summaryrefslogtreecommitdiffstats
path: root/dom/html/HTMLFormElement.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /dom/html/HTMLFormElement.cpp
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/html/HTMLFormElement.cpp')
-rw-r--r--dom/html/HTMLFormElement.cpp2266
1 files changed, 2266 insertions, 0 deletions
diff --git a/dom/html/HTMLFormElement.cpp b/dom/html/HTMLFormElement.cpp
new file mode 100644
index 0000000000..f0bb458958
--- /dev/null
+++ b/dom/html/HTMLFormElement.cpp
@@ -0,0 +1,2266 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/dom/HTMLFormElement.h"
+
+#include <utility>
+
+#include "jsapi.h"
+#include "mozilla/AutoRestore.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/BinarySearch.h"
+#include "mozilla/Components.h"
+#include "mozilla/ContentEvents.h"
+#include "mozilla/EventDispatcher.h"
+#include "mozilla/PresShell.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/dom/BindContext.h"
+#include "mozilla/dom/BrowsingContext.h"
+#include "mozilla/dom/CustomEvent.h"
+#include "mozilla/dom/Document.h"
+#include "mozilla/dom/HTMLFormControlsCollection.h"
+#include "mozilla/dom/HTMLFormElementBinding.h"
+#include "mozilla/dom/nsCSPContext.h"
+#include "mozilla/dom/nsCSPUtils.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
+#include "nsCOMArray.h"
+#include "nsContentList.h"
+#include "nsContentUtils.h"
+#include "nsDocShell.h"
+#include "nsDocShellLoadState.h"
+#include "nsError.h"
+#include "nsGkAtoms.h"
+#include "nsHTMLDocument.h"
+#include "nsIFormControlFrame.h"
+#include "nsInterfaceHashtable.h"
+#include "nsPresContext.h"
+#include "nsQueryObject.h"
+#include "nsStyleConsts.h"
+#include "nsTArray.h"
+
+// form submission
+#include "HTMLFormSubmissionConstants.h"
+#include "mozilla/dom/FormData.h"
+#include "mozilla/dom/FormDataEvent.h"
+#include "mozilla/dom/SubmitEvent.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/StaticPrefs_dom.h"
+#include "mozilla/StaticPrefs_prompts.h"
+#include "mozilla/StaticPrefs_signon.h"
+#include "nsCategoryManagerUtils.h"
+#include "nsIContentInlines.h"
+#include "nsISimpleEnumerator.h"
+#include "nsRange.h"
+#include "nsIScriptError.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsNetUtil.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIDocShell.h"
+#include "nsIPromptService.h"
+#include "nsISecurityUITelemetry.h"
+#include "nsIStringBundle.h"
+
+// radio buttons
+#include "mozilla/dom/HTMLInputElement.h"
+#include "nsIRadioVisitor.h"
+#include "RadioNodeList.h"
+
+#include "nsLayoutUtils.h"
+
+#include "mozAutoDocUpdate.h"
+#include "nsIHTMLCollection.h"
+
+#include "nsIConstraintValidation.h"
+
+#include "nsSandboxFlags.h"
+
+// images
+#include "mozilla/dom/HTMLImageElement.h"
+#include "mozilla/dom/HTMLButtonElement.h"
+
+// construction, destruction
+NS_IMPL_NS_NEW_HTML_ELEMENT(Form)
+
+namespace mozilla::dom {
+
+static const uint8_t NS_FORM_AUTOCOMPLETE_ON = 1;
+static const uint8_t NS_FORM_AUTOCOMPLETE_OFF = 0;
+
+static const nsAttrValue::EnumTable kFormAutocompleteTable[] = {
+ {"on", NS_FORM_AUTOCOMPLETE_ON},
+ {"off", NS_FORM_AUTOCOMPLETE_OFF},
+ {nullptr, 0}};
+// Default autocomplete value is 'on'.
+static const nsAttrValue::EnumTable* kFormDefaultAutocomplete =
+ &kFormAutocompleteTable[0];
+
+HTMLFormElement::HTMLFormElement(
+ already_AddRefed<mozilla::dom::NodeInfo>&& aNodeInfo)
+ : nsGenericHTMLElement(std::move(aNodeInfo)),
+ mControls(new HTMLFormControlsCollection(this)),
+ mPendingSubmission(nullptr),
+ mDefaultSubmitElement(nullptr),
+ mFirstSubmitInElements(nullptr),
+ mFirstSubmitNotInElements(nullptr),
+ mImageNameLookupTable(FORM_CONTROL_LIST_HASHTABLE_LENGTH),
+ mPastNameLookupTable(FORM_CONTROL_LIST_HASHTABLE_LENGTH),
+ mSubmitPopupState(PopupBlocker::openAbused),
+ mInvalidElementsCount(0),
+ mFormNumber(-1),
+ mGeneratingSubmit(false),
+ mGeneratingReset(false),
+ mDeferSubmission(false),
+ mNotifiedObservers(false),
+ mNotifiedObserversResult(false),
+ mEverTriedInvalidSubmit(false),
+ mIsConstructingEntryList(false),
+ mIsFiringSubmissionEvents(false) {
+ // We start out valid.
+ AddStatesSilently(ElementState::VALID);
+}
+
+HTMLFormElement::~HTMLFormElement() {
+ if (mControls) {
+ mControls->DropFormReference();
+ }
+
+ Clear();
+}
+
+// nsISupports
+
+NS_IMPL_CYCLE_COLLECTION_CLASS(HTMLFormElement)
+
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN_INHERITED(HTMLFormElement,
+ nsGenericHTMLElement)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mControls)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mImageNameLookupTable)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mPastNameLookupTable)
+ NS_IMPL_CYCLE_COLLECTION_TRAVERSE(mTargetContext)
+ RadioGroupManager::Traverse(tmp, cb);
+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_END
+
+NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN_INHERITED(HTMLFormElement,
+ nsGenericHTMLElement)
+ NS_IMPL_CYCLE_COLLECTION_UNLINK(mTargetContext)
+ RadioGroupManager::Unlink(tmp);
+ tmp->Clear();
+ tmp->mExpandoAndGeneration.OwnerUnlinked();
+NS_IMPL_CYCLE_COLLECTION_UNLINK_END
+
+NS_IMPL_ISUPPORTS_CYCLE_COLLECTION_INHERITED(HTMLFormElement,
+ nsGenericHTMLElement,
+ nsIRadioGroupContainer)
+
+// EventTarget
+void HTMLFormElement::AsyncEventRunning(AsyncEventDispatcher* aEvent) {
+ if (mFormPasswordEventDispatcher == aEvent) {
+ mFormPasswordEventDispatcher = nullptr;
+ } else if (mFormPossibleUsernameEventDispatcher == aEvent) {
+ mFormPossibleUsernameEventDispatcher = nullptr;
+ }
+}
+
+NS_IMPL_ELEMENT_CLONE(HTMLFormElement)
+
+nsIHTMLCollection* HTMLFormElement::Elements() { return mControls; }
+
+nsresult HTMLFormElement::BeforeSetAttr(int32_t aNamespaceID, nsAtom* aName,
+ const nsAttrValueOrString* aValue,
+ bool aNotify) {
+ if (aNamespaceID == kNameSpaceID_None) {
+ if (aName == nsGkAtoms::action || aName == nsGkAtoms::target) {
+ // Don't forget we've notified the password manager already if the
+ // page sets the action/target in the during submit. (bug 343182)
+ bool notifiedObservers = mNotifiedObservers;
+ ForgetCurrentSubmission();
+ mNotifiedObservers = notifiedObservers;
+ }
+ }
+
+ return nsGenericHTMLElement::BeforeSetAttr(aNamespaceID, aName, aValue,
+ aNotify);
+}
+
+void HTMLFormElement::GetAutocomplete(nsAString& aValue) {
+ GetEnumAttr(nsGkAtoms::autocomplete, kFormDefaultAutocomplete->tag, aValue);
+}
+
+void HTMLFormElement::GetEnctype(nsAString& aValue) {
+ GetEnumAttr(nsGkAtoms::enctype, kFormDefaultEnctype->tag, aValue);
+}
+
+void HTMLFormElement::GetMethod(nsAString& aValue) {
+ GetEnumAttr(nsGkAtoms::method, kFormDefaultMethod->tag, aValue);
+}
+
+// https://html.spec.whatwg.org/multipage/forms.html#concept-form-submit
+void HTMLFormElement::MaybeSubmit(Element* aSubmitter) {
+#ifdef DEBUG
+ if (aSubmitter) {
+ nsCOMPtr<nsIFormControl> fc = do_QueryInterface(aSubmitter);
+ MOZ_ASSERT(fc);
+ MOZ_ASSERT(fc->IsSubmitControl(), "aSubmitter is not a submit control?");
+ }
+#endif
+
+ // 1-4 of
+ // https://html.spec.whatwg.org/multipage/forms.html#concept-form-submit
+ Document* doc = GetComposedDoc();
+ if (mIsConstructingEntryList || !doc ||
+ (doc->GetSandboxFlags() & SANDBOXED_FORMS)) {
+ return;
+ }
+
+ // 6.1. If form's firing submission events is true, then return.
+ if (mIsFiringSubmissionEvents) {
+ return;
+ }
+
+ // 6.2. Set form's firing submission events to true.
+ AutoRestore<bool> resetFiringSubmissionEventsFlag(mIsFiringSubmissionEvents);
+ mIsFiringSubmissionEvents = true;
+
+ // 6.3. If the submitter element's no-validate state is false, then
+ // interactively validate the constraints of form and examine the result.
+ // If the result is negative (i.e., the constraint validation concluded
+ // that there were invalid fields and probably informed the user of this)
+ bool noValidateState =
+ HasAttr(kNameSpaceID_None, nsGkAtoms::novalidate) ||
+ (aSubmitter &&
+ aSubmitter->HasAttr(kNameSpaceID_None, nsGkAtoms::formnovalidate));
+ if (!noValidateState && !CheckValidFormSubmission()) {
+ return;
+ }
+
+ // If |PresShell::Destroy| has been called due to handling the event the pres
+ // context will return a null pres shell. See bug 125624. Using presShell to
+ // dispatch the event. It makes sure that event is not handled if the window
+ // is being destroyed.
+ if (RefPtr<PresShell> presShell = doc->GetPresShell()) {
+ SubmitEventInit init;
+ init.mBubbles = true;
+ init.mCancelable = true;
+ init.mSubmitter =
+ aSubmitter ? nsGenericHTMLElement::FromNode(aSubmitter) : nullptr;
+ RefPtr<SubmitEvent> event =
+ SubmitEvent::Constructor(this, u"submit"_ns, init);
+ event->SetTrusted(true);
+ nsEventStatus status = nsEventStatus_eIgnore;
+ presShell->HandleDOMEventWithTarget(this, event, &status);
+ }
+}
+
+void HTMLFormElement::MaybeReset(Element* aSubmitter) {
+ // If |PresShell::Destroy| has been called due to handling the event the pres
+ // context will return a null pres shell. See bug 125624. Using presShell to
+ // dispatch the event. It makes sure that event is not handled if the window
+ // is being destroyed.
+ if (RefPtr<PresShell> presShell = OwnerDoc()->GetPresShell()) {
+ InternalFormEvent event(true, eFormReset);
+ event.mOriginator = aSubmitter;
+ nsEventStatus status = nsEventStatus_eIgnore;
+ presShell->HandleDOMEventWithTarget(this, &event, &status);
+ }
+}
+
+void HTMLFormElement::Submit(ErrorResult& aRv) { aRv = DoSubmit(); }
+
+// https://html.spec.whatwg.org/multipage/forms.html#dom-form-requestsubmit
+void HTMLFormElement::RequestSubmit(nsGenericHTMLElement* aSubmitter,
+ ErrorResult& aRv) {
+ // 1. If submitter is not null, then:
+ if (aSubmitter) {
+ nsCOMPtr<nsIFormControl> fc = do_QueryObject(aSubmitter);
+
+ // 1.1. If submitter is not a submit button, then throw a TypeError.
+ if (!fc || !fc->IsSubmitControl()) {
+ aRv.ThrowTypeError("The submitter is not a submit button.");
+ return;
+ }
+
+ // 1.2. If submitter's form owner is not this form element, then throw a
+ // "NotFoundError" DOMException.
+ if (fc->GetForm() != this) {
+ aRv.Throw(NS_ERROR_DOM_NOT_FOUND_ERR);
+ return;
+ }
+ }
+
+ // 2. Otherwise, set submitter to this form element.
+ // 3. Submit this form element, from submitter.
+ MaybeSubmit(aSubmitter);
+}
+
+void HTMLFormElement::Reset() {
+ InternalFormEvent event(true, eFormReset);
+ EventDispatcher::Dispatch(static_cast<nsIContent*>(this), nullptr, &event);
+}
+
+bool HTMLFormElement::ParseAttribute(int32_t aNamespaceID, nsAtom* aAttribute,
+ const nsAString& aValue,
+ nsIPrincipal* aMaybeScriptedPrincipal,
+ nsAttrValue& aResult) {
+ if (aNamespaceID == kNameSpaceID_None) {
+ if (aAttribute == nsGkAtoms::method) {
+ if (StaticPrefs::dom_dialog_element_enabled() || IsInChromeDocument()) {
+ return aResult.ParseEnumValue(aValue, kFormMethodTableDialogEnabled,
+ false);
+ }
+ return aResult.ParseEnumValue(aValue, kFormMethodTable, false);
+ }
+ if (aAttribute == nsGkAtoms::enctype) {
+ return aResult.ParseEnumValue(aValue, kFormEnctypeTable, false);
+ }
+ if (aAttribute == nsGkAtoms::autocomplete) {
+ return aResult.ParseEnumValue(aValue, kFormAutocompleteTable, false);
+ }
+ }
+
+ return nsGenericHTMLElement::ParseAttribute(aNamespaceID, aAttribute, aValue,
+ aMaybeScriptedPrincipal, aResult);
+}
+
+nsresult HTMLFormElement::BindToTree(BindContext& aContext, nsINode& aParent) {
+ nsresult rv = nsGenericHTMLElement::BindToTree(aContext, aParent);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (IsInUncomposedDoc() && aContext.OwnerDoc().IsHTMLOrXHTML()) {
+ aContext.OwnerDoc().AsHTMLDocument()->AddedForm();
+ }
+
+ return rv;
+}
+
+template <typename T>
+static void MarkOrphans(const nsTArray<T*>& aArray) {
+ uint32_t length = aArray.Length();
+ for (uint32_t i = 0; i < length; ++i) {
+ aArray[i]->SetFlags(MAYBE_ORPHAN_FORM_ELEMENT);
+ }
+}
+
+static void CollectOrphans(nsINode* aRemovalRoot,
+ const nsTArray<nsGenericHTMLFormElement*>& aArray
+#ifdef DEBUG
+ ,
+ HTMLFormElement* aThisForm
+#endif
+) {
+ // Put a script blocker around all the notifications we're about to do.
+ nsAutoScriptBlocker scriptBlocker;
+
+ // Walk backwards so that if we remove elements we can just keep iterating
+ uint32_t length = aArray.Length();
+ for (uint32_t i = length; i > 0; --i) {
+ nsGenericHTMLFormElement* node = aArray[i - 1];
+
+ // Now if MAYBE_ORPHAN_FORM_ELEMENT is not set, that would mean that the
+ // node is in fact a descendant of the form and hence should stay in the
+ // form. If it _is_ set, then we need to check whether the node is a
+ // descendant of aRemovalRoot. If it is, we leave it in the form.
+#ifdef DEBUG
+ bool removed = false;
+#endif
+ if (node->HasFlag(MAYBE_ORPHAN_FORM_ELEMENT)) {
+ node->UnsetFlags(MAYBE_ORPHAN_FORM_ELEMENT);
+ if (!node->IsInclusiveDescendantOf(aRemovalRoot)) {
+ nsCOMPtr<nsIFormControl> fc = do_QueryInterface(node);
+ MOZ_ASSERT(fc);
+ fc->ClearForm(true, false);
+
+ // When a form control loses its form owner, its state can change.
+ node->UpdateState(true);
+#ifdef DEBUG
+ removed = true;
+#endif
+ }
+ }
+
+#ifdef DEBUG
+ if (!removed) {
+ nsCOMPtr<nsIFormControl> fc = do_QueryInterface(node);
+ MOZ_ASSERT(fc);
+ HTMLFormElement* form = fc->GetForm();
+ NS_ASSERTION(form == aThisForm, "How did that happen?");
+ }
+#endif /* DEBUG */
+ }
+}
+
+static void CollectOrphans(nsINode* aRemovalRoot,
+ const nsTArray<HTMLImageElement*>& aArray
+#ifdef DEBUG
+ ,
+ HTMLFormElement* aThisForm
+#endif
+) {
+ // Walk backwards so that if we remove elements we can just keep iterating
+ uint32_t length = aArray.Length();
+ for (uint32_t i = length; i > 0; --i) {
+ HTMLImageElement* node = aArray[i - 1];
+
+ // Now if MAYBE_ORPHAN_FORM_ELEMENT is not set, that would mean that the
+ // node is in fact a descendant of the form and hence should stay in the
+ // form. If it _is_ set, then we need to check whether the node is a
+ // descendant of aRemovalRoot. If it is, we leave it in the form.
+#ifdef DEBUG
+ bool removed = false;
+#endif
+ if (node->HasFlag(MAYBE_ORPHAN_FORM_ELEMENT)) {
+ node->UnsetFlags(MAYBE_ORPHAN_FORM_ELEMENT);
+ if (!node->IsInclusiveDescendantOf(aRemovalRoot)) {
+ node->ClearForm(true);
+
+#ifdef DEBUG
+ removed = true;
+#endif
+ }
+ }
+
+#ifdef DEBUG
+ if (!removed) {
+ HTMLFormElement* form = node->GetForm();
+ NS_ASSERTION(form == aThisForm, "How did that happen?");
+ }
+#endif /* DEBUG */
+ }
+}
+
+void HTMLFormElement::UnbindFromTree(bool aNullParent) {
+ MaybeFireFormRemoved();
+
+ // Note, this is explicitly using uncomposed doc, since we count
+ // only forms in document.
+ RefPtr<Document> oldDocument = GetUncomposedDoc();
+
+ // Mark all of our controls as maybe being orphans
+ MarkOrphans(mControls->mElements);
+ MarkOrphans(mControls->mNotInElements);
+ MarkOrphans(mImageElements);
+
+ nsGenericHTMLElement::UnbindFromTree(aNullParent);
+
+ nsINode* ancestor = this;
+ nsINode* cur;
+ do {
+ cur = ancestor->GetParentNode();
+ if (!cur) {
+ break;
+ }
+ ancestor = cur;
+ } while (1);
+
+ CollectOrphans(ancestor, mControls->mElements
+#ifdef DEBUG
+ ,
+ this
+#endif
+ );
+ CollectOrphans(ancestor, mControls->mNotInElements
+#ifdef DEBUG
+ ,
+ this
+#endif
+ );
+ CollectOrphans(ancestor, mImageElements
+#ifdef DEBUG
+ ,
+ this
+#endif
+ );
+
+ if (oldDocument && oldDocument->IsHTMLOrXHTML()) {
+ oldDocument->AsHTMLDocument()->RemovedForm();
+ }
+ ForgetCurrentSubmission();
+}
+
+static bool CanSubmit(WidgetEvent& aEvent) {
+ // According to the UI events spec section "Trusted events", we shouldn't
+ // trigger UA default action with an untrusted event except click.
+ // However, there are still some sites depending on sending untrusted event
+ // to submit form, see Bug 1370630.
+ return !StaticPrefs::dom_forms_submit_trusted_event_only() ||
+ aEvent.IsTrusted();
+}
+
+void HTMLFormElement::GetEventTargetParent(EventChainPreVisitor& aVisitor) {
+ aVisitor.mWantsWillHandleEvent = true;
+ if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
+ CanSubmit(*aVisitor.mEvent)) {
+ uint32_t msg = aVisitor.mEvent->mMessage;
+ if (msg == eFormSubmit) {
+ if (mGeneratingSubmit) {
+ aVisitor.mCanHandle = false;
+ return;
+ }
+ mGeneratingSubmit = true;
+
+ // let the form know that it needs to defer the submission,
+ // that means that if there are scripted submissions, the
+ // latest one will be deferred until after the exit point of the handler.
+ mDeferSubmission = true;
+ } else if (msg == eFormReset) {
+ if (mGeneratingReset) {
+ aVisitor.mCanHandle = false;
+ return;
+ }
+ mGeneratingReset = true;
+ }
+ }
+ nsGenericHTMLElement::GetEventTargetParent(aVisitor);
+}
+
+void HTMLFormElement::WillHandleEvent(EventChainPostVisitor& aVisitor) {
+ // If this is the bubble stage and there is a nested form below us which
+ // received a submit event we do *not* want to handle the submit event
+ // for this form too.
+ if ((aVisitor.mEvent->mMessage == eFormSubmit ||
+ aVisitor.mEvent->mMessage == eFormReset) &&
+ aVisitor.mEvent->mFlags.mInBubblingPhase &&
+ aVisitor.mEvent->mOriginalTarget != static_cast<nsIContent*>(this)) {
+ aVisitor.mEvent->StopPropagation();
+ }
+}
+
+nsresult HTMLFormElement::PostHandleEvent(EventChainPostVisitor& aVisitor) {
+ if (aVisitor.mEvent->mOriginalTarget == static_cast<nsIContent*>(this) &&
+ CanSubmit(*aVisitor.mEvent)) {
+ EventMessage msg = aVisitor.mEvent->mMessage;
+ if (msg == eFormSubmit) {
+ // let the form know not to defer subsequent submissions
+ mDeferSubmission = false;
+ }
+
+ if (aVisitor.mEventStatus == nsEventStatus_eIgnore) {
+ switch (msg) {
+ case eFormReset: {
+ DoReset();
+ break;
+ }
+ case eFormSubmit: {
+ if (mPendingSubmission) {
+ // tell the form to forget a possible pending submission.
+ // the reason is that the script returned true (the event was
+ // ignored) so if there is a stored submission, it will miss
+ // the name/value of the submitting element, thus we need
+ // to forget it and the form element will build a new one
+ mPendingSubmission = nullptr;
+ }
+ if (!aVisitor.mEvent->IsTrusted()) {
+ // Warning about the form submission is from untrusted event.
+ OwnerDoc()->WarnOnceAbout(
+ DeprecatedOperations::eFormSubmissionUntrustedEvent);
+ }
+ DoSubmit(aVisitor.mDOMEvent);
+ break;
+ }
+ default:
+ break;
+ }
+ } else {
+ if (msg == eFormSubmit) {
+ // tell the form to flush a possible pending submission.
+ // the reason is that the script returned false (the event was
+ // not ignored) so if there is a stored submission, it needs to
+ // be submitted immediatelly.
+ FlushPendingSubmission();
+ }
+ }
+
+ if (msg == eFormSubmit) {
+ mGeneratingSubmit = false;
+ } else if (msg == eFormReset) {
+ mGeneratingReset = false;
+ }
+ }
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::DoReset() {
+ // Make sure the presentation is up-to-date
+ Document* doc = GetComposedDoc();
+ if (doc) {
+ doc->FlushPendingNotifications(FlushType::ContentAndNotify);
+ }
+
+ mEverTriedInvalidSubmit = false;
+ // JBK walk the elements[] array instead of form frame controls - bug 34297
+ uint32_t numElements = mControls->Length();
+ for (uint32_t elementX = 0; elementX < numElements; ++elementX) {
+ // Hold strong ref in case the reset does something weird
+ nsCOMPtr<nsIFormControl> controlNode = do_QueryInterface(
+ mControls->mElements.SafeElementAt(elementX, nullptr));
+ if (controlNode) {
+ controlNode->Reset();
+ }
+ }
+
+ return NS_OK;
+}
+
+#define NS_ENSURE_SUBMIT_SUCCESS(rv) \
+ if (NS_FAILED(rv)) { \
+ ForgetCurrentSubmission(); \
+ return rv; \
+ }
+
+nsresult HTMLFormElement::DoSubmit(Event* aEvent) {
+ Document* doc = GetComposedDoc();
+ NS_ASSERTION(doc, "Should never get here without a current doc");
+
+ // Make sure the presentation is up-to-date
+ if (doc) {
+ doc->FlushPendingNotifications(FlushType::ContentAndNotify);
+ }
+
+ // Don't submit if we're not in a document or if we're in
+ // a sandboxed frame and form submit is disabled.
+ if (mIsConstructingEntryList || !doc ||
+ (doc->GetSandboxFlags() & SANDBOXED_FORMS)) {
+ return NS_OK;
+ }
+
+ if (IsSubmitting()) {
+ NS_WARNING("Preventing double form submission");
+ // XXX Should this return an error?
+ return NS_OK;
+ }
+
+ mTargetContext = nullptr;
+ mCurrentLoadId = Nothing();
+
+ UniquePtr<HTMLFormSubmission> submission;
+
+ //
+ // prepare the submission object
+ //
+ nsresult rv = BuildSubmission(getter_Transfers(submission), aEvent);
+
+ // Don't raise an error if form cannot navigate.
+ if (rv == NS_ERROR_NOT_AVAILABLE) {
+ return NS_OK;
+ }
+
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // XXXbz if the script global is that for an sXBL/XBL2 doc, it won't
+ // be a window...
+ nsPIDOMWindowOuter* window = OwnerDoc()->GetWindow();
+ if (window) {
+ mSubmitPopupState = PopupBlocker::GetPopupControlState();
+ } else {
+ mSubmitPopupState = PopupBlocker::openAbused;
+ }
+
+ //
+ // perform the submission
+ //
+ if (!submission) {
+#ifdef DEBUG
+ HTMLDialogElement* dialog = nullptr;
+ for (nsIContent* parent = GetParent(); parent;
+ parent = parent->GetParent()) {
+ dialog = HTMLDialogElement::FromNodeOrNull(parent);
+ if (dialog) {
+ break;
+ }
+ }
+ MOZ_ASSERT(!dialog || !dialog->Open());
+#endif
+ return NS_OK;
+ }
+
+ if (DialogFormSubmission* dialogSubmission =
+ submission->GetAsDialogSubmission()) {
+ return SubmitDialog(dialogSubmission);
+ }
+
+ if (mDeferSubmission) {
+ // we are in an event handler, JS submitted so we have to
+ // defer this submission. let's remember it and return
+ // without submitting
+ mPendingSubmission = std::move(submission);
+ return NS_OK;
+ }
+
+ return SubmitSubmission(submission.get());
+}
+
+nsresult HTMLFormElement::BuildSubmission(HTMLFormSubmission** aFormSubmission,
+ Event* aEvent) {
+ // Get the submitter element
+ nsGenericHTMLElement* submitter = nullptr;
+ if (aEvent) {
+ SubmitEvent* submitEvent = aEvent->AsSubmitEvent();
+ if (submitEvent) {
+ submitter = submitEvent->GetSubmitter();
+ }
+ }
+
+ nsresult rv;
+
+ //
+ // Walk over the form elements and call SubmitNamesValues() on them to get
+ // their data.
+ //
+ auto encoding = GetSubmitEncoding()->OutputEncoding();
+ RefPtr<FormData> formData =
+ new FormData(GetOwnerGlobal(), encoding, submitter);
+ rv = ConstructEntryList(formData);
+ NS_ENSURE_SUBMIT_SUCCESS(rv);
+
+ // Step 9. If form cannot navigate, then return.
+ // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#form-submission-algorithm
+ if (!GetComposedDoc()) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ //
+ // Get the submission object
+ //
+ rv = HTMLFormSubmission::GetFromForm(this, submitter, encoding,
+ aFormSubmission);
+ NS_ENSURE_SUBMIT_SUCCESS(rv);
+
+ //
+ // Dump the data into the submission object
+ //
+ if (!(*aFormSubmission)->GetAsDialogSubmission()) {
+ rv = formData->CopySubmissionDataTo(*aFormSubmission);
+ NS_ENSURE_SUBMIT_SUCCESS(rv);
+ }
+
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::SubmitSubmission(
+ HTMLFormSubmission* aFormSubmission) {
+ MOZ_ASSERT(!mDeferSubmission);
+ MOZ_ASSERT(!mPendingSubmission);
+
+ nsCOMPtr<nsIURI> actionURI = aFormSubmission->GetActionURL();
+ if (!actionURI) {
+ return NS_OK;
+ }
+
+ // If there is no link handler, then we won't actually be able to submit.
+ Document* doc = GetComposedDoc();
+ nsCOMPtr<nsIDocShell> container = doc ? doc->GetDocShell() : nullptr;
+ if (!container || IsEditable()) {
+ return NS_OK;
+ }
+
+ // javascript URIs are not really submissions; they just call a function.
+ // Also, they may synchronously call submit(), and we want them to be able to
+ // do so while still disallowing other double submissions. (Bug 139798)
+ // Note that any other URI types that are of equivalent type should also be
+ // added here.
+ // XXXbz this is a mess. The real issue here is that nsJSChannel sets the
+ // LOAD_BACKGROUND flag, so doesn't notify us, compounded by the fact that
+ // the JS executes before we forget the submission in OnStateChange on
+ // STATE_STOP. As a result, we have to make sure that we simply pretend
+ // we're not submitting when submitting to a JS URL. That's kinda bogus, but
+ // there we are.
+ bool schemeIsJavaScript = actionURI->SchemeIs("javascript");
+
+ //
+ // Notify observers of submit
+ //
+ nsresult rv;
+ bool cancelSubmit = false;
+ if (mNotifiedObservers) {
+ cancelSubmit = mNotifiedObserversResult;
+ } else {
+ rv = NotifySubmitObservers(actionURI, &cancelSubmit, true);
+ NS_ENSURE_SUBMIT_SUCCESS(rv);
+ }
+
+ if (cancelSubmit) {
+ return NS_OK;
+ }
+
+ cancelSubmit = false;
+ rv = NotifySubmitObservers(actionURI, &cancelSubmit, false);
+ NS_ENSURE_SUBMIT_SUCCESS(rv);
+
+ if (cancelSubmit) {
+ return NS_OK;
+ }
+
+ //
+ // Submit
+ //
+ nsCOMPtr<nsIDocShell> docShell;
+ uint64_t currentLoadId = 0;
+
+ {
+ AutoPopupStatePusher popupStatePusher(mSubmitPopupState);
+
+ AutoHandlingUserInputStatePusher userInpStatePusher(
+ aFormSubmission->IsInitiatedFromUserInput());
+
+ nsCOMPtr<nsIInputStream> postDataStream;
+ rv = aFormSubmission->GetEncodedSubmission(
+ actionURI, getter_AddRefs(postDataStream), actionURI);
+ NS_ENSURE_SUBMIT_SUCCESS(rv);
+
+ nsAutoString target;
+ aFormSubmission->GetTarget(target);
+
+ RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(actionURI);
+ loadState->SetTarget(target);
+ loadState->SetPostDataStream(postDataStream);
+ loadState->SetFirstParty(true);
+ loadState->SetIsFormSubmission(true);
+ loadState->SetTriggeringPrincipal(NodePrincipal());
+ loadState->SetPrincipalToInherit(NodePrincipal());
+ loadState->SetCsp(GetCsp());
+ loadState->SetAllowFocusMove(UserActivation::IsHandlingUserInput());
+
+ rv = nsDocShell::Cast(container)->OnLinkClickSync(this, loadState, false,
+ NodePrincipal());
+ NS_ENSURE_SUBMIT_SUCCESS(rv);
+
+ mTargetContext = loadState->TargetBrowsingContext().GetMaybeDiscarded();
+ currentLoadId = loadState->GetLoadIdentifier();
+ }
+
+ // Even if the submit succeeds, it's possible for there to be no
+ // browsing context; for example, if it's to a named anchor within
+ // the same page the submit will not really do anything.
+ if (mTargetContext && !mTargetContext->IsDiscarded() && !schemeIsJavaScript) {
+ mCurrentLoadId = Some(currentLoadId);
+ } else {
+ ForgetCurrentSubmission();
+ }
+
+ return rv;
+}
+
+// https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#submit-dialog
+nsresult HTMLFormElement::SubmitDialog(DialogFormSubmission* aFormSubmission) {
+ // Close the dialog subject. If there is a result, let that be the return
+ // value.
+ HTMLDialogElement* dialog = aFormSubmission->DialogElement();
+ MOZ_ASSERT(dialog);
+
+ Optional<nsAString> retValue;
+ retValue = &aFormSubmission->ReturnValue();
+ dialog->Close(retValue);
+
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::DoSecureToInsecureSubmitCheck(nsIURI* aActionURL,
+ bool* aCancelSubmit) {
+ *aCancelSubmit = false;
+
+ if (!StaticPrefs::security_warn_submit_secure_to_insecure()) {
+ return NS_OK;
+ }
+
+ // Only ask the user about posting from a secure URI to an insecure URI if
+ // this element is in the root document. When this is not the case, the mixed
+ // content blocker will take care of security for us.
+ if (!OwnerDoc()->IsTopLevelContentDocument()) {
+ return NS_OK;
+ }
+
+ nsIPrincipal* principal = NodePrincipal();
+ if (!principal) {
+ *aCancelSubmit = true;
+ return NS_OK;
+ }
+ bool formIsHTTPS = principal->SchemeIs("https");
+ if (principal->IsSystemPrincipal() || principal->GetIsExpandedPrincipal()) {
+ formIsHTTPS = OwnerDoc()->GetDocumentURI()->SchemeIs("https");
+ }
+ if (!formIsHTTPS) {
+ return NS_OK;
+ }
+
+ if (nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(aActionURL)) {
+ return NS_OK;
+ }
+
+ if (nsMixedContentBlocker::URISafeToBeLoadedInSecureContext(aActionURL)) {
+ return NS_OK;
+ }
+
+ if (nsMixedContentBlocker::IsPotentiallyTrustworthyOnion(aActionURL)) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> window = OwnerDoc()->GetWindow();
+ if (!window) {
+ return NS_ERROR_FAILURE;
+ }
+ nsCOMPtr<nsIDocShell> docShell = window->GetDocShell();
+ if (!docShell) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsresult rv;
+ nsCOMPtr<nsIPromptService> promptSvc =
+ do_GetService("@mozilla.org/prompter;1", &rv);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ nsCOMPtr<nsIStringBundle> stringBundle;
+ nsCOMPtr<nsIStringBundleService> stringBundleService =
+ mozilla::components::StringBundle::Service();
+ if (!stringBundleService) {
+ return NS_ERROR_FAILURE;
+ }
+ rv = stringBundleService->CreateBundle(
+ "chrome://global/locale/browser.properties",
+ getter_AddRefs(stringBundle));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ nsAutoString title;
+ nsAutoString message;
+ nsAutoString cont;
+ stringBundle->GetStringFromName("formPostSecureToInsecureWarning.title",
+ title);
+ stringBundle->GetStringFromName("formPostSecureToInsecureWarning.message",
+ message);
+ stringBundle->GetStringFromName("formPostSecureToInsecureWarning.continue",
+ cont);
+ int32_t buttonPressed;
+ bool checkState =
+ false; // this is unused (ConfirmEx requires this parameter)
+ rv = promptSvc->ConfirmExBC(
+ docShell->GetBrowsingContext(),
+ StaticPrefs::prompts_modalType_insecureFormSubmit(), title.get(),
+ message.get(),
+ (nsIPromptService::BUTTON_TITLE_IS_STRING *
+ nsIPromptService::BUTTON_POS_0) +
+ (nsIPromptService::BUTTON_TITLE_CANCEL *
+ nsIPromptService::BUTTON_POS_1),
+ cont.get(), nullptr, nullptr, nullptr, &checkState, &buttonPressed);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ *aCancelSubmit = (buttonPressed == 1);
+ uint32_t telemetryBucket =
+ nsISecurityUITelemetry::WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE;
+ mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
+ telemetryBucket);
+ if (!*aCancelSubmit) {
+ // The user opted to continue, so note that in the next telemetry bucket.
+ mozilla::Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI,
+ telemetryBucket + 1);
+ }
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::NotifySubmitObservers(nsIURI* aActionURL,
+ bool* aCancelSubmit,
+ bool aEarlyNotify) {
+ if (!aEarlyNotify) {
+ nsresult rv = DoSecureToInsecureSubmitCheck(aActionURL, aCancelSubmit);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ if (*aCancelSubmit) {
+ return NS_OK;
+ }
+ }
+
+ bool defaultAction = true;
+ nsresult rv = nsContentUtils::DispatchEventOnlyToChrome(
+ OwnerDoc(), static_cast<nsINode*>(this),
+ aEarlyNotify ? u"DOMFormBeforeSubmit"_ns : u"DOMFormSubmit"_ns,
+ CanBubble::eYes, Cancelable::eYes, &defaultAction);
+ *aCancelSubmit = !defaultAction;
+ if (*aCancelSubmit) {
+ return NS_OK;
+ }
+ return rv;
+}
+
+nsresult HTMLFormElement::ConstructEntryList(FormData* aFormData) {
+ MOZ_ASSERT(aFormData, "Must have FormData!");
+ if (mIsConstructingEntryList) {
+ // Step 2.2 of https://xhr.spec.whatwg.org/#dom-formdata.
+ return NS_ERROR_DOM_INVALID_STATE_ERR;
+ }
+
+ AutoRestore<bool> resetConstructingEntryList(mIsConstructingEntryList);
+ mIsConstructingEntryList = true;
+ // This shouldn't be called recursively, so use a rather large value
+ // for the preallocated buffer.
+ AutoTArray<RefPtr<nsGenericHTMLFormElement>, 100> sortedControls;
+ nsresult rv = mControls->GetSortedControls(sortedControls);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ uint32_t len = sortedControls.Length();
+
+ //
+ // Walk the list of nodes and call SubmitNamesValues() on the controls
+ //
+ for (uint32_t i = 0; i < len; ++i) {
+ // Disabled elements don't submit
+ if (!sortedControls[i]->IsDisabled()) {
+ nsCOMPtr<nsIFormControl> fc = do_QueryInterface(sortedControls[i]);
+ MOZ_ASSERT(fc);
+ // Tell the control to submit its name/value pairs to the submission
+ fc->SubmitNamesValues(aFormData);
+ }
+ }
+
+ FormDataEventInit init;
+ init.mBubbles = true;
+ init.mCancelable = false;
+ init.mFormData = aFormData;
+ RefPtr<FormDataEvent> event =
+ FormDataEvent::Constructor(this, u"formdata"_ns, init);
+ event->SetTrusted(true);
+
+ // TODO: Bug 1506441
+ EventDispatcher::DispatchDOMEvent(MOZ_KnownLive(ToSupports(this)), nullptr,
+ event, nullptr, nullptr);
+
+ return NS_OK;
+}
+
+NotNull<const Encoding*> HTMLFormElement::GetSubmitEncoding() {
+ nsAutoString acceptCharsetValue;
+ GetAttr(kNameSpaceID_None, nsGkAtoms::acceptcharset, acceptCharsetValue);
+
+ int32_t charsetLen = acceptCharsetValue.Length();
+ if (charsetLen > 0) {
+ int32_t offset = 0;
+ int32_t spPos = 0;
+ // get charset from charsets one by one
+ do {
+ spPos = acceptCharsetValue.FindChar(char16_t(' '), offset);
+ int32_t cnt = ((-1 == spPos) ? (charsetLen - offset) : (spPos - offset));
+ if (cnt > 0) {
+ nsAutoString uCharset;
+ acceptCharsetValue.Mid(uCharset, offset, cnt);
+
+ auto encoding = Encoding::ForLabelNoReplacement(uCharset);
+ if (encoding) {
+ return WrapNotNull(encoding);
+ }
+ }
+ offset = spPos + 1;
+ } while (spPos != -1);
+ }
+ // if there are no accept-charset or all the charset are not supported
+ // Get the charset from document
+ Document* doc = GetComposedDoc();
+ if (doc) {
+ return doc->GetDocumentCharacterSet();
+ }
+ return UTF_8_ENCODING;
+}
+
+Element* HTMLFormElement::IndexedGetter(uint32_t aIndex, bool& aFound) {
+ Element* element = mControls->mElements.SafeElementAt(aIndex, nullptr);
+ aFound = element != nullptr;
+ return element;
+}
+
+/**
+ * Compares the position of aControl1 and aControl2 in the document
+ * @param aControl1 First control to compare.
+ * @param aControl2 Second control to compare.
+ * @param aForm Parent form of the controls.
+ * @return < 0 if aControl1 is before aControl2,
+ * > 0 if aControl1 is after aControl2,
+ * 0 otherwise
+ */
+/* static */
+int32_t HTMLFormElement::CompareFormControlPosition(Element* aElement1,
+ Element* aElement2,
+ const nsIContent* aForm) {
+ NS_ASSERTION(aElement1 != aElement2, "Comparing a form control to itself");
+
+ // If an element has a @form, we can assume it *might* be able to not have
+ // a parent and still be in the form.
+ NS_ASSERTION((aElement1->HasAttr(kNameSpaceID_None, nsGkAtoms::form) ||
+ aElement1->GetParent()) &&
+ (aElement2->HasAttr(kNameSpaceID_None, nsGkAtoms::form) ||
+ aElement2->GetParent()),
+ "Form controls should always have parents");
+
+ // If we pass aForm, we are assuming both controls are form descendants which
+ // is not always the case. This function should work but maybe slower.
+ // However, checking if both elements are form descendants may be slow too...
+ // TODO: remove the prevent asserts fix, see bug 598468.
+#ifdef DEBUG
+ nsLayoutUtils::gPreventAssertInCompareTreePosition = true;
+ int32_t rVal =
+ nsLayoutUtils::CompareTreePosition(aElement1, aElement2, aForm);
+ nsLayoutUtils::gPreventAssertInCompareTreePosition = false;
+
+ return rVal;
+#else // DEBUG
+ return nsLayoutUtils::CompareTreePosition(aElement1, aElement2, aForm);
+#endif // DEBUG
+}
+
+#ifdef DEBUG
+/**
+ * Checks that all form elements are in document order. Asserts if any pair of
+ * consecutive elements are not in increasing document order.
+ *
+ * @param aControls List of form controls to check.
+ * @param aForm Parent form of the controls.
+ */
+/* static */
+void HTMLFormElement::AssertDocumentOrder(
+ const nsTArray<nsGenericHTMLFormElement*>& aControls, nsIContent* aForm) {
+ // TODO: remove the if directive with bug 598468.
+ // This is done to prevent asserts in some edge cases.
+# if 0
+ // Only iterate if aControls is not empty, since otherwise
+ // |aControls.Length() - 1| will be a very large unsigned number... not what
+ // we want here.
+ if (!aControls.IsEmpty()) {
+ for (uint32_t i = 0; i < aControls.Length() - 1; ++i) {
+ NS_ASSERTION(
+ CompareFormControlPosition(aControls[i], aControls[i + 1], aForm) < 0,
+ "Form controls not ordered correctly");
+ }
+ }
+# endif
+}
+
+/**
+ * Copy of the above function, but with RefPtrs.
+ *
+ * @param aControls List of form controls to check.
+ * @param aForm Parent form of the controls.
+ */
+/* static */
+void HTMLFormElement::AssertDocumentOrder(
+ const nsTArray<RefPtr<nsGenericHTMLFormElement>>& aControls,
+ nsIContent* aForm) {
+ // TODO: remove the if directive with bug 598468.
+ // This is done to prevent asserts in some edge cases.
+# if 0
+ // Only iterate if aControls is not empty, since otherwise
+ // |aControls.Length() - 1| will be a very large unsigned number... not what
+ // we want here.
+ if (!aControls.IsEmpty()) {
+ for (uint32_t i = 0; i < aControls.Length() - 1; ++i) {
+ NS_ASSERTION(
+ CompareFormControlPosition(aControls[i], aControls[i + 1], aForm) < 0,
+ "Form controls not ordered correctly");
+ }
+ }
+# endif
+}
+#endif
+
+void HTMLFormElement::PostPasswordEvent() {
+ // Don't fire another add event if we have a pending add event.
+ if (mFormPasswordEventDispatcher.get()) {
+ return;
+ }
+
+ mFormPasswordEventDispatcher =
+ new AsyncEventDispatcher(this, u"DOMFormHasPassword"_ns, CanBubble::eYes,
+ ChromeOnlyDispatch::eYes);
+ mFormPasswordEventDispatcher->PostDOMEvent();
+}
+
+void HTMLFormElement::PostPossibleUsernameEvent() {
+ if (!StaticPrefs::signon_usernameOnlyForm_enabled()) {
+ return;
+ }
+
+ // Don't fire another event if we have a pending event.
+ if (mFormPossibleUsernameEventDispatcher) {
+ return;
+ }
+
+ mFormPossibleUsernameEventDispatcher =
+ new AsyncEventDispatcher(this, u"DOMFormHasPossibleUsername"_ns,
+ CanBubble::eYes, ChromeOnlyDispatch::eYes);
+ mFormPossibleUsernameEventDispatcher->PostDOMEvent();
+}
+
+namespace {
+
+struct FormComparator {
+ Element* const mChild;
+ HTMLFormElement* const mForm;
+ FormComparator(Element* aChild, HTMLFormElement* aForm)
+ : mChild(aChild), mForm(aForm) {}
+ int operator()(Element* aElement) const {
+ return HTMLFormElement::CompareFormControlPosition(mChild, aElement, mForm);
+ }
+};
+
+} // namespace
+
+// This function return true if the element, once appended, is the last one in
+// the array.
+template <typename ElementType>
+static bool AddElementToList(nsTArray<ElementType*>& aList, ElementType* aChild,
+ HTMLFormElement* aForm) {
+ NS_ASSERTION(aList.IndexOf(aChild) == aList.NoIndex,
+ "aChild already in aList");
+
+ const uint32_t count = aList.Length();
+ ElementType* element;
+ bool lastElement = false;
+
+ // Optimize most common case where we insert at the end.
+ int32_t position = -1;
+ if (count > 0) {
+ element = aList[count - 1];
+ position =
+ HTMLFormElement::CompareFormControlPosition(aChild, element, aForm);
+ }
+
+ // If this item comes after the last element, or the elements array is
+ // empty, we append to the end. Otherwise, we do a binary search to
+ // determine where the element should go.
+ if (position >= 0 || count == 0) {
+ // WEAK - don't addref
+ aList.AppendElement(aChild);
+ lastElement = true;
+ } else {
+ size_t idx;
+ BinarySearchIf(aList, 0, count, FormComparator(aChild, aForm), &idx);
+
+ // WEAK - don't addref
+ aList.InsertElementAt(idx, aChild);
+ }
+
+ return lastElement;
+}
+
+nsresult HTMLFormElement::AddElement(nsGenericHTMLFormElement* aChild,
+ bool aUpdateValidity, bool aNotify) {
+ // If an element has a @form, we can assume it *might* be able to not have
+ // a parent and still be in the form.
+ NS_ASSERTION(aChild->HasAttr(kNameSpaceID_None, nsGkAtoms::form) ||
+ aChild->GetParent(),
+ "Form control should have a parent");
+ nsCOMPtr<nsIFormControl> fc = do_QueryObject(aChild);
+ MOZ_ASSERT(fc);
+ // Determine whether to add the new element to the elements or
+ // the not-in-elements list.
+ bool childInElements = HTMLFormControlsCollection::ShouldBeInElements(fc);
+ nsTArray<nsGenericHTMLFormElement*>& controlList =
+ childInElements ? mControls->mElements : mControls->mNotInElements;
+
+ bool lastElement = AddElementToList(controlList, aChild, this);
+
+#ifdef DEBUG
+ AssertDocumentOrder(controlList, this);
+#endif
+
+ auto type = fc->ControlType();
+
+ // If it is a password control, inform the password manager.
+ if (type == FormControlType::InputPassword) {
+ PostPasswordEvent();
+ // If the type is email or text, it is a username compatible input,
+ // inform the password manager.
+ } else if (type == FormControlType::InputEmail ||
+ type == FormControlType::InputText) {
+ PostPossibleUsernameEvent();
+ }
+
+ // Default submit element handling
+ if (fc->IsSubmitControl()) {
+ // Update mDefaultSubmitElement, mFirstSubmitInElements,
+ // mFirstSubmitNotInElements.
+
+ nsGenericHTMLFormElement** firstSubmitSlot =
+ childInElements ? &mFirstSubmitInElements : &mFirstSubmitNotInElements;
+
+ // The new child is the new first submit in its list if the firstSubmitSlot
+ // is currently empty or if the child is before what's currently in the
+ // slot. Note that if we already have a control in firstSubmitSlot and
+ // we're appending this element can't possibly replace what's currently in
+ // the slot. Also note that aChild can't become the mDefaultSubmitElement
+ // unless it replaces what's in the slot. If it _does_ replace what's in
+ // the slot, it becomes the default submit if either the default submit is
+ // what's in the slot or the child is earlier than the default submit.
+ nsGenericHTMLFormElement* oldDefaultSubmit = mDefaultSubmitElement;
+ if (!*firstSubmitSlot ||
+ (!lastElement &&
+ CompareFormControlPosition(aChild, *firstSubmitSlot, this) < 0)) {
+ // Update mDefaultSubmitElement if it's currently in a valid state.
+ // Valid state means either non-null or null because there are in fact
+ // no submit elements around.
+ if ((mDefaultSubmitElement ||
+ (!mFirstSubmitInElements && !mFirstSubmitNotInElements)) &&
+ (*firstSubmitSlot == mDefaultSubmitElement ||
+ CompareFormControlPosition(aChild, mDefaultSubmitElement, this) <
+ 0)) {
+ mDefaultSubmitElement = aChild;
+ }
+ *firstSubmitSlot = aChild;
+ }
+
+ MOZ_ASSERT(mDefaultSubmitElement == mFirstSubmitInElements ||
+ mDefaultSubmitElement == mFirstSubmitNotInElements ||
+ !mDefaultSubmitElement,
+ "What happened here?");
+
+ // Notify that the state of the previous default submit element has changed
+ // if the element which is the default submit element has changed. The new
+ // default submit element is responsible for its own state update.
+ if (oldDefaultSubmit && oldDefaultSubmit != mDefaultSubmitElement) {
+ oldDefaultSubmit->UpdateState(aNotify);
+ }
+ }
+
+ // If the element is subject to constraint validaton and is invalid, we need
+ // to update our internal counter.
+ if (aUpdateValidity) {
+ nsCOMPtr<nsIConstraintValidation> cvElmt = do_QueryObject(aChild);
+ if (cvElmt && cvElmt->IsCandidateForConstraintValidation() &&
+ !cvElmt->IsValid()) {
+ UpdateValidity(false);
+ }
+ }
+
+ // Notify the radio button it's been added to a group
+ // This has to be done _after_ UpdateValidity() call to prevent the element
+ // being count twice.
+ if (type == FormControlType::InputRadio) {
+ RefPtr<HTMLInputElement> radio = static_cast<HTMLInputElement*>(aChild);
+ radio->AddedToRadioGroup();
+ }
+
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::AddElementToTable(nsGenericHTMLFormElement* aChild,
+ const nsAString& aName) {
+ return mControls->AddElementToTable(aChild, aName);
+}
+
+nsresult HTMLFormElement::RemoveElement(nsGenericHTMLFormElement* aChild,
+ bool aUpdateValidity) {
+ RemoveElementFromPastNamesMap(aChild);
+
+ //
+ // Remove it from the radio group if it's a radio button
+ //
+ nsresult rv = NS_OK;
+ nsCOMPtr<nsIFormControl> fc = do_QueryInterface(aChild);
+ MOZ_ASSERT(fc);
+ if (fc->ControlType() == FormControlType::InputRadio) {
+ RefPtr<HTMLInputElement> radio = static_cast<HTMLInputElement*>(aChild);
+ radio->WillRemoveFromRadioGroup();
+ }
+
+ // Determine whether to remove the child from the elements list
+ // or the not in elements list.
+ bool childInElements = HTMLFormControlsCollection::ShouldBeInElements(fc);
+ nsTArray<nsGenericHTMLFormElement*>& controls =
+ childInElements ? mControls->mElements : mControls->mNotInElements;
+
+ // Find the index of the child. This will be used later if necessary
+ // to find the default submit.
+ size_t index = controls.IndexOf(aChild);
+ NS_ENSURE_STATE(index != controls.NoIndex);
+
+ controls.RemoveElementAt(index);
+
+ // Update our mFirstSubmit* values.
+ nsGenericHTMLFormElement** firstSubmitSlot =
+ childInElements ? &mFirstSubmitInElements : &mFirstSubmitNotInElements;
+ if (aChild == *firstSubmitSlot) {
+ *firstSubmitSlot = nullptr;
+
+ // We are removing the first submit in this list, find the new first submit
+ uint32_t length = controls.Length();
+ for (uint32_t i = index; i < length; ++i) {
+ nsCOMPtr<nsIFormControl> currentControl = do_QueryInterface(controls[i]);
+ MOZ_ASSERT(currentControl);
+ if (currentControl->IsSubmitControl()) {
+ *firstSubmitSlot = controls[i];
+ break;
+ }
+ }
+ }
+
+ if (aChild == mDefaultSubmitElement) {
+ // Need to reset mDefaultSubmitElement. Do this asynchronously so
+ // that we're not doing it while the DOM is in flux.
+ mDefaultSubmitElement = nullptr;
+ nsContentUtils::AddScriptRunner(new RemoveElementRunnable(this));
+
+ // Note that we don't need to notify on the old default submit (which is
+ // being removed) because it's either being removed from the DOM or
+ // changing attributes in a way that makes it responsible for sending its
+ // own notifications.
+ }
+
+ // If the element was subject to constraint validaton and is invalid, we need
+ // to update our internal counter.
+ if (aUpdateValidity) {
+ nsCOMPtr<nsIConstraintValidation> cvElmt = do_QueryObject(aChild);
+ if (cvElmt && cvElmt->IsCandidateForConstraintValidation() &&
+ !cvElmt->IsValid()) {
+ UpdateValidity(true);
+ }
+ }
+
+ return rv;
+}
+
+void HTMLFormElement::HandleDefaultSubmitRemoval() {
+ if (mDefaultSubmitElement) {
+ // Already got reset somehow; nothing else to do here
+ return;
+ }
+
+ if (!mFirstSubmitNotInElements) {
+ mDefaultSubmitElement = mFirstSubmitInElements;
+ } else if (!mFirstSubmitInElements) {
+ mDefaultSubmitElement = mFirstSubmitNotInElements;
+ } else {
+ NS_ASSERTION(mFirstSubmitInElements != mFirstSubmitNotInElements,
+ "How did that happen?");
+ // Have both; use the earlier one
+ mDefaultSubmitElement =
+ CompareFormControlPosition(mFirstSubmitInElements,
+ mFirstSubmitNotInElements, this) < 0
+ ? mFirstSubmitInElements
+ : mFirstSubmitNotInElements;
+ }
+
+ MOZ_ASSERT(mDefaultSubmitElement == mFirstSubmitInElements ||
+ mDefaultSubmitElement == mFirstSubmitNotInElements,
+ "What happened here?");
+
+ // Notify about change if needed.
+ if (mDefaultSubmitElement) {
+ mDefaultSubmitElement->UpdateState(true);
+ }
+}
+
+nsresult HTMLFormElement::RemoveElementFromTableInternal(
+ nsInterfaceHashtable<nsStringHashKey, nsISupports>& aTable,
+ nsIContent* aChild, const nsAString& aName) {
+ auto entry = aTable.Lookup(aName);
+ if (!entry) {
+ return NS_OK;
+ }
+ // Single element in the hash, just remove it if it's the one
+ // we're trying to remove...
+ if (entry.Data() == aChild) {
+ entry.Remove();
+ ++mExpandoAndGeneration.generation;
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIContent> content(do_QueryInterface(entry.Data()));
+ if (content) {
+ return NS_OK;
+ }
+
+ // If it's not a content node then it must be a RadioNodeList.
+ MOZ_ASSERT(nsCOMPtr<RadioNodeList>(do_QueryInterface(entry.Data())));
+ auto* list = static_cast<RadioNodeList*>(entry->get());
+
+ list->RemoveElement(aChild);
+
+ uint32_t length = list->Length();
+
+ if (!length) {
+ // If the list is empty we remove if from our hash, this shouldn't
+ // happen tho
+ entry.Remove();
+ ++mExpandoAndGeneration.generation;
+ } else if (length == 1) {
+ // Only one element left, replace the list in the hash with the
+ // single element.
+ nsIContent* node = list->Item(0);
+ if (node) {
+ entry.Data() = node;
+ }
+ }
+
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::RemoveElementFromTable(
+ nsGenericHTMLFormElement* aElement, const nsAString& aName) {
+ return mControls->RemoveElementFromTable(aElement, aName);
+}
+
+already_AddRefed<nsISupports> HTMLFormElement::NamedGetter(
+ const nsAString& aName, bool& aFound) {
+ aFound = true;
+
+ nsCOMPtr<nsISupports> result = DoResolveName(aName);
+ if (result) {
+ AddToPastNamesMap(aName, result);
+ return result.forget();
+ }
+
+ result = mImageNameLookupTable.GetWeak(aName);
+ if (result) {
+ AddToPastNamesMap(aName, result);
+ return result.forget();
+ }
+
+ result = mPastNameLookupTable.GetWeak(aName);
+ if (result) {
+ return result.forget();
+ }
+
+ aFound = false;
+ return nullptr;
+}
+
+void HTMLFormElement::GetSupportedNames(nsTArray<nsString>& aRetval) {
+ // TODO https://github.com/whatwg/html/issues/1731
+}
+
+already_AddRefed<nsISupports> HTMLFormElement::FindNamedItem(
+ const nsAString& aName, nsWrapperCache** aCache) {
+ // FIXME Get the wrapper cache from DoResolveName.
+
+ bool found;
+ nsCOMPtr<nsISupports> result = NamedGetter(aName, found);
+ if (result) {
+ *aCache = nullptr;
+ return result.forget();
+ }
+
+ return nullptr;
+}
+
+already_AddRefed<nsISupports> HTMLFormElement::DoResolveName(
+ const nsAString& aName) {
+ nsCOMPtr<nsISupports> result = mControls->NamedItemInternal(aName);
+ return result.forget();
+}
+
+void HTMLFormElement::OnSubmitClickBegin(Element* aOriginatingElement) {
+ mDeferSubmission = true;
+
+ // Prepare to run NotifySubmitObservers early before the
+ // scripts on the page get to modify the form data, possibly
+ // throwing off any password manager. (bug 257781)
+ nsCOMPtr<nsIURI> actionURI;
+ nsresult rv;
+
+ rv = GetActionURL(getter_AddRefs(actionURI), aOriginatingElement);
+ if (NS_FAILED(rv) || !actionURI) return;
+
+ // Notify observers of submit if the form is valid.
+ // TODO: checking for mInvalidElementsCount is a temporary fix that should be
+ // removed with bug 610402.
+ if (mInvalidElementsCount == 0) {
+ bool cancelSubmit = false;
+ rv = NotifySubmitObservers(actionURI, &cancelSubmit, true);
+ if (NS_SUCCEEDED(rv)) {
+ mNotifiedObservers = true;
+ mNotifiedObserversResult = cancelSubmit;
+ }
+ }
+}
+
+void HTMLFormElement::OnSubmitClickEnd() { mDeferSubmission = false; }
+
+void HTMLFormElement::FlushPendingSubmission() {
+ MOZ_ASSERT(!mDeferSubmission);
+
+ if (mPendingSubmission) {
+ // Transfer owning reference so that the submission doesn't get deleted
+ // if we reenter
+ UniquePtr<HTMLFormSubmission> submission = std::move(mPendingSubmission);
+
+ SubmitSubmission(submission.get());
+ }
+}
+
+void HTMLFormElement::GetAction(nsString& aValue) {
+ if (!GetAttr(kNameSpaceID_None, nsGkAtoms::action, aValue) ||
+ aValue.IsEmpty()) {
+ Document* document = OwnerDoc();
+ nsIURI* docURI = document->GetDocumentURI();
+ if (docURI) {
+ nsAutoCString spec;
+ nsresult rv = docURI->GetSpec(spec);
+ if (NS_FAILED(rv)) {
+ return;
+ }
+
+ CopyUTF8toUTF16(spec, aValue);
+ }
+ } else {
+ GetURIAttr(nsGkAtoms::action, nullptr, aValue);
+ }
+}
+
+nsresult HTMLFormElement::GetActionURL(nsIURI** aActionURL,
+ Element* aOriginatingElement) {
+ nsresult rv = NS_OK;
+
+ *aActionURL = nullptr;
+
+ //
+ // Grab the URL string
+ //
+ // If the originating element is a submit control and has the formaction
+ // attribute specified, it should be used. Otherwise, the action attribute
+ // from the form element should be used.
+ //
+ nsAutoString action;
+
+ if (aOriginatingElement &&
+ aOriginatingElement->HasAttr(kNameSpaceID_None, nsGkAtoms::formaction)) {
+#ifdef DEBUG
+ nsCOMPtr<nsIFormControl> formControl =
+ do_QueryInterface(aOriginatingElement);
+ NS_ASSERTION(formControl && formControl->IsSubmitControl(),
+ "The originating element must be a submit form control!");
+#endif // DEBUG
+
+ HTMLInputElement* inputElement =
+ HTMLInputElement::FromNode(aOriginatingElement);
+ if (inputElement) {
+ inputElement->GetFormAction(action);
+ } else {
+ auto buttonElement = HTMLButtonElement::FromNode(aOriginatingElement);
+ if (buttonElement) {
+ buttonElement->GetFormAction(action);
+ } else {
+ NS_ERROR("Originating element must be an input or button element!");
+ return NS_ERROR_UNEXPECTED;
+ }
+ }
+ } else {
+ GetAction(action);
+ }
+
+ //
+ // Form the full action URL
+ //
+
+ // Get the document to form the URL.
+ // We'll also need it later to get the DOM window when notifying form submit
+ // observers (bug 33203)
+ if (!IsInComposedDoc()) {
+ return NS_OK; // No doc means don't submit, see Bug 28988
+ }
+
+ // Get base URL
+ Document* document = OwnerDoc();
+ nsIURI* docURI = document->GetDocumentURI();
+ NS_ENSURE_TRUE(docURI, NS_ERROR_UNEXPECTED);
+
+ // If an action is not specified and we are inside
+ // a HTML document then reload the URL. This makes us
+ // compatible with 4.x browsers.
+ // If we are in some other type of document such as XML or
+ // XUL, do nothing. This prevents undesirable reloading of
+ // a document inside XUL.
+
+ nsCOMPtr<nsIURI> actionURL;
+ if (action.IsEmpty()) {
+ if (!document->IsHTMLOrXHTML()) {
+ // Must be a XML, XUL or other non-HTML document type
+ // so do nothing.
+ return NS_OK;
+ }
+
+ actionURL = docURI;
+ } else {
+ nsIURI* baseURL = GetBaseURI();
+ NS_ASSERTION(baseURL, "No Base URL found in Form Submit!\n");
+ if (!baseURL) {
+ return NS_OK; // No base URL -> exit early, see Bug 30721
+ }
+ rv = NS_NewURI(getter_AddRefs(actionURL), action, nullptr, baseURL);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ //
+ // Verify the URL should be reached
+ //
+ // Get security manager, check to see if access to action URI is allowed.
+ //
+ nsIScriptSecurityManager* securityManager =
+ nsContentUtils::GetSecurityManager();
+ rv = securityManager->CheckLoadURIWithPrincipal(
+ NodePrincipal(), actionURL, nsIScriptSecurityManager::STANDARD,
+ OwnerDoc()->InnerWindowID());
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Potentially the page uses the CSP directive 'upgrade-insecure-requests'. In
+ // such a case we have to upgrade the action url from http:// to https://.
+ // The upgrade is only required if the actionURL is http and not a potentially
+ // trustworthy loopback URI.
+ bool needsUpgrade =
+ actionURL->SchemeIs("http") &&
+ !nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(actionURL) &&
+ document->GetUpgradeInsecureRequests(false);
+ if (needsUpgrade) {
+ // let's use the old specification before the upgrade for logging
+ AutoTArray<nsString, 2> params;
+ nsAutoCString spec;
+ rv = actionURL->GetSpec(spec);
+ NS_ENSURE_SUCCESS(rv, rv);
+ CopyUTF8toUTF16(spec, *params.AppendElement());
+
+ // upgrade the actionURL from http:// to use https://
+ nsCOMPtr<nsIURI> upgradedActionURL;
+ rv = NS_GetSecureUpgradedURI(actionURL, getter_AddRefs(upgradedActionURL));
+ NS_ENSURE_SUCCESS(rv, rv);
+ actionURL = std::move(upgradedActionURL);
+
+ // let's log a message to the console that we are upgrading a request
+ nsAutoCString scheme;
+ rv = actionURL->GetScheme(scheme);
+ NS_ENSURE_SUCCESS(rv, rv);
+ CopyUTF8toUTF16(scheme, *params.AppendElement());
+
+ CSP_LogLocalizedStr(
+ "upgradeInsecureRequest", params,
+ u""_ns, // aSourceFile
+ u""_ns, // aScriptSample
+ 0, // aLineNumber
+ 0, // aColumnNumber
+ nsIScriptError::warningFlag, "upgradeInsecureRequest"_ns,
+ document->InnerWindowID(),
+ !!document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId);
+ }
+
+ //
+ // Assign to the output
+ //
+ actionURL.forget(aActionURL);
+
+ return rv;
+}
+
+nsGenericHTMLFormElement* HTMLFormElement::GetDefaultSubmitElement() const {
+ MOZ_ASSERT(mDefaultSubmitElement == mFirstSubmitInElements ||
+ mDefaultSubmitElement == mFirstSubmitNotInElements,
+ "What happened here?");
+
+ return mDefaultSubmitElement;
+}
+
+bool HTMLFormElement::IsDefaultSubmitElement(
+ const nsGenericHTMLFormElement* aElement) const {
+ MOZ_ASSERT(aElement, "Unexpected call");
+
+ if (aElement == mDefaultSubmitElement) {
+ // Yes, it is
+ return true;
+ }
+
+ if (mDefaultSubmitElement || (aElement != mFirstSubmitInElements &&
+ aElement != mFirstSubmitNotInElements)) {
+ // It isn't
+ return false;
+ }
+
+ // mDefaultSubmitElement is null, but we have a non-null submit around
+ // (aElement, in fact). figure out whether it's in fact the default submit
+ // and just hasn't been set that way yet. Note that we can't just call
+ // HandleDefaultSubmitRemoval because we might need to notify to handle that
+ // correctly and we don't know whether that's safe right here.
+ if (!mFirstSubmitInElements || !mFirstSubmitNotInElements) {
+ // We only have one first submit; aElement has to be it
+ return true;
+ }
+
+ // We have both kinds of submits. Check which comes first.
+ nsGenericHTMLFormElement* defaultSubmit =
+ CompareFormControlPosition(mFirstSubmitInElements,
+ mFirstSubmitNotInElements, this) < 0
+ ? mFirstSubmitInElements
+ : mFirstSubmitNotInElements;
+ return aElement == defaultSubmit;
+}
+
+bool HTMLFormElement::ImplicitSubmissionIsDisabled() const {
+ // Input text controls are always in the elements list.
+ uint32_t numDisablingControlsFound = 0;
+ uint32_t length = mControls->mElements.Length();
+ for (uint32_t i = 0; i < length && numDisablingControlsFound < 2; ++i) {
+ nsCOMPtr<nsIFormControl> fc = do_QueryInterface(mControls->mElements[i]);
+ MOZ_ASSERT(fc);
+ if (fc->IsSingleLineTextControl(false)) {
+ numDisablingControlsFound++;
+ }
+ }
+ return numDisablingControlsFound != 1;
+}
+
+bool HTMLFormElement::IsLastActiveElement(
+ const nsGenericHTMLFormElement* aElement) const {
+ MOZ_ASSERT(aElement, "Unexpected call");
+
+ for (auto* element : Reversed(mControls->mElements)) {
+ nsCOMPtr<nsIFormControl> fc = do_QueryInterface(element);
+ MOZ_ASSERT(fc);
+ // XXX How about date/time control?
+ if (fc->IsTextControl(false) && !element->IsDisabled()) {
+ return element == aElement;
+ }
+ }
+ return false;
+}
+
+int32_t HTMLFormElement::Length() { return mControls->Length(); }
+
+void HTMLFormElement::ForgetCurrentSubmission() {
+ mNotifiedObservers = false;
+ mTargetContext = nullptr;
+ mCurrentLoadId = Nothing();
+}
+
+bool HTMLFormElement::CheckFormValidity(
+ nsTArray<RefPtr<Element>>* aInvalidElements) const {
+ bool ret = true;
+
+ // This shouldn't be called recursively, so use a rather large value
+ // for the preallocated buffer.
+ AutoTArray<RefPtr<nsGenericHTMLFormElement>, 100> sortedControls;
+ if (NS_FAILED(mControls->GetSortedControls(sortedControls))) {
+ return false;
+ }
+
+ uint32_t len = sortedControls.Length();
+
+ for (uint32_t i = 0; i < len; ++i) {
+ nsCOMPtr<nsIConstraintValidation> cvElmt =
+ do_QueryObject(sortedControls[i]);
+ bool defaultAction = true;
+ if (cvElmt && !cvElmt->CheckValidity(*sortedControls[i], &defaultAction)) {
+ ret = false;
+
+ // Add all unhandled invalid controls to aInvalidElements if the caller
+ // requested them.
+ if (defaultAction && aInvalidElements) {
+ aInvalidElements->AppendElement(sortedControls[i]);
+ }
+ }
+ }
+
+ return ret;
+}
+
+bool HTMLFormElement::CheckValidFormSubmission() {
+ /**
+ * Check for form validity: do not submit a form if there are unhandled
+ * invalid controls in the form.
+ * This should not be done if the form has been submitted with .submit().
+ *
+ * NOTE: for the moment, we are also checking that whether the MozInvalidForm
+ * event gets prevented default so it will prevent blocking form submission if
+ * the browser does not have implemented a UI yet.
+ *
+ * TODO: the check for MozInvalidForm event should be removed later when HTML5
+ * Forms will be spread enough and authors will assume forms can't be
+ * submitted when invalid. See bug 587671.
+ */
+
+ NS_ASSERTION(!HasAttr(kNameSpaceID_None, nsGkAtoms::novalidate),
+ "We shouldn't be there if novalidate is set!");
+
+ AutoTArray<RefPtr<Element>, 32> invalidElements;
+ if (CheckFormValidity(&invalidElements)) {
+ return true;
+ }
+
+ // For the first invalid submission, we should update element states.
+ // We have to do that _before_ calling the observers so we are sure they
+ // will not interfere (like focusing the element).
+ if (!mEverTriedInvalidSubmit) {
+ mEverTriedInvalidSubmit = true;
+
+ /*
+ * We are going to call update states assuming elements want to
+ * be notified because we can't know.
+ * Submissions shouldn't happen during parsing so it _should_ be safe.
+ */
+
+ nsAutoScriptBlocker scriptBlocker;
+
+ for (uint32_t i = 0, length = mControls->mElements.Length(); i < length;
+ ++i) {
+ // Input elements can trigger a form submission and we want to
+ // update the style in that case.
+ if (mControls->mElements[i]->IsHTMLElement(nsGkAtoms::input) &&
+ // We don't use nsContentUtils::IsFocusedContent here, because it
+ // doesn't really do what we want for number controls: it's true
+ // for the anonymous textnode inside, but not the number control
+ // itself. We can use the focus state, though, because that gets
+ // synced to the number control by the anonymous text control.
+ mControls->mElements[i]->State().HasState(ElementState::FOCUS)) {
+ static_cast<HTMLInputElement*>(mControls->mElements[i])
+ ->UpdateValidityUIBits(true);
+ }
+
+ mControls->mElements[i]->UpdateState(true);
+ }
+
+ // Because of backward compatibility, <input type='image'> is not in
+ // elements but can be invalid.
+ // TODO: should probably be removed when bug 606491 will be fixed.
+ for (uint32_t i = 0, length = mControls->mNotInElements.Length();
+ i < length; ++i) {
+ mControls->mNotInElements[i]->UpdateState(true);
+ }
+ }
+
+ AutoJSAPI jsapi;
+ if (!jsapi.Init(GetOwnerGlobal())) {
+ return false;
+ }
+ JS::Rooted<JS::Value> detail(jsapi.cx());
+ if (!ToJSValue(jsapi.cx(), invalidElements, &detail)) {
+ return false;
+ }
+
+ RefPtr<CustomEvent> event =
+ NS_NewDOMCustomEvent(OwnerDoc(), nullptr, nullptr);
+ event->InitCustomEvent(jsapi.cx(), u"MozInvalidForm"_ns,
+ /* CanBubble */ true,
+ /* Cancelable */ true, detail);
+ event->SetTrusted(true);
+ event->WidgetEventPtr()->mFlags.mOnlyChromeDispatch = true;
+
+ DispatchEvent(*event);
+
+ return !event->DefaultPrevented();
+}
+
+void HTMLFormElement::UpdateValidity(bool aElementValidity) {
+ if (aElementValidity) {
+ --mInvalidElementsCount;
+ } else {
+ ++mInvalidElementsCount;
+ }
+
+ NS_ASSERTION(mInvalidElementsCount >= 0, "Something went seriously wrong!");
+
+ // The form validity has just changed if:
+ // - there are no more invalid elements ;
+ // - or there is one invalid elmement and an element just became invalid.
+ // If we have invalid elements and we used to before as well, do nothing.
+ if (mInvalidElementsCount &&
+ (mInvalidElementsCount != 1 || aElementValidity)) {
+ return;
+ }
+
+ UpdateState(true);
+}
+
+int32_t HTMLFormElement::IndexOfContent(nsIContent* aContent) {
+ int32_t index = 0;
+ return mControls->IndexOfContent(aContent, &index) == NS_OK ? index : 0;
+}
+
+void HTMLFormElement::SetCurrentRadioButton(const nsAString& aName,
+ HTMLInputElement* aRadio) {
+ RadioGroupManager::SetCurrentRadioButton(aName, aRadio);
+}
+
+HTMLInputElement* HTMLFormElement::GetCurrentRadioButton(
+ const nsAString& aName) {
+ return RadioGroupManager::GetCurrentRadioButton(aName);
+}
+
+NS_IMETHODIMP
+HTMLFormElement::GetNextRadioButton(const nsAString& aName,
+ const bool aPrevious,
+ HTMLInputElement* aFocusedRadio,
+ HTMLInputElement** aRadioOut) {
+ return RadioGroupManager::GetNextRadioButton(aName, aPrevious, aFocusedRadio,
+ aRadioOut);
+}
+
+NS_IMETHODIMP
+HTMLFormElement::WalkRadioGroup(const nsAString& aName,
+ nsIRadioVisitor* aVisitor) {
+ return RadioGroupManager::WalkRadioGroup(aName, aVisitor);
+}
+
+void HTMLFormElement::AddToRadioGroup(const nsAString& aName,
+ HTMLInputElement* aRadio) {
+ RadioGroupManager::AddToRadioGroup(aName, aRadio);
+}
+
+void HTMLFormElement::RemoveFromRadioGroup(const nsAString& aName,
+ HTMLInputElement* aRadio) {
+ RadioGroupManager::RemoveFromRadioGroup(aName, aRadio);
+}
+
+uint32_t HTMLFormElement::GetRequiredRadioCount(const nsAString& aName) const {
+ return RadioGroupManager::GetRequiredRadioCount(aName);
+}
+
+void HTMLFormElement::RadioRequiredWillChange(const nsAString& aName,
+ bool aRequiredAdded) {
+ RadioGroupManager::RadioRequiredWillChange(aName, aRequiredAdded);
+}
+
+bool HTMLFormElement::GetValueMissingState(const nsAString& aName) const {
+ return RadioGroupManager::GetValueMissingState(aName);
+}
+
+void HTMLFormElement::SetValueMissingState(const nsAString& aName,
+ bool aValue) {
+ RadioGroupManager::SetValueMissingState(aName, aValue);
+}
+
+ElementState HTMLFormElement::IntrinsicState() const {
+ ElementState state = nsGenericHTMLElement::IntrinsicState();
+
+ if (mInvalidElementsCount) {
+ state |= ElementState::INVALID;
+ } else {
+ state |= ElementState::VALID;
+ }
+
+ return state;
+}
+
+void HTMLFormElement::Clear() {
+ for (int32_t i = mImageElements.Length() - 1; i >= 0; i--) {
+ mImageElements[i]->ClearForm(false);
+ }
+ mImageElements.Clear();
+ mImageNameLookupTable.Clear();
+ mPastNameLookupTable.Clear();
+}
+
+namespace {
+
+struct PositionComparator {
+ nsIContent* const mElement;
+ explicit PositionComparator(nsIContent* const aElement)
+ : mElement(aElement) {}
+
+ int operator()(nsIContent* aElement) const {
+ if (mElement == aElement) {
+ return 0;
+ }
+ if (nsContentUtils::PositionIsBefore(mElement, aElement)) {
+ return -1;
+ }
+ return 1;
+ }
+};
+
+struct RadioNodeListAdaptor {
+ RadioNodeList* const mList;
+ explicit RadioNodeListAdaptor(RadioNodeList* aList) : mList(aList) {}
+ nsIContent* operator[](size_t aIdx) const { return mList->Item(aIdx); }
+};
+
+} // namespace
+
+nsresult HTMLFormElement::AddElementToTableInternal(
+ nsInterfaceHashtable<nsStringHashKey, nsISupports>& aTable,
+ nsIContent* aChild, const nsAString& aName) {
+ return aTable.WithEntryHandle(aName, [&](auto&& entry) {
+ if (!entry) {
+ // No entry found, add the element
+ entry.Insert(aChild);
+ ++mExpandoAndGeneration.generation;
+ } else {
+ // Found something in the hash, check its type
+ nsCOMPtr<nsIContent> content = do_QueryInterface(entry.Data());
+
+ if (content) {
+ // Check if the new content is the same as the one we found in the
+ // hash, if it is then we leave it in the hash as it is, this will
+ // happen if a form control has both a name and an id with the same
+ // value
+ if (content == aChild) {
+ return NS_OK;
+ }
+
+ // Found an element, create a list, add the element to the list and put
+ // the list in the hash
+ RadioNodeList* list = new RadioNodeList(this);
+
+ // If an element has a @form, we can assume it *might* be able to not
+ // have a parent and still be in the form.
+ NS_ASSERTION(
+ (content->IsElement() && content->AsElement()->HasAttr(
+ kNameSpaceID_None, nsGkAtoms::form)) ||
+ content->GetParent(),
+ "Item in list without parent");
+
+ // Determine the ordering between the new and old element.
+ bool newFirst = nsContentUtils::PositionIsBefore(aChild, content);
+
+ list->AppendElement(newFirst ? aChild : content.get());
+ list->AppendElement(newFirst ? content.get() : aChild);
+
+ nsCOMPtr<nsISupports> listSupports = do_QueryObject(list);
+
+ // Replace the element with the list.
+ entry.Data() = listSupports;
+ } else {
+ // There's already a list in the hash, add the child to the list.
+ MOZ_ASSERT(nsCOMPtr<RadioNodeList>(do_QueryInterface(entry.Data())));
+ auto* list = static_cast<RadioNodeList*>(entry->get());
+
+ NS_ASSERTION(
+ list->Length() > 1,
+ "List should have been converted back to a single element");
+
+ // Fast-path appends; this check is ok even if the child is
+ // already in the list, since if it tests true the child would
+ // have come at the end of the list, and the PositionIsBefore
+ // will test false.
+ if (nsContentUtils::PositionIsBefore(list->Item(list->Length() - 1),
+ aChild)) {
+ list->AppendElement(aChild);
+ return NS_OK;
+ }
+
+ // If a control has a name equal to its id, it could be in the
+ // list already.
+ if (list->IndexOf(aChild) != -1) {
+ return NS_OK;
+ }
+
+ size_t idx;
+ DebugOnly<bool> found =
+ BinarySearchIf(RadioNodeListAdaptor(list), 0, list->Length(),
+ PositionComparator(aChild), &idx);
+ MOZ_ASSERT(!found, "should not have found an element");
+
+ list->InsertElementAt(aChild, idx);
+ }
+ }
+
+ return NS_OK;
+ });
+}
+
+nsresult HTMLFormElement::AddImageElement(HTMLImageElement* aChild) {
+ AddElementToList(mImageElements, aChild, this);
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::AddImageElementToTable(HTMLImageElement* aChild,
+ const nsAString& aName) {
+ return AddElementToTableInternal(mImageNameLookupTable, aChild, aName);
+}
+
+nsresult HTMLFormElement::RemoveImageElement(HTMLImageElement* aChild) {
+ RemoveElementFromPastNamesMap(aChild);
+
+ size_t index = mImageElements.IndexOf(aChild);
+ NS_ENSURE_STATE(index != mImageElements.NoIndex);
+
+ mImageElements.RemoveElementAt(index);
+ return NS_OK;
+}
+
+nsresult HTMLFormElement::RemoveImageElementFromTable(
+ HTMLImageElement* aElement, const nsAString& aName) {
+ return RemoveElementFromTableInternal(mImageNameLookupTable, aElement, aName);
+}
+
+void HTMLFormElement::AddToPastNamesMap(const nsAString& aName,
+ nsISupports* aChild) {
+ // If candidates contains exactly one node. Add a mapping from name to the
+ // node in candidates in the form element's past names map, replacing the
+ // previous entry with the same name, if any.
+ nsCOMPtr<nsIContent> node = do_QueryInterface(aChild);
+ if (node) {
+ mPastNameLookupTable.InsertOrUpdate(aName, ToSupports(node));
+ node->SetFlags(MAY_BE_IN_PAST_NAMES_MAP);
+ }
+}
+
+void HTMLFormElement::RemoveElementFromPastNamesMap(Element* aElement) {
+ if (!aElement->HasFlag(MAY_BE_IN_PAST_NAMES_MAP)) {
+ return;
+ }
+
+ aElement->UnsetFlags(MAY_BE_IN_PAST_NAMES_MAP);
+
+ uint32_t oldCount = mPastNameLookupTable.Count();
+ for (auto iter = mPastNameLookupTable.Iter(); !iter.Done(); iter.Next()) {
+ if (aElement == iter.Data()) {
+ iter.Remove();
+ }
+ }
+ if (oldCount != mPastNameLookupTable.Count()) {
+ ++mExpandoAndGeneration.generation;
+ }
+}
+
+JSObject* HTMLFormElement::WrapNode(JSContext* aCx,
+ JS::Handle<JSObject*> aGivenProto) {
+ return HTMLFormElement_Binding::Wrap(aCx, this, aGivenProto);
+}
+
+int32_t HTMLFormElement::GetFormNumberForStateKey() {
+ if (mFormNumber == -1) {
+ mFormNumber = OwnerDoc()->GetNextFormNumber();
+ }
+ return mFormNumber;
+}
+
+void HTMLFormElement::NodeInfoChanged(Document* aOldDoc) {
+ nsGenericHTMLElement::NodeInfoChanged(aOldDoc);
+
+ // When a <form> element is adopted into a new document, we want any state
+ // keys generated from it to no longer consider this element to be parser
+ // inserted, and so have state keys based on the position of the <form>
+ // element in the document, rather than the order it was inserted in.
+ //
+ // This is not strictly necessary, since we only ever look at the form number
+ // for parser inserted form controls, and we do that at the time the form
+ // control element is inserted into its original document by the parser.
+ mFormNumber = -1;
+}
+
+bool HTMLFormElement::IsSubmitting() const {
+ bool loading = mTargetContext && !mTargetContext->IsDiscarded() &&
+ mCurrentLoadId &&
+ mTargetContext->IsLoadingIdentifier(*mCurrentLoadId);
+ return loading;
+}
+
+void HTMLFormElement::MaybeFireFormRemoved() {
+ // We want this event to be fired only when the form is removed from the DOM
+ // tree, not when it is released (ex, tab is closed). So don't fire an event
+ // when the form doesn't have a docshell.
+ Document* doc = GetComposedDoc();
+ nsIDocShell* container = doc ? doc->GetDocShell() : nullptr;
+ if (!container) {
+ return;
+ }
+
+ // Right now, only the password manager listens to the event and only listen
+ // to it under certain circumstances. So don't fire this event unless
+ // necessary.
+ if (!doc->ShouldNotifyFormOrPasswordRemoved()) {
+ return;
+ }
+
+ RefPtr<AsyncEventDispatcher> asyncDispatcher = new AsyncEventDispatcher(
+ this, u"DOMFormRemoved"_ns, CanBubble::eNo, ChromeOnlyDispatch::eYes);
+ asyncDispatcher->RunDOMEventWhenSafe();
+}
+
+} // namespace mozilla::dom