diff options
Diffstat (limited to 'dom/base/Document.cpp')
-rw-r--r-- | dom/base/Document.cpp | 19019 |
1 files changed, 19019 insertions, 0 deletions
diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp new file mode 100644 index 0000000000..819cd8c11d --- /dev/null +++ b/dom/base/Document.cpp @@ -0,0 +1,19019 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Base class for all our document implementations. + */ + +#include "mozilla/dom/Document.h" +#include "mozilla/dom/DocumentInlines.h" + +#include <inttypes.h> +#include <stdlib.h> +#include <string.h> +#include <algorithm> +#include <cstddef> +#include <cstdint> +#include <initializer_list> +#include <iterator> +#include <limits> +#include <type_traits> +#include "Attr.h" +#include "ErrorList.h" +#include "ExpandedPrincipal.h" +#include "MainThreadUtils.h" +#include "MobileViewportManager.h" +#include "NodeUbiReporting.h" +#include "PLDHashTable.h" +#include "StorageAccessPermissionRequest.h" +#include "ThirdPartyUtil.h" +#include "domstubs.h" +#include "gfxPlatform.h" +#include "imgIContainer.h" +#include "imgLoader.h" +#include "imgRequestProxy.h" +#include "js/Value.h" +#include "jsapi.h" +#include "mozAutoDocUpdate.h" +#include "mozIDOMWindow.h" +#include "mozIThirdPartyUtil.h" +#include "mozilla/AntiTrackingUtils.h" +#include "mozilla/ArrayIterator.h" +#include "mozilla/ArrayUtils.h" +#include "mozilla/AsyncEventDispatcher.h" +#include "mozilla/Base64.h" +#include "mozilla/BasePrincipal.h" +#include "mozilla/CSSEnabledState.h" +#include "mozilla/ContentBlockingAllowList.h" +#include "mozilla/ContentBlockingNotifier.h" +#include "mozilla/ContentBlockingUserInteraction.h" +#include "mozilla/ContentPrincipal.h" +#include "mozilla/CycleCollectedJSContext.h" +#include "mozilla/DebugOnly.h" +#include "mozilla/ProfilerMarkers.h" +#include "mozilla/AttributeStyles.h" +#include "mozilla/DocumentStyleRootIterator.h" +#include "mozilla/EditorBase.h" +#include "mozilla/EditorCommands.h" +#include "mozilla/Encoding.h" +#include "mozilla/ErrorResult.h" +#include "mozilla/EventDispatcher.h" +#include "mozilla/EventListenerManager.h" +#include "mozilla/EventQueue.h" +#include "mozilla/EventStateManager.h" +#include "mozilla/ExtensionPolicyService.h" +#include "mozilla/FullscreenChange.h" +#include "mozilla/GlobalStyleSheetCache.h" +#include "mozilla/MappedDeclarationsBuilder.h" +#include "mozilla/HTMLEditor.h" +#include "mozilla/HoldDropJSObjects.h" +#include "mozilla/IdentifierMapEntry.h" +#include "mozilla/InputTaskManager.h" +#include "mozilla/IntegerRange.h" +#include "mozilla/InternalMutationEvent.h" +#include "mozilla/Likely.h" +#include "mozilla/Logging.h" +#include "mozilla/LookAndFeel.h" +#include "mozilla/MacroForEach.h" +#include "mozilla/Maybe.h" +#include "mozilla/MediaFeatureChange.h" +#include "mozilla/MediaManager.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/NullPrincipal.h" +#include "mozilla/OriginAttributes.h" +#include "mozilla/OwningNonNull.h" +#include "mozilla/PendingFullscreenEvent.h" +#include "mozilla/PermissionDelegateHandler.h" +#include "mozilla/PermissionManager.h" +#include "mozilla/Preferences.h" +#include "mozilla/PreloadHashKey.h" +#include "mozilla/PresShell.h" +#include "mozilla/PresShellForwards.h" +#include "mozilla/PresShellInlines.h" +#include "mozilla/PseudoStyleType.h" +#include "mozilla/RefCountType.h" +#include "mozilla/RelativeTo.h" +#include "mozilla/RestyleManager.h" +#include "mozilla/ReverseIterator.h" +#include "mozilla/SchedulerGroup.h" +#include "mozilla/ScrollTimelineAnimationTracker.h" +#include "mozilla/SMILAnimationController.h" +#include "mozilla/SMILTimeContainer.h" +#include "mozilla/ScopeExit.h" +#include "mozilla/Components.h" +#include "mozilla/ServoStyleConsts.h" +#include "mozilla/ServoTypes.h" +#include "mozilla/SizeOfState.h" +#include "mozilla/Span.h" +#include "mozilla/Sprintf.h" +#include "mozilla/StaticAnalysisFunctions.h" +#include "mozilla/StaticPrefs_apz.h" +#include "mozilla/StaticPrefs_browser.h" +#include "mozilla/StaticPrefs_docshell.h" +#include "mozilla/StaticPrefs_dom.h" +#include "mozilla/StaticPrefs_fission.h" +#include "mozilla/StaticPrefs_full_screen_api.h" +#include "mozilla/StaticPrefs_layout.h" +#include "mozilla/StaticPrefs_network.h" +#include "mozilla/StaticPrefs_page_load.h" +#include "mozilla/StaticPrefs_privacy.h" +#include "mozilla/StaticPrefs_security.h" +#include "mozilla/StaticPrefs_widget.h" +#include "mozilla/StaticPresData.h" +#include "mozilla/StorageAccess.h" +#include "mozilla/StoragePrincipalHelper.h" +#include "mozilla/StyleSheet.h" +#include "mozilla/Telemetry.h" +#include "mozilla/TelemetryScalarEnums.h" +#include "mozilla/TextControlElement.h" +#include "mozilla/TextEditor.h" +#include "mozilla/TypedEnumBits.h" +#include "mozilla/URLDecorationStripper.h" +#include "mozilla/URLExtraData.h" +#include "mozilla/Unused.h" +#include "mozilla/css/ImageLoader.h" +#include "mozilla/css/Loader.h" +#include "mozilla/css/Rule.h" +#include "mozilla/css/SheetParsingMode.h" +#include "mozilla/dom/AnonymousContent.h" +#include "mozilla/dom/BlobURLProtocolHandler.h" +#include "mozilla/dom/BrowserChild.h" +#include "mozilla/dom/BrowsingContext.h" +#include "mozilla/dom/BrowsingContextGroup.h" +#include "mozilla/dom/CanonicalBrowsingContext.h" +#include "mozilla/dom/CanvasRenderingContextHelper.h" +#include "mozilla/dom/CDATASection.h" +#include "mozilla/dom/CSPDictionariesBinding.h" +#include "mozilla/dom/ChromeObserver.h" +#include "mozilla/dom/ClientInfo.h" +#include "mozilla/dom/ClientState.h" +#include "mozilla/dom/Comment.h" +#include "mozilla/dom/ContentChild.h" +#include "mozilla/dom/CSSBinding.h" +#include "mozilla/dom/CSSCustomPropertyRegisteredEvent.h" +#include "mozilla/dom/DOMImplementation.h" +#include "mozilla/dom/DOMIntersectionObserver.h" +#include "mozilla/dom/DOMStringList.h" +#include "mozilla/dom/DocGroup.h" +#include "mozilla/dom/DocumentBinding.h" +#include "mozilla/dom/DocumentFragment.h" +#include "mozilla/dom/DocumentL10n.h" +#include "mozilla/dom/DocumentTimeline.h" +#include "mozilla/dom/DocumentType.h" +#include "mozilla/dom/ElementBinding.h" +#include "mozilla/dom/ErrorEvent.h" +#include "mozilla/dom/Event.h" +#include "mozilla/dom/EventListenerBinding.h" +#include "mozilla/dom/FailedCertSecurityInfoBinding.h" +#include "mozilla/dom/FeaturePolicy.h" +#include "mozilla/dom/FeaturePolicyUtils.h" +#include "mozilla/dom/FontFaceSet.h" +#include "mozilla/dom/FromParser.h" +#include "mozilla/dom/HighlightRegistry.h" +#include "mozilla/dom/HTMLAllCollection.h" +#include "mozilla/dom/HTMLBodyElement.h" +#include "mozilla/dom/HTMLCollectionBinding.h" +#include "mozilla/dom/HTMLDialogElement.h" +#include "mozilla/dom/HTMLFormElement.h" +#include "mozilla/dom/HTMLIFrameElement.h" +#include "mozilla/dom/HTMLImageElement.h" +#include "mozilla/dom/HTMLInputElement.h" +#include "mozilla/dom/HTMLLinkElement.h" +#include "mozilla/dom/HTMLMediaElement.h" +#include "mozilla/dom/HTMLMetaElement.h" +#include "mozilla/dom/HTMLSharedElement.h" +#include "mozilla/dom/HTMLTextAreaElement.h" +#include "mozilla/dom/ImageTracker.h" +#include "mozilla/dom/InspectorUtils.h" +#include "mozilla/dom/Link.h" +#include "mozilla/dom/MediaQueryList.h" +#include "mozilla/dom/MediaSource.h" +#include "mozilla/dom/MutationObservers.h" +#include "mozilla/dom/NameSpaceConstants.h" +#include "mozilla/dom/Navigator.h" +#include "mozilla/dom/NetErrorInfoBinding.h" +#include "mozilla/dom/NodeInfo.h" +#include "mozilla/dom/NodeIterator.h" +#include "mozilla/dom/PContentChild.h" +#include "mozilla/dom/PWindowGlobalChild.h" +#include "mozilla/dom/PageTransitionEvent.h" +#include "mozilla/dom/PageTransitionEventBinding.h" +#include "mozilla/dom/Performance.h" +#include "mozilla/dom/PermissionMessageUtils.h" +#include "mozilla/dom/PostMessageEvent.h" +#include "mozilla/dom/ProcessingInstruction.h" +#include "mozilla/dom/Promise.h" +#include "mozilla/dom/PromiseNativeHandler.h" +#include "mozilla/dom/ResizeObserver.h" +#include "mozilla/dom/RustTypes.h" +#include "mozilla/dom/SVGElement.h" +#include "mozilla/dom/SVGDocument.h" +#include "mozilla/dom/SVGSVGElement.h" +#include "mozilla/dom/SVGUseElement.h" +#include "mozilla/dom/ScriptLoader.h" +#include "mozilla/dom/ScriptSettings.h" +#include "mozilla/dom/Selection.h" +#include "mozilla/dom/ServiceWorkerContainer.h" +#include "mozilla/dom/ServiceWorkerDescriptor.h" +#include "mozilla/dom/ServiceWorkerManager.h" +#include "mozilla/dom/ShadowIncludingTreeIterator.h" +#include "mozilla/dom/ShadowRoot.h" +#include "mozilla/dom/StyleSheetApplicableStateChangeEvent.h" +#include "mozilla/dom/StyleSheetApplicableStateChangeEventBinding.h" +#include "mozilla/dom/StyleSheetList.h" +#include "mozilla/dom/StyleSheetRemovedEvent.h" +#include "mozilla/dom/StyleSheetRemovedEventBinding.h" +#include "mozilla/dom/TimeoutManager.h" +#include "mozilla/dom/ToggleEvent.h" +#include "mozilla/dom/Touch.h" +#include "mozilla/dom/TouchEvent.h" +#include "mozilla/dom/TreeOrderedArrayInlines.h" +#include "mozilla/dom/TreeWalker.h" +#include "mozilla/dom/URL.h" +#include "mozilla/dom/UseCounterMetrics.h" +#include "mozilla/dom/UserActivation.h" +#include "mozilla/dom/WakeLockJS.h" +#include "mozilla/dom/WakeLockSentinel.h" +#include "mozilla/dom/WindowBinding.h" +#include "mozilla/dom/WindowContext.h" +#include "mozilla/dom/WindowGlobalChild.h" +#include "mozilla/dom/WindowProxyHolder.h" +#include "mozilla/dom/WorkerDocumentListener.h" +#include "mozilla/dom/XPathEvaluator.h" +#include "mozilla/dom/XPathExpression.h" +#include "mozilla/dom/nsCSPContext.h" +#include "mozilla/dom/nsCSPUtils.h" +#include "mozilla/extensions/WebExtensionPolicy.h" +#include "mozilla/fallible.h" +#include "mozilla/gfx/BaseCoord.h" +#include "mozilla/gfx/BaseSize.h" +#include "mozilla/gfx/Coord.h" +#include "mozilla/gfx/Point.h" +#include "mozilla/gfx/ScaleFactor.h" +#include "mozilla/glean/GleanMetrics.h" +#include "mozilla/intl/LocaleService.h" +#include "mozilla/ipc/IdleSchedulerChild.h" +#include "mozilla/ipc/MessageChannel.h" +#include "mozilla/net/ChannelEventQueue.h" +#include "mozilla/net/CookieJarSettings.h" +#include "mozilla/net/NeckoChannelParams.h" +#include "mozilla/net/RequestContextService.h" +#include "nsAboutProtocolUtils.h" +#include "nsAlgorithm.h" +#include "nsAttrValue.h" +#include "nsAttrValueInlines.h" +#include "nsBaseHashtable.h" +#include "nsBidiUtils.h" +#include "nsCRT.h" +#include "nsCSSPropertyID.h" +#include "nsCSSProps.h" +#include "nsCSSPseudoElements.h" +#include "nsCSSRendering.h" +#include "nsCanvasFrame.h" +#include "nsCaseTreatment.h" +#include "nsCharsetSource.h" +#include "nsCommandManager.h" +#include "nsCommandParams.h" +#include "nsComponentManagerUtils.h" +#include "nsContentCreatorFunctions.h" +#include "nsContentList.h" +#include "nsContentPermissionHelper.h" +#include "nsContentSecurityUtils.h" +#include "nsContentUtils.h" +#include "nsCoord.h" +#include "nsCycleCollectionNoteChild.h" +#include "nsCycleCollectionTraversalCallback.h" +#include "nsDOMAttributeMap.h" +#include "nsDOMCaretPosition.h" +#include "nsDOMNavigationTiming.h" +#include "nsDOMString.h" +#include "nsDeviceContext.h" +#include "nsDocShell.h" +#include "nsDocShellLoadTypes.h" +#include "nsEffectiveTLDService.h" +#include "nsError.h" +#include "nsEscape.h" +#include "nsFocusManager.h" +#include "nsFrameLoader.h" +#include "nsFrameLoaderOwner.h" +#include "nsGenericHTMLElement.h" +#include "nsGlobalWindowInner.h" +#include "nsGlobalWindowOuter.h" +#include "nsHTMLDocument.h" +#include "nsHtml5Module.h" +#include "nsHtml5Parser.h" +#include "nsHtml5TreeOpExecutor.h" +#include "nsIAsyncShutdown.h" +#include "nsIAuthPrompt.h" +#include "nsIAuthPrompt2.h" +#include "nsIBFCacheEntry.h" +#include "nsIBaseWindow.h" +#include "nsIBrowserChild.h" +#include "nsIBrowserUsage.h" +#include "nsICSSLoaderObserver.h" +#include "nsICategoryManager.h" +#include "nsICertOverrideService.h" +#include "nsIContent.h" +#include "nsIContentInlines.h" +#include "nsIContentPolicy.h" +#include "nsIContentSecurityPolicy.h" +#include "nsIContentSink.h" +#include "nsICookieJarSettings.h" +#include "nsICookieService.h" +#include "nsIDOMXULCommandDispatcher.h" +#include "nsIDocShell.h" +#include "nsIDocShellTreeItem.h" +#include "nsIDocumentActivity.h" +#include "nsIDocumentEncoder.h" +#include "nsIDocumentLoader.h" +#include "nsIDocumentLoaderFactory.h" +#include "nsIDocumentObserver.h" +#include "nsIDNSService.h" +#include "nsIEditingSession.h" +#include "nsIEditor.h" +#include "nsIEffectiveTLDService.h" +#include "nsIFile.h" +#include "nsIFileChannel.h" +#include "nsIFrame.h" +#include "nsIGlobalObject.h" +#include "nsIHTMLCollection.h" +#include "nsIHttpChannel.h" +#include "nsIHttpChannelInternal.h" +#include "nsIIOService.h" +#include "nsIImageLoadingContent.h" +#include "nsIInlineSpellChecker.h" +#include "nsIInputStreamChannel.h" +#include "nsIInterfaceRequestorUtils.h" +#include "nsILayoutHistoryState.h" +#include "nsIMultiPartChannel.h" +#include "nsIMutationObserver.h" +#include "nsINSSErrorsService.h" +#include "nsINamed.h" +#include "nsINodeList.h" +#include "nsIObjectLoadingContent.h" +#include "nsIObserverService.h" +#include "nsIPermission.h" +#include "nsIPrompt.h" +#include "nsIPropertyBag2.h" +#include "nsIPublicKeyPinningService.h" +#include "nsIReferrerInfo.h" +#include "nsIRefreshURI.h" +#include "nsIRequest.h" +#include "nsIRequestContext.h" +#include "nsIRunnable.h" +#include "nsISHEntry.h" +#include "nsIScriptElement.h" +#include "nsIScriptError.h" +#include "nsIScriptGlobalObject.h" +#include "nsIScriptSecurityManager.h" +#include "nsISecurityConsoleMessage.h" +#include "nsISelectionController.h" +#include "nsISerialEventTarget.h" +#include "nsISimpleEnumerator.h" +#include "nsISiteSecurityService.h" +#include "nsISocketProvider.h" +#include "nsISpeculativeConnect.h" +#include "nsIStructuredCloneContainer.h" +#include "nsIThread.h" +#include "nsITimedChannel.h" +#include "nsITimer.h" +#include "nsITransportSecurityInfo.h" +#include "nsIURIMutator.h" +#include "nsIVariant.h" +#include "nsIWeakReference.h" +#include "nsIWebNavigation.h" +#include "nsIWidget.h" +#include "nsIX509Cert.h" +#include "nsIX509CertValidity.h" +#include "nsIXMLContentSink.h" +#include "nsIHTMLContentSink.h" +#include "nsIXULRuntime.h" +#include "nsImageLoadingContent.h" +#include "nsImportModule.h" +#include "nsLanguageAtomService.h" +#include "nsLayoutUtils.h" +#include "nsMimeTypes.h" +#include "nsNetCID.h" +#include "nsNetUtil.h" +#include "nsNodeInfoManager.h" +#include "nsObjectLoadingContent.h" +#include "nsPIDOMWindowInlines.h" +#include "nsPIWindowRoot.h" +#include "nsPoint.h" +#include "nsPointerHashKeys.h" +#include "nsPresContext.h" +#include "nsQueryFrame.h" +#include "nsQueryObject.h" +#include "nsRange.h" +#include "nsRect.h" +#include "nsRefreshDriver.h" +#include "nsSandboxFlags.h" +#include "nsSerializationHelper.h" +#include "nsServiceManagerUtils.h" +#include "nsStringFlags.h" +#include "nsStyleUtil.h" +#include "nsStringIterator.h" +#include "nsStyleSheetService.h" +#include "nsStyleStruct.h" +#include "nsTextNode.h" +#include "nsUnicharUtils.h" +#include "nsWrapperCache.h" +#include "nsWrapperCacheInlines.h" +#include "nsXPCOMCID.h" +#include "nsXULAppAPI.h" +#include "prthread.h" +#include "prtime.h" +#include "prtypes.h" +#include "xpcpublic.h" + +// XXX Must be included after mozilla/Encoding.h +#include "encoding_rs.h" + +#include "mozilla/dom/XULBroadcastManager.h" +#include "mozilla/dom/XULPersist.h" +#include "nsIAppWindow.h" +#include "nsXULPrototypeDocument.h" +#include "nsXULCommandDispatcher.h" +#include "nsXULPopupManager.h" +#include "nsIDocShellTreeOwner.h" + +#define XML_DECLARATION_BITS_DECLARATION_EXISTS (1 << 0) +#define XML_DECLARATION_BITS_ENCODING_EXISTS (1 << 1) +#define XML_DECLARATION_BITS_STANDALONE_EXISTS (1 << 2) +#define XML_DECLARATION_BITS_STANDALONE_YES (1 << 3) + +#define NS_MAX_DOCUMENT_WRITE_DEPTH 20 + +mozilla::LazyLogModule gPageCacheLog("PageCache"); +mozilla::LazyLogModule gSHIPBFCacheLog("SHIPBFCache"); +mozilla::LazyLogModule gTimeoutDeferralLog("TimeoutDefer"); +mozilla::LazyLogModule gUseCountersLog("UseCounters"); + +namespace mozilla { +namespace dom { + +class Document::HeaderData { + public: + HeaderData(nsAtom* aField, const nsAString& aData) + : mField(aField), mData(aData) {} + + ~HeaderData() { + // Delete iteratively to avoid blowing up the stack, though it shouldn't + // happen in practice. + UniquePtr<HeaderData> next = std::move(mNext); + while (next) { + next = std::move(next->mNext); + } + } + + RefPtr<nsAtom> mField; + nsString mData; + UniquePtr<HeaderData> mNext; +}; + +AutoTArray<Document*, 8>* Document::sLoadingForegroundTopLevelContentDocument = + nullptr; + +static LazyLogModule gDocumentLeakPRLog("DocumentLeak"); +static LazyLogModule gCspPRLog("CSP"); +LazyLogModule gUserInteractionPRLog("UserInteraction"); + +static nsresult GetHttpChannelHelper(nsIChannel* aChannel, + nsIHttpChannel** aHttpChannel) { + nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel); + if (httpChannel) { + httpChannel.forget(aHttpChannel); + return NS_OK; + } + + nsCOMPtr<nsIMultiPartChannel> multipart = do_QueryInterface(aChannel); + if (!multipart) { + *aHttpChannel = nullptr; + return NS_OK; + } + + nsCOMPtr<nsIChannel> baseChannel; + nsresult rv = multipart->GetBaseChannel(getter_AddRefs(baseChannel)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + httpChannel = do_QueryInterface(baseChannel); + httpChannel.forget(aHttpChannel); + + return NS_OK; +} + +} // namespace dom + +#define NAME_NOT_VALID ((nsSimpleContentList*)1) + +IdentifierMapEntry::IdentifierMapEntry( + const IdentifierMapEntry::DependentAtomOrString* aKey) + : mKey(aKey ? *aKey : nullptr) {} + +void IdentifierMapEntry::Traverse( + nsCycleCollectionTraversalCallback* aCallback) { + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, + "mIdentifierMap mNameContentList"); + aCallback->NoteXPCOMChild(static_cast<nsINodeList*>(mNameContentList)); + + if (mImageElement) { + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, + "mIdentifierMap mImageElement element"); + nsIContent* imageElement = mImageElement; + aCallback->NoteXPCOMChild(imageElement); + } +} + +bool IdentifierMapEntry::IsEmpty() { + return mIdContentList->IsEmpty() && !mNameContentList && !mChangeCallbacks && + !mImageElement; +} + +bool IdentifierMapEntry::HasNameElement() const { + return mNameContentList && mNameContentList->Length() != 0; +} + +void IdentifierMapEntry::AddContentChangeCallback( + Document::IDTargetObserver aCallback, void* aData, bool aForImage) { + if (!mChangeCallbacks) { + mChangeCallbacks = MakeUnique<nsTHashtable<ChangeCallbackEntry>>(); + } + + ChangeCallback cc = {aCallback, aData, aForImage}; + mChangeCallbacks->PutEntry(cc); +} + +void IdentifierMapEntry::RemoveContentChangeCallback( + Document::IDTargetObserver aCallback, void* aData, bool aForImage) { + if (!mChangeCallbacks) return; + ChangeCallback cc = {aCallback, aData, aForImage}; + mChangeCallbacks->RemoveEntry(cc); + if (mChangeCallbacks->Count() == 0) { + mChangeCallbacks = nullptr; + } +} + +void IdentifierMapEntry::FireChangeCallbacks(Element* aOldElement, + Element* aNewElement, + bool aImageOnly) { + if (!mChangeCallbacks) return; + + for (auto iter = mChangeCallbacks->Iter(); !iter.Done(); iter.Next()) { + IdentifierMapEntry::ChangeCallbackEntry* entry = iter.Get(); + // Don't fire image changes for non-image observers, and don't fire element + // changes for image observers when an image override is active. + if (entry->mKey.mForImage ? (mImageElement && !aImageOnly) : aImageOnly) { + continue; + } + + if (!entry->mKey.mCallback(aOldElement, aNewElement, entry->mKey.mData)) { + iter.Remove(); + } + } +} + +void IdentifierMapEntry::AddIdElement(Element* aElement) { + MOZ_ASSERT(aElement, "Must have element"); + MOZ_ASSERT(!mIdContentList->Contains(nullptr), "Why is null in our list?"); + + size_t index = mIdContentList.Insert(*aElement); + if (index == 0) { + Element* oldElement = mIdContentList->SafeElementAt(1); + FireChangeCallbacks(oldElement, aElement); + } +} + +void IdentifierMapEntry::RemoveIdElement(Element* aElement) { + MOZ_ASSERT(aElement, "Missing element"); + + // This should only be called while the document is in an update. + // Assertions near the call to this method guarantee this. + + // This could fire in OOM situations + // Only assert this in HTML documents for now as XUL does all sorts of weird + // crap. + NS_ASSERTION(!aElement->OwnerDoc()->IsHTMLDocument() || + mIdContentList->Contains(aElement), + "Removing id entry that doesn't exist"); + + // XXXbz should this ever Compact() I guess when all the content is gone + // we'll just get cleaned up in the natural order of things... + Element* currentElement = mIdContentList->SafeElementAt(0); + mIdContentList.RemoveElement(*aElement); + if (currentElement == aElement) { + FireChangeCallbacks(currentElement, mIdContentList->SafeElementAt(0)); + } +} + +void IdentifierMapEntry::SetImageElement(Element* aElement) { + Element* oldElement = GetImageIdElement(); + mImageElement = aElement; + Element* newElement = GetImageIdElement(); + if (oldElement != newElement) { + FireChangeCallbacks(oldElement, newElement, true); + } +} + +void IdentifierMapEntry::ClearAndNotify() { + Element* currentElement = mIdContentList->SafeElementAt(0); + mIdContentList.Clear(); + if (currentElement) { + FireChangeCallbacks(currentElement, nullptr); + } + mNameContentList = nullptr; + if (mImageElement) { + SetImageElement(nullptr); + } + mChangeCallbacks = nullptr; +} + +namespace dom { + +class SimpleHTMLCollection final : public nsSimpleContentList, + public nsIHTMLCollection { + public: + explicit SimpleHTMLCollection(nsINode* aRoot) : nsSimpleContentList(aRoot) {} + + NS_DECL_ISUPPORTS_INHERITED + + virtual nsINode* GetParentObject() override { + return nsSimpleContentList::GetParentObject(); + } + virtual uint32_t Length() override { return nsSimpleContentList::Length(); } + virtual Element* GetElementAt(uint32_t aIndex) override { + return mElements.SafeElementAt(aIndex)->AsElement(); + } + + virtual Element* GetFirstNamedElement(const nsAString& aName, + bool& aFound) override { + aFound = false; + RefPtr<nsAtom> name = NS_Atomize(aName); + for (uint32_t i = 0; i < mElements.Length(); i++) { + MOZ_DIAGNOSTIC_ASSERT(mElements[i]); + Element* element = mElements[i]->AsElement(); + if (element->GetID() == name || + (element->HasName() && + element->GetParsedAttr(nsGkAtoms::name)->GetAtomValue() == name)) { + aFound = true; + return element; + } + } + return nullptr; + } + + virtual void GetSupportedNames(nsTArray<nsString>& aNames) override { + AutoTArray<nsAtom*, 8> atoms; + for (uint32_t i = 0; i < mElements.Length(); i++) { + MOZ_DIAGNOSTIC_ASSERT(mElements[i]); + Element* element = mElements[i]->AsElement(); + + nsAtom* id = element->GetID(); + MOZ_ASSERT(id != nsGkAtoms::_empty); + if (id && !atoms.Contains(id)) { + atoms.AppendElement(id); + } + + if (element->HasName()) { + nsAtom* name = element->GetParsedAttr(nsGkAtoms::name)->GetAtomValue(); + MOZ_ASSERT(name && name != nsGkAtoms::_empty); + if (name && !atoms.Contains(name)) { + atoms.AppendElement(name); + } + } + } + + nsString* names = aNames.AppendElements(atoms.Length()); + for (uint32_t i = 0; i < atoms.Length(); i++) { + atoms[i]->ToString(names[i]); + } + } + + virtual JSObject* GetWrapperPreserveColorInternal() override { + return nsWrapperCache::GetWrapperPreserveColor(); + } + virtual void PreserveWrapperInternal( + nsISupports* aScriptObjectHolder) override { + nsWrapperCache::PreserveWrapper(aScriptObjectHolder); + } + virtual JSObject* WrapObject(JSContext* aCx, + JS::Handle<JSObject*> aGivenProto) override { + return HTMLCollection_Binding::Wrap(aCx, this, aGivenProto); + } + + using nsBaseContentList::Item; + + private: + virtual ~SimpleHTMLCollection() = default; +}; + +NS_IMPL_ISUPPORTS_INHERITED(SimpleHTMLCollection, nsSimpleContentList, + nsIHTMLCollection) + +} // namespace dom + +void IdentifierMapEntry::AddNameElement(nsINode* aNode, Element* aElement) { + if (!mNameContentList) { + mNameContentList = new dom::SimpleHTMLCollection(aNode); + } + + mNameContentList->AppendElement(aElement); +} + +void IdentifierMapEntry::RemoveNameElement(Element* aElement) { + if (mNameContentList) { + mNameContentList->RemoveElement(aElement); + } +} + +bool IdentifierMapEntry::HasIdElementExposedAsHTMLDocumentProperty() const { + Element* idElement = GetIdElement(); + return idElement && + nsGenericHTMLElement::ShouldExposeIdAsHTMLDocumentProperty(idElement); +} + +size_t IdentifierMapEntry::SizeOfExcludingThis( + MallocSizeOf aMallocSizeOf) const { + return mKey.mString.SizeOfExcludingThisIfUnshared(aMallocSizeOf); +} + +// Helper structs for the content->subdoc map + +class SubDocMapEntry : public PLDHashEntryHdr { + public: + // Both of these are strong references + dom::Element* mKey; // must be first, to look like PLDHashEntryStub + dom::Document* mSubDocument; +}; + +class OnloadBlocker final : public nsIRequest { + public: + OnloadBlocker() = default; + + NS_DECL_ISUPPORTS + NS_DECL_NSIREQUEST + + private: + ~OnloadBlocker() = default; +}; + +NS_IMPL_ISUPPORTS(OnloadBlocker, nsIRequest) + +NS_IMETHODIMP +OnloadBlocker::GetName(nsACString& aResult) { + aResult.AssignLiteral("about:document-onload-blocker"); + return NS_OK; +} + +NS_IMETHODIMP +OnloadBlocker::IsPending(bool* _retval) { + *_retval = true; + return NS_OK; +} + +NS_IMETHODIMP +OnloadBlocker::GetStatus(nsresult* status) { + *status = NS_OK; + return NS_OK; +} + +NS_IMETHODIMP OnloadBlocker::SetCanceledReason(const nsACString& aReason) { + return SetCanceledReasonImpl(aReason); +} + +NS_IMETHODIMP OnloadBlocker::GetCanceledReason(nsACString& aReason) { + return GetCanceledReasonImpl(aReason); +} + +NS_IMETHODIMP OnloadBlocker::CancelWithReason(nsresult aStatus, + const nsACString& aReason) { + return CancelWithReasonImpl(aStatus, aReason); +} +NS_IMETHODIMP +OnloadBlocker::Cancel(nsresult status) { return NS_OK; } +NS_IMETHODIMP +OnloadBlocker::Suspend(void) { return NS_OK; } +NS_IMETHODIMP +OnloadBlocker::Resume(void) { return NS_OK; } + +NS_IMETHODIMP +OnloadBlocker::GetLoadGroup(nsILoadGroup** aLoadGroup) { + *aLoadGroup = nullptr; + return NS_OK; +} + +NS_IMETHODIMP +OnloadBlocker::SetLoadGroup(nsILoadGroup* aLoadGroup) { return NS_OK; } + +NS_IMETHODIMP +OnloadBlocker::GetLoadFlags(nsLoadFlags* aLoadFlags) { + *aLoadFlags = nsIRequest::LOAD_NORMAL; + return NS_OK; +} + +NS_IMETHODIMP +OnloadBlocker::GetTRRMode(nsIRequest::TRRMode* aTRRMode) { + return GetTRRModeImpl(aTRRMode); +} + +NS_IMETHODIMP +OnloadBlocker::SetTRRMode(nsIRequest::TRRMode aTRRMode) { + return SetTRRModeImpl(aTRRMode); +} + +NS_IMETHODIMP +OnloadBlocker::SetLoadFlags(nsLoadFlags aLoadFlags) { return NS_OK; } + +// ================================================================== + +namespace dom { + +ExternalResourceMap::ExternalResourceMap() : mHaveShutDown(false) {} + +Document* ExternalResourceMap::RequestResource( + nsIURI* aURI, nsIReferrerInfo* aReferrerInfo, nsINode* aRequestingNode, + Document* aDisplayDocument, ExternalResourceLoad** aPendingLoad) { + // If we ever start allowing non-same-origin loads here, we might need to do + // something interesting with aRequestingPrincipal even for the hashtable + // gets. + MOZ_ASSERT(aURI, "Must have a URI"); + MOZ_ASSERT(aRequestingNode, "Must have a node"); + MOZ_ASSERT(aReferrerInfo, "Must have a referrerInfo"); + *aPendingLoad = nullptr; + if (mHaveShutDown) { + return nullptr; + } + + // First, make sure we strip the ref from aURI. + nsCOMPtr<nsIURI> clone; + nsresult rv = NS_GetURIWithoutRef(aURI, getter_AddRefs(clone)); + if (NS_FAILED(rv) || !clone) { + return nullptr; + } + + ExternalResource* resource; + mMap.Get(clone, &resource); + if (resource) { + return resource->mDocument; + } + + bool loadStartSucceeded = + mPendingLoads.WithEntryHandle(clone, [&](auto&& loadEntry) { + if (!loadEntry) { + loadEntry.Insert(MakeRefPtr<PendingLoad>(aDisplayDocument)); + + if (NS_FAILED(loadEntry.Data()->StartLoad(clone, aReferrerInfo, + aRequestingNode))) { + return false; + } + } + + RefPtr<PendingLoad> load(loadEntry.Data()); + load.forget(aPendingLoad); + return true; + }); + if (!loadStartSucceeded) { + // Make sure we don't thrash things by trying this load again, since + // chances are it failed for good reasons (security check, etc). + // This must be done outside the WithEntryHandle functor, as it accesses + // mPendingLoads. + AddExternalResource(clone, nullptr, nullptr, aDisplayDocument); + } + + return nullptr; +} + +void ExternalResourceMap::EnumerateResources(SubDocEnumFunc aCallback) { + nsTArray<RefPtr<Document>> docs(mMap.Count()); + for (const auto& entry : mMap.Values()) { + if (Document* doc = entry->mDocument) { + docs.AppendElement(doc); + } + } + + for (auto& doc : docs) { + if (aCallback(*doc) == CallState::Stop) { + return; + } + } +} + +void ExternalResourceMap::Traverse( + nsCycleCollectionTraversalCallback* aCallback) const { + // mPendingLoads will get cleared out as the requests complete, so + // no need to worry about those here. + for (const auto& entry : mMap) { + ExternalResourceMap::ExternalResource* resource = entry.GetWeak(); + + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, + "mExternalResourceMap.mMap entry" + "->mDocument"); + aCallback->NoteXPCOMChild(ToSupports(resource->mDocument)); + + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, + "mExternalResourceMap.mMap entry" + "->mViewer"); + aCallback->NoteXPCOMChild(resource->mViewer); + + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(*aCallback, + "mExternalResourceMap.mMap entry" + "->mLoadGroup"); + aCallback->NoteXPCOMChild(resource->mLoadGroup); + } +} + +void ExternalResourceMap::HideViewers() { + for (const auto& entry : mMap) { + nsCOMPtr<nsIDocumentViewer> viewer = entry.GetData()->mViewer; + if (viewer) { + viewer->Hide(); + } + } +} + +void ExternalResourceMap::ShowViewers() { + for (const auto& entry : mMap) { + nsCOMPtr<nsIDocumentViewer> viewer = entry.GetData()->mViewer; + if (viewer) { + viewer->Show(); + } + } +} + +void TransferShowingState(Document* aFromDoc, Document* aToDoc) { + MOZ_ASSERT(aFromDoc && aToDoc, "transferring showing state from/to null doc"); + + if (aFromDoc->IsShowing()) { + aToDoc->OnPageShow(true, nullptr); + } +} + +nsresult ExternalResourceMap::AddExternalResource(nsIURI* aURI, + nsIDocumentViewer* aViewer, + nsILoadGroup* aLoadGroup, + Document* aDisplayDocument) { + MOZ_ASSERT(aURI, "Unexpected call"); + MOZ_ASSERT((aViewer && aLoadGroup) || (!aViewer && !aLoadGroup), + "Must have both or neither"); + + RefPtr<PendingLoad> load; + mPendingLoads.Remove(aURI, getter_AddRefs(load)); + + nsresult rv = NS_OK; + + nsCOMPtr<Document> doc; + if (aViewer) { + doc = aViewer->GetDocument(); + NS_ASSERTION(doc, "Must have a document"); + + doc->SetDisplayDocument(aDisplayDocument); + + // Make sure that hiding our viewer will tear down its presentation. + aViewer->SetSticky(false); + + rv = aViewer->Init(nullptr, nsIntRect(0, 0, 0, 0), nullptr); + if (NS_SUCCEEDED(rv)) { + rv = aViewer->Open(nullptr, nullptr); + } + + if (NS_FAILED(rv)) { + doc = nullptr; + aViewer = nullptr; + aLoadGroup = nullptr; + } + } + + ExternalResource* newResource = + mMap.InsertOrUpdate(aURI, MakeUnique<ExternalResource>()).get(); + + newResource->mDocument = doc; + newResource->mViewer = aViewer; + newResource->mLoadGroup = aLoadGroup; + if (doc) { + if (nsPresContext* pc = doc->GetPresContext()) { + pc->RecomputeBrowsingContextDependentData(); + } + TransferShowingState(aDisplayDocument, doc); + } + + const nsTArray<nsCOMPtr<nsIObserver>>& obs = load->Observers(); + for (uint32_t i = 0; i < obs.Length(); ++i) { + obs[i]->Observe(ToSupports(doc), "external-resource-document-created", + nullptr); + } + + return rv; +} + +NS_IMPL_ISUPPORTS(ExternalResourceMap::PendingLoad, nsIStreamListener, + nsIRequestObserver) + +NS_IMETHODIMP +ExternalResourceMap::PendingLoad::OnStartRequest(nsIRequest* aRequest) { + ExternalResourceMap& map = mDisplayDocument->ExternalResourceMap(); + if (map.HaveShutDown()) { + return NS_BINDING_ABORTED; + } + + nsCOMPtr<nsIDocumentViewer> viewer; + nsCOMPtr<nsILoadGroup> loadGroup; + nsresult rv = + SetupViewer(aRequest, getter_AddRefs(viewer), getter_AddRefs(loadGroup)); + + // Make sure to do this no matter what + nsresult rv2 = + map.AddExternalResource(mURI, viewer, loadGroup, mDisplayDocument); + if (NS_FAILED(rv)) { + return rv; + } + if (NS_FAILED(rv2)) { + mTargetListener = nullptr; + return rv2; + } + + return mTargetListener->OnStartRequest(aRequest); +} + +nsresult ExternalResourceMap::PendingLoad::SetupViewer( + nsIRequest* aRequest, nsIDocumentViewer** aViewer, + nsILoadGroup** aLoadGroup) { + MOZ_ASSERT(!mTargetListener, "Unexpected call to OnStartRequest"); + *aViewer = nullptr; + *aLoadGroup = nullptr; + + nsCOMPtr<nsIChannel> chan(do_QueryInterface(aRequest)); + NS_ENSURE_TRUE(chan, NS_ERROR_UNEXPECTED); + + nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aRequest)); + if (httpChannel) { + bool requestSucceeded; + if (NS_FAILED(httpChannel->GetRequestSucceeded(&requestSucceeded)) || + !requestSucceeded) { + // Bail out on this load, since it looks like we have an HTTP error page + return NS_BINDING_ABORTED; + } + } + + nsAutoCString type; + chan->GetContentType(type); + + nsCOMPtr<nsILoadGroup> loadGroup; + chan->GetLoadGroup(getter_AddRefs(loadGroup)); + + // Give this document its own loadgroup + nsCOMPtr<nsILoadGroup> newLoadGroup = + do_CreateInstance(NS_LOADGROUP_CONTRACTID); + NS_ENSURE_TRUE(newLoadGroup, NS_ERROR_OUT_OF_MEMORY); + newLoadGroup->SetLoadGroup(loadGroup); + + nsCOMPtr<nsIInterfaceRequestor> callbacks; + loadGroup->GetNotificationCallbacks(getter_AddRefs(callbacks)); + + nsCOMPtr<nsIInterfaceRequestor> newCallbacks = + new LoadgroupCallbacks(callbacks); + newLoadGroup->SetNotificationCallbacks(newCallbacks); + + // This is some serious hackery cribbed from docshell + nsCOMPtr<nsICategoryManager> catMan = + do_GetService(NS_CATEGORYMANAGER_CONTRACTID); + NS_ENSURE_TRUE(catMan, NS_ERROR_NOT_AVAILABLE); + nsCString contractId; + nsresult rv = + catMan->GetCategoryEntry("Gecko-Content-Viewers", type, contractId); + NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr<nsIDocumentLoaderFactory> docLoaderFactory = + do_GetService(contractId.get()); + NS_ENSURE_TRUE(docLoaderFactory, NS_ERROR_NOT_AVAILABLE); + + nsCOMPtr<nsIDocumentViewer> viewer; + nsCOMPtr<nsIStreamListener> listener; + rv = docLoaderFactory->CreateInstance( + "external-resource", chan, newLoadGroup, type, nullptr, nullptr, + getter_AddRefs(listener), getter_AddRefs(viewer)); + NS_ENSURE_SUCCESS(rv, rv); + NS_ENSURE_TRUE(viewer, NS_ERROR_UNEXPECTED); + + nsCOMPtr<nsIParser> parser = do_QueryInterface(listener); + if (!parser) { + /// We don't want to deal with the various fake documents yet + return NS_ERROR_NOT_IMPLEMENTED; + } + + // We can't handle HTML and other weird things here yet. + nsIContentSink* sink = parser->GetContentSink(); + nsCOMPtr<nsIXMLContentSink> xmlSink = do_QueryInterface(sink); + if (!xmlSink) { + return NS_ERROR_NOT_IMPLEMENTED; + } + + listener.swap(mTargetListener); + viewer.forget(aViewer); + newLoadGroup.forget(aLoadGroup); + return NS_OK; +} + +NS_IMETHODIMP +ExternalResourceMap::PendingLoad::OnDataAvailable(nsIRequest* aRequest, + nsIInputStream* aStream, + uint64_t aOffset, + uint32_t aCount) { + // mTargetListener might be null if SetupViewer or AddExternalResource failed. + NS_ENSURE_TRUE(mTargetListener, NS_ERROR_FAILURE); + if (mDisplayDocument->ExternalResourceMap().HaveShutDown()) { + return NS_BINDING_ABORTED; + } + return mTargetListener->OnDataAvailable(aRequest, aStream, aOffset, aCount); +} + +NS_IMETHODIMP +ExternalResourceMap::PendingLoad::OnStopRequest(nsIRequest* aRequest, + nsresult aStatus) { + // mTargetListener might be null if SetupViewer or AddExternalResource failed + if (mTargetListener) { + nsCOMPtr<nsIStreamListener> listener; + mTargetListener.swap(listener); + return listener->OnStopRequest(aRequest, aStatus); + } + + return NS_OK; +} + +nsresult ExternalResourceMap::PendingLoad::StartLoad( + nsIURI* aURI, nsIReferrerInfo* aReferrerInfo, nsINode* aRequestingNode) { + MOZ_ASSERT(aURI, "Must have a URI"); + MOZ_ASSERT(aRequestingNode, "Must have a node"); + MOZ_ASSERT(aReferrerInfo, "Must have a referrerInfo"); + + nsCOMPtr<nsILoadGroup> loadGroup = + aRequestingNode->OwnerDoc()->GetDocumentLoadGroup(); + + nsresult rv = NS_OK; + nsCOMPtr<nsIChannel> channel; + rv = NS_NewChannel(getter_AddRefs(channel), aURI, aRequestingNode, + nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT, + nsIContentPolicy::TYPE_OTHER, + nullptr, // aPerformanceStorage + loadGroup); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel)); + if (httpChannel) { + rv = httpChannel->SetReferrerInfo(aReferrerInfo); + Unused << NS_WARN_IF(NS_FAILED(rv)); + } + + mURI = aURI; + + return channel->AsyncOpen(this); +} + +NS_IMPL_ISUPPORTS(ExternalResourceMap::LoadgroupCallbacks, + nsIInterfaceRequestor) + +#define IMPL_SHIM(_i) \ + NS_IMPL_ISUPPORTS(ExternalResourceMap::LoadgroupCallbacks::_i##Shim, _i) + +IMPL_SHIM(nsILoadContext) +IMPL_SHIM(nsIProgressEventSink) +IMPL_SHIM(nsIChannelEventSink) + +#undef IMPL_SHIM + +#define IID_IS(_i) aIID.Equals(NS_GET_IID(_i)) + +#define TRY_SHIM(_i) \ + PR_BEGIN_MACRO \ + if (IID_IS(_i)) { \ + nsCOMPtr<_i> real = do_GetInterface(mCallbacks); \ + if (!real) { \ + return NS_NOINTERFACE; \ + } \ + nsCOMPtr<_i> shim = new _i##Shim(this, real); \ + shim.forget(aSink); \ + return NS_OK; \ + } \ + PR_END_MACRO + +NS_IMETHODIMP +ExternalResourceMap::LoadgroupCallbacks::GetInterface(const nsIID& aIID, + void** aSink) { + if (mCallbacks && (IID_IS(nsIPrompt) || IID_IS(nsIAuthPrompt) || + IID_IS(nsIAuthPrompt2) || IID_IS(nsIBrowserChild))) { + return mCallbacks->GetInterface(aIID, aSink); + } + + *aSink = nullptr; + + TRY_SHIM(nsILoadContext); + TRY_SHIM(nsIProgressEventSink); + TRY_SHIM(nsIChannelEventSink); + + return NS_NOINTERFACE; +} + +#undef TRY_SHIM +#undef IID_IS + +ExternalResourceMap::ExternalResource::~ExternalResource() { + if (mViewer) { + mViewer->Close(nullptr); + mViewer->Destroy(); + } +} + +// ================================================================== +// = +// ================================================================== + +// If we ever have an nsIDocumentObserver notification for stylesheet title +// changes we should update the list from that instead of overriding +// EnsureFresh. +class DOMStyleSheetSetList final : public DOMStringList { + public: + explicit DOMStyleSheetSetList(Document* aDocument); + + void Disconnect() { mDocument = nullptr; } + + virtual void EnsureFresh() override; + + protected: + Document* mDocument; // Our document; weak ref. It'll let us know if it + // dies. +}; + +DOMStyleSheetSetList::DOMStyleSheetSetList(Document* aDocument) + : mDocument(aDocument) { + NS_ASSERTION(mDocument, "Must have document!"); +} + +void DOMStyleSheetSetList::EnsureFresh() { + MOZ_ASSERT(NS_IsMainThread()); + + mNames.Clear(); + + if (!mDocument) { + return; // Spec says "no exceptions", and we have no style sets if we have + // no document, for sure + } + + size_t count = mDocument->SheetCount(); + nsAutoString title; + for (size_t index = 0; index < count; index++) { + StyleSheet* sheet = mDocument->SheetAt(index); + NS_ASSERTION(sheet, "Null sheet in sheet list!"); + sheet->GetTitle(title); + if (!title.IsEmpty() && !mNames.Contains(title) && !Add(title)) { + return; + } + } +} + +Document::PendingFrameStaticClone::~PendingFrameStaticClone() = default; + +// ================================================================== +// = +// ================================================================== + +Document::InternalCommandDataHashtable* + Document::sInternalCommandDataHashtable = nullptr; + +// static +void Document::Shutdown() { + if (sInternalCommandDataHashtable) { + sInternalCommandDataHashtable->Clear(); + delete sInternalCommandDataHashtable; + sInternalCommandDataHashtable = nullptr; + } +} + +Document::Document(const char* aContentType) + : nsINode(nullptr), + DocumentOrShadowRoot(this), + mCharacterSet(WINDOWS_1252_ENCODING), + mCharacterSetSource(0), + mParentDocument(nullptr), + mCachedRootElement(nullptr), + mNodeInfoManager(nullptr), +#ifdef DEBUG + mStyledLinksCleared(false), +#endif + mCachedStateObjectValid(false), + mBlockAllMixedContent(false), + mBlockAllMixedContentPreloads(false), + mUpgradeInsecureRequests(false), + mUpgradeInsecurePreloads(false), + mDevToolsWatchingDOMMutations(false), + mBidiEnabled(false), + mMayNeedFontPrefsUpdate(true), + mMathMLEnabled(false), + mIsInitialDocumentInWindow(false), + mIsEverInitialDocumentInWindow(false), + mIgnoreDocGroupMismatches(false), + mLoadedAsData(false), + mAddedToMemoryReportingAsDataDocument(false), + mMayStartLayout(true), + mHaveFiredTitleChange(false), + mIsShowing(false), + mVisible(true), + mRemovedFromDocShell(false), + // mAllowDNSPrefetch starts true, so that we can always reliably && it + // with various values that might disable it. Since we never prefetch + // unless we get a window, and in that case the docshell value will get + // &&-ed in, this is safe. + mAllowDNSPrefetch(true), + mIsStaticDocument(false), + mCreatingStaticClone(false), + mHasPrintCallbacks(false), + mInUnlinkOrDeletion(false), + mHasHadScriptHandlingObject(false), + mIsBeingUsedAsImage(false), + mChromeRulesEnabled(false), + mInChromeDocShell(false), + mIsSyntheticDocument(false), + mHasLinksToUpdateRunnable(false), + mFlushingPendingLinkUpdates(false), + mMayHaveDOMMutationObservers(false), + mMayHaveAnimationObservers(false), + mHasCSPDeliveredThroughHeader(false), + mBFCacheDisallowed(false), + mHasHadDefaultView(false), + mStyleSheetChangeEventsEnabled(false), + mDevToolsAnonymousAndShadowEventsEnabled(false), + mIsSrcdocDocument(false), + mHasDisplayDocument(false), + mFontFaceSetDirty(true), + mDidFireDOMContentLoaded(true), + mFrameRequestCallbacksScheduled(false), + mIsTopLevelContentDocument(false), + mIsContentDocument(false), + mDidCallBeginLoad(false), + mEncodingMenuDisabled(false), + mLinksEnabled(true), + mIsSVGGlyphsDocument(false), + mInDestructor(false), + mIsGoingAway(false), + mStyleSetFilled(false), + mQuirkSheetAdded(false), + mContentEditableSheetAdded(false), + mDesignModeSheetAdded(false), + mMayHaveTitleElement(false), + mDOMLoadingSet(false), + mDOMInteractiveSet(false), + mDOMCompleteSet(false), + mAutoFocusFired(false), + mScrolledToRefAlready(false), + mChangeScrollPosWhenScrollingToRef(false), + mDelayFrameLoaderInitialization(false), + mSynchronousDOMContentLoaded(false), + mMaybeServiceWorkerControlled(false), + mAllowZoom(false), + mValidScaleFloat(false), + mValidMinScale(false), + mValidMaxScale(false), + mWidthStrEmpty(false), + mParserAborted(false), + mReportedDocumentUseCounters(false), + mHasReportedShadowDOMUsage(false), + mHasDelayedRefreshEvent(false), + mLoadEventFiring(false), + mSkipLoadEventAfterClose(false), + mDisableCookieAccess(false), + mDisableDocWrite(false), + mTooDeepWriteRecursion(false), + mPendingMaybeEditingStateChanged(false), + mHasBeenEditable(false), + mHasWarnedAboutZoom(false), + mIsRunningExecCommandByContent(false), + mIsRunningExecCommandByChromeOrAddon(false), + mSetCompleteAfterDOMContentLoaded(false), + mDidHitCompleteSheetCache(false), + mUseCountersInitialized(false), + mShouldReportUseCounters(false), + mShouldSendPageUseCounters(false), + mUserHasInteracted(false), + mHasUserInteractionTimerScheduled(false), + mShouldResistFingerprinting(false), + mCloningForSVGUse(false), + mAllowDeclarativeShadowRoots(false), + mXMLDeclarationBits(0), + mOnloadBlockCount(0), + mWriteLevel(0), + mContentEditableCount(0), + mEditingState(EditingState::eOff), + mCompatMode(eCompatibility_FullStandards), + mReadyState(ReadyState::READYSTATE_UNINITIALIZED), + mAncestorIsLoading(false), + mVisibilityState(dom::VisibilityState::Hidden), + mType(eUnknown), + mDefaultElementType(0), + mAllowXULXBL(eTriUnset), + mSkipDTDSecurityChecks(false), + mBidiOptions(IBMBIDI_DEFAULT_BIDI_OPTIONS), + mSandboxFlags(0), + mPartID(0), + mMarkedCCGeneration(0), + mPresShell(nullptr), + mSubtreeModifiedDepth(0), + mPreloadPictureDepth(0), + mEventsSuppressed(0), + mIgnoreDestructiveWritesCounter(0), + mStaticCloneCount(0), + mWindow(nullptr), + mBFCacheEntry(nullptr), + mInSyncOperationCount(0), + mBlockDOMContentLoaded(0), + mUpdateNestLevel(0), + mHttpsOnlyStatus(nsILoadInfo::HTTPS_ONLY_UNINITIALIZED), + mViewportType(Unknown), + mViewportFit(ViewportFitType::Auto), + mSubDocuments(nullptr), + mHeaderData(nullptr), + mServoRestyleRootDirtyBits(0), + mThrowOnDynamicMarkupInsertionCounter(0), + mIgnoreOpensDuringUnloadCounter(0), + mSavedResolution(1.0f), + mSavedResolutionBeforeMVM(1.0f), + mGeneration(0), + mCachedTabSizeGeneration(0), + mNextFormNumber(0), + mNextControlNumber(0), + mPreloadService(this), + mShouldNotifyFetchSuccess(false), + mShouldNotifyFormOrPasswordRemoved(false) { + MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, ("DOCUMENT %p created", this)); + + SetIsInDocument(); + SetIsConnected(true); + + // Create these unconditionally, they will be used to warn about the `zoom` + // property, even if use counters are disabled. + mStyleUseCounters.reset(Servo_UseCounters_Create()); + + SetContentType(nsDependentCString(aContentType)); + + // Start out mLastStyleSheetSet as null, per spec + SetDOMStringToNull(mLastStyleSheetSet); + + // void state used to differentiate an empty source from an unselected source + mPreloadPictureFoundSource.SetIsVoid(true); + + RecomputeLanguageFromCharset(); + + mPreloadReferrerInfo = new dom::ReferrerInfo(nullptr); + mReferrerInfo = new dom::ReferrerInfo(nullptr); +} + +#ifndef ANDROID +// unused by GeckoView +static bool IsAboutErrorPage(nsGlobalWindowInner* aWin, const char* aSpec) { + if (NS_WARN_IF(!aWin)) { + return false; + } + + nsIURI* uri = aWin->GetDocumentURI(); + if (NS_WARN_IF(!uri)) { + return false; + } + // getSpec is an expensive operation, hence we first check the scheme + // to see if the caller is actually an about: page. + if (!uri->SchemeIs("about")) { + return false; + } + + nsAutoCString aboutSpec; + nsresult rv = NS_GetAboutModuleName(uri, aboutSpec); + NS_ENSURE_SUCCESS(rv, false); + + return aboutSpec.EqualsASCII(aSpec); +} +#endif + +bool Document::CallerIsTrustedAboutNetError(JSContext* aCx, JSObject* aObject) { + nsGlobalWindowInner* win = xpc::WindowOrNull(aObject); +#ifdef ANDROID + // GeckoView uses data URLs for error pages, so for now just check for any + // error page + return win && win->GetDocument() && win->GetDocument()->IsErrorPage(); +#else + return win && IsAboutErrorPage(win, "neterror"); +#endif +} + +bool Document::CallerIsTrustedAboutHttpsOnlyError(JSContext* aCx, + JSObject* aObject) { + nsGlobalWindowInner* win = xpc::WindowOrNull(aObject); +#ifdef ANDROID + // GeckoView uses data URLs for error pages, so for now just check for any + // error page + return win && win->GetDocument() && win->GetDocument()->IsErrorPage(); +#else + return win && IsAboutErrorPage(win, "httpsonlyerror"); +#endif +} + +already_AddRefed<mozilla::dom::Promise> Document::AddCertException( + bool aIsTemporary, ErrorResult& aError) { + RefPtr<Promise> promise = Promise::Create(GetScopeObject(), aError, + Promise::ePropagateUserInteraction); + if (aError.Failed()) { + return nullptr; + } + + nsresult rv = NS_OK; + if (NS_WARN_IF(!mFailedChannel)) { + promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR); + return promise.forget(); + } + + nsCOMPtr<nsIURI> failedChannelURI; + NS_GetFinalChannelURI(mFailedChannel, getter_AddRefs(failedChannelURI)); + if (!failedChannelURI) { + promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR); + return promise.forget(); + } + + nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(failedChannelURI); + if (!innerURI) { + promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR); + return promise.forget(); + } + + nsAutoCString host; + innerURI->GetAsciiHost(host); + int32_t port; + innerURI->GetPort(&port); + + nsCOMPtr<nsITransportSecurityInfo> tsi; + rv = mFailedChannel->GetSecurityInfo(getter_AddRefs(tsi)); + if (NS_WARN_IF(NS_FAILED(rv))) { + promise->MaybeReject(rv); + return promise.forget(); + } + if (NS_WARN_IF(!tsi)) { + promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR); + return promise.forget(); + } + + nsCOMPtr<nsIX509Cert> cert; + rv = tsi->GetServerCert(getter_AddRefs(cert)); + if (NS_WARN_IF(NS_FAILED(rv))) { + promise->MaybeReject(rv); + return promise.forget(); + } + if (NS_WARN_IF(!cert)) { + promise->MaybeReject(NS_ERROR_DOM_INVALID_STATE_ERR); + return promise.forget(); + } + + if (XRE_IsContentProcess()) { + ContentChild* cc = ContentChild::GetSingleton(); + MOZ_ASSERT(cc); + OriginAttributes const& attrs = NodePrincipal()->OriginAttributesRef(); + cc->SendAddCertException(cert, host, port, attrs, aIsTemporary) + ->Then(GetCurrentSerialEventTarget(), __func__, + [promise](const mozilla::MozPromise< + nsresult, mozilla::ipc::ResponseRejectReason, + true>::ResolveOrRejectValue& aValue) { + if (aValue.IsResolve()) { + promise->MaybeResolve(aValue.ResolveValue()); + } else { + promise->MaybeRejectWithUndefined(); + } + }); + return promise.forget(); + } + + if (XRE_IsParentProcess()) { + nsCOMPtr<nsICertOverrideService> overrideService = + do_GetService(NS_CERTOVERRIDE_CONTRACTID); + if (!overrideService) { + promise->MaybeReject(NS_ERROR_FAILURE); + return promise.forget(); + } + + OriginAttributes const& attrs = NodePrincipal()->OriginAttributesRef(); + rv = overrideService->RememberValidityOverride(host, port, attrs, cert, + aIsTemporary); + if (NS_WARN_IF(NS_FAILED(rv))) { + promise->MaybeReject(rv); + return promise.forget(); + } + + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + + promise->MaybeReject(NS_ERROR_FAILURE); + return promise.forget(); +} + +void Document::ReloadWithHttpsOnlyException() { + if (WindowGlobalChild* wgc = GetWindowGlobalChild()) { + wgc->SendReloadWithHttpsOnlyException(); + } +} + +void Document::GetNetErrorInfo(NetErrorInfo& aInfo, ErrorResult& aRv) { + nsresult rv = NS_OK; + if (NS_WARN_IF(!mFailedChannel)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + nsCOMPtr<nsITransportSecurityInfo> tsi; + rv = mFailedChannel->GetSecurityInfo(getter_AddRefs(tsi)); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + if (NS_WARN_IF(!tsi)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + nsAutoString errorCodeString; + rv = tsi->GetErrorCodeString(errorCodeString); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + aInfo.mErrorCodeString.Assign(errorCodeString); +} + +bool Document::CallerIsTrustedAboutCertError(JSContext* aCx, + JSObject* aObject) { + nsGlobalWindowInner* win = xpc::WindowOrNull(aObject); +#ifdef ANDROID + // GeckoView uses data URLs for error pages, so for now just check for any + // error page + return win && win->GetDocument() && win->GetDocument()->IsErrorPage(); +#else + return win && IsAboutErrorPage(win, "certerror"); +#endif +} + +bool Document::CallerCanAccessPrivilegeSSA(JSContext* aCx, JSObject* aObject) { + RefPtr<BasePrincipal> principal = + BasePrincipal::Cast(nsContentUtils::SubjectPrincipal(aCx)); + + if (!principal) { + return false; + } + + // We allow the privilege SSA to be called from system principal. + if (principal->IsSystemPrincipal()) { + return true; + } + + // We only allow calling the privilege SSA from the content script of the + // webcompat extension. + if (auto* policy = principal->ContentScriptAddonPolicy()) { + nsAutoString addonID; + policy->GetId(addonID); + + return addonID.EqualsLiteral("webcompat@mozilla.org"); + } + + return false; +} + +bool Document::IsErrorPage() const { + nsCOMPtr<nsILoadInfo> loadInfo = mChannel ? mChannel->LoadInfo() : nullptr; + return loadInfo && loadInfo->GetLoadErrorPage(); +} + +void Document::GetFailedCertSecurityInfo(FailedCertSecurityInfo& aInfo, + ErrorResult& aRv) { + nsresult rv = NS_OK; + if (NS_WARN_IF(!mFailedChannel)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + nsCOMPtr<nsITransportSecurityInfo> tsi; + rv = mFailedChannel->GetSecurityInfo(getter_AddRefs(tsi)); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + if (NS_WARN_IF(!tsi)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + nsAutoString errorCodeString; + rv = tsi->GetErrorCodeString(errorCodeString); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + aInfo.mErrorCodeString.Assign(errorCodeString); + + nsITransportSecurityInfo::OverridableErrorCategory errorCategory; + rv = tsi->GetOverridableErrorCategory(&errorCategory); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + switch (errorCategory) { + case nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TRUST: + aInfo.mOverridableErrorCategory = + dom::OverridableErrorCategory::Trust_error; + break; + case nsITransportSecurityInfo::OverridableErrorCategory::ERROR_DOMAIN: + aInfo.mOverridableErrorCategory = + dom::OverridableErrorCategory::Domain_mismatch; + break; + case nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TIME: + aInfo.mOverridableErrorCategory = + dom::OverridableErrorCategory::Expired_or_not_yet_valid; + break; + default: + aInfo.mOverridableErrorCategory = dom::OverridableErrorCategory::Unset; + break; + } + + nsCOMPtr<nsIX509Cert> cert; + nsCOMPtr<nsIX509CertValidity> validity; + rv = tsi->GetServerCert(getter_AddRefs(cert)); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + if (NS_WARN_IF(!cert)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + rv = cert->GetValidity(getter_AddRefs(validity)); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + if (NS_WARN_IF(!validity)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + PRTime validityResult; + rv = validity->GetNotBefore(&validityResult); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + aInfo.mValidNotBefore = DOMTimeStamp(validityResult / PR_USEC_PER_MSEC); + + rv = validity->GetNotAfter(&validityResult); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + aInfo.mValidNotAfter = DOMTimeStamp(validityResult / PR_USEC_PER_MSEC); + + nsAutoString issuerCommonName; + nsAutoString certChainPEMString; + Sequence<nsString>& certChainStrings = aInfo.mCertChainStrings.Construct(); + int64_t maxValidity = std::numeric_limits<int64_t>::max(); + int64_t minValidity = 0; + PRTime notBefore, notAfter; + nsTArray<RefPtr<nsIX509Cert>> failedCertArray; + rv = tsi->GetFailedCertChain(failedCertArray); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + + if (NS_WARN_IF(failedCertArray.IsEmpty())) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + for (const auto& certificate : failedCertArray) { + rv = certificate->GetIssuerCommonName(issuerCommonName); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + + rv = certificate->GetValidity(getter_AddRefs(validity)); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + if (NS_WARN_IF(!validity)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + rv = validity->GetNotBefore(¬Before); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + + rv = validity->GetNotAfter(¬After); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + + notBefore = std::max(minValidity, notBefore); + notAfter = std::min(maxValidity, notAfter); + nsTArray<uint8_t> certArray; + rv = certificate->GetRawDER(certArray); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + + nsAutoString der64; + rv = Base64Encode(reinterpret_cast<const char*>(certArray.Elements()), + certArray.Length(), der64); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + if (!certChainStrings.AppendElement(der64, fallible)) { + aRv.Throw(NS_ERROR_OUT_OF_MEMORY); + return; + } + } + + aInfo.mIssuerCommonName.Assign(issuerCommonName); + aInfo.mCertValidityRangeNotAfter = DOMTimeStamp(notAfter / PR_USEC_PER_MSEC); + aInfo.mCertValidityRangeNotBefore = + DOMTimeStamp(notBefore / PR_USEC_PER_MSEC); + + int32_t errorCode; + rv = tsi->GetErrorCode(&errorCode); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + + nsCOMPtr<nsINSSErrorsService> nsserr = + do_GetService("@mozilla.org/nss_errors_service;1"); + if (NS_WARN_IF(!nsserr)) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + nsresult res; + rv = nsserr->GetXPCOMFromNSSError(errorCode, &res); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + rv = nsserr->GetErrorMessage(res, aInfo.mErrorMessage); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return; + } + + OriginAttributes attrs; + StoragePrincipalHelper::GetRegularPrincipalOriginAttributes(this, attrs); + nsCOMPtr<nsIURI> aURI; + mFailedChannel->GetURI(getter_AddRefs(aURI)); + if (XRE_IsContentProcess()) { + ContentChild* cc = ContentChild::GetSingleton(); + MOZ_ASSERT(cc); + cc->SendIsSecureURI(aURI, attrs, &aInfo.mHasHSTS); + } else { + nsCOMPtr<nsISiteSecurityService> sss = + do_GetService(NS_SSSERVICE_CONTRACTID); + if (NS_WARN_IF(!sss)) { + return; + } + Unused << NS_WARN_IF( + NS_FAILED(sss->IsSecureURI(aURI, attrs, &aInfo.mHasHSTS))); + } + nsCOMPtr<nsIPublicKeyPinningService> pkps = + do_GetService(NS_PKPSERVICE_CONTRACTID); + if (NS_WARN_IF(!pkps)) { + return; + } + Unused << NS_WARN_IF(NS_FAILED(pkps->HostHasPins(aURI, &aInfo.mHasHPKP))); +} + +bool Document::IsAboutPage() const { + return NodePrincipal()->SchemeIs("about"); +} + +void Document::ConstructUbiNode(void* storage) { + JS::ubi::Concrete<Document>::construct(storage, this); +} + +void Document::LoadEventFired() { + // Object used to collect some telemetry data so we don't need to query for it + // twice. + glean::perf::PageLoadExtra pageLoadEventData; + + // Accumulate timing data located in each document's realm and report to + // telemetry. + AccumulateJSTelemetry(pageLoadEventData); + + // Collect page load timings + AccumulatePageLoadTelemetry(pageLoadEventData); + + // Record page load event + RecordPageLoadEventTelemetry(pageLoadEventData); + + // Release the JS bytecode cache from its wait on the load event, and + // potentially dispatch the encoding of the bytecode. + if (ScriptLoader()) { + ScriptLoader()->LoadEventFired(); + } +} + +void Document::RecordPageLoadEventTelemetry( + glean::perf::PageLoadExtra& aEventTelemetryData) { + // If the page load time is empty, then the content wasn't something we want + // to report (i.e. not a top level document). + if (!aEventTelemetryData.loadTime) { + return; + } + MOZ_ASSERT(IsTopLevelContentDocument()); + + nsPIDOMWindowOuter* window = GetWindow(); + if (!window) { + return; + } + + nsIDocShell* docshell = window->GetDocShell(); + if (!docshell) { + return; + } + + nsAutoCString loadTypeStr; + switch (docshell->GetLoadType()) { + case LOAD_NORMAL: + case LOAD_NORMAL_REPLACE: + case LOAD_NORMAL_BYPASS_CACHE: + case LOAD_NORMAL_BYPASS_PROXY: + case LOAD_NORMAL_BYPASS_PROXY_AND_CACHE: + loadTypeStr.Append("NORMAL"); + break; + case LOAD_HISTORY: + loadTypeStr.Append("HISTORY"); + break; + case LOAD_RELOAD_NORMAL: + case LOAD_RELOAD_BYPASS_CACHE: + case LOAD_RELOAD_BYPASS_PROXY: + case LOAD_RELOAD_BYPASS_PROXY_AND_CACHE: + case LOAD_REFRESH: + case LOAD_REFRESH_REPLACE: + case LOAD_RELOAD_CHARSET_CHANGE: + case LOAD_RELOAD_CHARSET_CHANGE_BYPASS_PROXY_AND_CACHE: + case LOAD_RELOAD_CHARSET_CHANGE_BYPASS_CACHE: + loadTypeStr.Append("RELOAD"); + break; + case LOAD_LINK: + loadTypeStr.Append("LINK"); + break; + case LOAD_STOP_CONTENT: + case LOAD_STOP_CONTENT_AND_REPLACE: + loadTypeStr.Append("STOP"); + break; + case LOAD_ERROR_PAGE: + loadTypeStr.Append("ERROR"); + break; + default: + loadTypeStr.Append("OTHER"); + break; + } + + nsCOMPtr<nsIEffectiveTLDService> tldService = + do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); + if (tldService && mReferrerInfo && + (docshell->GetLoadType() & nsIDocShell::LOAD_CMD_NORMAL)) { + nsAutoCString currentBaseDomain, referrerBaseDomain; + nsCOMPtr<nsIURI> referrerURI = mReferrerInfo->GetComputedReferrer(); + if (referrerURI) { + auto result = NS_SUCCEEDED( + tldService->GetBaseDomain(referrerURI, 0, referrerBaseDomain)); + if (result) { + bool sameOrigin = false; + NodePrincipal()->IsSameOrigin(referrerURI, &sameOrigin); + aEventTelemetryData.sameOriginNav = mozilla::Some(sameOrigin); + } + } + } + + aEventTelemetryData.loadType = mozilla::Some(loadTypeStr); + + // Sending a glean ping must be done on the parent process. + if (ContentChild* cc = ContentChild::GetSingleton()) { + cc->SendRecordPageLoadEvent(aEventTelemetryData); + } +} + +void Document::AccumulatePageLoadTelemetry( + glean::perf::PageLoadExtra& aEventTelemetryDataOut) { + // Interested only in top level documents for real websites that are in the + // foreground. + if (!ShouldIncludeInTelemetry() || !IsTopLevelContentDocument() || + !GetNavigationTiming() || + !GetNavigationTiming()->DocShellHasBeenActiveSinceNavigationStart()) { + return; + } + + if (!GetChannel()) { + return; + } + + nsCOMPtr<nsITimedChannel> timedChannel(do_QueryInterface(GetChannel())); + if (!timedChannel) { + return; + } + + // Default duration is 0, use this to check for bogus negative values. + const TimeDuration zeroDuration; + + TimeStamp responseStart; + timedChannel->GetResponseStart(&responseStart); + + TimeStamp redirectStart, redirectEnd; + timedChannel->GetRedirectStart(&redirectStart); + timedChannel->GetRedirectEnd(&redirectEnd); + + uint8_t redirectCount; + timedChannel->GetRedirectCount(&redirectCount); + if (redirectCount) { + aEventTelemetryDataOut.redirectCount = + mozilla::Some(static_cast<uint32_t>(redirectCount)); + } + + if (!redirectStart.IsNull() && !redirectEnd.IsNull()) { + TimeDuration redirectTime = redirectEnd - redirectStart; + if (redirectTime > zeroDuration) { + aEventTelemetryDataOut.redirectTime = + mozilla::Some(static_cast<uint32_t>(redirectTime.ToMilliseconds())); + } + } + + TimeStamp dnsLookupStart, dnsLookupEnd; + timedChannel->GetDomainLookupStart(&dnsLookupStart); + timedChannel->GetDomainLookupEnd(&dnsLookupEnd); + + if (!dnsLookupStart.IsNull() && !dnsLookupEnd.IsNull()) { + TimeDuration dnsLookupTime = dnsLookupEnd - dnsLookupStart; + if (dnsLookupTime > zeroDuration) { + aEventTelemetryDataOut.dnsLookupTime = + mozilla::Some(static_cast<uint32_t>(dnsLookupTime.ToMilliseconds())); + } + } + + TimeStamp navigationStart = + GetNavigationTiming()->GetNavigationStartTimeStamp(); + + if (!responseStart || !navigationStart) { + return; + } + + nsAutoCString dnsKey("Native"); + nsAutoCString http3Key; + nsAutoCString http3WithPriorityKey; + nsAutoCString earlyHintKey; + nsCOMPtr<nsIHttpChannelInternal> httpChannel = + do_QueryInterface(GetChannel()); + if (httpChannel) { + bool resolvedByTRR = false; + Unused << httpChannel->GetIsResolvedByTRR(&resolvedByTRR); + if (resolvedByTRR) { + if (nsCOMPtr<nsIDNSService> dns = + do_GetService(NS_DNSSERVICE_CONTRACTID)) { + dns->GetTRRDomainKey(dnsKey); + } else { + // Failed to get the DNS service. + dnsKey = "(fail)"_ns; + } + aEventTelemetryDataOut.trrDomain = mozilla::Some(dnsKey); + } + + uint32_t major; + uint32_t minor; + if (NS_SUCCEEDED(httpChannel->GetResponseVersion(&major, &minor))) { + if (major == 3) { + http3Key = "http3"_ns; + nsCOMPtr<nsIHttpChannel> httpChannel2 = do_QueryInterface(GetChannel()); + nsCString header; + if (httpChannel2 && + NS_SUCCEEDED( + httpChannel2->GetResponseHeader("priority"_ns, header)) && + !header.IsEmpty()) { + http3WithPriorityKey = "with_priority"_ns; + } else { + http3WithPriorityKey = "without_priority"_ns; + } + } else if (major == 2) { + bool supportHttp3 = false; + if (NS_FAILED(httpChannel->GetSupportsHTTP3(&supportHttp3))) { + supportHttp3 = false; + } + if (supportHttp3) { + http3Key = "supports_http3"_ns; + } + } + + aEventTelemetryDataOut.httpVer = mozilla::Some(major); + } + + uint32_t earlyHintType = 0; + Unused << httpChannel->GetEarlyHintLinkType(&earlyHintType); + if (earlyHintType & LinkStyle::ePRECONNECT) { + earlyHintKey.Append("preconnect_"_ns); + } + if (earlyHintType & LinkStyle::ePRELOAD) { + earlyHintKey.Append("preload_"_ns); + earlyHintKey.Append(mPreloadService.GetEarlyHintUsed() ? "1"_ns : "0"_ns); + } + } + + TimeStamp asyncOpen; + timedChannel->GetAsyncOpen(&asyncOpen); + if (asyncOpen) { + Telemetry::AccumulateTimeDelta(Telemetry::DNS_PERF_FIRST_BYTE_MS, dnsKey, + asyncOpen, responseStart); + } + + // First Contentful Composite + if (TimeStamp firstContentfulComposite = + GetNavigationTiming()->GetFirstContentfulCompositeTimeStamp()) { + glean::performance_pageload::fcp.AccumulateRawDuration( + firstContentfulComposite - navigationStart); + + if (!http3Key.IsEmpty()) { + Telemetry::AccumulateTimeDelta( + Telemetry::HTTP3_PERF_FIRST_CONTENTFUL_PAINT_MS, http3Key, + navigationStart, firstContentfulComposite); + } + + if (!http3WithPriorityKey.IsEmpty()) { + Telemetry::AccumulateTimeDelta( + Telemetry::H3P_PERF_FIRST_CONTENTFUL_PAINT_MS, http3WithPriorityKey, + navigationStart, firstContentfulComposite); + } + + if (!earlyHintKey.IsEmpty()) { + Telemetry::AccumulateTimeDelta( + Telemetry::EH_PERF_FIRST_CONTENTFUL_PAINT_MS, earlyHintKey, + navigationStart, firstContentfulComposite); + } + + Telemetry::AccumulateTimeDelta( + Telemetry::DNS_PERF_FIRST_CONTENTFUL_PAINT_MS, dnsKey, navigationStart, + firstContentfulComposite); + + glean::performance_pageload::fcp_responsestart.AccumulateRawDuration( + firstContentfulComposite - responseStart); + + TimeDuration fcpTime = firstContentfulComposite - navigationStart; + if (fcpTime > zeroDuration) { + aEventTelemetryDataOut.fcpTime = + mozilla::Some(static_cast<uint32_t>(fcpTime.ToMilliseconds())); + } + } + + // Report the most up to date LCP time. For our histogram we actually report + // this on page unload. + if (TimeStamp lcpTime = + GetNavigationTiming()->GetLargestContentfulRenderTimeStamp()) { + aEventTelemetryDataOut.lcpTime = mozilla::Some( + static_cast<uint32_t>((lcpTime - navigationStart).ToMilliseconds())); + } + + // Load event + if (TimeStamp loadEventStart = + GetNavigationTiming()->GetLoadEventStartTimeStamp()) { + glean::performance_pageload::load_time.AccumulateRawDuration( + loadEventStart - navigationStart); + if (!http3Key.IsEmpty()) { + Telemetry::AccumulateTimeDelta(Telemetry::HTTP3_PERF_PAGE_LOAD_TIME_MS, + http3Key, navigationStart, loadEventStart); + } + + if (!http3WithPriorityKey.IsEmpty()) { + Telemetry::AccumulateTimeDelta(Telemetry::H3P_PERF_PAGE_LOAD_TIME_MS, + http3WithPriorityKey, navigationStart, + loadEventStart); + } + + if (!earlyHintKey.IsEmpty()) { + Telemetry::AccumulateTimeDelta(Telemetry::EH_PERF_PAGE_LOAD_TIME_MS, + earlyHintKey, navigationStart, + loadEventStart); + } + + glean::performance_pageload::load_time_responsestart.AccumulateRawDuration( + loadEventStart - responseStart); + + TimeDuration responseTime = responseStart - navigationStart; + if (responseTime > zeroDuration) { + aEventTelemetryDataOut.responseTime = + mozilla::Some(static_cast<uint32_t>(responseTime.ToMilliseconds())); + } + + TimeDuration loadTime = loadEventStart - navigationStart; + if (loadTime > zeroDuration) { + aEventTelemetryDataOut.loadTime = + mozilla::Some(static_cast<uint32_t>(loadTime.ToMilliseconds())); + } + } +} + +void Document::AccumulateJSTelemetry( + glean::perf::PageLoadExtra& aEventTelemetryDataOut) { + if (!IsTopLevelContentDocument() || !ShouldIncludeInTelemetry()) { + return; + } + + if (!GetScopeObject() || !GetScopeObject()->GetGlobalJSObject()) { + return; + } + + AutoJSContext cx; + JSObject* globalObject = GetScopeObject()->GetGlobalJSObject(); + JSAutoRealm ar(cx, globalObject); + JS::JSTimers timers = JS::GetJSTimers(cx); + + if (!timers.executionTime.IsZero()) { + glean::javascript_pageload::execution_time.AccumulateRawDuration( + timers.executionTime); + aEventTelemetryDataOut.jsExecTime = mozilla::Some( + static_cast<uint32_t>(timers.executionTime.ToMilliseconds())); + } + + if (!timers.delazificationTime.IsZero()) { + glean::javascript_pageload::delazification_time.AccumulateRawDuration( + timers.delazificationTime); + } + + if (!timers.xdrEncodingTime.IsZero()) { + glean::javascript_pageload::xdr_encode_time.AccumulateRawDuration( + timers.xdrEncodingTime); + } + + if (!timers.baselineCompileTime.IsZero()) { + glean::javascript_pageload::baseline_compile_time.AccumulateRawDuration( + timers.baselineCompileTime); + } + + if (!timers.gcTime.IsZero()) { + glean::javascript_pageload::gc_time.AccumulateRawDuration(timers.gcTime); + } + + if (!timers.protectTime.IsZero()) { + glean::javascript_pageload::protect_time.AccumulateRawDuration( + timers.protectTime); + } +} + +Document::~Document() { + MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, ("DOCUMENT %p destroyed", this)); + MOZ_ASSERT(!IsTopLevelContentDocument() || !IsResourceDoc(), + "Can't be top-level and a resource doc at the same time"); + + NS_ASSERTION(!mIsShowing, "Destroying a currently-showing document"); + + if (IsTopLevelContentDocument()) { + RemoveToplevelLoadingDocument(this); + + // don't report for about: pages + if (!IsAboutPage()) { + if (MOZ_UNLIKELY(mMathMLEnabled)) { + ScalarAdd(Telemetry::ScalarID::MATHML_DOC_COUNT, 1); + } + + if (IsHTMLDocument()) { + switch (GetCompatibilityMode()) { + case eCompatibility_FullStandards: + Telemetry::AccumulateCategorical( + Telemetry::LABELS_QUIRKS_MODE::FullStandards); + break; + case eCompatibility_AlmostStandards: + Telemetry::AccumulateCategorical( + Telemetry::LABELS_QUIRKS_MODE::AlmostStandards); + break; + case eCompatibility_NavQuirks: + Telemetry::AccumulateCategorical( + Telemetry::LABELS_QUIRKS_MODE::NavQuirks); + break; + default: + MOZ_ASSERT_UNREACHABLE("Unknown quirks mode"); + break; + } + } + } + } + + mInDestructor = true; + mInUnlinkOrDeletion = true; + + mozilla::DropJSObjects(this); + + // Clear mObservers to keep it in sync with the mutationobserver list + mObservers.Clear(); + + mIntersectionObservers.Clear(); + + if (mStyleSheetSetList) { + mStyleSheetSetList->Disconnect(); + } + + if (mAnimationController) { + mAnimationController->Disconnect(); + } + + MOZ_ASSERT(mTimelines.isEmpty()); + + mParentDocument = nullptr; + + // Kill the subdocument map, doing this will release its strong + // references, if any. + delete mSubDocuments; + mSubDocuments = nullptr; + + nsAutoScriptBlocker scriptBlocker; + + // Destroy link map now so we don't waste time removing + // links one by one + DestroyElementMaps(); + + // Invalidate cached array of child nodes + InvalidateChildNodes(); + + // We should not have child nodes when destructor is called, + // since child nodes keep their owner document alive. + MOZ_ASSERT(!HasChildren()); + + mCachedRootElement = nullptr; + + for (auto& sheets : mAdditionalSheets) { + UnlinkStyleSheets(sheets); + } + + if (mAttributeStyles) { + mAttributeStyles->SetOwningDocument(nullptr); + } + + if (mListenerManager) { + mListenerManager->Disconnect(); + UnsetFlags(NODE_HAS_LISTENERMANAGER); + } + + if (mScriptLoader) { + mScriptLoader->DropDocumentReference(); + } + + if (mCSSLoader) { + // Could be null here if Init() failed or if we have been unlinked. + mCSSLoader->DropDocumentReference(); + } + + if (mStyleImageLoader) { + mStyleImageLoader->DropDocumentReference(); + } + + if (mXULBroadcastManager) { + mXULBroadcastManager->DropDocumentReference(); + } + + if (mXULPersist) { + mXULPersist->DropDocumentReference(); + } + + if (mPermissionDelegateHandler) { + mPermissionDelegateHandler->DropDocumentReference(); + } + + mHeaderData = nullptr; + + mPendingTitleChangeEvent.Revoke(); + + MOZ_ASSERT(mDOMMediaQueryLists.isEmpty(), + "must not have media query lists left"); + + if (mNodeInfoManager) { + mNodeInfoManager->DropDocumentReference(); + } + + if (mDocGroup) { + MOZ_ASSERT(mDocGroup->GetBrowsingContextGroup()); + mDocGroup->GetBrowsingContextGroup()->RemoveDocument(this, mDocGroup); + } + + UnlinkOriginalDocumentIfStatic(); + + UnregisterFromMemoryReportingForDataDocument(); +} + +void Document::DropStyleSet() { mStyleSet = nullptr; } + +NS_INTERFACE_TABLE_HEAD(Document) + NS_WRAPPERCACHE_INTERFACE_TABLE_ENTRY + NS_INTERFACE_TABLE_BEGIN + NS_INTERFACE_TABLE_ENTRY_AMBIGUOUS(Document, nsISupports, nsINode) + NS_INTERFACE_TABLE_ENTRY(Document, nsINode) + NS_INTERFACE_TABLE_ENTRY(Document, Document) + NS_INTERFACE_TABLE_ENTRY(Document, nsIScriptObjectPrincipal) + NS_INTERFACE_TABLE_ENTRY(Document, EventTarget) + NS_INTERFACE_TABLE_ENTRY(Document, nsISupportsWeakReference) + NS_INTERFACE_TABLE_END + NS_INTERFACE_TABLE_TO_MAP_SEGUE_CYCLE_COLLECTION(Document) +NS_INTERFACE_MAP_END + +NS_IMPL_CYCLE_COLLECTING_ADDREF(Document) +NS_IMPL_CYCLE_COLLECTING_RELEASE_WITH_LAST_RELEASE(Document, LastRelease()) + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_BEGIN(Document) + if (Element::CanSkip(tmp, aRemovingAllowed)) { + EventListenerManager* elm = tmp->GetExistingListenerManager(); + if (elm) { + elm->MarkForCC(); + } + return true; + } +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_BEGIN(Document) + return Element::CanSkipInCC(tmp); +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END + +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(Document) + return Element::CanSkipThis(tmp); +NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END + +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INTERNAL(Document) + if (MOZ_UNLIKELY(cb.WantDebugInfo())) { + char name[512]; + nsAutoCString loadedAsData; + if (tmp->IsLoadedAsData()) { + loadedAsData.AssignLiteral("data"); + } else { + loadedAsData.AssignLiteral("normal"); + } + uint32_t nsid = tmp->GetDefaultNamespaceID(); + nsAutoCString uri; + if (tmp->mDocumentURI) uri = tmp->mDocumentURI->GetSpecOrDefault(); + static const char* kNSURIs[] = {"([none])", "(xmlns)", "(xml)", + "(xhtml)", "(XLink)", "(XSLT)", + "(MathML)", "(RDF)", "(XUL)"}; + if (nsid < ArrayLength(kNSURIs)) { + SprintfLiteral(name, "Document %s %s %s", loadedAsData.get(), + kNSURIs[nsid], uri.get()); + } else { + SprintfLiteral(name, "Document %s %s", loadedAsData.get(), uri.get()); + } + cb.DescribeRefCountedNode(tmp->mRefCnt.get(), name); + } else { + NS_IMPL_CYCLE_COLLECTION_DESCRIBE(Document, tmp->mRefCnt.get()) + } + + if (!nsINode::Traverse(tmp, cb)) { + return NS_SUCCESS_INTERRUPTED_TRAVERSE; + } + + tmp->mExternalResourceMap.Traverse(&cb); + + // Traverse all Document pointer members. + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mSecurityInfo) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDisplayDocument) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mFontFaceSet) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mReadyForIdle) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDocumentL10n) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mHighlightRegistry) + + // Traverse all Document nsCOMPtrs. + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mParser) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mScriptGlobalObject) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mListenerManager) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mStyleSheetSetList) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mScriptLoader) + + DocumentOrShadowRoot::Traverse(tmp, cb); + + if (tmp->mRadioGroupContainer) { + RadioGroupContainer::Traverse(tmp->mRadioGroupContainer.get(), cb); + } + + for (auto& sheets : tmp->mAdditionalSheets) { + tmp->TraverseStyleSheets(sheets, "mAdditionalSheets[<origin>][i]", cb); + } + + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mOnloadBlocker) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mLazyLoadObserver) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mLastRememberedSizeObserver) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDOMImplementation) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mImageMaps) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mOrientationPendingPromise) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mOriginalDocument) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mCachedEncoder) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDocumentTimeline) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mScrollTimelineAnimationTracker) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mTemplateContentsOwner) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mChildrenCollection) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mImages); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mEmbeds); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mLinks); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mForms); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mScripts); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mApplets); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mAnchors); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mAnonymousContents) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mCommandDispatcher) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mFeaturePolicy) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mSuppressedEventListener) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPrototypeDocument) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mMidasCommandManager) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mAll) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mDocGroup) + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mFrameRequestManager) + + // Traverse all our nsCOMArrays. + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPreloadingImages) + + // Traverse animation components + if (tmp->mAnimationController) { + tmp->mAnimationController->Traverse(&cb); + } + + if (tmp->mSubDocuments) { + for (auto iter = tmp->mSubDocuments->Iter(); !iter.Done(); iter.Next()) { + auto entry = static_cast<SubDocMapEntry*>(iter.Get()); + + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mSubDocuments entry->mKey"); + cb.NoteXPCOMChild(entry->mKey); + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, + "mSubDocuments entry->mSubDocument"); + cb.NoteXPCOMChild(ToSupports(entry->mSubDocument)); + } + } + + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mCSSLoader) + + // We own only the items in mDOMMediaQueryLists that have listeners; + // this reference is managed by their AddListener and RemoveListener + // methods. + for (MediaQueryList* mql = tmp->mDOMMediaQueryLists.getFirst(); mql; + mql = static_cast<LinkedListElement<MediaQueryList>*>(mql)->getNext()) { + if (mql->HasListeners() && + NS_SUCCEEDED(mql->CheckCurrentGlobalCorrectness())) { + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mDOMMediaQueryLists item"); + cb.NoteXPCOMChild(static_cast<EventTarget*>(mql)); + } + } + + // XXX: This should be not needed once bug 1569185 lands. + for (const auto& entry : tmp->mL10nProtoElements) { + NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mL10nProtoElements key"); + cb.NoteXPCOMChild(entry.GetKey()); + CycleCollectionNoteChild(cb, entry.GetWeak(), "mL10nProtoElements value"); + } + + for (size_t i = 0; i < tmp->mPendingFrameStaticClones.Length(); ++i) { + NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPendingFrameStaticClones[i].mElement); + NS_IMPL_CYCLE_COLLECTION_TRAVERSE( + mPendingFrameStaticClones[i].mStaticCloneOf); + } + + for (auto& tableEntry : tmp->mActiveLocks) { + ImplCycleCollectionTraverse(cb, *tableEntry.GetModifiableData(), + "mActiveLocks entry", 0); + } +NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END + +NS_IMPL_CYCLE_COLLECTION_CLASS(Document) + +NS_IMPL_CYCLE_COLLECTION_TRACE_BEGIN(Document) + NS_IMPL_CYCLE_COLLECTION_TRACE_PRESERVED_WRAPPER + NS_IMPL_CYCLE_COLLECTION_TRACE_JS_MEMBER_CALLBACK(mCachedStateObject) +NS_IMPL_CYCLE_COLLECTION_TRACE_END + +NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(Document) + tmp->mInUnlinkOrDeletion = true; + + tmp->SetStateObject(nullptr); + + // Clear out our external resources + tmp->mExternalResourceMap.Shutdown(); + + nsAutoScriptBlocker scriptBlocker; + + nsINode::Unlink(tmp); + + while (tmp->HasChildren()) { + // Hold a strong ref to the node when we remove it, because we may be + // the last reference to it. + // If this code changes, change the corresponding code in Document's + // unlink impl and ContentUnbinder::UnbindSubtree. + nsCOMPtr<nsIContent> child = tmp->GetLastChild(); + tmp->DisconnectChild(child); + child->UnbindFromTree(); + } + + tmp->UnlinkOriginalDocumentIfStatic(); + + tmp->mCachedRootElement = nullptr; // Avoid a dangling pointer + + tmp->SetScriptGlobalObject(nullptr); + + for (auto& sheets : tmp->mAdditionalSheets) { + tmp->UnlinkStyleSheets(sheets); + } + + NS_IMPL_CYCLE_COLLECTION_UNLINK(mSecurityInfo) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mDisplayDocument) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mLazyLoadObserver) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mLastRememberedSizeObserver) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mFontFaceSet) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mReadyForIdle) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mDocumentL10n) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mHighlightRegistry) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mParser) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mOnloadBlocker) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mDOMImplementation) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mImageMaps) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mOrientationPendingPromise) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mOriginalDocument) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mCachedEncoder) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mDocumentTimeline) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mScrollTimelineAnimationTracker) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mTemplateContentsOwner) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mChildrenCollection) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mImages); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mEmbeds); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mLinks); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mForms); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mScripts); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mApplets); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mAnchors); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mAnonymousContents) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mCommandDispatcher) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mFeaturePolicy) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mSuppressedEventListener) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mPrototypeDocument) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mMidasCommandManager) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mAll) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mReferrerInfo) + NS_IMPL_CYCLE_COLLECTION_UNLINK(mPreloadReferrerInfo) + + if (tmp->mDocGroup && tmp->mDocGroup->GetBrowsingContextGroup()) { + tmp->mDocGroup->GetBrowsingContextGroup()->RemoveDocument(tmp, + tmp->mDocGroup); + } + tmp->mDocGroup = nullptr; + + if (tmp->IsTopLevelContentDocument()) { + RemoveToplevelLoadingDocument(tmp); + } + + tmp->mParentDocument = nullptr; + + NS_IMPL_CYCLE_COLLECTION_UNLINK(mPreloadingImages) + + NS_IMPL_CYCLE_COLLECTION_UNLINK(mIntersectionObservers) + + if (tmp->mListenerManager) { + tmp->mListenerManager->Disconnect(); + tmp->UnsetFlags(NODE_HAS_LISTENERMANAGER); + tmp->mListenerManager = nullptr; + } + + if (tmp->mStyleSheetSetList) { + tmp->mStyleSheetSetList->Disconnect(); + tmp->mStyleSheetSetList = nullptr; + } + + delete tmp->mSubDocuments; + tmp->mSubDocuments = nullptr; + + NS_IMPL_CYCLE_COLLECTION_UNLINK(mFrameRequestManager) + MOZ_RELEASE_ASSERT(!tmp->mFrameRequestCallbacksScheduled, + "How did we get here without our presshell going away " + "first?"); + + DocumentOrShadowRoot::Unlink(tmp); + + tmp->mRadioGroupContainer = nullptr; + + // Document has a pretty complex destructor, so we're going to + // assume that *most* cycles you actually want to break somewhere + // else, and not unlink an awful lot here. + + tmp->mExpandoAndGeneration.OwnerUnlinked(); + + if (tmp->mAnimationController) { + tmp->mAnimationController->Unlink(); + } + + tmp->mPendingTitleChangeEvent.Revoke(); + + if (tmp->mCSSLoader) { + tmp->mCSSLoader->DropDocumentReference(); + NS_IMPL_CYCLE_COLLECTION_UNLINK(mCSSLoader) + } + + // We own only the items in mDOMMediaQueryLists that have listeners; + // this reference is managed by their AddListener and RemoveListener + // methods. + for (MediaQueryList* mql = tmp->mDOMMediaQueryLists.getFirst(); mql;) { + MediaQueryList* next = + static_cast<LinkedListElement<MediaQueryList>*>(mql)->getNext(); + mql->Disconnect(); + mql = next; + } + + tmp->mPendingFrameStaticClones.Clear(); + + tmp->mActiveLocks.Clear(); + + tmp->mInUnlinkOrDeletion = false; + + tmp->UnregisterFromMemoryReportingForDataDocument(); + + NS_IMPL_CYCLE_COLLECTION_UNLINK(mL10nProtoElements) + NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_PTR + NS_IMPL_CYCLE_COLLECTION_UNLINK_WEAK_REFERENCE +NS_IMPL_CYCLE_COLLECTION_UNLINK_END + +nsresult Document::Init(nsIPrincipal* aPrincipal, + nsIPrincipal* aPartitionedPrincipal) { + if (mCSSLoader || mStyleImageLoader || mNodeInfoManager || mScriptLoader) { + return NS_ERROR_ALREADY_INITIALIZED; + } + + // Force initialization. + mOnloadBlocker = new OnloadBlocker(); + mStyleImageLoader = new css::ImageLoader(this); + + mNodeInfoManager = new nsNodeInfoManager(this, aPrincipal); + + // mNodeInfo keeps NodeInfoManager alive! + mNodeInfo = mNodeInfoManager->GetDocumentNodeInfo(); + NS_ENSURE_TRUE(mNodeInfo, NS_ERROR_OUT_OF_MEMORY); + MOZ_ASSERT(mNodeInfo->NodeType() == DOCUMENT_NODE, + "Bad NodeType in aNodeInfo"); + + NS_ASSERTION(OwnerDoc() == this, "Our nodeinfo is busted!"); + + mCSSLoader = new css::Loader(this); + // Assume we're not quirky, until we know otherwise + mCSSLoader->SetCompatibilityMode(eCompatibility_FullStandards); + + // If after creation the owner js global is not set for a document + // we use the default compartment for this document, instead of creating + // wrapper in some random compartment when the document is exposed to js + // via some events. + nsCOMPtr<nsIGlobalObject> global = + xpc::NativeGlobal(xpc::PrivilegedJunkScope()); + NS_ENSURE_TRUE(global, NS_ERROR_FAILURE); + mScopeObject = do_GetWeakReference(global); + MOZ_ASSERT(mScopeObject); + + mScriptLoader = new dom::ScriptLoader(this); + + // we need to create a policy here so getting the policy within + // ::Policy() can *always* return a non null policy + mFeaturePolicy = new dom::FeaturePolicy(this); + mFeaturePolicy->SetDefaultOrigin(NodePrincipal()); + + if (aPrincipal) { + SetPrincipals(aPrincipal, aPartitionedPrincipal); + } else { + RecomputeResistFingerprinting(); + } + + return NS_OK; +} + +void Document::RemoveAllProperties() { PropertyTable().RemoveAllProperties(); } + +void Document::RemoveAllPropertiesFor(nsINode* aNode) { + PropertyTable().RemoveAllPropertiesFor(aNode); +} + +void Document::Reset(nsIChannel* aChannel, nsILoadGroup* aLoadGroup) { + nsCOMPtr<nsIURI> uri; + nsCOMPtr<nsIPrincipal> principal; + nsCOMPtr<nsIPrincipal> partitionedPrincipal; + if (aChannel) { + mIsInPrivateBrowsing = NS_UsePrivateBrowsing(aChannel); + + // Note: this code is duplicated in PrototypeDocumentContentSink::Init and + // nsScriptSecurityManager::GetChannelResultPrincipals. + // Note: this should match the uri used for the OnNewURI call in + // nsDocShell::CreateDocumentViewer. + NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri)); + + nsIScriptSecurityManager* securityManager = + nsContentUtils::GetSecurityManager(); + if (securityManager) { + securityManager->GetChannelResultPrincipals( + aChannel, getter_AddRefs(principal), + getter_AddRefs(partitionedPrincipal)); + } + } + + bool equal = principal->Equals(partitionedPrincipal); + + principal = MaybeDowngradePrincipal(principal); + if (equal) { + partitionedPrincipal = principal; + } else { + partitionedPrincipal = MaybeDowngradePrincipal(partitionedPrincipal); + } + + ResetToURI(uri, aLoadGroup, principal, partitionedPrincipal); + + // Note that, since mTiming does not change during a reset, the + // navigationStart time remains unchanged and therefore any future new + // timeline will have the same global clock time as the old one. + mDocumentTimeline = nullptr; + + if (nsCOMPtr<nsIPropertyBag2> bag = do_QueryInterface(aChannel)) { + if (nsCOMPtr<nsIURI> baseURI = do_GetProperty(bag, u"baseURI"_ns)) { + mDocumentBaseURI = baseURI.forget(); + mChromeXHRDocBaseURI = nullptr; + } + } + + mChannel = aChannel; + RecomputeResistFingerprinting(); +} + +void Document::DisconnectNodeTree() { + // Delete references to sub-documents and kill the subdocument map, + // if any. This is not strictly needed, but makes the node tree + // teardown a bit faster. + delete mSubDocuments; + mSubDocuments = nullptr; + + bool oldVal = mInUnlinkOrDeletion; + mInUnlinkOrDeletion = true; + { // Scope for update + MOZ_AUTO_DOC_UPDATE(this, true); + + // Destroy link map now so we don't waste time removing + // links one by one + DestroyElementMaps(); + + // Invalidate cached array of child nodes + InvalidateChildNodes(); + + while (HasChildren()) { + nsMutationGuard::DidMutate(); + nsCOMPtr<nsIContent> content = GetLastChild(); + nsIContent* previousSibling = content->GetPreviousSibling(); + DisconnectChild(content); + if (content == mCachedRootElement) { + // Immediately clear mCachedRootElement, now that it's been removed + // from mChildren, so that GetRootElement() will stop returning this + // now-stale value. + mCachedRootElement = nullptr; + } + MutationObservers::NotifyContentRemoved(this, content, previousSibling); + content->UnbindFromTree(); + } + MOZ_ASSERT(!mCachedRootElement, + "After removing all children, there should be no root elem"); + } + mInUnlinkOrDeletion = oldVal; +} + +void Document::ResetToURI(nsIURI* aURI, nsILoadGroup* aLoadGroup, + nsIPrincipal* aPrincipal, + nsIPrincipal* aPartitionedPrincipal) { + MOZ_ASSERT(aURI, "Null URI passed to ResetToURI"); + MOZ_ASSERT(!!aPrincipal == !!aPartitionedPrincipal); + + MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, + ("DOCUMENT %p ResetToURI %s", this, aURI->GetSpecOrDefault().get())); + + mSecurityInfo = nullptr; + + nsCOMPtr<nsILoadGroup> group = do_QueryReferent(mDocumentLoadGroup); + if (!aLoadGroup || group != aLoadGroup) { + mDocumentLoadGroup = nullptr; + } + + DisconnectNodeTree(); + + // Reset our stylesheets + ResetStylesheetsToURI(aURI); + + // Release the listener manager + if (mListenerManager) { + mListenerManager->Disconnect(); + mListenerManager = nullptr; + } + + // Release the stylesheets list. + mDOMStyleSheets = nullptr; + + // Release our principal after tearing down the document, rather than before. + // This ensures that, during teardown, the document and the dying window + // (which already nulled out its document pointer and cached the principal) + // have matching principals. + SetPrincipals(nullptr, nullptr); + + // Clear the original URI so SetDocumentURI sets it. + mOriginalURI = nullptr; + + SetDocumentURI(aURI); + mChromeXHRDocURI = nullptr; + // If mDocumentBaseURI is null, Document::GetBaseURI() returns + // mDocumentURI. + mDocumentBaseURI = nullptr; + mChromeXHRDocBaseURI = nullptr; + + if (aLoadGroup) { + nsCOMPtr<nsIInterfaceRequestor> callbacks; + aLoadGroup->GetNotificationCallbacks(getter_AddRefs(callbacks)); + if (callbacks) { + nsCOMPtr<nsILoadContext> loadContext = do_GetInterface(callbacks); + if (loadContext) { + // This is asserting that if we previously set mIsInPrivateBrowsing + // to true from the channel in Document::Reset, that the loadContext + // also believes it to be true. + // MOZ_ASSERT(!mIsInPrivateBrowsing || + // mIsInPrivateBrowsing == loadContext->UsePrivateBrowsing()); + mIsInPrivateBrowsing = loadContext->UsePrivateBrowsing(); + } + } + + mDocumentLoadGroup = do_GetWeakReference(aLoadGroup); + // there was an assertion here that aLoadGroup was not null. This + // is no longer valid: nsDocShell::SetDocument does not create a + // load group, and it works just fine + + // XXXbz what does "just fine" mean exactly? And given that there + // is no nsDocShell::SetDocument, what is this talking about? + + if (IsContentDocument()) { + // Inform the associated request context about this load start so + // any of its internal load progress flags gets reset. + nsCOMPtr<nsIRequestContextService> rcsvc = + net::RequestContextService::GetOrCreate(); + if (rcsvc) { + nsCOMPtr<nsIRequestContext> rc; + rcsvc->GetRequestContextFromLoadGroup(aLoadGroup, getter_AddRefs(rc)); + if (rc) { + rc->BeginLoad(); + } + } + } + } + + mLastModified.Truncate(); + // XXXbz I guess we're assuming that the caller will either pass in + // a channel with a useful type or call SetContentType? + SetContentType(""_ns); + mContentLanguage = nullptr; + mBaseTarget.Truncate(); + + mXMLDeclarationBits = 0; + + // Now get our new principal + if (aPrincipal) { + SetPrincipals(aPrincipal, aPartitionedPrincipal); + } else { + nsIScriptSecurityManager* securityManager = + nsContentUtils::GetSecurityManager(); + if (securityManager) { + nsCOMPtr<nsILoadContext> loadContext(mDocumentContainer); + + if (!loadContext && aLoadGroup) { + nsCOMPtr<nsIInterfaceRequestor> cbs; + aLoadGroup->GetNotificationCallbacks(getter_AddRefs(cbs)); + loadContext = do_GetInterface(cbs); + } + + MOZ_ASSERT(loadContext, + "must have a load context or pass in an explicit principal"); + + nsCOMPtr<nsIPrincipal> principal; + nsresult rv = securityManager->GetLoadContextContentPrincipal( + mDocumentURI, loadContext, getter_AddRefs(principal)); + if (NS_SUCCEEDED(rv)) { + SetPrincipals(principal, principal); + } + } + } + + if (mFontFaceSet) { + mFontFaceSet->RefreshStandardFontLoadPrincipal(); + } + + // Refresh the principal on the realm. + if (nsPIDOMWindowInner* win = GetInnerWindow()) { + nsGlobalWindowInner::Cast(win)->RefreshRealmPrincipal(); + } +} + +already_AddRefed<nsIPrincipal> Document::MaybeDowngradePrincipal( + nsIPrincipal* aPrincipal) { + if (!aPrincipal) { + return nullptr; + } + + // We can't load a document with an expanded principal. If we're given one, + // automatically downgrade it to the last principal it subsumes (which is the + // extension principal, in the case of extension content scripts). + auto* basePrin = BasePrincipal::Cast(aPrincipal); + if (basePrin->Is<ExpandedPrincipal>()) { + MOZ_DIAGNOSTIC_ASSERT(false, + "Should never try to create a document with " + "an expanded principal"); + + auto* expanded = basePrin->As<ExpandedPrincipal>(); + return do_AddRef(expanded->AllowList().LastElement()); + } + + if (aPrincipal->IsSystemPrincipal() && mDocumentContainer) { + // We basically want the parent document here, but because this is very + // early in the load, GetInProcessParentDocument() returns null, so we use + // the docshell hierarchy to get this information instead. + if (RefPtr<BrowsingContext> parent = + mDocumentContainer->GetBrowsingContext()->GetParent()) { + auto* parentWin = nsGlobalWindowOuter::Cast(parent->GetDOMWindow()); + if (!parentWin || !parentWin->GetPrincipal()->IsSystemPrincipal()) { + nsCOMPtr<nsIPrincipal> nullPrincipal = + NullPrincipal::CreateWithoutOriginAttributes(); + return nullPrincipal.forget(); + } + } + } + nsCOMPtr<nsIPrincipal> principal(aPrincipal); + return principal.forget(); +} + +size_t Document::FindDocStyleSheetInsertionPoint(const StyleSheet& aSheet) { + nsStyleSheetService* sheetService = nsStyleSheetService::GetInstance(); + ServoStyleSet& styleSet = EnsureStyleSet(); + + // lowest index first + int32_t newDocIndex = StyleOrderIndexOfSheet(aSheet); + + size_t count = styleSet.SheetCount(StyleOrigin::Author); + size_t index = 0; + for (; index < count; index++) { + auto* sheet = styleSet.SheetAt(StyleOrigin::Author, index); + MOZ_ASSERT(sheet); + int32_t sheetDocIndex = StyleOrderIndexOfSheet(*sheet); + if (sheetDocIndex > newDocIndex) { + break; + } + + // If the sheet is not owned by the document it can be an author + // sheet registered at nsStyleSheetService or an additional author + // sheet on the document, which means the new + // doc sheet should end up before it. + if (sheetDocIndex < 0) { + if (sheetService) { + auto& authorSheets = *sheetService->AuthorStyleSheets(); + if (authorSheets.IndexOf(sheet) != authorSheets.NoIndex) { + break; + } + } + if (sheet == GetFirstAdditionalAuthorSheet()) { + break; + } + } + } + + return index; +} + +void Document::ResetStylesheetsToURI(nsIURI* aURI) { + MOZ_ASSERT(aURI); + + ClearAdoptedStyleSheets(); + ServoStyleSet& styleSet = EnsureStyleSet(); + + auto ClearSheetList = [&](nsTArray<RefPtr<StyleSheet>>& aSheetList) { + for (auto& sheet : Reversed(aSheetList)) { + sheet->ClearAssociatedDocumentOrShadowRoot(); + if (mStyleSetFilled) { + styleSet.RemoveStyleSheet(*sheet); + } + } + aSheetList.Clear(); + }; + ClearSheetList(mStyleSheets); + for (auto& sheets : mAdditionalSheets) { + ClearSheetList(sheets); + } + if (mStyleSetFilled) { + if (auto* ss = nsStyleSheetService::GetInstance()) { + for (auto& sheet : Reversed(*ss->AuthorStyleSheets())) { + MOZ_ASSERT(!sheet->GetAssociatedDocumentOrShadowRoot()); + if (sheet->IsApplicable()) { + styleSet.RemoveStyleSheet(*sheet); + } + } + } + } + + // Now reset our inline style and attribute sheets. + if (mAttributeStyles) { + mAttributeStyles->Reset(); + mAttributeStyles->SetOwningDocument(this); + } else { + mAttributeStyles = new AttributeStyles(this); + } + + if (mStyleSetFilled) { + FillStyleSetDocumentSheets(); + + if (styleSet.StyleSheetsHaveChanged()) { + ApplicableStylesChanged(); + } + } +} + +static void AppendSheetsToStyleSet( + ServoStyleSet* aStyleSet, const nsTArray<RefPtr<StyleSheet>>& aSheets) { + for (StyleSheet* sheet : Reversed(aSheets)) { + aStyleSet->AppendStyleSheet(*sheet); + } +} + +void Document::FillStyleSetUserAndUASheets() { + // Make sure this does the same thing as PresShell::Add{User,Agent}Sheet wrt + // ordering. + + // The document will fill in the document sheets when we create the presshell + auto* cache = GlobalStyleSheetCache::Singleton(); + + nsStyleSheetService* sheetService = nsStyleSheetService::GetInstance(); + MOZ_ASSERT(sheetService, + "should never be creating a StyleSet after the style sheet " + "service has gone"); + + ServoStyleSet& styleSet = EnsureStyleSet(); + for (StyleSheet* sheet : *sheetService->UserStyleSheets()) { + styleSet.AppendStyleSheet(*sheet); + } + + StyleSheet* sheet = IsInChromeDocShell() ? cache->GetUserChromeSheet() + : cache->GetUserContentSheet(); + if (sheet) { + styleSet.AppendStyleSheet(*sheet); + } + + styleSet.AppendStyleSheet(*cache->UASheet()); + + if (MOZ_LIKELY(NodeInfoManager()->MathMLEnabled())) { + styleSet.AppendStyleSheet(*cache->MathMLSheet()); + } + + if (MOZ_LIKELY(NodeInfoManager()->SVGEnabled())) { + styleSet.AppendStyleSheet(*cache->SVGSheet()); + } + + styleSet.AppendStyleSheet(*cache->HTMLSheet()); + + if (nsLayoutUtils::ShouldUseNoFramesSheet(this)) { + styleSet.AppendStyleSheet(*cache->NoFramesSheet()); + } + + styleSet.AppendStyleSheet(*cache->CounterStylesSheet()); + + // Only load the full XUL sheet if we'll need it. + if (LoadsFullXULStyleSheetUpFront()) { + styleSet.AppendStyleSheet(*cache->XULSheet()); + } + + styleSet.AppendStyleSheet(*cache->FormsSheet()); + styleSet.AppendStyleSheet(*cache->ScrollbarsSheet()); + + for (StyleSheet* sheet : *sheetService->AgentStyleSheets()) { + styleSet.AppendStyleSheet(*sheet); + } + + MOZ_ASSERT(!mQuirkSheetAdded); + if (NeedsQuirksSheet()) { + styleSet.AppendStyleSheet(*cache->QuirkSheet()); + mQuirkSheetAdded = true; + } +} + +void Document::FillStyleSet() { + MOZ_ASSERT(!mStyleSetFilled); + FillStyleSetUserAndUASheets(); + FillStyleSetDocumentSheets(); + mStyleSetFilled = true; +} + +void Document::RemoveContentEditableStyleSheets() { + MOZ_ASSERT(IsHTMLOrXHTML()); + + ServoStyleSet& styleSet = EnsureStyleSet(); + auto* cache = GlobalStyleSheetCache::Singleton(); + bool changed = false; + if (mDesignModeSheetAdded) { + styleSet.RemoveStyleSheet(*cache->DesignModeSheet()); + mDesignModeSheetAdded = false; + changed = true; + } + if (mContentEditableSheetAdded) { + styleSet.RemoveStyleSheet(*cache->ContentEditableSheet()); + mContentEditableSheetAdded = false; + changed = true; + } + if (changed) { + MOZ_ASSERT(mStyleSetFilled); + ApplicableStylesChanged(); + } +} + +void Document::AddContentEditableStyleSheetsToStyleSet(bool aDesignMode) { + MOZ_ASSERT(IsHTMLOrXHTML()); + MOZ_DIAGNOSTIC_ASSERT(mStyleSetFilled, + "Caller should ensure we're being rendered"); + + ServoStyleSet& styleSet = EnsureStyleSet(); + auto* cache = GlobalStyleSheetCache::Singleton(); + bool changed = false; + if (!mContentEditableSheetAdded) { + styleSet.AppendStyleSheet(*cache->ContentEditableSheet()); + mContentEditableSheetAdded = true; + changed = true; + } + if (mDesignModeSheetAdded != aDesignMode) { + if (mDesignModeSheetAdded) { + styleSet.RemoveStyleSheet(*cache->DesignModeSheet()); + } else { + styleSet.AppendStyleSheet(*cache->DesignModeSheet()); + } + mDesignModeSheetAdded = !mDesignModeSheetAdded; + changed = true; + } + if (changed) { + ApplicableStylesChanged(); + } +} + +void Document::FillStyleSetDocumentSheets() { + ServoStyleSet& styleSet = EnsureStyleSet(); + MOZ_ASSERT(styleSet.SheetCount(StyleOrigin::Author) == 0, + "Style set already has document sheets?"); + + // Sheets are added in reverse order to avoid worst-case time complexity when + // looking up the index of a sheet. + // + // Note that usually appending is faster (rebuilds less stuff in the + // styleset), but in this case it doesn't matter since we're filling the + // styleset from scratch anyway. + for (StyleSheet* sheet : Reversed(mStyleSheets)) { + if (sheet->IsApplicable()) { + styleSet.AddDocStyleSheet(*sheet); + } + } + + EnumerateUniqueAdoptedStyleSheetsBackToFront([&](StyleSheet& aSheet) { + if (aSheet.IsApplicable()) { + styleSet.AddDocStyleSheet(aSheet); + } + }); + + nsStyleSheetService* sheetService = nsStyleSheetService::GetInstance(); + for (StyleSheet* sheet : *sheetService->AuthorStyleSheets()) { + styleSet.AppendStyleSheet(*sheet); + } + + AppendSheetsToStyleSet(&styleSet, mAdditionalSheets[eAgentSheet]); + AppendSheetsToStyleSet(&styleSet, mAdditionalSheets[eUserSheet]); + AppendSheetsToStyleSet(&styleSet, mAdditionalSheets[eAuthorSheet]); +} + +void Document::CompatibilityModeChanged() { + MOZ_ASSERT(IsHTMLOrXHTML()); + CSSLoader()->SetCompatibilityMode(mCompatMode); + + if (mStyleSet) { + mStyleSet->CompatibilityModeChanged(); + } + if (!mStyleSetFilled) { + MOZ_ASSERT(!mQuirkSheetAdded); + return; + } + + MOZ_ASSERT(mStyleSet); + if (PresShell* presShell = GetPresShell()) { + // Selectors may have become case-sensitive / case-insensitive, the stylist + // has already performed the relevant invalidation. + presShell->EnsureStyleFlush(); + } + if (mQuirkSheetAdded == NeedsQuirksSheet()) { + return; + } + auto* cache = GlobalStyleSheetCache::Singleton(); + StyleSheet* sheet = cache->QuirkSheet(); + if (mQuirkSheetAdded) { + mStyleSet->RemoveStyleSheet(*sheet); + } else { + mStyleSet->AppendStyleSheet(*sheet); + } + mQuirkSheetAdded = !mQuirkSheetAdded; + ApplicableStylesChanged(); +} + +void Document::SetCompatibilityMode(nsCompatibility aMode) { + NS_ASSERTION(IsHTMLDocument() || aMode == eCompatibility_FullStandards, + "Bad compat mode for XHTML document!"); + + if (mCompatMode == aMode) { + return; + } + mCompatMode = aMode; + CompatibilityModeChanged(); + // Trigger recomputation of the nsViewportInfo the next time it's queried. + mViewportType = Unknown; +} + +static void WarnIfSandboxIneffective(nsIDocShell* aDocShell, + uint32_t aSandboxFlags, + nsIChannel* aChannel) { + // If the document permits allow-top-navigation and + // allow-top-navigation-by-user-activation this will permit all top + // navigation. + if (aSandboxFlags != SANDBOXED_NONE && + !(aSandboxFlags & SANDBOXED_TOPLEVEL_NAVIGATION) && + !(aSandboxFlags & SANDBOXED_TOPLEVEL_NAVIGATION_USER_ACTIVATION)) { + nsContentUtils::ReportToConsole( + nsIScriptError::warningFlag, "Iframe Sandbox"_ns, + aDocShell->GetDocument(), nsContentUtils::eSECURITY_PROPERTIES, + "BothAllowTopNavigationAndUserActivationPresent"); + } + // If the document is sandboxed (via the HTML5 iframe sandbox + // attribute) and both the allow-scripts and allow-same-origin + // keywords are supplied, the sandboxed document can call into its + // parent document and remove its sandboxing entirely - we print a + // warning to the web console in this case. + if (aSandboxFlags & SANDBOXED_NAVIGATION && + !(aSandboxFlags & SANDBOXED_SCRIPTS) && + !(aSandboxFlags & SANDBOXED_ORIGIN)) { + RefPtr<BrowsingContext> bc = aDocShell->GetBrowsingContext(); + MOZ_ASSERT(bc->IsInProcess()); + + RefPtr<BrowsingContext> parentBC = bc->GetParent(); + if (!parentBC || !parentBC->IsInProcess()) { + // If parent document is not in process, then by construction it + // cannot be same origin. + return; + } + + // Don't warn if our parent is not the top-level document. + if (!parentBC->IsTopContent()) { + return; + } + + nsCOMPtr<nsIDocShell> parentDocShell = parentBC->GetDocShell(); + MOZ_ASSERT(parentDocShell); + + nsCOMPtr<nsIChannel> parentChannel; + parentDocShell->GetCurrentDocumentChannel(getter_AddRefs(parentChannel)); + if (!parentChannel) { + return; + } + nsresult rv = nsContentUtils::CheckSameOrigin(aChannel, parentChannel); + if (NS_FAILED(rv)) { + return; + } + + nsCOMPtr<Document> parentDocument = parentDocShell->GetDocument(); + nsCOMPtr<nsIURI> iframeUri; + parentChannel->GetURI(getter_AddRefs(iframeUri)); + nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, + "Iframe Sandbox"_ns, parentDocument, + nsContentUtils::eSECURITY_PROPERTIES, + "BothAllowScriptsAndSameOriginPresent", + nsTArray<nsString>(), iframeUri); + } +} + +bool Document::IsSynthesized() { + nsCOMPtr<nsILoadInfo> loadInfo = mChannel ? mChannel->LoadInfo() : nullptr; + return loadInfo && loadInfo->GetServiceWorkerTaintingSynthesized(); +} + +// static +bool Document::IsCallerChromeOrAddon(JSContext* aCx, JSObject* aObject) { + nsIPrincipal* principal = nsContentUtils::SubjectPrincipal(aCx); + return principal && (principal->IsSystemPrincipal() || + principal->GetIsAddonOrExpandedAddonPrincipal()); +} + +static void CheckIsBadPolicy(nsILoadInfo::CrossOriginOpenerPolicy aPolicy, + BrowsingContext* aContext, nsIChannel* aChannel) { +#if defined(EARLY_BETA_OR_EARLIER) + auto requireCORP = + nsILoadInfo::OPENER_POLICY_SAME_ORIGIN_EMBEDDER_POLICY_REQUIRE_CORP; + + if (aContext->GetOpenerPolicy() == aPolicy || + (aContext->GetOpenerPolicy() != requireCORP && aPolicy != requireCORP)) { + return; + } + + nsCOMPtr<nsIURI> uri; + bool hasURI = NS_SUCCEEDED(aChannel->GetOriginalURI(getter_AddRefs(uri))); + + bool isViewSource = hasURI && uri->SchemeIs("view-source"); + + nsCString contentType; + nsCOMPtr<nsIPropertyBag2> bag = do_QueryInterface(aChannel); + bool isPDFJS = bag && + NS_SUCCEEDED(bag->GetPropertyAsACString(u"contentType"_ns, + contentType)) && + contentType.EqualsLiteral(APPLICATION_PDF); + + MOZ_DIAGNOSTIC_ASSERT(!isViewSource, + "Bug 1834864: Assert due to view-source."); + MOZ_DIAGNOSTIC_ASSERT(!isPDFJS, "Bug 1834864: Assert due to pdfjs."); + MOZ_DIAGNOSTIC_ASSERT(aPolicy == requireCORP, + "Assert due to clearing REQUIRE_CORP."); + MOZ_DIAGNOSTIC_ASSERT(aContext->GetOpenerPolicy() == requireCORP, + "Assert due to setting REQUIRE_CORP."); +#endif // defined(EARLY_BETA_OR_EARLIER) +} + +nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel, + nsILoadGroup* aLoadGroup, + nsISupports* aContainer, + nsIStreamListener** aDocListener, + bool aReset) { + if (MOZ_LOG_TEST(gDocumentLeakPRLog, LogLevel::Debug)) { + nsCOMPtr<nsIURI> uri; + aChannel->GetURI(getter_AddRefs(uri)); + MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, + ("DOCUMENT %p StartDocumentLoad %s", this, + uri ? uri->GetSpecOrDefault().get() : "")); + } + + MOZ_ASSERT(GetReadyStateEnum() == Document::READYSTATE_UNINITIALIZED, + "Bad readyState"); + SetReadyStateInternal(READYSTATE_LOADING); + + if (nsCRT::strcmp(kLoadAsData, aCommand) == 0) { + mLoadedAsData = true; + SetLoadedAsData(true, /* aConsiderForMemoryReporting */ true); + // We need to disable script & style loading in this case. + // We leave them disabled even in EndLoad(), and let anyone + // who puts the document on display to worry about enabling. + + // Do not load/process scripts when loading as data + ScriptLoader()->SetEnabled(false); + + // styles + CSSLoader()->SetEnabled( + false); // Do not load/process styles when loading as data + } else if (nsCRT::strcmp("external-resource", aCommand) == 0) { + // Allow CSS, but not scripts + ScriptLoader()->SetEnabled(false); + } + + mMayStartLayout = false; + MOZ_ASSERT(!mReadyForIdle, + "We should never hit DOMContentLoaded before this point"); + + if (aReset) { + Reset(aChannel, aLoadGroup); + } + + nsAutoCString contentType; + nsCOMPtr<nsIPropertyBag2> bag = do_QueryInterface(aChannel); + if ((bag && NS_SUCCEEDED(bag->GetPropertyAsACString(u"contentType"_ns, + contentType))) || + NS_SUCCEEDED(aChannel->GetContentType(contentType))) { + // XXX this is only necessary for viewsource: + nsACString::const_iterator start, end, semicolon; + contentType.BeginReading(start); + contentType.EndReading(end); + semicolon = start; + FindCharInReadable(';', semicolon, end); + SetContentType(Substring(start, semicolon)); + } + + RetrieveRelevantHeaders(aChannel); + + mChannel = aChannel; + RecomputeResistFingerprinting(); + nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(mChannel); + if (inStrmChan) { + bool isSrcdocChannel; + inStrmChan->GetIsSrcdocChannel(&isSrcdocChannel); + if (isSrcdocChannel) { + mIsSrcdocDocument = true; + } + } + + if (mChannel) { + nsLoadFlags loadFlags; + mChannel->GetLoadFlags(&loadFlags); + bool isDocument = false; + mChannel->GetIsDocument(&isDocument); + if (loadFlags & nsIRequest::LOAD_DOCUMENT_NEEDS_COOKIE && isDocument && + IsSynthesized() && XRE_IsContentProcess()) { + ContentChild::UpdateCookieStatus(mChannel); + } + + // Store the security info for future use. + mChannel->GetSecurityInfo(getter_AddRefs(mSecurityInfo)); + } + + // If this document is being loaded by a docshell, copy its sandbox flags + // to the document, and store the fullscreen enabled flag. These are + // immutable after being set here. + nsCOMPtr<nsIDocShell> docShell = do_QueryInterface(aContainer); + + // If this is an error page, don't inherit sandbox flags + nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); + if (docShell && !loadInfo->GetLoadErrorPage()) { + mSandboxFlags = loadInfo->GetSandboxFlags(); + WarnIfSandboxIneffective(docShell, mSandboxFlags, GetChannel()); + } + + // Set the opener policy for the top level content document. + nsCOMPtr<nsIHttpChannelInternal> httpChan = do_QueryInterface(mChannel); + nsILoadInfo::CrossOriginOpenerPolicy policy = + nsILoadInfo::OPENER_POLICY_UNSAFE_NONE; + if (IsTopLevelContentDocument() && httpChan && + NS_SUCCEEDED(httpChan->GetCrossOriginOpenerPolicy(&policy)) && docShell && + docShell->GetBrowsingContext()) { + CheckIsBadPolicy(policy, docShell->GetBrowsingContext(), aChannel); + + // Setting the opener policy on a discarded context has no effect. + Unused << docShell->GetBrowsingContext()->SetOpenerPolicy(policy); + } + + // The CSP directives upgrade-insecure-requests as well as + // block-all-mixed-content not only apply to the toplevel document, + // but also to nested documents. The loadInfo of a subdocument + // load already holds the correct flag, so let's just set it here + // on the document. Please note that we set the appropriate preload + // bits just for the sake of completeness here, because the preloader + // does not reach into subdocuments. + mUpgradeInsecureRequests = loadInfo->GetUpgradeInsecureRequests(); + mUpgradeInsecurePreloads = mUpgradeInsecureRequests; + mBlockAllMixedContent = loadInfo->GetBlockAllMixedContent(); + mBlockAllMixedContentPreloads = mBlockAllMixedContent; + + // HTTPS-Only Mode flags + // The HTTPS_ONLY_EXEMPT flag of the HTTPS-Only state gets propagated to all + // sub-resources and sub-documents. + mHttpsOnlyStatus = loadInfo->GetHttpsOnlyStatus(); + + nsresult rv = InitReferrerInfo(aChannel); + NS_ENSURE_SUCCESS(rv, rv); + + rv = InitCOEP(aChannel); + NS_ENSURE_SUCCESS(rv, rv); + + // HACK: Calling EnsureIPCPoliciesRead() here will parse the CSP using the + // context's current mSelfURI (which is still the previous mSelfURI), + // bypassing some internal bugs with 'self' and iframe inheritance. + // Not calling it here results in the mSelfURI being the current mSelfURI and + // not the previous which breaks said inheritance. + // https://bugzilla.mozilla.org/show_bug.cgi?id=1793560#ch-8 + nsCOMPtr<nsIContentSecurityPolicy> cspToInherit = loadInfo->GetCspToInherit(); + if (cspToInherit) { + cspToInherit->EnsureIPCPoliciesRead(); + } + + rv = InitCSP(aChannel); + NS_ENSURE_SUCCESS(rv, rv); + + // Initialize FeaturePolicy + rv = InitFeaturePolicy(aChannel); + NS_ENSURE_SUCCESS(rv, rv); + + rv = loadInfo->GetCookieJarSettings(getter_AddRefs(mCookieJarSettings)); + NS_ENSURE_SUCCESS(rv, rv); + + // Generally XFO and CSP frame-ancestors is handled within + // DocumentLoadListener. However, the DocumentLoadListener can not handle + // object and embed. Until then we have to enforce it here (See Bug 1646899). + nsContentPolicyType internalContentType = + loadInfo->InternalContentPolicyType(); + if (internalContentType == nsIContentPolicy::TYPE_INTERNAL_OBJECT || + internalContentType == nsIContentPolicy::TYPE_INTERNAL_EMBED) { + nsContentSecurityUtils::PerformCSPFrameAncestorAndXFOCheck(aChannel); + + nsresult status; + aChannel->GetStatus(&status); + if (status == NS_ERROR_XFO_VIOLATION) { + // stop! ERROR page! + // But before we have to reset the principal of the document + // because the onload() event fires before the error page + // is displayed and we do not want the enclosing document + // to access the contentDocument. + RefPtr<NullPrincipal> nullPrincipal = + NullPrincipal::CreateWithInheritedAttributes(NodePrincipal()); + // Before calling SetPrincipals() we should ensure that mFontFaceSet + // and also GetInnerWindow() is still null at this point, before + // we can fix Bug 1614735: Evaluate calls to SetPrincipal + // within Document.cpp + MOZ_ASSERT(!mFontFaceSet && !GetInnerWindow()); + SetPrincipals(nullPrincipal, nullPrincipal); + } + } + + return NS_OK; +} + +void Document::SetLoadedAsData(bool aLoadedAsData, + bool aConsiderForMemoryReporting) { + mLoadedAsData = aLoadedAsData; + if (aConsiderForMemoryReporting) { + nsIGlobalObject* global = GetScopeObject(); + if (global) { + if (nsPIDOMWindowInner* window = global->GetAsInnerWindow()) { + nsGlobalWindowInner::Cast(window) + ->RegisterDataDocumentForMemoryReporting(this); + } + } + } +} + +nsIContentSecurityPolicy* Document::GetCsp() const { return mCSP; } + +void Document::SetCsp(nsIContentSecurityPolicy* aCSP) { mCSP = aCSP; } + +nsIContentSecurityPolicy* Document::GetPreloadCsp() const { + return mPreloadCSP; +} + +void Document::SetPreloadCsp(nsIContentSecurityPolicy* aPreloadCSP) { + mPreloadCSP = aPreloadCSP; +} + +void Document::GetCspJSON(nsString& aJSON) { + aJSON.Truncate(); + + if (!mCSP) { + dom::CSPPolicies jsonPolicies; + jsonPolicies.ToJSON(aJSON); + return; + } + mCSP->ToJSON(aJSON); +} + +void Document::SendToConsole(nsCOMArray<nsISecurityConsoleMessage>& aMessages) { + for (uint32_t i = 0; i < aMessages.Length(); ++i) { + nsAutoString messageTag; + aMessages[i]->GetTag(messageTag); + + nsAutoString category; + aMessages[i]->GetCategory(category); + + nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, + NS_ConvertUTF16toUTF8(category), this, + nsContentUtils::eSECURITY_PROPERTIES, + NS_ConvertUTF16toUTF8(messageTag).get()); + } +} + +void Document::ApplySettingsFromCSP(bool aSpeculative) { + nsresult rv = NS_OK; + if (!aSpeculative) { + // 1) apply settings from regular CSP + if (mCSP) { + // Set up 'block-all-mixed-content' if not already inherited + // from the parent context or set by any other CSP. + if (!mBlockAllMixedContent) { + bool block = false; + rv = mCSP->GetBlockAllMixedContent(&block); + NS_ENSURE_SUCCESS_VOID(rv); + mBlockAllMixedContent = block; + } + if (!mBlockAllMixedContentPreloads) { + mBlockAllMixedContentPreloads = mBlockAllMixedContent; + } + + // Set up 'upgrade-insecure-requests' if not already inherited + // from the parent context or set by any other CSP. + if (!mUpgradeInsecureRequests) { + bool upgrade = false; + rv = mCSP->GetUpgradeInsecureRequests(&upgrade); + NS_ENSURE_SUCCESS_VOID(rv); + mUpgradeInsecureRequests = upgrade; + } + if (!mUpgradeInsecurePreloads) { + mUpgradeInsecurePreloads = mUpgradeInsecureRequests; + } + // Update csp settings in the parent process + if (auto* wgc = GetWindowGlobalChild()) { + wgc->SendUpdateDocumentCspSettings(mBlockAllMixedContent, + mUpgradeInsecureRequests); + } + } + return; + } + + // 2) apply settings from speculative csp + if (mPreloadCSP) { + if (!mBlockAllMixedContentPreloads) { + bool block = false; + rv = mPreloadCSP->GetBlockAllMixedContent(&block); + NS_ENSURE_SUCCESS_VOID(rv); + mBlockAllMixedContent = block; + } + if (!mUpgradeInsecurePreloads) { + bool upgrade = false; + rv = mPreloadCSP->GetUpgradeInsecureRequests(&upgrade); + NS_ENSURE_SUCCESS_VOID(rv); + mUpgradeInsecurePreloads = upgrade; + } + } +} + +nsresult Document::InitCSP(nsIChannel* aChannel) { + MOZ_ASSERT(!mScriptGlobalObject, + "CSP must be initialized before mScriptGlobalObject is set!"); + + // If this is a data document - no need to set CSP. + if (mLoadedAsData) { + return NS_OK; + } + + // If this is an image, no need to set a CSP. Otherwise SVG images + // served with a CSP might block internally applied inline styles. + nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo(); + if (loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_IMAGE || + loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_IMAGESET) { + return NS_OK; + } + + MOZ_ASSERT(!mCSP, "where did mCSP get set if not here?"); + + // If there is a CSP that needs to be inherited from whatever + // global is considered the client of the document fetch then + // we query it here from the loadinfo in case the newly created + // document needs to inherit the CSP. See: + // https://w3c.github.io/webappsec-csp/#initialize-document-csp + bool inheritedCSP = CSP_ShouldResponseInheritCSP(aChannel); + if (inheritedCSP) { + mCSP = loadInfo->GetCspToInherit(); + } + + // If there is no CSP to inherit, then we create a new CSP here so + // that history entries always have the right reference in case a + // Meta CSP gets dynamically added after the history entry has + // already been created. + if (!mCSP) { + mCSP = new nsCSPContext(); + } + + // Always overwrite the requesting context of the CSP so that any new + // 'self' keyword added to an inherited CSP translates correctly. + nsresult rv = mCSP->SetRequestContextWithDocument(this); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + nsAutoCString tCspHeaderValue, tCspROHeaderValue; + + nsCOMPtr<nsIHttpChannel> httpChannel; + rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + if (httpChannel) { + Unused << httpChannel->GetResponseHeader("content-security-policy"_ns, + tCspHeaderValue); + + Unused << httpChannel->GetResponseHeader( + "content-security-policy-report-only"_ns, tCspROHeaderValue); + } + NS_ConvertASCIItoUTF16 cspHeaderValue(tCspHeaderValue); + NS_ConvertASCIItoUTF16 cspROHeaderValue(tCspROHeaderValue); + + // Check if this is a document from a WebExtension. + nsCOMPtr<nsIPrincipal> principal = NodePrincipal(); + auto addonPolicy = BasePrincipal::Cast(principal)->AddonPolicy(); + + // If there's no CSP to apply, go ahead and return early + if (!inheritedCSP && !addonPolicy && cspHeaderValue.IsEmpty() && + cspROHeaderValue.IsEmpty()) { + if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) { + nsCOMPtr<nsIURI> chanURI; + aChannel->GetURI(getter_AddRefs(chanURI)); + nsAutoCString aspec; + chanURI->GetAsciiSpec(aspec); + MOZ_LOG(gCspPRLog, LogLevel::Debug, + ("no CSP for document, %s", aspec.get())); + } + + return NS_OK; + } + + MOZ_LOG(gCspPRLog, LogLevel::Debug, + ("Document is an add-on or CSP header specified %p", this)); + + // ----- if the doc is an addon, apply its CSP. + if (addonPolicy) { + mCSP->AppendPolicy(addonPolicy->BaseCSP(), false, false); + + mCSP->AppendPolicy(addonPolicy->ExtensionPageCSP(), false, false); + // Bug 1548468: Move CSP off ExpandedPrincipal + // Currently the LoadInfo holds the source of truth for every resource load + // because LoadInfo::GetCsp() queries the CSP from an ExpandedPrincipal + // (and not from the Client) if the load was triggered by an extension. + auto* basePrin = BasePrincipal::Cast(principal); + if (basePrin->Is<ExpandedPrincipal>()) { + basePrin->As<ExpandedPrincipal>()->SetCsp(mCSP); + } + } + + // ----- if there's a full-strength CSP header, apply it. + if (!cspHeaderValue.IsEmpty()) { + mHasCSPDeliveredThroughHeader = true; + rv = CSP_AppendCSPFromHeader(mCSP, cspHeaderValue, false); + NS_ENSURE_SUCCESS(rv, rv); + } + + // ----- if there's a report-only CSP header, apply it. + if (!cspROHeaderValue.IsEmpty()) { + rv = CSP_AppendCSPFromHeader(mCSP, cspROHeaderValue, true); + NS_ENSURE_SUCCESS(rv, rv); + } + + // ----- Enforce sandbox policy if supplied in CSP header + // The document may already have some sandbox flags set (e.g. if the document + // is an iframe with the sandbox attribute set). If we have a CSP sandbox + // directive, intersect the CSP sandbox flags with the existing flags. This + // corresponds to the _least_ permissive policy. + uint32_t cspSandboxFlags = SANDBOXED_NONE; + rv = mCSP->GetCSPSandboxFlags(&cspSandboxFlags); + NS_ENSURE_SUCCESS(rv, rv); + + // Probably the iframe sandbox attribute already caused the creation of a + // new NullPrincipal. Only create a new NullPrincipal if CSP requires so + // and no one has been created yet. + bool needNewNullPrincipal = (cspSandboxFlags & SANDBOXED_ORIGIN) && + !(mSandboxFlags & SANDBOXED_ORIGIN); + + mSandboxFlags |= cspSandboxFlags; + + if (needNewNullPrincipal) { + principal = NullPrincipal::CreateWithInheritedAttributes(principal); + // Skip setting the content blocking allowlist principal to NullPrincipal. + // The principal is only used to enable/disable trackingprotection via + // permission and can be shared with the top level sandboxed site. + // See Bug 1654546. + SetPrincipals(principal, principal); + } + + ApplySettingsFromCSP(false); + return NS_OK; +} + +static Document* GetInProcessParentDocumentFrom(BrowsingContext* aContext) { + BrowsingContext* parentContext = aContext->GetParent(); + if (!parentContext) { + return nullptr; + } + + WindowContext* windowContext = parentContext->GetCurrentWindowContext(); + if (!windowContext) { + return nullptr; + } + + return windowContext->GetDocument(); +} + +already_AddRefed<dom::FeaturePolicy> Document::GetParentFeaturePolicy() { + BrowsingContext* browsingContext = GetBrowsingContext(); + if (!browsingContext) { + return nullptr; + } + if (!browsingContext->IsContentSubframe()) { + return nullptr; + } + + HTMLIFrameElement* iframe = + HTMLIFrameElement::FromNodeOrNull(browsingContext->GetEmbedderElement()); + if (iframe) { + return do_AddRef(iframe->FeaturePolicy()); + } + + if (XRE_IsParentProcess()) { + return do_AddRef(browsingContext->Canonical()->GetContainerFeaturePolicy()); + } + + if (Document* parentDocument = + GetInProcessParentDocumentFrom(browsingContext)) { + return do_AddRef(parentDocument->FeaturePolicy()); + } + + WindowContext* windowContext = browsingContext->GetCurrentWindowContext(); + if (!windowContext) { + return nullptr; + } + + WindowGlobalChild* child = windowContext->GetWindowGlobalChild(); + if (!child) { + return nullptr; + } + + return do_AddRef(child->GetContainerFeaturePolicy()); +} + +void Document::InitFeaturePolicy() { + MOZ_ASSERT(mFeaturePolicy, "we should have FeaturePolicy created"); + + mFeaturePolicy->ResetDeclaredPolicy(); + + mFeaturePolicy->SetDefaultOrigin(NodePrincipal()); + + RefPtr<mozilla::dom::FeaturePolicy> parentPolicy = GetParentFeaturePolicy(); + if (parentPolicy) { + // Let's inherit the policy from the parent HTMLIFrameElement if it exists. + mFeaturePolicy->InheritPolicy(parentPolicy); + mFeaturePolicy->SetSrcOrigin(parentPolicy->GetSrcOrigin()); + } +} + +nsresult Document::InitFeaturePolicy(nsIChannel* aChannel) { + InitFeaturePolicy(); + + // We don't want to parse the http Feature-Policy header if this pref is off. + if (!StaticPrefs::dom_security_featurePolicy_header_enabled()) { + return NS_OK; + } + + nsCOMPtr<nsIHttpChannel> httpChannel; + nsresult rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + if (!httpChannel) { + return NS_OK; + } + + // query the policy from the header + nsAutoCString value; + rv = httpChannel->GetResponseHeader("Feature-Policy"_ns, value); + if (NS_SUCCEEDED(rv)) { + mFeaturePolicy->SetDeclaredPolicy(this, NS_ConvertUTF8toUTF16(value), + NodePrincipal(), nullptr); + } + + return NS_OK; +} + +void Document::EnsureNotEnteringAndExitFullscreen() { + Document::ClearPendingFullscreenRequests(this); + if (GetFullscreenElement()) { + Document::AsyncExitFullscreen(this); + } +} + +void Document::SetReferrerInfo(nsIReferrerInfo* aReferrerInfo) { + mReferrerInfo = aReferrerInfo; + mCachedReferrerInfoForInternalCSSAndSVGResources = nullptr; + mCachedURLData = nullptr; +} + +nsresult Document::InitReferrerInfo(nsIChannel* aChannel) { + MOZ_ASSERT(mReferrerInfo); + MOZ_ASSERT(mPreloadReferrerInfo); + + if (ReferrerInfo::ShouldResponseInheritReferrerInfo(aChannel)) { + // The channel is loading `about:srcdoc`. Srcdoc loads should respond with + // their parent's ReferrerInfo when asked for their ReferrerInfo, unless + // they have an opaque origin. + // https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer + if (BrowsingContext* bc = GetBrowsingContext()) { + // At this point the document is not fully created and mParentDocument has + // not been set yet, + Document* parentDoc = bc->GetEmbedderElement() + ? bc->GetEmbedderElement()->OwnerDoc() + : nullptr; + if (parentDoc) { + SetReferrerInfo(parentDoc->GetReferrerInfo()); + mPreloadReferrerInfo = mReferrerInfo; + return NS_OK; + } + + MOZ_ASSERT(bc->IsInProcess() || NodePrincipal()->GetIsNullPrincipal(), + "srcdoc without null principal as toplevel!"); + } + } + + nsCOMPtr<nsIHttpChannel> httpChannel; + nsresult rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + if (!httpChannel) { + return NS_OK; + } + + if (nsCOMPtr<nsIReferrerInfo> referrerInfo = httpChannel->GetReferrerInfo()) { + SetReferrerInfo(referrerInfo); + } + + // Override policy if we get one from Referrerr-Policy header + mozilla::dom::ReferrerPolicy policy = + nsContentUtils::GetReferrerPolicyFromChannel(aChannel); + nsCOMPtr<nsIReferrerInfo> clone = + static_cast<dom::ReferrerInfo*>(mReferrerInfo.get()) + ->CloneWithNewPolicy(policy); + SetReferrerInfo(clone); + mPreloadReferrerInfo = mReferrerInfo; + return NS_OK; +} + +nsresult Document::InitCOEP(nsIChannel* aChannel) { + nsCOMPtr<nsIHttpChannel> httpChannel; + nsresult rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel)); + if (NS_FAILED(rv)) { + return NS_OK; + } + + nsCOMPtr<nsIHttpChannelInternal> intChannel = do_QueryInterface(httpChannel); + + if (!intChannel) { + return NS_OK; + } + + nsILoadInfo::CrossOriginEmbedderPolicy policy = + nsILoadInfo::EMBEDDER_POLICY_NULL; + if (NS_SUCCEEDED(intChannel->GetResponseEmbedderPolicy( + mTrials.IsEnabled(OriginTrial::CoepCredentialless), &policy))) { + mEmbedderPolicy = Some(policy); + } + + return NS_OK; +} + +void Document::StopDocumentLoad() { + if (mParser) { + mParserAborted = true; + mParser->Terminate(); + } +} + +void Document::SetDocumentURI(nsIURI* aURI) { + nsCOMPtr<nsIURI> oldBase = GetDocBaseURI(); + mDocumentURI = aURI; + nsIURI* newBase = GetDocBaseURI(); + + mChromeRulesEnabled = URLExtraData::ChromeRulesEnabled(aURI); + + bool equalBases = false; + // Changing just the ref of a URI does not change how relative URIs would + // resolve wrt to it, so we can treat the bases as equal as long as they're + // equal ignoring the ref. + if (oldBase && newBase) { + oldBase->EqualsExceptRef(newBase, &equalBases); + } else { + equalBases = !oldBase && !newBase; + } + + // If this is the first time we're setting the document's URI, set the + // document's original URI. + if (!mOriginalURI) mOriginalURI = mDocumentURI; + + // If changing the document's URI changed the base URI of the document, we + // need to refresh the hrefs of all the links on the page. + if (!equalBases) { + mCachedURLData = nullptr; + RefreshLinkHrefs(); + } + + // Recalculate our base domain + mBaseDomain.Truncate(); + ThirdPartyUtil* thirdPartyUtil = ThirdPartyUtil::GetInstance(); + if (thirdPartyUtil) { + Unused << thirdPartyUtil->GetBaseDomain(mDocumentURI, mBaseDomain); + } + + // Tell our WindowGlobalParent that the document's URI has been changed. + if (WindowGlobalChild* wgc = GetWindowGlobalChild()) { + wgc->SetDocumentURI(mDocumentURI); + } +} + +static void GetFormattedTimeString(PRTime aTime, + nsAString& aFormattedTimeString) { + PRExplodedTime prtime; + PR_ExplodeTime(aTime, PR_LocalTimeParameters, &prtime); + // "MM/DD/YYYY hh:mm:ss" + char formatedTime[24]; + if (SprintfLiteral(formatedTime, "%02d/%02d/%04d %02d:%02d:%02d", + prtime.tm_month + 1, prtime.tm_mday, int(prtime.tm_year), + prtime.tm_hour, prtime.tm_min, prtime.tm_sec)) { + CopyASCIItoUTF16(nsDependentCString(formatedTime), aFormattedTimeString); + } else { + // If we for whatever reason failed to find the last modified time + // (or even the current time), fall back to what NS4.x returned. + aFormattedTimeString.AssignLiteral(u"01/01/1970 00:00:00"); + } +} + +void Document::GetLastModified(nsAString& aLastModified) const { + if (!mLastModified.IsEmpty()) { + aLastModified.Assign(mLastModified); + } else { + GetFormattedTimeString(PR_Now(), aLastModified); + } +} + +static void IncrementExpandoGeneration(Document& aDoc) { + ++aDoc.mExpandoAndGeneration.generation; +} + +void Document::AddToNameTable(Element* aElement, nsAtom* aName) { + MOZ_ASSERT( + nsGenericHTMLElement::ShouldExposeNameAsHTMLDocumentProperty(aElement), + "Only put elements that need to be exposed as document['name'] in " + "the named table."); + + IdentifierMapEntry* entry = mIdentifierMap.PutEntry(aName); + + // Null for out-of-memory + if (entry) { + if (!entry->HasNameElement() && + !entry->HasIdElementExposedAsHTMLDocumentProperty()) { + IncrementExpandoGeneration(*this); + } + entry->AddNameElement(this, aElement); + } +} + +void Document::RemoveFromNameTable(Element* aElement, nsAtom* aName) { + // Speed up document teardown + if (mIdentifierMap.Count() == 0) return; + + IdentifierMapEntry* entry = mIdentifierMap.GetEntry(aName); + if (!entry) // Could be false if the element was anonymous, hence never added + return; + + entry->RemoveNameElement(aElement); + if (!entry->HasNameElement() && + !entry->HasIdElementExposedAsHTMLDocumentProperty()) { + IncrementExpandoGeneration(*this); + } +} + +void Document::AddToIdTable(Element* aElement, nsAtom* aId) { + IdentifierMapEntry* entry = mIdentifierMap.PutEntry(aId); + + if (entry) { /* True except on OOM */ + if (nsGenericHTMLElement::ShouldExposeIdAsHTMLDocumentProperty(aElement) && + !entry->HasNameElement() && + !entry->HasIdElementExposedAsHTMLDocumentProperty()) { + IncrementExpandoGeneration(*this); + } + entry->AddIdElement(aElement); + } +} + +void Document::RemoveFromIdTable(Element* aElement, nsAtom* aId) { + NS_ASSERTION(aId, "huhwhatnow?"); + + // Speed up document teardown + if (mIdentifierMap.Count() == 0) { + return; + } + + IdentifierMapEntry* entry = mIdentifierMap.GetEntry(aId); + if (!entry) // Can be null for XML elements with changing ids. + return; + + entry->RemoveIdElement(aElement); + if (nsGenericHTMLElement::ShouldExposeIdAsHTMLDocumentProperty(aElement) && + !entry->HasNameElement() && + !entry->HasIdElementExposedAsHTMLDocumentProperty()) { + IncrementExpandoGeneration(*this); + } + if (entry->IsEmpty()) { + mIdentifierMap.RemoveEntry(entry); + } +} + +void Document::UpdateReferrerInfoFromMeta(const nsAString& aMetaReferrer, + bool aPreload) { + ReferrerPolicyEnum policy = + ReferrerInfo::ReferrerPolicyFromMetaString(aMetaReferrer); + // The empty string "" corresponds to no referrer policy, causing a fallback + // to a referrer policy defined elsewhere. + if (policy == ReferrerPolicy::_empty) { + return; + } + + MOZ_ASSERT(mReferrerInfo); + MOZ_ASSERT(mPreloadReferrerInfo); + + if (aPreload) { + mPreloadReferrerInfo = + static_cast<mozilla::dom::ReferrerInfo*>((mPreloadReferrerInfo).get()) + ->CloneWithNewPolicy(policy); + } else { + nsCOMPtr<nsIReferrerInfo> clone = + static_cast<mozilla::dom::ReferrerInfo*>((mReferrerInfo).get()) + ->CloneWithNewPolicy(policy); + SetReferrerInfo(clone); + } +} + +void Document::SetPrincipals(nsIPrincipal* aNewPrincipal, + nsIPrincipal* aNewPartitionedPrincipal) { + MOZ_ASSERT(!!aNewPrincipal == !!aNewPartitionedPrincipal); + if (aNewPrincipal && mAllowDNSPrefetch && + StaticPrefs::network_dns_disablePrefetchFromHTTPS()) { + if (aNewPrincipal->SchemeIs("https")) { + mAllowDNSPrefetch = false; + } + } + + mCSSLoader->DeregisterFromSheetCache(); + + mNodeInfoManager->SetDocumentPrincipal(aNewPrincipal); + mPartitionedPrincipal = aNewPartitionedPrincipal; + + mCachedURLData = nullptr; + + mCSSLoader->RegisterInSheetCache(); + + RecomputeResistFingerprinting(); + +#ifdef DEBUG + // Validate that the docgroup is set correctly by calling its getter and + // triggering its sanity check. + // + // If we're setting the principal to null, we don't want to perform the check, + // as the document is entering an intermediate state where it does not have a + // principal. It will be given another real principal shortly which we will + // check. It's not unsafe to have a document which has a null principal in the + // same docgroup as another document, so this should not be a problem. + if (aNewPrincipal) { + GetDocGroup(); + } +#endif +} + +#ifdef DEBUG +void Document::AssertDocGroupMatchesKey() const { + // Sanity check that we have an up-to-date and accurate docgroup + // We only check if the principal when we can get the browsing context. + + // Note that we can be invoked during cycle collection, so we need to handle + // the browsingcontext being partially unlinked - normally you shouldn't + // null-check `Group()` as it shouldn't return nullptr. + if (!GetBrowsingContext() || !GetBrowsingContext()->Group()) { + return; + } + + if (mDocGroup && mDocGroup->GetBrowsingContextGroup()) { + MOZ_ASSERT(mDocGroup->GetBrowsingContextGroup() == + GetBrowsingContext()->Group()); + + // GetKey() can fail, e.g. after the TLD service has shut down. + nsAutoCString docGroupKey; + nsresult rv = mozilla::dom::DocGroup::GetKey( + NodePrincipal(), + GetBrowsingContext()->Group()->IsPotentiallyCrossOriginIsolated(), + docGroupKey); + if (NS_SUCCEEDED(rv)) { + MOZ_ASSERT(mDocGroup->MatchesKey(docGroupKey)); + } + } +} +#endif + +nsresult Document::Dispatch(already_AddRefed<nsIRunnable>&& aRunnable) const { + return SchedulerGroup::Dispatch(std::move(aRunnable)); +} + +void Document::NoteScriptTrackingStatus(const nsACString& aURL, + bool aIsTracking) { + if (aIsTracking) { + mTrackingScripts.Insert(aURL); + } else { + MOZ_ASSERT(!mTrackingScripts.Contains(aURL)); + } +} + +bool Document::IsScriptTracking(JSContext* aCx) const { + JS::AutoFilename filename; + if (!JS::DescribeScriptedCaller(aCx, &filename)) { + return false; + } + return mTrackingScripts.Contains(nsDependentCString(filename.get())); +} + +void Document::GetContentType(nsAString& aContentType) { + CopyUTF8toUTF16(GetContentTypeInternal(), aContentType); +} + +void Document::SetContentType(const nsACString& aContentType) { + if (!IsHTMLOrXHTML() && mDefaultElementType == kNameSpaceID_None && + aContentType.EqualsLiteral("application/xhtml+xml")) { + mDefaultElementType = kNameSpaceID_XHTML; + } + + mCachedEncoder = nullptr; + mContentType = aContentType; +} + +bool Document::HasPendingInitialTranslation() { + return mDocumentL10n && mDocumentL10n->GetState() != DocumentL10nState::Ready; +} + +bool Document::HasPendingL10nMutations() const { + return mDocumentL10n && mDocumentL10n->HasPendingMutations(); +} + +bool Document::DocumentSupportsL10n(JSContext* aCx, JSObject* aObject) { + JS::Rooted<JSObject*> object(aCx, aObject); + nsCOMPtr<nsIPrincipal> callerPrincipal = + nsContentUtils::SubjectPrincipal(aCx); + nsGlobalWindowInner* win = xpc::WindowOrNull(object); + bool allowed = false; + callerPrincipal->IsL10nAllowed(win ? win->GetDocumentURI() : nullptr, + &allowed); + return allowed; +} + +void Document::LocalizationLinkAdded(Element* aLinkElement) { + if (!AllowsL10n()) { + return; + } + + nsAutoString href; + aLinkElement->GetAttr(nsGkAtoms::href, href); + + if (!mDocumentL10n) { + Element* elem = GetDocumentElement(); + MOZ_DIAGNOSTIC_ASSERT(elem); + + bool isSync = elem->HasAttr(nsGkAtoms::datal10nsync); + mDocumentL10n = DocumentL10n::Create(this, isSync); + if (NS_WARN_IF(!mDocumentL10n)) { + return; + } + } + + mDocumentL10n->AddResourceId(NS_ConvertUTF16toUTF8(href)); + + if (mReadyState >= READYSTATE_INTERACTIVE) { + nsContentUtils::AddScriptRunner(NewRunnableMethod( + "DocumentL10n::TriggerInitialTranslation()", mDocumentL10n, + &DocumentL10n::TriggerInitialTranslation)); + } else { + if (!mDocumentL10n->mBlockingLayout) { + // Our initial translation is going to block layout start. Make sure + // we don't fire the load event until after that stops happening and + // layout has a chance to start. + BlockOnload(); + mDocumentL10n->mBlockingLayout = true; + } + } +} + +void Document::LocalizationLinkRemoved(Element* aLinkElement) { + if (!AllowsL10n()) { + return; + } + + if (mDocumentL10n) { + nsAutoString href; + aLinkElement->GetAttr(nsGkAtoms::href, href); + uint32_t remaining = + mDocumentL10n->RemoveResourceId(NS_ConvertUTF16toUTF8(href)); + if (remaining == 0) { + if (mDocumentL10n->mBlockingLayout) { + mDocumentL10n->mBlockingLayout = false; + UnblockOnload(/* aFireSync = */ false); + } + mDocumentL10n = nullptr; + } + } +} + +/** + * This method should be called once the end of the l10n + * resource container has been parsed. + * + * In XUL this is the end of the first </linkset>, + * In XHTML/HTML this is the end of </head>. + * + * This milestone is used to allow for batch + * localization context I/O and building done + * once when all resources in the document have been + * collected. + */ +void Document::OnL10nResourceContainerParsed() { + // XXX: This is a scaffolding for where we might inject prefetch + // in bug 1717241. +} + +void Document::OnParsingCompleted() { + // Let's call it again, in case the resource + // container has not been closed, and only + // now we're closing the document. + OnL10nResourceContainerParsed(); + + if (mDocumentL10n) { + RefPtr<DocumentL10n> l10n = mDocumentL10n; + l10n->TriggerInitialTranslation(); + } +} + +void Document::InitialTranslationCompleted(bool aL10nCached) { + if (mDocumentL10n && mDocumentL10n->mBlockingLayout) { + // This means we blocked the load event in LocalizationLinkAdded. It's + // important that the load blocker removal here be async, because our caller + // will notify the content sink after us, and we want the content sync's + // work to happen before the load event fires. + mDocumentL10n->mBlockingLayout = false; + UnblockOnload(/* aFireSync = */ false); + } + + mL10nProtoElements.Clear(); + + nsXULPrototypeDocument* proto = GetPrototype(); + if (proto) { + proto->SetIsL10nCached(aL10nCached); + } +} + +bool Document::AllowsL10n() const { + if (IsStaticDocument()) { + // We don't allow l10n on static documents, because the nodes are already + // cloned translated, and static docs don't get parsed so we never + // TriggerInitialTranslation, etc, so a load blocker would keep hanging + // forever. + return false; + } + bool allowed = false; + NodePrincipal()->IsL10nAllowed(GetDocumentURI(), &allowed); + return allowed; +} + +bool Document::AreWebAnimationsTimelinesEnabled(JSContext* aCx, + JSObject* /*unused*/ +) { + MOZ_ASSERT(NS_IsMainThread()); + + return nsContentUtils::IsSystemCaller(aCx) || + StaticPrefs::dom_animations_api_timelines_enabled(); +} + +DocumentTimeline* Document::Timeline() { + if (!mDocumentTimeline) { + mDocumentTimeline = new DocumentTimeline(this, TimeDuration(0)); + } + + return mDocumentTimeline; +} + +SVGSVGElement* Document::GetSVGRootElement() const { + Element* root = GetRootElement(); + if (!root || !root->IsSVGElement(nsGkAtoms::svg)) { + return nullptr; + } + return static_cast<SVGSVGElement*>(root); +} + +/* Return true if the document is in the focused top-level window, and is an + * ancestor of the focused DOMWindow. */ +bool Document::HasFocus(ErrorResult& rv) const { + nsFocusManager* fm = nsFocusManager::GetFocusManager(); + if (!fm) { + rv.Throw(NS_ERROR_NOT_AVAILABLE); + return false; + } + + BrowsingContext* bc = GetBrowsingContext(); + if (!bc) { + return false; + } + + if (!fm->IsInActiveWindow(bc)) { + return false; + } + + return fm->IsSameOrAncestor(bc, fm->GetFocusedBrowsingContext()); +} + +bool Document::ThisDocumentHasFocus() const { + nsFocusManager* fm = nsFocusManager::GetFocusManager(); + return fm && fm->GetFocusedWindow() && + fm->GetFocusedWindow()->GetExtantDoc() == this; +} + +void Document::GetDesignMode(nsAString& aDesignMode) { + if (IsInDesignMode()) { + aDesignMode.AssignLiteral("on"); + } else { + aDesignMode.AssignLiteral("off"); + } +} + +void Document::SetDesignMode(const nsAString& aDesignMode, + nsIPrincipal& aSubjectPrincipal, ErrorResult& rv) { + SetDesignMode(aDesignMode, Some(&aSubjectPrincipal), rv); +} + +static void NotifyEditableStateChange(Document& aDoc) { +#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED + nsMutationGuard g; +#endif + for (nsIContent* node = aDoc.GetNextNode(&aDoc); node; + node = node->GetNextNode(&aDoc)) { + if (auto* element = Element::FromNode(node)) { + element->UpdateEditableState(true); + } + } + MOZ_DIAGNOSTIC_ASSERT(!g.Mutated(0)); +} + +void Document::SetDesignMode(const nsAString& aDesignMode, + const Maybe<nsIPrincipal*>& aSubjectPrincipal, + ErrorResult& rv) { + if (aSubjectPrincipal.isSome() && + !aSubjectPrincipal.value()->Subsumes(NodePrincipal())) { + rv.Throw(NS_ERROR_DOM_PROP_ACCESS_DENIED); + return; + } + const bool editableMode = IsInDesignMode(); + if (aDesignMode.LowerCaseEqualsASCII(editableMode ? "off" : "on")) { + SetEditableFlag(!editableMode); + // Changing the NODE_IS_EDITABLE flags on document changes the intrinsic + // state of all descendant elements of it. Update that now. + NotifyEditableStateChange(*this); + rv = EditingStateChanged(); + } +} + +nsCommandManager* Document::GetMidasCommandManager() { + // check if we have it cached + if (mMidasCommandManager) { + return mMidasCommandManager; + } + + nsPIDOMWindowOuter* window = GetWindow(); + if (!window) { + return nullptr; + } + + nsIDocShell* docshell = window->GetDocShell(); + if (!docshell) { + return nullptr; + } + + mMidasCommandManager = docshell->GetCommandManager(); + return mMidasCommandManager; +} + +// static +void Document::EnsureInitializeInternalCommandDataHashtable() { + if (sInternalCommandDataHashtable) { + return; + } + using CommandOnTextEditor = InternalCommandData::CommandOnTextEditor; + sInternalCommandDataHashtable = new InternalCommandDataHashtable(); + // clang-format off + sInternalCommandDataHashtable->InsertOrUpdate( + u"bold"_ns, + InternalCommandData( + "cmd_bold", + Command::FormatBold, + ExecCommandParam::Ignore, + StyleUpdatingCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"italic"_ns, + InternalCommandData( + "cmd_italic", + Command::FormatItalic, + ExecCommandParam::Ignore, + StyleUpdatingCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"underline"_ns, + InternalCommandData( + "cmd_underline", + Command::FormatUnderline, + ExecCommandParam::Ignore, + StyleUpdatingCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"strikethrough"_ns, + InternalCommandData( + "cmd_strikethrough", + Command::FormatStrikeThrough, + ExecCommandParam::Ignore, + StyleUpdatingCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"subscript"_ns, + InternalCommandData( + "cmd_subscript", + Command::FormatSubscript, + ExecCommandParam::Ignore, + StyleUpdatingCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"superscript"_ns, + InternalCommandData( + "cmd_superscript", + Command::FormatSuperscript, + ExecCommandParam::Ignore, + StyleUpdatingCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"cut"_ns, + InternalCommandData( + "cmd_cut", + Command::Cut, + ExecCommandParam::Ignore, + CutCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"copy"_ns, + InternalCommandData( + "cmd_copy", + Command::Copy, + ExecCommandParam::Ignore, + CopyCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"paste"_ns, + InternalCommandData( + "cmd_paste", + Command::Paste, + ExecCommandParam::Ignore, + PasteCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"delete"_ns, + InternalCommandData( + "cmd_deleteCharBackward", + Command::DeleteCharBackward, + ExecCommandParam::Ignore, + DeleteCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"forwarddelete"_ns, + InternalCommandData( + "cmd_deleteCharForward", + Command::DeleteCharForward, + ExecCommandParam::Ignore, + DeleteCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"selectall"_ns, + InternalCommandData( + "cmd_selectAll", + Command::SelectAll, + ExecCommandParam::Ignore, + SelectAllCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"undo"_ns, + InternalCommandData( + "cmd_undo", + Command::HistoryUndo, + ExecCommandParam::Ignore, + UndoCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"redo"_ns, + InternalCommandData( + "cmd_redo", + Command::HistoryRedo, + ExecCommandParam::Ignore, + RedoCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"indent"_ns, + InternalCommandData("cmd_indent", + Command::FormatIndent, + ExecCommandParam::Ignore, + IndentCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"outdent"_ns, + InternalCommandData( + "cmd_outdent", + Command::FormatOutdent, + ExecCommandParam::Ignore, + OutdentCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"backcolor"_ns, + InternalCommandData( + "cmd_highlight", + Command::FormatBackColor, + ExecCommandParam::String, + HighlightColorStateCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"hilitecolor"_ns, + InternalCommandData( + "cmd_highlight", + Command::FormatBackColor, + ExecCommandParam::String, + HighlightColorStateCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"forecolor"_ns, + InternalCommandData( + "cmd_fontColor", + Command::FormatFontColor, + ExecCommandParam::String, + FontColorStateCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"fontname"_ns, + InternalCommandData( + "cmd_fontFace", + Command::FormatFontName, + ExecCommandParam::String, + FontFaceStateCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"fontsize"_ns, + InternalCommandData( + "cmd_fontSize", + Command::FormatFontSize, + ExecCommandParam::String, + FontSizeStateCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"inserthorizontalrule"_ns, + InternalCommandData( + "cmd_insertHR", + Command::InsertHorizontalRule, + ExecCommandParam::Ignore, + InsertTagCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"createlink"_ns, + InternalCommandData( + "cmd_insertLinkNoUI", + Command::InsertLink, + ExecCommandParam::String, + InsertTagCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"insertimage"_ns, + InternalCommandData( + "cmd_insertImageNoUI", + Command::InsertImage, + ExecCommandParam::String, + InsertTagCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"inserthtml"_ns, + InternalCommandData( + "cmd_insertHTML", + Command::InsertHTML, + ExecCommandParam::String, + InsertHTMLCommand::GetInstance, + // TODO: Chromium inserts text content of the document fragment + // created from the param. + // https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/editing/commands/insert_commands.cc;l=105;drc=a4708b724062f17824815b896c3aaa43825128f8 + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"inserttext"_ns, + InternalCommandData( + "cmd_insertText", + Command::InsertText, + ExecCommandParam::String, + InsertPlaintextCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"justifyleft"_ns, + InternalCommandData( + "cmd_align", + Command::FormatJustifyLeft, + ExecCommandParam::Ignore, // Will be set to "left" + AlignCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"justifyright"_ns, + InternalCommandData( + "cmd_align", + Command::FormatJustifyRight, + ExecCommandParam::Ignore, // Will be set to "right" + AlignCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"justifycenter"_ns, + InternalCommandData( + "cmd_align", + Command::FormatJustifyCenter, + ExecCommandParam::Ignore, // Will be set to "center" + AlignCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"justifyfull"_ns, + InternalCommandData( + "cmd_align", + Command::FormatJustifyFull, + ExecCommandParam::Ignore, // Will be set to "justify" + AlignCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"removeformat"_ns, + InternalCommandData( + "cmd_removeStyles", + Command::FormatRemove, + ExecCommandParam::Ignore, + RemoveStylesCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"unlink"_ns, + InternalCommandData( + "cmd_removeLinks", + Command::FormatRemoveLink, + ExecCommandParam::Ignore, + StyleUpdatingCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"insertorderedlist"_ns, + InternalCommandData( + "cmd_ol", + Command::InsertOrderedList, + ExecCommandParam::Ignore, + ListCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"insertunorderedlist"_ns, + InternalCommandData( + "cmd_ul", + Command::InsertUnorderedList, + ExecCommandParam::Ignore, + ListCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"insertparagraph"_ns, + InternalCommandData( + "cmd_insertParagraph", + Command::InsertParagraph, + ExecCommandParam::Ignore, + InsertParagraphCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"insertlinebreak"_ns, + InternalCommandData( + "cmd_insertLineBreak", + Command::InsertLineBreak, + ExecCommandParam::Ignore, + InsertLineBreakCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"formatblock"_ns, + InternalCommandData( + "cmd_formatBlock", + Command::FormatBlock, + ExecCommandParam::String, + FormatBlockStateCommand::GetInstance, + CommandOnTextEditor::Disabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"styleWithCSS"_ns, + InternalCommandData( + "cmd_setDocumentUseCSS", + Command::SetDocumentUseCSS, + ExecCommandParam::Boolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"usecss"_ns, // Legacy command + InternalCommandData( + "cmd_setDocumentUseCSS", + Command::SetDocumentUseCSS, + ExecCommandParam::InvertedBoolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"contentReadOnly"_ns, + InternalCommandData( + "cmd_setDocumentReadOnly", + Command::SetDocumentReadOnly, + ExecCommandParam::Boolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::Enabled)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"insertBrOnReturn"_ns, + InternalCommandData( + "cmd_insertBrOnReturn", + Command::SetDocumentInsertBROnEnterKeyPress, + ExecCommandParam::Boolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"defaultParagraphSeparator"_ns, + InternalCommandData( + "cmd_defaultParagraphSeparator", + Command::SetDocumentDefaultParagraphSeparator, + ExecCommandParam::String, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"enableObjectResizing"_ns, + InternalCommandData( + "cmd_enableObjectResizing", + Command::ToggleObjectResizers, + ExecCommandParam::Boolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"enableInlineTableEditing"_ns, + InternalCommandData( + "cmd_enableInlineTableEditing", + Command::ToggleInlineTableEditor, + ExecCommandParam::Boolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"enableAbsolutePositionEditing"_ns, + InternalCommandData( + "cmd_enableAbsolutePositionEditing", + Command::ToggleAbsolutePositionEditor, + ExecCommandParam::Boolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); + sInternalCommandDataHashtable->InsertOrUpdate( + u"enableCompatibleJoinSplitDirection"_ns, + InternalCommandData("cmd_enableCompatibleJoinSplitNodeDirection", + Command::EnableCompatibleJoinSplitNodeDirection, + ExecCommandParam::Boolean, + SetDocumentStateCommand::GetInstance, + CommandOnTextEditor::FallThrough)); +#if 0 + // with empty string + sInternalCommandDataHashtable->InsertOrUpdate( + u"justifynone"_ns, + InternalCommandData( + "cmd_align", + Command::Undefined, + ExecCommandParam::Ignore, + nullptr, + CommandOnTextEditor::Disabled)); // Not implemented yet. + // REQUIRED SPECIAL REVIEW special review + sInternalCommandDataHashtable->InsertOrUpdate( + u"saveas"_ns, + InternalCommandData( + "cmd_saveAs", + Command::Undefined, + ExecCommandParam::Boolean, + nullptr, + CommandOnTextEditor::FallThrough)); // Not implemented yet. + // REQUIRED SPECIAL REVIEW special review + sInternalCommandDataHashtable->InsertOrUpdate( + u"print"_ns, + InternalCommandData( + "cmd_print", + Command::Undefined, + ExecCommandParam::Boolean, + nullptr, + CommandOnTextEditor::FallThrough)); // Not implemented yet. +#endif // #if 0 + // clang-format on +} + +Document::InternalCommandData Document::ConvertToInternalCommand( + const nsAString& aHTMLCommandName, const nsAString& aValue /* = u""_ns */, + nsAString* aAdjustedValue /* = nullptr */) { + MOZ_ASSERT(!aAdjustedValue || aAdjustedValue->IsEmpty()); + EnsureInitializeInternalCommandDataHashtable(); + InternalCommandData commandData; + if (!sInternalCommandDataHashtable->Get(aHTMLCommandName, &commandData)) { + return InternalCommandData(); + } + // Ignore if the command is disabled by a corresponding pref due to Gecko + // specific. + switch (commandData.mCommand) { + case Command::SetDocumentReadOnly: + if (!StaticPrefs::dom_document_edit_command_contentReadOnly_enabled() && + aHTMLCommandName.LowerCaseEqualsLiteral("contentreadonly")) { + return InternalCommandData(); + } + break; + case Command::SetDocumentInsertBROnEnterKeyPress: + MOZ_DIAGNOSTIC_ASSERT( + aHTMLCommandName.LowerCaseEqualsLiteral("insertbronreturn")); + if (!StaticPrefs::dom_document_edit_command_insertBrOnReturn_enabled()) { + return InternalCommandData(); + } + break; + default: + break; + } + if (!aAdjustedValue) { + // No further work to do + return commandData; + } + switch (commandData.mExecCommandParam) { + case ExecCommandParam::Ignore: + // Just have to copy it, no checking + switch (commandData.mCommand) { + case Command::FormatJustifyLeft: + aAdjustedValue->AssignLiteral("left"); + break; + case Command::FormatJustifyRight: + aAdjustedValue->AssignLiteral("right"); + break; + case Command::FormatJustifyCenter: + aAdjustedValue->AssignLiteral("center"); + break; + case Command::FormatJustifyFull: + aAdjustedValue->AssignLiteral("justify"); + break; + default: + MOZ_ASSERT(EditorCommand::GetParamType(commandData.mCommand) == + EditorCommandParamType::None); + break; + } + return commandData; + + case ExecCommandParam::Boolean: + MOZ_ASSERT(!!(EditorCommand::GetParamType(commandData.mCommand) & + EditorCommandParamType::Bool)); + // If this is a boolean value and it's not explicitly false (e.g. no + // value). We default to "true" (see bug 301490). + if (!aValue.LowerCaseEqualsLiteral("false")) { + aAdjustedValue->AssignLiteral("true"); + } else { + aAdjustedValue->AssignLiteral("false"); + } + return commandData; + + case ExecCommandParam::InvertedBoolean: + MOZ_ASSERT(!!(EditorCommand::GetParamType(commandData.mCommand) & + EditorCommandParamType::Bool)); + // For old backwards commands we invert the check. + if (aValue.LowerCaseEqualsLiteral("false")) { + aAdjustedValue->AssignLiteral("true"); + } else { + aAdjustedValue->AssignLiteral("false"); + } + return commandData; + + case ExecCommandParam::String: + MOZ_ASSERT(!!( + EditorCommand::GetParamType(commandData.mCommand) & + (EditorCommandParamType::String | EditorCommandParamType::CString))); + switch (commandData.mCommand) { + case Command::FormatBlock: { + const char16_t* start = aValue.BeginReading(); + const char16_t* end = aValue.EndReading(); + if (start != end && *start == '<' && *(end - 1) == '>') { + ++start; + --end; + } + // XXX Should we reorder this array with actual usage? + static const nsStaticAtom* kFormattableBlockTags[] = { + // clang-format off + nsGkAtoms::address, + nsGkAtoms::article, + nsGkAtoms::aside, + nsGkAtoms::blockquote, + nsGkAtoms::dd, + nsGkAtoms::div, + nsGkAtoms::dl, + nsGkAtoms::dt, + nsGkAtoms::footer, + nsGkAtoms::h1, + nsGkAtoms::h2, + nsGkAtoms::h3, + nsGkAtoms::h4, + nsGkAtoms::h5, + nsGkAtoms::h6, + nsGkAtoms::header, + nsGkAtoms::hgroup, + nsGkAtoms::main, + nsGkAtoms::nav, + nsGkAtoms::p, + nsGkAtoms::pre, + nsGkAtoms::section, + // clang-format on + }; + nsAutoString value(nsDependentSubstring(start, end)); + ToLowerCase(value); + const nsStaticAtom* valueAtom = NS_GetStaticAtom(value); + for (const nsStaticAtom* kTag : kFormattableBlockTags) { + if (valueAtom == kTag) { + kTag->ToString(*aAdjustedValue); + return commandData; + } + } + return InternalCommandData(); + } + case Command::FormatFontSize: { + // Per editing spec as of April 23, 2012, we need to reject the value + // if it's not a valid floating-point number surrounded by optional + // whitespace. Otherwise, we parse it as a legacy font size. For + // now, we just parse as a legacy font size regardless (matching + // WebKit) -- bug 747879. + int32_t size = nsContentUtils::ParseLegacyFontSize(aValue); + if (!size) { + return InternalCommandData(); + } + MOZ_ASSERT(aAdjustedValue->IsEmpty()); + aAdjustedValue->AppendInt(size); + return commandData; + } + case Command::InsertImage: + case Command::InsertLink: + if (aValue.IsEmpty()) { + // Invalid value, return false + return InternalCommandData(); + } + aAdjustedValue->Assign(aValue); + return commandData; + case Command::SetDocumentDefaultParagraphSeparator: + if (!aValue.LowerCaseEqualsLiteral("div") && + !aValue.LowerCaseEqualsLiteral("p") && + !aValue.LowerCaseEqualsLiteral("br")) { + // Invalid value + return InternalCommandData(); + } + aAdjustedValue->Assign(aValue); + return commandData; + default: + aAdjustedValue->Assign(aValue); + return commandData; + } + + default: + MOZ_ASSERT_UNREACHABLE("New ExecCommandParam value hasn't been handled"); + return InternalCommandData(); + } +} + +Document::AutoEditorCommandTarget::AutoEditorCommandTarget( + Document& aDocument, const InternalCommandData& aCommandData) + : mCommandData(aCommandData) { + // We'll retrieve an editor with current DOM tree and layout information. + // However, JS may have already hidden or remove exposed root content of + // the editor. Therefore, we need the latest layout information here. + aDocument.FlushPendingNotifications(FlushType::Layout); + if (!aDocument.GetPresShell() || aDocument.GetPresShell()->IsDestroying()) { + mDoNothing = true; + return; + } + + if (nsPresContext* presContext = aDocument.GetPresContext()) { + // Consider context of command handling which is automatically resolved + // by order of controllers in `nsCommandManager::GetControllerForCommand()`. + // The order is: + // 1. TextEditor if there is an active element and it has TextEditor like + // <input type="text"> or <textarea>. + // 2. HTMLEditor for the document, if there is. + // 3. Retarget to the DocShell or nsCommandManager as what we've done. + if (aCommandData.IsCutOrCopyCommand()) { + // Note that we used to use DocShell to handle `cut` and `copy` command + // for dispatching corresponding events for making possible web apps to + // implement their own editor without editable elements but supports + // standard shortcut keys, etc. In this case, we prefer to use active + // element's editor to keep same behavior. + mActiveEditor = nsContentUtils::GetActiveEditor(presContext); + } else { + mActiveEditor = nsContentUtils::GetActiveEditor(presContext); + mHTMLEditor = nsContentUtils::GetHTMLEditor(presContext); + if (!mActiveEditor) { + mActiveEditor = mHTMLEditor; + } + } + } + + // Then, retrieve editor command class instance which should handle it + // and can handle it now. + if (!mActiveEditor) { + // If the command is available without editor, we should redirect the + // command to focused descendant with DocShell. + if (aCommandData.IsAvailableOnlyWhenEditable()) { + mDoNothing = true; + return; + } + return; + } + + // Otherwise, we should use EditorCommand instance (which is singleton + // instance) when it's enabled. + mEditorCommand = aCommandData.mGetEditorCommandFunc + ? aCommandData.mGetEditorCommandFunc() + : nullptr; + if (!mEditorCommand) { + mDoNothing = true; + mActiveEditor = nullptr; + mHTMLEditor = nullptr; + return; + } + + if (IsCommandEnabled()) { + return; + } + + // If the EditorCommand instance is disabled, we should do nothing if + // the command requires an editor. + if (aCommandData.IsAvailableOnlyWhenEditable()) { + // Do nothing if editor specific commands is disabled (bug 760052). + mDoNothing = true; + return; + } + + // Otherwise, we should redirect it to focused descendant with DocShell. + mEditorCommand = nullptr; + mActiveEditor = nullptr; + mHTMLEditor = nullptr; +} + +EditorBase* Document::AutoEditorCommandTarget::GetTargetEditor() const { + using CommandOnTextEditor = InternalCommandData::CommandOnTextEditor; + switch (mCommandData.mCommandOnTextEditor) { + case CommandOnTextEditor::Enabled: + return mActiveEditor; + case CommandOnTextEditor::Disabled: + return mActiveEditor && mActiveEditor->IsTextEditor() + ? nullptr + : mActiveEditor.get(); + case CommandOnTextEditor::FallThrough: + return mHTMLEditor; + } + return nullptr; +} + +bool Document::AutoEditorCommandTarget::IsEditable(Document* aDocument) const { + if (RefPtr<Document> doc = aDocument->GetInProcessParentDocument()) { + // Make sure frames are up to date, since that can affect whether + // we're editable. + doc->FlushPendingNotifications(FlushType::Frames); + } + EditorBase* targetEditor = GetTargetEditor(); + if (targetEditor && targetEditor->IsTextEditor()) { + // FYI: When `disabled` attribute is set, `TextEditor` treats it as + // "readonly" too. + return !targetEditor->IsReadonly(); + } + return aDocument->IsEditingOn(); +} + +bool Document::AutoEditorCommandTarget::IsCommandEnabled() const { + EditorBase* targetEditor = GetTargetEditor(); + if (!targetEditor) { + return false; + } + MOZ_ASSERT(targetEditor == mActiveEditor || targetEditor == mHTMLEditor); + return MOZ_KnownLive(mEditorCommand) + ->IsCommandEnabled(mCommandData.mCommand, MOZ_KnownLive(targetEditor)); +} + +nsresult Document::AutoEditorCommandTarget::DoCommand( + nsIPrincipal* aPrincipal) const { + MOZ_ASSERT(!DoNothing()); + MOZ_ASSERT(mEditorCommand); + EditorBase* targetEditor = GetTargetEditor(); + if (!targetEditor) { + return NS_SUCCESS_DOM_NO_OPERATION; + } + MOZ_ASSERT(targetEditor == mActiveEditor || targetEditor == mHTMLEditor); + return MOZ_KnownLive(mEditorCommand) + ->DoCommand(mCommandData.mCommand, MOZ_KnownLive(*targetEditor), + aPrincipal); +} + +template <typename ParamType> +nsresult Document::AutoEditorCommandTarget::DoCommandParam( + const ParamType& aParam, nsIPrincipal* aPrincipal) const { + MOZ_ASSERT(!DoNothing()); + MOZ_ASSERT(mEditorCommand); + EditorBase* targetEditor = GetTargetEditor(); + if (!targetEditor) { + return NS_SUCCESS_DOM_NO_OPERATION; + } + MOZ_ASSERT(targetEditor == mActiveEditor || targetEditor == mHTMLEditor); + return MOZ_KnownLive(mEditorCommand) + ->DoCommandParam(mCommandData.mCommand, aParam, + MOZ_KnownLive(*targetEditor), aPrincipal); +} + +nsresult Document::AutoEditorCommandTarget::GetCommandStateParams( + nsCommandParams& aParams) const { + MOZ_ASSERT(mEditorCommand); + EditorBase* targetEditor = GetTargetEditor(); + if (!targetEditor) { + return NS_OK; + } + MOZ_ASSERT(targetEditor == mActiveEditor || targetEditor == mHTMLEditor); + return MOZ_KnownLive(mEditorCommand) + ->GetCommandStateParams(mCommandData.mCommand, MOZ_KnownLive(aParams), + MOZ_KnownLive(targetEditor), nullptr); +} + +Document::AutoRunningExecCommandMarker::AutoRunningExecCommandMarker( + Document& aDocument, nsIPrincipal* aPrincipal) + : mDocument(aDocument), + mTreatAsUserInput(EditorBase::TreatAsUserInput(aPrincipal)), + mHasBeenRunningByContent(aDocument.mIsRunningExecCommandByContent), + mHasBeenRunningByChromeOrAddon( + aDocument.mIsRunningExecCommandByChromeOrAddon) { + if (mTreatAsUserInput) { + aDocument.mIsRunningExecCommandByChromeOrAddon = true; + } else { + aDocument.mIsRunningExecCommandByContent = true; + } +} + +bool Document::ExecCommand(const nsAString& aHTMLCommandName, bool aShowUI, + const nsAString& aValue, + nsIPrincipal& aSubjectPrincipal, ErrorResult& aRv) { + // Only allow on HTML documents. + if (!IsHTMLOrXHTML()) { + aRv.ThrowInvalidStateError( + "execCommand is only supported on HTML documents"); + return false; + } + // Otherwise, don't throw exception for compatibility with Chrome. + + // if they are requesting UI from us, let's fail since we have no UI + if (aShowUI) { + return false; + } + + // for optional parameters see dom/src/base/nsHistory.cpp: HistoryImpl::Go() + // this might add some ugly JS dependencies? + + nsAutoString adjustedValue; + InternalCommandData commandData = + ConvertToInternalCommand(aHTMLCommandName, aValue, &adjustedValue); + switch (commandData.mCommand) { + case Command::DoNothing: + return false; + case Command::SetDocumentReadOnly: + SetUseCounter(eUseCounter_custom_DocumentExecCommandContentReadOnly); + break; + case Command::EnableCompatibleJoinSplitNodeDirection: + // We didn't allow to enable the legacy behavior once we've enabled the + // new behavior by default. For keeping the behavior at supporting both + // mode, we should keep returning `false` if the web app to enable the + // legacy mode. Additionally, we don't support the legacy direction + // anymore. Therefore, we can return `false` here even if the caller is + // an addon or chrome script. + if (!adjustedValue.EqualsLiteral("true")) { + return false; + } + break; + default: + break; + } + + AutoRunningExecCommandMarker markRunningExecCommand(*this, + &aSubjectPrincipal); + + // If we're running an execCommand, we should just return false. + // https://github.com/w3c/editing/issues/200#issuecomment-575241816 + if (!StaticPrefs::dom_document_exec_command_nested_calls_allowed() && + !markRunningExecCommand.IsSafeToRun()) { + return false; + } + + // Do security check first. + if (commandData.IsCutOrCopyCommand()) { + if (!nsContentUtils::IsCutCopyAllowed(this, aSubjectPrincipal)) { + // We have rejected the event due to it not being performed in an + // input-driven context therefore, we report the error to the console. + nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "DOM"_ns, + this, nsContentUtils::eDOM_PROPERTIES, + "ExecCommandCutCopyDeniedNotInputDriven"); + return false; + } + } else if (commandData.IsPasteCommand()) { + if (!nsContentUtils::PrincipalHasPermission(aSubjectPrincipal, + nsGkAtoms::clipboardRead)) { + return false; + } + } + + // Next, consider context of command handling which is automatically resolved + // by order of controllers in `nsCommandManager::GetControllerForCommand()`. + AutoEditorCommandTarget editCommandTarget(*this, commandData); + if (commandData.IsAvailableOnlyWhenEditable() && + !editCommandTarget.IsEditable(this)) { + return false; + } + + if (editCommandTarget.DoNothing()) { + return false; + } + + // If we cannot use EditorCommand instance directly, we need to handle the + // command with traditional path (i.e., with DocShell or nsCommandManager). + if (!editCommandTarget.IsEditor()) { + MOZ_ASSERT(!commandData.IsAvailableOnlyWhenEditable()); + + // Special case clipboard write commands like Command::Cut and + // Command::Copy. For such commands, we need the behaviour from + // nsWindowRoot::GetControllers() which is to look at the focused element, + // and defer to a focused textbox's controller. The code past taken by + // other commands in ExecCommand() always uses the window directly, rather + // than deferring to the textbox, which is desireable for most editor + // commands, but not these commands (as those should allow copying out of + // embedded editors). This behaviour is invoked if we call DoCommand() + // directly on the docShell. + // XXX This means that we allow web app to pick up selected content in + // descendant document and write it into the clipboard when a + // descendant document has focus. However, Chromium does not allow + // this and this seems that it's not good behavior from point of view + // of security. We should treat this issue in another bug. + if (commandData.IsCutOrCopyCommand()) { + nsCOMPtr<nsIDocShell> docShell(mDocumentContainer); + if (!docShell) { + return false; + } + nsresult rv = docShell->DoCommand(commandData.mXULCommandName); + if (rv == NS_SUCCESS_DOM_NO_OPERATION) { + return false; + } + return NS_SUCCEEDED(rv); + } + + // Otherwise (currently, only clipboard read commands like Command::Paste), + // we don't need to redirect the command to focused subdocument. + // Therefore, we should handle it with nsCommandManager as used to be. + // It may dispatch only preceding event of editing on non-editable element + // to make web apps possible to handle standard shortcut key, etc in + // their own editor. + RefPtr<nsCommandManager> commandManager = GetMidasCommandManager(); + if (!commandManager) { + return false; + } + + nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow(); + if (!window) { + return false; + } + + // Return false for disabled commands (bug 760052) + if (!commandManager->IsCommandEnabled( + nsDependentCString(commandData.mXULCommandName), window)) { + return false; + } + + MOZ_ASSERT(commandData.IsPasteCommand() || + commandData.mCommand == Command::SelectAll); + nsresult rv = + commandManager->DoCommand(commandData.mXULCommandName, nullptr, window); + return NS_SUCCEEDED(rv) && rv != NS_SUCCESS_DOM_NO_OPERATION; + } + + // Now, our target is fixed to the editor. So, we can use EditorCommand + // in EditorCommandTarget directly. + + EditorCommandParamType paramType = + EditorCommand::GetParamType(commandData.mCommand); + + // If we don't have meaningful parameter or the EditorCommand does not + // require additional parameter, we can use `DoCommand()`. + if (adjustedValue.IsEmpty() || paramType == EditorCommandParamType::None) { + MOZ_ASSERT(!(paramType & EditorCommandParamType::Bool)); + nsresult rv = editCommandTarget.DoCommand(&aSubjectPrincipal); + return NS_SUCCEEDED(rv) && rv != NS_SUCCESS_DOM_NO_OPERATION; + } + + // If the EditorCommand requires `bool` parameter, `adjustedValue` must be + // "true" or "false" here. So, we can use `DoCommandParam()` which takes + // a `bool` value. + if (!!(paramType & EditorCommandParamType::Bool)) { + MOZ_ASSERT(adjustedValue.EqualsLiteral("true") || + adjustedValue.EqualsLiteral("false")); + nsresult rv = editCommandTarget.DoCommandParam( + Some(adjustedValue.EqualsLiteral("true")), &aSubjectPrincipal); + return NS_SUCCEEDED(rv) && rv != NS_SUCCESS_DOM_NO_OPERATION; + } + + // Now, the EditorCommand requires `nsAString` or `nsACString` parameter + // in this case. However, `paramType` may contain both `String` and + // `CString` but in such case, we should use `DoCommandParam()` which + // takes `nsAString`. So, we should check whether `paramType` contains + // `String` or not first. + if (!!(paramType & EditorCommandParamType::String)) { + MOZ_ASSERT(!adjustedValue.IsVoid()); + nsresult rv = + editCommandTarget.DoCommandParam(adjustedValue, &aSubjectPrincipal); + return NS_SUCCEEDED(rv) && rv != NS_SUCCESS_DOM_NO_OPERATION; + } + + // Finally, `paramType` should have `CString`. We should use + // `DoCommandParam()` which takes `nsACString`. + if (!!(paramType & EditorCommandParamType::CString)) { + NS_ConvertUTF16toUTF8 utf8Value(adjustedValue); + MOZ_ASSERT(!utf8Value.IsVoid()); + nsresult rv = + editCommandTarget.DoCommandParam(utf8Value, &aSubjectPrincipal); + return NS_SUCCEEDED(rv) && rv != NS_SUCCESS_DOM_NO_OPERATION; + } + + MOZ_ASSERT_UNREACHABLE( + "Not yet implemented to handle new EditorCommandParamType"); + return false; +} + +bool Document::QueryCommandEnabled(const nsAString& aHTMLCommandName, + nsIPrincipal& aSubjectPrincipal, + ErrorResult& aRv) { + // Only allow on HTML documents. + if (!IsHTMLOrXHTML()) { + aRv.ThrowInvalidStateError( + "queryCommandEnabled is only supported on HTML documents"); + return false; + } + // Otherwise, don't throw exception for compatibility with Chrome. + + InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName); + switch (commandData.mCommand) { + case Command::DoNothing: + return false; + case Command::SetDocumentReadOnly: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandSupportedOrEnabledContentReadOnly); + break; + case Command::SetDocumentInsertBROnEnterKeyPress: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandSupportedOrEnabledInsertBrOnReturn); + break; + default: + break; + } + + // cut & copy are always allowed + if (commandData.IsCutOrCopyCommand()) { + return nsContentUtils::IsCutCopyAllowed(this, aSubjectPrincipal); + } + + // Report false for restricted commands + if (commandData.IsPasteCommand() && !aSubjectPrincipal.IsSystemPrincipal()) { + return false; + } + + AutoEditorCommandTarget editCommandTarget(*this, commandData); + if (commandData.IsAvailableOnlyWhenEditable() && + !editCommandTarget.IsEditable(this)) { + return false; + } + + if (editCommandTarget.IsEditor()) { + return editCommandTarget.IsCommandEnabled(); + } + + // get command manager and dispatch command to our window if it's acceptable + RefPtr<nsCommandManager> commandManager = GetMidasCommandManager(); + if (!commandManager) { + return false; + } + + nsPIDOMWindowOuter* window = GetWindow(); + if (!window) { + return false; + } + + return commandManager->IsCommandEnabled( + nsDependentCString(commandData.mXULCommandName), window); +} + +bool Document::QueryCommandIndeterm(const nsAString& aHTMLCommandName, + ErrorResult& aRv) { + // Only allow on HTML documents. + if (!IsHTMLOrXHTML()) { + aRv.ThrowInvalidStateError( + "queryCommandIndeterm is only supported on HTML documents"); + return false; + } + // Otherwise, don't throw exception for compatibility with Chrome. + + InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName); + if (commandData.mCommand == Command::DoNothing) { + return false; + } + + AutoEditorCommandTarget editCommandTarget(*this, commandData); + if (commandData.IsAvailableOnlyWhenEditable() && + !editCommandTarget.IsEditable(this)) { + return false; + } + RefPtr<nsCommandParams> params = new nsCommandParams(); + if (editCommandTarget.IsEditor()) { + if (NS_FAILED(editCommandTarget.GetCommandStateParams(*params))) { + return false; + } + } else { + // get command manager and dispatch command to our window if it's acceptable + RefPtr<nsCommandManager> commandManager = GetMidasCommandManager(); + if (!commandManager) { + return false; + } + + nsPIDOMWindowOuter* window = GetWindow(); + if (!window) { + return false; + } + + if (NS_FAILED(commandManager->GetCommandState(commandData.mXULCommandName, + window, params))) { + return false; + } + } + + // If command does not have a state_mixed value, this call fails and sets + // retval to false. This is fine -- we want to return false in that case + // anyway (bug 738385), so we just don't throw regardless. + return params->GetBool("state_mixed"); +} + +bool Document::QueryCommandState(const nsAString& aHTMLCommandName, + ErrorResult& aRv) { + // Only allow on HTML documents. + if (!IsHTMLOrXHTML()) { + aRv.ThrowInvalidStateError( + "queryCommandState is only supported on HTML documents"); + return false; + } + // Otherwise, don't throw exception for compatibility with Chrome. + + InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName); + switch (commandData.mCommand) { + case Command::DoNothing: + return false; + case Command::SetDocumentReadOnly: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandStateOrValueContentReadOnly); + break; + case Command::SetDocumentInsertBROnEnterKeyPress: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandStateOrValueInsertBrOnReturn); + break; + default: + break; + } + + if (aHTMLCommandName.LowerCaseEqualsLiteral("usecss")) { + // Per spec, state is supported for styleWithCSS but not useCSS, so we just + // return false always. + return false; + } + + AutoEditorCommandTarget editCommandTarget(*this, commandData); + if (commandData.IsAvailableOnlyWhenEditable() && + !editCommandTarget.IsEditable(this)) { + return false; + } + RefPtr<nsCommandParams> params = new nsCommandParams(); + if (editCommandTarget.IsEditor()) { + if (NS_FAILED(editCommandTarget.GetCommandStateParams(*params))) { + return false; + } + } else { + // get command manager and dispatch command to our window if it's acceptable + RefPtr<nsCommandManager> commandManager = GetMidasCommandManager(); + if (!commandManager) { + return false; + } + + nsPIDOMWindowOuter* window = GetWindow(); + if (!window) { + return false; + } + + if (NS_FAILED(commandManager->GetCommandState(commandData.mXULCommandName, + window, params))) { + return false; + } + } + + // handle alignment as a special case (possibly other commands too?) + // Alignment is special because the external api is individual + // commands but internally we use cmd_align with different + // parameters. When getting the state of this command, we need to + // return the boolean for this particular alignment rather than the + // string of 'which alignment is this?' + switch (commandData.mCommand) { + case Command::FormatJustifyLeft: { + nsAutoCString currentValue; + nsresult rv = params->GetCString("state_attribute", currentValue); + if (NS_FAILED(rv)) { + return false; + } + return currentValue.EqualsLiteral("left"); + } + case Command::FormatJustifyRight: { + nsAutoCString currentValue; + nsresult rv = params->GetCString("state_attribute", currentValue); + if (NS_FAILED(rv)) { + return false; + } + return currentValue.EqualsLiteral("right"); + } + case Command::FormatJustifyCenter: { + nsAutoCString currentValue; + nsresult rv = params->GetCString("state_attribute", currentValue); + if (NS_FAILED(rv)) { + return false; + } + return currentValue.EqualsLiteral("center"); + } + case Command::FormatJustifyFull: { + nsAutoCString currentValue; + nsresult rv = params->GetCString("state_attribute", currentValue); + if (NS_FAILED(rv)) { + return false; + } + return currentValue.EqualsLiteral("justify"); + } + default: + break; + } + + // If command does not have a state_all value, this call fails and sets + // retval to false. This is fine -- we want to return false in that case + // anyway (bug 738385), so we just succeed and return false regardless. + return params->GetBool("state_all"); +} + +bool Document::QueryCommandSupported(const nsAString& aHTMLCommandName, + CallerType aCallerType, ErrorResult& aRv) { + // Only allow on HTML documents. + if (!IsHTMLOrXHTML()) { + aRv.ThrowInvalidStateError( + "queryCommandSupported is only supported on HTML documents"); + return false; + } + // Otherwise, don't throw exception for compatibility with Chrome. + + InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName); + switch (commandData.mCommand) { + case Command::DoNothing: + return false; + case Command::SetDocumentReadOnly: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandSupportedOrEnabledContentReadOnly); + break; + case Command::SetDocumentInsertBROnEnterKeyPress: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandSupportedOrEnabledInsertBrOnReturn); + break; + default: + break; + } + + // Gecko technically supports all the clipboard commands including + // cut/copy/paste, but non-privileged content will be unable to call + // paste, and depending on the pref "dom.allow_cut_copy", cut and copy + // may also be disallowed to be called from non-privileged content. + // For that reason, we report the support status of corresponding + // command accordingly. + if (aCallerType != CallerType::System) { + if (commandData.IsPasteCommand()) { + return false; + } + if (commandData.IsCutOrCopyCommand() && + !StaticPrefs::dom_allow_cut_copy()) { + // XXXbz should we worry about correctly reporting "true" in the + // "restricted, but we're an addon with clipboardWrite permissions" case? + // See also nsContentUtils::IsCutCopyAllowed. + return false; + } + } + + // aHTMLCommandName is supported if it can be converted to a Midas command + return true; +} + +void Document::QueryCommandValue(const nsAString& aHTMLCommandName, + nsAString& aValue, ErrorResult& aRv) { + aValue.Truncate(); + + // Only allow on HTML documents. + if (!IsHTMLOrXHTML()) { + aRv.ThrowInvalidStateError( + "queryCommandValue is only supported on HTML documents"); + return; + } + // Otherwise, don't throw exception for compatibility with Chrome. + + InternalCommandData commandData = ConvertToInternalCommand(aHTMLCommandName); + switch (commandData.mCommand) { + case Command::DoNothing: + // Return empty string + return; + case Command::SetDocumentReadOnly: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandStateOrValueContentReadOnly); + break; + case Command::SetDocumentInsertBROnEnterKeyPress: + SetUseCounter( + eUseCounter_custom_DocumentQueryCommandStateOrValueInsertBrOnReturn); + break; + default: + break; + } + + AutoEditorCommandTarget editCommandTarget(*this, commandData); + if (commandData.IsAvailableOnlyWhenEditable() && + !editCommandTarget.IsEditable(this)) { + return; + } + RefPtr<nsCommandParams> params = new nsCommandParams(); + if (editCommandTarget.IsEditor()) { + if (NS_FAILED(params->SetCString("state_attribute", ""_ns))) { + return; + } + + if (NS_FAILED(editCommandTarget.GetCommandStateParams(*params))) { + return; + } + } else { + // get command manager and dispatch command to our window if it's acceptable + RefPtr<nsCommandManager> commandManager = GetMidasCommandManager(); + if (!commandManager) { + return; + } + + nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow(); + if (!window) { + return; + } + + if (NS_FAILED(params->SetCString("state_attribute", ""_ns))) { + return; + } + + if (NS_FAILED(commandManager->GetCommandState(commandData.mXULCommandName, + window, params))) { + return; + } + } + + // If command does not have a state_attribute value, this call fails, and + // aValue will wind up being the empty string. This is fine -- we want to + // return "" in that case anyway (bug 738385), so we just return NS_OK + // regardless. + nsAutoCString result; + params->GetCString("state_attribute", result); + CopyUTF8toUTF16(result, aValue); +} + +void Document::MaybeEditingStateChanged() { + if (!mPendingMaybeEditingStateChanged && mMayStartLayout && + mUpdateNestLevel == 0 && (mContentEditableCount > 0) != IsEditingOn()) { + if (nsContentUtils::IsSafeToRunScript()) { + EditingStateChanged(); + } else if (!mInDestructor) { + nsContentUtils::AddScriptRunner( + NewRunnableMethod("Document::MaybeEditingStateChanged", this, + &Document::MaybeEditingStateChanged)); + } + } +} + +void Document::NotifyFetchOrXHRSuccess() { + if (mShouldNotifyFetchSuccess) { + nsContentUtils::DispatchEventOnlyToChrome( + this, this, u"DOMDocFetchSuccess"_ns, CanBubble::eNo, Cancelable::eNo, + /* DefaultAction */ nullptr); + } +} + +void Document::SetNotifyFetchSuccess(bool aShouldNotify) { + mShouldNotifyFetchSuccess = aShouldNotify; +} + +void Document::SetNotifyFormOrPasswordRemoved(bool aShouldNotify) { + mShouldNotifyFormOrPasswordRemoved = aShouldNotify; +} + +void Document::TearingDownEditor() { + if (IsEditingOn()) { + mEditingState = EditingState::eTearingDown; + if (IsHTMLOrXHTML()) { + RemoveContentEditableStyleSheets(); + } + } +} + +nsresult Document::TurnEditingOff() { + NS_ASSERTION(mEditingState != EditingState::eOff, "Editing is already off."); + + nsPIDOMWindowOuter* window = GetWindow(); + if (!window) { + return NS_ERROR_FAILURE; + } + + nsIDocShell* docshell = window->GetDocShell(); + if (!docshell) { + return NS_ERROR_FAILURE; + } + + bool isBeingDestroyed = false; + docshell->IsBeingDestroyed(&isBeingDestroyed); + if (isBeingDestroyed) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr<nsIEditingSession> editSession; + nsresult rv = docshell->GetEditingSession(getter_AddRefs(editSession)); + NS_ENSURE_SUCCESS(rv, rv); + + // turn editing off + rv = editSession->TearDownEditorOnWindow(window); + NS_ENSURE_SUCCESS(rv, rv); + + mEditingState = EditingState::eOff; + + // Editor resets selection since it is being destroyed. But if focus is + // still into editable control, we have to initialize selection again. + if (nsFocusManager* fm = nsFocusManager::GetFocusManager()) { + if (RefPtr<TextControlElement> textControlElement = + TextControlElement::FromNodeOrNull(fm->GetFocusedElement())) { + if (RefPtr<TextEditor> textEditor = textControlElement->GetTextEditor()) { + textEditor->ReinitializeSelection(*textControlElement); + } + } + } + + return NS_OK; +} + +static bool HasPresShell(nsPIDOMWindowOuter* aWindow) { + nsIDocShell* docShell = aWindow->GetDocShell(); + if (!docShell) { + return false; + } + return docShell->GetPresShell() != nullptr; +} + +HTMLEditor* Document::GetHTMLEditor() const { + nsPIDOMWindowOuter* window = GetWindow(); + if (!window) { + return nullptr; + } + + nsIDocShell* docshell = window->GetDocShell(); + if (!docshell) { + return nullptr; + } + + return docshell->GetHTMLEditor(); +} + +nsresult Document::EditingStateChanged() { + if (mRemovedFromDocShell) { + return NS_OK; + } + + if (mEditingState == EditingState::eSettingUp || + mEditingState == EditingState::eTearingDown) { + // XXX We shouldn't recurse + return NS_OK; + } + + const bool designMode = IsInDesignMode(); + EditingState newState = + designMode ? EditingState::eDesignMode + : (mContentEditableCount > 0 ? EditingState::eContentEditable + : EditingState::eOff); + if (mEditingState == newState) { + // No changes in editing mode. + return NS_OK; + } + + const bool thisDocumentHasFocus = ThisDocumentHasFocus(); + if (newState == EditingState::eOff) { + // Editing is being turned off. + nsAutoScriptBlocker scriptBlocker; + RefPtr<HTMLEditor> htmlEditor = GetHTMLEditor(); + NotifyEditableStateChange(*this); + nsresult rv = TurnEditingOff(); + // If this document has focus and the editing state of this document + // becomes "off", it means that HTMLEditor won't handle any inputs nor + // modify the DOM tree. However, HTMLEditor may not receive `blur` + // event for this state change since this may occur without focus change. + // Therefore, let's notify HTMLEditor of this editing state change. + // Note that even if focusedElement is an editable text control element, + // it becomes not editable from HTMLEditor point of view since text + // control elements are manged by TextEditor. + RefPtr<Element> focusedElement = + nsFocusManager::GetFocusManager() + ? nsFocusManager::GetFocusManager()->GetFocusedElement() + : nullptr; + DebugOnly<nsresult> rvIgnored = + HTMLEditor::FocusedElementOrDocumentBecomesNotEditable( + htmlEditor, *this, focusedElement); + NS_WARNING_ASSERTION( + NS_SUCCEEDED(rvIgnored), + "HTMLEditor::FocusedElementOrDocumentBecomesNotEditable() failed, but " + "ignored"); + return rv; + } + + // Flush out style changes on our _parent_ document, if any, so that + // our check for a presshell won't get stale information. + if (mParentDocument) { + mParentDocument->FlushPendingNotifications(FlushType::Style); + } + + // get editing session, make sure this is a strong reference so the + // window can't get deleted during the rest of this call. + const nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow(); + if (!window) { + return NS_ERROR_FAILURE; + } + + nsIDocShell* docshell = window->GetDocShell(); + if (!docshell) { + return NS_ERROR_FAILURE; + } + + // FlushPendingNotifications might destroy our docshell. + bool isBeingDestroyed = false; + docshell->IsBeingDestroyed(&isBeingDestroyed); + if (isBeingDestroyed) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr<nsIEditingSession> editSession; + nsresult rv = docshell->GetEditingSession(getter_AddRefs(editSession)); + NS_ENSURE_SUCCESS(rv, rv); + + RefPtr<HTMLEditor> htmlEditor = editSession->GetHTMLEditorForWindow(window); + if (htmlEditor) { + // We might already have an editor if it was set up for mail, let's see + // if this is actually the case. + uint32_t flags = 0; + htmlEditor->GetFlags(&flags); + if (flags & nsIEditor::eEditorMailMask) { + // We already have a mail editor, then we should not attempt to create + // another one. + return NS_OK; + } + } + + if (!HasPresShell(window)) { + // We should not make the window editable or setup its editor. + // It's probably style=display:none. + return NS_OK; + } + + bool makeWindowEditable = mEditingState == EditingState::eOff; + bool spellRecheckAll = false; + bool putOffToRemoveScriptBlockerUntilModifyingEditingState = false; + htmlEditor = nullptr; + + { + EditingState oldState = mEditingState; + nsAutoEditingState push(this, EditingState::eSettingUp); + + RefPtr<PresShell> presShell = GetPresShell(); + NS_ENSURE_TRUE(presShell, NS_ERROR_FAILURE); + + // If we're entering the design mode from non-editable state, put the + // selection at the beginning of the document for compatibility reasons. + bool collapseSelectionAtBeginningOfDocument = + designMode && oldState == EditingState::eOff; + // However, mEditingState may be eOff even if there is some + // `contenteditable` area and selection has been initialized for it because + // mEditingState for `contenteditable` may have been scheduled to modify + // when safe. In such case, we should not reinitialize selection. + if (collapseSelectionAtBeginningOfDocument && mContentEditableCount) { + Selection* selection = + presShell->GetSelection(nsISelectionController::SELECTION_NORMAL); + NS_WARNING_ASSERTION(selection, "Why don't we have Selection?"); + if (selection && selection->RangeCount()) { + // Perhaps, we don't need to check whether the selection is in + // an editing host or not because all contents will be editable + // in designMode. (And we don't want to make this code so complicated + // because of legacy API.) + collapseSelectionAtBeginningOfDocument = false; + } + } + + MOZ_ASSERT(mStyleSetFilled); + + // Before making this window editable, we need to modify UA style sheet + // because new style may change whether focused element will be focusable + // or not. + if (IsHTMLOrXHTML()) { + AddContentEditableStyleSheetsToStyleSet(designMode); + } + + if (designMode) { + // designMode is being turned on (overrides contentEditable). + spellRecheckAll = oldState == EditingState::eContentEditable; + } + + // Adjust focused element with new style but blur event shouldn't be fired + // until mEditingState is modified with newState. + nsAutoScriptBlocker scriptBlocker; + if (designMode) { + nsCOMPtr<nsPIDOMWindowOuter> focusedWindow; + nsIContent* focusedContent = nsFocusManager::GetFocusedDescendant( + window, nsFocusManager::eOnlyCurrentWindow, + getter_AddRefs(focusedWindow)); + if (focusedContent) { + nsIFrame* focusedFrame = focusedContent->GetPrimaryFrame(); + bool clearFocus = focusedFrame + ? !focusedFrame->IsFocusable() + : !focusedContent->IsFocusableWithoutStyle(); + if (clearFocus) { + if (RefPtr<nsFocusManager> fm = nsFocusManager::GetFocusManager()) { + fm->ClearFocus(window); + // If we need to dispatch blur event, we should put off after + // modifying mEditingState since blur event handler may change + // designMode state again. + putOffToRemoveScriptBlockerUntilModifyingEditingState = true; + } + } + } + } + + if (makeWindowEditable) { + // Editing is being turned on (through designMode or contentEditable) + // Turn on editor. + // XXX This can cause flushing which can change the editing state, so make + // sure to avoid recursing. + rv = editSession->MakeWindowEditable(window, "html", false, false, true); + NS_ENSURE_SUCCESS(rv, rv); + } + + // XXX Need to call TearDownEditorOnWindow for all failures. + htmlEditor = docshell->GetHTMLEditor(); + if (!htmlEditor) { + // Return NS_OK even though we've failed to create an editor here. This + // is so that the setter of designMode on non-HTML documents does not + // fail. + // This is OK to do because in nsEditingSession::SetupEditorOnWindow() we + // would detect that we can't support the mimetype if appropriate and + // would fall onto the eEditorErrorCantEditMimeType path. + return NS_OK; + } + + if (collapseSelectionAtBeginningOfDocument) { + htmlEditor->BeginningOfDocument(); + } + + if (putOffToRemoveScriptBlockerUntilModifyingEditingState) { + nsContentUtils::AddScriptBlocker(); + } + } + + mEditingState = newState; + if (putOffToRemoveScriptBlockerUntilModifyingEditingState) { + nsContentUtils::RemoveScriptBlocker(); + // If mEditingState is overwritten by another call and already disabled + // the editing, we shouldn't keep making window editable. + if (mEditingState == EditingState::eOff) { + return NS_OK; + } + } + + if (makeWindowEditable) { + // TODO: We should do this earlier in this method. + // Previously, we called `ExecCommand` with `insertBrOnReturn` command + // whose argument is false here. Then, if it returns error, we + // stopped making it editable. However, after bug 1697078 fixed, + // `ExecCommand` returns error only when the document is not XHTML's + // nor HTML's. Therefore, we use same error handling for now. + if (MOZ_UNLIKELY(NS_WARN_IF(!IsHTMLOrXHTML()))) { + // Editor setup failed. Editing is not on after all. + // XXX Should we reset the editable flag on nodes? + editSession->TearDownEditorOnWindow(window); + mEditingState = EditingState::eOff; + return NS_ERROR_DOM_INVALID_STATE_ERR; + } + // Set the editor to not insert <br> elements on return when in <p> elements + // by default. + htmlEditor->SetReturnInParagraphCreatesNewParagraph(true); + } + + // Resync the editor's spellcheck state. + if (spellRecheckAll) { + nsCOMPtr<nsISelectionController> selectionController = + htmlEditor->GetSelectionController(); + if (NS_WARN_IF(!selectionController)) { + return NS_ERROR_FAILURE; + } + + RefPtr<Selection> spellCheckSelection = selectionController->GetSelection( + nsISelectionController::SELECTION_SPELLCHECK); + if (spellCheckSelection) { + spellCheckSelection->RemoveAllRanges(IgnoreErrors()); + } + } + htmlEditor->SyncRealTimeSpell(); + + MaybeDispatchCheckKeyPressEventModelEvent(); + + // If this document keeps having focus and the HTMLEditor is in the design + // mode, it may not receive `focus` event for this editing state change since + // this may occur without a focus change. Therefore, let's notify HTMLEditor + // of this editing state change. + if (thisDocumentHasFocus && htmlEditor->IsInDesignMode() && + ThisDocumentHasFocus()) { + DebugOnly<nsresult> rvIgnored = + htmlEditor->FocusedElementOrDocumentBecomesEditable(*this, nullptr); + NS_WARNING_ASSERTION(NS_SUCCEEDED(rvIgnored), + "HTMLEditor::FocusedElementOrDocumentBecomesEditable()" + " failed, but ignored"); + } + + return NS_OK; +} + +// Helper class, used below in ChangeContentEditableCount(). +class DeferredContentEditableCountChangeEvent : public Runnable { + public: + DeferredContentEditableCountChangeEvent(Document* aDoc, Element* aElement) + : mozilla::Runnable("DeferredContentEditableCountChangeEvent"), + mDoc(aDoc), + mElement(aElement) {} + + MOZ_CAN_RUN_SCRIPT_BOUNDARY NS_IMETHOD Run() override { + if (mElement && mElement->OwnerDoc() == mDoc) { + RefPtr<Document> doc = std::move(mDoc); + RefPtr<Element> element = std::move(mElement); + doc->DeferredContentEditableCountChange(element); + } + return NS_OK; + } + + private: + RefPtr<Document> mDoc; + RefPtr<Element> mElement; +}; + +void Document::ChangeContentEditableCount(Element* aElement, int32_t aChange) { + NS_ASSERTION(int32_t(mContentEditableCount) + aChange >= 0, + "Trying to decrement too much."); + + mContentEditableCount += aChange; + + if (aElement) { + nsContentUtils::AddScriptRunner( + new DeferredContentEditableCountChangeEvent(this, aElement)); + } +} + +void Document::DeferredContentEditableCountChange(Element* aElement) { + const RefPtr<nsFocusManager> fm = nsFocusManager::GetFocusManager(); + const bool elementHasFocus = + aElement && fm && fm->GetFocusedElement() == aElement; + if (elementHasFocus) { + MOZ_ASSERT(nsContentUtils::IsSafeToRunScript()); + // When contenteditable of aElement is changed and HTMLEditor works with it + // or needs to start working with it, HTMLEditor may not receive `focus` + // event nor `blur` event because this may occur without a focus change. + // Therefore, we need to notify HTMLEditor of this contenteditable attribute + // change. + RefPtr<HTMLEditor> htmlEditor = GetHTMLEditor(); + if (aElement->HasFlag(NODE_IS_EDITABLE)) { + if (htmlEditor) { + DebugOnly<nsresult> rvIgnored = + htmlEditor->FocusedElementOrDocumentBecomesEditable(*this, + aElement); + NS_WARNING_ASSERTION( + NS_SUCCEEDED(rvIgnored), + "HTMLEditor::FocusedElementOrDocumentBecomesEditable() failed, but " + "ignored"); + } + } else { + DebugOnly<nsresult> rvIgnored = + HTMLEditor::FocusedElementOrDocumentBecomesNotEditable( + htmlEditor, *this, aElement); + NS_WARNING_ASSERTION( + NS_SUCCEEDED(rvIgnored), + "HTMLEditor::FocusedElementOrDocumentBecomesNotEditable() failed, " + "but ignored"); + } + } + + if (mParser || + (mUpdateNestLevel > 0 && (mContentEditableCount > 0) != IsEditingOn())) { + return; + } + + EditingState oldState = mEditingState; + + nsresult rv = EditingStateChanged(); + NS_ENSURE_SUCCESS_VOID(rv); + + if (oldState == mEditingState && + mEditingState == EditingState::eContentEditable) { + // We just changed the contentEditable state of a node, we need to reset + // the spellchecking state of that node. + if (aElement) { + if (RefPtr<HTMLEditor> htmlEditor = GetHTMLEditor()) { + nsCOMPtr<nsIInlineSpellChecker> spellChecker; + rv = htmlEditor->GetInlineSpellChecker(false, + getter_AddRefs(spellChecker)); + NS_ENSURE_SUCCESS_VOID(rv); + + if (spellChecker && + aElement->InclusiveDescendantMayNeedSpellchecking(htmlEditor)) { + RefPtr<nsRange> range = nsRange::Create(aElement); + IgnoredErrorResult res; + range->SelectNode(*aElement, res); + if (res.Failed()) { + // The node might be detached from the document at this point, + // which would cause this call to fail. In this case, we can + // safely ignore the contenteditable count change. + return; + } + + rv = spellChecker->SpellCheckRange(range); + NS_ENSURE_SUCCESS_VOID(rv); + } + } + } + } + + // aElement causes creating new HTMLEditor and the element had and keep + // having focus, the HTMLEditor won't receive `focus` event. Therefore, we + // need to notify HTMLEditor of it becomes editable. + if (elementHasFocus && aElement->HasFlag(NODE_IS_EDITABLE) && + fm->GetFocusedElement() == aElement) { + if (RefPtr<HTMLEditor> htmlEditor = GetHTMLEditor()) { + DebugOnly<nsresult> rvIgnored = + htmlEditor->FocusedElementOrDocumentBecomesEditable(*this, aElement); + NS_WARNING_ASSERTION( + NS_SUCCEEDED(rvIgnored), + "HTMLEditor::FocusedElementOrDocumentBecomesEditable() failed, but " + "ignored"); + } + } +} + +void Document::MaybeDispatchCheckKeyPressEventModelEvent() { + // Currently, we need to check only when we're becoming editable for + // contenteditable. + if (mEditingState != EditingState::eContentEditable) { + return; + } + + if (mHasBeenEditable) { + return; + } + mHasBeenEditable = true; + + // Dispatch "CheckKeyPressEventModel" event. That is handled only by + // KeyPressEventModelCheckerChild. Then, it calls SetKeyPressEventModel() + // with proper keypress event for the active web app. + WidgetEvent checkEvent(true, eUnidentifiedEvent); + checkEvent.mSpecifiedEventType = nsGkAtoms::onCheckKeyPressEventModel; + checkEvent.mFlags.mCancelable = false; + checkEvent.mFlags.mBubbles = false; + checkEvent.mFlags.mOnlySystemGroupDispatch = true; + // Post the event rather than dispatching it synchronously because we need + // a call of SetKeyPressEventModel() before first key input. Therefore, we + // can avoid paying unnecessary runtime cost for most web apps. + (new AsyncEventDispatcher(this, checkEvent))->PostDOMEvent(); +} + +void Document::SetKeyPressEventModel(uint16_t aKeyPressEventModel) { + PresShell* presShell = GetPresShell(); + if (!presShell) { + return; + } + presShell->SetKeyPressEventModel(aKeyPressEventModel); +} + +TimeStamp Document::LastFocusTime() const { return mLastFocusTime; } + +void Document::SetLastFocusTime(const TimeStamp& aFocusTime) { + MOZ_DIAGNOSTIC_ASSERT(!aFocusTime.IsNull()); + MOZ_DIAGNOSTIC_ASSERT(mLastFocusTime.IsNull() || + aFocusTime >= mLastFocusTime); + mLastFocusTime = aFocusTime; +} + +void Document::GetReferrer(nsAString& aReferrer) const { + aReferrer.Truncate(); + if (!mReferrerInfo) { + return; + } + + nsCOMPtr<nsIURI> referrer = mReferrerInfo->GetComputedReferrer(); + if (!referrer) { + return; + } + + nsAutoCString uri; + nsresult rv = URLDecorationStripper::StripTrackingIdentifiers(referrer, uri); + if (NS_WARN_IF(NS_FAILED(rv))) { + return; + } + + CopyUTF8toUTF16(uri, aReferrer); +} + +void Document::GetCookie(nsAString& aCookie, ErrorResult& aRv) { + aCookie.Truncate(); // clear current cookie in case service fails; + // no cookie isn't an error condition. + + if (mDisableCookieAccess) { + return; + } + + // If the document's sandboxed origin flag is set, then reading cookies + // is prohibited. + if (mSandboxFlags & SANDBOXED_ORIGIN) { + aRv.ThrowSecurityError( + "Forbidden in a sandboxed document without the 'allow-same-origin' " + "flag."); + return; + } + + StorageAccess storageAccess = CookieAllowedForDocument(this); + if (storageAccess == StorageAccess::eDeny) { + return; + } + + if (ShouldPartitionStorage(storageAccess) && + !StoragePartitioningEnabled(storageAccess, CookieJarSettings())) { + return; + } + + // If the document is a cookie-averse Document... return the empty string. + if (IsCookieAverse()) { + return; + } + + // not having a cookie service isn't an error + nsCOMPtr<nsICookieService> service = + do_GetService(NS_COOKIESERVICE_CONTRACTID); + if (service) { + nsAutoCString cookie; + service->GetCookieStringFromDocument(this, cookie); + // CopyUTF8toUTF16 doesn't handle error + // because it assumes that the input is valid. + UTF_8_ENCODING->DecodeWithoutBOMHandling(cookie, aCookie); + } +} + +void Document::SetCookie(const nsAString& aCookie, ErrorResult& aRv) { + if (mDisableCookieAccess) { + return; + } + + // If the document's sandboxed origin flag is set, then setting cookies + // is prohibited. + if (mSandboxFlags & SANDBOXED_ORIGIN) { + aRv.ThrowSecurityError( + "Forbidden in a sandboxed document without the 'allow-same-origin' " + "flag."); + return; + } + + StorageAccess storageAccess = CookieAllowedForDocument(this); + if (storageAccess == StorageAccess::eDeny) { + return; + } + + if (ShouldPartitionStorage(storageAccess) && + !StoragePartitioningEnabled(storageAccess, CookieJarSettings())) { + return; + } + + // If the document is a cookie-averse Document... do nothing. + if (IsCookieAverse()) { + return; + } + + if (!mDocumentURI) { + return; + } + + // not having a cookie service isn't an error + nsCOMPtr<nsICookieService> service = + do_GetService(NS_COOKIESERVICE_CONTRACTID); + if (!service) { + return; + } + + NS_ConvertUTF16toUTF8 cookie(aCookie); + nsresult rv = service->SetCookieStringFromDocument(this, cookie); + + // No warning messages here. + if (NS_FAILED(rv)) { + return; + } + + nsCOMPtr<nsIObserverService> observerService = + mozilla::services::GetObserverService(); + if (observerService) { + observerService->NotifyObservers(ToSupports(this), "document-set-cookie", + nsString(aCookie).get()); + } +} + +ReferrerPolicy Document::GetReferrerPolicy() const { + return mReferrerInfo ? mReferrerInfo->ReferrerPolicy() + : ReferrerPolicy::_empty; +} + +void Document::GetAlinkColor(nsAString& aAlinkColor) { + aAlinkColor.Truncate(); + + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->GetALink(aAlinkColor); + } +} + +void Document::SetAlinkColor(const nsAString& aAlinkColor) { + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->SetALink(aAlinkColor); + } +} + +void Document::GetLinkColor(nsAString& aLinkColor) { + aLinkColor.Truncate(); + + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->GetLink(aLinkColor); + } +} + +void Document::SetLinkColor(const nsAString& aLinkColor) { + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->SetLink(aLinkColor); + } +} + +void Document::GetVlinkColor(nsAString& aVlinkColor) { + aVlinkColor.Truncate(); + + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->GetVLink(aVlinkColor); + } +} + +void Document::SetVlinkColor(const nsAString& aVlinkColor) { + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->SetVLink(aVlinkColor); + } +} + +void Document::GetBgColor(nsAString& aBgColor) { + aBgColor.Truncate(); + + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->GetBgColor(aBgColor); + } +} + +void Document::SetBgColor(const nsAString& aBgColor) { + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->SetBgColor(aBgColor); + } +} + +void Document::GetFgColor(nsAString& aFgColor) { + aFgColor.Truncate(); + + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->GetText(aFgColor); + } +} + +void Document::SetFgColor(const nsAString& aFgColor) { + HTMLBodyElement* body = GetBodyElement(); + if (body) { + body->SetText(aFgColor); + } +} + +void Document::CaptureEvents() { + WarnOnceAbout(DeprecatedOperations::eUseOfCaptureEvents); +} + +void Document::ReleaseEvents() { + WarnOnceAbout(DeprecatedOperations::eUseOfReleaseEvents); +} + +HTMLAllCollection* Document::All() { + if (!mAll) { + mAll = new HTMLAllCollection(this); + } + return mAll; +} + +nsresult Document::GetSrcdocData(nsAString& aSrcdocData) { + if (mIsSrcdocDocument) { + nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(mChannel); + if (inStrmChan) { + return inStrmChan->GetSrcdocData(aSrcdocData); + } + } + aSrcdocData = VoidString(); + return NS_OK; +} + +Nullable<WindowProxyHolder> Document::GetDefaultView() const { + nsPIDOMWindowOuter* win = GetWindow(); + if (!win) { + return nullptr; + } + return WindowProxyHolder(win->GetBrowsingContext()); +} + +nsIContent* Document::GetUnretargetedFocusedContent( + IncludeChromeOnly aIncludeChromeOnly) const { + nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow(); + if (!window) { + return nullptr; + } + nsCOMPtr<nsPIDOMWindowOuter> focusedWindow; + nsIContent* focusedContent = nsFocusManager::GetFocusedDescendant( + window, nsFocusManager::eOnlyCurrentWindow, + getter_AddRefs(focusedWindow)); + if (!focusedContent) { + return nullptr; + } + // be safe and make sure the element is from this document + if (focusedContent->OwnerDoc() != this) { + return nullptr; + } + if (focusedContent->ChromeOnlyAccess() && + aIncludeChromeOnly == IncludeChromeOnly::No) { + return focusedContent->FindFirstNonChromeOnlyAccessContent(); + } + return focusedContent; +} + +Element* Document::GetActiveElement() { + // Get the focused element. + Element* focusedElement = GetRetargetedFocusedElement(); + if (focusedElement) { + return focusedElement; + } + + // No focused element anywhere in this document. Try to get the BODY. + if (IsHTMLOrXHTML()) { + Element* bodyElement = AsHTMLDocument()->GetBody(); + if (bodyElement) { + return bodyElement; + } + // Special case to handle the transition to XHTML from XUL documents + // where there currently isn't a body element, but we need to match the + // XUL behavior. This should be removed when bug 1540278 is resolved. + if (nsContentUtils::IsChromeDoc(this)) { + Element* docElement = GetDocumentElement(); + if (docElement && docElement->IsXULElement()) { + return docElement; + } + } + // Because of IE compatibility, return null when html document doesn't have + // a body. + return nullptr; + } + + // If we couldn't get a BODY, return the root element. + return GetDocumentElement(); +} + +Element* Document::GetCurrentScript() { + nsCOMPtr<Element> el(do_QueryInterface(ScriptLoader()->GetCurrentScript())); + return el; +} + +void Document::ReleaseCapture() const { + // only release the capture if the caller can access it. This prevents a + // page from stopping a scrollbar grab for example. + nsCOMPtr<nsINode> node = PresShell::GetCapturingContent(); + if (node && nsContentUtils::CanCallerAccess(node)) { + PresShell::ReleaseCapturingContent(); + } +} + +nsIURI* Document::GetBaseURI(bool aTryUseXHRDocBaseURI) const { + if (aTryUseXHRDocBaseURI && mChromeXHRDocBaseURI) { + return mChromeXHRDocBaseURI; + } + + return GetDocBaseURI(); +} + +void Document::SetBaseURI(nsIURI* aURI) { + if (!aURI && !mDocumentBaseURI) { + return; + } + + // Don't do anything if the URI wasn't actually changed. + if (aURI && mDocumentBaseURI) { + bool equalBases = false; + mDocumentBaseURI->Equals(aURI, &equalBases); + if (equalBases) { + return; + } + } + + mDocumentBaseURI = aURI; + mCachedURLData = nullptr; + RefreshLinkHrefs(); +} + +Result<OwningNonNull<nsIURI>, nsresult> Document::ResolveWithBaseURI( + const nsAString& aURI) { + RefPtr<nsIURI> resolvedURI; + MOZ_TRY( + NS_NewURI(getter_AddRefs(resolvedURI), aURI, nullptr, GetDocBaseURI())); + return OwningNonNull<nsIURI>(std::move(resolvedURI)); +} + +nsIReferrerInfo* Document::ReferrerInfoForInternalCSSAndSVGResources() { + if (!mCachedReferrerInfoForInternalCSSAndSVGResources) { + mCachedReferrerInfoForInternalCSSAndSVGResources = + ReferrerInfo::CreateForInternalCSSAndSVGResources(this); + } + return mCachedReferrerInfoForInternalCSSAndSVGResources; +} + +URLExtraData* Document::DefaultStyleAttrURLData() { + MOZ_ASSERT(NS_IsMainThread()); + if (!mCachedURLData) { + mCachedURLData = new URLExtraData( + GetDocBaseURI(), ReferrerInfoForInternalCSSAndSVGResources(), + NodePrincipal()); + } + return mCachedURLData; +} + +void Document::SetDocumentCharacterSet(NotNull<const Encoding*> aEncoding) { + if (mCharacterSet != aEncoding) { + mCharacterSet = aEncoding; + mEncodingMenuDisabled = aEncoding == UTF_8_ENCODING; + RecomputeLanguageFromCharset(); + + if (nsPresContext* context = GetPresContext()) { + context->DocumentCharSetChanged(aEncoding); + } + } +} + +void Document::GetSandboxFlagsAsString(nsAString& aFlags) { + nsContentUtils::SandboxFlagsToString(mSandboxFlags, aFlags); +} + +void Document::GetHeaderData(nsAtom* aHeaderField, nsAString& aData) const { + aData.Truncate(); + const HeaderData* data = mHeaderData.get(); + while (data) { + if (data->mField == aHeaderField) { + aData = data->mData; + break; + } + data = data->mNext.get(); + } +} + +void Document::SetHeaderData(nsAtom* aHeaderField, const nsAString& aData) { + if (!aHeaderField) { + NS_ERROR("null headerField"); + return; + } + + if (!mHeaderData) { + if (!aData.IsEmpty()) { // don't bother storing empty string + mHeaderData = MakeUnique<HeaderData>(aHeaderField, aData); + } + } else { + HeaderData* data = mHeaderData.get(); + UniquePtr<HeaderData>* lastPtr = &mHeaderData; + bool found = false; + do { // look for existing and replace + if (data->mField == aHeaderField) { + if (!aData.IsEmpty()) { + data->mData.Assign(aData); + } else { // don't store empty string + // Note that data->mNext is moved to a temporary before the old value + // of *lastPtr is deleted. + *lastPtr = std::move(data->mNext); + } + found = true; + + break; + } + lastPtr = &data->mNext; + data = lastPtr->get(); + } while (data); + + if (!aData.IsEmpty() && !found) { + // didn't find, append + *lastPtr = MakeUnique<HeaderData>(aHeaderField, aData); + } + } + + if (aHeaderField == nsGkAtoms::headerContentLanguage) { + if (aData.IsEmpty()) { + mContentLanguage = nullptr; + } else { + mContentLanguage = NS_AtomizeMainThread(aData); + } + mMayNeedFontPrefsUpdate = true; + if (auto* presContext = GetPresContext()) { + presContext->ContentLanguageChanged(); + } + } + + if (aHeaderField == nsGkAtoms::origin_trial) { + mTrials.UpdateFromToken(aData, NodePrincipal()); + if (mTrials.IsEnabled(OriginTrial::CoepCredentialless)) { + InitCOEP(mChannel); + + // If we still don't have a WindowContext, WindowContext::OnNewDocument + // will take care of this. + if (WindowContext* ctx = GetWindowContext()) { + if (mEmbedderPolicy) { + Unused << ctx->SetEmbedderPolicy(mEmbedderPolicy.value()); + } + } + } + } + + if (aHeaderField == nsGkAtoms::headerDefaultStyle) { + SetPreferredStyleSheetSet(aData); + } + + if (aHeaderField == nsGkAtoms::refresh && !IsStaticDocument()) { + // We get into this code before we have a script global yet, so get to our + // container via mDocumentContainer. + if (mDocumentContainer) { + // Note: using mDocumentURI instead of mBaseURI here, for consistency + // (used to just use the current URI of our webnavigation, but that + // should really be the same thing). Note that this code can run + // before the current URI of the webnavigation has been updated, so we + // can't assert equality here. + mDocumentContainer->SetupRefreshURIFromHeader(this, aData); + } + } + + if (aHeaderField == nsGkAtoms::headerDNSPrefetchControl && + mAllowDNSPrefetch) { + // Chromium treats any value other than 'on' (case insensitive) as 'off'. + mAllowDNSPrefetch = aData.IsEmpty() || aData.LowerCaseEqualsLiteral("on"); + } + + if (aHeaderField == nsGkAtoms::handheldFriendly) { + mViewportType = Unknown; + } +} + +void Document::SetEarlyHints( + nsTArray<net::EarlyHintConnectArgs>&& aEarlyHints) { + mEarlyHints = std::move(aEarlyHints); +} + +void Document::TryChannelCharset(nsIChannel* aChannel, int32_t& aCharsetSource, + NotNull<const Encoding*>& aEncoding, + nsHtml5TreeOpExecutor* aExecutor) { + if (aChannel) { + nsAutoCString charsetVal; + nsresult rv = aChannel->GetContentCharset(charsetVal); + if (NS_SUCCEEDED(rv)) { + const Encoding* preferred = Encoding::ForLabel(charsetVal); + if (preferred) { + if (aExecutor && preferred == REPLACEMENT_ENCODING) { + aExecutor->ComplainAboutBogusProtocolCharset(this, false); + } + aEncoding = WrapNotNull(preferred); + aCharsetSource = kCharsetFromChannel; + return; + } else if (aExecutor && !charsetVal.IsEmpty()) { + aExecutor->ComplainAboutBogusProtocolCharset(this, true); + } + } + } +} + +static inline void AssertNoStaleServoDataIn(nsINode& aSubtreeRoot) { +#ifdef DEBUG + for (nsINode* node : ShadowIncludingTreeIterator(aSubtreeRoot)) { + const Element* element = Element::FromNode(node); + if (!element) { + continue; + } + MOZ_ASSERT(!element->HasServoData()); + } +#endif +} + +already_AddRefed<PresShell> Document::CreatePresShell( + nsPresContext* aContext, nsViewManager* aViewManager) { + MOZ_DIAGNOSTIC_ASSERT(!mPresShell, "We have a presshell already!"); + + NS_ENSURE_FALSE(GetBFCacheEntry(), nullptr); + + AssertNoStaleServoDataIn(*this); + + RefPtr<PresShell> presShell = new PresShell(this); + // Note: we don't hold a ref to the shell (it holds a ref to us) + mPresShell = presShell; + + if (!mStyleSetFilled) { + FillStyleSet(); + } + + presShell->Init(aContext, aViewManager); + if (RefPtr<class HighlightRegistry> highlightRegistry = mHighlightRegistry) { + highlightRegistry->AddHighlightSelectionsToFrameSelection(); + } + // Gaining a shell causes changes in how media queries are evaluated, so + // invalidate that. + aContext->MediaFeatureValuesChanged( + {MediaFeatureChange::kAllChanges}, + MediaFeatureChangePropagation::JustThisDocument); + + // Make sure to never paint if we belong to an invisible DocShell. + nsCOMPtr<nsIDocShell> docShell(mDocumentContainer); + if (docShell && docShell->IsInvisible()) { + presShell->SetNeverPainting(true); + } + + MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, + ("DOCUMENT %p with PressShell %p and DocShell %p", this, + presShell.get(), docShell.get())); + + mExternalResourceMap.ShowViewers(); + + UpdateFrameRequestCallbackSchedulingState(); + + if (mDocumentL10n) { + // In case we already accumulated mutations, + // we'll trigger the refresh driver now. + mDocumentL10n->OnCreatePresShell(); + } + + if (HasAutoFocusCandidates()) { + ScheduleFlushAutoFocusCandidates(); + } + // Now that we have a shell, we might have @font-face rules (the presence of a + // shell may change which rules apply to us). We don't need to do anything + // like EnsureStyleFlush or such, there's nothing to update yet and when stuff + // is ready to update we'll flush the font set. + MarkUserFontSetDirty(); + + // Take the author style disabled state from the top browsing cvontext. + // (PageStyleChild.sys.mjs ensures this is up to date.) + if (BrowsingContext* bc = GetBrowsingContext()) { + presShell->SetAuthorStyleDisabled(bc->Top()->AuthorStyleDisabledDefault()); + } + + return presShell.forget(); +} + +void Document::UpdateFrameRequestCallbackSchedulingState( + PresShell* aOldPresShell) { + // If this condition changes to depend on some other variable, make sure to + // call UpdateFrameRequestCallbackSchedulingState() calls to the places where + // that variable can change. Also consider if you should change + // WouldScheduleFrameRequestCallbacks() instead of adding more stuff to this + // condition. + bool shouldBeScheduled = + WouldScheduleFrameRequestCallbacks() && !mFrameRequestManager.IsEmpty(); + if (shouldBeScheduled == mFrameRequestCallbacksScheduled) { + // nothing to do + return; + } + + PresShell* presShell = aOldPresShell ? aOldPresShell : mPresShell; + MOZ_RELEASE_ASSERT(presShell); + + nsRefreshDriver* rd = presShell->GetPresContext()->RefreshDriver(); + if (shouldBeScheduled) { + rd->ScheduleFrameRequestCallbacks(this); + } else { + rd->RevokeFrameRequestCallbacks(this); + } + + mFrameRequestCallbacksScheduled = shouldBeScheduled; +} + +void Document::TakeFrameRequestCallbacks(nsTArray<FrameRequest>& aCallbacks) { + MOZ_ASSERT(aCallbacks.IsEmpty()); + mFrameRequestManager.Take(aCallbacks); + // No need to manually remove ourselves from the refresh driver; it will + // handle that part. But we do have to update our state. + mFrameRequestCallbacksScheduled = false; +} + +bool Document::ShouldThrottleFrameRequests() const { + if (mStaticCloneCount > 0) { + // Even if we're not visible, a static clone may be, so run at full speed. + return false; + } + + if (Hidden()) { + // We're not visible (probably in a background tab or the bf cache). + return true; + } + + if (!mPresShell) { + // Can't do anything smarter. We don't run frame requests in documents + // without a pres shell anyways. + return false; + } + + if (!mPresShell->IsActive()) { + // The pres shell is not active (we're an invisible OOP iframe or such), so + // throttle. + return true; + } + + if (mPresShell->IsPaintingSuppressed()) { + // Historically we have throttled frame requests until we've painted at + // least once, so keep doing that. + return true; + } + + if (mPresShell->IsUnderHiddenEmbedderElement()) { + // For display: none and visibility: hidden we always throttle, for + // consistency with OOP iframes. + return true; + } + + Element* el = GetEmbedderElement(); + if (!el) { + // If we're not in-process, our refresh driver is throttled separately (via + // PresShell::SetIsActive, so not much more we can do here. + return false; + } + + if (!StaticPrefs::layout_throttle_in_process_iframes()) { + return false; + } + + // Note that because we have to scroll this document into view at least once + // to unthrottle it, we will drop one requestAnimationFrame frame when a + // document that previously wasn't visible scrolls into view. This is + // acceptable / unlikely to be human-perceivable, though we could improve on + // it if needed by adding an intersection margin or something of that sort. + const IntersectionInput input = DOMIntersectionObserver::ComputeInput( + *el->OwnerDoc(), /* aRoot = */ nullptr, /* aRootMargin = */ nullptr); + const IntersectionOutput output = + DOMIntersectionObserver::Intersect(input, *el); + return !output.Intersects(); +} + +void Document::DeletePresShell() { + mExternalResourceMap.HideViewers(); + if (nsPresContext* presContext = mPresShell->GetPresContext()) { + presContext->RefreshDriver()->CancelPendingFullscreenEvents(this); + presContext->RefreshDriver()->CancelFlushAutoFocus(this); + } + + // When our shell goes away, request that all our images be immediately + // discarded, so we don't carry around decoded image data for a document we + // no longer intend to paint. + ImageTracker()->RequestDiscardAll(); + + // Now that we no longer have a shell, we need to forget about any FontFace + // objects for @font-face rules that came from the style set. There's no need + // to call EnsureStyleFlush either, the shell is going away anyway, so there's + // no point on it. + MarkUserFontSetDirty(); + + if (IsEditingOn()) { + TurnEditingOff(); + } + + PresShell* oldPresShell = mPresShell; + mPresShell = nullptr; + UpdateFrameRequestCallbackSchedulingState(oldPresShell); + + ClearStaleServoData(); + AssertNoStaleServoDataIn(*this); + + mStyleSet->ShellDetachedFromDocument(); + mStyleSetFilled = false; + mQuirkSheetAdded = false; + mContentEditableSheetAdded = false; + mDesignModeSheetAdded = false; +} + +void Document::DisallowBFCaching(uint32_t aStatus) { + NS_ASSERTION(!mBFCacheEntry, "We're already in the bfcache!"); + if (!mBFCacheDisallowed) { + if (WindowGlobalChild* wgc = GetWindowGlobalChild()) { + wgc->SendUpdateBFCacheStatus(aStatus, 0); + } + } + mBFCacheDisallowed = true; +} + +void Document::SetBFCacheEntry(nsIBFCacheEntry* aEntry) { + MOZ_ASSERT(IsBFCachingAllowed() || !aEntry, "You should have checked!"); + + if (mPresShell) { + if (aEntry) { + mPresShell->StopObservingRefreshDriver(); + } else if (mBFCacheEntry) { + mPresShell->StartObservingRefreshDriver(); + } + } + mBFCacheEntry = aEntry; +} + +bool Document::RemoveFromBFCacheSync() { + bool removed = false; + if (nsCOMPtr<nsIBFCacheEntry> entry = GetBFCacheEntry()) { + entry->RemoveFromBFCacheSync(); + removed = true; + } else if (!IsCurrentActiveDocument()) { + // In the old bfcache implementation while the new page is loading, but + // before nsIDocumentViewer.show() has been called, the previous page + // doesn't yet have nsIBFCacheEntry. However, the previous page isn't the + // current active document anymore. + DisallowBFCaching(); + removed = true; + } + + if (mozilla::SessionHistoryInParent() && XRE_IsContentProcess()) { + if (BrowsingContext* bc = GetBrowsingContext()) { + if (bc->IsInBFCache()) { + ContentChild* cc = ContentChild::GetSingleton(); + // IPC is asynchronous but the caller is supposed to check the return + // value. The reason for 'Sync' in the method name is that the old + // implementation may run scripts. There is Async variant in + // the old session history implementation for the cases where + // synchronous operation isn't safe. + cc->SendRemoveFromBFCache(bc->Top()); + removed = true; + } + } + } + return removed; +} + +static void SubDocClearEntry(PLDHashTable* table, PLDHashEntryHdr* entry) { + SubDocMapEntry* e = static_cast<SubDocMapEntry*>(entry); + + NS_RELEASE(e->mKey); + if (e->mSubDocument) { + e->mSubDocument->SetParentDocument(nullptr); + NS_RELEASE(e->mSubDocument); + } +} + +static void SubDocInitEntry(PLDHashEntryHdr* entry, const void* key) { + SubDocMapEntry* e = + const_cast<SubDocMapEntry*>(static_cast<const SubDocMapEntry*>(entry)); + + e->mKey = const_cast<Element*>(static_cast<const Element*>(key)); + NS_ADDREF(e->mKey); + + e->mSubDocument = nullptr; +} + +nsresult Document::SetSubDocumentFor(Element* aElement, Document* aSubDoc) { + NS_ENSURE_TRUE(aElement, NS_ERROR_UNEXPECTED); + + if (!aSubDoc) { + // aSubDoc is nullptr, remove the mapping + + if (mSubDocuments) { + mSubDocuments->Remove(aElement); + } + } else { + if (!mSubDocuments) { + // Create a new hashtable + + static const PLDHashTableOps hash_table_ops = { + PLDHashTable::HashVoidPtrKeyStub, PLDHashTable::MatchEntryStub, + PLDHashTable::MoveEntryStub, SubDocClearEntry, SubDocInitEntry}; + + mSubDocuments = new PLDHashTable(&hash_table_ops, sizeof(SubDocMapEntry)); + } + + // Add a mapping to the hash table + auto entry = + static_cast<SubDocMapEntry*>(mSubDocuments->Add(aElement, fallible)); + + if (!entry) { + return NS_ERROR_OUT_OF_MEMORY; + } + + if (entry->mSubDocument) { + entry->mSubDocument->SetParentDocument(nullptr); + + // Release the old sub document + NS_RELEASE(entry->mSubDocument); + } + + entry->mSubDocument = aSubDoc; + NS_ADDREF(entry->mSubDocument); + + aSubDoc->SetParentDocument(this); + } + + return NS_OK; +} + +Document* Document::GetSubDocumentFor(nsIContent* aContent) const { + if (mSubDocuments && aContent->IsElement()) { + auto entry = static_cast<SubDocMapEntry*>( + mSubDocuments->Search(aContent->AsElement())); + + if (entry) { + return entry->mSubDocument; + } + } + + return nullptr; +} + +Element* Document::GetEmbedderElement() const { + // We check if we're the active document in our BrowsingContext + // by comparing against its document, rather than checking if the + // WindowContext is cached, since mWindow may be null when we're + // called (such as in nsPresContext::Init). + if (BrowsingContext* bc = GetBrowsingContext()) { + return bc->GetExtantDocument() == this ? bc->GetEmbedderElement() : nullptr; + } + + return nullptr; +} + +Element* Document::GetRootElement() const { + return (mCachedRootElement && mCachedRootElement->GetParentNode() == this) + ? mCachedRootElement + : GetRootElementInternal(); +} + +Element* Document::GetUnfocusedKeyEventTarget() { return GetRootElement(); } + +Element* Document::GetRootElementInternal() const { + // We invoke GetRootElement() immediately before the servo traversal, so we + // should always have a cache hit from Servo. + MOZ_ASSERT(NS_IsMainThread()); + + // Loop backwards because any non-elements, such as doctypes and PIs + // are likely to appear before the root element. + for (nsIContent* child = GetLastChild(); child; + child = child->GetPreviousSibling()) { + if (Element* element = Element::FromNode(child)) { + const_cast<Document*>(this)->mCachedRootElement = element; + return element; + } + } + + const_cast<Document*>(this)->mCachedRootElement = nullptr; + return nullptr; +} + +void Document::InsertChildBefore(nsIContent* aKid, nsIContent* aBeforeThis, + bool aNotify, ErrorResult& aRv) { + if (aKid->IsElement() && GetRootElement()) { + NS_WARNING("Inserting root element when we already have one"); + aRv.ThrowHierarchyRequestError("There is already a root element."); + return; + } + + nsINode::InsertChildBefore(aKid, aBeforeThis, aNotify, aRv); +} + +void Document::RemoveChildNode(nsIContent* aKid, bool aNotify) { + Maybe<mozAutoDocUpdate> updateBatch; + if (aKid->IsElement()) { + updateBatch.emplace(this, aNotify); + // Destroy the link map up front before we mess with the child list. + DestroyElementMaps(); + } + + // Preemptively clear mCachedRootElement, since we may be about to remove it + // from our child list, and we don't want to return this maybe-obsolete value + // from any GetRootElement() calls that happen inside of RemoveChildNode(). + // (NOTE: for this to be useful, RemoveChildNode() must NOT trigger any + // GetRootElement() calls until after it's removed the child from mChildren. + // Any call before that point would restore this soon-to-be-obsolete cached + // answer, and our clearing here would be fruitless.) + mCachedRootElement = nullptr; + nsINode::RemoveChildNode(aKid, aNotify); + MOZ_ASSERT(mCachedRootElement != aKid, + "Stale pointer in mCachedRootElement, after we tried to clear it " + "(maybe somebody called GetRootElement() too early?)"); +} + +void Document::AddStyleSheetToStyleSets(StyleSheet& aSheet) { + if (mStyleSetFilled) { + EnsureStyleSet().AddDocStyleSheet(aSheet); + ApplicableStylesChanged(); + } +} + +void Document::RecordShadowStyleChange(ShadowRoot& aShadowRoot) { + EnsureStyleSet().RecordShadowStyleChange(aShadowRoot); + ApplicableStylesChanged(/* aKnownInShadowTree= */ true); +} + +void Document::ApplicableStylesChanged(bool aKnownInShadowTree) { + // TODO(emilio): if we decide to resolve style in display: none iframes, then + // we need to always track style changes and remove the mStyleSetFilled. + if (!mStyleSetFilled) { + return; + } + if (!aKnownInShadowTree) { + MarkUserFontSetDirty(); + } + PresShell* ps = GetPresShell(); + if (!ps) { + return; + } + + ps->EnsureStyleFlush(); + nsPresContext* pc = ps->GetPresContext(); + if (!pc) { + return; + } + + if (!aKnownInShadowTree) { + pc->MarkCounterStylesDirty(); + pc->MarkFontFeatureValuesDirty(); + pc->MarkFontPaletteValuesDirty(); + } + pc->RestyleManager()->NextRestyleIsForCSSRuleChanges(); +} + +void Document::RemoveStyleSheetFromStyleSets(StyleSheet& aSheet) { + if (mStyleSetFilled) { + mStyleSet->RemoveStyleSheet(aSheet); + ApplicableStylesChanged(); + } +} + +void Document::InsertSheetAt(size_t aIndex, StyleSheet& aSheet) { + DocumentOrShadowRoot::InsertSheetAt(aIndex, aSheet); + + if (aSheet.IsApplicable()) { + AddStyleSheetToStyleSets(aSheet); + } +} + +void Document::StyleSheetApplicableStateChanged(StyleSheet& aSheet) { + const bool applicable = aSheet.IsApplicable(); + // If we're actually in the document style sheet list + if (StyleOrderIndexOfSheet(aSheet) >= 0) { + if (applicable) { + AddStyleSheetToStyleSets(aSheet); + } else { + RemoveStyleSheetFromStyleSets(aSheet); + } + } +} + +void Document::PostStyleSheetApplicableStateChangeEvent(StyleSheet& aSheet) { + if (!StyleSheetChangeEventsEnabled()) { + return; + } + + StyleSheetApplicableStateChangeEventInit init; + init.mBubbles = true; + init.mCancelable = true; + init.mStylesheet = &aSheet; + init.mApplicable = aSheet.IsApplicable(); + + RefPtr<StyleSheetApplicableStateChangeEvent> event = + StyleSheetApplicableStateChangeEvent::Constructor( + this, u"StyleSheetApplicableStateChanged"_ns, init); + event->SetTrusted(true); + event->SetTarget(this); + RefPtr<AsyncEventDispatcher> asyncDispatcher = + new AsyncEventDispatcher(this, event.forget(), ChromeOnlyDispatch::eYes); + asyncDispatcher->PostDOMEvent(); +} + +void Document::PostStyleSheetRemovedEvent(StyleSheet& aSheet) { + if (!StyleSheetChangeEventsEnabled()) { + return; + } + + StyleSheetRemovedEventInit init; + init.mBubbles = true; + init.mCancelable = false; + init.mStylesheet = &aSheet; + + RefPtr<StyleSheetRemovedEvent> event = + StyleSheetRemovedEvent::Constructor(this, u"StyleSheetRemoved"_ns, init); + event->SetTrusted(true); + event->SetTarget(this); + RefPtr<AsyncEventDispatcher> asyncDispatcher = + new AsyncEventDispatcher(this, event.forget(), ChromeOnlyDispatch::eYes); + asyncDispatcher->PostDOMEvent(); +} + +void Document::PostCustomPropertyRegistered( + const PropertyDefinition& aDefinition) { + if (!StyleSheetChangeEventsEnabled()) { + return; + } + + CSSCustomPropertyRegisteredEventInit init; + init.mBubbles = true; + init.mCancelable = false; + + InspectorCSSPropertyDefinition property; + + property.mName.Append(aDefinition.mName); + property.mSyntax.Append(aDefinition.mSyntax); + property.mInherits = aDefinition.mInherits; + if (aDefinition.mInitialValue.WasPassed()) { + property.mInitialValue.Append(aDefinition.mInitialValue.Value()); + } else { + property.mInitialValue.SetIsVoid(true); + } + property.mFromJS = true; + init.mPropertyDefinition = property; + + RefPtr<CSSCustomPropertyRegisteredEvent> event = + CSSCustomPropertyRegisteredEvent::Constructor( + this, u"csscustompropertyregistered"_ns, init); + event->SetTrusted(true); + event->SetTarget(this); + RefPtr<AsyncEventDispatcher> asyncDispatcher = + new AsyncEventDispatcher(this, event.forget(), ChromeOnlyDispatch::eYes); + asyncDispatcher->PostDOMEvent(); +} + +static int32_t FindSheet(const nsTArray<RefPtr<StyleSheet>>& aSheets, + nsIURI* aSheetURI) { + for (int32_t i = aSheets.Length() - 1; i >= 0; i--) { + bool bEqual; + nsIURI* uri = aSheets[i]->GetSheetURI(); + + if (uri && NS_SUCCEEDED(uri->Equals(aSheetURI, &bEqual)) && bEqual) + return i; + } + + return -1; +} + +nsresult Document::LoadAdditionalStyleSheet(additionalSheetType aType, + nsIURI* aSheetURI) { + MOZ_ASSERT(aSheetURI, "null arg"); + + // Checking if we have loaded this one already. + if (FindSheet(mAdditionalSheets[aType], aSheetURI) >= 0) + return NS_ERROR_INVALID_ARG; + + // Loading the sheet sync. + RefPtr<css::Loader> loader = new css::Loader(GetDocGroup()); + + css::SheetParsingMode parsingMode; + switch (aType) { + case Document::eAgentSheet: + parsingMode = css::eAgentSheetFeatures; + break; + + case Document::eUserSheet: + parsingMode = css::eUserSheetFeatures; + break; + + case Document::eAuthorSheet: + parsingMode = css::eAuthorSheetFeatures; + break; + + default: + MOZ_CRASH("impossible value for aType"); + } + + auto result = loader->LoadSheetSync(aSheetURI, parsingMode, + css::Loader::UseSystemPrincipal::Yes); + if (result.isErr()) { + return result.unwrapErr(); + } + + RefPtr<StyleSheet> sheet = result.unwrap(); + + sheet->SetAssociatedDocumentOrShadowRoot(this); + MOZ_ASSERT(sheet->IsApplicable()); + + return AddAdditionalStyleSheet(aType, sheet); +} + +nsresult Document::AddAdditionalStyleSheet(additionalSheetType aType, + StyleSheet* aSheet) { + if (mAdditionalSheets[aType].Contains(aSheet)) { + return NS_ERROR_INVALID_ARG; + } + + if (!aSheet->IsApplicable()) { + return NS_ERROR_INVALID_ARG; + } + + mAdditionalSheets[aType].AppendElement(aSheet); + + if (mStyleSetFilled) { + EnsureStyleSet().AppendStyleSheet(*aSheet); + ApplicableStylesChanged(); + } + return NS_OK; +} + +void Document::RemoveAdditionalStyleSheet(additionalSheetType aType, + nsIURI* aSheetURI) { + MOZ_ASSERT(aSheetURI); + + nsTArray<RefPtr<StyleSheet>>& sheets = mAdditionalSheets[aType]; + + int32_t i = FindSheet(mAdditionalSheets[aType], aSheetURI); + if (i >= 0) { + RefPtr<StyleSheet> sheetRef = std::move(sheets[i]); + sheets.RemoveElementAt(i); + + if (!mIsGoingAway) { + MOZ_ASSERT(sheetRef->IsApplicable()); + if (mStyleSetFilled) { + EnsureStyleSet().RemoveStyleSheet(*sheetRef); + ApplicableStylesChanged(); + } + } + sheetRef->ClearAssociatedDocumentOrShadowRoot(); + } +} + +nsIGlobalObject* Document::GetScopeObject() const { + nsCOMPtr<nsIGlobalObject> scope(do_QueryReferent(mScopeObject)); + return scope; +} + +DocGroup* Document::GetDocGroupOrCreate() { + if (!mDocGroup && GetBrowsingContext()) { + BrowsingContextGroup* group = GetBrowsingContext()->Group(); + MOZ_ASSERT(group); + + nsAutoCString docGroupKey; + nsresult rv = mozilla::dom::DocGroup::GetKey( + NodePrincipal(), group->IsPotentiallyCrossOriginIsolated(), + docGroupKey); + if (NS_SUCCEEDED(rv)) { + mDocGroup = group->AddDocument(docGroupKey, this); + } + } + return mDocGroup; +} + +void Document::SetScopeObject(nsIGlobalObject* aGlobal) { + mScopeObject = do_GetWeakReference(aGlobal); + if (aGlobal) { + mHasHadScriptHandlingObject = true; + + nsPIDOMWindowInner* window = aGlobal->GetAsInnerWindow(); + if (!window) { + return; + } + + // Same origin data documents should have the same docGroup as their scope + // window. + if (mLoadedAsData && window->GetExtantDoc() && + window->GetExtantDoc() != this && + window->GetExtantDoc()->NodePrincipal() == NodePrincipal()) { + DocGroup* docGroup = window->GetExtantDoc()->GetDocGroup(); + + if (docGroup) { + if (!mDocGroup) { + mDocGroup = docGroup; + mDocGroup->AddDocument(this); + } else { + MOZ_ASSERT(mDocGroup == docGroup, + "Data document has a mismatched doc group?"); + } +#ifdef DEBUG + AssertDocGroupMatchesKey(); +#endif + return; + } + + MOZ_ASSERT_UNREACHABLE( + "Scope window doesn't have DocGroup when creating data document?"); + // ... but fall through to be safe. + } + + BrowsingContextGroup* browsingContextGroup = + window->GetBrowsingContextGroup(); + + // We should already have the principal, and now that we have been added + // to a window, we should be able to join a DocGroup! + nsAutoCString docGroupKey; + nsresult rv = mozilla::dom::DocGroup::GetKey( + NodePrincipal(), + browsingContextGroup->IsPotentiallyCrossOriginIsolated(), docGroupKey); + if (mDocGroup) { + if (NS_SUCCEEDED(rv)) { + MOZ_RELEASE_ASSERT(mDocGroup->MatchesKey(docGroupKey)); + } + MOZ_RELEASE_ASSERT(mDocGroup->GetBrowsingContextGroup() == + browsingContextGroup); + } else { + mDocGroup = browsingContextGroup->AddDocument(docGroupKey, this); + + MOZ_ASSERT(mDocGroup); + } + + MOZ_ASSERT_IF( + mNodeInfoManager->GetArenaAllocator(), + mNodeInfoManager->GetArenaAllocator() == mDocGroup->ArenaAllocator()); + } +} + +bool Document::ContainsEMEContent() { + nsPIDOMWindowInner* win = GetInnerWindow(); + // Note this case is different from checking just media elements in that + // it covers when we've created MediaKeys but not associated them with a + // media element. + return win && win->HasActiveMediaKeysInstance(); +} + +bool Document::ContainsMSEContent() { + bool containsMSE = false; + EnumerateActivityObservers([&containsMSE](nsISupports* aSupports) { + nsCOMPtr<nsIContent> content(do_QueryInterface(aSupports)); + if (auto* mediaElem = HTMLMediaElement::FromNodeOrNull(content)) { + RefPtr<MediaSource> ms = mediaElem->GetMozMediaSourceObject(); + if (ms) { + containsMSE = true; + } + } + }); + return containsMSE; +} + +static void NotifyActivityChangedCallback(nsISupports* aSupports) { + nsCOMPtr<nsIContent> content(do_QueryInterface(aSupports)); + if (auto* mediaElem = HTMLMediaElement::FromNodeOrNull(content)) { + mediaElem->NotifyOwnerDocumentActivityChanged(); + } + nsCOMPtr<nsIDocumentActivity> objectDocumentActivity( + do_QueryInterface(aSupports)); + if (objectDocumentActivity) { + objectDocumentActivity->NotifyOwnerDocumentActivityChanged(); + } else { + nsCOMPtr<nsIImageLoadingContent> imageLoadingContent( + do_QueryInterface(aSupports)); + if (imageLoadingContent) { + auto* ilc = + static_cast<nsImageLoadingContent*>(imageLoadingContent.get()); + ilc->NotifyOwnerDocumentActivityChanged(); + } + } +} + +void Document::NotifyActivityChanged() { + EnumerateActivityObservers(NotifyActivityChangedCallback); +} + +void Document::SetContainer(nsDocShell* aContainer) { + if (aContainer) { + mDocumentContainer = aContainer; + } else { + mDocumentContainer = WeakPtr<nsDocShell>(); + } + + mInChromeDocShell = + aContainer && aContainer->GetBrowsingContext()->IsChrome(); + + NotifyActivityChanged(); + + // IsTopLevelWindowInactive depends on the docshell, so + // update the cached value now that it's available. + UpdateDocumentStates(DocumentState::WINDOW_INACTIVE, false); + if (!aContainer) { + return; + } + + BrowsingContext* context = aContainer->GetBrowsingContext(); + MOZ_ASSERT_IF(context && mDocGroup, + context->Group() == mDocGroup->GetBrowsingContextGroup()); + if (context && context->IsContent()) { + SetIsTopLevelContentDocument(context->IsTopContent()); + SetIsContentDocument(true); + } else { + SetIsTopLevelContentDocument(false); + SetIsContentDocument(false); + } +} + +nsISupports* Document::GetContainer() const { + return static_cast<nsIDocShell*>(mDocumentContainer); +} + +void Document::SetScriptGlobalObject( + nsIScriptGlobalObject* aScriptGlobalObject) { + MOZ_ASSERT(aScriptGlobalObject || !mAnimationController || + mAnimationController->IsPausedByType( + SMILTimeContainer::PAUSE_PAGEHIDE | + SMILTimeContainer::PAUSE_BEGIN), + "Clearing window pointer while animations are unpaused"); + + if (mScriptGlobalObject && !aScriptGlobalObject) { + // We're detaching from the window. We need to grab a pointer to + // our layout history state now. + mLayoutHistoryState = GetLayoutHistoryState(); + + // Also make sure to remove our onload blocker now if we haven't done it yet + if (mOnloadBlockCount != 0) { + nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup(); + if (loadGroup) { + loadGroup->RemoveRequest(mOnloadBlocker, nullptr, NS_OK); + } + } + + if (GetController().isSome()) { + if (imgLoader* loader = nsContentUtils::GetImgLoaderForDocument(this)) { + loader->ClearCacheForControlledDocument(this); + } + + // We may become controlled again if this document comes back out + // of bfcache. Clear our state to allow that to happen. Only + // clear this flag if we are actually controlled, though, so pages + // that were force reloaded don't become controlled when they + // come out of bfcache. + mMaybeServiceWorkerControlled = false; + } + + if (GetWindowContext()) { + // The document is about to lose its window, so this is a good time to + // send our page use counters, while we still have access to our + // WindowContext. + // + // (We also do this in nsGlobalWindowInner::FreeInnerObjects(), which + // catches some cases of documents losing their window that don't + // get in here.) + SendPageUseCounters(); + } + } + + // BlockOnload() might be called before mScriptGlobalObject is set. + // We may need to add the blocker once mScriptGlobalObject is set. + bool needOnloadBlocker = !mScriptGlobalObject && aScriptGlobalObject; + + mScriptGlobalObject = aScriptGlobalObject; + + if (needOnloadBlocker) { + EnsureOnloadBlocker(); + } + + UpdateFrameRequestCallbackSchedulingState(); + + if (aScriptGlobalObject) { + // Go back to using the docshell for the layout history state + mLayoutHistoryState = nullptr; + SetScopeObject(aScriptGlobalObject); + mHasHadDefaultView = true; + + if (mAllowDNSPrefetch) { + nsCOMPtr<nsIDocShell> docShell(mDocumentContainer); + if (docShell) { +#ifdef DEBUG + nsCOMPtr<nsIWebNavigation> webNav = + do_GetInterface(aScriptGlobalObject); + NS_ASSERTION(SameCOMIdentity(webNav, docShell), + "Unexpected container or script global?"); +#endif + bool allowDNSPrefetch; + docShell->GetAllowDNSPrefetch(&allowDNSPrefetch); + mAllowDNSPrefetch = allowDNSPrefetch; + } + } + + // If we are set in a window that is already focused we should remember this + // as the time the document gained focus. + if (HasFocus(IgnoreErrors())) { + SetLastFocusTime(TimeStamp::Now()); + } + } + + // Remember the pointer to our window (or lack there of), to avoid + // having to QI every time it's asked for. + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(mScriptGlobalObject); + mWindow = window; + + // Now that we know what our window is, we can flush the CSP errors to the + // Web Console. We are flushing all messages that occurred and were stored in + // the queue prior to this point. + if (mCSP) { + static_cast<nsCSPContext*>(mCSP.get())->flushConsoleMessages(); + } + + nsCOMPtr<nsIHttpChannelInternal> internalChannel = + do_QueryInterface(GetChannel()); + if (internalChannel) { + nsCOMArray<nsISecurityConsoleMessage> messages; + DebugOnly<nsresult> rv = internalChannel->TakeAllSecurityMessages(messages); + MOZ_ASSERT(NS_SUCCEEDED(rv)); + SendToConsole(messages); + } + + // Set our visibility state, but do not fire the event. This is correct + // because either we're coming out of bfcache (in which case IsVisible() will + // still test false at this point and no state change will happen) or we're + // doing the initial document load and don't want to fire the event for this + // change. + // + // When the visibility is changed, notify it to observers. + // Some observers need the notification, for example HTMLMediaElement uses + // it to update internal media resource allocation. + // When video is loaded via VideoDocument, HTMLMediaElement and MediaDecoder + // creation are already done before Document::SetScriptGlobalObject() call. + // MediaDecoder decides whether starting decoding is decided based on + // document's visibility. When the MediaDecoder is created, + // Document::SetScriptGlobalObject() is not yet called and document is + // hidden state. Therefore the MediaDecoder decides that decoding is + // not yet necessary. But soon after Document::SetScriptGlobalObject() + // call, the document becomes not hidden. At the time, MediaDecoder needs + // to know it and needs to start updating decoding. + UpdateVisibilityState(DispatchVisibilityChange::No); + + // The global in the template contents owner document should be the same. + if (mTemplateContentsOwner && mTemplateContentsOwner != this) { + mTemplateContentsOwner->SetScriptGlobalObject(aScriptGlobalObject); + } + + // Tell the script loader about the new global object. + if (mScriptLoader && !IsTemplateContentsOwner()) { + mScriptLoader->SetGlobalObject(mScriptGlobalObject); + } + + if (!mMaybeServiceWorkerControlled && mDocumentContainer && + mScriptGlobalObject && GetChannel()) { + // If we are shift-reloaded, don't associate with a ServiceWorker. + if (mDocumentContainer->IsForceReloading()) { + NS_WARNING("Page was shift reloaded, skipping ServiceWorker control"); + return; + } + + mMaybeServiceWorkerControlled = true; + } +} + +nsIScriptGlobalObject* Document::GetScriptHandlingObjectInternal() const { + MOZ_ASSERT(!mScriptGlobalObject, + "Do not call this when mScriptGlobalObject is set!"); + if (mHasHadDefaultView) { + return nullptr; + } + + nsCOMPtr<nsIScriptGlobalObject> scriptHandlingObject = + do_QueryReferent(mScopeObject); + nsCOMPtr<nsPIDOMWindowInner> win = do_QueryInterface(scriptHandlingObject); + if (win) { + nsPIDOMWindowOuter* outer = win->GetOuterWindow(); + if (!outer || outer->GetCurrentInnerWindow() != win) { + NS_WARNING("Wrong inner/outer window combination!"); + return nullptr; + } + } + return scriptHandlingObject; +} +void Document::SetScriptHandlingObject(nsIScriptGlobalObject* aScriptObject) { + NS_ASSERTION(!mScriptGlobalObject || mScriptGlobalObject == aScriptObject, + "Wrong script object!"); + if (aScriptObject) { + SetScopeObject(aScriptObject); + mHasHadDefaultView = false; + } +} + +nsPIDOMWindowOuter* Document::GetWindowInternal() const { + MOZ_ASSERT(!mWindow, "This should not be called when mWindow is not null!"); + // Let's use mScriptGlobalObject. Even if the document is already removed from + // the docshell, the outer window might be still obtainable from the it. + nsCOMPtr<nsPIDOMWindowOuter> win; + if (mRemovedFromDocShell) { + // The docshell returns the outer window we are done. + nsCOMPtr<nsIDocShell> kungFuDeathGrip(mDocumentContainer); + if (kungFuDeathGrip) { + win = kungFuDeathGrip->GetWindow(); + } + } else { + if (nsCOMPtr<nsPIDOMWindowInner> inner = + do_QueryInterface(mScriptGlobalObject)) { + // mScriptGlobalObject is always the inner window, let's get the outer. + win = inner->GetOuterWindow(); + } + } + + return win; +} + +bool Document::InternalAllowXULXBL() { + if (nsContentUtils::AllowXULXBLForPrincipal(NodePrincipal())) { + mAllowXULXBL = eTriTrue; + return true; + } + + mAllowXULXBL = eTriFalse; + return false; +} + +// Note: We don't hold a reference to the document observer; we assume +// that it has a live reference to the document. +void Document::AddObserver(nsIDocumentObserver* aObserver) { + NS_ASSERTION(mObservers.IndexOf(aObserver) == nsTArray<int>::NoIndex, + "Observer already in the list"); + mObservers.AppendElement(aObserver); + AddMutationObserver(aObserver); +} + +bool Document::RemoveObserver(nsIDocumentObserver* aObserver) { + // If we're in the process of destroying the document (and we're + // informing the observers of the destruction), don't remove the + // observers from the list. This is not a big deal, since we + // don't hold a live reference to the observers. + if (!mInDestructor) { + RemoveMutationObserver(aObserver); + return mObservers.RemoveElement(aObserver); + } + + return mObservers.Contains(aObserver); +} + +void Document::BeginUpdate() { + ++mUpdateNestLevel; + nsContentUtils::AddScriptBlocker(); + NS_DOCUMENT_NOTIFY_OBSERVERS(BeginUpdate, (this)); +} + +void Document::EndUpdate() { + const bool reset = !mPendingMaybeEditingStateChanged; + mPendingMaybeEditingStateChanged = true; + + NS_DOCUMENT_NOTIFY_OBSERVERS(EndUpdate, (this)); + + --mUpdateNestLevel; + + nsContentUtils::RemoveScriptBlocker(); + + if (mXULBroadcastManager) { + mXULBroadcastManager->MaybeBroadcast(); + } + + if (reset) { + mPendingMaybeEditingStateChanged = false; + } + MaybeEditingStateChanged(); +} + +void Document::BeginLoad() { + if (IsEditingOn()) { + // Reset() blows away all event listeners in the document, and our + // editor relies heavily on those. Midas is turned on, to make it + // work, re-initialize it to give it a chance to add its event + // listeners again. + + TurnEditingOff(); + EditingStateChanged(); + } + + MOZ_ASSERT(!mDidCallBeginLoad); + mDidCallBeginLoad = true; + + // Block onload here to prevent having to deal with blocking and + // unblocking it while we know the document is loading. + BlockOnload(); + mDidFireDOMContentLoaded = false; + BlockDOMContentLoaded(); + + if (mScriptLoader) { + mScriptLoader->BeginDeferringScripts(); + } + + NS_DOCUMENT_NOTIFY_OBSERVERS(BeginLoad, (this)); +} + +void Document::MozSetImageElement(const nsAString& aImageElementId, + Element* aElement) { + if (aImageElementId.IsEmpty()) return; + + // Hold a script blocker while calling SetImageElement since that can call + // out to id-observers + nsAutoScriptBlocker scriptBlocker; + + IdentifierMapEntry* entry = mIdentifierMap.PutEntry(aImageElementId); + if (entry) { + entry->SetImageElement(aElement); + if (entry->IsEmpty()) { + mIdentifierMap.RemoveEntry(entry); + } + } +} + +void Document::DispatchContentLoadedEvents() { + // If you add early returns from this method, make sure you're + // calling UnblockOnload properly. + + // Unpin references to preloaded images + mPreloadingImages.Clear(); + + // DOM manipulation after content loaded should not care if the element + // came from the preloader. + mPreloadedPreconnects.Clear(); + + if (mTiming) { + mTiming->NotifyDOMContentLoadedStart(Document::GetDocumentURI()); + } + + // Dispatch observer notification to notify observers document is interactive. + nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService(); + if (os) { + nsIPrincipal* principal = NodePrincipal(); + os->NotifyObservers(ToSupports(this), + principal->IsSystemPrincipal() + ? "chrome-document-interactive" + : "content-document-interactive", + nullptr); + } + + // Fire a DOM event notifying listeners that this document has been + // loaded (excluding images and other loads initiated by this + // document). + nsContentUtils::DispatchTrustedEvent(this, this, u"DOMContentLoaded"_ns, + CanBubble::eYes, Cancelable::eNo); + + if (auto* const window = GetInnerWindow()) { + const RefPtr<ServiceWorkerContainer> serviceWorker = + window->Navigator()->ServiceWorker(); + + // This could cause queued messages from a service worker to get + // dispatched on serviceWorker. + serviceWorker->StartMessages(); + } + + if (MayStartLayout()) { + MaybeResolveReadyForIdle(); + } + + if (mTiming) { + mTiming->NotifyDOMContentLoadedEnd(Document::GetDocumentURI()); + } + + // If this document is a [i]frame, fire a DOMFrameContentLoaded + // event on all parent documents notifying that the HTML (excluding + // other external files such as images and stylesheets) in a frame + // has finished loading. + + // target_frame is the [i]frame element that will be used as the + // target for the event. It's the [i]frame whose content is done + // loading. + nsCOMPtr<Element> target_frame = GetEmbedderElement(); + + if (target_frame && target_frame->IsInComposedDoc()) { + nsCOMPtr<Document> parent = target_frame->OwnerDoc(); + while (parent) { + RefPtr<Event> event; + if (parent) { + IgnoredErrorResult ignored; + event = parent->CreateEvent(u"Events"_ns, CallerType::System, ignored); + } + + if (event) { + event->InitEvent(u"DOMFrameContentLoaded"_ns, true, true); + + event->SetTarget(target_frame); + event->SetTrusted(true); + + // To dispatch this event we must manually call + // EventDispatcher::Dispatch() on the ancestor document since the + // target is not in the same document, so the event would never reach + // the ancestor document if we used the normal event + // dispatching code. + + WidgetEvent* innerEvent = event->WidgetEventPtr(); + if (innerEvent) { + nsEventStatus status = nsEventStatus_eIgnore; + + if (RefPtr<nsPresContext> context = parent->GetPresContext()) { + EventDispatcher::Dispatch(parent, context, innerEvent, event, + &status); + } + } + } + + parent = parent->GetInProcessParentDocument(); + } + } + + nsPIDOMWindowInner* inner = GetInnerWindow(); + if (inner) { + inner->NoteDOMContentLoaded(); + } + + // TODO + if (mMaybeServiceWorkerControlled) { + using mozilla::dom::ServiceWorkerManager; + RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance(); + if (swm) { + Maybe<ClientInfo> clientInfo = GetClientInfo(); + if (clientInfo.isSome()) { + swm->MaybeCheckNavigationUpdate(clientInfo.ref()); + } + } + } + + if (mSetCompleteAfterDOMContentLoaded) { + SetReadyStateInternal(ReadyState::READYSTATE_COMPLETE); + mSetCompleteAfterDOMContentLoaded = false; + } + + UnblockOnload(true); +} + +void Document::EndLoad() { + bool turnOnEditing = + mParser && (IsInDesignMode() || mContentEditableCount > 0); + +#if defined(DEBUG) + // only assert if nothing stopped the load on purpose + if (!mParserAborted) { + nsContentSecurityUtils::AssertAboutPageHasCSP(this); + } +#endif + + // EndLoad may have been called without a matching call to BeginLoad, in the + // case of a failed parse (for example, due to timeout). In such a case, we + // still want to execute part of this code to do appropriate cleanup, but we + // gate part of it because it is intended to match 1-for-1 with calls to + // BeginLoad. We have an explicit flag bit for this purpose, since it's + // complicated and error prone to derive this condition from other related + // flags that can be manipulated outside of a BeginLoad/EndLoad pair. + + // Part 1: Code that always executes to cleanup end of parsing, whether + // that parsing was successful or not. + + // Drop the ref to our parser, if any, but keep hold of the sink so that we + // can flush it from FlushPendingNotifications as needed. We might have to + // do that to get a StartLayout() to happen. + if (mParser) { + mWeakSink = do_GetWeakReference(mParser->GetContentSink()); + mParser = nullptr; + } + + // Update the attributes on the PerformanceNavigationTiming before notifying + // the onload observers. + if (nsPIDOMWindowInner* window = GetInnerWindow()) { + if (RefPtr<Performance> performance = window->GetPerformance()) { + performance->UpdateNavigationTimingEntry(); + } + } + + NS_DOCUMENT_NOTIFY_OBSERVERS(EndLoad, (this)); + + // Part 2: Code that only executes when this EndLoad matches a BeginLoad. + + if (!mDidCallBeginLoad) { + return; + } + mDidCallBeginLoad = false; + + UnblockDOMContentLoaded(); + + if (turnOnEditing) { + EditingStateChanged(); + } + + if (!GetWindow()) { + // This is a document that's not in a window. For example, this could be an + // XMLHttpRequest responseXML document, or a document created via DOMParser + // or DOMImplementation. We don't reach this code normally for such + // documents (which is not obviously correct), but can reach it via + // document.open()/document.close(). + // + // Such documents don't fire load events, but per spec should set their + // readyState to "complete" when parsing and all loading of subresources is + // done. Parsing is done now, and documents not in a window don't load + // subresources, so just go ahead and mark ourselves as complete. + SetReadyStateInternal(Document::READYSTATE_COMPLETE, + /* updateTimingInformation = */ false); + + // Reset mSkipLoadEventAfterClose just in case. + mSkipLoadEventAfterClose = false; + } +} + +void Document::UnblockDOMContentLoaded() { + MOZ_ASSERT(mBlockDOMContentLoaded); + if (--mBlockDOMContentLoaded != 0 || mDidFireDOMContentLoaded) { + return; + } + + MOZ_LOG(gDocumentLeakPRLog, LogLevel::Debug, + ("DOCUMENT %p UnblockDOMContentLoaded", this)); + + mDidFireDOMContentLoaded = true; + if (PresShell* presShell = GetPresShell()) { + presShell->GetRefreshDriver()->NotifyDOMContentLoaded(); + } + + MOZ_ASSERT(mReadyState == READYSTATE_INTERACTIVE); + if (!mSynchronousDOMContentLoaded) { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsIRunnable> ev = + NewRunnableMethod("Document::DispatchContentLoadedEvents", this, + &Document::DispatchContentLoadedEvents); + Dispatch(ev.forget()); + } else { + DispatchContentLoadedEvents(); + } +} + +void Document::ElementStateChanged(Element* aElement, ElementState aStateMask) { + MOZ_ASSERT(!nsContentUtils::IsSafeToRunScript(), + "Someone forgot a scriptblocker"); + NS_DOCUMENT_NOTIFY_OBSERVERS(ElementStateChanged, + (this, aElement, aStateMask)); +} + +void Document::RuleChanged(StyleSheet& aSheet, css::Rule*, + StyleRuleChangeKind) { + if (aSheet.IsApplicable()) { + ApplicableStylesChanged(); + } +} + +void Document::RuleAdded(StyleSheet& aSheet, css::Rule& aRule) { + if (aRule.IsIncompleteImportRule()) { + return; + } + + if (aSheet.IsApplicable()) { + ApplicableStylesChanged(); + } +} + +void Document::ImportRuleLoaded(dom::CSSImportRule& aRule, StyleSheet& aSheet) { + if (aSheet.IsApplicable()) { + ApplicableStylesChanged(); + } +} + +void Document::RuleRemoved(StyleSheet& aSheet, css::Rule& aRule) { + if (aSheet.IsApplicable()) { + ApplicableStylesChanged(); + } +} + +static Element* GetCustomContentContainer(PresShell* aPresShell) { + if (!aPresShell || !aPresShell->GetCanvasFrame()) { + return nullptr; + } + + return aPresShell->GetCanvasFrame()->GetCustomContentContainer(); +} + +already_AddRefed<AnonymousContent> Document::InsertAnonymousContent( + bool aForce, ErrorResult& aRv) { + RefPtr<PresShell> shell = GetPresShell(); + if (aForce && !GetCustomContentContainer(shell)) { + FlushPendingNotifications(FlushType::Layout); + shell = GetPresShell(); + } + + nsAutoScriptBlocker scriptBlocker; + + RefPtr<AnonymousContent> anonContent = AnonymousContent::Create(*this); + if (!anonContent) { + aRv.Throw(NS_ERROR_OUT_OF_MEMORY); + return nullptr; + } + + mAnonymousContents.AppendElement(anonContent); + + if (RefPtr<Element> container = GetCustomContentContainer(shell)) { + // If the container is empty and we have other anon content we should be + // about to show all the other anonymous content nodes. + if (container->HasChildren() || mAnonymousContents.Length() == 1) { + container->AppendChildTo(anonContent->Host(), true, IgnoreErrors()); + if (auto* canvasFrame = shell->GetCanvasFrame()) { + canvasFrame->ShowCustomContentContainer(); + } + } + } + + return anonContent.forget(); +} + +static void RemoveAnonContentFromCanvas(AnonymousContent& aAnonContent, + PresShell* aPresShell) { + RefPtr<Element> container = GetCustomContentContainer(aPresShell); + if (!container) { + return; + } + container->RemoveChild(*aAnonContent.Host(), IgnoreErrors()); +} + +void Document::RemoveAnonymousContent(AnonymousContent& aContent) { + nsAutoScriptBlocker scriptBlocker; + + auto index = mAnonymousContents.IndexOf(&aContent); + if (index == mAnonymousContents.NoIndex) { + return; + } + + mAnonymousContents.RemoveElementAt(index); + RemoveAnonContentFromCanvas(aContent, GetPresShell()); + + if (mAnonymousContents.IsEmpty() && + GetCustomContentContainer(GetPresShell())) { + GetPresShell()->GetCanvasFrame()->HideCustomContentContainer(); + } +} + +Element* Document::GetAnonRootIfInAnonymousContentContainer( + nsINode* aNode) const { + if (!aNode->IsInNativeAnonymousSubtree()) { + return nullptr; + } + + PresShell* presShell = GetPresShell(); + if (!presShell || !presShell->GetCanvasFrame()) { + return nullptr; + } + + nsAutoScriptBlocker scriptBlocker; + nsCOMPtr<Element> customContainer = + presShell->GetCanvasFrame()->GetCustomContentContainer(); + if (!customContainer) { + return nullptr; + } + + // An arbitrary number of elements can be inserted as children of the custom + // container frame. We want the one that was added that contains aNode, so + // we need to keep track of the last child separately using |child| here. + nsINode* child = aNode; + nsINode* parent = aNode->GetParentNode(); + while (parent && parent->IsInNativeAnonymousSubtree()) { + if (parent == customContainer) { + return Element::FromNode(child); + } + child = parent; + parent = child->GetParentNode(); + } + return nullptr; +} + +Maybe<ClientInfo> Document::GetClientInfo() const { + if (const Document* orig = GetOriginalDocument()) { + if (Maybe<ClientInfo> info = orig->GetClientInfo()) { + return info; + } + } + + if (nsPIDOMWindowInner* inner = GetInnerWindow()) { + return inner->GetClientInfo(); + } + + return Maybe<ClientInfo>(); +} + +Maybe<ClientState> Document::GetClientState() const { + if (const Document* orig = GetOriginalDocument()) { + if (Maybe<ClientState> state = orig->GetClientState()) { + return state; + } + } + + if (nsPIDOMWindowInner* inner = GetInnerWindow()) { + return inner->GetClientState(); + } + + return Maybe<ClientState>(); +} + +Maybe<ServiceWorkerDescriptor> Document::GetController() const { + if (const Document* orig = GetOriginalDocument()) { + if (Maybe<ServiceWorkerDescriptor> controller = orig->GetController()) { + return controller; + } + } + + if (nsPIDOMWindowInner* inner = GetInnerWindow()) { + return inner->GetController(); + } + + return Maybe<ServiceWorkerDescriptor>(); +} + +// +// Document interface +// +DocumentType* Document::GetDoctype() const { + for (nsIContent* child = GetFirstChild(); child; + child = child->GetNextSibling()) { + if (child->NodeType() == DOCUMENT_TYPE_NODE) { + return static_cast<DocumentType*>(child); + } + } + return nullptr; +} + +DOMImplementation* Document::GetImplementation(ErrorResult& rv) { + if (!mDOMImplementation) { + nsCOMPtr<nsIURI> uri; + NS_NewURI(getter_AddRefs(uri), "about:blank"); + if (!uri) { + rv.Throw(NS_ERROR_OUT_OF_MEMORY); + return nullptr; + } + bool hasHadScriptObject = true; + nsIScriptGlobalObject* scriptObject = + GetScriptHandlingObject(hasHadScriptObject); + if (!scriptObject && hasHadScriptObject) { + rv.Throw(NS_ERROR_UNEXPECTED); + return nullptr; + } + mDOMImplementation = new DOMImplementation( + this, scriptObject ? scriptObject : GetScopeObject(), uri, uri); + } + + return mDOMImplementation; +} + +bool IsLowercaseASCII(const nsAString& aValue) { + int32_t len = aValue.Length(); + for (int32_t i = 0; i < len; ++i) { + char16_t c = aValue[i]; + if (!(0x0061 <= (c) && ((c) <= 0x007a))) { + return false; + } + } + return true; +} + +already_AddRefed<Element> Document::CreateElement( + const nsAString& aTagName, const ElementCreationOptionsOrString& aOptions, + ErrorResult& rv) { + rv = nsContentUtils::CheckQName(aTagName, false); + if (rv.Failed()) { + return nullptr; + } + + bool needsLowercase = IsHTMLDocument() && !IsLowercaseASCII(aTagName); + nsAutoString lcTagName; + if (needsLowercase) { + nsContentUtils::ASCIIToLower(aTagName, lcTagName); + } + + const nsString* is = nullptr; + PseudoStyleType pseudoType = PseudoStyleType::NotPseudo; + if (aOptions.IsElementCreationOptions()) { + const ElementCreationOptions& options = + aOptions.GetAsElementCreationOptions(); + + if (options.mIs.WasPassed()) { + is = &options.mIs.Value(); + } + + // Check 'pseudo' and throw an exception if it's not one allowed + // with CSS_PSEUDO_ELEMENT_IS_JS_CREATED_NAC. + if (options.mPseudo.WasPassed()) { + Maybe<PseudoStyleType> type = + nsCSSPseudoElements::GetPseudoType(options.mPseudo.Value()); + if (!type || *type == PseudoStyleType::NotPseudo || + !nsCSSPseudoElements::PseudoElementIsJSCreatedNAC(*type)) { + rv.ThrowNotSupportedError("Invalid pseudo-element"); + return nullptr; + } + pseudoType = *type; + } + } + + RefPtr<Element> elem = CreateElem(needsLowercase ? lcTagName : aTagName, + nullptr, mDefaultElementType, is); + + if (pseudoType != PseudoStyleType::NotPseudo) { + elem->SetPseudoElementType(pseudoType); + } + + return elem.forget(); +} + +already_AddRefed<Element> Document::CreateElementNS( + const nsAString& aNamespaceURI, const nsAString& aQualifiedName, + const ElementCreationOptionsOrString& aOptions, ErrorResult& rv) { + RefPtr<mozilla::dom::NodeInfo> nodeInfo; + rv = nsContentUtils::GetNodeInfoFromQName(aNamespaceURI, aQualifiedName, + mNodeInfoManager, ELEMENT_NODE, + getter_AddRefs(nodeInfo)); + if (rv.Failed()) { + return nullptr; + } + + const nsString* is = nullptr; + if (aOptions.IsElementCreationOptions()) { + const ElementCreationOptions& options = + aOptions.GetAsElementCreationOptions(); + if (options.mIs.WasPassed()) { + is = &options.mIs.Value(); + } + } + + nsCOMPtr<Element> element; + rv = NS_NewElement(getter_AddRefs(element), nodeInfo.forget(), + NOT_FROM_PARSER, is); + if (rv.Failed()) { + return nullptr; + } + + return element.forget(); +} + +already_AddRefed<Element> Document::CreateXULElement( + const nsAString& aTagName, const ElementCreationOptionsOrString& aOptions, + ErrorResult& aRv) { + aRv = nsContentUtils::CheckQName(aTagName, false); + if (aRv.Failed()) { + return nullptr; + } + + const nsString* is = nullptr; + if (aOptions.IsElementCreationOptions()) { + const ElementCreationOptions& options = + aOptions.GetAsElementCreationOptions(); + if (options.mIs.WasPassed()) { + is = &options.mIs.Value(); + } + } + + RefPtr<Element> elem = CreateElem(aTagName, nullptr, kNameSpaceID_XUL, is); + if (!elem) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + return elem.forget(); +} + +already_AddRefed<nsTextNode> Document::CreateEmptyTextNode() const { + RefPtr<nsTextNode> text = new (mNodeInfoManager) nsTextNode(mNodeInfoManager); + return text.forget(); +} + +already_AddRefed<nsTextNode> Document::CreateTextNode( + const nsAString& aData) const { + RefPtr<nsTextNode> text = new (mNodeInfoManager) nsTextNode(mNodeInfoManager); + // Don't notify; this node is still being created. + text->SetText(aData, false); + return text.forget(); +} + +already_AddRefed<DocumentFragment> Document::CreateDocumentFragment() const { + RefPtr<DocumentFragment> frag = + new (mNodeInfoManager) DocumentFragment(mNodeInfoManager); + return frag.forget(); +} + +// Unfortunately, bareword "Comment" is ambiguous with some Mac system headers. +already_AddRefed<dom::Comment> Document::CreateComment( + const nsAString& aData) const { + RefPtr<dom::Comment> comment = + new (mNodeInfoManager) dom::Comment(mNodeInfoManager); + + // Don't notify; this node is still being created. + comment->SetText(aData, false); + return comment.forget(); +} + +already_AddRefed<CDATASection> Document::CreateCDATASection( + const nsAString& aData, ErrorResult& rv) { + if (IsHTMLDocument()) { + rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return nullptr; + } + + if (FindInReadable(u"]]>"_ns, aData)) { + rv.Throw(NS_ERROR_DOM_INVALID_CHARACTER_ERR); + return nullptr; + } + + RefPtr<CDATASection> cdata = + new (mNodeInfoManager) CDATASection(mNodeInfoManager); + + // Don't notify; this node is still being created. + cdata->SetText(aData, false); + + return cdata.forget(); +} + +already_AddRefed<ProcessingInstruction> Document::CreateProcessingInstruction( + const nsAString& aTarget, const nsAString& aData, ErrorResult& rv) const { + nsresult res = nsContentUtils::CheckQName(aTarget, false); + if (NS_FAILED(res)) { + rv.Throw(res); + return nullptr; + } + + if (FindInReadable(u"?>"_ns, aData)) { + rv.Throw(NS_ERROR_DOM_INVALID_CHARACTER_ERR); + return nullptr; + } + + RefPtr<ProcessingInstruction> pi = + NS_NewXMLProcessingInstruction(mNodeInfoManager, aTarget, aData); + + return pi.forget(); +} + +already_AddRefed<Attr> Document::CreateAttribute(const nsAString& aName, + ErrorResult& rv) { + if (!mNodeInfoManager) { + rv.Throw(NS_ERROR_NOT_INITIALIZED); + return nullptr; + } + + nsresult res = nsContentUtils::CheckQName(aName, false); + if (NS_FAILED(res)) { + rv.Throw(res); + return nullptr; + } + + nsAutoString name; + if (IsHTMLDocument()) { + nsContentUtils::ASCIIToLower(aName, name); + } else { + name = aName; + } + + RefPtr<mozilla::dom::NodeInfo> nodeInfo; + res = mNodeInfoManager->GetNodeInfo(name, nullptr, kNameSpaceID_None, + ATTRIBUTE_NODE, getter_AddRefs(nodeInfo)); + if (NS_FAILED(res)) { + rv.Throw(res); + return nullptr; + } + + RefPtr<Attr> attribute = + new (mNodeInfoManager) Attr(nullptr, nodeInfo.forget(), u""_ns); + return attribute.forget(); +} + +already_AddRefed<Attr> Document::CreateAttributeNS( + const nsAString& aNamespaceURI, const nsAString& aQualifiedName, + ErrorResult& rv) { + RefPtr<mozilla::dom::NodeInfo> nodeInfo; + rv = nsContentUtils::GetNodeInfoFromQName(aNamespaceURI, aQualifiedName, + mNodeInfoManager, ATTRIBUTE_NODE, + getter_AddRefs(nodeInfo)); + if (rv.Failed()) { + return nullptr; + } + + RefPtr<Attr> attribute = + new (mNodeInfoManager) Attr(nullptr, nodeInfo.forget(), u""_ns); + return attribute.forget(); +} + +void Document::ScheduleForPresAttrEvaluation(Element* aElement) { + MOZ_ASSERT(aElement->IsInComposedDoc()); + DebugOnly<bool> inserted = mLazyPresElements.EnsureInserted(aElement); + MOZ_ASSERT(inserted); + if (aElement->HasServoData()) { + // TODO(emilio): RESTYLE_SELF is too strong, there should be no need to + // re-selector-match, but right now this is needed to pick up the new mapped + // attributes. We need something like RESTYLE_STYLE_ATTRIBUTE but for mapped + // attributes. + nsLayoutUtils::PostRestyleEvent(aElement, RestyleHint::RESTYLE_SELF, + nsChangeHint(0)); + } +} + +void Document::UnscheduleForPresAttrEvaluation(Element* aElement) { + mLazyPresElements.Remove(aElement); +} + +void Document::DoResolveScheduledPresAttrs() { + MOZ_ASSERT(!mLazyPresElements.IsEmpty()); + for (Element* el : mLazyPresElements) { + MOZ_ASSERT(el->IsInComposedDoc(), + "Un-schedule when removing from the document"); + MOZ_ASSERT(el->IsPendingMappedAttributeEvaluation()); + if (auto* svg = SVGElement::FromNode(el)) { + // SVG does its own (very similar) thing, for now at least. + svg->UpdateMappedDeclarationBlock(); + } else { + MappedDeclarationsBuilder builder(*el, *this, + el->GetMappedAttributeStyle()); + auto function = el->GetAttributeMappingFunction(); + function(builder); + el->SetMappedDeclarationBlock(builder.TakeDeclarationBlock()); + } + MOZ_ASSERT(!el->IsPendingMappedAttributeEvaluation()); + } + mLazyPresElements.Clear(); +} + +already_AddRefed<nsSimpleContentList> Document::BlockedNodesByClassifier() + const { + RefPtr<nsSimpleContentList> list = new nsSimpleContentList(nullptr); + + for (const nsWeakPtr& weakNode : mBlockedNodesByClassifier) { + if (nsCOMPtr<nsIContent> node = do_QueryReferent(weakNode)) { + // Consider only nodes to which we have managed to get strong references. + // Coping with nullptrs since it's expected for nodes to disappear when + // nobody else is referring to them. + list->AppendElement(node); + } + } + + return list.forget(); +} + +void Document::GetSelectedStyleSheetSet(nsAString& aSheetSet) { + aSheetSet.Truncate(); + + // Look through our sheets, find the selected set title + size_t count = SheetCount(); + nsAutoString title; + for (size_t index = 0; index < count; index++) { + StyleSheet* sheet = SheetAt(index); + NS_ASSERTION(sheet, "Null sheet in sheet list!"); + + if (sheet->Disabled()) { + // Disabled sheets don't affect the currently selected set + continue; + } + + sheet->GetTitle(title); + + if (aSheetSet.IsEmpty()) { + aSheetSet = title; + } else if (!title.IsEmpty() && !aSheetSet.Equals(title)) { + // Sheets from multiple sets enabled; return null string, per spec. + SetDOMStringToNull(aSheetSet); + return; + } + } +} + +void Document::SetSelectedStyleSheetSet(const nsAString& aSheetSet) { + if (DOMStringIsNull(aSheetSet)) { + return; + } + + // Must update mLastStyleSheetSet before doing anything else with stylesheets + // or CSSLoaders. + mLastStyleSheetSet = aSheetSet; + EnableStyleSheetsForSetInternal(aSheetSet, true); +} + +void Document::SetPreferredStyleSheetSet(const nsAString& aSheetSet) { + mPreferredStyleSheetSet = aSheetSet; + // Only mess with our stylesheets if we don't have a lastStyleSheetSet, per + // spec. + if (DOMStringIsNull(mLastStyleSheetSet)) { + // Calling EnableStyleSheetsForSetInternal, not SetSelectedStyleSheetSet, + // per spec. The idea here is that we're changing our preferred set and + // that shouldn't change the value of lastStyleSheetSet. Also, we're + // using the Internal version so we can update the CSSLoader and not have + // to worry about null strings. + EnableStyleSheetsForSetInternal(aSheetSet, true); + } +} + +DOMStringList* Document::StyleSheetSets() { + if (!mStyleSheetSetList) { + mStyleSheetSetList = new DOMStyleSheetSetList(this); + } + return mStyleSheetSetList; +} + +void Document::EnableStyleSheetsForSet(const nsAString& aSheetSet) { + // Per spec, passing in null is a no-op. + if (!DOMStringIsNull(aSheetSet)) { + // Note: must make sure to not change the CSSLoader's preferred sheet -- + // that value should be equal to either our lastStyleSheetSet (if that's + // non-null) or to our preferredStyleSheetSet. And this method doesn't + // change either of those. + EnableStyleSheetsForSetInternal(aSheetSet, false); + } +} + +void Document::EnableStyleSheetsForSetInternal(const nsAString& aSheetSet, + bool aUpdateCSSLoader) { + size_t count = SheetCount(); + nsAutoString title; + for (size_t index = 0; index < count; index++) { + StyleSheet* sheet = SheetAt(index); + NS_ASSERTION(sheet, "Null sheet in sheet list!"); + + sheet->GetTitle(title); + if (!title.IsEmpty()) { + sheet->SetEnabled(title.Equals(aSheetSet)); + } + } + if (aUpdateCSSLoader) { + CSSLoader()->DocumentStyleSheetSetChanged(); + } + if (EnsureStyleSet().StyleSheetsHaveChanged()) { + ApplicableStylesChanged(); + } +} + +void Document::GetCharacterSet(nsAString& aCharacterSet) const { + nsAutoCString charset; + GetDocumentCharacterSet()->Name(charset); + CopyASCIItoUTF16(charset, aCharacterSet); +} + +already_AddRefed<nsINode> Document::ImportNode(nsINode& aNode, bool aDeep, + ErrorResult& rv) const { + nsINode* imported = &aNode; + + switch (imported->NodeType()) { + case DOCUMENT_NODE: { + break; + } + case DOCUMENT_FRAGMENT_NODE: + case ATTRIBUTE_NODE: + case ELEMENT_NODE: + case PROCESSING_INSTRUCTION_NODE: + case TEXT_NODE: + case CDATA_SECTION_NODE: + case COMMENT_NODE: + case DOCUMENT_TYPE_NODE: { + return imported->Clone(aDeep, mNodeInfoManager, rv); + } + default: { + NS_WARNING("Don't know how to clone this nodetype for importNode."); + } + } + + rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return nullptr; +} + +already_AddRefed<nsRange> Document::CreateRange(ErrorResult& rv) { + return nsRange::Create(this, 0, this, 0, rv); +} + +already_AddRefed<NodeIterator> Document::CreateNodeIterator( + nsINode& aRoot, uint32_t aWhatToShow, NodeFilter* aFilter, + ErrorResult& rv) const { + RefPtr<NodeIterator> iterator = + new NodeIterator(&aRoot, aWhatToShow, aFilter); + return iterator.forget(); +} + +already_AddRefed<TreeWalker> Document::CreateTreeWalker(nsINode& aRoot, + uint32_t aWhatToShow, + NodeFilter* aFilter, + ErrorResult& rv) const { + RefPtr<TreeWalker> walker = new TreeWalker(&aRoot, aWhatToShow, aFilter); + return walker.forget(); +} + +already_AddRefed<Location> Document::GetLocation() const { + nsCOMPtr<nsPIDOMWindowInner> w = do_QueryInterface(mScriptGlobalObject); + + if (!w) { + return nullptr; + } + + return do_AddRef(w->Location()); +} + +already_AddRefed<nsIURI> Document::GetDomainURI() { + nsIPrincipal* principal = NodePrincipal(); + + nsCOMPtr<nsIURI> uri; + principal->GetDomain(getter_AddRefs(uri)); + if (uri) { + return uri.forget(); + } + auto* basePrin = BasePrincipal::Cast(principal); + basePrin->GetURI(getter_AddRefs(uri)); + return uri.forget(); +} + +void Document::GetDomain(nsAString& aDomain) { + nsCOMPtr<nsIURI> uri = GetDomainURI(); + + if (!uri) { + aDomain.Truncate(); + return; + } + + nsAutoCString hostName; + nsresult rv = nsContentUtils::GetHostOrIPv6WithBrackets(uri, hostName); + if (NS_SUCCEEDED(rv)) { + CopyUTF8toUTF16(hostName, aDomain); + } else { + // If we can't get the host from the URI (e.g. about:, javascript:, + // etc), just return an empty string. + aDomain.Truncate(); + } +} + +void Document::SetDomain(const nsAString& aDomain, ErrorResult& rv) { + if (!GetBrowsingContext()) { + // If our browsing context is null; disallow setting domain + rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + return; + } + + if (mSandboxFlags & SANDBOXED_DOMAIN) { + // We're sandboxed; disallow setting domain + rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + return; + } + + if (!FeaturePolicyUtils::IsFeatureAllowed(this, u"document-domain"_ns)) { + rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + return; + } + + if (aDomain.IsEmpty()) { + rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + return; + } + + nsCOMPtr<nsIURI> uri = GetDomainURI(); + if (!uri) { + rv.Throw(NS_ERROR_FAILURE); + return; + } + + // Check new domain - must be a superdomain of the current host + // For example, a page from foo.bar.com may set domain to bar.com, + // but not to ar.com, baz.com, or fi.foo.bar.com. + + nsCOMPtr<nsIURI> newURI = RegistrableDomainSuffixOfInternal(aDomain, uri); + if (!newURI) { + // Error: illegal domain + rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + return; + } + + if (GetBrowsingContext()->Group()->IsPotentiallyCrossOriginIsolated()) { + WarnOnceAbout(Document::eDocumentSetDomainNotAllowed); + return; + } + + MOZ_ALWAYS_SUCCEEDS(NodePrincipal()->SetDomain(newURI)); + MOZ_ALWAYS_SUCCEEDS(PartitionedPrincipal()->SetDomain(newURI)); + if (WindowGlobalChild* wgc = GetWindowGlobalChild()) { + wgc->SendSetDocumentDomain(WrapNotNull(newURI)); + } +} + +already_AddRefed<nsIURI> Document::CreateInheritingURIForHost( + const nsACString& aHostString) { + if (aHostString.IsEmpty()) { + return nullptr; + } + + // Create new URI + nsCOMPtr<nsIURI> uri = GetDomainURI(); + if (!uri) { + return nullptr; + } + + nsresult rv; + rv = NS_MutateURI(uri) + .SetUserPass(""_ns) + .SetPort(-1) // we want to reset the port number if needed. + .SetHostPort(aHostString) + .Finalize(uri); + if (NS_FAILED(rv)) { + return nullptr; + } + + return uri.forget(); +} + +already_AddRefed<nsIURI> Document::RegistrableDomainSuffixOfInternal( + const nsAString& aNewDomain, nsIURI* aOrigHost) { + if (NS_WARN_IF(!aOrigHost)) { + return nullptr; + } + + nsCOMPtr<nsIURI> newURI = + CreateInheritingURIForHost(NS_ConvertUTF16toUTF8(aNewDomain)); + if (!newURI) { + // Error: failed to parse input domain + return nullptr; + } + + if (!IsValidDomain(aOrigHost, newURI)) { + // Error: illegal domain + return nullptr; + } + + nsAutoCString domain; + if (NS_FAILED(newURI->GetAsciiHost(domain))) { + return nullptr; + } + + return CreateInheritingURIForHost(domain); +} + +/* static */ +bool Document::IsValidDomain(nsIURI* aOrigHost, nsIURI* aNewURI) { + // Check new domain - must be a superdomain of the current host + // For example, a page from foo.bar.com may set domain to bar.com, + // but not to ar.com, baz.com, or fi.foo.bar.com. + nsAutoCString current; + nsAutoCString domain; + if (NS_FAILED(aOrigHost->GetAsciiHost(current))) { + current.Truncate(); + } + if (NS_FAILED(aNewURI->GetAsciiHost(domain))) { + domain.Truncate(); + } + + bool ok = current.Equals(domain); + if (current.Length() > domain.Length() && StringEndsWith(current, domain) && + current.CharAt(current.Length() - domain.Length() - 1) == '.') { + // We're golden if the new domain is the current page's base domain or a + // subdomain of it. + nsCOMPtr<nsIEffectiveTLDService> tldService = + do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID); + if (!tldService) { + return false; + } + + nsAutoCString currentBaseDomain; + ok = NS_SUCCEEDED( + tldService->GetBaseDomain(aOrigHost, 0, currentBaseDomain)); + NS_ASSERTION(StringEndsWith(domain, currentBaseDomain) == + (domain.Length() >= currentBaseDomain.Length()), + "uh-oh! slight optimization wasn't valid somehow!"); + ok = ok && domain.Length() >= currentBaseDomain.Length(); + } + + return ok; +} + +Element* Document::GetHtmlElement() const { + Element* rootElement = GetRootElement(); + if (rootElement && rootElement->IsHTMLElement(nsGkAtoms::html)) + return rootElement; + return nullptr; +} + +Element* Document::GetHtmlChildElement(nsAtom* aTag) { + Element* html = GetHtmlElement(); + if (!html) return nullptr; + + // Look for the element with aTag inside html. This needs to run + // forwards to find the first such element. + for (nsIContent* child = html->GetFirstChild(); child; + child = child->GetNextSibling()) { + if (child->IsHTMLElement(aTag)) return child->AsElement(); + } + return nullptr; +} + +nsGenericHTMLElement* Document::GetBody() { + Element* html = GetHtmlElement(); + if (!html) { + return nullptr; + } + + for (nsIContent* child = html->GetFirstChild(); child; + child = child->GetNextSibling()) { + if (child->IsHTMLElement(nsGkAtoms::body) || + child->IsHTMLElement(nsGkAtoms::frameset)) { + return static_cast<nsGenericHTMLElement*>(child); + } + } + + return nullptr; +} + +void Document::SetBody(nsGenericHTMLElement* newBody, ErrorResult& rv) { + nsCOMPtr<Element> root = GetRootElement(); + + // The body element must be either a body tag or a frameset tag. And we must + // have a root element to be able to add kids to it. + if (!newBody || + !newBody->IsAnyOfHTMLElements(nsGkAtoms::body, nsGkAtoms::frameset)) { + rv.ThrowHierarchyRequestError( + "The new body must be either a body tag or frameset tag."); + return; + } + + if (!root) { + rv.ThrowHierarchyRequestError("No root element."); + return; + } + + // Use DOM methods so that we pass through the appropriate security checks. + nsCOMPtr<Element> currentBody = GetBody(); + if (currentBody) { + root->ReplaceChild(*newBody, *currentBody, rv); + } else { + root->AppendChild(*newBody, rv); + } +} + +HTMLSharedElement* Document::GetHead() { + return static_cast<HTMLSharedElement*>(GetHeadElement()); +} + +Element* Document::GetTitleElement() { + // mMayHaveTitleElement will have been set to true if any HTML or SVG + // <title> element has been bound to this document. So if it's false, + // we know there is nothing to do here. This avoids us having to search + // the whole DOM if someone calls document.title on a large document + // without a title. + if (!mMayHaveTitleElement) { + return nullptr; + } + + Element* root = GetRootElement(); + if (root && root->IsSVGElement(nsGkAtoms::svg)) { + // In SVG, the document's title must be a child + for (nsIContent* child = root->GetFirstChild(); child; + child = child->GetNextSibling()) { + if (child->IsSVGElement(nsGkAtoms::title)) { + return child->AsElement(); + } + } + return nullptr; + } + + // We check the HTML namespace even for non-HTML documents, except SVG. This + // matches the spec and the behavior of all tested browsers. + for (nsINode* node = GetFirstChild(); node; node = node->GetNextNode(this)) { + if (node->IsHTMLElement(nsGkAtoms::title)) { + return node->AsElement(); + } + } + return nullptr; +} + +void Document::GetTitle(nsAString& aTitle) { + aTitle.Truncate(); + + Element* rootElement = GetRootElement(); + if (!rootElement) { + return; + } + + if (rootElement->IsXULElement()) { + rootElement->GetAttr(nsGkAtoms::title, aTitle); + } else if (Element* title = GetTitleElement()) { + nsContentUtils::GetNodeTextContent(title, false, aTitle); + } else { + return; + } + + aTitle.CompressWhitespace(); +} + +void Document::SetTitle(const nsAString& aTitle, ErrorResult& aRv) { + Element* rootElement = GetRootElement(); + if (!rootElement) { + return; + } + + if (rootElement->IsXULElement()) { + aRv = + rootElement->SetAttr(kNameSpaceID_None, nsGkAtoms::title, aTitle, true); + return; + } + + Maybe<mozAutoDocUpdate> updateBatch; + nsCOMPtr<Element> title = GetTitleElement(); + if (rootElement->IsSVGElement(nsGkAtoms::svg)) { + if (!title) { + // Batch updates so that mutation events don't change "the title + // element" under us + updateBatch.emplace(this, true); + RefPtr<mozilla::dom::NodeInfo> titleInfo = mNodeInfoManager->GetNodeInfo( + nsGkAtoms::title, nullptr, kNameSpaceID_SVG, ELEMENT_NODE); + NS_NewSVGElement(getter_AddRefs(title), titleInfo.forget(), + NOT_FROM_PARSER); + if (!title) { + return; + } + rootElement->InsertChildBefore(title, rootElement->GetFirstChild(), true, + IgnoreErrors()); + } + } else if (rootElement->IsHTMLElement()) { + if (!title) { + // Batch updates so that mutation events don't change "the title + // element" under us + updateBatch.emplace(this, true); + Element* head = GetHeadElement(); + if (!head) { + return; + } + + RefPtr<mozilla::dom::NodeInfo> titleInfo; + titleInfo = mNodeInfoManager->GetNodeInfo( + nsGkAtoms::title, nullptr, kNameSpaceID_XHTML, ELEMENT_NODE); + title = NS_NewHTMLTitleElement(titleInfo.forget()); + if (!title) { + return; + } + + head->AppendChildTo(title, true, IgnoreErrors()); + } + } else { + return; + } + + aRv = nsContentUtils::SetNodeTextContent(title, aTitle, false); +} + +class Document::TitleChangeEvent final : public Runnable { + public: + explicit TitleChangeEvent(Document* aDoc) + : Runnable("Document::TitleChangeEvent"), + mDoc(aDoc), + mBlockOnload(aDoc->IsInChromeDocShell()) { + if (mBlockOnload) { + mDoc->BlockOnload(); + } + } + + NS_IMETHOD Run() final { + if (!mDoc) { + return NS_OK; + } + const RefPtr<Document> doc = mDoc; + const bool blockOnload = mBlockOnload; + mDoc = nullptr; + doc->DoNotifyPossibleTitleChange(); + if (blockOnload) { + doc->UnblockOnload(/* aFireSync = */ true); + } + return NS_OK; + } + + void Revoke() { + if (mDoc) { + if (mBlockOnload) { + mDoc->UnblockOnload(/* aFireSync = */ false); + } + mDoc = nullptr; + } + } + + private: + // Weak, caller is responsible for calling Revoke() when needed. + Document* mDoc; + // title changes should block the load event on chrome docshells, so that the + // window title is consistently set by the time the top window is displayed. + // Otherwise, some window manager integrations don't work properly, + // see bug 1874766. + const bool mBlockOnload = false; +}; + +void Document::NotifyPossibleTitleChange(bool aBoundTitleElement) { + NS_ASSERTION(!mInUnlinkOrDeletion || !aBoundTitleElement, + "Setting a title while unlinking or destroying the element?"); + if (mInUnlinkOrDeletion) { + return; + } + + if (aBoundTitleElement) { + mMayHaveTitleElement = true; + } + + if (mPendingTitleChangeEvent.IsPending()) { + return; + } + + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + RefPtr<TitleChangeEvent> event = new TitleChangeEvent(this); + if (NS_WARN_IF(NS_FAILED(Dispatch(do_AddRef(event))))) { + event->Revoke(); + return; + } + mPendingTitleChangeEvent = std::move(event); +} + +void Document::DoNotifyPossibleTitleChange() { + if (!mPendingTitleChangeEvent.IsPending()) { + return; + } + // Make sure the pending runnable method is cleared. + mPendingTitleChangeEvent.Revoke(); + mHaveFiredTitleChange = true; + + nsAutoString title; + GetTitle(title); + + if (RefPtr<PresShell> presShell = GetPresShell()) { + nsCOMPtr<nsISupports> container = + presShell->GetPresContext()->GetContainerWeak(); + if (container) { + if (nsCOMPtr<nsIBaseWindow> docShellWin = do_QueryInterface(container)) { + docShellWin->SetTitle(title); + } + } + } + + if (WindowGlobalChild* child = GetWindowGlobalChild()) { + child->SendUpdateDocumentTitle(title); + } + + // Fire a DOM event for the title change. + nsContentUtils::DispatchChromeEvent(this, this, u"DOMTitleChanged"_ns, + CanBubble::eYes, Cancelable::eYes); + + nsCOMPtr<nsIObserverService> obs = mozilla::services::GetObserverService(); + if (obs) { + obs->NotifyObservers(ToSupports(this), "document-title-changed", nullptr); + } +} + +already_AddRefed<MediaQueryList> Document::MatchMedia( + const nsACString& aMediaQueryList, CallerType aCallerType) { + RefPtr<MediaQueryList> result = + new MediaQueryList(this, aMediaQueryList, aCallerType); + + mDOMMediaQueryLists.insertBack(result); + + return result.forget(); +} + +void Document::SetMayStartLayout(bool aMayStartLayout) { + mMayStartLayout = aMayStartLayout; + if (MayStartLayout()) { + // Before starting layout, check whether we're a toplevel chrome + // window. If we are, setup some state so that we don't have to restyle + // the whole tree after StartLayout. + if (nsCOMPtr<nsIAppWindow> win = GetAppWindowIfToplevelChrome()) { + // We're the chrome document! + win->BeforeStartLayout(); + } + ReadyState state = GetReadyStateEnum(); + if (state >= READYSTATE_INTERACTIVE) { + // DOMContentLoaded has fired already. + MaybeResolveReadyForIdle(); + } + } + + MaybeEditingStateChanged(); +} + +nsresult Document::InitializeFrameLoader(nsFrameLoader* aLoader) { + mInitializableFrameLoaders.RemoveElement(aLoader); + // Don't even try to initialize. + if (mInDestructor) { + NS_WARNING( + "Trying to initialize a frame loader while" + "document is being deleted"); + return NS_ERROR_FAILURE; + } + + mInitializableFrameLoaders.AppendElement(aLoader); + if (!mFrameLoaderRunner) { + mFrameLoaderRunner = + NewRunnableMethod("Document::MaybeInitializeFinalizeFrameLoaders", this, + &Document::MaybeInitializeFinalizeFrameLoaders); + NS_ENSURE_TRUE(mFrameLoaderRunner, NS_ERROR_OUT_OF_MEMORY); + nsContentUtils::AddScriptRunner(mFrameLoaderRunner); + } + return NS_OK; +} + +nsresult Document::FinalizeFrameLoader(nsFrameLoader* aLoader, + nsIRunnable* aFinalizer) { + mInitializableFrameLoaders.RemoveElement(aLoader); + if (mInDestructor) { + return NS_ERROR_FAILURE; + } + + LogRunnable::LogDispatch(aFinalizer); + mFrameLoaderFinalizers.AppendElement(aFinalizer); + if (!mFrameLoaderRunner) { + mFrameLoaderRunner = + NewRunnableMethod("Document::MaybeInitializeFinalizeFrameLoaders", this, + &Document::MaybeInitializeFinalizeFrameLoaders); + NS_ENSURE_TRUE(mFrameLoaderRunner, NS_ERROR_OUT_OF_MEMORY); + nsContentUtils::AddScriptRunner(mFrameLoaderRunner); + } + return NS_OK; +} + +void Document::MaybeInitializeFinalizeFrameLoaders() { + if (mDelayFrameLoaderInitialization) { + // This method will be recalled when !mDelayFrameLoaderInitialization. + mFrameLoaderRunner = nullptr; + return; + } + + // We're not in an update, but it is not safe to run scripts, so + // postpone frameloader initialization and finalization. + if (!nsContentUtils::IsSafeToRunScript()) { + if (!mInDestructor && !mFrameLoaderRunner && + (mInitializableFrameLoaders.Length() || + mFrameLoaderFinalizers.Length())) { + mFrameLoaderRunner = NewRunnableMethod( + "Document::MaybeInitializeFinalizeFrameLoaders", this, + &Document::MaybeInitializeFinalizeFrameLoaders); + nsContentUtils::AddScriptRunner(mFrameLoaderRunner); + } + return; + } + mFrameLoaderRunner = nullptr; + + // Don't use a temporary array for mInitializableFrameLoaders, because + // loading a frame may cause some other frameloader to be removed from the + // array. But be careful to keep the loader alive when starting the load! + while (mInitializableFrameLoaders.Length()) { + RefPtr<nsFrameLoader> loader = mInitializableFrameLoaders[0]; + mInitializableFrameLoaders.RemoveElementAt(0); + NS_ASSERTION(loader, "null frameloader in the array?"); + loader->ReallyStartLoading(); + } + + uint32_t length = mFrameLoaderFinalizers.Length(); + if (length > 0) { + nsTArray<nsCOMPtr<nsIRunnable>> finalizers = + std::move(mFrameLoaderFinalizers); + for (uint32_t i = 0; i < length; ++i) { + LogRunnable::Run run(finalizers[i]); + finalizers[i]->Run(); + } + } +} + +void Document::TryCancelFrameLoaderInitialization(nsIDocShell* aShell) { + uint32_t length = mInitializableFrameLoaders.Length(); + for (uint32_t i = 0; i < length; ++i) { + if (mInitializableFrameLoaders[i]->GetExistingDocShell() == aShell) { + mInitializableFrameLoaders.RemoveElementAt(i); + return; + } + } +} + +void Document::SetPrototypeDocument(nsXULPrototypeDocument* aPrototype) { + mPrototypeDocument = aPrototype; + mSynchronousDOMContentLoaded = true; +} + +nsIPermissionDelegateHandler* Document::PermDelegateHandler() { + return GetPermissionDelegateHandler(); +} + +Document* Document::RequestExternalResource( + nsIURI* aURI, nsIReferrerInfo* aReferrerInfo, nsINode* aRequestingNode, + ExternalResourceLoad** aPendingLoad) { + MOZ_ASSERT(aURI, "Must have a URI"); + MOZ_ASSERT(aRequestingNode, "Must have a node"); + MOZ_ASSERT(aReferrerInfo, "Must have a referrerInfo"); + if (mDisplayDocument) { + return mDisplayDocument->RequestExternalResource( + aURI, aReferrerInfo, aRequestingNode, aPendingLoad); + } + + return mExternalResourceMap.RequestResource( + aURI, aReferrerInfo, aRequestingNode, this, aPendingLoad); +} + +void Document::EnumerateExternalResources(SubDocEnumFunc aCallback) { + mExternalResourceMap.EnumerateResources(aCallback); +} + +SMILAnimationController* Document::GetAnimationController() { + // We create the animation controller lazily because most documents won't want + // one and only SVG documents and the like will call this + if (mAnimationController) return mAnimationController; + // Refuse to create an Animation Controller for data documents. + if (mLoadedAsData) return nullptr; + + mAnimationController = new SMILAnimationController(this); + + // If there's a presContext then check the animation mode and pause if + // necessary. + nsPresContext* context = GetPresContext(); + if (mAnimationController && context && + context->ImageAnimationMode() == imgIContainer::kDontAnimMode) { + mAnimationController->Pause(SMILTimeContainer::PAUSE_USERPREF); + } + + // If we're hidden (or being hidden), notify the newly-created animation + // controller. (Skip this check for SVG-as-an-image documents, though, + // because they don't get OnPageShow / OnPageHide calls). + if (!mIsShowing && !mIsBeingUsedAsImage) { + mAnimationController->OnPageHide(); + } + + return mAnimationController; +} + +ScrollTimelineAnimationTracker* +Document::GetOrCreateScrollTimelineAnimationTracker() { + if (!mScrollTimelineAnimationTracker) { + mScrollTimelineAnimationTracker = new ScrollTimelineAnimationTracker(this); + } + + return mScrollTimelineAnimationTracker; +} + +/** + * Retrieve the "direction" property of the document. + * + * @lina 01/09/2001 + */ +void Document::GetDir(nsAString& aDirection) const { + aDirection.Truncate(); + Element* rootElement = GetHtmlElement(); + if (rootElement) { + static_cast<nsGenericHTMLElement*>(rootElement)->GetDir(aDirection); + } +} + +/** + * Set the "direction" property of the document. + * + * @lina 01/09/2001 + */ +void Document::SetDir(const nsAString& aDirection) { + Element* rootElement = GetHtmlElement(); + if (rootElement) { + rootElement->SetAttr(kNameSpaceID_None, nsGkAtoms::dir, aDirection, true); + } +} + +nsIHTMLCollection* Document::Images() { + if (!mImages) { + mImages = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::img, + nsGkAtoms::img); + } + return mImages; +} + +nsIHTMLCollection* Document::Embeds() { + if (!mEmbeds) { + mEmbeds = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::embed, + nsGkAtoms::embed); + } + return mEmbeds; +} + +static bool MatchLinks(Element* aElement, int32_t aNamespaceID, nsAtom* aAtom, + void* aData) { + return aElement->IsAnyOfHTMLElements(nsGkAtoms::a, nsGkAtoms::area) && + aElement->HasAttr(nsGkAtoms::href); +} + +nsIHTMLCollection* Document::Links() { + if (!mLinks) { + mLinks = new nsContentList(this, MatchLinks, nullptr, nullptr); + } + return mLinks; +} + +nsIHTMLCollection* Document::Forms() { + if (!mForms) { + // Please keep this in sync with nsHTMLDocument::GetFormsAndFormControls. + mForms = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::form, + nsGkAtoms::form); + } + + return mForms; +} + +nsIHTMLCollection* Document::Scripts() { + if (!mScripts) { + mScripts = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::script, + nsGkAtoms::script); + } + return mScripts; +} + +nsIHTMLCollection* Document::Applets() { + if (!mApplets) { + mApplets = new nsEmptyContentList(this); + } + return mApplets; +} + +static bool MatchAnchors(Element* aElement, int32_t aNamespaceID, nsAtom* aAtom, + void* aData) { + return aElement->IsHTMLElement(nsGkAtoms::a) && + aElement->HasAttr(nsGkAtoms::name); +} + +nsIHTMLCollection* Document::Anchors() { + if (!mAnchors) { + mAnchors = new nsContentList(this, MatchAnchors, nullptr, nullptr); + } + return mAnchors; +} + +mozilla::dom::Nullable<mozilla::dom::WindowProxyHolder> Document::Open( + const nsAString& aURL, const nsAString& aName, const nsAString& aFeatures, + ErrorResult& rv) { + MOZ_ASSERT(nsContentUtils::CanCallerAccess(this), + "XOW should have caught this!"); + + nsCOMPtr<nsPIDOMWindowInner> window = GetInnerWindow(); + if (!window) { + rv.Throw(NS_ERROR_DOM_INVALID_ACCESS_ERR); + return nullptr; + } + nsCOMPtr<nsPIDOMWindowOuter> outer = + nsPIDOMWindowOuter::GetFromCurrentInner(window); + if (!outer) { + rv.Throw(NS_ERROR_NOT_INITIALIZED); + return nullptr; + } + RefPtr<nsGlobalWindowOuter> win = nsGlobalWindowOuter::Cast(outer); + RefPtr<BrowsingContext> newBC; + rv = win->OpenJS(aURL, aName, aFeatures, getter_AddRefs(newBC)); + if (!newBC) { + return nullptr; + } + return WindowProxyHolder(std::move(newBC)); +} + +Document* Document::Open(const Optional<nsAString>& /* unused */, + const Optional<nsAString>& /* unused */, + ErrorResult& aError) { + // Implements + // <https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-open-steps> + + MOZ_ASSERT(nsContentUtils::CanCallerAccess(this), + "XOW should have caught this!"); + + // Step 1 -- throw if we're an XML document. + if (!IsHTMLDocument() || mDisableDocWrite) { + aError.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return nullptr; + } + + // Step 2 -- throw if dynamic markup insertion should throw. + if (ShouldThrowOnDynamicMarkupInsertion()) { + aError.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return nullptr; + } + + // Step 3 -- get the entry document, so we can use it for security checks. + nsCOMPtr<Document> callerDoc = GetEntryDocument(); + if (!callerDoc) { + // If we're called from C++ or in some other way without an originating + // document we can't do a document.open w/o changing the principal of the + // document to something like about:blank (as that's the only sane thing to + // do when we don't know the origin of this call), and since we can't + // change the principals of a document for security reasons we'll have to + // refuse to go ahead with this call. + + aError.Throw(NS_ERROR_DOM_SECURITY_ERR); + return nullptr; + } + + // Step 4 -- make sure we're same-origin (not just same origin-domain) with + // the entry document. + if (!callerDoc->NodePrincipal()->Equals(NodePrincipal())) { + aError.Throw(NS_ERROR_DOM_SECURITY_ERR); + return nullptr; + } + + // Step 5 -- if we have an active parser with a nonzero script nesting level, + // just no-op. + if ((mParser && mParser->HasNonzeroScriptNestingLevel()) || mParserAborted) { + return this; + } + + // Step 6 -- check for open() during unload. Per spec, this is just a check + // of the ignore-opens-during-unload counter, but our unload event code + // doesn't affect that counter yet (unlike pagehide and beforeunload, which + // do), so we check for unload directly. + if (ShouldIgnoreOpens()) { + return this; + } + + RefPtr<nsDocShell> shell(mDocumentContainer); + if (shell) { + bool inUnload; + shell->GetIsInUnload(&inUnload); + if (inUnload) { + return this; + } + } + + // At this point we know this is a valid-enough document.open() call + // and not a no-op. Increment our use counter. + SetUseCounter(eUseCounter_custom_DocumentOpen); + + // Step 7 -- stop existing navigation of our browsing context (and all other + // loads it's doing) if we're the active document of our browsing context. + // Note that we do not want to stop anything if there is no existing + // navigation. + if (shell && IsCurrentActiveDocument() && + shell->GetIsAttemptingToNavigate()) { + shell->Stop(nsIWebNavigation::STOP_NETWORK); + + // The Stop call may have cancelled the onload blocker request or + // prevented it from getting added, so we need to make sure it gets added + // to the document again otherwise the document could have a non-zero + // onload block count without the onload blocker request being in the + // loadgroup. + EnsureOnloadBlocker(); + } + + // Step 8 -- clear event listeners out of our DOM tree + for (nsINode* node : ShadowIncludingTreeIterator(*this)) { + if (EventListenerManager* elm = node->GetExistingListenerManager()) { + elm->RemoveAllListeners(); + } + } + + // Step 9 -- clear event listeners from our window, if we have one. + // + // Note that we explicitly want the inner window, and only if we're its + // document. We want to do this (per spec) even when we're not the "active + // document", so we can't go through GetWindow(), because it might forward to + // the wrong inner. + if (nsPIDOMWindowInner* win = GetInnerWindow()) { + if (win->GetExtantDoc() == this) { + if (EventListenerManager* elm = + nsGlobalWindowInner::Cast(win)->GetExistingListenerManager()) { + elm->RemoveAllListeners(); + } + } + } + + // If we have a parser that has a zero script nesting level, we need to + // properly terminate it. We do that after we've removed all the event + // listeners (so termination won't trigger event listeners if it does + // something to the DOM), but before we remove all elements from the document + // (so if termination does modify the DOM in some way we will just blow it + // away immediately. See the similar code in WriteCommon that handles the + // !IsInsertionPointDefined() case and should stay in sync with this code. + if (mParser) { + MOZ_ASSERT(!mParser->HasNonzeroScriptNestingLevel(), + "Why didn't we take the early return?"); + // Make sure we don't re-enter. + IgnoreOpensDuringUnload ignoreOpenGuard(this); + mParser->Terminate(); + MOZ_RELEASE_ASSERT(!mParser, "mParser should have been null'd out"); + } + + // Step 10 -- remove all our DOM kids without firing any mutation events. + { + // We want to ignore any recursive calls to Open() that happen while + // disconnecting the node tree. The spec doesn't say to do this, but the + // spec also doesn't envision unload events on subframes firing while we do + // this, while all browsers fire them in practice. See + // <https://github.com/whatwg/html/issues/4611>. + IgnoreOpensDuringUnload ignoreOpenGuard(this); + DisconnectNodeTree(); + } + + // Step 11 -- if we're the current document in our docshell, do the + // equivalent of pushState() with the new URL we should have. + if (shell && IsCurrentActiveDocument()) { + nsCOMPtr<nsIURI> newURI = callerDoc->GetDocumentURI(); + if (callerDoc != this) { + nsCOMPtr<nsIURI> noFragmentURI; + nsresult rv = NS_GetURIWithoutRef(newURI, getter_AddRefs(noFragmentURI)); + if (NS_WARN_IF(NS_FAILED(rv))) { + aError.Throw(rv); + return nullptr; + } + newURI = std::move(noFragmentURI); + } + + // UpdateURLAndHistory might do various member-setting, so make sure we're + // holding strong refs to all the refcounted args on the stack. We can + // assume that our caller is holding on to "this" already. + nsCOMPtr<nsIURI> currentURI = GetDocumentURI(); + bool equalURIs; + nsresult rv = currentURI->Equals(newURI, &equalURIs); + if (NS_WARN_IF(NS_FAILED(rv))) { + aError.Throw(rv); + return nullptr; + } + nsCOMPtr<nsIStructuredCloneContainer> stateContainer(mStateObjectContainer); + rv = shell->UpdateURLAndHistory(this, newURI, stateContainer, u""_ns, + /* aReplace = */ true, currentURI, + equalURIs); + if (NS_WARN_IF(NS_FAILED(rv))) { + aError.Throw(rv); + return nullptr; + } + + // And use the security info of the caller document as well, since + // it's the thing providing our data. + mSecurityInfo = callerDoc->GetSecurityInfo(); + + // This is not mentioned in the spec, but I think that's a spec bug. See + // <https://github.com/whatwg/html/issues/4299>. In any case, since our + // URL may be changing away from about:blank here, we really want to unset + // this flag no matter what, since only about:blank can be an initial + // document. + SetIsInitialDocument(false); + + // And let our docloader know that it will need to track our load event. + nsDocShell::Cast(shell)->SetDocumentOpenedButNotLoaded(); + } + + // Per spec nothing happens with our URI in other cases, though note + // <https://github.com/whatwg/html/issues/4286>. + + // Note that we don't need to do anything here with base URIs per spec. + // That said, this might be assuming that we implement + // https://html.spec.whatwg.org/multipage/urls-and-fetching.html#fallback-base-url + // correctly, which we don't right now for the about:blank case. + + // Step 12, but note <https://github.com/whatwg/html/issues/4292>. + mSkipLoadEventAfterClose = mLoadEventFiring; + + // Preliminary to steps 13-16. Set our ready state to uninitialized before + // we do anything else, so we can then proceed to later ready state levels. + SetReadyStateInternal(READYSTATE_UNINITIALIZED, + /* updateTimingInformation = */ false); + // Reset a flag that affects readyState behavior. + mSetCompleteAfterDOMContentLoaded = false; + + // Step 13 -- set our compat mode to standards. + SetCompatibilityMode(eCompatibility_FullStandards); + + // Step 14 -- create a new parser associated with document. This also does + // step 16 implicitly. + mParserAborted = false; + RefPtr<nsHtml5Parser> parser = nsHtml5Module::NewHtml5Parser(); + mParser = parser; + parser->Initialize(this, GetDocumentURI(), ToSupports(shell), nullptr); + nsresult rv = parser->StartExecutor(); + if (NS_WARN_IF(NS_FAILED(rv))) { + aError.Throw(rv); + return nullptr; + } + + // Clear out our form control state, because the state of controls + // in the pre-open() document should not affect the state of + // controls that are now going to be written. + mLayoutHistoryState = nullptr; + + if (shell) { + // Prepare the docshell and the document viewer for the impending + // out-of-band document.write() + shell->PrepareForNewContentModel(); + + nsCOMPtr<nsIDocumentViewer> viewer; + shell->GetDocViewer(getter_AddRefs(viewer)); + if (viewer) { + viewer->LoadStart(this); + } + } + + // Step 15. + SetReadyStateInternal(Document::READYSTATE_LOADING, + /* updateTimingInformation = */ false); + + // Step 16 happened with step 14 above. + + // Step 17. + return this; +} + +void Document::Close(ErrorResult& rv) { + if (!IsHTMLDocument()) { + // No calling document.close() on XHTML! + + rv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + if (ShouldThrowOnDynamicMarkupInsertion()) { + rv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + if (!mParser || !mParser->IsScriptCreated()) { + return; + } + + ++mWriteLevel; + rv = (static_cast<nsHtml5Parser*>(mParser.get())) + ->Parse(u""_ns, nullptr, true); + --mWriteLevel; +} + +void Document::WriteCommon(const Sequence<nsString>& aText, + bool aNewlineTerminate, mozilla::ErrorResult& rv) { + // Fast path the common case + if (aText.Length() == 1) { + WriteCommon(aText[0], aNewlineTerminate, rv); + } else { + // XXXbz it would be nice if we could pass all the strings to the parser + // without having to do all this copying and then ask it to start + // parsing.... + nsString text; + for (size_t i = 0; i < aText.Length(); ++i) { + text.Append(aText[i]); + } + WriteCommon(text, aNewlineTerminate, rv); + } +} + +void Document::WriteCommon(const nsAString& aText, bool aNewlineTerminate, + ErrorResult& aRv) { +#ifdef DEBUG + { + // Assert that we do not use or accidentally introduce doc.write() + // in system privileged context or in any of our about: pages. + nsCOMPtr<nsIPrincipal> principal = NodePrincipal(); + bool isAboutOrPrivContext = principal->IsSystemPrincipal(); + if (!isAboutOrPrivContext) { + if (principal->SchemeIs("about")) { + // about:blank inherits the security contetext and this assertion + // is only meant for actual about: pages. + nsAutoCString host; + principal->GetHost(host); + isAboutOrPrivContext = !host.EqualsLiteral("blank"); + } + } + // Some automated tests use an empty string to kick off some parsing + // mechansims, but they do not do any harm since they use an empty string. + MOZ_ASSERT(!isAboutOrPrivContext || aText.IsEmpty(), + "do not use doc.write in privileged context!"); + } +#endif + + mTooDeepWriteRecursion = + (mWriteLevel > NS_MAX_DOCUMENT_WRITE_DEPTH || mTooDeepWriteRecursion); + if (NS_WARN_IF(mTooDeepWriteRecursion)) { + aRv.Throw(NS_ERROR_UNEXPECTED); + return; + } + + if (!IsHTMLDocument() || mDisableDocWrite) { + // No calling document.write*() on XHTML! + + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + if (ShouldThrowOnDynamicMarkupInsertion()) { + aRv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + return; + } + + if (mParserAborted) { + // Hixie says aborting the parser doesn't undefine the insertion point. + // However, since we null out mParser in that case, we track the + // theoretically defined insertion point using mParserAborted. + return; + } + + // Implement Step 4.1 of: + // https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-write-steps + if (ShouldIgnoreOpens()) { + return; + } + + void* key = GenerateParserKey(); + if (mParser && !mParser->IsInsertionPointDefined()) { + if (mIgnoreDestructiveWritesCounter) { + // Instead of implying a call to document.open(), ignore the call. + nsContentUtils::ReportToConsole( + nsIScriptError::warningFlag, "DOM Events"_ns, this, + nsContentUtils::eDOM_PROPERTIES, "DocumentWriteIgnored"); + return; + } + // The spec doesn't tell us to ignore opens from here, but we need to + // ensure opens are ignored here. See similar code in Open() that handles + // the case of an existing parser which is not currently running script and + // should stay in sync with this code. + IgnoreOpensDuringUnload ignoreOpenGuard(this); + mParser->Terminate(); + MOZ_RELEASE_ASSERT(!mParser, "mParser should have been null'd out"); + } + + if (!mParser) { + if (mIgnoreDestructiveWritesCounter) { + // Instead of implying a call to document.open(), ignore the call. + nsContentUtils::ReportToConsole( + nsIScriptError::warningFlag, "DOM Events"_ns, this, + nsContentUtils::eDOM_PROPERTIES, "DocumentWriteIgnored"); + return; + } + + Open({}, {}, aRv); + + // If Open() fails, or if it didn't create a parser (as it won't + // if the user chose to not discard the current document through + // onbeforeunload), don't write anything. + if (aRv.Failed() || !mParser) { + return; + } + } + + static constexpr auto new_line = u"\n"_ns; + + ++mWriteLevel; + + // This could be done with less code, but for performance reasons it + // makes sense to have the code for two separate Parse() calls here + // since the concatenation of strings costs more than we like. And + // why pay that price when we don't need to? + if (aNewlineTerminate) { + aRv = (static_cast<nsHtml5Parser*>(mParser.get())) + ->Parse(aText + new_line, key, false); + } else { + aRv = + (static_cast<nsHtml5Parser*>(mParser.get()))->Parse(aText, key, false); + } + + --mWriteLevel; + + mTooDeepWriteRecursion = (mWriteLevel != 0 && mTooDeepWriteRecursion); +} + +void Document::Write(const Sequence<nsString>& aText, ErrorResult& rv) { + WriteCommon(aText, false, rv); +} + +void Document::Writeln(const Sequence<nsString>& aText, ErrorResult& rv) { + WriteCommon(aText, true, rv); +} + +void* Document::GenerateParserKey(void) { + if (!mScriptLoader) { + // If we don't have a script loader, then the parser probably isn't parsing + // anything anyway, so just return null. + return nullptr; + } + + // The script loader provides us with the currently executing script element, + // which is guaranteed to be unique per script. + nsIScriptElement* script = mScriptLoader->GetCurrentParserInsertedScript(); + if (script && mParser && mParser->IsScriptCreated()) { + nsCOMPtr<nsIParser> creatorParser = script->GetCreatorParser(); + if (creatorParser != mParser) { + // Make scripts that aren't inserted by the active parser of this document + // participate in the context of the script that document.open()ed + // this document. + return nullptr; + } + } + return script; +} + +/* static */ +bool Document::MatchNameAttribute(Element* aElement, int32_t aNamespaceID, + nsAtom* aAtom, void* aData) { + MOZ_ASSERT(aElement, "Must have element to work with!"); + + if (!aElement->HasName()) { + return false; + } + + nsString* elementName = static_cast<nsString*>(aData); + return aElement->GetNameSpaceID() == kNameSpaceID_XHTML && + aElement->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name, *elementName, + eCaseMatters); +} + +/* static */ +void* Document::UseExistingNameString(nsINode* aRootNode, + const nsString* aName) { + return const_cast<nsString*>(aName); +} + +nsresult Document::GetDocumentURI(nsString& aDocumentURI) const { + if (mDocumentURI) { + nsAutoCString uri; + nsresult rv = mDocumentURI->GetSpec(uri); + NS_ENSURE_SUCCESS(rv, rv); + + CopyUTF8toUTF16(uri, aDocumentURI); + } else { + aDocumentURI.Truncate(); + } + + return NS_OK; +} + +// Alias of above +nsresult Document::GetURL(nsString& aURL) const { return GetDocumentURI(aURL); } + +void Document::GetDocumentURIFromJS(nsString& aDocumentURI, + CallerType aCallerType, + ErrorResult& aRv) const { + if (!mChromeXHRDocURI || aCallerType != CallerType::System) { + aRv = GetDocumentURI(aDocumentURI); + return; + } + + nsAutoCString uri; + nsresult res = mChromeXHRDocURI->GetSpec(uri); + if (NS_FAILED(res)) { + aRv.Throw(res); + return; + } + CopyUTF8toUTF16(uri, aDocumentURI); +} + +nsIURI* Document::GetDocumentURIObject() const { + if (!mChromeXHRDocURI) { + return GetDocumentURI(); + } + + return mChromeXHRDocURI; +} + +void Document::GetCompatMode(nsString& aCompatMode) const { + NS_ASSERTION(mCompatMode == eCompatibility_NavQuirks || + mCompatMode == eCompatibility_AlmostStandards || + mCompatMode == eCompatibility_FullStandards, + "mCompatMode is neither quirks nor strict for this document"); + + if (mCompatMode == eCompatibility_NavQuirks) { + aCompatMode.AssignLiteral("BackCompat"); + } else { + aCompatMode.AssignLiteral("CSS1Compat"); + } +} + +} // namespace dom +} // namespace mozilla + +void nsDOMAttributeMap::BlastSubtreeToPieces(nsINode* aNode) { + if (Element* element = Element::FromNode(aNode)) { + if (const nsDOMAttributeMap* map = element->GetAttributeMap()) { + while (true) { + RefPtr<Attr> attr; + { + // Use an iterator to get an arbitrary attribute from the + // cache. The iterator must be destroyed before any other + // operations on mAttributeCache, to avoid hash table + // assertions. + auto iter = map->mAttributeCache.ConstIter(); + if (iter.Done()) { + break; + } + attr = iter.UserData(); + } + + BlastSubtreeToPieces(attr); + + mozilla::DebugOnly<nsresult> rv = + element->UnsetAttr(attr->NodeInfo()->NamespaceID(), + attr->NodeInfo()->NameAtom(), false); + + // XXX Should we abort here? + NS_ASSERTION(NS_SUCCEEDED(rv), "Uh-oh, UnsetAttr shouldn't fail!"); + } + } + + if (mozilla::dom::ShadowRoot* shadow = element->GetShadowRoot()) { + BlastSubtreeToPieces(shadow); + element->UnattachShadow(); + } + } + + while (aNode->HasChildren()) { + nsIContent* node = aNode->GetFirstChild(); + BlastSubtreeToPieces(node); + aNode->RemoveChildNode(node, false); + } +} + +namespace mozilla::dom { + +nsINode* Document::AdoptNode(nsINode& aAdoptedNode, ErrorResult& rv, + bool aAcceptShadowRoot) { + OwningNonNull<nsINode> adoptedNode = aAdoptedNode; + if (adoptedNode->IsShadowRoot() && !aAcceptShadowRoot) { + rv.ThrowHierarchyRequestError("The adopted node is a shadow root."); + return nullptr; + } + + // Scope firing mutation events so that we don't carry any state that + // might be stale + { + if (nsCOMPtr<nsINode> parent = adoptedNode->GetParentNode()) { + nsContentUtils::MaybeFireNodeRemoved(adoptedNode, parent); + } + } + + nsAutoScriptBlocker scriptBlocker; + + switch (adoptedNode->NodeType()) { + case ATTRIBUTE_NODE: { + // Remove from ownerElement. + OwningNonNull<Attr> adoptedAttr = static_cast<Attr&>(*adoptedNode); + + nsCOMPtr<Element> ownerElement = adoptedAttr->GetOwnerElement(); + if (rv.Failed()) { + return nullptr; + } + + if (ownerElement) { + OwningNonNull<Attr> newAttr = + ownerElement->RemoveAttributeNode(*adoptedAttr, rv); + if (rv.Failed()) { + return nullptr; + } + } + + break; + } + case DOCUMENT_FRAGMENT_NODE: + case ELEMENT_NODE: + case PROCESSING_INSTRUCTION_NODE: + case TEXT_NODE: + case CDATA_SECTION_NODE: + case COMMENT_NODE: + case DOCUMENT_TYPE_NODE: { + // Don't allow adopting a node's anonymous subtree out from under it. + if (adoptedNode->IsRootOfNativeAnonymousSubtree()) { + rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return nullptr; + } + + // We don't want to adopt an element into its own contentDocument or into + // a descendant contentDocument, so we check if the frameElement of this + // document or any of its parents is the adopted node or one of its + // descendants. + RefPtr<BrowsingContext> bc = GetBrowsingContext(); + while (bc) { + nsCOMPtr<nsINode> node = bc->GetEmbedderElement(); + if (node && node->IsInclusiveDescendantOf(adoptedNode)) { + rv.ThrowHierarchyRequestError( + "Trying to adopt a node into its own contentDocument or a " + "descendant contentDocument."); + return nullptr; + } + + if (XRE_IsParentProcess()) { + bc = bc->Canonical()->GetParentCrossChromeBoundary(); + } else { + bc = bc->GetParent(); + } + } + + // Remove from parent. + nsCOMPtr<nsINode> parent = adoptedNode->GetParentNode(); + if (parent) { + parent->RemoveChildNode(adoptedNode->AsContent(), true); + } else { + MOZ_ASSERT(!adoptedNode->IsInUncomposedDoc()); + } + + break; + } + case DOCUMENT_NODE: { + rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return nullptr; + } + default: { + NS_WARNING("Don't know how to adopt this nodetype for adoptNode."); + + rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return nullptr; + } + } + + nsCOMPtr<Document> oldDocument = adoptedNode->OwnerDoc(); + bool sameDocument = oldDocument == this; + + AutoJSContext cx; + JS::Rooted<JSObject*> newScope(cx, nullptr); + if (!sameDocument) { + newScope = GetWrapper(); + if (!newScope && GetScopeObject() && GetScopeObject()->HasJSGlobal()) { + // Make sure cx is in a semi-sane compartment before we call WrapNative. + // It's kind of irrelevant, given that we're passing aAllowWrapping = + // false, and documents should always insist on being wrapped in an + // canonical scope. But we try to pass something sane anyway. + JSObject* globalObject = GetScopeObject()->GetGlobalJSObject(); + JSAutoRealm ar(cx, globalObject); + JS::Rooted<JS::Value> v(cx); + rv = nsContentUtils::WrapNative(cx, ToSupports(this), this, &v, + /* aAllowWrapping = */ false); + if (rv.Failed()) return nullptr; + newScope = &v.toObject(); + } + } + + adoptedNode->Adopt(sameDocument ? nullptr : mNodeInfoManager, newScope, rv); + if (rv.Failed()) { + // Disconnect all nodes from their parents, since some have the old document + // as their ownerDocument and some have this as their ownerDocument. + nsDOMAttributeMap::BlastSubtreeToPieces(adoptedNode); + return nullptr; + } + + MOZ_ASSERT(adoptedNode->OwnerDoc() == this, + "Should still be in the document we just got adopted into"); + + return adoptedNode; +} + +bool Document::UseWidthDeviceWidthFallbackViewport() const { return false; } + +static Maybe<LayoutDeviceToScreenScale> ParseScaleString( + const nsString& aScaleString) { + // https://drafts.csswg.org/css-device-adapt/#min-scale-max-scale + if (aScaleString.EqualsLiteral("device-width") || + aScaleString.EqualsLiteral("device-height")) { + return Some(LayoutDeviceToScreenScale(10.0f)); + } else if (aScaleString.EqualsLiteral("yes")) { + return Some(LayoutDeviceToScreenScale(1.0f)); + } else if (aScaleString.EqualsLiteral("no")) { + return Some(LayoutDeviceToScreenScale(ViewportMinScale())); + } else if (aScaleString.IsEmpty()) { + return Nothing(); + } + + nsresult scaleErrorCode; + float scale = aScaleString.ToFloatAllowTrailingChars(&scaleErrorCode); + if (NS_FAILED(scaleErrorCode)) { + return Some(LayoutDeviceToScreenScale(ViewportMinScale())); + } + + if (scale < 0) { + return Nothing(); + } + return Some(clamped(LayoutDeviceToScreenScale(scale), ViewportMinScale(), + ViewportMaxScale())); +} + +void Document::ParseScalesInViewportMetaData( + const ViewportMetaData& aViewportMetaData) { + Maybe<LayoutDeviceToScreenScale> scale; + + scale = ParseScaleString(aViewportMetaData.mInitialScale); + mScaleFloat = scale.valueOr(LayoutDeviceToScreenScale(0.0f)); + mValidScaleFloat = scale.isSome(); + + scale = ParseScaleString(aViewportMetaData.mMaximumScale); + // Chrome uses '5' for the fallback value of maximum-scale, we might + // consider matching it in future. + // https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/html_meta_element.cc?l=452&rcl=65ca4278b42d269ca738fc93ef7ae04a032afeb0 + mScaleMaxFloat = scale.valueOr(ViewportMaxScale()); + mValidMaxScale = scale.isSome(); + + scale = ParseScaleString(aViewportMetaData.mMinimumScale); + mScaleMinFloat = scale.valueOr(ViewportMinScale()); + mValidMinScale = scale.isSome(); + + // Resolve min-zoom and max-zoom values. + // https://drafts.csswg.org/css-device-adapt/#constraining-min-max-zoom + if (mValidMaxScale && mValidMinScale) { + mScaleMaxFloat = std::max(mScaleMinFloat, mScaleMaxFloat); + } +} + +void Document::ParseWidthAndHeightInMetaViewport(const nsAString& aWidthString, + const nsAString& aHeightString, + bool aHasValidScale) { + // The width and height properties + // https://drafts.csswg.org/css-device-adapt/#width-and-height-properties + // + // The width and height viewport <META> properties are translated into width + // and height descriptors, setting the min-width/min-height value to + // extend-to-zoom and the max-width/max-height value to the length from the + // viewport <META> property as follows: + // + // 1. Non-negative number values are translated to pixel lengths, clamped to + // the range: [1px, 10000px] + // 2. Negative number values are dropped + // 3. device-width and device-height translate to 100vw and 100vh respectively + // 4. Other keywords and unknown values are also dropped + mMinWidth = nsViewportInfo::kAuto; + mMaxWidth = nsViewportInfo::kAuto; + if (!aWidthString.IsEmpty()) { + mMinWidth = nsViewportInfo::kExtendToZoom; + if (aWidthString.EqualsLiteral("device-width")) { + mMaxWidth = nsViewportInfo::kDeviceSize; + } else { + nsresult widthErrorCode; + mMaxWidth = aWidthString.ToInteger(&widthErrorCode); + if (NS_FAILED(widthErrorCode)) { + mMaxWidth = nsViewportInfo::kAuto; + } else if (mMaxWidth >= 0.0f) { + mMaxWidth = clamped(mMaxWidth, CSSCoord(1.0f), CSSCoord(10000.0f)); + } else { + mMaxWidth = nsViewportInfo::kAuto; + } + } + } else if (aHasValidScale) { + if (aHeightString.IsEmpty()) { + mMinWidth = nsViewportInfo::kExtendToZoom; + mMaxWidth = nsViewportInfo::kExtendToZoom; + } + } else if (aHeightString.IsEmpty() && UseWidthDeviceWidthFallbackViewport()) { + mMinWidth = nsViewportInfo::kExtendToZoom; + mMaxWidth = nsViewportInfo::kDeviceSize; + } + + mMinHeight = nsViewportInfo::kAuto; + mMaxHeight = nsViewportInfo::kAuto; + if (!aHeightString.IsEmpty()) { + mMinHeight = nsViewportInfo::kExtendToZoom; + if (aHeightString.EqualsLiteral("device-height")) { + mMaxHeight = nsViewportInfo::kDeviceSize; + } else { + nsresult heightErrorCode; + mMaxHeight = aHeightString.ToInteger(&heightErrorCode); + if (NS_FAILED(heightErrorCode)) { + mMaxHeight = nsViewportInfo::kAuto; + } else if (mMaxHeight >= 0.0f) { + mMaxHeight = clamped(mMaxHeight, CSSCoord(1.0f), CSSCoord(10000.0f)); + } else { + mMaxHeight = nsViewportInfo::kAuto; + } + } + } +} + +nsViewportInfo Document::GetViewportInfo(const ScreenIntSize& aDisplaySize) { + MOZ_ASSERT(mPresShell); + + // Compute the CSS-to-LayoutDevice pixel scale as the product of the + // widget scale and the full zoom. + nsPresContext* context = mPresShell->GetPresContext(); + // When querying the full zoom, get it from the device context rather than + // directly from the pres context, because the device context's value can + // include an adjustment necessary to keep the number of app units per device + // pixel an integer, and we want the adjusted value. + float fullZoom = context ? context->DeviceContext()->GetFullZoom() : 1.0; + fullZoom = (fullZoom == 0.0) ? 1.0 : fullZoom; + CSSToLayoutDeviceScale layoutDeviceScale = + context ? context->CSSToDevPixelScale() : CSSToLayoutDeviceScale(1); + + CSSToScreenScale defaultScale = + layoutDeviceScale * LayoutDeviceToScreenScale(1.0); + + // Special behaviour for desktop mode, provided we are not on an about: page, + // or fullscreen. + const bool fullscreen = Fullscreen(); + auto* bc = GetBrowsingContext(); + if (bc && bc->ForceDesktopViewport() && !IsAboutPage() && !fullscreen) { + CSSCoord viewportWidth = + StaticPrefs::browser_viewport_desktopWidth() / fullZoom; + CSSToScreenScale scaleToFit(aDisplaySize.width / viewportWidth); + float aspectRatio = (float)aDisplaySize.height / aDisplaySize.width; + CSSSize viewportSize(viewportWidth, viewportWidth * aspectRatio); + ScreenIntSize fakeDesktopSize = RoundedToInt(viewportSize * scaleToFit); + return nsViewportInfo(fakeDesktopSize, scaleToFit, + nsViewportInfo::ZoomFlag::AllowZoom, + nsViewportInfo::ZoomBehaviour::Mobile, + nsViewportInfo::AutoScaleFlag::AutoScale); + } + + // We ignore viewport meta tage etc when in fullscreen, see bug 1696717. + if (fullscreen || !nsLayoutUtils::ShouldHandleMetaViewport(this)) { + return nsViewportInfo(aDisplaySize, defaultScale, + nsLayoutUtils::AllowZoomingForDocument(this) + ? nsViewportInfo::ZoomFlag::AllowZoom + : nsViewportInfo::ZoomFlag::DisallowZoom, + StaticPrefs::apz_allow_zooming_out() + ? nsViewportInfo::ZoomBehaviour::Mobile + : nsViewportInfo::ZoomBehaviour::Desktop); + } + + // In cases where the width of the CSS viewport is less than or equal to the + // width of the display (i.e. width <= device-width) then we disable + // double-tap-to-zoom behaviour. See bug 941995 for details. + + switch (mViewportType) { + case DisplayWidthHeight: + return nsViewportInfo(aDisplaySize, defaultScale, + nsViewportInfo::ZoomFlag::AllowZoom, + nsViewportInfo::ZoomBehaviour::Mobile); + case Unknown: { + // We might early exit if the viewport is empty. Even if we don't, + // at the end of this case we'll note that it was empty. Later, when + // we're using the cached values, this will trigger alternate code paths. + if (!mLastModifiedViewportMetaData) { + // If the docType specifies that we are on a site optimized for mobile, + // then we want to return specially crafted defaults for the viewport + // info. + if (RefPtr<DocumentType> docType = GetDoctype()) { + nsAutoString docId; + docType->GetPublicId(docId); + if ((docId.Find(u"WAP") != -1) || (docId.Find(u"Mobile") != -1) || + (docId.Find(u"WML") != -1)) { + // We're making an assumption that the docType can't change here + mViewportType = DisplayWidthHeight; + return nsViewportInfo(aDisplaySize, defaultScale, + nsViewportInfo::ZoomFlag::AllowZoom, + nsViewportInfo::ZoomBehaviour::Mobile); + } + } + + nsAutoString handheldFriendly; + GetHeaderData(nsGkAtoms::handheldFriendly, handheldFriendly); + if (handheldFriendly.EqualsLiteral("true")) { + mViewportType = DisplayWidthHeight; + return nsViewportInfo(aDisplaySize, defaultScale, + nsViewportInfo::ZoomFlag::AllowZoom, + nsViewportInfo::ZoomBehaviour::Mobile); + } + } + + ViewportMetaData metaData = GetViewportMetaData(); + + // Parse initial-scale, minimum-scale and maximum-scale. + ParseScalesInViewportMetaData(metaData); + + // Parse width and height properties + // This function sets m{Min,Max}{Width,Height}. + ParseWidthAndHeightInMetaViewport(metaData.mWidth, metaData.mHeight, + mValidScaleFloat); + + mAllowZoom = true; + if ((metaData.mUserScalable.EqualsLiteral("0")) || + (metaData.mUserScalable.EqualsLiteral("no")) || + (metaData.mUserScalable.EqualsLiteral("false"))) { + mAllowZoom = false; + } + + // Resolve viewport-fit value. + // https://drafts.csswg.org/css-round-display/#viewport-fit-descriptor + mViewportFit = ViewportFitType::Auto; + if (!metaData.mViewportFit.IsEmpty()) { + if (metaData.mViewportFit.EqualsLiteral("contain")) { + mViewportFit = ViewportFitType::Contain; + } else if (metaData.mViewportFit.EqualsLiteral("cover")) { + mViewportFit = ViewportFitType::Cover; + } + } + + mWidthStrEmpty = metaData.mWidth.IsEmpty(); + + mViewportType = Specified; + [[fallthrough]]; + } + case Specified: + default: + LayoutDeviceToScreenScale effectiveMinScale = mScaleMinFloat; + LayoutDeviceToScreenScale effectiveMaxScale = mScaleMaxFloat; + bool effectiveValidMaxScale = mValidMaxScale; + + nsViewportInfo::ZoomFlag effectiveZoomFlag = + mAllowZoom ? nsViewportInfo::ZoomFlag::AllowZoom + : nsViewportInfo::ZoomFlag::DisallowZoom; + if (StaticPrefs::browser_ui_zoom_force_user_scalable()) { + // If the pref to force user-scalable is enabled, we ignore the values + // from the meta-viewport tag for these properties and just assume they + // allow the page to be scalable. Note in particular that this code is + // in the "Specified" branch of the enclosing switch statement, so that + // calls to GetViewportInfo always use the latest value of the + // browser_ui_zoom_force_user_scalable pref. Other codepaths that + // return nsViewportInfo instances are all consistent with + // browser_ui_zoom_force_user_scalable() already. + effectiveMinScale = ViewportMinScale(); + effectiveMaxScale = ViewportMaxScale(); + effectiveValidMaxScale = true; + effectiveZoomFlag = nsViewportInfo::ZoomFlag::AllowZoom; + } + + // Returns extend-zoom value which is MIN(mScaleFloat, mScaleMaxFloat). + auto ComputeExtendZoom = [&]() -> float { + if (mValidScaleFloat && effectiveValidMaxScale) { + return std::min(mScaleFloat.scale, effectiveMaxScale.scale); + } + if (mValidScaleFloat) { + return mScaleFloat.scale; + } + if (effectiveValidMaxScale) { + return effectiveMaxScale.scale; + } + return nsViewportInfo::kAuto; + }; + + // Resolving 'extend-to-zoom' + // https://drafts.csswg.org/css-device-adapt/#resolve-extend-to-zoom + float extendZoom = ComputeExtendZoom(); + + CSSCoord minWidth = mMinWidth; + CSSCoord maxWidth = mMaxWidth; + CSSCoord minHeight = mMinHeight; + CSSCoord maxHeight = mMaxHeight; + + // aDisplaySize is in screen pixels; convert them to CSS pixels for the + // viewport size. We need to use this scaled size for any clamping of + // width or height. + CSSSize displaySize = ScreenSize(aDisplaySize) / defaultScale; + + // Our min and max width and height values are mostly as specified by + // the viewport declaration, but we make an exception for max width. + // Max width, if auto, and if there's no initial-scale, will be set + // to a default size. This is to support legacy site design with no + // viewport declaration, and to do that using the same scheme as + // Chrome does, in order to maintain web compatibility. Since the + // default size has a complicated calculation, we fixup the maxWidth + // value after setting it, above. + if (maxWidth == nsViewportInfo::kAuto && !mValidScaleFloat) { + if (bc && bc->TouchEventsOverride() == TouchEventsOverride::Enabled && + bc->InRDMPane()) { + // If RDM and touch simulation are active, then use the simulated + // screen width to accommodate for cases where the screen width is + // larger than the desktop viewport default. + maxWidth = nsViewportInfo::Max( + displaySize.width, StaticPrefs::browser_viewport_desktopWidth()); + } else { + maxWidth = StaticPrefs::browser_viewport_desktopWidth(); + } + // Divide by fullZoom to stretch CSS pixel size of viewport in order + // to keep device pixel size unchanged after full zoom applied. + // See bug 974242. + maxWidth /= fullZoom; + + // We set minWidth to ExtendToZoom, which will cause our later width + // calculation to expand to maxWidth, if scale restrictions allow it. + minWidth = nsViewportInfo::kExtendToZoom; + } + + // Resolve device-width and device-height first. + if (maxWidth == nsViewportInfo::kDeviceSize) { + maxWidth = displaySize.width; + } + if (maxHeight == nsViewportInfo::kDeviceSize) { + maxHeight = displaySize.height; + } + if (extendZoom == nsViewportInfo::kAuto) { + if (maxWidth == nsViewportInfo::kExtendToZoom) { + maxWidth = nsViewportInfo::kAuto; + } + if (maxHeight == nsViewportInfo::kExtendToZoom) { + maxHeight = nsViewportInfo::kAuto; + } + if (minWidth == nsViewportInfo::kExtendToZoom) { + minWidth = maxWidth; + } + if (minHeight == nsViewportInfo::kExtendToZoom) { + minHeight = maxHeight; + } + } else { + CSSSize extendSize = displaySize / extendZoom; + if (maxWidth == nsViewportInfo::kExtendToZoom) { + maxWidth = extendSize.width; + } + if (maxHeight == nsViewportInfo::kExtendToZoom) { + maxHeight = extendSize.height; + } + if (minWidth == nsViewportInfo::kExtendToZoom) { + minWidth = nsViewportInfo::Max(extendSize.width, maxWidth); + } + if (minHeight == nsViewportInfo::kExtendToZoom) { + minHeight = nsViewportInfo::Max(extendSize.height, maxHeight); + } + } + + // Resolve initial width and height from min/max descriptors + // https://drafts.csswg.org/css-device-adapt/#resolve-initial-width-height + CSSCoord width = nsViewportInfo::kAuto; + if (minWidth != nsViewportInfo::kAuto || + maxWidth != nsViewportInfo::kAuto) { + width = nsViewportInfo::Max( + minWidth, nsViewportInfo::Min(maxWidth, displaySize.width)); + } + CSSCoord height = nsViewportInfo::kAuto; + if (minHeight != nsViewportInfo::kAuto || + maxHeight != nsViewportInfo::kAuto) { + height = nsViewportInfo::Max( + minHeight, nsViewportInfo::Min(maxHeight, displaySize.height)); + } + + // Resolve width value + // https://drafts.csswg.org/css-device-adapt/#resolve-width + if (width == nsViewportInfo::kAuto) { + if (height == nsViewportInfo::kAuto || aDisplaySize.height == 0) { + width = displaySize.width; + } else { + width = height * aDisplaySize.width / aDisplaySize.height; + } + } + + // Resolve height value + // https://drafts.csswg.org/css-device-adapt/#resolve-height + if (height == nsViewportInfo::kAuto) { + if (aDisplaySize.width == 0) { + height = displaySize.height; + } else { + height = width * aDisplaySize.height / aDisplaySize.width; + } + } + MOZ_ASSERT(width != nsViewportInfo::kAuto && + height != nsViewportInfo::kAuto); + + CSSSize size(width, height); + + CSSToScreenScale scaleFloat = mScaleFloat * layoutDeviceScale; + CSSToScreenScale scaleMinFloat = effectiveMinScale * layoutDeviceScale; + CSSToScreenScale scaleMaxFloat = effectiveMaxScale * layoutDeviceScale; + + nsViewportInfo::AutoSizeFlag sizeFlag = + nsViewportInfo::AutoSizeFlag::FixedSize; + if (mMaxWidth == nsViewportInfo::kDeviceSize || + (mWidthStrEmpty && (mMaxHeight == nsViewportInfo::kDeviceSize || + mScaleFloat.scale == 1.0f)) || + (!mWidthStrEmpty && mMaxWidth == nsViewportInfo::kAuto && + mMaxHeight < 0)) { + sizeFlag = nsViewportInfo::AutoSizeFlag::AutoSize; + } + + // FIXME: Resolving width and height should be done above 'Resolve width + // value' and 'Resolve height value'. + if (sizeFlag == nsViewportInfo::AutoSizeFlag::AutoSize) { + size = displaySize; + } + + // The purpose of clamping the viewport width to a minimum size is to + // prevent page authors from setting it to a ridiculously small value. + // If the page is actually being rendered in a very small area (as might + // happen in e.g. Android 8's picture-in-picture mode), we don't want to + // prevent the viewport from taking on that size. + CSSSize effectiveMinSize = Min(CSSSize(kViewportMinSize), displaySize); + + size.width = clamped(size.width, effectiveMinSize.width, + float(kViewportMaxSize.width)); + + // Also recalculate the default zoom, if it wasn't specified in the + // metadata, and the width is specified. + if (!mValidScaleFloat && !mWidthStrEmpty) { + CSSToScreenScale bestFitScale(float(aDisplaySize.width) / size.width); + scaleFloat = (scaleFloat > bestFitScale) ? scaleFloat : bestFitScale; + } + + size.height = clamped(size.height, effectiveMinSize.height, + float(kViewportMaxSize.height)); + + // In cases of user-scalable=no, if we have a positive scale, clamp it to + // min and max, and then use the clamped value for the scale, the min, and + // the max. If we don't have a positive scale, assert that we are setting + // the auto scale flag. + if (effectiveZoomFlag == nsViewportInfo::ZoomFlag::DisallowZoom && + scaleFloat > CSSToScreenScale(0.0f)) { + scaleFloat = scaleMinFloat = scaleMaxFloat = + clamped(scaleFloat, scaleMinFloat, scaleMaxFloat); + } + MOZ_ASSERT( + scaleFloat > CSSToScreenScale(0.0f) || !mValidScaleFloat, + "If we don't have a positive scale, we should be using auto scale."); + + // We need to perform a conversion, but only if the initial or maximum + // scale were set explicitly by the user. + if (mValidScaleFloat && scaleFloat >= scaleMinFloat && + scaleFloat <= scaleMaxFloat) { + CSSSize displaySize = ScreenSize(aDisplaySize) / scaleFloat; + size.width = std::max(size.width, displaySize.width); + size.height = std::max(size.height, displaySize.height); + } else if (effectiveValidMaxScale) { + CSSSize displaySize = ScreenSize(aDisplaySize) / scaleMaxFloat; + size.width = std::max(size.width, displaySize.width); + size.height = std::max(size.height, displaySize.height); + } + + return nsViewportInfo( + scaleFloat, scaleMinFloat, scaleMaxFloat, size, sizeFlag, + mValidScaleFloat ? nsViewportInfo::AutoScaleFlag::FixedScale + : nsViewportInfo::AutoScaleFlag::AutoScale, + effectiveZoomFlag, mViewportFit); + } +} + +ViewportMetaData Document::GetViewportMetaData() const { + return mLastModifiedViewportMetaData ? *mLastModifiedViewportMetaData + : ViewportMetaData(); +} + +void Document::SetMetaViewportData(UniquePtr<ViewportMetaData> aData) { + mLastModifiedViewportMetaData = std::move(aData); + // Trigger recomputation of the nsViewportInfo the next time it's queried. + mViewportType = Unknown; + + AsyncEventDispatcher::RunDOMEventWhenSafe( + *this, u"DOMMetaViewportFitChanged"_ns, CanBubble::eYes, + ChromeOnlyDispatch::eYes); +} + +EventListenerManager* Document::GetOrCreateListenerManager() { + if (!mListenerManager) { + mListenerManager = + new EventListenerManager(static_cast<EventTarget*>(this)); + SetFlags(NODE_HAS_LISTENERMANAGER); + } + + return mListenerManager; +} + +EventListenerManager* Document::GetExistingListenerManager() const { + return mListenerManager; +} + +void Document::GetEventTargetParent(EventChainPreVisitor& aVisitor) { + aVisitor.mCanHandle = true; + // FIXME! This is a hack to make middle mouse paste working also in Editor. + // Bug 329119 + aVisitor.mForceContentDispatch = true; + + // Load events must not propagate to |window| object, see bug 335251. + if (aVisitor.mEvent->mMessage != eLoad) { + nsGlobalWindowOuter* window = nsGlobalWindowOuter::Cast(GetWindow()); + aVisitor.SetParentTarget( + window ? window->GetTargetForEventTargetChain() : nullptr, false); + } +} + +already_AddRefed<Event> Document::CreateEvent(const nsAString& aEventType, + CallerType aCallerType, + ErrorResult& rv) const { + nsPresContext* presContext = GetPresContext(); + + // Create event even without presContext. + RefPtr<Event> ev = + EventDispatcher::CreateEvent(const_cast<Document*>(this), presContext, + nullptr, aEventType, aCallerType); + if (!ev) { + rv.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR); + return nullptr; + } + WidgetEvent* e = ev->WidgetEventPtr(); + e->mFlags.mBubbles = false; + e->mFlags.mCancelable = false; + return ev.forget(); +} + +void Document::FlushPendingNotifications(FlushType aType) { + mozilla::ChangesToFlush flush(aType, aType >= FlushType::Style); + FlushPendingNotifications(flush); +} + +void Document::FlushPendingNotifications(mozilla::ChangesToFlush aFlush) { + FlushType flushType = aFlush.mFlushType; + + RefPtr<Document> documentOnStack = this; + + // We need to flush the sink for non-HTML documents (because the XML + // parser still does insertion with deferred notifications). We + // also need to flush the sink if this is a layout-related flush, to + // make sure that layout is started as needed. But we can skip that + // part if we have no presshell or if it's already done an initial + // reflow. + if ((!IsHTMLDocument() || (flushType > FlushType::ContentAndNotify && + mPresShell && !mPresShell->DidInitialize())) && + (mParser || mWeakSink)) { + nsCOMPtr<nsIContentSink> sink; + if (mParser) { + sink = mParser->GetContentSink(); + } else { + sink = do_QueryReferent(mWeakSink); + if (!sink) { + mWeakSink = nullptr; + } + } + // Determine if it is safe to flush the sink notifications + // by determining if it safe to flush all the presshells. + if (sink && (flushType == FlushType::Content || IsSafeToFlush())) { + sink->FlushPendingNotifications(flushType); + } + } + + // Should we be flushing pending binding constructors in here? + + if (flushType <= FlushType::ContentAndNotify) { + // Nothing to do here + return; + } + + // If we have a parent we must flush the parent too to ensure that our + // container is reflowed if its size was changed. + // + // We do it only if the subdocument and the parent can observe each other + // synchronously (that is, if we're not cross-origin), to avoid work that is + // not observable, and if the parent document has finished loading all its + // render-blocking stylesheets and may start laying out the document, to avoid + // unnecessary flashes of unstyled content on the parent document. Note that + // this last bit means that size-dependent media queries in this document may + // produce incorrect results temporarily. + // + // But if it's not safe to flush ourselves, then don't flush the parent, since + // that can cause things like resizes of our frame's widget, which we can't + // handle while flushing is unsafe. + if (StyleOrLayoutObservablyDependsOnParentDocumentLayout() && + mParentDocument->MayStartLayout() && IsSafeToFlush()) { + ChangesToFlush parentFlush = aFlush; + if (flushType >= FlushType::Style) { + // Since media queries mean that a size change of our container can affect + // style, we need to promote a style flush on ourself to a layout flush on + // our parent, since we need our container to be the correct size to + // determine the correct style. + parentFlush.mFlushType = std::max(FlushType::Layout, flushType); + } + mParentDocument->FlushPendingNotifications(parentFlush); + } + + if (RefPtr<PresShell> presShell = GetPresShell()) { + presShell->FlushPendingNotifications(aFlush); + } +} + +void Document::FlushExternalResources(FlushType aType) { + NS_ASSERTION( + aType >= FlushType::Style, + "should only need to flush for style or higher in external resources"); + if (GetDisplayDocument()) { + return; + } + + EnumerateExternalResources([aType](Document& aDoc) { + aDoc.FlushPendingNotifications(aType); + return CallState::Continue; + }); +} + +void Document::SetXMLDeclaration(const char16_t* aVersion, + const char16_t* aEncoding, + const int32_t aStandalone) { + if (!aVersion || *aVersion == '\0') { + mXMLDeclarationBits = 0; + return; + } + + mXMLDeclarationBits = XML_DECLARATION_BITS_DECLARATION_EXISTS; + + if (aEncoding && *aEncoding != '\0') { + mXMLDeclarationBits |= XML_DECLARATION_BITS_ENCODING_EXISTS; + } + + if (aStandalone == 1) { + mXMLDeclarationBits |= XML_DECLARATION_BITS_STANDALONE_EXISTS | + XML_DECLARATION_BITS_STANDALONE_YES; + } else if (aStandalone == 0) { + mXMLDeclarationBits |= XML_DECLARATION_BITS_STANDALONE_EXISTS; + } +} + +void Document::GetXMLDeclaration(nsAString& aVersion, nsAString& aEncoding, + nsAString& aStandalone) { + aVersion.Truncate(); + aEncoding.Truncate(); + aStandalone.Truncate(); + + if (!(mXMLDeclarationBits & XML_DECLARATION_BITS_DECLARATION_EXISTS)) { + return; + } + + // always until we start supporting 1.1 etc. + aVersion.AssignLiteral("1.0"); + + if (mXMLDeclarationBits & XML_DECLARATION_BITS_ENCODING_EXISTS) { + // This is what we have stored, not necessarily what was written + // in the original + GetCharacterSet(aEncoding); + } + + if (mXMLDeclarationBits & XML_DECLARATION_BITS_STANDALONE_EXISTS) { + if (mXMLDeclarationBits & XML_DECLARATION_BITS_STANDALONE_YES) { + aStandalone.AssignLiteral("yes"); + } else { + aStandalone.AssignLiteral("no"); + } + } +} + +void Document::AddColorSchemeMeta(HTMLMetaElement& aMeta) { + mColorSchemeMetaTags.Insert(aMeta); + RecomputeColorScheme(); +} + +void Document::RemoveColorSchemeMeta(HTMLMetaElement& aMeta) { + mColorSchemeMetaTags.RemoveElement(aMeta); + RecomputeColorScheme(); +} + +void Document::RecomputeColorScheme() { + auto oldColorScheme = mColorSchemeBits; + mColorSchemeBits = 0; + const nsTArray<HTMLMetaElement*>& elements = mColorSchemeMetaTags; + for (const HTMLMetaElement* el : elements) { + nsAutoString content; + if (!el->GetAttr(nsGkAtoms::content, content)) { + continue; + } + + NS_ConvertUTF16toUTF8 contentU8(content); + if (Servo_ColorScheme_Parse(&contentU8, &mColorSchemeBits)) { + break; + } + } + + if (mColorSchemeBits == oldColorScheme) { + return; + } + + if (nsPresContext* pc = GetPresContext()) { + // This affects system colors, which are inherited, so we need to recascade. + pc->RebuildAllStyleData(nsChangeHint(0), RestyleHint::RecascadeSubtree()); + } +} + +bool Document::IsScriptEnabled() const { + // If this document is sandboxed without 'allow-scripts' + // script is not enabled + if (HasScriptsBlockedBySandbox()) { + return false; + } + + nsCOMPtr<nsIScriptGlobalObject> globalObject = + do_QueryInterface(GetInnerWindow()); + if (!globalObject || !globalObject->HasJSGlobal()) { + return false; + } + + return xpc::Scriptability::Get(globalObject->GetGlobalJSObjectPreserveColor()) + .Allowed(); +} + +void Document::RetrieveRelevantHeaders(nsIChannel* aChannel) { + PRTime modDate = 0; + nsresult rv; + + nsCOMPtr<nsIHttpChannel> httpChannel; + rv = GetHttpChannelHelper(aChannel, getter_AddRefs(httpChannel)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return; + } + + if (httpChannel) { + nsAutoCString tmp; + rv = httpChannel->GetResponseHeader("last-modified"_ns, tmp); + + if (NS_SUCCEEDED(rv)) { + PRTime time; + PRStatus st = PR_ParseTimeString(tmp.get(), true, &time); + if (st == PR_SUCCESS) { + modDate = time; + } + } + + static const char* const headers[] = { + "default-style", "content-style-type", "content-language", + "content-disposition", "refresh", "x-dns-prefetch-control", + "x-frame-options", "origin-trial", + // add more http headers if you need + // XXXbz don't add content-location support without reading bug + // 238654 and its dependencies/dups first. + 0}; + + nsAutoCString headerVal; + const char* const* name = headers; + while (*name) { + rv = httpChannel->GetResponseHeader(nsDependentCString(*name), headerVal); + if (NS_SUCCEEDED(rv) && !headerVal.IsEmpty()) { + RefPtr<nsAtom> key = NS_Atomize(*name); + SetHeaderData(key, NS_ConvertASCIItoUTF16(headerVal)); + } + ++name; + } + } else { + nsCOMPtr<nsIFileChannel> fileChannel = do_QueryInterface(aChannel); + if (fileChannel) { + nsCOMPtr<nsIFile> file; + fileChannel->GetFile(getter_AddRefs(file)); + if (file) { + PRTime msecs; + rv = file->GetLastModifiedTime(&msecs); + + if (NS_SUCCEEDED(rv)) { + modDate = msecs * int64_t(PR_USEC_PER_MSEC); + } + } + } else { + nsAutoCString contentDisp; + rv = aChannel->GetContentDispositionHeader(contentDisp); + if (NS_SUCCEEDED(rv)) { + SetHeaderData(nsGkAtoms::headerContentDisposition, + NS_ConvertASCIItoUTF16(contentDisp)); + } + } + } + + mLastModified.Truncate(); + if (modDate != 0) { + GetFormattedTimeString(modDate, mLastModified); + } +} + +void Document::ProcessMETATag(HTMLMetaElement* aMetaElement) { + // set any HTTP-EQUIV data into document's header data as well as url + nsAutoString header; + aMetaElement->GetAttr(nsGkAtoms::httpEquiv, header); + if (!header.IsEmpty()) { + // Ignore META REFRESH when document is sandboxed from automatic features. + nsContentUtils::ASCIIToLower(header); + if (nsGkAtoms::refresh->Equals(header) && + (GetSandboxFlags() & SANDBOXED_AUTOMATIC_FEATURES)) { + return; + } + + nsAutoString result; + aMetaElement->GetAttr(nsGkAtoms::content, result); + if (!result.IsEmpty()) { + RefPtr<nsAtom> fieldAtom(NS_Atomize(header)); + SetHeaderData(fieldAtom, result); + } + } + + if (aMetaElement->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name, + nsGkAtoms::handheldFriendly, eIgnoreCase)) { + nsAutoString result; + aMetaElement->GetAttr(nsGkAtoms::content, result); + if (!result.IsEmpty()) { + nsContentUtils::ASCIIToLower(result); + SetHeaderData(nsGkAtoms::handheldFriendly, result); + } + } +} + +already_AddRefed<Element> Document::CreateElem(const nsAString& aName, + nsAtom* aPrefix, + int32_t aNamespaceID, + const nsAString* aIs) { +#ifdef DEBUG + nsAutoString qName; + if (aPrefix) { + aPrefix->ToString(qName); + qName.Append(':'); + } + qName.Append(aName); + + // Note: "a:b:c" is a valid name in non-namespaces XML, and + // Document::CreateElement can call us with such a name and no prefix, + // which would cause an error if we just used true here. + bool nsAware = aPrefix != nullptr || aNamespaceID != GetDefaultNamespaceID(); + NS_ASSERTION(NS_SUCCEEDED(nsContentUtils::CheckQName(qName, nsAware)), + "Don't pass invalid prefixes to Document::CreateElem, " + "check caller."); +#endif + + RefPtr<mozilla::dom::NodeInfo> nodeInfo; + mNodeInfoManager->GetNodeInfo(aName, aPrefix, aNamespaceID, ELEMENT_NODE, + getter_AddRefs(nodeInfo)); + NS_ENSURE_TRUE(nodeInfo, nullptr); + + nsCOMPtr<Element> element; + nsresult rv = NS_NewElement(getter_AddRefs(element), nodeInfo.forget(), + NOT_FROM_PARSER, aIs); + return NS_SUCCEEDED(rv) ? element.forget() : nullptr; +} + +bool Document::IsSafeToFlush() const { + PresShell* presShell = GetPresShell(); + if (!presShell) { + return true; + } + return presShell->IsSafeToFlush(); +} + +void Document::Sanitize() { + // Sanitize the document by resetting all (current and former) password fields + // and any form fields with autocomplete=off to their default values. We do + // this now, instead of when the presentation is restored, to offer some + // protection in case there is ever an exploit that allows a cached document + // to be accessed from a different document. + + // First locate all input elements, regardless of whether they are + // in a form, and reset the password and autocomplete=off elements. + + RefPtr<nsContentList> nodes = GetElementsByTagName(u"input"_ns); + + nsAutoString value; + + uint32_t length = nodes->Length(true); + for (uint32_t i = 0; i < length; ++i) { + NS_ASSERTION(nodes->Item(i), "null item in node list!"); + + RefPtr<HTMLInputElement> input = + HTMLInputElement::FromNodeOrNull(nodes->Item(i)); + if (!input) continue; + + input->GetAttr(nsGkAtoms::autocomplete, value); + if (value.LowerCaseEqualsLiteral("off") || input->HasBeenTypePassword()) { + input->Reset(); + } + } + + // Now locate all _form_ elements that have autocomplete=off and reset them + nodes = GetElementsByTagName(u"form"_ns); + + length = nodes->Length(true); + for (uint32_t i = 0; i < length; ++i) { + // Reset() may change the list dynamically. + RefPtr<HTMLFormElement> form = + HTMLFormElement::FromNodeOrNull(nodes->Item(i)); + if (!form) continue; + + form->GetAttr(nsGkAtoms::autocomplete, value); + if (value.LowerCaseEqualsLiteral("off")) form->Reset(); + } +} + +void Document::EnumerateSubDocuments(SubDocEnumFunc aCallback) { + if (!mSubDocuments) { + return; + } + + // PLDHashTable::Iterator can't handle modifications while iterating so we + // copy all entries to an array first before calling any callbacks. + AutoTArray<RefPtr<Document>, 8> subdocs; + for (auto iter = mSubDocuments->Iter(); !iter.Done(); iter.Next()) { + auto entry = static_cast<SubDocMapEntry*>(iter.Get()); + if (Document* subdoc = entry->mSubDocument) { + subdocs.AppendElement(subdoc); + } + } + for (auto& subdoc : subdocs) { + if (aCallback(*subdoc) == CallState::Stop) { + break; + } + } +} + +void Document::CollectDescendantDocuments( + nsTArray<RefPtr<Document>>& aDescendants, nsDocTestFunc aCallback) const { + if (!mSubDocuments) { + return; + } + + for (auto iter = mSubDocuments->Iter(); !iter.Done(); iter.Next()) { + auto entry = static_cast<SubDocMapEntry*>(iter.Get()); + const Document* subdoc = entry->mSubDocument; + if (subdoc) { + if (aCallback(subdoc)) { + aDescendants.AppendElement(entry->mSubDocument); + } + subdoc->CollectDescendantDocuments(aDescendants, aCallback); + } + } +} + +bool Document::CanSavePresentation(nsIRequest* aNewRequest, + uint32_t& aBFCacheCombo, + bool aIncludeSubdocuments, + bool aAllowUnloadListeners) { + bool ret = true; + + if (!IsBFCachingAllowed()) { + aBFCacheCombo |= BFCacheStatus::NOT_ALLOWED; + ret = false; + } + + nsAutoCString uri; + if (MOZ_UNLIKELY(MOZ_LOG_TEST(gPageCacheLog, LogLevel::Verbose))) { + if (mDocumentURI) { + mDocumentURI->GetSpec(uri); + } + } + + if (EventHandlingSuppressed()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked on event handling suppression", uri.get())); + aBFCacheCombo |= BFCacheStatus::EVENT_HANDLING_SUPPRESSED; + ret = false; + } + + // Do not allow suspended windows to be placed in the + // bfcache. This method is also used to verify a document + // coming out of the bfcache is ok to restore, though. So + // we only want to block suspend windows that aren't also + // frozen. + nsPIDOMWindowInner* win = GetInnerWindow(); + if (win && win->IsSuspended() && !win->IsFrozen()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked on suspended Window", uri.get())); + aBFCacheCombo |= BFCacheStatus::SUSPENDED; + ret = false; + } + + nsCOMPtr<nsIChannel> channel = do_QueryInterface(aNewRequest); + bool thirdParty = false; + // Currently some other mobile browsers seem to bfcache only cross-domain + // pages, but bfcache those also when there are unload event listeners, so + // this is trying to match that behavior as much as possible. + bool allowUnloadListeners = + aAllowUnloadListeners && + StaticPrefs::docshell_shistory_bfcache_allow_unload_listeners() && + (!channel || (NS_SUCCEEDED(NodePrincipal()->IsThirdPartyChannel( + channel, &thirdParty)) && + thirdParty)); + + // Check our event listener manager for unload/beforeunload listeners. + nsCOMPtr<EventTarget> piTarget = do_QueryInterface(mScriptGlobalObject); + if (!allowUnloadListeners && piTarget) { + EventListenerManager* manager = piTarget->GetExistingListenerManager(); + if (manager) { + if (manager->HasUnloadListeners()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to unload handlers", uri.get())); + aBFCacheCombo |= BFCacheStatus::UNLOAD_LISTENER; + ret = false; + } + if (manager->HasBeforeUnloadListeners()) { + if (!mozilla::SessionHistoryInParent() || + !StaticPrefs:: + docshell_shistory_bfcache_ship_allow_beforeunload_listeners()) { + MOZ_LOG( + gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to beforeUnload handlers", uri.get())); + aBFCacheCombo |= BFCacheStatus::BEFOREUNLOAD_LISTENER; + ret = false; + } + } + } + } + + // Check if we have pending network requests + nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup(); + if (loadGroup) { + nsCOMPtr<nsISimpleEnumerator> requests; + loadGroup->GetRequests(getter_AddRefs(requests)); + + bool hasMore = false; + + // We want to bail out if we have any requests other than aNewRequest (or + // in the case when aNewRequest is a part of a multipart response the base + // channel the multipart response is coming in on). + nsCOMPtr<nsIChannel> baseChannel; + nsCOMPtr<nsIMultiPartChannel> part(do_QueryInterface(aNewRequest)); + if (part) { + part->GetBaseChannel(getter_AddRefs(baseChannel)); + } + + while (NS_SUCCEEDED(requests->HasMoreElements(&hasMore)) && hasMore) { + nsCOMPtr<nsISupports> elem; + requests->GetNext(getter_AddRefs(elem)); + + nsCOMPtr<nsIRequest> request = do_QueryInterface(elem); + if (request && request != aNewRequest && request != baseChannel) { + // Favicon loads don't need to block caching. + nsCOMPtr<nsIChannel> channel = do_QueryInterface(request); + if (channel) { + nsCOMPtr<nsILoadInfo> li = channel->LoadInfo(); + if (li->InternalContentPolicyType() == + nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) { + continue; + } + } + + if (MOZ_UNLIKELY(MOZ_LOG_TEST(gPageCacheLog, LogLevel::Verbose))) { + nsAutoCString requestName; + request->GetName(requestName); + MOZ_LOG(gPageCacheLog, LogLevel::Verbose, + ("Save of %s blocked because document has request %s", + uri.get(), requestName.get())); + } + aBFCacheCombo |= BFCacheStatus::REQUEST; + ret = false; + } + } + } + + // Check if we have active GetUserMedia use + if (MediaManager::Exists() && win && + MediaManager::Get()->IsWindowStillActive(win->WindowID())) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to GetUserMedia", uri.get())); + aBFCacheCombo |= BFCacheStatus::ACTIVE_GET_USER_MEDIA; + ret = false; + } + +#ifdef MOZ_WEBRTC + // Check if we have active PeerConnections + if (win && win->HasActivePeerConnections()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to PeerConnection", uri.get())); + aBFCacheCombo |= BFCacheStatus::ACTIVE_PEER_CONNECTION; + ret = false; + } +#endif // MOZ_WEBRTC + + // Don't save presentations for documents containing EME content, so that + // CDMs reliably shutdown upon user navigation. + if (ContainsEMEContent()) { + aBFCacheCombo |= BFCacheStatus::CONTAINS_EME_CONTENT; + ret = false; + } + + // Don't save presentations for documents containing MSE content, to + // reduce memory usage. + if (ContainsMSEContent()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to MSE use", uri.get())); + aBFCacheCombo |= BFCacheStatus::CONTAINS_MSE_CONTENT; + ret = false; + } + + if (aIncludeSubdocuments && mSubDocuments) { + for (auto iter = mSubDocuments->Iter(); !iter.Done(); iter.Next()) { + auto entry = static_cast<SubDocMapEntry*>(iter.Get()); + Document* subdoc = entry->mSubDocument; + + uint32_t subDocBFCacheCombo = 0; + // The aIgnoreRequest we were passed is only for us, so don't pass it on. + bool canCache = + subdoc ? subdoc->CanSavePresentation(nullptr, subDocBFCacheCombo, + true, allowUnloadListeners) + : false; + if (!canCache) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to subdocument blocked", uri.get())); + aBFCacheCombo |= subDocBFCacheCombo; + ret = false; + } + } + } + + if (!mozilla::BFCacheInParent()) { + // BFCache is currently not compatible with remote subframes (bug 1609324) + if (RefPtr<BrowsingContext> browsingContext = GetBrowsingContext()) { + for (auto& child : browsingContext->Children()) { + if (!child->IsInProcess()) { + aBFCacheCombo |= BFCacheStatus::CONTAINS_REMOTE_SUBFRAMES; + ret = false; + break; + } + } + } + } + + if (win) { + auto* globalWindow = nsGlobalWindowInner::Cast(win); +#ifdef MOZ_WEBSPEECH + if (globalWindow->HasActiveSpeechSynthesis()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to Speech use", uri.get())); + aBFCacheCombo |= BFCacheStatus::HAS_ACTIVE_SPEECH_SYNTHESIS; + ret = false; + } +#endif + if (globalWindow->HasUsedVR()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to having used VR", uri.get())); + aBFCacheCombo |= BFCacheStatus::HAS_USED_VR; + ret = false; + } + + if (win->HasActiveLocks()) { + MOZ_LOG( + gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to having active lock requests", uri.get())); + aBFCacheCombo |= BFCacheStatus::ACTIVE_LOCK; + ret = false; + } + + if (win->HasActiveWebTransports()) { + MOZ_LOG(gPageCacheLog, mozilla::LogLevel::Verbose, + ("Save of %s blocked due to WebTransport", uri.get())); + aBFCacheCombo |= BFCacheStatus::ACTIVE_WEBTRANSPORT; + ret = false; + } + } + + return ret; +} + +void Document::Destroy() { + // The ContentViewer wants to release the document now. So, tell our content + // to drop any references to the document so that it can be destroyed. + if (mIsGoingAway) { + return; + } + + ReportDocumentUseCounters(); + ReportLCP(); + SetDevToolsWatchingDOMMutations(false); + + mIsGoingAway = true; + + ScriptLoader()->Destroy(); + SetScriptGlobalObject(nullptr); + RemovedFromDocShell(); + + bool oldVal = mInUnlinkOrDeletion; + mInUnlinkOrDeletion = true; + +#ifdef DEBUG + uint32_t oldChildCount = GetChildCount(); +#endif + + for (nsIContent* child = GetFirstChild(); child; + child = child->GetNextSibling()) { + child->DestroyContent(); + MOZ_ASSERT(child->GetParentNode() == this); + } + MOZ_ASSERT(oldChildCount == GetChildCount()); + MOZ_ASSERT(!mSubDocuments || mSubDocuments->EntryCount() == 0); + + mInUnlinkOrDeletion = oldVal; + + mLayoutHistoryState = nullptr; + + if (mOriginalDocument) { + mOriginalDocument->mLatestStaticClone = nullptr; + } + + if (IsStaticDocument()) { + RemoveProperty(nsGkAtoms::printisfocuseddoc); + RemoveProperty(nsGkAtoms::printselectionranges); + } + + // Shut down our external resource map. We might not need this for + // leak-fixing if we fix nsDocumentViewer to do cycle-collection, but + // tearing down all those frame trees right now is the right thing to do. + mExternalResourceMap.Shutdown(); + + // Manually break cycles via promise's global object pointer. + mReadyForIdle = nullptr; + mOrientationPendingPromise = nullptr; + + // To break cycles. + mPreloadService.ClearAllPreloads(); + + if (mDocumentL10n) { + mDocumentL10n->Destroy(); + } + + if (!mPresShell) { + DropStyleSet(); + } +} + +void Document::RemovedFromDocShell() { + mEditingState = EditingState::eOff; + + if (mRemovedFromDocShell) return; + + mRemovedFromDocShell = true; + NotifyActivityChanged(); + + for (nsIContent* child = GetFirstChild(); child; + child = child->GetNextSibling()) { + child->SaveSubtreeState(); + } + + nsIDocShell* docShell = GetDocShell(); + if (docShell) { + docShell->SynchronizeLayoutHistoryState(); + } +} + +already_AddRefed<nsILayoutHistoryState> Document::GetLayoutHistoryState() + const { + nsCOMPtr<nsILayoutHistoryState> state; + if (!mScriptGlobalObject) { + state = mLayoutHistoryState; + } else { + nsCOMPtr<nsIDocShell> docShell(mDocumentContainer); + if (docShell) { + docShell->GetLayoutHistoryState(getter_AddRefs(state)); + } + } + + return state.forget(); +} + +void Document::EnsureOnloadBlocker() { + // If mScriptGlobalObject is null, we shouldn't be messing with the loadgroup + // -- it's not ours. + if (mOnloadBlockCount != 0 && mScriptGlobalObject) { + nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup(); + if (loadGroup) { + // Check first to see if mOnloadBlocker is in the loadgroup. + nsCOMPtr<nsISimpleEnumerator> requests; + loadGroup->GetRequests(getter_AddRefs(requests)); + + bool hasMore = false; + while (NS_SUCCEEDED(requests->HasMoreElements(&hasMore)) && hasMore) { + nsCOMPtr<nsISupports> elem; + requests->GetNext(getter_AddRefs(elem)); + nsCOMPtr<nsIRequest> request = do_QueryInterface(elem); + if (request && request == mOnloadBlocker) { + return; + } + } + + // Not in the loadgroup, so add it. + loadGroup->AddRequest(mOnloadBlocker, nullptr); + } + } +} + +void Document::BlockOnload() { + if (mDisplayDocument) { + mDisplayDocument->BlockOnload(); + return; + } + + // If mScriptGlobalObject is null, we shouldn't be messing with the loadgroup + // -- it's not ours. + if (mOnloadBlockCount == 0 && mScriptGlobalObject) { + if (nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup()) { + loadGroup->AddRequest(mOnloadBlocker, nullptr); + } + } + ++mOnloadBlockCount; +} + +void Document::UnblockOnload(bool aFireSync) { + if (mDisplayDocument) { + mDisplayDocument->UnblockOnload(aFireSync); + return; + } + + --mOnloadBlockCount; + + if (mOnloadBlockCount == 0) { + if (mScriptGlobalObject) { + // Only manipulate the loadgroup in this case, because if + // mScriptGlobalObject is null, it's not ours. + if (aFireSync) { + // Increment mOnloadBlockCount, since DoUnblockOnload will decrement it + ++mOnloadBlockCount; + DoUnblockOnload(); + } else { + PostUnblockOnloadEvent(); + } + } else if (mIsBeingUsedAsImage) { + // To correctly unblock onload for a document that contains an SVG + // image, we need to know when all of the SVG document's resources are + // done loading, in a way comparable to |window.onload|. We fire this + // event to indicate that the SVG should be considered fully loaded. + // Because scripting is disabled on SVG-as-image documents, this event + // is not accessible to content authors. (See bug 837315.) + RefPtr<AsyncEventDispatcher> asyncDispatcher = + new AsyncEventDispatcher(this, u"MozSVGAsImageDocumentLoad"_ns, + CanBubble::eNo, ChromeOnlyDispatch::eNo); + asyncDispatcher->PostDOMEvent(); + } + } +} + +class nsUnblockOnloadEvent : public Runnable { + public: + explicit nsUnblockOnloadEvent(Document* aDoc) + : mozilla::Runnable("nsUnblockOnloadEvent"), mDoc(aDoc) {} + NS_IMETHOD Run() override { + mDoc->DoUnblockOnload(); + return NS_OK; + } + + private: + RefPtr<Document> mDoc; +}; + +void Document::PostUnblockOnloadEvent() { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsIRunnable> evt = new nsUnblockOnloadEvent(this); + nsresult rv = Dispatch(evt.forget()); + if (NS_SUCCEEDED(rv)) { + // Stabilize block count so we don't post more events while this one is up + ++mOnloadBlockCount; + } else { + NS_WARNING("failed to dispatch nsUnblockOnloadEvent"); + } +} + +void Document::DoUnblockOnload() { + MOZ_ASSERT(!mDisplayDocument, "Shouldn't get here for resource document"); + MOZ_ASSERT(mOnloadBlockCount != 0, + "Shouldn't have a count of zero here, since we stabilized in " + "PostUnblockOnloadEvent"); + + --mOnloadBlockCount; + + if (mOnloadBlockCount != 0) { + // We blocked again after the last unblock. Nothing to do here. We'll + // post a new event when we unblock again. + return; + } + + // If mScriptGlobalObject is null, we shouldn't be messing with the loadgroup + // -- it's not ours. + if (mScriptGlobalObject) { + if (nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup()) { + loadGroup->RemoveRequest(mOnloadBlocker, nullptr, NS_OK); + } + } +} + +nsIContent* Document::GetContentInThisDocument(nsIFrame* aFrame) const { + for (nsIFrame* f = aFrame; f; + f = nsLayoutUtils::GetParentOrPlaceholderForCrossDoc(f)) { + nsIContent* content = f->GetContent(); + if (!content) { + continue; + } + + if (content->OwnerDoc() == this) { + return content; + } + // We must be in a subdocument so jump directly to the root frame. + // GetParentOrPlaceholderForCrossDoc gets called immediately to jump up to + // the containing document. + f = f->PresContext()->GetPresShell()->GetRootFrame(); + } + + return nullptr; +} + +void Document::DispatchPageTransition(EventTarget* aDispatchTarget, + const nsAString& aType, bool aInFrameSwap, + bool aPersisted, bool aOnlySystemGroup) { + if (!aDispatchTarget) { + return; + } + + PageTransitionEventInit init; + init.mBubbles = true; + init.mCancelable = true; + init.mPersisted = aPersisted; + init.mInFrameSwap = aInFrameSwap; + + RefPtr<PageTransitionEvent> event = + PageTransitionEvent::Constructor(this, aType, init); + + event->SetTrusted(true); + event->SetTarget(this); + if (aOnlySystemGroup) { + event->WidgetEventPtr()->mFlags.mOnlySystemGroupDispatchInContent = true; + } + EventDispatcher::DispatchDOMEvent(aDispatchTarget, nullptr, event, nullptr, + nullptr); +} + +void Document::OnPageShow(bool aPersisted, EventTarget* aDispatchStartTarget, + bool aOnlySystemGroup) { + if (MOZ_LOG_TEST(gSHIPBFCacheLog, LogLevel::Debug)) { + nsCString uri; + if (GetDocumentURI()) { + uri = GetDocumentURI()->GetSpecOrDefault(); + } + MOZ_LOG(gSHIPBFCacheLog, LogLevel::Debug, + ("Document::OnPageShow [%s] persisted=%i", uri.get(), aPersisted)); + } + + const bool inFrameLoaderSwap = !!aDispatchStartTarget; + MOZ_DIAGNOSTIC_ASSERT( + inFrameLoaderSwap == + (mDocumentContainer && mDocumentContainer->InFrameSwap())); + + Element* root = GetRootElement(); + if (aPersisted && root) { + // Send out notifications that our <link> elements are attached. + RefPtr<nsContentList> links = + NS_GetContentList(root, kNameSpaceID_XHTML, u"link"_ns); + + uint32_t linkCount = links->Length(true); + for (uint32_t i = 0; i < linkCount; ++i) { + static_cast<HTMLLinkElement*>(links->Item(i, false))->LinkAdded(); + } + } + + // See Document + if (!inFrameLoaderSwap) { + if (aPersisted) { + ImageTracker()->SetAnimatingState(true); + } + + // Set mIsShowing before firing events, in case those event handlers + // move us around. + mIsShowing = true; + mVisible = true; + + UpdateVisibilityState(); + } + + NotifyActivityChanged(); + + EnumerateExternalResources([aPersisted](Document& aExternalResource) { + aExternalResource.OnPageShow(aPersisted, nullptr); + return CallState::Continue; + }); + + if (mAnimationController) { + mAnimationController->OnPageShow(); + } + + if (!mIsBeingUsedAsImage) { + // Dispatch observer notification to notify observers page is shown. + nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService(); + if (os) { + nsIPrincipal* principal = NodePrincipal(); + os->NotifyObservers(ToSupports(this), + principal->IsSystemPrincipal() ? "chrome-page-shown" + : "content-page-shown", + nullptr); + } + + nsCOMPtr<EventTarget> target = aDispatchStartTarget; + if (!target) { + target = do_QueryInterface(GetWindow()); + } + DispatchPageTransition(target, u"pageshow"_ns, inFrameLoaderSwap, + aPersisted, aOnlySystemGroup); + } +} + +static void DispatchFullscreenChange(Document& aDocument, nsINode* aTarget) { + if (nsPresContext* presContext = aDocument.GetPresContext()) { + auto pendingEvent = MakeUnique<PendingFullscreenEvent>( + FullscreenEventType::Change, &aDocument, aTarget); + presContext->RefreshDriver()->ScheduleFullscreenEvent( + std::move(pendingEvent)); + } +} + +void Document::OnPageHide(bool aPersisted, EventTarget* aDispatchStartTarget, + bool aOnlySystemGroup) { + if (MOZ_LOG_TEST(gSHIPBFCacheLog, LogLevel::Debug)) { + nsCString uri; + if (GetDocumentURI()) { + uri = GetDocumentURI()->GetSpecOrDefault(); + } + MOZ_LOG(gSHIPBFCacheLog, LogLevel::Debug, + ("Document::OnPageHide %s persisted=%i", uri.get(), aPersisted)); + } + + const bool inFrameLoaderSwap = !!aDispatchStartTarget; + MOZ_DIAGNOSTIC_ASSERT( + inFrameLoaderSwap == + (mDocumentContainer && mDocumentContainer->InFrameSwap())); + + if (mAnimationController) { + mAnimationController->OnPageHide(); + } + + if (!inFrameLoaderSwap) { + if (aPersisted) { + // We do not stop the animations (bug 1024343) when the page is refreshing + // while being dragged out. + ImageTracker()->SetAnimatingState(false); + } + + // Set mIsShowing before firing events, in case those event handlers + // move us around. + mIsShowing = false; + mVisible = false; + } + + ExitPointerLock(); + + if (!mIsBeingUsedAsImage) { + // Dispatch observer notification to notify observers page is hidden. + nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService(); + if (os) { + nsIPrincipal* principal = NodePrincipal(); + os->NotifyObservers(ToSupports(this), + principal->IsSystemPrincipal() + ? "chrome-page-hidden" + : "content-page-hidden", + nullptr); + } + + // Now send out a PageHide event. + nsCOMPtr<EventTarget> target = aDispatchStartTarget; + if (!target) { + target = do_QueryInterface(GetWindow()); + } + { + PageUnloadingEventTimeStamp timeStamp(this); + DispatchPageTransition(target, u"pagehide"_ns, inFrameLoaderSwap, + aPersisted, aOnlySystemGroup); + } + } + + if (!inFrameLoaderSwap) { + UpdateVisibilityState(); + } + + EnumerateExternalResources([aPersisted](Document& aExternalResource) { + aExternalResource.OnPageHide(aPersisted, nullptr); + return CallState::Continue; + }); + NotifyActivityChanged(); + + ClearPendingFullscreenRequests(this); + if (Fullscreen()) { + // If this document was fullscreen, we should exit fullscreen in this + // doctree branch. This ensures that if the user navigates while in + // fullscreen mode we don't leave its still visible ancestor documents + // in fullscreen mode. So exit fullscreen in the document's fullscreen + // root document, as this will exit fullscreen in all the root's + // descendant documents. Note that documents are removed from the + // doctree by the time OnPageHide() is called, so we must store a + // reference to the root (in Document::mFullscreenRoot) since we can't + // just traverse the doctree to get the root. + Document::ExitFullscreenInDocTree(this); + + // Since the document is removed from the doctree before OnPageHide() is + // called, ExitFullscreen() can't traverse from the root down to *this* + // document, so we must manually call CleanupFullscreenState() below too. + // Note that CleanupFullscreenState() clears Document::mFullscreenRoot, + // so we *must* call it after ExitFullscreen(), not before. + // OnPageHide() is called in every hidden (i.e. descendant) document, + // so calling CleanupFullscreenState() here will ensure all hidden + // documents have their fullscreen state reset. + CleanupFullscreenState(); + + // The fullscreenchange event is to be queued in the refresh driver, + // however a hidden page wouldn't trigger that again, so it makes no + // sense to dispatch such event here. + } +} + +void Document::WillDispatchMutationEvent(nsINode* aTarget) { + NS_ASSERTION( + mSubtreeModifiedDepth != 0 || mSubtreeModifiedTargets.Count() == 0, + "mSubtreeModifiedTargets not cleared after dispatching?"); + ++mSubtreeModifiedDepth; + if (aTarget) { + // MayDispatchMutationEvent is often called just before this method, + // so it has already appended the node to mSubtreeModifiedTargets. + int32_t count = mSubtreeModifiedTargets.Count(); + if (!count || mSubtreeModifiedTargets[count - 1] != aTarget) { + mSubtreeModifiedTargets.AppendObject(aTarget); + } + } +} + +void Document::MutationEventDispatched(nsINode* aTarget) { + if (--mSubtreeModifiedDepth) { + return; + } + + int32_t count = mSubtreeModifiedTargets.Count(); + if (!count) { + return; + } + + nsPIDOMWindowInner* window = GetInnerWindow(); + if (window && + !window->HasMutationListeners(NS_EVENT_BITS_MUTATION_SUBTREEMODIFIED)) { + mSubtreeModifiedTargets.Clear(); + return; + } + + nsCOMArray<nsINode> realTargets; + for (nsINode* possibleTarget : mSubtreeModifiedTargets) { + if (possibleTarget->ChromeOnlyAccess()) { + continue; + } + + nsINode* commonAncestor = nullptr; + int32_t realTargetCount = realTargets.Count(); + for (int32_t j = 0; j < realTargetCount; ++j) { + commonAncestor = nsContentUtils::GetClosestCommonInclusiveAncestor( + possibleTarget, realTargets[j]); + if (commonAncestor) { + realTargets.ReplaceObjectAt(commonAncestor, j); + break; + } + } + if (!commonAncestor) { + realTargets.AppendObject(possibleTarget); + } + } + + mSubtreeModifiedTargets.Clear(); + + for (const nsCOMPtr<nsINode>& target : realTargets) { + InternalMutationEvent mutation(true, eLegacySubtreeModified); + // MOZ_KnownLive due to bug 1620312 + AsyncEventDispatcher::RunDOMEventWhenSafe(MOZ_KnownLive(*target), mutation); + } +} + +void Document::DestroyElementMaps() { +#ifdef DEBUG + mStyledLinksCleared = true; +#endif + mStyledLinks.Clear(); + // Notify ID change listeners before clearing the identifier map. + for (auto iter = mIdentifierMap.Iter(); !iter.Done(); iter.Next()) { + iter.Get()->ClearAndNotify(); + } + mIdentifierMap.Clear(); + mComposedShadowRoots.Clear(); + mResponsiveContent.Clear(); + IncrementExpandoGeneration(*this); +} + +void Document::RefreshLinkHrefs() { + // Get a list of all links we know about. We will reset them, which will + // remove them from the document, so we need a copy of what is in the + // hashtable. + const nsTArray<Link*> linksToNotify = ToArray(mStyledLinks); + + // Reset all of our styled links. + nsAutoScriptBlocker scriptBlocker; + for (Link* link : linksToNotify) { + link->ResetLinkState(true); + } +} + +nsresult Document::CloneDocHelper(Document* clone) const { + clone->mIsStaticDocument = mCreatingStaticClone; + + // Init document + nsresult rv = clone->Init(NodePrincipal(), mPartitionedPrincipal); + NS_ENSURE_SUCCESS(rv, rv); + + if (mCreatingStaticClone) { + if (mOriginalDocument) { + clone->mOriginalDocument = mOriginalDocument; + } else { + clone->mOriginalDocument = const_cast<Document*>(this); + } + clone->mOriginalDocument->mLatestStaticClone = clone; + clone->mOriginalDocument->mStaticCloneCount++; + + nsCOMPtr<nsILoadGroup> loadGroup; + + // |mDocumentContainer| is the container of the document that is being + // created and not the original container. See CreateStaticClone function(). + nsCOMPtr<nsIDocumentLoader> docLoader(mDocumentContainer); + if (docLoader) { + docLoader->GetLoadGroup(getter_AddRefs(loadGroup)); + } + nsCOMPtr<nsIChannel> channel = GetChannel(); + nsCOMPtr<nsIURI> uri; + if (channel) { + NS_GetFinalChannelURI(channel, getter_AddRefs(uri)); + } else { + uri = Document::GetDocumentURI(); + } + clone->mChannel = channel; + clone->mShouldResistFingerprinting = mShouldResistFingerprinting; + if (uri) { + clone->ResetToURI(uri, loadGroup, NodePrincipal(), mPartitionedPrincipal); + } + + clone->mIsSrcdocDocument = mIsSrcdocDocument; + clone->SetContainer(mDocumentContainer); + + // Setup the navigation time. This will be needed by any animations in the + // document, even if they are only paused. + MOZ_ASSERT(!clone->GetNavigationTiming(), + "Navigation time was already set?"); + if (mTiming) { + RefPtr<nsDOMNavigationTiming> timing = + mTiming->CloneNavigationTime(nsDocShell::Cast(clone->GetDocShell())); + clone->SetNavigationTiming(timing); + } + clone->SetCsp(mCSP); + } + + // Now ensure that our clone has the same URI, base URI, and principal as us. + // We do this after the mCreatingStaticClone block above, because that block + // can set the base URI to an incorrect value in cases when base URI + // information came from the channel. So we override explicitly, and do it + // for all these properties, in case ResetToURI messes with any of the rest of + // them. + clone->SetDocumentURI(Document::GetDocumentURI()); + clone->SetChromeXHRDocURI(mChromeXHRDocURI); + clone->mActiveStoragePrincipal = mActiveStoragePrincipal; + clone->mActiveCookiePrincipal = mActiveCookiePrincipal; + // NOTE(emilio): Intentionally setting this to the GetDocBaseURI rather than + // just mDocumentBaseURI, so that srcdoc iframes get the right base URI even + // when printed standalone via window.print() (where there won't be a parent + // document to grab the URI from). + clone->mDocumentBaseURI = GetDocBaseURI(); + clone->SetChromeXHRDocBaseURI(mChromeXHRDocBaseURI); + clone->mReferrerInfo = + static_cast<dom::ReferrerInfo*>(mReferrerInfo.get())->Clone(); + clone->mPreloadReferrerInfo = clone->mReferrerInfo; + + bool hasHadScriptObject = true; + nsIScriptGlobalObject* scriptObject = + GetScriptHandlingObject(hasHadScriptObject); + NS_ENSURE_STATE(scriptObject || !hasHadScriptObject); + if (mCreatingStaticClone) { + // If we're doing a static clone (print, print preview), then we're going to + // be setting a scope object after the clone. It's better to set it only + // once, so we don't do that here. However, we do want to act as if there is + // a script handling object. So we set mHasHadScriptHandlingObject. + clone->mHasHadScriptHandlingObject = true; + } else if (scriptObject) { + clone->SetScriptHandlingObject(scriptObject); + } else { + clone->SetScopeObject(GetScopeObject()); + } + // Make the clone a data document + clone->SetLoadedAsData( + true, + /* aConsiderForMemoryReporting */ !mCreatingStaticClone); + + // Misc state + + // State from Document + clone->mCharacterSet = mCharacterSet; + clone->mCharacterSetSource = mCharacterSetSource; + clone->SetCompatibilityMode(mCompatMode); + clone->mBidiOptions = mBidiOptions; + clone->mContentLanguage = mContentLanguage; + clone->SetContentType(GetContentTypeInternal()); + clone->mSecurityInfo = mSecurityInfo; + + // State from Document + clone->mType = mType; + clone->mXMLDeclarationBits = mXMLDeclarationBits; + clone->mBaseTarget = mBaseTarget; + + return NS_OK; +} + +void Document::NotifyLoading(bool aNewParentIsLoading, + const ReadyState& aCurrentState, + ReadyState aNewState) { + // Mirror the top-level loading state down to all subdocuments + bool was_loading = mAncestorIsLoading || + aCurrentState == READYSTATE_LOADING || + aCurrentState == READYSTATE_INTERACTIVE; + bool is_loading = aNewParentIsLoading || aNewState == READYSTATE_LOADING || + aNewState == READYSTATE_INTERACTIVE; // new value for state + bool set_load_state = was_loading != is_loading; + + MOZ_LOG( + gTimeoutDeferralLog, mozilla::LogLevel::Debug, + ("NotifyLoading for doc %p: currentAncestor: %d, newParent: %d, " + "currentState %d newState: %d, was_loading: %d, is_loading: %d, " + "set_load_state: %d", + (void*)this, mAncestorIsLoading, aNewParentIsLoading, (int)aCurrentState, + (int)aNewState, was_loading, is_loading, set_load_state)); + + mAncestorIsLoading = aNewParentIsLoading; + if (set_load_state && StaticPrefs::dom_timeout_defer_during_load()) { + // Tell our innerwindow (and thus TimeoutManager) + nsPIDOMWindowInner* inner = GetInnerWindow(); + if (inner) { + inner->SetActiveLoadingState(is_loading); + } + BrowsingContext* context = GetBrowsingContext(); + if (context) { + // Don't use PreOrderWalk to mirror this down; go down one level as a + // time so we can set mAncestorIsLoading and take into account the + // readystates of the subdocument. In the child process it will call + // NotifyLoading() to notify the innerwindow/TimeoutManager, and then + // iterate it's children + for (auto& child : context->Children()) { + MOZ_LOG(gTimeoutDeferralLog, mozilla::LogLevel::Debug, + ("bc: %p SetAncestorLoading(%d)", (void*)child, is_loading)); + // Setting ancestor loading on a discarded browsing context has no + // effect. + Unused << child->SetAncestorLoading(is_loading); + } + } + } +} + +void Document::SetReadyStateInternal(ReadyState aReadyState, + bool aUpdateTimingInformation) { + if (aReadyState == READYSTATE_UNINITIALIZED) { + // Transition back to uninitialized happens only to keep assertions happy + // right before readyState transitions to something else. Make this + // transition undetectable by Web content. + mReadyState = aReadyState; + return; + } + + if (IsTopLevelContentDocument()) { + if (aReadyState == READYSTATE_LOADING) { + AddToplevelLoadingDocument(this); + } else if (aReadyState == READYSTATE_COMPLETE) { + RemoveToplevelLoadingDocument(this); + } + } + + if (aUpdateTimingInformation && READYSTATE_LOADING == aReadyState) { + SetLoadingOrRestoredFromBFCacheTimeStampToNow(); + } + NotifyLoading(mAncestorIsLoading, mReadyState, aReadyState); + mReadyState = aReadyState; + if (aUpdateTimingInformation && mTiming) { + switch (aReadyState) { + case READYSTATE_LOADING: + mTiming->NotifyDOMLoading(GetDocumentURI()); + break; + case READYSTATE_INTERACTIVE: + mTiming->NotifyDOMInteractive(GetDocumentURI()); + break; + case READYSTATE_COMPLETE: + mTiming->NotifyDOMComplete(GetDocumentURI()); + break; + default: + MOZ_ASSERT_UNREACHABLE("Unexpected ReadyState value"); + break; + } + } + // At the time of loading start, we don't have timing object, record time. + + if (READYSTATE_INTERACTIVE == aReadyState && + NodePrincipal()->IsSystemPrincipal()) { + if (!mXULPersist && XRE_IsParentProcess()) { + mXULPersist = new XULPersist(this); + mXULPersist->Init(); + } + if (!mChromeObserver) { + mChromeObserver = new ChromeObserver(this); + mChromeObserver->Init(); + } + } + + if (aUpdateTimingInformation) { + RecordNavigationTiming(aReadyState); + } + + AsyncEventDispatcher::RunDOMEventWhenSafe( + *this, u"readystatechange"_ns, CanBubble::eNo, ChromeOnlyDispatch::eNo); +} + +void Document::GetReadyState(nsAString& aReadyState) const { + switch (mReadyState) { + case READYSTATE_LOADING: + aReadyState.AssignLiteral(u"loading"); + break; + case READYSTATE_INTERACTIVE: + aReadyState.AssignLiteral(u"interactive"); + break; + case READYSTATE_COMPLETE: + aReadyState.AssignLiteral(u"complete"); + break; + default: + aReadyState.AssignLiteral(u"uninitialized"); + } +} + +void Document::SuppressEventHandling(uint32_t aIncrease) { + mEventsSuppressed += aIncrease; + if (mEventsSuppressed == aIncrease) { + if (WindowGlobalChild* wgc = GetWindowGlobalChild()) { + wgc->BlockBFCacheFor(BFCacheStatus::EVENT_HANDLING_SUPPRESSED); + } + } + UpdateFrameRequestCallbackSchedulingState(); + for (uint32_t i = 0; i < aIncrease; ++i) { + ScriptLoader()->AddExecuteBlocker(); + } + + EnumerateSubDocuments([aIncrease](Document& aSubDoc) { + aSubDoc.SuppressEventHandling(aIncrease); + return CallState::Continue; + }); +} + +void Document::NotifyAbortedLoad() { + // If we still have outstanding work blocking DOMContentLoaded, + // then don't try to change the readystate now, but wait until + // they finish and then do so. + if (mBlockDOMContentLoaded > 0 && !mDidFireDOMContentLoaded) { + mSetCompleteAfterDOMContentLoaded = true; + return; + } + + // Otherwise we're fully done at this point, so set the + // readystate to complete. + if (GetReadyStateEnum() == Document::READYSTATE_INTERACTIVE) { + SetReadyStateInternal(Document::READYSTATE_COMPLETE); + } +} + +MOZ_CAN_RUN_SCRIPT static void FireOrClearDelayedEvents( + nsTArray<nsCOMPtr<Document>>&& aDocuments, bool aFireEvents) { + RefPtr<nsFocusManager> fm = nsFocusManager::GetFocusManager(); + if (MOZ_UNLIKELY(!fm)) { + return; + } + + nsTArray<nsCOMPtr<Document>> documents = std::move(aDocuments); + for (uint32_t i = 0; i < documents.Length(); ++i) { + nsCOMPtr<Document> document = std::move(documents[i]); + // NB: Don't bother trying to fire delayed events on documents that were + // closed before this event ran. + if (!document->EventHandlingSuppressed()) { + fm->FireDelayedEvents(document); + RefPtr<PresShell> presShell = document->GetPresShell(); + if (presShell) { + // Only fire events for active documents. + bool fire = aFireEvents && document->GetInnerWindow() && + document->GetInnerWindow()->IsCurrentInnerWindow(); + presShell->FireOrClearDelayedEvents(fire); + } + document->FireOrClearPostMessageEvents(aFireEvents); + } + } +} + +void Document::PreloadPictureClosed() { + MOZ_ASSERT(mPreloadPictureDepth > 0); + mPreloadPictureDepth--; + if (mPreloadPictureDepth == 0) { + mPreloadPictureFoundSource.SetIsVoid(true); + } +} + +void Document::PreloadPictureImageSource(const nsAString& aSrcsetAttr, + const nsAString& aSizesAttr, + const nsAString& aTypeAttr, + const nsAString& aMediaAttr) { + // Nested pictures are not valid syntax, so while we'll eventually load them, + // it's not worth tracking sources mixed between nesting levels to preload + // them effectively. + if (mPreloadPictureDepth == 1 && mPreloadPictureFoundSource.IsVoid()) { + // <picture> selects the first matching source, so if this returns a URI we + // needn't consider new sources until a new <picture> is encountered. + bool found = HTMLImageElement::SelectSourceForTagWithAttrs( + this, true, VoidString(), aSrcsetAttr, aSizesAttr, aTypeAttr, + aMediaAttr, mPreloadPictureFoundSource); + if (found && mPreloadPictureFoundSource.IsVoid()) { + // Found an empty source, which counts + mPreloadPictureFoundSource.SetIsVoid(false); + } + } +} + +already_AddRefed<nsIURI> Document::ResolvePreloadImage( + nsIURI* aBaseURI, const nsAString& aSrcAttr, const nsAString& aSrcsetAttr, + const nsAString& aSizesAttr, bool* aIsImgSet) { + nsString sourceURL; + bool isImgSet; + if (mPreloadPictureDepth == 1 && !mPreloadPictureFoundSource.IsVoid()) { + // We're in a <picture> element and found a URI from a source previous to + // this image, use it. + sourceURL = mPreloadPictureFoundSource; + isImgSet = true; + } else { + // Otherwise try to use this <img> as a source + HTMLImageElement::SelectSourceForTagWithAttrs( + this, false, aSrcAttr, aSrcsetAttr, aSizesAttr, VoidString(), + VoidString(), sourceURL); + isImgSet = !aSrcsetAttr.IsEmpty(); + } + + // Empty sources are not loaded by <img> (i.e. not resolved to the baseURI) + if (sourceURL.IsEmpty()) { + return nullptr; + } + + // Construct into URI using passed baseURI (the parser may know of base URI + // changes that have not reached us) + nsresult rv; + nsCOMPtr<nsIURI> uri; + rv = nsContentUtils::NewURIWithDocumentCharset(getter_AddRefs(uri), sourceURL, + this, aBaseURI); + if (NS_FAILED(rv)) { + return nullptr; + } + + *aIsImgSet = isImgSet; + + // We don't clear mPreloadPictureFoundSource because subsequent <img> tags in + // this this <picture> share the same <sources> (though this is not valid per + // spec) + return uri.forget(); +} + +void Document::PreLoadImage(nsIURI* aUri, const nsAString& aCrossOriginAttr, + ReferrerPolicyEnum aReferrerPolicy, bool aIsImgSet, + bool aLinkPreload, uint64_t aEarlyHintPreloaderId) { + nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL | + nsContentUtils::CORSModeToLoadImageFlags( + Element::StringToCORSMode(aCrossOriginAttr)); + + nsContentPolicyType policyType = + aIsImgSet ? nsIContentPolicy::TYPE_IMAGESET + : nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD; + + nsCOMPtr<nsIReferrerInfo> referrerInfo = + ReferrerInfo::CreateFromDocumentAndPolicyOverride(this, aReferrerPolicy); + + RefPtr<imgRequestProxy> request; + + nsLiteralString initiator = aEarlyHintPreloaderId + ? u"early-hints"_ns + : (aLinkPreload ? u"link"_ns : u"img"_ns); + + nsresult rv = nsContentUtils::LoadImage( + aUri, static_cast<nsINode*>(this), this, NodePrincipal(), 0, referrerInfo, + nullptr /* no observer */, loadFlags, initiator, getter_AddRefs(request), + policyType, false /* urgent */, aLinkPreload, aEarlyHintPreloaderId); + + // Pin image-reference to avoid evicting it from the img-cache before + // the "real" load occurs. Unpinned in DispatchContentLoadedEvents and + // unlink + if (!aLinkPreload && NS_SUCCEEDED(rv)) { + mPreloadingImages.InsertOrUpdate(aUri, std::move(request)); + } +} + +void Document::MaybePreLoadImage(nsIURI* aUri, + const nsAString& aCrossOriginAttr, + ReferrerPolicyEnum aReferrerPolicy, + bool aIsImgSet, bool aLinkPreload) { + const CORSMode corsMode = dom::Element::StringToCORSMode(aCrossOriginAttr); + if (aLinkPreload) { + // Check if the image was already preloaded in this document to avoid + // duplicate preloading. + PreloadHashKey key = + PreloadHashKey::CreateAsImage(aUri, NodePrincipal(), corsMode); + if (!mPreloadService.PreloadExists(key)) { + PreLoadImage(aUri, aCrossOriginAttr, aReferrerPolicy, aIsImgSet, + aLinkPreload, 0); + } + return; + } + + // Early exit if the img is already present in the img-cache + // which indicates that the "real" load has already started and + // that we shouldn't preload it. + if (nsContentUtils::IsImageAvailable(aUri, NodePrincipal(), corsMode, this)) { + return; + } + + // Image not in cache - trigger preload + PreLoadImage(aUri, aCrossOriginAttr, aReferrerPolicy, aIsImgSet, aLinkPreload, + 0); +} + +void Document::MaybePreconnect(nsIURI* aOrigURI, mozilla::CORSMode aCORSMode) { + if (!StaticPrefs::network_preconnect()) { + return; + } + + NS_MutateURI mutator(aOrigURI); + if (NS_FAILED(mutator.GetStatus())) { + return; + } + + // The URI created here is used in 2 contexts. One is nsISpeculativeConnect + // which ignores the path and uses only the origin. The other is for the + // document mPreloadedPreconnects de-duplication hash. Anonymous vs + // non-Anonymous preconnects create different connections on the wire and + // therefore should not be considred duplicates of each other and we + // normalize the path before putting it in the hash to accomplish that. + + if (aCORSMode == CORS_ANONYMOUS) { + mutator.SetPathQueryRef("/anonymous"_ns); + } else { + mutator.SetPathQueryRef("/"_ns); + } + + nsCOMPtr<nsIURI> uri; + nsresult rv = mutator.Finalize(uri); + if (NS_FAILED(rv)) { + return; + } + + const bool existingEntryFound = + mPreloadedPreconnects.WithEntryHandle(uri, [](auto&& entry) { + if (entry) { + return true; + } + entry.Insert(true); + return false; + }); + if (existingEntryFound) { + return; + } + + nsCOMPtr<nsISpeculativeConnect> speculator = + mozilla::components::IO::Service(); + if (!speculator) { + return; + } + + OriginAttributes oa; + StoragePrincipalHelper::GetOriginAttributesForNetworkState(this, oa); + speculator->SpeculativeConnectWithOriginAttributesNative( + uri, std::move(oa), nullptr, aCORSMode == CORS_ANONYMOUS); +} + +void Document::ForgetImagePreload(nsIURI* aURI) { + // Checking count is faster than hashing the URI in the common + // case of empty table. + if (mPreloadingImages.Count() != 0) { + nsCOMPtr<imgIRequest> req; + mPreloadingImages.Remove(aURI, getter_AddRefs(req)); + if (req) { + // Make sure to cancel the request so imagelib knows it's gone. + req->CancelAndForgetObserver(NS_BINDING_ABORTED); + } + } +} + +void Document::UpdateDocumentStates(DocumentState aMaybeChangedStates, + bool aNotify) { + const DocumentState oldStates = mState; + if (aMaybeChangedStates.HasAtLeastOneOfStates( + DocumentState::ALL_LOCALEDIR_BITS)) { + mState &= ~DocumentState::ALL_LOCALEDIR_BITS; + if (IsDocumentRightToLeft()) { + mState |= DocumentState::RTL_LOCALE; + } else { + mState |= DocumentState::LTR_LOCALE; + } + } + + if (aMaybeChangedStates.HasAtLeastOneOfStates(DocumentState::LWTHEME)) { + if (ComputeDocumentLWTheme()) { + mState |= DocumentState::LWTHEME; + } else { + mState &= ~DocumentState::LWTHEME; + } + } + + if (aMaybeChangedStates.HasState(DocumentState::WINDOW_INACTIVE)) { + BrowsingContext* bc = GetBrowsingContext(); + if (!bc || !bc->GetIsActiveBrowserWindow()) { + mState |= DocumentState::WINDOW_INACTIVE; + } else { + mState &= ~DocumentState::WINDOW_INACTIVE; + } + } + + const DocumentState changedStates = oldStates ^ mState; + if (aNotify && !changedStates.IsEmpty()) { + if (PresShell* ps = GetObservingPresShell()) { + ps->DocumentStatesChanged(changedStates); + } + } +} + +namespace { + +/** + * Stub for LoadSheet(), since all we want is to get the sheet into + * the CSSLoader's style cache + */ +class StubCSSLoaderObserver final : public nsICSSLoaderObserver { + ~StubCSSLoaderObserver() = default; + + public: + NS_IMETHOD + StyleSheetLoaded(StyleSheet*, bool, nsresult) override { return NS_OK; } + NS_DECL_ISUPPORTS +}; +NS_IMPL_ISUPPORTS(StubCSSLoaderObserver, nsICSSLoaderObserver) + +} // namespace + +SheetPreloadStatus Document::PreloadStyle( + nsIURI* uri, const Encoding* aEncoding, const nsAString& aCrossOriginAttr, + const enum ReferrerPolicy aReferrerPolicy, const nsAString& aNonce, + const nsAString& aIntegrity, css::StylePreloadKind aKind, + uint64_t aEarlyHintPreloaderId, const nsAString& aFetchPriority) { + MOZ_ASSERT(aKind != css::StylePreloadKind::None); + + // The CSSLoader will retain this object after we return. + nsCOMPtr<nsICSSLoaderObserver> obs = new StubCSSLoaderObserver(); + + nsCOMPtr<nsIReferrerInfo> referrerInfo = + ReferrerInfo::CreateFromDocumentAndPolicyOverride(this, aReferrerPolicy); + + // Charset names are always ASCII. + auto result = CSSLoader()->LoadSheet( + uri, aKind, aEncoding, referrerInfo, obs, aEarlyHintPreloaderId, + Element::StringToCORSMode(aCrossOriginAttr), aNonce, aIntegrity, + nsGenericHTMLElement::ToFetchPriority(aFetchPriority)); + if (result.isErr()) { + return SheetPreloadStatus::Errored; + } + RefPtr<StyleSheet> sheet = result.unwrap(); + if (sheet->IsComplete()) { + return SheetPreloadStatus::AlreadyComplete; + } + return SheetPreloadStatus::InProgress; +} + +RefPtr<StyleSheet> Document::LoadChromeSheetSync(nsIURI* uri) { + return CSSLoader() + ->LoadSheetSync(uri, css::eAuthorSheetFeatures) + .unwrapOr(nullptr); +} + +void Document::ResetDocumentDirection() { + if (!nsContentUtils::IsChromeDoc(this)) { + return; + } + UpdateDocumentStates(DocumentState::ALL_LOCALEDIR_BITS, true); +} + +bool Document::IsDocumentRightToLeft() { + if (!nsContentUtils::IsChromeDoc(this)) { + return false; + } + // setting the localedir attribute on the root element forces a + // specific direction for the document. + Element* element = GetRootElement(); + if (element) { + static Element::AttrValuesArray strings[] = {nsGkAtoms::ltr, nsGkAtoms::rtl, + nullptr}; + switch (element->FindAttrValueIn(kNameSpaceID_None, nsGkAtoms::localedir, + strings, eCaseMatters)) { + case 0: + return false; + case 1: + return true; + default: + break; // otherwise, not a valid value, so fall through + } + } + + if (!mDocumentURI->SchemeIs("chrome") && !mDocumentURI->SchemeIs("about") && + !mDocumentURI->SchemeIs("resource")) { + return false; + } + + return intl::LocaleService::GetInstance()->IsAppLocaleRTL(); +} + +class nsDelayedEventDispatcher : public Runnable { + public: + explicit nsDelayedEventDispatcher(nsTArray<nsCOMPtr<Document>>&& aDocuments) + : mozilla::Runnable("nsDelayedEventDispatcher"), + mDocuments(std::move(aDocuments)) {} + virtual ~nsDelayedEventDispatcher() = default; + + // MOZ_CAN_RUN_SCRIPT_BOUNDARY until Runnable::Run is MOZ_CAN_RUN_SCRIPT. See + // bug 1535398. + MOZ_CAN_RUN_SCRIPT_BOUNDARY NS_IMETHOD Run() override { + FireOrClearDelayedEvents(std::move(mDocuments), true); + return NS_OK; + } + + private: + nsTArray<nsCOMPtr<Document>> mDocuments; +}; + +static void GetAndUnsuppressSubDocuments( + Document& aDocument, nsTArray<nsCOMPtr<Document>>& aDocuments) { + if (aDocument.EventHandlingSuppressed() > 0) { + aDocument.DecreaseEventSuppression(); + aDocument.ScriptLoader()->RemoveExecuteBlocker(); + } + aDocuments.AppendElement(&aDocument); + aDocument.EnumerateSubDocuments([&aDocuments](Document& aSubDoc) { + GetAndUnsuppressSubDocuments(aSubDoc, aDocuments); + return CallState::Continue; + }); +} + +void Document::UnsuppressEventHandlingAndFireEvents(bool aFireEvents) { + nsTArray<nsCOMPtr<Document>> documents; + GetAndUnsuppressSubDocuments(*this, documents); + + for (nsCOMPtr<Document>& doc : documents) { + if (!doc->EventHandlingSuppressed()) { + if (WindowGlobalChild* wgc = doc->GetWindowGlobalChild()) { + wgc->UnblockBFCacheFor(BFCacheStatus::EVENT_HANDLING_SUPPRESSED); + } + + MOZ_ASSERT(NS_IsMainThread()); + nsTArray<RefPtr<net::ChannelEventQueue>> queues = + std::move(doc->mSuspendedQueues); + for (net::ChannelEventQueue* queue : queues) { + queue->Resume(); + } + + // If there have been any events driven by the refresh driver which were + // delayed due to events being suppressed in this document, make sure + // there is a refresh scheduled soon so the events will run. + if (doc->mHasDelayedRefreshEvent) { + doc->mHasDelayedRefreshEvent = false; + + if (doc->mPresShell) { + nsRefreshDriver* rd = + doc->mPresShell->GetPresContext()->RefreshDriver(); + rd->RunDelayedEventsSoon(); + } + } + } + } + + if (aFireEvents) { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsIRunnable> ded = + new nsDelayedEventDispatcher(std::move(documents)); + Dispatch(ded.forget()); + } else { + FireOrClearDelayedEvents(std::move(documents), false); + } +} + +bool Document::AreClipboardCommandsUnconditionallyEnabled() const { + return IsHTMLOrXHTML() && !nsContentUtils::IsChromeDoc(this); +} + +void Document::AddSuspendedChannelEventQueue(net::ChannelEventQueue* aQueue) { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(EventHandlingSuppressed()); + mSuspendedQueues.AppendElement(aQueue); +} + +bool Document::SuspendPostMessageEvent(PostMessageEvent* aEvent) { + MOZ_ASSERT(NS_IsMainThread()); + + if (EventHandlingSuppressed() || !mSuspendedPostMessageEvents.IsEmpty()) { + mSuspendedPostMessageEvents.AppendElement(aEvent); + return true; + } + return false; +} + +void Document::FireOrClearPostMessageEvents(bool aFireEvents) { + nsTArray<RefPtr<PostMessageEvent>> events = + std::move(mSuspendedPostMessageEvents); + + if (aFireEvents) { + for (PostMessageEvent* event : events) { + event->Run(); + } + } +} + +void Document::SetSuppressedEventListener(EventListener* aListener) { + mSuppressedEventListener = aListener; + EnumerateSubDocuments([&](Document& aDocument) { + aDocument.SetSuppressedEventListener(aListener); + return CallState::Continue; + }); +} + +bool Document::IsActive() const { + return mDocumentContainer && !mRemovedFromDocShell && GetBrowsingContext() && + !GetBrowsingContext()->IsInBFCache(); +} + +nsISupports* Document::GetCurrentContentSink() { + return mParser ? mParser->GetContentSink() : nullptr; +} + +Document* Document::GetTemplateContentsOwner() { + if (!mTemplateContentsOwner) { + bool hasHadScriptObject = true; + nsIScriptGlobalObject* scriptObject = + GetScriptHandlingObject(hasHadScriptObject); + + nsCOMPtr<Document> document; + nsresult rv = NS_NewDOMDocument( + getter_AddRefs(document), + u""_ns, // aNamespaceURI + u""_ns, // aQualifiedName + nullptr, // aDoctype + Document::GetDocumentURI(), Document::GetDocBaseURI(), NodePrincipal(), + true, // aLoadedAsData + scriptObject, // aEventObject + IsHTMLDocument() ? DocumentFlavorHTML : DocumentFlavorXML); + NS_ENSURE_SUCCESS(rv, nullptr); + + mTemplateContentsOwner = document; + NS_ENSURE_TRUE(mTemplateContentsOwner, nullptr); + + if (!scriptObject) { + mTemplateContentsOwner->SetScopeObject(GetScopeObject()); + } + + mTemplateContentsOwner->mHasHadScriptHandlingObject = hasHadScriptObject; + + // Set |mTemplateContentsOwner| as the template contents owner of itself so + // that it is the template contents owner of nested template elements. + mTemplateContentsOwner->mTemplateContentsOwner = mTemplateContentsOwner; + } + + MOZ_ASSERT(mTemplateContentsOwner->IsTemplateContentsOwner()); + return mTemplateContentsOwner; +} + +// https://html.spec.whatwg.org/#the-autofocus-attribute +void Document::ElementWithAutoFocusInserted(Element* aAutoFocusCandidate) { + BrowsingContext* bc = GetBrowsingContext(); + if (!bc) { + return; + } + + // If target is not fully active, then return. + if (!IsCurrentActiveDocument()) { + return; + } + + // If target's active sandboxing flag set has the sandboxed automatic features + // browsing context flag, then return. + if (GetSandboxFlags() & SANDBOXED_AUTOMATIC_FEATURES) { + return; + } + + // For each ancestorBC of target's browsing context's ancestor browsing + // contexts: if ancestorBC's active document's origin is not same origin with + // target's origin, then return. + while (bc) { + BrowsingContext* parent = bc->GetParent(); + if (!parent) { + break; + } + // AncestorBC is not the same site + if (!parent->IsInProcess()) { + return; + } + + Document* currentDocument = bc->GetDocument(); + if (!currentDocument) { + return; + } + + Document* parentDocument = parent->GetDocument(); + if (!parentDocument) { + return; + } + + // Not same origin + if (!currentDocument->NodePrincipal()->Equals( + parentDocument->NodePrincipal())) { + return; + } + + bc = parent; + } + MOZ_ASSERT(bc->IsTop()); + + Document* topDocument = bc->GetDocument(); + MOZ_ASSERT(topDocument); + topDocument->AppendAutoFocusCandidateToTopDocument(aAutoFocusCandidate); +} + +void Document::ScheduleFlushAutoFocusCandidates() { + MOZ_ASSERT(mPresShell && mPresShell->DidInitialize()); + MOZ_ASSERT(GetBrowsingContext()->IsTop()); + if (nsRefreshDriver* rd = mPresShell->GetRefreshDriver()) { + rd->ScheduleAutoFocusFlush(this); + } +} + +void Document::AppendAutoFocusCandidateToTopDocument( + Element* aAutoFocusCandidate) { + MOZ_ASSERT(GetBrowsingContext()->IsTop()); + if (mAutoFocusFired) { + return; + } + + if (!HasAutoFocusCandidates()) { + // PresShell may be initialized later + if (mPresShell && mPresShell->DidInitialize()) { + ScheduleFlushAutoFocusCandidates(); + } + } + + nsWeakPtr element = do_GetWeakReference(aAutoFocusCandidate); + mAutoFocusCandidates.RemoveElement(element); + mAutoFocusCandidates.AppendElement(element); +} + +void Document::SetAutoFocusFired() { + mAutoFocusCandidates.Clear(); + mAutoFocusFired = true; +} + +// https://html.spec.whatwg.org/#flush-autofocus-candidates +void Document::FlushAutoFocusCandidates() { + MOZ_ASSERT(GetBrowsingContext()->IsTop()); + if (mAutoFocusFired) { + return; + } + + if (!mPresShell) { + return; + } + + MOZ_ASSERT(HasAutoFocusCandidates()); + MOZ_ASSERT(mPresShell->DidInitialize()); + + nsCOMPtr<nsPIDOMWindowOuter> topWindow = GetWindow(); + // We should be the top document + if (!topWindow) { + return; + } + +#ifdef DEBUG + { + // Trying to find the top window (equivalent to window.top). + nsCOMPtr<nsPIDOMWindowOuter> top = topWindow->GetInProcessTop(); + MOZ_ASSERT(topWindow == top); + } +#endif + + // Don't steal the focus from the user + if (topWindow->GetFocusedElement()) { + SetAutoFocusFired(); + return; + } + + MOZ_ASSERT(mDocumentURI); + nsAutoCString ref; + // GetRef never fails + nsresult rv = mDocumentURI->GetRef(ref); + if (NS_SUCCEEDED(rv) && + nsContentUtils::GetTargetElement(this, NS_ConvertUTF8toUTF16(ref))) { + SetAutoFocusFired(); + return; + } + + nsTObserverArray<nsWeakPtr>::ForwardIterator iter(mAutoFocusCandidates); + while (iter.HasMore()) { + nsCOMPtr<Element> autoFocusElement = do_QueryReferent(iter.GetNext()); + if (!autoFocusElement) { + continue; + } + RefPtr<Document> autoFocusElementDoc = autoFocusElement->OwnerDoc(); + // Get the latest info about the frame and allow scripts + // to run which might affect the focusability of this element. + autoFocusElementDoc->FlushPendingNotifications(FlushType::Frames); + + // Above layout flush may cause the PresShell to disappear. + if (!mPresShell) { + return; + } + + // Re-get the element because the ownerDoc() might have changed + autoFocusElementDoc = autoFocusElement->OwnerDoc(); + BrowsingContext* bc = autoFocusElementDoc->GetBrowsingContext(); + if (!bc) { + continue; + } + + // If doc is not fully active, then remove element from candidates, and + // continue. + if (!autoFocusElementDoc->IsCurrentActiveDocument()) { + iter.Remove(); + continue; + } + + nsCOMPtr<nsIContentSink> sink = + do_QueryInterface(autoFocusElementDoc->GetCurrentContentSink()); + if (sink) { + nsHtml5TreeOpExecutor* executor = + static_cast<nsHtml5TreeOpExecutor*>(sink->AsExecutor()); + if (executor) { + // This is a HTML5 document + MOZ_ASSERT(autoFocusElementDoc->IsHTMLDocument()); + // If doc's script-blocking style sheet counter is greater than 0, th + // return. + if (executor->WaitForPendingSheets()) { + // In this case, element is the currently-best candidate, but doc is + // not ready for autofocusing. We'll try again next time flush + // autofocus candidates is called. + ScheduleFlushAutoFocusCandidates(); + return; + } + } + } + + // The autofocus element could be moved to a different + // top level BC. + if (bc->Top()->GetDocument() != this) { + continue; + } + + iter.Remove(); + + // Let inclusiveAncestorDocuments be a list consisting of doc, plus the + // active documents of each of doc's browsing context's ancestor browsing + // contexts. + // If any Document in inclusiveAncestorDocuments has non-null target + // element, then continue. + bool shouldFocus = true; + while (bc) { + Document* doc = bc->GetDocument(); + if (!doc) { + shouldFocus = false; + break; + } + + nsIURI* uri = doc->GetDocumentURI(); + if (!uri) { + shouldFocus = false; + break; + } + + nsAutoCString ref; + nsresult rv = uri->GetRef(ref); + // If there is an element in the document tree that has an ID equal to + // fragment + if (NS_SUCCEEDED(rv) && + nsContentUtils::GetTargetElement(doc, NS_ConvertUTF8toUTF16(ref))) { + shouldFocus = false; + break; + } + bc = bc->GetParent(); + } + + if (!shouldFocus) { + continue; + } + + MOZ_ASSERT(topWindow); + if (TryAutoFocusCandidate(*autoFocusElement)) { + // We've successfully autofocused an element, don't + // need to try to focus the rest. + SetAutoFocusFired(); + break; + } + } + + if (HasAutoFocusCandidates()) { + ScheduleFlushAutoFocusCandidates(); + } +} + +bool Document::TryAutoFocusCandidate(Element& aElement) { + const FocusOptions options; + if (RefPtr<Element> target = nsFocusManager::GetTheFocusableArea( + &aElement, nsFocusManager::ProgrammaticFocusFlags(options))) { + target->Focus(options, CallerType::NonSystem, IgnoreErrors()); + return true; + } + + return false; +} + +void Document::SetScrollToRef(nsIURI* aDocumentURI) { + if (!aDocumentURI) { + return; + } + + nsAutoCString ref; + + // Since all URI's that pass through here aren't URL's we can't + // rely on the nsIURI implementation for providing a way for + // finding the 'ref' part of the URI, we'll haveto revert to + // string routines for finding the data past '#' + + nsresult rv = aDocumentURI->GetSpec(ref); + if (NS_FAILED(rv)) { + Unused << aDocumentURI->GetRef(mScrollToRef); + return; + } + + nsReadingIterator<char> start, end; + + ref.BeginReading(start); + ref.EndReading(end); + + if (FindCharInReadable('#', start, end)) { + ++start; // Skip over the '#' + + mScrollToRef = Substring(start, end); + } +} + +// https://html.spec.whatwg.org/#scrolling-to-a-fragment +void Document::ScrollToRef() { + if (mScrolledToRefAlready) { + RefPtr<PresShell> presShell = GetPresShell(); + if (presShell) { + presShell->ScrollToAnchor(); + } + return; + } + + // 2. If fragment is the empty string, then return the special value top of + // the document. + if (mScrollToRef.IsEmpty()) { + return; + } + + RefPtr<PresShell> presShell = GetPresShell(); + if (!presShell) { + return; + } + + // 3. Let potentialIndicatedElement be the result of finding a potential + // indicated element given document and fragment. + NS_ConvertUTF8toUTF16 ref(mScrollToRef); + auto rv = presShell->GoToAnchor(ref, mChangeScrollPosWhenScrollingToRef); + + // 4. If potentialIndicatedElement is not null, then return + // potentialIndicatedElement. + if (NS_SUCCEEDED(rv)) { + mScrolledToRefAlready = true; + return; + } + + // 5. Let fragmentBytes be the result of percent-decoding fragment. + nsAutoCString fragmentBytes; + const bool unescaped = + NS_UnescapeURL(mScrollToRef.Data(), mScrollToRef.Length(), + /* aFlags = */ 0, fragmentBytes); + + if (!unescaped || fragmentBytes.IsEmpty()) { + // Another attempt is only necessary if characters were unescaped. + return; + } + + // 6. Let decodedFragment be the result of running UTF-8 decode without BOM on + // fragmentBytes. + nsAutoString decodedFragment; + rv = UTF_8_ENCODING->DecodeWithoutBOMHandling(fragmentBytes, decodedFragment); + NS_ENSURE_SUCCESS_VOID(rv); + + // 7. Set potentialIndicatedElement to the result of finding a potential + // indicated element given document and decodedFragment. + rv = presShell->GoToAnchor(decodedFragment, + mChangeScrollPosWhenScrollingToRef); + if (NS_SUCCEEDED(rv)) { + mScrolledToRefAlready = true; + } +} + +void Document::RegisterActivityObserver(nsISupports* aSupports) { + if (!mActivityObservers) { + mActivityObservers = MakeUnique<nsTHashSet<nsISupports*>>(); + } + mActivityObservers->Insert(aSupports); +} + +bool Document::UnregisterActivityObserver(nsISupports* aSupports) { + if (!mActivityObservers) { + return false; + } + return mActivityObservers->EnsureRemoved(aSupports); +} + +void Document::EnumerateActivityObservers( + ActivityObserverEnumerator aEnumerator) { + if (!mActivityObservers) { + return; + } + + const auto keyArray = + ToTArray<nsTArray<nsCOMPtr<nsISupports>>>(*mActivityObservers); + for (auto& observer : keyArray) { + aEnumerator(observer.get()); + } +} + +void Document::RegisterPendingLinkUpdate(Link* aLink) { + if (aLink->HasPendingLinkUpdate()) { + return; + } + + aLink->SetHasPendingLinkUpdate(); + + if (!mHasLinksToUpdateRunnable && !mFlushingPendingLinkUpdates) { + nsCOMPtr<nsIRunnable> event = + NewRunnableMethod("Document::FlushPendingLinkUpdates", this, + &Document::FlushPendingLinkUpdates); + // Do this work in a second in the worst case. + nsresult rv = NS_DispatchToCurrentThreadQueue(event.forget(), 1000, + EventQueuePriority::Idle); + if (NS_FAILED(rv)) { + // If during shutdown posting a runnable doesn't succeed, we probably + // don't need to update link states. + return; + } + mHasLinksToUpdateRunnable = true; + } + + mLinksToUpdate.InfallibleAppend(aLink); +} + +void Document::FlushPendingLinkUpdates() { + MOZ_DIAGNOSTIC_ASSERT(!mFlushingPendingLinkUpdates); + MOZ_ASSERT(mHasLinksToUpdateRunnable); + mHasLinksToUpdateRunnable = false; + + auto restore = MakeScopeExit([&] { mFlushingPendingLinkUpdates = false; }); + mFlushingPendingLinkUpdates = true; + + while (!mLinksToUpdate.IsEmpty()) { + LinksToUpdateList links(std::move(mLinksToUpdate)); + for (auto iter = links.Iter(); !iter.Done(); iter.Next()) { + Link* link = iter.Get(); + Element* element = link->GetElement(); + if (element->OwnerDoc() == this) { + link->ClearHasPendingLinkUpdate(); + if (element->IsInComposedDoc()) { + link->TriggerLinkUpdate(/* aNotify = */ true); + } + } + } + } +} + +/** + * Retrieves the node in a static-clone document that corresponds to aOrigNode, + * which is a node in the original document from which aStaticClone was cloned. + */ +static nsINode* GetCorrespondingNodeInDocument(const nsINode* aOrigNode, + Document& aStaticClone) { + MOZ_ASSERT(aOrigNode); + + // Selections in anonymous subtrees aren't supported. + if (NS_WARN_IF(aOrigNode->IsInNativeAnonymousSubtree())) { + return nullptr; + } + + // If the node is disconnected, this is a bug in the selection code, but it + // can happen with shadow DOM so handle it. + if (NS_WARN_IF(!aOrigNode->IsInComposedDoc())) { + return nullptr; + } + + AutoTArray<Maybe<uint32_t>, 32> indexArray; + const nsINode* current = aOrigNode; + while (const nsINode* parent = current->GetParentNode()) { + Maybe<uint32_t> index = parent->ComputeIndexOf(current); + NS_ENSURE_TRUE(index.isSome(), nullptr); + indexArray.AppendElement(std::move(index)); + current = parent; + } + MOZ_ASSERT(current->IsDocument() || current->IsShadowRoot()); + nsINode* correspondingNode = [&]() -> nsINode* { + if (current->IsDocument()) { + return &aStaticClone; + } + const auto* shadow = ShadowRoot::FromNode(*current); + if (!shadow) { + return nullptr; + } + nsINode* correspondingHost = + GetCorrespondingNodeInDocument(shadow->Host(), aStaticClone); + if (NS_WARN_IF(!correspondingHost || !correspondingHost->IsElement())) { + return nullptr; + } + return correspondingHost->AsElement()->GetShadowRoot(); + }(); + + if (NS_WARN_IF(!correspondingNode)) { + return nullptr; + } + for (const Maybe<uint32_t>& index : Reversed(indexArray)) { + correspondingNode = correspondingNode->GetChildAt_Deprecated(*index); + NS_ENSURE_TRUE(correspondingNode, nullptr); + } + return correspondingNode; +} + +/** + * Caches the selection ranges from the source document onto the static clone in + * case the "Print Selection Only" functionality is invoked. + * + * Note that we cannot use the selection obtained from GetOriginalDocument() + * since that selection may have mutated after the print was invoked. + * + * Note also that because nsRange objects point into a specific document's + * nodes, we cannot reuse an array of nsRange objects across multiple static + * clone documents. For that reason we cache a new array of ranges on each + * static clone that we create. + * + * TODO(emilio): This can be simplified once we don't re-clone from static + * documents. + * + * @param aSourceDoc the document from which we are caching selection ranges + * @param aStaticClone the document that will hold the cache + * @return true if a selection range was cached + */ +static void CachePrintSelectionRanges(const Document& aSourceDoc, + Document& aStaticClone) { + MOZ_ASSERT(aStaticClone.IsStaticDocument()); + MOZ_ASSERT(!aStaticClone.GetProperty(nsGkAtoms::printisfocuseddoc)); + MOZ_ASSERT(!aStaticClone.GetProperty(nsGkAtoms::printselectionranges)); + + bool sourceDocIsStatic = aSourceDoc.IsStaticDocument(); + + // When the user opts to "Print Selection Only", the print code prefers any + // selection in the static clone corresponding to the focused frame. If this + // is that static clone, flag it for the printing code: + const bool isFocusedDoc = [&] { + if (sourceDocIsStatic) { + return bool(aSourceDoc.GetProperty(nsGkAtoms::printisfocuseddoc)); + } + nsPIDOMWindowOuter* window = aSourceDoc.GetWindow(); + if (!window) { + return false; + } + nsCOMPtr<nsPIDOMWindowOuter> rootWindow = window->GetPrivateRoot(); + if (!rootWindow) { + return false; + } + nsCOMPtr<nsPIDOMWindowOuter> focusedWindow; + nsFocusManager::GetFocusedDescendant(rootWindow, + nsFocusManager::eIncludeAllDescendants, + getter_AddRefs(focusedWindow)); + return focusedWindow && focusedWindow->GetExtantDoc() == &aSourceDoc; + }(); + if (isFocusedDoc) { + aStaticClone.SetProperty(nsGkAtoms::printisfocuseddoc, + reinterpret_cast<void*>(true)); + } + + const Selection* origSelection = nullptr; + const nsTArray<RefPtr<nsRange>>* origRanges = nullptr; + + if (sourceDocIsStatic) { + origRanges = static_cast<nsTArray<RefPtr<nsRange>>*>( + aSourceDoc.GetProperty(nsGkAtoms::printselectionranges)); + } else if (PresShell* shell = aSourceDoc.GetPresShell()) { + origSelection = shell->GetCurrentSelection(SelectionType::eNormal); + } + + if (!origSelection && !origRanges) { + return; + } + + const uint32_t rangeCount = + sourceDocIsStatic ? origRanges->Length() : origSelection->RangeCount(); + auto printRanges = MakeUnique<nsTArray<RefPtr<nsRange>>>(rangeCount); + + for (const uint32_t i : IntegerRange(rangeCount)) { + MOZ_ASSERT_IF(!sourceDocIsStatic, + origSelection->RangeCount() == rangeCount); + const nsRange* range = sourceDocIsStatic ? origRanges->ElementAt(i).get() + : origSelection->GetRangeAt(i); + MOZ_ASSERT(range); + nsINode* startContainer = range->GetStartContainer(); + nsINode* endContainer = range->GetEndContainer(); + + if (!startContainer || !endContainer) { + continue; + } + + nsINode* startNode = + GetCorrespondingNodeInDocument(startContainer, aStaticClone); + nsINode* endNode = + GetCorrespondingNodeInDocument(endContainer, aStaticClone); + + if (NS_WARN_IF(!startNode || !endNode)) { + continue; + } + + RefPtr<nsRange> clonedRange = + nsRange::Create(startNode, range->StartOffset(), endNode, + range->EndOffset(), IgnoreErrors()); + if (clonedRange && !clonedRange->Collapsed()) { + printRanges->AppendElement(std::move(clonedRange)); + } + } + + if (printRanges->IsEmpty()) { + return; + } + + aStaticClone.SetProperty(nsGkAtoms::printselectionranges, + printRanges.release(), + nsINode::DeleteProperty<nsTArray<RefPtr<nsRange>>>); +} + +already_AddRefed<Document> Document::CreateStaticClone( + nsIDocShell* aCloneContainer, nsIDocumentViewer* aViewer, + nsIPrintSettings* aPrintSettings, bool* aOutHasInProcessPrintCallbacks) { + MOZ_ASSERT(!mCreatingStaticClone); + MOZ_ASSERT(!GetProperty(nsGkAtoms::adoptedsheetclones)); + MOZ_DIAGNOSTIC_ASSERT(aViewer); + + mCreatingStaticClone = true; + SetProperty(nsGkAtoms::adoptedsheetclones, new AdoptedStyleSheetCloneCache(), + nsINode::DeleteProperty<AdoptedStyleSheetCloneCache>); + + auto raii = MakeScopeExit([&] { + RemoveProperty(nsGkAtoms::adoptedsheetclones); + mCreatingStaticClone = false; + }); + + // Make document use different container during cloning. + // + // FIXME(emilio): Why is this needed? + RefPtr<nsDocShell> originalShell = mDocumentContainer.get(); + SetContainer(nsDocShell::Cast(aCloneContainer)); + IgnoredErrorResult rv; + nsCOMPtr<nsINode> clonedNode = CloneNode(true, rv); + SetContainer(originalShell); + if (rv.Failed()) { + return nullptr; + } + + nsCOMPtr<Document> clonedDoc = do_QueryInterface(clonedNode); + if (!clonedDoc) { + return nullptr; + } + + size_t sheetsCount = SheetCount(); + for (size_t i = 0; i < sheetsCount; ++i) { + RefPtr<StyleSheet> sheet = SheetAt(i); + if (sheet) { + if (sheet->IsApplicable()) { + RefPtr<StyleSheet> clonedSheet = sheet->Clone(nullptr, clonedDoc); + NS_WARNING_ASSERTION(clonedSheet, "Cloning a stylesheet didn't work!"); + if (clonedSheet) { + clonedDoc->AddStyleSheet(clonedSheet); + } + } + } + } + clonedDoc->CloneAdoptedSheetsFrom(*this); + + for (int t = 0; t < AdditionalSheetTypeCount; ++t) { + auto& sheets = mAdditionalSheets[additionalSheetType(t)]; + for (StyleSheet* sheet : sheets) { + if (sheet->IsApplicable()) { + RefPtr<StyleSheet> clonedSheet = sheet->Clone(nullptr, clonedDoc); + NS_WARNING_ASSERTION(clonedSheet, "Cloning a stylesheet didn't work!"); + if (clonedSheet) { + clonedDoc->AddAdditionalStyleSheet(additionalSheetType(t), + clonedSheet); + } + } + } + } + + // Font faces created with the JS API will not be reflected in the + // stylesheets and need to be copied over to the cloned document. + if (const FontFaceSet* set = GetFonts()) { + set->CopyNonRuleFacesTo(clonedDoc->Fonts()); + } + + clonedDoc->mReferrerInfo = + static_cast<dom::ReferrerInfo*>(mReferrerInfo.get())->Clone(); + clonedDoc->mPreloadReferrerInfo = clonedDoc->mReferrerInfo; + CachePrintSelectionRanges(*this, *clonedDoc); + + // We're done with the clone, embed ourselves into the document viewer and + // clone our children. The order here is pretty important, because our + // document our document needs to have an owner global before we can create + // the frame loaders for subdocuments. + aViewer->SetDocument(clonedDoc); + + *aOutHasInProcessPrintCallbacks |= clonedDoc->HasPrintCallbacks(); + + auto pendingClones = std::move(clonedDoc->mPendingFrameStaticClones); + for (const auto& clone : pendingClones) { + RefPtr<Element> element = do_QueryObject(clone.mElement); + RefPtr<nsFrameLoader> frameLoader = + nsFrameLoader::Create(element, /* aNetworkCreated */ false); + + if (NS_WARN_IF(!frameLoader)) { + continue; + } + + clone.mElement->SetFrameLoader(frameLoader); + + nsresult rv = frameLoader->FinishStaticClone( + clone.mStaticCloneOf, aPrintSettings, aOutHasInProcessPrintCallbacks); + Unused << NS_WARN_IF(NS_FAILED(rv)); + } + + return clonedDoc.forget(); +} + +void Document::UnlinkOriginalDocumentIfStatic() { + if (IsStaticDocument() && mOriginalDocument) { + MOZ_ASSERT(mOriginalDocument->mStaticCloneCount > 0); + mOriginalDocument->mStaticCloneCount--; + mOriginalDocument = nullptr; + } + MOZ_ASSERT(!mOriginalDocument); +} + +nsresult Document::ScheduleFrameRequestCallback(FrameRequestCallback& aCallback, + int32_t* aHandle) { + nsresult rv = mFrameRequestManager.Schedule(aCallback, aHandle); + if (NS_FAILED(rv)) { + return rv; + } + + UpdateFrameRequestCallbackSchedulingState(); + return NS_OK; +} + +void Document::CancelFrameRequestCallback(int32_t aHandle) { + if (mFrameRequestManager.Cancel(aHandle)) { + UpdateFrameRequestCallbackSchedulingState(); + } +} + +bool Document::IsCanceledFrameRequestCallback(int32_t aHandle) const { + return mFrameRequestManager.IsCanceled(aHandle); +} + +nsresult Document::GetStateObject(JS::MutableHandle<JS::Value> aState) { + // Get the document's current state object. This is the object backing both + // history.state and popStateEvent.state. + // + // mStateObjectContainer may be null; this just means that there's no + // current state object. + + if (!mCachedStateObjectValid) { + if (mStateObjectContainer) { + AutoJSAPI jsapi; + // Init with null is "OK" in the sense that it will just fail. + if (!jsapi.Init(GetScopeObject())) { + return NS_ERROR_UNEXPECTED; + } + JS::Rooted<JS::Value> value(jsapi.cx()); + nsresult rv = + mStateObjectContainer->DeserializeToJsval(jsapi.cx(), &value); + NS_ENSURE_SUCCESS(rv, rv); + + mCachedStateObject = value; + if (!value.isNullOrUndefined()) { + mozilla::HoldJSObjects(this); + } + } else { + mCachedStateObject = JS::NullValue(); + } + mCachedStateObjectValid = true; + } + + aState.set(mCachedStateObject); + return NS_OK; +} + +void Document::SetNavigationTiming(nsDOMNavigationTiming* aTiming) { + mTiming = aTiming; + if (!mLoadingOrRestoredFromBFCacheTimeStamp.IsNull() && mTiming) { + mTiming->SetDOMLoadingTimeStamp(GetDocumentURI(), + mLoadingOrRestoredFromBFCacheTimeStamp); + } + + // If there's already the DocumentTimeline instance, tell it since the + // DocumentTimeline is based on both the navigation start time stamp and the + // refresh driver timestamp. + if (mDocumentTimeline) { + mDocumentTimeline->UpdateLastRefreshDriverTime(); + } +} + +nsContentList* Document::ImageMapList() { + if (!mImageMaps) { + mImageMaps = new nsContentList(this, kNameSpaceID_XHTML, nsGkAtoms::map, + nsGkAtoms::map); + } + + return mImageMaps; +} + +#define DEPRECATED_OPERATION(_op) #_op "Warning", +static const char* kDeprecationWarnings[] = { +#include "nsDeprecatedOperationList.h" + nullptr}; +#undef DEPRECATED_OPERATION + +#define DOCUMENT_WARNING(_op) #_op "Warning", +static const char* kDocumentWarnings[] = { +#include "nsDocumentWarningList.h" + nullptr}; +#undef DOCUMENT_WARNING + +static UseCounter OperationToUseCounter(DeprecatedOperations aOperation) { + switch (aOperation) { +#define DEPRECATED_OPERATION(_op) \ + case DeprecatedOperations::e##_op: \ + return eUseCounter_##_op; +#include "nsDeprecatedOperationList.h" +#undef DEPRECATED_OPERATION + default: + MOZ_CRASH(); + } +} + +bool Document::HasWarnedAbout(DeprecatedOperations aOperation) const { + return mDeprecationWarnedAbout[static_cast<size_t>(aOperation)]; +} + +void Document::WarnOnceAbout( + DeprecatedOperations aOperation, bool asError /* = false */, + const nsTArray<nsString>& aParams /* = empty array */) const { + MOZ_ASSERT(NS_IsMainThread()); + if (HasWarnedAbout(aOperation)) { + return; + } + mDeprecationWarnedAbout[static_cast<size_t>(aOperation)] = true; + // Don't count deprecated operations for about pages since those pages + // are almost in our control, and we always need to remove uses there + // before we remove the operation itself anyway. + if (!IsAboutPage()) { + const_cast<Document*>(this)->SetUseCounter( + OperationToUseCounter(aOperation)); + } + uint32_t flags = + asError ? nsIScriptError::errorFlag : nsIScriptError::warningFlag; + nsContentUtils::ReportToConsole( + flags, "DOM Core"_ns, this, nsContentUtils::eDOM_PROPERTIES, + kDeprecationWarnings[static_cast<size_t>(aOperation)], aParams); +} + +bool Document::HasWarnedAbout(DocumentWarnings aWarning) const { + return mDocWarningWarnedAbout[aWarning]; +} + +void Document::WarnOnceAbout( + DocumentWarnings aWarning, bool asError /* = false */, + const nsTArray<nsString>& aParams /* = empty array */) const { + MOZ_ASSERT(NS_IsMainThread()); + if (HasWarnedAbout(aWarning)) { + return; + } + mDocWarningWarnedAbout[aWarning] = true; + uint32_t flags = + asError ? nsIScriptError::errorFlag : nsIScriptError::warningFlag; + nsContentUtils::ReportToConsole(flags, "DOM Core"_ns, this, + nsContentUtils::eDOM_PROPERTIES, + kDocumentWarnings[aWarning], aParams); +} + +mozilla::dom::ImageTracker* Document::ImageTracker() { + if (!mImageTracker) { + mImageTracker = new mozilla::dom::ImageTracker; + } + return mImageTracker; +} + +void Document::ScheduleSVGUseElementShadowTreeUpdate( + SVGUseElement& aUseElement) { + MOZ_ASSERT(aUseElement.IsInComposedDoc()); + + if (MOZ_UNLIKELY(mIsStaticDocument)) { + // Printing doesn't deal well with dynamic DOM mutations. + return; + } + + mSVGUseElementsNeedingShadowTreeUpdate.Insert(&aUseElement); + + if (PresShell* presShell = GetPresShell()) { + presShell->EnsureStyleFlush(); + } +} + +void Document::DoUpdateSVGUseElementShadowTrees() { + MOZ_ASSERT(!mSVGUseElementsNeedingShadowTreeUpdate.IsEmpty()); + + MOZ_ASSERT(!mCloningForSVGUse); + mCloningForSVGUse = true; + + do { + const auto useElementsToUpdate = ToTArray<nsTArray<RefPtr<SVGUseElement>>>( + mSVGUseElementsNeedingShadowTreeUpdate); + mSVGUseElementsNeedingShadowTreeUpdate.Clear(); + + for (const auto& useElement : useElementsToUpdate) { + if (MOZ_UNLIKELY(!useElement->IsInComposedDoc())) { + // The element was in another <use> shadow tree which we processed + // already and also needed an update, and is removed from the document + // now, so nothing to do here. + MOZ_ASSERT(useElementsToUpdate.Length() > 1); + continue; + } + useElement->UpdateShadowTree(); + } + } while (!mSVGUseElementsNeedingShadowTreeUpdate.IsEmpty()); + + mCloningForSVGUse = false; +} + +void Document::NotifyMediaFeatureValuesChanged() { + for (RefPtr<HTMLImageElement> imageElement : mResponsiveContent) { + imageElement->MediaFeatureValuesChanged(); + } +} + +already_AddRefed<Touch> Document::CreateTouch( + nsGlobalWindowInner* aView, EventTarget* aTarget, int32_t aIdentifier, + int32_t aPageX, int32_t aPageY, int32_t aScreenX, int32_t aScreenY, + int32_t aClientX, int32_t aClientY, int32_t aRadiusX, int32_t aRadiusY, + float aRotationAngle, float aForce) { + RefPtr<Touch> touch = + new Touch(aTarget, aIdentifier, aPageX, aPageY, aScreenX, aScreenY, + aClientX, aClientY, aRadiusX, aRadiusY, aRotationAngle, aForce); + return touch.forget(); +} + +already_AddRefed<TouchList> Document::CreateTouchList() { + RefPtr<TouchList> retval = new TouchList(ToSupports(this)); + return retval.forget(); +} + +already_AddRefed<TouchList> Document::CreateTouchList( + Touch& aTouch, const Sequence<OwningNonNull<Touch>>& aTouches) { + RefPtr<TouchList> retval = new TouchList(ToSupports(this)); + retval->Append(&aTouch); + for (uint32_t i = 0; i < aTouches.Length(); ++i) { + retval->Append(aTouches[i].get()); + } + return retval.forget(); +} + +already_AddRefed<TouchList> Document::CreateTouchList( + const Sequence<OwningNonNull<Touch>>& aTouches) { + RefPtr<TouchList> retval = new TouchList(ToSupports(this)); + for (uint32_t i = 0; i < aTouches.Length(); ++i) { + retval->Append(aTouches[i].get()); + } + return retval.forget(); +} + +already_AddRefed<nsDOMCaretPosition> Document::CaretPositionFromPoint( + float aX, float aY) { + using FrameForPointOption = nsLayoutUtils::FrameForPointOption; + + nscoord x = nsPresContext::CSSPixelsToAppUnits(aX); + nscoord y = nsPresContext::CSSPixelsToAppUnits(aY); + nsPoint pt(x, y); + + FlushPendingNotifications(FlushType::Layout); + + PresShell* presShell = GetPresShell(); + if (!presShell) { + return nullptr; + } + + nsIFrame* rootFrame = presShell->GetRootFrame(); + + // XUL docs, unlike HTML, have no frame tree until everything's done loading + if (!rootFrame) { + return nullptr; + } + + nsIFrame* ptFrame = nsLayoutUtils::GetFrameForPoint( + RelativeTo{rootFrame}, pt, + {{FrameForPointOption::IgnorePaintSuppression, + FrameForPointOption::IgnoreCrossDoc}}); + if (!ptFrame) { + return nullptr; + } + + // We require frame-relative coordinates for GetContentOffsetsFromPoint. + nsPoint adjustedPoint = pt; + if (nsLayoutUtils::TransformPoint(RelativeTo{rootFrame}, RelativeTo{ptFrame}, + adjustedPoint) != + nsLayoutUtils::TRANSFORM_SUCCEEDED) { + return nullptr; + } + + nsIFrame::ContentOffsets offsets = + ptFrame->GetContentOffsetsFromPoint(adjustedPoint); + + nsCOMPtr<nsIContent> node = offsets.content; + uint32_t offset = offsets.offset; + nsCOMPtr<nsIContent> anonNode = node; + bool nodeIsAnonymous = node && node->IsInNativeAnonymousSubtree(); + if (nodeIsAnonymous) { + node = ptFrame->GetContent(); + nsIContent* nonanon = node->FindFirstNonChromeOnlyAccessContent(); + HTMLTextAreaElement* textArea = HTMLTextAreaElement::FromNode(nonanon); + nsITextControlFrame* textFrame = do_QueryFrame(nonanon->GetPrimaryFrame()); + if (textFrame) { + // If the anonymous content node has a child, then we need to make sure + // that we get the appropriate child, as otherwise the offset may not be + // correct when we construct a range for it. + nsCOMPtr<nsIContent> firstChild = anonNode->GetFirstChild(); + if (firstChild) { + anonNode = firstChild; + } + + if (textArea) { + offset = + nsContentUtils::GetAdjustedOffsetInTextControl(ptFrame, offset); + } + + node = nonanon; + } else { + node = nullptr; + offset = 0; + } + } + + RefPtr<nsDOMCaretPosition> aCaretPos = new nsDOMCaretPosition(node, offset); + if (nodeIsAnonymous) { + aCaretPos->SetAnonymousContentNode(anonNode); + } + return aCaretPos.forget(); +} + +bool Document::IsPotentiallyScrollable(HTMLBodyElement* aBody) { + // We rely on correct frame information here, so need to flush frames. + FlushPendingNotifications(FlushType::Frames); + + // An element that is the HTML body element is potentially scrollable if all + // of the following conditions are true: + + // The element has an associated CSS layout box. + nsIFrame* bodyFrame = nsLayoutUtils::GetStyleFrame(aBody); + if (!bodyFrame) { + return false; + } + + // The element's parent element's computed value of the overflow-x and + // overflow-y properties are visible. + MOZ_ASSERT(aBody->GetParent() == aBody->OwnerDoc()->GetRootElement()); + nsIFrame* parentFrame = nsLayoutUtils::GetStyleFrame(aBody->GetParent()); + if (parentFrame && + parentFrame->StyleDisplay()->OverflowIsVisibleInBothAxis()) { + return false; + } + + // The element's computed value of the overflow-x or overflow-y properties is + // not visible. + return !bodyFrame->StyleDisplay()->OverflowIsVisibleInBothAxis(); +} + +Element* Document::GetScrollingElement() { + // Keep this in sync with IsScrollingElement. + if (GetCompatibilityMode() == eCompatibility_NavQuirks) { + RefPtr<HTMLBodyElement> body = GetBodyElement(); + if (body && !IsPotentiallyScrollable(body)) { + return body; + } + + return nullptr; + } + + return GetRootElement(); +} + +bool Document::IsScrollingElement(Element* aElement) { + // Keep this in sync with GetScrollingElement. + MOZ_ASSERT(aElement); + + if (GetCompatibilityMode() != eCompatibility_NavQuirks) { + return aElement == GetRootElement(); + } + + // In the common case when aElement != body, avoid refcounting. + HTMLBodyElement* body = GetBodyElement(); + if (aElement != body) { + return false; + } + + // Now we know body is non-null, since aElement is not null. It's the + // scrolling element for the document if it itself is not potentially + // scrollable. + RefPtr<HTMLBodyElement> strongBody(body); + return !IsPotentiallyScrollable(strongBody); +} + +class UnblockParsingPromiseHandler final : public PromiseNativeHandler { + public: + NS_DECL_CYCLE_COLLECTING_ISUPPORTS + NS_DECL_CYCLE_COLLECTION_CLASS(UnblockParsingPromiseHandler) + + explicit UnblockParsingPromiseHandler(Document* aDocument, Promise* aPromise, + const BlockParsingOptions& aOptions) + : mPromise(aPromise) { + nsCOMPtr<nsIParser> parser = aDocument->CreatorParserOrNull(); + if (parser && + (aOptions.mBlockScriptCreated || !parser->IsScriptCreated())) { + parser->BlockParser(); + mParser = do_GetWeakReference(parser); + mDocument = aDocument; + mDocument->BlockOnload(); + mDocument->BlockDOMContentLoaded(); + } + } + + void ResolvedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue, + ErrorResult& aRv) override { + MaybeUnblockParser(); + + mPromise->MaybeResolve(aValue); + } + + void RejectedCallback(JSContext* aCx, JS::Handle<JS::Value> aValue, + ErrorResult& aRv) override { + MaybeUnblockParser(); + + mPromise->MaybeReject(aValue); + } + + protected: + virtual ~UnblockParsingPromiseHandler() { + // If we're being cleaned up by the cycle collector, our mDocument reference + // may have been unlinked while our mParser weak reference is still alive. + if (mDocument) { + MaybeUnblockParser(); + } + } + + private: + void MaybeUnblockParser() { + nsCOMPtr<nsIParser> parser = do_QueryReferent(mParser); + if (parser) { + MOZ_DIAGNOSTIC_ASSERT(mDocument); + nsCOMPtr<nsIParser> docParser = mDocument->CreatorParserOrNull(); + if (parser == docParser) { + parser->UnblockParser(); + parser->ContinueInterruptedParsingAsync(); + } + } + if (mDocument) { + // We blocked DOMContentLoaded and load events on this document. Unblock + // them. Note that we want to do that no matter what's going on with the + // parser state for this document. Maybe someone caused it to stop being + // parsed, so CreatorParserOrNull() is returning null, but we still want + // to unblock these. + mDocument->UnblockDOMContentLoaded(); + mDocument->UnblockOnload(false); + } + mParser = nullptr; + mDocument = nullptr; + } + + nsWeakPtr mParser; + RefPtr<Promise> mPromise; + RefPtr<Document> mDocument; +}; + +NS_IMPL_CYCLE_COLLECTION(UnblockParsingPromiseHandler, mDocument, mPromise) + +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(UnblockParsingPromiseHandler) + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +NS_IMPL_CYCLE_COLLECTING_ADDREF(UnblockParsingPromiseHandler) +NS_IMPL_CYCLE_COLLECTING_RELEASE(UnblockParsingPromiseHandler) + +already_AddRefed<Promise> Document::BlockParsing( + Promise& aPromise, const BlockParsingOptions& aOptions, ErrorResult& aRv) { + RefPtr<Promise> resultPromise = + Promise::Create(aPromise.GetParentObject(), aRv); + if (aRv.Failed()) { + return nullptr; + } + + RefPtr<PromiseNativeHandler> promiseHandler = + new UnblockParsingPromiseHandler(this, resultPromise, aOptions); + aPromise.AppendNativeHandler(promiseHandler); + + return resultPromise.forget(); +} + +already_AddRefed<nsIURI> Document::GetMozDocumentURIIfNotForErrorPages() { + if (mFailedChannel) { + nsCOMPtr<nsIURI> failedURI; + if (NS_SUCCEEDED(mFailedChannel->GetURI(getter_AddRefs(failedURI)))) { + return failedURI.forget(); + } + } + + nsCOMPtr<nsIURI> uri = GetDocumentURIObject(); + if (!uri) { + return nullptr; + } + + return uri.forget(); +} + +Promise* Document::GetDocumentReadyForIdle(ErrorResult& aRv) { + if (mIsGoingAway) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + + if (!mReadyForIdle) { + nsIGlobalObject* global = GetScopeObject(); + if (!global) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + + mReadyForIdle = Promise::Create(global, aRv); + if (aRv.Failed()) { + return nullptr; + } + } + + return mReadyForIdle; +} + +void Document::MaybeResolveReadyForIdle() { + IgnoredErrorResult rv; + Promise* readyPromise = GetDocumentReadyForIdle(rv); + if (readyPromise) { + readyPromise->MaybeResolveWithUndefined(); + } +} + +mozilla::dom::FeaturePolicy* Document::FeaturePolicy() const { + // The policy is created when the document is initialized. We _must_ have a + // policy here even if the featurePolicy pref is off. If this assertion fails, + // it means that ::FeaturePolicy() is called before ::StartDocumentLoad(). + MOZ_ASSERT(mFeaturePolicy); + return mFeaturePolicy; +} + +nsIDOMXULCommandDispatcher* Document::GetCommandDispatcher() { + // Only chrome documents are allowed to use command dispatcher. + if (!nsContentUtils::IsChromeDoc(this)) { + return nullptr; + } + if (!mCommandDispatcher) { + // Create our command dispatcher and hook it up. + mCommandDispatcher = new nsXULCommandDispatcher(this); + } + return mCommandDispatcher; +} + +void Document::InitializeXULBroadcastManager() { + if (mXULBroadcastManager) { + return; + } + mXULBroadcastManager = new XULBroadcastManager(this); +} + +namespace { + +class DevToolsMutationObserver final : public nsStubMutationObserver { + NS_DECL_ISUPPORTS + NS_DECL_NSIMUTATIONOBSERVER_ATTRIBUTECHANGED + NS_DECL_NSIMUTATIONOBSERVER_CONTENTAPPENDED + NS_DECL_NSIMUTATIONOBSERVER_CONTENTINSERTED + + // We handle this in nsContentUtils::MaybeFireNodeRemoved, since devtools + // relies on the event firing _before_ the removal happens. + // NS_DECL_NSIMUTATIONOBSERVER_CONTENTREMOVED + + // NOTE(emilio, bug 1694627): DevTools doesn't seem to deal with character + // data changes right now (maybe intentionally?). + // NS_DECL_NSIMUTATIONOBSERVER_CHARACTERDATACHANGED + + DevToolsMutationObserver() = default; + + private: + void FireEvent(nsINode* aTarget, const nsAString& aType); + + ~DevToolsMutationObserver() = default; +}; + +NS_IMPL_ISUPPORTS(DevToolsMutationObserver, nsIMutationObserver) + +void DevToolsMutationObserver::FireEvent(nsINode* aTarget, + const nsAString& aType) { + AsyncEventDispatcher::RunDOMEventWhenSafe(*aTarget, aType, CanBubble::eNo, + ChromeOnlyDispatch::eYes, + Composed::eYes); +} + +void DevToolsMutationObserver::AttributeChanged(Element* aElement, + int32_t aNamespaceID, + nsAtom* aAttribute, + int32_t aModType, + const nsAttrValue* aOldValue) { + FireEvent(aElement, u"devtoolsattrmodified"_ns); +} + +void DevToolsMutationObserver::ContentAppended(nsIContent* aFirstNewContent) { + for (nsIContent* c = aFirstNewContent; c; c = c->GetNextSibling()) { + ContentInserted(c); + } +} + +void DevToolsMutationObserver::ContentInserted(nsIContent* aChild) { + FireEvent(aChild, u"devtoolschildinserted"_ns); +} + +static StaticRefPtr<DevToolsMutationObserver> sDevToolsMutationObserver; + +} // namespace + +void Document::SetDevToolsWatchingDOMMutations(bool aValue) { + if (mDevToolsWatchingDOMMutations == aValue || mIsGoingAway) { + return; + } + mDevToolsWatchingDOMMutations = aValue; + if (aValue) { + if (MOZ_UNLIKELY(!sDevToolsMutationObserver)) { + sDevToolsMutationObserver = new DevToolsMutationObserver(); + ClearOnShutdown(&sDevToolsMutationObserver); + } + AddMutationObserver(sDevToolsMutationObserver); + } else if (sDevToolsMutationObserver) { + RemoveMutationObserver(sDevToolsMutationObserver); + } +} + +void EvaluateMediaQueryLists(nsTArray<RefPtr<MediaQueryList>>& aListsToNotify, + Document& aDocument, bool aRecurse) { + if (nsPresContext* pc = aDocument.GetPresContext()) { + pc->FlushPendingMediaFeatureValuesChanged(); + } + + for (MediaQueryList* mql : aDocument.MediaQueryLists()) { + if (mql->EvaluateOnRenderingUpdate()) { + aListsToNotify.AppendElement(mql); + } + } + if (!aRecurse) { + return; + } + aDocument.EnumerateSubDocuments([&](Document& aSubDoc) { + EvaluateMediaQueryLists(aListsToNotify, aSubDoc, true); + return CallState::Continue; + }); +} + +void Document::EvaluateMediaQueriesAndReportChanges(bool aRecurse) { + AutoTArray<RefPtr<MediaQueryList>, 32> mqls; + EvaluateMediaQueryLists(mqls, *this, aRecurse); + for (auto& mql : mqls) { + mql->FireChangeEvent(); + } +} + +void Document::MaybeWarnAboutZoom() { + if (mHasWarnedAboutZoom) { + return; + } + const bool usedZoom = Servo_IsPropertyIdRecordedInUseCounter( + mStyleUseCounters.get(), eCSSProperty_zoom); + if (!usedZoom) { + return; + } + + mHasWarnedAboutZoom = true; + nsContentUtils::ReportToConsole(nsIScriptError::warningFlag, "Layout"_ns, + this, nsContentUtils::eLAYOUT_PROPERTIES, + "ZoomPropertyWarning"); +} + +nsIHTMLCollection* Document::Children() { + if (!mChildrenCollection) { + mChildrenCollection = + new nsContentList(this, kNameSpaceID_Wildcard, nsGkAtoms::_asterisk, + nsGkAtoms::_asterisk, false); + } + + return mChildrenCollection; +} + +uint32_t Document::ChildElementCount() { return Children()->Length(); } + +// Singleton class to manage the list of fullscreen documents which are the +// root of a branch which contains fullscreen documents. We maintain this list +// so that we can easily exit all windows from fullscreen when the user +// presses the escape key. +class FullscreenRoots { + public: + // Adds the root of given document to the manager. Calling this method + // with a document whose root is already contained has no effect. + static void Add(Document* aDoc); + + // Iterates over every root in the root list, and calls aFunction, passing + // each root once to aFunction. It is safe to call Add() and Remove() while + // iterating over the list (i.e. in aFunction). Documents that are removed + // from the manager during traversal are not traversed, and documents that + // are added to the manager during traversal are also not traversed. + static void ForEach(void (*aFunction)(Document* aDoc)); + + // Removes the root of a specific document from the manager. + static void Remove(Document* aDoc); + + // Returns true if all roots added to the list have been removed. + static bool IsEmpty(); + + private: + MOZ_COUNTED_DEFAULT_CTOR(FullscreenRoots) + MOZ_COUNTED_DTOR(FullscreenRoots) + + using RootsArray = nsTArray<WeakPtr<Document>>; + + // Returns true if aRoot is in the list of fullscreen roots. + static bool Contains(Document* aRoot); + + // Singleton instance of the FullscreenRoots. This is instantiated when a + // root is added, and it is deleted when the last root is removed. + static FullscreenRoots* sInstance; + + // List of weak pointers to roots. + RootsArray mRoots; +}; + +FullscreenRoots* FullscreenRoots::sInstance = nullptr; + +/* static */ +void FullscreenRoots::ForEach(void (*aFunction)(Document* aDoc)) { + if (!sInstance) { + return; + } + // Create a copy of the roots array, and iterate over the copy. This is so + // that if an element is removed from mRoots we don't mess up our iteration. + RootsArray roots(sInstance->mRoots.Clone()); + // Call aFunction on all entries. + for (uint32_t i = 0; i < roots.Length(); i++) { + nsCOMPtr<Document> root(roots[i]); + // Check that the root isn't in the manager. This is so that new additions + // while we were running don't get traversed. + if (root && FullscreenRoots::Contains(root)) { + aFunction(root); + } + } +} + +/* static */ +bool FullscreenRoots::Contains(Document* aRoot) { + return sInstance && sInstance->mRoots.Contains(aRoot); +} + +/* static */ +void FullscreenRoots::Add(Document* aDoc) { + nsCOMPtr<Document> root = + nsContentUtils::GetInProcessSubtreeRootDocument(aDoc); + if (!FullscreenRoots::Contains(root)) { + if (!sInstance) { + sInstance = new FullscreenRoots(); + } + sInstance->mRoots.AppendElement(root); + } +} + +/* static */ +void FullscreenRoots::Remove(Document* aDoc) { + nsCOMPtr<Document> root = + nsContentUtils::GetInProcessSubtreeRootDocument(aDoc); + if (!sInstance || !sInstance->mRoots.RemoveElement(root)) { + NS_ERROR("Should only try to remove roots which are still added!"); + return; + } + if (sInstance->mRoots.IsEmpty()) { + delete sInstance; + sInstance = nullptr; + } +} + +/* static */ +bool FullscreenRoots::IsEmpty() { return !sInstance; } + +// Any fullscreen change waiting for the widget to finish transition +// is queued here. This is declared static instead of a member of +// Document because in the majority of time, there would be at most +// one document requesting or exiting fullscreen. We shouldn't waste +// the space to hold for it in every document. +class PendingFullscreenChangeList { + public: + PendingFullscreenChangeList() = delete; + + template <typename T> + static void Add(UniquePtr<T> aChange) { + sList.insertBack(aChange.release()); + } + + static const FullscreenChange* GetLast() { return sList.getLast(); } + + enum IteratorOption { + // When we are committing fullscreen changes or preparing for + // that, we generally want to iterate all requests in the same + // window with eDocumentsWithSameRoot option. + eDocumentsWithSameRoot, + // If we are removing a document from the tree, we would only + // want to remove the requests from the given document and its + // descendants. For that case, use eInclusiveDescendants. + eInclusiveDescendants + }; + + template <typename T> + class Iterator { + public: + explicit Iterator(Document* aDoc, IteratorOption aOption) + : mCurrent(PendingFullscreenChangeList::sList.getFirst()) { + if (mCurrent) { + if (aDoc->GetBrowsingContext()) { + mRootBCForIteration = aDoc->GetBrowsingContext(); + if (aOption == eDocumentsWithSameRoot) { + BrowsingContext* bc = + GetParentIgnoreChromeBoundary(mRootBCForIteration); + while (bc) { + mRootBCForIteration = bc; + bc = GetParentIgnoreChromeBoundary(mRootBCForIteration); + } + } + } + SkipToNextMatch(); + } + } + + UniquePtr<T> TakeAndNext() { + auto thisChange = TakeAndNextInternal(); + SkipToNextMatch(); + return thisChange; + } + bool AtEnd() const { return mCurrent == nullptr; } + + private: + static BrowsingContext* GetParentIgnoreChromeBoundary( + BrowsingContext* aBC) { + // Chrome BrowsingContexts are only available in the parent process, so if + // we're in a content process, we only worry about the context tree. + if (XRE_IsParentProcess()) { + return aBC->Canonical()->GetParentCrossChromeBoundary(); + } + return aBC->GetParent(); + } + + UniquePtr<T> TakeAndNextInternal() { + FullscreenChange* thisChange = mCurrent; + MOZ_ASSERT(thisChange->Type() == T::kType); + mCurrent = mCurrent->removeAndGetNext(); + return WrapUnique(static_cast<T*>(thisChange)); + } + void SkipToNextMatch() { + while (mCurrent) { + if (mCurrent->Type() == T::kType) { + BrowsingContext* bc = mCurrent->Document()->GetBrowsingContext(); + if (!bc) { + // Always automatically drop fullscreen changes which are + // from a document detached from the doc shell. + UniquePtr<T> change = TakeAndNextInternal(); + change->MayRejectPromise("Document is not active"); + continue; + } + while (bc && bc != mRootBCForIteration) { + bc = GetParentIgnoreChromeBoundary(bc); + } + if (bc) { + break; + } + } + // The current one either don't have matched type, or isn't + // inside the given subtree, so skip this item. + mCurrent = mCurrent->getNext(); + } + } + + FullscreenChange* mCurrent; + RefPtr<BrowsingContext> mRootBCForIteration; + }; + + private: + static LinkedList<FullscreenChange> sList; +}; + +/* static */ +LinkedList<FullscreenChange> PendingFullscreenChangeList::sList; + +size_t Document::CountFullscreenElements() const { + size_t count = 0; + for (const nsWeakPtr& ptr : mTopLayer) { + if (nsCOMPtr<Element> elem = do_QueryReferent(ptr)) { + if (elem->State().HasState(ElementState::FULLSCREEN)) { + count++; + } + } + } + return count; +} + +// https://github.com/whatwg/html/issues/9143 +// We need to consider the precedence between active modal dialog, topmost auto +// popover and fullscreen element once it's specified. +void Document::HandleEscKey() { + for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) { + nsCOMPtr<Element> element(do_QueryReferent(weakPtr)); + if (RefPtr popoverHTMLEl = nsGenericHTMLElement::FromNodeOrNull(element)) { + if (element->IsAutoPopover() && element->IsPopoverOpen()) { + popoverHTMLEl->HidePopover(IgnoreErrors()); + break; + } + } + if (auto* dialog = HTMLDialogElement::FromNodeOrNull(element)) { + dialog->QueueCancelDialog(); + break; + } + } +} + +already_AddRefed<Promise> Document::ExitFullscreen(ErrorResult& aRv) { + UniquePtr<FullscreenExit> exit = FullscreenExit::Create(this, aRv); + RefPtr<Promise> promise = exit->GetPromise(); + RestorePreviousFullscreenState(std::move(exit)); + return promise.forget(); +} + +static void AskWindowToExitFullscreen(Document* aDoc) { + if (XRE_GetProcessType() == GeckoProcessType_Content) { + nsContentUtils::DispatchEventOnlyToChrome( + aDoc, aDoc, u"MozDOMFullscreen:Exit"_ns, CanBubble::eYes, + Cancelable::eNo, /* DefaultAction */ nullptr); + } else { + if (nsPIDOMWindowOuter* win = aDoc->GetWindow()) { + win->SetFullscreenInternal(FullscreenReason::ForFullscreenAPI, false); + } + } +} + +class nsCallExitFullscreen : public Runnable { + public: + explicit nsCallExitFullscreen(Document* aDoc) + : mozilla::Runnable("nsCallExitFullscreen"), mDoc(aDoc) {} + + NS_IMETHOD Run() final { + if (!mDoc) { + FullscreenRoots::ForEach(&AskWindowToExitFullscreen); + } else { + AskWindowToExitFullscreen(mDoc); + } + return NS_OK; + } + + private: + nsCOMPtr<Document> mDoc; +}; + +/* static */ +void Document::AsyncExitFullscreen(Document* aDoc) { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsIRunnable> exit = new nsCallExitFullscreen(aDoc); + NS_DispatchToCurrentThread(exit.forget()); +} + +static uint32_t CountFullscreenSubDocuments(Document& aDoc) { + uint32_t count = 0; + // FIXME(emilio): Should this be recursive and dig into our nested subdocs? + aDoc.EnumerateSubDocuments([&count](Document& aSubDoc) { + if (aSubDoc.Fullscreen()) { + count++; + } + return CallState::Continue; + }); + return count; +} + +bool Document::IsFullscreenLeaf() { + // A fullscreen leaf document is fullscreen, and has no fullscreen + // subdocuments. + // + // FIXME(emilio): This doesn't seem to account for fission iframes, is that + // ok? + return Fullscreen() && CountFullscreenSubDocuments(*this) == 0; +} + +static Document* GetFullscreenLeaf(Document& aDoc) { + if (aDoc.IsFullscreenLeaf()) { + return &aDoc; + } + if (!aDoc.Fullscreen()) { + return nullptr; + } + Document* leaf = nullptr; + aDoc.EnumerateSubDocuments([&leaf](Document& aSubDoc) { + leaf = GetFullscreenLeaf(aSubDoc); + return leaf ? CallState::Stop : CallState::Continue; + }); + return leaf; +} + +static Document* GetFullscreenLeaf(Document* aDoc) { + if (Document* leaf = GetFullscreenLeaf(*aDoc)) { + return leaf; + } + // Otherwise we could be either in a non-fullscreen doc tree, or we're + // below the fullscreen doc. Start the search from the root. + Document* root = nsContentUtils::GetInProcessSubtreeRootDocument(aDoc); + return GetFullscreenLeaf(*root); +} + +static CallState ResetFullscreen(Document& aDocument) { + if (Element* fsElement = aDocument.GetUnretargetedFullscreenElement()) { + NS_ASSERTION(CountFullscreenSubDocuments(aDocument) <= 1, + "Should have at most 1 fullscreen subdocument."); + aDocument.CleanupFullscreenState(); + NS_ASSERTION(!aDocument.Fullscreen(), "Should reset fullscreen"); + DispatchFullscreenChange(aDocument, fsElement); + aDocument.EnumerateSubDocuments(ResetFullscreen); + } + return CallState::Continue; +} + +// Since Document::ExitFullscreenInDocTree() could be called from +// Element::UnbindFromTree() where it is not safe to synchronously run +// script. This runnable is the script part of that function. +class ExitFullscreenScriptRunnable : public Runnable { + public: + explicit ExitFullscreenScriptRunnable(Document* aRoot, Document* aLeaf) + : mozilla::Runnable("ExitFullscreenScriptRunnable"), + mRoot(aRoot), + mLeaf(aLeaf) {} + + NS_IMETHOD Run() override { + // Dispatch MozDOMFullscreen:Exited to the original fullscreen leaf + // document since we want this event to follow the same path that + // MozDOMFullscreen:Entered was dispatched. + nsContentUtils::DispatchEventOnlyToChrome( + mLeaf, mLeaf, u"MozDOMFullscreen:Exited"_ns, CanBubble::eYes, + Cancelable::eNo, /* DefaultAction */ nullptr); + // Ensure the window exits fullscreen, as long as we don't have + // pending fullscreen requests. + if (nsPIDOMWindowOuter* win = mRoot->GetWindow()) { + if (!mRoot->HasPendingFullscreenRequests()) { + win->SetFullscreenInternal(FullscreenReason::ForForceExitFullscreen, + false); + } + } + return NS_OK; + } + + private: + nsCOMPtr<Document> mRoot; + nsCOMPtr<Document> mLeaf; +}; + +/* static */ +void Document::ExitFullscreenInDocTree(Document* aMaybeNotARootDoc) { + MOZ_ASSERT(aMaybeNotARootDoc); + + // Unlock the pointer + PointerLockManager::Unlock(); + + // Resolve all promises which waiting for exit fullscreen. + PendingFullscreenChangeList::Iterator<FullscreenExit> iter( + aMaybeNotARootDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot); + while (!iter.AtEnd()) { + UniquePtr<FullscreenExit> exit = iter.TakeAndNext(); + exit->MayResolvePromise(); + } + + nsCOMPtr<Document> root = aMaybeNotARootDoc->GetFullscreenRoot(); + if (!root || !root->Fullscreen()) { + // If a document was detached before exiting from fullscreen, it is + // possible that the root had left fullscreen state. In this case, + // we would not get anything from the ResetFullscreen() call. Root's + // not being a fullscreen doc also means the widget should have + // exited fullscreen state. It means even if we do not return here, + // we would actually do nothing below except crashing ourselves via + // dispatching the "MozDOMFullscreen:Exited" event to an nonexistent + // document. + return; + } + + // Record the fullscreen leaf document for MozDOMFullscreen:Exited. + // See ExitFullscreenScriptRunnable::Run for details. We have to + // record it here because we don't have such information after we + // reset the fullscreen state below. + Document* fullscreenLeaf = GetFullscreenLeaf(root); + + // Walk the tree of fullscreen documents, and reset their fullscreen state. + ResetFullscreen(*root); + + NS_ASSERTION(!root->Fullscreen(), + "Fullscreen root should no longer be a fullscreen doc..."); + + // Move the top-level window out of fullscreen mode. + FullscreenRoots::Remove(root); + + nsContentUtils::AddScriptRunner( + new ExitFullscreenScriptRunnable(root, fullscreenLeaf)); +} + +static void DispatchFullscreenNewOriginEvent(Document* aDoc) { + RefPtr<AsyncEventDispatcher> asyncDispatcher = + new AsyncEventDispatcher(aDoc, u"MozDOMFullscreen:NewOrigin"_ns, + CanBubble::eYes, ChromeOnlyDispatch::eYes); + asyncDispatcher->PostDOMEvent(); +} + +void Document::RestorePreviousFullscreenState(UniquePtr<FullscreenExit> aExit) { + NS_ASSERTION(!Fullscreen() || !FullscreenRoots::IsEmpty(), + "Should have at least 1 fullscreen root when fullscreen!"); + + if (!GetWindow()) { + aExit->MayRejectPromise("No active window"); + return; + } + if (!Fullscreen() || FullscreenRoots::IsEmpty()) { + aExit->MayRejectPromise("Not in fullscreen mode"); + return; + } + + nsCOMPtr<Document> fullScreenDoc = GetFullscreenLeaf(this); + AutoTArray<Element*, 8> exitElements; + + Document* doc = fullScreenDoc; + // Collect all subdocuments. + for (; doc != this; doc = doc->GetInProcessParentDocument()) { + Element* fsElement = doc->GetUnretargetedFullscreenElement(); + MOZ_ASSERT(fsElement, + "Parent document of " + "a fullscreen document without fullscreen element?"); + exitElements.AppendElement(fsElement); + } + MOZ_ASSERT(doc == this, "Must have reached this doc"); + // Collect all ancestor documents which we are going to change. + for (; doc; doc = doc->GetInProcessParentDocument()) { + Element* fsElement = doc->GetUnretargetedFullscreenElement(); + MOZ_ASSERT(fsElement, + "Ancestor of fullscreen document must also be in fullscreen"); + if (doc != this) { + if (auto* iframe = HTMLIFrameElement::FromNode(fsElement)) { + if (iframe->FullscreenFlag()) { + // If this is an iframe, and it explicitly requested + // fullscreen, don't rollback it automatically. + break; + } + } + } + exitElements.AppendElement(fsElement); + if (doc->CountFullscreenElements() > 1) { + break; + } + } + + Document* lastDoc = exitElements.LastElement()->OwnerDoc(); + size_t fullscreenCount = lastDoc->CountFullscreenElements(); + if (!lastDoc->GetInProcessParentDocument() && fullscreenCount == 1) { + // If we are fully exiting fullscreen, don't touch anything here, + // just wait for the window to get out from fullscreen first. + PendingFullscreenChangeList::Add(std::move(aExit)); + AskWindowToExitFullscreen(this); + return; + } + + // If fullscreen mode is updated the pointer should be unlocked + PointerLockManager::Unlock(); + // All documents listed in the array except the last one are going to + // completely exit from the fullscreen state. + for (auto i : IntegerRange(exitElements.Length() - 1)) { + exitElements[i]->OwnerDoc()->CleanupFullscreenState(); + } + // The last document will either rollback one fullscreen element, or + // completely exit from the fullscreen state as well. + Document* newFullscreenDoc; + if (fullscreenCount > 1) { + DebugOnly<bool> removedFullscreenElement = lastDoc->PopFullscreenElement(); + MOZ_ASSERT(removedFullscreenElement); + newFullscreenDoc = lastDoc; + } else { + lastDoc->CleanupFullscreenState(); + newFullscreenDoc = lastDoc->GetInProcessParentDocument(); + } + // Dispatch the fullscreenchange event to all document listed. Note + // that the loop order is reversed so that events are dispatched in + // the tree order as indicated in the spec. + for (Element* e : Reversed(exitElements)) { + DispatchFullscreenChange(*e->OwnerDoc(), e); + } + aExit->MayResolvePromise(); + + MOZ_ASSERT(newFullscreenDoc, + "If we were going to exit from fullscreen on " + "all documents in this doctree, we should've asked the window to " + "exit first instead of reaching here."); + if (fullScreenDoc != newFullscreenDoc && + !nsContentUtils::HaveEqualPrincipals(fullScreenDoc, newFullscreenDoc)) { + // We've popped so enough off the stack that we've rolled back to + // a fullscreen element in a parent document. If this document is + // cross origin, dispatch an event to chrome so it knows to show + // the warning UI. + DispatchFullscreenNewOriginEvent(newFullscreenDoc); + } +} + +static void UpdateViewportScrollbarOverrideForFullscreen(Document* aDoc) { + if (nsPresContext* presContext = aDoc->GetPresContext()) { + presContext->UpdateViewportScrollStylesOverride(); + } +} + +static void NotifyFullScreenChangedForMediaElement(Element& aElement) { + // When a media element enters the fullscreen, we would like to notify that + // to the media controller in order to update its status. + if (auto* mediaElem = HTMLMediaElement::FromNode(aElement)) { + mediaElem->NotifyFullScreenChanged(); + } +} + +void Document::CleanupFullscreenState() { + while (PopFullscreenElement(UpdateViewport::No)) { + // Remove the next one if appropriate + } + + UpdateViewportScrollbarOverrideForFullscreen(this); + mFullscreenRoot = nullptr; + + // Restore the zoom level that was in place prior to entering fullscreen. + if (PresShell* presShell = GetPresShell()) { + if (presShell->GetMobileViewportManager()) { + presShell->SetResolutionAndScaleTo( + mSavedResolution, ResolutionChangeOrigin::MainThreadRestore); + } + } +} + +bool Document::PopFullscreenElement(UpdateViewport aUpdateViewport) { + Element* removedElement = TopLayerPop([](Element* element) -> bool { + return element->State().HasState(ElementState::FULLSCREEN); + }); + + if (!removedElement) { + return false; + } + + MOZ_ASSERT(removedElement->State().HasState(ElementState::FULLSCREEN)); + removedElement->RemoveStates(ElementState::FULLSCREEN | ElementState::MODAL); + NotifyFullScreenChangedForMediaElement(*removedElement); + // Reset iframe fullscreen flag. + if (auto* iframe = HTMLIFrameElement::FromNode(removedElement)) { + iframe->SetFullscreenFlag(false); + } + if (aUpdateViewport == UpdateViewport::Yes) { + UpdateViewportScrollbarOverrideForFullscreen(this); + } + return true; +} + +void Document::SetFullscreenElement(Element& aElement) { + ElementState statesToAdd = ElementState::FULLSCREEN; + if (!IsInChromeDocShell()) { + // Don't make the document modal in chrome documents, since we don't want + // the browser UI like the context menu / etc to be inert. + statesToAdd |= ElementState::MODAL; + } + aElement.AddStates(statesToAdd); + TopLayerPush(aElement); + NotifyFullScreenChangedForMediaElement(aElement); + UpdateViewportScrollbarOverrideForFullscreen(this); +} + +void Document::TopLayerPush(Element& aElement) { + const bool modal = aElement.State().HasState(ElementState::MODAL); + + TopLayerPop(aElement); + mTopLayer.AppendElement(do_GetWeakReference(&aElement)); + NS_ASSERTION(GetTopLayerTop() == &aElement, "Should match"); + + if (modal) { + aElement.AddStates(ElementState::TOPMOST_MODAL); + + bool foundExistingModalElement = false; + for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) { + nsCOMPtr<Element> element(do_QueryReferent(weakPtr)); + if (element && element != &aElement && + element->State().HasState(ElementState::TOPMOST_MODAL)) { + element->RemoveStates(ElementState::TOPMOST_MODAL); + foundExistingModalElement = true; + break; + } + } + + if (!foundExistingModalElement) { + Element* root = GetRootElement(); + MOZ_RELEASE_ASSERT(root, "top layer element outside of document?"); + if (&aElement != root) { + // Add inert to the root element so that the inertness is applied to the + // entire document. + root->AddStates(ElementState::INERT); + } + } + } +} + +void Document::AddModalDialog(HTMLDialogElement& aDialogElement) { + aDialogElement.AddStates(ElementState::MODAL); + TopLayerPush(aDialogElement); +} + +void Document::RemoveModalDialog(HTMLDialogElement& aDialogElement) { + DebugOnly<Element*> removedElement = TopLayerPop(aDialogElement); + MOZ_ASSERT(removedElement == &aDialogElement); + aDialogElement.RemoveStates(ElementState::MODAL); +} + +Element* Document::TopLayerPop(FunctionRef<bool(Element*)> aPredicate) { + if (mTopLayer.IsEmpty()) { + return nullptr; + } + + // Remove the topmost element that qualifies aPredicate; This + // is required is because the top layer contains not only + // fullscreen elements, but also dialog elements. + Element* removedElement = nullptr; + for (auto i : Reversed(IntegerRange(mTopLayer.Length()))) { + nsCOMPtr<Element> element(do_QueryReferent(mTopLayer[i])); + if (element && aPredicate(element)) { + removedElement = element; + mTopLayer.RemoveElementAt(i); + break; + } + } + + // Pop from the stack null elements (references to elements which have + // been GC'd since they were added to the stack) and elements which are + // no longer in this document. + // + // FIXME(emilio): If this loop does something, it'd violate the assertions + // from GetTopLayerTop()... What gives? + while (!mTopLayer.IsEmpty()) { + Element* element = GetTopLayerTop(); + if (!element || element->GetComposedDoc() != this) { + mTopLayer.RemoveLastElement(); + } else { + // The top element of the stack is now an in-doc element. Return here. + break; + } + } + + if (!removedElement) { + return nullptr; + } + + const bool modal = removedElement->State().HasState(ElementState::MODAL); + + if (modal) { + removedElement->RemoveStates(ElementState::TOPMOST_MODAL); + bool foundExistingModalElement = false; + for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) { + nsCOMPtr<Element> element(do_QueryReferent(weakPtr)); + if (element && element->State().HasState(ElementState::MODAL)) { + element->AddStates(ElementState::TOPMOST_MODAL); + foundExistingModalElement = true; + break; + } + } + // No more modal elements, make the document not inert anymore. + if (!foundExistingModalElement) { + Element* root = GetRootElement(); + if (root && !root->GetBoolAttr(nsGkAtoms::inert)) { + root->RemoveStates(ElementState::INERT); + } + } + } + + return removedElement; +} + +Element* Document::TopLayerPop(Element& aElement) { + auto predictFunc = [&aElement](Element* element) { + return element == &aElement; + }; + return TopLayerPop(predictFunc); +} + +void Document::GetWireframe(bool aIncludeNodes, + Nullable<Wireframe>& aWireframe) { + FlushPendingNotifications(FlushType::Layout); + GetWireframeWithoutFlushing(aIncludeNodes, aWireframe); +} + +void Document::GetWireframeWithoutFlushing(bool aIncludeNodes, + Nullable<Wireframe>& aWireframe) { + using FrameForPointOptions = nsLayoutUtils::FrameForPointOptions; + using FrameForPointOption = nsLayoutUtils::FrameForPointOption; + + PresShell* shell = GetPresShell(); + if (!shell) { + return; + } + + nsPresContext* pc = shell->GetPresContext(); + if (!pc) { + return; + } + + nsIFrame* rootFrame = shell->GetRootFrame(); + if (!rootFrame) { + return; + } + + auto& wireframe = aWireframe.SetValue(); + wireframe.mCanvasBackground = shell->ComputeCanvasBackground().mViewportColor; + + FrameForPointOptions options; + options.mBits += FrameForPointOption::IgnoreCrossDoc; + options.mBits += FrameForPointOption::IgnorePaintSuppression; + options.mBits += FrameForPointOption::OnlyVisible; + + AutoTArray<nsIFrame*, 32> frames; + const RelativeTo relativeTo{rootFrame, mozilla::ViewportType::Layout}; + nsLayoutUtils::GetFramesForArea(relativeTo, pc->GetVisibleArea(), frames, + options); + + // TODO(emilio): We could rewrite hit testing to return nsDisplayItem*s or + // something perhaps, but seems hard / like it'd involve at least some extra + // copying around, since they don't outlive GetFramesForArea. + auto& rects = wireframe.mRects.Construct(); + if (!rects.SetCapacity(frames.Length(), fallible)) { + return; + } + for (nsIFrame* frame : Reversed(frames)) { + auto [rectColor, + rectType] = [&]() -> std::tuple<nscolor, WireframeRectType> { + if (frame->IsTextFrame()) { + return {frame->StyleText()->mWebkitTextFillColor.CalcColor(frame), + WireframeRectType::Text}; + } + if (frame->IsImageFrame() || frame->IsSVGOuterSVGFrame()) { + return {0, WireframeRectType::Image}; + } + if (frame->IsThemed()) { + return {0, WireframeRectType::Background}; + } + bool drawImage = false; + bool drawColor = false; + if (const auto* bgStyle = nsCSSRendering::FindBackground(frame)) { + const nscolor color = nsCSSRendering::DetermineBackgroundColor( + pc, bgStyle, frame, drawImage, drawColor); + if (drawImage && + !bgStyle->StyleBackground()->mImage.BottomLayer().mImage.IsNone()) { + return {color, WireframeRectType::Image}; + } + if (drawColor && !frame->IsCanvasFrame()) { + // Canvas frame background already accounted for in mCanvasBackground. + return {color, WireframeRectType::Background}; + } + } + return {0, WireframeRectType::Unknown}; + }(); + + if (rectType == WireframeRectType::Unknown) { + continue; + } + + const auto r = + CSSRect::FromAppUnits(nsLayoutUtils::TransformFrameRectToAncestor( + frame, frame->GetRectRelativeToSelf(), relativeTo)); + if ((uint32_t)r.Area() < + StaticPrefs::browser_history_wireframeAreaThreshold()) { + continue; + } + + // Can't really fail because SetCapacity succeeded. + auto& taggedRect = *rects.AppendElement(fallible); + + if (aIncludeNodes) { + if (nsIContent* c = frame->GetContent()) { + taggedRect.mNode.Construct(c); + } + } + taggedRect.mX = r.x; + taggedRect.mY = r.y; + taggedRect.mWidth = r.width; + taggedRect.mHeight = r.height; + taggedRect.mColor = rectColor; + taggedRect.mType.Construct(rectType); + } +} + +Element* Document::GetTopLayerTop() { + if (mTopLayer.IsEmpty()) { + return nullptr; + } + uint32_t last = mTopLayer.Length() - 1; + nsCOMPtr<Element> element(do_QueryReferent(mTopLayer[last])); + NS_ASSERTION(element, "Should have a top layer element!"); + NS_ASSERTION(element->IsInComposedDoc(), + "Top layer element should be in doc"); + NS_ASSERTION(element->OwnerDoc() == this, + "Top layer element should be in this doc"); + return element; +} + +Element* Document::GetUnretargetedFullscreenElement() const { + for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) { + nsCOMPtr<Element> element(do_QueryReferent(weakPtr)); + // Per spec, the fullscreen element is the topmost element in the document’s + // top layer whose fullscreen flag is set, if any, and null otherwise. + if (element && element->State().HasState(ElementState::FULLSCREEN)) { + return element; + } + } + return nullptr; +} + +nsTArray<Element*> Document::GetTopLayer() const { + nsTArray<Element*> elements; + for (const nsWeakPtr& ptr : mTopLayer) { + if (nsCOMPtr<Element> elem = do_QueryReferent(ptr)) { + elements.AppendElement(elem); + } + } + return elements; +} + +bool Document::TopLayerContains(Element& aElement) const { + if (mTopLayer.IsEmpty()) { + return false; + } + nsWeakPtr weakElement = do_GetWeakReference(&aElement); + return mTopLayer.Contains(weakElement); +} + +void Document::HideAllPopoversUntil(nsINode& aEndpoint, + bool aFocusPreviousElement, + bool aFireEvents) { + auto closeAllOpenPopovers = [&aFocusPreviousElement, &aFireEvents, + this]() MOZ_CAN_RUN_SCRIPT_FOR_DEFINITION { + while (RefPtr<Element> topmost = GetTopmostAutoPopover()) { + HidePopover(*topmost, aFocusPreviousElement, aFireEvents, IgnoreErrors()); + } + }; + + if (aEndpoint.IsElement() && !aEndpoint.AsElement()->IsPopoverOpen()) { + return; + } + + if (&aEndpoint == this) { + closeAllOpenPopovers(); + return; + } + + // https://github.com/whatwg/html/pull/9198 + auto needRepeatingHide = [&]() { + auto autoList = AutoPopoverList(); + return autoList.Contains(&aEndpoint) && + &aEndpoint != autoList.LastElement(); + }; + + MOZ_ASSERT((&aEndpoint)->IsElement() && + (&aEndpoint)->AsElement()->IsAutoPopover()); + bool repeatingHide = false; + bool fireEvents = aFireEvents; + do { + RefPtr<const Element> lastToHide = nullptr; + bool foundEndpoint = false; + for (const Element* popover : AutoPopoverList()) { + if (popover == &aEndpoint) { + foundEndpoint = true; + } else if (foundEndpoint) { + lastToHide = popover; + break; + } + } + + if (!foundEndpoint) { + closeAllOpenPopovers(); + return; + } + + while (lastToHide && lastToHide->IsPopoverOpen()) { + RefPtr<Element> topmost = GetTopmostAutoPopover(); + if (!topmost) { + break; + } + HidePopover(*topmost, aFocusPreviousElement, fireEvents, IgnoreErrors()); + } + + repeatingHide = needRepeatingHide(); + if (repeatingHide) { + fireEvents = false; + } + } while (repeatingHide); +} + +MOZ_CAN_RUN_SCRIPT_BOUNDARY void +Document::HideAllPopoversWithoutRunningScript() { + return HideAllPopoversUntil(*this, false, false); +} + +void Document::HidePopover(Element& aPopover, bool aFocusPreviousElement, + bool aFireEvents, ErrorResult& aRv) { + RefPtr<nsGenericHTMLElement> popoverHTMLEl = + nsGenericHTMLElement::FromNode(aPopover); + NS_ASSERTION(popoverHTMLEl, "Not a HTML element"); + + if (!popoverHTMLEl->CheckPopoverValidity(PopoverVisibilityState::Showing, + nullptr, aRv)) { + return; + } + + bool wasShowingOrHiding = + popoverHTMLEl->GetPopoverData()->IsShowingOrHiding(); + popoverHTMLEl->GetPopoverData()->SetIsShowingOrHiding(true); + const bool fireEvents = aFireEvents && !wasShowingOrHiding; + auto cleanupHidingFlag = MakeScopeExit([&]() { + if (auto* popoverData = popoverHTMLEl->GetPopoverData()) { + popoverData->SetIsShowingOrHiding(wasShowingOrHiding); + } + }); + + if (popoverHTMLEl->IsAutoPopover()) { + HideAllPopoversUntil(*popoverHTMLEl, aFocusPreviousElement, fireEvents); + if (!popoverHTMLEl->CheckPopoverValidity(PopoverVisibilityState::Showing, + nullptr, aRv)) { + return; + } + // TODO: we can't always guarantee: + // The last item in document's auto popover list is popoverHTMLEl. + // See, https://github.com/whatwg/html/issues/9197 + // If popoverHTMLEl is not on top, hide popovers again without firing + // events. + if (NS_WARN_IF(GetTopmostAutoPopover() != popoverHTMLEl)) { + HideAllPopoversUntil(*popoverHTMLEl, aFocusPreviousElement, false); + if (!popoverHTMLEl->CheckPopoverValidity(PopoverVisibilityState::Showing, + nullptr, aRv)) { + return; + } + MOZ_ASSERT(GetTopmostAutoPopover() == popoverHTMLEl, + "popoverHTMLEl should be on top of auto popover list"); + } + } + + auto* data = popoverHTMLEl->GetPopoverData(); + MOZ_ASSERT(data, "Should have popover data"); + data->SetInvoker(nullptr); + + // Fire beforetoggle event and re-check popover validity. + if (fireEvents) { + // Intentionally ignore the return value here as only on open event for + // beforetoggle the cancelable attribute is initialized to true. + popoverHTMLEl->FireToggleEvent(PopoverVisibilityState::Showing, + PopoverVisibilityState::Hidden, + u"beforetoggle"_ns); + + // https://html.spec.whatwg.org/multipage/popover.html#hide-popover-algorithm + // step 10.2. + // Hide all popovers when beforetoggle shows a popover. + if (popoverHTMLEl->IsAutoPopover() && + GetTopmostAutoPopover() != popoverHTMLEl && + popoverHTMLEl->PopoverOpen()) { + HideAllPopoversUntil(*popoverHTMLEl, aFocusPreviousElement, false); + } + + if (!popoverHTMLEl->CheckPopoverValidity(PopoverVisibilityState::Showing, + nullptr, aRv)) { + return; + } + } + + RemovePopoverFromTopLayer(aPopover); + + popoverHTMLEl->PopoverPseudoStateUpdate(false, true); + popoverHTMLEl->GetPopoverData()->SetPopoverVisibilityState( + PopoverVisibilityState::Hidden); + + // Queue popover toggle event task. + if (fireEvents) { + popoverHTMLEl->QueuePopoverEventTask(PopoverVisibilityState::Showing); + } + + if (aFocusPreviousElement) { + popoverHTMLEl->FocusPreviousElementAfterHidingPopover(); + } else { + popoverHTMLEl->ForgetPreviouslyFocusedElementAfterHidingPopover(); + } +} + +nsTArray<Element*> Document::AutoPopoverList() const { + nsTArray<Element*> elements; + for (const nsWeakPtr& ptr : mTopLayer) { + if (nsCOMPtr<Element> element = do_QueryReferent(ptr)) { + if (element && element->IsAutoPopover() && element->IsPopoverOpen()) { + elements.AppendElement(element); + } + } + } + return elements; +} + +Element* Document::GetTopmostAutoPopover() const { + for (const nsWeakPtr& weakPtr : Reversed(mTopLayer)) { + nsCOMPtr<Element> element(do_QueryReferent(weakPtr)); + if (element && element->IsAutoPopover() && element->IsPopoverOpen()) { + return element; + } + } + return nullptr; +} + +void Document::AddToAutoPopoverList(Element& aElement) { + MOZ_ASSERT(aElement.IsAutoPopover()); + TopLayerPush(aElement); +} + +void Document::RemoveFromAutoPopoverList(Element& aElement) { + MOZ_ASSERT(aElement.IsAutoPopover()); + TopLayerPop(aElement); +} + +void Document::AddPopoverToTopLayer(Element& aElement) { + MOZ_ASSERT(aElement.GetPopoverData()); + TopLayerPush(aElement); +} + +void Document::RemovePopoverFromTopLayer(Element& aElement) { + MOZ_ASSERT(aElement.GetPopoverData()); + TopLayerPop(aElement); +} + +// Returns true if aDoc browsing context is focused. +bool IsInFocusedTab(Document* aDoc) { + BrowsingContext* bc = aDoc->GetBrowsingContext(); + if (!bc) { + return false; + } + + nsFocusManager* fm = nsFocusManager::GetFocusManager(); + if (!fm) { + return false; + } + + if (XRE_IsParentProcess()) { + // Keep dom/tests/mochitest/chrome/test_MozDomFullscreen_event.xhtml happy + // by retaining the old code path for the parent process. + nsIDocShell* docshell = aDoc->GetDocShell(); + if (!docshell) { + return false; + } + nsCOMPtr<nsIDocShellTreeItem> rootItem; + docshell->GetInProcessRootTreeItem(getter_AddRefs(rootItem)); + if (!rootItem) { + return false; + } + nsCOMPtr<nsPIDOMWindowOuter> rootWin = rootItem->GetWindow(); + if (!rootWin) { + return false; + } + + nsCOMPtr<nsPIDOMWindowOuter> activeWindow; + activeWindow = fm->GetActiveWindow(); + if (!activeWindow) { + return false; + } + + return activeWindow == rootWin; + } + + return fm->GetActiveBrowsingContext() == bc->Top(); +} + +// Returns true if aDoc browsing context is focused and is also active. +bool IsInActiveTab(Document* aDoc) { + if (!IsInFocusedTab(aDoc)) { + return false; + } + + BrowsingContext* bc = aDoc->GetBrowsingContext(); + MOZ_ASSERT(bc, "With no BrowsingContext, we should have failed earlier."); + return bc->IsActive(); +} + +void Document::RemoteFrameFullscreenChanged(Element* aFrameElement) { + // Ensure the frame element is the fullscreen element in this document. + // If the frame element is already the fullscreen element in this document, + // this has no effect. + auto request = FullscreenRequest::CreateForRemote(aFrameElement); + RequestFullscreen(std::move(request), XRE_IsContentProcess()); +} + +void Document::RemoteFrameFullscreenReverted() { + UniquePtr<FullscreenExit> exit = FullscreenExit::CreateForRemote(this); + RestorePreviousFullscreenState(std::move(exit)); +} + +static bool HasFullscreenSubDocument(Document& aDoc) { + uint32_t count = CountFullscreenSubDocuments(aDoc); + NS_ASSERTION(count <= 1, + "Fullscreen docs should have at most 1 fullscreen child!"); + return count >= 1; +} + +// Returns nullptr if a request for Fullscreen API is currently enabled +// in the given document. Returns a static string indicates the reason +// why it is not enabled otherwise. +const char* Document::GetFullscreenError(CallerType aCallerType) { + if (!StaticPrefs::full_screen_api_enabled()) { + return "FullscreenDeniedDisabled"; + } + + if (aCallerType == CallerType::System) { + // Chrome code can always use the fullscreen API, provided it's not + // explicitly disabled. + return nullptr; + } + + if (!IsVisible()) { + return "FullscreenDeniedHidden"; + } + + if (!FeaturePolicyUtils::IsFeatureAllowed(this, u"fullscreen"_ns)) { + return "FullscreenDeniedFeaturePolicy"; + } + + // Ensure that all containing elements are <iframe> and have allowfullscreen + // attribute set. + BrowsingContext* bc = GetBrowsingContext(); + if (!bc || !bc->FullscreenAllowed()) { + return "FullscreenDeniedContainerNotAllowed"; + } + + return nullptr; +} + +bool Document::FullscreenElementReadyCheck(FullscreenRequest& aRequest) { + Element* elem = aRequest.Element(); + // Strictly speaking, this isn't part of the fullscreen element ready + // check in the spec, but per steps in the spec, when an element which + // is already the fullscreen element requests fullscreen, nothing + // should change and no event should be dispatched, but we still need + // to resolve the returned promise. + Element* fullscreenElement = GetUnretargetedFullscreenElement(); + if (elem == fullscreenElement) { + aRequest.MayResolvePromise(); + return false; + } + if (!elem->IsInComposedDoc()) { + aRequest.Reject("FullscreenDeniedNotInDocument"); + return false; + } + if (elem->IsPopoverOpen()) { + aRequest.Reject("FullscreenDeniedPopoverOpen"); + return false; + } + if (elem->OwnerDoc() != this) { + aRequest.Reject("FullscreenDeniedMovedDocument"); + return false; + } + if (!GetWindow()) { + aRequest.Reject("FullscreenDeniedLostWindow"); + return false; + } + if (const char* msg = GetFullscreenError(aRequest.mCallerType)) { + aRequest.Reject(msg); + return false; + } + if (HasFullscreenSubDocument(*this)) { + aRequest.Reject("FullscreenDeniedSubDocFullScreen"); + return false; + } + if (elem->IsHTMLElement(nsGkAtoms::dialog)) { + aRequest.Reject("FullscreenDeniedHTMLDialog"); + return false; + } + if (!nsContentUtils::IsChromeDoc(this) && !IsInFocusedTab(this)) { + aRequest.Reject("FullscreenDeniedNotFocusedTab"); + return false; + } + return true; +} + +static nsCOMPtr<nsPIDOMWindowOuter> GetRootWindow(Document* aDoc) { + MOZ_ASSERT(XRE_IsParentProcess()); + nsIDocShell* docShell = aDoc->GetDocShell(); + if (!docShell) { + return nullptr; + } + nsCOMPtr<nsIDocShellTreeItem> rootItem; + docShell->GetInProcessRootTreeItem(getter_AddRefs(rootItem)); + return rootItem ? rootItem->GetWindow() : nullptr; +} + +static bool ShouldApplyFullscreenDirectly(Document* aDoc, + nsPIDOMWindowOuter* aRootWin) { + MOZ_ASSERT(XRE_IsParentProcess()); + // If we are in the chrome process, and the window has not been in + // fullscreen, we certainly need to make that fullscreen first. + if (!aRootWin->GetFullScreen()) { + return false; + } + // The iterator not being at end indicates there is still some + // pending fullscreen request relates to this document. We have to + // push the request to the pending queue so requests are handled + // in the correct order. + PendingFullscreenChangeList::Iterator<FullscreenRequest> iter( + aDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot); + if (!iter.AtEnd()) { + return false; + } + + // Same thing for exits. If we have any pending, we have to push + // to the pending queue. + PendingFullscreenChangeList::Iterator<FullscreenExit> iterExit( + aDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot); + if (!iterExit.AtEnd()) { + return false; + } + + // We have to apply the fullscreen state directly in this case, + // because nsGlobalWindow::SetFullscreenInternal() will do nothing + // if it is already in fullscreen. If we do not apply the state but + // instead add it to the queue and wait for the window as normal, + // we would get stuck. + return true; +} + +static bool CheckFullscreenAllowedElementType(const Element* elem) { + // Per spec only HTML, <svg>, and <math> should be allowed, but + // we also need to allow XUL elements right now. + return elem->IsHTMLElement() || elem->IsXULElement() || + elem->IsSVGElement(nsGkAtoms::svg) || + elem->IsMathMLElement(nsGkAtoms::math); +} + +void Document::RequestFullscreen(UniquePtr<FullscreenRequest> aRequest, + bool aApplyFullscreenDirectly) { + if (XRE_IsContentProcess()) { + RequestFullscreenInContentProcess(std::move(aRequest), + aApplyFullscreenDirectly); + } else { + RequestFullscreenInParentProcess(std::move(aRequest), + aApplyFullscreenDirectly); + } +} + +void Document::RequestFullscreenInContentProcess( + UniquePtr<FullscreenRequest> aRequest, bool aApplyFullscreenDirectly) { + MOZ_ASSERT(XRE_IsContentProcess()); + + // If we are in the content process, we can apply the fullscreen + // state directly only if we have been in DOM fullscreen, because + // otherwise we always need to notify the chrome. + if (aApplyFullscreenDirectly || + nsContentUtils::GetInProcessSubtreeRootDocument(this)->Fullscreen()) { + ApplyFullscreen(std::move(aRequest)); + return; + } + + if (!CheckFullscreenAllowedElementType(aRequest->Element())) { + aRequest->Reject("FullscreenDeniedNotHTMLSVGOrMathML"); + return; + } + + // We don't need to check element ready before this point, because + // if we called ApplyFullscreen, it would check that for us. + if (!FullscreenElementReadyCheck(*aRequest)) { + return; + } + + PendingFullscreenChangeList::Add(std::move(aRequest)); + // If we are not the top level process, dispatch an event to make + // our parent process go fullscreen first. + Dispatch(NS_NewRunnableFunction( + "Document::RequestFullscreenInContentProcess", [self = RefPtr{this}] { + if (!self->HasPendingFullscreenRequests()) { + return; + } + nsContentUtils::DispatchEventOnlyToChrome( + self, self, u"MozDOMFullscreen:Request"_ns, CanBubble::eYes, + Cancelable::eNo, /* DefaultAction */ nullptr); + })); +} + +void Document::RequestFullscreenInParentProcess( + UniquePtr<FullscreenRequest> aRequest, bool aApplyFullscreenDirectly) { + MOZ_ASSERT(XRE_IsParentProcess()); + nsCOMPtr<nsPIDOMWindowOuter> rootWin = GetRootWindow(this); + if (!rootWin) { + aRequest->MayRejectPromise("No active window"); + return; + } + + if (aApplyFullscreenDirectly || + ShouldApplyFullscreenDirectly(this, rootWin)) { + ApplyFullscreen(std::move(aRequest)); + return; + } + + if (!CheckFullscreenAllowedElementType(aRequest->Element())) { + aRequest->Reject("FullscreenDeniedNotHTMLSVGOrMathML"); + return; + } + + // See if we're waiting on an exit. If so, just make this one pending. + PendingFullscreenChangeList::Iterator<FullscreenExit> iter( + this, PendingFullscreenChangeList::eDocumentsWithSameRoot); + if (!iter.AtEnd()) { + PendingFullscreenChangeList::Add(std::move(aRequest)); + rootWin->SetFullscreenInternal(FullscreenReason::ForFullscreenAPI, true); + return; + } + + // We don't need to check element ready before this point, because + // if we called ApplyFullscreen, it would check that for us. + if (!FullscreenElementReadyCheck(*aRequest)) { + return; + } + + PendingFullscreenChangeList::Add(std::move(aRequest)); + // Make the window fullscreen. + rootWin->SetFullscreenInternal(FullscreenReason::ForFullscreenAPI, true); +} + +/* static */ +bool Document::HandlePendingFullscreenRequests(Document* aDoc) { + bool handled = false; + PendingFullscreenChangeList::Iterator<FullscreenRequest> iter( + aDoc, PendingFullscreenChangeList::eDocumentsWithSameRoot); + while (!iter.AtEnd()) { + UniquePtr<FullscreenRequest> request = iter.TakeAndNext(); + Document* doc = request->Document(); + if (doc->ApplyFullscreen(std::move(request))) { + handled = true; + } + } + return handled; +} + +/* static */ +void Document::ClearPendingFullscreenRequests(Document* aDoc) { + PendingFullscreenChangeList::Iterator<FullscreenRequest> iter( + aDoc, PendingFullscreenChangeList::eInclusiveDescendants); + while (!iter.AtEnd()) { + UniquePtr<FullscreenRequest> request = iter.TakeAndNext(); + request->MayRejectPromise("Fullscreen request aborted"); + } +} + +bool Document::HasPendingFullscreenRequests() { + PendingFullscreenChangeList::Iterator<FullscreenRequest> iter( + this, PendingFullscreenChangeList::eDocumentsWithSameRoot); + return !iter.AtEnd(); +} + +bool Document::ApplyFullscreen(UniquePtr<FullscreenRequest> aRequest) { + if (!FullscreenElementReadyCheck(*aRequest)) { + return false; + } + + RefPtr<Document> doc = aRequest->Document(); + doc->HideAllPopoversWithoutRunningScript(); + + // Stash a reference to any existing fullscreen doc, we'll use this later + // to detect if the origin which is fullscreen has changed. + nsCOMPtr<Document> previousFullscreenDoc = GetFullscreenLeaf(this); + + // Stores a list of documents which we must dispatch "fullscreenchange" + // too. We're required by the spec to dispatch the events in root-to-leaf + // order, but we traverse the doctree in a leaf-to-root order, so we save + // references to the documents we must dispatch to so that we get the order + // as specified. + AutoTArray<Document*, 8> changed; + + // Remember the root document, so that if a fullscreen document is hidden + // we can reset fullscreen state in the remaining visible fullscreen + // documents. + Document* fullScreenRootDoc = + nsContentUtils::GetInProcessSubtreeRootDocument(this); + + // If a document is already in fullscreen, then unlock the mouse pointer + // before setting a new document to fullscreen + PointerLockManager::Unlock(); + + // Set the fullscreen element. This sets the fullscreen style on the + // element, and the fullscreen-ancestor styles on ancestors of the element + // in this document. + Element* elem = aRequest->Element(); + SetFullscreenElement(*elem); + // Set the iframe fullscreen flag. + if (auto* iframe = HTMLIFrameElement::FromNode(elem)) { + iframe->SetFullscreenFlag(true); + } + changed.AppendElement(this); + + // Propagate up the document hierarchy, setting the fullscreen element as + // the element's container in ancestor documents. This also sets the + // appropriate css styles as well. Note we don't propagate down the + // document hierarchy, the fullscreen element (or its container) is not + // visible there. Stop when we reach the root document. + Document* child = this; + while (true) { + child->SetFullscreenRoot(fullScreenRootDoc); + + // When entering fullscreen, reset the RCD's resolution to the intrinsic + // resolution, otherwise the fullscreen content could be sized larger than + // the screen (since fullscreen is implemented using position:fixed and + // fixed elements are sized to the layout viewport). + // This also ensures that things like video controls aren't zoomed in + // when in fullscreen mode. + if (PresShell* presShell = child->GetPresShell()) { + if (RefPtr<MobileViewportManager> manager = + presShell->GetMobileViewportManager()) { + // Save the previous resolution so it can be restored. + child->mSavedResolution = presShell->GetResolution(); + presShell->SetResolutionAndScaleTo( + manager->ComputeIntrinsicResolution(), + ResolutionChangeOrigin::MainThreadRestore); + } + } + + NS_ASSERTION(child->GetFullscreenRoot() == fullScreenRootDoc, + "Fullscreen root should be set!"); + if (child == fullScreenRootDoc) { + break; + } + + Element* element = child->GetEmbedderElement(); + if (!element) { + // We've reached the root.No more changes need to be made + // to the top layer stacks of documents further up the tree. + break; + } + + Document* parent = child->GetInProcessParentDocument(); + parent->SetFullscreenElement(*element); + changed.AppendElement(parent); + child = parent; + } + + FullscreenRoots::Add(this); + + // If it is the first entry of the fullscreen, trigger an event so + // that the UI can response to this change, e.g. hide chrome, or + // notifying parent process to enter fullscreen. Note that chrome + // code may also want to listen to MozDOMFullscreen:NewOrigin event + // to pop up warning UI. + if (!previousFullscreenDoc) { + nsContentUtils::DispatchEventOnlyToChrome( + this, elem, u"MozDOMFullscreen:Entered"_ns, CanBubble::eYes, + Cancelable::eNo, /* DefaultAction */ nullptr); + } + + // The origin which is fullscreen gets changed. Trigger an event so + // that the chrome knows to pop up a warning UI. Note that + // previousFullscreenDoc == nullptr upon first entry, we show the warning UI + // directly as soon as chrome document goes into fullscreen state. Also note + // that, in a multi-process browser, the code in content process is + // responsible for sending message with the origin to its parent, and the + // parent shouldn't rely on this event itself. + if (aRequest->mShouldNotifyNewOrigin && previousFullscreenDoc && + !nsContentUtils::HaveEqualPrincipals(previousFullscreenDoc, this)) { + DispatchFullscreenNewOriginEvent(this); + } + + // Dispatch "fullscreenchange" events. Note that the loop order is + // reversed so that events are dispatched in the tree order as + // indicated in the spec. + for (Document* d : Reversed(changed)) { + DispatchFullscreenChange(*d, d->GetUnretargetedFullscreenElement()); + } + aRequest->MayResolvePromise(); + return true; +} + +void Document::ClearOrientationPendingPromise() { + mOrientationPendingPromise = nullptr; +} + +bool Document::SetOrientationPendingPromise(Promise* aPromise) { + if (mIsGoingAway) { + return false; + } + + mOrientationPendingPromise = aPromise; + return true; +} + +void Document::UpdateVisibilityState(DispatchVisibilityChange aDispatchEvent) { + dom::VisibilityState oldState = mVisibilityState; + mVisibilityState = ComputeVisibilityState(); + if (oldState != mVisibilityState) { + if (aDispatchEvent == DispatchVisibilityChange::Yes) { + nsContentUtils::DispatchTrustedEvent(this, this, u"visibilitychange"_ns, + CanBubble::eYes, Cancelable::eNo); + } + NotifyActivityChanged(); + if (mVisibilityState == dom::VisibilityState::Visible) { + MaybeActiveMediaComponents(); + } + + bool visible = !Hidden(); + for (auto* listener : mWorkerListeners) { + listener->OnVisible(visible); + } + } +} + +void Document::AddWorkerDocumentListener(WorkerDocumentListener* aListener) { + mWorkerListeners.Insert(aListener); + aListener->OnVisible(!Hidden()); +} + +void Document::RemoveWorkerDocumentListener(WorkerDocumentListener* aListener) { + mWorkerListeners.Remove(aListener); +} + +VisibilityState Document::ComputeVisibilityState() const { + // We have to check a few pieces of information here: + // 1) Are we in bfcache (!IsVisible())? If so, nothing else matters. + // 2) Do we have an outer window? If not, we're hidden. Note that we don't + // want to use GetWindow here because it does weird groveling for windows + // in some cases. + // 3) Is our outer window background? If so, we're hidden. + // Otherwise, we're visible. + if (!IsVisible() || !mWindow || !mWindow->GetOuterWindow() || + mWindow->GetOuterWindow()->IsBackground()) { + return dom::VisibilityState::Hidden; + } + + return dom::VisibilityState::Visible; +} + +void Document::PostVisibilityUpdateEvent() { + nsCOMPtr<nsIRunnable> event = NewRunnableMethod<DispatchVisibilityChange>( + "Document::UpdateVisibilityState", this, &Document::UpdateVisibilityState, + DispatchVisibilityChange::Yes); + Dispatch(event.forget()); +} + +void Document::MaybeActiveMediaComponents() { + auto* window = GetWindow(); + if (!window || !window->ShouldDelayMediaFromStart()) { + return; + } + window->ActivateMediaComponents(); +} + +void Document::DocAddSizeOfExcludingThis(nsWindowSizes& aWindowSizes) const { + nsINode::AddSizeOfExcludingThis(aWindowSizes, + &aWindowSizes.mDOMSizes.mDOMOtherSize); + + for (nsIContent* kid = GetFirstChild(); kid; kid = kid->GetNextSibling()) { + AddSizeOfNodeTree(*kid, aWindowSizes); + } + + // IMPORTANT: for our ComputedValues measurements, we want to measure + // ComputedValues accessible from DOM elements before ComputedValues not + // accessible from DOM elements (i.e. accessible only from the frame tree). + // + // Therefore, the measurement of the Document superclass must happen after + // the measurement of DOM nodes (above), because Document contains the + // PresShell, which contains the frame tree. + if (mPresShell) { + mPresShell->AddSizeOfIncludingThis(aWindowSizes); + } + + if (mStyleSet) { + mStyleSet->AddSizeOfIncludingThis(aWindowSizes); + } + + aWindowSizes.mPropertyTablesSize += + mPropertyTable.SizeOfExcludingThis(aWindowSizes.mState.mMallocSizeOf); + + if (EventListenerManager* elm = GetExistingListenerManager()) { + aWindowSizes.mDOMEventListenersCount += elm->ListenerCount(); + } + + if (mNodeInfoManager) { + mNodeInfoManager->AddSizeOfIncludingThis(aWindowSizes); + } + + aWindowSizes.mDOMSizes.mDOMMediaQueryLists += + mDOMMediaQueryLists.sizeOfExcludingThis( + aWindowSizes.mState.mMallocSizeOf); + + for (const MediaQueryList* mql : mDOMMediaQueryLists) { + aWindowSizes.mDOMSizes.mDOMMediaQueryLists += + mql->SizeOfExcludingThis(aWindowSizes.mState.mMallocSizeOf); + } + + DocumentOrShadowRoot::AddSizeOfExcludingThis(aWindowSizes); + + for (auto& sheetArray : mAdditionalSheets) { + AddSizeOfOwnedSheetArrayExcludingThis(aWindowSizes, sheetArray); + } + // Lumping in the loader with the style-sheets size is not ideal, + // but most of the things in there are in fact stylesheets, so it + // doesn't seem worthwhile to separate it out. + // This can be null if we've already been unlinked. + if (mCSSLoader) { + aWindowSizes.mLayoutStyleSheetsSize += + mCSSLoader->SizeOfIncludingThis(aWindowSizes.mState.mMallocSizeOf); + } + + aWindowSizes.mDOMSizes.mDOMResizeObserverControllerSize += + mResizeObservers.ShallowSizeOfExcludingThis( + aWindowSizes.mState.mMallocSizeOf); + + if (mAttributeStyles) { + aWindowSizes.mDOMSizes.mDOMOtherSize += + mAttributeStyles->DOMSizeOfIncludingThis( + aWindowSizes.mState.mMallocSizeOf); + } + + if (mRadioGroupContainer) { + aWindowSizes.mDOMSizes.mDOMOtherSize += + mRadioGroupContainer->SizeOfIncludingThis( + aWindowSizes.mState.mMallocSizeOf); + } + + aWindowSizes.mDOMSizes.mDOMOtherSize += + mStyledLinks.ShallowSizeOfExcludingThis( + aWindowSizes.mState.mMallocSizeOf); + + // Measurement of the following members may be added later if DMD finds it + // is worthwhile: + // - mMidasCommandManager + // - many! +} + +void Document::DocAddSizeOfIncludingThis(nsWindowSizes& aWindowSizes) const { + aWindowSizes.mDOMSizes.mDOMOtherSize += + aWindowSizes.mState.mMallocSizeOf(this); + DocAddSizeOfExcludingThis(aWindowSizes); +} + +void Document::AddSizeOfExcludingThis(nsWindowSizes& aSizes, + size_t* aNodeSize) const { + // This AddSizeOfExcludingThis() overrides the one from nsINode. But + // nsDocuments can only appear at the top of the DOM tree, and we use the + // specialized DocAddSizeOfExcludingThis() in that case. So this should never + // be called. + MOZ_CRASH(); +} + +/* static */ +void Document::AddSizeOfNodeTree(nsINode& aNode, nsWindowSizes& aWindowSizes) { + size_t nodeSize = 0; + aNode.AddSizeOfIncludingThis(aWindowSizes, &nodeSize); + + // This is where we transfer the nodeSize obtained from + // nsINode::AddSizeOfIncludingThis() to a value in nsWindowSizes. + switch (aNode.NodeType()) { + case nsINode::ELEMENT_NODE: + aWindowSizes.mDOMSizes.mDOMElementNodesSize += nodeSize; + break; + case nsINode::TEXT_NODE: + aWindowSizes.mDOMSizes.mDOMTextNodesSize += nodeSize; + break; + case nsINode::CDATA_SECTION_NODE: + aWindowSizes.mDOMSizes.mDOMCDATANodesSize += nodeSize; + break; + case nsINode::COMMENT_NODE: + aWindowSizes.mDOMSizes.mDOMCommentNodesSize += nodeSize; + break; + default: + aWindowSizes.mDOMSizes.mDOMOtherSize += nodeSize; + break; + } + + if (EventListenerManager* elm = aNode.GetExistingListenerManager()) { + aWindowSizes.mDOMEventListenersCount += elm->ListenerCount(); + } + + if (aNode.IsContent()) { + nsTArray<nsIContent*> anonKids; + nsContentUtils::AppendNativeAnonymousChildren(aNode.AsContent(), anonKids, + nsIContent::eAllChildren); + for (nsIContent* anonKid : anonKids) { + AddSizeOfNodeTree(*anonKid, aWindowSizes); + } + + if (auto* element = Element::FromNode(aNode)) { + if (ShadowRoot* shadow = element->GetShadowRoot()) { + AddSizeOfNodeTree(*shadow, aWindowSizes); + } + } + } + + // NOTE(emilio): If you feel smart and want to change this function to use + // GetNextNode(), think twice, since you'd need to handle <xbl:content> in a + // sane way, and kids of <content> won't point to the parent, so we'd never + // find the root node where we should stop at. + for (nsIContent* kid = aNode.GetFirstChild(); kid; + kid = kid->GetNextSibling()) { + AddSizeOfNodeTree(*kid, aWindowSizes); + } +} + +already_AddRefed<Document> Document::Constructor(const GlobalObject& aGlobal, + ErrorResult& rv) { + nsCOMPtr<nsIScriptGlobalObject> global = + do_QueryInterface(aGlobal.GetAsSupports()); + if (!global) { + rv.Throw(NS_ERROR_UNEXPECTED); + return nullptr; + } + + nsCOMPtr<nsIScriptObjectPrincipal> prin = + do_QueryInterface(aGlobal.GetAsSupports()); + if (!prin) { + rv.Throw(NS_ERROR_UNEXPECTED); + return nullptr; + } + + nsCOMPtr<nsIURI> uri; + NS_NewURI(getter_AddRefs(uri), "about:blank"); + if (!uri) { + rv.Throw(NS_ERROR_OUT_OF_MEMORY); + return nullptr; + } + + nsCOMPtr<Document> doc; + nsresult res = NS_NewDOMDocument(getter_AddRefs(doc), VoidString(), u""_ns, + nullptr, uri, uri, prin->GetPrincipal(), + true, global, DocumentFlavorPlain); + if (NS_FAILED(res)) { + rv.Throw(res); + return nullptr; + } + + doc->SetReadyStateInternal(Document::READYSTATE_COMPLETE); + + return doc.forget(); +} + +UniquePtr<XPathExpression> Document::CreateExpression( + const nsAString& aExpression, XPathNSResolver* aResolver, ErrorResult& rv) { + return XPathEvaluator()->CreateExpression(aExpression, aResolver, rv); +} + +nsINode* Document::CreateNSResolver(nsINode& aNodeResolver) { + return XPathEvaluator()->CreateNSResolver(aNodeResolver); +} + +already_AddRefed<XPathResult> Document::Evaluate( + JSContext* aCx, const nsAString& aExpression, nsINode& aContextNode, + XPathNSResolver* aResolver, uint16_t aType, JS::Handle<JSObject*> aResult, + ErrorResult& rv) { + return XPathEvaluator()->Evaluate(aCx, aExpression, aContextNode, aResolver, + aType, aResult, rv); +} + +already_AddRefed<nsIAppWindow> Document::GetAppWindowIfToplevelChrome() const { + nsCOMPtr<nsIDocShellTreeItem> item = GetDocShell(); + if (!item) { + return nullptr; + } + nsCOMPtr<nsIDocShellTreeOwner> owner; + item->GetTreeOwner(getter_AddRefs(owner)); + nsCOMPtr<nsIAppWindow> appWin = do_GetInterface(owner); + if (!appWin) { + return nullptr; + } + nsCOMPtr<nsIDocShell> appWinShell; + appWin->GetDocShell(getter_AddRefs(appWinShell)); + if (!SameCOMIdentity(appWinShell, item)) { + return nullptr; + } + return appWin.forget(); +} + +WindowContext* Document::GetTopLevelWindowContext() const { + WindowContext* windowContext = GetWindowContext(); + return windowContext ? windowContext->TopWindowContext() : nullptr; +} + +Document* Document::GetTopLevelContentDocumentIfSameProcess() { + Document* parent; + + if (!mLoadedAsData) { + parent = this; + } else { + nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(GetScopeObject()); + if (!window) { + return nullptr; + } + + parent = window->GetExtantDoc(); + if (!parent) { + return nullptr; + } + } + + do { + if (parent->IsTopLevelContentDocument()) { + break; + } + + // If we ever have a non-content parent before we hit a toplevel content + // parent, then we're never going to find one. Just bail. + if (!parent->IsContentDocument()) { + return nullptr; + } + + parent = parent->GetInProcessParentDocument(); + } while (parent); + + return parent; +} + +const Document* Document::GetTopLevelContentDocumentIfSameProcess() const { + return const_cast<Document*>(this)->GetTopLevelContentDocumentIfSameProcess(); +} + +void Document::PropagateImageUseCounters(Document* aReferencingDocument) { + MOZ_ASSERT(IsBeingUsedAsImage()); + MOZ_ASSERT(aReferencingDocument); + + if (!aReferencingDocument->mShouldReportUseCounters) { + // No need to propagate use counters to a document that itself won't report + // use counters. + return; + } + + MOZ_LOG(gUseCountersLog, LogLevel::Debug, + ("PropagateImageUseCounters from %s to %s", + nsContentUtils::TruncatedURLForDisplay(mDocumentURI).get(), + nsContentUtils::TruncatedURLForDisplay( + aReferencingDocument->mDocumentURI) + .get())); + + if (aReferencingDocument->IsBeingUsedAsImage()) { + NS_WARNING( + "Page use counters from nested image documents may not " + "propagate to the top-level document (bug 1657805)"); + } + + SetCssUseCounterBits(); + aReferencingDocument->mChildDocumentUseCounters |= mUseCounters; + aReferencingDocument->mChildDocumentUseCounters |= mChildDocumentUseCounters; +} + +bool Document::HasScriptsBlockedBySandbox() const { + return mSandboxFlags & SANDBOXED_SCRIPTS; +} + +void Document::SetCssUseCounterBits() { + if (StaticPrefs::layout_css_use_counters_enabled()) { + for (size_t i = 0; i < eCSSProperty_COUNT_with_aliases; ++i) { + auto id = nsCSSPropertyID(i); + if (Servo_IsPropertyIdRecordedInUseCounter(mStyleUseCounters.get(), id)) { + SetUseCounter(nsCSSProps::UseCounterFor(id)); + } + } + } + + if (StaticPrefs::layout_css_use_counters_unimplemented_enabled()) { + for (size_t i = 0; i < size_t(CountedUnknownProperty::Count); ++i) { + auto id = CountedUnknownProperty(i); + if (Servo_IsUnknownPropertyRecordedInUseCounter(mStyleUseCounters.get(), + id)) { + SetUseCounter(UseCounter(eUseCounter_FirstCountedUnknownProperty + i)); + } + } + } +} + +void Document::InitUseCounters() { + // We can be called more than once, e.g. when session history navigation shows + // us a second time. + if (mUseCountersInitialized) { + return; + } + mUseCountersInitialized = true; + + if (!ShouldIncludeInTelemetry()) { + return; + } + + // Now we know for sure that we should report use counters from this document. + mShouldReportUseCounters = true; + + WindowContext* top = GetWindowContextForPageUseCounters(); + if (!top) { + // This is the case for SVG image documents. They are not displayed in a + // window, but we still do want to record document use counters for them. + // + // Page use counter propagation is handled in PropagateImageUseCounters, + // so there is no need to use the cross-process machinery to send them. + MOZ_LOG(gUseCountersLog, LogLevel::Debug, + ("InitUseCounters for a non-displayed document [%s]", + nsContentUtils::TruncatedURLForDisplay(mDocumentURI).get())); + return; + } + + RefPtr<WindowGlobalChild> wgc = GetWindowGlobalChild(); + if (!wgc) { + return; + } + + MOZ_LOG(gUseCountersLog, LogLevel::Debug, + ("InitUseCounters for a displayed document: %" PRIu64 " -> %" PRIu64 + " [from %s]", + wgc->InnerWindowId(), top->Id(), + nsContentUtils::TruncatedURLForDisplay(mDocumentURI).get())); + + // Inform the parent process that we will send it page use counters later on. + wgc->SendExpectPageUseCounters(top); + mShouldSendPageUseCounters = true; +} + +// We keep separate counts for individual documents and top-level +// pages to more accurately track how many web pages might break if +// certain features were removed. Consider the case of a single +// HTML document with several SVG images and/or iframes with +// sub-documents of their own. If we maintained a single set of use +// counters and all the sub-documents use a particular feature, then +// telemetry would indicate that we would be breaking N documents if +// that feature were removed. Whereas with a document/top-level +// page split, we can see that N documents would be affected, but +// only a single web page would be affected. +// +// The difference between the values of these two counts and the +// related use counters below tell us how many pages did *not* use +// the feature in question. For instance, if we see that a given +// session has destroyed 30 content documents, but a particular use +// counter shows only a count of 5, we can infer that the use +// counter was *not* used in 25 of those 30 documents. +// +// We do things this way, rather than accumulating a boolean flag +// for each use counter, to avoid sending data for features +// that don't get widely used. Doing things in this fashion means +// smaller telemetry payloads and faster processing on the server +// side. +void Document::ReportDocumentUseCounters() { + if (!mShouldReportUseCounters || mReportedDocumentUseCounters) { + return; + } + + mReportedDocumentUseCounters = true; + + // Note that a document is being destroyed. See the comment above for how + // use counter data are interpreted relative to this measurement. + glean::use_counter::content_documents_destroyed.Add(); + + // Ask all of our resource documents to report their own document use + // counters. + EnumerateExternalResources([](Document& aDoc) { + aDoc.ReportDocumentUseCounters(); + return CallState::Continue; + }); + + // Copy StyleUseCounters into our document use counters. + SetCssUseCounterBits(); + + Maybe<nsCString> urlForLogging; + const bool dumpCounters = StaticPrefs::dom_use_counters_dump_document(); + if (dumpCounters) { + urlForLogging.emplace( + nsContentUtils::TruncatedURLForDisplay(GetDocumentURI())); + } + + // Report our per-document use counters. + for (int32_t c = 0; c < eUseCounter_Count; ++c) { + auto uc = static_cast<UseCounter>(c); + if (!mUseCounters[uc]) { + continue; + } + + const char* metricName = IncrementUseCounter(uc, /* aIsPage = */ false); + if (dumpCounters) { + printf_stderr("USE_COUNTER_DOCUMENT: %s - %s\n", metricName, + urlForLogging->get()); + } + } +} + +void Document::ReportLCP() { + const nsDOMNavigationTiming* timing = GetNavigationTiming(); + + if (!timing) { + return; + } + + TimeStamp lcpTime = timing->GetLargestContentfulRenderTimeStamp(); + + if (!lcpTime) { + return; + } + + mozilla::glean::perf::largest_contentful_paint.AccumulateRawDuration( + lcpTime - timing->GetNavigationStartTimeStamp()); + + if (!GetChannel()) { + return; + } + + nsCOMPtr<nsITimedChannel> timedChannel(do_QueryInterface(GetChannel())); + if (!timedChannel) { + return; + } + + TimeStamp responseStart; + timedChannel->GetResponseStart(&responseStart); + + if (!responseStart) { + return; + } + + mozilla::glean::perf::largest_contentful_paint_from_response_start + .AccumulateRawDuration(lcpTime - responseStart); + + if (profiler_thread_is_being_profiled_for_markers()) { + MarkerInnerWindowId innerWindowID = + MarkerInnerWindowIdFromDocShell(GetDocShell()); + GetNavigationTiming()->MaybeAddLCPProfilerMarker(innerWindowID); + } +} + +void Document::SendPageUseCounters() { + if (!mShouldReportUseCounters || !mShouldSendPageUseCounters) { + return; + } + + // Ask all of our resource documents to send their own document use + // counters to the parent process to be counted as page use counters. + EnumerateExternalResources([](Document& aDoc) { + aDoc.SendPageUseCounters(); + return CallState::Continue; + }); + + // Send our use counters to the parent process to accumulate them towards the + // page use counters for the top-level document. + // + // We take our own document use counters (those in mUseCounters) and any child + // document use counters (those in mChildDocumentUseCounters) that have been + // explicitly propagated up to us, which includes resource documents, static + // clones, and SVG images. + RefPtr<WindowGlobalChild> wgc = GetWindowGlobalChild(); + if (!wgc) { + MOZ_ASSERT_UNREACHABLE( + "SendPageUseCounters should be called while we still have access " + "to our WindowContext"); + MOZ_LOG(gUseCountersLog, LogLevel::Debug, + (" > too late to send page use counters")); + return; + } + + MOZ_LOG(gUseCountersLog, LogLevel::Debug, + ("Sending page use counters: from WindowContext %" PRIu64 " [%s]", + wgc->WindowContext()->Id(), + nsContentUtils::TruncatedURLForDisplay(GetDocumentURI()).get())); + + // Copy StyleUseCounters into our document use counters. + SetCssUseCounterBits(); + + UseCounters counters = mUseCounters | mChildDocumentUseCounters; + wgc->SendAccumulatePageUseCounters(counters); +} + +bool Document::RecomputeResistFingerprinting() { + mOverriddenFingerprintingSettings.reset(); + const bool previous = mShouldResistFingerprinting; + + RefPtr<BrowsingContext> opener = + GetBrowsingContext() ? GetBrowsingContext()->GetOpener() : nullptr; + // If we have a parent or opener document, defer to it only when we have a + // null principal (e.g. a sandboxed iframe or a data: uri) or when the + // document's principal matches. This means we will defer about:blank, + // about:srcdoc, blob and same-origin iframes/popups to the parent/opener, + // but not cross-origin ones. Cross-origin iframes/popups may inherit a + // CookieJarSettings.mShouldRFP = false bit however, which will be respected. + auto shouldInheritFrom = [this](Document* aDoc) { + return aDoc && (this->NodePrincipal()->Equals(aDoc->NodePrincipal()) || + this->NodePrincipal()->GetIsNullPrincipal()); + }; + + if (shouldInheritFrom(mParentDocument)) { + MOZ_LOG( + nsContentUtils::ResistFingerprintingLog(), LogLevel::Debug, + ("Inside RecomputeResistFingerprinting with URI %s and deferring " + "to parent document %s", + GetDocumentURI() ? GetDocumentURI()->GetSpecOrDefault().get() : "null", + mParentDocument->GetDocumentURI()->GetSpecOrDefault().get())); + mShouldResistFingerprinting = mParentDocument->ShouldResistFingerprinting( + RFPTarget::IsAlwaysEnabledForPrecompute); + mOverriddenFingerprintingSettings = + mParentDocument->mOverriddenFingerprintingSettings; + } else if (opener && shouldInheritFrom(opener->GetDocument())) { + MOZ_LOG( + nsContentUtils::ResistFingerprintingLog(), LogLevel::Debug, + ("Inside RecomputeResistFingerprinting with URI %s and deferring to " + "opener document %s", + GetDocumentURI() ? GetDocumentURI()->GetSpecOrDefault().get() : "null", + opener->GetDocument()->GetDocumentURI()->GetSpecOrDefault().get())); + mShouldResistFingerprinting = + opener->GetDocument()->ShouldResistFingerprinting( + RFPTarget::IsAlwaysEnabledForPrecompute); + mOverriddenFingerprintingSettings = + opener->GetDocument()->mOverriddenFingerprintingSettings; + } else if (nsContentUtils::IsChromeDoc(this)) { + MOZ_LOG(nsContentUtils::ResistFingerprintingLog(), LogLevel::Debug, + ("Inside RecomputeResistFingerprinting with a ChromeDoc")); + + mShouldResistFingerprinting = false; + mOverriddenFingerprintingSettings.reset(); + } else if (mChannel) { + MOZ_LOG(nsContentUtils::ResistFingerprintingLog(), LogLevel::Debug, + ("Inside RecomputeResistFingerprinting with URI %s", + GetDocumentURI() ? GetDocumentURI()->GetSpecOrDefault().get() + : "null")); + mShouldResistFingerprinting = nsContentUtils::ShouldResistFingerprinting( + mChannel, RFPTarget::IsAlwaysEnabledForPrecompute); + + nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo(); + mOverriddenFingerprintingSettings = + loadInfo->GetOverriddenFingerprintingSettings(); + } else { + MOZ_LOG(nsContentUtils::ResistFingerprintingLog(), LogLevel::Debug, + ("Inside RecomputeResistFingerprinting fallback case.")); + // We still preserve the behavior in the fallback case. But, it means there + // might be some cases we haven't considered yet and we need to investigate + // them. + mShouldResistFingerprinting = nsContentUtils::ShouldResistFingerprinting( + mChannel, RFPTarget::IsAlwaysEnabledForPrecompute); + mOverriddenFingerprintingSettings.reset(); + } + + MOZ_LOG(nsContentUtils::ResistFingerprintingLog(), LogLevel::Debug, + ("Finished RecomputeResistFingerprinting with result %x", + mShouldResistFingerprinting)); + + bool changed = previous != mShouldResistFingerprinting; + if (changed) { + if (auto win = nsGlobalWindowInner::Cast(GetInnerWindow())) { + win->RefreshReduceTimerPrecisionCallerType(); + } + } + return changed; +} + +bool Document::ShouldResistFingerprinting(RFPTarget aTarget) const { + return mShouldResistFingerprinting && + nsRFPService::IsRFPEnabledFor(this->IsInPrivateBrowsing(), aTarget, + mOverriddenFingerprintingSettings); +} + +void Document::RecordCanvasUsage(CanvasUsage& aUsage) { + // Limit the number of recent canvas extraction uses that are tracked. + const size_t kTrackedCanvasLimit = 8; + // Timeout between different canvas extractions. + const uint64_t kTimeoutUsec = 3000 * 1000; + + uint64_t now = PR_Now(); + if ((mCanvasUsage.Length() > kTrackedCanvasLimit) || + ((now - mLastCanvasUsage) > kTimeoutUsec)) { + mCanvasUsage.ClearAndRetainStorage(); + } + + mCanvasUsage.AppendElement(aUsage); + mLastCanvasUsage = now; + + nsCString originNoSuffix; + if (NS_FAILED(NodePrincipal()->GetOriginNoSuffix(originNoSuffix))) { + return; + } + + nsRFPService::MaybeReportCanvasFingerprinter(mCanvasUsage, GetChannel(), + originNoSuffix); +} + +void Document::RecordFontFingerprinting() { + nsCString originNoSuffix; + if (NS_FAILED(NodePrincipal()->GetOriginNoSuffix(originNoSuffix))) { + return; + } + + nsRFPService::MaybeReportFontFingerprinter(GetChannel(), originNoSuffix); +} + +bool Document::IsInPrivateBrowsing() const { return mIsInPrivateBrowsing; } + +WindowContext* Document::GetWindowContextForPageUseCounters() const { + if (mDisplayDocument) { + // If we are a resource document, then go through it to find the + // top-level document. + return mDisplayDocument->GetWindowContextForPageUseCounters(); + } + + if (mOriginalDocument) { + // For static clones (print preview documents), contribute page use counters + // towards the original document. + return mOriginalDocument->GetWindowContextForPageUseCounters(); + } + + WindowContext* wc = GetTopLevelWindowContext(); + if (!wc || !wc->GetBrowsingContext()->IsContent()) { + return nullptr; + } + + return wc; +} + +void Document::UpdateIntersectionObservations(TimeStamp aNowTime) { + if (mIntersectionObservers.IsEmpty()) { + return; + } + + DOMHighResTimeStamp time = 0; + if (nsPIDOMWindowInner* win = GetInnerWindow()) { + if (Performance* perf = win->GetPerformance()) { + time = perf->TimeStampToDOMHighResForRendering(aNowTime); + } + } + + const auto observers = ToTArray<nsTArray<RefPtr<DOMIntersectionObserver>>>( + mIntersectionObservers); + for (const auto& observer : observers) { + if (observer) { + observer->Update(*this, time); + } + } +} + +void Document::ScheduleIntersectionObserverNotification() { + if (mIntersectionObservers.IsEmpty()) { + return; + } + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsIRunnable> notification = + NewRunnableMethod("Document::NotifyIntersectionObservers", this, + &Document::NotifyIntersectionObservers); + Dispatch(notification.forget()); +} + +void Document::NotifyIntersectionObservers() { + const auto observers = ToTArray<nsTArray<RefPtr<DOMIntersectionObserver>>>( + mIntersectionObservers); + for (const auto& observer : observers) { + if (observer) { + // MOZ_KnownLive because the 'observers' array guarantees to keep it + // alive. + MOZ_KnownLive(observer)->Notify(); + } + } +} + +DOMIntersectionObserver& Document::EnsureLazyLoadObserver() { + if (!mLazyLoadObserver) { + mLazyLoadObserver = DOMIntersectionObserver::CreateLazyLoadObserver(*this); + } + return *mLazyLoadObserver; +} + +ResizeObserver& Document::EnsureLastRememberedSizeObserver() { + if (!mLastRememberedSizeObserver) { + mLastRememberedSizeObserver = + ResizeObserver::CreateLastRememberedSizeObserver(*this); + } + return *mLastRememberedSizeObserver; +} + +void Document::ObserveForLastRememberedSize(Element& aElement) { + if (NS_WARN_IF(!IsActive())) { + return; + } + // Options are initialized with ResizeObserverBoxOptions::Content_box by + // default, which is what we want. + static ResizeObserverOptions options; + EnsureLastRememberedSizeObserver().Observe(aElement, options); +} + +void Document::UnobserveForLastRememberedSize(Element& aElement) { + if (mLastRememberedSizeObserver) { + mLastRememberedSizeObserver->Unobserve(aElement); + } +} + +void Document::NotifyLayerManagerRecreated() { + NotifyActivityChanged(); + EnumerateSubDocuments([](Document& aSubDoc) { + aSubDoc.NotifyLayerManagerRecreated(); + return CallState::Continue; + }); +} + +XPathEvaluator* Document::XPathEvaluator() { + if (!mXPathEvaluator) { + mXPathEvaluator.reset(new dom::XPathEvaluator(this)); + } + return mXPathEvaluator.get(); +} + +already_AddRefed<nsIDocumentEncoder> Document::GetCachedEncoder() { + return mCachedEncoder.forget(); +} + +void Document::SetCachedEncoder(already_AddRefed<nsIDocumentEncoder> aEncoder) { + mCachedEncoder = aEncoder; +} + +nsILoadContext* Document::GetLoadContext() const { return mDocumentContainer; } + +nsIDocShell* Document::GetDocShell() const { return mDocumentContainer; } + +void Document::SetStateObject(nsIStructuredCloneContainer* scContainer) { + mStateObjectContainer = scContainer; + mCachedStateObject = JS::UndefinedValue(); + mCachedStateObjectValid = false; +} + +bool Document::ComputeDocumentLWTheme() const { + if (!NodePrincipal()->IsSystemPrincipal()) { + return false; + } + + Element* element = GetRootElement(); + return element && element->AttrValueIs(kNameSpaceID_None, nsGkAtoms::lwtheme, + nsGkAtoms::_true, eCaseMatters); +} + +already_AddRefed<Element> Document::CreateHTMLElement(nsAtom* aTag) { + RefPtr<mozilla::dom::NodeInfo> nodeInfo; + nodeInfo = mNodeInfoManager->GetNodeInfo(aTag, nullptr, kNameSpaceID_XHTML, + ELEMENT_NODE); + MOZ_ASSERT(nodeInfo, "GetNodeInfo should never fail"); + + nsCOMPtr<Element> element; + DebugOnly<nsresult> rv = + NS_NewHTMLElement(getter_AddRefs(element), nodeInfo.forget(), + mozilla::dom::NOT_FROM_PARSER); + + MOZ_ASSERT(NS_SUCCEEDED(rv), "NS_NewHTMLElement should never fail"); + return element.forget(); +} + +void AutoWalkBrowsingContextGroup::SuppressBrowsingContext( + BrowsingContext* aContext) { + aContext->PreOrderWalk([&](BrowsingContext* aBC) { + if (nsCOMPtr<nsPIDOMWindowOuter> win = aBC->GetDOMWindow()) { + if (RefPtr<Document> doc = win->GetExtantDoc()) { + SuppressDocument(doc); + mDocuments.AppendElement(doc); + } + } + }); +} + +void AutoWalkBrowsingContextGroup::SuppressBrowsingContextGroup( + BrowsingContextGroup* aGroup) { + for (const auto& bc : aGroup->Toplevels()) { + SuppressBrowsingContext(bc); + } +} + +nsAutoSyncOperation::nsAutoSyncOperation(Document* aDoc, + SyncOperationBehavior aSyncBehavior) + : mSyncBehavior(aSyncBehavior) { + mMicroTaskLevel = 0; + if (CycleCollectedJSContext* ccjs = CycleCollectedJSContext::Get()) { + mMicroTaskLevel = ccjs->MicroTaskLevel(); + ccjs->SetMicroTaskLevel(0); + } + if (aDoc) { + mBrowsingContext = aDoc->GetBrowsingContext(); + if (InputTaskManager::CanSuspendInputEvent()) { + if (auto* bcg = aDoc->GetDocGroup()->GetBrowsingContextGroup()) { + SuppressBrowsingContextGroup(bcg); + } + } else if (mBrowsingContext) { + SuppressBrowsingContext(mBrowsingContext->Top()); + } + if (mBrowsingContext && + mSyncBehavior == SyncOperationBehavior::eSuspendInput && + InputTaskManager::CanSuspendInputEvent()) { + mBrowsingContext->Group()->IncInputEventSuspensionLevel(); + } + } +} + +void nsAutoSyncOperation::SuppressDocument(Document* aDoc) { + if (nsCOMPtr<nsPIDOMWindowInner> win = aDoc->GetInnerWindow()) { + win->TimeoutManager().BeginSyncOperation(); + } + aDoc->SetIsInSyncOperation(true); +} + +void nsAutoSyncOperation::UnsuppressDocument(Document* aDoc) { + if (nsCOMPtr<nsPIDOMWindowInner> win = aDoc->GetInnerWindow()) { + win->TimeoutManager().EndSyncOperation(); + } + aDoc->SetIsInSyncOperation(false); +} + +nsAutoSyncOperation::~nsAutoSyncOperation() { + UnsuppressDocuments(); + CycleCollectedJSContext* ccjs = CycleCollectedJSContext::Get(); + if (ccjs) { + ccjs->SetMicroTaskLevel(mMicroTaskLevel); + } + if (mBrowsingContext && + mSyncBehavior == SyncOperationBehavior::eSuspendInput && + InputTaskManager::CanSuspendInputEvent()) { + mBrowsingContext->Group()->DecInputEventSuspensionLevel(); + } +} + +void Document::SetIsInSyncOperation(bool aSync) { + if (CycleCollectedJSContext* ccjs = CycleCollectedJSContext::Get()) { + ccjs->UpdateMicroTaskSuppressionGeneration(); + } + + if (aSync) { + ++mInSyncOperationCount; + } else { + --mInSyncOperationCount; + } +} + +gfxUserFontSet* Document::GetUserFontSet() { + if (!mFontFaceSet) { + return nullptr; + } + + return mFontFaceSet->GetImpl(); +} + +void Document::FlushUserFontSet() { + if (!mFontFaceSetDirty) { + return; + } + + mFontFaceSetDirty = false; + + if (gfxPlatform::GetPlatform()->DownloadableFontsEnabled()) { + nsTArray<nsFontFaceRuleContainer> rules; + RefPtr<PresShell> presShell = GetPresShell(); + if (presShell) { + MOZ_ASSERT(mStyleSetFilled); + EnsureStyleSet().AppendFontFaceRules(rules); + } + + if (!mFontFaceSet && !rules.IsEmpty()) { + mFontFaceSet = FontFaceSet::CreateForDocument(this); + } + + bool changed = false; + if (mFontFaceSet) { + changed = mFontFaceSet->UpdateRules(rules); + } + + // We need to enqueue a style change reflow (for later) to + // reflect that we're modifying @font-face rules. (However, + // without a reflow, nothing will happen to start any downloads + // that are needed.) + if (changed && presShell) { + if (nsPresContext* presContext = presShell->GetPresContext()) { + presContext->UserFontSetUpdated(); + } + } + } +} + +void Document::MarkUserFontSetDirty() { + if (mFontFaceSetDirty) { + return; + } + mFontFaceSetDirty = true; + if (PresShell* presShell = GetPresShell()) { + presShell->EnsureStyleFlush(); + } +} + +FontFaceSet* Document::Fonts() { + if (!mFontFaceSet) { + mFontFaceSet = FontFaceSet::CreateForDocument(this); + FlushUserFontSet(); + } + return mFontFaceSet; +} + +void Document::ReportHasScrollLinkedEffect(const TimeStamp& aTimeStamp) { + MOZ_ASSERT(!aTimeStamp.IsNull()); + + if (!mLastScrollLinkedEffectDetectionTime.IsNull() && + mLastScrollLinkedEffectDetectionTime >= aTimeStamp) { + return; + } + + if (mLastScrollLinkedEffectDetectionTime.IsNull()) { + // Report to console just once. + nsContentUtils::ReportToConsole( + nsIScriptError::warningFlag, "Async Pan/Zoom"_ns, this, + nsContentUtils::eLAYOUT_PROPERTIES, "ScrollLinkedEffectFound3"); + } + + mLastScrollLinkedEffectDetectionTime = aTimeStamp; +} + +bool Document::HasScrollLinkedEffect() const { + if (nsPresContext* pc = GetPresContext()) { + return mLastScrollLinkedEffectDetectionTime == + pc->RefreshDriver()->MostRecentRefresh(); + } + + return false; +} + +void Document::SetSHEntryHasUserInteraction(bool aHasInteraction) { + if (RefPtr<WindowContext> topWc = GetTopLevelWindowContext()) { + // Setting has user interction on a discarded browsing context has + // no effect. + Unused << topWc->SetSHEntryHasUserInteraction(aHasInteraction); + } +} + +bool Document::GetSHEntryHasUserInteraction() { + if (RefPtr<WindowContext> topWc = GetTopLevelWindowContext()) { + return topWc->GetSHEntryHasUserInteraction(); + } + return false; +} + +void Document::SetUserHasInteracted() { + MOZ_LOG(gUserInteractionPRLog, LogLevel::Debug, + ("Document %p has been interacted by user.", this)); + + // We maybe need to update the user-interaction permission. + MaybeStoreUserInteractionAsPermission(); + + // For purposes of reducing irrelevant session history entries on + // the back button, we annotate entries with whether they had user + // interaction. This is gated on its own flag on the WindowContext + // (instead of mUserHasInteracted) to account for the fact that multiple + // top-level SH entries can be associated with the same document. + // Thus, whenever we create a new SH entry for this document, + // this flag is reset. + if (!GetSHEntryHasUserInteraction()) { + nsIDocShell* docShell = GetDocShell(); + if (docShell) { + nsCOMPtr<nsISHEntry> currentEntry; + bool oshe; + nsresult rv = + docShell->GetCurrentSHEntry(getter_AddRefs(currentEntry), &oshe); + if (!NS_WARN_IF(NS_FAILED(rv)) && currentEntry) { + currentEntry->SetHasUserInteraction(true); + } + } + SetSHEntryHasUserInteraction(true); + } + + if (mUserHasInteracted) { + return; + } + + mUserHasInteracted = true; + + if (mChannel) { + nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo(); + loadInfo->SetDocumentHasUserInteracted(true); + } + // Tell the parent process about user interaction + if (auto* wgc = GetWindowGlobalChild()) { + wgc->SendUpdateDocumentHasUserInteracted(true); + } + + MaybeAllowStorageForOpenerAfterUserInteraction(); +} + +BrowsingContext* Document::GetBrowsingContext() const { + return mDocumentContainer ? mDocumentContainer->GetBrowsingContext() + : nullptr; +} + +void Document::NotifyUserGestureActivation( + UserActivation::Modifiers + aModifiers /* = UserActivation::Modifiers::None() */) { + // https://html.spec.whatwg.org/multipage/interaction.html#activation-notification + // 1. "Assert: document is fully active." + RefPtr<BrowsingContext> currentBC = GetBrowsingContext(); + if (!currentBC) { + return; + } + + RefPtr<WindowContext> currentWC = GetWindowContext(); + if (!currentWC) { + return; + } + + // 2. "Let windows be « document's relevant global object" + // Instead of assembling a list, we just call notify for wanted windows as we + // find them + currentWC->NotifyUserGestureActivation(aModifiers); + + // 3. "...windows with the active window of each of document's ancestor + // navigables." + for (WindowContext* wc = currentWC; wc; wc = wc->GetParentWindowContext()) { + wc->NotifyUserGestureActivation(aModifiers); + } + + // 4. "windows with the active window of each of document's descendant + // navigables, filtered to include only those navigables whose active + // document's origin is same origin with document's origin" + currentBC->PreOrderWalk([&](BrowsingContext* bc) { + WindowContext* wc = bc->GetCurrentWindowContext(); + if (!wc) { + return; + } + + // Check same-origin as current document + WindowGlobalChild* wgc = wc->GetWindowGlobalChild(); + if (!wgc || !wgc->IsSameOriginWith(currentWC)) { + return; + } + + wc->NotifyUserGestureActivation(aModifiers); + }); +} + +bool Document::HasBeenUserGestureActivated() { + RefPtr<WindowContext> wc = GetWindowContext(); + return wc && wc->HasBeenUserGestureActivated(); +} + +DOMHighResTimeStamp Document::LastUserGestureTimeStamp() { + if (RefPtr<WindowContext> wc = GetWindowContext()) { + if (nsGlobalWindowInner* innerWindow = wc->GetInnerWindow()) { + if (Performance* perf = innerWindow->GetPerformance()) { + return perf->GetDOMTiming()->TimeStampToDOMHighRes( + wc->GetUserGestureStart()); + } + } + } + + NS_WARNING( + "Unable to calculate DOMHighResTimeStamp for LastUserGestureTimeStamp"); + return 0; +} + +void Document::ClearUserGestureActivation() { + if (RefPtr<BrowsingContext> bc = GetBrowsingContext()) { + bc = bc->Top(); + bc->PreOrderWalk([&](BrowsingContext* aBC) { + if (WindowContext* windowContext = aBC->GetCurrentWindowContext()) { + windowContext->NotifyResetUserGestureActivation(); + } + }); + } +} + +bool Document::HasValidTransientUserGestureActivation() const { + RefPtr<WindowContext> wc = GetWindowContext(); + return wc && wc->HasValidTransientUserGestureActivation(); +} + +bool Document::ConsumeTransientUserGestureActivation() { + RefPtr<WindowContext> wc = GetWindowContext(); + return wc && wc->ConsumeTransientUserGestureActivation(); +} + +bool Document::GetTransientUserGestureActivationModifiers( + UserActivation::Modifiers* aModifiers) { + RefPtr<WindowContext> wc = GetWindowContext(); + return wc && wc->GetTransientUserGestureActivationModifiers(aModifiers); +} + +void Document::SetDocTreeHadMedia() { + RefPtr<WindowContext> topWc = GetTopLevelWindowContext(); + if (topWc && !topWc->IsDiscarded() && !topWc->GetDocTreeHadMedia()) { + MOZ_ALWAYS_SUCCEEDS(topWc->SetDocTreeHadMedia(true)); + } +} + +void Document::MaybeAllowStorageForOpenerAfterUserInteraction() { + if (!CookieJarSettings()->GetRejectThirdPartyContexts()) { + return; + } + + // This will probably change for project fission, but currently this document + // and the opener are on the same process. In the future, we should make this + // part async. + nsPIDOMWindowInner* inner = GetInnerWindow(); + if (NS_WARN_IF(!inner)) { + return; + } + + // We care about first-party tracking resources only. + if (!nsContentUtils::IsFirstPartyTrackingResourceWindow(inner)) { + return; + } + + auto* outer = nsGlobalWindowOuter::Cast(inner->GetOuterWindow()); + if (NS_WARN_IF(!outer)) { + return; + } + + RefPtr<BrowsingContext> openerBC = outer->GetOpenerBrowsingContext(); + if (!openerBC) { + // No opener. + return; + } + + // We want to ensure the following check works for both fission mode and + // non-fission mode: + // "If the opener is not a 3rd party and if this window is not a 3rd party + // with respect to the opener, we should not continue." + // + // In non-fission mode, the opener and the opened window are in the same + // process, we can use AntiTrackingUtils::IsThirdPartyWindow to do the check. + // In fission mode, if this window is not a 3rd party with respect to the + // opener, they must be in the same process, so we can still use + // IsThirdPartyWindow(openerInner) to continue to check if the opener is a 3rd + // party. + if (openerBC->IsInProcess()) { + nsCOMPtr<nsPIDOMWindowOuter> outerOpener = openerBC->GetDOMWindow(); + if (NS_WARN_IF(!outerOpener)) { + return; + } + + nsCOMPtr<nsPIDOMWindowInner> openerInner = + outerOpener->GetCurrentInnerWindow(); + if (NS_WARN_IF(!openerInner)) { + return; + } + + RefPtr<Document> openerDocument = openerInner->GetExtantDoc(); + if (NS_WARN_IF(!openerDocument)) { + return; + } + + nsCOMPtr<nsIURI> openerURI = openerDocument->GetDocumentURI(); + if (NS_WARN_IF(!openerURI)) { + return; + } + + // If the opener is not a 3rd party and if this window is not + // a 3rd party with respect to the opener, we should not continue. + if (!AntiTrackingUtils::IsThirdPartyWindow(inner, openerURI) && + !AntiTrackingUtils::IsThirdPartyWindow(openerInner, nullptr)) { + return; + } + } + + // We don't care when the asynchronous work finishes here. + Unused << StorageAccessAPIHelper::AllowAccessForOnChildProcess( + NodePrincipal(), openerBC, + ContentBlockingNotifier::eOpenerAfterUserInteraction); +} + +namespace { + +// Documents can stay alive for days. We don't want to update the permission +// value at any user-interaction, and, using a timer triggered any X seconds +// should be good enough. 'X' is taken from +// privacy.userInteraction.document.interval pref. +// We also want to store the user-interaction before shutting down, and, for +// this reason, this class implements nsIAsyncShutdownBlocker interface. +class UserInteractionTimer final : public Runnable, + public nsITimerCallback, + public nsIAsyncShutdownBlocker { + public: + NS_DECL_ISUPPORTS_INHERITED + + explicit UserInteractionTimer(Document* aDocument) + : Runnable("UserInteractionTimer"), + mPrincipal(aDocument->NodePrincipal()), + mDocument(aDocument) { + static int32_t userInteractionTimerId = 0; + // Blocker names must be unique. Let's create it now because when needed, + // the document could be already gone. + mBlockerName.AppendPrintf("UserInteractionTimer %d for document %p", + ++userInteractionTimerId, aDocument); + } + + // Runnable interface + + NS_IMETHOD + Run() override { + uint32_t interval = + StaticPrefs::privacy_userInteraction_document_interval(); + if (!interval) { + return NS_OK; + } + + RefPtr<UserInteractionTimer> self = this; + auto raii = + MakeScopeExit([self] { self->CancelTimerAndStoreUserInteraction(); }); + + nsresult rv = NS_NewTimerWithCallback( + getter_AddRefs(mTimer), this, interval * 1000, nsITimer::TYPE_ONE_SHOT); + NS_ENSURE_SUCCESS(rv, NS_OK); + + nsCOMPtr<nsIAsyncShutdownClient> phase = GetShutdownPhase(); + NS_ENSURE_TRUE(!!phase, NS_OK); + + rv = phase->AddBlocker(this, NS_LITERAL_STRING_FROM_CSTRING(__FILE__), + __LINE__, u"UserInteractionTimer shutdown"_ns); + NS_ENSURE_SUCCESS(rv, NS_OK); + + raii.release(); + return NS_OK; + } + + // nsITimerCallback interface + + NS_IMETHOD + Notify(nsITimer* aTimer) override { + StoreUserInteraction(); + return NS_OK; + } + +#ifdef MOZ_COLLECTING_RUNNABLE_TELEMETRY + using nsINamed::GetName; +#endif + + // nsIAsyncShutdownBlocker interface + + NS_IMETHOD + GetName(nsAString& aName) override { + aName = mBlockerName; + return NS_OK; + } + + NS_IMETHOD + BlockShutdown(nsIAsyncShutdownClient* aClient) override { + CancelTimerAndStoreUserInteraction(); + return NS_OK; + } + + NS_IMETHOD + GetState(nsIPropertyBag**) override { return NS_OK; } + + private: + ~UserInteractionTimer() = default; + + void StoreUserInteraction() { + // Remove the shutting down blocker + nsCOMPtr<nsIAsyncShutdownClient> phase = GetShutdownPhase(); + if (phase) { + phase->RemoveBlocker(this); + } + + // If the document is not gone, let's reset its timer flag. + nsCOMPtr<Document> document(mDocument); + if (document) { + ContentBlockingUserInteraction::Observe(mPrincipal); + document->ResetUserInteractionTimer(); + } + } + + void CancelTimerAndStoreUserInteraction() { + if (mTimer) { + mTimer->Cancel(); + mTimer = nullptr; + } + + StoreUserInteraction(); + } + + static already_AddRefed<nsIAsyncShutdownClient> GetShutdownPhase() { + nsCOMPtr<nsIAsyncShutdownService> svc = services::GetAsyncShutdownService(); + NS_ENSURE_TRUE(!!svc, nullptr); + + nsCOMPtr<nsIAsyncShutdownClient> phase; + nsresult rv = svc->GetXpcomWillShutdown(getter_AddRefs(phase)); + NS_ENSURE_SUCCESS(rv, nullptr); + + return phase.forget(); + } + + nsCOMPtr<nsIPrincipal> mPrincipal; + WeakPtr<Document> mDocument; + + nsCOMPtr<nsITimer> mTimer; + + nsString mBlockerName; +}; + +NS_IMPL_ISUPPORTS_INHERITED(UserInteractionTimer, Runnable, nsITimerCallback, + nsIAsyncShutdownBlocker) + +} // namespace + +void Document::MaybeStoreUserInteractionAsPermission() { + // We care about user-interaction stored only for top-level documents + // and documents with access to the Storage Access API + if (!IsTopLevelContentDocument()) { + bool hasSA; + nsresult rv = HasStorageAccessSync(hasSA); + if (NS_FAILED(rv) || !hasSA) { + return; + } + } + + if (!mUserHasInteracted) { + // First interaction, let's store this info now. + ContentBlockingUserInteraction::Observe(NodePrincipal()); + return; + } + + if (mHasUserInteractionTimerScheduled) { + return; + } + + nsCOMPtr<nsIRunnable> task = new UserInteractionTimer(this); + nsresult rv = NS_DispatchToCurrentThreadQueue(task.forget(), 2500, + EventQueuePriority::Idle); + if (NS_WARN_IF(NS_FAILED(rv))) { + return; + } + + // This value will be reset by the timer. + mHasUserInteractionTimerScheduled = true; +} + +void Document::ResetUserInteractionTimer() { + mHasUserInteractionTimerScheduled = false; +} + +bool Document::IsExtensionPage() const { + return BasePrincipal::Cast(NodePrincipal())->AddonPolicy(); +} + +void Document::AddResizeObserver(ResizeObserver& aObserver) { + MOZ_ASSERT(!mResizeObservers.Contains(&aObserver)); + // Insert internal ResizeObservers before scripted ones, since they may have + // observable side-effects and we don't want to expose the insertion time. + if (aObserver.HasNativeCallback()) { + mResizeObservers.InsertElementAt(0, &aObserver); + } else { + mResizeObservers.AppendElement(&aObserver); + } +} + +void Document::RemoveResizeObserver(ResizeObserver& aObserver) { + MOZ_ASSERT(mResizeObservers.Contains(&aObserver)); + mResizeObservers.RemoveElement(&aObserver); +} + +PermissionDelegateHandler* Document::GetPermissionDelegateHandler() { + if (!mPermissionDelegateHandler) { + mPermissionDelegateHandler = MakeAndAddRef<PermissionDelegateHandler>(this); + } + + if (!mPermissionDelegateHandler->Initialize()) { + mPermissionDelegateHandler = nullptr; + } + + return mPermissionDelegateHandler; +} + +void Document::ScheduleResizeObserversNotification() const { + if (!mPresShell) { + return; + } + if (nsRefreshDriver* rd = mPresShell->GetRefreshDriver()) { + rd->EnsureResizeObserverUpdateHappens(); + } +} + +static void FlushLayoutForWholeBrowsingContextTree(Document& aDoc) { + const ChangesToFlush ctf(FlushType::Layout, /* aFlushAnimations = */ false); + BrowsingContext* bc = aDoc.GetBrowsingContext(); + if (bc && bc->GetExtantDocument() == &aDoc) { + RefPtr<BrowsingContext> top = bc->Top(); + top->PreOrderWalk([ctf](BrowsingContext* aCur) { + if (Document* doc = aCur->GetExtantDocument()) { + doc->FlushPendingNotifications(ctf); + } + }); + } else { + // If there is no browsing context, or we're not the current document of the + // browsing context, then we just flush this document itself. + aDoc.FlushPendingNotifications(ctf); + } +} + +void Document::DetermineProximityToViewportAndNotifyResizeObservers() { + uint32_t shallowestTargetDepth = 0; + bool initialResetOfScrolledIntoViewFlagsDone = false; + while (true) { + // Flush layout, so that any callback functions' style changes / resizes + // get a chance to take effect. The callback functions may do changes in its + // sub-documents or ancestors, so flushing layout for the whole browsing + // context tree makes sure we don't miss anyone. + FlushLayoutForWholeBrowsingContextTree(*this); + if (PresShell* presShell = GetPresShell()) { + auto result = presShell->DetermineProximityToViewport(); + if (result.mHadInitialDetermination) { + continue; + } + if (result.mAnyScrollIntoViewFlag) { + // Not defined in the spec: It's possible that some elements with + // content-visibility: auto were forced to be visible in order to + // perform scrollIntoView() so clear their flags now and restart the + // loop. + // See https://github.com/w3c/csswg-drafts/issues/9337 + presShell->ClearTemporarilyVisibleForScrolledIntoViewDescendantFlags(); + presShell->ScheduleContentRelevancyUpdate( + ContentRelevancyReason::Visible); + if (!initialResetOfScrolledIntoViewFlagsDone) { + initialResetOfScrolledIntoViewFlagsDone = true; + continue; + } + } + } + + // To avoid infinite resize loop, we only gather all active observations + // that have the depth of observed target element more than current + // shallowestTargetDepth. + GatherAllActiveResizeObservations(shallowestTargetDepth); + + if (!HasAnyActiveResizeObservations()) { + break; + } + + DebugOnly<uint32_t> oldShallowestTargetDepth = shallowestTargetDepth; + shallowestTargetDepth = BroadcastAllActiveResizeObservations(); + NS_ASSERTION(oldShallowestTargetDepth < shallowestTargetDepth, + "shallowestTargetDepth should be getting strictly deeper"); + } + + if (HasAnySkippedResizeObservations()) { + if (nsCOMPtr<nsPIDOMWindowInner> window = GetInnerWindow()) { + // Per spec, we deliver an error if the document has any skipped + // observations. Also, we re-register via ScheduleNotification(). + RootedDictionary<ErrorEventInit> init(RootingCx()); + init.mMessage.AssignLiteral( + "ResizeObserver loop completed with undelivered notifications."); + init.mBubbles = false; + init.mCancelable = false; + + nsEventStatus status = nsEventStatus_eIgnore; + nsCOMPtr<nsIScriptGlobalObject> sgo = do_QueryInterface(window); + MOZ_ASSERT(sgo); + if (NS_WARN_IF(sgo->HandleScriptError(init, &status))) { + status = nsEventStatus_eIgnore; + } + } else { + // We don't fire error events at any global for non-window JS on the main + // thread. + } + + // We need to deliver pending notifications in next cycle. + ScheduleResizeObserversNotification(); + } +} + +void Document::GatherAllActiveResizeObservations(uint32_t aDepth) { + for (ResizeObserver* observer : mResizeObservers) { + observer->GatherActiveObservations(aDepth); + } +} + +uint32_t Document::BroadcastAllActiveResizeObservations() { + uint32_t shallowestTargetDepth = std::numeric_limits<uint32_t>::max(); + + // Copy the observers as this invokes the callbacks and could register and + // unregister observers at will. + const auto observers = + ToTArray<nsTArray<RefPtr<ResizeObserver>>>(mResizeObservers); + for (const auto& observer : observers) { + // MOZ_KnownLive because 'observers' is guaranteed to keep it + // alive. + // + // This can go away once + // https://bugzilla.mozilla.org/show_bug.cgi?id=1620312 is fixed. + uint32_t targetDepth = + MOZ_KnownLive(observer)->BroadcastActiveObservations(); + if (targetDepth < shallowestTargetDepth) { + shallowestTargetDepth = targetDepth; + } + } + + return shallowestTargetDepth; +} + +bool Document::HasAnySkippedResizeObservations() const { + for (const auto& observer : mResizeObservers) { + if (observer->HasSkippedObservations()) { + return true; + } + } + return false; +} + +bool Document::HasAnyActiveResizeObservations() const { + for (const auto& observer : mResizeObservers) { + if (observer->HasActiveObservations()) { + return true; + } + } + return false; +} + +void Document::ClearStaleServoData() { + DocumentStyleRootIterator iter(this); + while (Element* root = iter.GetNextStyleRoot()) { + RestyleManager::ClearServoDataFromSubtree(root); + } +} + +Selection* Document::GetSelection(ErrorResult& aRv) { + nsCOMPtr<nsPIDOMWindowInner> window = GetInnerWindow(); + if (!window) { + return nullptr; + } + + if (!window->IsCurrentInnerWindow()) { + return nullptr; + } + + return nsGlobalWindowInner::Cast(window)->GetSelection(aRv); +} + +void Document::MakeBrowsingContextNonSynthetic() { + if (BrowsingContext* bc = GetBrowsingContext()) { + if (bc->GetSyntheticDocumentContainer()) { + Unused << bc->SetSyntheticDocumentContainer(false); + } + } +} + +nsresult Document::HasStorageAccessSync(bool& aHasStorageAccess) { + // Step 1: check if cookie permissions are available or denied to this + // document's principal + nsCOMPtr<nsPIDOMWindowInner> inner = GetInnerWindow(); + if (!inner) { + aHasStorageAccess = false; + return NS_OK; + } + Maybe<bool> resultBecauseCookiesApproved = + StorageAccessAPIHelper::CheckCookiesPermittedDecidesStorageAccessAPI( + CookieJarSettings(), NodePrincipal()); + if (resultBecauseCookiesApproved.isSome()) { + if (resultBecauseCookiesApproved.value()) { + aHasStorageAccess = true; + return NS_OK; + } else { + aHasStorageAccess = false; + return NS_OK; + } + } + + // Step 2: Check if the browser settings determine whether or not this + // document has access to its unpartitioned cookies. + bool isThirdPartyDocument = AntiTrackingUtils::IsThirdPartyDocument(this); + bool isOnThirdPartySkipList = false; + if (mChannel) { + nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo(); + isOnThirdPartySkipList = loadInfo->GetStoragePermission() == + nsILoadInfo::StoragePermissionAllowListed; + } + bool isThirdPartyTracker = + nsContentUtils::IsThirdPartyTrackingResourceWindow(inner); + Maybe<bool> resultBecauseBrowserSettings = + StorageAccessAPIHelper::CheckBrowserSettingsDecidesStorageAccessAPI( + CookieJarSettings(), isThirdPartyDocument, isOnThirdPartySkipList, + isThirdPartyTracker); + if (resultBecauseBrowserSettings.isSome()) { + if (resultBecauseBrowserSettings.value()) { + aHasStorageAccess = true; + return NS_OK; + } else { + aHasStorageAccess = false; + return NS_OK; + } + } + + // Step 3: Check if the location of this call (embedded, top level, same-site) + // determines if cookies are permitted or not. + Maybe<bool> resultBecauseCallContext = + StorageAccessAPIHelper::CheckCallingContextDecidesStorageAccessAPI(this, + false); + if (resultBecauseCallContext.isSome()) { + if (resultBecauseCallContext.value()) { + aHasStorageAccess = true; + return NS_OK; + } else { + aHasStorageAccess = false; + return NS_OK; + } + } + + // Step 4: Check if the permissions for this document determine if if has + // access or is denied cookies. + Maybe<bool> resultBecausePreviousPermission = + StorageAccessAPIHelper::CheckExistingPermissionDecidesStorageAccessAPI( + this, false); + if (resultBecausePreviousPermission.isSome()) { + if (resultBecausePreviousPermission.value()) { + aHasStorageAccess = true; + return NS_OK; + } else { + aHasStorageAccess = false; + return NS_OK; + } + } + // If you get here, we default to not giving you permission. + aHasStorageAccess = false; + return NS_OK; +} + +already_AddRefed<mozilla::dom::Promise> Document::HasStorageAccess( + mozilla::ErrorResult& aRv) { + nsIGlobalObject* global = GetScopeObject(); + if (!global) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + + RefPtr<Promise> promise = + Promise::Create(global, aRv, Promise::ePropagateUserInteraction); + if (aRv.Failed()) { + return nullptr; + } + + if (!IsCurrentActiveDocument()) { + promise->MaybeRejectWithInvalidStateError( + "hasStorageAccess requires an active document"); + return promise.forget(); + } + + bool hasStorageAccess; + nsresult rv = HasStorageAccessSync(hasStorageAccess); + if (NS_FAILED(rv)) { + promise->MaybeRejectWithUndefined(); + } else { + promise->MaybeResolve(hasStorageAccess); + } + + return promise.forget(); +} + +RefPtr<Document::GetContentBlockingEventsPromise> +Document::GetContentBlockingEvents() { + RefPtr<WindowGlobalChild> wgc = GetWindowGlobalChild(); + if (!wgc) { + return nullptr; + } + + return wgc->SendGetContentBlockingEvents()->Then( + GetCurrentSerialEventTarget(), __func__, + [](const WindowGlobalChild::GetContentBlockingEventsPromise:: + ResolveOrRejectValue& aValue) { + if (aValue.IsResolve()) { + return Document::GetContentBlockingEventsPromise::CreateAndResolve( + aValue.ResolveValue(), __func__); + } + + return Document::GetContentBlockingEventsPromise::CreateAndReject( + false, __func__); + }); +} + +StorageAccessAPIHelper::PerformPermissionGrant +Document::CreatePermissionGrantPromise( + nsPIDOMWindowInner* aInnerWindow, nsIPrincipal* aPrincipal, + bool aHasUserInteraction, bool aRequireUserInteraction, + const Maybe<nsCString>& aTopLevelBaseDomain, bool aFrameOnly) { + MOZ_ASSERT(aInnerWindow); + MOZ_ASSERT(aPrincipal); + RefPtr<Document> self(this); + RefPtr<nsPIDOMWindowInner> inner(aInnerWindow); + RefPtr<nsIPrincipal> principal(aPrincipal); + + return [inner, self, principal, aHasUserInteraction, aRequireUserInteraction, + aTopLevelBaseDomain, aFrameOnly]() { + RefPtr<StorageAccessAPIHelper::StorageAccessPermissionGrantPromise::Private> + p = new StorageAccessAPIHelper::StorageAccessPermissionGrantPromise:: + Private(__func__); + + RefPtr<PWindowGlobalChild::GetStorageAccessPermissionPromise> promise; + // Test the permission + MOZ_ASSERT(XRE_IsContentProcess()); + + WindowGlobalChild* wgc = inner->GetWindowGlobalChild(); + MOZ_ASSERT(wgc); + + promise = wgc->SendGetStorageAccessPermission(); + MOZ_ASSERT(promise); + promise->Then( + GetCurrentSerialEventTarget(), __func__, + [self, p, inner, principal, aHasUserInteraction, + aRequireUserInteraction, aTopLevelBaseDomain, + aFrameOnly](uint32_t aAction) { + if (aAction == nsIPermissionManager::ALLOW_ACTION) { + p->Resolve(StorageAccessAPIHelper::eAllow, __func__); + return; + } + if (aAction == nsIPermissionManager::DENY_ACTION) { + p->Reject(false, __func__); + return; + } + + // We require user activation before conducting a permission request + // See + // https://privacycg.github.io/storage-access/#dom-document-requeststorageaccess + // where we "If has transient activation is false: ..." immediately + // before we "Let permissionState be the result of requesting + // permission to use "storage-access"" from in parallel. + if (!aHasUserInteraction && aRequireUserInteraction) { + // Report an error to the console for this case + nsContentUtils::ReportToConsole( + nsIScriptError::errorFlag, + nsLiteralCString("requestStorageAccess"), self, + nsContentUtils::eDOM_PROPERTIES, + "RequestStorageAccessUserGesture"); + p->Reject(false, __func__); + return; + } + + // Create the user prompt + RefPtr<StorageAccessPermissionRequest> sapr = + StorageAccessPermissionRequest::Create( + inner, principal, aTopLevelBaseDomain, aFrameOnly, + // Allow + [p] { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_STORAGE_ACCESS_API_UI::Allow); + p->Resolve(StorageAccessAPIHelper::eAllow, __func__); + }, + // Block + [p] { + Telemetry::AccumulateCategorical( + Telemetry::LABELS_STORAGE_ACCESS_API_UI::Deny); + p->Reject(false, __func__); + }); + + using PromptResult = ContentPermissionRequestBase::PromptResult; + PromptResult pr = sapr->CheckPromptPrefs(); + + if (pr == PromptResult::Pending) { + // We're about to show a prompt, record the request attempt + Telemetry::AccumulateCategorical( + Telemetry::LABELS_STORAGE_ACCESS_API_UI::Request); + } + + // Try to auto-grant the storage access so the user doesn't see the + // prompt. + self->AutomaticStorageAccessPermissionCanBeGranted( + aHasUserInteraction) + ->Then( + GetCurrentSerialEventTarget(), __func__, + // If the autogrant check didn't fail, call this function + [p, pr, sapr, + inner](const Document:: + AutomaticStorageAccessPermissionGrantPromise:: + ResolveOrRejectValue& aValue) -> void { + // Make a copy because we can't modified copy-captured + // lambda variables. + PromptResult pr2 = pr; + + // If the user didn't already click "allow" and we can + // autogrant, do that! + bool storageAccessCanBeGrantedAutomatically = + aValue.IsResolve() && aValue.ResolveValue(); + bool autoGrant = false; + if (pr2 == PromptResult::Pending && + storageAccessCanBeGrantedAutomatically) { + pr2 = PromptResult::Granted; + autoGrant = true; + + Telemetry::AccumulateCategorical( + Telemetry::LABELS_STORAGE_ACCESS_API_UI:: + AllowAutomatically); + } + + // If we can complete the permission request, do so. + if (pr2 != PromptResult::Pending) { + MOZ_ASSERT_IF(pr2 != PromptResult::Granted, + pr2 == PromptResult::Denied); + if (pr2 == PromptResult::Granted) { + StorageAccessAPIHelper::StorageAccessPromptChoices + choice = StorageAccessAPIHelper::eAllow; + if (autoGrant) { + choice = StorageAccessAPIHelper::eAllowAutoGrant; + } + if (!autoGrant) { + p->Resolve(choice, __func__); + } else { + // We capture sapr here to prevent it from destructing + // before the callbacks complete. + sapr->MaybeDelayAutomaticGrants()->Then( + GetCurrentSerialEventTarget(), __func__, + [p, sapr, choice] { + p->Resolve(choice, __func__); + }, + [p, sapr] { p->Reject(false, __func__); }); + } + return; + } + p->Reject(false, __func__); + return; + } + + // If we get here, the auto-decision failed and we need to + // wait for the user prompt to complete. + sapr->RequestDelayedTask( + GetMainThreadSerialEventTarget(), + ContentPermissionRequestBase::DelayedTaskType::Request); + }); + }, + [p](mozilla::ipc::ResponseRejectReason aError) { + p->Reject(false, __func__); + return p; + }); + + return p; + }; +} + +already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess( + mozilla::ErrorResult& aRv) { + nsIGlobalObject* global = GetScopeObject(); + if (!global) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + + RefPtr<Promise> promise = Promise::Create(global, aRv); + if (aRv.Failed()) { + return nullptr; + } + + if (!IsCurrentActiveDocument()) { + promise->MaybeRejectWithInvalidStateError( + "requestStorageAccess requires an active document"); + return promise.forget(); + } + + // Get a pointer to the inner window- We need this for convenience sake + RefPtr<nsPIDOMWindowInner> inner = GetInnerWindow(); + if (!inner) { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + + // Step 1: Check if the principal calling this has a permission that lets + // them use cookies or forbids them from using cookies. + // This is outside of the spec of the StorageAccess API, but makes the return + // values to have proper semantics. + Maybe<bool> resultBecauseCookiesApproved = + StorageAccessAPIHelper::CheckCookiesPermittedDecidesStorageAccessAPI( + CookieJarSettings(), NodePrincipal()); + if (resultBecauseCookiesApproved.isSome()) { + if (resultBecauseCookiesApproved.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } else { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + } + + // Step 2: Check if the browser settings always allow or deny cookies. + // We should always return a resolved promise if the cookieBehavior is ACCEPT. + // This is outside of the spec of the StorageAccess API, but makes the return + // values to have proper semantics. + bool isThirdPartyDocument = AntiTrackingUtils::IsThirdPartyDocument(this); + bool isOnThirdPartySkipList = false; + if (mChannel) { + nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo(); + isOnThirdPartySkipList = loadInfo->GetStoragePermission() == + nsILoadInfo::StoragePermissionAllowListed; + } + bool isThirdPartyTracker = + nsContentUtils::IsThirdPartyTrackingResourceWindow(inner); + Maybe<bool> resultBecauseBrowserSettings = + StorageAccessAPIHelper::CheckBrowserSettingsDecidesStorageAccessAPI( + CookieJarSettings(), isThirdPartyDocument, isOnThirdPartySkipList, + isThirdPartyTracker); + if (resultBecauseBrowserSettings.isSome()) { + if (resultBecauseBrowserSettings.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } else { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + } + + // Step 3: Check if the Document calling requestStorageAccess has anything to + // gain from storage access. It should be embedded, non-null, etc. + Maybe<bool> resultBecauseCallContext = + StorageAccessAPIHelper::CheckCallingContextDecidesStorageAccessAPI(this, + true); + if (resultBecauseCallContext.isSome()) { + if (resultBecauseCallContext.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } else { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + } + + // Step 4: Check if we already allowed or denied storage access for this + // document's storage key. + Maybe<bool> resultBecausePreviousPermission = + StorageAccessAPIHelper::CheckExistingPermissionDecidesStorageAccessAPI( + this, true); + if (resultBecausePreviousPermission.isSome()) { + if (resultBecausePreviousPermission.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } else { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + } + + // Get pointers to some objects that will be used in the async portion + RefPtr<BrowsingContext> bc = GetBrowsingContext(); + RefPtr<nsGlobalWindowOuter> outer = + nsGlobalWindowOuter::Cast(inner->GetOuterWindow()); + if (!outer) { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + RefPtr<Document> self(this); + + // Step 5. Start an async call to request storage access. This will either + // perform an automatic decision or notify the user, then perform some follow + // on work changing state to reflect the result of the API. If it resolves, + // the request was granted. If it rejects it was denied. + StorageAccessAPIHelper::RequestStorageAccessAsyncHelper( + this, inner, bc, NodePrincipal(), + self->HasValidTransientUserGestureActivation(), true, true, + ContentBlockingNotifier::eStorageAccessAPI, true) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [inner] { return inner->SaveStorageAccessPermissionGranted(); }, + [] { + return GenericPromise::CreateAndReject(NS_ERROR_FAILURE, __func__); + }) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [promise] { promise->MaybeResolveWithUndefined(); }, + [promise, self] { + self->ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + }); + + return promise.forget(); +} + +already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccessForOrigin( + const nsAString& aThirdPartyOrigin, const bool aRequireUserActivation, + mozilla::ErrorResult& aRv) { + nsIGlobalObject* global = GetScopeObject(); + if (!global) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + RefPtr<Promise> promise = Promise::Create(global, aRv); + if (aRv.Failed()) { + return nullptr; + } + + // Step 0: Check that we have user activation before proceeding to prevent + // rapid calls to the API to leak information. + if (aRequireUserActivation && !HasValidTransientUserGestureActivation()) { + // Report an error to the console for this case + nsContentUtils::ReportToConsole(nsIScriptError::errorFlag, + nsLiteralCString("requestStorageAccess"), + this, nsContentUtils::eDOM_PROPERTIES, + "RequestStorageAccessUserGesture"); + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + + // Step 1: Check if the provided URI is different-site to this Document + nsCOMPtr<nsIURI> thirdPartyURI; + nsresult rv = NS_NewURI(getter_AddRefs(thirdPartyURI), aThirdPartyOrigin); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return nullptr; + } + bool isThirdPartyDocument; + rv = NodePrincipal()->IsThirdPartyURI(thirdPartyURI, &isThirdPartyDocument); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return nullptr; + } + Maybe<bool> resultBecauseBrowserSettings = + StorageAccessAPIHelper::CheckBrowserSettingsDecidesStorageAccessAPI( + CookieJarSettings(), isThirdPartyDocument, false, true); + if (resultBecauseBrowserSettings.isSome()) { + if (resultBecauseBrowserSettings.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + + // Step 2: Check that this Document is same-site to the top, and check that + // we have user activation if we require it. + Maybe<bool> resultBecauseCallContext = StorageAccessAPIHelper:: + CheckSameSiteCallingContextDecidesStorageAccessAPI( + this, aRequireUserActivation); + if (resultBecauseCallContext.isSome()) { + if (resultBecauseCallContext.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + + // Step 3: Get some useful variables that can be captured by the lambda for + // the asynchronous portion + RefPtr<BrowsingContext> bc = GetBrowsingContext(); + nsCOMPtr<nsPIDOMWindowInner> inner = GetInnerWindow(); + if (!inner) { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + RefPtr<nsGlobalWindowOuter> outer = + nsGlobalWindowOuter::Cast(inner->GetOuterWindow()); + if (!outer) { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateContentPrincipal( + thirdPartyURI, NodePrincipal()->OriginAttributesRef()); + if (!principal) { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + return promise.forget(); + } + + RefPtr<Document> self(this); + bool hasUserActivation = HasValidTransientUserGestureActivation(); + + // Consume user activation before entering the async part of this method. + // This prevents usage of other transient activation-gated APIs. + ConsumeTransientUserGestureActivation(); + + // Step 4a: Start the async part of this function. Check the cookie + // permission, but this can't be done in this process. We needs the cookie + // permission of the URL as if it were embedded on this page, so we need to + // make this check in the ContentParent. + StorageAccessAPIHelper:: + AsyncCheckCookiesPermittedDecidesStorageAccessAPIOnChildProcess( + GetBrowsingContext(), principal) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [inner, thirdPartyURI, bc, principal, hasUserActivation, + aRequireUserActivation, self, + promise](Maybe<bool> cookieResult) { + // Handle the result of the cookie permission check that took + // place in the ContentParent. + if (cookieResult.isSome()) { + if (cookieResult.value()) { + return MozPromise<int, bool, true>::CreateAndResolve( + true, __func__); + } + return MozPromise<int, bool, true>::CreateAndReject(false, + __func__); + } + + // Step 4b: Check for the existing storage access permission + nsAutoCString type; + bool ok = AntiTrackingUtils::CreateStoragePermissionKey( + principal, type); + if (!ok) { + return MozPromise<int, bool, true>::CreateAndReject(false, + __func__); + } + if (AntiTrackingUtils::CheckStoragePermission( + self->NodePrincipal(), type, + nsContentUtils::IsInPrivateBrowsing(self), nullptr, + 0)) { + return MozPromise<int, bool, true>::CreateAndResolve( + true, __func__); + } + + // Step 4c: Try to request storage access, either automatically + // or with a user-prompt. This is the part that is async in the + // typical requestStorageAccess function. + return StorageAccessAPIHelper::RequestStorageAccessAsyncHelper( + self, inner, bc, principal, hasUserActivation, + aRequireUserActivation, false, + ContentBlockingNotifier:: + ePrivilegeStorageAccessForOriginAPI, + true); + }, + // If the IPC rejects, we should reject our promise here which + // will cause a rejection of the promise we already returned + [promise]() { + return MozPromise<int, bool, true>::CreateAndReject(false, + __func__); + }) + ->Then( + GetCurrentSerialEventTarget(), __func__, + // If the previous handlers resolved, we should reinstate user + // activation and resolve the promise we returned in Step 5. + [self, inner, promise] { + inner->SaveStorageAccessPermissionGranted(); + self->NotifyUserGestureActivation(); + promise->MaybeResolveWithUndefined(); + }, + // If the previous handler rejected, we should reject the promise + // returned by this function. + [promise] { + promise->MaybeRejectWithNotAllowedError( + "requestStorageAccess not allowed"_ns); + }); + + // Step 5: While the async stuff is happening, we should return the promise so + // our caller can continue executing. + return promise.forget(); +} + +already_AddRefed<Promise> Document::RequestStorageAccessUnderSite( + const nsAString& aSerializedSite, ErrorResult& aRv) { + nsIGlobalObject* global = GetScopeObject(); + if (!global) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + RefPtr<Promise> promise = Promise::Create(global, aRv); + if (aRv.Failed()) { + return nullptr; + } + + // Check that we have user activation before proceeding to prevent + // rapid calls to the API to leak information. + if (!ConsumeTransientUserGestureActivation()) { + // Report an error to the console for this case + nsContentUtils::ReportToConsole( + nsIScriptError::errorFlag, "requestStorageAccess"_ns, this, + nsContentUtils::eDOM_PROPERTIES, "RequestStorageAccessUserGesture"); + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Check if the provided URI is different-site to this Document + nsCOMPtr<nsIURI> siteURI; + nsresult rv = NS_NewURI(getter_AddRefs(siteURI), aSerializedSite); + if (NS_WARN_IF(NS_FAILED(rv))) { + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + bool isCrossSiteArgument; + rv = NodePrincipal()->IsThirdPartyURI(siteURI, &isCrossSiteArgument); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return nullptr; + } + if (!isCrossSiteArgument) { + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Check if this party has broad cookie permissions. + Maybe<bool> resultBecauseCookiesApproved = + StorageAccessAPIHelper::CheckCookiesPermittedDecidesStorageAccessAPI( + CookieJarSettings(), NodePrincipal()); + if (resultBecauseCookiesApproved.isSome()) { + if (resultBecauseCookiesApproved.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Check if browser settings preclude this document getting storage + // access under the provided site + Maybe<bool> resultBecauseBrowserSettings = + StorageAccessAPIHelper::CheckBrowserSettingsDecidesStorageAccessAPI( + CookieJarSettings(), true, false, true); + if (resultBecauseBrowserSettings.isSome()) { + if (resultBecauseBrowserSettings.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Check that this Document is same-site to the top + Maybe<bool> resultBecauseCallContext = StorageAccessAPIHelper:: + CheckSameSiteCallingContextDecidesStorageAccessAPI(this, false); + if (resultBecauseCallContext.isSome()) { + if (resultBecauseCallContext.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + nsCOMPtr<nsIPrincipal> principal(NodePrincipal()); + + // Test if the permission this is requesting is already set + nsCOMPtr<nsIPrincipal> argumentPrincipal = + BasePrincipal::CreateContentPrincipal( + siteURI, NodePrincipal()->OriginAttributesRef()); + if (!argumentPrincipal) { + ConsumeTransientUserGestureActivation(); + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + nsCString originNoSuffix; + rv = NodePrincipal()->GetOriginNoSuffix(originNoSuffix); + if (NS_WARN_IF(NS_FAILED(rv))) { + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + ContentChild* cc = ContentChild::GetSingleton(); + MOZ_ASSERT(cc); + RefPtr<Document> self(this); + cc->SendTestStorageAccessPermission(argumentPrincipal, originNoSuffix) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [promise, siteURI, + self](const ContentChild::TestStorageAccessPermissionPromise:: + ResolveValueType& aResult) { + if (aResult) { + return StorageAccessAPIHelper:: + StorageAccessPermissionGrantPromise::CreateAndResolve( + StorageAccessAPIHelper::eAllow, __func__); + } + // Get a grant for the storage access permission that will be set + // when this is completed in the embedding context + nsCString serializedSite; + RefPtr<nsEffectiveTLDService> etld = + nsEffectiveTLDService::GetInstance(); + if (!etld) { + return StorageAccessAPIHelper:: + StorageAccessPermissionGrantPromise::CreateAndReject( + false, __func__); + } + nsresult rv = etld->GetSite(siteURI, serializedSite); + if (NS_FAILED(rv)) { + return StorageAccessAPIHelper:: + StorageAccessPermissionGrantPromise::CreateAndReject( + false, __func__); + } + return self->CreatePermissionGrantPromise( + self->GetInnerWindow(), self->NodePrincipal(), true, true, + Some(serializedSite), false)(); + }, + [](const ContentChild::TestStorageAccessPermissionPromise:: + RejectValueType& aResult) { + return StorageAccessAPIHelper::StorageAccessPermissionGrantPromise:: + CreateAndReject(false, __func__); + }) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [promise, principal, siteURI](int result) { + ContentChild* cc = ContentChild::GetSingleton(); + if (!cc) { + // TODO(bug 1778561): Make this work in non-content processes. + promise->MaybeRejectWithUndefined(); + return; + } + // Set a permission in the parent process that this document wants + // storage access under the argument's site, resolving our returned + // promise on success + cc->SendSetAllowStorageAccessRequestFlag(principal, siteURI) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [promise](bool success) { + if (success) { + promise->MaybeResolveWithUndefined(); + } else { + promise->MaybeRejectWithUndefined(); + } + }, + [promise](mozilla::ipc::ResponseRejectReason reason) { + promise->MaybeRejectWithUndefined(); + }); + }, + [promise](bool result) { promise->MaybeRejectWithUndefined(); }); + + // Return the promise that is resolved in the async handler above + return promise.forget(); +} + +already_AddRefed<Promise> Document::CompleteStorageAccessRequestFromSite( + const nsAString& aSerializedOrigin, ErrorResult& aRv) { + nsIGlobalObject* global = GetScopeObject(); + if (!global) { + aRv.Throw(NS_ERROR_NOT_AVAILABLE); + return nullptr; + } + RefPtr<Promise> promise = Promise::Create(global, aRv); + if (aRv.Failed()) { + return nullptr; + } + + // Check that the provided URI is different-site to this Document + nsCOMPtr<nsIURI> argumentURI; + nsresult rv = NS_NewURI(getter_AddRefs(argumentURI), aSerializedOrigin); + if (NS_WARN_IF(NS_FAILED(rv))) { + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + bool isCrossSiteArgument; + rv = NodePrincipal()->IsThirdPartyURI(argumentURI, &isCrossSiteArgument); + if (NS_WARN_IF(NS_FAILED(rv))) { + aRv.Throw(rv); + return nullptr; + } + if (!isCrossSiteArgument) { + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Check if browser settings preclude this document getting storage + // access under the provided site + Maybe<bool> resultBecauseBrowserSettings = + StorageAccessAPIHelper::CheckBrowserSettingsDecidesStorageAccessAPI( + CookieJarSettings(), true, false, true); + if (resultBecauseBrowserSettings.isSome()) { + if (resultBecauseBrowserSettings.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Check that this Document is same-site to the top + Maybe<bool> resultBecauseCallContext = StorageAccessAPIHelper:: + CheckSameSiteCallingContextDecidesStorageAccessAPI(this, false); + if (resultBecauseCallContext.isSome()) { + if (resultBecauseCallContext.value()) { + promise->MaybeResolveWithUndefined(); + return promise.forget(); + } + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Create principal of the embedded site requesting storage access + nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateContentPrincipal( + argumentURI, NodePrincipal()->OriginAttributesRef()); + if (!principal) { + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + + // Get versions of these objects that we can use in lambdas for callbacks + RefPtr<Document> self(this); + RefPtr<BrowsingContext> bc = GetBrowsingContext(); + nsCOMPtr<nsPIDOMWindowInner> inner = GetInnerWindow(); + + // Test that the permission was set by a call to RequestStorageAccessUnderSite + // from a top level document that is same-site with the argument + ContentChild* cc = ContentChild::GetSingleton(); + if (!cc) { + // TODO(bug 1778561): Make this work in non-content processes. + promise->MaybeRejectWithUndefined(); + return promise.forget(); + } + cc->SendTestAllowStorageAccessRequestFlag(NodePrincipal(), argumentURI) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [inner, bc, self, principal](bool success) { + if (success) { + // If that resolved with true, check that we don't already have a + // permission that gives cookie access. + return StorageAccessAPIHelper:: + AsyncCheckCookiesPermittedDecidesStorageAccessAPIOnChildProcess( + bc, principal); + } + return MozPromise<Maybe<bool>, nsresult, true>::CreateAndReject( + NS_ERROR_FAILURE, __func__); + }, + [](mozilla::ipc::ResponseRejectReason reason) { + return MozPromise<Maybe<bool>, nsresult, true>::CreateAndReject( + NS_ERROR_FAILURE, __func__); + }) + ->Then( + GetCurrentSerialEventTarget(), __func__, + [inner, bc, principal, self, promise](Maybe<bool> cookieResult) { + // Handle the result of the cookie permission check that took place + // in the ContentParent. + if (cookieResult.isSome()) { + if (cookieResult.value()) { + return StorageAccessAPIHelper:: + StorageAccessPermissionGrantPromise::CreateAndResolve( + StorageAccessAPIHelper::eAllowAutoGrant, __func__); + } + return StorageAccessAPIHelper:: + StorageAccessPermissionGrantPromise::CreateAndReject( + false, __func__); + } + + // Check for the existing storage access permission + nsAutoCString type; + bool ok = + AntiTrackingUtils::CreateStoragePermissionKey(principal, type); + if (!ok) { + return StorageAccessAPIHelper:: + StorageAccessPermissionGrantPromise::CreateAndReject( + false, __func__); + } + if (AntiTrackingUtils::CheckStoragePermission( + self->NodePrincipal(), type, + nsContentUtils::IsInPrivateBrowsing(self), nullptr, 0)) { + return StorageAccessAPIHelper:: + StorageAccessPermissionGrantPromise::CreateAndResolve( + StorageAccessAPIHelper::eAllowAutoGrant, __func__); + } + + // Try to request storage access, ignoring the final checks. + // We ignore the final checks because this is where the "grant" + // either by prompt doorhanger or autogrant takes place. We already + // gathered an equivalent grant in requestStorageAccessUnderSite. + return StorageAccessAPIHelper::RequestStorageAccessAsyncHelper( + self, inner, bc, principal, true, true, false, + ContentBlockingNotifier::eStorageAccessAPI, false); + }, + // If the IPC rejects, we should reject our promise here which will + // cause a rejection of the promise we already returned + [promise]() { + return MozPromise<int, bool, true>::CreateAndReject(false, + __func__); + }) + ->Then( + GetCurrentSerialEventTarget(), __func__, + // If the previous handlers resolved, we should reinstate user + // activation and resolve the promise we returned in Step 5. + [self, inner, promise] { + inner->SaveStorageAccessPermissionGranted(); + promise->MaybeResolveWithUndefined(); + }, + // If the previous handler rejected, we should reject the promise + // returned by this function. + [promise] { promise->MaybeRejectWithUndefined(); }); + + return promise.forget(); +} + +nsTHashSet<RefPtr<WakeLockSentinel>>& Document::ActiveWakeLocks( + WakeLockType aType) { + return mActiveLocks.LookupOrInsert(aType); +} + +class UnlockAllWakeLockRunnable final : public Runnable { + public: + UnlockAllWakeLockRunnable(WakeLockType aType, Document* aDoc) + : Runnable("UnlockAllWakeLocks"), mType(aType), mDoc(aDoc) {} + + // MOZ_CAN_RUN_SCRIPT_BOUNDARY until Runnable::Run is MOZ_CAN_RUN_SCRIPT. See + // bug 1535398. + MOZ_CAN_RUN_SCRIPT_BOUNDARY + NS_IMETHOD Run() override { + // Move, as ReleaseWakeLock will try to remove from and possibly allow + // scripts via onrelease to add to document.[[ActiveLocks]]["screen"] + nsCOMPtr<Document> doc = mDoc; + nsTHashSet<RefPtr<WakeLockSentinel>> locks = + std::move(doc->ActiveWakeLocks(mType)); + for (const auto& lock : locks) { + // ReleaseWakeLock runs script, which could release other locks + if (!lock->Released()) { + ReleaseWakeLock(doc, MOZ_KnownLive(lock), mType); + } + } + return NS_OK; + } + + protected: + ~UnlockAllWakeLockRunnable() = default; + + private: + WakeLockType mType; + nsCOMPtr<Document> mDoc; +}; + +void Document::UnlockAllWakeLocks(WakeLockType aType) { + // Perform unlock in a runnable to prevent UnlockAll being MOZ_CAN_RUN_SCRIPT + RefPtr<UnlockAllWakeLockRunnable> runnable = + MakeRefPtr<UnlockAllWakeLockRunnable>(aType, this); + NS_DispatchToMainThread(runnable); +} + +RefPtr<Document::AutomaticStorageAccessPermissionGrantPromise> +Document::AutomaticStorageAccessPermissionCanBeGranted(bool hasUserActivation) { + // requestStorageAccessForOrigin may not require user activation. If we don't + // have user activation at this point we should always show the prompt. + if (!hasUserActivation || + !StaticPrefs::privacy_antitracking_enableWebcompat()) { + return AutomaticStorageAccessPermissionGrantPromise::CreateAndResolve( + false, __func__); + } + if (XRE_IsContentProcess()) { + // In the content process, we need to ask the parent process to compute + // this. The reason is that nsIPermissionManager::GetAllWithTypePrefix() + // isn't accessible in the content process. + ContentChild* cc = ContentChild::GetSingleton(); + MOZ_ASSERT(cc); + + return cc->SendAutomaticStorageAccessPermissionCanBeGranted(NodePrincipal()) + ->Then(GetCurrentSerialEventTarget(), __func__, + [](const ContentChild:: + AutomaticStorageAccessPermissionCanBeGrantedPromise:: + ResolveOrRejectValue& aValue) { + if (aValue.IsResolve()) { + return AutomaticStorageAccessPermissionGrantPromise:: + CreateAndResolve(aValue.ResolveValue(), __func__); + } + + return AutomaticStorageAccessPermissionGrantPromise:: + CreateAndReject(false, __func__); + }); + } + + if (XRE_IsParentProcess()) { + // In the parent process, we can directly compute this. + return AutomaticStorageAccessPermissionGrantPromise::CreateAndResolve( + AutomaticStorageAccessPermissionCanBeGranted(NodePrincipal()), + __func__); + } + + return AutomaticStorageAccessPermissionGrantPromise::CreateAndReject( + false, __func__); +} + +bool Document::AutomaticStorageAccessPermissionCanBeGranted( + nsIPrincipal* aPrincipal) { + if (!StaticPrefs::dom_storage_access_auto_grants()) { + return false; + } + + if (!ContentBlockingUserInteraction::Exists(aPrincipal)) { + return false; + } + + nsCOMPtr<nsIBrowserUsage> bu = do_ImportESModule( + "resource:///modules/BrowserUsageTelemetry.sys.mjs", fallible); + if (NS_WARN_IF(!bu)) { + return false; + } + + uint32_t uniqueDomainsVisitedInPast24Hours = 0; + nsresult rv = bu->GetUniqueDomainsVisitedInPast24Hours( + &uniqueDomainsVisitedInPast24Hours); + if (NS_WARN_IF(NS_FAILED(rv))) { + return false; + } + + Maybe<size_t> maybeOriginsThirdPartyHasAccessTo = + AntiTrackingUtils::CountSitesAllowStorageAccess(aPrincipal); + if (maybeOriginsThirdPartyHasAccessTo.isNothing()) { + return false; + } + size_t originsThirdPartyHasAccessTo = + maybeOriginsThirdPartyHasAccessTo.value(); + + // one percent of the number of top-levels origins visited in the current + // session (but not to exceed 24 hours), or the value of the + // dom.storage_access.max_concurrent_auto_grants preference, whichever is + // higher. + size_t maxConcurrentAutomaticGrants = std::max( + std::max(int(std::floor(uniqueDomainsVisitedInPast24Hours / 100)), + StaticPrefs::dom_storage_access_max_concurrent_auto_grants()), + 0); + + return originsThirdPartyHasAccessTo < maxConcurrentAutomaticGrants; +} + +void Document::RecordNavigationTiming(ReadyState aReadyState) { + if (!XRE_IsContentProcess()) { + return; + } + if (!IsTopLevelContentDocument()) { + return; + } + // If we dont have the timing yet (mostly because the doc is still loading), + // get it from docshell. + RefPtr<nsDOMNavigationTiming> timing = mTiming; + if (!timing) { + if (!mDocumentContainer) { + return; + } + timing = mDocumentContainer->GetNavigationTiming(); + if (!timing) { + return; + } + } + TimeStamp startTime = timing->GetNavigationStartTimeStamp(); + switch (aReadyState) { + case READYSTATE_LOADING: + if (!mDOMLoadingSet) { + Telemetry::AccumulateTimeDelta(Telemetry::TIME_TO_DOM_LOADING_MS, + startTime); + mDOMLoadingSet = true; + } + break; + case READYSTATE_INTERACTIVE: + if (!mDOMInteractiveSet) { + glean::performance_time::dom_interactive.AccumulateRawDuration( + TimeStamp::Now() - startTime); + mDOMInteractiveSet = true; + } + break; + case READYSTATE_COMPLETE: + if (!mDOMCompleteSet) { + glean::performance_time::dom_complete.AccumulateRawDuration( + TimeStamp::Now() - startTime); + mDOMCompleteSet = true; + } + break; + default: + NS_WARNING("Unexpected ReadyState value"); + break; + } +} + +void Document::ReportShadowDOMUsage() { + nsPIDOMWindowInner* inner = GetInnerWindow(); + if (NS_WARN_IF(!inner)) { + return; + } + + WindowContext* wc = inner->GetWindowContext(); + if (NS_WARN_IF(!wc || wc->IsDiscarded())) { + return; + } + + WindowContext* topWc = wc->TopWindowContext(); + if (topWc->GetHasReportedShadowDOMUsage()) { + return; + } + + MOZ_ALWAYS_SUCCEEDS(topWc->SetHasReportedShadowDOMUsage(true)); +} + +// static +bool Document::StorageAccessSandboxed(uint32_t aSandboxFlags) { + return StaticPrefs::dom_storage_access_enabled() && + (aSandboxFlags & SANDBOXED_STORAGE_ACCESS) != 0; +} + +bool Document::StorageAccessSandboxed() const { + return Document::StorageAccessSandboxed(GetSandboxFlags()); +} + +bool Document::GetCachedSizes(nsTabSizes* aSizes) { + if (mCachedTabSizeGeneration == 0 || + GetGeneration() != mCachedTabSizeGeneration) { + return false; + } + aSizes->mDom += mCachedTabSizes.mDom; + aSizes->mStyle += mCachedTabSizes.mStyle; + aSizes->mOther += mCachedTabSizes.mOther; + return true; +} + +void Document::SetCachedSizes(nsTabSizes* aSizes) { + mCachedTabSizes.mDom = aSizes->mDom; + mCachedTabSizes.mStyle = aSizes->mStyle; + mCachedTabSizes.mOther = aSizes->mOther; + mCachedTabSizeGeneration = GetGeneration(); +} + +nsAtom* Document::GetContentLanguageAsAtomForStyle() const { + // Content-Language may be a comma-separated list of language codes, + // in which case the HTML5 spec says to treat it as unknown + if (mContentLanguage && + !nsDependentAtomString(mContentLanguage).Contains(char16_t(','))) { + return GetContentLanguage(); + } + + return nullptr; +} + +nsAtom* Document::GetLanguageForStyle() const { + if (nsAtom* lang = GetContentLanguageAsAtomForStyle()) { + return lang; + } + return mLanguageFromCharset.get(); +} + +void Document::GetContentLanguageForBindings(DOMString& aString) const { + aString.SetKnownLiveAtom(mContentLanguage, DOMString::eTreatNullAsEmpty); +} + +const LangGroupFontPrefs* Document::GetFontPrefsForLang( + nsAtom* aLanguage, bool* aNeedsToCache) const { + nsAtom* lang = aLanguage ? aLanguage : mLanguageFromCharset.get(); + return StaticPresData::Get()->GetFontPrefsForLang(lang, aNeedsToCache); +} + +void Document::DoCacheAllKnownLangPrefs() { + MOZ_ASSERT(mMayNeedFontPrefsUpdate); + RefPtr<nsAtom> lang = GetLanguageForStyle(); + StaticPresData* data = StaticPresData::Get(); + data->GetFontPrefsForLang(lang ? lang.get() : mLanguageFromCharset.get()); + data->GetFontPrefsForLang(nsGkAtoms::x_math); + // https://bugzilla.mozilla.org/show_bug.cgi?id=1362599#c12 + data->GetFontPrefsForLang(nsGkAtoms::Unicode); + for (const auto& key : mLanguagesUsed) { + data->GetFontPrefsForLang(key); + } + mMayNeedFontPrefsUpdate = false; +} + +void Document::RecomputeLanguageFromCharset() { + RefPtr<nsAtom> language; + // Optimize the default character sets. + if (mCharacterSet == WINDOWS_1252_ENCODING) { + language = nsGkAtoms::x_western; + } else { + nsLanguageAtomService* service = nsLanguageAtomService::GetService(); + if (mCharacterSet == UTF_8_ENCODING) { + language = nsGkAtoms::Unicode; + } else { + language = service->LookupCharSet(mCharacterSet); + } + + if (language == nsGkAtoms::Unicode) { + language = service->GetLocaleLanguage(); + } + } + + if (language == mLanguageFromCharset) { + return; + } + + mMayNeedFontPrefsUpdate = true; + mLanguageFromCharset = std::move(language); +} + +nsICookieJarSettings* Document::CookieJarSettings() { + // If we are here, this is probably a javascript: URL document. In any case, + // we must have a nsCookieJarSettings. Let's create it. + if (!mCookieJarSettings) { + Document* inProcessParent = GetInProcessParentDocument(); + + if (inProcessParent) { + mCookieJarSettings = net::CookieJarSettings::Create( + inProcessParent->CookieJarSettings()->GetCookieBehavior(), + mozilla::net::CookieJarSettings::Cast( + inProcessParent->CookieJarSettings()) + ->GetPartitionKey(), + inProcessParent->CookieJarSettings()->GetIsFirstPartyIsolated(), + inProcessParent->CookieJarSettings() + ->GetIsOnContentBlockingAllowList(), + inProcessParent->CookieJarSettings() + ->GetShouldResistFingerprinting()); + + // Inherit the fingerprinting random key from the parent. + nsTArray<uint8_t> randomKey; + nsresult rv = inProcessParent->CookieJarSettings() + ->GetFingerprintingRandomizationKey(randomKey); + + if (NS_SUCCEEDED(rv)) { + net::CookieJarSettings::Cast(mCookieJarSettings) + ->SetFingerprintingRandomizationKey(randomKey); + } + } else { + mCookieJarSettings = net::CookieJarSettings::Create(NodePrincipal()); + } + + if (auto* wgc = GetWindowGlobalChild()) { + net::CookieJarSettingsArgs csArgs; + net::CookieJarSettings::Cast(mCookieJarSettings)->Serialize(csArgs); + // Update cookie settings in the parent process + if (!wgc->SendUpdateCookieJarSettings(csArgs)) { + NS_WARNING( + "Failed to update document's cookie jar settings on the " + "WindowGlobalParent"); + } + } + } + + return mCookieJarSettings; +} + +bool Document::UsingStorageAccess() { + if (WindowContext* wc = GetWindowContext()) { + return wc->GetUsingStorageAccess(); + } + + // If we don't yet have a window context, we have to use the decision + // from the Document's Channel's LoadInfo directly. + if (!mChannel) { + return false; + } + + nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo(); + return loadInfo->GetStoragePermission() != nsILoadInfo::NoStoragePermission; +} + +bool Document::HasStorageAccessPermissionGrantedByAllowList() { + // We only care about if the document gets the storage permission via the + // allow list here. So we don't check the storage access cache in the inner + // window. + + if (!mChannel) { + return false; + } + + nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo(); + return loadInfo->GetStoragePermission() == + nsILoadInfo::StoragePermissionAllowListed; +} + +nsIPrincipal* Document::EffectiveStoragePrincipal() const { + if (!StaticPrefs:: + privacy_partition_always_partition_third_party_non_cookie_storage()) { + return EffectiveCookiePrincipal(); + } + + nsPIDOMWindowInner* inner = GetInnerWindow(); + if (!inner) { + return NodePrincipal(); + } + + // Return our cached storage principal if one exists. + if (mActiveStoragePrincipal) { + return mActiveStoragePrincipal; + } + + // Calling StorageAllowedForDocument will notify the ContentBlockLog. This + // loads TrackingDBService.jsm, which in turn pulls in osfile.jsm, making us + // fail // browser/base/content/test/performance/browser_startup.js. To avoid + // that, we short-circuit the check here by allowing storage access to system + // and addon principles, avoiding the test-failure. + nsIPrincipal* principal = NodePrincipal(); + if (principal && (principal->IsSystemPrincipal() || + principal->GetIsAddonOrExpandedAddonPrincipal())) { + return mActiveStoragePrincipal = NodePrincipal(); + } + + auto cookieJarSettings = const_cast<Document*>(this)->CookieJarSettings(); + if (cookieJarSettings->GetIsOnContentBlockingAllowList()) { + return mActiveStoragePrincipal = NodePrincipal(); + } + + StorageAccess storageAccess = StorageAllowedForDocument(this); + if (!ShouldPartitionStorage(storageAccess) || + !StoragePartitioningEnabled(storageAccess, cookieJarSettings)) { + return mActiveStoragePrincipal = NodePrincipal(); + } + + Unused << NS_WARN_IF(NS_FAILED(StoragePrincipalHelper::GetPrincipal( + nsGlobalWindowInner::Cast(inner), + StoragePrincipalHelper::eForeignPartitionedPrincipal, + getter_AddRefs(mActiveStoragePrincipal)))); + return mActiveStoragePrincipal; +} + +nsIPrincipal* Document::EffectiveCookiePrincipal() const { + nsPIDOMWindowInner* inner = GetInnerWindow(); + if (!inner) { + return NodePrincipal(); + } + + // Return our cached storage principal if one exists. + if (mActiveCookiePrincipal) { + return mActiveCookiePrincipal; + } + + // We use the lower-level ContentBlocking API here to ensure this + // check doesn't send notifications. + uint32_t rejectedReason = 0; + if (ShouldAllowAccessFor(inner, GetDocumentURI(), &rejectedReason)) { + return mActiveCookiePrincipal = NodePrincipal(); + } + + // Let's use the storage principal only if we need to partition the cookie + // jar. When the permission is granted, access will be different and the + // normal principal will be used. + if (ShouldPartitionStorage(rejectedReason) && + !StoragePartitioningEnabled( + rejectedReason, const_cast<Document*>(this)->CookieJarSettings())) { + return mActiveCookiePrincipal = NodePrincipal(); + } + + return mActiveCookiePrincipal = mPartitionedPrincipal; +} + +nsIPrincipal* Document::GetPrincipalForPrefBasedHacks() const { + // If the document is sandboxed document or data: document, we should + // get URI of the parent document. + for (const Document* document = this; + document && document->IsContentDocument(); + document = document->GetInProcessParentDocument()) { + // The document URI may be about:blank even if it comes from actual web + // site. Therefore, we need to check the URI of its principal. + nsIPrincipal* principal = document->NodePrincipal(); + if (principal->GetIsNullPrincipal()) { + continue; + } + return principal; + } + return nullptr; +} + +void Document::SetIsInitialDocument(bool aIsInitialDocument) { + mIsInitialDocumentInWindow = aIsInitialDocument; + + if (aIsInitialDocument && !mIsEverInitialDocumentInWindow) { + mIsEverInitialDocumentInWindow = aIsInitialDocument; + } + + // Asynchronously tell the parent process that we are, or are no longer, the + // initial document. This happens async. + if (auto* wgc = GetWindowGlobalChild()) { + wgc->SendSetIsInitialDocument(aIsInitialDocument); + } +} + +// static +void Document::AddToplevelLoadingDocument(Document* aDoc) { + MOZ_ASSERT(aDoc && aDoc->IsTopLevelContentDocument()); + // Currently we're interested in foreground documents only, so bail out early. + if (aDoc->IsInBackgroundWindow() || !XRE_IsContentProcess()) { + return; + } + + if (!sLoadingForegroundTopLevelContentDocument) { + sLoadingForegroundTopLevelContentDocument = new AutoTArray<Document*, 8>(); + mozilla::ipc::IdleSchedulerChild* idleScheduler = + mozilla::ipc::IdleSchedulerChild::GetMainThreadIdleScheduler(); + if (idleScheduler) { + idleScheduler->SendRunningPrioritizedOperation(); + } + } + if (!sLoadingForegroundTopLevelContentDocument->Contains(aDoc)) { + sLoadingForegroundTopLevelContentDocument->AppendElement(aDoc); + } +} + +// static +void Document::RemoveToplevelLoadingDocument(Document* aDoc) { + MOZ_ASSERT(aDoc && aDoc->IsTopLevelContentDocument()); + if (sLoadingForegroundTopLevelContentDocument) { + sLoadingForegroundTopLevelContentDocument->RemoveElement(aDoc); + if (sLoadingForegroundTopLevelContentDocument->IsEmpty()) { + delete sLoadingForegroundTopLevelContentDocument; + sLoadingForegroundTopLevelContentDocument = nullptr; + + mozilla::ipc::IdleSchedulerChild* idleScheduler = + mozilla::ipc::IdleSchedulerChild::GetMainThreadIdleScheduler(); + if (idleScheduler) { + idleScheduler->SendPrioritizedOperationDone(); + } + } + } +} + +ColorScheme Document::DefaultColorScheme() const { + return LookAndFeel::ColorSchemeForStyle(*this, {GetColorSchemeBits()}); +} + +ColorScheme Document::PreferredColorScheme(IgnoreRFP aIgnoreRFP) const { + if (ShouldResistFingerprinting(RFPTarget::CSSPrefersColorScheme) && + aIgnoreRFP == IgnoreRFP::No) { + return ColorScheme::Light; + } + + if (nsPresContext* pc = GetPresContext()) { + if (auto scheme = pc->GetOverriddenOrEmbedderColorScheme()) { + return *scheme; + } + } + + return PreferenceSheet::PrefsFor(*this).mColorScheme; +} + +bool Document::HasRecentlyStartedForegroundLoads() { + if (!sLoadingForegroundTopLevelContentDocument) { + return false; + } + + for (size_t i = 0; i < sLoadingForegroundTopLevelContentDocument->Length(); + ++i) { + Document* doc = sLoadingForegroundTopLevelContentDocument->ElementAt(i); + // A page loaded in foreground could be in background now. + if (!doc->IsInBackgroundWindow()) { + nsPIDOMWindowInner* win = doc->GetInnerWindow(); + if (win) { + Performance* perf = win->GetPerformance(); + if (perf && + perf->Now() < StaticPrefs::page_load_deprioritization_period()) { + return true; + } + } + } + } + + // Didn't find any loading foreground documents, just clear the array. + delete sLoadingForegroundTopLevelContentDocument; + sLoadingForegroundTopLevelContentDocument = nullptr; + + mozilla::ipc::IdleSchedulerChild* idleScheduler = + mozilla::ipc::IdleSchedulerChild::GetMainThreadIdleScheduler(); + if (idleScheduler) { + idleScheduler->SendPrioritizedOperationDone(); + } + return false; +} + +void Document::AddPendingFrameStaticClone(nsFrameLoaderOwner* aElement, + nsFrameLoader* aStaticCloneOf) { + PendingFrameStaticClone* clone = mPendingFrameStaticClones.AppendElement(); + clone->mElement = aElement; + clone->mStaticCloneOf = aStaticCloneOf; +} + +bool Document::ShouldAvoidNativeTheme() const { + return StaticPrefs::widget_non_native_theme_enabled() && + (!IsInChromeDocShell() || XRE_IsContentProcess()); +} + +bool Document::UseRegularPrincipal() const { + return EffectiveStoragePrincipal() == NodePrincipal(); +} + +bool Document::HasThirdPartyChannel() { + nsCOMPtr<nsIChannel> channel = GetChannel(); + if (channel) { + // We assume that the channel is a third-party by default. + bool thirdParty = true; + + nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil = + components::ThirdPartyUtil::Service(); + if (!thirdPartyUtil) { + return thirdParty; + } + + // Check that if the channel is a third-party to its parent. + nsresult rv = + thirdPartyUtil->IsThirdPartyChannel(channel, nullptr, &thirdParty); + if (NS_FAILED(rv)) { + // Assume third-party in case of failure + thirdParty = true; + } + + return thirdParty; + } + + if (mParentDocument) { + return mParentDocument->HasThirdPartyChannel(); + } + + return false; +} + +bool Document::IsLikelyContentInaccessibleTopLevelAboutBlank() const { + if (!mDocumentURI || !NS_IsAboutBlank(mDocumentURI)) { + return false; + } + // FIXME(emilio): This is not quite edge-case free. See bug 1860098. + // + // For stuff in frames, that makes our per-document telemetry probes not + // really reliable but doesn't affect the correctness of our page probes, so + // it's not too terrible. + BrowsingContext* bc = GetBrowsingContext(); + return bc && bc->IsTop() && !bc->HadOriginalOpener(); +} + +bool Document::ShouldIncludeInTelemetry() const { + if (!IsContentDocument() && !IsResourceDoc()) { + return false; + } + + if (IsLikelyContentInaccessibleTopLevelAboutBlank()) { + return false; + } + + nsIPrincipal* prin = NodePrincipal(); + // TODO(emilio): Should this use GetIsContentPrincipal() + + // GetPrecursorPrincipal() instead (accounting for add-ons separately)? + return !(prin->GetIsAddonOrExpandedAddonPrincipal() || + prin->IsSystemPrincipal() || prin->SchemeIs("about") || + prin->SchemeIs("chrome") || prin->SchemeIs("resource")); +} + +void Document::GetConnectedShadowRoots( + nsTArray<RefPtr<ShadowRoot>>& aOut) const { + AppendToArray(aOut, mComposedShadowRoots); +} + +void Document::AddMediaElementWithMSE() { + if (mMediaElementWithMSECount++ == 0) { + if (WindowGlobalChild* wgc = GetWindowGlobalChild()) { + wgc->BlockBFCacheFor(BFCacheStatus::CONTAINS_MSE_CONTENT); + } + } +} + +void Document::RemoveMediaElementWithMSE() { + MOZ_ASSERT(mMediaElementWithMSECount > 0); + if (--mMediaElementWithMSECount == 0) { + if (WindowGlobalChild* wgc = GetWindowGlobalChild()) { + wgc->UnblockBFCacheFor(BFCacheStatus::CONTAINS_MSE_CONTENT); + } + } +} + +void Document::UnregisterFromMemoryReportingForDataDocument() { + if (!mAddedToMemoryReportingAsDataDocument) { + return; + } + mAddedToMemoryReportingAsDataDocument = false; + nsIGlobalObject* global = GetScopeObject(); + if (global) { + if (nsPIDOMWindowInner* win = global->GetAsInnerWindow()) { + nsGlobalWindowInner::Cast(win)->UnregisterDataDocumentForMemoryReporting( + this); + } + } +} +void Document::OOPChildLoadStarted(BrowserBridgeChild* aChild) { + MOZ_DIAGNOSTIC_ASSERT(!mOOPChildrenLoading.Contains(aChild)); + mOOPChildrenLoading.AppendElement(aChild); + if (mOOPChildrenLoading.Length() == 1) { + // Let's block unload so that we're blocked from going into the BFCache + // until the child has actually notified us that it has done loading. + BlockOnload(); + } +} + +void Document::OOPChildLoadDone(BrowserBridgeChild* aChild) { + // aChild will not be in the list if nsDocLoader::Stop() was called, since + // that clears mOOPChildrenLoading. It also dispatches the 'load' event, + // so we don't need to call DocLoaderIsEmpty in that case. + if (mOOPChildrenLoading.RemoveElement(aChild)) { + if (mOOPChildrenLoading.IsEmpty()) { + UnblockOnload(false); + } + RefPtr<nsDocLoader> docLoader(mDocumentContainer); + if (docLoader) { + docLoader->OOPChildrenLoadingIsEmpty(); + } + } +} + +void Document::ClearOOPChildrenLoading() { + nsTArray<const BrowserBridgeChild*> oopChildrenLoading; + mOOPChildrenLoading.SwapElements(oopChildrenLoading); + if (!oopChildrenLoading.IsEmpty()) { + UnblockOnload(false); + } +} + +bool Document::MayHaveDOMActivateListeners() const { + if (nsPIDOMWindowInner* inner = GetInnerWindow()) { + return inner->HasDOMActivateEventListeners(); + } + + // If we can't get information from the window object, default to true. + return true; +} + +HighlightRegistry& Document::HighlightRegistry() { + if (!mHighlightRegistry) { + mHighlightRegistry = MakeRefPtr<class HighlightRegistry>(this); + } + return *mHighlightRegistry; +} + +RadioGroupContainer& Document::OwnedRadioGroupContainer() { + if (!mRadioGroupContainer) { + mRadioGroupContainer = MakeUnique<RadioGroupContainer>(); + } + return *mRadioGroupContainer; +} + +void Document::UpdateHiddenByContentVisibilityForAnimations() { + for (AnimationTimeline* timeline : Timelines()) { + timeline->UpdateHiddenByContentVisibility(); + } +} + +void Document::SetAllowDeclarativeShadowRoots( + bool aAllowDeclarativeShadowRoots) { + mAllowDeclarativeShadowRoots = aAllowDeclarativeShadowRoots; +} + +bool Document::AllowsDeclarativeShadowRoots() const { + return mAllowDeclarativeShadowRoots; +} + +/* static */ +already_AddRefed<Document> Document::ParseHTMLUnsafe(GlobalObject& aGlobal, + const nsAString& aHTML) { + nsCOMPtr<nsIURI> uri; + NS_NewURI(getter_AddRefs(uri), "about:blank"); + if (!uri) { + return nullptr; + } + + nsCOMPtr<Document> doc; + nsresult rv = + NS_NewHTMLDocument(getter_AddRefs(doc), aGlobal.GetSubjectPrincipal(), + aGlobal.GetSubjectPrincipal()); + if (NS_WARN_IF(NS_FAILED(rv))) { + return nullptr; + } + + doc->SetAllowDeclarativeShadowRoots(true); + doc->SetDocumentURI(uri); + rv = nsContentUtils::ParseDocumentHTML(aHTML, doc, false); + if (NS_WARN_IF(NS_FAILED(rv))) { + return nullptr; + } + + return doc.forget(); +} + +} // namespace mozilla::dom |