7 files changed, 41 insertions, 69 deletions

diff --git a/js/xpconnect/src/Sandbox.cpp b/js/xpconnect/src/Sandbox.cpp
index 77dbf2d02e..3e931320a9 100644
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -50,6 +50,7 @@
 #include "mozilla/dom/DOMParserBinding.h"
 #include "mozilla/dom/DOMTokenListBinding.h"
 #include "mozilla/dom/ElementBinding.h"
+#include "mozilla/dom/ElementInternalsBinding.h"
 #include "mozilla/dom/EventBinding.h"
 #include "mozilla/dom/Exceptions.h"
 #include "mozilla/dom/IndexedDatabaseManager.h"
@@ -901,6 +902,8 @@ bool xpc::GlobalProperties::Parse(JSContext* cx, JS::HandleObject obj) {
       CSS = true;
     } else if (JS_LinearStringEqualsLiteral(nameStr, "CSSRule")) {
       CSSRule = true;
+    } else if (JS_LinearStringEqualsLiteral(nameStr, "CustomStateSet")) {
+      CustomStateSet = true;
     } else if (JS_LinearStringEqualsLiteral(nameStr, "Document")) {
       Document = true;
     } else if (JS_LinearStringEqualsLiteral(nameStr, "Directory")) {
@@ -1027,6 +1030,11 @@ bool xpc::GlobalProperties::Define(JSContext* cx, JS::HandleObject obj) {
     return false;
   }
 
+  if (CustomStateSet &&
+      !dom::CustomStateSet_Binding::GetConstructorObject(cx)) {
+    return false;
+  }
+
   if (Directory && !dom::Directory_Binding::GetConstructorObject(cx))
     return false;
 
diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
index 9fa4e629aa..25feaf851c 100644
--- a/js/xpconnect/src/XPCComponents.cpp
+++ b/js/xpconnect/src/XPCComponents.cpp
@@ -1777,7 +1777,7 @@ nsXPCComponents_Utils::GetFunctionSourceLocation(HandleValue funcValue,
     NS_ENSURE_TRUE(func, NS_ERROR_INVALID_ARG);
 
     RootedScript script(cx, JS_GetFunctionScript(cx, func));
-    NS_ENSURE_TRUE(func, NS_ERROR_FAILURE);
+    NS_ENSURE_TRUE(script, NS_ERROR_FAILURE);
 
     AppendUTF8toUTF16(nsDependentCString(JS_GetScriptFilename(script)),
                       filename);
diff --git a/js/xpconnect/src/XPCConvert.cpp b/js/xpconnect/src/XPCConvert.cpp
index 560ac375d7..c11e4ccdfb 100644
--- a/js/xpconnect/src/XPCConvert.cpp
+++ b/js/xpconnect/src/XPCConvert.cpp
@@ -250,27 +250,18 @@ bool XPCConvert::NativeData2JS(JSContext* cx, MutableHandleValue d,
       // almost always ASCII, so the inexact allocations below
       // should be fine.
 
-      if (IsUtf8Latin1(*utf8String)) {
-        using UniqueLatin1Chars =
-            js::UniquePtr<JS::Latin1Char[], JS::FreePolicy>;
-
-        UniqueLatin1Chars buffer(static_cast<JS::Latin1Char*>(
-            JS_string_malloc(cx, allocLen.value())));
-        if (!buffer) {
+      // Is the string buffer is already valid latin1 (i.e. it is ASCII).
+      //
+      // NOTE: XPCStringConvert::UTF8ToJSVal cannot be used here because
+      //       it requires valid UTF-8 sequence.
+      if (mozilla::IsAscii(*utf8String)) {
+        nsStringBuffer* buf;
+        if (!XPCStringConvert::Latin1ToJSVal(cx, *utf8String, &buf, d)) {
           return false;
         }
-
-        size_t written = LossyConvertUtf8toLatin1(
-            *utf8String, Span(reinterpret_cast<char*>(buffer.get()), len));
-        buffer[written] = 0;
-
-        // written can never exceed len, so the truncation is OK.
-        JSString* str = JS_NewLatin1String(cx, std::move(buffer), written);
-        if (!str) {
-          return false;
+        if (buf) {
+          buf->AddRef();
         }
-
-        d.setString(str);
         return true;
       }
 
@@ -670,24 +661,7 @@ bool XPCConvert::JSData2Native(JSContext* cx, void* d, HandleValue s,
         return true;
       }
 
-      JSLinearString* linear = JS_EnsureLinearString(cx, str);
-      if (!linear) {
-        return false;
-      }
-
-      size_t utf8Length = JS::GetDeflatedUTF8StringLength(linear);
-      if (!rs->SetLength(utf8Length, fallible)) {
-        if (pErr) {
-          *pErr = NS_ERROR_OUT_OF_MEMORY;
-        }
-        return false;
-      }
-
-      mozilla::DebugOnly<size_t> written = JS::DeflateStringToUTF8Buffer(
-          linear, mozilla::Span(rs->BeginWriting(), utf8Length));
-      MOZ_ASSERT(written == utf8Length);
-
-      return true;
+      return AssignJSString(cx, *rs, str);
     }
 
     case nsXPTType::T_CSTRING: {
diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp
index 7bf574f675..8f3621f9c5 100644
--- a/js/xpconnect/src/XPCJSContext.cpp
+++ b/js/xpconnect/src/XPCJSContext.cpp
@@ -812,11 +812,6 @@ void xpc::SetPrefableContextOptions(JS::ContextOptions& options) {
       .setWasmIon(Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_optimizingjit"))
       .setWasmBaseline(
           Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_baselinejit"))
-#define WASM_FEATURE(NAME, LOWER_NAME, STAGE, COMPILE_PRED, COMPILER_PRED, \
-                     FLAG_PRED, FLAG_FORCE_ON, FLAG_FUZZ_ON, SHELL, PREF)  \
-  .setWasm##NAME(Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_" PREF))
-          JS_FOR_WASM_FEATURES(WASM_FEATURE)
-#undef WASM_FEATURE
       .setWasmVerbose(Preferences::GetBool(JS_OPTIONS_DOT_STR "wasm_verbose"))
       .setAsyncStack(Preferences::GetBool(JS_OPTIONS_DOT_STR "asyncstack"))
       .setAsyncStackCaptureDebuggeeOnly(Preferences::GetBool(
diff --git a/js/xpconnect/src/XPCJSRuntime.cpp b/js/xpconnect/src/XPCJSRuntime.cpp
index c4d272b950..fd495ec964 100644
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -8,13 +8,13 @@
 
 #include "mozilla/ArrayUtils.h"
 #include "mozilla/AutoRestore.h"
+#include "mozilla/AppShutdown.h"
 #include "mozilla/MemoryReporting.h"
 #include "mozilla/UniquePtr.h"
 
 #include "xpcprivate.h"
 #include "xpcpublic.h"
 #include "XPCMaps.h"
-#include "XPCWrapper.h"
 #include "XPCJSMemoryReporter.h"
 #include "XrayWrapper.h"
 #include "WrapperFactory.h"
@@ -28,11 +28,9 @@
 #include "nsIObserverService.h"
 #include "mozilla/dom/Document.h"
 #include "nsIRunnable.h"
-#include "nsIPlatformInfo.h"
 #include "nsPIDOMWindow.h"
 #include "nsPrintfCString.h"
 #include "nsScriptSecurityManager.h"
-#include "nsThreadPool.h"
 #include "nsWindowSizes.h"
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/Preferences.h"
@@ -40,6 +38,7 @@
 #include "mozilla/Services.h"
 #include "mozilla/dom/ScriptLoader.h"
 #include "mozilla/dom/ScriptSettings.h"
+#include "mozilla/glean/GleanMetrics.h"
 
 #include "nsContentUtils.h"
 #include "nsCCUncollectableMarker.h"
@@ -613,9 +612,13 @@ JSObject* NACScope(JSObject* global) {
   return scope;
 }
 
-JSObject* PrivilegedJunkScope() { return XPCJSRuntime::Get()->LoaderGlobal(); }
+JSObject* PrivilegedJunkScope() {
+  return mozJSModuleLoader::Get()->GetSharedGlobal();
+}
 
-JSObject* CompilationScope() { return XPCJSRuntime::Get()->LoaderGlobal(); }
+JSObject* CompilationScope() {
+  return mozJSModuleLoader::Get()->GetSharedGlobal();
+}
 
 nsGlobalWindowInner* WindowOrNull(JSObject* aObj) {
   MOZ_ASSERT(aObj);
@@ -1454,6 +1457,9 @@ static void ReportZoneStats(const JS::ZoneStats& zStats,
                  zStats.regExpSharedsMallocHeap,
                  "Shared compiled regexp data.");
 
+  ZRREPORT_BYTES(pathPrefix + "zone-object"_ns, zStats.zoneObject,
+                 "The JS::Zone object itself.");
+
   ZRREPORT_BYTES(pathPrefix + "regexp-zone"_ns, zStats.regexpZone,
                  "The regexp zone and regexp data.");
 
@@ -2638,9 +2644,6 @@ static void SetUseCounterCallback(JSObject* obj, JSUseCounter counter) {
     case JSUseCounter::WASM_LEGACY_EXCEPTIONS:
       SetUseCounter(obj, eUseCounter_custom_JS_wasm_legacy_exceptions);
       break;
-    case JSUseCounter::LATE_WEEKDAY:
-      SetUseCounter(obj, eUseCounter_custom_JS_late_weekday);
-      break;
     default:
       MOZ_ASSERT_UNREACHABLE("Unexpected JSUseCounter id");
   }
@@ -2905,8 +2908,6 @@ void ConstructUbiNode(void* storage, JSObject* ptr) {
 }
 
 void XPCJSRuntime::Initialize(JSContext* cx) {
-  mLoaderGlobal.init(cx, nullptr);
-
   // these jsids filled in later when we have a JSContext to work with.
   mStrIDs[0] = JS::PropertyKey::Void();
 
@@ -3191,20 +3192,6 @@ void XPCJSRuntime::DeleteSingletonScopes() {
     sandbox->ReleaseWrapper(sandbox);
     mUnprivilegedJunkScope = nullptr;
   }
-  mLoaderGlobal = nullptr;
-}
-
-JSObject* XPCJSRuntime::LoaderGlobal() {
-  if (!mLoaderGlobal) {
-    RefPtr loader = mozJSModuleLoader::Get();
-
-    dom::AutoJSAPI jsapi;
-    jsapi.Init();
-
-    mLoaderGlobal = loader->GetSharedGlobal(jsapi.cx());
-    MOZ_RELEASE_ASSERT(!JS_IsExceptionPending(jsapi.cx()));
-  }
-  return mLoaderGlobal;
 }
 
 uint32_t GetAndClampCPUCount() {
diff --git a/js/xpconnect/src/XPCShellImpl.cpp b/js/xpconnect/src/XPCShellImpl.cpp
index 38a02e9b2f..b36ba56aed 100644
--- a/js/xpconnect/src/XPCShellImpl.cpp
+++ b/js/xpconnect/src/XPCShellImpl.cpp
@@ -1084,6 +1084,10 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp,
   // stability, we should instantiate COM ASAP so that we can ensure that these
   // global settings are configured before anything can interfere.
   mscom::ProcessRuntime mscom;
+
+#  ifdef MOZ_SANDBOX
+  nsAutoString binDirPath;
+#  endif
 #endif
 
   // The provider needs to outlive the call to shutting down XPCOM.
@@ -1103,6 +1107,11 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp,
       return 1;
     }
 
+#if defined(XP_WIN) && defined(MOZ_SANDBOX)
+    // We need the binary directory to initialize the windows sandbox.
+    MOZ_ALWAYS_SUCCEEDS(appDir->GetPath(binDirPath));
+#endif
+
     dirprovider.SetAppFile(appFile);
 
     nsCOMPtr<nsIFile> greDir;
@@ -1301,7 +1310,7 @@ int XRE_XPCShellMain(int argc, char** argv, char** envp,
 #  if defined(MOZ_SANDBOX)
     // Required for sandboxed child processes.
     if (aShellData->sandboxBrokerServices) {
-      SandboxBroker::Initialize(aShellData->sandboxBrokerServices);
+      SandboxBroker::Initialize(aShellData->sandboxBrokerServices, binDirPath);
       SandboxBroker::GeckoDependentInitialize();
     } else {
       NS_WARNING(
diff --git a/js/xpconnect/src/xpcprivate.h b/js/xpconnect/src/xpcprivate.h
index 57a4b1e02e..1e873d9c05 100644
--- a/js/xpconnect/src/xpcprivate.h
+++ b/js/xpconnect/src/xpcprivate.h
@@ -560,7 +560,6 @@ class XPCJSRuntime final : public mozilla::CycleCollectedJSRuntime {
   JSObject* UnprivilegedJunkScope(const mozilla::fallible_t&);
 
   bool IsUnprivilegedJunkScope(JSObject*);
-  JSObject* LoaderGlobal();
 
   void DeleteSingletonScopes();
 
@@ -610,7 +609,6 @@ class XPCJSRuntime final : public mozilla::CycleCollectedJSRuntime {
   JS::GCSliceCallback mPrevGCSliceCallback;
   JS::DoCycleCollectionCallback mPrevDoCycleCollectionCallback;
   mozilla::WeakPtr<SandboxPrivate> mUnprivilegedJunkScope;
-  JS::PersistentRootedObject mLoaderGlobal;
   RefPtr<AsyncFreeSnowWhite> mAsyncSnowWhiteFreer;
 
   friend class XPCJSContext;
@@ -2193,6 +2191,7 @@ struct GlobalProperties {
   bool ChromeUtils : 1;
   bool CSS : 1;
   bool CSSRule : 1;
+  bool CustomStateSet : 1;
   bool Directory : 1;
   bool Document : 1;
   bool DOMException : 1;