Merge mozilla-inbound to mozilla-central. a=merge
authorAndreea Pavel <apavel@mozilla.com>
Mon, 23 Jul 2018 00:46:21 +0300
changeset 427701 54c01f0092e1f1edcede61fd08042e99d76d5c30
parent 427696 93f90bc23a4aecbb5c1b16a232274b6b950f5466 (current diff)
parent 427700 e384aedb30b603ca951dc1bfba92b19875a5f92d (diff)
child 427702 ffb7bfbfc32868f7f31d86c28d305e4c23343e76
child 427711 7d4c1ef1c1b57d0fa22f0705c66c154f3e6ebf2c
push id34312
push userapavel@mozilla.com
push dateSun, 22 Jul 2018 21:47:03 +0000
treeherdermozilla-central@54c01f0092e1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmerge
milestone63.0a1
first release with
nightly linux32
54c01f0092e1 / 63.0a1 / 20180722220044 / files
nightly linux64
54c01f0092e1 / 63.0a1 / 20180722220044 / files
nightly mac
54c01f0092e1 / 63.0a1 / 20180722220044 / files
nightly win32
54c01f0092e1 / 63.0a1 / 20180722220044 / files
nightly win64
54c01f0092e1 / 63.0a1 / 20180722220044 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Merge mozilla-inbound to mozilla-central. a=merge
testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini
testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini
testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.ini
--- a/dom/base/nsINode.cpp
+++ b/dom/base/nsINode.cpp
@@ -516,17 +516,17 @@ operator<<(std::ostream& aStream, const 
   NS_ConvertUTF16toUTF8 str(elemDesc);
   return aStream << str.get();
 }
 
 SVGUseElement*
 nsINode::DoGetContainingSVGUseShadowHost() const
 {
   MOZ_ASSERT(IsInShadowTree());
-  return SVGUseElement::FromNode(AsContent()->GetContainingShadowHost());
+  return SVGUseElement::FromNodeOrNull(AsContent()->GetContainingShadowHost());
 }
 
 void
 nsINode::GetNodeValueInternal(nsAString& aNodeValue)
 {
   SetDOMStringToNull(aNodeValue);
 }
 
--- a/dom/media/AutoplayPolicy.cpp
+++ b/dom/media/AutoplayPolicy.cpp
@@ -110,17 +110,18 @@ AutoplayPolicy::IsAllowedToPlay(const HT
     // If element is blessed, it would always be allowed to play().
     return (autoplayDefault == nsIAutoplay::ALLOWED ||
             aElement.IsBlessed() ||
             EventStateManager::IsHandlingUserInput())
               ? nsIAutoplay::ALLOWED : nsIAutoplay::BLOCKED;
   }
 
   // Muted content
-  if (aElement.Volume() == 0.0 || aElement.Muted()) {
+  if ((aElement.Volume() == 0.0 || aElement.Muted()) &&
+      Preferences::GetBool("media.autoplay.allow-muted", true)) {
     return nsIAutoplay::ALLOWED;
   }
 
   if (IsWindowAllowedToPlay(aElement.OwnerDoc()->GetInnerWindow())) {
     return nsIAutoplay::ALLOWED;
   }
 
   return autoplayDefault;
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -763,16 +763,21 @@ bool
 nsCSPHostSrc::visit(nsCSPSrcVisitor* aVisitor) const
 {
   return aVisitor->visitHostSrc(*this);
 }
 
 void
 nsCSPHostSrc::toString(nsAString& outStr) const
 {
+  if (mGeneratedFromSelfKeyword) {
+    outStr.AppendASCII("'self'");
+    return;
+  }
+
   // If mHost is a single "*", we append the wildcard and return.
   if (mHost.EqualsASCII("*") &&
       mScheme.IsEmpty() &&
       mPort.IsEmpty()) {
     outStr.Append(mHost);
     return;
   }
 
--- a/dom/security/test/csp/test_meta_csp_self.html
+++ b/dom/security/test/csp/test_meta_csp_self.html
@@ -39,17 +39,17 @@ function receiveMessage(event) {
   ok(cspOBJ, "sanity: was able to parse the CSP JSON");
 
   // make sure we only got one policy
   var policies = cspOBJ["csp-policies"];
   is(policies.length, 1, "sanity: received one CSP policy");
 
   var policy = policies[0];
   var val = policy['img-src'];
-  is(val.toString(), "data://", "'self' should translate into data");
+  is(val.toString(), "'self'", "'self' should translate into data");
   SimpleTest.finish();
 }
 
 SpecialPowers.pushPrefEnv(
   {'set':[["security.data_uri.unique_opaque_origin", true]]},
   function() {
     let DATA_URI = `data:text/html,
       <html>
--- a/dom/security/test/csp/test_report_for_import.html
+++ b/dom/security/test/csp/test_report_for_import.html
@@ -47,20 +47,17 @@ function checkResults(reportStr) {
 
     is(cspReport["document-uri"], DOC_URI, "Incorrect document-uri");
     is(cspReport["referrer"],
        "http://mochi.test:8888/tests/dom/security/test/csp/test_report_for_import.html",
        "Incorrect referrer");
     is(cspReport["violated-directive"],
        "style-src",
        "Incorrect violated-directive");
-    is(cspReport["original-policy"],
-       "style-src http://mochi.test:8888; report-uri " +
-       "http://mochi.test:8888/tests/dom/security/test/csp/file_report_for_import_server.sjs?report",
-       "Incorrect original-policy");
+    is(cspReport["original-policy"], POLICY, "Incorrect original-policy");
     is(cspReport["blocked-uri"],
        "http://example.com/tests/dom/security/test/csp/file_report_for_import_server.sjs?stylesheet",
        "Incorrect blocked-uri");
 
     // we do not always set the following fields
     is(cspReport["source-file"], undefined, "Incorrect source-file");
     is(cspReport["script-sample"], undefined, "Incorrect script-sample");
     is(cspReport["line-number"], undefined, "Incorrect line-number");
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -229,51 +229,51 @@ TEST(CSPParser, Directives)
 
 // ============================= TestKeywords ========================
 
 TEST(CSPParser, Keywords)
 {
   static const PolicyTest policies[] =
   {
     { "script-src 'self'",
-      "script-src http://www.selfuri.com" },
+      "script-src 'self'" },
     { "script-src 'unsafe-inline'",
       "script-src 'unsafe-inline'" },
     { "script-src 'unsafe-eval'",
       "script-src 'unsafe-eval'" },
     { "script-src 'unsafe-inline' 'unsafe-eval'",
       "script-src 'unsafe-inline' 'unsafe-eval'" },
     { "script-src 'none'",
       "script-src 'none'" },
     { "img-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'; default-src 'self'",
-      "img-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'; default-src http://www.selfuri.com" },
+      "img-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'; default-src 'self'" },
   };
 
   uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
   ASSERT_TRUE(NS_SUCCEEDED(runTestSuite(policies, policyCount, 1)));
 }
 
 // ============================= TestIgnoreUpperLowerCasePolicies ========================
 
 TEST(CSPParser, IgnoreUpperLowerCasePolicies)
 {
   static const PolicyTest policies[] =
   {
     { "script-src 'SELF'",
-      "script-src http://www.selfuri.com" },
+      "script-src 'self'" },
     { "sCriPt-src 'Unsafe-Inline'",
       "script-src 'unsafe-inline'" },
     { "SCRIPT-src 'unsafe-eval'",
       "script-src 'unsafe-eval'" },
     { "default-SRC 'unsafe-inline' 'unsafe-eval'",
       "default-src 'unsafe-inline' 'unsafe-eval'" },
     { "script-src 'NoNe'",
       "script-src 'none'" },
     { "img-sRc 'noNe'; scrIpt-src 'unsafe-EVAL' 'UNSAFE-inline'; deFAULT-src 'Self'",
-      "img-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'; default-src http://www.selfuri.com" },
+      "img-src 'none'; script-src 'unsafe-eval' 'unsafe-inline'; default-src 'self'" },
     { "default-src HTTP://www.example.com",
       "default-src http://www.example.com" },
     { "default-src HTTP://WWW.EXAMPLE.COM",
       "default-src http://www.example.com" },
     { "default-src HTTPS://*.example.COM",
       "default-src https://*.example.com" },
     { "script-src 'none' test.com;",
       "script-src http://test.com" },
@@ -413,35 +413,35 @@ TEST(CSPParser, SimplePolicies)
       "default-src http://*:80" },
     { "default-src javascript:",
       "default-src javascript:" },
     { "default-src data:",
       "default-src data:" },
     { "script-src 'unsafe-eval' 'unsafe-inline' http://www.example.com",
       "script-src 'unsafe-eval' 'unsafe-inline' http://www.example.com" },
     { "object-src 'self'",
-      "object-src http://www.selfuri.com" },
+      "object-src 'self'" },
     { "style-src http://www.example.com 'self'",
-      "style-src http://www.example.com http://www.selfuri.com" },
+      "style-src http://www.example.com 'self'" },
     { "media-src http://www.example.com http://www.test.com",
       "media-src http://www.example.com http://www.test.com" },
     { "connect-src http://www.test.com example.com *.other.com;",
       "connect-src http://www.test.com http://example.com http://*.other.com"},
     { "connect-src example.com *.other.com",
       "connect-src http://example.com http://*.other.com"},
     { "style-src *.other.com example.com",
       "style-src http://*.other.com http://example.com"},
     { "default-src 'self'; img-src *;",
-      "default-src http://www.selfuri.com; img-src *" },
+      "default-src 'self'; img-src *" },
     { "object-src media1.example.com media2.example.com *.cdn.example.com;",
       "object-src http://media1.example.com http://media2.example.com http://*.cdn.example.com" },
     { "script-src trustedscripts.example.com",
       "script-src http://trustedscripts.example.com" },
     { "script-src 'self' ; default-src trustedscripts.example.com",
-      "script-src http://www.selfuri.com; default-src http://trustedscripts.example.com" },
+      "script-src 'self'; default-src http://trustedscripts.example.com" },
     { "default-src 'none'; report-uri http://localhost:49938/test",
       "default-src 'none'; report-uri http://localhost:49938/test" },
     { "   ;   default-src abc",
       "default-src http://abc" },
     { " ; ; ; ;     default-src            abc    ; ; ; ;",
       "default-src http://abc" },
     { "script-src 'none' 'none' 'none';",
       "script-src 'none'" },
@@ -471,17 +471,17 @@ TEST(CSPParser, SimplePolicies)
 
 // ============================= TestPoliciesWithInvalidSrc ========================
 
 TEST(CSPParser, PoliciesWithInvalidSrc)
 {
   static const PolicyTest policies[] =
   {
     { "script-src 'self'; SCRIPT-SRC http://www.example.com",
-      "script-src http://www.selfuri.com" },
+      "script-src 'self'" },
     { "script-src 'none' test.com; script-src example.com",
       "script-src http://test.com" },
     { "default-src **",
       "default-src 'none'" },
     { "default-src 'self",
       "default-src 'none'" },
     { "default-src 'unsafe-inlin' ",
       "default-src 'none'" },
@@ -588,17 +588,17 @@ TEST(CSPParser, BadPolicies)
 
 // ============================= TestGoodGeneratedPolicies ========================
 
 TEST(CSPParser, GoodGeneratedPolicies)
 {
   static const PolicyTest policies[] =
   {
     { "default-src 'self'; img-src *",
-      "default-src http://www.selfuri.com; img-src *" },
+      "default-src 'self'; img-src *" },
     { "report-uri /policy",
       "report-uri http://www.selfuri.com/policy"},
     { "img-src *",
       "img-src *" },
     { "media-src foo.bar",
       "media-src http://foo.bar" },
     { "frame-src *.bar",
       "frame-src http://*.bar" },
@@ -690,17 +690,17 @@ TEST(CSPParser, GoodGeneratedPolicies)
       "connect-src http://bar.com:400" },
     { "default-src http://evil.com",
       "default-src http://evil.com" },
     { "script-src https://evil.com:100",
       "script-src https://evil.com:100" },
     { "default-src bar.com; script-src https://foo.com",
       "default-src http://bar.com; script-src https://foo.com" },
     { "default-src 'self'; script-src 'self' https://*:*",
-      "default-src http://www.selfuri.com; script-src http://www.selfuri.com https://*:*" },
+      "default-src 'self'; script-src 'self' https://*:*" },
     { "img-src http://self.com:34",
       "img-src http://self.com:34" },
     { "media-src http://subd.self.com:34",
       "media-src http://subd.self.com:34" },
     { "default-src 'none'",
       "default-src 'none'" },
     { "connect-src http://self",
       "connect-src http://self" },
@@ -752,65 +752,65 @@ TEST(CSPParser, GoodGeneratedPolicies)
       "img-src http://foobar.com:4443" },
     { "media-src bar.com",
       "media-src http://bar.com" },
     { "frame-src http://bar.com",
       "frame-src http://bar.com" },
     { "font-src http://self.com/",
       "font-src http://self.com/" },
     { "script-src 'self'",
-      "script-src http://www.selfuri.com" },
+      "script-src 'self'" },
     { "default-src http://self.com/foo.png",
       "default-src http://self.com/foo.png" },
     { "script-src http://self.com/foo.js",
       "script-src http://self.com/foo.js" },
     { "object-src http://bar.com/foo.js",
       "object-src http://bar.com/foo.js" },
     { "style-src http://FOO.COM",
       "style-src http://foo.com" },
     { "img-src HTTP",
       "img-src http://http" },
     { "media-src http",
       "media-src http://http" },
     { "frame-src 'SELF'",
-      "frame-src http://www.selfuri.com" },
+      "frame-src 'self'" },
     { "DEFAULT-src 'self';",
-      "default-src http://www.selfuri.com" },
+      "default-src 'self'" },
     { "default-src 'self' http://FOO.COM",
-      "default-src http://www.selfuri.com http://foo.com" },
+      "default-src 'self' http://foo.com" },
     { "default-src 'self' HTTP://foo.com",
-      "default-src http://www.selfuri.com http://foo.com" },
+      "default-src 'self' http://foo.com" },
     { "default-src 'NONE'",
       "default-src 'none'" },
     { "script-src policy-uri ",
       "script-src http://policy-uri" },
     { "img-src 'self'; ",
-      "img-src http://www.selfuri.com" },
+      "img-src 'self'" },
     { "frame-ancestors foo-bar.com",
       "frame-ancestors http://foo-bar.com" },
     { "frame-ancestors http://a.com",
       "frame-ancestors http://a.com" },
     { "frame-ancestors 'self'",
-      "frame-ancestors http://www.selfuri.com" },
+      "frame-ancestors 'self'" },
     { "frame-ancestors http://self.com:88",
       "frame-ancestors http://self.com:88" },
     { "frame-ancestors http://a.b.c.d.e.f.g.h.i.j.k.l.x.com",
       "frame-ancestors http://a.b.c.d.e.f.g.h.i.j.k.l.x.com" },
     { "frame-ancestors https://self.com:34",
       "frame-ancestors https://self.com:34" },
     { "frame-ancestors http://sampleuser:samplepass@example.com",
       "frame-ancestors 'none'" },
     { "default-src 'none'; frame-ancestors 'self'",
-      "default-src 'none'; frame-ancestors http://www.selfuri.com" },
+      "default-src 'none'; frame-ancestors 'self'" },
     { "frame-ancestors http://self:80",
       "frame-ancestors http://self:80" },
     { "frame-ancestors http://self.com/bar",
       "frame-ancestors http://self.com/bar" },
     { "default-src 'self'; frame-ancestors 'self'",
-      "default-src http://www.selfuri.com; frame-ancestors http://www.selfuri.com" },
+      "default-src 'self'; frame-ancestors 'self'" },
     { "frame-ancestors http://bar.com/foo.png",
       "frame-ancestors http://bar.com/foo.png" },
   };
 
   uint32_t policyCount = sizeof(policies) / sizeof(PolicyTest);
   ASSERT_TRUE(NS_SUCCEEDED(runTestSuite(policies, policyCount, 1)));
 }
 
new file mode 100644
--- /dev/null
+++ b/layout/base/crashtests/1472027.html
@@ -0,0 +1,7 @@
+<!doctype html>
+<svg>
+<use xlink:href="#a">
+<ellipse id="a">
+<foreignObject>
+<form>
+<textarea required="">A</textarea>
--- a/layout/base/crashtests/crashtests.list
+++ b/layout/base/crashtests/crashtests.list
@@ -535,8 +535,9 @@ load 1461812.html
 load 1462412.html
 load 1463940.html
 pref(dom.webcomponents.shadowdom.enabled,true) HTTP load 1464641.html
 load 1464737.html
 load 1466638.html
 load 1467688.html
 load 1467964.html
 load 1469354.html
+load 1472027.html
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -565,16 +565,19 @@ pref("media.recorder.video.frame_drops",
 
 // Whether to autostart a media element with an |autoplay| attribute.
 // ALLOWED=0, BLOCKED=1, PROMPT=2, defined in dom/media/Autoplay.idl
 pref("media.autoplay.default", 0);
 
 // By default, don't block WebAudio from playing automatically.
 pref("media.autoplay.block-webaudio", false);
 
+// By default, don't block muted media from playing automatically.
+pref("media.autoplay.allow-muted", true);
+
 // If "media.autoplay.default" is not ALLOWED, and this pref is true,
 // then audible media would only be allowed to autoplay after website has
 // been activated by specific user gestures, but non-audible
 // media won't be restricted.
 #ifdef NIGHTLY_BUILD
 pref("media.autoplay.enabled.user-gestures-needed", false);
 #endif
 
deleted file mode 100644
--- a/testing/web-platform/meta/content-security-policy/frame-src/frame-src-self-unique-origin.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[frame-src-self-unique-origin.html]
-  expected: TIMEOUT
-  [Iframe's url must not match with 'self'. It must be blocked.]
-    expected: TIMEOUT
-
deleted file mode 100644
--- a/testing/web-platform/meta/content-security-policy/img-src/img-src-self-unique-origin.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[img-src-self-unique-origin.html]
-  expected: TIMEOUT
-  [Image's url must not match with 'self'. Image must be blocked.]
-    expected: TIMEOUT
-
deleted file mode 100644
--- a/testing/web-platform/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_whitelist.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[script-src-strict_dynamic_double_policy_honor_whitelist.sub.html]
-  [Non-whitelisted script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce+whitelist double policy.]
-    expected: FAIL
--- a/toolkit/components/extensions/test/xpcshell/test_ext_content_security_policy.js
+++ b/toolkit/components/extensions/test/xpcshell/test_ext_content_security_policy.js
@@ -37,23 +37,19 @@ async function testPolicy(customCSP = nu
     }
 
     content_security_policy = Object.keys(customCSP)
       .map(key => `${key} ${customCSP[key]}`)
       .join("; ");
   }
 
 
-  function filterSelf(sources) {
-    return sources.map(src => src == "'self'" ? baseURL : src);
-  }
-
   function checkSource(name, policy, expected) {
     equal(JSON.stringify(policy[name].sort()),
-          JSON.stringify(filterSelf(expected[name]).sort()),
+          JSON.stringify(expected[name].sort()),
           `Expected value for ${name}`);
   }
 
   function checkCSP(csp, location) {
     let policies = csp["csp-policies"];
 
     info(`Base policy for ${location}`);