Bug 769254 - Part 2: Modify nsPIWindowWatcher::OpenWindowJS (renamed to OpenWindow2) so we can pass in the URL for target=_blank links without navigating the opened window to that URL. r=bz
authorJustin Lebar <justin.lebar@gmail.com>
Fri, 10 Aug 2012 11:42:28 -0400
changeset 102092 22d637d39566f1da3fb83543aa6ea3a7152eed60
parent 102091 b3b06948b953d58f53ccd1f05dba37849e1d678c
child 102093 dcb9d2f694eb427249af0f8f5b55a3e274b9c251
push id13309
push userjlebar@mozilla.com
push dateFri, 10 Aug 2012 15:44:19 +0000
treeherdermozilla-inbound@dcb9d2f694eb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs769254
milestone17.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 769254 - Part 2: Modify nsPIWindowWatcher::OpenWindowJS (renamed to OpenWindow2) so we can pass in the URL for target=_blank links without navigating the opened window to that URL. r=bz
docshell/base/nsDocShell.cpp
dom/base/nsGlobalWindow.cpp
dom/base/nsGlobalWindow.h
dom/base/nsPIDOMWindow.h
embedding/base/nsIWindowProvider.idl
embedding/components/windowwatcher/public/nsPIWindowWatcher.idl
embedding/components/windowwatcher/src/nsWindowWatcher.cpp
embedding/components/windowwatcher/src/nsWindowWatcher.h
layout/reftests/svg/pattern-scale-01a.svg
toolkit/components/prompts/src/nsPrompter.js
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -8338,26 +8338,29 @@ nsDocShell::InternalLoad(nsIURI * aURI,
         nsCOMPtr<nsIDocShellTreeItem> targetItem;
         FindItemWithName(aWindowTarget, nullptr, this,
                          getter_AddRefs(targetItem));
 
         nsCOMPtr<nsIDocShell> targetDocShell = do_QueryInterface(targetItem);
         
         bool isNewWindow = false;
         if (!targetDocShell) {
-            nsCOMPtr<nsIDOMWindow> win =
+            nsCOMPtr<nsPIDOMWindow> win =
                 do_GetInterface(GetAsSupports(this));
             NS_ENSURE_TRUE(win, NS_ERROR_NOT_AVAILABLE);
 
             nsDependentString name(aWindowTarget);
             nsCOMPtr<nsIDOMWindow> newWin;
-            rv = win->Open(EmptyString(), // URL to load
-                           name,          // window name
-                           EmptyString(), // Features
-                           getter_AddRefs(newWin));
+            nsCAutoString spec;
+            if (aURI)
+                aURI->GetSpec(spec);
+            rv = win->OpenNoNavigate(NS_ConvertUTF8toUTF16(spec),
+                                     name,          // window name
+                                     EmptyString(), // Features
+                                     getter_AddRefs(newWin));
 
             // In some cases the Open call doesn't actually result in a new
             // window being opened.  We can detect these cases by examining the
             // document in |newWin|, if any.
             nsCOMPtr<nsPIDOMWindow> piNewWin = do_QueryInterface(newWin);
             if (piNewWin) {
                 nsCOMPtr<nsIDocument> newDoc =
                     do_QueryInterface(piNewWin->GetExtantDocument());
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -5888,32 +5888,34 @@ NS_IMETHODIMP
 nsGlobalWindow::Open(const nsAString& aUrl, const nsAString& aName,
                      const nsAString& aOptions, nsIDOMWindow **_retval)
 {
   return OpenInternal(aUrl, aName, aOptions,
                       false,          // aDialog
                       false,          // aContentModal
                       true,           // aCalledNoScript
                       false,          // aDoJSFixups
-                      nullptr, nullptr,    // No args
+                      true,           // aNavigate
+                      nullptr, nullptr,  // No args
                       GetPrincipal(),    // aCalleePrincipal
-                      nullptr,            // aJSCallerContext
+                      nullptr,           // aJSCallerContext
                       _retval);
 }
 
 NS_IMETHODIMP
 nsGlobalWindow::OpenJS(const nsAString& aUrl, const nsAString& aName,
                        const nsAString& aOptions, nsIDOMWindow **_retval)
 {
   return OpenInternal(aUrl, aName, aOptions,
                       false,          // aDialog
                       false,          // aContentModal
                       false,          // aCalledNoScript
                       true,           // aDoJSFixups
-                      nullptr, nullptr,    // No args
+                      true,           // aNavigate
+                      nullptr, nullptr,  // No args
                       GetPrincipal(),    // aCalleePrincipal
                       nsContentUtils::GetCurrentJSContext(), // aJSCallerContext
                       _retval);
 }
 
 // like Open, but attaches to the new window any extra parameters past
 // [features] as a JS property named "arguments"
 NS_IMETHODIMP
@@ -5921,22 +5923,43 @@ nsGlobalWindow::OpenDialog(const nsAStri
                            const nsAString& aOptions,
                            nsISupports* aExtraArgument, nsIDOMWindow** _retval)
 {
   return OpenInternal(aUrl, aName, aOptions,
                       true,                    // aDialog
                       false,                   // aContentModal
                       true,                    // aCalledNoScript
                       false,                   // aDoJSFixups
-                      nullptr, aExtraArgument,     // Arguments
+                      true,                    // aNavigate
+                      nullptr, aExtraArgument,    // Arguments
                       GetPrincipal(),             // aCalleePrincipal
-                      nullptr,                     // aJSCallerContext
+                      nullptr,                    // aJSCallerContext
                       _retval);
 }
 
+// Like Open, but passes aNavigate=false.
+/* virtual */ nsresult
+nsGlobalWindow::OpenNoNavigate(const nsAString& aUrl,
+                               const nsAString& aName,
+                               const nsAString& aOptions,
+                               nsIDOMWindow **_retval)
+{
+  return OpenInternal(aUrl, aName, aOptions,
+                      false,          // aDialog
+                      false,          // aContentModal
+                      true,           // aCalledNoScript
+                      false,          // aDoJSFixups
+                      false,          // aNavigate
+                      nullptr, nullptr,  // No args
+                      GetPrincipal(),    // aCalleePrincipal
+                      nsnull,            // aJSCallerContext
+                      _retval);
+
+}
+
 NS_IMETHODIMP
 nsGlobalWindow::OpenDialog(const nsAString& aUrl, const nsAString& aName,
                            const nsAString& aOptions, nsIDOMWindow** _retval)
 {
   if (!nsContentUtils::IsCallerTrustedForWrite()) {
     return NS_ERROR_DOM_SECURITY_ERR;
   }
 
@@ -5967,17 +5990,18 @@ nsGlobalWindow::OpenDialog(const nsAStri
                        getter_AddRefs(argvArray));
   NS_ENSURE_SUCCESS(rv, rv);
 
   return OpenInternal(aUrl, aName, aOptions,
                       true,             // aDialog
                       false,            // aContentModal
                       false,            // aCalledNoScript
                       false,            // aDoJSFixups
-                      argvArray, nullptr,   // Arguments
+                      true,                // aNavigate
+                      argvArray, nullptr,  // Arguments
                       GetPrincipal(),      // aCalleePrincipal
                       cx,                  // aJSCallerContext
                       _retval);
 }
 
 NS_IMETHODIMP
 nsGlobalWindow::GetFrames(nsIDOMWindow** aFrames)
 {
@@ -7210,17 +7234,18 @@ nsGlobalWindow::ShowModalDialog(const ns
   nsCOMPtr<nsIDOMWindow> callerWin = EnterModalState();
   PRUint32 oldMicroTaskLevel = nsContentUtils::MicroTaskLevel();
   nsContentUtils::SetMicroTaskLevel(0);
   nsresult rv = OpenInternal(aURI, EmptyString(), options,
                              false,          // aDialog
                              true,           // aContentModal
                              true,           // aCalledNoScript
                              true,           // aDoJSFixups
-                             nullptr, aArgs,     // args
+                             true,           // aNavigate
+                             nullptr, aArgs, // args
                              GetPrincipal(),    // aCalleePrincipal
                              nullptr,            // aJSCallerContext
                              getter_AddRefs(dlgWin));
   nsContentUtils::SetMicroTaskLevel(oldMicroTaskLevel);
   LeaveModalState(callerWin);
 
   NS_ENSURE_SUCCESS(rv, rv);
   
@@ -9130,40 +9155,44 @@ nsGlobalWindow::CloseBlockScriptTerminat
                                     (static_cast<nsPIDOMWindow*>(aRef));
   pwin->mBlockScriptedClosingFlag = false;
 }
 
 nsresult
 nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName,
                              const nsAString& aOptions, bool aDialog,
                              bool aContentModal, bool aCalledNoScript,
-                             bool aDoJSFixups, nsIArray *argv,
+                             bool aDoJSFixups, bool aNavigate,
+                             nsIArray *argv,
                              nsISupports *aExtraArgument,
                              nsIPrincipal *aCalleePrincipal,
                              JSContext *aJSCallerContext,
                              nsIDOMWindow **aReturn)
 {
   FORWARD_TO_OUTER(OpenInternal, (aUrl, aName, aOptions, aDialog,
                                   aContentModal, aCalledNoScript, aDoJSFixups,
-                                  argv, aExtraArgument, aCalleePrincipal,
-                                  aJSCallerContext, aReturn),
+                                  aNavigate, argv, aExtraArgument,
+                                  aCalleePrincipal, aJSCallerContext, aReturn),
                    NS_ERROR_NOT_INITIALIZED);
 
 #ifdef DEBUG
   PRUint32 argc = 0;
   if (argv)
       argv->GetLength(&argc);
 #endif
   NS_PRECONDITION(!aExtraArgument || (!argv && argc == 0),
                   "Can't pass in arguments both ways");
   NS_PRECONDITION(!aCalledNoScript || (!argv && argc == 0),
                   "Can't pass JS args when called via the noscript methods");
   NS_PRECONDITION(!aJSCallerContext || !aCalledNoScript,
                   "Shouldn't have caller context when called noscript");
 
+  // Calls to window.open from script should navigate.
+  MOZ_ASSERT(aCalledNoScript || aNavigate);
+
   *aReturn = nullptr;
 
   nsCOMPtr<nsIWebBrowserChrome> chrome;
   GetWebBrowserChrome(getter_AddRefs(chrome));
   if (!chrome) {
     // No chrome means we don't want to go through with this open call
     // -- see nsIWindowWatcher.idl
     return NS_ERROR_NOT_AVAILABLE;
@@ -9181,20 +9210,23 @@ nsGlobalWindow::OpenInternal(const nsASt
   nsresult rv = NS_OK;
 
   // It's important to do this security check before determining whether this
   // window opening should be blocked, to ensure that we don't FireAbuseEvents
   // for a window opening that wouldn't have succeeded in the first place.
   if (!aUrl.IsEmpty()) {
     AppendUTF16toUTF8(aUrl, url);
 
-    /* Check whether the URI is allowed, but not for dialogs --
-       see bug 56851. The security of this function depends on
-       window.openDialog being inaccessible from web scripts */
-    if (url.get() && !aDialog)
+    // It's safe to skip the security check below if we're not a dialog
+    // because window.openDialog is not callable from content script.  See bug
+    // 56851.
+    //
+    // If we're not navigating, we assume that whoever *does* navigate the
+    // window will do a security check of their own.
+    if (url.get() && !aDialog && aNavigate)
       rv = SecurityCheckURL(url.get());
   }
 
   if (NS_FAILED(rv))
     return rv;
 
   PopupControlState abuseLevel = gPopupControlState;
   if (checkForPopup) {
@@ -9225,50 +9257,52 @@ nsGlobalWindow::OpenInternal(const nsASt
   NS_ENSURE_TRUE(wwatch, rv);
 
   NS_ConvertUTF16toUTF8 options(aOptions);
   NS_ConvertUTF16toUTF8 name(aName);
 
   const char *options_ptr = aOptions.IsEmpty() ? nullptr : options.get();
   const char *name_ptr = aName.IsEmpty() ? nullptr : name.get();
 
+  nsCOMPtr<nsPIWindowWatcher> pwwatch(do_QueryInterface(wwatch));
+  NS_ENSURE_STATE(pwwatch);
+
   {
     // Reset popup state while opening a window to prevent the
     // current state from being active the whole time a modal
     // dialog is open.
     nsAutoPopupStatePusher popupStatePusher(openAbused, true);
 
     if (!aCalledNoScript) {
-      nsCOMPtr<nsPIWindowWatcher> pwwatch(do_QueryInterface(wwatch));
-      NS_ASSERTION(pwwatch,
-                   "Unable to open windows from JS because window watcher "
-                   "is broken");
-      NS_ENSURE_TRUE(pwwatch, NS_ERROR_UNEXPECTED);
-        
-      rv = pwwatch->OpenWindowJS(this, url.get(), name_ptr, options_ptr,
-                                 aDialog, argv,
-                                 getter_AddRefs(domReturn));
+      // We asserted at the top of this function that aNavigate is true for
+      // !aCalledNoScript.
+      rv = pwwatch->OpenWindow2(this, url.get(), name_ptr, options_ptr,
+                                /* aCalledFromScript = */ true,
+                                aDialog, aNavigate, argv,
+                                getter_AddRefs(domReturn));
     } else {
       // Push a null JSContext here so that the window watcher won't screw us
       // up.  We do NOT want this case looking at the JS context on the stack
       // when searching.  Compare comments on
       // nsIDOMWindow::OpenWindow and nsIWindowWatcher::OpenWindow.
       nsCOMPtr<nsIJSContextStack> stack;
 
       if (!aContentModal) {
         stack = do_GetService(sJSStackContractID);
       }
 
       if (stack) {
         rv = stack->Push(nullptr);
         NS_ENSURE_SUCCESS(rv, rv);
       }
-        
-      rv = wwatch->OpenWindow(this, url.get(), name_ptr, options_ptr,
-                              aExtraArgument, getter_AddRefs(domReturn));
+
+      rv = pwwatch->OpenWindow2(this, url.get(), name_ptr, options_ptr,
+                                /* aCalledFromScript = */ false,
+                                aDialog, aNavigate, aExtraArgument,
+                                getter_AddRefs(domReturn));
 
       if (stack) {
         JSContext* cx;
         stack->Pop(&cx);
         NS_ASSERTION(!cx, "Unexpected JSContext popped!");
       }
     }
   }
--- a/dom/base/nsGlobalWindow.h
+++ b/dom/base/nsGlobalWindow.h
@@ -675,55 +675,75 @@ protected:
 
       return;
     }
 
     GetOuterWindowInternal()->mIsPopupSpam = aPopup;
   }
 
   // Window Control Functions
+
+  virtual nsresult
+  OpenNoNavigate(const nsAString& aUrl,
+                 const nsAString& aName,
+                 const nsAString& aOptions,
+                 nsIDOMWindow **_retval);
+
   /**
-   * @param aURL the URL to load in the new window
+   * @param aUrl the URL we intend to load into the window.  If aNavigate is
+   *        true, we'll actually load this URL into the window. Otherwise,
+   *        aUrl is advisory; OpenInternal will not load the URL into the
+   *        new window.
+   *
    * @param aName the name to use for the new window
+   *
    * @param aOptions the window options to use for the new window
+   *
    * @param aDialog true when called from variants of OpenDialog.  If this is
-   *                true, this method will skip popup blocking checks.  The
-   *                aDialog argument is passed on to the window watcher.
+   *        true, this method will skip popup blocking checks.  The aDialog
+   *        argument is passed on to the window watcher.
+   *
    * @param aCalledNoScript true when called via the [noscript] open()
-   *                        and openDialog() methods.  When this is true, we do
-   *                        NOT want to use the JS stack for things like caller
-   *                        determination.
+   *        and openDialog() methods.  When this is true, we do NOT want to use
+   *        the JS stack for things like caller determination.
+   *
    * @param aDoJSFixups true when this is the content-accessible JS version of
-   *                    window opening.  When true, popups do not cause us to
-   *                    throw, we save the caller's principal in the new window
-   *                    for later consumption, and we make sure that there is a
-   *                    document in the newly-opened window.  Note that this
-   *                    last will only be done if the newly-opened window is
-   *                    non-chrome.
+   *        window opening.  When true, popups do not cause us to throw, we save
+   *        the caller's principal in the new window for later consumption, and
+   *        we make sure that there is a document in the newly-opened window.
+   *        Note that this last will only be done if the newly-opened window is
+   *        non-chrome.
+   *
+   * @param aNavigate true if we should navigate to the provided URL, false
+   *        otherwise.  When aNavigate is false, we also skip our can-load
+   *        security check, on the assumption that whoever *actually* loads this
+   *        page will do their own security check.
+   *
    * @param argv The arguments to pass to the new window.  The first
-   *             three args, if present, will be aURL, aName, and aOptions.  So
-   *             this param only matters if there are more than 3 arguments.
+   *        three args, if present, will be aUrl, aName, and aOptions.  So this
+   *        param only matters if there are more than 3 arguments.
+   *
    * @param argc The number of arguments in argv.
+   *
    * @param aExtraArgument Another way to pass arguments in.  This is mutually
-   *                       exclusive with the argv/argc approach.
-   * @param aJSCallerContext The calling script's context. This must be nullptr
-   *                         when aCalledNoScript is true.
+   *        exclusive with the argv/argc approach.
+   *
+   * @param aJSCallerContext The calling script's context. This must be null
+   *        when aCalledNoScript is true.
+   *
    * @param aReturn [out] The window that was opened, if any.
-   *
-   * @note that the boolean args are const because the function shouldn't be
-   * messing with them.  That also makes it easier for the compiler to sort out
-   * its build warning stuff.
    */
   NS_HIDDEN_(nsresult) OpenInternal(const nsAString& aUrl,
                                     const nsAString& aName,
                                     const nsAString& aOptions,
                                     bool aDialog,
                                     bool aContentModal,
                                     bool aCalledNoScript,
                                     bool aDoJSFixups,
+                                    bool aNavigate,
                                     nsIArray *argv,
                                     nsISupports *aExtraArgument,
                                     nsIPrincipal *aCalleePrincipal,
                                     JSContext *aJSCallerContext,
                                     nsIDOMWindow **aReturn);
 
   static void CloseWindow(nsISupports* aWindow);
 
--- a/dom/base/nsPIDOMWindow.h
+++ b/dom/base/nsPIDOMWindow.h
@@ -43,18 +43,18 @@ class nsIDocument;
 class nsIScriptTimeoutHandler;
 struct nsTimeout;
 template <class> class nsScriptObjectHolder;
 class nsXBLPrototypeHandler;
 class nsIArray;
 class nsPIWindowRoot;
 
 #define NS_PIDOMWINDOW_IID \
-{ 0x0c4d0b84, 0xb524, 0x4572, \
-  { 0x8e, 0xd1, 0x7f, 0x78, 0x14, 0x7c, 0x4d, 0xf1 } }
+{0x66660102, 0xd875, 0x47e2, \
+  {0xa1, 0xf7, 0x12, 0xbc, 0x83, 0xc9, 0x93, 0xa9}}
 
 class nsPIDOMWindow : public nsIDOMWindowInternal
 {
 public:
   NS_DECLARE_STATIC_IID_ACCESSOR(NS_PIDOMWINDOW_IID)
 
   virtual nsPIDOMWindow* GetPrivateRoot() = 0;
 
@@ -617,16 +617,23 @@ public:
   virtual bool IsPartOfApp() = 0;
 
   /**
    * Returns true if this window is part of a web app and has the same origin
    * (principal) as the app.
    */
   virtual bool IsInAppOrigin() = 0;
 
+  /**
+   * Like nsIDOMWindow::Open, except that we don't navigate to the given URL.
+   */
+  virtual nsresult
+  OpenNoNavigate(const nsAString& aUrl, const nsAString& aName,
+                 const nsAString& aOptions, nsIDOMWindow **_retval) = 0;
+
 protected:
   // The nsPIDOMWindow constructor. The aOuterWindow argument should
   // be null if and only if the created window itself is an outer
   // window. In all other cases aOuterWindow should be the outer
   // window for the inner window that is being created.
   nsPIDOMWindow(nsPIDOMWindow *aOuterWindow);
 
   ~nsPIDOMWindow();
--- a/embedding/base/nsIWindowProvider.idl
+++ b/embedding/base/nsIWindowProvider.idl
@@ -29,54 +29,61 @@ interface nsIWindowProvider : nsISupport
 {
   /**
    * A method to request that this provider provide a window.  The window
    * returned need not to have the right name or parent set on it; setting
    * those is the caller's responsibility.  The provider can always return null
    * to have the caller create a brand-new window.
    *
    * @param aParent Must not be null.  This is the window that the caller wants
-   *                to use as the parent for the new window.  Generally,
-   *                nsIWindowProvider implementors can expect to be somehow
-   *                related to aParent; the relationship may depend on the
-   *                nsIWindowProvider implementation.
+   *        to use as the parent for the new window.  Generally,
+   *        nsIWindowProvider implementors can expect to be somehow related to
+   *        aParent; the relationship may depend on the nsIWindowProvider
+   *        implementation.
+   *
    * @param aChromeFlags The chrome flags the caller will use to create a new
-   *                      window if this provider returns null.  See
-   *                      nsIWebBrowserChrome for the possible values of this
-   *                      field.
+   *        window if this provider returns null.  See nsIWebBrowserChrome for
+   *        the possible values of this field.
+   *
    * @param aPositionSpecified Whether the attempt to create a window is trying
-   *                           to specify a position for the new window.
+   *        to specify a position for the new window.
+   *
    * @param aSizeSpecified Whether the attempt to create a window is trying to
-   *                       specify a size for the new window.
-   * @param aURI The URI to be loaded in the new window.  The nsIWindowProvider
-   *             implementation MUST NOT load this URI in the window it
-   *             returns.  This URI is provided solely to help the
-   *             nsIWindowProvider implementation make decisions; the caller
-   *             will handle loading the URI in the window returned if
-   *             provideWindow returns a window.  Note that the URI may be null
-   *             if the load cannot be represented by a single URI (e.g. if
-   *             the load has extra load flags, POST data, etc).
+   *        specify a size for the new window.
+   *
+   * @param aURI The URI to be loaded in the new window (may be NULL).  The
+   *        nsIWindowProvider implementation must not load this URI into the
+   *        window it returns.  This URI is provided solely to help the
+   *        nsIWindowProvider implementation make decisions; the caller will
+   *        handle loading the URI in the window returned if provideWindow
+   *        returns a window.
+   *
+   *        When making decisions based on aURI, note that even when it's not
+   *        null, aURI may not represent all relevant information about the
+   *        load.  For example, the load may have extra load flags, POST data,
+   *        etc.
+   *
    * @param aName The name of the window being opened.  Setting the name on the
-   *              return value of provideWindow will be handled by the caller;
-   *              aName is provided solely to help the nsIWindowProvider
-   *              implementation make decisions.
+   *        return value of provideWindow will be handled by the caller; aName
+   *        is provided solely to help the nsIWindowProvider implementation
+   *        make decisions.
+   *
    * @param aFeatures The feature string for the window being opened.  This may
-   *                  be empty.  The nsIWindowProvider implementation is
-   *                  allowed to apply the feature string to the window it
-   *                  returns in any way it sees fit.  See the nsIWindowWatcher
-   *                  interface for details on feature strings.
+   *        be empty.  The nsIWindowProvider implementation is allowed to apply
+   *        the feature string to the window it returns in any way it sees fit.
+   *        See the nsIWindowWatcher interface for details on feature strings.
+   *
    * @param aWindowIsNew [out] Whether the window being returned was just
-   *                           created by the window provider implementation.
-   *                           This can be used by callers to keep track of which
-   *                           windows were opened by the user as opposed to
-   *                           being opened programmatically.  This should be set
-   *                           to false if the window being returned existed
-   *                           before the provideWindow() call.  The value of this
-   *                           out parameter is meaningless if provideWindow()
-   *                           returns null.
+   *        created by the window provider implementation.  This can be used by
+   *        callers to keep track of which windows were opened by the user as
+   *        opposed to being opened programmatically.  This should be set to
+   *        false if the window being returned existed before the
+   *        provideWindow() call.  The value of this out parameter is
+   *        meaningless if provideWindow() returns null.
+
    * @return A window the caller should use or null if the caller should just
    *         create a new window.  The returned window may be newly opened by
    *         the nsIWindowProvider implementation or may be a window that
    *         already existed.
    *
    * @throw NS_ERROR_ABORT if the caller should cease its attempt to open a new
    *                       window.
    *
--- a/embedding/components/windowwatcher/public/nsPIWindowWatcher.idl
+++ b/embedding/components/windowwatcher/public/nsPIWindowWatcher.idl
@@ -11,17 +11,17 @@
 #include "nsISupports.idl"
 
 interface nsIDOMWindow;
 interface nsISimpleEnumerator;
 interface nsIWebBrowserChrome;
 interface nsIDocShellTreeItem;
 interface nsIArray;
 
-[uuid(8624594a-28d7-4bc3-8d12-b1c2b9eefd90)]
+[uuid(00788A84-152F-4BD8-A814-FD8EB545DB29)]
 
 interface nsPIWindowWatcher : nsISupports
 {
   /** A window has been created. Add it to our list.
       @param aWindow the window to add
       @param aChrome the corresponding chrome window. The DOM window
                      and chrome will be mapped together, and the corresponding
                      chrome can be retrieved using the (not private)
@@ -30,42 +30,47 @@ interface nsPIWindowWatcher : nsISupport
   */
   void addWindow(in nsIDOMWindow aWindow, in nsIWebBrowserChrome aChrome);
 
   /** A window has been closed. Remove it from our list.
       @param aWindow the window to remove
   */
   void removeWindow(in nsIDOMWindow aWindow);
 
-  /** Like the public interface's open(), but can deal with openDialog
-      style arguments.
+  /** Like the public interface's open(), but can handle openDialog-style
+      arguments and calls which shouldn't result in us navigating the window.
+
       @param aParent parent window, if any. Null if no parent.  If it is
              impossible to get to an nsIWebBrowserChrome from aParent, this
              method will effectively act as if aParent were null.
       @param aURL url to which to open the new window. Must already be
              escaped, if applicable. can be null.
       @param aName window name from JS window.open. can be null.  If a window
              with this name already exists, the openWindow call may just load
              aUrl in it (if aUrl is not null) and return it.
       @param aFeatures window features from JS window.open. can be null.
+      @param aCalledFromScript true if we were called from script.
       @param aDialog use dialog defaults (see nsIDOMWindow::openDialog)
+      @param aNavigate true if we should navigate the new window to the
+             specified URL.
       @param aArgs Window argument
       @return the new window
 
       @note This method may examine the JS context stack for purposes of
             determining the security context to use for the search for a given
             window named aName.
       @note This method should try to set the default charset for the new
             window to the default charset of the document in the calling window
             (which is determined based on the JS stack and the value of
             aParent).  This is not guaranteed, however.
   */
-  nsIDOMWindow openWindowJS(in nsIDOMWindow aParent, in string aUrl,
-               in string aName, in string aFeatures, in boolean aDialog,
-               in nsIArray aArgs);
+  nsIDOMWindow openWindow2(in nsIDOMWindow aParent, in string aUrl,
+                           in string aName, in string aFeatures,
+                           in boolean aCalledFromScript, in boolean aDialog,
+                           in boolean aNavigate, in nsISupports aArgs);
 
   /**
    * Find a named docshell tree item amongst all windows registered
    * with the window watcher.  This may be a subframe in some window,
    * for example.
    *
    * @param aName the name of the window.  Must not be null.
    * @param aRequestor the tree item immediately making the request.
--- a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
+++ b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
@@ -314,76 +314,93 @@ nsWindowWatcher::~nsWindowWatcher()
 }
 
 nsresult
 nsWindowWatcher::Init()
 {
   return NS_OK;
 }
 
+/**
+ * Convert aArguments into either an nsIArray or NULL.
+ *
+ *  - If aArguments is NULL, return NULL.
+ *  - If aArguments is an nsArray, return NULL if it's empty, or otherwise
+ *    return the array.
+ *  - If aArguments is an nsISupportsArray, return NULL if it's empty, or
+ *    otherwise add its elements to an nsArray and return the new array.
+ *  - Otherwise, return an nsIArray with one element: aArguments.
+ */
+static already_AddRefed<nsIArray>
+ConvertArgsToArray(nsISupports* aArguments)
+{
+  if (!aArguments) {
+    return NULL;
+  }
+
+  nsCOMPtr<nsIArray> array = do_QueryInterface(aArguments);
+  if (array) {
+    PRUint32 argc = 0;
+    array->GetLength(&argc);
+    if (argc == 0)
+      return NULL;
+
+    return array.forget();
+  }
+
+  nsCOMPtr<nsISupportsArray> supArray = do_QueryInterface(aArguments);
+  if (supArray) {
+    PRUint32 argc = 0;
+    supArray->Count(&argc);
+    if (argc == 0) {
+      return NULL;
+    }
+
+    nsCOMPtr<nsIMutableArray> mutableArray =
+      do_CreateInstance(NS_ARRAY_CONTRACTID);
+    NS_ENSURE_TRUE(mutableArray, NULL);
+
+    for (PRUint32 i = 0; i < argc; i++) {
+      nsCOMPtr<nsISupports> elt = dont_AddRef(supArray->ElementAt(i));
+      nsresult rv = mutableArray->AppendElement(elt, /* aWeak = */ false);
+      NS_ENSURE_SUCCESS(rv, NULL);
+    }
+
+    return mutableArray.forget();
+  }
+
+  nsCOMPtr<nsIMutableArray> singletonArray =
+    do_CreateInstance(NS_ARRAY_CONTRACTID);
+  NS_ENSURE_TRUE(singletonArray, NULL);
+
+  nsresult rv = singletonArray->AppendElement(aArguments, /* aWeak = */ false);
+  NS_ENSURE_SUCCESS(rv, NULL);
+
+  return singletonArray.forget();
+}
+
 NS_IMETHODIMP
 nsWindowWatcher::OpenWindow(nsIDOMWindow *aParent,
                             const char *aUrl,
                             const char *aName,
                             const char *aFeatures,
                             nsISupports *aArguments,
                             nsIDOMWindow **_retval)
 {
-  nsCOMPtr<nsIArray> argsArray;
-  PRUint32 argc = 0;
-  if (aArguments) {
-    // aArguments is allowed to be either an nsISupportsArray or an nsIArray
-    // (in which case it is treated as argv) or any other COM object (in which
-    // case it becomes argv[0]).
-    nsresult rv;
+  nsCOMPtr<nsIArray> argv = ConvertArgsToArray(aArguments);
 
-    nsCOMPtr<nsISupportsArray> supArray(do_QueryInterface(aArguments));
-    if (!supArray) {
-      nsCOMPtr<nsIArray> array(do_QueryInterface(aArguments));
-      if (!array) {
-        nsCOMPtr<nsIMutableArray> muteArray;
-        argsArray = muteArray = do_CreateInstance(NS_ARRAY_CONTRACTID, &rv);
-        if (NS_FAILED(rv))
-          return rv;
-        rv = muteArray->AppendElement(aArguments, false);
-        if (NS_FAILED(rv))
-          return rv;
-        argc = 1;
-      } else {
-        rv = array->GetLength(&argc);
-        if (NS_FAILED(rv))
-          return rv;
-        if (argc > 0)
-          argsArray = array;
-      }
-    } else {
-      // nsISupports array - copy into nsIArray...
-      rv = supArray->Count(&argc);
-      if (NS_FAILED(rv))
-        return rv;
-      // But only create an arguments array if there's at least one element in
-      // the supports array.
-      if (argc > 0) {
-        nsCOMPtr<nsIMutableArray> muteArray;
-        argsArray = muteArray = do_CreateInstance(NS_ARRAY_CONTRACTID, &rv);
-        if (NS_FAILED(rv))
-          return rv;
-        for (PRUint32 i = 0; i < argc; i++) {
-          nsCOMPtr<nsISupports> elt(dont_AddRef(supArray->ElementAt(i)));
-          rv = muteArray->AppendElement(elt, false);
-          if (NS_FAILED(rv))
-            return rv;
-        }
-      }
-    }
+  PRUint32 argc = 0;
+  if (argv) {
+    argv->GetLength(&argc);
   }
+  bool dialog = (argc != 0);
 
-  bool dialog = (argc != 0);
-  return OpenWindowJSInternal(aParent, aUrl, aName, aFeatures, dialog, 
-                              argsArray, false, _retval);
+  return OpenWindowInternal(aParent, aUrl, aName, aFeatures,
+                            /* calledFromJS = */ false, dialog,
+                            /* navigate = */ true, argv, _retval);
 }
 
 struct SizeSpec {
   SizeSpec() :
     mLeftSpecified(false),
     mTopSpecified(false),
     mOuterWidthSpecified(false),
     mOuterHeightSpecified(false),
@@ -418,48 +435,56 @@ struct SizeSpec {
   
   bool SizeSpecified() const {
     return mOuterWidthSpecified || mOuterHeightSpecified ||
       mInnerWidthSpecified || mInnerHeightSpecified;
   }
 };
 
 NS_IMETHODIMP
-nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent,
+nsWindowWatcher::OpenWindow2(nsIDOMWindow *aParent,
                               const char *aUrl,
                               const char *aName,
                               const char *aFeatures,
+                              bool aCalledFromScript,
                               bool aDialog,
-                              nsIArray *argv,
+                              bool aNavigate,
+                              nsISupports *aArguments,
                               nsIDOMWindow **_retval)
 {
-  if (argv) {
-    PRUint32 argc;
-    nsresult rv = argv->GetLength(&argc);
-    NS_ENSURE_SUCCESS(rv, rv);
+  nsCOMPtr<nsIArray> argv = ConvertArgsToArray(aArguments);
 
-    // For compatibility with old code, no arguments implies that we shouldn't
-    // create an arguments object on the new window at all.
-    if (argc == 0)
-      argv = nullptr;
+  PRUint32 argc = 0;
+  if (argv) {
+    argv->GetLength(&argc);
   }
 
-  return OpenWindowJSInternal(aParent, aUrl, aName, aFeatures, aDialog,
-                              argv, true, _retval);
+  // This is extremely messed up, but this behavior is necessary because
+  // callers lie about whether they're a dialog window and whether they're
+  // called from script.  Fixing this is bug 779939.
+  bool dialog = aDialog;
+  if (!aCalledFromScript) {
+    dialog = argc > 0;
+  }
+
+  return OpenWindowInternal(aParent, aUrl, aName, aFeatures,
+                            aCalledFromScript, aDialog,
+                            aNavigate, argv, _retval);
 }
 
 nsresult
-nsWindowWatcher::OpenWindowJSInternal(nsIDOMWindow *aParent,
-                                      const char *aUrl,
-                                      const char *aName,
-                                      const char *aFeatures,
-                                      bool aDialog,
-                                      nsIArray *argv,
-                                      bool aCalledFromJS,
-                                      nsIDOMWindow **_retval)
+nsWindowWatcher::OpenWindowInternal(nsIDOMWindow *aParent,
+                                    const char *aUrl,
+                                    const char *aName,
+                                    const char *aFeatures,
+                                    bool aCalledFromJS,
+                                    bool aDialog,
+                                    bool aNavigate,
+                                    nsIArray *argv,
+                                    nsIDOMWindow **_retval)
 {
   nsresult                        rv = NS_OK;
   bool                            nameSpecified,
                                   featuresSpecified,
                                   isNewToplevelWindow = false,
                                   windowIsNew = false,
                                   windowNeedsName = false,
                                   windowIsModal = false,
@@ -859,17 +884,17 @@ nsWindowWatcher::OpenWindowJSInternal(ns
     nsCOMPtr<nsPIDOMWindow> newDebugWindow = do_GetInterface(newDocShell);
     NS_ASSERTION(newWindow == newDebugWindow, "Different windows??");
 #endif
     if (newWindow) {
       newWindow->SetOpenerScriptPrincipal(newWindowPrincipal);
     }
   }
 
-  if (uriToLoad) { // get the script principal and pass it to docshell
+  if (uriToLoad && aNavigate) { // get the script principal and pass it to docshell
     JSContextAutoPopper contextGuard;
 
     cx = GetJSContextFromCallStack();
 
     // get the security manager
     if (!cx)
       cx = GetJSContextFromWindow(aParent);
     if (!cx) {
--- a/embedding/components/windowwatcher/src/nsWindowWatcher.h
+++ b/embedding/components/windowwatcher/src/nsWindowWatcher.h
@@ -67,24 +67,25 @@ protected:
   // Unlike GetWindowByName this will look for a caller on the JS
   // stack, and then fall back on aCurrentWindow if it can't find one.
   nsresult SafeGetWindowByName(const nsAString& aName,
                                nsIDOMWindow* aCurrentWindow,
                                nsIDOMWindow** aResult);
 
   // Just like OpenWindowJS, but knows whether it got called via OpenWindowJS
   // (which means called from script) or called via OpenWindow.
-  nsresult OpenWindowJSInternal(nsIDOMWindow *aParent,
-                                const char *aUrl,
-                                const char *aName,
-                                const char *aFeatures,
-                                bool aDialog,
-                                nsIArray *argv,
-                                bool aCalledFromJS,
-                                nsIDOMWindow **_retval);
+  nsresult OpenWindowInternal(nsIDOMWindow *aParent,
+                              const char *aUrl,
+                              const char *aName,
+                              const char *aFeatures,
+                              bool aCalledFromJS,
+                              bool aDialog,
+                              bool aNavigate,
+                              nsIArray *argv,
+                              nsIDOMWindow **_retval);
 
   static JSContext *GetJSContextFromWindow(nsIDOMWindow *aWindow);
   static JSContext *GetJSContextFromCallStack();
   static nsresult   URIfromURL(const char *aURL,
                                nsIDOMWindow *aParent,
                                nsIURI **aURI);
   
   static PRUint32   CalculateChromeFlags(const char *aFeatures,
--- a/toolkit/components/prompts/src/nsPrompter.js
+++ b/toolkit/components/prompts/src/nsPrompter.js
@@ -368,17 +368,17 @@ function openModalWindow(domWin, uri, ar
     // XXX Investigate supressing modal state when we're called without a
     // window? Seems odd to affect whatever window happens to be active.
     if (!domWin)
         domWin = Services.ww.activeWindow;
 
     // domWin may still be null here if there are _no_ windows open.
 
     // Note that we don't need to fire DOMWillOpenModalDialog and
-    // DOMModalDialogClosed events here, wwatcher's OpenWindowJSInternal
+    // DOMModalDialogClosed events here, wwatcher's OpenWindowInternal
     // will do that. Similarly for enterModalState / leaveModalState.
 
     Services.ww.openWindow(domWin, uri, "_blank", "centerscreen,chrome,modal,titlebar", args);
 }
 
 function openTabPrompt(domWin, tabPrompt, args) {
     PromptUtils.fireDialogEvent(domWin, "DOMWillOpenModalDialog");
 
@@ -408,17 +408,17 @@ function openTabPrompt(domWin, tabPrompt
         // tab-modal prompts need to watch for navigation changes, give it the
         // domWindow to watch for pagehide events.
         args.domWindow = domWin;
         args.promptActive = true;
 
         newPrompt = tabPrompt.appendPrompt(args, onPromptClose);
 
         // TODO since we don't actually open a window, need to check if
-        // there's other stuff in nsWindowWatcher::OpenWindowJSInternal
+        // there's other stuff in nsWindowWatcher::OpenWindowInternal
         // that we might need to do here as well.
 
         let thread = Services.tm.currentThread;
         while (args.promptActive)
             thread.processNextEvent(true);
         delete args.promptActive;
 
         if (args.promptAborted)