Merge mozilla-central to autoland. CLOSED TREE
authorMihai Alexandru Michis <malexandru@mozilla.com>
Wed, 18 Sep 2019 13:05:29 +0300
changeset 493774 7afdf6a9c44a567b08f3b51ee8ef2682820349a9
parent 493773 c3309963807cd061dfcfdd308a782a8affa4f6ed (current diff)
parent 493713 ce04e402c705c8ee9d491c3cef11a3876af2680f (diff)
child 493775 d2ee35cb9930dd8f19e48d083f8181a8266bfcb5
push id114101
push usernerli@mozilla.com
push dateWed, 18 Sep 2019 22:01:41 +0000
treeherdermozilla-inbound@b3ecb5aef45a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
milestone71.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Merge mozilla-central to autoland. CLOSED TREE
--- a/browser/locales/l10n-changesets.json
+++ b/browser/locales/l10n-changesets.json
@@ -198,16 +198,33 @@
             "win32-devedition",
             "win64",
             "win64-aarch64",
             "win64-aarch64-devedition",
             "win64-devedition"
         ],
         "revision": "default"
     },
+    "ca-valencia": {
+        "platforms": [
+            "linux",
+            "linux-devedition",
+            "linux64",
+            "linux64-devedition",
+            "macosx64",
+            "macosx64-devedition",
+            "win32",
+            "win32-devedition",
+            "win64",
+            "win64-aarch64",
+            "win64-aarch64-devedition",
+            "win64-devedition"
+        ],
+        "revision": "default"
+    },
     "cak": {
         "platforms": [
             "linux",
             "linux-devedition",
             "linux64",
             "linux64-devedition",
             "macosx64",
             "macosx64-devedition",
--- a/dom/base/Location.cpp
+++ b/dom/base/Location.cpp
@@ -35,51 +35,53 @@
 #include "mozilla/dom/DocumentInlines.h"
 #include "mozilla/dom/LocationBinding.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "ReferrerInfo.h"
 
 namespace mozilla {
 namespace dom {
 
-Location::Location(nsPIDOMWindowInner* aWindow, nsIDocShell* aDocShell)
+Location::Location(nsPIDOMWindowInner* aWindow, BrowsingContext* aBrowsingContext)
     : mInnerWindow(aWindow) {
-  // aDocShell can be null if it gets called after nsDocShell::Destory().
-  mDocShell = do_GetWeakReference(aDocShell);
+  // aBrowsingContext can be null if it gets called after nsDocShell::Destory().
+  if (aBrowsingContext) {
+    mBrowsingContextId = aBrowsingContext->Id();
+  }
 }
 
 Location::~Location() {}
 
 // QueryInterface implementation for Location
 NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(Location)
   NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
   NS_INTERFACE_MAP_ENTRY(nsISupports)
 NS_INTERFACE_MAP_END
 
 NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(Location, mInnerWindow)
 
 NS_IMPL_CYCLE_COLLECTING_ADDREF(Location)
 NS_IMPL_CYCLE_COLLECTING_RELEASE(Location)
 
 BrowsingContext* Location::GetBrowsingContext() {
-  if (nsCOMPtr<nsIDocShell> docShell = GetDocShell()) {
-    return docShell->GetBrowsingContext();
-  }
-  return nullptr;
+  RefPtr<BrowsingContext> bc = BrowsingContext::Get(mBrowsingContextId);
+  return bc.get();
 }
 
 already_AddRefed<nsIDocShell> Location::GetDocShell() {
-  nsCOMPtr<nsIDocShell> docShell = do_QueryReferent(mDocShell);
-  return docShell.forget();
+  if (RefPtr<BrowsingContext> bc = GetBrowsingContext()) {
+    return do_AddRef(bc->GetDocShell());
+  }
+  return nullptr;
 }
 
 nsresult Location::GetURI(nsIURI** aURI, bool aGetInnermostURI) {
   *aURI = nullptr;
 
-  nsCOMPtr<nsIDocShell> docShell(do_QueryReferent(mDocShell));
+  nsCOMPtr<nsIDocShell> docShell(GetDocShell());
   if (!docShell) {
     return NS_OK;
   }
 
   nsresult rv;
   nsCOMPtr<nsIWebNavigation> webNav(do_QueryInterface(docShell, &rv));
   if (NS_FAILED(rv)) {
     return rv;
@@ -544,17 +546,17 @@ void Location::SetSearch(const nsAString
   if (NS_WARN_IF(aRv.Failed())) {
     return;
   }
 
   SetURI(uri, aSubjectPrincipal, aRv);
 }
 
 void Location::Reload(bool aForceget, ErrorResult& aRv) {
-  nsCOMPtr<nsIDocShell> docShell(do_QueryReferent(mDocShell));
+  nsCOMPtr<nsIDocShell> docShell(GetDocShell());
   if (!docShell) {
     return aRv.Throw(NS_ERROR_FAILURE);
   }
 
   if (StaticPrefs::dom_block_reload_from_resize_event_handler()) {
     nsCOMPtr<nsPIDOMWindowOuter> window = docShell->GetWindow();
     if (window && window->IsHandlingResizeEvent()) {
       // location.reload() was called on a window that is handling a
@@ -598,23 +600,36 @@ void Location::Assign(const nsAString& a
   }
 
   DoSetHref(aUrl, aSubjectPrincipal, false, aRv);
 }
 
 bool Location::CallerSubsumes(nsIPrincipal* aSubjectPrincipal) {
   MOZ_ASSERT(aSubjectPrincipal);
 
+  RefPtr<BrowsingContext> bc(GetBrowsingContext());
+  if (MOZ_UNLIKELY(!bc) || MOZ_UNLIKELY(bc->IsDiscarded())) {
+    // Per spec, operations on a Location object with a discarded BC are no-ops,
+    // not security errors, so we need to return true from the access check and
+    // let the caller do its own discarded docShell check.
+    return true;
+  }
+  if (MOZ_UNLIKELY(!bc->IsInProcess())) {
+    return false;
+  }
+
   // Get the principal associated with the location object.  Note that this is
   // the principal of the page which will actually be navigated, not the
   // principal of the Location object itself.  This is why we need this check
   // even though we only allow limited cross-origin access to Location objects
   // in general.
-  nsCOMPtr<nsPIDOMWindowOuter> outer = mInnerWindow->GetOuterWindow();
+  nsCOMPtr<nsPIDOMWindowOuter> outer = bc->GetDOMWindow();
+  MOZ_DIAGNOSTIC_ASSERT(outer);
   if (MOZ_UNLIKELY(!outer)) return false;
+
   nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(outer);
   bool subsumes = false;
   nsresult rv = aSubjectPrincipal->SubsumesConsideringDomain(
       sop->GetPrincipal(), &subsumes);
   NS_ENSURE_SUCCESS(rv, false);
   return subsumes;
 }
 
--- a/dom/base/Location.h
+++ b/dom/base/Location.h
@@ -29,17 +29,17 @@ namespace dom {
 //*****************************************************************************
 
 class Location final : public nsISupports,
                        public LocationBase,
                        public nsWrapperCache {
  public:
   typedef BrowsingContext::LocationProxy RemoteProxy;
 
-  Location(nsPIDOMWindowInner* aWindow, nsIDocShell* aDocShell);
+  Location(nsPIDOMWindowInner* aWindow, BrowsingContext* aBrowsingContext);
 
   NS_DECL_CYCLE_COLLECTING_ISUPPORTS
   NS_DECL_CYCLE_COLLECTION_SCRIPT_HOLDER_CLASS(Location)
 
   // WebIDL API:
   void Assign(const nsAString& aUrl, nsIPrincipal& aSubjectPrincipal,
               ErrorResult& aError);
 
@@ -139,15 +139,15 @@ class Location final : public nsISupport
   // Note, this method can return NS_OK with a null value for aURL. This happens
   // if the docShell is null.
   nsresult GetURI(nsIURI** aURL, bool aGetInnermostURI = false);
 
   bool CallerSubsumes(nsIPrincipal* aSubjectPrincipal);
 
   nsString mCachedHash;
   nsCOMPtr<nsPIDOMWindowInner> mInnerWindow;
-  nsWeakPtr mDocShell;
+  uint64_t mBrowsingContextId = 0;
 };
 
 }  // namespace dom
 }  // namespace mozilla
 
 #endif  // mozilla_dom_Location_h
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@@ -3996,17 +3996,17 @@ nsGlobalWindowInner::GetExistingDebugger
 }
 
 //*****************************************************************************
 // nsGlobalWindowInner::nsPIDOMWindow
 //*****************************************************************************
 
 Location* nsGlobalWindowInner::Location() {
   if (!mLocation) {
-    mLocation = new dom::Location(this, GetDocShell());
+    mLocation = new dom::Location(this, GetBrowsingContext());
   }
 
   return mLocation;
 }
 
 void nsGlobalWindowInner::MaybeUpdateTouchState() {
   if (mMayHaveTouchEventListener) {
     nsCOMPtr<nsIObserverService> observerService =
--- a/js/xpconnect/tests/mochitest/mochitest.ini
+++ b/js/xpconnect/tests/mochitest/mochitest.ini
@@ -56,33 +56,31 @@ support-files =
 [test_bug618017.html]
 [test_bug623437.html]
 [test_bug628410.html]
 [test_bug628794.html]
 [test_bug629227.html]
 skip-if = fission # Times out.
 [test_bug629331.html]
 [test_bug636097.html]
-fail-if = fission # Bug 1573621: window.location access after cross-origin navigation.
 [test_bug650273.html]
 [test_bug655297-1.html]
 [test_bug655297-2.html]
 [test_bug661980.html]
 [test_bug691059.html]
 [test_bug720619.html]
 [test_bug731471.html]
 skip-if = toolkit == "android" && debug && !is_fennec
 [test_bug764389.html]
 [test_bug772288.html]
 [test_bug781476.html]
 [test_bug789713.html]
 [test_bug790732.html]
 [test_bug793969.html]
 [test_bug800864.html]
-fail-if = fission # Bug 1573621: window.location access after cross-origin navigation.
 [test_bug802557.html]
 fail-if = fission # Bug 1573621: window.location access after cross-origin navigation.
 [test_bug803730.html]
 [test_bug809547.html]
 [test_bug829872.html]
 [test_bug862380.html]
 [test_bug865260.html]
 [test_bug870423.html]