Bug 1562292: Part 1b.2 - Don't fall back to named lookup for inaccessible special name. r=nika
authorKris Maglione <maglione.k@gmail.com>
Thu, 08 Aug 2019 11:43:38 -0700
changeset 488062 a8ac7bcafc270b5be3eca84efebcde672fe8fba5
parent 488061 f1fc2382346d163fe18a8fe5d323aafa759e1317
child 488063 a50f085eb3e6c506fd8e17acb669ef91b6f31390
push id36435
push usercbrindusan@mozilla.com
push dateThu, 15 Aug 2019 09:46:49 +0000
treeherdermozilla-central@0db07ff50ab5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnika
bugs1562292
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1562292: Part 1b.2 - Don't fall back to named lookup for inaccessible special name. r=nika Currently, if a window with a special name is inaccessible to the caller, we fall back to ordinary named lookup, which is not desirable. This patch changes that behavior so that we never attempt fallback for special names. Differential Revision: https://phabricator.services.mozilla.com/D41260
docshell/base/BrowsingContext.cpp
docshell/base/BrowsingContext.h
--- a/docshell/base/BrowsingContext.cpp
+++ b/docshell/base/BrowsingContext.cpp
@@ -463,23 +463,22 @@ void BrowsingContext::GetChildren(Childr
 // See
 // https://html.spec.whatwg.org/multipage/browsers.html#the-rules-for-choosing-a-browsing-context-given-a-browsing-context-name
 BrowsingContext* BrowsingContext::FindWithName(
     const nsAString& aName, BrowsingContext& aRequestingContext) {
   BrowsingContext* found = nullptr;
   if (aName.IsEmpty()) {
     // You can't find a browsing context with an empty name.
     found = nullptr;
-  } else if (BrowsingContext* special =
-                 FindWithSpecialName(aName, aRequestingContext)) {
-    found = special;
   } else if (aName.LowerCaseEqualsLiteral("_blank")) {
     // Just return null. Caller must handle creating a new window with
     // a blank name.
     found = nullptr;
+  } else if (IsSpecialName(aName)) {
+    found = FindWithSpecialName(aName, aRequestingContext);
   } else if (BrowsingContext* child =
                  FindWithNameInSubtree(aName, aRequestingContext)) {
     found = child;
   } else {
     BrowsingContext* current = this;
 
     do {
       Children* siblings;
@@ -535,16 +534,24 @@ BrowsingContext* BrowsingContext::FindCh
         child->IsTargetable()) {
       return child;
     }
   }
 
   return nullptr;
 }
 
+/* static */
+bool BrowsingContext::IsSpecialName(const nsAString& aName) {
+  return (aName.LowerCaseEqualsLiteral("_self") ||
+          aName.LowerCaseEqualsLiteral("_parent") ||
+          aName.LowerCaseEqualsLiteral("_top") ||
+          aName.LowerCaseEqualsLiteral("_blank"));
+}
+
 BrowsingContext* BrowsingContext::FindWithSpecialName(
     const nsAString& aName, BrowsingContext& aRequestingContext) {
   // TODO(farre): Neither BrowsingContext nor nsDocShell checks if the
   // browsing context pointed to by a special name is active. Should
   // it be? See Bug 1527913.
   if (aName.LowerCaseEqualsLiteral("_self")) {
     return this;
   }
--- a/docshell/base/BrowsingContext.h
+++ b/docshell/base/BrowsingContext.h
@@ -389,16 +389,20 @@ class BrowsingContext : public nsWrapper
   bool CanAccess(BrowsingContext* aTarget, bool aConsiderOpener = true);
 
  protected:
   virtual ~BrowsingContext();
   BrowsingContext(BrowsingContext* aParent, BrowsingContextGroup* aGroup,
                   uint64_t aBrowsingContextId, Type aType);
 
  private:
+  // Returns true if the given name is one of the "special" names, currently:
+  // "_self", "_parent", "_top", or "_blank".
+  static bool IsSpecialName(const nsAString& aName);
+
   // Find the special browsing context if aName is '_self', '_parent',
   // '_top', but not '_blank'. The latter is handled in FindWithName
   BrowsingContext* FindWithSpecialName(const nsAString& aName,
                                        BrowsingContext& aRequestingContext);
 
   // Find a browsing context in the subtree rooted at 'this' Doesn't
   // consider the special names, '_self', '_parent', '_top', or
   // '_blank'. Performs access control with regard to