Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

63 files changed, 7690 insertions, 0 deletions

diff --git a/dom/interfaces/base/domstubs.idl b/dom/interfaces/base/domstubs.idl
new file mode 100644
index 0000000000..1f2ccfd576
--- /dev/null
+++ b/dom/interfaces/base/domstubs.idl
@@ -0,0 +1,36 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+class nsWrapperCache;
+%}
+
+[ptr] native nsWrapperCachePtr(nsWrapperCache);
+
+// DOMTimeStamp is deprecated, use EpochTimeStamp instead.
+typedef unsigned long long DOMTimeStamp;
+typedef unsigned long long EpochTimeStamp;
+typedef double DOMHighResTimeStamp;
+typedef unsigned long long nsViewID;
+
+// Needed for raises() in our IDL
+%{C++
+namespace mozilla {
+namespace dom {
+class DOMException;
+}
+}
+%}
+
+// Base
+interface nsIDOMWindow;
+
+// Events
+interface nsIDOMEventListener;
+
+// HTML
+interface nsIDOMHTMLHeadElement;
diff --git a/dom/interfaces/base/moz.build b/dom/interfaces/base/moz.build
new file mode 100644
index 0000000000..3749363ea1
--- /dev/null
+++ b/dom/interfaces/base/moz.build
@@ -0,0 +1,33 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Core & HTML")
+
+XPIDL_SOURCES += [
+    "domstubs.idl",
+    "nsIBrowser.idl",
+    "nsIBrowserChild.idl",
+    "nsIBrowserDOMWindow.idl",
+    "nsIBrowserUsage.idl",
+    "nsIContentPermissionPrompt.idl",
+    "nsIContentPrefService2.idl",
+    "nsIContentProcess.idl",
+    "nsIDOMChromeWindow.idl",
+    "nsIDOMGlobalPropertyInitializer.idl",
+    "nsIDOMWindow.idl",
+    "nsIDOMWindowUtils.idl",
+    "nsIFocusManager.idl",
+    "nsIPermissionDelegateHandler.idl",
+    "nsIQueryContentEventResult.idl",
+    "nsIRemoteTab.idl",
+    "nsIServiceWorkerManager.idl",
+    "nsIStructuredCloneContainer.idl",
+    "nsITextInputProcessor.idl",
+    "nsITextInputProcessorCallback.idl",
+]
+
+XPIDL_MODULE = "dom_base"
diff --git a/dom/interfaces/base/nsIBrowser.idl b/dom/interfaces/base/nsIBrowser.idl
new file mode 100644
index 0000000000..499580240a
--- /dev/null
+++ b/dom/interfaces/base/nsIBrowser.idl
@@ -0,0 +1,149 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsISupports.idl"
+
+interface nsIContentSecurityPolicy;
+interface nsIPrincipal;
+interface nsITransportSecurityInfo;
+interface nsIURI;
+interface nsIWebProgress;
+interface nsIReferrerInfo;
+interface nsIOpenWindowInfo;
+
+[scriptable, uuid(14e5a0cb-e223-4202-95e8-fe53275193ea)]
+interface nsIBrowser : nsISupports
+{
+  /*
+   * Called by the child to inform the parent that links are dropped into
+   * content area.
+   *
+   * @param links a flat array of url, name, and type for each link
+   * @param triggeringPrincipal a principal that initiated loading
+   *                            of the dropped links
+   */
+  void dropLinks(in Array<AString> links,
+                 in nsIPrincipal triggeringPrincipal);
+
+  /**
+   * Swapping of frameloaders are usually initiated from a frameloader owner
+   * or other components operating on frameloader owners. This is done by calling
+   * swapFrameLoaders at MozFrameLoaderOwner webidl interface.
+   *
+   * This function aimed to provide the other way around -
+   * if the swapping is initiated from frameloader itself or other platform level
+   * components, it uses this interface to delegate the swapping request to
+   * frameloader owners and ask them to re-initiate frameloader swapping, so that
+   * frameloader owners such as <xul:browser> can setup their properties and /
+   * or listeners properly on swapping.
+   */
+  void swapBrowsers(in nsIBrowser aOtherBrowser);
+
+  /**
+   * Close the browser (usually means to remove a tab).
+   */
+  void closeBrowser();
+
+  /**
+   * A browser can change from remote to non-remote and vice versa.
+   * For example, when navigating from an in-process chrome page to
+   * a web page, this value would change from false to true.
+   */
+  readonly attribute boolean isRemoteBrowser;
+
+  /**
+   * The browser's permanent key. This was added temporarily for Session Store,
+   * and will be removed in bug 1716788.
+   */
+  readonly attribute jsval permanentKey;
+
+  readonly attribute nsIPrincipal contentPrincipal;
+  readonly attribute nsIPrincipal contentPartitionedPrincipal;
+  readonly attribute nsIContentSecurityPolicy csp;
+  readonly attribute nsIReferrerInfo referrerInfo;
+
+  /**
+   * Whether or not the browser is in the process of an nsIWebNavigation
+   * navigation method.
+   */
+  attribute boolean isNavigating;
+
+  /**
+   * Whether or not the character encoding menu may be enabled.
+   */
+  attribute boolean mayEnableCharacterEncodingMenu;
+
+  /**
+   * Called by Gecko to update the browser when its state changes.
+   *
+   * @param aCharset the new character set of the document
+   * @param aDocumentURI the URI of the current document
+   * @param aContentType the content type of the document
+   */
+  void updateForStateChange(in AString aCharset,
+                            in nsIURI aDocumentURI,
+                            in AString aContentType);
+
+  /**
+   * Called by Gecko to update the nsIWebNavigation when a location change occurs.
+   *
+   * @param aCanGoBack whether or not the nsIWebNavigation can go backwards in
+   *                   history
+   * @param aCanGoForward whether or not the nsIWebNavigation can go
+   *                      forward in history
+   */
+  void updateWebNavigationForLocationChange(in boolean aCanGoBack,
+                                            in boolean aCanGoForward);
+
+  /**
+   * Called by Gecko to update the browser when a location change occurs.
+   *
+   * @param aLocation the new location
+   * @param aCharset the character set of the document
+   * @param aMayEnableCharacterEncodingMenu whether or not the content encoding
+   *                                        menu may be enabled
+   * @param aDocumentURI the URI of the new document
+   * @param aTitle the title of the new doucment
+   * @param aContentPrincipal the security principal of the new document
+   * @param aContentPartitionedPrincipal the security principal for the new
+   *                                     document's storage
+   * @param aCSP the content security policy of the new document
+   * @param aReferrerInfo the referrer info of the new document
+   * @param aIsSynthetic whether or not the document is synthetic
+   * @param aHasRequestContextID whether or not the the request context has a
+   *                             value (true) or null should be used (false)
+   * @param aRequestContextID the request context ID
+   * @param aContentType the content type of the document
+   */
+  void updateForLocationChange(in nsIURI aLocation,
+                               in AString aCharset,
+                               in boolean aMayEnableCharacterEncodingMenu,
+                               in nsIURI aDocumentURI,
+                               in AString aTitle,
+                               in nsIPrincipal aContentPrincipal,
+                               in nsIPrincipal aContentPartitionedPrincipal,
+                               in nsIContentSecurityPolicy aCSP,
+                               in nsIReferrerInfo aReferrerInfo,
+                               in boolean aIsSynthetic,
+                               in boolean aHasRequestContextID,
+                               in uint64_t aRequestContextID,
+                               in AString aContentType);
+
+  /**
+   * Called to perform any async tasks which must be completed before changing
+   * remoteness. Gecko will wait for the returned promise to resolve before
+   * performing the process switch.
+   */
+  Promise prepareToChangeRemoteness();
+
+  /** Called immediately before changing remoteness */
+  void beforeChangeRemoteness();
+
+  /**
+   * Called immediately after changing remoteness.
+   *
+   * If this method returns `true`, Gecko will assume frontend handled resuming
+   * the load, and will not attempt to resume the load itself.
+   */
+  bool finishChangeRemoteness(in uint64_t aPendingSwitchId);
+};
diff --git a/dom/interfaces/base/nsIBrowserChild.idl b/dom/interfaces/base/nsIBrowserChild.idl
new file mode 100644
index 0000000000..3ac63a984a
--- /dev/null
+++ b/dom/interfaces/base/nsIBrowserChild.idl
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "domstubs.idl"
+#include "nsIDroppedLinkHandler.idl"
+
+%{C++
+#include "mozilla/dom/BindingDeclarations.h"
+%}
+
+interface nsIWebBrowserChrome;
+
+webidl ContentFrameMessageManager;
+
+
+native CallerType(mozilla::dom::CallerType);
+native CommandsArray(nsTArray<nsCString>);
+[ref] native CommandsArrayRef(nsTArray<nsCString>);
+
+[scriptable, builtinclass, uuid(1fb79c27-e760-4088-b19c-1ce3673ec24e)]
+interface nsIBrowserChild : nsISupports
+{
+  readonly attribute ContentFrameMessageManager messageManager;
+
+  [notxpcom] void sendRequestFocus(in boolean canFocus, in CallerType aCallerType);
+
+  void remoteDropLinks(in Array<nsIDroppedLinkItem> links);
+
+  /**
+   * Resolved after content has received a PBrowser::ChildToParentMatrix.
+   */
+  [implicit_jscontext]
+  Promise contentTransformsReceived();
+
+  readonly attribute uint64_t tabId;
+
+  /**
+   * Send a message from the BrowserChild to the BrowserParent that a
+   * nsIWebNavigation navigation finished in the child.
+   */
+  void notifyNavigationFinished();
+
+  /**
+   * Id of the chrome window the tab is within.
+   */
+  readonly attribute uint64_t chromeOuterWindowID;
+};
diff --git a/dom/interfaces/base/nsIBrowserDOMWindow.idl b/dom/interfaces/base/nsIBrowserDOMWindow.idl
new file mode 100644
index 0000000000..c9fad6a1b1
--- /dev/null
+++ b/dom/interfaces/base/nsIBrowserDOMWindow.idl
@@ -0,0 +1,186 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface mozIDOMWindowProxy;
+interface nsIDOMWindow;
+interface nsIURI;
+interface nsIPrincipal;
+interface nsIContentSecurityPolicy;
+interface nsIReferrerInfo;
+interface nsIOpenWindowInfo;
+webidl BrowsingContext;
+webidl Element;
+
+[scriptable, uuid(e774db14-79ac-4156-a7a3-aa3fd0a22c10)]
+interface nsIOpenURIInFrameParams : nsISupports
+{
+  readonly attribute nsIOpenWindowInfo openWindowInfo;
+
+  attribute nsIReferrerInfo referrerInfo;
+  readonly attribute boolean isPrivate;
+  attribute nsIPrincipal triggeringPrincipal;
+  attribute nsIContentSecurityPolicy csp;
+
+  // The browser or frame element in the parent process which holds the
+  // opener window in the content process. May be null.
+  readonly attribute Element openerBrowser;
+
+  [implicit_jscontext]
+  readonly attribute jsval openerOriginAttributes;
+};
+
+/**
+ * The C++ source has access to the browser script source through
+ * nsIBrowserDOMWindow. It is intended to be attached to the chrome DOMWindow
+ * of a toplevel browser window (a XUL window). A DOMWindow that does not
+ * happen to be a browser chrome window will simply have no access to any such
+ * interface.
+ */
+[scriptable, uuid(2a9bb880-5d73-40f3-8152-c60c8d137a14)]
+interface nsIBrowserDOMWindow : nsISupports
+{
+  /**
+   * Values for createContentWindow's and openURI's aWhere parameter.
+   */
+  /**
+   * Do whatever the default is based on application state, user preferences,
+   * and the value of the aContext parameter to openURI.
+   */
+  const short OPEN_DEFAULTWINDOW = 0;
+  /**
+   * Open in the "current window".  If aOpener is provided, this should be the
+   * top window in aOpener's window hierarchy, but exact behavior is
+   * application-dependent.  If aOpener is not provided, it's up to the
+   * application to decide what constitutes a "current window".
+   */
+  const short OPEN_CURRENTWINDOW = 1;
+  /**
+   * Open in a new window.
+   */
+  const short OPEN_NEWWINDOW     = 2;
+  /**
+   * Open in a new content tab in the toplevel browser window corresponding to
+   * this nsIBrowserDOMWindow.
+   */
+  const short OPEN_NEWTAB        = 3;
+  /**
+   * Open in a hidden browser. Used for printing.
+   */
+  const short OPEN_PRINT_BROWSER = 4;
+
+  /**
+   * Values for createContentWindow's and openURI's aFlags parameter.
+   * This is a bitflags field.
+   *
+   * The 0x1 bit decides the behavior of OPEN_DEFAULTWINDOW, and the 0x4 bit
+   * controls whether or not to set the window.opener property on the newly
+   * opened window.
+   *
+   * NOTE: The 0x2 bit is ignored for backwards compatibility with addons, as
+   * OPEN_NEW used to have the value 2. The values 0 and 2 are treated
+   * the same way internally.
+   */
+  /**
+   * Internal open new window.
+   */
+  const long OPEN_NEW           = 0x0;
+  /**
+   * External link (load request from another application, xremote, etc).
+   */
+  const long OPEN_EXTERNAL      = 0x1;
+
+  /**
+   * Don't set the window.opener property on the window which is being opened.
+   */
+  const long OPEN_NO_OPENER     = 0x4;
+
+  /**
+   * Don't set the referrer on the navigation inside the window which is
+   * being opened.
+   */
+  const long OPEN_NO_REFERRER   = 0x8;
+
+  /**
+   * Create the content window for the given URI.
+
+   * @param aURI the URI to be opened in the window (can be null).
+   * @param aWhere see possible values described above.
+   * @param aOpenWindowInfo info about the creation (can be null).
+   * @param aFlags flags which control the behavior of the load. The
+   *               OPEN_EXTERNAL/OPEN_NEW flag is only used when
+   *               aWhere == OPEN_DEFAULTWINDOW.
+   * @param aTriggeringPrincipal the principal that would trigger the potential
+   *        load of aURI.
+   * @param aCsp the CSP to use (if any) for the new window.
+   * @return the window into which the URI would have been opened.
+  */
+  BrowsingContext
+  createContentWindow(in nsIURI aURI, in nsIOpenWindowInfo aOpenWindowInfo,
+                      in short aWhere, in long aFlags,
+                      in nsIPrincipal aTriggeringPrincipal,
+                      [optional] in nsIContentSecurityPolicy aCsp);
+
+  /**
+   * As above, but return the nsFrameLoaderOwner for the new window. Value is
+   * returned as Element, QI'd back to nsFrameLoaderOwner as needed.
+   *
+   * Additional Parameters:
+   * @param aName The name to give the window opened in the new tab.
+   * @return The frame element for the newly opened window.
+   */
+  Element
+  createContentWindowInFrame(in nsIURI aURI, in nsIOpenURIInFrameParams params,
+                             in short aWhere, in long aFlags,
+                             in AString aName);
+
+  /**
+   * Load a URI.
+   * @param aURI the URI to open. null is not allowed. To create the window
+   *        without loading the URI, use createContentWindow instead.
+   * @param aWhere see possible values described above.
+   * @param aOpenWindowInfo info about the open (can be null).
+   * @param aFlags flags which control the behavior of the load. The
+   *               OPEN_EXTERNAL/OPEN_NEW flag is only used when
+   *               aWhere == OPEN_DEFAULTWINDOW.
+   * @param aTriggeringPrincipal the principal that triggered the load of aURI.
+   * @param aCsp the CSP to be applied to the new load.
+   * @return the window into which the URI was opened.
+  */
+  BrowsingContext
+  openURI(in nsIURI aURI, in nsIOpenWindowInfo aOpenWindowInfo,
+          in short aWhere, in long aFlags, in nsIPrincipal aTriggeringPrincipal,
+          [optional] in nsIContentSecurityPolicy aCsp);
+
+  /**
+   * As above, but return the nsFrameLoaderOwner for the new window. Value is
+   * returned as Element, QI'd back to nsFrameLoaderOwner as needed.
+   *
+   * Additional Parameters:
+   * @param aName The name to give the window opened in the new tab.
+   * @return The frame element for the newly opened window.
+   // XXXbz is this the right API?
+   // See bug 537428
+   */
+  Element
+  openURIInFrame(in nsIURI aURI, in nsIOpenURIInFrameParams params,
+                 in short aWhere, in long aFlags,
+                 in AString aName);
+
+  /**
+   * This function is responsible for calling
+   * nsIContentViewer::PermitUnload on each frame in the window. It
+   * returns true if closing the window is allowed. See canClose() in
+   * BrowserUtils.sys.mjs for a simple implementation of this method.
+   */
+  boolean canClose();
+
+  /**
+   * The number browser tabs in the window. This number currently includes
+   * lazy tabs, though for most uses it probably should not.
+   */
+  readonly attribute unsigned long tabCount;
+};
diff --git a/dom/interfaces/base/nsIBrowserUsage.idl b/dom/interfaces/base/nsIBrowserUsage.idl
new file mode 100644
index 0000000000..4c6a0901e3
--- /dev/null
+++ b/dom/interfaces/base/nsIBrowserUsage.idl
@@ -0,0 +1,16 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "domstubs.idl"
+
+[scriptable, uuid(2703b5ed-a41f-42be-8764-b795eb67ed25)]
+interface nsIBrowserUsage : nsISupports
+{
+  /**
+   * Returns the number of unique domains (eTLD+1) visited in the past
+   * 24 hours by the user.
+   */
+  uint32_t getUniqueDomainsVisitedInPast24Hours();
+};
diff --git a/dom/interfaces/base/nsIContentPermissionPrompt.idl b/dom/interfaces/base/nsIContentPermissionPrompt.idl
new file mode 100644
index 0000000000..9b6d3d1a12
--- /dev/null
+++ b/dom/interfaces/base/nsIContentPermissionPrompt.idl
@@ -0,0 +1,102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPrincipal;
+interface mozIDOMWindow;
+interface nsIArray;
+
+webidl Element;
+
+/**
+ *  Interface provides the request type and its access.
+ */
+[scriptable, uuid(ef4db3b8-ca9c-4b1d-8f81-fd88ec32af13)]
+interface nsIContentPermissionType : nsISupports {
+  /**
+   *  The type of the permission request, such as
+   *  "geolocation".
+   */
+  readonly attribute ACString type;
+
+  /**
+   * The array of available options.
+   */
+  readonly attribute nsIArray options; // ["choice1", "choice2"]
+};
+
+/**
+ * Interface allows access to a content to request
+ * permission to perform a privileged operation such as
+ * geolocation.
+ */
+[scriptable, uuid(875733da-0ac0-4a26-8c76-70a30876be46)]
+interface nsIContentPermissionRequest : nsISupports {
+  /**
+   *  The array will include the request types. Elements of this array are
+   *  nsIContentPermissionType object.
+   */
+  readonly attribute nsIArray types;
+
+  /*
+   *  The principal of the permission request.
+   */
+  readonly attribute nsIPrincipal principal;
+
+  /*
+   *  The principal of the top-level page the permission request comes from.
+   */
+  readonly attribute nsIPrincipal topLevelPrincipal;
+
+  /**
+   *  The window or element that the permission request was
+   *  originated in.  Typically the element will be non-null
+   *  in when using out of process content.  window or
+   *  element can be null but not both.
+   */
+  readonly attribute mozIDOMWindow window;
+  readonly attribute Element element;
+
+  readonly attribute boolean hasValidTransientUserGestureActivation;
+
+  /**
+   * See nsIPermissionDelegateHandler.maybeUnsafePermissionDelegate.
+   */
+  readonly attribute boolean isRequestDelegatedToUnsafeThirdParty;
+
+  /*
+   * Get delegate principal of the permission request. This will return nullptr,
+   * or request's principal or top level principal based on the delegate policy
+   * will be applied for a given type.
+   *
+   * @param aType the permission type to get
+   */
+  nsIPrincipal getDelegatePrincipal(in ACString aType);
+
+  /**
+   * allow or cancel the request
+   */
+  [can_run_script]
+  void cancel();
+  [can_run_script]
+  void allow([optional] in jsval choices); // {"type1": "choice1", "type2": "choiceA"}
+};
+
+/**
+ * Allows to show permission prompts via the UI for different types of requests,
+ * e.g. geolocation.
+ */
+[scriptable, function, uuid(F72DE90D-E954-4E69-9A61-917303029301)]
+interface nsIContentPermissionPrompt : nsISupports {
+  /**
+   * Called when a request has been made to access
+   * privileged content apis
+   */
+  void prompt(in nsIContentPermissionRequest request);
+};
+
+%{C++
+#define NS_CONTENT_PERMISSION_PROMPT_CONTRACTID   "@mozilla.org/content-permission/prompt;1"
+%}
diff --git a/dom/interfaces/base/nsIContentPrefService2.idl b/dom/interfaces/base/nsIContentPrefService2.idl
new file mode 100644
index 0000000000..b199c8526f
--- /dev/null
+++ b/dom/interfaces/base/nsIContentPrefService2.idl
@@ -0,0 +1,444 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIVariant;
+interface nsIContentPrefCallback2;
+interface nsILoadContext;
+interface nsIContentPref;
+
+[scriptable, uuid(43635c53-b445-4c4e-8cc5-562697299b55)]
+interface nsIContentPrefObserver : nsISupports
+{
+  /**
+   * Called when a content pref is set to a different value.
+   *
+   * @param    aGroup      the group to which the pref belongs, or null
+   *                       if it's a global pref (applies to all sites)
+   * @param    aName       the name of the pref that was set
+   * @param    aValue      the new value of the pref
+   * @param    aIsPrivate  an optional flag determining whether the
+   *                       original context is private or not
+   */
+  void onContentPrefSet(in AString aGroup,
+                        in AString aName,
+                        in nsIVariant aValue,
+                        [optional] in boolean aIsPrivate);
+
+  /**
+   * Called when a content pref is removed.
+   *
+   * @param    aGroup      the group to which the pref belongs, or null
+   *                       if it's a global pref (applies to all sites)
+   * @param    aName       the name of the pref that was removed
+   * @param    aIsPrivate  an optional flag determining whether the
+   *                       original context is private or not
+   */
+  void onContentPrefRemoved(in AString aGroup,
+                            in AString aName,
+                            [optional] in boolean aIsPrivate);
+};
+
+/**
+ * Content Preferences
+ *
+ * Content preferences allow the application to associate arbitrary data, or
+ * "preferences", with specific domains, or web "content".  Specifically, a
+ * content preference is a structure with three values: a domain with which the
+ * preference is associated, a name that identifies the preference within its
+ * domain, and a value.  (See nsIContentPref below.)
+ *
+ * For example, if you want to remember the user's preference for a certain zoom
+ * level on www.mozilla.org pages, you might store a preference whose domain is
+ * "www.mozilla.org", whose name is "zoomLevel", and whose value is the numeric
+ * zoom level.
+ *
+ * A preference need not have a domain, and in that case the preference is
+ * called a "global" preference.  This interface doesn't impart any special
+ * significance to global preferences; they're simply name-value pairs that
+ * aren't associated with any particular domain.  As a consumer of this
+ * interface, you might choose to let a global preference override all non-
+ * global preferences of the same name, for example, for whatever definition of
+ * "override" is appropriate for your use case.
+ *
+ *
+ * Domain Parameters
+ *
+ * Many methods of this interface accept a "domain" parameter.  Domains may be
+ * specified either exactly, like "example.com", or as full URLs, like
+ * "http://example.com/foo/bar".  In the latter case the API extracts the full
+ * domain from the URL, so if you specify "http://foo.bar.example.com/baz", the
+ * domain is taken to be "foo.bar.example.com", not "example.com".
+ *
+ *
+ * Private-Browsing Context Parameters
+ *
+ * Many methods also accept a "context" parameter.  This parameter relates to
+ * private browsing and determines the kind of storage that a method uses,
+ * either the usual permanent storage or temporary storage set aside for private
+ * browsing sessions.
+ *
+ * Pass null to unconditionally use permanent storage.  Pass an nsILoadContext
+ * to use storage appropriate to the context's usePrivateBrowsing attribute: if
+ * usePrivateBrowsing is true, temporary private-browsing storage is used, and
+ * otherwise permanent storage is used.  A context can be obtained from the
+ * window or channel whose content pertains to the preferences being modified or
+ * retrieved.
+ *
+ *
+ * Callbacks
+ *
+ * The methods of callback objects are always called asynchronously.
+ *
+ * Observers are called after callbacks are called, but they are called in the
+ * same turn of the event loop as callbacks.
+ *
+ * See nsIContentPrefCallback2 below for more information about callbacks.
+ */
+
+[scriptable, uuid(bed98666-d995-470f-bebd-62476d318576)]
+interface nsIContentPrefService2 : nsISupports
+{
+  /**
+   * Group (called "domain" in this interface) names longer than this will be
+   * truncated automatically.
+   */
+  const unsigned short GROUP_NAME_MAX_LENGTH = 2000;
+
+  /**
+   * Gets all the preferences with the given name.
+   *
+   * @param name      The preferences' name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleResult is called once for each preference unless
+   *                  no such preferences exist, in which case handleResult
+   *                  is not called at all.
+   */
+  void getByName(in AString name,
+                 in nsILoadContext context,
+                 in nsIContentPrefCallback2 callback);
+
+  /**
+   * Gets the preference with the given domain and name.
+   *
+   * @param domain    The preference's domain.
+   * @param name      The preference's name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleResult is called once unless no such preference
+   *                  exists, in which case handleResult is not called at all.
+   */
+  void getByDomainAndName(in AString domain,
+                          in AString name,
+                          in nsILoadContext context,
+                          in nsIContentPrefCallback2 callback);
+
+  /**
+   * Gets all preferences with the given name whose domains are either the same
+   * as or subdomains of the given domain.
+   *
+   * @param domain    The preferences' domain.
+   * @param name      The preferences' name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleResult is called once for each preference.  If no
+   *                  such preferences exist, handleResult is not called at all.
+   */
+  void getBySubdomainAndName(in AString domain,
+                             in AString name,
+                             in nsILoadContext context,
+                             in nsIContentPrefCallback2 callback);
+
+  /**
+   * Gets the preference with no domain and the given name.
+   *
+   * @param name      The preference's name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleResult is called once unless no such preference
+   *                  exists, in which case handleResult is not called at all.
+   */
+  void getGlobal(in AString name,
+                 in nsILoadContext context,
+                 in nsIContentPrefCallback2 callback);
+
+  /**
+   * Synchronously retrieves from the in-memory cache the preference with the
+   * given domain and name.
+   *
+   * In addition to caching preference values, the cache also keeps track of
+   * preferences that are known not to exist.  If the preference is known not to
+   * exist, the value attribute of the returned object will be undefined
+   * (nsIDataType::VTYPE_VOID).
+   *
+   * If the preference is neither cached nor known not to exist, then null is
+   * returned, and get() must be called to determine whether the preference
+   * exists.
+   *
+   * @param domain   The preference's domain.
+   * @param name     The preference's name.
+   * @param context  The private-browsing context, if any.
+   * @return         The preference, or null if no such preference is known to
+   *                 exist.
+   */
+  nsIContentPref getCachedByDomainAndName(in AString domain,
+                                          in AString name,
+                                          in nsILoadContext context);
+
+  /**
+   * Synchronously retrieves from the in-memory cache all preferences with the
+   * given name whose domains are either the same as or subdomains of the given
+   * domain.
+   *
+   * The preferences are returned in an array through the out-parameter.  If a
+   * preference for a particular subdomain is known not to exist, then an object
+   * corresponding to that preference will be present in the array, and, as with
+   * getCachedByDomainAndName, its value attribute will be undefined.
+   *
+   * @param domain   The preferences' domain.
+   * @param name     The preferences' name.
+   * @param context  The private-browsing context, if any.
+   * @return         The array of preferences.
+   */
+  Array<nsIContentPref> getCachedBySubdomainAndName(in AString domain,
+                                                    in AString name,
+                                                    in nsILoadContext context);
+
+  /**
+   * Synchronously retrieves from the in-memory cache the preference with no
+   * domain and the given name.
+   *
+   * As with getCachedByDomainAndName, if the preference is cached then it is
+   * returned; if the preference is known not to exist, then the value attribute
+   * of the returned object will be undefined; if the preference is neither
+   * cached nor known not to exist, then null is returned.
+   *
+   * @param name     The preference's name.
+   * @param context  The private-browsing context, if any.
+   * @return         The preference, or null if no such preference is known to
+   *                 exist.
+   */
+  nsIContentPref getCachedGlobal(in AString name,
+                                 in nsILoadContext context);
+
+  /**
+   * Sets a preference.
+   *
+   * @param domain    The preference's domain.
+   * @param name      The preference's name.
+   * @param value     The preference's value.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the preference has been
+   *                  stored.
+   */
+  void set(in AString domain,
+           in AString name,
+           in nsIVariant value,
+           in nsILoadContext context,
+           [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Sets a preference with no domain.
+   *
+   * @param name      The preference's name.
+   * @param value     The preference's value.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the preference has been
+   *                  stored.
+   */
+  void setGlobal(in AString name,
+                 in nsIVariant value,
+                 in nsILoadContext context,
+                 [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes the preference with the given domain and name.
+   *
+   * @param domain    The preference's domain.
+   * @param name      The preference's name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeByDomainAndName(in AString domain,
+                             in AString name,
+                             in nsILoadContext context,
+                             [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes all the preferences with the given name whose domains are either
+   * the same as or subdomains of the given domain.
+   *
+   * @param domain    The preferences' domain.
+   * @param name      The preferences' name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeBySubdomainAndName(in AString domain,
+                                in AString name,
+                                in nsILoadContext context,
+                                [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes the preference with no domain and the given name.
+   *
+   * @param name      The preference's name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeGlobal(in AString name,
+                    in nsILoadContext context,
+                    [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes all preferences with the given domain.
+   *
+   * @param domain    The preferences' domain.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeByDomain(in AString domain,
+                      in nsILoadContext context,
+                      [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes all preferences whose domains are either the same as or subdomains
+   * of the given domain.
+   *
+   * @param domain    The preferences' domain.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeBySubdomain(in AString domain,
+                         in nsILoadContext context,
+                         [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes all preferences with the given name regardless of domain, including
+   * global preferences with the given name.
+   *
+   * @param name      The preferences' name.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeByName(in AString name,
+                    in nsILoadContext context,
+                    [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes all non-global preferences -- in other words, all preferences that
+   * have a domain.
+   *
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeAllDomains(in nsILoadContext context,
+                        [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes all non-global preferences created after and including |since|.
+   *
+   * @param since     Timestamp in milliseconds.
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeAllDomainsSince(in unsigned long long since,
+                             in nsILoadContext context,
+                             [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Removes all global preferences -- in other words, all preferences that have
+   * no domain.
+   *
+   * @param context   The private-browsing context, if any.
+   * @param callback  handleCompletion is called when the operation completes.
+   */
+  void removeAllGlobals(in nsILoadContext context,
+                        [optional] in nsIContentPrefCallback2 callback);
+
+  /**
+   * Registers an observer that will be notified whenever a preference with the
+   * given name is set or removed.
+   *
+   * When a set or remove method is called, observers are called after the set
+   * or removal completes and after the method's callback is called, and they
+   * are called in the same turn of the event loop as the callback.
+   *
+   * The service holds a strong reference to the observer, so the observer must
+   * be removed later to avoid leaking it.
+   *
+   * @param name      The name of the preferences to observe.  Pass null to
+   *                  observe all preference changes regardless of name.
+   * @param observer  The observer.
+   */
+  void addObserverForName(in AString name,
+                          in nsIContentPrefObserver observer);
+
+  /**
+   * Unregisters an observer for the given name.
+   *
+   * @param name      The name for which the observer was registered.  Pass null
+   *                  if the observer was added with a null name.
+   * @param observer  The observer.
+   */
+  void removeObserverForName(in AString name,
+                             in nsIContentPrefObserver observer);
+
+  /**
+   * Extracts and returns the domain from the given string representation of a
+   * URI.  This is how the API extracts domains from URIs passed to it.
+   *
+   * @param str  The string representation of a URI, like
+   *             "http://example.com/foo/bar".
+   * @return     If the given string is a valid URI, the domain of that URI is
+   *             returned.  Otherwise, the string itself is returned.
+   */
+  AString extractDomain(in AString str);
+};
+
+/**
+ * The callback used by the above methods.
+ */
+[scriptable, uuid(1a12cf41-79e8-4d0f-9899-2f7b27c5d9a1)]
+interface nsIContentPrefCallback2 : nsISupports
+{
+  /**
+   * For the retrieval methods, this is called once for each retrieved
+   * preference.  It is not called for other methods.
+   *
+   * @param pref  The retrieved preference.
+   */
+  void handleResult(in nsIContentPref pref);
+
+  /**
+   * Called when an error occurs.  This may be called multiple times before
+   * handleCompletion is called.
+   *
+   * @param error  A number in Components.results describing the error.
+   */
+  void handleError(in nsresult error);
+
+  /**
+   * Called when the method finishes.  This will be called exactly once for
+   * each method invocation, and afterward no other callback methods will be
+   * called.
+   *
+   * @param reason  One of the COMPLETE_* values indicating the manner in which
+   *                the method completed.
+   */
+  void handleCompletion(in unsigned short reason);
+
+  const unsigned short COMPLETE_OK = 0;
+  const unsigned short COMPLETE_ERROR = 1;
+};
+
+[scriptable, function, uuid(9f24948d-24b5-4b1b-b554-7dbd58c1d792)]
+interface nsIContentPref : nsISupports
+{
+  readonly attribute AString domain;
+  readonly attribute AString name;
+  readonly attribute nsIVariant value;
+};
+
+%{C++
+// The contractID for the generic implementation built in to xpcom.
+#define NS_CONTENT_PREF_SERVICE_CONTRACTID "@mozilla.org/content-pref/service;1"
+%}
diff --git a/dom/interfaces/base/nsIContentProcess.idl b/dom/interfaces/base/nsIContentProcess.idl
new file mode 100644
index 0000000000..198bb093a6
--- /dev/null
+++ b/dom/interfaces/base/nsIContentProcess.idl
@@ -0,0 +1,51 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+
+[scriptable, builtinclass, uuid(456f58be-29dd-4973-885b-95aece1c9a8a)]
+interface nsIContentProcessInfo : nsISupports
+{
+  /**
+   * Is this content process alive?
+   */
+  readonly attribute boolean isAlive;
+
+  /**
+   * The content process's PID.
+   * Throws if the process is not alive.
+   */
+  readonly attribute int32_t processId;
+
+  /**
+   * Number of opened tabs living in this content process.
+   */
+  readonly attribute int32_t tabCount;
+
+  /**
+   * The process manager for this ContentParent (so a process message manager
+   * as opposed to a frame message manager.
+   */
+  readonly attribute nsISupports messageManager;
+};
+
+[scriptable, uuid(83ffb063-5f65-4c45-ae07-3f553e0809bb)]
+interface nsIContentProcessProvider : nsISupports
+{
+  /**
+   * Return this from provideProcess to create a new process.
+   */
+  const int32_t NEW_PROCESS = -1;
+
+  /**
+   * Given aAliveProcesses, choose which process of aType to use. Return
+   * nsIContentProcessProvider.NEW_PROCESS to ask the caller to create a new
+   * content process.
+   */
+  int32_t provideProcess(in AUTF8String aType,
+                         in Array<nsIContentProcessInfo> aAliveProcesses,
+                         in uint32_t aMaxCount);
+};
diff --git a/dom/interfaces/base/nsIDOMChromeWindow.idl b/dom/interfaces/base/nsIDOMChromeWindow.idl
new file mode 100644
index 0000000000..3d04991e4c
--- /dev/null
+++ b/dom/interfaces/base/nsIDOMChromeWindow.idl
@@ -0,0 +1,22 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+
+interface nsIBrowserDOMWindow;
+interface mozIDOMWindowProxy;
+
+// Scriptable only so Components.interfaces.nsIDOMChromeWindow works.
+[scriptable, builtinclass, uuid(78bdcb41-1efa-409f-aaba-70842213f80f)]
+interface nsIDOMChromeWindow : nsISupports
+{
+  /**
+   * browserDOMWindow provides access to yet another layer of
+   * utility functions implemented by chrome script. It will be null
+   * for DOMWindows not corresponding to browsers.
+   */
+  [noscript]
+  readonly attribute nsIBrowserDOMWindow browserDOMWindow;
+};
diff --git a/dom/interfaces/base/nsIDOMGlobalPropertyInitializer.idl b/dom/interfaces/base/nsIDOMGlobalPropertyInitializer.idl
new file mode 100644
index 0000000000..3c931824d7
--- /dev/null
+++ b/dom/interfaces/base/nsIDOMGlobalPropertyInitializer.idl
@@ -0,0 +1,21 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface mozIDOMWindow;
+
+[scriptable, uuid(5842e275-797f-4afb-b7e0-e29f0cb312ae)]
+interface nsIDOMGlobalPropertyInitializer : nsISupports
+{
+  /*
+   * Initialize the global property.
+   *
+   * @param window the global object on which the property is being retrieved.
+   *
+   * @returns a JS Object to use use as the property's value.
+   */
+  jsval init(in mozIDOMWindow window);
+};
diff --git a/dom/interfaces/base/nsIDOMWindow.idl b/dom/interfaces/base/nsIDOMWindow.idl
new file mode 100644
index 0000000000..06809e865c
--- /dev/null
+++ b/dom/interfaces/base/nsIDOMWindow.idl
@@ -0,0 +1,19 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+
+interface nsIControllers;
+interface nsIPrompt;
+interface nsIVariant;
+
+/**
+ * Empty interface for compatibility with older versions.
+ * @deprecated Use WebIDL for script visible features,
+ *             nsPIDOMWindow for C++ callers.
+ */
+
+[scriptable, builtinclass, uuid(b8343993-0383-4add-9930-ad176b189240)]
+interface nsIDOMWindow : nsISupports {};
diff --git a/dom/interfaces/base/nsIDOMWindowUtils.idl b/dom/interfaces/base/nsIDOMWindowUtils.idl
new file mode 100644
index 0000000000..82f7d4d206
--- /dev/null
+++ b/dom/interfaces/base/nsIDOMWindowUtils.idl
@@ -0,0 +1,2331 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "domstubs.idl"
+
+/**
+ * nsIDOMWindowUtils is intended for infrequently-used methods related
+ * to the current nsIDOMWindow.  Some of the methods may require
+ * elevated privileges; the method implementations should contain the
+ * necessary security checks.  Access this interface by calling
+ * getInterface on a DOMWindow.
+ *
+ * WARNING: Do not use 'out jsval' parameters in this file.
+ *          SpecialPowers, which is used to access nsIDOMWindowUtils
+ *          in plain mochitests, does not know how to handle them.
+ *          (Use 'jsval' return values instead.)
+ */
+
+%{C++
+#include "nsColor.h"
+class gfxContext;
+struct nsRect;
+%}
+
+[ref] native nsConstRect(const nsRect);
+native nscolor(nscolor);
+[ptr] native gfxContext(gfxContext);
+
+interface nsIArray;
+interface nsICycleCollectorListener;
+interface nsIPreloadedStyleSheet;
+interface nsITransferable;
+interface nsIQueryContentEventResult;
+interface nsIDOMWindow;
+interface nsIFile;
+interface nsIURI;
+interface nsIRunnable;
+interface nsITranslationNodeList;
+interface nsIJSRAIIHelper;
+interface nsIContentPermissionRequest;
+interface nsIObserver;
+
+webidl Animation;
+webidl DOMRect;
+webidl Element;
+webidl EventTarget;
+webidl Event;
+webidl Node;
+webidl NodeList;
+webidl Storage;
+
+[builtinclass, scriptable, uuid(4d6732ca-9da7-4176-b8a1-8dde15cd0bf9)]
+interface nsIDOMWindowUtils : nsISupports {
+
+  /**
+   * Image animation mode of the window. When this attribute's value
+   * is changed, the implementation should set all images in the window
+   * to the given value. That is, when set to kDontAnimMode, all images
+   * will stop animating. The attribute's value must be one of the
+   * animationMode values from imgIContainer.
+   * @note Images may individually override the window's setting after
+   *       the window's mode is set. Therefore images given different modes
+   *       since the last setting of the window's mode may behave
+   *       out of line with the window's overall mode.
+   * @note The attribute's value is the window's overall mode. It may
+   *       for example continue to report kDontAnimMode after all images
+   *       have subsequently been individually animated.
+   * @note Only images immediately in this window are affected;
+   *       this is not recursive to subwindows.
+   * @see imgIContainer
+   */
+  attribute unsigned short imageAnimationMode;
+
+  /**
+   * Whether the charset of the window's current document has been forced by
+   * the user.
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   */
+  readonly attribute boolean docCharsetIsForced;
+
+  /**
+   * Return the conversion of a physical millimeter in CSS pixels.
+   */
+  readonly attribute float physicalMillimeterInCSSPixels;
+
+  /**
+   * Function to get metadata associated with the window's current document
+   * @param aName the name of the metadata.  This should be all lowercase.
+   * @return the value of the metadata, or the empty string if it's not set
+   *
+   * Will throw a DOM security error if called without chrome privileges.
+   */
+  AString getDocumentMetadata(in AString aName);
+
+  /**
+   * Relative to the top-level document.
+   *
+   * @param aX 0, if there's no such location.
+   * @param aY 0, if there's no such location.
+   */
+  void getLastOverWindowPointerLocationInCSSPixels(out float aX, out float aY);
+
+  /**
+   * Force a synchronous layer transaction for this window if necessary.
+   */
+  [can_run_script]
+  void updateLayerTree();
+
+  /**
+   * Get the last used layer transaction id for this window's refresh driver.
+   */
+  readonly attribute unsigned long long lastTransactionId;
+
+  /**
+   * Information retrieved from the <meta name="viewport"> tag.
+   * See Document::GetViewportInfo for more information.
+   */
+  void getViewportInfo(in uint32_t aDisplayWidth, in uint32_t aDisplayHeight,
+                       out double aDefaultZoom, out boolean aAllowZoom,
+                       out double aMinZoom, out double aMaxZoom,
+                       out uint32_t aWidth, out uint32_t aHeight,
+                       out boolean aAutoSize);
+  /*
+   * Information retrieved from the viewport-fit value of <meta name="viewport">
+   * element.
+   */
+  AString getViewportFitInfo();
+
+  /**
+   * Information about the window size in device pixels.
+   */
+  void getContentViewerSize(out uint32_t aDisplayWidth, out uint32_t aDisplayHeight);
+
+  /**
+   * For any scrollable element, this allows you to override the default
+   * scroll behaviour and force autodir (which allows a mousewheel to
+   * horizontally scroll regions that only scroll on that one axis).
+   *
+   * See the documentation for mousewheel.autodir.enabled and
+   * mousewheel.autodir.honourroot for a more thorough explanation of
+   * what these behaviours do.
+   */
+  void setMousewheelAutodir(in Element aElement, in boolean aEnabled, in boolean aHonourRoot);
+
+  /**
+   * For any scrollable element, this allows you to override the
+   * visible region and draw more than what is visible, which is
+   * useful for asynchronous drawing. The "displayport" will be
+   * <xPx, yPx, widthPx, heightPx> in units of CSS pixels,
+   * regardless of the size of the enclosing container.  This
+   * will *not* trigger reflow.
+   *
+   * For the root scroll area, pass in the root document element.
+   * For scrollable elements, pass in the container element (for
+   * instance, the element with overflow: scroll).
+   *
+   * <x, y> is relative to the top-left of what would normally be
+   * the visible area of the element. This means that the pixels
+   * rendered to the displayport take scrolling into account,
+   * for example.
+   *
+   * It's legal to set a displayport that extends beyond the overflow
+   * area in any direction (left/right/top/bottom).
+   *
+   * It's also legal to set a displayport that extends beyond the
+   * area's bounds.  No pixels are rendered outside the area bounds.
+   *
+   * The caller of this method must have chrome privileges.
+   *
+   * Calling this will always force a recomposite, so it should be
+   * avoided if at all possible. Client code should do checks before
+   * calling this so that duplicate sets are not made with the same
+   * displayport.
+   *
+   * aPriority is recorded along with the displayport rectangle. If this
+   * method is called with a lower priority than the current priority, the
+   * call is ignored.
+   */
+  void setDisplayPortForElement(in float aXPx, in float aYPx,
+                                in float aWidthPx, in float aHeightPx,
+                                in Element aElement,
+                                in uint32_t aPriority);
+  /**
+   * An alternate way to represent a displayport rect as a set of margins and a
+   * base rect to apply those margins to. A consumer of pixels may ask for as
+   * many extra pixels as it would like in each direction. Layout then sets
+   * the base rect to the "visible rect" of the element, which is just the
+   * subrect of the element that is drawn (it does not take in account content
+   * covering the element).
+   *
+   * If both a displayport rect and displayport margins with corresponding base
+   * rect are set with the same priority then the margins will take precendence.
+   *
+   * Specifying an alignment value will ensure that after the base rect has
+   * been expanded by the displayport margins, it will be further expanded so
+   * that each edge is located at a multiple of the "alignment" value.
+   *
+   * Note that both the margin values and alignment are treated as values in
+   * ScreenPixels. Refer to layout/base/Units.h for a description of this unit.
+   * The base rect values are in app units.
+   */
+  void setDisplayPortMarginsForElement(in float aLeftMargin,
+                                       in float aTopMargin,
+                                       in float aRightMargin,
+                                       in float aBottomMargin,
+                                       in Element aElement,
+                                       in uint32_t aPriority);
+
+  void setDisplayPortBaseForElement(in int32_t aX,
+                                    in int32_t aY,
+                                    in int32_t aWidth,
+                                    in int32_t aHeight,
+                                    in Element aElement);
+
+  /**
+   * If |aElement| is a scroll container, returns the amount of layout
+   * space taken up by its scrollbars (that is, the width of the vertical
+   * scrollbar and the height of the horizontal scrollbar) in CSS pixels;
+   * otherwise returns zero.
+   *
+   * Note that on some platforms, scrollbars don't take up layout space
+   * ("overlay scrollbars"). On such platforms, the returned sizes are
+   * always zero.
+   *
+   * Layout scrollbars that normally take up space but were only shown to
+   * scroll the visual viewport inside the layout viewport (the layout viewport
+   * cannot be scrolled) do not take up space but they still return their size
+   * from this function.
+   */
+  void getScrollbarSizes(in Element aElement,
+                         out uint32_t aVerticalScrollbarWidth,
+                         out uint32_t aHorizontalScrollbarHeight);
+
+  /**
+   * Get/set the resolution at which rescalable web content is drawn for
+   * testing purposes.
+   *
+   * Setting a new resolution does *not* trigger reflow.  This API is
+   * entirely separate from textZoom and fullZoom; a resolution scale
+   * can be applied together with both textZoom and fullZoom.
+   *
+   * The effect of this API is for gfx code to allocate more or fewer
+   * pixels for rescalable content by a factor of |resolution| in
+   * both dimensions.
+   *
+   * In addition, the content is scaled by the amount of the resolution,
+   * so that it is displayed at a correspondingly larger or smaller size,
+   * without the need for the caller to set an additional transform.
+   *
+   * The purpose of this API is to allow tests to simulate many of the effects
+   * a non-reflowing scale-zoom, e.g. for pinch-zoom on mobile platforms, and
+   * should be only used for testing purposes.
+   *
+   * The caller of this method must have chrome privileges.
+   *
+   * This is intended to be used by test code only!
+   */
+  void setResolutionAndScaleTo(in float aResolution);
+
+  float getResolution();
+
+  /**
+   * Set a resolution on the presShell which is the "restored" from history.
+   * The display dimensions are compared to their current values and used
+   * to scale the resolution value if necessary, e.g. if the device was
+   * rotated between saving and restoring of the session data.
+   * This resolution should be used when painting for the first time. Calling
+   * this too late may have no effect.
+   */
+  void setRestoreResolution(in float aResolution,
+                            in uint32_t aDisplayWidth,
+                            in uint32_t aDisplayHeight);
+
+  /**
+   * Whether the next paint should be flagged as the first paint for a document.
+   * This gives a way to track the next paint that occurs after the flag is
+   * set. The flag gets cleared after the next paint.
+   *
+   * Can only be accessed with chrome privileges.
+   */
+  attribute boolean isFirstPaint;
+
+  uint32_t getPresShellId();
+
+  /**
+   * Returns whether a given header and value is a CORS-safelisted request
+   * header per https://fetch.spec.whatwg.org/#cors-safelisted-request-header
+   */
+  boolean isCORSSafelistedRequestHeader(in ACString name, in ACString value);
+
+  /**
+   * Following modifiers are for sent*Event() except sendNative*Event().
+   * NOTE: MODIFIER_ALT, MODIFIER_CONTROL, MODIFIER_SHIFT and MODIFIER_META
+   *       are must be same values as Event_Binding::*_MASK for backward
+   *       compatibility.
+   */
+  const long MODIFIER_ALT        = 0x0001;
+  const long MODIFIER_CONTROL    = 0x0002;
+  const long MODIFIER_SHIFT      = 0x0004;
+  const long MODIFIER_META       = 0x0008;
+  const long MODIFIER_ALTGRAPH   = 0x0010;
+  const long MODIFIER_CAPSLOCK   = 0x0020;
+  const long MODIFIER_FN         = 0x0040;
+  const long MODIFIER_FNLOCK     = 0x0080;
+  const long MODIFIER_NUMLOCK    = 0x0100;
+  const long MODIFIER_SCROLLLOCK = 0x0200;
+  const long MODIFIER_SYMBOL     = 0x0400;
+  const long MODIFIER_SYMBOLLOCK = 0x0800;
+  const long MODIFIER_OS         = 0x1000;
+
+  /** Synthesize a mouse event. The event types supported are:
+   *    mousedown, mouseup, mousemove, mouseover, mouseout, mousecancel,
+   *    contextmenu, MozMouseHittest
+   *
+   * Events are sent in coordinates offset by aX and aY from the window.
+   *
+   * Note that additional events may be fired as a result of this call. For
+   * instance, typically a click event will be fired as a result of a
+   * mousedown and mouseup in sequence.
+   *
+   * Normally at this level of events, the mouseover and mouseout events are
+   * only fired when the window is entered or exited. For inter-element
+   * mouseover and mouseout events, a movemove event fired on the new element
+   * should be sufficient to generate the correct over and out events as well.
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * The event is dispatched via the toplevel window, so it could go to any
+   * window under the toplevel window, in some cases it could never reach this
+   * window at all.
+   *
+   * NOTE: mousecancel is used to represent the vanishing of an input device
+   * such as a pen leaving its digitizer by synthesizing a WidgetMouseEvent,
+   * whose mMessage is eMouseExitFromWidget and mExitFrom is
+   * WidgetMouseEvent::eTopLevel.
+   *
+   * @param aType event type
+   * @param aX x offset in CSS pixels
+   * @param aY y offset in CSS pixels
+   * @param aButton button to synthesize
+   * @param aClickCount number of clicks that have been performed
+   * @param aModifiers modifiers pressed, using constants defined as MODIFIER_*
+   * @param aIgnoreRootScrollFrame whether the event should ignore viewport bounds
+   *                           during dispatch
+   * @param aPressure touch input pressure: 0.0 -> 1.0
+   * @param aInputSourceArg input source, see MouseEvent for values,
+   *        defaults to mouse input.
+   * @param aIsDOMEventSynthesized controls Event.isSynthesized value
+   *                               that helps identifying test related events,
+   *                               defaults to true
+   * @param aIsWidgetEventSynthesized controls WidgetMouseEvent.mReason value
+   *                                  defaults to false (WidgetMouseEvent::eReal)
+   * @param aIdentifier A unique identifier for the pointer causing the event,
+   *                    defaulting to nsIDOMWindowUtils::DEFAULT_MOUSE_POINTER_ID.
+   *
+   * returns true if the page called prevent default on this event
+   */
+  [optional_argc, can_run_script]
+  boolean sendMouseEvent(in AString aType,
+                         in float aX,
+                         in float aY,
+                         in long aButton,
+                         in long aClickCount,
+                         in long aModifiers,
+                         [optional] in boolean aIgnoreRootScrollFrame,
+                         [optional] in float aPressure,
+                         [optional] in unsigned short aInputSourceArg,
+                         [optional] in boolean aIsDOMEventSynthesized,
+                         [optional] in boolean aIsWidgetEventSynthesized,
+                         [optional] in long aButtons,
+                         [optional] in unsigned long aIdentifier);
+
+  /** Synthesize a touch event. The event types supported are:
+   *    touchstart, touchend, touchmove, and touchcancel
+   *
+   * Events are sent in coordinates offset by aX and aY from the window.
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * The event is dispatched via the toplevel window, so it could go to any
+   * window under the toplevel window, in some cases it could never reach this
+   * window at all.
+   *
+   * @param aType event type
+   * @param xs array of offsets in CSS pixels for each touch to be sent
+   * @param ys array of offsets in CSS pixels for each touch to be sent
+   * @param rxs array of radii in CSS pixels for each touch to be sent
+   * @param rys array of radii in CSS pixels for each touch to be sent
+   * @param rotationAngles array of angles in degrees for each touch to be sent
+   * @param forces array of forces (floats from 0 to 1) for each touch to be sent
+   * @param tiltXs array of tiltX for each touch to be sent
+   * @param tiltYs array of tiltY for each touch to be sent
+   * @param twists array of twist for each touch to be sent
+   * @param count number of touches in this set
+   * @param aModifiers modifiers pressed, using constants defined as MODIFIER_*
+   * @param aIgnoreRootScrollFrame whether the event should ignore viewport bounds
+   *                           during dispatch
+   *
+   * returns true if the page called prevent default on this touch event
+   */
+  [can_run_script]
+  boolean sendTouchEvent(in AString aType,
+                         in Array<uint32_t> aIdentifiers,
+                         in Array<int32_t> aXs,
+                         in Array<int32_t> aYs,
+                         in Array<uint32_t> aRxs,
+                         in Array<uint32_t> aRys,
+                         in Array<float> aRotationAngles,
+                         in Array<float> aForces,
+                         in Array<long> aTiltXs,
+                         in Array<long> aTiltYs,
+                         in Array<long> aTwists,
+                         in long aModifiers,
+                         [optional] in boolean aIgnoreRootScrollFrame);
+
+  /** The same as sendMouseEvent but ensures that the event is dispatched to
+   *  this DOM window or one of its children.
+   */
+  [optional_argc, can_run_script]
+  void sendMouseEventToWindow(in AString aType,
+                              in float aX,
+                              in float aY,
+                              in long aButton,
+                              in long aClickCount,
+                              in long aModifiers,
+                              [optional] in boolean aIgnoreRootScrollFrame,
+                              [optional] in float aPressure,
+                              [optional] in unsigned short aInputSourceArg,
+                              [optional] in boolean aIsDOMEventSynthesized,
+                              [optional] in boolean aIsWidgetEventSynthesized,
+                              [optional] in long aButtons,
+                              [optional] in unsigned long aIdentifier);
+
+  /** The same as sendTouchEvent but ensures that the event is dispatched to
+   *  this DOM window or one of its children.
+   */
+  [can_run_script]
+  boolean sendTouchEventToWindow(in AString aType,
+                                 in Array<uint32_t> aIdentifiers,
+                                 in Array<int32_t> aXs,
+                                 in Array<int32_t> aYs,
+                                 in Array<uint32_t> aRxs,
+                                 in Array<uint32_t> aRys,
+                                 in Array<float> aRotationAngles,
+                                 in Array<float> aForces,
+                                 in Array<long> aTiltXs,
+                                 in Array<long> aTiltYs,
+                                 in Array<long> aTwists,
+                                 in long aModifiers,
+                                 [optional] in boolean aIgnoreRootScrollFrame);
+
+  /** Synthesize a wheel event for a window. The event types supported is only
+   *  wheel.
+   *
+   * Events are sent in coordinates offset by aX and aY from the window.
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * @param aX                 x offset in CSS pixels
+   * @param aY                 y offset in CSS pixels
+   * @param aDeltaX            deltaX value.
+   * @param aDeltaY            deltaY value.
+   * @param aDeltaZ            deltaZ value.
+   * @param aDeltaMode         deltaMode value which must be one of the
+   *                           WheelEvent DOM_DELTA_* constants.
+   * @param aModifiers         modifiers pressed, using constants defined as
+   *                           MODIFIER_*
+   * @param aLineOrPageDeltaX  If you set this value non-zero for
+   *                           DOM_DELTA_PIXEL event, EventStateManager will
+   *                           dispatch NS_MOUSE_SCROLL event for horizontal
+   *                           scroll.
+   * @param aLineOrPageDeltaY  If you set this value non-zero for
+   *                           DOM_DELTA_PIXEL event, EventStateManager will
+   *                           dispatch NS_MOUSE_SCROLL event for vertical
+   *                           scroll.
+   * @param aOptions           Set following flags.
+   */
+  const unsigned long WHEEL_EVENT_CAUSED_BY_NO_LINE_OR_PAGE_DELTA_DEVICE = 0x0001;
+  const unsigned long WHEEL_EVENT_CAUSED_BY_MOMENTUM                     = 0x0002;
+  const unsigned long WHEEL_EVENT_CUSTOMIZED_BY_USER_PREFS               = 0x0004;
+  // If any of the following flags is specified this method will throw an
+  // exception in case the relevant overflowDelta has an unexpected value.
+  const unsigned long WHEEL_EVENT_EXPECTED_OVERFLOW_DELTA_X_ZERO      = 0x0010;
+  const unsigned long WHEEL_EVENT_EXPECTED_OVERFLOW_DELTA_X_POSITIVE  = 0x0020;
+  const unsigned long WHEEL_EVENT_EXPECTED_OVERFLOW_DELTA_X_NEGATIVE  = 0x0040;
+  const unsigned long WHEEL_EVENT_EXPECTED_OVERFLOW_DELTA_Y_ZERO      = 0x0100;
+  const unsigned long WHEEL_EVENT_EXPECTED_OVERFLOW_DELTA_Y_POSITIVE  = 0x0200;
+  const unsigned long WHEEL_EVENT_EXPECTED_OVERFLOW_DELTA_Y_NEGATIVE  = 0x0400;
+  void sendWheelEvent(in float aX,
+                      in float aY,
+                      in double aDeltaX,
+                      in double aDeltaY,
+                      in double aDeltaZ,
+                      in unsigned long aDeltaMode,
+                      in long aModifiers,
+                      in long aLineOrPageDeltaX,
+                      in long aLineOrPageDeltaY,
+                      in unsigned long aOptions);
+
+  /**
+   * Native modifiers for sendNativeKeyEvent and sendNativeMouseEvent.
+   * TODO: The other sendNative*Event should take these values instead.
+   */
+  const unsigned long NATIVE_MODIFIER_CAPS_LOCK       = 0x00000001;
+  const unsigned long NATIVE_MODIFIER_NUM_LOCK        = 0x00000002;
+  const unsigned long NATIVE_MODIFIER_SHIFT_LEFT      = 0x00000100;
+  const unsigned long NATIVE_MODIFIER_SHIFT_RIGHT     = 0x00000200;
+  const unsigned long NATIVE_MODIFIER_CONTROL_LEFT    = 0x00000400;
+  const unsigned long NATIVE_MODIFIER_CONTROL_RIGHT   = 0x00000800;
+  const unsigned long NATIVE_MODIFIER_ALT_LEFT        = 0x00001000;
+  const unsigned long NATIVE_MODIFIER_ALT_RIGHT       = 0x00002000;
+  const unsigned long NATIVE_MODIFIER_COMMAND_LEFT    = 0x00004000;
+  const unsigned long NATIVE_MODIFIER_COMMAND_RIGHT   = 0x00008000;
+  const unsigned long NATIVE_MODIFIER_HELP            = 0x00010000;
+  // On Windows, AltGraph key emulates the AltRight key on specific keyboard
+  // layouts.  Therefore, this shouldn't be used without `synthesizeNativeKey`.
+  const unsigned long NATIVE_MODIFIER_ALT_GRAPH       = 0x00020000;
+  // Available only on macOS.
+  const unsigned long NATIVE_MODIFIER_FUNCTION        = 0x00100000;
+  // Available only on macOS.  When pressing a key in numeric key pad, this
+  // must be included.
+  const unsigned long NATIVE_MODIFIER_NUMERIC_KEY_PAD = 0x01000000;
+
+  /**
+   * See nsIWidget::SynthesizeNativeKeyEvent
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * When you use this for tests, use the constants defined in NativeKeyCodes.js
+   *
+   * NOTE: The synthesized native event will be fired asynchronously, and upon
+   * completion the observer, if provided, will be notified with a "keyevent"
+   * topic.
+   */
+  void sendNativeKeyEvent(in long aNativeKeyboardLayout,
+                          in long aNativeKeyCode,
+                          in unsigned long aModifierFlags,
+                          in AString aCharacters,
+                          in AString aUnmodifiedCharacters,
+                          [optional] in nsIObserver aObserver);
+
+  /**
+   * See nsIWidget::SynthesizeNativeMouseEvent
+   *
+   * Will be called on the widget that contains aElement.
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * @param aScreenX    X offset in the screen in device pixels.
+   * @param aScreenY    Y offset in the screen in derive pixels.
+   * @param aNativeMessage      One of NATIVE_MOUSE_MESSAGE_*
+   * @param aButton     Same as `MouseEvent.button` value.
+   * @param aModifierFlags      See nsIWidget's native modifier flags.
+   * @param aElementOnWidget    An element which is on a widget.
+   * @param aObserver   The synthesized native event will be fired
+   *                    asynchronously, and upon completion the observer, if
+   *                    provided, will be notified with a "mouseevent" topic.
+   */
+  const unsigned long NATIVE_MOUSE_MESSAGE_BUTTON_DOWN  = 0x00000001;
+  const unsigned long NATIVE_MOUSE_MESSAGE_BUTTON_UP    = 0x00000002;
+  const unsigned long NATIVE_MOUSE_MESSAGE_MOVE         = 0x00000003;
+  const unsigned long NATIVE_MOUSE_MESSAGE_ENTER_WINDOW = 0x00000004;
+  const unsigned long NATIVE_MOUSE_MESSAGE_LEAVE_WINDOW = 0x00000005;
+  void sendNativeMouseEvent(in long aScreenX,
+                            in long aScreenY,
+                            in unsigned long aNativeMessage,
+                            in short aButton,
+                            in unsigned long aModifierFlags,
+                            in Element aElementOnWidget,
+                            [optional] in nsIObserver aObserver);
+
+  /**
+   * Suppress animations that are applied to a window by OS when
+   * resizing, moving, changing size mode, ...
+   */
+  void suppressAnimation(in boolean aSuppress);
+
+  /**
+   * The values for sendNativeMouseScrollEvent's aAdditionalFlags.
+   */
+
+  /**
+   * If MOUSESCROLL_PREFER_WIDGET_AT_POINT is set, widget will dispatch
+   * the event to a widget which is under the cursor.  Otherwise, dispatch to
+   * a default target on the platform.  E.g., on Windows, it's focused window.
+   */
+  const unsigned long MOUSESCROLL_PREFER_WIDGET_AT_POINT = 0x00000001;
+
+  /**
+   * Interpret the scroll delta values as lines rather than pixels.
+   */
+  const unsigned long MOUSESCROLL_SCROLL_LINES = 0x00000002;
+
+  /**
+   * The platform specific values of aAdditionalFlags.  Must be over 0x00010000.
+   */
+
+  /**
+   * If MOUSESCROLL_WIN_SCROLL_LPARAM_NOT_NULL is set and aNativeMessage is
+   * WM_VSCROLL or WM_HSCROLL, widget will set the window handle to the lParam
+   * instead of NULL.
+   */
+  const unsigned long MOUSESCROLL_WIN_SCROLL_LPARAM_NOT_NULL = 0x00010000;
+
+  /**
+   * See nsIWidget::SynthesizeNativeMouseScrollEvent
+   *
+   * Will be called on the widget that contains aElement.
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * NOTE: The synthesized native event will be fired asynchronously, and upon
+   * completion the observer, if provided, will be notified with a
+   * "mousescrollevent" topic.
+   *
+   * @param aNativeMessage
+   *   On Windows:  WM_MOUSEWHEEL (0x020A), WM_MOUSEHWHEEL(0x020E),
+   *                WM_VSCROLL (0x0115) or WM_HSCROLL (0x114).
+   */
+  void sendNativeMouseScrollEvent(in long aScreenX,
+                                  in long aScreenY,
+                                  in unsigned long aNativeMessage,
+                                  in double aDeltaX,
+                                  in double aDeltaY,
+                                  in double aDeltaZ,
+                                  in unsigned long aModifierFlags,
+                                  in unsigned long aAdditionalFlags,
+                                  in Element aElement,
+                                  [optional] in nsIObserver aObserver);
+
+  /**
+   * Touch states for sendNativeTouchPoint. These values match
+   * nsIWidget's TouchPointerState.
+   */
+
+  // The pointer is in a hover state above the digitizer
+  const long TOUCH_HOVER   = 0x01;
+  // The pointer is in contact with the digitizer
+  const long TOUCH_CONTACT = 0x02;
+  // The pointer has been removed from the digitizer detection area
+  const long TOUCH_REMOVE  = 0x04;
+  // The pointer has been canceled. Will cancel any pending os level
+  // gestures that would be triggered as a result of completion of the
+  // input sequence. This may not cancel moz platform related events
+  // that might get tirggered by input already delivered.
+  const long TOUCH_CANCEL  = 0x08;
+
+  /**
+   * Phase states for sendNativeTouchPadPinch.
+   */
+  const long PHASE_BEGIN = 0;
+  const long PHASE_UPDATE = 1;
+  const long PHASE_END  = 2;
+
+  /**
+   * Create a new or update an existing touch point on the digitizer.
+   * To trigger os level gestures, individual touch points should
+   * transition through a complete set of touch states which should be
+   * sent as individual calls. For example:
+   * tap - msg1:TOUCH_CONTACT, msg2:TOUCH_REMOVE
+   * drag - msg1-n:TOUCH_CONTACT (moving), msgn+1:TOUCH_REMOVE
+   * hover drag - msg1-n:TOUCH_HOVER (moving), msgn+1:TOUCH_REMOVE
+   *
+   * Widget support: Windows 8.0+, Winrt/Win32. Other widgets will throw.
+   *
+   * NOTE: The synthesized native event will be fired asynchronously, and upon
+   * completion the observer, if provided, will be notified with a "touchpoint"
+   * topic.
+   *
+   * @param aPointerId The touch point id to create or update.
+   * @param aTouchState one or more of the touch states listed above
+   * @param aScreenX, aScreenY screen coords of this event
+   * @param aPressure 0.0 -> 1.0 float val indicating pressure
+   * @param aOrientation 0 -> 359 degree value indicating the
+   * orientation of the pointer. Use 90 for normal taps.
+   */
+  void sendNativeTouchPoint(in unsigned long aPointerId,
+                            in unsigned long aTouchState,
+                            in long aScreenX,
+                            in long aScreenY,
+                            in double aPressure,
+                            in unsigned long aOrientation,
+                            [optional] in nsIObserver aObserver);
+  /**
+   * These values indicate touchpad pinch phase states :
+   * PHASE_BEGIN
+   * PHASE_UPDATE
+   * PHASE_END
+   * Widget support: Linux GTK 3.18+.
+   * @param aEventPhase The touchpad pinch phase using states listed above.
+   * @param aScale Events with PHASE_UPDATE will change the zoom level by
+   * the ratio between the scale of the current event and the scale of the last event.
+   * @param aScreenX, aScreenY screen coords of the focus point of this event.
+   * @param aModifierFlags is expected to contain native modifier values.
+   */
+  void sendNativeTouchpadPinch(in unsigned long aEventPhase,
+                               in float aScale,
+                               in long aScreenX,
+                               in long aScreenY,
+                               in long aModifierFlags);
+
+  /**
+   * Simulates native touch based taps on the input digitizer. Events
+   * triggered by this call are injected at the os level. Events do not
+   * bypass widget level input processing and as such can be used to
+   * test widget event logic and async pan-zoom controller functionality.
+   * Cannot be accessed from an unprivileged context.
+   *
+   * Long taps (based on the aLongTap parameter) will be completed
+   * asynchrnously after the call returns. Long tap delay is based on
+   * the ui.click_hold_context_menus.delay pref or 1500 msec if pref
+   * is not set.
+   *
+   * Widget support: Windows 8.0+, Winrt/Win32. Other widgets will
+   * throw.
+   *
+   * NOTE: The synthesized native event will be fired asynchronously, and upon
+   * completion the observer, if provided, will be notified, with a "touchtap"
+   * topic.
+   *
+   * @param aScreenX, aScreenY screen coords of this event
+   * @param aLongTap true if the tap should be long, false for a short
+   * tap.
+   */
+  void sendNativeTouchTap(in long aScreenX,
+                          in long aScreenY,
+                          in boolean aLongTap,
+                          [optional] in nsIObserver aObserver);
+
+  /**
+   * Create a new or update an existing pen input on the digitizer.
+   *
+   * Widget support: Windows 10 1809+. Other widgets will throw.
+   *
+   * NOTE: The synthesized native event will be fired asynchronously, and upon
+   * completion the observer, if provided, will be notified with a "peninput"
+   * topic.
+   *
+   * @param aPointerId The touch point id to create or update.
+   * @param aPointerState one or more of the TOUCH_* listed above
+   * @param aScreenX x screen coord of this event
+   * @param aScreenY y screen coord of this event
+   * @param aPressure 0.0 -> 1.0 float val indicating pressure
+   * @param aRotation 0 -> 359 degree value indicating the rotation of the
+   * pointer. Use 0 for normal taps.
+   * @param aTiltX -90 -> 90 degree value indicating the tilt along the x-axis
+   * of the pointer. Use 0 for normal taps.
+   * @param aTiltY -90 -> 90 degree value indicating the tilt along the y-axis
+   * of the pointer. Use 0 for normal taps.
+   * @param aButton Same as MouseEvent::button.
+   */
+  void sendNativePenInput(in unsigned long aPointerId,
+                          in unsigned long aPointerState,
+                          in long aScreenX,
+                          in long aScreenY,
+                          in double aPressure,
+                          in unsigned long aRotation,
+                          in long aTiltX,
+                          in long aTiltY,
+                          in long aButton,
+                          [optional] in nsIObserver aObserver);
+
+  /**
+   * Cancel any existing touch points or long tap delays. Calling this is safe
+   * even if you're sure there aren't any pointers recorded. You should call
+   * this when tests shut down to reset the digitizer driver. Not doing so can
+   * leave the digitizer in an undetermined state which can screw up subsequent
+   * tests and native input.
+   *
+   * NOTE: The synthesized native event will be fired asynchronously, and upon
+   * completion the observer, if provided, will be notified with a "cleartouch"
+   * topic.
+   */
+  void clearNativeTouchSequence([optional] in nsIObserver aObserver);
+
+  /**
+   * Send a native event as if the user double tapped the touchpad with two
+   * fingers.
+   *
+   * Widget support: macOS.
+   * @param aScreenX, aScreenY screen coords of the focus point of this event.
+   * @param aModifierFlags is expected to contain native modifier values.
+   */
+  void sendNativeTouchpadDoubleTap(in long aScreenX,
+                                   in long aScreenY,
+                                   in long aModifierFlags);
+
+  /**
+   * Send a native event as if the user panned on the touchpad with two
+   * fingers.
+   *
+   * NOTE: The synthesized native event will be fired asynchronously, and upon
+   * completion the observer, if provided, will be notified with a
+   * "touchpadpanevent" topic.
+   *
+   * Widget support: Windows.
+   * @param aScreenX, aScreenY screen coords of the focus point of this event.
+   * @param aDeltaX, aDeltaY the amount of delta in the pan.
+   * @param aModifierFlags is expected to contain native modifier values.
+   */
+  void sendNativeTouchpadPan(in unsigned long aEventPhase,
+                             in long aScreenX,
+                             in long aScreenY,
+                             in double aDeltaX,
+                             in double aDeltaY,
+                             in long aModifierFlags,
+                             [optional] in nsIObserver aObserver);
+
+  /**
+   * Clears the SharedStyleSheetCache.
+   */
+  void clearSharedStyleSheetCache();
+
+  /**
+   * Returns the number of stylesheets that have been parsed on this document.
+   * Useful to test caching.
+   */
+  readonly attribute unsigned long parsedStyleSheets;
+
+  /**
+   * See nsIWidget::ActivateNativeMenuItemAt
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   */
+  void activateNativeMenuItemAt(in AString indexString);
+
+  /**
+   * See nsIWidget::ForceUpdateNativeMenuAt
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   */
+  void forceUpdateNativeMenuAt(in AString indexString);
+
+  /**
+   * Returns the current selection as plaintext. Note that the result may be
+   * different from the result of sendQueryContentEvent(QUERY_SELECTED_TEXT).
+   * This result is computed by native API with transferable data. In other
+   * words, when the OS treats the selection as plaintext, it treats current
+   * selection as this result.
+   */
+  AString GetSelectionAsPlaintext();
+
+  /**
+   * Force a garbage collection followed by a cycle collection.
+   *
+   * Will throw a DOM security error if called without chrome privileges in
+   * non-debug builds. Available to all callers in debug builds.
+   *
+   * @param aListener listener that receives information about the CC graph
+   */
+  void garbageCollect([optional] in nsICycleCollectorListener aListener);
+
+  /**
+   * Force a cycle collection without garbage collection.
+   *
+   * Will throw a DOM security error if called without chrome privileges in
+   * non-debug builds. Available to all callers in debug builds.
+   *
+   * @param aListener listener that receives information about the CC graph
+   */
+  void cycleCollect([optional] in nsICycleCollectorListener aListener);
+
+  /**
+   * Trigger whichever GC or CC timer is currently active and waiting to fire.
+   * Don't do this too much for initiating heavy actions, like the start of a IGC.
+   *
+   * @param aReason the reason for the GC, from js/public/GCAPI.h. Defaults to
+   * DOM_WINDOW_UTILS.
+   */
+  void runNextCollectorTimer([optional] in ACString aReason);
+
+  /**
+   * "Poke" the GC: set a timer to run a GC soon (usually 4 seconds), unless
+   * another GC timer has already been set. This is used for testing.
+   *
+   * @param aReason the reason for the GC, from js/public/GCAPI.h. Defaults to
+   * DOM_WINDOW_UTILS.
+   */
+  void pokeGC([optional] in ACString aReason);
+
+  /** Synthesize a simple gesture event for a window. The event types
+   *  supported are: MozSwipeGestureMayStart, MozSwipeGestureStart,
+   *  MozSwipeGestureUpdate, MozSwipeGestureEnd, MozSwipeGesture,
+   *  MozMagnifyGestureStart, MozMagnifyGestureUpdate, MozMagnifyGesture,
+   *  MozRotateGestureStart, MozRotateGestureUpdate, MozRotateGesture,
+   *  MozPressTapGesture, MozTapGesture, and MozEdgeUIGesture.
+   *
+   * Cannot be accessed from unprivileged context (not
+   * content-accessible) Will throw a DOM security error if called
+   * without chrome privileges.
+   *
+   * @param aType event type
+   * @param aX x offset in CSS pixels
+   * @param aY y offset in CSS pixels
+   * @param aDirection direction, using constants defined in SimpleGestureEvent.webidl
+   * @param aDelta  amount of magnification or rotation for magnify and rotation events
+   * @param aModifiers modifiers pressed, using constants defined in Event.webidl
+   * @param aClickCount For tap gestures, the number of taps.
+   */
+  void sendSimpleGestureEvent(in AString aType,
+                              in float aX,
+                              in float aY,
+                              in unsigned long aDirection,
+                              in double aDelta,
+                              in long aModifiers,
+                              [optional] in unsigned long aClickCount);
+
+  /**
+   * Retrieve the element at point aX, aY in the window's document.
+   *
+   * @param aIgnoreRootScrollFrame whether or not to ignore the root scroll
+   *        frame when retrieving the element. If false, this method returns
+   *        null for coordinates outside of the viewport.
+   * @param aFlushLayout flushes layout if true. Otherwise, no flush occurs.
+   */
+  Element elementFromPoint(in float aX,
+                           in float aY,
+                           in boolean aIgnoreRootScrollFrame,
+                           in boolean aFlushLayout);
+
+  /**
+   * Retrieve all nodes that intersect a rect in the window's document.
+   *
+   * @param aX x reference for the rectangle in CSS pixels
+   * @param aY y reference for the rectangle in CSS pixels
+   * @param aTopSize How much to expand up the rectangle
+   * @param aRightSize How much to expand right the rectangle
+   * @param aBottomSize How much to expand down the rectangle
+   * @param aLeftSize How much to expand left the rectangle
+   * @param aIgnoreRootScrollFrame whether or not to ignore the root scroll
+   *        frame when retrieving the element. If false, this method returns
+   *        null for coordinates outside of the viewport.
+   * @param aFlushLayout flushes layout if true. Otherwise, no flush occurs.
+   * @param aOnlyVisible Set to true if you only want nodes that pass a visibility
+   *        hit test.
+   * @param aTransparencyThreshold Only has an effect if aOnlyVisible is true.
+   *        Returns what amount of transparency is considered "opaque enough"
+   *        to consider elements "not visible". The default is effectively "1"
+   *        (so, only opaque elements will stop an element from being
+   *        "visible").
+   */
+  NodeList nodesFromRect(in float aX,
+                         in float aY,
+                         in float aTopSize,
+                         in float aRightSize,
+                         in float aBottomSize,
+                         in float aLeftSize,
+                         in boolean aIgnoreRootScrollFrame,
+                         in boolean aFlushLayout,
+                         in boolean aOnlyVisible,
+                         [optional] in float aTransparencyThreshold);
+
+
+  /**
+   * Get a list of nodes that have meaningful textual content to
+   * be translated. The implementation of this algorithm is in flux
+   * as we experiment and refine which approach works best.
+   *
+   * This method requires chrome privileges.
+   */
+  nsITranslationNodeList getTranslationNodes(in Node aRoot);
+
+  /**
+   * Compare the two canvases, returning the number of differing pixels and
+   * the maximum difference in a channel.  This will throw an error if
+   * the dimensions of the two canvases are different.
+   *
+   * This method requires chrome privileges.
+   */
+  uint32_t compareCanvases(in nsISupports aCanvas1,
+                           in nsISupports aCanvas2,
+                           out unsigned long aMaxDifference);
+
+  /**
+   * Returns true if a MozAfterPaint event has been queued but not yet
+   * fired.
+   */
+  readonly attribute boolean isMozAfterPaintPending;
+
+  /**
+   * Returns true if the InputTaskManager is suspended.
+   */
+  readonly attribute boolean isInputTaskManagerSuspended;
+
+  /**
+   * Suppresses/unsuppresses user initiated event handling in window's document
+   * and subdocuments.
+   *
+   * @throw NS_ERROR_DOM_SECURITY_ERR if called without chrome privileges and
+   *        NS_ERROR_FAILURE if window doesn't have a document.
+   */
+  void suppressEventHandling(in boolean aSuppress);
+
+  /**
+   * Disable or enable non synthetic test mouse events on *all* windows.
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible).
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * @param aDisable  If true, disable all non synthetic test mouse events
+   *               on all windows.  Otherwise, enable them.
+   */
+  void disableNonTestMouseEvents(in boolean aDisable);
+
+  /**
+   * Returns the scroll position of the window's currently loaded document.
+   *
+   * @param aFlushLayout flushes layout if true. Otherwise, no flush occurs.
+   * @see nsIDOMWindow::scrollX/Y
+   */
+  void getScrollXY(in boolean aFlushLayout, out long aScrollX, out long aScrollY);
+
+  /**
+   * Returns the scroll position of the window's currently loaded document.
+   *
+   * @param aFlushLayout flushes layout if true. Otherwise, no flush occurs.
+   * @see nsIDOMWindow::scrollX/Y
+   */
+  void getScrollXYFloat(in boolean aFlushLayout, out float aScrollX, out float aScrollY);
+
+  /**
+   * Returns the scrollbar width of the window's scroll frame.
+   *
+   * @param aFlushLayout flushes layout if true. Otherwise, no flush occurs.
+   */
+  void getScrollbarSize(in boolean aFlushLayout, out long aWidth, out long aHeight);
+
+  /**
+   * Returns the given element's bounds without flushing pending layout changes.
+   */
+  DOMRect getBoundsWithoutFlushing(in Element aElement);
+
+  /**
+   * Scroll the visual viewport to the given coordinates, relative to the
+   * document origin.
+   * Only applicable to the window associated with the root content document.
+   * Note: this does not take effect right away. Rather, the visual scroll
+   *       request is sent to APZ with the next transaction, and will be
+   *       reflected in the main thread with the subsequent APZ repaint request.
+   * Please see the caveats mentioned at PresShell::ScrollToVisual(), and
+   * request APZ review if adding a new call to this.
+   */
+  const long UPDATE_TYPE_RESTORE = 0;
+  const long UPDATE_TYPE_MAIN_THREAD = 1;
+  const long SCROLL_MODE_INSTANT = 0;
+  const long SCROLL_MODE_SMOOTH = 1;
+  void scrollToVisual(in float aOffsetX, in float aOffsetY,
+                      in long aUpdateType, in long aScrollMode);
+
+  /**
+   * Returns the offset of the window's visual viewport relative to the
+   * layout viewport.
+   */
+  void getVisualViewportOffsetRelativeToLayoutViewport(out float aOffsetX,
+                                                       out float aOffsetY);
+
+  /**
+   * Returns the scroll position of the window's visual viewport.
+   */
+  void getVisualViewportOffset(out long aOffsetX, out long aOffsetY);
+
+  /**
+   * Transforms the passed in rect from layout relative coords (relative to
+   * this document) to be is visual coords.
+   */
+  DOMRect transformRectLayoutToVisual(in float aX, in float aY,
+                                      in float aWidth, in float aHeight);
+
+  /**
+   * Transform a rectangle given in coordinates relative to this document
+   * into CSS coordinates relative to the screen.
+   */
+  DOMRect toScreenRectInCSSUnits(in float aX, in float aY,
+                                 in float aWidth, in float aHeight);
+
+  /**
+   * Transform a rectangle given in coordinates relative to this document
+   * to the screen.
+   */
+  DOMRect toScreenRect(in float aX, in float aY,
+                       in float aWidth, in float aHeight);
+
+  /**
+   * Transform a rectangle given in coordinates relative to the top level
+   * parent process widget to the local widget. This window should be in a
+   * child process.
+   */
+  DOMRect convertFromParentProcessWidgetToLocal(in float aX,
+                                                in float aY,
+                                                in float aWidth,
+                                                in float aHeight);
+
+  /**
+   * Sets the maximum height of the dynamic toolbar in Screen pixel units.
+   */
+  [can_run_script]
+  void setDynamicToolbarMaxHeight(in uint32_t aHeightInScreen);
+
+  const long FLUSH_NONE = -1;
+  const long FLUSH_STYLE = 0;
+  const long FLUSH_LAYOUT = 1;
+  const long FLUSH_DISPLAY = 2;
+
+  /**
+   * Returns true if a flush of the given type is needed.
+   */
+  bool needsFlush(in long aFlushtype);
+
+  /**
+   * Flush pending layout-type notification without flushing throttled
+   * animations.
+   */
+  void flushLayoutWithoutThrottledAnimations();
+
+  /**
+   * Returns the bounds of the window's currently loaded document. This will
+   * generally be (0, 0, pageWidth, pageHeight) but in some cases (e.g. RTL
+   * documents) may have a negative left value.
+   */
+  DOMRect getRootBounds();
+
+  /**
+   * Get IME open state. TRUE means 'Open', otherwise, 'Close'.
+   * This property works only when IMEEnabled is IME_STATUS_ENABLED.
+   */
+  readonly attribute boolean IMEIsOpen;
+
+  /**
+   * WARNING: These values must be same as nsIWidget's values.
+   */
+
+  /**
+   * DISABLED means users cannot use IME completely.
+   * Note that this state is *not* same as |ime-mode: disabled;|.
+   */
+  const unsigned long IME_STATUS_DISABLED = 0;
+
+  /**
+   * ENABLED means users can use all functions of IME. This state is same as
+   * |ime-mode: normal;|.
+   */
+  const unsigned long IME_STATUS_ENABLED  = 1;
+
+  /**
+   * PASSWORD means users cannot use most functions of IME. But on GTK2,
+   * users can use "Simple IM" which only supports dead key inputting.
+   * The behavior is same as the behavior of the native password field.
+   * This state is same as |ime-mode: disabled;|.
+   */
+  const unsigned long IME_STATUS_PASSWORD = 2;
+
+  /**
+   * Get IME status, see above IME_STATUS_* definitions.
+   */
+  readonly attribute unsigned long IMEStatus;
+
+  /**
+   * Get the document URI which may be retrieved by native IME.
+   */
+  readonly attribute nsIURI inputContextURI;
+
+  /**
+   * Get whether current input context (including IME status) in the widget
+   * is set by content or not.
+   */
+  const unsigned long INPUT_CONTEXT_ORIGIN_MAIN = 0;
+  const unsigned long INPUT_CONTEXT_ORIGIN_CONTENT = 1;
+  readonly attribute unsigned long inputContextOrigin;
+
+  /**
+   * Get a root node which is observed by IMEContentObserver.
+   */
+  readonly attribute Node nodeObservedByIMEContentObserver;
+
+  /**
+   * Dispatches aEvent as a synthesized trusted event for tests via the
+   * PresShell object of the window's document.
+   * The event is dispatched to aTarget, which should be an object
+   * which implements nsIContent interface (#element, #text, etc).
+   *
+   * Cannot be accessed from unprivileged context (not
+   * content-accessible) Will throw a DOM security error if called
+   * without chrome privileges.
+   *
+   * @note Event handlers won't get aEvent as parameter, but a similar event.
+   *       Also, aEvent should not be reused.
+   */
+  [can_run_script]
+  boolean dispatchDOMEventViaPresShellForTesting(in Node aTarget,
+                                                 in Event aEvent);
+
+  /**
+   * Sets WidgetEvent::mFlags::mOnlyChromeDispatch to true to ensure that
+   * the event is propagated only to chrome.
+   * Event's .target property will be aTarget.
+   * Returns the same value as what EventTarget.dispatchEvent does.
+   */
+  boolean dispatchEventToChromeOnly(in EventTarget aTarget,
+                                    in Event aEvent);
+
+  /**
+   * Returns the real classname (possibly of the mostly-transparent security
+   * wrapper) of aObj.
+   */
+  [implicit_jscontext] string getClassName(in jsval aObject);
+
+  /**
+   * Generate a content command event.
+   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without chrome privileges.
+   *
+   * @param aType Type of command content event to send.  Can be one of "cut",
+   *        "copy", "paste", "delete", "undo", "redo", "insertText" or
+   *        "pasteTransferable".
+   * @param aTransferable an instance of nsITransferable when aType is
+   *        "pasteTransferable"
+   * @param aString The string to be inserted into focused editor when aType is
+   *        "insertText"
+   */
+  void sendContentCommandEvent(in AString aType,
+                               [optional] in nsITransferable aTransferable,
+                               [optional] in AString aString);
+
+  /**
+   * If sendQueryContentEvent()'s aAdditionalFlags argument is
+   * QUERY_CONTENT_FLAG_USE_XP_LINE_BREAK, plain text generated from content
+   * is created with "\n".
+   * Otherwise, platform dependent.  E.g., on Windows, "\r\n" is used.
+   * aOffset and aLength are offset and length in/of the plain text content.
+   * This flag also affects the result values such as offset, length and string.
+   */
+  const unsigned long QUERY_CONTENT_FLAG_USE_NATIVE_LINE_BREAK = 0x0000;
+  const unsigned long QUERY_CONTENT_FLAG_USE_XP_LINE_BREAK     = 0x0001;
+
+  /**
+   * sendQueryContentEvent()'s aAdditionalFlags may have one of following
+   * flags when aType is QUERY_SELECTED_TEXT.  If one of them is set,
+   * the result is the first range of the selection type.  See also
+   * nsISelectionController::SELECTION_*.
+   */
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_SPELLCHECK          = 0x0002;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_IME_RAWINPUT        = 0x0004;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_IME_SELECTEDRAWTEXT = 0x0008;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_IME_CONVERTEDTEXT   = 0x0010;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_IME_SELECTEDCONVERTEDTEXT =
+                                                                         0x0020;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_ACCESSIBILITY       = 0x0040;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_FIND                = 0x0080;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_URLSECONDARY        = 0x0100;
+  const unsigned long QUERY_CONTENT_FLAG_SELECTION_URLSTRIKEOUT        = 0x0200;
+
+  /**
+   * One of sendQueryContentEvent()'s aAdditionalFlags.  If this is specified,
+   * aOffset is relative to start of selection or composition.
+   * Note that this is supported only when QUERY_CONTENT_FLAG_USE_XP_LINE_BREAK
+   * is not specified for now.
+   */
+  const unsigned long QUERY_CONTENT_FLAG_OFFSET_RELATIVE_TO_INSERTION_POINT =
+                                                                         0x0400;
+
+  /**
+   * Synthesize a query content event. Note that the result value returned here
+   * is in LayoutDevice pixels rather than CSS pixels.
+   *
+   * @param aType  One of the following const values.  And see also each comment
+   *               for the other parameters and the result.
+   * @param aAdditionalFlags See the description of QUERY_CONTENT_FLAG_*.
+   */
+  nsIQueryContentEventResult sendQueryContentEvent(
+                               in unsigned long aType,
+                               in long long aOffset,
+                               in unsigned long aLength,
+                               in long aX,
+                               in long aY,
+                               [optional] in unsigned long aAdditionalFlags);
+
+  /**
+   * QUERY_SELECTED_TEXT queries the first selection range's information.
+   *
+   * @param aOffset   Not used.
+   * @param aLength   Not used.
+   * @param aX        Not used.
+   * @param aY        Not used.
+   *
+   * @return offset, reversed and text properties of the result are available.
+   */
+  const unsigned long QUERY_SELECTED_TEXT                       = 3200;
+
+  /**
+   * QUERY_TEXT_CONTENT queries the text at the specified range.
+   *
+   * @param aOffset   The first character's offset.  0 is the first character.
+   * @param aLength   The length of getting text.  If the aLength is too long,
+   *                  the result text is shorter than this value.
+   * @param aX        Not used.
+   * @param aY        Not used.
+   *
+   * @return text property of the result is available.
+   */
+  const unsigned long QUERY_TEXT_CONTENT                        = 3201;
+
+  /**
+   * QUERY_CARET_RECT queries the (collapsed) caret rect of the offset.
+   * If the actual caret is there at the specified offset, this returns the
+   * actual caret rect.  Otherwise, this guesses the caret rect from the
+   * metrics of the text.
+   *
+   * @param aOffset   The caret offset.  0 is the left side of the first
+   *                  caracter in LTR text.
+   * @param aLength   Not used.
+   * @param aX        Not used.
+   * @param aY        Not used.
+   *
+   * @return left, top, width and height properties of the result are available.
+   *         The left and the top properties are offset in the client area of
+   *         the DOM window.
+   */
+  const unsigned long QUERY_CARET_RECT                          = 3203;
+
+  /**
+   * QUERY_TEXT_RECT queries the specified text's rect.
+   *
+   * @param aOffset   The first character's offset.  0 is the first character.
+   * @param aLength   The length of getting text.  If the aLength is too long,
+   *                  the extra length is ignored.
+   * @param aX        Not used.
+   * @param aY        Not used.
+   *
+   * @return left, top, width and height properties of the result are available.
+   *         The left and the top properties are offset in the client area of
+   *         the DOM window.
+   */
+  const unsigned long QUERY_TEXT_RECT                           = 3204;
+
+  /**
+   * QUERY_TEXT_RECT queries the focused editor's rect.
+   *
+   * @param aOffset   Not used.
+   * @param aLength   Not used.
+   * @param aX        Not used.
+   * @param aY        Not used.
+   *
+   * @return left, top, width and height properties of the result are available.
+   */
+  const unsigned long QUERY_EDITOR_RECT                         = 3205;
+
+  /**
+   * QUERY_CHARACTER_AT_POINT queries the character information at the
+   * specified point.  The point is offset in the window.
+   * NOTE: If there are some panels at the point, this method send the query
+   * event to the panel's widget automatically.
+   *
+   * @param aOffset   Not used.
+   * @param aLength   Not used.
+   * @param aX        X offset in the widget.
+   * @param aY        Y offset in the widget.
+   *
+   * @return offset, notFound, left, top, width and height properties of the
+   *         result are available.
+   */
+  const unsigned long QUERY_CHARACTER_AT_POINT                  = 3208;
+
+  /**
+   * QUERY_TEXT_RECT_ARRAY queries the rects per character
+   *
+   * @param aOffset   The first character's offset.  0 is the first character.
+   * @param aLength   The length of getting text.  If the aLength is too long,
+   *                  the extra length is ignored.
+   * @param aX        Not used.
+   * @param aY        Not used.
+   */
+  const unsigned long QUERY_TEXT_RECT_ARRAY                     = 3209;
+
+  /**
+   * Called when the remote child frame has changed its fullscreen state,
+   * when entering fullscreen, and when the origin which is fullscreen changes.
+   * aFrameElement is the iframe element which contains the child-process
+   * fullscreen document.
+   */
+  void remoteFrameFullscreenChanged(in Element aFrameElement);
+
+  /**
+   * Called when the remote frame has popped all fullscreen elements off its
+   * stack, so that the operation can complete on the parent side.
+   */
+  void remoteFrameFullscreenReverted();
+
+  /**
+   * Calls the document to handle any pending fullscreen requests.
+   * It is called when the parent document has entered fullscreen, and
+   * we want to put the current document into fullscreen as well.
+   * The return value indicates whether there is any fullscreen request
+   * handled by this call.
+   */
+  boolean handleFullscreenRequests();
+
+  /**
+   * Called when the child frame has fully exit fullscreen, so that the parent
+   * process can also fully exit.
+   *
+   * @param aDontResoreViewSize false if content view size is restored by
+   *                            original view size that is on entering full
+   *                            screen.
+   */
+  void exitFullscreen([optional] in boolean aDontRestoreViewSize);
+
+  /**
+   * If sendQueryContentEvent()'s aAdditionalFlags argument is
+   * SELECTION_SET_FLAG_USE_NATIVE_LINE_BREAK, aOffset and aLength are offset
+   * and length in/of plain text generated from content is created with "\n".
+   * Otherwise, platform dependent.  E.g., on Windows, "\r\n" is used.
+   */
+  const unsigned long SELECTION_SET_FLAG_USE_NATIVE_LINE_BREAK = 0x0000;
+  const unsigned long SELECTION_SET_FLAG_USE_XP_LINE_BREAK     = 0x0001;
+
+  /**
+   * If SELECTION_SET_FLAG_REVERSE is set, the selection is set from
+   * |aOffset + aLength| to |aOffset|.  Otherwise, it's set from |aOffset| to
+   * |aOffset + aLength|.
+   */
+  const unsigned long SELECTION_SET_FLAG_REVERSE               = 0x0002;
+
+  /**
+   * Synthesize a selection set event to the window.
+   *
+   * This sets the selection as the specified information.
+   * Note that for avoiding unnecessary update from user and web app point of
+   * view, it compares aOffset and aLength with selection cache which is same
+   * as what is notified with NOTIFY_IME_OF_SELECTION_CHANGE.  Therefore, if
+   * the notification is still queued, this works different from user's
+   * scenario.  Therefore, before calling this, the caller should wait at least
+   * 2 animation frames if `Selection` was changed before.
+   *
+   * @param aOffset  The caret offset of the selection start.
+   * @param aLength  The length of the selection.  If this is too long, the
+   *                 extra length is ignored.
+   * @param aAdditionalFlags See the description of SELECTION_SET_FLAG_*.
+   * @return True, if succeeded.  Otherwise, false.
+   */
+  boolean sendSelectionSetEvent(in unsigned long aOffset,
+                                in unsigned long aLength,
+                                [optional] in unsigned long aAdditionalFlags);
+
+  /* Selection behaviors - mirror nsIFrame's nsSelectionAmount constants */
+  const unsigned long SELECT_CHARACTER   = 0;
+  const unsigned long SELECT_CLUSTER     = 1;
+  const unsigned long SELECT_WORD        = 2;
+  const unsigned long SELECT_LINE        = 3;
+  const unsigned long SELECT_BEGINLINE   = 4;
+  const unsigned long SELECT_ENDLINE     = 5;
+  const unsigned long SELECT_PARAGRAPH   = 6;
+  const unsigned long SELECT_WORDNOSPACE = 7;
+
+  /**
+   * Select content at a client point based on a selection behavior if the
+   * underlying content is selectable. Selection will accumulate with any
+   * existing selection, callers should clear selection prior if needed.
+   * May fire selection changed events. Calls nsFrame's SelectByTypeAtPoint.
+   *
+   * @param aX, aY The selection point in client coordinates.
+   * @param aSelectType The selection behavior requested.
+   * @return True if a selection occured, false otherwise.
+   * @throw NS_ERROR_DOM_SECURITY_ERR, NS_ERROR_UNEXPECTED for utils
+   * issues, and NS_ERROR_INVALID_ARG for coordinates that are outside
+   * this window.
+   */
+  [can_run_script]
+  boolean selectAtPoint(in float aX,
+                        in float aY,
+                        in unsigned long aSelectBehavior);
+
+  /**
+   * Perform the equivalent of:
+   *   window.getComputedStyle(aElement, aPseudoElement).
+   *     getPropertyValue(aPropertyName)
+   * except that, when the link whose presence in history is allowed to
+   * influence aElement's style is visited, get the value the property
+   * would have if allowed all properties to change as a result of
+   * :visited selectors (except for cases where getComputedStyle uses
+   * data from the frame).
+   *
+   * This is easier to implement than adding our property restrictions
+   * to this API, and is sufficient for the present testing
+   * requirements (which are essentially testing 'color').
+   */
+  AString getVisitedDependentComputedStyle(in Element aElement,
+                                           in AString aPseudoElement,
+                                           in AString aPropertyName);
+
+  /**
+   * Put the window into a state where scripts are frozen and events
+   * suppressed, for use when the window has launched a modal prompt.
+   */
+  void enterModalState();
+
+  /**
+   * Resume normal window state, where scripts can run and events are
+   * delivered.
+   */
+  void leaveModalState();
+
+  /**
+   * Is the window is in a modal state? [See enterModalState()]
+   */
+  boolean isInModalState();
+
+  /**
+   * Suspend/resume timeouts on this window and its descendant windows.
+   */
+  void suspendTimeouts();
+  void resumeTimeouts();
+
+  /**
+   * What type of layer manager the widget associated with this window is
+   * using. "Basic" is unaccelerated; other types are accelerated. Throws an
+   * error if there is no widget associated with this window.
+   */
+  readonly attribute AString layerManagerType;
+
+  /**
+   * True if the layer manager for the widget associated with this window is
+   * forwarding layers to a remote compositor, false otherwise. Throws an
+   * error if there is no widget associated with this window.
+   */
+  readonly attribute boolean layerManagerRemote;
+
+  /**
+   * True if webrender was requested by the user (via pref or env-var), false
+   * otherwise. Note that this doesn't represent whether or not webrender is
+   * *actually* enabled, just whether or not it was requested.
+   */
+  readonly attribute boolean isWebRenderRequested;
+
+  /**
+   * Returns the current audio backend as a free-form string.
+   */
+  readonly attribute AString currentAudioBackend;
+
+  /**
+   * Returns the max channel counts of the current audio device.
+   */
+  readonly attribute unsigned long currentMaxAudioChannels;
+
+  /**
+   * Returns the mean round trip latency in seconds for the default input and
+   * output device, and the stddev of this latency, as a two element array when
+   * the Promise succeeds.
+   */
+  Promise defaultDevicesRoundTripLatency();
+
+  /**
+   * Returns the preferred sample rate of the current audio device.
+   */
+  readonly attribute unsigned long currentPreferredSampleRate;
+
+  /**
+   * Returns all the audio input/output devices.
+   */
+  const unsigned short AUDIO_INPUT   = 0;
+  const unsigned short AUDIO_OUTPUT  = 1;
+  nsIArray audioDevices(in unsigned short aSide);
+
+  /**
+   * Record (and return) frame-intervals for frames which were presented
+   *   between calling StartFrameTimeRecording and StopFrameTimeRecording.
+   *
+   * - Uses a cyclic buffer and serves concurrent consumers, so if Stop is called too late
+   *     (elements were overwritten since Start), result is considered invalid and hence empty.
+   * - Buffer is capable of holding 10 seconds @ 60fps (or more if frames were less frequent).
+   *     Can be changed (up to 1 hour) via pref: toolkit.framesRecording.bufferSize.
+   * - Note: the first frame-interval may be longer than expected because last frame
+   *     might have been presented some time before calling StartFrameTimeRecording.
+   */
+
+  /**
+   * Returns a handle which represents current recording start position.
+   */
+  void startFrameTimeRecording([retval] out unsigned long startIndex);
+
+  /**
+   * Returns array of frame intervals since the time when the given startIndex
+   * was handed out from startFrameTimeRecording.
+   */
+  Array<float> stopFrameTimeRecording(in unsigned long startIndex);
+
+  /**
+   * The DPI of the display
+   */
+  readonly attribute float displayDPI;
+
+  /**
+   * advanceTimeAndRefresh allows the caller to take over the refresh
+   * driver timing for a window.  A call to advanceTimeAndRefresh does
+   * three things:
+   *  (1) It marks the refresh driver for this presentation so that it
+   *      no longer refreshes on its own, but is instead driven entirely
+   *      by the caller (except for the refresh that happens when a
+   *      document comes out of the bfcache).
+   *  (2) It advances the refresh driver's current refresh time by the
+   *      argument given.  Negative advances are permitted.
+   *  (3) It does a refresh (i.e., notifies refresh observers) at that
+   *      new time.
+   *
+   * Note that this affects other connected docshells of the same type
+   * in the same docshell tree, such as parent frames.
+   *
+   * When callers have completed their use of advanceTimeAndRefresh,
+   * they must call restoreNormalRefresh.
+   */
+  void advanceTimeAndRefresh(in long long aMilliseconds);
+
+  /**
+   * Undoes the effects of advanceTimeAndRefresh.
+   */
+  void restoreNormalRefresh();
+
+  /**
+   * Reports whether the current state is test-controlled refreshes
+   * (see advanceTimeAndRefresh and restoreNormalRefresh above).
+   */
+  readonly attribute bool isTestControllingRefreshes;
+
+  /**
+   * Reports whether APZ is enabled on the widget that this window is attached
+   * to. If there is no widget it will report the default platform value of
+   * whether or not APZ is enabled.
+   */
+  readonly attribute bool asyncPanZoomEnabled;
+
+  /**
+   * Set async scroll offset on an element. The next composite will render
+   * with that offset if async scrolling is enabled, and then the offset
+   * will be removed. Only call this while test-controlled refreshes is enabled.
+   */
+  void setAsyncScrollOffset(in Element aElement, in float aX, in float aY);
+
+  /**
+   * Set async zoom value. aRootElement should be the document element of our
+   * document. The next composite will render with that zoom added to any
+   * existing zoom if async scrolling is enabled, and then the zoom will be
+   * removed. Only call this while test-controlled refreshes is enabled.
+   */
+  void setAsyncZoom(in Element aRootElement, in float aValue);
+
+  /**
+   * Do a round-trip to the compositor to ensure any pending APZ repaint requests
+   * get flushed to the main thread. If the function returns true, the flush was
+   * triggered and an "apz-repaints-flushed" notification will be dispatched via
+   * the observer service once the flush is complete. If the function returns
+   * false, an error occurred or a flush is not needed, and the notification
+   * will not fire. This is intended to be used by test code only!
+   */
+  bool flushApzRepaints();
+
+  /**
+   * Sets a flag on the element to forcibly disable APZ on it. This affects
+   * the result of nsLayoutUtils::ShouldDisableApzForElement when called on
+   * this element. This function also schedules a repaint to ensure that the
+   * change takes effect. Note that this is not reversible; it is intended for
+   * use by test code only.
+   */
+  void disableApzForElement(in Element aElement);
+
+  /**
+   * Ask APZ to pan and zoom to the focused input element.
+   */
+  [can_run_script] void zoomToFocusedInput();
+
+  /**
+   * Method for testing StyleAnimationValue::ComputeDistance.
+   *
+   * Returns the distance between the two values as reported by
+   * StyleAnimationValue::ComputeDistance for the given element and
+   * property.
+   */
+  double computeAnimationDistance(in Element element,
+                                  in AString property,
+                                  in AString value1,
+                                  in AString value2);
+
+  /**
+   * Returns the computed style for the specified property of given pseudo type
+   * on the given element after removing styles from declarative animations.
+   * @param aElement - A target element
+   * @param aPseudoElement - A pseudo type (e.g. '::before' or null)
+   * @param aProperty - A longhand CSS property (e.g. 'background-color')
+   * @param aFlushType - FLUSH_NONE if any pending styles should not happen,
+   *                     FLUSH_STYLE to flush pending styles.
+   */
+  AString getUnanimatedComputedStyle(in Element aElement,
+                                     in AString aPseudoElement,
+                                     in AString aProperty,
+                                     in long aFlushType);
+
+  /**
+   * Returns the effective canvas background color for the window.
+   */
+  readonly attribute AString canvasBackgroundColor;
+
+  /**
+   * Get the type of the currently focused html input, if any.
+   */
+  readonly attribute AString focusedInputType;
+
+  /**
+   * Get the action hint of the currently focused html input, if any.
+   */
+  readonly attribute AString focusedActionHint;
+
+  /**
+   * Get the inputmode of the currently focused editing host, if any.
+   */
+  readonly attribute AString focusedInputMode;
+
+  /**
+   * Get the autocapitalize of the currently focused editing host, if any.
+   */
+  readonly attribute AString focusedAutocapitalize;
+
+  /**
+   * Find the view ID for a given element. This is the reverse of
+   * findElementWithViewId().
+   */
+  nsViewID getViewId(in Element aElement);
+
+  /**
+   * Check if any PaintedLayer painting has been done for this element,
+   * clears the painted flags if they have.
+   */
+  boolean checkAndClearPaintedState(in Element aElement);
+
+  /**
+   * Check if any display list building has been done for this element,
+   * clears the display list flags if they have.
+   */
+  boolean checkAndClearDisplayListState(in Element aElement);
+
+  /**
+   * Check whether all display items of the primary frame of aElement have been
+   * assigned to the same single PaintedLayer in the last paint. If that is the
+   * case, returns whether that PaintedLayer is opaque; if it's not the case, an
+   * exception is thrown.
+   */
+  boolean isPartOfOpaqueLayer(in Element aElement);
+
+  /**
+   * Count the number of different PaintedLayers that the supplied elements have
+   * been assigned to in the last paint. Throws an exception if any of the
+   * elements doesn't have a primary frame, or if that frame's display items are
+   * assigned to any other layers than just a single PaintedLayer per element.
+   */
+  unsigned long numberOfAssignedPaintedLayers(in Array<Element> aElements);
+
+  /**
+   * Get internal id of the stored blob, file or file handle.
+   */
+  [implicit_jscontext] long long getFileId(in jsval aFile);
+
+  /**
+   * Get internal file path of the stored file or file handle.
+   *
+   * TODO: File handle objects are actually not supported at the moment.
+   */
+  [implicit_jscontext] AString getFilePath(in jsval aFile);
+
+  /**
+   * Get file ref count info for given database and file id.
+   */
+  boolean getFileReferences(in AString aDatabaseName, in long long aId,
+                            [optional] out long aRefCnt,
+                            [optional] out long aDBRefCnt);
+
+  void flushPendingFileDeletions();
+
+  /**
+   * Begin opcode-level profiling of all JavaScript execution in the window's
+   * runtime.
+   */
+  [implicit_jscontext]
+  void startPCCountProfiling();
+
+  /**
+   * Stop opcode-level profiling of JavaScript execution in the runtime, and
+   * collect all counts for use by getPCCount methods.
+   */
+  [implicit_jscontext]
+  void stopPCCountProfiling();
+
+  /**
+   * Purge collected PC counters.
+   */
+  [implicit_jscontext]
+  void purgePCCounts();
+
+  /**
+   * Get the number of scripts with opcode-level profiling information.
+   */
+  [implicit_jscontext]
+  long getPCCountScriptCount();
+
+  /**
+   * Get a JSON string for a short summary of a script and the PC counts
+   * accumulated for it.
+   */
+  [implicit_jscontext]
+  AString getPCCountScriptSummary(in long script);
+
+  /**
+   * Get a JSON string with full information about a profiled script,
+   * including the decompilation of the script and placement of decompiled
+   * operations within it, and PC counts for each operation.
+   */
+  [implicit_jscontext]
+  AString getPCCountScriptContents(in long script);
+
+  /**
+   * Returns true if painting is suppressed for this window and false
+   * otherwise.
+   */
+  readonly attribute boolean paintingSuppressed;
+
+  /**
+   * Set the viewport size for the purposes of clamping scroll positions for
+   * the root scroll frame of this document to be (aWidth,aHeight) in CSS pixels.
+   *
+   * The caller of this method must have chrome privileges.
+   */
+  void setVisualViewportSize(in float aWidth, in float aHeight);
+
+  /**
+   * These are used to control whether dialogs (alert, prompt, confirm) are
+   * allowed, and to reset the inernal state that controls whether dialogs
+   * are currently blocked or not.
+   */
+  void disableDialogs();
+  void enableDialogs();
+  bool areDialogsEnabled();
+  void resetDialogAbuseState();
+
+  const unsigned long AGENT_SHEET = 0;
+  const unsigned long USER_SHEET = 1;
+  const unsigned long AUTHOR_SHEET = 2;
+  /**
+   * Synchronously loads a style sheet from |sheetURI| and adds it to the list
+   * of additional style sheets of the document.
+   *
+   * These additional style sheets are very much like user/agent sheets loaded
+   * with loadAndRegisterSheet. The only difference is that they are applied only
+   * on the document owned by this window.
+   *
+   * Sheets added via this API take effect immediately on the document.
+   */
+  void loadSheet(in nsIURI sheetURI, in unsigned long type);
+
+  /**
+   * Same as the above method but allows passing the URI as a string.
+   */
+  void loadSheetUsingURIString(in ACString sheetURI, in unsigned long type);
+
+  /**
+   * Adds a style sheet to the list of additional style sheets of the document.
+   *
+   * Style sheets can be preloaded with nsIStyleSheetService.preloadSheet.
+   *
+   * Sheets added via this API take effect immediately on the document.
+   */
+  void addSheet(in nsIPreloadedStyleSheet sheet, in unsigned long type);
+
+  /**
+   * Remove the document style sheet at |sheetURI| from the list of additional
+   * style sheets of the document.  The removal takes effect immediately.
+   */
+  void removeSheet(in nsIURI sheetURI, in unsigned long type);
+
+  /**
+   * Same as the above method but allows passing the URI as a string.
+   */
+  void removeSheetUsingURIString(in ACString sheetURI, in unsigned long type);
+
+  /**
+   * Returns true if a user input is being handled.
+   *
+   * This calls EventStateManager::IsHandlingUserInput().
+   */
+  readonly attribute boolean isHandlingUserInput;
+
+  /**
+   * Returns milliseconds elapsed since last user input was started.
+   * Returns -1 if there wasn't any previous user input.
+   *
+   * This relies on EventStateManager::LatestUserInputStart()
+   */
+  readonly attribute double millisSinceLastUserInput;
+
+  /**
+   * After calling the method, the window for which this DOMWindowUtils
+   * was created can be closed using scripts.
+   */
+  void allowScriptsToClose();
+
+  /**
+   * Is the parent window's main widget visible?  If it isn't, we probably
+   * don't want to display any dialogs etc it may request.  This corresponds
+   * to the visibility check in nsWindowWatcher::OpenWindowInternal().
+   *
+   * Will throw a DOM security error if called without chrome privileges or
+   * NS_ERROR_NOT_AVAILABLE in the unlikely event that the parent window's
+   * main widget can't be reached.
+   */
+  readonly attribute boolean isParentWindowMainWidgetVisible;
+
+  /**
+   * In certain cases the event handling of nodes, form controls in practice,
+   * may be disabled. Such cases are for example the existence of disabled
+   * attribute or -moz-user-input: none.
+   */
+  boolean isNodeDisabledForEvents(in Node aNode);
+
+  /*
+   * Returns the value of a given property animated on the compositor thread.
+   * If the property is NOT currently being animated on the compositor thread,
+   * returns an empty string.
+   * NOTE: Do not use this function for elements that there was another
+   * animation running on the compositor before.
+   */
+  AString getOMTAStyle(in Element aElement, in AString aProperty,
+                       [optional] in AString aPseudoElement);
+
+  /*
+   * Returns true if the given animation is being tracked by the pending
+   * animation tracker for the current document.
+   */
+  bool isAnimationInPendingTracker(in Animation aAnimation);
+
+  /**
+   * If aHandlingInput is true, this informs the event state manager that
+   * we're handling user input, and provides transient user activation.
+   * Otherwise, this is a no-op (as by default we're not handling user input).
+   * Remember to call destruct() on the return value!
+   * See also nsIDOMWindowUtils::isHandlingUserInput.
+   */
+  nsIJSRAIIHelper setHandlingUserInput(in boolean aHandlingInput);
+
+  /**
+   * Returns true if a keyboard event qualifies as "user activity" such that
+   * it would mark the document with the ChromeOnly userHasInteracted
+   * property.
+   */
+  bool isKeyboardEventUserActivity(in Event aKeyboardEvent);
+
+  /**
+   * Get the content- and compositor-side APZ test data instances.
+   * The return values are of type APZTestData (see APZTestData.webidl).
+   */
+  [implicit_jscontext] jsval getContentAPZTestData();
+  [implicit_jscontext] jsval getCompositorAPZTestData();
+
+  /**
+   * Posts an RestyleHint::RESTYLE_SELF restyle event for the given element.
+   */
+  void postRestyleSelfEvent(in Element aElement);
+
+  /**
+   * This method doesn't do anything useful.  It was solely added for the
+   * purpose of the test for bug 503926.
+   */
+  void xpconnectArgument(in nsISupports aObj);
+
+  /**
+   * Helper for JS components that need to send permission requests with
+   * e10s support properly.
+   */
+  void askPermission(in nsIContentPermissionRequest aRequest);
+
+  /**
+   * Restyle generation for the current document.
+   *
+   * May throw NS_ERROR_NOT_AVAILABLE.
+   */
+  readonly attribute unsigned long long restyleGeneration;
+
+  /**
+   * Number of frames constructed (excluding breaking) for the curent
+   * document.
+   *
+   * May throw NS_ERROR_NOT_AVAILABLE.
+   */
+  readonly attribute unsigned long long framesConstructed;
+
+  /**
+   * Number of frames reflowed for the curent document.
+   *
+   * May throw NS_ERROR_NOT_AVAILABLE.
+   */
+  readonly attribute unsigned long long framesReflowed;
+
+  /**
+   * Indicates whether the current frame's refresh driver has a pending tick,
+   * as reported by nsRefreshDriver::HasPendingTick.
+   *
+   * May throw NS_ERROR_NOT_AVAILABLE.
+   */
+  readonly attribute bool refreshDriverHasPendingTick;
+
+  /**
+   * Controls the amount of chrome that should be visible on each side of
+   * the window. Works like the chromemargin xul:window attribute.
+   * This should only be used with non-XUL windows.
+   */
+  void setChromeMargin(in int32_t aTop,
+                       in int32_t aRight,
+                       in int32_t aBottom,
+                       in int32_t aLeft);
+
+  /**
+   * Controls the amount of space on each edge of the window that can be
+   * dragged to resize the window in that direction.
+   *
+   * @param aResizeMargin  In CSS pixels, will apply to all four window sides.
+   */
+  void setResizeMargin(in int32_t aResizeMargin);
+
+  /**
+   * Returns a JSObject which contains a list of frame uniformities
+   * when the pref gfx.vsync.collect-scroll-data is enabled.
+   * Every result contains a layer address and a frame uniformity for that layer.
+   * A negative frame uniformity value indicates an invalid frame uniformity and an error has occured.
+   */
+  [implicit_jscontext] jsval getFrameUniformityTestData();
+
+  /*
+   * Increase the chaos mode activation level. An equivalent number of
+   * calls to leaveChaosMode must be made in order to restore the original
+   * chaos mode state. If the activation level is nonzero all chaos mode
+   * features are activated.
+   */
+  void enterChaosMode();
+
+  /**
+   * Decrease the chaos mode activation level. See enterChaosMode().
+   */
+  void leaveChaosMode();
+
+  /**
+   * Alerts Gecko of a device reset
+   */
+  void triggerDeviceReset();
+
+  /**
+   * Returns whether the document's style set's rule processor for the
+   * specified level of the cascade is shared by multiple style sets.
+   * (Used by tests to ensure that certain optimizations do not regress.)
+   *
+   * @param aSheetType One of the nsIStyleSheetService.*_SHEET constants.
+   */
+  bool hasRuleProcessorUsedByMultipleStyleSets(in unsigned long aSheetType);
+
+  /**
+   * Enable or disable displayport suppression. This is intended to be used by
+   * testing code, to provide more deterministic behaviour over the displayport
+   * suppression during tests. Note that this updates a flag, so whatever value
+   * was last provided is what will be used.
+   */
+  void respectDisplayPortSuppression(in boolean aEnabled);
+
+  /**
+   * Set a flag that forces the next reflow interrupt check to return true. This
+   * can be used by tests to force execution of the interrupted reflow codepaths.
+   */
+  void forceReflowInterrupt();
+
+  /**
+   * Terminate the GPU process. Used for testing GPU process restarts.
+   */
+  void terminateGPUProcess();
+
+  /**
+    * Returns the GPU process pid, or -1 if there is no GPU process.
+    */
+  readonly attribute int32_t gpuProcessPid;
+
+  /**
+   * Adds an ElementState bit to the element.
+   *
+   * The state string must be one of the following:
+   *   * (none yet; but for example "higlighted" for ElementState::HIGHLIGHTED)
+   *
+   * The supported state strings are defined in kManuallyManagedStates
+   * in nsDOMWindowUtils.cpp.
+   */
+  void addManuallyManagedState(in Element element,
+                               in AString state);
+
+  /**
+   * Removes the specified ElementState bits from the element.
+   *
+   * See above for the strings that can be passed for |state|.
+   */
+  void removeManuallyManagedState(in Element element,
+                                  in AString state);
+
+  /**
+   * Returns usage data for a given storage object.
+   *
+   * @param aStorage
+   *    The storage object to get usage data for.
+   */
+  int64_t getStorageUsage(in Storage aStorage);
+
+  /**
+   * Returns the directionality of a string using the first-strong character
+   * algorithm defined in http://unicode.org/reports/tr9/#P2.
+   *
+   * @param aString the string to retrieve the direction for.
+   * @return one of DIRECTION_LTR, DIRECTION_RTL or DIRECTION_NOT_SET depending
+   *         on the first-strong character found in the string.
+   */
+  long getDirectionFromText(in AString aString);
+
+  /**
+   * Calls FrameNeedsReflow on that root frame so that a layout flush
+   * will be necessary.
+   *
+   * This should only be used for testing.
+   */
+  void ensureDirtyRootFrame();
+
+  /**
+   * Capture the contents of the current WebRender frame and
+   * save them to a folder relative to the current working directory.
+   */
+  void wrCapture();
+
+  /**
+   * Flag bits for use in |wrStartCaptureSequence|'s |aFlags| argument.
+   */
+  const uint32_t WR_CAPTURE_SCENE = 0x1;
+  const uint32_t WR_CAPTURE_FRAME = 0x2;
+  const uint32_t WR_CAPTURE_TILE_CACHE = 0x4;
+  const uint32_t WR_CAPTURE_EXTERNAL_RESOURCES = 0x8;
+
+  /**
+   * Start capturing each WebRender frame to disk.
+   *
+   * |aPath| is the name of a new directory to be created to hold the captures.
+   * it is relative to:
+   * - the |PUBLIC_STORAGE| environment variable, if set, else
+   * - the |MOZ_UPLOAD_DIR| environment variable, if set, else
+   * - the user's home directory, if known, else
+   * the current directory.
+   *
+   * If there is already a directory with the given name, a numeric suffix is
+   * added to ensure a fresh directory is created. This means that you can't
+   * be sure your capture directory is actually named |aPath|.
+   *
+   * |aFlags| is a set of flags from |webrender::render_api::CaptureBits|.
+   *
+   * If there is already a sequence capture in progress, stop it and start a new
+   * one, with the new path and flags.
+   */
+  void wrStartCaptureSequence(in ACString aPath, in uint32_t aFlags);
+
+  /**
+   * Stop a capture begun with |wrStartCaptureSequence|.
+   */
+  void wrStopCaptureSequence();
+
+  /**
+   * Toggle recording of composition on and off.
+   *
+   * This is equivalent to calling |startCompositionRecorder()| or
+   * |stopCompositionRecorder(true)|.
+   */
+  Promise setCompositionRecording(in boolean aValue);
+
+  /**
+   * Start the composition recorder.
+   *
+   * @return A promise that is resolved to true if the composion recorder was
+   *         started successfully.
+   */
+  Promise startCompositionRecording();
+
+  /**
+   * Stop the composition recorder.
+   *
+   * @param aWriteToDisk Whether or not the frames should be written to disk.
+   *                     If false, they will be returned in the promise.
+   * @return A promise that resolves when the frames have been collected.
+   *         When |aWriteToDisk| is true, the promise will resolve to |undefined|.
+   *         Otherwise, the promise will resolve to a |DOMCollectedFrames| dictionary,
+   *         which contains the timestamps and contents of the captured frames.
+   */
+  Promise stopCompositionRecording(in boolean aWriteToDisk);
+
+  /**
+   * Returns whether the document we're associated to has recorded a given CSS
+   * property via the use counter mechanism.
+   *
+   * Throws if there's no document or the property is invalid.
+   */
+  bool isCssPropertyRecordedInUseCounter(in ACString aProperty);
+
+  /**
+   * Calls SetInitialViewport on the MobileViewportManager, which effectively
+   * causes it to refresh all of its internal state and update things that
+   * need updating.
+   */
+  void resetMobileViewportManager();
+
+  bool isCoepCredentialless();
+
+  /**
+   * Change the DPI setting for the primary monitor.
+   * This setHiDPIMode and restoreHiDPIMode below are only available on debug
+   * builds since these APIs are supposed to be used in tests.
+   *
+   * Note that on Mac, this API doesn't change the system DPI setting, rather it
+   * changes our internal state of DPI settings, thus it will not invoke the
+   * exact same stuff when the system DPI setting is changed.
+   *
+   */
+  void setHiDPIMode(in boolean aHiDPI);
+  /**
+   * Restore the modified HiDPI mode.
+   */
+  void restoreHiDPIMode();
+
+  /**
+   * NOTE: Currently works only on GTK+.
+   */
+  attribute ACString systemFont;
+
+  /**
+   * Returns the number of times this document for this window has
+   * been painted to the screen.
+   */
+  readonly attribute unsigned long long paintCount;
+
+  // These consts are only for testing purposes.
+  const long DEFAULT_MOUSE_POINTER_ID = 0;
+  const long DEFAULT_PEN_POINTER_ID   = 1;
+  const long DEFAULT_TOUCH_POINTER_ID = 2;
+
+  // Match mozilla::MouseButton.
+  const long MOUSE_BUTTON_LEFT_BUTTON   = 0;
+  const long MOUSE_BUTTON_MIDDLE_BUTTON = 1;
+  const long MOUSE_BUTTON_RIGHT_BUTTON  = 2;
+
+  // Match mozilla::MouseButtonsFlag.
+  const long MOUSE_BUTTONS_NO_BUTTON = 0x00;
+  const long MOUSE_BUTTONS_LEFT_BUTTON = 0x01;
+  const long MOUSE_BUTTONS_RIGHT_BUTTON = 0x02;
+  const long MOUSE_BUTTONS_MIDDLE_BUTTON = 0x04;
+  // Typically, "back" button being left side of 5-button
+  // mice, see "buttons" attribute document of DOM3 Events.
+  const long MOUSE_BUTTONS_4TH_BUTTON = 0x08;
+  // Typically, "forward" button being right side of 5-button
+  // mice, see "buttons" attribute document of DOM3 Events.
+  const long MOUSE_BUTTONS_5TH_BUTTON = 0x10;
+  // Buttons are not specified, will be calculated from |aButton|.
+  const long MOUSE_BUTTONS_NOT_SPECIFIED = -1;
+
+  // Return values for getDirectionFromText().
+  const long DIRECTION_LTR = 0;
+  const long DIRECTION_RTL = 1;
+  const long DIRECTION_NOT_SET = 2;
+
+  void syncFlushCompositor();
+
+  unsigned long long getLayersId();
+
+  // Returns true if we are effectively throttling frame requests.
+  readonly attribute bool effectivelyThrottlesFrameRequests;
+
+  // Returns the ID for the underlying window widget, which can
+  // be compared against the rawId from a nsIMediaDevice to determine
+  // if the window is being shared.
+  //
+  // Using this only makes sense in the parent process, and the function
+  // will intentionally crash any non-parent process that tries to access
+  // it.
+  readonly attribute AString webrtcRawDeviceId;
+
+  // Used for testing to check the suspend status.
+  readonly attribute bool suspendedByBrowsingContextGroup;
+
+  // Whether there's any scroll-linked effect in this document. This is only
+  // meaningful after the script in question tried to mutate something in a
+  // scroll event callback until the next refresh driver tick happens.
+  //
+  // See https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
+  // about scroll-linked effects.
+  readonly attribute bool hasScrollLinkedEffect;
+
+  // Returns the current orientation lock value in browsing context.
+  // This value is defined in hal/HalScreenConfiguration.h
+  readonly attribute uint32_t orientationLock;
+
+  // Returns an element currently scrolling by wheel.
+  Element getWheelScrollTarget();
+};
+
+[scriptable, uuid(c694e359-7227-4392-a138-33c0cc1f15a6)]
+interface nsITranslationNodeList : nsISupports {
+  readonly attribute unsigned long length;
+  Node item(in unsigned long index);
+
+  // A translation root is a block element, or an inline element
+  // which its parent is not a translation node.
+  boolean isTranslationRootAtIndex(in unsigned long index);
+};
+
+/**
+ * JS doesn't do RAII very well. We can use this interface to make remembering
+ * to destruct an object in a finally clause easier.
+ */
+[scriptable, uuid(52e5a996-d0a9-4efc-a6fa-24489c532b19)]
+interface nsIJSRAIIHelper : nsISupports {
+  void destruct();
+};
diff --git a/dom/interfaces/base/nsIFocusManager.idl b/dom/interfaces/base/nsIFocusManager.idl
new file mode 100644
index 0000000000..b27fb3e279
--- /dev/null
+++ b/dom/interfaces/base/nsIFocusManager.idl
@@ -0,0 +1,282 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+
+interface mozIDOMWindowProxy;
+
+webidl BrowsingContext;
+webidl Document;
+webidl Element;
+
+native CallerType(mozilla::dom::CallerType);
+
+/**
+ * The focus manager deals with all focus related behaviour. Only one element
+ * in the entire application may have the focus at a time; this element
+ * receives any keyboard events. While there is only one application-wide
+ * focused element, each nsIDOMWindow maintains a reference to the element
+ * that would be focused if the window was active.
+ *
+ * If the window's reference is to a frame element (iframe, browser,
+ * editor), then the child window contains the element that is currently
+ * focused. If the window's reference is to a root element, then the root is
+ * focused. If a window's reference is null, then no element is focused, yet
+ * the window is still focused.
+ *
+ * The blur event is fired on an element when it loses the application focus.
+ * After this blur event, if the focus is moving away from a document, two
+ * additional blur events are fired on the old document and window containing
+ * the focus respectively.
+ *
+ * When a new document is focused, two focus events are fired on the new
+ * document and window respectively. Then the focus event is fired on an
+ * element when it gains the application focus.
+ *
+ * A special case is that the root element may be focused, yet does not
+ * receive the element focus and blur events. Instead a focus outline may be
+ * drawn around the document.
+ *
+ * Blur and focus events do not bubble as per the W3C DOM Events spec.
+ */
+[scriptable, uuid(86e1f1e1-365d-493b-b52a-a649f3f311dc)]
+interface nsIFocusManager : nsISupports
+{
+  /**
+   * The most active (frontmost) window, or null if no window that is part of
+   * the application is active. Do not use outside the parent process.
+   */
+  readonly attribute mozIDOMWindowProxy activeWindow;
+
+  /**
+   * In the parent process: The BrowsingContext corresponding to activeWindow.
+   * In content processes: The top-level Web content browsing context that
+   * focus is in if the application is active and focus is in Web content.
+   */
+  readonly attribute BrowsingContext activeBrowsingContext;
+
+  /**
+   * The child window within the activeWindow that is focused. This will
+   * always be activeWindow, a child window of activeWindow or null if no
+   * child window is focused. Setting the focusedWindow changes the focused
+   * window and raises the toplevel window it is in. If the current focus
+   * within the new focusedWindow is a frame element, then the focusedWindow
+   * will actually be set to the child window and the current element within
+   * that set as the focused element. This process repeats downwards until a
+   * non-frame element is found.
+   * The setter for this attribute defaults to CallerType::System.
+   * If focus is in another process, this is null in content processes and
+   * the closest ancestor in the parent process.
+   */
+  [setter_can_run_script]
+  attribute mozIDOMWindowProxy focusedWindow;
+
+  /**
+   * Parent-process only: The content BrowsingContext that currently has focus,
+   * if any. Note this can be different from activeBrowsingContext in the case
+   * of subframes.
+   */
+  readonly attribute BrowsingContext focusedContentBrowsingContext;
+
+  /**
+   * The element that is currently focused. This will always be an element
+   * within the document loaded in focusedWindow or null if no element in that
+   * document is focused.
+   */
+  readonly attribute Element focusedElement;
+
+  /**
+   * Returns the method that was used to focus the element in window. This
+   * will either be 0, FLAG_BYMOUSE or FLAG_BYKEY. If window is null, then
+   * the current focusedWindow will be used by default. This has the result
+   * of retrieving the method that was used to focus the currently focused
+   * element.
+   */
+  uint32_t getLastFocusMethod(in mozIDOMWindowProxy window);
+
+  /**
+   * Changes the focused element reference within the window containing
+   * aElement to aElement or potentially redirects it to an anonymous
+   * descendant of it (e.g., for `<input type="number">` the focus is redirected
+   * to its descendant `<input type="text">`).
+   */
+  [can_run_script]
+  void setFocus(in Element aElement, in unsigned long aFlags);
+
+  /**
+   * Move the focus to another element. If aStartElement is specified, then
+   * movement is done relative to aStartElement. If aStartElement is null,
+   * then movement is done relative to the currently focused element. If no
+   * element is focused, focus the first focusable element within the
+   * document (or the last focusable element if aType is MOVEFOCUS_END). This
+   * method is equivalent to setting the focusedElement to the new element.
+   *
+   * Specifying aStartElement and using MOVEFOCUS_LAST is not currently
+   * implemented.
+   *
+   * If no element is found, and aType is either MOVEFOCUS_ROOT or
+   * MOVEFOCUS_CARET, then the focus is cleared. If aType is any other value,
+   * the focus is not changed.
+   *
+   * Returns the element that was focused (see setFocus). The return value
+   * may be null if focus was moved into a child process.
+   */
+  Element moveFocus(in mozIDOMWindowProxy aWindow,
+                    in Element aStartElement,
+                    in unsigned long aType, in unsigned long aFlags);
+
+  /**
+   * Clears the focused element within aWindow. If the current focusedWindow
+   * is a descendant of aWindow, sets the current focusedWindow to aWindow.
+   *
+   * @throws NS_ERROR_INVALID_ARG if aWindow is null
+   */
+  [can_run_script]
+  void clearFocus(in mozIDOMWindowProxy aWindow);
+
+  /**
+   * Returns the currently focused element within aWindow. If aWindow is equal
+   * to the current value of focusedWindow, then the returned element will be
+   * the application-wide focused element (the value of focusedElement). The
+   * return value will be null if no element is focused.
+   *
+   * If aDeep is true, then child frames are traversed and the return value
+   * may be the element within a child descendant window that is focused. If
+   * aDeep if false, then the return value will be the frame element if the
+   * focus is in a child frame.
+   *
+   * aFocusedWindow will be set to the currently focused descendant window of
+   * aWindow, or to aWindow if aDeep is false. This will be set even if no
+   * element is focused.
+   *
+   * @throws NS_ERROR_INVALID_ARG if aWindow is null
+   */
+  Element getFocusedElementForWindow(in mozIDOMWindowProxy aWindow,
+                                     in boolean aDeep,
+                                     out mozIDOMWindowProxy aFocusedWindow);
+
+  /**
+   * Moves the selection caret within aWindow to the current focus.
+   */
+  [can_run_script]
+  void moveCaretToFocus(in mozIDOMWindowProxy aWindow);
+
+  /***
+   * Check if given element (or potentially a descendant, see setFocus) is
+   * focusable.
+   */
+  [can_run_script]
+  boolean elementIsFocusable(in Element aElement, in unsigned long aFlags);
+
+  /*
+   * Raise the window when switching focus
+   */
+  const unsigned long FLAG_RAISE = 1;
+
+  /**
+   * Do not scroll the element to focus into view.
+   */
+  const unsigned long FLAG_NOSCROLL = 2;
+
+  /**
+   * If attempting to change focus in a window that is not focused, do not
+   * switch focus to that window. Instead, just update the focus within that
+   * window and leave the application focus as is. This flag will have no
+   * effect if a child window is focused and an attempt is made to adjust the
+   * focus in an ancestor, as the frame must be switched in this case.
+   */
+  const unsigned long FLAG_NOSWITCHFRAME = 4;
+
+  /**
+   * This flag is only used when passed to moveFocus. If set, focus is never
+   * moved to the parent frame of the starting element's document, instead
+   * iterating around to the beginning of that document again. Child frames
+   * are navigated as normal.
+   */
+  const unsigned long FLAG_NOPARENTFRAME = 8;
+
+  /**
+   * This flag is used for window and element focus operations to signal
+   * wether the caller is system or non system.
+   */
+  const unsigned long FLAG_NONSYSTEMCALLER = 16;
+
+  /**
+   * Focus is changing due to a mouse operation, for instance the mouse was
+   * clicked on an element.
+   */
+  const unsigned long FLAG_BYMOUSE = 0x1000;
+
+  /**
+   * Focus is changing due to a key operation, for instance pressing the tab
+   * key. This flag would normally be passed when MOVEFOCUS_FORWARD or
+   * MOVEFOCUS_BACKWARD is used.
+   */
+  const unsigned long FLAG_BYKEY = 0x2000;
+
+  /**
+   * Focus is changing due to a call to MoveFocus. This flag will be implied
+   * when MoveFocus is called except when one of the other mechanisms (mouse
+   * or key) is specified, or when the type is MOVEFOCUS_ROOT or
+   * MOVEFOCUS_CARET.
+   */
+  const unsigned long FLAG_BYMOVEFOCUS = 0x4000;
+
+  /**
+   * Do not show a ring around the element to focus, if this is not a text
+   * control, regardless of other state.
+   */
+  const unsigned long FLAG_NOSHOWRING = 0x8000;
+
+  /**
+   * Always show the focus ring or other indicator of focus, regardless of
+   * other state. Overrides FLAG_NOSHOWRING.
+   */
+  const unsigned long FLAG_SHOWRING = 0x100000;
+
+  /**
+   * Focus is changing due to a touch operation that generated a mouse event.
+   * Normally used in conjunction with FLAG_BYMOUSE.
+   */
+  const unsigned long FLAG_BYTOUCH = 0x200000;
+
+  /** Focus is changing due to a JS focus() call or similar operation. */
+  const unsigned long FLAG_BYJS = 0x400000;
+
+  /** Focus is changing due to a long press operation by touch or mouse. */
+  const unsigned long FLAG_BYLONGPRESS = 0x800000;
+
+  /** Mask with all the focus methods. */
+  const unsigned long METHOD_MASK = FLAG_BYMOUSE | FLAG_BYKEY | FLAG_BYMOVEFOCUS | FLAG_BYTOUCH | FLAG_BYJS | FLAG_BYLONGPRESS;
+
+  /** Mask with all the focus methods, plus the SHOW / NOSHOWRING flags. */
+  const unsigned long METHODANDRING_MASK = METHOD_MASK | FLAG_SHOWRING | FLAG_NOSHOWRING;
+
+  // these constants are used with the aType argument to MoveFocus
+
+  /** move focus forward one element, used when pressing TAB */
+  const unsigned long MOVEFOCUS_FORWARD = 1;
+  /** move focus backward one element, used when pressing Shift+TAB */
+  const unsigned long MOVEFOCUS_BACKWARD = 2;
+  /** move focus forward to the next frame document, used when pressing F6 */
+  const unsigned long MOVEFOCUS_FORWARDDOC = 3;
+  /** move focus forward to the previous frame document, used when pressing Shift+F6 */
+  const unsigned long MOVEFOCUS_BACKWARDDOC = 4;
+  /** move focus to the first focusable element */
+  const unsigned long MOVEFOCUS_FIRST = 5;
+  /** move focus to the last focusable element */
+  const unsigned long MOVEFOCUS_LAST = 6;
+  /** move focus to the root element in the document */
+  const unsigned long MOVEFOCUS_ROOT = 7;
+  /** move focus to a link at the position of the caret. This is a special value used to
+   *  focus links as the caret moves over them in caret browsing mode.
+   */
+  const unsigned long MOVEFOCUS_CARET = 8;
+
+  /** move focus to the first focusable document */
+  const unsigned long MOVEFOCUS_FIRSTDOC = 9;
+  /** move focus to the last focusable document */
+  const unsigned long MOVEFOCUS_LASTDOC = 10;
+};
diff --git a/dom/interfaces/base/nsIPermissionDelegateHandler.idl b/dom/interfaces/base/nsIPermissionDelegateHandler.idl
new file mode 100644
index 0000000000..4207077532
--- /dev/null
+++ b/dom/interfaces/base/nsIPermissionDelegateHandler.idl
@@ -0,0 +1,31 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This file contains an interface to the Permission Delegate Handler,
+ */
+
+#include "nsISupports.idl"
+
+interface nsIPrincipal;
+
+[scriptable, builtinclass, uuid(07611dc6-bf4d-4d8a-a64b-f3a5904dddc7)]
+interface nsIPermissionDelegateHandler : nsISupports
+{
+  /*
+   * Return true if we are delegating permission to a third party which is not
+   * explicitly trusted. An orgin is not explicitly trusted means it is not
+   * presented in the Feature Policy ancestor chain, via src, explicitly listed
+   * in allow, and it is not the top-level origin.
+   *
+   * @param aTypes the permission types to check
+   */
+  boolean maybeUnsafePermissionDelegate(in Array<ACString> aTypes);
+
+  /*
+   * Return true if permissions.delegation.enabled is true.
+   */
+  readonly attribute boolean permissionDelegateFPEnabled;
+};
diff --git a/dom/interfaces/base/nsIQueryContentEventResult.idl b/dom/interfaces/base/nsIQueryContentEventResult.idl
new file mode 100644
index 0000000000..cdf3285357
--- /dev/null
+++ b/dom/interfaces/base/nsIQueryContentEventResult.idl
@@ -0,0 +1,34 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * The result of query content events.  succeeded propery can be used always.
+ * Whether other properties can be used or not depends on the event.
+ * See nsIDOMWindowUtils.idl, which properites can be used was documented.
+ */
+
+[scriptable, uuid(e2c39e0e-345f-451a-a7b2-e0230d555847)]
+interface nsIQueryContentEventResult : nsISupports
+{
+  readonly attribute unsigned long offset;
+  readonly attribute unsigned long tentativeCaretOffset;
+  readonly attribute boolean reversed;
+
+  readonly attribute long left;
+  readonly attribute long top;
+  readonly attribute long width;
+  readonly attribute long height;
+  readonly attribute AString text;
+
+  void getCharacterRect(in long offset,
+                        out long left, out long top,
+                        out long width, out long height);
+
+  readonly attribute boolean succeeded;
+  readonly attribute boolean notFound;
+  readonly attribute boolean tentativeCaretOffsetNotFound;
+};
diff --git a/dom/interfaces/base/nsIRemoteTab.idl b/dom/interfaces/base/nsIRemoteTab.idl
new file mode 100644
index 0000000000..7995fe263a
--- /dev/null
+++ b/dom/interfaces/base/nsIRemoteTab.idl
@@ -0,0 +1,109 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "domstubs.idl"
+
+interface nsIPrincipal;
+webidl Element;
+webidl WindowGlobalParent;
+webidl BrowsingContext;
+
+[builtinclass, scriptable, uuid(8e49f7b0-1f98-4939-bf91-e9c39cd56434)]
+interface nsIRemoteTab : nsISupports
+{
+  /**
+   * When set to true, this tells the child to paint and upload layers to
+   * the compositor. When set to false, previous layers are cleared from
+   * the compositor, but only if preserveLayers is also set to false.
+   */
+  attribute boolean renderLayers;
+
+  /**
+   * True if layers are being rendered and the compositor has reported
+   * receiving them.
+   */
+  readonly attribute boolean hasLayers;
+
+  /**
+   * When set to true, this priority hint indicates that the content
+   * processes of this tab should be set to a higher process priority.
+   */
+  attribute boolean priorityHint;
+
+  /**
+   * Adjusts the tab's active state in the process priority manager,
+   * allowing its process to be given a lower priority.
+   */
+  void deprioritize();
+
+  /**
+   * As an optimisation, setting the docshell's active state to
+   * inactive also triggers a layer invalidation to free up some
+   * potentially unhelpful memory usage. Calling preserveLayers
+   * will cause the layers to be preserved even for inactive
+   * docshells.
+   */
+  void preserveLayers(in boolean aPreserveLayers);
+
+  readonly attribute uint64_t tabId;
+
+  readonly attribute uint64_t contentProcessId;
+
+  /**
+   * The OS level process Id of the related child process.
+   */
+  readonly attribute int32_t osPid;
+
+  /**
+   * The toplevel BrowsingContext loaded in this remote tab.
+   */
+  readonly attribute BrowsingContext browsingContext;
+
+  /**
+   * True if we've previously received layers for this tab when switching to
+   * it.
+   */
+  readonly attribute boolean hasPresented;
+
+  /**
+   * Ensures that the content process which has this remote tab has all of the
+   * permissions required to load a document with the given principal.
+   */
+  void transmitPermissionsForPrincipal(in nsIPrincipal aPrincipal);
+
+  /**
+   * Similar to `nsIDocShell.createAboutBlankContentViewer` but on a remote
+   * frame.  The docShell must not yet have navigated away from the initial
+   * about:blank document when this method is called.
+   *
+   * @param aPrincipal the principal to use for the new document.
+   * @param aPartitionedPrincipal the partitioned principal to use for the new
+   *        document.
+   */
+  void createAboutBlankContentViewer(in nsIPrincipal aPrincipal,
+                                     in nsIPrincipal aPartitionedPrincipal);
+
+  cenum NavigationType : 8 {
+    NAVIGATE_BACK = 0,
+    NAVIGATE_FORWARD = 1,
+    NAVIGATE_INDEX = 2,
+    NAVIGATE_URL = 3
+  };
+
+  /**
+   * Interrupt content scripts if possible/needed to allow chrome scripts in the
+   * content process to run (in particular, to allow navigating through browser
+   * history.
+   */
+  [implicit_jscontext, binaryname(MaybeCancelContentJSExecutionFromScript)]
+  void maybeCancelContentJSExecution(
+      in nsIRemoteTab_NavigationType aNavigationType,
+      [optional] in jsval aCancelContentJSOptions);
+
+  /**
+   * Notify the remote tab that the resolution has changed.
+   */
+  [noscript] void notifyResolutionChanged();
+};
diff --git a/dom/interfaces/base/nsIServiceWorkerManager.idl b/dom/interfaces/base/nsIServiceWorkerManager.idl
new file mode 100644
index 0000000000..d89da1ac9c
--- /dev/null
+++ b/dom/interfaces/base/nsIServiceWorkerManager.idl
@@ -0,0 +1,308 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+#include "nsIRequest.idl"
+
+interface mozIDOMWindow;
+interface nsPIDOMWindowInner;
+interface mozIDOMWindowProxy;
+interface nsIArray;
+interface nsIInterceptedChannel;
+interface nsIPrincipal;
+interface nsIRunnable;
+interface nsIURI;
+%{C++
+namespace mozilla {
+namespace dom {
+class ClientInfo;
+class ServiceWorkerDescriptor;
+} // namespace dom
+} // namespace mozilla
+%}
+
+[ref] native const_ClientInfoRef(const mozilla::dom::ClientInfo);
+[ref] native const_ServiceWorkerDescriptorRef(const mozilla::dom::ServiceWorkerDescriptor);
+
+[scriptable, uuid(52ee2c9d-ee87-4caf-9588-23ae77ff8798)]
+interface nsIServiceWorkerUnregisterCallback : nsISupports
+{
+  // aState is true if the unregistration succeded.
+  // It's false if this ServiceWorkerRegistration doesn't exist.
+  void unregisterSucceeded(in bool aState);
+  void unregisterFailed();
+};
+
+interface nsIWorkerDebugger;
+
+[scriptable, builtinclass, uuid(76e357ed-208d-4e4c-9165-1c4059707879)]
+interface nsIServiceWorkerInfo : nsISupports
+{
+  // State values below should match the ServiceWorkerState enumeration.
+  const unsigned short STATE_PARSED = 0;
+  const unsigned short STATE_INSTALLING = 1;
+  const unsigned short STATE_INSTALLED = 2;
+  const unsigned short STATE_ACTIVATING = 3;
+  const unsigned short STATE_ACTIVATED = 4;
+  const unsigned short STATE_REDUNDANT = 5;
+  const unsigned short STATE_UNKNOWN = 6;
+
+  readonly attribute AString id;
+
+  readonly attribute AString scriptSpec;
+  readonly attribute AString cacheName;
+
+  readonly attribute unsigned short state;
+
+  readonly attribute nsIWorkerDebugger debugger;
+
+  // Return whether the ServiceWorker has a "fetch" event listener. Throws if
+  // this is unknown because the worker's main script hasn't finished executing
+  // (when exposed as evaluatingWorker).
+  readonly attribute bool handlesFetchEvents;
+
+  readonly attribute PRTime installedTime;
+  readonly attribute PRTime activatedTime;
+  readonly attribute PRTime redundantTime;
+
+  // Total number of navigation faults experienced by this ServiceWorker since
+  // it was loaded from disk at startup or was installed.
+  readonly attribute unsigned long navigationFaultCount;
+
+  // Testing mechanism to induce synthetic failure of fetch events.  If set to
+  // something other than NS_OK, all fetch events dispatched will be propagated
+  // to the content process, but when it comes time to dispatch the fetch event,
+  // the cancellation control flow path will be triggered.
+  attribute nsresult testingInjectCancellation;
+
+  void attachDebugger();
+
+  void detachDebugger();
+};
+
+[scriptable, uuid(87e63548-d440-4b8a-b158-65ad1de0211E)]
+interface nsIServiceWorkerRegistrationInfoListener : nsISupports
+{
+  void onChange();
+};
+
+[scriptable, builtinclass, uuid(ddbc1fd4-2f2e-4fca-a395-6e010bbedfe3)]
+interface nsIServiceWorkerRegistrationInfo : nsISupports
+{
+  // State values below should match the ServiceWorkerUpdateViaCache enumeration.
+  const unsigned short UPDATE_VIA_CACHE_IMPORTS = 0;
+  const unsigned short UPDATE_VIA_CACHE_ALL = 1;
+  const unsigned short UPDATE_VIA_CACHE_NONE = 2;
+
+  readonly attribute nsIPrincipal principal;
+  readonly attribute boolean unregistered;
+
+  readonly attribute AString scope;
+  readonly attribute AString scriptSpec;
+  readonly attribute unsigned short updateViaCache;
+
+  readonly attribute PRTime lastUpdateTime;
+
+  readonly attribute nsIServiceWorkerInfo evaluatingWorker;
+  readonly attribute nsIServiceWorkerInfo installingWorker;
+  readonly attribute nsIServiceWorkerInfo waitingWorker;
+  readonly attribute nsIServiceWorkerInfo activeWorker;
+
+  // Exposes the number of times we have ever checked the usage of this origin
+  // for the purposes of mitigating ServiceWorker navigation faults that we
+  // suspect to be due to quota limit problems.  This should start out 0 and
+  // max out at 1 for the time being.
+  //
+  // Note that the underlying value is tracked on our per-Principal data, but
+  // we don't currently expose that data directly via XPCOM so we're exposing
+  // this here as the next best thing and because most non-test consumers would
+  // work in terms of the registration anyways.
+  //
+  // This will return -1 if there is no longer any per-origin data because the
+  // last registration for the origin (principal) has been unregistered.
+  // (Retaining a reference to this interface does not impact anything the
+  // underlying scope-to-registration map that is implemented per spec.)
+  readonly attribute long quotaUsageCheckCount;
+
+  // Allows to get the related nsIServiceWorkerInfo for a given
+  // nsIWorkerDebugger. Over time we shouldn't need this anymore,
+  // and instead always control then nsIWorkerDebugger from
+  // nsIServiceWorkerInfo and not the other way around.  Returns
+  // null if the service worker is no longer registered.
+  nsIServiceWorkerInfo getWorkerByID(in unsigned long long aID);
+
+  void addListener(in nsIServiceWorkerRegistrationInfoListener listener);
+
+  void removeListener(in nsIServiceWorkerRegistrationInfoListener listener);
+
+  // Terminate all the service worker relate to this registration.
+  // This is used by the WebExtensions framework to shutdown the extension's
+  // background service workers as part of shutdown, which happens when:
+  // - the extension has been disabled.
+  // - the extension is shutting down to be updated.
+  // - the extension is shutting down as part of the uninstall flow.
+  //
+  // All the service workers instances related to this registration are expected
+  // to be terminate immediately.
+  //
+  // TODO - Bug 1638099: This method should also allow the WebExtension framework
+  // to mark the registration as disabled (e.g. through an additional parameter),
+  // to avoid it to be started again until the WebExtensions framework does explicitly
+  // mark it back to enabled.
+  void forceShutdown();
+};
+
+[scriptable, uuid(9e523e7c-ad6f-4df0-8077-c74aebbc679d)]
+interface nsIServiceWorkerManagerListener : nsISupports
+{
+  void onRegister(in nsIServiceWorkerRegistrationInfo aInfo);
+
+  void onUnregister(in nsIServiceWorkerRegistrationInfo aInfo);
+
+  /**
+   * Called by ServiceWorker bypass mitigations when checking whether an
+   * origin's quota usage is sufficiently full that we need to clear the origin
+   * (and possibly group's) data as part of our mitigation.
+   * This notification is provided primarily for testing code that needs to wait
+   * for this check to happen but has no other mechanism for knowing it's
+   * completed. Probably not relevant to devtools.
+   */
+  void onQuotaUsageCheckFinish(in nsIServiceWorkerRegistrationInfo aInfo);
+};
+
+[scriptable, builtinclass, uuid(7404c8e8-4d47-4449-8ed1-47d1261d4e33)]
+interface nsIServiceWorkerManager : nsISupports
+{
+  /**
+   * A testing helper that is meant to only be used in xpcshell-test to test behaviors
+   * that would need a browser restart to re-initialize the ServiceWorkerManager from
+   * the service worker registration dumped on disk (the one listed in the serviceworker.txt
+   * file part of the Firefox profile directory).
+   *
+   * NOTE: this test helper does
+   * - fail if "dom.serviceWorkers.testing.enabled" is not set to true
+   * - fail if there are controlled clients (the test case is responsible of making sure that
+   *   there is none when this method is being called)
+   * - shutdown and clear all service worker registrations (but without removing them from
+   *   the registration stored in serviceworker.txt)
+   * - force reload the registration data stored in serviceworker.txt (but the test case using
+   *   this helper is responsible to be sure that the registrations have been already written
+   *   on disk)
+   */
+  void reloadRegistrationsForTest();
+
+  /**
+   * A testing helper that registers a service worker for testing purpose (e.g. used to test
+   * a remote worker that has to spawn a new process to be launched).
+   * This method can only be used when "dom.serviceWorkers.testing.enabled" is true and
+   * it doesn't support all the registration options (e.g. updateViaCache is set automatically
+   * to "imports").
+   */
+  [implicit_jscontext]
+  Promise registerForTest(in nsIPrincipal aPrincipal,
+                          in AString aScope,
+                          in AString aScriptURL);
+
+  /**
+   * Register an extension background service worker for a given
+   * extension principal and return a promise that resolves to the
+   * nsIServiceWorkerRegistrationInfo (or rejects if there was one
+   * already registered).
+   */
+  [implicit_jscontext]
+  Promise registerForAddonPrincipal(in nsIPrincipal aPrincipal);
+
+  /**
+   * Get an extension background service worker registration for a
+   * given extension principal, return an nsIServiceWorkerRegistrationInfo
+   * if one exists (or null if no registration has been found).
+   */
+  void getRegistrationForAddonPrincipal(in nsIPrincipal aPrincipal,
+                                        [optional, retval] out nsIServiceWorkerRegistrationInfo regInfo);
+
+  /**
+   * Wake up the extension background service worker given its extension base url,
+   * for an API event identified by the namespace and event name strings.
+   *
+   * Returns a Promise which is resolved to true if a listener has been subscribed
+   * during the synchronous worker script execution for the expected WebExtensions
+   * API event.
+   *
+   * NOTE: ExtensionBrowser and ExtensionEventManager interfaces are keeping track
+   * of these listeners. These are WebExtensions API event listeners and they do not
+   * involve any functional events at all.
+   */
+  [implicit_jscontext]
+  Promise wakeForExtensionAPIEvent(in AString aExtensionBaseURL,
+                                   in AString aAPINamespace,
+                                   in AString aAPIEventName);
+
+  /**
+   * Unregister an existing ServiceWorker registration for `aScope`.
+   * It keeps aCallback alive until the operation is concluded.
+   */
+  void unregister(in nsIPrincipal aPrincipal,
+                  in nsIServiceWorkerUnregisterCallback aCallback,
+                  in AString aScope);
+
+  nsIServiceWorkerRegistrationInfo getRegistrationByPrincipal(in nsIPrincipal aPrincipal,
+                                                              in AString aScope);
+
+  [notxpcom, nostdcall] bool StartControlling(in const_ClientInfoRef aClientInfo,
+                                              in const_ServiceWorkerDescriptorRef aServiceWorker);
+
+  // Testing
+  AString getScopeForUrl(in nsIPrincipal aPrincipal, in AString aPath);
+
+  // It returns an array of nsIServiceWorkerRegistrationInfos.
+  nsIArray getAllRegistrations();
+
+  // For clear-origin-attributes-data
+  void removeRegistrationsByOriginAttributes(in AString aOriginAttributes);
+
+  // It calls unregister() in each child process. The callback is used to
+  // inform when unregister() is completed on the current process.
+  void propagateUnregister(in nsIPrincipal aPrincipal,
+                           in nsIServiceWorkerUnregisterCallback aCallback,
+                           in AString aScope);
+
+  void sendNotificationClickEvent(in ACString aOriginSuffix,
+                                  in ACString scope,
+                                  in AString aID,
+                                  in AString aTitle,
+                                  in AString aDir,
+                                  in AString aLang,
+                                  in AString aBody,
+                                  in AString aTag,
+                                  in AString aIcon,
+                                  in AString aData,
+                                  in AString aBehavior);
+
+  void sendNotificationCloseEvent(in ACString aOriginSuffix,
+                                  in ACString scope,
+                                  in AString aID,
+                                  in AString aTitle,
+                                  in AString aDir,
+                                  in AString aLang,
+                                  in AString aBody,
+                                  in AString aTag,
+                                  in AString aIcon,
+                                  in AString aData,
+                                  in AString aBehavior);
+
+  [optional_argc] void sendPushEvent(in ACString aOriginAttributes,
+                                     in ACString aScope,
+                                     [optional] in Array<uint8_t> aDataBytes);
+  void sendPushSubscriptionChangeEvent(in ACString aOriginAttributes,
+                                       in ACString scope);
+
+  void addListener(in nsIServiceWorkerManagerListener aListener);
+
+  void removeListener(in nsIServiceWorkerManagerListener aListener);
+};
+
+%{ C++
+#define SERVICEWORKERMANAGER_CONTRACTID "@mozilla.org/serviceworkers/manager;1"
+%}
diff --git a/dom/interfaces/base/nsIStructuredCloneContainer.idl b/dom/interfaces/base/nsIStructuredCloneContainer.idl
new file mode 100644
index 0000000000..981ea75b0a
--- /dev/null
+++ b/dom/interfaces/base/nsIStructuredCloneContainer.idl
@@ -0,0 +1,68 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=8 sw=2 et tw=80:
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIVariant;
+
+%{C++
+#include "js/TypeDecls.h"
+%}
+
+/**
+ * This interface acts as a container for an object serialized using the
+ * structured clone algorithm.
+ *
+ * You can copy an object into an nsIStructuredCloneContainer using
+ * initFromJSVal or initFromBase64.  It's an error to initialize an
+ * nsIStructuredCloneContainer more than once.
+ *
+ * Once you've initialized the container, you can get a copy of the object it
+ * stores by calling deserializeToVariant.  You can also get a base-64-encoded
+ * string containing a copy of the container's serialized data, using
+ * getDataAsBase64.
+ */
+[scriptable, uuid(c664aae7-0d67-4155-a2dd-a3861778626f)]
+interface nsIStructuredCloneContainer : nsISupports
+{
+  /**
+   * Initialize this structured clone container so it contains a clone of the
+   * given jsval.
+   */
+  [noscript, implicit_jscontext]
+  void initFromJSVal(in jsval aData);
+
+  /**
+   * Initialize this structured clone container from a base-64-encoded byte
+   * stream, stored in aData.  aFormatVersion should be the version of the
+   * structured clone algorithm which was used to generate aData.
+   */
+  void initFromBase64(in AString aData, in unsigned long aFormatVersion);
+
+  /**
+   * Deserializes this structured clone container returning it as a jsval.
+   * Can be called on main and worker threads.
+   */
+  [implicit_jscontext]
+  jsval deserializeToJsval();
+
+  /**
+   * Get this structured clone container's data as a base-64-encoded string.
+   */
+  AString getDataAsBase64();
+
+  /**
+   * Get the size in bytes of this container's serialized data.
+   */
+  readonly attribute unsigned long long serializedNBytes;
+
+  /**
+   * Get the version of the structured clone algorithm which was used to
+   * generate this container's serialized buffer.
+   */
+  readonly attribute unsigned long formatVersion;
+};
diff --git a/dom/interfaces/base/nsITextInputProcessor.idl b/dom/interfaces/base/nsITextInputProcessor.idl
new file mode 100644
index 0000000000..6d702af385
--- /dev/null
+++ b/dom/interfaces/base/nsITextInputProcessor.idl
@@ -0,0 +1,674 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface mozIDOMWindow;
+interface nsITextInputProcessorCallback;
+
+webidl Event;
+
+/**
+ * An nsITextInputProcessor instance is associated with a top level widget which
+ * handles native IME.  It's associated by calling beginInputTransaction() or
+ * beginInputTransactionForTests().  While an instance has composition, nobody
+ * can steal the rights to make composition on the top level widget.  In other
+ * words, if another instance is composing on a top level widget, either
+ * beginInputTransaction() or beginInputTransactionForTests() returns false
+ * (i.e., not throws an exception).
+ *
+ * NOTE: See nsITextInputProcessorCallback.idl for examples of |callback| in
+ *       following examples,
+ *
+ * Example #1 JS-IME can start composition like this:
+ *
+ *   var TIP = Components.classes["@mozilla.org/text-input-processor;1"].
+ *               createInstance(Components.interfaces.nsITextInputProcessor);
+ *   if (!TIP.beginInputTransaction(window, callback)) {
+ *     return; // You failed to get the rights to make composition
+ *   }
+ *   // Create a keyboard event if the following compositionc change is caused
+ *   // by a key event.
+ *   var keyEvent =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   // Set new composition string first
+ *   TIP.setPendingCompositionString("some-words-are-inputted");
+ *   // Set clause information.
+ *   TIP.appendClauseToPendingComposition(23, TIP.ATTR_RAW_CLAUSE);
+ *   // Set caret position, this is optional.
+ *   TIP.setCaretInPendingComposition(23);
+ *   // Flush the pending composition
+ *   if (!TIP.flushPendingComposition(keyEvent)) {
+ *     // If it returns false, it fails to start composition.
+ *     return;
+ *   }
+ *
+ * Example #2 JS-IME can separate composition string to two or more clauses:
+ *
+ *   // Create a keyboard event if the following compositionc change is caused
+ *   // by a key event.
+ *   var keyEvent =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   // First, set composition string again
+ *   TIP.setPendingCompositionString("some-words-are-inputted");
+ *   // Then, if "are" is selected to convert, there are 3 clauses:
+ *   TIP.appendClauseToPendingComposition(11, TIP.ATTR_CONVERTED_CLAUSE);
+ *   TIP.appendClauseToPendingComposition(3,  TIP.ATTR_SELECTED_CLAUSE);
+ *   TIP.appendClauseToPendingComposition(9,  TIP.ATTR_CONVERTED_CLAUSE);
+ *   // Show caret at the beginning of the selected clause
+ *   TIP.setCaretInPendingComposition(11);
+ *   // Flush the pending composition.  Note that if there is a composition,
+ *   // flushPendingComposition() won't return false.
+ *   TIP.flushPendingComposition(keyEvent);
+ *
+ * Example #3 JS-IME can commit composition with specific string with this:
+ *
+ *   // Create a keyboard event if the following compositionc change is caused
+ *   // by a key event.
+ *   var keyEvent1 =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   // First, there is a composition.
+ *   TIP.setPendingCompositionString("some-words-directly-inputted");
+ *   TIP.appendClauseToPendingComposition(28, TIP.ATTR_RAW_CLAUSE);
+ *   TIP.flushPendingComposition(keyEvent1);
+ *   // Create a keyboard event if the following commit composition is caused
+ *   // by a key event.
+ *   var keyEvent2 =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   // This is useful when user selects a commit string from candidate list UI
+ *   // which is provided by JS-IME.
+ *   TIP.commitCompositionWith("selected-words-from-candidate-list", keyEvent2);
+ *
+ * Example #4 JS-IME can commit composition with the last composition string
+ *            without specifying commit string:
+ *
+ *   // Create a keyboard event if the following compositionc change is caused
+ *   // by a key event.
+ *   var keyEvent1 =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   // First, there is a composition.
+ *   TIP.setPendingCompositionString("some-words-will-be-commited");
+ *   TIP.appendClauseToPendingComposition(27, TIP.ATTR_RAW_CLAUSE);
+ *   TIP.flushPendingComposition(keyEvent1);
+ *   // Create a keyboard event if the following commit is caused by a key
+ *   // event.
+ *   var keyEvent2 =
+ *     new KeyboardEvent("", { key: "Enter", code: "Enter",
+                               keyCode: KeyboardEvent.DOM_VK_RETURN });
+ *   // This is useful when user just type Enter key.
+ *   TIP.commitComposition(keyEvent2);
+ *
+ * Example #5 JS-IME can cancel composition with this:
+ *
+ *   // Create a keyboard event if the following composition change is caused
+ *   // by a key event.
+ *   var keyEvent1 =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   // First, there is a composition.
+ *   TIP.setPendingCompositionString("some-words-will-be-canceled");
+ *   TIP.appendClauseToPendingComposition(27, TIP.ATTR_RAW_CLAUSE);
+ *   TIP.flushPendingComposition(keyEvent1);
+ *   // Create a keyboard event if the following canceling composition is
+ *   // caused by a key event.
+ *   var keyEvent2 =
+ *     new KeyboardEvent("", { key: "Escape", code: "Escape",
+                               keyCode: KeyboardEvent.DOM_VK_ESCAPE });
+ *   // This is useful when user doesn't want to commit the composition.
+ *   // FYI: This is same as TIP.commitCompositionWith("") for now.
+ *   TIP.cancelComposition(keyEvent2);
+ *
+ * Example #6 JS-IME can insert text only with commitCompositionWith():
+ *
+ *   // Create a keyboard event if the following inserting text is caused by a
+ *   // key event.
+ *   var keyEvent1 =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   if (!TIP.beginInputTransaction(window, callback)) {
+ *     return; // You failed to get the rights to make composition
+ *   }
+ *   TIP.commitCompositionWith("Some words", keyEvent1);
+ *
+ * Example #7 JS-IME can start composition explicitly:
+ *
+ *   if (!TIP.beginInputTransaction(window, callback)) {
+ *     return; // You failed to get the rights to make composition
+ *   }
+ *   // Create a keyboard event if the following starting composition is caused
+ *   // by a key event.
+ *   var keyEvent1 =
+ *     new KeyboardEvent("", { key: "foo", code: "bar", keyCode: buzz });
+ *   // If JS-IME don't want to show composing string in the focused editor,
+ *   // JS-IME can dispatch only compositionstart event with this.
+ *   if (!TIP.startComposition(keyEvent1)) {
+ *     // Failed to start composition.
+ *     return;
+ *   }
+ *   // And when user selects a result from UI of JS-IME, commit with it.
+ *   // Then, the key event should be null.
+ *   TIP.commitCompositionWith("selected-words");
+ *
+ * Example #8 JS-IME or JS-Keyboard should dispatch key events even during
+ *            composition (non-printable key case):
+ *
+ *   if (!TIP.beginInputTransaction(window, callback)) {
+ *     return; // You failed to get the rights to dispatch key events
+ *   }
+ *
+ *   // You don't need to specify .keyCode value if it's non-printable key
+ *   // because it can be computed from .key value.
+ *   // If you specify non-zero value to .keyCode, it'll be used.
+ *   var keyEvent = new KeyboardEvent("", { code: "Enter", key: "Enter" });
+ *   if (TIP.keydown(keyEvent)) {
+ *     // Handle its default action
+ *   }
+ *
+ *   // Even if keydown event was consumed, keyup event should be dispatched.
+ *   if (TIP.keyup(keyEvent)) {
+ *     // Handle its default action
+ *   }
+ *
+ * Example #9 JS-IME or JS-Keyboard should dispatch key events even during
+ *            composition (printable key case):
+ *
+ *   if (!TIP.beginInputTransaction(window, callback)) {
+ *     return; // You failed to get the rights to dispatch key events
+ *   }
+ *
+ *   // You need to specify .keyCode value if it's printable key.
+ *   // The rules of .keyCode value is documented in MDN:
+ *   //   https://developer.mozilla.org/docs/Web/API/KeyboardEvent.keyCode
+ *   //
+ *   //   #1 If the key location is DOM_KEY_LOCATION_NUMPAD and NumLock is
+ *   //      active, you should specify DOM_VK_NUMPAD[0-9], DOM_VK_MULTIPLY,
+ *   //      DOM_VK_ADD, DOM_VK_SEPARATOR, DOM_VK_SUBTRACT, DOM_VK_DECIMAL or
+ *   //      DOM_VK_DIVIDE.
+ *   //   #2 If the key is Spacebar, use DOM_VK_SPACE.
+ *   //
+ *   //   Following rules are printable keys in DOM_KEY_LOCATION_STANDARD.
+ *   //   .keyCode value for a key shouldn't be changed by modifier states:
+ *   //     #1 If the key can input [0-9] with any modifier state (except
+ *   //        NumLock state), the value should be DOM_VK_[0-9].
+ *   //     #2 Otherwise, and if the key inputs an ASCII alphabet with no
+ *   //        active modifiers, use DOM_VK_[A-Z].
+ *   //     #3 Otherwise, and if the key inputs an ASCII alphabet with no
+ *   //        active modifiers except Shift key state, use DOM_VK_[A-Z] for
+ *   //        the shifted character.  E.g., if a key causes non-alphabet
+ *   //        character such as "@" or a Unicode character without Shift key
+ *   //        but "a" is inputted when Shift key is pressed, the proper
+ *   //        keyCode is DOM_VK_A.
+ *   //     #4 Otherwise, and if the key inputs another ASCII character with
+ *   //        no modifier states, use a proper value for the character.  E.g.,
+ *   //        if the key inputs "*" without Shift key state, it should be
+ *   //        DOM_VK_ASTERISK.
+ *   //     #5 Otherwise, and if the key inputs another ASCII character with
+ *   //        Shift key state, use a proper value for the character.  E.g.,
+ *   //        if a key causes a Unicode character without Shift key but "&"
+ *   //        is inputted when Shift key is pressed, the proper keyCode is
+ *   //        DOM_VK_AMPERSAND.
+ *   //     See above document for the other cases.
+ *   //
+ *   // NOTE: If the software keyboard is 10-key like simple phone,
+ *   //       We don't have common rules to decide its .keyCode value.
+ *   //       Above rules should be used when the JS-Keyboard emulates PC
+ *   //       keyboard.
+ *   // .key value should be inputting character by the key with current
+ *   // modifier state.
+ *   // .code value should be empty string if the JS-Keyboard isn't emulating
+ *   // physical keyboard.  Otherwise, use same value with physical keyboard's
+ *   // same key.
+ *   var keyEvent = new KeyboardEvent("", { code: "KeyA", key: "a",
+ *                                          keyCode: KeyboardEvent.DOM_VK_A });
+ *   if (TIP.keydown(keyEvent)) {
+ *     // Handle its default action
+ *   }
+ *
+ *   // Even if keydown event was consumed, keyup event should be dispatched.
+ *   if (TIP.keyup(keyEvent)) {
+ *     // Handle its default action
+ *   }
+ *
+ * Example #10 JS-Keyboard doesn't need to initialize modifier states at
+ *             calling either keydown() or keyup().
+ *
+ *   // Neither beginInputTransaction() nor beginInputTransactionForTests()
+ *   // resets modifier state.
+ *   if (!TIP.beginInputTransaction(window, callback)) {
+ *     return; // You failed to get the rights to dispatch key events
+ *   }
+ *
+ *   var leftShift = new KeyboardEvent("", { code: "ShiftLeft", key: "Shift" });
+ *
+ *   // This causes following key events will be shifted automatically.
+ *   TIP.keydown(leftShift);
+ *
+ *   var rightShift =
+ *     new KeyboardEvent("", { code: "ShiftRight", key: "Shift" });
+ *
+ *   TIP.keydown(rightShift);
+ *
+ *   // keyup of one of shift key doesn't cause inactivating "Shift" state.
+ *   TIP.keyup(rightShift);
+ *
+ *   // This causes inactivating "Shift" state completely.
+ *   TIP.keyup(leftShift);
+ */
+
+[scriptable, builtinclass, uuid(47ae2181-2e98-4d58-84a2-b8db6764ce9a)]
+interface nsITextInputProcessor : nsISupports
+{
+  /**
+   * Returns true if this instance was dispatched compositionstart but hasn't
+   * dispatched compositionend yet.
+   */
+  readonly attribute boolean hasComposition;
+
+  /**
+   * When you create an instance, you must call beginInputTransaction() first
+   * except when you created the instance for automated tests.
+   *
+   * @param aWindow         A DOM window.  The instance will look for a top
+   *                        level widget from this.
+   * @param aCallback       Callback interface which handles requests to
+   *                        IME and notifications to IME.  This must not be
+   *                        null.
+   * @return                If somebody uses internal text input service for a
+   *                        composition, this returns false.  Otherwise, returns
+   *                        true.  I.e., only your TIP can create composition
+   *                        when this returns true.  If this returns false,
+   *                        your TIP should wait next chance.
+   */
+  boolean beginInputTransaction(in mozIDOMWindow aWindow,
+                                in nsITextInputProcessorCallback aCallback);
+
+  /**
+   * When you create an instance for automated test, you must call
+   * beginInputTransaction(), first.  See beginInputTransaction() for more
+   * detail of this.
+   * Note that aCallback can be null.  If it's null, nsITextInputProcessor
+   * implementation will handle them automatically.
+   */
+  [optional_argc] boolean
+    beginInputTransactionForTests(
+      in mozIDOMWindow aWindow,
+      [optional] in nsITextInputProcessorCallback aCallback);
+
+  /**
+   * startComposition() dispatches compositionstart event explicitly.
+   * IME does NOT need to call this typically since compositionstart event
+   * is automatically dispatched by sendPendingComposition() if
+   * compositionstart event hasn't been dispatched yet.  If this is called
+   * when compositionstart has already been dispatched, this throws an
+   * exception.
+   *
+   * @param aKeyboardEvent  Key event which causes starting composition.
+   *                        If its type value is "keydown", this method
+   *                        dispatches only keydown event first.  Otherwise,
+   *                        dispatches keydown first and keyup at last.
+   *                        key value and keyCode values of keydown event
+   *                        are set to "Process" and DOM_VK_PROCESSKEY
+   *                        automatically.  You can prevent this behavior
+   *                        with KEY_DONT_MARK_KEYDOWN_AS_PROCESSED.
+   * @param aKeyFlags       See KEY_* constants.
+   * @return                Returns true if composition starts normally.
+   *                        Otherwise, returns false because it might be
+   *                        canceled by the web application.
+   */
+  [can_run_script, optional_argc]
+    boolean startComposition([optional] in Event aKeyboardEvent,
+                             [optional] in unsigned long aKeyFlags);
+
+  /**
+   * Set new composition string.  Pending composition will be flushed by
+   * a call of flushPendingComposition().  However, if the new composition
+   * string isn't empty, you need to call appendClauseToPendingComposition() to
+   * fill all characters of aString with one or more clauses before flushing.
+   * Note that if you need to commit or cancel composition, use
+   * commitComposition(), commitCompositionWith() or cancelComposition().
+   */
+  void setPendingCompositionString(in AString aString);
+
+  // ATTR_RAW_CLAUSE means that the clause hasn't been selected nor converted
+  // yet.
+  const unsigned long ATTR_RAW_CLAUSE           = 0x02;
+  // ATTR_SELECTED_RAW_CLAUSE means that the clause hasn't been converted yet
+  // but is selected for converting to the other string.
+  const unsigned long ATTR_SELECTED_RAW_CLAUSE  = 0x03;
+  // ATTR_CONVERTED_CLAUSE means that the clause has already been converted but
+  // is not selected.  This does NOT mean that this clause isn't modifiable.
+  const unsigned long ATTR_CONVERTED_CLAUSE     = 0x04;
+  // ATTR_SELECTED_CLAUSE means that the clause has already been converted and
+  // is selected.  In other words, the clause is being converted.
+  const unsigned long ATTR_SELECTED_CLAUSE      = 0x05;
+
+  /**
+   * Append a clause to the pending composition.
+   *
+   * If you need to fill the pending composition string with a clause, you
+   * should call this once.  For example:
+   *   appendClauseToPendingComposition(compositionString.length,
+   *                                    ATTR_RAW_CLAUSE);
+   * is enough.  If you need to separate the pending composition string to
+   * multiple clauses, you need to call this multiple times. For example,
+   * if your pending composition string has three clauses and the second clause
+   * is being converted:
+   *  appendClauseToPendingComposition(firstClauseLength,
+   *                                   ATTR_CONVERTED_CLAUSE);
+   *  appendClauseToPendingComposition(secondClauseLength,
+   *                                   ATTR_SELECTED_CLAUSE);
+   *  appendClauseToPendingComposition(thirdClauseLength,
+   *                                   ATTR_CONVERTED_CLAUSE);
+   * Note that if sum of aLength mismatches length of the pending composition
+   * string, flushPendingComposition() will throw an exception.  I.e.,
+   * |firstClauseLength + secondClauseLength + thirdClauseLength| must be
+   * same as the length of pending composition string.
+   *
+   * TODO: Should be able to specify custom clause style.
+   *
+   * @param aLength         Length of the clause.
+   * @param aAttribute      One of ATTR_* constants.
+   */
+  void appendClauseToPendingComposition(in unsigned long aLength,
+                                        in unsigned long aAttribute);
+
+  /**
+   * Set caret offset in the pending composition string.  If you don't need to
+   * show a caret, you don't need to call this.
+   *
+   * @param aOffset         Caret offset in the pending composition string.
+   *                        This must be between 0 and length of the pending
+   *                        composition string.
+   */
+  void setCaretInPendingComposition(in unsigned long aOffset);
+
+  /**
+   * flushPendingComposition() must be called after
+   * setPendingCompositionString() and appendClauseToPendingComposition()
+   * (setCaretInPendingComposition() is optional) are called.
+   *
+   * Note that compositionstart will be automatically dispatched if this is
+   * called when there is no composition.
+   *
+   * Note that if sum of lengths of appended clauses are not same as composition
+   * string or caret offset is larger than the composition string length, this
+   * throws an exception.
+   *
+   * @param aKeyboardEvent  Key event which causes the composition string.
+   *                        If its type value is "keydown", this method
+   *                        dispatches only keydown event first.  Otherwise,
+   *                        dispatches keydown first and keyup at last.
+   *                        key value and keyCode values of keydown event
+   *                        are set to "Process" and DOM_VK_PROCESSKEY
+   *                        automatically.  You can prevent this behavior
+   *                        with KEY_DONT_MARK_KEYDOWN_AS_PROCESSED.
+   * @param aKeyFlags       See KEY_* constants.
+   * @return                Returns true if there is a composition already or
+   *                        starting composition automatically.
+   *                        Otherwise, i.e., if it cannot start composition
+   *                        automatically, e.g., canceled by web apps, returns
+   *                        false.
+   */
+  [can_run_script, optional_argc]
+    boolean flushPendingComposition(
+      [optional] in Event aKeyboardEvent,
+      [optional] in unsigned long aKeyFlags);
+
+  /**
+   * commitComposition() will commit composition with the last composition
+   * string.  If there is no composition, this will throw an exception.
+   *
+   * @param aKeyboardEvent  Key event which causes the commit composition.
+   *                        If its type value is "keydown", this method
+   *                        dispatches only keydown event first.  Otherwise,
+   *                        dispatches keydown first and keyup at last.
+   *                        key value and keyCode values of keydown event
+   *                        are set to "Process" and DOM_VK_PROCESSKEY
+   *                        automatically.  You can prevent this behavior
+   *                        with KEY_DONT_MARK_KEYDOWN_AS_PROCESSED.
+   * @param aKeyFlags       See KEY_* constants.
+   */
+  [can_run_script, optional_argc]
+    void commitComposition([optional] in Event aKeyboardEvent,
+                           [optional] in unsigned long aKeyFlags);
+
+  /**
+   * commitCompositionWith() will commit composition with the specific string.
+   * If there is no composition, this will start composition and commit it
+   * with the specified string.
+   *
+   * @param aCommitString   The string to be committed.
+   * @param aKeyboardEvent  Key event which causes the commit composition.
+   *                        If its type value is "keydown", this method
+   *                        dispatches only keydown event first.  Otherwise,
+   *                        dispatches keydown first and keyup at last.
+   *                        key value and keyCode values of keydown event
+   *                        are set to "Process" and DOM_VK_PROCESSKEY
+   *                        automatically.  You can prevent this behavior
+   *                        with KEY_DONT_MARK_KEYDOWN_AS_PROCESSED.
+   * @param aKeyFlags       See KEY_* constants.
+   * @return                Returns true if there is a composition already or
+   *                        starting composition automatically.
+   *                        Otherwise, i.e., if it cannot start composition
+   *                        automatically, e.g., canceled by web apps, returns
+   *                        false.
+   */
+  [can_run_script, optional_argc]
+    boolean commitCompositionWith(in AString aCommitString,
+                                  [optional] in Event aKeyboardEvent,
+                                  [optional] in unsigned long aKeyFlags);
+
+  /**
+   * cancelComposition() will cancel composition.  This is for now the same as
+   * calling commitComposition("").  However, in the future, this might work
+   * better.  If your IME needs to cancel composition, use this instead of
+   * commitComposition().
+   *
+   * Note that if you tries to cancel composition when there is no composition,
+   * this throws an exception.
+   *
+   * @param aKeyboardEvent  Key event which causes the canceling composition.
+   *                        If its type value is "keydown", this method
+   *                        dispatches only keydown event first.  Otherwise,
+   *                        dispatches keydown first and keyup at last.
+   *                        key value and keyCode values of keydown event
+   *                        are set to "Process" and DOM_VK_PROCESSKEY
+   *                        automatically.  You can prevent this behavior
+   *                        with KEY_DONT_MARK_KEYDOWN_AS_PROCESSED.
+   * @param aKeyFlags       See KEY_* constants.
+   */
+  [can_run_script, optional_argc]
+    void cancelComposition([optional] in Event aKeyboardEvent,
+                           [optional] in unsigned long aKeyFlags);
+
+  // Specifying KEY_DEFAULT_PREVENTED can dispatch key events whose
+  // defaultPrevented are true.  Note that if this is specified, keypress event
+  // won't be fired.
+  const unsigned long KEY_DEFAULT_PREVENTED                        = 0x00000001;
+  // If KEY_NON_PRINTABLE_KEY is specified and the .key value isn't valid
+  // key name, the methods will throws an exception.  In other words, this
+  // flag prevents to dispatch key events with wrong key values and to cause
+  // such key events input the key values as text.
+  const unsigned long KEY_NON_PRINTABLE_KEY                        = 0x00000002;
+  // If KEY_FORCE_PRINTABLE_KEY is specified and even if the .key value is a
+  // registered key name, it's treated as inputting text value.
+  const unsigned long KEY_FORCE_PRINTABLE_KEY                      = 0x00000004;
+  // If KEY_KEEP_KEY_LOCATION_STANDARD is specified when its .location is not
+  // initialized or initialized with 0, the value isn't computed with .code
+  // value.  Note that if .location is initialized with non-zero value,
+  // this flag causes throwing an exception.
+  // NOTE: This is not recommended to use except for tests.
+  const unsigned long KEY_KEEP_KEY_LOCATION_STANDARD               = 0x00000008;
+  // If KEY_KEEP_KEYCODE_ZERO is specified when its .keyCode is not initialized
+  // or initialized with 0, the value isn't computed with .key value when it
+  // represents non-printable key.  Note that if .keyCode is initialized with
+  // non-zero value, this flag causes throwing an exception.
+  const unsigned long KEY_KEEP_KEYCODE_ZERO                        = 0x00000010;
+  // If KEY_DONT_DISPATCH_MODIFIER_KEY_EVENT is specified when the key event is
+  // a modifier key's, keydown() and keyup() only modifies its modifier state
+  // without dispatching key events.  This is useful for testing odd behavior
+  // or emulating legacy API behavior.
+  const unsigned long KEY_DONT_DISPATCH_MODIFIER_KEY_EVENT         = 0x00000020;
+  // If KEY_DONT_MARK_KEYDOWN_AS_PROCESSED is specified, key value and keyCode
+  // value of keydown event are not changed to "Process" and DOM_VK_PROCESSKEY.
+  const unsigned long KEY_DONT_MARK_KEYDOWN_AS_PROCESSED           = 0x00000040;
+  // If KEY_MARK_KEYUP_AS_PROCESSED is specified, key value and keyCode value
+  // of keyup event are changed to "Process" and DOM_VK_PROCESSKEY.
+  const unsigned long KEY_MARK_KEYUP_AS_PROCESSED                  = 0x00000080;
+
+  // These values can be used to do bitwise operation with the return value of
+  // the keydown() method.
+  const unsigned long KEYEVENT_NOT_CONSUMED                        = 0x00000000;
+  const unsigned long KEYDOWN_IS_CONSUMED                          = 0x00000001;
+  const unsigned long KEYPRESS_IS_CONSUMED                         = 0x00000002;
+
+  /**
+   * keydown() may dispatch a keydown event and some keypress events if
+   * preceding keydown event isn't consumed and they are necessary.
+   * Note that even if this is called during composition, key events may not
+   * be dispatched.  In this case, this returns false.
+   *
+   * You should initialize at least .key value and .code value of the event.
+   * Additionally, if you try to emulate a printable key, .keyCode value should
+   * be specified if there is proper key value.  See the comment of above
+   * example how to decide .keyCode value of a printable key.  On the other
+   * hand, .keyCode value is automatically computed when you try to emulate
+   * non-printable key.  However, if you try to emulate physical keyboard of
+   * desktop platform, you need to specify proper value explicitly because
+   * the mapping table of this API isn't enough to emulate the behavior of
+   * Gecko for desktop platforms.
+   *
+   * NOTE: Even if this has composition, JS-Keyboard should call keydown() and
+   *       keyup().  Although, with the default preferences and normal
+   *       conditions, DOM key events won't be fired during composition.
+   *       However, they MAY be dispatched for some reasons, e.g., the web
+   *       content listens only key events, or if the standard DOM event spec
+   *       will be changed in the future.
+   *
+   * @param aKeyboardEvent  Must be a keyboard event which should be dispatched
+   *                        as a keydown event and keypress events.
+   *                        #1 Note that you don't need to set charCode value
+   *                        because it's computed from its key value.
+   *                        #2 If code value is set properly and location value
+   *                        isn't specified (i.e., 0), the location value will
+   *                        be guessed from the code value.
+   *                        #3 Non-defined code names are not allowed. If your
+   *                        key isn't registered, file a bug. If your key isn't
+   *                        defined by any standards, use "" (empty string).
+   *                        #4 .keyCode is guessed from .key value if the key
+   *                        name is registered and .keyCode isn't initialized.
+   *                        #5 modifier key states, e.g., .shiftKey, are
+   *                        ignored.  Instead, modifier states are managed by
+   *                        each instance and set automatically.
+   * @param aKeyFlags       Special flags.  The values can be some of KEY_*
+   *                        constants.
+   * @return                KEYEVENT_NOT_CONSUMED, if the keydown event nor
+   *                        the following keypress event(s) are consumed.
+   *                        KEYDOWN_IS_CONSUMED, if the keydown event is
+   *                        consumed. No keypress event will be dispatched in
+   *                        this case.
+   *                        KEYPRESS_IS_CONSUMED, if the keypress event(s) is
+   *                        consumed when dispatched.
+   *                        Note that keypress event is always consumed by
+   *                        native code for the printable keys (indicating the
+   *                        default action has been taken).
+   */
+  [can_run_script, optional_argc]
+    unsigned long keydown(in Event aKeyboardEvent,
+                          [optional] in unsigned long aKeyFlags);
+
+  /**
+   * Similar to keydown(), but this dispatches only a keyup event.
+   */
+  [optional_argc]
+    boolean keyup(in Event aKeyboardEvent,
+                  [optional] in unsigned long aKeyFlags);
+
+  /**
+   * getModifierState() returns modifier state managed by this instance.
+   *
+   * @param aModifier       One of modifier key names.  This doesn't support
+   *                        virtual modifiers like "Accel".
+   * @return                true if the modifier key is active.  Otherwise,
+   *                        false.
+   */
+  boolean getModifierState(in AString aModifierKey);
+
+  /**
+   * shareModifierStateOf() makes the instance shares modifier state of
+   * another instance.  When this is called, the instance refers the modifier
+   * state of another instance.  After that, changes to either this and the
+   * other instance's modifier state is synchronized.
+   *
+   * @param aOther          Another instance which will be referred by the
+   *                        instance.  If this is null, the instance restarts
+   *                        to manage modifier state independently.
+   */
+  void shareModifierStateOf(in nsITextInputProcessor aOther);
+
+  /**
+   * Helper method to get usual |.code| value of non-printable keys.
+   *
+   * @param aKeyValue       A predefined key value such as "Enter".
+   *                        If this is not a proper non-printable key value
+   *                        or a proper key value but not in usual keyboard of
+   *                        the platform, this returns empty string.
+   * @param aLocation       The |.location| value.  This is important if
+   *                        the key may be in different location.
+   *                        E.g., Left vs. Right or Standard vs. Numpad.
+   *                        If this is undefined or null, it'll be treated
+   *                        as Standard or Left.
+   * @return                One of a code value of well-known key on usual
+   *                        keyboard on the platform, or empty string.
+   */
+  [optional_argc]
+    AString computeCodeValueOfNonPrintableKey(
+              in AString aKeyValue,
+              [optional] in jsval aLocation);
+
+  /**
+   * Helper method to guess |.code| value of a printable key which is in usual
+   * keyboard of the platform and when active keyboard layout is US-English.
+   * Note that this is not aware of option key mapping on macOS.
+   *
+   * @param aKeyValue          The key value. Must be a character which can
+   *                           be inputted with US-English keyboard layout.
+   * @param aLocation          The location of the key.  This is important
+   *                           to distinguish whether the key is in Standard
+   *                           or Numpad. If this is undefined or null, will
+   *                           be treated as Standard.
+   * @return                   Returns empty string if there is no proper key.
+   */
+  [optional_argc]
+    AString guessCodeValueOfPrintableKeyInUSEnglishKeyboardLayout(
+              in AString aKeyValue,
+              [optional] in jsval aLocation);
+
+  /**
+   * Helper method to guess |.keyCode| value of a printable key which is in
+   * usual keyboard of the platform and when active keyboard layout is
+   * US-English.
+   * Note that this is not aware of option key mapping on macOS.
+   *
+   * @param aKeyValue          The key value.  Must be a character which can
+   *                           be inputted with US-English keyboard layout.
+   * @param aLocation          The location of the key.  This is important
+   *                           to distinguish whether the key is in Standard
+   *                           our Numpad.  If this is undefined or null,
+   *                           will be treated as Standard.
+   * @return                   Returns 0 if there is no proper key to input
+   *                           aKeyValue with US-English keyboard layout.
+   */
+  [optional_argc]
+    unsigned long guessKeyCodeValueOfPrintableKeyInUSEnglishKeyboardLayout(
+                    in AString aKeyValue,
+                    [optional] in jsval aLocation);
+};
+
+%{C++
+#define TEXT_INPUT_PROCESSOR_CID \
+  { 0xcaaab47f, 0x1e31, 0x478e, \
+    { 0x89, 0x19, 0x97, 0x09, 0x04, 0xe9, 0xcb, 0x72 } }
+#define TEXT_INPUT_PROCESSOR_CONTRACTID \
+  "@mozilla.org/text-input-processor;1"
+%}
diff --git a/dom/interfaces/base/nsITextInputProcessorCallback.idl b/dom/interfaces/base/nsITextInputProcessorCallback.idl
new file mode 100644
index 0000000000..8cee842108
--- /dev/null
+++ b/dom/interfaces/base/nsITextInputProcessorCallback.idl
@@ -0,0 +1,250 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsITextInputProcessor;
+
+/**
+ * nsITextInputProcessorNotification stores the type of notification to IME and
+ * its detail.  See each explanation of attribute for the detail.
+ */
+
+[scriptable, builtinclass, uuid(c0ce1add-82bb-45ab-b99a-42cfba7fd5d7)]
+interface nsITextInputProcessorNotification : nsISupports
+{
+  /**
+   * type attribute represents what's notified or requested.  Value must be
+   * one of following values:
+   *
+   * "request-to-commit"  (required to be handled)
+   *   This is requested when Gecko believes that active composition should be
+   *   committed.  nsITextInputProcessorCallback::onNotify() has to handle this
+   *   notification.
+   *
+   * "request-to-cancel" (required to be handled)
+   *   This is requested when Gecko believes that active composition should be
+   *   canceled.  I.e., composition should be committed with empty string.
+   *   nsITextInputProcessorCallback::onNotify() has to handle this
+   *   notification.
+   *
+   * "notify-end-input-transaction" (optional)
+   *   This is notified when the callback is detached from
+   *   nsITextInputProcessor.  I.e., the TextInputProcessor lost the rights
+   *   to input text and needs to call .beginInputTransaction() before next
+   *   input.
+   *
+   * "notify-focus" (optional)
+   *   This is notified when an editable editor gets focus and Gecko starts
+   *   to observe changes in the content. E.g., selection changes.
+   *   IME shouldn't change DOM tree, focus nor something when this is notified.
+   *
+   * "notify-blur" (optional)
+   *   This is notified when an editable editor loses focus and Gecko stops
+   *   observing the changes in the content.
+   *
+   * "notify-text-change" (optional)
+   *   This is notified when text in the focused editor is modified.
+   *   Some attributes below are available to retrieve the detail.
+   *   IME shouldn't change DOM tree, focus nor something when this is notified.
+   *   Note that when there is no chance to notify you of some text changes
+   *   safely, this represents all changes as a change.
+   *
+   * "notify-selection-change" (optional)
+   *   This is notified when selection in the focused editor is changed.
+   *   Some attributes below are available to retrieve the detail.
+   *   IME shouldn't change DOM tree, focus nor something when this is notified.
+   *   Note that when there was no chance to notify you of this safely, this
+   *   represents the latest selection change.
+   *
+   * "notify-position-change" (optional)
+   *   This is notified when layout is changed in the editor or the window
+   *   is moved.
+   *   IME shouldn't change DOM tree, focus nor something when this is notified.
+   *   Note that when there was no chance to notify you of this safely, this
+   *   represents the latest layout change.
+   */
+  readonly attribute ACString type;
+
+  /**
+   * This attribute has a vaild value when type is "notify-selection-change".
+   * This is true if selection has a range.  Otherwise, i.e., there is no
+   * range such as after calling Selection.removeAllRanges, this is false.
+   */
+  readonly attribute bool hasRange;
+
+  /**
+   * Be careful, line breakers in the editor are treated as native line
+   * breakers.  I.e., on Windows, a line breaker is "\r\n" (CRLF).  On the
+   * others, it is "\n" (LF).  If you want TextInputProcessor to treat line
+   * breakers on Windows as XP line breakers (LF), please file a bug with
+   * the reason why you need the behavior.
+   */
+
+  /**
+   * This attribute has a valid value when type is "notify-text-change", or
+   * is "notify-selection-change" and hasRange is true.
+   * This is offset of the start of modified text range if type is
+   * "notify-text-change".  Or offset of start of selection if type is
+   * "notify-selection-change".
+   */
+  readonly attribute unsigned long offset;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change"
+   * and hasRange is true.
+   * This is selected text.  I.e., the length is selected length and
+   * it's empty if the selection is collapsed.
+   */
+  readonly attribute AString text;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change".
+   * This is set to true when the selection is collapsed or no range.
+   * Otherwise, false.
+   */
+  readonly attribute boolean collapsed;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change"
+   * and hasRange is true.
+   * This is selected length.  I.e., if this is 0, collapsed is set to true.
+   */
+  readonly attribute uint32_t length;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change"
+   * and hasRange is true.
+   * When selection is created from latter point to former point, this is
+   * set to true.  Otherwise, false.
+   * I.e., if this is true, offset + length is the anchor of selection.
+   */
+  readonly attribute boolean reversed;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change".
+   * This indicates the start of the selection's writing mode.
+   * The value can be "horizontal-tb", "vertical-rl" or "vertical-lr".
+   */
+  readonly attribute ACString writingMode;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change".
+   * If the selection change was caused by composition, this is set to true.
+   * Otherwise, false.
+   */
+  readonly attribute boolean causedByComposition;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change".
+   * If the selection change was caused by selection event, this is set to true.
+   * Otherwise, false.
+   */
+  readonly attribute boolean causedBySelectionEvent;
+
+  /**
+   * This attribute has a valid value when type is "notify-selection-change".
+   * If the selection change occurred during composition, this is set to true.
+   * Otherwise, false.
+   */
+  readonly attribute boolean occurredDuringComposition;
+
+  /**
+   * This attribute has a valid value when type is "notify-text-change".
+   * This is removed text length by the change(s).  If this is empty, new text
+   * was just inserted.  Otherwise, the text is replaced with new text.
+   */
+  readonly attribute unsigned long removedLength;
+
+  /**
+   * This attribute has a valid value when type is "notify-text-change".
+   * This is added text length by the change(s).  If this is empty, old text
+   * was just deleted.  Otherwise, the text replaces the old text.
+   */
+  readonly attribute unsigned long addedLength;
+
+  /**
+   * This attribute has a valid value when type is "notify-text-change".
+   * If the text change(s) was caused only by composition, this is set to true.
+   * Otherwise, false.  I.e., if one of text changes are caused by JS or
+   * modifying without composition, this is set to false.
+   */
+  readonly attribute boolean causedOnlyByComposition;
+
+  /**
+   * This attribute has a valid value when type is "notify-text-change".
+   * If at least one text change not caused by composition occurred during
+   * composition, this is set to true.  Otherwise, false.
+   * Note that this is set to false when new change is caused by neither
+   * composition nor occurred during composition because it's outdated for
+   * new composition.
+   * In other words, when text changes not caused by composition occurred
+   * during composition and it may cause committing composition, this is
+   * set to true.
+   */
+  readonly attribute boolean includingChangesDuringComposition;
+
+  /**
+   * This attribute has a valid value when type is "notify-text-change".
+   * If at least one text change occurred when there was no composition, this
+   * is set to true.  Otherwise, false.
+   */
+  readonly attribute boolean includingChangesWithoutComposition;
+};
+
+/**
+ * nsITextInputProcessorCallback is a callback interface for JS to implement
+ * IME.  IME implemented by JS can implement onNotify() function and must send
+ * it to nsITextInputProcessor at initializing.  Then, onNotify() will be
+ * called with nsITextInputProcessorNotification instance.
+ * The reason why onNotify() uses string simply is that if we will support
+ * other notifications such as text changes and selection changes, we need to
+ * notify IME of some other information.  Then, only changing
+ * nsITextInputProcessorNotification interface is better for compatibility.
+ */
+
+[scriptable, function, uuid(23d5f242-adb5-46f1-8766-90d1bf0383df)]
+interface nsITextInputProcessorCallback : nsISupports
+{
+  /**
+   * When Gecko notifies IME of something or requests something to IME,
+   * this is called.
+   *
+   * @param aTextInputProcessor Reference to the nsITextInputProcessor service
+   *                            which is the original receiver of the request
+   *                            or notification.
+   * @param aNotification       Stores type of notifications and additional
+   *                            information.
+   * @return                    Return true if it succeeded or does nothing.
+   *                            Otherwise, return false.
+   *
+   * Example #1 The simplest implementation of nsITextInputProcessorCallback is:
+   *
+   *   function simpleCallback(aTIP, aNotification)
+   *   {
+   *     try {
+   *       switch (aNotification.type) {
+   *         case "request-to-commit":
+   *           aTIP.commitComposition();
+   *           break;
+   *         case "request-to-cancel":
+   *           aTIP.cancelComposition();
+   *           break;
+   *       }
+   *     } catch (e) {
+   *       return false;
+   *     }
+   *     return true;
+   *   }
+   *
+   *   var TIP = Components.classes["@mozilla.org/text-input-processor;1"].
+   *               createInstance(Components.interfaces.nsITextInputProcessor);
+   *   if (!TIP.init(window, simpleCallback)) {
+   *     return;
+   *   }
+   */
+  boolean onNotify(in nsITextInputProcessor aTextInputProcessor,
+                   in nsITextInputProcessorNotification aNotification);
+};
diff --git a/dom/interfaces/events/moz.build b/dom/interfaces/events/moz.build
new file mode 100644
index 0000000000..8d0d35b064
--- /dev/null
+++ b/dom/interfaces/events/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Events")
+
+XPIDL_SOURCES += [
+    "nsIDOMEventListener.idl",
+]
+
+XPIDL_MODULE = "dom_events"
diff --git a/dom/interfaces/events/nsIDOMEventListener.idl b/dom/interfaces/events/nsIDOMEventListener.idl
new file mode 100644
index 0000000000..f9b56c237a
--- /dev/null
+++ b/dom/interfaces/events/nsIDOMEventListener.idl
@@ -0,0 +1,32 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+
+webidl Event;
+
+/**
+ * The nsIDOMEventListener interface is a callback interface for
+ * listening to events in the Document Object Model.
+ *
+ * For more information on this interface please see
+ * http://www.w3.org/TR/DOM-Level-2-Events/
+ */
+
+[uuid(df31c120-ded6-11d1-bd85-00805f8ae3f4)]
+interface nsIDOMEventListener : nsISupports
+{
+  /**
+   * This method is called whenever an event occurs of the type for which
+   * the EventListener interface was registered.
+   *
+   * @param   evt The Event contains contextual information about the
+   *              event. It also contains the stopPropagation and
+   *              preventDefault methods which are used in determining the
+   *              event's flow and default action.
+   */
+  [can_run_script]
+  void                      handleEvent(in Event event);
+};
diff --git a/dom/interfaces/geolocation/moz.build b/dom/interfaces/geolocation/moz.build
new file mode 100644
index 0000000000..22917ef311
--- /dev/null
+++ b/dom/interfaces/geolocation/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Geolocation")
+
+XPIDL_SOURCES += [
+    "nsIDOMGeoPosition.idl",
+    "nsIDOMGeoPositionCallback.idl",
+    "nsIDOMGeoPositionCoords.idl",
+    "nsIDOMGeoPositionErrorCallback.idl",
+]
+
+XPIDL_MODULE = "dom_geolocation"
diff --git a/dom/interfaces/geolocation/nsIDOMGeoPosition.idl b/dom/interfaces/geolocation/nsIDOMGeoPosition.idl
new file mode 100644
index 0000000000..69c29a6e08
--- /dev/null
+++ b/dom/interfaces/geolocation/nsIDOMGeoPosition.idl
@@ -0,0 +1,14 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "domstubs.idl"
+#include "nsIDOMGeoPositionCoords.idl"
+
+[scriptable, uuid(dd9f7e81-0f74-4fb5-b361-37019bf60c3f)]
+interface nsIDOMGeoPosition : nsISupports
+{
+  readonly attribute EpochTimeStamp timestamp;
+  readonly attribute nsIDOMGeoPositionCoords coords;
+};
diff --git a/dom/interfaces/geolocation/nsIDOMGeoPositionCallback.idl b/dom/interfaces/geolocation/nsIDOMGeoPositionCallback.idl
new file mode 100644
index 0000000000..9abb6b7932
--- /dev/null
+++ b/dom/interfaces/geolocation/nsIDOMGeoPositionCallback.idl
@@ -0,0 +1,13 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "domstubs.idl"
+
+interface nsIDOMGeoPosition;
+
+[scriptable, function, uuid(527E8B53-6F29-4B6A-8D04-5C1666A4C4C1)]
+interface nsIDOMGeoPositionCallback : nsISupports {
+  void handleEvent(in nsIDOMGeoPosition position);
+};
diff --git a/dom/interfaces/geolocation/nsIDOMGeoPositionCoords.idl b/dom/interfaces/geolocation/nsIDOMGeoPositionCoords.idl
new file mode 100644
index 0000000000..a25fb98228
--- /dev/null
+++ b/dom/interfaces/geolocation/nsIDOMGeoPositionCoords.idl
@@ -0,0 +1,18 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "domstubs.idl"
+
+[scriptable, uuid(B31702D0-6DAC-4FA0-B93B-F043E71C8F9A)]
+interface nsIDOMGeoPositionCoords : nsISupports
+{
+  readonly attribute double latitude;
+  readonly attribute double longitude;
+  readonly attribute double altitude;
+  readonly attribute double accuracy;
+  readonly attribute double altitudeAccuracy;
+  readonly attribute double heading;
+  readonly attribute double speed;
+};
diff --git a/dom/interfaces/geolocation/nsIDOMGeoPositionErrorCallback.idl b/dom/interfaces/geolocation/nsIDOMGeoPositionErrorCallback.idl
new file mode 100644
index 0000000000..1aa911a9e1
--- /dev/null
+++ b/dom/interfaces/geolocation/nsIDOMGeoPositionErrorCallback.idl
@@ -0,0 +1,13 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "domstubs.idl"
+
+webidl GeolocationPositionError;
+
+[scriptable, function, uuid(7D9B09D9-4843-43EB-A7A7-67F7DDA6B3C4)]
+interface nsIDOMGeoPositionErrorCallback : nsISupports {
+  void handleEvent(in GeolocationPositionError positionError);
+};
diff --git a/dom/interfaces/html/moz.build b/dom/interfaces/html/moz.build
new file mode 100644
index 0000000000..516bce30e2
--- /dev/null
+++ b/dom/interfaces/html/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Core & HTML")
+
+XPIDL_SOURCES += [
+    "nsIDOMMozBrowserFrame.idl",
+    "nsIMozBrowserFrame.idl",
+]
+
+XPIDL_MODULE = "dom_html"
diff --git a/dom/interfaces/html/nsIDOMMozBrowserFrame.idl b/dom/interfaces/html/nsIDOMMozBrowserFrame.idl
new file mode 100644
index 0000000000..5ca9a19e6a
--- /dev/null
+++ b/dom/interfaces/html/nsIDOMMozBrowserFrame.idl
@@ -0,0 +1,27 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set tw=80 expandtab softtabstop=2 ts=2 sw=2: */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, builtinclass, uuid(4CAFE116-581B-4194-B0DE-7F02378FC51D)]
+interface nsIDOMMozBrowserFrame : nsISupports
+{
+  /**
+   * <iframe> element may have the mozbrowser attribute.
+   *
+   * The mozbrowser attribute has no effect unless the <iframe> element is
+   * contained in a document privileged to create browser frames.
+   *
+   * An <iframe> element in a privileged document with the mozbrowser attribute
+   * emits a variety of events when various things happen inside the frame.
+   *
+   * This will be documented eventually, but for more information at the moment,
+   * see dom/browser-element/BrowserElement{Child,Parent}.js.
+   *
+   */
+  [infallible] attribute boolean mozbrowser;
+};
diff --git a/dom/interfaces/html/nsIMozBrowserFrame.idl b/dom/interfaces/html/nsIMozBrowserFrame.idl
new file mode 100644
index 0000000000..aec4fdfbeb
--- /dev/null
+++ b/dom/interfaces/html/nsIMozBrowserFrame.idl
@@ -0,0 +1,34 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim:set tw=80 expandtab softtabstop=2 ts=2 sw=2: */
+
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIDOMMozBrowserFrame.idl"
+
+interface nsIRemoteTab;
+
+[scriptable, builtinclass, uuid(0c0a862c-1a47-43c0-ae9e-d51835e3e1a6)]
+interface nsIMozBrowserFrame : nsIDOMMozBrowserFrame
+{
+  /**
+   * Gets whether this frame really is a browser frame.
+   *
+   * In order to really be a browser frame, this frame's
+   * nsIDOMMozBrowserFrame::mozbrowser attribute must be true, and the frame
+   * may have to pass various security checks.
+   */
+  [infallible] readonly attribute boolean reallyIsBrowser;
+
+  /**
+   * Initialize the API, and add frame message listener that supports API
+   * invocations.
+   */
+  [noscript] void initializeBrowserAPI();
+
+  /**
+   * Notify frame scripts that support the API to destroy.
+   */
+  [noscript] void destroyBrowserFrameScripts();
+};
diff --git a/dom/interfaces/notification/moz.build b/dom/interfaces/notification/moz.build
new file mode 100644
index 0000000000..a4e9cfc9d4
--- /dev/null
+++ b/dom/interfaces/notification/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Push Notifications")
+
+XPIDL_SOURCES += [
+    "nsINotificationStorage.idl",
+]
+
+XPIDL_MODULE = "dom_notification"
diff --git a/dom/interfaces/notification/nsINotificationStorage.idl b/dom/interfaces/notification/nsINotificationStorage.idl
new file mode 100644
index 0000000000..b341a0c42c
--- /dev/null
+++ b/dom/interfaces/notification/nsINotificationStorage.idl
@@ -0,0 +1,119 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+
+[scriptable, uuid(c1622232-259c-43b0-b52e-89c39dcd9796)]
+interface nsINotificationStorageCallback : nsISupports
+{
+  /**
+   * Callback function used to pass single notification back
+   * into C++ land for Notification.get return data.
+   *
+   * @param id: a uuid for this notification
+   * @param title: the notification title
+   * @param dir: the notification direction,
+   *             possible values are "ltr", "rtl", "auto"
+   * @param lang: the notification language
+   * @param body: the notification body
+   * @param tag: the notification tag
+   */
+  void handle(in AString id,
+              in AString title,
+              in AString dir,
+              in AString lang,
+              in AString body,
+              in AString tag,
+              in AString icon,
+              in AString data,
+              in AString behavior,
+              in AString serviceWorkerRegistrationScope);
+
+  /**
+   * Callback function used to notify C++ the we have returned
+   * all notification objects for this Notification.get call.
+   */
+  void done();
+};
+
+/**
+ * Interface for notification persistence layer.
+ */
+[scriptable, uuid(17f85e52-fe57-440e-9ba1-5c312ca02b95)]
+interface nsINotificationStorage : nsISupports
+{
+
+  /**
+   * Add/replace a notification to the persistence layer.
+   *
+   * @param origin: the origin/app of this notification
+   * @param id: a uuid for this notification
+   * @param title: the notification title
+   * @param dir: the notification direction,
+   *             possible values are "ltr", "rtl", "auto"
+   * @param lang: the notification language
+   * @param body: the notification body
+   * @param tag: notification tag, will replace any existing
+   *             notifications with same origin/tag pair
+   * @param alertName: the alert identifier as used by system app.
+   *                   Stored in the database to avoid re-computing
+   *                   it. Built from origin and tag or id depending
+   *                   whether there is a tag defined.
+   * @param registrationID: Opaque string that identifies the service worker
+   *                        registration this Notification is associated with.
+   *                        May be empty. Only set for Notifications created by
+   *                        showNotification().
+   */
+  void put(in AString origin,
+           in AString id,
+           in AString title,
+           in AString dir,
+           in AString lang,
+           in AString body,
+           in AString tag,
+           in AString icon,
+           in AString alertName,
+           in AString data,
+           in AString behavior,
+           in AString serviceWorkerRegistrationScope);
+
+  /**
+   * Retrieve a list of notifications.
+   *
+   * @param origin: the origin/app for which to fetch notifications from
+   * @param tag: used to fetch only a specific tag
+   * @param callback: nsINotificationStorageCallback, used for
+   *                  returning notifications objects
+   */
+  void get(in AString origin,
+           in AString tag,
+           in nsINotificationStorageCallback aCallback);
+
+  /**
+   * Retrieve a notification by ID.
+   *
+   * @param origin: the origin/app for which to fetch notifications.
+   * @param id: the id of the notification.
+   * @param callback: nsINotificationStorageCallback whose Handle method will
+   * be called *at most once* if the notification with that ID is found. Not
+   * called if that ID is not found. Done() will be called right after
+   * Handle().
+   */
+  void getByID(in AString origin,
+               in AString id,
+               in nsINotificationStorageCallback aCallback);
+
+  /**
+   * Remove a notification from storage.
+   *
+   * @param origin: the origin/app to delete the notification from
+   * @param id: the uuid for the notification to delete
+   */
+  void delete(in AString origin,
+              in AString id);
+};
+
+%{C++
+#define NS_NOTIFICATION_STORAGE_CONTRACTID "@mozilla.org/notificationStorage;1"
+%}
diff --git a/dom/interfaces/payments/moz.build b/dom/interfaces/payments/moz.build
new file mode 100644
index 0000000000..f7e1229a82
--- /dev/null
+++ b/dom/interfaces/payments/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+XPIDL_SOURCES += [
+    "nsIPaymentActionResponse.idl",
+    "nsIPaymentAddress.idl",
+    "nsIPaymentRequest.idl",
+    "nsIPaymentRequestService.idl",
+    "nsIPaymentUIService.idl",
+]
+
+XPIDL_MODULE = "dom_payments"
diff --git a/dom/interfaces/payments/nsIPaymentActionResponse.idl b/dom/interfaces/payments/nsIPaymentActionResponse.idl
new file mode 100644
index 0000000000..36d5be3b94
--- /dev/null
+++ b/dom/interfaces/payments/nsIPaymentActionResponse.idl
@@ -0,0 +1,406 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIVariant.idl"
+#include "nsIPaymentAddress.idl"
+
+/**
+ *  The base interface of response data for the specified payment method.
+ *  The response data is the content of the PaymentResponse's detail attribute.
+ */
+[builtinclass, scriptable, uuid(2a338575-c688-40ee-a157-7488ab292ef2)]
+interface nsIPaymentResponseData: nsISupports
+{
+  /**
+   *  The consts for representing the response data type.
+   *  GENERAL_RESPONSE is the general purpose response data type. Except basic
+   *  card response data, all response data should belong to this type.
+   *  BASICCARD_RESPONSE is a special response data type for basic card response.
+   */
+  const uint32_t GENERAL_RESPONSE = 0;
+  const uint32_t BASICCARD_RESPONSE = 1;
+
+  /**
+   *  The response data type.
+   *  Using the above defined consts(GENERAL_RESPONSE or BASICCARD_RESPONSE).
+   */
+  readonly attribute uint32_t type;
+
+  /**
+   *  The initial method.
+   *  @param aType - the response data type.
+   */
+  void init(in uint32_t aType);
+};
+
+/**
+ * The general purpose response data.
+ */
+[builtinclass, scriptable, uuid(b986773e-2b30-4ed2-b8fe-6a96631c8000)]
+interface nsIGeneralResponseData : nsIPaymentResponseData
+{
+  /**
+   *  The stringified response data.
+   */
+  readonly attribute AString data;
+
+  /**
+   *  The initial method for nsIGeneralResponseData.
+   *  @param aData - the javascript object of the content.
+   */
+  [implicit_jscontext]
+  void initData(in jsval aData);
+};
+
+/**
+ *  The basic card response data.
+ *  Since PaymentAddress is an no constructor interface type, UI code can not
+ *  easy create PaymentAddress by calling new PaymentAddress().
+ *  Unfortunately, BasicCardResponse has a PaymentAddress attribute, billingAddress
+ *  , it means UI can not create BsaicCardResponse by calling the init() with a
+ *  given JSObject directly, because PaymentAddress creation in JS code is hard.
+ *  To let UI code can create BasicCardResponse easier, nsIBasicCardResponse is
+ *  provided for UI by passing the raw data of BasicCardResponse,
+ */
+[builtinclass, scriptable, uuid(0d55a5e6-d185-44f0-b992-a8e1321e4bce)]
+interface nsIBasicCardResponseData : nsIPaymentResponseData
+{
+  /**
+   *  The cardholder name.
+   */
+  readonly attribute AString cardholderName;
+
+  /**
+   *  The card number.
+   */
+  readonly attribute AString cardNumber;
+
+  /**
+   *  The expiry month.
+   */
+  readonly attribute AString expiryMonth;
+
+  /**
+   *  The expiry year.
+   */
+  readonly attribute AString expiryYear;
+
+  /**
+   *  The card security number.
+   */
+  readonly attribute AString cardSecurityCode;
+
+  /**
+   *  The billing address.
+   */
+  readonly attribute nsIPaymentAddress billingAddress;
+
+  /**
+   *  The initial method for nsIBasicCardResponseData.
+   *  @param aCardholderName   - the cardholder name.
+   *  @param aCardNumber       - the card number.
+   *  @param aExpiryMonth      - the expiry month.
+   *  @param aExpiryYear       - the expiry year.
+   *  @param aCardSecurityCode - the card security code.
+   *  @param aBillingAddreess  - the billing address.
+   */
+  void initData(in AString aCardholderName,
+                in AString aCardNumber,
+                in AString aExpiryMonth,
+                in AString aExpiryYear,
+                in AString aCardSecurityCode,
+                in nsIPaymentAddress billingAddress);
+};
+
+/**
+ *  The base interface of user's response.
+ *  Payment UI should create different sub-interface of nsIPaymentActionResponse
+ *  according to user's action, and call nsIPaymentRequestService::respondPayment
+ *  with the created action to inform the merchant.
+ */
+[builtinclass, scriptable, uuid(a607c095-ef60-4a9b-a3d0-0506c60728b3)]
+interface nsIPaymentActionResponse : nsISupports
+{
+  /**
+   *  The response type.
+   *  Align type to nsIPaymentActionRequest types,
+   *  where 1 is for payment request creation.
+   *  the action expects no response from UI module.
+   */
+  const uint32_t NO_TYPE = 0;
+  // const uint32_t CREATE_ACTION = 1;
+  const uint32_t CANMAKE_ACTION = 2;
+  const uint32_t SHOW_ACTION = 3;
+  const uint32_t ABORT_ACTION = 4;
+  const uint32_t COMPLETE_ACTION = 5;
+
+  /**
+   *  The abort status.
+   */
+  const uint32_t ABORT_SUCCEEDED = 1;
+  const uint32_t ABORT_FAILED = 0;
+
+  /**
+   *  The payment status.
+   */
+  const uint32_t PAYMENT_REJECTED = 0;
+  const uint32_t PAYMENT_ACCEPTED = 1;
+  const uint32_t PAYMENT_NOTSUPPORTED = 2;
+
+  /**
+   *  The complete status.
+   */
+  const uint32_t COMPLETE_SUCCEEDED = 1;
+  const uint32_t COMPLETE_FAILED = 0;
+
+  /*
+   *  The payment request identity.
+   */
+  readonly attribute AString requestId;
+
+  /*
+   *  The response type.
+   */
+  readonly attribute uint32_t type;
+};
+
+/**
+ *  The response for canMakePayment action.
+ */
+[builtinclass, scriptable, uuid(52fc3f9f-c0cb-4874-b3d4-ee4b6e9cbe9c)]
+interface nsIPaymentCanMakeActionResponse : nsIPaymentActionResponse
+{
+  /**
+   *  The result of canMakePayment action.
+   */
+  readonly attribute bool result;
+
+  /**
+   *  The initial method.
+   *  @param aRequestId - the request identifier of the payment request.
+   *  @param aResult - the canMakePayment result.
+   */
+  void init(in AString aRequestId, in bool aResult);
+};
+
+/**
+ *  The response for show action.
+ *  Notice that to represent user's cancel, we should use nsIPaymentShowActionResponse
+ *  with PAYMENT_REJECTED status, not nsIPaymentAbortActionResponse.
+ */
+[builtinclass, scriptable, uuid(184385cb-2d35-4b99-a9a3-7c780bf66b9b)]
+interface nsIPaymentShowActionResponse : nsIPaymentActionResponse
+{
+  /**
+   *  Accept status of the payment.
+   *  Using the defined consts(PAYMENT_XXX) in nsIPaymentActionResponse.
+   */
+  readonly attribute uint32_t acceptStatus;
+
+  /**
+   *  The decided payment method name. i.e. "basic-card".
+   */
+  readonly attribute AString methodName;
+
+  /**
+   *  The data needed by the payment method. (it must be serializable)
+   */
+  readonly attribute nsIPaymentResponseData data;
+
+  /**
+   *  The payer name information.
+   */
+  readonly attribute AString payerName;
+
+  /**
+   *  The payer email information.
+   */
+  readonly attribute AString payerEmail;
+
+  /**
+   *  The payer phone information.
+   */
+  readonly attribute AString payerPhone;
+
+  /**
+   *  The initial method.
+   *  @param aRequestId - the request identifier of the payment request.
+   *  @param aAcceptStatus - the payment status.
+   *  @param aMethodName - the decided method name.
+   *  @param aData - the response data for the decided payment method.
+   *  @param aPayerName - the payer's name.
+   *  @param aPayerEmail - the payer's email.
+   *  @param aPayerPhone - the payer's phone.
+   */
+  void init(in AString aRequestId,
+            in uint32_t aAcceptStatus,
+            in AString aMethodName,
+            in nsIPaymentResponseData aData,
+            in AString aPayerName,
+            in AString aPayerEmail,
+            in AString aPayerPhone);
+};
+
+/**
+ *  The response for abort action.
+ */
+[builtinclass, scriptable, uuid(8c72bcdb-0c37-4786-a9e5-510afa2f8ede)]
+interface nsIPaymentAbortActionResponse : nsIPaymentActionResponse
+{
+  /**
+   *  The abort action status.
+   *  Using the defined consts(ABORT_XXX) in nsIPaymentActionResponse.
+   */
+  readonly attribute uint32_t abortStatus;
+
+  /**
+   *  The Initial method.
+   *  @param aRequestId - the request identifier of payment request.
+   *  @param aAbortStatus - the abort action result.
+   */
+  void init(in AString aRequestId, in uint32_t aAbortStatus);
+
+  /**
+   *  Check if the abort action is succeeded
+   */
+  bool isSucceeded();
+};
+
+[builtinclass, scriptable, uuid(62c01e69-9ca4-4060-99e4-b95f628c8e6d)]
+interface nsIPaymentCompleteActionResponse : nsIPaymentActionResponse
+{
+  /**
+   *  The complete action status.
+   *  Using the defined consts(COMPLETE_XXX) in nsIPaymentActionResponse.
+   */
+  readonly attribute uint32_t completeStatus;
+
+  /**
+   *  The Initial method.
+   *  @param aRequestId - the request identifier of payment request.
+   *  @param aCompleteStatus - the complete action result.
+   */
+  void init(in AString aRequestId,
+            in uint32_t aCompleteStatus);
+
+  /**
+   *  Check if the complete action is succeeded.
+   */
+  bool isCompleted();
+};
+
+[builtinclass, scriptable, uuid(2035e0a9-c9ab-4c9f-b8e9-28b2ed61548c)]
+interface nsIMethodChangeDetails : nsISupports
+{
+  /**
+   *  The consts for representing the method change details data type.
+   *  GENERAL_DETAILS is the general purpose details data type. Except basic
+   *  card details, all details should belong to this type.
+   *  BASICCARD_DETAILS is a special details data type for basic card change
+   *  details.
+   */
+  const uint32_t GENERAL_DETAILS = 0;
+  const uint32_t BASICCARD_DETAILS = 1;
+
+  /**
+   *  The method change details data type.
+   *  Using the above defined consts(GENERAL_DETAILS or BASICCARD_DETAILS).
+   */
+  readonly attribute uint32_t type;
+
+  /**
+   *  The initial method.
+   *  @param aType - the method change details data type.
+   */
+  void init(in uint32_t aType);
+};
+
+/**
+ * The general purpose method change details.
+ */
+[builtinclass, scriptable, uuid(e031267e-bec8-4f3c-b0b1-396b77ca260c)]
+interface nsIGeneralChangeDetails : nsIMethodChangeDetails
+{
+  /**
+   *  The stringified change details.
+   */
+  readonly attribute AString details;
+
+  /**
+   *  The initial method for nsIGeneralChangeDetails.
+   *  @param aData - the javascript object of the content.
+   */
+  [implicit_jscontext]
+  void initData(in jsval aDetails);
+};
+
+/**
+ *  The basic card change details.
+ *  Since PaymentAddress is an no constructor interface type, UI code can not
+ *  easy create PaymentAddress by calling new PaymentAddress().
+ *  Unfortunately, BasicCardResponse has a PaymentAddress attribute, billingAddress
+ *  , it means UI can not create BsaicCardChangeDetails by calling the init() with a
+ *  given JSObject directly, because PaymentAddress creation in JS code is hard.
+ *  To let UI code can create BasicCardResponse easier, nsIBasicCardResponse is
+ *  provided for UI by passing the raw data of BasicCardResponse,
+ */
+[builtinclass, scriptable, uuid(5296f79e-15ea-40c3-8196-19cfa64d328c)]
+interface nsIBasicCardChangeDetails : nsIMethodChangeDetails
+{
+  /**
+   *  The billing address.
+   */
+  readonly attribute nsIPaymentAddress billingAddress;
+
+  /**
+   *  The initial method for nsIBasicCardChangeDetails.
+   *  @param aBillingAddreess  - the billing address.
+   */
+  void initData(in nsIPaymentAddress billingAddress);
+};
+
+
+%{C++
+#define NS_GENERAL_RESPONSE_DATA_CID \
+  { 0xb986773e, 0x2b30, 0x4ed2, { 0xb8, 0xfe, 0x6a, 0x96, 0x63, 0x1c, 0x80, 0x00 } }
+#define NS_GENERAL_RESPONSE_DATA_CONTRACT_ID \
+  "@mozilla.org/dom/payments/general-response-data;1"
+
+#define NS_BASICCARD_RESPONSE_DATA_CID \
+  { 0x0d55a5e6, 0xd185, 0x44f0, { 0xb9, 0x92, 0xa8, 0xe1, 0x32, 0x1e, 0x4b, 0xce } }
+#define NS_BASICCARD_RESPONSE_DATA_CONTRACT_ID \
+  "@mozilla.org/dom/payments/basiccard-response-data;1"
+
+#define NS_PAYMENT_CANMAKE_ACTION_RESPONSE_CID \
+  { 0x52fc3f9f, 0xc0cb, 0x4874, { 0xb3, 0xd4, 0xee, 0x4b, 0x6e, 0x9c, 0xbe, 0x9c } }
+#define NS_PAYMENT_CANMAKE_ACTION_RESPONSE_CONTRACT_ID \
+  "@mozilla.org/dom/payments/payment-canmake-action-response;1"
+
+#define NS_PAYMENT_SHOW_ACTION_RESPONSE_CID \
+  { 0x184385cb, 0x2d35, 0x4b99, { 0xa9, 0xa3, 0x7c, 0x78, 0x0b, 0xf6, 0x6b, 0x9b } }
+#define NS_PAYMENT_SHOW_ACTION_RESPONSE_CONTRACT_ID \
+  "@mozilla.org/dom/payments/payment-show-action-response;1"
+
+#define NS_PAYMENT_ABORT_ACTION_RESPONSE_CID \
+  { 0x8c72bcdb, 0x0c37, 0x4786, { 0xa9, 0xe5, 0x51, 0x0a, 0xfa, 0x2f, 0x8e, 0xde } }
+#define NS_PAYMENT_ABORT_ACTION_RESPONSE_CONTRACT_ID \
+  "@mozilla.org/dom/payments/payment-abort-action-response;1"
+
+#define NS_PAYMENT_COMPLETE_ACTION_RESPONSE_CID \
+  { 0x62c01e69, 0x9ca4, 0x4060, { 0x99, 0xe4, 0xb9, 0x5f, 0x62, 0x8c, 0x8e, 0x6d } }
+#define NS_PAYMENT_COMPLETE_ACTION_RESPONSE_CONTRACT_ID \
+  "@mozilla.org/dom/payments/payment-complete-action-response;1"
+
+#define NS_GENERAL_CHANGE_DETAILS_CID \
+  { 0xe031267e, 0xbec8, 0x4f3c, { 0xb0, 0xb1, 0x39, 0x6b, 0x77, 0xca, 0x26, 0x0c } }
+#define NS_GENERAL_CHANGE_DETAILS_CONTRACT_ID \
+  "@mozilla.org/dom/payments/general-change-details;1"
+
+#define NS_BASICCARD_CHANGE_DETAILS_CID \
+  { 0x5296f79e, 0x15ea, 0x40c3, { 0x81, 0x96, 0x19, 0xcf, 0xa6, 0x4d, 0x32, 0x8c } }
+#define NS_BASICCARD_CHANGE_DETAILS_CONTRACT_ID \
+  "@mozilla.org/dom/payments/basiccard-change-details;1"
+%}
diff --git a/dom/interfaces/payments/nsIPaymentAddress.idl b/dom/interfaces/payments/nsIPaymentAddress.idl
new file mode 100644
index 0000000000..7f9bf39e51
--- /dev/null
+++ b/dom/interfaces/payments/nsIPaymentAddress.idl
@@ -0,0 +1,43 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+
+[builtinclass, scriptable, uuid(49a02241-7e48-477a-9345-9f246925dcb3)]
+interface nsIPaymentAddress : nsISupports
+{
+  readonly attribute AString country;
+  readonly attribute nsIArray addressLine;
+  readonly attribute AString region;
+  readonly attribute AString regionCode;
+  readonly attribute AString city;
+  readonly attribute AString dependentLocality;
+  readonly attribute AString postalCode;
+  readonly attribute AString sortingCode;
+  readonly attribute AString organization;
+  readonly attribute AString recipient;
+  readonly attribute AString phone;
+
+  void init(in AString aCountry,
+            in nsIArray aAddressLine,
+            in AString aRegion,
+            in AString aRegionCode,
+            in AString aCity,
+            in AString aDependentLocality,
+            in AString aPostalCode,
+            in AString aSortingCode,
+            in AString aOrganization,
+            in AString aRecipient,
+            in AString aPhone);
+};
+
+%{C++
+#define NS_PAYMENT_ADDRESS_CID \
+  { 0x49a02241, 0x7e48, 0x477a, { 0x93, 0x45, 0x9f, 0x24, 0x69, 0x25, 0xdc, 0xb3 } }
+#define NS_PAYMENT_ADDRESS_CONTRACT_ID \
+  "@mozilla.org/dom/payments/payment-address;1"
+%}
diff --git a/dom/interfaces/payments/nsIPaymentRequest.idl b/dom/interfaces/payments/nsIPaymentRequest.idl
new file mode 100644
index 0000000000..ea5b6cba47
--- /dev/null
+++ b/dom/interfaces/payments/nsIPaymentRequest.idl
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIVariant.idl"
+#include "nsIPrincipal.idl"
+
+interface nsIArray;
+
+[scriptable, builtinclass, uuid(2fe296cc-d917-4820-b492-aa42df23f9b4)]
+interface nsIPaymentMethodData : nsISupports
+{
+  readonly attribute AString supportedMethods;
+  [implicit_jscontext]
+  readonly attribute jsval data;
+};
+
+[scriptable, builtinclass, uuid(d22a6f5f-767b-4fea-bf92-68b0b8003eba)]
+interface nsIPaymentCurrencyAmount : nsISupports
+{
+  readonly attribute AString currency;
+  readonly attribute AString value;
+};
+
+[scriptable, builtinclass, uuid(4f78a59f-b5ff-4fb5-ab48-3b37d0101b02)]
+interface nsIPaymentItem : nsISupports
+{
+  readonly attribute AString label;
+  readonly attribute nsIPaymentCurrencyAmount amount;
+  readonly attribute boolean pending;
+};
+
+[scriptable, builtinclass, uuid(74259861-c318-40e8-b3d5-518e701bed80)]
+interface nsIPaymentDetailsModifier : nsISupports
+{
+  readonly attribute AString supportedMethods;
+  readonly attribute nsIPaymentItem total;
+  readonly attribute nsIArray additionalDisplayItems;
+  [implicit_jscontext]
+  readonly attribute jsval data;
+};
+
+[scriptable, builtinclass, uuid(68341551-3605-4381-b936-41e830aa88fb)]
+interface nsIPaymentShippingOption : nsISupports
+{
+  readonly attribute AString id;
+  readonly attribute AString label;
+  readonly attribute nsIPaymentCurrencyAmount amount;
+  attribute boolean selected;
+};
+
+[scriptable, builtinclass, uuid(73a5a3f1-45b9-4605-a6e6-7aa60daa9039)]
+interface nsIPaymentDetails : nsISupports
+{
+  readonly attribute AString id;
+  readonly attribute nsIPaymentItem totalItem;
+  readonly attribute nsIArray displayItems;
+  readonly attribute nsIArray shippingOptions;
+  readonly attribute nsIArray modifiers;
+  readonly attribute AString error;
+  [implicit_jscontext]
+  readonly attribute jsval shippingAddressErrors;
+  [implicit_jscontext]
+  readonly attribute jsval payerErrors;
+  [implicit_jscontext]
+  readonly attribute jsval paymentMethodErrors;
+};
+
+[scriptable, builtinclass, uuid(d53f9f20-138e-47cc-9fd5-db16a3f6d301)]
+interface nsIPaymentOptions : nsISupports
+{
+  readonly attribute boolean requestPayerName;
+  readonly attribute boolean requestPayerEmail;
+  readonly attribute boolean requestPayerPhone;
+  readonly attribute boolean requestShipping;
+  readonly attribute boolean requestBillingAddress;
+  readonly attribute AString shippingType;
+};
+
+[scriptable, builtinclass, uuid(2fa36783-d684-4487-b7a8-9def6ae3128f)]
+interface nsIPaymentRequest : nsISupports
+{
+  readonly attribute uint64_t topOuterWindowId;
+  readonly attribute nsIPrincipal topLevelPrincipal;
+  readonly attribute AString requestId;
+  readonly attribute AString completeStatus;
+  readonly attribute nsIArray paymentMethods;
+  readonly attribute nsIPaymentDetails paymentDetails;
+  readonly attribute nsIPaymentOptions paymentOptions;
+  readonly attribute AString shippingOption;
+};
diff --git a/dom/interfaces/payments/nsIPaymentRequestService.idl b/dom/interfaces/payments/nsIPaymentRequestService.idl
new file mode 100644
index 0000000000..34c296df94
--- /dev/null
+++ b/dom/interfaces/payments/nsIPaymentRequestService.idl
@@ -0,0 +1,102 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIVariant.idl"
+#include "nsIPaymentRequest.idl"
+#include "nsIPaymentActionResponse.idl"
+#include "nsIPaymentAddress.idl"
+#include "nsISimpleEnumerator.idl"
+#include "nsIPaymentUIService.idl"
+
+/**
+ *  nsPaymentRequestService is used to manage the created PaymentRequest in the
+ *  chrome process. It is also the IPC agent for payment UI to communicate with
+ *  merchant side.
+ */
+[scriptable, builtinclass, uuid(cccd665f-edf3-41fc-ab9b-fc55b37340aa)]
+interface nsIPaymentRequestService : nsISupports
+{
+  /**
+   *  Get the nsIPaymentRequest through the given payment request identifier.
+   *  @param aRequestId - the payment request identifier.
+   *                      This is an internal id generated by Gecko.
+   *  @return           - the requested payment request. null if there is no
+   *                      coressponding nsIPaymentRequest for aRequestId.
+   */
+  nsIPaymentRequest getPaymentRequestById(in AString aRequestId);
+
+  /**
+   *  Get the enumerator for all managed nsIPaymentRequests.
+   *  @return - an enumerator for all managed nsIPaymentRequests.
+   */
+  nsISimpleEnumerator enumerate();
+
+  /**
+   *  Send the user's response to the merchant.
+   *  @param aResponse - the user's response.
+   */
+  void respondPayment(in nsIPaymentActionResponse aResponse);
+
+  /**
+   *  Inform the merchant the shipping address has changed.
+   *  @param requestId - the request identifier of the payment request.
+   *  @param aAddress - the new payment address.
+   */
+  void changeShippingAddress(in AString requestId, in nsIPaymentAddress aAddress);
+
+  /**
+   *  Inform the merchant the shipping option has changed.
+   *  @param requestId - the request identifier of the payment request.
+   *  @param option - the shipping option ID string.
+   */
+  void changeShippingOption(in AString requestId, in AString option);
+
+  /**
+   *  Inform the merchant the payer's details changed in the PaymentResponse.
+   *  @param requestId - the request identifier of the payment request.
+   *  @param aPayerName - the changed payer's name.
+   *  @param aPayerEmail - the changed payer's email.
+   *  @param aPayerPhone - the changed payer's phone.
+   */
+  void changePayerDetail(in AString requestId,
+                         in AString aPayerName,
+                         in AString aPayerEmail,
+                         in AString aPayerPhone);
+
+  /**
+   *  Inform the merchant the payment method has changed.
+   *  @param requestId - the request identifier of the payment request.
+   *  @param aMethodName - the changed payment method's name.
+   *  @param aMethodDetails - the changed payment method's details.
+   */
+  void changePaymentMethod(in AString requestId,
+                           in AString aMethodName,
+                           in nsIMethodChangeDetails aMethodDetails);
+
+
+  /**
+   *  Following APIs are for testing or platform code only. UI implementation
+   *  should not use them.
+   */
+  /**
+   *  Clean up the all managed payment requests.
+   *  This API is for testing only.
+   */
+  void cleanup();
+
+  /**
+   *  Setup the customized nsIPaymentUIService.
+   *  This API is for testing only.
+   */
+  void setTestingUIService(in nsIPaymentUIService aUIService);
+};
+
+%{C++
+#define NS_PAYMENT_REQUEST_SERVICE_CID \
+  { 0xcccd665f, 0xedf3, 0x41fc, { 0xab, 0x9b, 0xfc, 0x55, 0xb3, 0x73, 0x40, 0xaa } }
+#define NS_PAYMENT_REQUEST_SERVICE_CONTRACT_ID \
+  "@mozilla.org/dom/payments/payment-request-service;1"
+%}
diff --git a/dom/interfaces/payments/nsIPaymentUIService.idl b/dom/interfaces/payments/nsIPaymentUIService.idl
new file mode 100644
index 0000000000..21b181d6a1
--- /dev/null
+++ b/dom/interfaces/payments/nsIPaymentUIService.idl
@@ -0,0 +1,85 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIPaymentActionResponse.idl"
+
+/**
+ * nsIPaymentUIService is the interface used by Gecko to communicate with the
+ * payment UI.
+ * In general, the implementation of this interface should be a service that
+ * manages all payment UI components and receives the requested payment actions
+ * from Gecko and perform the corresponding UI behavior.
+ */
+[scriptable, uuid(01f8bd55-9017-438b-85ec-7c15d2b35cdc)]
+interface nsIPaymentUIService : nsISupports
+{
+  /**
+   *  Show the payment UI to users.
+   *  The implementation gets the payment data through nsIPaymentRequestService
+   *  by the passed in requestId, then shows the payment UI and start to interact
+   *  with users.
+   *  According to user's action, nsIPaymentRequestService's APIs respondPayment,
+   *  changeShippingAddress, or changeShippingOtpion is possible to called in the
+   *  implementation.
+   *  @param requestId - the request identify of the payment request.
+   *                     Notice that this requestId is an internal request Id
+   *                     generated by Gecko
+   */
+  void showPayment(in AString requestId);
+
+  /**
+   *  Abort the payment.
+   *  The implementation must abort and close the showing payment UI then call
+   *  nsIPaymentRequestService respondPayment with nsIPaymentAbortActionResponse
+   *  to inform Gecko of the abort status.
+   *  @param requestId - the request identify of the payment request.
+   *                     Notice that this requestId is an internal request Id
+   *                     generated by Gecko
+   */
+  void abortPayment(in AString requestId);
+
+  /**
+   *  Complete the payment.
+   *  The implementation should close the showing payment UI, then call
+   *  nsIPaymentRequestService respondPayment with nsIPaymentCompleteActionResponse
+   *  to inform Gecko of the complete status.
+   *  @param requestId - the request identify of the payment request.
+   *                     Notice that this requestId is an internal request Id
+   *                     generated by Gecko
+   */
+  void completePayment(in AString requestId);
+
+  /**
+   *  Update the payment data in the payment UI.
+   *  The implementation should get the updated payment data through the
+   *  nsIPaymentRequestService again, and update the UI.
+   *  @param requestId - the request identify of the payment request.
+   *                     Notice that this requestId is an internal request Id
+   *                     generated by Gecko
+   */
+  void updatePayment(in AString requestId);
+
+  /**
+   *  Close the payment UI for the specified PaymentRequest.
+   *  The implementation should clean up the PaymentRequest data saved in the UI
+   *  component and close the UI if the specified PaymentRequest is showing to
+   *  the user.
+   *  Notice when the method is called, that means the PaymentRequest is invalid
+   *  in nsIPaymentRequestService.
+   *  @param requestId - the request identify of the payment request.
+   *                     Notice that this requestId is an internal request Id
+   *                     generated by Gecko
+   */
+  void closePayment(in AString requestId);
+
+};
+
+%{C++
+#define NS_PAYMENT_UI_SERVICE_CID \
+  { 0x01f8bd55, 0x9017, 0x438b, { 0x85, 0xec, 0x7c, 0x15, 0xd2, 0xb3, 0x5c, 0xdc } }
+#define NS_PAYMENT_UI_SERVICE_CONTRACT_ID \
+  "@mozilla.org/dom/payments/payment-ui-service;1"
+%}
diff --git a/dom/interfaces/push/moz.build b/dom/interfaces/push/moz.build
new file mode 100644
index 0000000000..b544cdf195
--- /dev/null
+++ b/dom/interfaces/push/moz.build
@@ -0,0 +1,16 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Push Notifications")
+
+XPIDL_SOURCES += [
+    "nsIPushErrorReporter.idl",
+    "nsIPushNotifier.idl",
+    "nsIPushService.idl",
+]
+
+XPIDL_MODULE = "dom_push"
diff --git a/dom/interfaces/push/nsIPushErrorReporter.idl b/dom/interfaces/push/nsIPushErrorReporter.idl
new file mode 100644
index 0000000000..da190794a2
--- /dev/null
+++ b/dom/interfaces/push/nsIPushErrorReporter.idl
@@ -0,0 +1,45 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(b58249f9-1a04-48cc-bc20-2c992d64c73e)]
+interface nsIPushErrorReporter : nsISupports
+{
+  /**
+   * Ack types, reported when the Push service acknowledges an incoming message.
+   *
+   * Acks are sent before the message is dispatched to the service worker,
+   * since the server delays new messages until all outstanding ones have been
+   * acked. |reportDeliveryError| will be called if an error occurs in the
+   * worker's `push` event handler after acking the message.
+  */
+  const uint16_t ACK_DELIVERED = 0;
+  const uint16_t ACK_DECRYPTION_ERROR = 1;
+  const uint16_t ACK_NOT_DELIVERED = 2;
+
+  /**
+   * Unsubscribe reasons, reported when the service drops a subscription.
+   */
+  const uint16_t UNSUBSCRIBE_MANUAL = 3;
+  const uint16_t UNSUBSCRIBE_QUOTA_EXCEEDED = 4;
+  const uint16_t UNSUBSCRIBE_PERMISSION_REVOKED = 5;
+
+  /**
+   * Delivery error reasons, reported when a service worker fails to handle
+   * an incoming push message in its `push` event handler.
+   */
+  const uint16_t DELIVERY_UNCAUGHT_EXCEPTION = 6;
+  const uint16_t DELIVERY_UNHANDLED_REJECTION = 7;
+  const uint16_t DELIVERY_INTERNAL_ERROR = 8;
+
+  /**
+   * Reports a `push` event handler error to the Push service. |messageId| is
+   * an opaque string passed to `nsIPushNotifier.notifyPush{WithData}`.
+   * |reason| is a delivery error reason.
+   */
+  void reportDeliveryError(in AString messageId,
+                           [optional] in uint16_t reason);
+};
diff --git a/dom/interfaces/push/nsIPushNotifier.idl b/dom/interfaces/push/nsIPushNotifier.idl
new file mode 100644
index 0000000000..1c3a582803
--- /dev/null
+++ b/dom/interfaces/push/nsIPushNotifier.idl
@@ -0,0 +1,92 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#define PUSHNOTIFIER_CONTRACTID \
+  "@mozilla.org/push/Notifier;1"
+
+// These constants are duplicated in `PushComponents.js`.
+#define OBSERVER_TOPIC_PUSH "push-message"
+#define OBSERVER_TOPIC_SUBSCRIPTION_CHANGE "push-subscription-change"
+#define OBSERVER_TOPIC_SUBSCRIPTION_MODIFIED "push-subscription-modified"
+%}
+
+interface nsIPrincipal;
+
+/**
+ * Fires XPCOM observer notifications and service worker events for
+ * messages sent to push subscriptions.
+ */
+[scriptable, builtinclass, uuid(b00dfdeb-14e5-425b-adc7-b531442e3216)]
+interface nsIPushNotifier : nsISupports
+{
+  /**
+   * Fires a `push-message` observer notification, and sends a `push` event to
+   * the service worker registered for the |scope|. |messageId| is an opaque ID
+   * used to report errors if the worker fails to handle the message.
+   */
+  void notifyPush(in ACString scope, in nsIPrincipal principal,
+                  in AString messageId);
+
+  /**
+   * Same as `notifyPush`, except the subject of the observer notification
+   * receives an `nsIPushMessage` instance containing the |data|. Service
+   * workers can access the |data| via the `PushMessageData` WebIDL interface.
+   */
+  void notifyPushWithData(in ACString scope, in nsIPrincipal principal,
+                          in AString messageId,
+                          in Array<uint8_t> data);
+
+  /**
+   * Fires a `push-subscription-change` observer notification, and sends a
+   * `pushsubscriptionchange` event to the service worker registered for the
+   * |scope|.
+   */
+  void notifySubscriptionChange(in ACString scope, in nsIPrincipal principal);
+
+  /**
+   * Fires a `push-subscription-modified` observer notification. Chrome code
+   * can listen for this notification to see when a subscription is added,
+   * updated, removed, or expired for any |scope|.
+   *
+   * This is useful for Dev Tools and debugging add-ons that passively observe
+   * when subscriptions are created or dropped. Other callers should listen for
+   * `push-subscription-change` and resubscribe instead.
+   */
+  void notifySubscriptionModified(in ACString scope, in nsIPrincipal principal);
+
+  void notifyError(in ACString scope, in nsIPrincipal principal,
+                   in AString message, in uint32_t flags);
+};
+
+/**
+ * Provides methods for retrieving push message data in different formats.
+ * This interface resembles the `PushMessageData` WebIDL interface.
+ */
+[scriptable, builtinclass, uuid(dfc4f151-cead-40df-8eb7-7a7a67c54b16)]
+interface nsIPushData : nsISupports
+{
+  /** Extracts the data as a UTF-8 text string. */
+  AString text();
+
+  /** Extracts the data as a JSON value. */
+  [implicit_jscontext] jsval json();
+
+  /** Extracts the raw binary data. */
+  Array<uint8_t> binary();
+};
+
+/**
+ * The subject of a `push-message` observer notification. |data| may be |null|
+ * for messages without data.
+ */
+[scriptable, builtinclass, uuid(b9d063ca-0e3f-4fee-be4b-ea9103263433)]
+interface nsIPushMessage : nsISupports
+{
+  readonly attribute nsIPrincipal principal;
+  readonly attribute nsIPushData data;
+};
diff --git a/dom/interfaces/push/nsIPushService.idl b/dom/interfaces/push/nsIPushService.idl
new file mode 100644
index 0000000000..b41d7a5502
--- /dev/null
+++ b/dom/interfaces/push/nsIPushService.idl
@@ -0,0 +1,147 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPrincipal;
+
+/**
+ * A push subscription, passed as an argument to a subscription callback.
+ * Similar to the `PushSubscription` WebIDL interface.
+ */
+[scriptable, uuid(1de32d5c-ea88-4c9e-9626-b032bd87f415)]
+interface nsIPushSubscription : nsISupports
+{
+  readonly attribute AString endpoint;
+  readonly attribute long long pushCount;
+  readonly attribute long long lastPush;
+  readonly attribute long quota;
+  readonly attribute bool isSystemSubscription;
+  readonly attribute jsval p256dhPrivateKey;
+
+  bool quotaApplies();
+  bool isExpired();
+
+  Array<uint8_t> getKey(in AString name);
+};
+
+/**
+ * Called by methods that return a push subscription. A non-success
+ * |status| indicates that there was a problem returning the
+ * subscription, and the |subscription| argument should be ignored. Otherwise,
+ * |subscription| will point to a valid push subscription, or |null| if the
+ * subscription does not exist.
+ */
+ [scriptable, uuid(1799c074-9d52-46b0-ab3c-c09790732f6f), function]
+ interface nsIPushSubscriptionCallback : nsISupports
+ {
+   void onPushSubscription(in nsresult status,
+                           in nsIPushSubscription subscription);
+ };
+
+/**
+ * Called by |unsubscribe|. A non-success |status| indicates that there was
+ * a problem unsubscribing, and the |success| argument should be ignored.
+ * Otherwise, |success| is true if unsubscribing was successful, and false if
+ * the subscription does not exist.
+ */
+[scriptable, uuid(d574118f-61a9-4270-b1f6-4461aa85c4f5), function]
+interface nsIUnsubscribeResultCallback : nsISupports
+{
+  void onUnsubscribe(in nsresult status, in bool success);
+};
+
+/**
+ * Called by |clearForDomain|. A non-success |status| indicates that there was
+ * a problem clearing subscriptions for the given domain.
+ */
+[scriptable, uuid(bd47b38e-8bfa-4f92-834e-832a4431e05e), function]
+interface nsIPushClearResultCallback : nsISupports
+{
+  void onClear(in nsresult status);
+};
+
+/**
+ * A service for components to subscribe and receive push messages from web
+ * services. This functionality is exposed to content via the Push DOM API,
+ * which uses service workers. This interface exists to support the DOM API,
+ * and allows privileged code to receive messages without migrating to service
+ * workers.
+ */
+[scriptable, uuid(678ef584-bf25-47aa-ac84-03efc0865b68)]
+interface nsIPushService : nsISupports
+{
+  /** Observer topic names, exported for convenience. */
+  readonly attribute AString pushTopic;
+  readonly attribute AString subscriptionChangeTopic;
+  readonly attribute AString subscriptionModifiedTopic;
+
+  /**
+   * Creates a push subscription for the given |scope| URL and |principal|.
+   * If a subscription already exists for this |(scope, principal)| pair,
+   * the callback will receive the existing record as the second argument.
+   *
+   * The |endpoint| property of the subscription record is a URL string
+   * that can be used to send push messages to subscribers.
+   *
+   * Each incoming message fires a `push-message` observer notification, with
+   * an `nsIPushMessage` as the subject and the |scope| as the data.
+   *
+   * If the server drops a subscription, a `push-subscription-change` observer
+   * will be fired, with the subject set to |principal| and the data set to
+   * |scope|. Servers may drop subscriptions at any time, so callers should
+   * recreate subscriptions if desired.
+   */
+  void subscribe(in AString scope, in nsIPrincipal principal,
+                 in nsIPushSubscriptionCallback callback);
+
+  /**
+   * Creates a restricted push subscription with the given public |key|. The
+   * application server must use the corresponding private key to authenticate
+   * message delivery requests, as described in draft-thomson-webpush-vapid.
+   */
+  void subscribeWithKey(in AString scope, in nsIPrincipal principal,
+                        in Array<uint8_t> key,
+                        in nsIPushSubscriptionCallback callback);
+
+  /**
+   * Removes a push subscription for the given |scope|.
+   */
+  void unsubscribe(in AString scope, in nsIPrincipal principal,
+                   in nsIUnsubscribeResultCallback callback);
+
+  /**
+   * Retrieves the subscription record associated with the given
+   * |(scope, principal)| pair. If the subscription does not exist, the
+   * callback will receive |null| as the second argument.
+   */
+  void getSubscription(in AString scope, in nsIPrincipal principal,
+                       in nsIPushSubscriptionCallback callback);
+
+  /**
+   * Drops every subscription for the given |domain|, or all domains if
+   * |domain| is "*".
+   */
+  void clearForDomain(in AString domain,
+                      in nsIPushClearResultCallback callback);
+};
+
+[scriptable, uuid(a2555e70-46f8-4b52-bf02-d978b979d143)]
+interface nsIPushQuotaManager : nsISupports
+{
+  /**
+   * Informs the quota manager that a notification
+   * for the given origin has been shown. Used to
+   * determine if push quota should be relaxed.
+   */
+  void notificationForOriginShown(in string origin);
+
+  /**
+   * Informs the quota manager that a notification
+   * for the given origin has been closed. Used to
+   * determine if push quota should be relaxed.
+   */
+  void notificationForOriginClosed(in string origin);
+};
diff --git a/dom/interfaces/security/moz.build b/dom/interfaces/security/moz.build
new file mode 100644
index 0000000000..e58715b360
--- /dev/null
+++ b/dom/interfaces/security/moz.build
@@ -0,0 +1,16 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Security")
+
+XPIDL_SOURCES += [
+    "nsIContentSecurityManager.idl",
+    "nsIContentSecurityPolicy.idl",
+    "nsIReferrerInfo.idl",
+]
+
+XPIDL_MODULE = "dom_security"
diff --git a/dom/interfaces/security/nsIContentSecurityManager.idl b/dom/interfaces/security/nsIContentSecurityManager.idl
new file mode 100644
index 0000000000..5cd2feffad
--- /dev/null
+++ b/dom/interfaces/security/nsIContentSecurityManager.idl
@@ -0,0 +1,45 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIChannel;
+interface nsIPrincipal;
+interface nsIStreamListener;
+interface nsIURI;
+
+/**
+ * nsIContentSecurityManager
+ * Describes an XPCOM component used to perform security checks.
+ */
+
+[scriptable, uuid(3a9a1818-2ae8-4ec5-a340-8b29d31fca3b)]
+interface nsIContentSecurityManager : nsISupports
+{
+  /**
+   * Checks whether a channel is allowed to access the given URI and
+   * whether the channel should be openend or should be blocked consulting
+   * internal security checks like Same Origin Policy, Content Security
+   * Policy, Mixed Content Blocker, etc.
+   *
+   * If security checks within performSecurityCheck fail, the function
+   * throws an exception.
+   *
+   * @param aChannel
+   *     The channel about to be openend
+   * @param aStreamListener
+   *     The Streamlistener of the channel potentially wrapped
+   *     into CORSListenerProxy.
+   * @return
+   *     The StreamListener of the channel wrapped into CORSListenerProxy.
+   *
+   * @throws NS_ERROR_DOM_BAD_URI
+   *     If accessing the URI is not allowed (e.g. prohibted by SOP)
+   * @throws NS_ERROR_CONTENT_BLOCKED
+   *     If any of the security policies (CSP, Mixed content) is violated
+   */
+   nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
+                                          in nsIStreamListener aStreamListener);
+
+};
diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl
new file mode 100644
index 0000000000..bf691ed215
--- /dev/null
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -0,0 +1,373 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISerializable.idl"
+#include "nsIContentPolicy.idl"
+
+interface nsIURI;
+interface nsIEventTarget;
+interface nsILoadInfo;
+interface nsIPrincipal;
+interface nsICSPEventListener;
+
+webidl Element;
+webidl Document;
+
+/**
+ * nsIContentSecurityPolicy
+ * Describes an XPCOM component used to model and enforce CSPs.  Instances of
+ * this class may have multiple policies within them, but there should only be
+ * one of these per document/principal.
+ */
+
+%{C++
+class nsCSPPolicy;
+%}
+
+[ptr] native CSPPolicyPtr(const nsCSPPolicy);
+
+[scriptable, builtinclass, uuid(1d632008-6c97-48ae-a51c-16e2daa0f4f6)]
+interface nsIContentSecurityPolicy : nsISerializable
+{
+  /**
+   * Directives supported by Content Security Policy.  These are enums for
+   * the CSPDirective type.
+   * The NO_DIRECTIVE entry is  used for checking default permissions and
+   * returning failure when asking CSP which directive to check.
+   *
+   * NOTE: When implementing a new directive, you will need to add it here but also
+   * add it to the CSPStrDirectives array in nsCSPUtils.h.
+   */
+  cenum CSPDirective : 8 {
+    NO_DIRECTIVE                   = 0,
+    DEFAULT_SRC_DIRECTIVE          = 1,
+    SCRIPT_SRC_DIRECTIVE           = 2,
+    OBJECT_SRC_DIRECTIVE           = 3,
+    STYLE_SRC_DIRECTIVE            = 4,
+    IMG_SRC_DIRECTIVE              = 5,
+    MEDIA_SRC_DIRECTIVE            = 6,
+    FRAME_SRC_DIRECTIVE            = 7,
+    FONT_SRC_DIRECTIVE             = 8,
+    CONNECT_SRC_DIRECTIVE          = 9,
+    REPORT_URI_DIRECTIVE           = 10,
+    FRAME_ANCESTORS_DIRECTIVE      = 11,
+    REFLECTED_XSS_DIRECTIVE        = 12,
+    BASE_URI_DIRECTIVE             = 13,
+    FORM_ACTION_DIRECTIVE          = 14,
+    WEB_MANIFEST_SRC_DIRECTIVE     = 15,
+    UPGRADE_IF_INSECURE_DIRECTIVE  = 16,
+    CHILD_SRC_DIRECTIVE            = 17,
+    BLOCK_ALL_MIXED_CONTENT        = 18,
+    SANDBOX_DIRECTIVE              = 19,
+    WORKER_SRC_DIRECTIVE           = 20,
+    NAVIGATE_TO_DIRECTIVE          = 21,
+    SCRIPT_SRC_ELEM_DIRECTIVE      = 22,
+    SCRIPT_SRC_ATTR_DIRECTIVE      = 23,
+    STYLE_SRC_ELEM_DIRECTIVE       = 24,
+    STYLE_SRC_ATTR_DIRECTIVE       = 25,
+  };
+
+  /**
+   * Accessor method for a read-only string version of the policy at a given
+   * index.
+   */
+  [binaryname(GetPolicyString)] AString getPolicy(in unsigned long index);
+
+  /**
+   * Accessor method for a read-only pointer the policy object at a given
+   * index. Returns a null pointer if the index is larger than the current
+   * policy count.
+   */
+  [noscript,notxpcom,nostdcall] CSPPolicyPtr GetPolicy(in unsigned long index);
+
+  /**
+   * Returns the number of policies attached to this CSP instance.  Useful with
+   * getPolicy().
+   */
+  readonly attribute unsigned long policyCount;
+
+  /**
+   * Returns whether this policy uses the directive upgrade-insecure-requests.
+   * Please note that upgrade-insecure-reqeusts also applies if the parent or
+   * including document (context) makes use of the directive.
+   */
+  readonly attribute bool upgradeInsecureRequests;
+
+  /**
+   * Returns whether this policy uses the directive block-all-mixed-content.
+   * Please note that block-all-mixed-content takes presedence in case the
+   * directive upgrade-insecure-requests is defined in the same policy and
+   * will therefore block all mixed content without even trying to perform
+   * an upgrade.
+   */
+  readonly attribute bool blockAllMixedContent;
+
+  /**
+   * Returns whether this policy enforces the frame-ancestors directive.
+   */
+  readonly attribute bool enforcesFrameAncestors;
+
+  /**
+   * Parse and install a CSP policy.
+   * @param aPolicy
+   *        String representation of the policy
+   *        (e.g., header value, meta content)
+   * @param reportOnly
+   *        Should this policy affect content, script and style processing or
+   *        just send reports if it is violated?
+   * @param deliveredViaMetaTag
+   *        Indicates whether the policy was delivered via the meta tag.
+   */
+  void appendPolicy(in AString policyString,
+                    in boolean reportOnly,
+                    in boolean deliveredViaMetaTag);
+
+  /*
+   * Whether this policy allows inline script or style.
+   * @param aContentPolicyType Either SCRIPT_SRC_(ELEM|ATTR)_DIRECTIVE or
+   *                           STYLE_SRC_(ELEM|ATTR)_DIRECTIVE.
+   * @param aHasUnsafeHash Only hash this when the 'unsafe-hashes' directive is
+   *                       also specified.
+   * @param aNonce The nonce string to check against the policy
+   * @param aParserCreated If the script element was created by the HTML Parser
+   * @param aTriggeringElement The script element of the inline resource to
+   *        hash. It can be null.
+   * @param aContentOfPseudoScript The content of the psuedo-script to compare
+   *                               to hash (and compare to the hashes listed in
+   *                               the policy)
+   * @param aLineNumber The line number of the inline resource
+   *        (used for reporting)
+   * @param aColumnNumber The column number of the inline resource
+   *        (used for reporting)
+   * @return
+   *     Whether or not the effects of the inline style should be allowed
+   *     (block the rules if false).
+   */
+  boolean getAllowsInline(in nsIContentSecurityPolicy_CSPDirective aDirective,
+                          in bool aHasUnsafeHash,
+                          in AString aNonce,
+                          in boolean aParserCreated,
+                          in Element aTriggeringElement,
+                          in nsICSPEventListener aCSPEventListener,
+                          in AString aContentOfPseudoScript,
+                          in unsigned long aLineNumber,
+                          in unsigned long aColumnNumber);
+
+  /*
+   * Whether this policy allows a navigation subject to the navigate-to
+   * policy.
+   * @param aURI The target URI
+   * @param aIsFormSubmission True if the navigation was initiated by a form submission. This
+   *        is important since the form-action directive overrides navigate-to in that case.
+   * @param aWasRedirect True if a redirect has happened. Important for path-sensitivity.
+   * @param aEnforceAllowlist True if the allowlist of allowed targets must be enforced. If
+   *        this is true, the allowlist must be enforced even if 'unsafe-allow-redirects' is
+   *        used. If 'unsafe-allow-redirects' is not used then the allowlist is always enforced
+   * @return
+   *     Whether or not the effects of the navigation is allowed
+   */
+  boolean getAllowsNavigateTo(in nsIURI aURI,
+                              in boolean aIsFormSubmission,
+                              in boolean aWasRedirected,
+                              in boolean aEnforceAllowlist);
+
+  /**
+   * Whether this policy allows eval and eval-like functions
+   * such as setTimeout("code string", time).
+   * @param shouldReportViolations
+   *     Whether or not the use of eval should be reported.
+   *     This function returns "true" when violating report-only policies, but
+   *     when any policy (report-only or otherwise) is violated,
+   *     shouldReportViolations is true as well.
+   * @return
+   *     Whether or not the effects of the eval call should be allowed
+   *     (block the call if false).
+   */
+  boolean getAllowsEval(out boolean shouldReportViolations);
+
+  /**
+   * Whether this policy allows the evaluation (and compilation) of
+   * WASM code from functions like `WebAssembly.compile`.
+  * @param shouldReportViolations
+   *     Whether or not the use of WASM evaluation should be reported.
+   *     This function returns "true" when violating report-only policies, but
+   *     when any policy (report-only or otherwise) is violated,
+   *     shouldReportViolations is true as well.
+   * @return
+   *     Whether or not the effects of the WASM evaluation should be allowed
+   *     (block the call if false).
+   */
+  boolean getAllowsWasmEval(out boolean shouldReportViolations);
+
+  /**
+   * Delegate method called by the service when the protected document is loaded.
+   * Returns the union of all the sandbox flags contained in CSP policies. This is the most
+   * restrictive interpretation of flags set in multiple policies.
+   * See nsSandboxFlags.h for the possible flags.
+   *
+   * @return
+   *    sandbox flags or SANDBOXED_NONE if no sandbox directive exists
+   */
+  uint32_t getCSPSandboxFlags();
+
+  /**
+   * For each violated policy (of type violationType), log policy violation on
+   * the Error Console and send a report to report-uris present in the violated
+   * policies.
+   *
+   * @param violationType
+   *     one of the VIOLATION_TYPE_* constants, e.g. eval or wasm-eval
+   * @param triggeringElement
+   *     the element that triggers this CSP violation. It can be null.
+   * @param sourceFile
+   *     name of the source file containing the violation (if available)
+   * @param contentSample
+   *     sample of the violating content (to aid debugging)
+   * @param lineNum
+   *     source line number of the violation (if available)
+   * @param columnNum
+   *     source column number of the violation (if available)
+   * @param aNonce
+   *     (optional) If this is a nonce violation, include the nonce so we can
+   *     recheck to determine which policies were violated and send the
+   *     appropriate reports.
+   * @param aContent
+   *     (optional) If this is a hash violation, include contents of the inline
+   *     resource in the question so we can recheck the hash in order to
+   *     determine which policies were violated and send the appropriate
+   *     reports.
+   */
+  void logViolationDetails(in unsigned short violationType,
+                           in Element triggeringElement,
+                           in nsICSPEventListener aCSPEventListener,
+                           in AString sourceFile,
+                           in AString scriptSample,
+                           in int32_t lineNum,
+                           in int32_t columnNum,
+                           [optional] in AString nonce,
+                           [optional] in AString content);
+
+  const unsigned short VIOLATION_TYPE_EVAL                   = 1;
+  const unsigned short VIOLATION_TYPE_WASM_EVAL              = 2;
+
+  /**
+   * Called after the CSP object is created to fill in appropriate request
+   * context. Either use
+   *  * aDocument (preferred), or if no document is available, then provide
+   *  * aPrincipal, aSelfURI, aReferrer, aInnerWindowId explicitly.
+   */
+  [must_use] void setRequestContextWithDocument(in Document aDocument);
+  [must_use] void setRequestContextWithPrincipal(in nsIPrincipal aRequestPrincipal,
+                                                 in nsIURI aSelfURI,
+                                                 in AString aReferrer,
+                                                 in unsigned long long aInnerWindowId);
+
+  /**
+   * Get the various arguments needed to create a new request context for a CSP.
+   */
+  [noscript, notxpcom, nostdcall] readonly attribute nsIPrincipal requestPrincipal;
+  [noscript, notxpcom, nostdcall] readonly attribute nsIURI selfURI;
+  [noscript] readonly attribute AString referrer;
+  [noscript, notxpcom, nostdcall] readonly attribute unsigned long long innerWindowID;
+
+  /**
+   * Warning: Do not set that attribute unless you know exactly what you are doing!
+   *
+   * Primarily used to allow Devtools to edit inline styles!
+   */
+  [noscript, notxpcom, nostdcall] attribute boolean skipAllowInlineStyleCheck;
+
+  /**
+   *  Ensure we have a nsIEventTarget to use to label CSPReportSenderRunnable
+   */
+  [noscript] void ensureEventTarget(in nsIEventTarget aEventTarget);
+
+
+  /**
+   * Verifies ancestry as permitted by the policy.
+   *
+   * NOTE: Calls to this may trigger violation reports when queried, so this
+   * value should not be cached.
+   *
+   * @param aLoadInfo
+   *    The loadinfo of the channel containing the protected resource
+   * @return
+   *    true if the frame's ancestors are all allowed by policy (except for
+   *    report-only policies, which will send reports and then return true
+   *    here when violated).
+   */
+  boolean permitsAncestry(in nsILoadInfo aLoadInfo);
+
+
+  /**
+   * Checks if a specific directive permits loading of a URI.
+   *
+   * @param aTriggeringElement
+   *    The element that triggers this CSP check. It can be null.
+   * @param aURI
+   *    The URI about to be loaded or used.
+   * @param aDir
+   *    The CSPDirective to query (see above constants *_DIRECTIVE).
+   * @param aSpecific
+   *    If "true" and the directive is specified to fall back to "default-src"
+   *    when it's not explicitly provided, directivePermits will NOT try
+   *    default-src when the specific directive is not used.  Setting this to
+   *    "false" allows CSP to fall back to default-src.  This function
+   *    behaves the same for both values of canUseDefault when querying
+   *    directives that don't fall-back.
+   * @param aSendViolationReports
+   *    If `true` and the uri is not allowed then trigger violation reports.
+   *    This should be `false` for caching or preloads.
+   * @return
+   *    Whether or not the provided URI is allowed by CSP under the given
+   *    directive. (block the pending operation if false).
+   */
+  boolean permits(in Element aTriggeringElement,
+                  in nsICSPEventListener aCSPEventListener,
+                  in nsIURI aURI,
+                  in nsIContentSecurityPolicy_CSPDirective aDir,
+                  in boolean aSpecific,
+                  in boolean aSendViolationReports);
+
+  /**
+   * Delegate method called by the service when sub-elements of the protected
+   * document are being loaded.  Given a bit of information about the request,
+   * decides whether or not the policy is satisfied.
+   *
+   * Calls to this may trigger violation reports when queried, so
+   * this value should not be cached.
+   *
+   * aOriginalURIIfRedirect must be passed only if this loading is the result
+   * of a redirect. In this case, aOriginalURIIfRedirect must be the original
+   * URL.
+   */
+  short shouldLoad(in nsContentPolicyType aContentType,
+                   in nsICSPEventListener aCSPEventListener,
+                   in nsIURI          aContentLocation,
+                   in nsIURI          aOriginalURIIfRedirect,
+                   in bool            aSendViolationReports,
+                   in AString         aNonce,
+                   in boolean         aParserCreated);
+
+%{ C++
+// nsIObserver topic to fire when the policy encounters a violation.
+#define CSP_VIOLATION_TOPIC "csp-on-violate-policy"
+%}
+
+  /**
+   * Returns the CSP in JSON notation.
+   */
+  AString toJSON();
+
+};
+
+typedef nsIContentSecurityPolicy_CSPDirective CSPDirective;
+
+/* Listener for security policy violation event */
+[function, scriptable, uuid(c3163b14-3a8f-46dd-a4af-bd04680364cd)]
+interface nsICSPEventListener : nsISupports
+{
+  // aJSON is the JSON format of SecurityPolicyViolationEventInit dictionary.
+  void onCSPViolationEvent(in AString aJSON);
+};
diff --git a/dom/interfaces/security/nsIReferrerInfo.idl b/dom/interfaces/security/nsIReferrerInfo.idl
new file mode 100644
index 0000000000..07e2f603bc
--- /dev/null
+++ b/dom/interfaces/security/nsIReferrerInfo.idl
@@ -0,0 +1,150 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsISerializable.idl"
+
+%{C++
+namespace mozilla::dom {
+enum class ReferrerPolicy : uint8_t;
+}
+%}
+
+interface nsIURI;
+webidl Document;
+webidl Element;
+
+native ReferrerPolicy(mozilla::dom::ReferrerPolicy);
+native URIRef(already_AddRefed<nsIURI>);
+
+[scriptable, builtinclass, uuid(081cdc36-f2e2-4f94-87bf-78578f06f1eb)]
+interface nsIReferrerInfo : nsISerializable
+{
+  /**
+   * Unfortunately we can not query the ReferrerPolicy values defined within
+   * ReferrerPolicy.webidl directly from xpidl. Hence we define the enum value
+   * ReferrerPolicyIDL to set up the ReferrerInfo object from JS. If you need
+   * ReferrerPolicy in native code, please directly query it from
+   * ReferrerPolicy.webidl.
+   *
+   * Note that the deserialization code assumes that the ReferrerPolicyIDL only
+   * uses one byte. If we would need to change the format here, we should also
+   * update the deserialization code.
+   */
+  cenum ReferrerPolicyIDL : 8 {
+  /**
+   * The undefined state, or no referrer policy, usually causing a fallback to a
+   * referrer policy definded in higher level policy. For example: request by
+   * clicking <a> element with empty referrer policy will be sent with the
+   * referrer policy of the a element’s node document.
+   * If there is no higher-level policy available, we fall back to the default
+   * value, which usually is "no-referrer-when-downgrade".
+   */
+  EMPTY = 0,
+  /**
+   * Do not send referrer from https->http
+   */
+  NO_REFERRER_WHEN_DOWNGRADE = 1,
+  /**
+   * Do not send referrer at all.
+   */
+  NO_REFERRER = 2,
+  /**
+   * Only send the origin of the referring URL
+   */
+  ORIGIN = 3,
+  /**
+   * Send origin when cross-origin.
+   */
+  ORIGIN_WHEN_CROSS_ORIGIN = 4,
+  /**
+   * Always sends the referrer, even on downgrade.
+   */
+  UNSAFE_URL = 5,
+  /**
+   * Send referrer when same-origin, no referrer when cross-origin
+   */
+  SAME_ORIGIN = 6,
+  /**
+   * Send origin when request from https->https or http->http(s). No referrer
+   * when request from https->http.
+   */
+  STRICT_ORIGIN = 7,
+  /**
+   * Send referrer when same-origin, send origin when cross-origin from
+   * https->https or http->http(s). No referrer when request from https->http.
+   */
+  STRICT_ORIGIN_WHEN_CROSS_ORIGIN = 8,
+  };
+
+  /**
+   * The original referrer URI which indicates the full referrer before applying
+   * referrer policy
+   */
+  [infallible] readonly attribute nsIURI originalReferrer;
+
+  /**
+   * Referrer policy which is applied to the referrer
+   */
+  [implicit_jscontext] readonly attribute nsIReferrerInfo_ReferrerPolicyIDL referrerPolicy;
+
+  /**
+   * C++ friendly version of referrerPolicy getter
+   */
+  [noscript, notxpcom, nostdcall, binaryname(ReferrerPolicy)]
+  ReferrerPolicy binaryReferrerPolicy();
+
+  /**
+   * Get referrer policy as string
+   */
+  ACString getReferrerPolicyString();
+
+  /**
+   * Indicates if the referrer should not be sent or not even when it's available.
+   */
+  [infallible] readonly attribute boolean sendReferrer;
+
+  /**
+  * Indicates if the referrer should not be sent or not even when it's available.
+  */
+  readonly attribute AString computedReferrerSpec;
+
+  /**
+   * Get the computed referrer, if one has been set. The computed referrer is
+   * the original referrer manipulated by the referrer-policy. Use the result of
+   * this function as the actual referrer value for the channel.
+   */
+  [must_use, noscript, nostdcall, notxpcom]
+  URIRef GetComputedReferrer();
+
+  /**
+   * Returns whether the other referrerInfo is equivalent to this referrerInfo.
+   */
+  boolean equals(in nsIReferrerInfo other);
+
+  /**
+   * Initialize method to create ReferrerInfo object from JS
+   * @param aReferrerPolicy referrer policy of the created object
+   * @param aSendReferrer sendReferrer of the created object, defaults to false
+   * @param aOriginalReferrer the original referrer, defaults to null.
+   */
+  void init(in nsIReferrerInfo_ReferrerPolicyIDL aReferrerPolicy,
+           [optional] in boolean aSendReferrer,
+           [optional] in nsIURI aOriginalReferrer);
+
+  /**
+   * Initialize with a given document.
+   * @param aDocument the document to init referrerInfo object
+   */
+  void initWithDocument([const] in Document aDocument);
+
+  /**
+   * Initialize with a given node. It you are working with node which supports
+   * referrerpolicy attribute: <a>, <img>, <area>, <script>, <iframe>, please
+   * try to use this init instead of initWithDocument, because referrer policy
+   * from rel and attribute has a higher priority.
+   * @param aNode the element to init referrerInfo object
+   */
+  void initWithElement([const] in Element aNode);
+};
diff --git a/dom/interfaces/sidebar/moz.build b/dom/interfaces/sidebar/moz.build
new file mode 100644
index 0000000000..4bcfea139f
--- /dev/null
+++ b/dom/interfaces/sidebar/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "DOM: Core & HTML")
+
+XPIDL_SOURCES += [
+    "nsIWebProtocolHandlerRegistrar.idl",
+]
+
+XPIDL_MODULE = "dom_sidebar"
diff --git a/dom/interfaces/sidebar/nsIWebProtocolHandlerRegistrar.idl b/dom/interfaces/sidebar/nsIWebProtocolHandlerRegistrar.idl
new file mode 100644
index 0000000000..d14505f0ee
--- /dev/null
+++ b/dom/interfaces/sidebar/nsIWebProtocolHandlerRegistrar.idl
@@ -0,0 +1,51 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+
+/**
+ * nsIWebProtocolHandlerRegistrar
+ *
+ * Applications wishing to use web protocol handlers need to implement this
+ * interface. Typically they will prompt the user to confirm adding an entry
+ * to the local list.
+ *
+ * The component must have the contract id defined below so that the Navigator
+ * implementation can invoke it.
+ */
+
+[scriptable, uuid(1ce9ef8d-f462-49ca-b8e9-c946c4f37d6e)]
+interface nsIWebProtocolHandlerRegistrar : nsISupports
+{
+  /**
+   * See documentation in Navigator.webidl
+   * The additional contentWindow param for this method represents the dom
+   * content window from which the method has been called, or its browser window.
+   */
+   void registerProtocolHandler(in AString protocol,
+                                in nsIURI uri,
+                                in AString title,
+                                in nsIURI documentURI,
+                                in nsISupports windowOrBrowser);
+  /**
+   * Removes a registered protocol handler
+   *
+   * While registerProtocolHandler is exposed on Navigator, unregistering
+   * is exposed through the UI code.
+   * @param   protocol
+   *          The protocol scheme to remove a service handler for
+   * @param   uri
+   *          The uri of the service handler to remove
+   */
+  void removeProtocolHandler(in AString protocol, in AString uri);
+};
+
+%{ C++
+
+#define NS_WEBPROTOCOLHANDLERREGISTRAR_CONTRACTID "@mozilla.org/embeddor.implemented/web-protocol-handler-registrar;1"
+%}
diff --git a/dom/interfaces/storage/moz.build b/dom/interfaces/storage/moz.build
new file mode 100644
index 0000000000..be637fadff
--- /dev/null
+++ b/dom/interfaces/storage/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "Storage: localStorage & sessionStorage")
+
+XPIDL_SOURCES += [
+    "nsIDOMStorageManager.idl",
+    "nsIStorageActivityService.idl",
+]
+
+XPIDL_MODULE = "dom_storage"
diff --git a/dom/interfaces/storage/nsIDOMStorageManager.idl b/dom/interfaces/storage/nsIDOMStorageManager.idl
new file mode 100644
index 0000000000..1be7525e4a
--- /dev/null
+++ b/dom/interfaces/storage/nsIDOMStorageManager.idl
@@ -0,0 +1,132 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPrincipal;
+interface mozIDOMWindow;
+
+webidl Storage;
+
+%{C++
+namespace mozilla {
+namespace dom {
+class SessionStorageCache;
+}  // namespace dom
+}  // namespace mozilla
+%}
+
+native SessionStorageCacheAddRefed(RefPtr<mozilla::dom::SessionStorageCache>);
+
+/**
+ * General purpose interface that has two implementations, for localStorage
+ * with "@mozilla.org/dom/localStorage-manager;1".
+ */
+[scriptable, uuid(a20c742e-3ed1-44fb-b897-4080a75b1662)]
+interface nsIDOMStorageManager : nsISupports
+{
+  /**
+   * This starts async preloading of a storage cache for scope
+   * defined by the principal and storage principal.
+   *
+   * Because of how multi-e10s support was implemented in bug 1285898, the
+   * StorageCache instance can no longer use a timer to keep itself alive.  So a
+   * Storage instance is returned if precaching believes the storage principal may
+   * have localStorage data.  (Previously the StorageCache would be brought into
+   * existence and kept alive by the timer so that it could be returned if a
+   * call to createStorage was made due to a request by the page.)
+   */
+  Storage precacheStorage(in nsIPrincipal aPrincipal,
+                          in nsIPrincipal aStoragePrincipal);
+
+  /**
+   * Returns instance of DOM storage object for given principal.
+   * A new object is always returned and it is ensured there is
+   * a storage for the scope created.
+   *
+   * @param aWindow
+   *    The parent window.
+   * @param aPrincipal
+   *    Principal to bound storage to.
+   * @param aStoragePrincipal
+   *    StoragePrincipal to bound storage to.
+   * @param aDocumentURI
+   *    URL of the demanding document, used for DOM storage event only.
+   * @param aPrivate
+   *    Whether the demanding document is running in Private Browsing mode or not.
+   */
+  Storage createStorage(in mozIDOMWindow aWindow,
+                        in nsIPrincipal aPrincipal,
+                        in nsIPrincipal aStoragePrincipal,
+                        in AString aDocumentURI,
+                        [optional] in bool aPrivate);
+  /**
+   * DEPRECATED.  The only good reason to use this was if you were writing a
+   * test and wanted to hackily determine if a preload happened.  That's now
+   * covered by `nsILocalStorageManager.isPreloaded` and you should use that if
+   * that's what you want.  If LSNG is in use, this will throw.
+   *
+   * Returns instance of DOM storage object for given principal.
+   * If there is no storage managed for the scope, then null is returned and
+   * no object is created.  Otherwise, an object (new) for the existing storage
+   * scope is returned.
+   *
+   * @param aWindow
+   *    The parent window.
+   * @param aPrincipal
+   *    Principal to bound storage to.
+   * @param aStoragePrincipal
+   *    StoragePrincipal to bound storage to.
+   * @param aPrivate
+   *    Whether the demanding document is running in Private Browsing mode or not.
+   */
+  Storage getStorage(in mozIDOMWindow aWindow,
+                     in nsIPrincipal aPrincipal,
+                     in nsIPrincipal aStoragePrincipal,
+                     [optional] in bool aPrivate);
+
+  /**
+   * Clones given storage into this storage manager.
+   *
+   * @param aStorageToCloneFrom
+   *    The storage to copy all items from into this manager.  Manager will then
+   *    return a new and independent object that contains snapshot of data from
+   *    the moment this method was called.  Modification to this new object will
+   *    not affect the original storage content we cloned from and vice versa.
+   */
+  void cloneStorage(in Storage aStorageToCloneFrom);
+
+  /**
+   * Returns true if the storage belongs to the given principal and is managed
+   * (i.e. has been created and is cached) by this storage manager.
+   *
+   * @param aPrincipal
+   *    Principal to check the storage against.
+   * @param aStorage
+   *    The storage object to examine.
+   *
+   * @result
+   *    true when the storage object is bound with the principal and is managed
+   *         by this storage manager.
+   *    false otherwise
+   */
+  bool checkStorage(in nsIPrincipal aPrincipal,
+                    in Storage aStorage);
+};
+
+[uuid(b3bfbbd0-e738-4cbf-b0f0-b65f25265e82)]
+interface nsIDOMSessionStorageManager : nsIDOMStorageManager {
+  /**
+   * Returns a SessionStorageCache object for the principal scope.
+   *
+   * @param aPrincipal
+   *    Principal to bound storage to.
+   * @param aStoragePrincipal
+   *    StoragePrincipal to bound storage to.
+   */
+   [noscript]
+   SessionStorageCacheAddRefed getSessionStorageCache(in nsIPrincipal aPrincipal,
+                                                      in nsIPrincipal aStoragePrincipal);
+};
diff --git a/dom/interfaces/storage/nsIStorageActivityService.idl b/dom/interfaces/storage/nsIStorageActivityService.idl
new file mode 100644
index 0000000000..f33fcfc222
--- /dev/null
+++ b/dom/interfaces/storage/nsIStorageActivityService.idl
@@ -0,0 +1,42 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+
+interface nsIArray;
+interface nsIPrincipal;
+
+/**
+ * nsIStorageActivityService is a service that can be used to know which
+ * origins have been active in a time range. This information can be used to
+ * implement "Clear Recent History" or similar features.
+ *
+ * If you are implementing a new Storage component, you should use
+ * QuotaManager. But if you don't do it, remember to call
+ * StorageActivityService methods in order to inform this service about
+ * 'writing' operations executed by origins.
+ */
+[scriptable, builtinclass, uuid(fd1310ba-d1be-4327-988e-92b39fcff6f4)]
+interface nsIStorageActivityService : nsISupports
+{
+  // This returns an array of nsIPrincipals, active between |from| and |to|
+  // timestamps. Note activities older than 1 day are forgotten.
+  // Activity details are not persisted, so this only covers activity since
+  // Firefox was started.  All content principals are logged, which includes
+  // non-system principals like "moz-extension://ID", "moz-safe-about:home",
+  // "about:newtab", so principals may need to be filtered before being used.
+  nsIArray getActiveOrigins(in PRTime from, in PRTime to);
+
+  // NOTE: This method is meant to be used for testing only.
+  // The activity of |origin| is moved to the specified timestamp |when|.
+  void moveOriginInTime(in nsIPrincipal origin, in PRTime when);
+
+  // TEST-ONLY method to support clearing all previously known activity.
+  void testOnlyReset();
+};
+
+%{ C++
+#define STORAGE_ACTIVITY_SERVICE_CONTRACTID "@mozilla.org/storage/activity-service;1"
+%}
diff --git a/dom/interfaces/xul/moz.build b/dom/interfaces/xul/moz.build
new file mode 100644
index 0000000000..5c7b5d3a9d
--- /dev/null
+++ b/dom/interfaces/xul/moz.build
@@ -0,0 +1,23 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+with Files("**"):
+    BUG_COMPONENT = ("Core", "XUL")
+
+XPIDL_SOURCES += [
+    "nsIDOMXULButtonElement.idl",
+    "nsIDOMXULCommandDispatcher.idl",
+    "nsIDOMXULContainerElement.idl",
+    "nsIDOMXULControlElement.idl",
+    "nsIDOMXULMenuListElement.idl",
+    "nsIDOMXULMultSelectCntrlEl.idl",
+    "nsIDOMXULRadioGroupElement.idl",
+    "nsIDOMXULRelatedElement.idl",
+    "nsIDOMXULSelectCntrlEl.idl",
+    "nsIDOMXULSelectCntrlItemEl.idl",
+]
+
+XPIDL_MODULE = "dom_xul"
diff --git a/dom/interfaces/xul/nsIDOMXULButtonElement.idl b/dom/interfaces/xul/nsIDOMXULButtonElement.idl
new file mode 100644
index 0000000000..88fefa94ce
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULButtonElement.idl
@@ -0,0 +1,20 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIDOMXULControlElement.idl"
+
+[scriptable, uuid(6ed53cfb-9e59-424c-af8d-e74582381951)]
+interface nsIDOMXULButtonElement : nsIDOMXULControlElement {
+  attribute AString type;
+
+  // For buttons of type="menu" only.
+  attribute boolean open;
+
+  // For buttons of type="checkbox" only.
+  attribute boolean checked;
+
+  // For buttons of type="radio" only.
+  attribute AString group;
+};
diff --git a/dom/interfaces/xul/nsIDOMXULCommandDispatcher.idl b/dom/interfaces/xul/nsIDOMXULCommandDispatcher.idl
new file mode 100644
index 0000000000..21ac541505
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULCommandDispatcher.idl
@@ -0,0 +1,41 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIController;
+interface nsIControllers;
+interface mozIDOMWindowProxy;
+
+webidl Element;
+
+[scriptable, uuid(a9fa9fd3-8d62-4f94-9ed8-3ea9c3cf0773)]
+interface nsIDOMXULCommandDispatcher : nsISupports
+{
+  [setter_can_run_script]
+  attribute Element focusedElement;
+  [setter_can_run_script]
+  attribute mozIDOMWindowProxy focusedWindow;
+
+  void                      addCommandUpdater(in Element updater,
+                                              in AString events,
+                                              in AString targets);
+  void                      removeCommandUpdater(in Element updater);
+
+  [can_run_script]
+  void                      updateCommands(in AString eventName);
+
+  nsIController             getControllerForCommand(in string command);
+  nsIControllers            getControllers();
+
+  void advanceFocus();
+  void rewindFocus();
+  void advanceFocusIntoSubtree(in Element elt);
+
+  // When locked, command updating is batched until unlocked. Always ensure that
+  // lock and unlock is called in a pair.
+  void lock();
+  void unlock();
+};
diff --git a/dom/interfaces/xul/nsIDOMXULContainerElement.idl b/dom/interfaces/xul/nsIDOMXULContainerElement.idl
new file mode 100644
index 0000000000..78b8275f35
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULContainerElement.idl
@@ -0,0 +1,23 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+interface nsIDOMXULContainerElement;
+
+webidl Element;
+
+[scriptable, uuid(800a68c7-b854-4597-a436-3055ce5c5c96)]
+interface nsIDOMXULContainerItemElement : nsISupports
+{
+  /**
+   * Returns the parent container if any.
+   */
+  readonly attribute Element parentContainer;
+};
+
+[scriptable, uuid(b2bc96b8-31fc-42f4-937a-bd27291af40b)]
+interface nsIDOMXULContainerElement : nsIDOMXULContainerItemElement
+{
+};
diff --git a/dom/interfaces/xul/nsIDOMXULControlElement.idl b/dom/interfaces/xul/nsIDOMXULControlElement.idl
new file mode 100644
index 0000000000..0ddf5e8864
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULControlElement.idl
@@ -0,0 +1,19 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIControllers;
+
+[scriptable, uuid(bdc1d047-6d22-4813-bc50-638ccb349c7d)]
+interface nsIDOMXULControlElement : nsISupports {
+  attribute boolean disabled;
+
+// XXX defined in XULElement, but should be defined here
+//  readonly attribute nsIControllers controllers;
+
+//  void focus();
+//  void blur();
+};
diff --git a/dom/interfaces/xul/nsIDOMXULMenuListElement.idl b/dom/interfaces/xul/nsIDOMXULMenuListElement.idl
new file mode 100644
index 0000000000..689c823ff0
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULMenuListElement.idl
@@ -0,0 +1,19 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIDOMXULSelectCntrlEl.idl"
+
+webidl Element;
+
+[scriptable, uuid(36c16a17-c0e9-4b35-951b-81a147314ef1)]
+interface nsIDOMXULMenuListElement : nsIDOMXULSelectControlElement {
+  attribute boolean editable;
+  attribute boolean open;
+
+  // label of selected option or value of textfield for editable menu lists
+  readonly attribute AString label;
+
+  attribute AString image;
+};
diff --git a/dom/interfaces/xul/nsIDOMXULMultSelectCntrlEl.idl b/dom/interfaces/xul/nsIDOMXULMultSelectCntrlEl.idl
new file mode 100644
index 0000000000..03db9c3bc8
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULMultSelectCntrlEl.idl
@@ -0,0 +1,36 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIDOMXULSelectCntrlEl.idl"
+
+webidl Element;
+webidl NodeList;
+
+[scriptable, uuid(40654a10-8204-4f06-9f21-7baa31c7b1dd)]
+interface nsIDOMXULMultiSelectControlElement : nsIDOMXULSelectControlElement
+{
+  attribute AString selType;
+
+  attribute Element currentItem;
+  attribute long currentIndex;
+
+  readonly attribute NodeList selectedItems;
+
+  void addItemToSelection(in nsIDOMXULSelectControlItemElement item);
+  void removeItemFromSelection(in nsIDOMXULSelectControlItemElement item);
+  void toggleItemSelection(in nsIDOMXULSelectControlItemElement item);
+
+  void selectItem(in nsIDOMXULSelectControlItemElement item);
+  void selectItemRange(in nsIDOMXULSelectControlItemElement startItem, in nsIDOMXULSelectControlItemElement item);
+
+  void selectAll();
+  void clearSelection();
+
+  // XXX - temporary, pending implementation of scriptable,
+  //       mutable NodeList for selectedItems
+  readonly attribute long selectedCount;
+  [binaryname(MultiGetSelectedItem)]
+  Element getSelectedItem(in long index);
+};
diff --git a/dom/interfaces/xul/nsIDOMXULRadioGroupElement.idl b/dom/interfaces/xul/nsIDOMXULRadioGroupElement.idl
new file mode 100644
index 0000000000..6ec16d833c
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULRadioGroupElement.idl
@@ -0,0 +1,13 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+webidl Element;
+
+[scriptable, uuid(2cc1d24b-ec9f-4e18-aa34-a298a9007f23)]
+interface nsIDOMXULRadioGroupElement : nsISupports {
+  attribute Element focusedItem;
+};
diff --git a/dom/interfaces/xul/nsIDOMXULRelatedElement.idl b/dom/interfaces/xul/nsIDOMXULRelatedElement.idl
new file mode 100644
index 0000000000..428db2ba5d
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULRelatedElement.idl
@@ -0,0 +1,21 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "domstubs.idl"
+
+webidl Element;
+webidl Node;
+
+[scriptable, uuid(9fbac05a-fb27-470d-8e5f-028b2dc54ad0)]
+interface nsIDOMXULRelatedElement : nsISupports
+{
+  /**
+   * Retrun an element associated with the given element. It's implemented
+   * by container elements having relation between their items. For example,
+   * this interface is implemented by XUL tabs and XUL tabpanels elements
+   * and used to get XUL tab element by linked tab panel and vice versa.
+   */
+  Element getRelatedElement(in Node aElement);
+};
diff --git a/dom/interfaces/xul/nsIDOMXULSelectCntrlEl.idl b/dom/interfaces/xul/nsIDOMXULSelectCntrlEl.idl
new file mode 100644
index 0000000000..197791cb04
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULSelectCntrlEl.idl
@@ -0,0 +1,21 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIDOMXULControlElement.idl"
+interface nsIDOMXULSelectControlItemElement;
+
+webidl Element;
+
+[scriptable, uuid(9bf188a7-d6f9-431b-b5c7-118013998e8b)]
+interface nsIDOMXULSelectControlElement : nsIDOMXULControlElement {
+  attribute Element selectedItem;
+  attribute long selectedIndex;
+
+  attribute AString value;
+
+  readonly attribute unsigned long itemCount;
+  long getIndexOfItem(in nsIDOMXULSelectControlItemElement item);
+  Element getItemAtIndex(in long index);
+};
diff --git a/dom/interfaces/xul/nsIDOMXULSelectCntrlItemEl.idl b/dom/interfaces/xul/nsIDOMXULSelectCntrlItemEl.idl
new file mode 100644
index 0000000000..e3f031bd50
--- /dev/null
+++ b/dom/interfaces/xul/nsIDOMXULSelectCntrlItemEl.idl
@@ -0,0 +1,27 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+interface nsIDOMXULSelectControlElement;
+
+webidl Element;
+
+[scriptable, uuid(5c6be58f-17df-4750-88a5-4a59ac28adc9)]
+interface nsIDOMXULSelectControlItemElement : nsISupports {
+  attribute boolean disabled;
+  attribute AString image;
+  attribute AString label;
+  attribute AString accessKey;
+  attribute AString command;
+
+  attribute AString value;
+
+  readonly attribute boolean selected;
+
+  readonly attribute Element control;
+
+  // XXX defined in XULElement, but should be defined here
+  // void doCommand();
+};