Bug 1424474 part 3. Make sure that we only pass non-system subject principals to setters/methods that later use that principal for loading security checks. r=kmag
authorBoris Zbarsky <bzbarsky@mit.edu>
Wed, 20 Dec 2017 17:43:18 -0500
changeset 451492 7401a6e3f5edcc0f350c0370aadc2597eff6fb20
parent 451491 d3f2ca3a3efeb6771fcbdb24d0d4cc30b63038b3
child 451493 93ac39966790ccf1183da04f06d16610e79cec8a
push id1648
push usermtabara@mozilla.com
push dateThu, 01 Mar 2018 12:45:47 +0000
treeherdermozilla-release@cbb9688c2eeb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskmag
bugs1424474
milestone59.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1424474 part 3. Make sure that we only pass non-system subject principals to setters/methods that later use that principal for loading security checks. r=kmag MozReview-Commit-ID: IjUEG5xwn5
dom/base/Element.cpp
dom/base/Element.h
dom/base/nsINode.h
dom/bindings/GenerateCSS2PropertiesWebIDL.py
dom/html/HTMLFrameElement.h
dom/html/HTMLIFrameElement.h
dom/html/HTMLImageElement.h
dom/html/HTMLInputElement.h
dom/html/HTMLLinkElement.h
dom/html/HTMLMediaElement.h
dom/html/HTMLScriptElement.cpp
dom/html/HTMLScriptElement.h
dom/html/HTMLSourceElement.h
dom/html/HTMLStyleElement.cpp
dom/html/HTMLStyleElement.h
dom/html/nsGenericHTMLElement.h
dom/webidl/AnonymousContent.webidl
dom/webidl/Attr.webidl
dom/webidl/CSSStyleDeclaration.webidl
dom/webidl/Element.webidl
dom/webidl/HTMLFrameElement.webidl
dom/webidl/HTMLIFrameElement.webidl
dom/webidl/HTMLImageElement.webidl
dom/webidl/HTMLInputElement.webidl
dom/webidl/HTMLLinkElement.webidl
dom/webidl/HTMLMediaElement.webidl
dom/webidl/HTMLScriptElement.webidl
dom/webidl/HTMLSourceElement.webidl
dom/webidl/Node.webidl
layout/style/nsDOMCSSDeclaration.h
layout/style/nsICSSDeclaration.h
--- a/dom/base/Element.cpp
+++ b/dom/base/Element.cpp
@@ -3873,17 +3873,17 @@ Element::GetAnimationsUnsorted(Element* 
 NS_IMETHODIMP
 Element::GetInnerHTML(nsAString& aInnerHTML)
 {
   GetMarkup(false, aInnerHTML);
   return NS_OK;
 }
 
 void
-Element::SetInnerHTML(const nsAString& aInnerHTML, nsIPrincipal& aSubjectPrincipal, ErrorResult& aError)
+Element::SetInnerHTML(const nsAString& aInnerHTML, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError)
 {
   SetInnerHTMLInternal(aInnerHTML, aError);
 }
 
 void
 Element::GetOuterHTML(nsAString& aOuterHTML)
 {
   GetMarkup(true, aOuterHTML);
--- a/dom/base/Element.h
+++ b/dom/base/Element.h
@@ -1334,17 +1334,17 @@ public:
   // this element.
   void GetAnimations(const AnimationFilter& filter,
                      nsTArray<RefPtr<Animation>>& aAnimations);
   static void GetAnimationsUnsorted(Element* aElement,
                                     CSSPseudoElementType aPseudoType,
                                     nsTArray<RefPtr<Animation>>& aAnimations);
 
   NS_IMETHOD GetInnerHTML(nsAString& aInnerHTML);
-  virtual void SetInnerHTML(const nsAString& aInnerHTML, nsIPrincipal& aSubjectPrincipal, ErrorResult& aError);
+  virtual void SetInnerHTML(const nsAString& aInnerHTML, nsIPrincipal* aSubjectPrincipal, ErrorResult& aError);
   void GetOuterHTML(nsAString& aOuterHTML);
   void SetOuterHTML(const nsAString& aOuterHTML, ErrorResult& aError);
   void InsertAdjacentHTML(const nsAString& aPosition, const nsAString& aText,
                           ErrorResult& aError);
 
   //----------------------------------------
 
   /**
@@ -1561,19 +1561,19 @@ public:
   /**
    * Set an attribute in the simplest way possible.
    */
   void SetAttr(nsAtom* aAttr, const nsAString& aValue, ErrorResult& aError)
   {
     aError = SetAttr(kNameSpaceID_None, aAttr, aValue, true);
   }
 
-  void SetAttr(nsAtom* aAttr, const nsAString& aValue, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aError)
+  void SetAttr(nsAtom* aAttr, const nsAString& aValue, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError)
   {
-    aError = SetAttr(kNameSpaceID_None, aAttr, aValue, &aTriggeringPrincipal, true);
+    aError = SetAttr(kNameSpaceID_None, aAttr, aValue, aTriggeringPrincipal, true);
   }
 
   /**
    * Set a content attribute via a reflecting nullable string IDL
    * attribute (e.g. a CORS attribute).  If DOMStringIsNull(aValue),
    * this will actually remove the content attribute.
    */
   void SetOrRemoveNullableStringAttr(nsAtom* aName, const nsAString& aValue,
--- a/dom/base/nsINode.h
+++ b/dom/base/nsINode.h
@@ -1348,20 +1348,20 @@ public:
   virtual bool IsHTMLContentElement() const { return false; }
 
   void GetTextContent(nsAString& aTextContent,
                       mozilla::OOMReporter& aError)
   {
     GetTextContentInternal(aTextContent, aError);
   }
   void SetTextContent(const nsAString& aTextContent,
-                      nsIPrincipal& aSubjectPrincipal,
+                      nsIPrincipal* aSubjectPrincipal,
                       mozilla::ErrorResult& aError)
   {
-    SetTextContentInternal(aTextContent, &aSubjectPrincipal, aError);
+    SetTextContentInternal(aTextContent, aSubjectPrincipal, aError);
   }
   void SetTextContent(const nsAString& aTextContent,
                       mozilla::ErrorResult& aError)
   {
     SetTextContentInternal(aTextContent, nullptr, aError);
   }
 
   mozilla::dom::Element* QuerySelector(const nsAString& aSelector,
--- a/dom/bindings/GenerateCSS2PropertiesWebIDL.py
+++ b/dom/bindings/GenerateCSS2PropertiesWebIDL.py
@@ -24,17 +24,17 @@ def generate(output, idlFilename, prepro
     propList = eval(preprocessed)
     props = ""
     for [name, prop, id, flags, pref, proptype] in propList:
         if "CSS_PROPERTY_INTERNAL" in flags:
             continue
         # Unfortunately, even some of the getters here are fallible
         # (e.g. on nsComputedDOMStyle).
         extendedAttrs = ["Throws", "TreatNullAs=EmptyString",
-                         "SetterNeedsSubjectPrincipal"]
+                         "SetterNeedsSubjectPrincipal=NonSystem"]
         if pref is not "":
             extendedAttrs.append('Pref="%s"' % pref)
 
         # webkit properties get a capitalized "WebkitFoo" accessor (added here)
         # as well as a camelcase "webkitFoo" accessor (added next).
         if (prop.startswith("Webkit")):
             props += generateLine(prop, extendedAttrs)
 
--- a/dom/html/HTMLFrameElement.h
+++ b/dom/html/HTMLFrameElement.h
@@ -99,17 +99,17 @@ public:
   {
     SetHTMLAttr(nsGkAtoms::scrolling, aScrolling, aError);
   }
 
   void GetSrc(nsString& aSrc)
   {
     GetURIAttr(nsGkAtoms::src, nullptr, aSrc);
   }
-  void SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aError)
+  void SetSrc(const nsAString& aSrc, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError)
   {
     SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, aError);
   }
 
   using nsGenericHTMLFrameElement::GetContentDocument;
   using nsGenericHTMLFrameElement::GetContentWindow;
 
 protected:
--- a/dom/html/HTMLIFrameElement.h
+++ b/dom/html/HTMLIFrameElement.h
@@ -45,17 +45,17 @@ public:
 
   uint32_t GetSandboxFlags();
 
   // Web IDL binding methods
   void GetSrc(nsString& aSrc) const
   {
     GetURIAttr(nsGkAtoms::src, nullptr, aSrc);
   }
-  void SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aError)
+  void SetSrc(const nsAString& aSrc, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError)
   {
     SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, aError);
   }
   void GetSrcdoc(DOMString& aSrcdoc)
   {
     GetHTMLAttr(nsGkAtoms::srcdoc, aSrcdoc);
   }
   void SetSrcdoc(const nsAString& aSrcdoc, ErrorResult& aError)
--- a/dom/html/HTMLImageElement.h
+++ b/dom/html/HTMLImageElement.h
@@ -145,25 +145,25 @@ public:
   void GetSrc(nsAString& aSrc)
   {
     GetURIAttr(nsGkAtoms::src, nullptr, aSrc);
   }
   void SetSrc(const nsAString& aSrc, ErrorResult& aError)
   {
     SetHTMLAttr(nsGkAtoms::src, aSrc, aError);
   }
-  void SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aError)
+  void SetSrc(const nsAString& aSrc, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError)
   {
     SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, aError);
   }
   void GetSrcset(nsAString& aSrcset)
   {
     GetHTMLAttr(nsGkAtoms::srcset, aSrcset);
   }
-  void SetSrcset(const nsAString& aSrcset, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aError)
+  void SetSrcset(const nsAString& aSrcset, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aError)
   {
     SetHTMLAttr(nsGkAtoms::srcset, aSrcset, aTriggeringPrincipal, aError);
   }
   void GetCrossOrigin(nsAString& aResult)
   {
     // Null for both missing and invalid defaults is ok, since we
     // always parse to an enum value, so we don't need an invalid
     // default, and we _want_ the missing default to be null.
--- a/dom/html/HTMLInputElement.h
+++ b/dom/html/HTMLInputElement.h
@@ -713,17 +713,17 @@ public:
 
     SetUnsignedIntAttr(nsGkAtoms::size, aValue, DEFAULT_COLS, aRv);
   }
 
   void GetSrc(nsAString& aValue)
   {
     GetURIAttr(nsGkAtoms::src, nullptr, aValue);
   }
-  void SetSrc(const nsAString& aValue, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aRv)
+  void SetSrc(const nsAString& aValue, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aRv)
   {
     SetHTMLAttr(nsGkAtoms::src, aValue, aTriggeringPrincipal, aRv);
   }
 
   void GetStep(nsAString& aValue)
   {
     GetHTMLAttr(nsGkAtoms::step, aValue);
   }
--- a/dom/html/HTMLLinkElement.h
+++ b/dom/html/HTMLLinkElement.h
@@ -83,17 +83,17 @@ public:
   // WebIDL
   bool Disabled();
   void SetDisabled(bool aDisabled);
 
   void GetHref(nsAString& aValue)
   {
     GetURIAttr(nsGkAtoms::href, nullptr, aValue);
   }
-  void SetHref(const nsAString& aHref, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aRv)
+  void SetHref(const nsAString& aHref, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aRv)
   {
     SetHTMLAttr(nsGkAtoms::href, aHref, aTriggeringPrincipal, aRv);
   }
   void SetHref(const nsAString& aHref, ErrorResult& aRv)
   {
     SetHTMLAttr(nsGkAtoms::href, aHref, aRv);
   }
   void GetCrossOrigin(nsAString& aResult)
--- a/dom/html/HTMLMediaElement.h
+++ b/dom/html/HTMLMediaElement.h
@@ -437,17 +437,17 @@ public:
    * cycle collection unlinking!
    */
   MediaStream* GetSrcMediaStream() const;
 
   // WebIDL
 
   MediaError* GetError() const;
 
-  void SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aRv)
+  void SetSrc(const nsAString& aSrc, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aRv)
   {
     SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, aRv);
   }
 
   // XPCOM GetCurrentSrc() is OK
 
   void GetCrossOrigin(nsAString& aResult)
   {
--- a/dom/html/HTMLScriptElement.cpp
+++ b/dom/html/HTMLScriptElement.cpp
@@ -142,17 +142,17 @@ HTMLScriptElement::GetInnerHTML(nsAStrin
   if (!nsContentUtils::GetNodeTextContent(this, false, aInnerHTML, fallible)) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
   return NS_OK;
 }
 
 void
 HTMLScriptElement::SetInnerHTML(const nsAString& aInnerHTML,
-                                nsIPrincipal& aScriptedPrincipal,
+                                nsIPrincipal* aScriptedPrincipal,
                                 ErrorResult& aError)
 {
   aError = nsContentUtils::SetNodeTextContent(this, aInnerHTML, true);
 }
 
 void
 HTMLScriptElement::GetText(nsAString& aValue, ErrorResult& aRv)
 {
--- a/dom/html/HTMLScriptElement.h
+++ b/dom/html/HTMLScriptElement.h
@@ -24,17 +24,17 @@ public:
   HTMLScriptElement(already_AddRefed<mozilla::dom::NodeInfo>& aNodeInfo,
                     FromParser aFromParser);
 
   // nsISupports
   NS_DECL_ISUPPORTS_INHERITED
 
   NS_IMETHOD GetInnerHTML(nsAString& aInnerHTML) override;
   virtual void SetInnerHTML(const nsAString& aInnerHTML,
-                            nsIPrincipal& aSubjectPrincipal,
+                            nsIPrincipal* aSubjectPrincipal,
                             mozilla::ErrorResult& aError) override;
 
   // nsIScriptElement
   virtual bool GetScriptType(nsAString& type) override;
   virtual void GetScriptText(nsAString& text) override;
   virtual void GetScriptCharset(nsAString& charset) override;
   virtual void FreezeUriAsyncDefer() override;
   virtual CORSMode GetCORSMode() const override;
@@ -77,25 +77,21 @@ public:
   {
     return GetBoolAttr(nsGkAtoms::defer);
   }
   void SetDefer(bool aDefer, ErrorResult& aRv)
   {
     SetHTMLBoolAttr(nsGkAtoms::defer, aDefer, aRv);
   }
 
-  void GetSrc(nsAString& aSrc, nsIPrincipal&)
-  {
-    GetSrc(aSrc);
-  }
   void GetSrc(nsAString& aSrc)
   {
     GetURIAttr(nsGkAtoms::src, nullptr, aSrc);
   }
-  void SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aRv)
+  void SetSrc(const nsAString& aSrc, nsIPrincipal* aTriggeringPrincipal, ErrorResult& aRv)
   {
     SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, aRv);
   }
 
   void GetType(nsAString& aType)
   {
     GetHTMLAttr(nsGkAtoms::type, aType);
   }
--- a/dom/html/HTMLSourceElement.h
+++ b/dom/html/HTMLSourceElement.h
@@ -53,17 +53,17 @@ public:
   // when it was set.
   MediaSource* GetSrcMediaSource() { return mSrcMediaSource; };
 
   // WebIDL
   void GetSrc(nsString& aSrc)
   {
     GetURIAttr(nsGkAtoms::src, nullptr, aSrc);
   }
-  void SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, mozilla::ErrorResult& rv)
+  void SetSrc(const nsAString& aSrc, nsIPrincipal* aTriggeringPrincipal, mozilla::ErrorResult& rv)
   {
     SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, rv);
   }
 
   nsIPrincipal* GetSrcTriggeringPrincipal() const
   {
     return mSrcTriggeringPrincipal;
   }
@@ -81,17 +81,17 @@ public:
   {
     SetHTMLAttr(nsGkAtoms::type, aType, rv);
   }
 
   void GetSrcset(DOMString& aSrcset)
   {
     GetHTMLAttr(nsGkAtoms::srcset, aSrcset);
   }
-  void SetSrcset(const nsAString& aSrcset, nsIPrincipal& aTriggeringPrincipal, mozilla::ErrorResult& rv)
+  void SetSrcset(const nsAString& aSrcset, nsIPrincipal* aTriggeringPrincipal, mozilla::ErrorResult& rv)
   {
     SetHTMLAttr(nsGkAtoms::srcset, aSrcset, aTriggeringPrincipal, rv);
   }
 
   void GetSizes(DOMString& aSizes)
   {
     GetHTMLAttr(nsGkAtoms::sizes, aSizes);
   }
--- a/dom/html/HTMLStyleElement.cpp
+++ b/dom/html/HTMLStyleElement.cpp
@@ -170,20 +170,20 @@ HTMLStyleElement::GetInnerHTML(nsAString
   if (!nsContentUtils::GetNodeTextContent(this, false, aInnerHTML, fallible)) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
   return NS_OK;
 }
 
 void
 HTMLStyleElement::SetInnerHTML(const nsAString& aInnerHTML,
-                               nsIPrincipal& aScriptedPrincipal,
+                               nsIPrincipal* aScriptedPrincipal,
                                ErrorResult& aError)
 {
-  SetTextContentInternal(aInnerHTML, &aScriptedPrincipal, aError);
+  SetTextContentInternal(aInnerHTML, aScriptedPrincipal, aError);
 }
 
 void
 HTMLStyleElement::SetTextContentInternal(const nsAString& aTextContent,
                                          nsIPrincipal* aScriptedPrincipal,
                                          ErrorResult& aError)
 {
   SetEnableUpdates(false);
--- a/dom/html/HTMLStyleElement.h
+++ b/dom/html/HTMLStyleElement.h
@@ -29,17 +29,17 @@ public:
 
   // CC
   NS_DECL_CYCLE_COLLECTION_CLASS_INHERITED(HTMLStyleElement,
                                            nsGenericHTMLElement)
 
   NS_IMETHOD GetInnerHTML(nsAString& aInnerHTML) override;
   using nsGenericHTMLElement::SetInnerHTML;
   virtual void SetInnerHTML(const nsAString& aInnerHTML,
-                            nsIPrincipal& aSubjectPrincipal,
+                            nsIPrincipal* aSubjectPrincipal,
                             mozilla::ErrorResult& aError) override;
   virtual void SetTextContentInternal(const nsAString& aTextContent,
                                       nsIPrincipal* aSubjectPrincipal,
                                       mozilla::ErrorResult& aError) override;
 
   virtual nsresult BindToTree(nsIDocument* aDocument, nsIContent* aParent,
                               nsIContent* aBindingParent,
                               bool aCompileEventHandlers) override;
--- a/dom/html/nsGenericHTMLElement.h
+++ b/dom/html/nsGenericHTMLElement.h
@@ -808,17 +808,17 @@ protected:
   void SetHTMLAttr(nsAtom* aName, const nsAString& aValue)
   {
     SetAttr(kNameSpaceID_None, aName, aValue, true);
   }
   void SetHTMLAttr(nsAtom* aName, const nsAString& aValue, mozilla::ErrorResult& aError)
   {
     mozilla::dom::Element::SetAttr(aName, aValue, aError);
   }
-  void SetHTMLAttr(nsAtom* aName, const nsAString& aValue, nsIPrincipal& aTriggeringPrincipal, mozilla::ErrorResult& aError)
+  void SetHTMLAttr(nsAtom* aName, const nsAString& aValue, nsIPrincipal* aTriggeringPrincipal, mozilla::ErrorResult& aError)
   {
     mozilla::dom::Element::SetAttr(aName, aValue, aTriggeringPrincipal, aError);
   }
   void UnsetHTMLAttr(nsAtom* aName, mozilla::ErrorResult& aError)
   {
     mozilla::dom::Element::UnsetAttr(aName, aError);
   }
   void SetHTMLBoolAttr(nsAtom* aName, bool aValue, mozilla::ErrorResult& aError)
--- a/dom/webidl/AnonymousContent.webidl
+++ b/dom/webidl/AnonymousContent.webidl
@@ -37,17 +37,17 @@ interface AnonymousContent {
   [Throws]
   DOMString? getAttributeForElement(DOMString elementId,
                                     DOMString attributeName);
 
   /**
    * Set the value of an attribute of an element inside this custom anonymous
    * content.
    */
-  [NeedsSubjectPrincipal, Throws]
+  [NeedsSubjectPrincipal=NonSystem, Throws]
   void setAttributeForElement(DOMString elementId,
                               DOMString attributeName,
                               DOMString value);
 
   /**
    * Remove an attribute from an element inside this custom anonymous content.
    */
   [Throws]
--- a/dom/webidl/Attr.webidl
+++ b/dom/webidl/Attr.webidl
@@ -7,17 +7,17 @@
  * http://www.w3.org/TR/2012/WD-dom-20120105/
  *
  * Copyright © 2012 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C
  * liability, trademark and document use rules apply.
  */
 
 interface Attr : Node {
   readonly attribute DOMString localName;
-           [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+           [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString value;
 
   [Constant]
   readonly attribute DOMString name;
   [Constant]
   readonly attribute DOMString? namespaceURI;
   [Constant]
   readonly attribute DOMString? prefix;
--- a/dom/webidl/CSSStyleDeclaration.webidl
+++ b/dom/webidl/CSSStyleDeclaration.webidl
@@ -3,27 +3,27 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/.
  *
  * The origin of this IDL file is
  * http://dev.w3.org/csswg/cssom/
  */
 
 interface CSSStyleDeclaration {
-  [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+  [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
   attribute DOMString cssText;
 
   readonly attribute unsigned long length;
   getter DOMString item(unsigned long index);
 
   [Throws]
   DOMString getPropertyValue(DOMString property);
   // Mozilla extension, sort of
   [Throws]
   CSSValue? getPropertyCSSValue(DOMString property);
   DOMString getPropertyPriority(DOMString property);
-  [CEReactions, NeedsSubjectPrincipal, Throws]
+  [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws]
   void setProperty(DOMString property, [TreatNullAs=EmptyString] DOMString value, [TreatNullAs=EmptyString] optional DOMString priority = "");
   [CEReactions, Throws]
   DOMString removeProperty(DOMString property);
 
   readonly attribute CSSRule? parentRule;
 };
--- a/dom/webidl/Element.webidl
+++ b/dom/webidl/Element.webidl
@@ -35,19 +35,19 @@ interface Element : Node {
   [SameObject]
   readonly attribute NamedNodeMap attributes;
   [Pure]
   sequence<DOMString> getAttributeNames();
   [Pure]
   DOMString? getAttribute(DOMString name);
   [Pure]
   DOMString? getAttributeNS(DOMString? namespace, DOMString localName);
-  [CEReactions, NeedsSubjectPrincipal, Throws]
+  [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws]
   void setAttribute(DOMString name, DOMString value);
-  [CEReactions, NeedsSubjectPrincipal, Throws]
+  [CEReactions, NeedsSubjectPrincipal=NonSystem, Throws]
   void setAttributeNS(DOMString? namespace, DOMString name, DOMString value);
   [CEReactions, Throws]
   void removeAttribute(DOMString name);
   [CEReactions, Throws]
   void removeAttributeNS(DOMString? namespace, DOMString localName);
   [Pure]
   boolean hasAttribute(DOMString name);
   [Pure]
@@ -225,17 +225,17 @@ partial interface Element {
   [ChromeOnly] readonly attribute long scrollTopMin;
                readonly attribute long scrollTopMax;
   [ChromeOnly] readonly attribute long scrollLeftMin;
                readonly attribute long scrollLeftMax;
 };
 
 // http://domparsing.spec.whatwg.org/#extensions-to-the-element-interface
 partial interface Element {
-  [CEReactions, SetterNeedsSubjectPrincipal, Pure, SetterThrows, TreatNullAs=EmptyString]
+  [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, Pure, SetterThrows, TreatNullAs=EmptyString]
   attribute DOMString innerHTML;
   [CEReactions, Pure,SetterThrows,TreatNullAs=EmptyString]
   attribute DOMString outerHTML;
   [CEReactions, Throws]
   void insertAdjacentHTML(DOMString position, DOMString text);
 };
 
 // http://www.w3.org/TR/selectors-api/#interface-definitions
--- a/dom/webidl/HTMLFrameElement.webidl
+++ b/dom/webidl/HTMLFrameElement.webidl
@@ -12,17 +12,17 @@
 
 // http://www.whatwg.org/specs/web-apps/current-work/#htmlframeelement
 [HTMLConstructor]
 interface HTMLFrameElement : HTMLElement {
            [CEReactions, SetterThrows]
            attribute DOMString name;
            [CEReactions, SetterThrows]
            attribute DOMString scrolling;
-           [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+           [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString src;
            [CEReactions, SetterThrows]
            attribute DOMString frameBorder;
            [CEReactions, SetterThrows]
            attribute DOMString longDesc;
            [CEReactions, SetterThrows]
            attribute boolean noResize;
   [NeedsSubjectPrincipal]
--- a/dom/webidl/HTMLIFrameElement.webidl
+++ b/dom/webidl/HTMLIFrameElement.webidl
@@ -8,17 +8,17 @@
  * http://www.whatwg.org/specs/web-apps/current-work/#other-elements,-attributes-and-apis
  * © Copyright 2004-2011 Apple Computer, Inc., Mozilla Foundation, and
  * Opera Software ASA. You are granted a license to use, reproduce
  * and create derivative works of this document.
  */
 
 [HTMLConstructor]
 interface HTMLIFrameElement : HTMLElement {
-  [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows, Pure]
+  [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows, Pure]
            attribute DOMString src;
   [CEReactions, SetterThrows, Pure]
            attribute DOMString srcdoc;
   [CEReactions, SetterThrows, Pure]
            attribute DOMString name;
   [PutForwards=value] readonly attribute DOMTokenList sandbox;
            // attribute boolean seamless;
   [CEReactions, SetterThrows, Pure]
--- a/dom/webidl/HTMLImageElement.webidl
+++ b/dom/webidl/HTMLImageElement.webidl
@@ -16,19 +16,19 @@ interface imgIRequest;
 interface URI;
 interface nsIStreamListener;
 
 [HTMLConstructor,
  NamedConstructor=Image(optional unsigned long width, optional unsigned long height)]
 interface HTMLImageElement : HTMLElement {
            [CEReactions, SetterThrows]
            attribute DOMString alt;
-           [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+           [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString src;
-           [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+           [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString srcset;
            [CEReactions, SetterThrows]
            attribute DOMString? crossOrigin;
            [CEReactions, SetterThrows]
            attribute DOMString useMap;
            [CEReactions, SetterThrows]
            attribute DOMString referrerPolicy;
            [CEReactions, SetterThrows]
--- a/dom/webidl/HTMLInputElement.webidl
+++ b/dom/webidl/HTMLInputElement.webidl
@@ -76,17 +76,17 @@ interface HTMLInputElement : HTMLElement
   [CEReactions, Pure, SetterThrows]
            attribute DOMString placeholder;
   [CEReactions, Pure, SetterThrows]
            attribute boolean readOnly;
   [CEReactions, Pure, SetterThrows]
            attribute boolean required;
   [CEReactions, Pure, SetterThrows]
            attribute unsigned long size;
-  [CEReactions, Pure, SetterNeedsSubjectPrincipal, SetterThrows]
+  [CEReactions, Pure, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString src;
   [CEReactions, Pure, SetterThrows]
            attribute DOMString step;
   [CEReactions, Pure, SetterThrows]
            attribute DOMString type;
   [CEReactions, Pure, SetterThrows]
            attribute DOMString defaultValue;
   [CEReactions, Pure, TreatNullAs=EmptyString, SetterThrows, NeedsCallerType]
--- a/dom/webidl/HTMLLinkElement.webidl
+++ b/dom/webidl/HTMLLinkElement.webidl
@@ -11,17 +11,17 @@
  * and create derivative works of this document.
  */
 
 // http://www.whatwg.org/specs/web-apps/current-work/#the-link-element
 [HTMLConstructor]
 interface HTMLLinkElement : HTMLElement {
   [Pure]
            attribute boolean disabled;
-  [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows, Pure]
+  [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows, Pure]
            attribute DOMString href;
   [CEReactions, SetterThrows, Pure]
            attribute DOMString? crossOrigin;
   [CEReactions, SetterThrows, Pure]
            attribute DOMString rel;
   [PutForwards=value]
   readonly attribute DOMTokenList relList;
   [CEReactions, SetterThrows, Pure]
--- a/dom/webidl/HTMLMediaElement.webidl
+++ b/dom/webidl/HTMLMediaElement.webidl
@@ -12,17 +12,17 @@
  */
 
 interface HTMLMediaElement : HTMLElement {
 
   // error state
   readonly attribute MediaError? error;
 
   // network state
-  [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+  [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString src;
   readonly attribute DOMString currentSrc;
 
   [CEReactions, SetterThrows]
            attribute DOMString? crossOrigin;
   const unsigned short NETWORK_EMPTY = 0;
   const unsigned short NETWORK_IDLE = 1;
   const unsigned short NETWORK_LOADING = 2;
--- a/dom/webidl/HTMLScriptElement.webidl
+++ b/dom/webidl/HTMLScriptElement.webidl
@@ -5,17 +5,17 @@
  *
  * The origin of this IDL file is
  * http://www.whatwg.org/specs/web-apps/current-work/#the-script-element
  * http://www.whatwg.org/specs/web-apps/current-work/#other-elements,-attributes-and-apis
  */
 
 [HTMLConstructor]
 interface HTMLScriptElement : HTMLElement {
-  [CEReactions, NeedsSubjectPrincipal, SetterThrows]
+  [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
   attribute DOMString src;
   [CEReactions, SetterThrows]
   attribute DOMString type;
   [CEReactions, SetterThrows, Pref="dom.moduleScripts.enabled"]
   attribute boolean noModule;
   [CEReactions, SetterThrows]
   attribute DOMString charset;
   [CEReactions, SetterThrows]
--- a/dom/webidl/HTMLSourceElement.webidl
+++ b/dom/webidl/HTMLSourceElement.webidl
@@ -8,22 +8,22 @@
  *
  * © Copyright 2004-2011 Apple Computer, Inc., Mozilla Foundation, and
  * Opera Software ASA. You are granted a license to use, reproduce
  * and create derivative works of this document.
  */
 
 [HTMLConstructor]
 interface HTMLSourceElement : HTMLElement {
-           [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+           [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString src;
            [CEReactions, SetterThrows]
            attribute DOMString type;
 };
 
 partial interface HTMLSourceElement {
-           [CEReactions, SetterNeedsSubjectPrincipal, SetterThrows]
+           [CEReactions, SetterNeedsSubjectPrincipal=NonSystem, SetterThrows]
            attribute DOMString srcset;
            [CEReactions, SetterThrows]
            attribute DOMString sizes;
            [CEReactions, SetterThrows]
            attribute DOMString media;
 };
--- a/dom/webidl/Node.webidl
+++ b/dom/webidl/Node.webidl
@@ -54,17 +54,18 @@ interface Node : EventTarget {
   readonly attribute Node? lastChild;
   [Pure]
   readonly attribute Node? previousSibling;
   [Pure]
   readonly attribute Node? nextSibling;
 
   [CEReactions, SetterThrows, Pure]
            attribute DOMString? nodeValue;
-  [CEReactions, SetterThrows, GetterCanOOM, SetterNeedsSubjectPrincipal, Pure]
+  [CEReactions, SetterThrows, GetterCanOOM,
+   SetterNeedsSubjectPrincipal=NonSystem, Pure]
            attribute DOMString? textContent;
   [CEReactions, Throws]
   Node insertBefore(Node node, Node? child);
   [CEReactions, Throws]
   Node appendChild(Node node);
   [CEReactions, Throws]
   Node replaceChild(Node node, Node child);
   [CEReactions, Throws]
--- a/layout/style/nsDOMCSSDeclaration.h
+++ b/layout/style/nsDOMCSSDeclaration.h
@@ -74,20 +74,20 @@ public:
                  kwtable_, stylestruct_, stylestructoffset_, animtype_)      \
   void                                                                       \
   Get##method_(nsAString& aValue, mozilla::ErrorResult& rv)                  \
   {                                                                          \
     rv = GetPropertyValue(eCSSProperty_##id_, aValue);                       \
   }                                                                          \
                                                                              \
   void                                                                       \
-  Set##method_(const nsAString& aValue, nsIPrincipal& aSubjectPrincipal,     \
+  Set##method_(const nsAString& aValue, nsIPrincipal* aSubjectPrincipal,     \
                mozilla::ErrorResult& rv)                                     \
   {                                                                          \
-    rv = SetPropertyValue(eCSSProperty_##id_, aValue, &aSubjectPrincipal);   \
+    rv = SetPropertyValue(eCSSProperty_##id_, aValue, aSubjectPrincipal);    \
   }
 
 #define CSS_PROP_LIST_EXCLUDE_INTERNAL
 #define CSS_PROP_LIST_INCLUDE_LOGICAL
 #define CSS_PROP_SHORTHAND(name_, id_, method_, flags_, pref_)  \
   CSS_PROP(name_, id_, method_, flags_, pref_, X, X, X, X, X)
 #include "nsCSSPropList.h"
 
--- a/layout/style/nsICSSDeclaration.h
+++ b/layout/style/nsICSSDeclaration.h
@@ -107,19 +107,19 @@ public:
     if (!found) {
       aReturn.Truncate();
     }
     return NS_OK;
   }
   NS_IMETHOD GetParentRule(nsIDOMCSSRule * *aParentRule) override = 0;
 
   // WebIDL interface for CSSStyleDeclaration
-  void SetCssText(const nsAString& aString, nsIPrincipal& aSubjectPrincipal,
+  void SetCssText(const nsAString& aString, nsIPrincipal* aSubjectPrincipal,
                   mozilla::ErrorResult& rv) {
-    rv = SetCssText(aString, &aSubjectPrincipal);
+    rv = SetCssText(aString, aSubjectPrincipal);
   }
   void GetCssText(nsString& aString) {
     // Cast to nsAString& so we end up calling our virtual
     // |GetCssText(nsAString& aCssText)| overload, which does the real work.
     GetCssText(static_cast<nsAString&>(aString));
   }
   uint32_t Length() {
     uint32_t length;
@@ -136,19 +136,19 @@ public:
   void GetPropertyValue(const nsAString& aPropName, nsString& aValue,
                         mozilla::ErrorResult& rv) {
     rv = GetPropertyValue(aPropName, aValue);
   }
   void GetPropertyPriority(const nsAString& aPropName, nsString& aPriority) {
     GetPropertyPriority(aPropName, static_cast<nsAString&>(aPriority));
   }
   void SetProperty(const nsAString& aPropName, const nsAString& aValue,
-                   const nsAString& aPriority, nsIPrincipal& aSubjectPrincipal,
+                   const nsAString& aPriority, nsIPrincipal* aSubjectPrincipal,
                    mozilla::ErrorResult& rv) {
-    rv = SetProperty(aPropName, aValue, aPriority, &aSubjectPrincipal);
+    rv = SetProperty(aPropName, aValue, aPriority, aSubjectPrincipal);
   }
   void RemoveProperty(const nsAString& aPropName, nsString& aRetval,
                       mozilla::ErrorResult& rv) {
     rv = RemoveProperty(aPropName, aRetval);
   }
   already_AddRefed<nsIDOMCSSRule> GetParentRule() {
     nsCOMPtr<nsIDOMCSSRule> rule;
     GetParentRule(getter_AddRefs(rule));