RequestFullscreen(std::move(mRequest));
+ return NS_OK;
+ }
+
+ UniquePtr<FullscreenRequest> mRequest;
+};
+
+void Document::AsyncRequestFullscreen(UniquePtr<FullscreenRequest> aRequest) {
+ // Request fullscreen asynchronously.
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIRunnable> event =
+ new nsCallRequestFullscreen(std::move(aRequest));
+ Dispatch(TaskCategory::Other, event.forget());
+}
+
+static void UpdateViewportScrollbarOverrideForFullscreen(Document* aDoc) {
+ if (nsPresContext* presContext = aDoc->GetPresContext()) {
+ presContext->UpdateViewportScrollStylesOverride();
+ }
+}
+
+static void NotifyFullScreenChangedForMediaElement(Element* aElement,
+ bool aIsInFullScreen) {
+ // When a media element enters the fullscreen, we would like to notify that
+ // to the media controller in order to update its status.
+ if (!aElement->IsAnyOfHTMLElements(nsGkAtoms::audio, nsGkAtoms::video)) {
+ return;
+ }
+ HTMLMediaElement* mediaElem = HTMLMediaElement::FromNodeOrNull(aElement);
+ mediaElem->NotifyFullScreenChanged();
+}
+
+static void ClearFullscreenStateOnElement(Element* aElement) {
+ // Remove styles from existing top element.
+ EventStateManager::SetFullscreenState(aElement, false);
+ NotifyFullScreenChangedForMediaElement(aElement, false);
+ // Reset iframe fullscreen flag.
+ if (aElement->IsHTMLElement(nsGkAtoms::iframe)) {
+ static_cast<HTMLIFrameElement*>(aElement)->SetFullscreenFlag(false);
+ }
+}
+
+void Document::CleanupFullscreenState() {
+ // Iterate the top layer and clear the fullscreen states.
+ // Since we also need to clear the fullscreen-ancestor state, and
+ // currently fullscreen elements can only be placed in hierarchy
+ // order in the stack, reversely iterating the stack could be more
+ // efficient. NOTE that fullscreen-ancestor state would be removed
+ // in bug 1199529, and the elements may not in hierarchy order
+ // after bug 1195213.
+ mTopLayer.RemoveElementsBy([&](const nsWeakPtr& weakPtr) {
+ nsCOMPtr<Element> element(do_QueryReferent(weakPtr));
+ if (!element || !element->IsInComposedDoc() ||
+ element->OwnerDoc() != this) {
+ return true;
+ }
+
+ if (element->State().HasState(NS_EVENT_STATE_FULLSCREEN)) {
+ ClearFullscreenStateOnElement(element);
+ return true;
+ }
+ return false;
+ });
+
+ mFullscreenRoot = nullptr;
+
+ // Restore the zoom level that was in place prior to entering fullscreen.
+ if (PresShell* presShell = GetPresShell()) {
+ if (presShell->GetMobileViewportManager()) {
+ presShell->SetResolutionAndScaleTo(
+ mSavedResolution, ResolutionChangeOrigin::MainThreadRestore);
+ }
+ }
+
+ UpdateViewportScrollbarOverrideForFullscreen(this);
+}
+
+void Document::UnsetFullscreenElement() {
+ Element* removedElement = TopLayerPop([](Element* element) -> bool {
+ return element->State().HasState(NS_EVENT_STATE_FULLSCREEN);
+ });
+
+ MOZ_ASSERT(removedElement->State().HasState(NS_EVENT_STATE_FULLSCREEN));
+ ClearFullscreenStateOnElement(removedElement);
+ UpdateViewportScrollbarOverrideForFullscreen(this);
+}
+
+void Document::SetFullscreenElement(Element* aElement) {
+ TopLayerPush(aElement);
+ EventStateManager::SetFullscreenState(aElement, true);
+ NotifyFullScreenChangedForMediaElement(aElement, true);
+ UpdateViewportScrollbarOverrideForFullscreen(this);
+}
+
+void Document::TopLayerPush(Element* aElement) {
+ NS_ASSERTION(aElement, "Must pass non-null to TopLayerPush()");
+ auto predictFunc = [&aElement](Element* element) {
+ return element == aElement;
+ };
+ TopLayerPop(predictFunc);
+
+ mTopLayer.AppendElement(do_GetWeakReference(aElement));
+ NS_ASSERTION(GetTopLayerTop() == aElement, "Should match");
+}
+
+void Document::SetBlockedByModalDialog(HTMLDialogElement& aDialogElement) {
+ Element* root = GetRootElement();
+ MOZ_RELEASE_ASSERT(root, "dialog in document without root?");
+
+ // Add inert to the root element so that the inertness is
+ // applied to the entire document. Since the modal dialog
+ // also inherits the inertness, adding
+ // NS_EVENT_STATE_TOPMOST_MODAL_DIALOG to remove the inertness
+ // explicitly.
+ root->AddStates(NS_EVENT_STATE_MOZINERT);
+ aDialogElement.AddStates(NS_EVENT_STATE_TOPMOST_MODAL_DIALOG);
+
+ // It's possible that there's another modal dialog has opened
+ // previously which doesn't have the inertness (because we've
+ // removed the inertness explicitly). Since a
+ // new modal dialog is opened, we need to grant the inertness
+ // to the previous one.
+ for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) {
+ nsCOMPtr<Element> element(do_QueryReferent(weakPtr));
+ if (auto* dialog = HTMLDialogElement::FromNodeOrNull(element)) {
+ if (dialog != &aDialogElement) {
+ dialog->RemoveStates(NS_EVENT_STATE_TOPMOST_MODAL_DIALOG);
+ // It's ok to exit the loop as only one modal dialog should
+ // have the state
+ break;
+ }
+ }
+ }
+}
+
+void Document::UnsetBlockedByModalDialog(HTMLDialogElement& aDialogElement) {
+ aDialogElement.RemoveStates(NS_EVENT_STATE_TOPMOST_MODAL_DIALOG);
+
+ // The document could still be blocked by another modal dialog.
+ // We need to remove the inertness from this modal dialog.
+ for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) {
+ nsCOMPtr<Element> element(do_QueryReferent(weakPtr));
+ if (auto* dialog = HTMLDialogElement::FromNodeOrNull(element)) {
+ if (dialog != &aDialogElement) {
+ dialog->AddStates(NS_EVENT_STATE_TOPMOST_MODAL_DIALOG);
+ // Return here because we want to keep the inertness for the
+ // root element as the document is still blocked by a modal
+ // dialog
+ return;
+ }
+ }
+ }
+
+ Element* root = GetRootElement();
+ if (root && !root->GetBoolAttr(nsGkAtoms::inert)) {
+ root->RemoveStates(NS_EVENT_STATE_MOZINERT);
+ }
+}
+
+Element* Document::TopLayerPop(FunctionRef<bool(Element*)> aPredicateFunc) {
+ if (mTopLayer.IsEmpty()) {
+ return nullptr;
+ }
+
+ // Remove the topmost element that qualifies aPredicate; This
+ // is required is because the top layer contains not only
+ // fullscreen elements, but also dialog elements.
+ Element* removedElement = nullptr;
+ for (auto i : Reversed(IntegerRange(mTopLayer.Length()))) {
+ nsCOMPtr<Element> element(do_QueryReferent(mTopLayer[i]));
+ if (element && aPredicateFunc(element)) {
+ removedElement = element;
+ mTopLayer.RemoveElementAt(i);
+ break;
+ }
+ }
+
+ // Pop from the stack null elements (references to elements which have
+ // been GC'd since they were added to the stack) and elements which are
+ // no longer in this document.
+ //
+ // FIXME(emilio): If this loop does something, it'd violate the assertions
+ // from GetTopLayerTop()... What gives?
+ while (!mTopLayer.IsEmpty()) {
+ Element* element = GetTopLayerTop();
+ if (!element || element->GetComposedDoc() != this) {
+ mTopLayer.RemoveLastElement();
+ } else {
+ // The top element of the stack is now an in-doc element. Return here.
+ break;
+ }
+ }
+
+ return removedElement;
+}
+
+Element* Document::GetTopLayerTop() {
+ if (mTopLayer.IsEmpty()) {
+ return nullptr;
+ }
+ uint32_t last = mTopLayer.Length() - 1;
+ nsCOMPtr<Element> element(do_QueryReferent(mTopLayer[last]));
+ NS_ASSERTION(element, "Should have a top layer element!");
+ NS_ASSERTION(element->IsInComposedDoc(),
+ "Top layer element should be in doc");
+ NS_ASSERTION(element->OwnerDoc() == this,
+ "Top layer element should be in this doc");
+ return element;
+}
+
+Element* Document::GetUnretargetedFullScreenElement() {
+ for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) {
+ nsCOMPtr<Element> element(do_QueryReferent(weakPtr));
+ // Per spec, the fullscreen element is the topmost element in the document’s
+ // top layer whose fullscreen flag is set, if any, and null otherwise.
+ if (element && element->State().HasState(NS_EVENT_STATE_FULLSCREEN)) {
+ return element;
+ }
+ }
+ return nullptr;
+}
+
+nsTArray<Element*> Document::GetTopLayer() const {
+ nsTArray<Element*> elements;
+ for (const nsWeakPtr& ptr : mTopLayer) {
+ if (nsCOMPtr<Element> elem = do_QueryReferent(ptr)) {
+ elements.AppendElement(elem);
+ }
+ }
+ return elements;
+}
+
+// Returns true if aDoc is in the focused tab in the active window.
+bool IsInActiveTab(Document* aDoc) {
+ BrowsingContext* bc = aDoc->GetBrowsingContext();
+ if (!bc) {
+ return false;
+ }
+
+ if (!bc->IsActive()) {
+ return false;
+ }
+
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (!fm) {
+ return false;
+ }
+
+ if (XRE_IsParentProcess()) {
+ // Keep dom/tests/mochitest/chrome/test_MozDomFullscreen_event.xhtml happy
+ // by retaining the old code path for the parent process.
+ nsIDocShell* docshell = aDoc->GetDocShell();
+ if (!docshell) {
+ return false;
+ }
+ nsCOMPtr<nsIDocShellTreeItem> rootItem;
+ docshell->GetInProcessRootTreeItem(getter_AddRefs(rootItem));
+ if (!rootItem) {
+ return false;
+ }
+ nsCOMPtr<nsPIDOMWindowOuter> rootWin = rootItem->GetWindow();
+ if (!rootWin) {
+ return false;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> activeWindow;
+ activeWindow = fm->GetActiveWindow();
+ if (!activeWindow) {
+ return false;
+ }
+
+ return activeWindow == rootWin;
+ }
+
+ return fm->GetActiveBrowsingContext() == bc->Top();
+}
+
+void Document::RemoteFrameFullscreenChanged(Element* aFrameElement) {
+ // Ensure the frame element is the fullscreen element in this document.
+ // If the frame element is already the fullscreen element in this document,
+ // this has no effect.
+ auto request = FullscreenRequest::CreateForRemote(aFrameElement);
+ RequestFullscreen(std::move(request), XRE_IsContentProcess());
+}
+
+void Document::RemoteFrameFullscreenReverted() {
+ UniquePtr<FullscreenExit> exit = FullscreenExit::CreateForRemote(this);
+ RestorePreviousFullscreenState(std::move(exit));
+}
+
+static bool HasFullscreenSubDocument(Document& aDoc) {
+ uint32_t count = CountFullscreenSubDocuments(aDoc);
+ NS_ASSERTION(count <= 1,
+ "Fullscreen docs should have at most 1 fullscreen child!");
+ return count >= 1;
+}
+
+// Returns nullptr if a request for Fullscreen API is currently enabled
+// in the given document. Returns a static string indicates the reason
+// why it is not enabled otherwise.
+const char* Document::GetFullscreenError(CallerType aCallerType) {
+ if (!StaticPrefs::full_screen_api_enabled()) {
+ return "FullscreenDeniedDisabled";
+ }
+
+ if (aCallerType == CallerType::System) {
+ // Chrome code can always use the fullscreen API, provided it's not
+ // explicitly disabled.
+ return nullptr;
+ }
+
+ if (!IsVisible()) {
+ return "FullscreenDeniedHidden";
+ }
+
+ if (!FeaturePolicyUtils::IsFeatureAllowed(this, u"fullscreen"_ns)) {
+ return "FullscreenDeniedFeaturePolicy";
+ }
+
+ // Ensure that all containing elements are <iframe> and have allowfullscreen
+ // attribute set.
+ BrowsingContext* bc = GetBrowsingContext();
+ if (!bc || !bc->FullscreenAllowed()) {
+ return "FullscreenDeniedContainerNotAllowed";
+ }
+
+ return nullptr;
+}
+
+bool Document::FullscreenElementReadyCheck(FullscreenRequest& aRequest) {
+ Element* elem = aRequest.Element();
+ // Strictly speaking, this isn't part of the fullscreen element ready
+ // check in the spec, but per steps in the spec, when an element which
+ // is already the fullscreen element requests fullscreen, nothing
+ // should change and no event should be dispatched, but we still need
+ // to resolve the returned promise.
+ Element* fullscreenElement = GetUnretargetedFullScreenElement();
+ if (elem == fullscreenElement) {
+ aRequest.MayResolvePromise();
+ return false;
+ }
+ if (!elem->IsInComposedDoc()) {
+ aRequest.Reject("FullscreenDeniedNotInDocument");
+ return false;
+ }
+ if (elem->OwnerDoc() != this) {
+ aRequest.Reject("FullscreenDeniedMovedDocument");
+ return false;
+ }
+ if (!GetWindow()) {
+ aRequest.Reject("FullscreenDeniedLostWindow");
+ return false;
+ }
+ if (const char* msg = GetFullscreenError(aRequest.mCallerType)) {
+ aRequest.Reject(msg);
+ return false;
+ }
+ if (HasFullscreenSubDocument(*this)) {
+ aRequest.Reject("FullscreenDeniedSubDocFullScreen");
+ return false;
+ }
+ if (elem->IsHTMLElement(nsGkAtoms::dialog)) {
+ aRequest.Reject("FullscreenDeniedHTMLDialog");
+ return false;
+ }
+ // XXXsmaug Note, we don't follow the latest fullscreen spec here.
+ // This whole check could be probably removed.
+ if (fullscreenElement && !nsContentUtils::ContentIsHostIncludingDescendantOf(
+ elem, fullscreenElement)) {
+ // If this document is fullscreen, only grant fullscreen requests from
+ // a descendant of the current fullscreen element.
+ aRequest.Reject("FullscreenDeniedNotDescendant");
+ return false;
+ }
+ if (!nsContentUtils::IsChromeDoc(this) && !IsInActiveTab(this)) {
+ aRequest.Reject("FullscreenDeniedNotFocusedTab");
+ return false;
+ }
+ // Deny requests when a windowed plugin is focused.
+ nsFocusManager* fm = nsFocusManager::GetFocusManager();
+ if (!fm) {
+ NS_WARNING("Failed to retrieve focus manager in fullscreen request.");
+ aRequest.MayRejectPromise("An unexpected error occurred");
+ return false;
+ }
+ if (nsContentUtils::HasPluginWithUncontrolledEventDispatch(
+ fm->GetFocusedElement())) {
+ aRequest.Reject("FullscreenDeniedFocusedPlugin");
+ return false;
+ }
+ return true;
+}
+
+static nsCOMPtr<nsPIDOMWindowOuter> GetRootWindow(Document* aDoc) {
+ MOZ_ASSERT(XRE_IsParentProcess());
+ nsIDocShell* docShell = aDoc->GetDocShell();
+ if (!docShell) {
+ return nullptr;
+ }
+ nsCOMPtr<nsIDocShellTreeItem> rootItem;
+ docShell->GetInProcessRootTreeItem(getter_AddRefs(rootItem));
+ return rootItem ? rootItem->GetWindow() : nullptr;
+}
+
+static bool ShouldApplyFullscreenDirectly(Document* aDoc,
+ nsPIDOMWindowOuter* aRootWin) {
+ MOZ_ASSERT(XRE_IsParentProcess());
+ // If we are in the chrome process, and the window has not been in
+ // fullscreen, we certainly need to make that fullscreen first.
+ if (!aRootWin->GetFullScreen()) {
+ return false;
+ }
+ // The iterator not being at end indicates there is still some
+ // pending fullscreen request relates to this document. We have to
+ // push the request to the pending queue so requests are handled
+ // in the correct order.
+ PendingFullscreenChangeList::Iterator<FullscreenRequest> iter(
+ aDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot);
+ if (!iter.AtEnd()) {
+ return false;
+ }
+ // We have to apply the fullscreen state directly in this case,
+ // because nsGlobalWindow::SetFullscreenInternal() will do nothing
+ // if it is already in fullscreen. If we do not apply the state but
+ // instead add it to the queue and wait for the window as normal,
+ // we would get stuck.
+ return true;
+}
+
+static bool CheckFullscreenAllowedElementType(const Element* elem) {
+ // Per spec only HTML, <svg>, and <math> should be allowed, but
+ // we also need to allow XUL elements right now.
+ return elem->IsHTMLElement() || elem->IsXULElement() ||
+ elem->IsSVGElement(nsGkAtoms::svg) ||
+ elem->IsMathMLElement(nsGkAtoms::math);
+}
+
+void Document::RequestFullscreen(UniquePtr<FullscreenRequest> aRequest,
+ bool applyFullScreenDirectly) {
+ if (XRE_IsContentProcess()) {
+ RequestFullscreenInContentProcess(std::move(aRequest),
+ applyFullScreenDirectly);
+ } else {
+ RequestFullscreenInParentProcess(std::move(aRequest),
+ applyFullScreenDirectly);
+ }
+}
+
+void Document::RequestFullscreenInContentProcess(
+ UniquePtr<FullscreenRequest> aRequest, bool applyFullScreenDirectly) {
+ MOZ_ASSERT(XRE_IsContentProcess());
+
+ // If we are in the content process, we can apply the fullscreen
+ // state directly only if we have been in DOM fullscreen, because
+ // otherwise we always need to notify the chrome.
+ if (applyFullScreenDirectly || !!nsContentUtils::GetRootDocument(this)
+ ->GetUnretargetedFullScreenElement()) {
+ ApplyFullscreen(std::move(aRequest));
+ return;
+ }
+
+ if (!CheckFullscreenAllowedElementType(aRequest->Element())) {
+ aRequest->Reject("FullscreenDeniedNotHTMLSVGOrMathML");
+ return;
+ }
+
+ // We don't need to check element ready before this point, because
+ // if we called ApplyFullscreen, it would check that for us.
+ if (!FullscreenElementReadyCheck(*aRequest)) {
+ return;
+ }
+
+ PendingFullscreenChangeList::Add(std::move(aRequest));
+ // If we are not the top level process, dispatch an event to make
+ // our parent process go fullscreen first.
+ nsContentUtils::DispatchEventOnlyToChrome(
+ this, ToSupports(this), u"MozDOMFullscreen:Request"_ns, CanBubble::eYes,
+ Cancelable::eNo, /* DefaultAction */ nullptr);
+}
+
+void Document::RequestFullscreenInParentProcess(
+ UniquePtr<FullscreenRequest> aRequest, bool applyFullScreenDirectly) {
+ MOZ_ASSERT(XRE_IsParentProcess());
+ nsCOMPtr<nsPIDOMWindowOuter> rootWin = GetRootWindow(this);
+ if (!rootWin) {
+ aRequest->MayRejectPromise("No active window");
+ return;
+ }
+
+ if (applyFullScreenDirectly || ShouldApplyFullscreenDirectly(this, rootWin)) {
+ ApplyFullscreen(std::move(aRequest));
+ return;
+ }
+
+ if (!CheckFullscreenAllowedElementType(aRequest->Element())) {
+ aRequest->Reject("FullscreenDeniedNotHTMLSVGOrMathML");
+ return;
+ }
+
+ // We don't need to check element ready before this point, because
+ // if we called ApplyFullscreen, it would check that for us.
+ if (!FullscreenElementReadyCheck(*aRequest)) {
+ return;
+ }
+
+ PendingFullscreenChangeList::Add(std::move(aRequest));
+ // Make the window fullscreen.
+ rootWin->SetFullscreenInternal(FullscreenReason::ForFullscreenAPI, true);
+}
+
+/* static */
+bool Document::HandlePendingFullscreenRequests(Document* aDoc) {
+ bool handled = false;
+ PendingFullscreenChangeList::Iterator<FullscreenRequest> iter(
+ aDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot);
+ while (!iter.AtEnd()) {
+ UniquePtr<FullscreenRequest> request = iter.TakeAndNext();
+ Document* doc = request->Document();
+ if (doc->ApplyFullscreen(std::move(request))) {
+ handled = true;
+ }
+ }
+ return handled;
+}
+
+static void ClearPendingFullscreenRequests(Document* aDoc) {
+ PendingFullscreenChangeList::Iterator<FullscreenRequest> iter(
+ aDoc, PendingFullscreenChangeList::eInclusiveDescendants);
+ while (!iter.AtEnd()) {
+ UniquePtr<FullscreenRequest> request = iter.TakeAndNext();
+ request->MayRejectPromise("Fullscreen request aborted");
+ }
+}
+
+bool Document::ApplyFullscreen(UniquePtr<FullscreenRequest> aRequest) {
+ if (!FullscreenElementReadyCheck(*aRequest)) {
+ return false;
+ }
+
+ // Stash a reference to any existing fullscreen doc, we'll use this later
+ // to detect if the origin which is fullscreen has changed.
+ nsCOMPtr<Document> previousFullscreenDoc = GetFullscreenLeaf(this);
+
+ // Stores a list of documents which we must dispatch "fullscreenchange"
+ // too. We're required by the spec to dispatch the events in root-to-leaf
+ // order, but we traverse the doctree in a leaf-to-root order, so we save
+ // references to the documents we must dispatch to so that we get the order
+ // as specified.
+ AutoTArray<Document*, 8> changed;
+
+ // Remember the root document, so that if a fullscreen document is hidden
+ // we can reset fullscreen state in the remaining visible fullscreen
+ // documents.
+ Document* fullScreenRootDoc = nsContentUtils::GetRootDocument(this);
+
+ // If a document is already in fullscreen, then unlock the mouse pointer
+ // before setting a new document to fullscreen
+ UnlockPointer();
+
+ // Set the fullscreen element. This sets the fullscreen style on the
+ // element, and the fullscreen-ancestor styles on ancestors of the element
+ // in this document.
+ Element* elem = aRequest->Element();
+ SetFullscreenElement(elem);
+ // Set the iframe fullscreen flag.
+ if (auto* iframe = HTMLIFrameElement::FromNode(elem)) {
+ iframe->SetFullscreenFlag(true);
+ }
+ changed.AppendElement(this);
+
+ // Propagate up the document hierarchy, setting the fullscreen element as
+ // the element's container in ancestor documents. This also sets the
+ // appropriate css styles as well. Note we don't propagate down the
+ // document hierarchy, the fullscreen element (or its container) is not
+ // visible there. Stop when we reach the root document.
+ Document* child = this;
+ while (true) {
+ child->SetFullscreenRoot(fullScreenRootDoc);
+
+ // When entering fullscreen, reset the RCD's resolution to the intrinsic
+ // resolution, otherwise the fullscreen content could be sized larger than
+ // the screen (since fullscreen is implemented using position:fixed and
+ // fixed elements are sized to the layout viewport).
+ // This also ensures that things like video controls aren't zoomed in
+ // when in fullscreen mode.
+ if (PresShell* presShell = child->GetPresShell()) {
+ if (RefPtr<MobileViewportManager> manager =
+ presShell->GetMobileViewportManager()) {
+ // Save the previous resolution so it can be restored.
+ child->mSavedResolution = presShell->GetResolution();
+ presShell->SetResolutionAndScaleTo(
+ manager->ComputeIntrinsicResolution(),
+ ResolutionChangeOrigin::MainThreadRestore);
+ }
+ }
+
+ NS_ASSERTION(child->GetFullscreenRoot() == fullScreenRootDoc,
+ "Fullscreen root should be set!");
+ if (child == fullScreenRootDoc) {
+ break;
+ }
+ Document* parent = child->GetInProcessParentDocument();
+ Element* element = parent->FindContentForSubDocument(child);
+ if (!element) {
+ // We've reached the root.No more changes need to be made
+ // to the top layer stacks of documents further up the tree.
+ break;
+ }
+ parent->SetFullscreenElement(element);
+ changed.AppendElement(parent);
+ child = parent;
+ }
+
+ FullscreenRoots::Add(this);
+
+ // If it is the first entry of the fullscreen, trigger an event so
+ // that the UI can response to this change, e.g. hide chrome, or
+ // notifying parent process to enter fullscreen. Note that chrome
+ // code may also want to listen to MozDOMFullscreen:NewOrigin event
+ // to pop up warning UI.
+ if (!previousFullscreenDoc) {
+ nsContentUtils::DispatchEventOnlyToChrome(
+ this, ToSupports(elem), u"MozDOMFullscreen:Entered"_ns, CanBubble::eYes,
+ Cancelable::eNo, /* DefaultAction */ nullptr);
+ }
+
+ // The origin which is fullscreen gets changed. Trigger an event so
+ // that the chrome knows to pop up a warning UI. Note that
+ // previousFullscreenDoc == nullptr upon first entry, so we always
+ // take this path on the first entry. Also note that, in a multi-
+ // process browser, the code in content process is responsible for
+ // sending message with the origin to its parent, and the parent
+ // shouldn't rely on this event itself.
+ if (aRequest->mShouldNotifyNewOrigin &&
+ !nsContentUtils::HaveEqualPrincipals(previousFullscreenDoc, this)) {
+ DispatchFullscreenNewOriginEvent(this);
+ }
+
+ // Dispatch "fullscreenchange" events. Note that the loop order is
+ // reversed so that events are dispatched in the tree order as
+ // indicated in the spec.
+ for (Document* d : Reversed(changed)) {
+ DispatchFullscreenChange(*d, d->GetUnretargetedFullScreenElement());
+ }
+ aRequest->MayResolvePromise();
+ return true;
+}
+
+void Document::ClearOrientationPendingPromise() {
+ mOrientationPendingPromise = nullptr;
+}
+
+bool Document::SetOrientationPendingPromise(Promise* aPromise) {
+ if (mIsGoingAway) {
+ return false;
+ }
+
+ mOrientationPendingPromise = aPromise;
+ return true;
+}
+
+static void DispatchPointerLockChange(Document* aTarget) {
+ if (!aTarget) {
+ return;
+ }
+
+ RefPtr<AsyncEventDispatcher> asyncDispatcher =
+ new AsyncEventDispatcher(aTarget, u"pointerlockchange"_ns,
+ CanBubble::eYes, ChromeOnlyDispatch::eNo);
+ asyncDispatcher->PostDOMEvent();
+}
+
+static void DispatchPointerLockError(Document* aTarget, const char* aMessage) {
+ if (!aTarget) {
+ return;
+ }
+
+ RefPtr<AsyncEventDispatcher> asyncDispatcher =
+ new AsyncEventDispatcher(aTarget, u"pointerlockerror"_ns, CanBubble::eYes,
+ ChromeOnlyDispatch::eNo);
+ asyncDispatcher->PostDOMEvent();
+ nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns,
+ aTarget, nsContentUtils::eDOM_PROPERTIES,
+ aMessage);
+}
+
+static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock,
+ bool aNoFocusCheck = false) {
+ // Check if pointer lock pref is enabled
+ if (!StaticPrefs::full_screen_api_pointer_lock_enabled()) {
+ return "PointerLockDeniedDisabled";
+ }
+
+ nsCOMPtr<Document> ownerDoc = aElement->OwnerDoc();
+ if (aCurrentLock && aCurrentLock->OwnerDoc() != ownerDoc) {
+ return "PointerLockDeniedInUse";
+ }
+
+ if (!aElement->IsInComposedDoc()) {
+ return "PointerLockDeniedNotInDocument";
+ }
+
+ if (ownerDoc->GetSandboxFlags() & SANDBOXED_POINTER_LOCK) {
+ return "PointerLockDeniedSandboxed";
+ }
+
+ // Check if the element is in a document with a docshell.
+ if (!ownerDoc->GetContainer()) {
+ return "PointerLockDeniedHidden";
+ }
+ nsCOMPtr<nsPIDOMWindowOuter> ownerWindow = ownerDoc->GetWindow();
+ if (!ownerWindow) {
+ return "PointerLockDeniedHidden";
+ }
+ nsCOMPtr<nsPIDOMWindowInner> ownerInnerWindow = ownerDoc->GetInnerWindow();
+ if (!ownerInnerWindow) {
+ return "PointerLockDeniedHidden";
+ }
+ if (ownerWindow->GetCurrentInnerWindow() != ownerInnerWindow) {
+ return "PointerLockDeniedHidden";
+ }
+
+ BrowsingContext* bc = ownerDoc->GetBrowsingContext();
+ BrowsingContext* topBC = bc ? bc->Top() : nullptr;
+ WindowContext* topWC = ownerDoc->GetTopLevelWindowContext();
+ if (!topBC || !topBC->IsActive() || !topWC ||
+ topWC != topBC->GetCurrentWindowContext()) {
+ return "PointerLockDeniedHidden";
+ }
+
+ if (!aNoFocusCheck) {
+ if (!IsInActiveTab(ownerDoc)) {
+ return "PointerLockDeniedNotFocused";
+ }
+ }
+
+ return nullptr;
+}
+
+static void ChangePointerLockedElement(Element* aElement, Document* aDocument,
+ Element* aPointerLockedElement) {
+ // aDocument here is not really necessary, as it is the uncomposed
+ // document of both aElement and aPointerLockedElement as far as one
+ // is not nullptr, and they wouldn't both be nullptr in any case.
+ // But since the caller of this function should have known what the
+ // document is, we just don't try to figure out what it should be.
+ MOZ_ASSERT(aDocument);
+ MOZ_ASSERT(aElement != aPointerLockedElement);
+ if (aPointerLockedElement) {
+ MOZ_ASSERT(aPointerLockedElement->GetComposedDoc() == aDocument);
+ aPointerLockedElement->ClearPointerLock();
+ }
+ if (aElement) {
+ MOZ_ASSERT(aElement->GetComposedDoc() == aDocument);
+ aElement->SetPointerLock();
+ EventStateManager::sPointerLockedElement = do_GetWeakReference(aElement);
+ EventStateManager::sPointerLockedDoc = do_GetWeakReference(aDocument);
+ NS_ASSERTION(EventStateManager::sPointerLockedElement &&
+ EventStateManager::sPointerLockedDoc,
+ "aElement and this should support weak references!");
+ } else {
+ EventStateManager::sPointerLockedElement = nullptr;
+ EventStateManager::sPointerLockedDoc = nullptr;
+ }
+ // Retarget all events to aElement via capture or
+ // stop retargeting if aElement is nullptr.
+ PresShell::SetCapturingContent(aElement, CaptureFlags::PointerLock);
+ DispatchPointerLockChange(aDocument);
+}
+
+MOZ_CAN_RUN_SCRIPT_BOUNDARY static bool StartSetPointerLock(
+ Element* aElement, Document* aDocument) {
+ if (!aDocument->SetPointerLock(aElement, StyleCursorKind::None)) {
+ DispatchPointerLockError(aDocument, "PointerLockDeniedFailedToLock");
+ return false;
+ }
+
+ ChangePointerLockedElement(aElement, aDocument, nullptr);
+ nsContentUtils::DispatchEventOnlyToChrome(
+ aDocument, ToSupports(aElement), u"MozDOMPointerLock:Entered"_ns,
+ CanBubble::eYes, Cancelable::eNo, /* DefaultAction */ nullptr);
+
+ return true;
+}
+
+class PointerLockRequest final : public Runnable {
+ public:
+ PointerLockRequest(Element* aElement, bool aUserInputOrChromeCaller)
+ : mozilla::Runnable("PointerLockRequest"),
+ mElement(do_GetWeakReference(aElement)),
+ mDocument(do_GetWeakReference(aElement->OwnerDoc())),
+ mUserInputOrChromeCaller(aUserInputOrChromeCaller) {}
+
+ NS_IMETHOD Run() final {
+ nsCOMPtr<Element> element = do_QueryReferent(mElement);
+ nsCOMPtr<Document> document = do_QueryReferent(mDocument);
+
+ const char* error = nullptr;
+ if (!element || !document || !element->GetComposedDoc()) {
+ error = "PointerLockDeniedNotInDocument";
+ } else if (element->GetComposedDoc() != document) {
+ error = "PointerLockDeniedMovedDocument";
+ }
+ if (!error) {
+ nsCOMPtr<Element> pointerLockedElement =
+ do_QueryReferent(EventStateManager::sPointerLockedElement);
+ if (element == pointerLockedElement) {
+ DispatchPointerLockChange(document);
+ return NS_OK;
+ }
+ // Note, we must bypass focus change, so pass true as the last parameter!
+ error = GetPointerLockError(element, pointerLockedElement, true);
+ // Another element in the same document is requesting pointer lock,
+ // just grant it without user input check.
+ if (!error && pointerLockedElement) {
+ ChangePointerLockedElement(element, document, pointerLockedElement);
+ return NS_OK;
+ }
+ }
+ // If it is neither user input initiated, nor requested in fullscreen,
+ // it should be rejected.
+ if (!error && !mUserInputOrChromeCaller &&
+ !document->GetUnretargetedFullScreenElement()) {
+ error = "PointerLockDeniedNotInputDriven";
+ }
+
+ if (error) {
+ DispatchPointerLockError(document, error);
+ return NS_OK;
+ }
+
+ if (BrowserChild* browserChild =
+ BrowserChild::GetFrom(document->GetDocShell())) {
+ nsWeakPtr e = do_GetWeakReference(element);
+ nsWeakPtr doc = do_GetWeakReference(element->OwnerDoc());
+ nsWeakPtr bc = do_GetWeakReference(browserChild);
+ browserChild->SendRequestPointerLock(
+ [e, doc, bc](const nsCString& aError) {
+ nsCOMPtr<Document> document = do_QueryReferent(doc);
+ if (!aError.IsEmpty()) {
+ DispatchPointerLockError(document, aError.get());
+ return;
+ }
+
+ const char* error = nullptr;
+ auto autoCleanup = MakeScopeExit([&] {
+ if (error) {
+ DispatchPointerLockError(document, error);
+ // If we are failed to set pointer lock, notify parent to stop
+ // redirect mouse event to this process.
+ if (nsCOMPtr<nsIBrowserChild> browserChild =
+ do_QueryReferent(bc)) {
+ static_cast<BrowserChild*>(browserChild.get())
+ ->SendReleasePointerLock();
+ }
+ }
+ });
+
+ nsCOMPtr<Element> element = do_QueryReferent(e);
+ if (!element || !document || !element->GetComposedDoc()) {
+ error = "PointerLockDeniedNotInDocument";
+ return;
+ }
+
+ if (element->GetComposedDoc() != document) {
+ error = "PointerLockDeniedMovedDocument";
+ return;
+ }
+
+ nsCOMPtr<Element> pointerLockedElement =
+ do_QueryReferent(EventStateManager::sPointerLockedElement);
+ error = GetPointerLockError(element, pointerLockedElement, true);
+ if (error) {
+ return;
+ }
+
+ if (!StartSetPointerLock(element, document)) {
+ error = "PointerLockDeniedFailedToLock";
+ return;
+ }
+ },
+ [doc](mozilla::ipc::ResponseRejectReason) {
+ // IPC layer error
+ nsCOMPtr<Document> document = do_QueryReferent(doc);
+ if (!document) {
+ return;
+ }
+
+ DispatchPointerLockError(document, "PointerLockDeniedFailedToLock");
+ });
+ } else {
+ StartSetPointerLock(element, document);
+ }
+
+ return NS_OK;
+ };
+
+ private:
+ nsWeakPtr mElement;
+ nsWeakPtr mDocument;
+ bool mUserInputOrChromeCaller;
+};
+
+void Document::RequestPointerLock(Element* aElement, CallerType aCallerType) {
+ NS_ASSERTION(aElement,
+ "Must pass non-null element to Document::RequestPointerLock");
+
+ nsCOMPtr<Element> pointerLockedElement =
+ do_QueryReferent(EventStateManager::sPointerLockedElement);
+ if (aElement == pointerLockedElement) {
+ DispatchPointerLockChange(this);
+ return;
+ }
+
+ if (const char* msg = GetPointerLockError(aElement, pointerLockedElement)) {
+ DispatchPointerLockError(this, msg);
+ return;
+ }
+
+ bool userInputOrSystemCaller = HasValidTransientUserGestureActivation() ||
+ aCallerType == CallerType::System;
+ nsCOMPtr<nsIRunnable> request =
+ new PointerLockRequest(aElement, userInputOrSystemCaller);
+ Dispatch(TaskCategory::Other, request.forget());
+}
+
+bool Document::SetPointerLock(Element* aElement, StyleCursorKind aCursorStyle) {
+ MOZ_ASSERT(!aElement || aElement->OwnerDoc() == this,
+ "We should be either unlocking pointer (aElement is nullptr), "
+ "or locking pointer to an element in this document");
+#ifdef DEBUG
+ if (!aElement) {
+ nsCOMPtr<Document> pointerLockedDoc =
+ do_QueryReferent(EventStateManager::sPointerLockedDoc);
+ MOZ_ASSERT(pointerLockedDoc == this);
+ }
+#endif
+
+ PresShell* presShell = GetPresShell();
+ if (!presShell) {
+ NS_WARNING("SetPointerLock(): No PresShell");
+ if (!aElement) {
+ // If we are unlocking pointer lock, but for some reason the doc
+ // has already detached from the presshell, just ask the event
+ // state manager to release the pointer.
+ EventStateManager::SetPointerLock(nullptr, nullptr);
+ return true;
+ }
+ return false;
+ }
+ nsPresContext* presContext = presShell->GetPresContext();
+ if (!presContext) {
+ NS_WARNING("SetPointerLock(): Unable to get PresContext");
+ return false;
+ }
+
+ nsCOMPtr<nsIWidget> widget;
+ nsIFrame* rootFrame = presShell->GetRootFrame();
+ if (!NS_WARN_IF(!rootFrame)) {
+ widget = rootFrame->GetNearestWidget();
+ NS_WARNING_ASSERTION(widget,
+ "SetPointerLock(): Unable to find widget in "
+ "presShell->GetRootFrame()->GetNearestWidget();");
+ if (aElement && !widget) {
+ return false;
+ }
+ }
+
+ // Hide the cursor and set pointer lock for future mouse events
+ RefPtr<EventStateManager> esm = presContext->EventStateManager();
+ esm->SetCursor(aCursorStyle, nullptr, Nothing(), widget, true);
+ EventStateManager::SetPointerLock(widget, aElement);
+
+ return true;
+}
+
+void Document::UnlockPointer(Document* aDoc) {
+ if (!EventStateManager::sIsPointerLocked) {
+ return;
+ }
+
+ nsCOMPtr<Document> pointerLockedDoc =
+ do_QueryReferent(EventStateManager::sPointerLockedDoc);
+ if (!pointerLockedDoc || (aDoc && aDoc != pointerLockedDoc)) {
+ return;
+ }
+ if (!pointerLockedDoc->SetPointerLock(nullptr, StyleCursorKind::Auto)) {
+ return;
+ }
+
+ nsCOMPtr<Element> pointerLockedElement =
+ do_QueryReferent(EventStateManager::sPointerLockedElement);
+ ChangePointerLockedElement(nullptr, pointerLockedDoc, pointerLockedElement);
+
+ if (BrowserChild* browserChild =
+ BrowserChild::GetFrom(pointerLockedDoc->GetDocShell())) {
+ browserChild->SendReleasePointerLock();
+ }
+
+ RefPtr<AsyncEventDispatcher> asyncDispatcher = new AsyncEventDispatcher(
+ pointerLockedElement, u"MozDOMPointerLock:Exited"_ns, CanBubble::eYes,
+ ChromeOnlyDispatch::eYes);
+ asyncDispatcher->RunDOMEventWhenSafe();
+}
+
+void Document::UpdateVisibilityState(DispatchVisibilityChange aDispatchEvent) {
+ dom::VisibilityState oldState = mVisibilityState;
+ mVisibilityState = ComputeVisibilityState();
+ if (oldState != mVisibilityState) {
+ if (aDispatchEvent == DispatchVisibilityChange::Yes) {
+ nsContentUtils::DispatchTrustedEvent(this, ToSupports(this),
+ u"visibilitychange"_ns,
+ CanBubble::eYes, Cancelable::eNo);
+ }
+ EnumerateActivityObservers(NotifyActivityChanged);
+ if (mVisibilityState == dom::VisibilityState::Visible) {
+ MaybeActiveMediaComponents();
+ }
+ }
+}
+
+VisibilityState Document::ComputeVisibilityState() const {
+ // We have to check a few pieces of information here:
+ // 1) Are we in bfcache (!IsVisible())? If so, nothing else matters.
+ // 2) Do we have an outer window? If not, we're hidden. Note that we don't
+ // want to use GetWindow here because it does weird groveling for windows
+ // in some cases.
+ // 3) Is our outer window background? If so, we're hidden.
+ // Otherwise, we're visible.
+ if (!IsVisible() || !mWindow || !mWindow->GetOuterWindow() ||
+ mWindow->GetOuterWindow()->IsBackground()) {
+ return dom::VisibilityState::Hidden;
+ }
+
+ return dom::VisibilityState::Visible;
+}
+
+void Document::PostVisibilityUpdateEvent() {
+ nsCOMPtr<nsIRunnable> event = NewRunnableMethod<DispatchVisibilityChange>(
+ "Document::UpdateVisibilityState", this, &Document::UpdateVisibilityState,
+ DispatchVisibilityChange::Yes);
+ Dispatch(TaskCategory::Other, event.forget());
+}
+
+void Document::MaybeActiveMediaComponents() {
+ if (!mWindow) {
+ return;
+ }
+
+ GetWindow()->MaybeActiveMediaComponents();
+}
+
+void Document::DocAddSizeOfExcludingThis(nsWindowSizes& aWindowSizes) const {
+ nsINode::AddSizeOfExcludingThis(aWindowSizes, &aWindowSizes.mDOMOtherSize);
+
+ for (nsIContent* kid = GetFirstChild(); kid; kid = kid->GetNextSibling()) {
+ AddSizeOfNodeTree(*kid, aWindowSizes);
+ }
+
+ // IMPORTANT: for our ComputedValues measurements, we want to measure
+ // ComputedValues accessible from DOM elements before ComputedValues not
+ // accessible from DOM elements (i.e. accessible only from the frame tree).
+ //
+ // Therefore, the measurement of the Document superclass must happen after
+ // the measurement of DOM nodes (above), because Document contains the
+ // PresShell, which contains the frame tree.
+ if (mPresShell) {
+ mPresShell->AddSizeOfIncludingThis(aWindowSizes);
+ }
+
+ mStyleSet->AddSizeOfIncludingThis(aWindowSizes);
+
+ aWindowSizes.mPropertyTablesSize +=
+ mPropertyTable.SizeOfExcludingThis(aWindowSizes.mState.mMallocSizeOf);
+
+ if (EventListenerManager* elm = GetExistingListenerManager()) {
+ aWindowSizes.mDOMEventListenersCount += elm->ListenerCount();
+ }
+
+ if (mNodeInfoManager) {
+ mNodeInfoManager->AddSizeOfIncludingThis(aWindowSizes);
+ }
+
+ aWindowSizes.mDOMMediaQueryLists += mDOMMediaQueryLists.sizeOfExcludingThis(
+ aWindowSizes.mState.mMallocSizeOf);
+
+ for (const MediaQueryList* mql : mDOMMediaQueryLists) {
+ aWindowSizes.mDOMMediaQueryLists +=
+ mql->SizeOfExcludingThis(aWindowSizes.mState.mMallocSizeOf);
+ }
+
+ DocumentOrShadowRoot::AddSizeOfExcludingThis(aWindowSizes);
+
+ for (auto& sheetArray : mAdditionalSheets) {
+ AddSizeOfOwnedSheetArrayExcludingThis(aWindowSizes, sheetArray);
+ }
+ // Lumping in the loader with the style-sheets size is not ideal,
+ // but most of the things in there are in fact stylesheets, so it
+ // doesn't seem worthwhile to separate it out.
+ // This can be null if we've already been unlinked.
+ if (mCSSLoader) {
+ aWindowSizes.mLayoutStyleSheetsSize +=
+ mCSSLoader->SizeOfIncludingThis(aWindowSizes.mState.mMallocSizeOf);
+ }
+
+ if (mResizeObserverController) {
+ mResizeObserverController->AddSizeOfIncludingThis(aWindowSizes);
+ }
+
+ aWindowSizes.mDOMOtherSize += mAttrStyleSheet
+ ? mAttrStyleSheet->DOMSizeOfIncludingThis(
+ aWindowSizes.mState.mMallocSizeOf)
+ : 0;
+
+ aWindowSizes.mDOMOtherSize += mStyledLinks.ShallowSizeOfExcludingThis(
+ aWindowSizes.mState.mMallocSizeOf);
+
+ // Measurement of the following members may be added later if DMD finds it
+ // is worthwhile:
+ // - mMidasCommandManager
+ // - many!
+}
+
+void Document::DocAddSizeOfIncludingThis(nsWindowSizes& aWindowSizes) const {
+ aWindowSizes.mDOMOtherSize += aWindowSizes.mState.mMallocSizeOf(this);
+ DocAddSizeOfExcludingThis(aWindowSizes);
+}
+
+void Document::AddSizeOfExcludingThis(nsWindowSizes& aSizes,
+ size_t* aNodeSize) const {
+ // This AddSizeOfExcludingThis() overrides the one from nsINode. But
+ // nsDocuments can only appear at the top of the DOM tree, and we use the
+ // specialized DocAddSizeOfExcludingThis() in that case. So this should never
+ // be called.
+ MOZ_CRASH();
+}
+
+/* static */
+void Document::AddSizeOfNodeTree(nsINode& aNode, nsWindowSizes& aWindowSizes) {
+ size_t nodeSize = 0;
+ aNode.AddSizeOfIncludingThis(aWindowSizes, &nodeSize);
+
+ // This is where we transfer the nodeSize obtained from
+ // nsINode::AddSizeOfIncludingThis() to a value in nsWindowSizes.
+ switch (aNode.NodeType()) {
+ case nsINode::ELEMENT_NODE:
+ aWindowSizes.mDOMElementNodesSize += nodeSize;
+ break;
+ case nsINode::TEXT_NODE:
+ aWindowSizes.mDOMTextNodesSize += nodeSize;
+ break;
+ case nsINode::CDATA_SECTION_NODE:
+ aWindowSizes.mDOMCDATANodesSize += nodeSize;
+ break;
+ case nsINode::COMMENT_NODE:
+ aWindowSizes.mDOMCommentNodesSize += nodeSize;
+ break;
+ default:
+ aWindowSizes.mDOMOtherSize += nodeSize;
+ break;
+ }
+
+ if (EventListenerManager* elm = aNode.GetExistingListenerManager()) {
+ aWindowSizes.mDOMEventListenersCount += elm->ListenerCount();
+ }
+
+ if (aNode.IsContent()) {
+ nsTArray<nsIContent*> anonKids;
+ nsContentUtils::AppendNativeAnonymousChildren(aNode.AsContent(), anonKids,
+ nsIContent::eAllChildren);
+ for (nsIContent* anonKid : anonKids) {
+ AddSizeOfNodeTree(*anonKid, aWindowSizes);
+ }
+
+ if (auto* element = Element::FromNode(aNode)) {
+ if (ShadowRoot* shadow = element->GetShadowRoot()) {
+ AddSizeOfNodeTree(*shadow, aWindowSizes);
+ }
+ }
+ }
+
+ // NOTE(emilio): If you feel smart and want to change this function to use
+ // GetNextNode(), think twice, since you'd need to handle <xbl:content> in a
+ // sane way, and kids of <content> won't point to the parent, so we'd never
+ // find the root node where we should stop at.
+ for (nsIContent* kid = aNode.GetFirstChild(); kid;
+ kid = kid->GetNextSibling()) {
+ AddSizeOfNodeTree(*kid, aWindowSizes);
+ }
+}
+
+already_AddRefed<Document> Document::Constructor(const GlobalObject& aGlobal,
+ ErrorResult& rv) {
+ nsCOMPtr<nsIScriptGlobalObject> global =
+ do_QueryInterface(aGlobal.GetAsSupports());
+ if (!global) {
+ rv.Throw(NS_ERROR_UNEXPECTED);
+ return nullptr;
+ }
+
+ nsCOMPtr<nsIScriptObjectPrincipal> prin =
+ do_QueryInterface(aGlobal.GetAsSupports());
+ if (!prin) {
+ rv.Throw(NS_ERROR_UNEXPECTED);
+ return nullptr;
+ }
+
+ nsCOMPtr<nsIURI> uri;
+ NS_NewURI(getter_AddRefs(uri), "about:blank");
+ if (!uri) {
+ rv.Throw(NS_ERROR_OUT_OF_MEMORY);
+ return nullptr;
+ }
+
+ nsCOMPtr<Document> doc;
+ nsresult res = NS_NewDOMDocument(getter_AddRefs(doc), VoidString(), u""_ns,
+ nullptr, uri, uri, prin->GetPrincipal(),
+ true, global, DocumentFlavorPlain);
+ if (NS_FAILED(res)) {
+ rv.Throw(res);
+ return nullptr;
+ }
+
+ doc->SetReadyStateInternal(Document::READYSTATE_COMPLETE);
+
+ return doc.forget();
+}
+
+XPathExpression* Document::CreateExpression(const nsAString& aExpression,
+ XPathNSResolver* aResolver,
+ ErrorResult& rv) {
+ return XPathEvaluator()->CreateExpression(aExpression, aResolver, rv);
+}
+
+nsINode* Document::CreateNSResolver(nsINode& aNodeResolver) {
+ return XPathEvaluator()->CreateNSResolver(aNodeResolver);
+}
+
+already_AddRefed<XPathResult> Document::Evaluate(
+ JSContext* aCx, const nsAString& aExpression, nsINode& aContextNode,
+ XPathNSResolver* aResolver, uint16_t aType, JS::Handle<JSObject*> aResult,
+ ErrorResult& rv) {
+ return XPathEvaluator()->Evaluate(aCx, aExpression, aContextNode, aResolver,
+ aType, aResult, rv);
+}
+
+already_AddRefed<nsIAppWindow> Document::GetAppWindowIfToplevelChrome() const {
+ nsCOMPtr<nsIDocShellTreeItem> item = GetDocShell();
+ if (!item) {
+ return nullptr;
+ }
+ nsCOMPtr<nsIDocShellTreeOwner> owner;
+ item->GetTreeOwner(getter_AddRefs(owner));
+ nsCOMPtr<nsIAppWindow> appWin = do_GetInterface(owner);
+ if (!appWin) {
+ return nullptr;
+ }
+ nsCOMPtr<nsIDocShell> appWinShell;
+ appWin->GetDocShell(getter_AddRefs(appWinShell));
+ if (!SameCOMIdentity(appWinShell, item)) {
+ return nullptr;
+ }
+ return appWin.forget();
+}
+
+WindowContext* Document::GetTopLevelWindowContext() const {
+ WindowContext* windowContext = GetWindowContext();
+ return windowContext ? windowContext->TopWindowContext() : nullptr;
+}
+
+Document* Document::GetTopLevelContentDocument() {
+ Document* parent;
+
+ if (!mLoadedAsData) {
+ parent = this;
+ } else {
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(GetScopeObject());
+ if (!window) {
+ return nullptr;
+ }
+
+ parent = window->GetExtantDoc();
+ if (!parent) {
+ return nullptr;
+ }
+ }
+
+ do {
+ if (parent->IsTopLevelContentDocument()) {
+ break;
+ }
+
+ // If we ever have a non-content parent before we hit a toplevel content
+ // parent, then we're never going to find one. Just bail.
+ if (!parent->IsContentDocument()) {
+ return nullptr;
+ }
+
+ parent = parent->GetInProcessParentDocument();
+ } while (parent);
+
+ return parent;
+}
+
+const Document* Document::GetTopLevelContentDocument() const {
+ const Document* parent;
+
+ if (!mLoadedAsData) {
+ parent = this;
+ } else {
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(GetScopeObject());
+ if (!window) {
+ return nullptr;
+ }
+
+ parent = window->GetExtantDoc();
+ if (!parent) {
+ return nullptr;
+ }
+ }
+
+ do {
+ if (parent->IsTopLevelContentDocument()) {
+ break;
+ }
+
+ // If we ever have a non-content parent before we hit a toplevel content
+ // parent, then we're never going to find one. Just bail.
+ if (!parent->IsContentDocument()) {
+ return nullptr;
+ }
+
+ parent = parent->GetInProcessParentDocument();
+ } while (parent);
+
+ return parent;
+}
+
+void Document::PropagateImageUseCounters(Document* aReferencingDocument) {
+ MOZ_ASSERT(IsBeingUsedAsImage());
+ MOZ_ASSERT(aReferencingDocument);
+
+ if (!aReferencingDocument->mShouldReportUseCounters) {
+ // No need to propagate use counters to a document that itself won't report
+ // use counters.
+ return;
+ }
+
+ MOZ_LOG(gUseCountersLog, LogLevel::Debug,
+ ("PropagateImageUseCounters from %s to %s",
+ nsContentUtils::TruncatedURLForDisplay(mDocumentURI).get(),
+ nsContentUtils::TruncatedURLForDisplay(
+ aReferencingDocument->mDocumentURI)
+ .get()));
+
+ if (aReferencingDocument->IsBeingUsedAsImage()) {
+ NS_WARNING(
+ "Page use counters from nested image documents may not "
+ "propagate to the top-level document (bug 1657805)");
+ }
+
+ SetCssUseCounterBits();
+ aReferencingDocument->mChildDocumentUseCounters |= mUseCounters;
+ aReferencingDocument->mChildDocumentUseCounters |= mChildDocumentUseCounters;
+}
+
+bool Document::HasScriptsBlockedBySandbox() {
+ return mSandboxFlags & SANDBOXED_SCRIPTS;
+}
+
+// Some use-counter sanity-checking.
+static_assert(size_t(eUseCounter_EndCSSProperties) -
+ size_t(eUseCounter_FirstCSSProperty) ==
+ size_t(eCSSProperty_COUNT_with_aliases),
+ "We should have the right amount of CSS property use counters");
+static_assert(size_t(eUseCounter_Count) -
+ size_t(eUseCounter_FirstCountedUnknownProperty) ==
+ size_t(CountedUnknownProperty::Count),
+ "We should have the right amount of counted unknown properties"
+ " use counters");
+static_assert(size_t(eUseCounter_Count) * 2 ==
+ size_t(Telemetry::HistogramUseCounterCount),
+ "There should be two histograms (document and page)"
+ " for each use counter");
+
+#define ASSERT_CSS_COUNTER(id_, method_) \
+ static_assert(size_t(eUseCounter_property_##method_) - \
+ size_t(eUseCounter_FirstCSSProperty) == \
+ size_t(id_), \
+ "Order for CSS counters and CSS property id should match");
+#define CSS_PROP_PUBLIC_OR_PRIVATE(publicname_, privatename_) privatename_
+#define CSS_PROP_LONGHAND(name_, id_, method_, ...) \
+ ASSERT_CSS_COUNTER(eCSSProperty_##id_, method_)
+#define CSS_PROP_SHORTHAND(name_, id_, method_, ...) \
+ ASSERT_CSS_COUNTER(eCSSProperty_##id_, method_)
+#define CSS_PROP_ALIAS(name_, aliasid_, id_, method_, ...) \
+ ASSERT_CSS_COUNTER(eCSSPropertyAlias_##aliasid_, method_)
+#include "mozilla/ServoCSSPropList.h"
+#undef CSS_PROP_ALIAS
+#undef CSS_PROP_SHORTHAND
+#undef CSS_PROP_LONGHAND
+#undef CSS_PROP_PUBLIC_OR_PRIVATE
+#undef ASSERT_CSS_COUNTER
+
+void Document::SetCssUseCounterBits() {
+ if (StaticPrefs::layout_css_use_counters_enabled()) {
+ for (size_t i = 0; i < eCSSProperty_COUNT_with_aliases; ++i) {
+ auto id = nsCSSPropertyID(i);
+ if (Servo_IsPropertyIdRecordedInUseCounter(mStyleUseCounters.get(), id)) {
+ SetUseCounter(nsCSSProps::UseCounterFor(id));
+ }
+ }
+ }
+
+ if (StaticPrefs::layout_css_use_counters_unimplemented_enabled()) {
+ for (size_t i = 0; i < size_t(CountedUnknownProperty::Count); ++i) {
+ auto id = CountedUnknownProperty(i);
+ if (Servo_IsUnknownPropertyRecordedInUseCounter(mStyleUseCounters.get(),
+ id)) {
+ SetUseCounter(UseCounter(eUseCounter_FirstCountedUnknownProperty + i));
+ }
+ }
+ }
+}
+
+void Document::InitUseCounters() {
+ // We can be called more than once, e.g. when session history navigation shows
+ // us a second time.
+ if (mUseCountersInitialized) {
+ return;
+ }
+ mUseCountersInitialized = true;
+
+ if (Telemetry::HistogramUseCounterCount == 0) {
+ // No use counters defined.
+ return;
+ }
+
+ if (!ShouldIncludeInTelemetry(/* aAllowExtensionURIs = */ true)) {
+ return;
+ }
+
+ // Now we know for sure that we should report use counters from this document.
+ mShouldReportUseCounters = true;
+
+ WindowContext* top = GetWindowContextForPageUseCounters();
+ if (!top) {
+ // This is the case for SVG image documents. They are not displayed in a
+ // window, but we still do want to record document use counters for them.
+ //
+ // Page use counter propagation is handled in PropagateImageUseCounters,
+ // so there is no need to use the cross-process machinery to send them.
+ MOZ_LOG(gUseCountersLog, LogLevel::Debug,
+ ("InitUseCounters for a non-displayed document [%s]",
+ nsContentUtils::TruncatedURLForDisplay(mDocumentURI).get()));
+ return;
+ }
+
+ RefPtr<WindowGlobalChild> wgc = GetWindowGlobalChild();
+ if (!wgc) {
+ return;
+ }
+
+ MOZ_LOG(gUseCountersLog, LogLevel::Debug,
+ ("InitUseCounters for a displayed document: %" PRIu64 " -> %" PRIu64
+ " [from %s]",
+ wgc->InnerWindowId(), top->Id(),
+ nsContentUtils::TruncatedURLForDisplay(mDocumentURI).get()));
+
+ // Inform the parent process that we will send it page use counters later on.
+ wgc->SendExpectPageUseCounters(top);
+ mShouldSendPageUseCounters = true;
+}
+
+// We keep separate counts for individual documents and top-level
+// pages to more accurately track how many web pages might break if
+// certain features were removed. Consider the case of a single
+// HTML document with several SVG images and/or iframes with
+// sub-documents of their own. If we maintained a single set of use
+// counters and all the sub-documents use a particular feature, then
+// telemetry would indicate that we would be breaking N documents if
+// that feature were removed. Whereas with a document/top-level
+// page split, we can see that N documents would be affected, but
+// only a single web page would be affected.
+//
+// The difference between the values of these two histograms and the
+// related use counters below tell us how many pages did *not* use
+// the feature in question. For instance, if we see that a given
+// session has destroyed 30 content documents, but a particular use
+// counter shows only a count of 5, we can infer that the use
+// counter was *not* used in 25 of those 30 documents.
+//
+// We do things this way, rather than accumulating a boolean flag
+// for each use counter, to avoid sending histograms for features
+// that don't get widely used. Doing things in this fashion means
+// smaller telemetry payloads and faster processing on the server
+// side.
+void Document::ReportDocumentUseCounters() {
+ if (!mShouldReportUseCounters || mReportedDocumentUseCounters) {
+ return;
+ }
+
+ mReportedDocumentUseCounters = true;
+
+ // Note that a document is being destroyed. See the comment above for how
+ // use counter histograms are interpreted relative to this measurement.
+ // TOP_LEVEL_CONTENT_DOCUMENTS_DESTROYED is recorded in
+ // WindowGlobalParent::FinishAccumulatingPageUseCounters.
+ Telemetry::Accumulate(Telemetry::CONTENT_DOCUMENTS_DESTROYED, 1);
+
+ // Ask all of our resource documents to report their own document use
+ // counters.
+ EnumerateExternalResources([](Document& aDoc) {
+ aDoc.ReportDocumentUseCounters();
+ return CallState::Continue;
+ });
+
+ // Copy StyleUseCounters into our document use counters.
+ SetCssUseCounterBits();
+
+ // Report our per-document use counters.
+ MOZ_LOG(gUseCountersLog, LogLevel::Debug,
+ ("Reporting document use counters [%s]",
+ nsContentUtils::TruncatedURLForDisplay(GetDocumentURI()).get()));
+ for (int32_t c = 0; c < eUseCounter_Count; ++c) {
+ auto uc = static_cast<UseCounter>(c);
+ if (!mUseCounters[uc]) {
+ continue;
+ }
+
+ auto id = static_cast<Telemetry::HistogramID>(
+ Telemetry::HistogramFirstUseCounter + uc * 2);
+ MOZ_LOG(gUseCountersLog, LogLevel::Debug,
+ (" > %s\n", Telemetry::GetHistogramName(id)));
+ Telemetry::Accumulate(id, 1);
+ }
+}
+
+void Document::SendPageUseCounters() {
+ if (!mShouldReportUseCounters || !mShouldSendPageUseCounters) {
+ return;
+ }
+
+ // Ask all of our resource documents to send their own document use
+ // counters to the parent process to be counted as page use counters.
+ EnumerateExternalResources([](Document& aDoc) {
+ aDoc.SendPageUseCounters();
+ return CallState::Continue;
+ });
+
+ // Send our use counters to the parent process to accumulate them towards the
+ // page use counters for the top-level document.
+ //
+ // We take our own document use counters (those in mUseCounters) and any child
+ // document use counters (those in mChildDocumentUseCounters) that have been
+ // explicitly propagated up to us, which includes resource documents, static
+ // clones, and SVG images.
+ RefPtr<WindowGlobalChild> wgc = GetWindowGlobalChild();
+ if (!wgc) {
+ MOZ_ASSERT_UNREACHABLE(
+ "SendPageUseCounters should be called while we still have access "
+ "to our WindowContext");
+ MOZ_LOG(gUseCountersLog, LogLevel::Debug,
+ (" > too late to send page use counters"));
+ return;
+ }
+
+ MOZ_LOG(gUseCountersLog, LogLevel::Debug,
+ ("Sending page use counters: from WindowContext %" PRIu64 " [%s]",
+ wgc->WindowContext()->Id(),
+ nsContentUtils::TruncatedURLForDisplay(GetDocumentURI()).get()));
+
+ // Copy StyleUseCounters into our document use counters.
+ SetCssUseCounterBits();
+
+ UseCounters counters = mUseCounters | mChildDocumentUseCounters;
+ wgc->SendAccumulatePageUseCounters(counters);
+}
+
+WindowContext* Document::GetWindowContextForPageUseCounters() const {
+ if (mDisplayDocument) {
+ // If we are a resource document, then go through it to find the
+ // top-level document.
+ return mDisplayDocument->GetWindowContextForPageUseCounters();
+ }
+
+ if (mOriginalDocument) {
+ // For static clones (print preview documents), contribute page use counters
+ // towards the original document.
+ return mOriginalDocument->GetWindowContextForPageUseCounters();
+ }
+
+ WindowContext* wc = GetTopLevelWindowContext();
+ if (!wc || !wc->GetBrowsingContext()->IsContent()) {
+ return nullptr;
+ }
+
+ return wc;
+}
+
+void Document::UpdateIntersectionObservations(TimeStamp aNowTime) {
+ if (mIntersectionObservers.IsEmpty()) {
+ return;
+ }
+
+ DOMHighResTimeStamp time = 0;
+ if (nsPIDOMWindowInner* win = GetInnerWindow()) {
+ if (Performance* perf = win->GetPerformance()) {
+ time = perf->TimeStampToDOMHighResForRendering(aNowTime);
+ }
+ }
+
+ nsTArray<RefPtr<DOMIntersectionObserver>> observers(
+ mIntersectionObservers.Count());
+ for (auto& observer : mIntersectionObservers) {
+ observers.AppendElement(observer.GetKey());
+ }
+ for (const auto& observer : observers) {
+ if (observer) {
+ observer->Update(this, time);
+ }
+ }
+}
+
+void Document::ScheduleIntersectionObserverNotification() {
+ if (mIntersectionObservers.IsEmpty()) {
+ return;
+ }
+ MOZ_RELEASE_ASSERT(NS_IsMainThread());
+ nsCOMPtr<nsIRunnable> notification =
+ NewRunnableMethod("Document::NotifyIntersectionObservers", this,
+ &Document::NotifyIntersectionObservers);
+ Dispatch(TaskCategory::Other, notification.forget());
+}
+
+void Document::NotifyIntersectionObservers() {
+ nsTArray<RefPtr<DOMIntersectionObserver>> observers(
+ mIntersectionObservers.Count());
+ for (auto iter = mIntersectionObservers.Iter(); !iter.Done(); iter.Next()) {
+ DOMIntersectionObserver* observer = iter.Get()->GetKey();
+ observers.AppendElement(observer);
+ }
+ for (const auto& observer : observers) {
+ if (observer) {
+ // MOZ_KnownLive because 'observers' is guaranteed to
+ // keep it alive.
+ //
+ // Even with https://bugzilla.mozilla.org/show_bug.cgi?id=1620312 fixed
+ // this might need to stay, because 'observers' is not const, so it's not
+ // obvious how to prove via static analysis that it won't change and
+ // release us.
+ MOZ_KnownLive(observer)->Notify();
+ }
+ }
+}
+
+DOMIntersectionObserver& Document::EnsureLazyLoadImageObserver() {
+ if (!mLazyLoadImageObserver) {
+ mLazyLoadImageObserver =
+ DOMIntersectionObserver::CreateLazyLoadObserver(*this);
+ }
+ return *mLazyLoadImageObserver;
+}
+
+void Document::NotifyLayerManagerRecreated() {
+ EnumerateActivityObservers(NotifyActivityChanged);
+ EnumerateSubDocuments([](Document& aSubDoc) {
+ aSubDoc.NotifyLayerManagerRecreated();
+ return CallState::Continue;
+ });
+}
+
+XPathEvaluator* Document::XPathEvaluator() {
+ if (!mXPathEvaluator) {
+ mXPathEvaluator.reset(new dom::XPathEvaluator(this));
+ }
+ return mXPathEvaluator.get();
+}
+
+already_AddRefed<nsIDocumentEncoder> Document::GetCachedEncoder() {
+ return mCachedEncoder.forget();
+}
+
+void Document::SetCachedEncoder(already_AddRefed<nsIDocumentEncoder> aEncoder) {
+ mCachedEncoder = aEncoder;
+}
+
+void Document::SetContentTypeInternal(const nsACString& aType) {
+ if (!IsHTMLOrXHTML() && mDefaultElementType == kNameSpaceID_None &&
+ aType.EqualsLiteral("application/xhtml+xml")) {
+ mDefaultElementType = kNameSpaceID_XHTML;
+ }
+
+ mCachedEncoder = nullptr;
+ mContentType = aType;
+}
+
+nsILoadContext* Document::GetLoadContext() const { return mDocumentContainer; }
+
+nsIDocShell* Document::GetDocShell() const { return mDocumentContainer; }
+
+void Document::SetStateObject(nsIStructuredCloneContainer* scContainer) {
+ mStateObjectContainer = scContainer;
+ mStateObjectCached = nullptr;
+}
+
+Document::DocumentTheme Document::GetDocumentLWTheme() {
+ if (mDocLWTheme == Doc_Theme_Uninitialized) {
+ mDocLWTheme = ThreadSafeGetDocumentLWTheme();
+ }
+ return mDocLWTheme;
+}
+
+Document::DocumentTheme Document::ThreadSafeGetDocumentLWTheme() const {
+ if (!NodePrincipal()->IsSystemPrincipal()) {
+ return Doc_Theme_None;
+ }
+
+ if (mDocLWTheme != Doc_Theme_Uninitialized) {
+ return mDocLWTheme;
+ }
+
+ DocumentTheme theme = Doc_Theme_None; // No lightweight theme by default
+ Element* element = GetRootElement();
+ if (element && element->AttrValueIs(kNameSpaceID_None, nsGkAtoms::lwtheme,
+ nsGkAtoms::_true, eCaseMatters)) {
+ theme = Doc_Theme_Neutral;
+ nsAutoString lwTheme;
+ element->GetAttr(kNameSpaceID_None, nsGkAtoms::lwthemetextcolor, lwTheme);
+ if (lwTheme.EqualsLiteral("dark")) {
+ theme = Doc_Theme_Dark;
+ } else if (lwTheme.EqualsLiteral("bright")) {
+ theme = Doc_Theme_Bright;
+ }
+ }
+
+ return theme;
+}
+
+already_AddRefed<Element> Document::CreateHTMLElement(nsAtom* aTag) {
+ RefPtr<mozilla::dom::NodeInfo> nodeInfo;
+ nodeInfo = mNodeInfoManager->GetNodeInfo(aTag, nullptr, kNameSpaceID_XHTML,
+ ELEMENT_NODE);
+ MOZ_ASSERT(nodeInfo, "GetNodeInfo should never fail");
+
+ nsCOMPtr<Element> element;
+ DebugOnly<nsresult> rv =
+ NS_NewHTMLElement(getter_AddRefs(element), nodeInfo.forget(),
+ mozilla::dom::NOT_FROM_PARSER);
+
+ MOZ_ASSERT(NS_SUCCEEDED(rv), "NS_NewHTMLElement should never fail");
+ return element.forget();
+}
+
+static CallState MarkDocumentTreeToBeInSyncOperation(
+ Document& aDoc, nsTArray<RefPtr<Document>>& aDocuments) {
+ aDoc.SetIsInSyncOperation(true);
+ if (nsCOMPtr<nsPIDOMWindowInner> window = aDoc.GetInnerWindow()) {
+ window->TimeoutManager().BeginSyncOperation();
+ }
+ aDocuments.AppendElement(&aDoc);
+ auto recurse = [&aDocuments](Document& aSubDoc) {
+ return MarkDocumentTreeToBeInSyncOperation(aSubDoc, aDocuments);
+ };
+ aDoc.EnumerateSubDocuments(recurse);
+ return CallState::Continue;
+}
+
+nsAutoSyncOperation::nsAutoSyncOperation(Document* aDoc,
+ SyncOperationBehavior aSyncBehavior)
+ : mSyncBehavior(aSyncBehavior) {
+ mMicroTaskLevel = 0;
+ CycleCollectedJSContext* ccjs = CycleCollectedJSContext::Get();
+ if (ccjs) {
+ mMicroTaskLevel = ccjs->MicroTaskLevel();
+ ccjs->SetMicroTaskLevel(0);
+ }
+ if (aDoc) {
+ if (nsPIDOMWindowOuter* win = aDoc->GetWindow()) {
+ if (nsCOMPtr<nsPIDOMWindowOuter> top = win->GetInProcessTop()) {
+ if (RefPtr<Document> doc = top->GetExtantDoc()) {
+ MarkDocumentTreeToBeInSyncOperation(*doc, mDocuments);
+ }
+ }
+ }
+
+ mBrowsingContext = aDoc->GetBrowsingContext();
+ if (mBrowsingContext &&
+ mSyncBehavior == SyncOperationBehavior::eSuspendInput &&
+ InputTaskManager::CanSuspendInputEvent()) {
+ mBrowsingContext->Group()->IncInputEventSuspensionLevel();
+ }
+ }
+}
+
+nsAutoSyncOperation::~nsAutoSyncOperation() {
+ for (RefPtr<Document>& doc : mDocuments) {
+ if (nsCOMPtr<nsPIDOMWindowInner> window = doc->GetInnerWindow()) {
+ window->TimeoutManager().EndSyncOperation();
+ }
+ doc->SetIsInSyncOperation(false);
+ }
+ CycleCollectedJSContext* ccjs = CycleCollectedJSContext::Get();
+ if (ccjs) {
+ ccjs->SetMicroTaskLevel(mMicroTaskLevel);
+ }
+
+ if (mBrowsingContext &&
+ mSyncBehavior == SyncOperationBehavior::eSuspendInput &&
+ InputTaskManager::CanSuspendInputEvent()) {
+ mBrowsingContext->Group()->DecInputEventSuspensionLevel();
+ }
+}
+
+gfxUserFontSet* Document::GetUserFontSet() {
+ if (!mFontFaceSet) {
+ return nullptr;
+ }
+
+ return mFontFaceSet->GetUserFontSet();
+}
+
+void Document::FlushUserFontSet() {
+ if (!mFontFaceSetDirty) {
+ return;
+ }
+
+ mFontFaceSetDirty = false;
+
+ if (gfxPlatform::GetPlatform()->DownloadableFontsEnabled()) {
+ nsTArray<nsFontFaceRuleContainer> rules;
+ RefPtr<PresShell> presShell = GetPresShell();
+ if (presShell) {
+ MOZ_ASSERT(mStyleSetFilled);
+ mStyleSet->AppendFontFaceRules(rules);
+ }
+
+ if (!mFontFaceSet && !rules.IsEmpty()) {
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(GetScopeObject());
+ mFontFaceSet = new FontFaceSet(window, this);
+ }
+
+ bool changed = false;
+ if (mFontFaceSet) {
+ changed = mFontFaceSet->UpdateRules(rules);
+ }
+
+ // We need to enqueue a style change reflow (for later) to
+ // reflect that we're modifying @font-face rules. (However,
+ // without a reflow, nothing will happen to start any downloads
+ // that are needed.)
+ if (changed && presShell) {
+ if (nsPresContext* presContext = presShell->GetPresContext()) {
+ presContext->UserFontSetUpdated();
+ }
+ }
+ }
+}
+
+void Document::MarkUserFontSetDirty() {
+ if (mFontFaceSetDirty) {
+ return;
+ }
+ mFontFaceSetDirty = true;
+ if (PresShell* presShell = GetPresShell()) {
+ presShell->EnsureStyleFlush();
+ }
+}
+
+FontFaceSet* Document::Fonts() {
+ if (!mFontFaceSet) {
+ nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(GetScopeObject());
+ mFontFaceSet = new FontFaceSet(window, this);
+ FlushUserFontSet();
+ }
+ return mFontFaceSet;
+}
+
+void Document::ReportHasScrollLinkedEffect() {
+ if (mHasScrollLinkedEffect) {
+ // We already did this once for this document, don't do it again.
+ return;
+ }
+ mHasScrollLinkedEffect = true;
+ nsContentUtils::ReportToConsole(
+ nsIScriptError::warningFlag, "Async Pan/Zoom"_ns, this,
+ nsContentUtils::eLAYOUT_PROPERTIES, "ScrollLinkedEffectFound2");
+}
+
+void Document::SetSHEntryHasUserInteraction(bool aHasInteraction) {
+ if (RefPtr<WindowContext> topWc = GetTopLevelWindowContext()) {
+ // Setting has user interction on a discarded browsing context has
+ // no effect.
+ Unused << topWc->SetSHEntryHasUserInteraction(aHasInteraction);
+ }
+}
+
+bool Document::GetSHEntryHasUserInteraction() {
+ if (RefPtr<WindowContext> topWc = GetTopLevelWindowContext()) {
+ return topWc->GetSHEntryHasUserInteraction();
+ }
+ return false;
+}
+
+void Document::SetUserHasInteracted() {
+ MOZ_LOG(gUserInteractionPRLog, LogLevel::Debug,
+ ("Document %p has been interacted by user.", this));
+
+ // We maybe need to update the user-interaction permission.
+ MaybeStoreUserInteractionAsPermission();
+
+ // For purposes of reducing irrelevant session history entries on
+ // the back button, we annotate entries with whether they had user
+ // interaction. This is gated on its own flag on the WindowContext
+ // (instead of mUserHasInteracted) to account for the fact that multiple
+ // top-level SH entries can be associated with the same document.
+ // Thus, whenever we create a new SH entry for this document,
+ // this flag is reset.
+ if (!GetSHEntryHasUserInteraction()) {
+ nsIDocShell* docShell = this->GetDocShell();
+ if (docShell) {
+ nsCOMPtr<nsISHEntry> currentEntry;
+ bool oshe;
+ nsresult rv =
+ docShell->GetCurrentSHEntry(getter_AddRefs(currentEntry), &oshe);
+ if (!NS_WARN_IF(NS_FAILED(rv)) && currentEntry) {
+ currentEntry->SetHasUserInteraction(true);
+ }
+ }
+ SetSHEntryHasUserInteraction(true);
+ }
+
+ if (mUserHasInteracted) {
+ return;
+ }
+
+ mUserHasInteracted = true;
+
+ if (mChannel) {
+ nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo();
+ loadInfo->SetDocumentHasUserInteracted(true);
+ }
+ // Tell the parent process about user interaction
+ if (auto* wgc = GetWindowGlobalChild()) {
+ wgc->SendUpdateDocumentHasUserInteracted(true);
+ }
+
+ MaybeAllowStorageForOpenerAfterUserInteraction();
+}
+
+BrowsingContext* Document::GetBrowsingContext() const {
+ nsCOMPtr<nsIDocShell> docshell(mDocumentContainer);
+ return docshell ? docshell->GetBrowsingContext() : nullptr;
+}
+
+void Document::NotifyUserGestureActivation() {
+ if (RefPtr<BrowsingContext> bc = GetBrowsingContext()) {
+ bc->PreOrderWalk([&](BrowsingContext* aBC) {
+ WindowContext* windowContext = aBC->GetCurrentWindowContext();
+ if (!windowContext) {
+ return;
+ }
+
+ nsIDocShell* docShell = aBC->GetDocShell();
+ if (!docShell) {
+ return;
+ }
+
+ Document* document = docShell->GetDocument();
+ if (!document) {
+ return;
+ }
+
+ // XXXedgar we probably could just check `IsInProcess()` after fission
+ // enable.
+ if (NodePrincipal()->Equals(document->NodePrincipal())) {
+ windowContext->NotifyUserGestureActivation();
+ }
+ });
+
+ for (bc = bc->GetParent(); bc; bc = bc->GetParent()) {
+ if (WindowContext* windowContext = bc->GetCurrentWindowContext()) {
+ windowContext->NotifyUserGestureActivation();
+ }
+ }
+ }
+}
+
+bool Document::HasBeenUserGestureActivated() {
+ RefPtr<WindowContext> wc = GetWindowContext();
+ return wc && wc->HasBeenUserGestureActivated();
+}
+
+void Document::ClearUserGestureActivation() {
+ if (RefPtr<BrowsingContext> bc = GetBrowsingContext()) {
+ bc = bc->Top();
+ bc->PreOrderWalk([&](BrowsingContext* aBC) {
+ if (WindowContext* windowContext = aBC->GetCurrentWindowContext()) {
+ windowContext->NotifyResetUserGestureActivation();
+ }
+ });
+ }
+}
+
+bool Document::HasValidTransientUserGestureActivation() {
+ RefPtr<WindowContext> wc = GetWindowContext();
+ return wc && wc->HasValidTransientUserGestureActivation();
+}
+
+bool Document::ConsumeTransientUserGestureActivation() {
+ RefPtr<WindowContext> wc = GetWindowContext();
+ return wc && wc->ConsumeTransientUserGestureActivation();
+}
+
+void Document::SetDocTreeHadMedia() {
+ RefPtr<WindowContext> topWc = GetTopLevelWindowContext();
+ if (topWc && !topWc->IsDiscarded() && !topWc->GetDocTreeHadMedia()) {
+ MOZ_ALWAYS_SUCCEEDS(topWc->SetDocTreeHadMedia(true));
+ }
+}
+
+DocumentAutoplayPolicy Document::AutoplayPolicy() const {
+ return AutoplayPolicy::IsAllowedToPlay(*this);
+}
+
+void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
+ if (!CookieJarSettings()->GetRejectThirdPartyContexts()) {
+ return;
+ }
+
+ // This will probably change for project fission, but currently this document
+ // and the opener are on the same process. In the future, we should make this
+ // part async.
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ if (NS_WARN_IF(!inner)) {
+ return;
+ }
+
+ uint32_t cookieBehavior = CookieJarSettings()->GetCookieBehavior();
+ if (cookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
+ cookieBehavior ==
+ nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN) {
+ // We care about first-party tracking resources only.
+ if (!nsContentUtils::IsFirstPartyTrackingResourceWindow(inner)) {
+ return;
+ }
+ } else {
+ MOZ_ASSERT(net::CookieJarSettings::IsRejectThirdPartyWithExceptions(
+ cookieBehavior));
+ }
+
+ auto* outer = nsGlobalWindowOuter::Cast(inner->GetOuterWindow());
+ if (NS_WARN_IF(!outer)) {
+ return;
+ }
+
+ RefPtr<BrowsingContext> openerBC = outer->GetOpenerBrowsingContext();
+ if (!openerBC) {
+ // No opener.
+ return;
+ }
+
+ // We want to ensure the following check works for both fission mode
+ // and non-fission mode:
+ // "If the opener is not a 3rd party and if this window is not a 3rd
+ // party with respect to the opener, we should not continue."
+ //
+ // In non-fission mode, the opener and the opened window are in the same
+ // process, we can use nsContentUtils::IsThirdPartyWindowOrChannel to
+ // do the check.
+ // In fission mode, if this window is not a 3rd party with respect to
+ // the opener, they must be in the same process, so we can still use
+ // IsThirdPartyWindowOrChannel(openerInner) to continue to check if
+ // the opener is a 3rd party.
+ if (openerBC->IsInProcess()) {
+ nsCOMPtr<nsPIDOMWindowOuter> outerOpener = openerBC->GetDOMWindow();
+ if (NS_WARN_IF(!outerOpener)) {
+ return;
+ }
+
+ nsCOMPtr<nsPIDOMWindowInner> openerInner =
+ outerOpener->GetCurrentInnerWindow();
+ if (NS_WARN_IF(!openerInner)) {
+ return;
+ }
+
+ RefPtr<Document> openerDocument = openerInner->GetExtantDoc();
+ if (NS_WARN_IF(!openerDocument)) {
+ return;
+ }
+
+ nsCOMPtr<nsIURI> openerURI = openerDocument->GetDocumentURI();
+ if (NS_WARN_IF(!openerURI)) {
+ return;
+ }
+
+ // If the opener is not a 3rd party and if this window is not
+ // a 3rd party with respect to the opener, we should not continue.
+ if (!nsContentUtils::IsThirdPartyWindowOrChannel(inner, nullptr,
+ openerURI) &&
+ !nsContentUtils::IsThirdPartyWindowOrChannel(openerInner, nullptr,
+ nullptr)) {
+ return;
+ }
+ }
+
+ // We don't care when the asynchronous work finishes here.
+ Unused << ContentBlocking::AllowAccessFor(
+ NodePrincipal(), openerBC,
+ ContentBlockingNotifier::eOpenerAfterUserInteraction);
+}
+
+namespace {
+
+// Documents can stay alive for days. We don't want to update the permission
+// value at any user-interaction, and, using a timer triggered any X seconds
+// should be good enough. 'X' is taken from
+// privacy.userInteraction.document.interval pref.
+// We also want to store the user-interaction before shutting down, and, for
+// this reason, this class implements nsIAsyncShutdownBlocker interface.
+class UserInteractionTimer final : public Runnable,
+ public nsITimerCallback,
+ public nsIAsyncShutdownBlocker {
+ public:
+ NS_DECL_ISUPPORTS_INHERITED
+
+ explicit UserInteractionTimer(Document* aDocument)
+ : Runnable("UserInteractionTimer"),
+ mPrincipal(aDocument->NodePrincipal()),
+ mDocument(do_GetWeakReference(aDocument)) {
+ static int32_t userInteractionTimerId = 0;
+ // Blocker names must be unique. Let's create it now because when needed,
+ // the document could be already gone.
+ mBlockerName.AppendPrintf("UserInteractionTimer %d for document %p",
+ ++userInteractionTimerId, aDocument);
+ }
+
+ // Runnable interface
+
+ NS_IMETHOD
+ Run() override {
+ uint32_t interval =
+ StaticPrefs::privacy_userInteraction_document_interval();
+ if (!interval) {
+ return NS_OK;
+ }
+
+ RefPtr<UserInteractionTimer> self = this;
+ auto raii =
+ MakeScopeExit([self] { self->CancelTimerAndStoreUserInteraction(); });
+
+ nsresult rv = NS_NewTimerWithCallback(
+ getter_AddRefs(mTimer), this, interval * 1000, nsITimer::TYPE_ONE_SHOT);
+ NS_ENSURE_SUCCESS(rv, NS_OK);
+
+ nsCOMPtr<nsIAsyncShutdownClient> phase = GetShutdownPhase();
+ NS_ENSURE_TRUE(!!phase, NS_OK);
+
+ rv = phase->AddBlocker(this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__),
+ __LINE__, u"UserInteractionTimer shutdown"_ns);
+ NS_ENSURE_SUCCESS(rv, NS_OK);
+
+ raii.release();
+ return NS_OK;
+ }
+
+ // nsITimerCallback interface
+
+ NS_IMETHOD
+ Notify(nsITimer* aTimer) override {
+ StoreUserInteraction();
+ return NS_OK;
+ }
+
+#ifdef MOZ_COLLECTING_RUNNABLE_TELEMETRY
+ using nsINamed::GetName;
+#endif
+
+ // nsIAsyncShutdownBlocker interface
+
+ NS_IMETHOD
+ GetName(nsAString& aName) override {
+ aName = mBlockerName;
+ return NS_OK;
+ }
+
+ NS_IMETHOD
+ BlockShutdown(nsIAsyncShutdownClient* aClient) override {
+ CancelTimerAndStoreUserInteraction();
+ return NS_OK;
+ }
+
+ NS_IMETHOD
+ GetState(nsIPropertyBag**) override { return NS_OK; }
+
+ private:
+ ~UserInteractionTimer() = default;
+
+ void StoreUserInteraction() {
+ // Remove the shutting down blocker
+ nsCOMPtr<nsIAsyncShutdownClient> phase = GetShutdownPhase();
+ if (phase) {
+ phase->RemoveBlocker(this);
+ }
+
+ // If the document is not gone, let's reset its timer flag.
+ nsCOMPtr<Document> document = do_QueryReferent(mDocument);
+ if (document) {
+ ContentBlockingUserInteraction::Observe(mPrincipal);
+ document->ResetUserInteractionTimer();
+ }
+ }
+
+ void CancelTimerAndStoreUserInteraction() {
+ if (mTimer) {
+ mTimer->Cancel();
+ mTimer = nullptr;
+ }
+
+ StoreUserInteraction();
+ }
+
+ static already_AddRefed<nsIAsyncShutdownClient> GetShutdownPhase() {
+ nsCOMPtr<nsIAsyncShutdownService> svc = services::GetAsyncShutdownService();
+ NS_ENSURE_TRUE(!!svc, nullptr);
+
+ nsCOMPtr<nsIAsyncShutdownClient> phase;
+ nsresult rv = svc->GetXpcomWillShutdown(getter_AddRefs(phase));
+ NS_ENSURE_SUCCESS(rv, nullptr);
+
+ return phase.forget();
+ }
+
+ nsCOMPtr<nsIPrincipal> mPrincipal;
+ nsWeakPtr mDocument;
+
+ nsCOMPtr<nsITimer> mTimer;
+
+ nsString mBlockerName;
+};
+
+NS_IMPL_ISUPPORTS_INHERITED(UserInteractionTimer, Runnable, nsITimerCallback,
+ nsIAsyncShutdownBlocker)
+
+} // namespace
+
+void Document::MaybeStoreUserInteractionAsPermission() {
+ // We care about user-interaction stored only for top-level documents.
+ if (!IsTopLevelContentDocument()) {
+ return;
+ }
+
+ if (!mUserHasInteracted) {
+ // First interaction, let's store this info now.
+ ContentBlockingUserInteraction::Observe(NodePrincipal());
+ return;
+ }
+
+ if (mHasUserInteractionTimerScheduled) {
+ return;
+ }
+
+ nsCOMPtr<nsIRunnable> task = new UserInteractionTimer(this);
+ nsresult rv = NS_DispatchToCurrentThreadQueue(task.forget(), 2500,
+ EventQueuePriority::Idle);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return;
+ }
+
+ // This value will be reset by the timer.
+ mHasUserInteractionTimerScheduled = true;
+}
+
+void Document::ResetUserInteractionTimer() {
+ mHasUserInteractionTimerScheduled = false;
+}
+
+bool Document::IsExtensionPage() const {
+ return Preferences::GetBool("media.autoplay.allow-extension-background-pages",
+ true) &&
+ BasePrincipal::Cast(NodePrincipal())->AddonPolicy();
+}
+
+void Document::TraceProtos(JSTracer* aTrc) {
+ if (mPrototypeDocument) {
+ mPrototypeDocument->TraceProtos(aTrc);
+ }
+}
+
+/**
+ * Retrieves the classification of the Flash plugins in the document based on
+ * the classification lists. For more information, see
+ * toolkit/components/url-classifier/flash-block-lists.rst
+ */
+FlashClassification Document::DocumentFlashClassification() {
+ // Disable flash blocking when fission is enabled(See Bug 1584931).
+ const auto fnIsFlashBlockingEnabled = [] {
+ return StaticPrefs::plugins_flashBlock_enabled() && !FissionAutostart();
+ };
+
+ // If neither pref is on, skip the null-principal and principal URI checks.
+ if (!StaticPrefs::plugins_http_https_only() && !fnIsFlashBlockingEnabled()) {
+ return FlashClassification::Unknown;
+ }
+
+ if (!NodePrincipal()->GetIsContentPrincipal()) {
+ return FlashClassification::Denied;
+ }
+
+ if (StaticPrefs::plugins_http_https_only()) {
+ // Only allow plugins for documents from an HTTP/HTTPS origin. This should
+ // allow dependent data: URIs to load plugins, but not:
+ // * chrome documents
+ // * "bare" data: loads
+ // * FTP/gopher/file
+
+ if (!(NodePrincipal()->SchemeIs("http") ||
+ NodePrincipal()->SchemeIs("https"))) {
+ return FlashClassification::Denied;
+ }
+ }
+
+ // If flash blocking is disabled, it is equivalent to all sites being
+ // on neither list.
+ if (!fnIsFlashBlockingEnabled()) {
+ return FlashClassification::Unknown;
+ }
+
+ if (mFlashClassification == FlashClassification::Unknown) {
+ mFlashClassification = DocumentFlashClassificationInternal();
+ }
+
+ return mFlashClassification;
+}
+
+void Document::AddResizeObserver(ResizeObserver& aObserver) {
+ if (!mResizeObserverController) {
+ mResizeObserverController = MakeUnique<ResizeObserverController>(this);
+ }
+ mResizeObserverController->AddResizeObserver(aObserver);
+}
+
+void Document::RemoveResizeObserver(ResizeObserver& aObserver) {
+ MOZ_DIAGNOSTIC_ASSERT(mResizeObserverController, "No controller?");
+ if (MOZ_UNLIKELY(!mResizeObserverController)) {
+ return;
+ }
+ mResizeObserverController->RemoveResizeObserver(aObserver);
+}
+
+PermissionDelegateHandler* Document::GetPermissionDelegateHandler() {
+ if (!mPermissionDelegateHandler) {
+ mPermissionDelegateHandler =
+ mozilla::MakeAndAddRef<PermissionDelegateHandler>(this);
+ }
+
+ if (!mPermissionDelegateHandler->Initialize()) {
+ mPermissionDelegateHandler = nullptr;
+ }
+
+ return mPermissionDelegateHandler;
+}
+
+void Document::ScheduleResizeObserversNotification() const {
+ if (!mResizeObserverController) {
+ return;
+ }
+
+ mResizeObserverController->ScheduleNotification();
+}
+
+/**
+ * Initializes |mIsThirdPartyForFlashClassifier| if necessary and returns its
+ * value. The value returned represents whether this document should be
+ * considered Third-Party.
+ *
+ * A top-level document cannot be a considered Third-Party; only subdocuments
+ * may. For a subdocument to be considered Third-Party, it must meet ANY ONE
+ * of the following requirements:
+ * - The document's parent is Third-Party
+ * - The document has a different scheme (http/https) than its parent document
+ * - The document's domain and subdomain do not match those of its parent
+ * document.
+ *
+ * If there is an error in determining whether the document is Third-Party,
+ * it will be assumed to be Third-Party for security reasons.
+ */
+bool Document::IsThirdPartyForFlashClassifier() {
+ if (mIsThirdPartyForFlashClassifier.isSome()) {
+ return mIsThirdPartyForFlashClassifier.value();
+ }
+
+ BrowsingContext* browsingContext = this->GetBrowsingContext();
+ if (!browsingContext) {
+ mIsThirdPartyForFlashClassifier.emplace(true);
+ return mIsThirdPartyForFlashClassifier.value();
+ }
+
+ if (browsingContext->IsTop()) {
+ mIsThirdPartyForFlashClassifier.emplace(false);
+ return mIsThirdPartyForFlashClassifier.value();
+ }
+
+ nsCOMPtr<Document> parentDocument = GetInProcessParentDocument();
+ if (!parentDocument) {
+ // Failure
+ mIsThirdPartyForFlashClassifier.emplace(true);
+ return mIsThirdPartyForFlashClassifier.value();
+ }
+
+ if (parentDocument->IsThirdPartyForFlashClassifier()) {
+ mIsThirdPartyForFlashClassifier.emplace(true);
+ return mIsThirdPartyForFlashClassifier.value();
+ }
+
+ nsCOMPtr<nsIPrincipal> principal = NodePrincipal();
+ nsCOMPtr<nsIPrincipal> parentPrincipal = parentDocument->GetPrincipal();
+
+ bool principalsMatch = false;
+ nsresult rv = principal->Equals(parentPrincipal, &principalsMatch);
+
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ // Failure
+ mIsThirdPartyForFlashClassifier.emplace(true);
+ return mIsThirdPartyForFlashClassifier.value();
+ }
+
+ if (!principalsMatch) {
+ mIsThirdPartyForFlashClassifier.emplace(true);
+ return mIsThirdPartyForFlashClassifier.value();
+ }
+
+ // Fall-through. Document is not a Third-Party Document.
+ mIsThirdPartyForFlashClassifier.emplace(false);
+ return mIsThirdPartyForFlashClassifier.value();
+}
+
+FlashClassification Document::DocumentFlashClassificationInternal() {
+ FlashClassification classification = FlashClassification::Unknown;
+
+ nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(GetChannel());
+ if (httpChannel) {
+ nsIHttpChannel::FlashPluginState state = nsIHttpChannel::FlashPluginUnknown;
+ httpChannel->GetFlashPluginState(&state);
+
+ // Allow unknown children to inherit allowed status from parent, but do not
+ // allow denied children to do so.
+
+ if (state == nsIHttpChannel::FlashPluginDeniedInSubdocuments &&
+ IsThirdPartyForFlashClassifier()) {
+ return FlashClassification::Denied;
+ }
+
+ if (state == nsIHttpChannel::FlashPluginDenied) {
+ return FlashClassification::Denied;
+ }
+
+ if (state == nsIHttpChannel::FlashPluginAllowed) {
+ classification = FlashClassification::Allowed;
+ }
+ }
+
+ if (IsTopLevelContentDocument()) {
+ return classification;
+ }
+
+ Document* parentDocument = GetInProcessParentDocument();
+ if (!parentDocument) {
+ return FlashClassification::Denied;
+ }
+
+ FlashClassification parentClassification =
+ parentDocument->DocumentFlashClassification();
+
+ if (parentClassification == FlashClassification::Denied) {
+ return FlashClassification::Denied;
+ }
+
+ // Allow unknown children to inherit allowed status from parent, but
+ // do not allow denied children to do so.
+ if (classification == FlashClassification::Unknown &&
+ parentClassification == FlashClassification::Allowed) {
+ return FlashClassification::Allowed;
+ }
+
+ return classification;
+}
+
+void Document::ClearStaleServoData() {
+ DocumentStyleRootIterator iter(this);
+ while (Element* root = iter.GetNextStyleRoot()) {
+ RestyleManager::ClearServoDataFromSubtree(root);
+ }
+}
+
+Selection* Document::GetSelection(ErrorResult& aRv) {
+ nsCOMPtr<nsPIDOMWindowInner> window = GetInnerWindow();
+ if (!window) {
+ return nullptr;
+ }
+
+ if (!window->IsCurrentInnerWindow()) {
+ return nullptr;
+ }
+
+ return nsGlobalWindowInner::Cast(window)->GetSelection(aRv);
+}
+
+already_AddRefed<mozilla::dom::Promise> Document::HasStorageAccess(
+ mozilla::ErrorResult& aRv) {
+ nsIGlobalObject* global = GetScopeObject();
+ if (!global) {
+ aRv.Throw(NS_ERROR_NOT_AVAILABLE);
+ return nullptr;
+ }
+
+ RefPtr<Promise> promise =
+ Promise::Create(global, aRv, Promise::ePropagateUserInteraction);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+
+ if (NodePrincipal()->GetIsNullPrincipal()) {
+ promise->MaybeResolve(false);
+ return promise.forget();
+ }
+
+ if (IsTopLevelContentDocument()) {
+ promise->MaybeResolve(true);
+ return promise.forget();
+ }
+
+ RefPtr<BrowsingContext> bc = GetBrowsingContext();
+ if (!bc) {
+ promise->MaybeResolve(false);
+ return promise.forget();
+ }
+
+ RefPtr<BrowsingContext> topBC = bc->Top();
+ // We check if the document is a first-party document here by testing if the
+ // top-level window is same-origin. In non-Fission mode, we can directly get
+ // the top-level window through the top browsing context since it should be
+ // in-process. And test their principals.
+ //
+ // In Fission mode, we can also directly get the top-level window. If we
+ // cannot get it, this means the top-level window is cross-origin. Then, we
+ // know our answer.
+ if (auto* topOuterWindow = topBC->GetDOMWindow()) {
+ if (nsGlobalWindowOuter::Cast(topOuterWindow)
+ ->GetPrincipal()
+ ->Equals(NodePrincipal())) {
+ promise->MaybeResolve(true);
+ return promise.forget();
+ }
+ }
+
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ nsGlobalWindowOuter* outer = nullptr;
+ if (inner) {
+ outer = nsGlobalWindowOuter::Cast(inner->GetOuterWindow());
+ promise->MaybeResolve(outer->IsStorageAccessPermissionGranted());
+ } else {
+ promise->MaybeRejectWithUndefined();
+ }
+ return promise.forget();
+}
+
+RefPtr<Document::GetContentBlockingEventsPromise>
+Document::GetContentBlockingEvents() {
+ RefPtr<nsPIDOMWindowInner> inner = GetInnerWindow();
+ if (!inner) {
+ return nullptr;
+ }
+
+ RefPtr<WindowGlobalChild> wgc = inner->GetWindowGlobalChild();
+ if (!wgc) {
+ return nullptr;
+ }
+
+ return wgc->SendGetContentBlockingEvents()->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [](const WindowGlobalChild::GetContentBlockingEventsPromise::
+ ResolveOrRejectValue& aValue) {
+ if (aValue.IsResolve()) {
+ return Document::GetContentBlockingEventsPromise::CreateAndResolve(
+ aValue.ResolveValue(), __func__);
+ }
+
+ return Document::GetContentBlockingEventsPromise::CreateAndReject(
+ false, __func__);
+ });
+}
+
+already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
+ mozilla::ErrorResult& aRv) {
+ nsIGlobalObject* global = GetScopeObject();
+ if (!global) {
+ aRv.Throw(NS_ERROR_NOT_AVAILABLE);
+ return nullptr;
+ }
+
+ // Propagate user input event handling to the resolve handler
+ RefPtr<Promise> promise =
+ Promise::Create(global, aRv, Promise::ePropagateUserInteraction);
+ if (aRv.Failed()) {
+ return nullptr;
+ }
+
+ nsCOMPtr<nsPIDOMWindowInner> inner = GetInnerWindow();
+ if (!inner) {
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ // Step 1. If the document already has been granted access, resolve.
+ RefPtr<nsGlobalWindowOuter> outer =
+ nsGlobalWindowOuter::Cast(inner->GetOuterWindow());
+ if (!outer) {
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ if (outer->IsStorageAccessPermissionGranted()) {
+ promise->MaybeResolveWithUndefined();
+ return promise.forget();
+ }
+
+ // Step 2. If the document has a null origin, reject.
+ if (NodePrincipal()->GetIsNullPrincipal()) {
+ nsContentUtils::ReportToConsole(nsIScriptError::errorFlag,
+ nsLiteralCString("requestStorageAccess"),
+ this, nsContentUtils::eDOM_PROPERTIES,
+ "RequestStorageAccessNullPrincipal");
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ RefPtr<BrowsingContext> bc = GetBrowsingContext();
+ if (!bc) {
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ // Only enforce third-party checks when there is a reason to enforce them.
+ if (!CookieJarSettings()->GetRejectThirdPartyContexts()) {
+ // Step 3. If the document's frame is the main frame, resolve.
+ if (IsTopLevelContentDocument()) {
+ promise->MaybeResolveWithUndefined();
+ return promise.forget();
+ }
+
+ // Step 4. If the sub frame's origin is equal to the main frame's, resolve.
+
+ // In fission, if the sub frame's origin differs from the main frame's
+ // origin, they will be in different processes. We use IsInProcess()
+ // check here to deterimine whether they have the same origin. In
+ // non-fission mode, it is always in-process so we need to compare their
+ // principals.
+ if (bc->Top()->IsInProcess()) {
+ nsCOMPtr<nsPIDOMWindowOuter> topOuter = bc->Top()->GetDOMWindow();
+ if (!topOuter) {
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ nsCOMPtr<Document> topLevelDoc = topOuter->GetExtantDoc();
+ if (!topLevelDoc) {
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ if (topLevelDoc->NodePrincipal()->Equals(NodePrincipal())) {
+ promise->MaybeResolveWithUndefined();
+ return promise.forget();
+ }
+ }
+ }
+
+ // Step 5. If the sub frame is not sandboxed, skip to step 7.
+ // Step 6. If the sub frame doesn't have the token
+ // "allow-storage-access-by-user-activation", reject.
+ if (StorageAccessSandboxed()) {
+ nsContentUtils::ReportToConsole(
+ nsIScriptError::errorFlag, nsLiteralCString("requestStorageAccess"),
+ this, nsContentUtils::eDOM_PROPERTIES, "RequestStorageAccessSandboxed");
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ // Step 7. If the sub frame's parent frame is not the top frame, reject.
+ RefPtr<BrowsingContext> parentBC = bc->GetParent();
+ if (parentBC && !parentBC->IsTopContent()) {
+ nsContentUtils::ReportToConsole(
+ nsIScriptError::errorFlag, nsLiteralCString("requestStorageAccess"),
+ this, nsContentUtils::eDOM_PROPERTIES, "RequestStorageAccessNested");
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ // Step 8. If the browser is not processing a user gesture, reject.
+ if (!UserActivation::IsHandlingUserInput()) {
+ nsContentUtils::ReportToConsole(nsIScriptError::errorFlag,
+ nsLiteralCString("requestStorageAccess"),
+ this, nsContentUtils::eDOM_PROPERTIES,
+ "RequestStorageAccessUserGesture");
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ // Step 9. Check any additional rules that the browser has.
+ // Examples: skip-lists, on-device classification,
+ // user settings, anti-clickjacking heuristics, or prompting the
+ // user for explicit permission. Reject if some rule is not fulfilled.
+ if (CookieJarSettings()->GetRejectThirdPartyContexts()) {
+ // Only do something special for third-party tracking content.
+ uint32_t antiTrackingRejectedReason = 0;
+ if (StorageDisabledByAntiTracking(this, nullptr,
+ antiTrackingRejectedReason)) {
+ // If storage is disabled because of a custom cookie permission for the
+ // site, reject.
+ if (antiTrackingRejectedReason ==
+ nsIWebProgressListener::STATE_COOKIES_BLOCKED_BY_PERMISSION) {
+ promise->MaybeRejectWithUndefined();
+ return promise.forget();
+ }
+
+ // Note: If this has returned true, the top-level document is guaranteed
+ // to not be on the Content Blocking allow list.
+ MOZ_ASSERT(!CookieJarSettings()->GetIsOnContentBlockingAllowList());
+
+ RefPtr<Document> self(this);
+
+ auto performFinalChecks =
+ [inner,
+ self]() -> RefPtr<ContentBlocking::StorageAccessFinalCheckPromise> {
+ RefPtr<ContentBlocking::StorageAccessFinalCheckPromise::Private> p =
+ new ContentBlocking::StorageAccessFinalCheckPromise::Private(
+ __func__);
+ RefPtr<StorageAccessPermissionRequest> sapr =
+ StorageAccessPermissionRequest::Create(
+ inner,
+ // Allow
+ [p] {
+ Telemetry::AccumulateCategorical(
+ Telemetry::LABELS_STORAGE_ACCESS_API_UI::Allow);
+ p->Resolve(ContentBlocking::eAllow, __func__);
+ },
+ // Block
+ [p] {
+ Telemetry::AccumulateCategorical(
+ Telemetry::LABELS_STORAGE_ACCESS_API_UI::Deny);
+ p->Reject(false, __func__);
+ });
+
+ typedef ContentPermissionRequestBase::PromptResult PromptResult;
+ PromptResult pr = sapr->CheckPromptPrefs();
+
+ if (pr == PromptResult::Pending) {
+ // We're about to show a prompt, record the request attempt
+ Telemetry::AccumulateCategorical(
+ Telemetry::LABELS_STORAGE_ACCESS_API_UI::Request);
+ }
+
+ self->AutomaticStorageAccessPermissionCanBeGranted()->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [p, pr, sapr,
+ inner](const AutomaticStorageAccessPermissionGrantPromise::
+ ResolveOrRejectValue& aValue) -> void {
+ // Make a copy because we can't modified copy-captured lambda
+ // variables.
+ PromptResult pr2 = pr;
+
+ bool storageAccessCanBeGrantedAutomatically =
+ aValue.IsResolve() && aValue.ResolveValue();
+
+ bool autoGrant = false;
+ if (pr2 == PromptResult::Pending &&
+ storageAccessCanBeGrantedAutomatically) {
+ pr2 = PromptResult::Granted;
+ autoGrant = true;
+
+ Telemetry::AccumulateCategorical(
+ Telemetry::LABELS_STORAGE_ACCESS_API_UI::
+ AllowAutomatically);
+ }
+
+ if (pr2 != PromptResult::Pending) {
+ MOZ_ASSERT_IF(pr2 != PromptResult::Granted,
+ pr2 == PromptResult::Denied);
+ if (pr2 == PromptResult::Granted) {
+ ContentBlocking::StorageAccessPromptChoices choice =
+ ContentBlocking::eAllow;
+ if (autoGrant) {
+ choice = ContentBlocking::eAllowAutoGrant;
+ }
+ if (!autoGrant) {
+ p->Resolve(choice, __func__);
+ } else {
+ sapr->MaybeDelayAutomaticGrants()->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [p, choice] { p->Resolve(choice, __func__); },
+ [p] { p->Reject(false, __func__); });
+ }
+ return;
+ }
+ p->Reject(false, __func__);
+ return;
+ }
+
+ sapr->RequestDelayedTask(
+ inner->EventTargetFor(TaskCategory::Other),
+ ContentPermissionRequestBase::DelayedTaskType::Request);
+ });
+
+ return std::move(p);
+ };
+ ContentBlocking::AllowAccessFor(
+ NodePrincipal(), bc, ContentBlockingNotifier::eStorageAccessAPI,
+ performFinalChecks)
+ ->Then(
+ GetCurrentSerialEventTarget(), __func__,
+ [outer, promise] {
+ // Step 10. Grant the document access to cookies and store
+ // that fact for
+ // the purposes of future calls to
+ // hasStorageAccess() and requestStorageAccess().
+ outer->SetStorageAccessPermissionGranted(true);
+ promise->MaybeResolveWithUndefined();
+ },
+ [outer, promise] {
+ outer->SetStorageAccessPermissionGranted(false);
+ promise->MaybeRejectWithUndefined();
+ });
+
+ return promise.forget();
+ }
+ }
+
+ outer->SetStorageAccessPermissionGranted(true);
+ promise->MaybeResolveWithUndefined();
+ return promise.forget();
+}
+
+RefPtr<Document::AutomaticStorageAccessPermissionGrantPromise>
+Document::AutomaticStorageAccessPermissionCanBeGranted() {
+ if (XRE_IsContentProcess()) {
+ // In the content process, we need to ask the parent process to compute
+ // this. The reason is that nsIPermissionManager::GetAllWithTypePrefix()
+ // isn't accessible in the content process.
+ ContentChild* cc = ContentChild::GetSingleton();
+ MOZ_ASSERT(cc);
+
+ return cc
+ ->SendAutomaticStorageAccessPermissionCanBeGranted(
+ IPC::Principal(NodePrincipal()))
+ ->Then(GetCurrentSerialEventTarget(), __func__,
+ [](const ContentChild::
+ AutomaticStorageAccessPermissionCanBeGrantedPromise::
+ ResolveOrRejectValue& aValue) {
+ if (aValue.IsResolve()) {
+ return AutomaticStorageAccessPermissionGrantPromise::
+ CreateAndResolve(aValue.ResolveValue(), __func__);
+ }
+
+ return AutomaticStorageAccessPermissionGrantPromise::
+ CreateAndReject(false, __func__);
+ });
+ }
+
+ if (XRE_IsParentProcess()) {
+ // In the parent process, we can directly compute this.
+ return AutomaticStorageAccessPermissionGrantPromise::CreateAndResolve(
+ AutomaticStorageAccessPermissionCanBeGranted(NodePrincipal()),
+ __func__);
+ }
+
+ return AutomaticStorageAccessPermissionGrantPromise::CreateAndReject(
+ false, __func__);
+}
+
+bool Document::AutomaticStorageAccessPermissionCanBeGranted(
+ nsIPrincipal* aPrincipal) {
+ nsAutoCString prefix;
+ AntiTrackingUtils::CreateStoragePermissionKey(aPrincipal, prefix);
+
+ PermissionManager* permManager = PermissionManager::GetInstance();
+ if (NS_WARN_IF(!permManager)) {
+ return false;
+ }
+
+ typedef nsTArray<RefPtr<nsIPermission>> Permissions;
+ Permissions perms;
+ nsresult rv = permManager->GetAllWithTypePrefix(prefix, perms);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ nsAutoCString prefix2(prefix);
+ prefix2.Append('^');
+ typedef nsTArray<nsCString> Origins;
+ Origins origins;
+
+ for (const auto& perm : perms) {
+ nsAutoCString type;
+ rv = perm->GetType(type);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+ // Let's make sure that we're not looking at a permission for
+ // https://exampletracker.company when we mean to look for the
+ // permission for https://exampletracker.com!
+ if (type != prefix && StringHead(type, prefix2.Length()) != prefix2) {
+ continue;
+ }
+
+ nsCOMPtr<nsIPrincipal> principal;
+ rv = perm->GetPrincipal(getter_AddRefs(principal));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ nsAutoCString origin;
+ rv = principal->GetOrigin(origin);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ ToLowerCase(origin);
+
+ if (origins.IndexOf(origin) == Origins::NoIndex) {
+ origins.AppendElement(origin);
+ }
+ }
+
+ nsCOMPtr<nsIBrowserUsage> bu =
+ do_ImportModule("resource:///modules/BrowserUsageTelemetry.jsm");
+ if (NS_WARN_IF(!bu)) {
+ return false;
+ }
+
+ uint32_t uniqueDomainsVisitedInPast24Hours = 0;
+ rv = bu->GetUniqueDomainsVisitedInPast24Hours(
+ &uniqueDomainsVisitedInPast24Hours);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return false;
+ }
+
+ // one percent of the number of top-levels origins visited in the current
+ // session (but not to exceed 24 hours), or the value of the
+ // dom.storage_access.max_concurrent_auto_grants preference, whichever is
+ // higher.
+ size_t maxConcurrentAutomaticGrants = std::max(
+ std::max(int(std::floor(uniqueDomainsVisitedInPast24Hours / 100)),
+ StaticPrefs::dom_storage_access_max_concurrent_auto_grants()),
+ 0);
+
+ size_t originsThirdPartyHasAccessTo = origins.Length();
+
+ return StaticPrefs::dom_storage_access_auto_grants() &&
+ originsThirdPartyHasAccessTo < maxConcurrentAutomaticGrants;
+}
+
+void Document::RecordNavigationTiming(ReadyState aReadyState) {
+ if (!XRE_IsContentProcess()) {
+ return;
+ }
+ if (!IsTopLevelContentDocument()) {
+ return;
+ }
+ // If we dont have the timing yet (mostly because the doc is still loading),
+ // get it from docshell.
+ RefPtr<nsDOMNavigationTiming> timing = mTiming;
+ if (!timing) {
+ if (!mDocumentContainer) {
+ return;
+ }
+ timing = mDocumentContainer->GetNavigationTiming();
+ if (!timing) {
+ return;
+ }
+ }
+ TimeStamp startTime = timing->GetNavigationStartTimeStamp();
+ switch (aReadyState) {
+ case READYSTATE_LOADING:
+ if (!mDOMLoadingSet) {
+ Telemetry::AccumulateTimeDelta(Telemetry::TIME_TO_DOM_LOADING_MS,
+ startTime);
+ mDOMLoadingSet = true;
+ }
+ break;
+ case READYSTATE_INTERACTIVE:
+ if (!mDOMInteractiveSet) {
+ Telemetry::AccumulateTimeDelta(Telemetry::TIME_TO_DOM_INTERACTIVE_MS,
+ startTime);
+ mDOMInteractiveSet = true;
+ }
+ break;
+ case READYSTATE_COMPLETE:
+ if (!mDOMCompleteSet) {
+ Telemetry::AccumulateTimeDelta(Telemetry::TIME_TO_DOM_COMPLETE_MS,
+ startTime);
+ mDOMCompleteSet = true;
+ }
+ break;
+ default:
+ NS_WARNING("Unexpected ReadyState value");
+ break;
+ }
+}
+
+bool Document::ModuleScriptsEnabled() {
+ return nsContentUtils::IsChromeDoc(this) ||
+ StaticPrefs::dom_moduleScripts_enabled();
+}
+
+void Document::ReportShadowDOMUsage() {
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ if (NS_WARN_IF(!inner)) {
+ return;
+ }
+
+ WindowContext* wc = inner->GetWindowContext();
+ if (NS_WARN_IF(!wc || wc->IsDiscarded())) {
+ return;
+ }
+
+ WindowContext* topWc = wc->TopWindowContext();
+ if (topWc->GetHasReportedShadowDOMUsage()) {
+ return;
+ }
+
+ MOZ_ALWAYS_SUCCEEDS(topWc->SetHasReportedShadowDOMUsage(true));
+}
+
+// static
+bool Document::StorageAccessSandboxed(uint32_t aSandboxFlags) {
+ return StaticPrefs::dom_storage_access_enabled() &&
+ (aSandboxFlags & SANDBOXED_STORAGE_ACCESS) != 0;
+}
+
+bool Document::StorageAccessSandboxed() const {
+ return Document::StorageAccessSandboxed(GetSandboxFlags());
+}
+
+bool Document::GetCachedSizes(nsTabSizes* aSizes) {
+ if (mCachedTabSizeGeneration == 0 ||
+ GetGeneration() != mCachedTabSizeGeneration) {
+ return false;
+ }
+ aSizes->mDom += mCachedTabSizes.mDom;
+ aSizes->mStyle += mCachedTabSizes.mStyle;
+ aSizes->mOther += mCachedTabSizes.mOther;
+ return true;
+}
+
+void Document::SetCachedSizes(nsTabSizes* aSizes) {
+ mCachedTabSizes.mDom = aSizes->mDom;
+ mCachedTabSizes.mStyle = aSizes->mStyle;
+ mCachedTabSizes.mOther = aSizes->mOther;
+ mCachedTabSizeGeneration = GetGeneration();
+}
+
+already_AddRefed<nsAtom> Document::GetContentLanguageAsAtomForStyle() const {
+ nsAutoString contentLang;
+ GetContentLanguage(contentLang);
+ contentLang.StripWhitespace();
+
+ // Content-Language may be a comma-separated list of language codes,
+ // in which case the HTML5 spec says to treat it as unknown
+ if (!contentLang.IsEmpty() && !contentLang.Contains(char16_t(','))) {
+ return NS_Atomize(contentLang);
+ }
+
+ return nullptr;
+}
+
+already_AddRefed<nsAtom> Document::GetLanguageForStyle() const {
+ RefPtr<nsAtom> lang = GetContentLanguageAsAtomForStyle();
+ if (!lang) {
+ lang = mLanguageFromCharset;
+ }
+ return lang.forget();
+}
+
+const LangGroupFontPrefs* Document::GetFontPrefsForLang(
+ nsAtom* aLanguage, bool* aNeedsToCache) const {
+ nsAtom* lang = aLanguage ? aLanguage : mLanguageFromCharset.get();
+ return StaticPresData::Get()->GetFontPrefsForLang(lang, aNeedsToCache);
+}
+
+void Document::DoCacheAllKnownLangPrefs() {
+ MOZ_ASSERT(mMayNeedFontPrefsUpdate);
+ RefPtr<nsAtom> lang = GetLanguageForStyle();
+ StaticPresData* data = StaticPresData::Get();
+ data->GetFontPrefsForLang(lang ? lang.get() : mLanguageFromCharset.get());
+ data->GetFontPrefsForLang(nsGkAtoms::x_math);
+ // https://bugzilla.mozilla.org/show_bug.cgi?id=1362599#c12
+ data->GetFontPrefsForLang(nsGkAtoms::Unicode);
+ for (auto iter = mLanguagesUsed.Iter(); !iter.Done(); iter.Next()) {
+ data->GetFontPrefsForLang(iter.Get()->GetKey());
+ }
+ mMayNeedFontPrefsUpdate = false;
+}
+
+void Document::RecomputeLanguageFromCharset() {
+ nsLanguageAtomService* service = nsLanguageAtomService::GetService();
+ RefPtr<nsAtom> language = service->LookupCharSet(mCharacterSet);
+ if (language == nsGkAtoms::Unicode) {
+ language = service->GetLocaleLanguage();
+ }
+
+ if (language == mLanguageFromCharset) {
+ return;
+ }
+
+ mMayNeedFontPrefsUpdate = true;
+ mLanguageFromCharset = std::move(language);
+}
+
+nsICookieJarSettings* Document::CookieJarSettings() {
+ // If we are here, this is probably a javascript: URL document. In any case,
+ // we must have a nsCookieJarSettings. Let's create it.
+ if (!mCookieJarSettings) {
+ Document* inProcessParent = GetInProcessParentDocument();
+
+ mCookieJarSettings =
+ inProcessParent
+ ? net::CookieJarSettings::Create(
+ inProcessParent->CookieJarSettings()->GetCookieBehavior(),
+ mozilla::net::CookieJarSettings::Cast(
+ inProcessParent->CookieJarSettings())
+ ->GetPartitionKey(),
+ inProcessParent->CookieJarSettings()
+ ->GetIsFirstPartyIsolated(),
+ inProcessParent->CookieJarSettings()
+ ->GetIsOnContentBlockingAllowList())
+ : net::CookieJarSettings::Create();
+
+ if (auto* wgc = GetWindowGlobalChild()) {
+ net::CookieJarSettingsArgs csArgs;
+ net::CookieJarSettings::Cast(mCookieJarSettings)->Serialize(csArgs);
+ // Update cookie settings in the parent process
+ if (!wgc->SendUpdateCookieJarSettings(csArgs)) {
+ NS_WARNING(
+ "Failed to update document's cookie jar settings on the "
+ "WindowGlobalParent");
+ }
+ }
+ }
+
+ return mCookieJarSettings;
+}
+
+bool Document::HasStorageAccessPermissionGranted() {
+ // The HasStoragePermission flag in LoadInfo remains fixed when
+ // it is set in the parent process, so we need to check the cache
+ // to see if the permission is granted afterwards.
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ if (inner && inner->HasStorageAccessPermissionGranted()) {
+ return true;
+ }
+
+ if (!mChannel) {
+ return false;
+ }
+
+ nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo();
+ return loadInfo->GetHasStoragePermission();
+}
+
+nsIPrincipal* Document::EffectiveStoragePrincipal() const {
+ nsPIDOMWindowInner* inner = GetInnerWindow();
+ if (!inner) {
+ return NodePrincipal();
+ }
+
+ // Return our cached storage principal if one exists.
+ if (mActiveStoragePrincipal) {
+ return mActiveStoragePrincipal;
+ }
+
+ // We use the lower-level ContentBlocking API here to ensure this
+ // check doesn't send notifications.
+ uint32_t rejectedReason = 0;
+ if (ContentBlocking::ShouldAllowAccessFor(inner, GetDocumentURI(),
+ &rejectedReason)) {
+ return mActiveStoragePrincipal = NodePrincipal();
+ }
+
+ // Let's use the storage principal only if we need to partition the cookie
+ // jar. When the permission is granted, access will be different and the
+ // normal principal will be used.
+ if (ShouldPartitionStorage(rejectedReason) &&
+ !StoragePartitioningEnabled(
+ rejectedReason, const_cast<Document*>(this)->CookieJarSettings())) {
+ return mActiveStoragePrincipal = NodePrincipal();
+ }
+
+ return mActiveStoragePrincipal = mPartitionedPrincipal;
+}
+
+void Document::SetIsInitialDocument(bool aIsInitialDocument) {
+ mIsInitialDocumentInWindow = aIsInitialDocument;
+
+ // Asynchronously tell the parent process that we are, or are no longer, the
+ // initial document. This happens async.
+ if (auto* wgc = GetWindowGlobalChild()) {
+ wgc->SendSetIsInitialDocument(aIsInitialDocument);
+ }
+}
+
+// static
+void Document::AddToplevelLoadingDocument(Document* aDoc) {
+ MOZ_ASSERT(aDoc && aDoc->IsTopLevelContentDocument());
+ // Currently we're interested in foreground documents only, so bail out early.
+ if (aDoc->IsInBackgroundWindow() || !XRE_IsContentProcess()) {
+ return;
+ }
+
+ if (!sLoadingForegroundTopLevelContentDocument) {
+ sLoadingForegroundTopLevelContentDocument = new AutoTArray<Document*, 8>();
+ mozilla::ipc::IdleSchedulerChild* idleScheduler =
+ mozilla::ipc::IdleSchedulerChild::GetMainThreadIdleScheduler();
+ if (idleScheduler) {
+ idleScheduler->SendRunningPrioritizedOperation();
+ }
+ }
+ if (!sLoadingForegroundTopLevelContentDocument->Contains(aDoc)) {
+ sLoadingForegroundTopLevelContentDocument->AppendElement(aDoc);
+ }
+}
+
+// static
+void Document::RemoveToplevelLoadingDocument(Document* aDoc) {
+ MOZ_ASSERT(aDoc && aDoc->IsTopLevelContentDocument());
+ if (sLoadingForegroundTopLevelContentDocument) {
+ sLoadingForegroundTopLevelContentDocument->RemoveElement(aDoc);
+ if (sLoadingForegroundTopLevelContentDocument->IsEmpty()) {
+ delete sLoadingForegroundTopLevelContentDocument;
+ sLoadingForegroundTopLevelContentDocument = nullptr;
+
+ mozilla::ipc::IdleSchedulerChild* idleScheduler =
+ mozilla::ipc::IdleSchedulerChild::GetMainThreadIdleScheduler();
+ if (idleScheduler) {
+ idleScheduler->SendPrioritizedOperationDone();
+ }
+ }
+ }
+}
+
+StylePrefersColorScheme Document::PrefersColorScheme(
+ IgnoreRFP aIgnoreRFP) const {
+ if (aIgnoreRFP == IgnoreRFP::No &&
+ nsContentUtils::ShouldResistFingerprinting(this)) {
+ return StylePrefersColorScheme::Light;
+ }
+
+ if (nsPresContext* pc = GetPresContext()) {
+ if (auto devtoolsOverride = pc->GetOverridePrefersColorScheme()) {
+ return *devtoolsOverride;
+ }
+
+ if (pc->IsPrintingOrPrintPreview()) {
+ return StylePrefersColorScheme::Light;
+ }
+ }
+
+ const bool dark =
+ !!LookAndFeel::GetInt(LookAndFeel::IntID::SystemUsesDarkTheme, 0);
+ return dark ? StylePrefersColorScheme::Dark : StylePrefersColorScheme::Light;
+}
+
+// static
+bool Document::UseOverlayScrollbars(const Document* aDocument) {
+ BrowsingContext* bc = aDocument ? aDocument->GetBrowsingContext() : nullptr;
+ return LookAndFeel::GetInt(LookAndFeel::IntID::UseOverlayScrollbars) ||
+ (bc && bc->InRDMPane());
+}
+
+bool Document::HasRecentlyStartedForegroundLoads() {
+ if (!sLoadingForegroundTopLevelContentDocument) {
+ return false;
+ }
+
+ for (size_t i = 0; i < sLoadingForegroundTopLevelContentDocument->Length();
+ ++i) {
+ Document* doc = sLoadingForegroundTopLevelContentDocument->ElementAt(i);
+ // A page loaded in foreground could be in background now.
+ if (!doc->IsInBackgroundWindow()) {
+ nsPIDOMWindowInner* win = doc->GetInnerWindow();
+ if (win) {
+ Performance* perf = win->GetPerformance();
+ if (perf &&
+ perf->Now() < StaticPrefs::page_load_deprioritization_period()) {
+ return true;
+ }
+ }
+ }
+ }
+
+ // Didn't find any loading foreground documents, just clear the array.
+ delete sLoadingForegroundTopLevelContentDocument;
+ sLoadingForegroundTopLevelContentDocument = nullptr;
+
+ mozilla::ipc::IdleSchedulerChild* idleScheduler =
+ mozilla::ipc::IdleSchedulerChild::GetMainThreadIdleScheduler();
+ if (idleScheduler) {
+ idleScheduler->SendPrioritizedOperationDone();
+ }
+ return false;
+}
+
+void Document::AddPendingFrameStaticClone(nsFrameLoaderOwner* aElement,
+ nsFrameLoader* aStaticCloneOf) {
+ PendingFrameStaticClone* clone = mPendingFrameStaticClones.AppendElement();
+ clone->mElement = aElement;
+ clone->mStaticCloneOf = aStaticCloneOf;
+}
+
+bool Document::ShouldAvoidNativeTheme() const {
+ return StaticPrefs::widget_disable_native_theme_for_content() &&
+ (!IsInChromeDocShell() || XRE_IsContentProcess());
+}
+
+bool Document::UseRegularPrincipal() const {
+ return EffectiveStoragePrincipal() == NodePrincipal();
+}
+
+bool Document::HasThirdPartyChannel() {
+ nsCOMPtr<nsIChannel> channel = GetChannel();
+ if (channel) {
+ // We assume that the channel is a third-party by default.
+ bool thirdParty = true;
+
+ nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = services::GetThirdPartyUtil();
+ if (!thirdPartyUtil) {
+ return thirdParty;
+ }
+
+ // Check that if the channel is a third-party to its parent.
+ nsresult rv =
+ thirdPartyUtil->IsThirdPartyChannel(channel, nullptr, &thirdParty);
+ if (NS_FAILED(rv)) {
+ // Assume third-party in case of failure
+ thirdParty = true;
+ }
+
+ return thirdParty;
+ }
+
+ if (mParentDocument) {
+ return mParentDocument->HasThirdPartyChannel();
+ }
+
+ return false;
+}
+
+bool Document::ShouldIncludeInTelemetry(bool aAllowExtensionURIs) {
+ if (!(IsContentDocument() || IsResourceDoc())) {
+ return false;
+ }
+
+ if (!aAllowExtensionURIs &&
+ NodePrincipal()->GetIsAddonOrExpandedAddonPrincipal()) {
+ return false;
+ }
+
+ return !NodePrincipal()->SchemeIs("about") &&
+ !NodePrincipal()->SchemeIs("chrome") &&
+ !NodePrincipal()->SchemeIs("resource");
+}
+
+void Document::GetConnectedShadowRoots(
+ nsTArray<RefPtr<ShadowRoot>>& aOut) const {
+ aOut.SetCapacity(mComposedShadowRoots.Count());
+ for (const auto& entry : mComposedShadowRoots) {
+ aOut.AppendElement(entry.GetKey());
+ }
+}
+
+bool Document::HasPictureInPictureChildElement() const {
+ return mPictureInPictureChildElementCount > 0;
+}
+
+void Document::EnableChildElementInPictureInPictureMode() {
+ mPictureInPictureChildElementCount++;
+ MOZ_ASSERT(mPictureInPictureChildElementCount >= 0);
+}
+
+void Document::DisableChildElementInPictureInPictureMode() {
+ mPictureInPictureChildElementCount--;
+ MOZ_ASSERT(mPictureInPictureChildElementCount >= 0);
+}
+
+} // namespace mozilla::dom