/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "mozilla/dom/HTMLFormElement.h"

#include <utility>

#include "Attr.h"
#include "jsapi.h"
#include "mozilla/AutoRestore.h"
#include "mozilla/BasePrincipal.h"
#include "mozilla/BinarySearch.h"
#include "mozilla/Components.h"
#include "mozilla/ContentEvents.h"
#include "mozilla/EventDispatcher.h"
#include "mozilla/PresShell.h"
#include "mozilla/UniquePtr.h"
#include "mozilla/dom/BindContext.h"
#include "mozilla/dom/BrowsingContext.h"
#include "mozilla/dom/CustomEvent.h"
#include "mozilla/dom/Document.h"
#include "mozilla/dom/HTMLFormControlsCollection.h"
#include "mozilla/dom/HTMLFormElementBinding.h"
#include "mozilla/dom/TreeOrderedArrayInlines.h"
#include "mozilla/dom/nsCSPContext.h"
#include "mozilla/dom/nsCSPUtils.h"
#include "mozilla/dom/nsMixedContentBlocker.h"
#include "nsCOMArray.h"
#include "nsContentList.h"
#include "nsContentUtils.h"
#include "nsDOMAttributeMap.h"
#include "nsDocShell.h"
#include "nsDocShellLoadState.h"
#include "nsError.h"
#include "nsFocusManager.h"
#include "nsGkAtoms.h"
#include "nsHTMLDocument.h"
#include "nsIFormControlFrame.h"
#include "nsInterfaceHashtable.h"
#include "nsPresContext.h"
#include "nsQueryObject.h"
#include "nsStyleConsts.h"
#include "nsTArray.h"

// form submission
#include "HTMLFormSubmissionConstants.h"
#include "mozilla/dom/FormData.h"
#include "mozilla/dom/FormDataEvent.h"
#include "mozilla/dom/SubmitEvent.h"
#include "mozilla/Telemetry.h"
#include "mozilla/StaticPrefs_dom.h"
#include "mozilla/StaticPrefs_prompts.h"
#include "nsCategoryManagerUtils.h"
#include "nsIContentInlines.h"
#include "nsISimpleEnumerator.h"
#include "nsRange.h"
#include "nsIScriptError.h"
#include "nsIScriptSecurityManager.h"
#include "nsNetUtil.h"
#include "nsIInterfaceRequestorUtils.h"
#include "nsIDocShell.h"
#include "nsIPromptService.h"
#include "nsISecurityUITelemetry.h"
#include "nsIStringBundle.h"

// radio buttons
#include "mozilla/dom/HTMLInputElement.h"
#include "mozilla/dom/HTMLButtonElement.h"
#include "mozilla/dom/HTMLSelectElement.h"
#include "nsIRadioVisitor.h"
#include "RadioNodeList.h"

#include "nsLayoutUtils.h"

#include "mozAutoDocUpdate.h"
#include "nsIHTMLCollection.h"

#include "nsIConstraintValidation.h"

#include "nsSandboxFlags.h"

#include "mozilla/dom/HTMLAnchorElement.h"

// images
#include "mozilla/dom/HTMLImageElement.h"
#include "mozilla/dom/HTMLButtonElement.h"

// construction, destruction
NS_IMPL_NS_NEW_HTML_ELEMENT(Form)

namespace mozilla::dom {

static const uint8_t NS_FORM_AUTOCOMPLETE_ON = 1;
static const uint8_t NS_FORM_AUTOCOMPLETE_OFF = 0;

static const nsAttrValue::EnumTable kFormAutocompleteTable[] = {
    {"on", NS_FORM_AUTOCOMPLETE_ON},
    {"off", NS_FORM_AUTOCOMPLETE_OFF},
    {nullptr, 0}};
// Default autocomplete value is 'on'.
static const nsAttrValue::EnumTable* kFormDefaultAutocomplete =
    &kFormAutocompleteTable[0];

HTMLFormElement::HTMLFormElement(
    already_AddRefed<mozilla::dom::NodeInfo>&& aNodeInfo)
    : nsGenericHTMLElement(std::move(aNodeInfo)),
      mControls(new HTMLFormControlsCollection(this)),
      mPendingSubmission(nullptr),
      mDefaultSubmitElement(nullptr),
      mFirstSubmitInElements(nullptr),
      mFirstSubmitNotInElements(nullptr),
      mImageNameLookupTable(FORM_CONTROL_LIST_HASHTABLE_LENGTH),
      mPastNameLookupTable(FORM_CONTROL_LIST_HASHTABLE_LENGTH),
      mSubmitPopupState(PopupBlocker::openAbused),
      mInvalidElementsCount(0),
      mFormNumber(-1),
      mGeneratingSubmit(false),
      mGeneratingReset(false),
      mDeferSubmission(false),
      mNotifiedObservers(false),
      mNotifiedObserversResult(false),
      mIsConstructingEntryList(false),
      mIsFiringSubmissionEvents(false) {
  // We start out valid.
  AddStatesSilently(ElementState::VALID);
}

HTMLFormElement::~HTMLFormElement() {
  if (mControls) {
    mControls->DropFormReference();
  }

  Clear();
}

// nsISupports

NS_IMPL_CYCLE_COLLECTION_CLASS(HTMLFormElement)

NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(HTMLFormElement,
                                                  nsGenericHTMLElement)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mControls)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mImageNameLookupTable)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPastNameLookupTable)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mRelList)
  NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mTargetContext)
NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END

NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(HTMLFormElement,
                                                nsGenericHTMLElement)
  NS_IMPL_CYCLE_COLLECTION_UNLINK(mRelList)
  NS_IMPL_CYCLE_COLLECTION_UNLINK(mTargetContext)
  tmp->Clear();
  tmp->mExpandoAndGeneration.OwnerUnlinked();
NS_IMPL_CYCLE_COLLECTION_UNLINK_END

NS_IMPL_ISUPPORTS_CYCLE_COLLECTION_INHERITED_0(HTMLFormElement,
                                               nsGenericHTMLElement)

// EventTarget
void HTMLFormElement::AsyncEventRunning(AsyncEventDispatcher* aEvent) {
  if (aEvent->mEventType == u"DOMFormHasPassword"_ns) {
    mHasPendingPasswordEvent = false;
  } else if (aEvent->mEventType == u"DOMFormHasPossibleUsername"_ns) {
    mHasPendingPossibleUsernameEvent = false;
  }
}

nsDOMTokenList* HTMLFormElement::RelList() {
  if (!mRelList) {
    mRelList =
        new nsDOMTokenList(this, nsGkAtoms::rel, sAnchorAndFormRelValues);
  }
  return mRelList;
}

NS_IMPL_ELEMENT_CLONE(HTMLFormElement)

HTMLFormControlsCollection* HTMLFormElement::Elements() { return mControls; }

void HTMLFormElement::BeforeSetAttr(int32_t aNamespaceID, nsAtom* aName,
                                    const nsAttrValue* aValue, bool aNotify) {
  if (aNamespaceID == kNameSpaceID_None) {
    if (aName == nsGkAtoms::action || aName == nsGkAtoms::target) {
      // Don't forget we've notified the password manager already if the
      // page sets the action/target in the during submit. (bug 343182)
      bool notifiedObservers = mNotifiedObservers;
      ForgetCurrentSubmission();
      mNotifiedObservers = notifiedObservers;
    }
  }

  return nsGenericHTMLElement::BeforeSetAttr(aNamespaceID, aName, aValue,
                                             aNotify);
}

void HTMLFormElement::GetAutocomplete(nsAString& aValue) {
  GetEnumAttr(nsGkAtoms::autocomplete, kFormDefaultAutocomplete->tag, aValue);
}

void HTMLFormElement::GetEnctype(nsAString& aValue) {
  GetEnumAttr(nsGkAtoms::enctype, kFormDefaultEnctype->tag, aValue);
}

void HTMLFormElement::GetMethod(nsAString& aValue) {
  GetEnumAttr(nsGkAtoms::method, kFormDefaultMethod->tag, aValue);
}

void HTMLFormElement::ReportInvalidUnfocusableElements(
    const nsTArray<RefPtr<Element>>&& aInvalidElements) {
  RefPtr<nsFocusManager> focusManager = nsFocusManager::GetFocusManager();
  MOZ_ASSERT(focusManager);

  for (const auto& element : aInvalidElements) {
    bool isFocusable = false;
    // MOZ_KnownLive because 'aInvalidElements' is guaranteed to keep it alive.
    // This can go away once bug 1620312 is fixed.
    focusManager->ElementIsFocusable(MOZ_KnownLive(element), 0, &isFocusable);
    if (!isFocusable) {
      nsTArray<nsString> params;
      nsAutoCString messageName("InvalidFormControlUnfocusable");

      if (Attr* nameAttr = element->GetAttributes()->GetNamedItem(u"name"_ns)) {
        nsAutoString name;
        nameAttr->GetValue(name);
        params.AppendElement(name);
        messageName = "InvalidNamedFormControlUnfocusable";
      }

      nsContentUtils::ReportToConsole(
          nsIScriptError::errorFlag, "DOM"_ns, element->GetOwnerDocument(),
          nsContentUtils::eDOM_PROPERTIES, messageName.get(), params,
          element->GetBaseURI());
    }
  }
}

// https://html.spec.whatwg.org/multipage/forms.html#concept-form-submit
void HTMLFormElement::MaybeSubmit(Element* aSubmitter) {
#ifdef DEBUG
  if (aSubmitter) {
    nsCOMPtr<nsIFormControl> fc = do_QueryInterface(aSubmitter);
    MOZ_ASSERT(fc);
    MOZ_ASSERT(fc->IsSubmitControl(), "aSubmitter is not a submit control?");
  }
#endif

  // 1-4 of
  // https://html.spec.whatwg.org/multipage/forms.html#concept-form-submit
  Document* doc = GetComposedDoc();
  if (mIsConstructingEntryList || !doc ||
      (doc->GetSandboxFlags() & SANDBOXED_FORMS)) {
    return;
  }

  // 5.1. If form's firing submission events is true, then return.
  if (mIsFiringSubmissionEvents) {
    return;
  }

  // 5.2. Set form's firing submission events to true.
  AutoRestore<bool> resetFiringSubmissionEventsFlag(mIsFiringSubmissionEvents);
  mIsFiringSubmissionEvents = true;

  // Flag elements as user-interacted.
  // FIXME: Should be specified, see:
  // https://github.com/whatwg/html/issues/10066
  {
    for (nsGenericHTMLFormElement* el : mControls->mElements.AsList()) {
      el->SetUserInteracted(true);
    }
    for (nsGenericHTMLFormElement* el : mControls->mNotInElements.AsList()) {
      el->SetUserInteracted(true);
    }
  }

  // 5.3. If the submitter element's no-validate state is false, then
  //      interactively validate the constraints of form and examine the result.
  //      If the result is negative (i.e., the constraint validation concluded
  //      that there were invalid fields and probably informed the user of this)
  bool noValidateState =
      HasAttr(nsGkAtoms::novalidate) ||
      (aSubmitter && aSubmitter->HasAttr(nsGkAtoms::formnovalidate));
  if (!noValidateState && !CheckValidFormSubmission()) {
    return;
  }

  RefPtr<PresShell> presShell = doc->GetPresShell();
  if (!presShell) {
    // We need the nsPresContext for dispatching the submit event. In some
    // rare cases we need to flush notifications to force creation of the
    // nsPresContext here (for example when a script calls form.requestSubmit()
    // from script early during page load). We only flush the notifications
    // if the PresShell hasn't been created yet, to limit the performance
    // impact.
    doc->FlushPendingNotifications(FlushType::EnsurePresShellInitAndFrames);
    presShell = doc->GetPresShell();
  }

  // If |PresShell::Destroy| has been called due to handling the event the pres
  // context will return a null pres shell. See bug 125624. Using presShell to
  // dispatch the event. It makes sure that event is not handled if the window
  // is being destroyed.
  if (presShell) {
    SubmitEventInit init;
    init.mBubbles = true;
    init.mCancelable = true;
    init.mSubmitter =
        aSubmitter ? nsGenericHTMLElement::FromNode(aSubmitter) : nullptr;
    RefPtr<SubmitEvent> event =
        SubmitEvent::Constructor(this, u"submit"_ns, init);
    event->SetTrusted(true);
    nsEventStatus status = nsEventStatus_eIgnore;
    presShell->HandleDOMEventWithTarget(this, event, &status);
  }
}

void HTMLFormElement::MaybeReset(Element* aSubmitter) {
  // If |PresShell::Destroy| has been called due to handling the event the pres
  // context will return a null pres shell. See bug 125624. Using presShell to
  // dispatch the event. It makes sure that event is not handled if the window
  // is being destroyed.
  if (RefPtr<PresShell> presShell = OwnerDoc()->GetPresShell()) {
    InternalFormEvent event(true, eFormReset);
    event.mOriginator = aSubmitter;
    nsEventStatus status = nsEventStatus_eIgnore;
    presShell->HandleDOMEventWithTarget(this, &event, &status);
  }
}

void HTMLFormElement::Submit(ErrorResult& aRv) { aRv = DoSubmit(); }

// https://html.spec.whatwg.org/multipage/forms.html#dom-form-requestsubmit
void HTMLFormElement::RequestSubmit(nsGenericHTMLElement* aSubmitter,
                                    ErrorResult& aRv) {
  // 1. If submitter is not null, then:
  if (aSubmitter) {
    nsCOMPtr<nsIFormControl> fc = do_QueryObject(aSubmitter);

    // 1.1. If submitter is not a submit button, then throw a TypeError.
    if (!fc || !fc->IsSubmitControl()) {
      aRv.ThrowTypeError("The submitter is not a submit button.");
      return;
    }

    // 1.2. If submitter's form owner is not this form element, then throw a
    //      "NotFoundError" DOMException.
    if (fc->GetForm() != this) {
      aRv.ThrowNotFoundError("The submitter is not owned by this form.");
      return;
    }
  }

  // 2. Otherwise, set submitter to this form element.
  // 3. Submit this form element, from submitter.
  MaybeSubmit(aSubmitter);
}

void HTMLFormElement::Reset() {
  InternalFormEvent event(true, eFormReset);
  EventDispatcher::Dispatch(this, nullptr, &event);
}

bool HTMLFormElement::ParseAttribute(int32_t aNamespaceID, nsAtom* aAttribute,
                                     const nsAString& aValue,
                                     nsIPrincipal* aMaybeScriptedPrincipal,
                                     nsAttrValue& aResult) {
  if (aNamespaceID == kNameSpaceID_None) {
    if (aAttribute == nsGkAtoms::method) {
      return aResult.ParseEnumValue(aValue, kFormMethodTable, false);
    }
    if (aAttribute == nsGkAtoms::enctype) {
      return aResult.ParseEnumValue(aValue, kFormEnctypeTable, false);
    }
    if (aAttribute == nsGkAtoms::autocomplete) {
      return aResult.ParseEnumValue(aValue, kFormAutocompleteTable, false);
    }
  }

  return nsGenericHTMLElement::ParseAttribute(aNamespaceID, aAttribute, aValue,
                                              aMaybeScriptedPrincipal, aResult);
}

nsresult HTMLFormElement::BindToTree(BindContext& aContext, nsINode& aParent) {
  nsresult rv = nsGenericHTMLElement::BindToTree(aContext, aParent);
  NS_ENSURE_SUCCESS(rv, rv);

  if (IsInUncomposedDoc() && aContext.OwnerDoc().IsHTMLOrXHTML()) {
    aContext.OwnerDoc().AsHTMLDocument()->AddedForm();
  }

  return rv;
}

template <typename T>
static void MarkOrphans(const nsTArray<T*>& aArray) {
  uint32_t length = aArray.Length();
  for (uint32_t i = 0; i < length; ++i) {
    aArray[i]->SetFlags(MAYBE_ORPHAN_FORM_ELEMENT);
  }
}

static void CollectOrphans(nsINode* aRemovalRoot,
                           const nsTArray<nsGenericHTMLFormElement*>& aArray
#ifdef DEBUG
                           ,
                           HTMLFormElement* aThisForm
#endif
) {
  // Put a script blocker around all the notifications we're about to do.
  nsAutoScriptBlocker scriptBlocker;

  // Walk backwards so that if we remove elements we can just keep iterating
  uint32_t length = aArray.Length();
  for (uint32_t i = length; i > 0; --i) {
    nsGenericHTMLFormElement* node = aArray[i - 1];

    // Now if MAYBE_ORPHAN_FORM_ELEMENT is not set, that would mean that the
    // node is in fact a descendant of the form and hence should stay in the
    // form.  If it _is_ set, then we need to check whether the node is a
    // descendant of aRemovalRoot.  If it is, we leave it in the form.
#ifdef DEBUG
    bool removed = false;
#endif
    if (node->HasFlag(MAYBE_ORPHAN_FORM_ELEMENT)) {
      node->UnsetFlags(MAYBE_ORPHAN_FORM_ELEMENT);
      if (!node->IsInclusiveDescendantOf(aRemovalRoot)) {
        nsCOMPtr<nsIFormControl> fc = do_QueryInterface(node);
        MOZ_ASSERT(fc);
        fc->ClearForm(true, false);
#ifdef DEBUG
        removed = true;
#endif
      }
    }

#ifdef DEBUG
    if (!removed) {
      nsCOMPtr<nsIFormControl> fc = do_QueryInterface(node);
      MOZ_ASSERT(fc);
      HTMLFormElement* form = fc->GetForm();
      NS_ASSERTION(form == aThisForm, "How did that happen?");
    }
#endif /* DEBUG */
  }
}

static void CollectOrphans(nsINode* aRemovalRoot,
                           const nsTArray<HTMLImageElement*>& aArray
#ifdef DEBUG
                           ,
                           HTMLFormElement* aThisForm
#endif
) {
  // Walk backwards so that if we remove elements we can just keep iterating
  uint32_t length = aArray.Length();
  for (uint32_t i = length; i > 0; --i) {
    HTMLImageElement* node = aArray[i - 1];

    // Now if MAYBE_ORPHAN_FORM_ELEMENT is not set, that would mean that the
    // node is in fact a descendant of the form and hence should stay in the
    // form.  If it _is_ set, then we need to check whether the node is a
    // descendant of aRemovalRoot.  If it is, we leave it in the form.
#ifdef DEBUG
    bool removed = false;
#endif
    if (node->HasFlag(MAYBE_ORPHAN_FORM_ELEMENT)) {
      node->UnsetFlags(MAYBE_ORPHAN_FORM_ELEMENT);
      if (!node->IsInclusiveDescendantOf(aRemovalRoot)) {
        node->ClearForm(true);

#ifdef DEBUG
        removed = true;
#endif
      }
    }

#ifdef DEBUG
    if (!removed) {
      HTMLFormElement* form = node->GetForm();
      NS_ASSERTION(form == aThisForm, "How did that happen?");
    }
#endif /* DEBUG */
  }
}

void HTMLFormElement::UnbindFromTree(UnbindContext& aContext) {
  MaybeFireFormRemoved();

  // Note, this is explicitly using uncomposed doc, since we count
  // only forms in document.
  RefPtr<Document> oldDocument = GetUncomposedDoc();

  // Mark all of our controls as maybe being orphans
  MarkOrphans(mControls->mElements.AsList());
  MarkOrphans(mControls->mNotInElements.AsList());
  MarkOrphans(mImageElements.AsList());

  nsGenericHTMLElement::UnbindFromTree(aContext);

  nsINode* ancestor = this;
  nsINode* cur;
  do {
    cur = ancestor->GetParentNode();
    if (!cur) {
      break;
    }
    ancestor = cur;
  } while (true);

  CollectOrphans(ancestor, mControls->mElements
#ifdef DEBUG
                 ,
                 this
#endif
  );
  CollectOrphans(ancestor, mControls->mNotInElements
#ifdef DEBUG
                 ,
                 this
#endif
  );
  CollectOrphans(ancestor, mImageElements
#ifdef DEBUG
                 ,
                 this
#endif
  );

  if (oldDocument && oldDocument->IsHTMLOrXHTML()) {
    oldDocument->AsHTMLDocument()->RemovedForm();
  }
  ForgetCurrentSubmission();
}

static bool CanSubmit(WidgetEvent& aEvent) {
  // According to the UI events spec section "Trusted events", we shouldn't
  // trigger UA default action with an untrusted event except click.
  // However, there are still some sites depending on sending untrusted event
  // to submit form, see Bug 1370630.
  return !StaticPrefs::dom_forms_submit_trusted_event_only() ||
         aEvent.IsTrusted();
}

void HTMLFormElement::GetEventTargetParent(EventChainPreVisitor& aVisitor) {
  aVisitor.mWantsWillHandleEvent = true;
  if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
      CanSubmit(*aVisitor.mEvent)) {
    uint32_t msg = aVisitor.mEvent->mMessage;
    if (msg == eFormSubmit) {
      if (mGeneratingSubmit) {
        aVisitor.mCanHandle = false;
        return;
      }
      mGeneratingSubmit = true;

      // XXXedgar, the untrusted event would trigger form submission, in this
      // case, form need to handle defer flag and flushing pending submission by
      // itself. This could be removed after Bug 1370630.
      if (!aVisitor.mEvent->IsTrusted()) {
        // let the form know that it needs to defer the submission,
        // that means that if there are scripted submissions, the
        // latest one will be deferred until after the exit point of the
        // handler.
        mDeferSubmission = true;
      }
    } else if (msg == eFormReset) {
      if (mGeneratingReset) {
        aVisitor.mCanHandle = false;
        return;
      }
      mGeneratingReset = true;
    }
  }
  nsGenericHTMLElement::GetEventTargetParent(aVisitor);
}

void HTMLFormElement::WillHandleEvent(EventChainPostVisitor& aVisitor) {
  // If this is the bubble stage and there is a nested form below us which
  // received a submit event we do *not* want to handle the submit event
  // for this form too.
  if ((aVisitor.mEvent->mMessage == eFormSubmit ||
       aVisitor.mEvent->mMessage == eFormReset) &&
      aVisitor.mEvent->mFlags.mInBubblingPhase &&
      aVisitor.mEvent->mOriginalTarget != static_cast<nsIContent*>(this)) {
    aVisitor.mEvent->StopPropagation();
  }
}

nsresult HTMLFormElement::PostHandleEvent(EventChainPostVisitor& aVisitor) {
  if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
      CanSubmit(*aVisitor.mEvent)) {
    EventMessage msg = aVisitor.mEvent->mMessage;
    if (aVisitor.mEventStatus == nsEventStatus_eIgnore) {
      switch (msg) {
        case eFormReset: {
          DoReset();
          break;
        }
        case eFormSubmit: {
          if (!aVisitor.mEvent->IsTrusted()) {
            // Warning about the form submission is from untrusted event.
            OwnerDoc()->WarnOnceAbout(
                DeprecatedOperations::eFormSubmissionUntrustedEvent);
          }
          RefPtr<Event> event = aVisitor.mDOMEvent;
          DoSubmit(event);
          break;
        }
        default:
          break;
      }
    }

    // XXXedgar, the untrusted event would trigger form submission, in this
    // case, form need to handle defer flag and flushing pending submission by
    // itself. This could be removed after Bug 1370630.
    if (msg == eFormSubmit && !aVisitor.mEvent->IsTrusted()) {
      // let the form know not to defer subsequent submissions
      mDeferSubmission = false;
      // tell the form to flush a possible pending submission.
      FlushPendingSubmission();
    }

    if (msg == eFormSubmit) {
      mGeneratingSubmit = false;
    } else if (msg == eFormReset) {
      mGeneratingReset = false;
    }
  }
  return NS_OK;
}

nsresult HTMLFormElement::DoReset() {
  // Make sure the presentation is up-to-date
  Document* doc = GetComposedDoc();
  if (doc) {
    doc->FlushPendingNotifications(FlushType::ContentAndNotify);
  }

  // JBK walk the elements[] array instead of form frame controls - bug 34297
  uint32_t numElements = mControls->Length();
  for (uint32_t elementX = 0; elementX < numElements; ++elementX) {
    // Hold strong ref in case the reset does something weird
    nsCOMPtr<nsIFormControl> controlNode = do_QueryInterface(
        mControls->mElements->SafeElementAt(elementX, nullptr));
    if (controlNode) {
      controlNode->Reset();
    }
  }

  return NS_OK;
}

#define NS_ENSURE_SUBMIT_SUCCESS(rv) \
  if (NS_FAILED(rv)) {               \
    ForgetCurrentSubmission();       \
    return rv;                       \
  }

nsresult HTMLFormElement::DoSubmit(Event* aEvent) {
  Document* doc = GetComposedDoc();
  NS_ASSERTION(doc, "Should never get here without a current doc");

  // Make sure the presentation is up-to-date
  if (doc) {
    doc->FlushPendingNotifications(FlushType::ContentAndNotify);
  }

  // Don't submit if we're not in a document or if we're in
  // a sandboxed frame and form submit is disabled.
  if (mIsConstructingEntryList || !doc ||
      (doc->GetSandboxFlags() & SANDBOXED_FORMS)) {
    return NS_OK;
  }

  if (IsSubmitting()) {
    NS_WARNING("Preventing double form submission");
    // XXX Should this return an error?
    return NS_OK;
  }

  mTargetContext = nullptr;
  mCurrentLoadId = Nothing();

  UniquePtr<HTMLFormSubmission> submission;

  //
  // prepare the submission object
  //
  nsresult rv = BuildSubmission(getter_Transfers(submission), aEvent);

  // Don't raise an error if form cannot navigate.
  if (rv == NS_ERROR_NOT_AVAILABLE) {
    return NS_OK;
  }

  NS_ENSURE_SUCCESS(rv, rv);

  // XXXbz if the script global is that for an sXBL/XBL2 doc, it won't
  // be a window...
  nsPIDOMWindowOuter* window = OwnerDoc()->GetWindow();
  if (window) {
    mSubmitPopupState = PopupBlocker::GetPopupControlState();
  } else {
    mSubmitPopupState = PopupBlocker::openAbused;
  }

  //
  // perform the submission
  //
  if (!submission) {
#ifdef DEBUG
    HTMLDialogElement* dialog = nullptr;
    for (nsIContent* parent = GetParent(); parent;
         parent = parent->GetParent()) {
      dialog = HTMLDialogElement::FromNodeOrNull(parent);
      if (dialog) {
        break;
      }
    }
    MOZ_ASSERT(!dialog || !dialog->Open());
#endif
    return NS_OK;
  }

  if (DialogFormSubmission* dialogSubmission =
          submission->GetAsDialogSubmission()) {
    return SubmitDialog(dialogSubmission);
  }

  if (mDeferSubmission) {
    // we are in an event handler, JS submitted so we have to
    // defer this submission. let's remember it and return
    // without submitting
    mPendingSubmission = std::move(submission);
    return NS_OK;
  }

  return SubmitSubmission(submission.get());
}

nsresult HTMLFormElement::BuildSubmission(HTMLFormSubmission** aFormSubmission,
                                          Event* aEvent) {
  // Get the submitter element
  nsGenericHTMLElement* submitter = nullptr;
  if (aEvent) {
    SubmitEvent* submitEvent = aEvent->AsSubmitEvent();
    if (submitEvent) {
      submitter = submitEvent->GetSubmitter();
    }
  }

  nsresult rv;

  //
  // Walk over the form elements and call SubmitNamesValues() on them to get
  // their data.
  //
  auto encoding = GetSubmitEncoding()->OutputEncoding();
  RefPtr<FormData> formData =
      new FormData(GetOwnerGlobal(), encoding, submitter);
  rv = ConstructEntryList(formData);
  NS_ENSURE_SUBMIT_SUCCESS(rv);

  // Step 9. If form cannot navigate, then return.
  // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#form-submission-algorithm
  if (!GetComposedDoc()) {
    return NS_ERROR_NOT_AVAILABLE;
  }

  //
  // Get the submission object
  //
  rv = HTMLFormSubmission::GetFromForm(this, submitter, encoding,
                                       aFormSubmission);
  NS_ENSURE_SUBMIT_SUCCESS(rv);

  //
  // Dump the data into the submission object
  //
  if (!(*aFormSubmission)->GetAsDialogSubmission()) {
    rv = formData->CopySubmissionDataTo(*aFormSubmission);
    NS_ENSURE_SUBMIT_SUCCESS(rv);
  }

  return NS_OK;
}

nsresult HTMLFormElement::SubmitSubmission(
    HTMLFormSubmission* aFormSubmission) {
  MOZ_ASSERT(!mDeferSubmission);
  MOZ_ASSERT(!mPendingSubmission);

  nsCOMPtr<nsIURI> actionURI = aFormSubmission->GetActionURL();
  if (!actionURI) {
    return NS_OK;
  }

  // If there is no link handler, then we won't actually be able to submit.
  Document* doc = GetComposedDoc();
  RefPtr<nsDocShell> container =
      doc ? nsDocShell::Cast(doc->GetDocShell()) : nullptr;
  if (!container || IsEditable()) {
    return NS_OK;
  }

  // javascript URIs are not really submissions; they just call a function.
  // Also, they may synchronously call submit(), and we want them to be able to
  // do so while still disallowing other double submissions. (Bug 139798)
  // Note that any other URI types that are of equivalent type should also be
  // added here.
  // XXXbz this is a mess.  The real issue here is that nsJSChannel sets the
  // LOAD_BACKGROUND flag, so doesn't notify us, compounded by the fact that
  // the JS executes before we forget the submission in OnStateChange on
  // STATE_STOP.  As a result, we have to make sure that we simply pretend
  // we're not submitting when submitting to a JS URL.  That's kinda bogus, but
  // there we are.
  bool schemeIsJavaScript = actionURI->SchemeIs("javascript");

  //
  // Notify observers of submit
  //
  nsresult rv;
  bool cancelSubmit = false;
  if (mNotifiedObservers) {
    cancelSubmit = mNotifiedObserversResult;
  } else {
    rv = NotifySubmitObservers(actionURI, &cancelSubmit, true);
    NS_ENSURE_SUBMIT_SUCCESS(rv);
  }

  if (cancelSubmit) {
    return NS_OK;
  }

  cancelSubmit = false;
  rv = NotifySubmitObservers(actionURI, &cancelSubmit, false);
  NS_ENSURE_SUBMIT_SUCCESS(rv);

  if (cancelSubmit) {
    return NS_OK;
  }

  //
  // Submit
  //
  uint64_t currentLoadId = 0;

  {
    AutoPopupStatePusher popupStatePusher(mSubmitPopupState);

    AutoHandlingUserInputStatePusher userInpStatePusher(
        aFormSubmission->IsInitiatedFromUserInput());

    nsCOMPtr<nsIInputStream> postDataStream;
    rv = aFormSubmission->GetEncodedSubmission(
        actionURI, getter_AddRefs(postDataStream), actionURI);
    NS_ENSURE_SUBMIT_SUCCESS(rv);

    nsAutoString target;
    aFormSubmission->GetTarget(target);

    RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(actionURI);
    loadState->SetTarget(target);
    loadState->SetPostDataStream(postDataStream);
    loadState->SetFirstParty(true);
    loadState->SetIsFormSubmission(true);
    loadState->SetTriggeringPrincipal(NodePrincipal());
    loadState->SetPrincipalToInherit(NodePrincipal());
    loadState->SetCsp(GetCsp());
    loadState->SetAllowFocusMove(UserActivation::IsHandlingUserInput());

    nsCOMPtr<nsIPrincipal> nodePrincipal = NodePrincipal();
    rv = container->OnLinkClickSync(this, loadState, false, nodePrincipal);
    NS_ENSURE_SUBMIT_SUCCESS(rv);

    mTargetContext = loadState->TargetBrowsingContext().GetMaybeDiscarded();
    currentLoadId = loadState->GetLoadIdentifier();
  }

  // Even if the submit succeeds, it's possible for there to be no
  // browsing context; for example, if it's to a named anchor within
  // the same page the submit will not really do anything.
  if (mTargetContext && !mTargetContext->IsDiscarded() && !schemeIsJavaScript) {
    mCurrentLoadId = Some(currentLoadId);
  } else {
    ForgetCurrentSubmission();
  }

  return rv;
}

// https://html.spec.whatwg.org/#concept-form-submit step 11
nsresult HTMLFormElement::SubmitDialog(DialogFormSubmission* aFormSubmission) {
  // Close the dialog subject. If there is a result, let that be the return
  // value.
  HTMLDialogElement* dialog = aFormSubmission->DialogElement();
  MOZ_ASSERT(dialog);

  Optional<nsAString> retValue;
  retValue = &aFormSubmission->ReturnValue();
  dialog->Close(retValue);

  return NS_OK;
}

nsresult HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
                                                        bool* aCancelSubmit) {
  *aCancelSubmit = false;

  if (!StaticPrefs::security_warn_submit_secure_to_insecure()) {
    return NS_OK;
  }

  // Only ask the user about posting from a secure URI to an insecure URI if
  // this element is in the root document. When this is not the case, the mixed
  // content blocker will take care of security for us.
  if (!OwnerDoc()->IsTopLevelContentDocument()) {
    return NS_OK;
  }

  if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aActionURL)) {
    return NS_OK;
  }

  if (nsMixedContentBlocker::URISafeToBeLoadedInSecureContext(aActionURL)) {
    return NS_OK;
  }

  if (nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(aActionURL)) {
    return NS_OK;
  }

  nsCOMPtr<nsPIDOMWindowOuter> window = OwnerDoc()->GetWindow();
  if (!window) {
    return NS_ERROR_FAILURE;
  }

  // Now that we know the action URI is insecure check if we're submitting from
  // a secure URI and if so fall thru and prompt user about posting.
  if (nsCOMPtr<nsPIDOMWindowInner> innerWindow = OwnerDoc()->GetInnerWindow()) {
    if (!innerWindow->IsSecureContext()) {
      return NS_OK;
    }
  }

  // Bug 1351358: While file URIs are considered to be secure contexts we allow
  // submitting a form to an insecure URI from a file URI without an alert in an
  // attempt to avoid compatibility issues.
  if (window->GetDocumentURI()->SchemeIs("file")) {
    return NS_OK;
  }

  nsCOMPtr<nsIDocShell> docShell = window->GetDocShell();
  if (!docShell) {
    return NS_ERROR_FAILURE;
  }

  nsresult rv;
  nsCOMPtr<nsIPromptService> promptSvc =
      do_GetService("@mozilla.org/prompter;1", &rv);
  if (NS_FAILED(rv)) {
    return rv;
  }

  nsCOMPtr<nsIStringBundle> stringBundle;
  nsCOMPtr<nsIStringBundleService> stringBundleService =
      mozilla::components::StringBundle::Service();
  if (!stringBundleService) {
    return NS_ERROR_FAILURE;
  }
  rv = stringBundleService->CreateBundle(
      "chrome://global/locale/browser.properties",
      getter_AddRefs(stringBundle));
  if (NS_FAILED(rv)) {
    return rv;
  }
  nsAutoString title;
  nsAutoString message;
  nsAutoString cont;
  stringBundle->GetStringFromName("formPostSecureToInsecureWarning.title",
                                  title);
  stringBundle->GetStringFromName("formPostSecureToInsecureWarning.message",
                                  message);
  stringBundle->GetStringFromName("formPostSecureToInsecureWarning.continue",
                                  cont);
  int32_t buttonPressed;
  bool checkState =
      false;  // this is unused (ConfirmEx requires this parameter)
  rv = promptSvc->ConfirmExBC(
      docShell->GetBrowsingContext(),
      StaticPrefs::prompts_modalType_insecureFormSubmit(), title.get(),
      message.get(),
      (nsIPromptService::BUTTON_TITLE_IS_STRING *
       nsIPromptService::BUTTON_POS_0) +
          (nsIPromptService::BUTTON_TITLE_CANCEL *
           nsIPromptService::BUTTON_POS_1),
      cont.get(), nullptr, nullptr, nullptr, &checkState, &buttonPressed);
  if (NS_FAILED(rv)) {
    return rv;
  }
  *aCancelSubmit = (buttonPressed == 1);
  uint32_t telemetryBucket =
      nsISecurityUITelemetry::WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE;
  mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
                                 telemetryBucket);
  if (!*aCancelSubmit) {
    // The user opted to continue, so note that in the next telemetry bucket.
    mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
                                   telemetryBucket + 1);
  }
  return NS_OK;
}

nsresult HTMLFormElement::NotifySubmitObservers(nsIURI* aActionURL,
                                                bool* aCancelSubmit,
                                                bool aEarlyNotify) {
  if (!aEarlyNotify) {
    nsresult rv = DoSecureToInsecureSubmitCheck(aActionURL, aCancelSubmit);
    if (NS_FAILED(rv)) {
      return rv;
    }
    if (*aCancelSubmit) {
      return NS_OK;
    }
  }

  bool defaultAction = true;
  nsresult rv = nsContentUtils::DispatchEventOnlyToChrome(
      OwnerDoc(), static_cast<nsINode*>(this),
      aEarlyNotify ? u"DOMFormBeforeSubmit"_ns : u"DOMFormSubmit"_ns,
      CanBubble::eYes, Cancelable::eYes, &defaultAction);
  *aCancelSubmit = !defaultAction;
  if (*aCancelSubmit) {
    return NS_OK;
  }
  return rv;
}

nsresult HTMLFormElement::ConstructEntryList(FormData* aFormData) {
  MOZ_ASSERT(aFormData, "Must have FormData!");
  if (mIsConstructingEntryList) {
    // Step 2.2 of https://xhr.spec.whatwg.org/#dom-formdata.
    return NS_ERROR_DOM_INVALID_STATE_ERR;
  }

  AutoRestore<bool> resetConstructingEntryList(mIsConstructingEntryList);
  mIsConstructingEntryList = true;
  // This shouldn't be called recursively, so use a rather large value
  // for the preallocated buffer.
  AutoTArray<RefPtr<nsGenericHTMLFormElement>, 100> sortedControls;
  nsresult rv = mControls->GetSortedControls(sortedControls);
  NS_ENSURE_SUCCESS(rv, rv);

  // Walk the list of nodes and call SubmitNamesValues() on the controls
  for (nsGenericHTMLFormElement* control : sortedControls) {
    // Disabled elements don't submit
    if (!control->IsDisabled()) {
      nsCOMPtr<nsIFormControl> fc = do_QueryInterface(control);
      MOZ_ASSERT(fc);
      // Tell the control to submit its name/value pairs to the submission
      fc->SubmitNamesValues(aFormData);
    }
  }

  FormDataEventInit init;
  init.mBubbles = true;
  init.mCancelable = false;
  init.mFormData = aFormData;
  RefPtr<FormDataEvent> event =
      FormDataEvent::Constructor(this, u"formdata"_ns, init);
  event->SetTrusted(true);

  EventDispatcher::DispatchDOMEvent(this, nullptr, event, nullptr, nullptr);

  return NS_OK;
}

NotNull<const Encoding*> HTMLFormElement::GetSubmitEncoding() {
  nsAutoString acceptCharsetValue;
  GetAttr(nsGkAtoms::acceptcharset, acceptCharsetValue);

  int32_t charsetLen = acceptCharsetValue.Length();
  if (charsetLen > 0) {
    int32_t offset = 0;
    int32_t spPos = 0;
    // get charset from charsets one by one
    do {
      spPos = acceptCharsetValue.FindChar(char16_t(' '), offset);
      int32_t cnt = ((-1 == spPos) ? (charsetLen - offset) : (spPos - offset));
      if (cnt > 0) {
        nsAutoString uCharset;
        acceptCharsetValue.Mid(uCharset, offset, cnt);

        auto encoding = Encoding::ForLabelNoReplacement(uCharset);
        if (encoding) {
          return WrapNotNull(encoding);
        }
      }
      offset = spPos + 1;
    } while (spPos != -1);
  }
  // if there are no accept-charset or all the charset are not supported
  // Get the charset from document
  Document* doc = GetComposedDoc();
  if (doc) {
    return doc->GetDocumentCharacterSet();
  }
  return UTF_8_ENCODING;
}

Element* HTMLFormElement::IndexedGetter(uint32_t aIndex, bool& aFound) {
  Element* element = mControls->mElements->SafeElementAt(aIndex, nullptr);
  aFound = element != nullptr;
  return element;
}

#ifdef DEBUG
/**
 * Checks that all form elements are in document order. Asserts if any pair of
 * consecutive elements are not in increasing document order.
 *
 * @param aControls List of form controls to check.
 * @param aForm Parent form of the controls.
 */
/* static */
void HTMLFormElement::AssertDocumentOrder(
    const nsTArray<nsGenericHTMLFormElement*>& aControls, nsIContent* aForm) {
  // TODO: remove the if directive with bug 598468.
  // This is done to prevent asserts in some edge cases.
#  if 0
  // Only iterate if aControls is not empty, since otherwise
  // |aControls.Length() - 1| will be a very large unsigned number... not what
  // we want here.
  if (!aControls.IsEmpty()) {
    for (uint32_t i = 0; i < aControls.Length() - 1; ++i) {
      NS_ASSERTION(
          CompareFormControlPosition(aControls[i], aControls[i + 1], aForm) < 0,
          "Form controls not ordered correctly");
    }
  }
#  endif
}

/**
 * Copy of the above function, but with RefPtrs.
 *
 * @param aControls List of form controls to check.
 * @param aForm Parent form of the controls.
 */
/* static */
void HTMLFormElement::AssertDocumentOrder(
    const nsTArray<RefPtr<nsGenericHTMLFormElement>>& aControls,
    nsIContent* aForm) {
  // TODO: remove the if directive with bug 598468.
  // This is done to prevent asserts in some edge cases.
#  if 0
  // Only iterate if aControls is not empty, since otherwise
  // |aControls.Length() - 1| will be a very large unsigned number... not what
  // we want here.
  if (!aControls.IsEmpty()) {
    for (uint32_t i = 0; i < aControls.Length() - 1; ++i) {
      NS_ASSERTION(
          CompareFormControlPosition(aControls[i], aControls[i + 1], aForm) < 0,
          "Form controls not ordered correctly");
    }
  }
#  endif
}
#endif

nsresult HTMLFormElement::AddElement(nsGenericHTMLFormElement* aChild,
                                     bool aUpdateValidity, bool aNotify) {
  // If an element has a @form, we can assume it *might* be able to not have
  // a parent and still be in the form.
  NS_ASSERTION(aChild->HasAttr(nsGkAtoms::form) || aChild->GetParent(),
               "Form control should have a parent");
  nsCOMPtr<nsIFormControl> fc = do_QueryObject(aChild);
  MOZ_ASSERT(fc);
  // Determine whether to add the new element to the elements or
  // the not-in-elements list.
  bool childInElements = HTMLFormControlsCollection::ShouldBeInElements(fc);
  TreeOrderedArray<nsGenericHTMLFormElement*>& controlList =
      childInElements ? mControls->mElements : mControls->mNotInElements;

  const size_t insertedIndex = controlList.Insert(*aChild, this);
  const bool lastElement = controlList->Length() == insertedIndex + 1;

#ifdef DEBUG
  AssertDocumentOrder(controlList, this);
#endif

  auto type = fc->ControlType();

  // Default submit element handling
  if (fc->IsSubmitControl()) {
    // Update mDefaultSubmitElement, mFirstSubmitInElements,
    // mFirstSubmitNotInElements.

    nsGenericHTMLFormElement** firstSubmitSlot =
        childInElements ? &mFirstSubmitInElements : &mFirstSubmitNotInElements;

    // The new child is the new first submit in its list if the firstSubmitSlot
    // is currently empty or if the child is before what's currently in the
    // slot.  Note that if we already have a control in firstSubmitSlot and
    // we're appending this element can't possibly replace what's currently in
    // the slot.  Also note that aChild can't become the mDefaultSubmitElement
    // unless it replaces what's in the slot.  If it _does_ replace what's in
    // the slot, it becomes the default submit if either the default submit is
    // what's in the slot or the child is earlier than the default submit.
    if (!*firstSubmitSlot ||
        (!lastElement && nsContentUtils::CompareTreePosition<TreeKind::DOM>(
                             aChild, *firstSubmitSlot, this) < 0)) {
      // Update mDefaultSubmitElement if it's currently in a valid state.
      // Valid state means either non-null or null because there are in fact
      // no submit elements around.
      if ((mDefaultSubmitElement ||
           (!mFirstSubmitInElements && !mFirstSubmitNotInElements)) &&
          (*firstSubmitSlot == mDefaultSubmitElement ||
           nsContentUtils::CompareTreePosition<TreeKind::DOM>(
               aChild, mDefaultSubmitElement, this) < 0)) {
        SetDefaultSubmitElement(aChild);
      }
      *firstSubmitSlot = aChild;
    }

    MOZ_ASSERT(mDefaultSubmitElement == mFirstSubmitInElements ||
                   mDefaultSubmitElement == mFirstSubmitNotInElements ||
                   !mDefaultSubmitElement,
               "What happened here?");
  }

  // If the element is subject to constraint validaton and is invalid, we need
  // to update our internal counter.
  if (aUpdateValidity) {
    nsCOMPtr<nsIConstraintValidation> cvElmt = do_QueryObject(aChild);
    if (cvElmt && cvElmt->IsCandidateForConstraintValidation() &&
        !cvElmt->IsValid()) {
      UpdateValidity(false);
    }
  }

  // Notify the radio button it's been added to a group
  // This has to be done _after_ UpdateValidity() call to prevent the element
  // being count twice.
  if (type == FormControlType::InputRadio) {
    RefPtr<HTMLInputElement> radio = static_cast<HTMLInputElement*>(aChild);
    radio->AddToRadioGroup();
  }

  return NS_OK;
}

nsresult HTMLFormElement::AddElementToTable(nsGenericHTMLFormElement* aChild,
                                            const nsAString& aName) {
  return mControls->AddElementToTable(aChild, aName);
}

void HTMLFormElement::SetDefaultSubmitElement(
    nsGenericHTMLFormElement* aElement) {
  if (mDefaultSubmitElement) {
    // It just so happens that a radio button or an <option> can't be our
    // default submit element, so we can just blindly remove the bit.
    mDefaultSubmitElement->RemoveStates(ElementState::DEFAULT);
  }
  mDefaultSubmitElement = aElement;
  if (mDefaultSubmitElement) {
    mDefaultSubmitElement->AddStates(ElementState::DEFAULT);
  }
}

nsresult HTMLFormElement::RemoveElement(nsGenericHTMLFormElement* aChild,
                                        bool aUpdateValidity) {
  RemoveElementFromPastNamesMap(aChild);

  //
  // Remove it from the radio group if it's a radio button
  //
  nsresult rv = NS_OK;
  nsCOMPtr<nsIFormControl> fc = do_QueryInterface(aChild);
  MOZ_ASSERT(fc);
  if (fc->ControlType() == FormControlType::InputRadio) {
    RefPtr<HTMLInputElement> radio = static_cast<HTMLInputElement*>(aChild);
    radio->RemoveFromRadioGroup();
  }

  // Determine whether to remove the child from the elements list
  // or the not in elements list.
  bool childInElements = HTMLFormControlsCollection::ShouldBeInElements(fc);
  TreeOrderedArray<nsGenericHTMLFormElement*>& controls =
      childInElements ? mControls->mElements : mControls->mNotInElements;

  // Find the index of the child. This will be used later if necessary
  // to find the default submit.
  size_t index = controls->IndexOf(aChild);
  NS_ENSURE_STATE(index != controls.AsList().NoIndex);

  controls.RemoveElementAt(index);

  // Update our mFirstSubmit* values.
  nsGenericHTMLFormElement** firstSubmitSlot =
      childInElements ? &mFirstSubmitInElements : &mFirstSubmitNotInElements;
  if (aChild == *firstSubmitSlot) {
    *firstSubmitSlot = nullptr;

    // We are removing the first submit in this list, find the new first submit
    uint32_t length = controls->Length();
    for (uint32_t i = index; i < length; ++i) {
      nsCOMPtr<nsIFormControl> currentControl =
          do_QueryInterface(controls->ElementAt(i));
      MOZ_ASSERT(currentControl);
      if (currentControl->IsSubmitControl()) {
        *firstSubmitSlot = controls->ElementAt(i);
        break;
      }
    }
  }

  if (aChild == mDefaultSubmitElement) {
    // Need to reset mDefaultSubmitElement.  Do this asynchronously so
    // that we're not doing it while the DOM is in flux.
    SetDefaultSubmitElement(nullptr);
    nsContentUtils::AddScriptRunner(new RemoveElementRunnable(this));

    // Note that we don't need to notify on the old default submit (which is
    // being removed) because it's either being removed from the DOM or
    // changing attributes in a way that makes it responsible for sending its
    // own notifications.
  }

  // If the element was subject to constraint validation and is invalid, we need
  // to update our internal counter.
  if (aUpdateValidity) {
    nsCOMPtr<nsIConstraintValidation> cvElmt = do_QueryObject(aChild);
    if (cvElmt && cvElmt->IsCandidateForConstraintValidation() &&
        !cvElmt->IsValid()) {
      UpdateValidity(true);
    }
  }

  return rv;
}

void HTMLFormElement::HandleDefaultSubmitRemoval() {
  if (mDefaultSubmitElement) {
    // Already got reset somehow; nothing else to do here
    return;
  }

  nsGenericHTMLFormElement* newDefaultSubmit;
  if (!mFirstSubmitNotInElements) {
    newDefaultSubmit = mFirstSubmitInElements;
  } else if (!mFirstSubmitInElements) {
    newDefaultSubmit = mFirstSubmitNotInElements;
  } else {
    NS_ASSERTION(mFirstSubmitInElements != mFirstSubmitNotInElements,
                 "How did that happen?");
    // Have both; use the earlier one
    newDefaultSubmit =
        nsContentUtils::CompareTreePosition<TreeKind::DOM>(
            mFirstSubmitInElements, mFirstSubmitNotInElements, this) < 0
            ? mFirstSubmitInElements
            : mFirstSubmitNotInElements;
  }
  SetDefaultSubmitElement(newDefaultSubmit);

  MOZ_ASSERT(mDefaultSubmitElement == mFirstSubmitInElements ||
                 mDefaultSubmitElement == mFirstSubmitNotInElements,
             "What happened here?");
}

nsresult HTMLFormElement::RemoveElementFromTableInternal(
    nsInterfaceHashtable<nsStringHashKey, nsISupports>& aTable,
    nsIContent* aChild, const nsAString& aName) {
  auto entry = aTable.Lookup(aName);
  if (!entry) {
    return NS_OK;
  }
  // Single element in the hash, just remove it if it's the one
  // we're trying to remove...
  if (entry.Data() == aChild) {
    entry.Remove();
    ++mExpandoAndGeneration.generation;
    return NS_OK;
  }

  nsCOMPtr<nsIContent> content(do_QueryInterface(entry.Data()));
  if (content) {
    return NS_OK;
  }

  // If it's not a content node then it must be a RadioNodeList.
  MOZ_ASSERT(nsCOMPtr<RadioNodeList>(do_QueryInterface(entry.Data())));
  auto* list = static_cast<RadioNodeList*>(entry->get());

  list->RemoveElement(aChild);

  uint32_t length = list->Length();

  if (!length) {
    // If the list is empty we remove if from our hash, this shouldn't
    // happen tho
    entry.Remove();
    ++mExpandoAndGeneration.generation;
  } else if (length == 1) {
    // Only one element left, replace the list in the hash with the
    // single element.
    nsIContent* node = list->Item(0);
    if (node) {
      entry.Data() = node;
    }
  }

  return NS_OK;
}

nsresult HTMLFormElement::RemoveElementFromTable(
    nsGenericHTMLFormElement* aElement, const nsAString& aName) {
  return mControls->RemoveElementFromTable(aElement, aName);
}

already_AddRefed<nsISupports> HTMLFormElement::NamedGetter(
    const nsAString& aName, bool& aFound) {
  aFound = true;

  nsCOMPtr<nsISupports> result = DoResolveName(aName);
  if (result) {
    AddToPastNamesMap(aName, result);
    return result.forget();
  }

  result = mImageNameLookupTable.GetWeak(aName);
  if (result) {
    AddToPastNamesMap(aName, result);
    return result.forget();
  }

  result = mPastNameLookupTable.GetWeak(aName);
  if (result) {
    return result.forget();
  }

  aFound = false;
  return nullptr;
}

void HTMLFormElement::GetSupportedNames(nsTArray<nsString>& aRetval) {
  // TODO https://github.com/whatwg/html/issues/1731
}

already_AddRefed<nsISupports> HTMLFormElement::FindNamedItem(
    const nsAString& aName, nsWrapperCache** aCache) {
  // FIXME Get the wrapper cache from DoResolveName.

  bool found;
  nsCOMPtr<nsISupports> result = NamedGetter(aName, found);
  if (result) {
    *aCache = nullptr;
    return result.forget();
  }

  return nullptr;
}

already_AddRefed<nsISupports> HTMLFormElement::DoResolveName(
    const nsAString& aName) {
  nsCOMPtr<nsISupports> result = mControls->NamedItemInternal(aName);
  return result.forget();
}

void HTMLFormElement::OnSubmitClickBegin(Element* aOriginatingElement) {
  mDeferSubmission = true;

  // Prepare to run NotifySubmitObservers early before the
  // scripts on the page get to modify the form data, possibly
  // throwing off any password manager. (bug 257781)
  nsCOMPtr<nsIURI> actionURI;
  nsresult rv;

  rv = GetActionURL(getter_AddRefs(actionURI), aOriginatingElement);
  if (NS_FAILED(rv) || !actionURI) return;

  // Notify observers of submit if the form is valid.
  // TODO: checking for mInvalidElementsCount is a temporary fix that should be
  // removed with bug 610402.
  if (mInvalidElementsCount == 0) {
    bool cancelSubmit = false;
    rv = NotifySubmitObservers(actionURI, &cancelSubmit, true);
    if (NS_SUCCEEDED(rv)) {
      mNotifiedObservers = true;
      mNotifiedObserversResult = cancelSubmit;
    }
  }
}

void HTMLFormElement::OnSubmitClickEnd() { mDeferSubmission = false; }

void HTMLFormElement::FlushPendingSubmission() {
  MOZ_ASSERT(!mDeferSubmission);

  if (mPendingSubmission) {
    // Transfer owning reference so that the submission doesn't get deleted
    // if we reenter
    UniquePtr<HTMLFormSubmission> submission = std::move(mPendingSubmission);

    SubmitSubmission(submission.get());
  }
}

void HTMLFormElement::GetAction(nsString& aValue) {
  if (!GetAttr(nsGkAtoms::action, aValue) || aValue.IsEmpty()) {
    Document* document = OwnerDoc();
    nsIURI* docURI = document->GetDocumentURI();
    if (docURI) {
      nsAutoCString spec;
      nsresult rv = docURI->GetSpec(spec);
      if (NS_FAILED(rv)) {
        return;
      }

      CopyUTF8toUTF16(spec, aValue);
    }
  } else {
    GetURIAttr(nsGkAtoms::action, nullptr, aValue);
  }
}

nsresult HTMLFormElement::GetActionURL(nsIURI** aActionURL,
                                       Element* aOriginatingElement) {
  nsresult rv = NS_OK;

  *aActionURL = nullptr;

  //
  // Grab the URL string
  //
  // If the originating element is a submit control and has the formaction
  // attribute specified, it should be used. Otherwise, the action attribute
  // from the form element should be used.
  //
  nsAutoString action;

  if (aOriginatingElement &&
      aOriginatingElement->HasAttr(nsGkAtoms::formaction)) {
#ifdef DEBUG
    nsCOMPtr<nsIFormControl> formControl =
        do_QueryInterface(aOriginatingElement);
    NS_ASSERTION(formControl && formControl->IsSubmitControl(),
                 "The originating element must be a submit form control!");
#endif  // DEBUG

    HTMLInputElement* inputElement =
        HTMLInputElement::FromNode(aOriginatingElement);
    if (inputElement) {
      inputElement->GetFormAction(action);
    } else {
      auto buttonElement = HTMLButtonElement::FromNode(aOriginatingElement);
      if (buttonElement) {
        buttonElement->GetFormAction(action);
      } else {
        NS_ERROR("Originating element must be an input or button element!");
        return NS_ERROR_UNEXPECTED;
      }
    }
  } else {
    GetAction(action);
  }

  //
  // Form the full action URL
  //

  // Get the document to form the URL.
  // We'll also need it later to get the DOM window when notifying form submit
  // observers (bug 33203)
  if (!IsInComposedDoc()) {
    return NS_OK;  // No doc means don't submit, see Bug 28988
  }

  // Get base URL
  Document* document = OwnerDoc();
  nsIURI* docURI = document->GetDocumentURI();
  NS_ENSURE_TRUE(docURI, NS_ERROR_UNEXPECTED);

  // If an action is not specified and we are inside
  // a HTML document then reload the URL. This makes us
  // compatible with 4.x browsers.
  // If we are in some other type of document such as XML or
  // XUL, do nothing. This prevents undesirable reloading of
  // a document inside XUL.

  nsCOMPtr<nsIURI> actionURL;
  if (action.IsEmpty()) {
    if (!document->IsHTMLOrXHTML()) {
      // Must be a XML, XUL or other non-HTML document type
      // so do nothing.
      return NS_OK;
    }

    actionURL = docURI;
  } else {
    nsIURI* baseURL = GetBaseURI();
    NS_ASSERTION(baseURL, "No Base URL found in Form Submit!\n");
    if (!baseURL) {
      return NS_OK;  // No base URL -> exit early, see Bug 30721
    }
    rv = NS_NewURI(getter_AddRefs(actionURL), action, nullptr, baseURL);
    NS_ENSURE_SUCCESS(rv, rv);
  }

  //
  // Verify the URL should be reached
  //
  // Get security manager, check to see if access to action URI is allowed.
  //
  nsIScriptSecurityManager* securityManager =
      nsContentUtils::GetSecurityManager();
  rv = securityManager->CheckLoadURIWithPrincipal(
      NodePrincipal(), actionURL, nsIScriptSecurityManager::STANDARD,
      OwnerDoc()->InnerWindowID());
  NS_ENSURE_SUCCESS(rv, rv);

  // Potentially the page uses the CSP directive 'upgrade-insecure-requests'. In
  // such a case we have to upgrade the action url from http:// to https://.
  // The upgrade is only required if the actionURL is http and not a potentially
  // trustworthy loopback URI.
  bool needsUpgrade =
      actionURL->SchemeIs("http") &&
      !nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(actionURL) &&
      document->GetUpgradeInsecureRequests(false);
  if (needsUpgrade) {
    // let's use the old specification before the upgrade for logging
    AutoTArray<nsString, 2> params;
    nsAutoCString spec;
    rv = actionURL->GetSpec(spec);
    NS_ENSURE_SUCCESS(rv, rv);
    CopyUTF8toUTF16(spec, *params.AppendElement());

    // upgrade the actionURL from http:// to use https://
    nsCOMPtr<nsIURI> upgradedActionURL;
    rv = NS_GetSecureUpgradedURI(actionURL, getter_AddRefs(upgradedActionURL));
    NS_ENSURE_SUCCESS(rv, rv);
    actionURL = std::move(upgradedActionURL);

    // let's log a message to the console that we are upgrading a request
    nsAutoCString scheme;
    rv = actionURL->GetScheme(scheme);
    NS_ENSURE_SUCCESS(rv, rv);
    CopyUTF8toUTF16(scheme, *params.AppendElement());

    CSP_LogLocalizedStr(
        "upgradeInsecureRequest", params,
        u""_ns,  // aSourceFile
        u""_ns,  // aScriptSample
        0,       // aLineNumber
        1,       // aColumnNumber
        nsIScriptError::warningFlag, "upgradeInsecureRequest"_ns,
        document->InnerWindowID(),
        !!document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId);
  }

  //
  // Assign to the output
  //
  actionURL.forget(aActionURL);

  return rv;
}

nsGenericHTMLFormElement* HTMLFormElement::GetDefaultSubmitElement() const {
  MOZ_ASSERT(mDefaultSubmitElement == mFirstSubmitInElements ||
                 mDefaultSubmitElement == mFirstSubmitNotInElements,
             "What happened here?");

  return mDefaultSubmitElement;
}

bool HTMLFormElement::ImplicitSubmissionIsDisabled() const {
  // Input text controls are always in the elements list.
  uint32_t numDisablingControlsFound = 0;
  uint32_t length = mControls->mElements->Length();
  for (uint32_t i = 0; i < length && numDisablingControlsFound < 2; ++i) {
    nsCOMPtr<nsIFormControl> fc =
        do_QueryInterface(mControls->mElements->ElementAt(i));
    MOZ_ASSERT(fc);
    if (fc->IsSingleLineTextControl(false)) {
      numDisablingControlsFound++;
    }
  }
  return numDisablingControlsFound != 1;
}

bool HTMLFormElement::IsLastActiveElement(
    const nsGenericHTMLFormElement* aElement) const {
  MOZ_ASSERT(aElement, "Unexpected call");

  for (auto* element : Reversed(mControls->mElements.AsList())) {
    nsCOMPtr<nsIFormControl> fc = do_QueryInterface(element);
    MOZ_ASSERT(fc);
    // XXX How about date/time control?
    if (fc->IsTextControl(false) && !element->IsDisabled()) {
      return element == aElement;
    }
  }
  return false;
}

int32_t HTMLFormElement::Length() { return mControls->Length(); }

void HTMLFormElement::ForgetCurrentSubmission() {
  mNotifiedObservers = false;
  mTargetContext = nullptr;
  mCurrentLoadId = Nothing();
}

bool HTMLFormElement::CheckFormValidity(
    nsTArray<RefPtr<Element>>* aInvalidElements) const {
  bool ret = true;

  // This shouldn't be called recursively, so use a rather large value
  // for the preallocated buffer.
  AutoTArray<RefPtr<nsGenericHTMLFormElement>, 100> sortedControls;
  if (NS_FAILED(mControls->GetSortedControls(sortedControls))) {
    return false;
  }

  uint32_t len = sortedControls.Length();

  for (uint32_t i = 0; i < len; ++i) {
    nsCOMPtr<nsIConstraintValidation> cvElmt =
        do_QueryObject(sortedControls[i]);
    bool defaultAction = true;
    if (cvElmt && !cvElmt->CheckValidity(*sortedControls[i], &defaultAction)) {
      ret = false;

      // Add all unhandled invalid controls to aInvalidElements if the caller
      // requested them.
      if (defaultAction && aInvalidElements) {
        aInvalidElements->AppendElement(sortedControls[i]);
      }
    }
  }

  return ret;
}

bool HTMLFormElement::CheckValidFormSubmission() {
  /**
   * Check for form validity: do not submit a form if there are unhandled
   * invalid controls in the form.
   * This should not be done if the form has been submitted with .submit() or
   * has been submitted and novalidate/formnovalidate is used.
   *
   * NOTE: for the moment, we are also checking that whether the MozInvalidForm
   * event gets prevented default so it will prevent blocking form submission if
   * the browser does not have implemented a UI yet.
   *
   * TODO: the check for MozInvalidForm event should be removed later when HTML5
   * Forms will be spread enough and authors will assume forms can't be
   * submitted when invalid. See bug 587671.
   */

  AutoTArray<RefPtr<Element>, 32> invalidElements;
  if (CheckFormValidity(&invalidElements)) {
    return true;
  }

  AutoJSAPI jsapi;
  if (!jsapi.Init(GetOwnerGlobal())) {
    return false;
  }
  JS::Rooted<JS::Value> detail(jsapi.cx());
  if (!ToJSValue(jsapi.cx(), invalidElements, &detail)) {
    return false;
  }

  RefPtr<CustomEvent> event =
      NS_NewDOMCustomEvent(OwnerDoc(), nullptr, nullptr);
  event->InitCustomEvent(jsapi.cx(), u"MozInvalidForm"_ns,
                         /* CanBubble */ true,
                         /* Cancelable */ true, detail);
  event->SetTrusted(true);
  event->WidgetEventPtr()->mFlags.mOnlyChromeDispatch = true;

  DispatchEvent(*event);

  ReportInvalidUnfocusableElements(std::move(invalidElements));

  return !event->DefaultPrevented();
}

void HTMLFormElement::UpdateValidity(bool aElementValidity) {
  if (aElementValidity) {
    --mInvalidElementsCount;
  } else {
    ++mInvalidElementsCount;
  }

  NS_ASSERTION(mInvalidElementsCount >= 0, "Something went seriously wrong!");

  // The form validity has just changed if:
  // - there are no more invalid elements ;
  // - or there is one invalid elmement and an element just became invalid.
  // If we have invalid elements and we used to before as well, do nothing.
  if (mInvalidElementsCount &&
      (mInvalidElementsCount != 1 || aElementValidity)) {
    return;
  }

  AutoStateChangeNotifier notifier(*this, true);
  RemoveStatesSilently(ElementState::VALID | ElementState::INVALID);
  AddStatesSilently(mInvalidElementsCount ? ElementState::INVALID
                                          : ElementState::VALID);
}

int32_t HTMLFormElement::IndexOfContent(nsIContent* aContent) {
  int32_t index = 0;
  return mControls->IndexOfContent(aContent, &index) == NS_OK ? index : 0;
}

void HTMLFormElement::Clear() {
  for (HTMLImageElement* image : Reversed(mImageElements.AsList())) {
    image->ClearForm(false);
  }
  mImageElements.Clear();
  mImageNameLookupTable.Clear();
  mPastNameLookupTable.Clear();
}

namespace {

struct PositionComparator {
  nsIContent* const mElement;
  explicit PositionComparator(nsIContent* const aElement)
      : mElement(aElement) {}

  int operator()(nsIContent* aElement) const {
    if (mElement == aElement) {
      return 0;
    }
    if (nsContentUtils::PositionIsBefore(mElement, aElement)) {
      return -1;
    }
    return 1;
  }
};

struct RadioNodeListAdaptor {
  RadioNodeList* const mList;
  explicit RadioNodeListAdaptor(RadioNodeList* aList) : mList(aList) {}
  nsIContent* operator[](size_t aIdx) const { return mList->Item(aIdx); }
};

}  // namespace

nsresult HTMLFormElement::AddElementToTableInternal(
    nsInterfaceHashtable<nsStringHashKey, nsISupports>& aTable,
    nsIContent* aChild, const nsAString& aName) {
  return aTable.WithEntryHandle(aName, [&](auto&& entry) {
    if (!entry) {
      // No entry found, add the element
      entry.Insert(aChild);
      ++mExpandoAndGeneration.generation;
    } else {
      // Found something in the hash, check its type
      nsCOMPtr<nsIContent> content = do_QueryInterface(entry.Data());

      if (content) {
        // Check if the new content is the same as the one we found in the
        // hash, if it is then we leave it in the hash as it is, this will
        // happen if a form control has both a name and an id with the same
        // value
        if (content == aChild) {
          return NS_OK;
        }

        // Found an element, create a list, add the element to the list and put
        // the list in the hash
        RadioNodeList* list = new RadioNodeList(this);

        // If an element has a @form, we can assume it *might* be able to not
        // have a parent and still be in the form.
        NS_ASSERTION(
            (content->IsElement() && content->AsElement()->HasAttr(
                                         kNameSpaceID_None, nsGkAtoms::form)) ||
                content->GetParent(),
            "Item in list without parent");

        // Determine the ordering between the new and old element.
        bool newFirst = nsContentUtils::PositionIsBefore(aChild, content);

        list->AppendElement(newFirst ? aChild : content.get());
        list->AppendElement(newFirst ? content.get() : aChild);

        nsCOMPtr<nsISupports> listSupports = do_QueryObject(list);

        // Replace the element with the list.
        entry.Data() = listSupports;
      } else {
        // There's already a list in the hash, add the child to the list.
        MOZ_ASSERT(nsCOMPtr<RadioNodeList>(do_QueryInterface(entry.Data())));
        auto* list = static_cast<RadioNodeList*>(entry->get());

        NS_ASSERTION(
            list->Length() > 1,
            "List should have been converted back to a single element");

        // Fast-path appends; this check is ok even if the child is
        // already in the list, since if it tests true the child would
        // have come at the end of the list, and the PositionIsBefore
        // will test false.
        if (nsContentUtils::PositionIsBefore(list->Item(list->Length() - 1),
                                             aChild)) {
          list->AppendElement(aChild);
          return NS_OK;
        }

        // If a control has a name equal to its id, it could be in the
        // list already.
        if (list->IndexOf(aChild) != -1) {
          return NS_OK;
        }

        size_t idx;
        DebugOnly<bool> found =
            BinarySearchIf(RadioNodeListAdaptor(list), 0, list->Length(),
                           PositionComparator(aChild), &idx);
        MOZ_ASSERT(!found, "should not have found an element");

        list->InsertElementAt(aChild, idx);
      }
    }

    return NS_OK;
  });
}

nsresult HTMLFormElement::AddImageElement(HTMLImageElement* aElement) {
  mImageElements.Insert(*aElement, this);
  return NS_OK;
}

nsresult HTMLFormElement::AddImageElementToTable(HTMLImageElement* aChild,
                                                 const nsAString& aName) {
  return AddElementToTableInternal(mImageNameLookupTable, aChild, aName);
}

nsresult HTMLFormElement::RemoveImageElement(HTMLImageElement* aElement) {
  RemoveElementFromPastNamesMap(aElement);
  mImageElements.RemoveElement(*aElement);
  return NS_OK;
}

nsresult HTMLFormElement::RemoveImageElementFromTable(
    HTMLImageElement* aElement, const nsAString& aName) {
  return RemoveElementFromTableInternal(mImageNameLookupTable, aElement, aName);
}

void HTMLFormElement::AddToPastNamesMap(const nsAString& aName,
                                        nsISupports* aChild) {
  // If candidates contains exactly one node. Add a mapping from name to the
  // node in candidates in the form element's past names map, replacing the
  // previous entry with the same name, if any.
  nsCOMPtr<nsIContent> node = do_QueryInterface(aChild);
  if (node) {
    mPastNameLookupTable.InsertOrUpdate(aName, ToSupports(node));
    node->SetFlags(MAY_BE_IN_PAST_NAMES_MAP);
  }
}

void HTMLFormElement::RemoveElementFromPastNamesMap(Element* aElement) {
  if (!aElement->HasFlag(MAY_BE_IN_PAST_NAMES_MAP)) {
    return;
  }

  aElement->UnsetFlags(MAY_BE_IN_PAST_NAMES_MAP);

  uint32_t oldCount = mPastNameLookupTable.Count();
  for (auto iter = mPastNameLookupTable.Iter(); !iter.Done(); iter.Next()) {
    if (aElement == iter.Data()) {
      iter.Remove();
    }
  }
  if (oldCount != mPastNameLookupTable.Count()) {
    ++mExpandoAndGeneration.generation;
  }
}

JSObject* HTMLFormElement::WrapNode(JSContext* aCx,
                                    JS::Handle<JSObject*> aGivenProto) {
  return HTMLFormElement_Binding::Wrap(aCx, this, aGivenProto);
}

int32_t HTMLFormElement::GetFormNumberForStateKey() {
  if (mFormNumber == -1) {
    mFormNumber = OwnerDoc()->GetNextFormNumber();
  }
  return mFormNumber;
}

void HTMLFormElement::NodeInfoChanged(Document* aOldDoc) {
  nsGenericHTMLElement::NodeInfoChanged(aOldDoc);

  // When a <form> element is adopted into a new document, we want any state
  // keys generated from it to no longer consider this element to be parser
  // inserted, and so have state keys based on the position of the <form>
  // element in the document, rather than the order it was inserted in.
  //
  // This is not strictly necessary, since we only ever look at the form number
  // for parser inserted form controls, and we do that at the time the form
  // control element is inserted into its original document by the parser.
  mFormNumber = -1;
}

bool HTMLFormElement::IsSubmitting() const {
  bool loading = mTargetContext && !mTargetContext->IsDiscarded() &&
                 mCurrentLoadId &&
                 mTargetContext->IsLoadingIdentifier(*mCurrentLoadId);
  return loading;
}

void HTMLFormElement::MaybeFireFormRemoved() {
  // We want this event to be fired only when the form is removed from the DOM
  // tree, not when it is released (ex, tab is closed). So don't fire an event
  // when the form doesn't have a docshell.
  Document* doc = GetComposedDoc();
  nsIDocShell* container = doc ? doc->GetDocShell() : nullptr;
  if (!container) {
    return;
  }

  // Right now, only the password manager and formautofill listen to the event
  // and only listen to it under certain circumstances. So don't fire this event
  // unless necessary.
  if (!doc->ShouldNotifyFormOrPasswordRemoved()) {
    return;
  }

  AsyncEventDispatcher::RunDOMEventWhenSafe(
      *this, u"DOMFormRemoved"_ns, CanBubble::eNo, ChromeOnlyDispatch::eYes);
}

}  // namespace mozilla::dom