summaryrefslogtreecommitdiffstats
path: root/dom/base/FragmentOrElement.cpp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--dom/base/FragmentOrElement.cpp2066
1 files changed, 2066 insertions, 0 deletions
diff --git a/dom/base/FragmentOrElement.cpp b/dom/base/FragmentOrElement.cpp
new file mode 100644
index 0000000000..9811ce5ace
--- /dev/null
+++ b/dom/base/FragmentOrElement.cpp
@@ -0,0 +1,2066 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Base class for all element classes and DocumentFragment.
+ */
+
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Likely.h"
+#include "mozilla/MemoryReporting.h"
+#include "mozilla/StaticPtr.h"
+
+#include "mozilla/dom/FragmentOrElement.h"
+#include "DOMIntersectionObserver.h"
+#include "mozilla/AsyncEventDispatcher.h"
+#include "mozilla/DeclarationBlock.h"
+#include "mozilla/EffectSet.h"
+#include "mozilla/EventDispatcher.h"
+#include "mozilla/EventListenerManager.h"
+#include "mozilla/ElementAnimationData.h"
+#include "mozilla/HTMLEditor.h"
+#include "mozilla/mozInlineSpellChecker.h"
+#include "mozilla/PresShell.h"
+#include "mozilla/RestyleManager.h"
+#include "mozilla/TextEditor.h"
+#include "mozilla/TouchEvents.h"
+#include "mozilla/URLExtraData.h"
+#include "mozilla/dom/Attr.h"
+#include "mozilla/dom/RadioGroupContainer.h"
+#include "nsDOMAttributeMap.h"
+#include "nsAtom.h"
+#include "mozilla/dom/NodeInfo.h"
+#include "mozilla/dom/Event.h"
+#include "mozilla/dom/ScriptLoader.h"
+#include "mozilla/dom/TouchEvent.h"
+#include "mozilla/dom/CustomElementRegistry.h"
+#include "mozilla/dom/Document.h"
+#include "mozilla/dom/DocumentInlines.h"
+#include "nsIControllers.h"
+#include "nsIDocumentEncoder.h"
+#include "nsFocusManager.h"
+#include "nsIScriptGlobalObject.h"
+#include "nsNetUtil.h"
+#include "nsIFrame.h"
+#include "nsIAnonymousContentCreator.h"
+#include "nsPresContext.h"
+#include "nsStyleConsts.h"
+#include "nsString.h"
+#include "nsUnicharUtils.h"
+#include "nsDOMCID.h"
+#include "nsDOMCSSAttrDeclaration.h"
+#include "nsNameSpaceManager.h"
+#include "nsContentList.h"
+#include "nsDOMTokenList.h"
+#include "nsError.h"
+#include "nsDOMString.h"
+#include "nsXULElement.h"
+#include "mozilla/InternalMutationEvent.h"
+#include "mozilla/MouseEvents.h"
+#include "nsAttrValueOrString.h"
+#include "nsQueryObject.h"
+#include "nsFrameSelection.h"
+#ifdef DEBUG
+# include "nsRange.h"
+#endif
+
+#include "nsFrameLoader.h"
+#include "nsPIDOMWindow.h"
+#include "nsLayoutUtils.h"
+#include "nsGkAtoms.h"
+#include "nsContentUtils.h"
+#include "nsTextFragment.h"
+#include "nsContentCID.h"
+#include "nsWindowSizes.h"
+
+#include "nsIWidget.h"
+
+#include "nsNodeInfoManager.h"
+#include "nsGenericHTMLElement.h"
+#include "nsContentCreatorFunctions.h"
+#include "nsView.h"
+#include "nsViewManager.h"
+#include "nsIScrollableFrame.h"
+#include "ChildIterator.h"
+#include "nsTextNode.h"
+#include "mozilla/dom/NodeListBinding.h"
+
+#include "nsCCUncollectableMarker.h"
+
+#include "mozAutoDocUpdate.h"
+
+#include "mozilla/Sprintf.h"
+#include "nsDOMMutationObserver.h"
+#include "nsWrapperCacheInlines.h"
+#include "nsCycleCollector.h"
+#include "xpcpublic.h"
+#include "mozilla/Telemetry.h"
+
+#include "mozilla/CORSMode.h"
+
+#include "mozilla/dom/ShadowRoot.h"
+#include "mozilla/dom/HTMLSlotElement.h"
+#include "mozilla/dom/HTMLTemplateElement.h"
+#include "mozilla/dom/SVGUseElement.h"
+
+#include "nsStyledElement.h"
+#include "nsIContentInlines.h"
+#include "nsChildContentList.h"
+#include "mozilla/BloomFilter.h"
+
+#include "NodeUbiReporting.h"
+
+#ifdef ACCESSIBILITY
+# include "nsAccessibilityService.h"
+#endif
+
+using namespace mozilla;
+using namespace mozilla::dom;
+
+int32_t nsIContent::sTabFocusModel = eTabFocus_any;
+bool nsIContent::sTabFocusModelAppliesToXUL = false;
+uint64_t nsMutationGuard::sGeneration = 0;
+
+NS_IMPL_CYCLE_COLLECTION_CLASS(nsIContent)
+
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(nsIContent)
+ MOZ_ASSERT_UNREACHABLE("Our subclasses don't call us");
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsIContent)
+ MOZ_ASSERT_UNREACHABLE("Our subclasses don't call us");
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+NS_INTERFACE_MAP_BEGIN(nsIContent)
+ NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
+ // Don't bother to QI to cycle collection, because our CC impl is
+ // not doing anything anyway.
+ NS_INTERFACE_MAP_ENTRY(nsIContent)
+ NS_INTERFACE_MAP_ENTRY(nsINode)
+ NS_INTERFACE_MAP_ENTRY(mozilla::dom::EventTarget)
+ NS_INTERFACE_MAP_ENTRY_TEAROFF(nsISupportsWeakReference,
+ new nsNodeSupportsWeakRefTearoff(this))
+ // DOM bindings depend on the identity pointer being the
+ // same as nsINode (which nsIContent inherits).
+ NS_INTERFACE_MAP_ENTRY(nsISupports)
+NS_INTERFACE_MAP_END
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(nsIContent)
+
+NS_IMPL_DOMARENA_DESTROY(nsIContent)
+
+NS_IMPL_CYCLE_COLLECTING_RELEASE_WITH_LAST_RELEASE_AND_DESTROY(nsIContent,
+ LastRelease(),
+ Destroy())
+
+nsIContent* nsIContent::FindFirstNonChromeOnlyAccessContent() const {
+ // This handles also nested native anonymous content.
+ for (const nsIContent* content = this; content;
+ content = content->GetChromeOnlyAccessSubtreeRootParent()) {
+ if (!content->ChromeOnlyAccess()) {
+ // Oops, this function signature allows casting const to
+ // non-const. (Then again, so does GetFirstChild()->GetParent().)
+ return const_cast<nsIContent*>(content);
+ }
+ }
+ return nullptr;
+}
+
+// https://dom.spec.whatwg.org/#dom-slotable-assignedslot
+HTMLSlotElement* nsIContent::GetAssignedSlotByMode() const {
+ /**
+ * Get slotable's assigned slot for the result of
+ * find a slot with open flag UNSET [1].
+ *
+ * [1] https://dom.spec.whatwg.org/#assign-a-slot
+ */
+ HTMLSlotElement* slot = GetAssignedSlot();
+ if (!slot) {
+ return nullptr;
+ }
+
+ MOZ_ASSERT(GetParent());
+ MOZ_ASSERT(GetParent()->GetShadowRoot());
+
+ /**
+ * Additional check for open flag SET:
+ * If slotable’s parent’s shadow root's mode is not "open",
+ * then return null.
+ */
+ if (GetParent()->GetShadowRoot()->IsClosed()) {
+ return nullptr;
+ }
+
+ return slot;
+}
+
+nsIContent::IMEState nsIContent::GetDesiredIMEState() {
+ if (!IsEditable()) {
+ // Check for the special case where we're dealing with elements which don't
+ // have the editable flag set, but are readwrite (such as text controls).
+ if (!IsElement() ||
+ !AsElement()->State().HasState(ElementState::READWRITE)) {
+ return IMEState(IMEEnabled::Disabled);
+ }
+ }
+ // NOTE: The content for independent editors (e.g., input[type=text],
+ // textarea) must override this method, so, we don't need to worry about
+ // that here.
+ nsIContent* editableAncestor = GetEditingHost();
+
+ // This is in another editable content, use the result of it.
+ if (editableAncestor && editableAncestor != this) {
+ return editableAncestor->GetDesiredIMEState();
+ }
+ Document* doc = GetComposedDoc();
+ if (!doc) {
+ return IMEState(IMEEnabled::Disabled);
+ }
+ nsPresContext* pc = doc->GetPresContext();
+ if (!pc) {
+ return IMEState(IMEEnabled::Disabled);
+ }
+ HTMLEditor* htmlEditor = nsContentUtils::GetHTMLEditor(pc);
+ if (!htmlEditor) {
+ return IMEState(IMEEnabled::Disabled);
+ }
+ IMEState state;
+ htmlEditor->GetPreferredIMEState(&state);
+ return state;
+}
+
+bool nsIContent::HasIndependentSelection() const {
+ nsIFrame* frame = GetPrimaryFrame();
+ return (frame && frame->HasAnyStateBits(NS_FRAME_INDEPENDENT_SELECTION));
+}
+
+dom::Element* nsIContent::GetEditingHost() {
+ // If this isn't editable, return nullptr.
+ if (!IsEditable()) {
+ return nullptr;
+ }
+
+ Document* doc = GetComposedDoc();
+ if (!doc) {
+ return nullptr;
+ }
+
+ // If this is in designMode, we should return <body>
+ if (IsInDesignMode() && !IsInShadowTree()) {
+ return doc->GetBodyElement();
+ }
+
+ dom::Element* editableParentElement = nullptr;
+ for (dom::Element* parent = GetParentElement();
+ parent && parent->HasFlag(NODE_IS_EDITABLE);
+ parent = editableParentElement->GetParentElement()) {
+ editableParentElement = parent;
+ }
+ return editableParentElement ? editableParentElement
+ : dom::Element::FromNode(this);
+}
+
+nsresult nsIContent::LookupNamespaceURIInternal(
+ const nsAString& aNamespacePrefix, nsAString& aNamespaceURI) const {
+ if (aNamespacePrefix.EqualsLiteral("xml")) {
+ // Special-case for xml prefix
+ aNamespaceURI.AssignLiteral("http://www.w3.org/XML/1998/namespace");
+ return NS_OK;
+ }
+
+ if (aNamespacePrefix.EqualsLiteral("xmlns")) {
+ // Special-case for xmlns prefix
+ aNamespaceURI.AssignLiteral("http://www.w3.org/2000/xmlns/");
+ return NS_OK;
+ }
+
+ RefPtr<nsAtom> name;
+ if (!aNamespacePrefix.IsEmpty()) {
+ name = NS_Atomize(aNamespacePrefix);
+ NS_ENSURE_TRUE(name, NS_ERROR_OUT_OF_MEMORY);
+ } else {
+ name = nsGkAtoms::xmlns;
+ }
+ // Trace up the content parent chain looking for the namespace
+ // declaration that declares aNamespacePrefix.
+ for (Element* element = GetAsElementOrParentElement(); element;
+ element = element->GetParentElement()) {
+ if (element->GetAttr(kNameSpaceID_XMLNS, name, aNamespaceURI)) {
+ return NS_OK;
+ }
+ }
+ return NS_ERROR_FAILURE;
+}
+
+nsAtom* nsIContent::GetLang() const {
+ for (const Element* element = GetAsElementOrParentElement(); element;
+ element = element->GetParentElement()) {
+ if (!element->GetAttrCount()) {
+ continue;
+ }
+
+ // xml:lang has precedence over lang on HTML elements (see
+ // XHTML1 section C.7).
+ const nsAttrValue* attr =
+ element->GetParsedAttr(nsGkAtoms::lang, kNameSpaceID_XML);
+ if (!attr && element->SupportsLangAttr()) {
+ attr = element->GetParsedAttr(nsGkAtoms::lang);
+ }
+ if (attr) {
+ MOZ_ASSERT(attr->Type() == nsAttrValue::eAtom);
+ MOZ_ASSERT(attr->GetAtomValue());
+ return attr->GetAtomValue();
+ }
+ }
+
+ return nullptr;
+}
+
+nsIURI* nsIContent::GetBaseURI(bool aTryUseXHRDocBaseURI) const {
+ if (SVGUseElement* use = GetContainingSVGUseShadowHost()) {
+ if (URLExtraData* data = use->GetContentURLData()) {
+ return data->BaseURI();
+ }
+ }
+
+ return OwnerDoc()->GetBaseURI(aTryUseXHRDocBaseURI);
+}
+
+nsIURI* nsIContent::GetBaseURIForStyleAttr() const {
+ if (SVGUseElement* use = GetContainingSVGUseShadowHost()) {
+ if (URLExtraData* data = use->GetContentURLData()) {
+ return data->BaseURI();
+ }
+ }
+ // This also ignores the case that SVG inside XBL binding.
+ // But it is probably fine.
+ return OwnerDoc()->GetDocBaseURI();
+}
+
+already_AddRefed<URLExtraData> nsIContent::GetURLDataForStyleAttr(
+ nsIPrincipal* aSubjectPrincipal) const {
+ if (SVGUseElement* use = GetContainingSVGUseShadowHost()) {
+ if (URLExtraData* data = use->GetContentURLData()) {
+ return do_AddRef(data);
+ }
+ }
+ auto* doc = OwnerDoc();
+ if (aSubjectPrincipal && aSubjectPrincipal != NodePrincipal()) {
+ nsCOMPtr<nsIReferrerInfo> referrerInfo =
+ doc->ReferrerInfoForInternalCSSAndSVGResources();
+ // TODO: Cache this?
+ return MakeAndAddRef<URLExtraData>(doc->GetDocBaseURI(), referrerInfo,
+ aSubjectPrincipal);
+ }
+ return do_AddRef(doc->DefaultStyleAttrURLData());
+}
+
+void nsIContent::ConstructUbiNode(void* storage) {
+ JS::ubi::Concrete<nsIContent>::construct(storage, this);
+}
+
+bool nsIContent::InclusiveDescendantMayNeedSpellchecking(HTMLEditor* aEditor) {
+ // Return true if the node may have elements as children, since those or their
+ // descendants may have spellcheck attributes.
+ return HasFlag(NODE_MAY_HAVE_ELEMENT_CHILDREN) ||
+ mozInlineSpellChecker::ShouldSpellCheckNode(aEditor, this);
+}
+
+//----------------------------------------------------------------------
+
+static inline JSObject* GetJSObjectChild(nsWrapperCache* aCache) {
+ return aCache->PreservingWrapper() ? aCache->GetWrapperPreserveColor()
+ : nullptr;
+}
+
+static bool NeedsScriptTraverse(nsINode* aNode) {
+ return aNode->PreservingWrapper() && aNode->GetWrapperPreserveColor() &&
+ !aNode->HasKnownLiveWrapperAndDoesNotNeedTracing(aNode);
+}
+
+//----------------------------------------------------------------------
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(nsAttrChildContentList)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(nsAttrChildContentList)
+
+NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(nsAttrChildContentList, mNode)
+
+// If the wrapper is known-live, the list can't be part of a garbage cycle.
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_BEGIN(nsAttrChildContentList)
+ return tmp->HasKnownLiveWrapper();
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_BEGIN(nsAttrChildContentList)
+ return tmp->HasKnownLiveWrapperAndDoesNotNeedTracing(tmp);
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(nsAttrChildContentList)
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END
+
+NS_INTERFACE_TABLE_HEAD(nsAttrChildContentList)
+ NS_WRAPPERCACHE_INTERFACE_TABLE_ENTRY
+ NS_INTERFACE_TABLE(nsAttrChildContentList, nsINodeList)
+ NS_INTERFACE_TABLE_TO_MAP_SEGUE_CYCLE_COLLECTION(nsAttrChildContentList)
+NS_INTERFACE_MAP_END
+
+JSObject* nsAttrChildContentList::WrapObject(
+ JSContext* cx, JS::Handle<JSObject*> aGivenProto) {
+ return NodeList_Binding::Wrap(cx, this, aGivenProto);
+}
+
+uint32_t nsAttrChildContentList::Length() {
+ return mNode ? mNode->GetChildCount() : 0;
+}
+
+nsIContent* nsAttrChildContentList::Item(uint32_t aIndex) {
+ if (mNode) {
+ return mNode->GetChildAt_Deprecated(aIndex);
+ }
+
+ return nullptr;
+}
+
+int32_t nsAttrChildContentList::IndexOf(nsIContent* aContent) {
+ if (mNode) {
+ return mNode->ComputeIndexOf_Deprecated(aContent);
+ }
+
+ return -1;
+}
+
+//----------------------------------------------------------------------
+uint32_t nsParentNodeChildContentList::Length() {
+ if (!mIsCacheValid && !ValidateCache()) {
+ return 0;
+ }
+
+ MOZ_ASSERT(mIsCacheValid);
+
+ return mCachedChildArray.Length();
+}
+
+nsIContent* nsParentNodeChildContentList::Item(uint32_t aIndex) {
+ if (!mIsCacheValid && !ValidateCache()) {
+ return nullptr;
+ }
+
+ MOZ_ASSERT(mIsCacheValid);
+
+ return mCachedChildArray.SafeElementAt(aIndex, nullptr);
+}
+
+int32_t nsParentNodeChildContentList::IndexOf(nsIContent* aContent) {
+ if (!mIsCacheValid && !ValidateCache()) {
+ return -1;
+ }
+
+ MOZ_ASSERT(mIsCacheValid);
+
+ return mCachedChildArray.IndexOf(aContent);
+}
+
+bool nsParentNodeChildContentList::ValidateCache() {
+ MOZ_ASSERT(!mIsCacheValid);
+ MOZ_ASSERT(mCachedChildArray.IsEmpty());
+
+ nsINode* parent = GetParentObject();
+ if (!parent) {
+ return false;
+ }
+
+ for (nsIContent* node = parent->GetFirstChild(); node;
+ node = node->GetNextSibling()) {
+ mCachedChildArray.AppendElement(node);
+ }
+ mIsCacheValid = true;
+
+ return true;
+}
+
+//----------------------------------------------------------------------
+
+nsIHTMLCollection* FragmentOrElement::Children() {
+ nsDOMSlots* slots = DOMSlots();
+
+ if (!slots->mChildrenList) {
+ slots->mChildrenList =
+ new nsContentList(this, kNameSpaceID_Wildcard, nsGkAtoms::_asterisk,
+ nsGkAtoms::_asterisk, false);
+ }
+
+ return slots->mChildrenList;
+}
+
+//----------------------------------------------------------------------
+
+NS_IMPL_CYCLE_COLLECTION(nsNodeSupportsWeakRefTearoff, mNode)
+
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(nsNodeSupportsWeakRefTearoff)
+ NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
+NS_INTERFACE_MAP_END_AGGREGATED(mNode)
+
+NS_IMPL_CYCLE_COLLECTING_ADDREF(nsNodeSupportsWeakRefTearoff)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(nsNodeSupportsWeakRefTearoff)
+
+NS_IMETHODIMP
+nsNodeSupportsWeakRefTearoff::GetWeakReference(
+ nsIWeakReference** aInstancePtr) {
+ nsINode::nsSlots* slots = mNode->Slots();
+ if (!slots->mWeakReference) {
+ slots->mWeakReference = new nsNodeWeakReference(mNode);
+ }
+
+ NS_ADDREF(*aInstancePtr = slots->mWeakReference);
+
+ return NS_OK;
+}
+
+//----------------------------------------------------------------------
+
+static const size_t MaxDOMSlotSizeAllowed =
+#ifdef HAVE_64BIT_BUILD
+ 128;
+#else
+ 64;
+#endif
+
+static_assert(sizeof(nsINode::nsSlots) <= MaxDOMSlotSizeAllowed,
+ "DOM slots cannot be grown without consideration");
+static_assert(sizeof(FragmentOrElement::nsDOMSlots) <= MaxDOMSlotSizeAllowed,
+ "DOM slots cannot be grown without consideration");
+
+void nsIContent::nsExtendedContentSlots::UnlinkExtendedSlots(nsIContent&) {
+ mContainingShadow = nullptr;
+ mAssignedSlot = nullptr;
+}
+
+void nsIContent::nsExtendedContentSlots::TraverseExtendedSlots(
+ nsCycleCollectionTraversalCallback& aCb) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mExtendedSlots->mContainingShadow");
+ aCb.NoteXPCOMChild(NS_ISUPPORTS_CAST(nsIContent*, mContainingShadow));
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mExtendedSlots->mAssignedSlot");
+ aCb.NoteXPCOMChild(NS_ISUPPORTS_CAST(nsIContent*, mAssignedSlot.get()));
+}
+
+nsIContent::nsExtendedContentSlots::nsExtendedContentSlots() = default;
+
+nsIContent::nsExtendedContentSlots::~nsExtendedContentSlots() {
+ MOZ_ASSERT(!mManualSlotAssignment);
+}
+
+size_t nsIContent::nsExtendedContentSlots::SizeOfExcludingThis(
+ MallocSizeOf aMallocSizeOf) const {
+ // For now, nothing to measure here. We don't actually own any of our
+ // members.
+ return 0;
+}
+
+FragmentOrElement::nsDOMSlots::nsDOMSlots() : mDataset(nullptr) {
+ MOZ_COUNT_CTOR(nsDOMSlots);
+}
+
+FragmentOrElement::nsDOMSlots::~nsDOMSlots() {
+ MOZ_COUNT_DTOR(nsDOMSlots);
+
+ if (mAttributeMap) {
+ mAttributeMap->DropReference();
+ }
+}
+
+void FragmentOrElement::nsDOMSlots::Traverse(
+ nsCycleCollectionTraversalCallback& aCb) {
+ nsIContent::nsContentSlots::Traverse(aCb);
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mSlots->mStyle");
+ aCb.NoteXPCOMChild(mStyle.get());
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mSlots->mAttributeMap");
+ aCb.NoteXPCOMChild(mAttributeMap.get());
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mSlots->mChildrenList");
+ aCb.NoteXPCOMChild(NS_ISUPPORTS_CAST(nsINodeList*, mChildrenList));
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mSlots->mClassList");
+ aCb.NoteXPCOMChild(mClassList.get());
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mSlots->mPart");
+ aCb.NoteXPCOMChild(mPart.get());
+}
+
+void FragmentOrElement::nsDOMSlots::Unlink(nsINode& aNode) {
+ nsIContent::nsContentSlots::Unlink(aNode);
+ mStyle = nullptr;
+ if (mAttributeMap) {
+ mAttributeMap->DropReference();
+ mAttributeMap = nullptr;
+ }
+ mChildrenList = nullptr;
+ mClassList = nullptr;
+ mPart = nullptr;
+}
+
+size_t FragmentOrElement::nsDOMSlots::SizeOfIncludingThis(
+ MallocSizeOf aMallocSizeOf) const {
+ size_t n = aMallocSizeOf(this);
+
+ nsExtendedContentSlots* extendedSlots = GetExtendedContentSlots();
+ if (extendedSlots) {
+ if (OwnsExtendedSlots()) {
+ n += aMallocSizeOf(extendedSlots);
+ }
+
+ n += extendedSlots->SizeOfExcludingThis(aMallocSizeOf);
+ }
+
+ if (mAttributeMap) {
+ n += mAttributeMap->SizeOfIncludingThis(aMallocSizeOf);
+ }
+
+ if (mChildrenList) {
+ n += mChildrenList->SizeOfIncludingThis(aMallocSizeOf);
+ }
+
+ // Measurement of the following members may be added later if DMD finds it is
+ // worthwhile:
+ // - Superclass members (nsINode::nsSlots)
+ // - mStyle
+ // - mDataSet
+ // - mClassList
+
+ // The following member are not measured:
+ // - mControllers: because it is non-owning
+ return n;
+}
+
+FragmentOrElement::nsExtendedDOMSlots::nsExtendedDOMSlots() = default;
+
+FragmentOrElement::nsExtendedDOMSlots::~nsExtendedDOMSlots() = default;
+
+void FragmentOrElement::nsExtendedDOMSlots::UnlinkExtendedSlots(
+ nsIContent& aContent) {
+ nsIContent::nsExtendedContentSlots::UnlinkExtendedSlots(aContent);
+
+ // mShadowRoot will similarly be cleared explicitly from
+ // FragmentOrElement::Unlink.
+ mSMILOverrideStyle = nullptr;
+ mControllers = nullptr;
+ mLabelsList = nullptr;
+ mPopoverData = nullptr;
+ if (mCustomElementData) {
+ mCustomElementData->Unlink();
+ mCustomElementData = nullptr;
+ }
+ if (mAnimations) {
+ mAnimations = nullptr;
+ aContent.ClearMayHaveAnimations();
+ }
+ mExplicitlySetAttrElements.Clear();
+ mRadioGroupContainer = nullptr;
+}
+
+void FragmentOrElement::nsExtendedDOMSlots::TraverseExtendedSlots(
+ nsCycleCollectionTraversalCallback& aCb) {
+ nsIContent::nsExtendedContentSlots::TraverseExtendedSlots(aCb);
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mExtendedSlots->mSMILOverrideStyle");
+ aCb.NoteXPCOMChild(mSMILOverrideStyle.get());
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mExtendedSlots->mControllers");
+ aCb.NoteXPCOMChild(mControllers);
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mExtendedSlots->mLabelsList");
+ aCb.NoteXPCOMChild(NS_ISUPPORTS_CAST(nsINodeList*, mLabelsList));
+
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(aCb, "mExtendedSlots->mShadowRoot");
+ aCb.NoteXPCOMChild(NS_ISUPPORTS_CAST(nsIContent*, mShadowRoot));
+
+ if (mCustomElementData) {
+ mCustomElementData->Traverse(aCb);
+ }
+ if (mAnimations) {
+ mAnimations->Traverse(aCb);
+ }
+ if (mRadioGroupContainer) {
+ RadioGroupContainer::Traverse(mRadioGroupContainer.get(), aCb);
+ }
+}
+
+size_t FragmentOrElement::nsExtendedDOMSlots::SizeOfExcludingThis(
+ MallocSizeOf aMallocSizeOf) const {
+ size_t n =
+ nsIContent::nsExtendedContentSlots::SizeOfExcludingThis(aMallocSizeOf);
+
+ // We own mSMILOverrideStyle but there seems to be no memory reporting on CSS
+ // declarations? At least report the memory the declaration takes up
+ // directly.
+ if (mSMILOverrideStyle) {
+ n += aMallocSizeOf(mSMILOverrideStyle);
+ }
+
+ // We don't really own mSMILOverrideStyleDeclaration. mSMILOverrideStyle owns
+ // it.
+
+ // We don't seem to have memory reporting for nsXULControllers. At least
+ // report the memory it's using directly.
+ if (mControllers) {
+ n += aMallocSizeOf(mControllers);
+ }
+
+ if (mLabelsList) {
+ n += mLabelsList->SizeOfIncludingThis(aMallocSizeOf);
+ }
+
+ // mShadowRoot should be handled during normal DOM tree memory reporting, just
+ // like kids, siblings, etc.
+
+ if (mCustomElementData) {
+ n += mCustomElementData->SizeOfIncludingThis(aMallocSizeOf);
+ }
+
+ if (mRadioGroupContainer) {
+ n += mRadioGroupContainer->SizeOfIncludingThis(aMallocSizeOf);
+ }
+
+ return n;
+}
+
+FragmentOrElement::FragmentOrElement(
+ already_AddRefed<mozilla::dom::NodeInfo>&& aNodeInfo)
+ : nsIContent(std::move(aNodeInfo)) {}
+
+FragmentOrElement::~FragmentOrElement() {
+ MOZ_ASSERT(!IsInUncomposedDoc(),
+ "Please remove this from the document properly");
+ if (GetParent()) {
+ NS_RELEASE(mParent);
+ }
+}
+
+static nsINode* FindChromeAccessOnlySubtreeOwner(nsINode* aNode) {
+ if (!aNode->ChromeOnlyAccess()) {
+ return aNode;
+ }
+ return const_cast<nsIContent*>(aNode->GetChromeOnlyAccessSubtreeRootParent());
+}
+
+nsINode* FindChromeAccessOnlySubtreeOwner(EventTarget* aTarget) {
+ nsINode* node = nsINode::FromEventTargetOrNull(aTarget);
+ if (!node) {
+ return nullptr;
+ }
+ return FindChromeAccessOnlySubtreeOwner(node);
+}
+
+void nsIContent::GetEventTargetParent(EventChainPreVisitor& aVisitor) {
+ // FIXME! Document how this event retargeting works, Bug 329124.
+ aVisitor.mCanHandle = true;
+ aVisitor.mMayHaveListenerManager = HasListenerManager();
+
+ if (IsInShadowTree()) {
+ aVisitor.mItemInShadowTree = true;
+ }
+
+ // Don't propagate mouseover and mouseout events when mouse is moving
+ // inside chrome access only content.
+ const bool isAnonForEvents = IsRootOfChromeAccessOnlySubtree();
+ aVisitor.mRootOfClosedTree = isAnonForEvents;
+ if ((aVisitor.mEvent->mMessage == eMouseOver ||
+ aVisitor.mEvent->mMessage == eMouseOut ||
+ aVisitor.mEvent->mMessage == ePointerOver ||
+ aVisitor.mEvent->mMessage == ePointerOut) &&
+ // Check if we should stop event propagation when event has just been
+ // dispatched or when we're about to propagate from
+ // chrome access only subtree or if we are about to propagate out of
+ // a shadow root to a shadow root host.
+ ((this == aVisitor.mEvent->mOriginalTarget && !ChromeOnlyAccess()) ||
+ isAnonForEvents)) {
+ nsIContent* relatedTarget = nsIContent::FromEventTargetOrNull(
+ aVisitor.mEvent->AsMouseEvent()->mRelatedTarget);
+ if (relatedTarget && relatedTarget->OwnerDoc() == OwnerDoc()) {
+ // If current target is anonymous for events or we know that related
+ // target is descendant of an element which is anonymous for events,
+ // we may want to stop event propagation.
+ // If this is the original target, aVisitor.mRelatedTargetIsInAnon
+ // must be updated.
+ if (isAnonForEvents || aVisitor.mRelatedTargetIsInAnon ||
+ (aVisitor.mEvent->mOriginalTarget == this &&
+ (aVisitor.mRelatedTargetIsInAnon =
+ relatedTarget->ChromeOnlyAccess()))) {
+ nsINode* anonOwner = FindChromeAccessOnlySubtreeOwner(this);
+ if (anonOwner) {
+ nsINode* anonOwnerRelated =
+ FindChromeAccessOnlySubtreeOwner(relatedTarget);
+ if (anonOwnerRelated) {
+ // Note, anonOwnerRelated may still be inside some other
+ // native anonymous subtree. The case where anonOwner is still
+ // inside native anonymous subtree will be handled when event
+ // propagates up in the DOM tree.
+ while (anonOwner != anonOwnerRelated &&
+ anonOwnerRelated->ChromeOnlyAccess()) {
+ anonOwnerRelated =
+ FindChromeAccessOnlySubtreeOwner(anonOwnerRelated);
+ }
+ if (anonOwner == anonOwnerRelated) {
+#ifdef DEBUG_smaug
+ nsIContent* originalTarget = nsIContent::FromEventTargetOrNull(
+ aVisitor.mEvent->mOriginalTarget);
+ nsAutoString ot, ct, rt;
+ if (originalTarget) {
+ originalTarget->NodeInfo()->NameAtom()->ToString(ot);
+ }
+ NodeInfo()->NameAtom()->ToString(ct);
+ relatedTarget->NodeInfo()->NameAtom()->ToString(rt);
+ printf(
+ "Stopping %s propagation:"
+ "\n\toriginalTarget=%s \n\tcurrentTarget=%s %s"
+ "\n\trelatedTarget=%s %s \n%s",
+ (aVisitor.mEvent->mMessage == eMouseOver) ? "mouseover"
+ : "mouseout",
+ NS_ConvertUTF16toUTF8(ot).get(),
+ NS_ConvertUTF16toUTF8(ct).get(),
+ isAnonForEvents
+ ? "(is native anonymous)"
+ : (ChromeOnlyAccess() ? "(is in native anonymous subtree)"
+ : ""),
+ NS_ConvertUTF16toUTF8(rt).get(),
+ relatedTarget->ChromeOnlyAccess()
+ ? "(is in native anonymous subtree)"
+ : "",
+ (originalTarget &&
+ relatedTarget->FindFirstNonChromeOnlyAccessContent() ==
+ originalTarget->FindFirstNonChromeOnlyAccessContent())
+ ? ""
+ : "Wrong event propagation!?!\n");
+#endif
+ aVisitor.SetParentTarget(nullptr, false);
+ // Event should not propagate to non-anon content.
+ aVisitor.mCanHandle = isAnonForEvents;
+ return;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ // Event parent is the assigned slot, if node is assigned, or node's parent
+ // otherwise.
+ HTMLSlotElement* slot = GetAssignedSlot();
+ nsIContent* parent = slot ? slot : GetParent();
+
+ // Event may need to be retargeted if this is the root of a native anonymous
+ // content subtree.
+ if (isAnonForEvents) {
+#ifdef DEBUG
+ // If a DOM event is explicitly dispatched using node.dispatchEvent(), then
+ // all the events are allowed even in the native anonymous content..
+ nsIContent* t =
+ nsIContent::FromEventTargetOrNull(aVisitor.mEvent->mOriginalTarget);
+ NS_ASSERTION(!t || !t->ChromeOnlyAccess() ||
+ aVisitor.mEvent->mClass != eMutationEventClass ||
+ aVisitor.mDOMEvent,
+ "Mutation event dispatched in native anonymous content!?!");
+#endif
+ if (aVisitor.mEvent->mClass == eTransitionEventClass ||
+ aVisitor.mEvent->mClass == eAnimationEventClass) {
+ // Event should not propagate to non-anon content.
+ aVisitor.SetParentTarget(nullptr, false);
+ return;
+ }
+ aVisitor.mEventTargetAtParent = parent;
+ } else if (parent && aVisitor.mOriginalTargetIsInAnon) {
+ nsIContent* content =
+ nsIContent::FromEventTargetOrNull(aVisitor.mEvent->mTarget);
+ if (content &&
+ content->GetClosestNativeAnonymousSubtreeRootParentOrHost() == parent) {
+ aVisitor.mEventTargetAtParent = parent;
+ }
+ }
+
+ if (!aVisitor.mEvent->mFlags.mComposedInNativeAnonymousContent &&
+ IsRootOfNativeAnonymousSubtree() && OwnerDoc()->GetWindow()) {
+ aVisitor.SetParentTarget(OwnerDoc()->GetWindow()->GetParentTarget(), true);
+ } else if (parent) {
+ aVisitor.SetParentTarget(parent, false);
+ if (slot) {
+ ShadowRoot* root = slot->GetContainingShadow();
+ if (root && root->IsClosed()) {
+ aVisitor.mParentIsSlotInClosedTree = true;
+ }
+ }
+ } else {
+ aVisitor.SetParentTarget(GetComposedDoc(), false);
+ }
+
+ if (!ChromeOnlyAccess() && !aVisitor.mRelatedTargetRetargetedInCurrentScope) {
+ // We don't support Shadow DOM in native anonymous content yet.
+ aVisitor.mRelatedTargetRetargetedInCurrentScope = true;
+ if (aVisitor.mEvent->mOriginalRelatedTarget) {
+ // https://dom.spec.whatwg.org/#concept-event-dispatch
+ // Step 3.
+ // "Let relatedTarget be the result of retargeting event's relatedTarget
+ // against target if event's relatedTarget is non-null, and null
+ // otherwise."
+ //
+ // This is a bit complicated because the event might be from native
+ // anonymous content, but we need to deal with non-native anonymous
+ // content there.
+ bool initialTarget = this == aVisitor.mEvent->mOriginalTarget;
+ nsCOMPtr<nsINode> originalTargetAsNode;
+ // Use of mOriginalTargetIsInAnon is an optimization here.
+ if (!initialTarget && aVisitor.mOriginalTargetIsInAnon) {
+ originalTargetAsNode =
+ FindChromeAccessOnlySubtreeOwner(aVisitor.mEvent->mOriginalTarget);
+ initialTarget = originalTargetAsNode == this;
+ }
+ if (initialTarget) {
+ nsCOMPtr<nsINode> relatedTargetAsNode =
+ FindChromeAccessOnlySubtreeOwner(
+ aVisitor.mEvent->mOriginalRelatedTarget);
+ if (!originalTargetAsNode) {
+ originalTargetAsNode =
+ nsINode::FromEventTargetOrNull(aVisitor.mEvent->mOriginalTarget);
+ }
+
+ if (relatedTargetAsNode && originalTargetAsNode) {
+ nsINode* retargetedRelatedTarget = nsContentUtils::Retarget(
+ relatedTargetAsNode, originalTargetAsNode);
+ if (originalTargetAsNode == retargetedRelatedTarget &&
+ retargetedRelatedTarget != relatedTargetAsNode) {
+ // Step 4.
+ // "If target is relatedTarget and target is not event's
+ // relatedTarget, then return true."
+ aVisitor.IgnoreCurrentTargetBecauseOfShadowDOMRetargeting();
+ // Old code relies on mTarget to point to the first element which
+ // was not added to the event target chain because of mCanHandle
+ // being false, but in Shadow DOM case mTarget really should
+ // point to a node in Shadow DOM.
+ aVisitor.mEvent->mTarget = aVisitor.mTargetInKnownToBeHandledScope;
+ return;
+ }
+
+ // Part of step 5. Retargeting target has happened already higher
+ // up in this method.
+ // "Append to an event path with event, target, targetOverride,
+ // relatedTarget, and false."
+ aVisitor.mRetargetedRelatedTarget = retargetedRelatedTarget;
+ }
+ } else {
+ nsCOMPtr<nsINode> relatedTargetAsNode =
+ FindChromeAccessOnlySubtreeOwner(
+ aVisitor.mEvent->mOriginalRelatedTarget);
+ if (relatedTargetAsNode) {
+ // Step 11.3.
+ // "Let relatedTarget be the result of retargeting event's
+ // relatedTarget against parent if event's relatedTarget is non-null,
+ // and null otherwise.".
+ nsINode* retargetedRelatedTarget =
+ nsContentUtils::Retarget(relatedTargetAsNode, this);
+ nsCOMPtr<nsINode> targetInKnownToBeHandledScope =
+ FindChromeAccessOnlySubtreeOwner(
+ aVisitor.mTargetInKnownToBeHandledScope);
+ // If aVisitor.mTargetInKnownToBeHandledScope wasn't nsINode,
+ // targetInKnownToBeHandledScope will be null. This may happen when
+ // dispatching event to Window object in a content page and
+ // propagating the event to a chrome Element.
+ if (targetInKnownToBeHandledScope &&
+ IsShadowIncludingInclusiveDescendantOf(
+ targetInKnownToBeHandledScope->SubtreeRoot())) {
+ // Part of step 11.4.
+ // "If target's root is a shadow-including inclusive ancestor of
+ // parent, then"
+ // "...Append to an event path with event, parent, null,
+ // relatedTarget, " and slot-in-closed-tree."
+ aVisitor.mRetargetedRelatedTarget = retargetedRelatedTarget;
+ } else if (this == retargetedRelatedTarget) {
+ // Step 11.5
+ // "Otherwise, if parent and relatedTarget are identical, then set
+ // parent to null."
+ aVisitor.IgnoreCurrentTargetBecauseOfShadowDOMRetargeting();
+ // Old code relies on mTarget to point to the first element which
+ // was not added to the event target chain because of mCanHandle
+ // being false, but in Shadow DOM case mTarget really should
+ // point to a node in Shadow DOM.
+ aVisitor.mEvent->mTarget = aVisitor.mTargetInKnownToBeHandledScope;
+ return;
+ } else if (targetInKnownToBeHandledScope) {
+ // Note, if targetInKnownToBeHandledScope is null,
+ // mTargetInKnownToBeHandledScope could be Window object in content
+ // page and we're in chrome document in the same process.
+
+ // Step 11.6
+ aVisitor.mRetargetedRelatedTarget = retargetedRelatedTarget;
+ }
+ }
+ }
+ }
+
+ if (aVisitor.mEvent->mClass == eTouchEventClass) {
+ // Retarget touch objects.
+ MOZ_ASSERT(!aVisitor.mRetargetedTouchTargets.isSome());
+ aVisitor.mRetargetedTouchTargets.emplace();
+ WidgetTouchEvent* touchEvent = aVisitor.mEvent->AsTouchEvent();
+ WidgetTouchEvent::TouchArray& touches = touchEvent->mTouches;
+ for (uint32_t i = 0; i < touches.Length(); ++i) {
+ Touch* touch = touches[i];
+ EventTarget* originalTarget = touch->mOriginalTarget;
+ EventTarget* touchTarget = originalTarget;
+ nsCOMPtr<nsINode> targetAsNode =
+ nsINode::FromEventTargetOrNull(originalTarget);
+ if (targetAsNode) {
+ EventTarget* retargeted =
+ nsContentUtils::Retarget(targetAsNode, this);
+ if (retargeted) {
+ touchTarget = retargeted;
+ }
+ }
+ aVisitor.mRetargetedTouchTargets->AppendElement(touchTarget);
+ touch->mTarget = touchTarget;
+ }
+ MOZ_ASSERT(aVisitor.mRetargetedTouchTargets->Length() ==
+ touches.Length());
+ }
+ }
+
+ if (slot) {
+ // Inform that we're about to exit the current scope.
+ aVisitor.mRelatedTargetRetargetedInCurrentScope = false;
+ }
+}
+
+Element* nsIContent::GetAutofocusDelegate(bool aWithMouse) const {
+ for (nsINode* node = GetFirstChild(); node; node = node->GetNextNode(this)) {
+ auto* descendant = Element::FromNode(*node);
+ if (!descendant || !descendant->GetBoolAttr(nsGkAtoms::autofocus)) {
+ continue;
+ }
+
+ nsIFrame* frame = descendant->GetPrimaryFrame();
+ if (frame && frame->IsFocusable(aWithMouse)) {
+ return descendant;
+ }
+ }
+ return nullptr;
+}
+
+Element* nsIContent::GetFocusDelegate(bool aWithMouse) const {
+ const nsIContent* whereToLook = this;
+ if (ShadowRoot* root = GetShadowRoot()) {
+ if (!root->DelegatesFocus()) {
+ // 1. If focusTarget is a shadow host and its shadow root 's delegates
+ // focus is false, then return null.
+ return nullptr;
+ }
+ whereToLook = root;
+ }
+
+ auto IsFocusable = [&](Element* aElement) -> Focusable {
+ nsIFrame* frame = aElement->GetPrimaryFrame();
+
+ if (!frame) {
+ return {};
+ }
+
+ return frame->IsFocusable(aWithMouse);
+ };
+
+ Element* potentialFocus = nullptr;
+ for (nsINode* node = whereToLook->GetFirstChild(); node;
+ node = node->GetNextNode(whereToLook)) {
+ auto* el = Element::FromNode(*node);
+ if (!el) {
+ continue;
+ }
+
+ const bool autofocus = el->GetBoolAttr(nsGkAtoms::autofocus);
+
+ if (autofocus) {
+ if (IsFocusable(el)) {
+ // Found an autofocus candidate.
+ return el;
+ }
+ } else if (!potentialFocus) {
+ if (Focusable focusable = IsFocusable(el)) {
+ if (IsHTMLElement(nsGkAtoms::dialog)) {
+ if (focusable.mTabIndex >= 0) {
+ // If focusTarget is a dialog element and descendant is sequentially
+ // focusable, then set focusableArea to descendant.
+ potentialFocus = el;
+ }
+ } else {
+ // This element could be the one if we can't find an
+ // autofocus candidate which has the precedence.
+ potentialFocus = el;
+ }
+ }
+ }
+
+ if (!autofocus && potentialFocus) {
+ // Nothing else to do, we are not looking for more focusable elements
+ // here.
+ continue;
+ }
+
+ if (auto* shadow = el->GetShadowRoot()) {
+ if (shadow->DelegatesFocus()) {
+ if (Element* delegatedFocus = shadow->GetFocusDelegate(aWithMouse)) {
+ if (autofocus) {
+ // This element has autofocus and we found an focus delegates
+ // in its descendants, so use the focus delegates
+ return delegatedFocus;
+ }
+ if (!potentialFocus) {
+ potentialFocus = delegatedFocus;
+ }
+ }
+ }
+ }
+ }
+
+ return potentialFocus;
+}
+
+Focusable nsIContent::IsFocusableWithoutStyle(bool aWithMouse) {
+ // Default, not tabbable
+ return {};
+}
+
+void nsIContent::SetAssignedSlot(HTMLSlotElement* aSlot) {
+ MOZ_ASSERT(aSlot || GetExistingExtendedContentSlots());
+ ExtendedContentSlots()->mAssignedSlot = aSlot;
+}
+
+#ifdef MOZ_DOM_LIST
+void nsIContent::Dump() { List(); }
+#endif
+
+void FragmentOrElement::GetTextContentInternal(nsAString& aTextContent,
+ OOMReporter& aError) {
+ if (!nsContentUtils::GetNodeTextContent(this, true, aTextContent, fallible)) {
+ aError.ReportOOM();
+ }
+}
+
+void FragmentOrElement::SetTextContentInternal(const nsAString& aTextContent,
+ nsIPrincipal* aSubjectPrincipal,
+ ErrorResult& aError) {
+ bool tryReuse = false;
+ if (!aTextContent.IsEmpty()) {
+ if (nsIContent* firstChild = GetFirstChild()) {
+ tryReuse = firstChild->NodeType() == TEXT_NODE &&
+ !firstChild->GetNextSibling() &&
+ firstChild->OwnedOnlyByTheDOMAndFrameTrees() &&
+#ifdef ACCESSIBILITY
+ !GetAccService() &&
+#endif
+ !OwnerDoc()->MayHaveDOMMutationObservers() &&
+ !nsContentUtils::HasMutationListeners(
+ OwnerDoc(), NS_EVENT_BITS_MUTATION_ALL);
+ }
+ }
+
+ aError = nsContentUtils::SetNodeTextContent(this, aTextContent, tryReuse);
+}
+
+void FragmentOrElement::DestroyContent() {
+ // Drop any servo data. We do this before the RemovedFromDocument call below
+ // so that it doesn't need to try to keep the style state sane when shuffling
+ // around the flattened tree.
+ //
+ // TODO(emilio): I suspect this can be asserted against instead, with a bit of
+ // effort to avoid calling Document::Destroy with a shell...
+ if (IsElement()) {
+ AsElement()->ClearServoData();
+ }
+
+#ifdef DEBUG
+ uint32_t oldChildCount = GetChildCount();
+#endif
+
+ for (nsIContent* child = GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ child->DestroyContent();
+ MOZ_ASSERT(child->GetParent() == this,
+ "Mutating the tree during XBL destructors is evil");
+ }
+
+ MOZ_ASSERT(oldChildCount == GetChildCount(),
+ "Mutating the tree during XBL destructors is evil");
+
+ if (ShadowRoot* shadowRoot = GetShadowRoot()) {
+ shadowRoot->DestroyContent();
+ }
+}
+
+void FragmentOrElement::SaveSubtreeState() {
+ for (nsIContent* child = GetFirstChild(); child;
+ child = child->GetNextSibling()) {
+ child->SaveSubtreeState();
+ }
+
+ // FIXME(bug 1469277): Pretty sure this wants to dig into shadow trees as
+ // well.
+}
+
+//----------------------------------------------------------------------
+
+// Generic DOMNode implementations
+
+void FragmentOrElement::FireNodeInserted(
+ Document* aDoc, nsINode* aParent,
+ const nsTArray<nsCOMPtr<nsIContent>>& aNodes) {
+ for (const nsCOMPtr<nsIContent>& childContent : aNodes) {
+ if (nsContentUtils::HasMutationListeners(
+ childContent, NS_EVENT_BITS_MUTATION_NODEINSERTED, aParent)) {
+ InternalMutationEvent mutation(true, eLegacyNodeInserted);
+ mutation.mRelatedNode = aParent;
+
+ mozAutoSubtreeModified subtree(aDoc, aParent);
+ AsyncEventDispatcher::RunDOMEventWhenSafe(*childContent, mutation);
+ }
+ }
+}
+
+//----------------------------------------------------------------------
+
+// nsISupports implementation
+
+#define SUBTREE_UNBINDINGS_PER_RUNNABLE 500
+
+class ContentUnbinder : public Runnable {
+ public:
+ ContentUnbinder() : Runnable("ContentUnbinder") { mLast = this; }
+
+ ~ContentUnbinder() { Run(); }
+
+ void UnbindSubtree(nsIContent* aNode) {
+ if (aNode->NodeType() != nsINode::ELEMENT_NODE &&
+ aNode->NodeType() != nsINode::DOCUMENT_FRAGMENT_NODE) {
+ return;
+ }
+ FragmentOrElement* container = static_cast<FragmentOrElement*>(aNode);
+ if (container->HasChildren()) {
+ // Invalidate cached array of child nodes
+ container->InvalidateChildNodes();
+
+ while (container->HasChildren()) {
+ // Hold a strong ref to the node when we remove it, because we may be
+ // the last reference to it. We need to call DisconnectChild()
+ // before calling UnbindFromTree, since this last can notify various
+ // observers and they should really see consistent
+ // tree state.
+ // If this code changes, change the corresponding code in
+ // FragmentOrElement's and Document's unlink impls.
+ nsCOMPtr<nsIContent> child = container->GetLastChild();
+ container->DisconnectChild(child);
+ UnbindSubtree(child);
+ child->UnbindFromTree();
+ }
+ }
+ }
+
+ NS_IMETHOD Run() override {
+ nsAutoScriptBlocker scriptBlocker;
+ uint32_t len = mSubtreeRoots.Length();
+ if (len) {
+ for (uint32_t i = 0; i < len; ++i) {
+ UnbindSubtree(mSubtreeRoots[i]);
+ }
+ mSubtreeRoots.Clear();
+ }
+ nsCycleCollector_dispatchDeferredDeletion();
+ if (this == sContentUnbinder) {
+ sContentUnbinder = nullptr;
+ if (mNext) {
+ RefPtr<ContentUnbinder> next;
+ next.swap(mNext);
+ sContentUnbinder = next;
+ next->mLast = mLast;
+ mLast = nullptr;
+ NS_DispatchToCurrentThreadQueue(next.forget(),
+ EventQueuePriority::Idle);
+ }
+ }
+ return NS_OK;
+ }
+
+ static void UnbindAll() {
+ RefPtr<ContentUnbinder> ub = sContentUnbinder;
+ sContentUnbinder = nullptr;
+ while (ub) {
+ ub->Run();
+ ub = ub->mNext;
+ }
+ }
+
+ static void Append(nsIContent* aSubtreeRoot) {
+ if (!sContentUnbinder) {
+ sContentUnbinder = new ContentUnbinder();
+ nsCOMPtr<nsIRunnable> e = sContentUnbinder;
+ NS_DispatchToCurrentThreadQueue(e.forget(), EventQueuePriority::Idle);
+ }
+
+ if (sContentUnbinder->mLast->mSubtreeRoots.Length() >=
+ SUBTREE_UNBINDINGS_PER_RUNNABLE) {
+ sContentUnbinder->mLast->mNext = new ContentUnbinder();
+ sContentUnbinder->mLast = sContentUnbinder->mLast->mNext;
+ }
+ sContentUnbinder->mLast->mSubtreeRoots.AppendElement(aSubtreeRoot);
+ }
+
+ private:
+ AutoTArray<nsCOMPtr<nsIContent>, SUBTREE_UNBINDINGS_PER_RUNNABLE>
+ mSubtreeRoots;
+ RefPtr<ContentUnbinder> mNext;
+ ContentUnbinder* mLast;
+ static ContentUnbinder* sContentUnbinder;
+};
+
+ContentUnbinder* ContentUnbinder::sContentUnbinder = nullptr;
+
+void FragmentOrElement::ClearContentUnbinder() { ContentUnbinder::UnbindAll(); }
+
+// Note, _INHERITED macro isn't used here since nsINode implementations are
+// rather special.
+NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE_CLASS(FragmentOrElement)
+
+// We purposefully don't UNLINK_BEGIN_INHERITED here.
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(FragmentOrElement)
+ nsIContent::Unlink(tmp);
+
+ if (tmp->HasProperties()) {
+ if (tmp->IsElement()) {
+ Element* elem = tmp->AsElement();
+ elem->UnlinkIntersectionObservers();
+ }
+
+ if (tmp->IsHTMLElement() || tmp->IsSVGElement()) {
+ nsStaticAtom* const* props =
+ Element::HTMLSVGPropertiesToTraverseAndUnlink();
+ for (uint32_t i = 0; props[i]; ++i) {
+ tmp->RemoveProperty(props[i]);
+ }
+ }
+ }
+
+ // Unlink child content (and unbind our subtree).
+ if (tmp->UnoptimizableCCNode() || !nsCCUncollectableMarker::sGeneration) {
+ // Don't allow script to run while we're unbinding everything.
+ nsAutoScriptBlocker scriptBlocker;
+ while (tmp->HasChildren()) {
+ // Hold a strong ref to the node when we remove it, because we may be
+ // the last reference to it.
+ // If this code changes, change the corresponding code in Document's
+ // unlink impl and ContentUnbinder::UnbindSubtree.
+ nsCOMPtr<nsIContent> child = tmp->GetLastChild();
+ tmp->DisconnectChild(child);
+ child->UnbindFromTree();
+ }
+ } else if (!tmp->GetParent() && tmp->HasChildren()) {
+ ContentUnbinder::Append(tmp);
+ } /* else {
+ The subtree root will end up to a ContentUnbinder, and that will
+ unbind the child nodes.
+ } */
+
+ if (ShadowRoot* shadowRoot = tmp->GetShadowRoot()) {
+ shadowRoot->Unbind();
+ tmp->ExtendedDOMSlots()->mShadowRoot = nullptr;
+ }
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+void FragmentOrElement::MarkNodeChildren(nsINode* aNode) {
+ JSObject* o = GetJSObjectChild(aNode);
+ if (o) {
+ JS::ExposeObjectToActiveJS(o);
+ }
+
+ EventListenerManager* elm = aNode->GetExistingListenerManager();
+ if (elm) {
+ elm->MarkForCC();
+ }
+}
+
+nsINode* FindOptimizableSubtreeRoot(nsINode* aNode) {
+ nsINode* p;
+ while ((p = aNode->GetParentNode())) {
+ if (aNode->UnoptimizableCCNode()) {
+ return nullptr;
+ }
+ aNode = p;
+ }
+
+ if (aNode->UnoptimizableCCNode()) {
+ return nullptr;
+ }
+ return aNode;
+}
+
+StaticAutoPtr<nsTHashSet<nsINode*>> gCCBlackMarkedNodes;
+
+static void ClearBlackMarkedNodes() {
+ if (!gCCBlackMarkedNodes) {
+ return;
+ }
+ for (nsINode* n : *gCCBlackMarkedNodes) {
+ n->SetCCMarkedRoot(false);
+ n->SetInCCBlackTree(false);
+ }
+ gCCBlackMarkedNodes = nullptr;
+}
+
+// static
+void FragmentOrElement::RemoveBlackMarkedNode(nsINode* aNode) {
+ if (!gCCBlackMarkedNodes) {
+ return;
+ }
+ gCCBlackMarkedNodes->Remove(aNode);
+}
+
+static bool IsCertainlyAliveNode(nsINode* aNode, Document* aDoc) {
+ MOZ_ASSERT(aNode->GetComposedDoc() == aDoc);
+
+ // Marked to be in-CC-generation or if the document is an svg image that's
+ // being kept alive by the image cache. (Note that an svg image's internal
+ // SVG document will receive an OnPageHide() call when it gets purged from
+ // the image cache; hence, we use IsVisible() as a hint that the document is
+ // actively being kept alive by the cache.)
+ return nsCCUncollectableMarker::InGeneration(aDoc->GetMarkedCCGeneration()) ||
+ (nsCCUncollectableMarker::sGeneration && aDoc->IsBeingUsedAsImage() &&
+ aDoc->IsVisible());
+}
+
+// static
+bool FragmentOrElement::CanSkipInCC(nsINode* aNode) {
+ // Don't try to optimize anything during shutdown.
+ if (nsCCUncollectableMarker::sGeneration == 0) {
+ return false;
+ }
+
+ Document* currentDoc = aNode->GetComposedDoc();
+ if (currentDoc && IsCertainlyAliveNode(aNode, currentDoc)) {
+ return !NeedsScriptTraverse(aNode);
+ }
+
+ // Bail out early if aNode is somewhere in anonymous content,
+ // or otherwise unusual.
+ if (aNode->UnoptimizableCCNode()) {
+ return false;
+ }
+
+ nsINode* root = currentDoc ? static_cast<nsINode*>(currentDoc)
+ : FindOptimizableSubtreeRoot(aNode);
+ if (!root) {
+ return false;
+ }
+
+ // Subtree has been traversed already.
+ if (root->CCMarkedRoot()) {
+ return root->InCCBlackTree() && !NeedsScriptTraverse(aNode);
+ }
+
+ if (!gCCBlackMarkedNodes) {
+ gCCBlackMarkedNodes = new nsTHashSet<nsINode*>(1020);
+ }
+
+ // nodesToUnpurple contains nodes which will be removed
+ // from the purple buffer if the DOM tree is known-live.
+ AutoTArray<nsIContent*, 1020> nodesToUnpurple;
+ // grayNodes need script traverse, so they aren't removed from
+ // the purple buffer, but are marked to be in known-live subtree so that
+ // traverse is faster.
+ AutoTArray<nsINode*, 1020> grayNodes;
+
+ bool foundLiveWrapper = root->HasKnownLiveWrapper();
+ if (root != currentDoc) {
+ currentDoc = nullptr;
+ if (NeedsScriptTraverse(root)) {
+ grayNodes.AppendElement(root);
+ } else if (static_cast<nsIContent*>(root)->IsPurple()) {
+ nodesToUnpurple.AppendElement(static_cast<nsIContent*>(root));
+ }
+ }
+
+ // Traverse the subtree and check if we could know without CC
+ // that it is known-live.
+ // Note, this traverse is non-virtual and inline, so it should be a lot faster
+ // than CC's generic traverse.
+ for (nsIContent* node = root->GetFirstChild(); node;
+ node = node->GetNextNode(root)) {
+ foundLiveWrapper = foundLiveWrapper || node->HasKnownLiveWrapper();
+ if (foundLiveWrapper && currentDoc) {
+ // If we can mark the whole document known-live, no need to optimize
+ // so much, since when the next purple node in the document will be
+ // handled, it is fast to check that currentDoc is in CCGeneration.
+ break;
+ }
+ if (NeedsScriptTraverse(node)) {
+ // Gray nodes need real CC traverse.
+ grayNodes.AppendElement(node);
+ } else if (node->IsPurple()) {
+ nodesToUnpurple.AppendElement(node);
+ }
+ }
+
+ root->SetCCMarkedRoot(true);
+ root->SetInCCBlackTree(foundLiveWrapper);
+ gCCBlackMarkedNodes->Insert(root);
+
+ if (!foundLiveWrapper) {
+ return false;
+ }
+
+ if (currentDoc) {
+ // Special case documents. If we know the document is known-live,
+ // we can mark the document to be in CCGeneration.
+ currentDoc->MarkUncollectableForCCGeneration(
+ nsCCUncollectableMarker::sGeneration);
+ } else {
+ for (uint32_t i = 0; i < grayNodes.Length(); ++i) {
+ nsINode* node = grayNodes[i];
+ node->SetInCCBlackTree(true);
+ gCCBlackMarkedNodes->Insert(node);
+ }
+ }
+
+ // Subtree is known-live, we can remove non-gray purple nodes from
+ // purple buffer.
+ for (uint32_t i = 0; i < nodesToUnpurple.Length(); ++i) {
+ nsIContent* purple = nodesToUnpurple[i];
+ // Can't remove currently handled purple node.
+ if (purple != aNode) {
+ purple->RemovePurple();
+ }
+ }
+ return !NeedsScriptTraverse(aNode);
+}
+
+AutoTArray<nsINode*, 1020>* gPurpleRoots = nullptr;
+AutoTArray<nsIContent*, 1020>* gNodesToUnbind = nullptr;
+
+void ClearCycleCollectorCleanupData() {
+ if (gPurpleRoots) {
+ uint32_t len = gPurpleRoots->Length();
+ for (uint32_t i = 0; i < len; ++i) {
+ nsINode* n = gPurpleRoots->ElementAt(i);
+ n->SetIsPurpleRoot(false);
+ }
+ delete gPurpleRoots;
+ gPurpleRoots = nullptr;
+ }
+ if (gNodesToUnbind) {
+ uint32_t len = gNodesToUnbind->Length();
+ for (uint32_t i = 0; i < len; ++i) {
+ nsIContent* c = gNodesToUnbind->ElementAt(i);
+ c->SetIsPurpleRoot(false);
+ ContentUnbinder::Append(c);
+ }
+ delete gNodesToUnbind;
+ gNodesToUnbind = nullptr;
+ }
+}
+
+static bool ShouldClearPurple(nsIContent* aContent) {
+ MOZ_ASSERT(aContent);
+ if (aContent->IsPurple()) {
+ return true;
+ }
+
+ JSObject* o = GetJSObjectChild(aContent);
+ if (o && JS::ObjectIsMarkedGray(o)) {
+ return true;
+ }
+
+ if (aContent->HasListenerManager()) {
+ return true;
+ }
+
+ return aContent->HasProperties();
+}
+
+// If aNode is not optimizable, but is an element
+// with a frame in a document which has currently active presshell,
+// we can act as if it was optimizable. When the primary frame dies, aNode
+// will end up to the purple buffer because of the refcount change.
+bool NodeHasActiveFrame(Document* aCurrentDoc, nsINode* aNode) {
+ return aCurrentDoc->GetPresShell() && aNode->IsElement() &&
+ aNode->AsElement()->GetPrimaryFrame();
+}
+
+// CanSkip checks if aNode is known-live, and if it is, returns true. If aNode
+// is in a known-live DOM tree, CanSkip may also remove other objects from
+// purple buffer and unmark event listeners and user data. If the root of the
+// DOM tree is a document, less optimizations are done since checking the
+// liveness of the current document is usually fast and we don't want slow down
+// such common cases.
+bool FragmentOrElement::CanSkip(nsINode* aNode, bool aRemovingAllowed) {
+ // Don't try to optimize anything during shutdown.
+ if (nsCCUncollectableMarker::sGeneration == 0) {
+ return false;
+ }
+
+ bool unoptimizable = aNode->UnoptimizableCCNode();
+ Document* currentDoc = aNode->GetComposedDoc();
+ if (currentDoc && IsCertainlyAliveNode(aNode, currentDoc) &&
+ (!unoptimizable || NodeHasActiveFrame(currentDoc, aNode))) {
+ MarkNodeChildren(aNode);
+ return true;
+ }
+
+ if (unoptimizable) {
+ return false;
+ }
+
+ nsINode* root = currentDoc ? static_cast<nsINode*>(currentDoc)
+ : FindOptimizableSubtreeRoot(aNode);
+ if (!root) {
+ return false;
+ }
+
+ // Subtree has been traversed already, and aNode has
+ // been handled in a way that doesn't require revisiting it.
+ if (root->IsPurpleRoot()) {
+ return false;
+ }
+
+ // nodesToClear contains nodes which are either purple or
+ // gray.
+ AutoTArray<nsIContent*, 1020> nodesToClear;
+
+ bool foundLiveWrapper = root->HasKnownLiveWrapper();
+ bool domOnlyCycle = false;
+ if (root != currentDoc) {
+ currentDoc = nullptr;
+ if (!foundLiveWrapper) {
+ domOnlyCycle = static_cast<nsIContent*>(root)->OwnedOnlyByTheDOMTree();
+ }
+ if (ShouldClearPurple(static_cast<nsIContent*>(root))) {
+ nodesToClear.AppendElement(static_cast<nsIContent*>(root));
+ }
+ }
+
+ // Traverse the subtree and check if we could know without CC
+ // that it is known-live.
+ // Note, this traverse is non-virtual and inline, so it should be a lot faster
+ // than CC's generic traverse.
+ for (nsIContent* node = root->GetFirstChild(); node;
+ node = node->GetNextNode(root)) {
+ foundLiveWrapper = foundLiveWrapper || node->HasKnownLiveWrapper();
+ if (foundLiveWrapper) {
+ domOnlyCycle = false;
+ if (currentDoc) {
+ // If we can mark the whole document live, no need to optimize
+ // so much, since when the next purple node in the document will be
+ // handled, it is fast to check that the currentDoc is in CCGeneration.
+ break;
+ }
+ // No need to put stuff to the nodesToClear array, if we can clear it
+ // already here.
+ if (node->IsPurple() && (node != aNode || aRemovingAllowed)) {
+ node->RemovePurple();
+ }
+ MarkNodeChildren(node);
+ } else {
+ domOnlyCycle = domOnlyCycle && node->OwnedOnlyByTheDOMTree();
+ if (ShouldClearPurple(node)) {
+ // Collect interesting nodes which we can clear if we find that
+ // they are kept alive in a known-live tree or are in a DOM-only cycle.
+ nodesToClear.AppendElement(node);
+ }
+ }
+ }
+
+ if (!currentDoc || !foundLiveWrapper) {
+ root->SetIsPurpleRoot(true);
+ if (domOnlyCycle) {
+ if (!gNodesToUnbind) {
+ gNodesToUnbind = new AutoTArray<nsIContent*, 1020>();
+ }
+ gNodesToUnbind->AppendElement(static_cast<nsIContent*>(root));
+ for (uint32_t i = 0; i < nodesToClear.Length(); ++i) {
+ nsIContent* n = nodesToClear[i];
+ if ((n != aNode || aRemovingAllowed) && n->IsPurple()) {
+ n->RemovePurple();
+ }
+ }
+ return true;
+ } else {
+ if (!gPurpleRoots) {
+ gPurpleRoots = new AutoTArray<nsINode*, 1020>();
+ }
+ gPurpleRoots->AppendElement(root);
+ }
+ }
+
+ if (!foundLiveWrapper) {
+ return false;
+ }
+
+ if (currentDoc) {
+ // Special case documents. If we know the document is known-live,
+ // we can mark the document to be in CCGeneration.
+ currentDoc->MarkUncollectableForCCGeneration(
+ nsCCUncollectableMarker::sGeneration);
+ MarkNodeChildren(currentDoc);
+ }
+
+ // Subtree is known-live, so we can remove purple nodes from
+ // purple buffer and mark stuff that to be certainly alive.
+ for (uint32_t i = 0; i < nodesToClear.Length(); ++i) {
+ nsIContent* n = nodesToClear[i];
+ MarkNodeChildren(n);
+ // Can't remove currently handled purple node,
+ // unless aRemovingAllowed is true.
+ if ((n != aNode || aRemovingAllowed) && n->IsPurple()) {
+ n->RemovePurple();
+ }
+ }
+ return true;
+}
+
+bool FragmentOrElement::CanSkipThis(nsINode* aNode) {
+ if (nsCCUncollectableMarker::sGeneration == 0) {
+ return false;
+ }
+ if (aNode->HasKnownLiveWrapper()) {
+ return true;
+ }
+ Document* c = aNode->GetComposedDoc();
+ return ((c && IsCertainlyAliveNode(aNode, c)) || aNode->InCCBlackTree()) &&
+ !NeedsScriptTraverse(aNode);
+}
+
+void FragmentOrElement::InitCCCallbacks() {
+ nsCycleCollector_setForgetSkippableCallback(ClearCycleCollectorCleanupData);
+ nsCycleCollector_setBeforeUnlinkCallback(ClearBlackMarkedNodes);
+}
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_BEGIN(FragmentOrElement)
+ return FragmentOrElement::CanSkip(tmp, aRemovingAllowed);
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_BEGIN(FragmentOrElement)
+ return FragmentOrElement::CanSkipInCC(tmp);
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_IN_CC_END
+
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_BEGIN(FragmentOrElement)
+ return FragmentOrElement::CanSkipThis(tmp);
+NS_IMPL_CYCLE_COLLECTION_CAN_SKIP_THIS_END
+
+// We purposefully don't TRAVERSE_BEGIN_INHERITED here. All the bits
+// we should traverse should be added here or in nsINode::Traverse.
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INTERNAL(FragmentOrElement)
+ if (MOZ_UNLIKELY(cb.WantDebugInfo())) {
+ char name[512];
+ uint32_t nsid = tmp->GetNameSpaceID();
+ nsAtomCString localName(tmp->NodeInfo()->NameAtom());
+ nsAutoCString uri;
+ if (tmp->OwnerDoc()->GetDocumentURI()) {
+ uri = tmp->OwnerDoc()->GetDocumentURI()->GetSpecOrDefault();
+ }
+
+ nsAutoString id;
+ nsAtom* idAtom = tmp->GetID();
+ if (idAtom) {
+ id.AppendLiteral(" id='");
+ id.Append(nsDependentAtomString(idAtom));
+ id.Append('\'');
+ }
+
+ nsAutoString classes;
+ const nsAttrValue* classAttrValue =
+ tmp->IsElement() ? tmp->AsElement()->GetClasses() : nullptr;
+ if (classAttrValue) {
+ classes.AppendLiteral(" class='");
+ nsAutoString classString;
+ classAttrValue->ToString(classString);
+ classString.ReplaceChar(char16_t('\n'), char16_t(' '));
+ classes.Append(classString);
+ classes.Append('\'');
+ }
+
+ nsAutoCString orphan;
+ if (!tmp->IsInComposedDoc()) {
+ orphan.AppendLiteral(" (orphan)");
+ }
+
+ const char* nsuri = nsNameSpaceManager::GetNameSpaceDisplayName(nsid);
+ SprintfLiteral(name, "FragmentOrElement %s %s%s%s%s %s", nsuri,
+ localName.get(), NS_ConvertUTF16toUTF8(id).get(),
+ NS_ConvertUTF16toUTF8(classes).get(), orphan.get(),
+ uri.get());
+ cb.DescribeRefCountedNode(tmp->mRefCnt.get(), name);
+ } else {
+ NS_IMPL_CYCLE_COLLECTION_DESCRIBE(FragmentOrElement, tmp->mRefCnt.get())
+ }
+
+ if (!nsIContent::Traverse(tmp, cb)) {
+ return NS_SUCCESS_INTERRUPTED_TRAVERSE;
+ }
+
+ if (tmp->HasProperties()) {
+ if (tmp->IsElement()) {
+ Element* elem = tmp->AsElement();
+ IntersectionObserverList* observers =
+ static_cast<IntersectionObserverList*>(
+ elem->GetProperty(nsGkAtoms::intersectionobserverlist));
+ if (observers) {
+ for (DOMIntersectionObserver* observer : observers->Keys()) {
+ cb.NoteXPCOMChild(observer);
+ }
+ }
+ }
+ if (tmp->IsHTMLElement() || tmp->IsSVGElement()) {
+ nsStaticAtom* const* props =
+ Element::HTMLSVGPropertiesToTraverseAndUnlink();
+ for (uint32_t i = 0; props[i]; ++i) {
+ nsISupports* property =
+ static_cast<nsISupports*>(tmp->GetProperty(props[i]));
+ cb.NoteXPCOMChild(property);
+ }
+ }
+ }
+ if (tmp->IsElement()) {
+ Element* element = tmp->AsElement();
+ // Traverse attribute names.
+ uint32_t i;
+ uint32_t attrs = element->GetAttrCount();
+ for (i = 0; i < attrs; i++) {
+ const nsAttrName* name = element->GetUnsafeAttrNameAt(i);
+ if (!name->IsAtom()) {
+ NS_CYCLE_COLLECTION_NOTE_EDGE_NAME(cb, "mAttrs[i]->NodeInfo()");
+ cb.NoteNativeChild(name->NodeInfo(),
+ NS_CYCLE_COLLECTION_PARTICIPANT(NodeInfo));
+ }
+ }
+ }
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+
+NS_INTERFACE_MAP_BEGIN(FragmentOrElement)
+ NS_INTERFACE_MAP_ENTRIES_CYCLE_COLLECTION(FragmentOrElement)
+NS_INTERFACE_MAP_END_INHERITING(nsIContent)
+
+//----------------------------------------------------------------------
+
+const nsTextFragment* FragmentOrElement::GetText() { return nullptr; }
+
+uint32_t FragmentOrElement::TextLength() const {
+ // We can remove this assertion if it turns out to be useful to be able
+ // to depend on this returning 0
+ MOZ_ASSERT_UNREACHABLE("called FragmentOrElement::TextLength");
+
+ return 0;
+}
+
+bool FragmentOrElement::TextIsOnlyWhitespace() { return false; }
+
+bool FragmentOrElement::ThreadSafeTextIsOnlyWhitespace() const { return false; }
+
+static inline bool IsVoidTag(nsAtom* aTag) {
+ static const nsAtom* voidElements[] = {
+ nsGkAtoms::area, nsGkAtoms::base, nsGkAtoms::basefont,
+ nsGkAtoms::bgsound, nsGkAtoms::br, nsGkAtoms::col,
+ nsGkAtoms::embed, nsGkAtoms::frame, nsGkAtoms::hr,
+ nsGkAtoms::img, nsGkAtoms::input, nsGkAtoms::keygen,
+ nsGkAtoms::link, nsGkAtoms::meta, nsGkAtoms::param,
+ nsGkAtoms::source, nsGkAtoms::track, nsGkAtoms::wbr};
+
+ static mozilla::BitBloomFilter<12, nsAtom> sFilter;
+ static bool sInitialized = false;
+ if (!sInitialized) {
+ sInitialized = true;
+ for (uint32_t i = 0; i < ArrayLength(voidElements); ++i) {
+ sFilter.add(voidElements[i]);
+ }
+ }
+
+ if (sFilter.mightContain(aTag)) {
+ for (uint32_t i = 0; i < ArrayLength(voidElements); ++i) {
+ if (aTag == voidElements[i]) {
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
+/* static */
+bool FragmentOrElement::IsHTMLVoid(nsAtom* aLocalName) {
+ return aLocalName && IsVoidTag(aLocalName);
+}
+
+void FragmentOrElement::GetMarkup(bool aIncludeSelf, nsAString& aMarkup) {
+ aMarkup.Truncate();
+
+ Document* doc = OwnerDoc();
+ if (IsInHTMLDocument()) {
+ nsContentUtils::SerializeNodeToMarkup(this, !aIncludeSelf, aMarkup);
+ return;
+ }
+
+ nsAutoString contentType;
+ doc->GetContentType(contentType);
+ bool tryToCacheEncoder = !aIncludeSelf;
+
+ nsCOMPtr<nsIDocumentEncoder> docEncoder = doc->GetCachedEncoder();
+ if (!docEncoder) {
+ docEncoder = do_createDocumentEncoder(
+ PromiseFlatCString(NS_ConvertUTF16toUTF8(contentType)).get());
+ }
+ if (!docEncoder) {
+ // This could be some type for which we create a synthetic document. Try
+ // again as XML
+ contentType.AssignLiteral("application/xml");
+ docEncoder = do_createDocumentEncoder("application/xml");
+ // Don't try to cache the encoder since it would point to a different
+ // contentType once it has been reinitialized.
+ tryToCacheEncoder = false;
+ }
+
+ NS_ENSURE_TRUE_VOID(docEncoder);
+
+ uint32_t flags = nsIDocumentEncoder::OutputEncodeBasicEntities |
+ // Output DOM-standard newlines
+ nsIDocumentEncoder::OutputLFLineBreak |
+ // Don't do linebreaking that's not present in
+ // the source
+ nsIDocumentEncoder::OutputRaw |
+ // Only check for mozdirty when necessary (bug 599983)
+ nsIDocumentEncoder::OutputIgnoreMozDirty;
+
+ if (IsEditable()) {
+ nsCOMPtr<Element> elem = do_QueryInterface(this);
+ TextEditor* textEditor = elem ? elem->GetTextEditorInternal() : nullptr;
+ if (textEditor && textEditor->OutputsMozDirty()) {
+ flags &= ~nsIDocumentEncoder::OutputIgnoreMozDirty;
+ }
+ }
+
+ DebugOnly<nsresult> rv = docEncoder->NativeInit(doc, contentType, flags);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+
+ if (aIncludeSelf) {
+ docEncoder->SetNode(this);
+ } else {
+ docEncoder->SetContainerNode(this);
+ }
+ rv = docEncoder->EncodeToString(aMarkup);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
+ if (tryToCacheEncoder) {
+ doc->SetCachedEncoder(docEncoder.forget());
+ }
+}
+
+static bool ContainsMarkup(const nsAString& aStr) {
+ // Note: we can't use FindCharInSet because null is one of the characters we
+ // want to search for.
+ const char16_t* start = aStr.BeginReading();
+ const char16_t* end = aStr.EndReading();
+
+ while (start != end) {
+ char16_t c = *start;
+ if (c == char16_t('<') || c == char16_t('&') || c == char16_t('\r') ||
+ c == char16_t('\0')) {
+ return true;
+ }
+ ++start;
+ }
+
+ return false;
+}
+
+void FragmentOrElement::SetInnerHTMLInternal(const nsAString& aInnerHTML,
+ ErrorResult& aError) {
+ // Keep "this" alive should be guaranteed by the caller, and also the content
+ // of a template element (if this is one) should never been released by from
+ // this during this call. Therefore, using raw pointer here is safe.
+ FragmentOrElement* target = this;
+ // Handle template case.
+ if (target->IsTemplateElement()) {
+ DocumentFragment* frag =
+ static_cast<HTMLTemplateElement*>(target)->Content();
+ MOZ_ASSERT(frag);
+ target = frag;
+ }
+ // Fast-path for strings with no markup. Limit this to short strings, to
+ // avoid ContainsMarkup taking too long. The choice for 100 is based on
+ // gut feeling.
+ //
+ // Don't do this for elements with a weird parser insertion mode, for
+ // instance setting innerHTML = "" on a <html> element should add the
+ // optional <head> and <body> elements.
+ if (!target->HasWeirdParserInsertionMode() && aInnerHTML.Length() < 100 &&
+ !ContainsMarkup(aInnerHTML)) {
+ aError = nsContentUtils::SetNodeTextContent(target, aInnerHTML, false);
+ return;
+ }
+
+ // mozAutoSubtreeModified keeps the owner document alive. Therefore, using a
+ // raw pointer here is safe.
+ Document* const doc = target->OwnerDoc();
+
+ // Batch possible DOMSubtreeModified events.
+ mozAutoSubtreeModified subtree(doc, nullptr);
+
+ target->FireNodeRemovedForChildren();
+
+ // Needed when innerHTML is used in combination with contenteditable
+ mozAutoDocUpdate updateBatch(doc, true);
+
+ // Remove childnodes.
+ nsAutoMutationBatch mb(target, true, false);
+ while (target->HasChildren()) {
+ target->RemoveChildNode(target->GetFirstChild(), true);
+ }
+ mb.RemovalDone();
+
+ nsAutoScriptLoaderDisabler sld(doc);
+
+ FragmentOrElement* parseContext = this;
+ if (ShadowRoot* shadowRoot = ShadowRoot::FromNode(this)) {
+ // Fix up the context to be the host of the ShadowRoot. See
+ // https://w3c.github.io/DOM-Parsing/#dom-innerhtml-innerhtml setter step 1.
+ parseContext = shadowRoot->GetHost();
+ }
+
+ if (doc->IsHTMLDocument()) {
+ nsAtom* contextLocalName = parseContext->NodeInfo()->NameAtom();
+ int32_t contextNameSpaceID = parseContext->GetNameSpaceID();
+
+ int32_t oldChildCount = target->GetChildCount();
+ aError = nsContentUtils::ParseFragmentHTML(
+ aInnerHTML, target, contextLocalName, contextNameSpaceID,
+ doc->GetCompatibilityMode() == eCompatibility_NavQuirks, true);
+ mb.NodesAdded();
+ // HTML5 parser has notified, but not fired mutation events.
+ nsContentUtils::FireMutationEventsForDirectParsing(doc, target,
+ oldChildCount);
+ } else {
+ RefPtr<DocumentFragment> df = nsContentUtils::CreateContextualFragment(
+ parseContext, aInnerHTML, true, aError);
+ if (!aError.Failed()) {
+ // Suppress assertion about node removal mutation events that can't have
+ // listeners anyway, because no one has had the chance to register
+ // mutation listeners on the fragment that comes from the parser.
+ nsAutoScriptBlockerSuppressNodeRemoved scriptBlocker;
+
+ target->AppendChild(*df, aError);
+ mb.NodesAdded();
+ }
+ }
+}
+
+void FragmentOrElement::AddSizeOfExcludingThis(nsWindowSizes& aSizes,
+ size_t* aNodeSize) const {
+ nsIContent::AddSizeOfExcludingThis(aSizes, aNodeSize);
+
+ nsDOMSlots* slots = GetExistingDOMSlots();
+ if (slots) {
+ *aNodeSize += slots->SizeOfIncludingThis(aSizes.mState.mMallocSizeOf);
+ }
+}