summaryrefslogtreecommitdiffstats
path: root/docshell/base/nsDocShell.cpp
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /docshell/base/nsDocShell.cpp
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'docshell/base/nsDocShell.cpp')
-rw-r--r--docshell/base/nsDocShell.cpp14853
1 files changed, 14853 insertions, 0 deletions
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
new file mode 100644
index 000000000..ab119a016
--- /dev/null
+++ b/docshell/base/nsDocShell.cpp
@@ -0,0 +1,14853 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsDocShell.h"
+
+#include <algorithm>
+
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Attributes.h"
+#include "mozilla/AutoRestore.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Casting.h"
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/dom/ChromeUtils.h"
+#include "mozilla/dom/Element.h"
+#include "mozilla/dom/TabChild.h"
+#include "mozilla/dom/ProfileTimelineMarkerBinding.h"
+#include "mozilla/dom/ScreenOrientation.h"
+#include "mozilla/dom/ToJSValue.h"
+#include "mozilla/dom/PermissionMessageUtils.h"
+#include "mozilla/dom/workers/ServiceWorkerManager.h"
+#include "mozilla/EventStateManager.h"
+#include "mozilla/LoadInfo.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Services.h"
+#include "mozilla/StartupTimeline.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "Navigator.h"
+#include "URIUtils.h"
+#include "mozilla/dom/DocGroup.h"
+#include "mozilla/dom/TabGroup.h"
+
+#include "nsIContent.h"
+#include "nsIContentInlines.h"
+#include "nsIDocument.h"
+#include "nsIDOMDocument.h"
+#include "nsIDOMElement.h"
+
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsICaptivePortalService.h"
+#include "nsIDOMStorage.h"
+#include "nsIContentViewer.h"
+#include "nsIDocumentLoaderFactory.h"
+#include "nsCURILoader.h"
+#include "nsDocShellCID.h"
+#include "nsDOMCID.h"
+#include "nsNetCID.h"
+#include "nsNetUtil.h"
+#include "mozilla/net/ReferrerPolicy.h"
+#include "nsRect.h"
+#include "prenv.h"
+#include "nsIDOMWindow.h"
+#include "nsIGlobalObject.h"
+#include "nsIViewSourceChannel.h"
+#include "nsIWebBrowserChrome.h"
+#include "nsPoint.h"
+#include "nsIObserverService.h"
+#include "nsIPrompt.h"
+#include "nsIAuthPrompt.h"
+#include "nsIAuthPrompt2.h"
+#include "nsIChannelEventSink.h"
+#include "nsIAsyncVerifyRedirectCallback.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIScriptObjectPrincipal.h"
+#include "nsIScrollableFrame.h"
+#include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...)
+#include "nsISeekableStream.h"
+#include "nsAutoPtr.h"
+#include "nsQueryObject.h"
+#include "nsIWritablePropertyBag2.h"
+#include "nsIAppShell.h"
+#include "nsWidgetsCID.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsView.h"
+#include "nsViewManager.h"
+#include "nsIScriptChannel.h"
+#include "nsITimedChannel.h"
+#include "nsIPrivacyTransitionObserver.h"
+#include "nsIReflowObserver.h"
+#include "nsIScrollObserver.h"
+#include "nsIDocShellTreeItem.h"
+#include "nsIChannel.h"
+#include "IHistory.h"
+#include "nsViewSourceHandler.h"
+#include "nsWhitespaceTokenizer.h"
+#include "nsICookieService.h"
+#include "nsIConsoleReportCollector.h"
+#include "nsObjectLoadingContent.h"
+
+// we want to explore making the document own the load group
+// so we can associate the document URI with the load group.
+// until this point, we have an evil hack:
+#include "nsIHttpChannelInternal.h"
+#include "nsPILoadGroupInternal.h"
+
+// Local Includes
+#include "nsDocShellLoadInfo.h"
+#include "nsCDefaultURIFixup.h"
+#include "nsDocShellEnumerator.h"
+#include "nsSHistory.h"
+#include "nsDocShellEditorData.h"
+#include "GeckoProfiler.h"
+#include "timeline/JavascriptTimelineMarker.h"
+
+// Helper Classes
+#include "nsError.h"
+#include "nsEscape.h"
+
+// Interfaces Needed
+#include "nsIFormPOSTActionChannel.h"
+#include "nsIUploadChannel.h"
+#include "nsIUploadChannel2.h"
+#include "nsIWebProgress.h"
+#include "nsILayoutHistoryState.h"
+#include "nsITimer.h"
+#include "nsISHistoryInternal.h"
+#include "nsIPrincipal.h"
+#include "nsNullPrincipal.h"
+#include "nsISHEntry.h"
+#include "nsIWindowWatcher.h"
+#include "nsIPromptFactory.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsINode.h"
+#include "nsINSSErrorsService.h"
+#include "nsIApplicationCacheChannel.h"
+#include "nsIApplicationCacheContainer.h"
+#include "nsStreamUtils.h"
+#include "nsIController.h"
+#include "nsPICommandUpdater.h"
+#include "nsIDOMHTMLAnchorElement.h"
+#include "nsIWebBrowserChrome3.h"
+#include "nsITabChild.h"
+#include "nsISiteSecurityService.h"
+#include "nsStructuredCloneContainer.h"
+#include "nsIStructuredCloneContainer.h"
+#ifdef MOZ_PLACES
+#include "nsIFaviconService.h"
+#include "mozIPlacesPendingOperation.h"
+#include "mozIAsyncFavicons.h"
+#endif
+#include "nsINetworkPredictor.h"
+
+// Editor-related
+#include "nsIEditingSession.h"
+
+#include "nsPIDOMWindow.h"
+#include "nsGlobalWindow.h"
+#include "nsPIWindowRoot.h"
+#include "nsICachingChannel.h"
+#include "nsIMultiPartChannel.h"
+#include "nsIWyciwygChannel.h"
+
+// For reporting errors with the console service.
+// These can go away if error reporting is propagated up past nsDocShell.
+#include "nsIScriptError.h"
+
+// used to dispatch urls to default protocol handlers
+#include "nsCExternalHandlerService.h"
+#include "nsIExternalProtocolService.h"
+
+#include "nsFocusManager.h"
+
+#include "nsITextToSubURI.h"
+
+#include "nsIJARChannel.h"
+
+#include "mozilla/Logging.h"
+
+#include "nsISelectionDisplay.h"
+
+#include "nsIGlobalHistory2.h"
+
+#include "nsIFrame.h"
+#include "nsSubDocumentFrame.h"
+
+// for embedding
+#include "nsIWebBrowserChromeFocus.h"
+
+#if NS_PRINT_PREVIEW
+#include "nsIDocumentViewerPrint.h"
+#include "nsIWebBrowserPrint.h"
+#endif
+
+#include "nsContentUtils.h"
+#include "nsIContentSecurityPolicy.h"
+#include "nsILoadInfo.h"
+#include "nsSandboxFlags.h"
+#include "nsXULAppAPI.h"
+#include "nsDOMNavigationTiming.h"
+#include "nsISecurityUITelemetry.h"
+#include "nsIAppsService.h"
+#include "nsDSURIContentListener.h"
+#include "nsDocShellLoadTypes.h"
+#include "nsDocShellTransferableHooks.h"
+#include "nsICommandManager.h"
+#include "nsIDOMNode.h"
+#include "nsIDocShellTreeOwner.h"
+#include "nsIHttpChannel.h"
+#include "nsIIDNService.h"
+#include "nsIInputStreamChannel.h"
+#include "nsINestedURI.h"
+#include "nsISHContainer.h"
+#include "nsISHistory.h"
+#include "nsISecureBrowserUI.h"
+#include "nsISocketProvider.h"
+#include "nsIStringBundle.h"
+#include "nsIURIFixup.h"
+#include "nsIURILoader.h"
+#include "nsIURL.h"
+#include "nsIWebBrowserFind.h"
+#include "nsIWidget.h"
+#include "mozilla/dom/EncodingUtils.h"
+#include "mozilla/dom/PerformanceNavigation.h"
+#include "mozilla/dom/ScriptSettings.h"
+
+#ifdef MOZ_TOOLKIT_SEARCH
+#include "nsIBrowserSearchService.h"
+#endif
+
+#include "mozIThirdPartyUtil.h"
+
+static NS_DEFINE_CID(kAppShellCID, NS_APPSHELL_CID);
+
+#if defined(DEBUG_bryner) || defined(DEBUG_chb)
+//#define DEBUG_DOCSHELL_FOCUS
+#define DEBUG_PAGE_CACHE
+#endif
+
+#ifdef XP_WIN
+#include <process.h>
+#define getpid _getpid
+#else
+#include <unistd.h> // for getpid()
+#endif
+
+using namespace mozilla;
+using namespace mozilla::dom;
+using mozilla::dom::workers::ServiceWorkerManager;
+
+// True means sUseErrorPages has been added to
+// preferences var cache.
+static bool gAddedPreferencesVarCache = false;
+
+bool nsDocShell::sUseErrorPages = false;
+
+// Number of documents currently loading
+static int32_t gNumberOfDocumentsLoading = 0;
+
+// Global count of existing docshells.
+static int32_t gDocShellCount = 0;
+
+// Global count of docshells with the private attribute set
+static uint32_t gNumberOfPrivateDocShells = 0;
+
+// Global reference to the URI fixup service.
+nsIURIFixup* nsDocShell::sURIFixup = 0;
+
+// True means we validate window targets to prevent frameset
+// spoofing. Initialize this to a non-bolean value so we know to check
+// the pref on the creation of the first docshell.
+static uint32_t gValidateOrigin = 0xffffffff;
+
+// Hint for native dispatch of events on how long to delay after
+// all documents have loaded in milliseconds before favoring normal
+// native event dispatch priorites over performance
+// Can be overridden with docshell.event_starvation_delay_hint pref.
+#define NS_EVENT_STARVATION_DELAY_HINT 2000
+
+#ifdef DEBUG
+static mozilla::LazyLogModule gDocShellLog("nsDocShell");
+#endif
+static mozilla::LazyLogModule gDocShellLeakLog("nsDocShellLeak");;
+
+const char kBrandBundleURL[] = "chrome://branding/locale/brand.properties";
+const char kAppstringsBundleURL[] = "chrome://global/locale/appstrings.properties";
+
+static void
+FavorPerformanceHint(bool aPerfOverStarvation)
+{
+ nsCOMPtr<nsIAppShell> appShell = do_GetService(kAppShellCID);
+ if (appShell) {
+ appShell->FavorPerformanceHint(
+ aPerfOverStarvation,
+ Preferences::GetUint("docshell.event_starvation_delay_hint",
+ NS_EVENT_STARVATION_DELAY_HINT));
+ }
+}
+
+//*****************************************************************************
+// <a ping> support
+//*****************************************************************************
+
+#define PREF_PINGS_ENABLED "browser.send_pings"
+#define PREF_PINGS_MAX_PER_LINK "browser.send_pings.max_per_link"
+#define PREF_PINGS_REQUIRE_SAME_HOST "browser.send_pings.require_same_host"
+
+// Check prefs to see if pings are enabled and if so what restrictions might
+// be applied.
+//
+// @param maxPerLink
+// This parameter returns the number of pings that are allowed per link click
+//
+// @param requireSameHost
+// This parameter returns true if pings are restricted to the same host as
+// the document in which the click occurs. If the same host restriction is
+// imposed, then we still allow for pings to cross over to different
+// protocols and ports for flexibility and because it is not possible to send
+// a ping via FTP.
+//
+// @returns
+// true if pings are enabled and false otherwise.
+//
+static bool
+PingsEnabled(int32_t* aMaxPerLink, bool* aRequireSameHost)
+{
+ bool allow = Preferences::GetBool(PREF_PINGS_ENABLED, false);
+
+ *aMaxPerLink = 1;
+ *aRequireSameHost = true;
+
+ if (allow) {
+ Preferences::GetInt(PREF_PINGS_MAX_PER_LINK, aMaxPerLink);
+ Preferences::GetBool(PREF_PINGS_REQUIRE_SAME_HOST, aRequireSameHost);
+ }
+
+ return allow;
+}
+
+typedef void (*ForEachPingCallback)(void* closure, nsIContent* content,
+ nsIURI* uri, nsIIOService* ios);
+
+static bool
+IsElementAnchor(nsIContent* aContent)
+{
+ // Make sure we are dealing with either an <A> or <AREA> element in the HTML
+ // or XHTML namespace.
+ return aContent->IsAnyOfHTMLElements(nsGkAtoms::a, nsGkAtoms::area);
+}
+
+static void
+ForEachPing(nsIContent* aContent, ForEachPingCallback aCallback, void* aClosure)
+{
+ // NOTE: Using nsIDOMHTMLAnchorElement::GetPing isn't really worth it here
+ // since we'd still need to parse the resulting string. Instead, we
+ // just parse the raw attribute. It might be nice if the content node
+ // implemented an interface that exposed an enumeration of nsIURIs.
+
+ // Make sure we are dealing with either an <A> or <AREA> element in the HTML
+ // or XHTML namespace.
+ if (!IsElementAnchor(aContent)) {
+ return;
+ }
+
+ nsCOMPtr<nsIAtom> pingAtom = NS_Atomize("ping");
+ if (!pingAtom) {
+ return;
+ }
+
+ nsAutoString value;
+ aContent->GetAttr(kNameSpaceID_None, pingAtom, value);
+ if (value.IsEmpty()) {
+ return;
+ }
+
+ nsCOMPtr<nsIIOService> ios = do_GetIOService();
+ if (!ios) {
+ return;
+ }
+
+ nsIDocument* doc = aContent->OwnerDoc();
+
+ nsWhitespaceTokenizer tokenizer(value);
+
+ while (tokenizer.hasMoreTokens()) {
+ nsCOMPtr<nsIURI> uri, baseURI = aContent->GetBaseURI();
+ ios->NewURI(NS_ConvertUTF16toUTF8(tokenizer.nextToken()),
+ doc->GetDocumentCharacterSet().get(),
+ baseURI, getter_AddRefs(uri));
+ // if we can't generate a valid URI, then there is nothing to do
+ if (!uri) {
+ continue;
+ }
+ // Explicitly not allow loading data: URIs
+ bool isDataScheme =
+ (NS_SUCCEEDED(uri->SchemeIs("data", &isDataScheme)) && isDataScheme);
+
+ if (!isDataScheme) {
+ aCallback(aClosure, aContent, uri, ios);
+ }
+ }
+}
+
+//----------------------------------------------------------------------
+
+// We wait this many milliseconds before killing the ping channel...
+#define PING_TIMEOUT 10000
+
+static void
+OnPingTimeout(nsITimer* aTimer, void* aClosure)
+{
+ nsILoadGroup* loadGroup = static_cast<nsILoadGroup*>(aClosure);
+ if (loadGroup) {
+ loadGroup->Cancel(NS_ERROR_ABORT);
+ }
+}
+
+class nsPingListener final
+ : public nsIStreamListener
+{
+public:
+ NS_DECL_ISUPPORTS
+ NS_DECL_NSIREQUESTOBSERVER
+ NS_DECL_NSISTREAMLISTENER
+
+ nsPingListener()
+ {
+ }
+
+ void SetLoadGroup(nsILoadGroup* aLoadGroup) {
+ mLoadGroup = aLoadGroup;
+ }
+
+ nsresult StartTimeout();
+
+private:
+ ~nsPingListener();
+
+ nsCOMPtr<nsILoadGroup> mLoadGroup;
+ nsCOMPtr<nsITimer> mTimer;
+};
+
+NS_IMPL_ISUPPORTS(nsPingListener, nsIStreamListener, nsIRequestObserver)
+
+nsPingListener::~nsPingListener()
+{
+ if (mTimer) {
+ mTimer->Cancel();
+ mTimer = nullptr;
+ }
+}
+
+nsresult
+nsPingListener::StartTimeout()
+{
+ nsCOMPtr<nsITimer> timer = do_CreateInstance(NS_TIMER_CONTRACTID);
+
+ if (timer) {
+ nsresult rv = timer->InitWithFuncCallback(OnPingTimeout, mLoadGroup,
+ PING_TIMEOUT,
+ nsITimer::TYPE_ONE_SHOT);
+ if (NS_SUCCEEDED(rv)) {
+ mTimer = timer;
+ return NS_OK;
+ }
+ }
+
+ return NS_ERROR_OUT_OF_MEMORY;
+}
+
+NS_IMETHODIMP
+nsPingListener::OnStartRequest(nsIRequest* aRequest, nsISupports* aContext)
+{
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPingListener::OnDataAvailable(nsIRequest* aRequest, nsISupports* aContext,
+ nsIInputStream* aStream, uint64_t aOffset,
+ uint32_t aCount)
+{
+ uint32_t result;
+ return aStream->ReadSegments(NS_DiscardSegment, nullptr, aCount, &result);
+}
+
+NS_IMETHODIMP
+nsPingListener::OnStopRequest(nsIRequest* aRequest, nsISupports* aContext,
+ nsresult aStatus)
+{
+ mLoadGroup = nullptr;
+
+ if (mTimer) {
+ mTimer->Cancel();
+ mTimer = nullptr;
+ }
+
+ return NS_OK;
+}
+
+struct MOZ_STACK_CLASS SendPingInfo
+{
+ int32_t numPings;
+ int32_t maxPings;
+ bool requireSameHost;
+ nsIURI* target;
+ nsIURI* referrer;
+ nsIDocShell* docShell;
+ uint32_t referrerPolicy;
+};
+
+static void
+SendPing(void* aClosure, nsIContent* aContent, nsIURI* aURI,
+ nsIIOService* aIOService)
+{
+ SendPingInfo* info = static_cast<SendPingInfo*>(aClosure);
+ if (info->maxPings > -1 && info->numPings >= info->maxPings) {
+ return;
+ }
+
+ nsIDocument* doc = aContent->OwnerDoc();
+
+ nsCOMPtr<nsIChannel> chan;
+ NS_NewChannel(getter_AddRefs(chan),
+ aURI,
+ doc,
+ info->requireSameHost
+ ? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
+ : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+ nsIContentPolicy::TYPE_PING,
+ nullptr, // aLoadGroup
+ nullptr, // aCallbacks
+ nsIRequest::LOAD_NORMAL, // aLoadFlags,
+ aIOService);
+
+ if (!chan) {
+ return;
+ }
+
+ // Don't bother caching the result of this URI load, but do not exempt
+ // it from Safe Browsing.
+ chan->SetLoadFlags(nsIRequest::INHIBIT_CACHING | nsIChannel::LOAD_CLASSIFY_URI);
+
+ nsCOMPtr<nsIHttpChannel> httpChan = do_QueryInterface(chan);
+ if (!httpChan) {
+ return;
+ }
+
+ // This is needed in order for 3rd-party cookie blocking to work.
+ nsCOMPtr<nsIHttpChannelInternal> httpInternal = do_QueryInterface(httpChan);
+ if (httpInternal) {
+ httpInternal->SetDocumentURI(doc->GetDocumentURI());
+ }
+
+ httpChan->SetRequestMethod(NS_LITERAL_CSTRING("POST"));
+
+ // Remove extraneous request headers (to reduce request size)
+ httpChan->SetRequestHeader(NS_LITERAL_CSTRING("accept"),
+ EmptyCString(), false);
+ httpChan->SetRequestHeader(NS_LITERAL_CSTRING("accept-language"),
+ EmptyCString(), false);
+ httpChan->SetRequestHeader(NS_LITERAL_CSTRING("accept-encoding"),
+ EmptyCString(), false);
+
+ // Always send a Ping-To header.
+ nsAutoCString pingTo;
+ if (NS_SUCCEEDED(info->target->GetSpec(pingTo))) {
+ httpChan->SetRequestHeader(NS_LITERAL_CSTRING("Ping-To"), pingTo, false);
+ }
+
+ nsCOMPtr<nsIScriptSecurityManager> sm =
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+
+ if (sm && info->referrer) {
+ bool referrerIsSecure;
+ uint32_t flags = nsIProtocolHandler::URI_SAFE_TO_LOAD_IN_SECURE_CONTEXT;
+ nsresult rv = NS_URIChainHasFlags(info->referrer, flags, &referrerIsSecure);
+
+ // Default to sending less data if NS_URIChainHasFlags() fails.
+ referrerIsSecure = NS_FAILED(rv) || referrerIsSecure;
+
+ bool sameOrigin =
+ NS_SUCCEEDED(sm->CheckSameOriginURI(info->referrer, aURI, false));
+
+ // If both the address of the document containing the hyperlink being
+ // audited and "ping URL" have the same origin or the document containing
+ // the hyperlink being audited was not retrieved over an encrypted
+ // connection, send a Ping-From header.
+ if (sameOrigin || !referrerIsSecure) {
+ nsAutoCString pingFrom;
+ if (NS_SUCCEEDED(info->referrer->GetSpec(pingFrom))) {
+ httpChan->SetRequestHeader(NS_LITERAL_CSTRING("Ping-From"), pingFrom,
+ false);
+ }
+ }
+
+ // If the document containing the hyperlink being audited was not retrieved
+ // over an encrypted connection and its address does not have the same
+ // origin as "ping URL", send a referrer.
+ if (!sameOrigin && !referrerIsSecure) {
+ httpChan->SetReferrerWithPolicy(info->referrer, info->referrerPolicy);
+ }
+ }
+
+ nsCOMPtr<nsIUploadChannel2> uploadChan = do_QueryInterface(httpChan);
+ if (!uploadChan) {
+ return;
+ }
+
+ NS_NAMED_LITERAL_CSTRING(uploadData, "PING");
+
+ nsCOMPtr<nsIInputStream> uploadStream;
+ NS_NewPostDataStream(getter_AddRefs(uploadStream), false, uploadData);
+ if (!uploadStream) {
+ return;
+ }
+
+ uploadChan->ExplicitSetUploadStream(uploadStream,
+ NS_LITERAL_CSTRING("text/ping"),
+ uploadData.Length(),
+ NS_LITERAL_CSTRING("POST"), false);
+
+ // The channel needs to have a loadgroup associated with it, so that we can
+ // cancel the channel and any redirected channels it may create.
+ nsCOMPtr<nsILoadGroup> loadGroup = do_CreateInstance(NS_LOADGROUP_CONTRACTID);
+ if (!loadGroup) {
+ return;
+ }
+ nsCOMPtr<nsIInterfaceRequestor> callbacks = do_QueryInterface(info->docShell);
+ loadGroup->SetNotificationCallbacks(callbacks);
+ chan->SetLoadGroup(loadGroup);
+
+ RefPtr<nsPingListener> pingListener = new nsPingListener();
+ chan->AsyncOpen2(pingListener);
+
+ // Even if AsyncOpen failed, we still count this as a successful ping. It's
+ // possible that AsyncOpen may have failed after triggering some background
+ // process that may have written something to the network.
+ info->numPings++;
+
+ // Prevent ping requests from stalling and never being garbage collected...
+ if (NS_FAILED(pingListener->StartTimeout())) {
+ // If we failed to setup the timer, then we should just cancel the channel
+ // because we won't be able to ensure that it goes away in a timely manner.
+ chan->Cancel(NS_ERROR_ABORT);
+ return;
+ }
+ // if the channel openend successfully, then make the pingListener hold
+ // a strong reference to the loadgroup which is released in ::OnStopRequest
+ pingListener->SetLoadGroup(loadGroup);
+}
+
+// Spec: http://whatwg.org/specs/web-apps/current-work/#ping
+static void
+DispatchPings(nsIDocShell* aDocShell,
+ nsIContent* aContent,
+ nsIURI* aTarget,
+ nsIURI* aReferrer,
+ uint32_t aReferrerPolicy)
+{
+ SendPingInfo info;
+
+ if (!PingsEnabled(&info.maxPings, &info.requireSameHost)) {
+ return;
+ }
+ if (info.maxPings == 0) {
+ return;
+ }
+
+ info.numPings = 0;
+ info.target = aTarget;
+ info.referrer = aReferrer;
+ info.referrerPolicy = aReferrerPolicy;
+ info.docShell = aDocShell;
+
+ ForEachPing(aContent, SendPing, &info);
+}
+
+static nsDOMNavigationTiming::Type
+ConvertLoadTypeToNavigationType(uint32_t aLoadType)
+{
+ // Not initialized, assume it's normal load.
+ if (aLoadType == 0) {
+ aLoadType = LOAD_NORMAL;
+ }
+
+ auto result = nsDOMNavigationTiming::TYPE_RESERVED;
+ switch (aLoadType) {
+ case LOAD_NORMAL:
+ case LOAD_NORMAL_EXTERNAL:
+ case LOAD_NORMAL_BYPASS_CACHE:
+ case LOAD_NORMAL_BYPASS_PROXY:
+ case LOAD_NORMAL_BYPASS_PROXY_AND_CACHE:
+ case LOAD_NORMAL_REPLACE:
+ case LOAD_NORMAL_ALLOW_MIXED_CONTENT:
+ case LOAD_LINK:
+ case LOAD_STOP_CONTENT:
+ case LOAD_REPLACE_BYPASS_CACHE:
+ result = nsDOMNavigationTiming::TYPE_NAVIGATE;
+ break;
+ case LOAD_HISTORY:
+ result = nsDOMNavigationTiming::TYPE_BACK_FORWARD;
+ break;
+ case LOAD_RELOAD_NORMAL:
+ case LOAD_RELOAD_CHARSET_CHANGE:
+ case LOAD_RELOAD_BYPASS_CACHE:
+ case LOAD_RELOAD_BYPASS_PROXY:
+ case LOAD_RELOAD_BYPASS_PROXY_AND_CACHE:
+ case LOAD_RELOAD_ALLOW_MIXED_CONTENT:
+ result = nsDOMNavigationTiming::TYPE_RELOAD;
+ break;
+ case LOAD_STOP_CONTENT_AND_REPLACE:
+ case LOAD_REFRESH:
+ case LOAD_BYPASS_HISTORY:
+ case LOAD_ERROR_PAGE:
+ case LOAD_PUSHSTATE:
+ result = nsDOMNavigationTiming::TYPE_RESERVED;
+ break;
+ default:
+ // NS_NOTREACHED("Unexpected load type value");
+ result = nsDOMNavigationTiming::TYPE_RESERVED;
+ break;
+ }
+
+ return result;
+}
+
+static nsISHEntry* GetRootSHEntry(nsISHEntry* aEntry);
+
+static void
+IncreasePrivateDocShellCount()
+{
+ gNumberOfPrivateDocShells++;
+ if (gNumberOfPrivateDocShells > 1 ||
+ !XRE_IsContentProcess()) {
+ return;
+ }
+
+ mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton();
+ cc->SendPrivateDocShellsExist(true);
+}
+
+static void
+DecreasePrivateDocShellCount()
+{
+ MOZ_ASSERT(gNumberOfPrivateDocShells > 0);
+ gNumberOfPrivateDocShells--;
+ if (!gNumberOfPrivateDocShells) {
+ if (XRE_IsContentProcess()) {
+ dom::ContentChild* cc = dom::ContentChild::GetSingleton();
+ cc->SendPrivateDocShellsExist(false);
+ return;
+ }
+
+ nsCOMPtr<nsIObserverService> obsvc = services::GetObserverService();
+ if (obsvc) {
+ obsvc->NotifyObservers(nullptr, "last-pb-context-exited", nullptr);
+ }
+ }
+}
+
+static uint64_t gDocshellIDCounter = 0;
+
+nsDocShell::nsDocShell()
+ : nsDocLoader()
+ , mDefaultScrollbarPref(Scrollbar_Auto, Scrollbar_Auto)
+ , mTreeOwner(nullptr)
+ , mChromeEventHandler(nullptr)
+ , mCharsetReloadState(eCharsetReloadInit)
+ , mChildOffset(0)
+ , mBusyFlags(BUSY_FLAGS_NONE)
+ , mAppType(nsIDocShell::APP_TYPE_UNKNOWN)
+ , mLoadType(0)
+ , mMarginWidth(-1)
+ , mMarginHeight(-1)
+ , mItemType(typeContent)
+ , mPreviousTransIndex(-1)
+ , mLoadedTransIndex(-1)
+ , mSandboxFlags(0)
+ , mOrientationLock(eScreenOrientation_None)
+ , mFullscreenAllowed(CHECK_ATTRIBUTES)
+ , mCreated(false)
+ , mAllowSubframes(true)
+ , mAllowPlugins(true)
+ , mAllowJavascript(true)
+ , mAllowMetaRedirects(true)
+ , mAllowImages(true)
+ , mAllowMedia(true)
+ , mAllowDNSPrefetch(true)
+ , mAllowWindowControl(true)
+ , mAllowContentRetargeting(true)
+ , mAllowContentRetargetingOnChildren(true)
+ , mUseErrorPages(false)
+ , mObserveErrorPages(true)
+ , mAllowAuth(true)
+ , mAllowKeywordFixup(false)
+ , mIsOffScreenBrowser(false)
+ , mIsActive(true)
+ , mDisableMetaRefreshWhenInactive(false)
+ , mIsPrerendered(false)
+ , mIsAppTab(false)
+ , mUseGlobalHistory(false)
+ , mUseRemoteTabs(false)
+ , mDeviceSizeIsPageSize(false)
+ , mWindowDraggingAllowed(false)
+ , mInFrameSwap(false)
+ , mInheritPrivateBrowsingId(true)
+ , mCanExecuteScripts(false)
+ , mFiredUnloadEvent(false)
+ , mEODForCurrentDocument(false)
+ , mURIResultedInDocument(false)
+ , mIsBeingDestroyed(false)
+ , mIsExecutingOnLoadHandler(false)
+ , mIsPrintingOrPP(false)
+ , mSavingOldViewer(false)
+ , mAffectPrivateSessionLifetime(true)
+ , mInvisible(false)
+ , mHasLoadedNonBlankURI(false)
+ , mBlankTiming(false)
+ , mCreatingDocument(false)
+#ifdef DEBUG
+ , mInEnsureScriptEnv(false)
+#endif
+ , mDefaultLoadFlags(nsIRequest::LOAD_NORMAL)
+ , mFrameType(FRAME_TYPE_REGULAR)
+ , mPrivateBrowsingId(0)
+ , mParentCharsetSource(0)
+ , mJSRunToCompletionDepth(0)
+ , mTouchEventsOverride(nsIDocShell::TOUCHEVENTS_OVERRIDE_NONE)
+{
+ AssertOriginAttributesMatchPrivateBrowsing();
+ mHistoryID = ++gDocshellIDCounter;
+ if (gDocShellCount++ == 0) {
+ NS_ASSERTION(sURIFixup == nullptr,
+ "Huh, sURIFixup not null in first nsDocShell ctor!");
+
+ CallGetService(NS_URIFIXUP_CONTRACTID, &sURIFixup);
+ }
+
+ MOZ_LOG(gDocShellLeakLog, LogLevel::Debug, ("DOCSHELL %p created\n", this));
+
+#ifdef DEBUG
+ // We're counting the number of |nsDocShells| to help find leaks
+ ++gNumberOfDocShells;
+ if (!PR_GetEnv("MOZ_QUIET")) {
+ printf_stderr("++DOCSHELL %p == %ld [pid = %d] [id = %llu]\n",
+ (void*)this,
+ gNumberOfDocShells,
+ getpid(),
+ AssertedCast<unsigned long long>(mHistoryID));
+ }
+#endif
+}
+
+nsDocShell::~nsDocShell()
+{
+ MOZ_ASSERT(!mObserved);
+
+ // Avoid notifying observers while we're in the dtor.
+ mIsBeingDestroyed = true;
+
+ Destroy();
+
+ nsCOMPtr<nsISHistoryInternal> shPrivate(do_QueryInterface(mSessionHistory));
+ if (shPrivate) {
+ shPrivate->SetRootDocShell(nullptr);
+ }
+
+ if (--gDocShellCount == 0) {
+ NS_IF_RELEASE(sURIFixup);
+ }
+
+ if (gDocShellLeakLog) {
+ MOZ_LOG(gDocShellLeakLog, LogLevel::Debug, ("DOCSHELL %p destroyed\n", this));
+ }
+
+#ifdef DEBUG
+ // We're counting the number of |nsDocShells| to help find leaks
+ --gNumberOfDocShells;
+ if (!PR_GetEnv("MOZ_QUIET")) {
+ printf_stderr("--DOCSHELL %p == %ld [pid = %d] [id = %llu]\n",
+ (void*)this,
+ gNumberOfDocShells,
+ getpid(),
+ AssertedCast<unsigned long long>(mHistoryID));
+ }
+#endif
+}
+
+nsresult
+nsDocShell::Init()
+{
+ nsresult rv = nsDocLoader::Init();
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ NS_ASSERTION(mLoadGroup, "Something went wrong!");
+
+ mContentListener = new nsDSURIContentListener(this);
+ rv = mContentListener->Init();
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // We want to hold a strong ref to the loadgroup, so it better hold a weak
+ // ref to us... use an InterfaceRequestorProxy to do this.
+ nsCOMPtr<nsIInterfaceRequestor> proxy =
+ new InterfaceRequestorProxy(static_cast<nsIInterfaceRequestor*>(this));
+ mLoadGroup->SetNotificationCallbacks(proxy);
+
+ rv = nsDocLoader::AddDocLoaderAsChildOfRoot(this);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Add as |this| a progress listener to itself. A little weird, but
+ // simpler than reproducing all the listener-notification logic in
+ // overrides of the various methods via which nsDocLoader can be
+ // notified. Note that this holds an nsWeakPtr to ourselves, so it's ok.
+ return AddProgressListener(this, nsIWebProgress::NOTIFY_STATE_DOCUMENT |
+ nsIWebProgress::NOTIFY_STATE_NETWORK);
+}
+
+void
+nsDocShell::DestroyChildren()
+{
+ nsCOMPtr<nsIDocShellTreeItem> shell;
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ shell = do_QueryObject(iter.GetNext());
+ NS_ASSERTION(shell, "docshell has null child");
+
+ if (shell) {
+ shell->SetTreeOwner(nullptr);
+ }
+ }
+
+ nsDocLoader::DestroyChildren();
+}
+
+NS_IMPL_ADDREF_INHERITED(nsDocShell, nsDocLoader)
+NS_IMPL_RELEASE_INHERITED(nsDocShell, nsDocLoader)
+
+NS_INTERFACE_MAP_BEGIN(nsDocShell)
+ NS_INTERFACE_MAP_ENTRY(nsIDocShell)
+ NS_INTERFACE_MAP_ENTRY(nsIDocShellTreeItem)
+ NS_INTERFACE_MAP_ENTRY(nsIWebNavigation)
+ NS_INTERFACE_MAP_ENTRY(nsIBaseWindow)
+ NS_INTERFACE_MAP_ENTRY(nsIScrollable)
+ NS_INTERFACE_MAP_ENTRY(nsITextScroll)
+ NS_INTERFACE_MAP_ENTRY(nsIDocCharset)
+ NS_INTERFACE_MAP_ENTRY(nsIRefreshURI)
+ NS_INTERFACE_MAP_ENTRY(nsIWebProgressListener)
+ NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
+ NS_INTERFACE_MAP_ENTRY(nsIContentViewerContainer)
+ NS_INTERFACE_MAP_ENTRY(nsIWebPageDescriptor)
+ NS_INTERFACE_MAP_ENTRY(nsIAuthPromptProvider)
+ NS_INTERFACE_MAP_ENTRY(nsILoadContext)
+ NS_INTERFACE_MAP_ENTRY(nsIWebShellServices)
+ NS_INTERFACE_MAP_ENTRY(nsILinkHandler)
+ NS_INTERFACE_MAP_ENTRY(nsIClipboardCommands)
+ NS_INTERFACE_MAP_ENTRY(nsIDOMStorageManager)
+ NS_INTERFACE_MAP_ENTRY(nsINetworkInterceptController)
+ NS_INTERFACE_MAP_ENTRY(nsIDeprecationWarner)
+NS_INTERFACE_MAP_END_INHERITING(nsDocLoader)
+
+NS_IMETHODIMP
+nsDocShell::GetInterface(const nsIID& aIID, void** aSink)
+{
+ NS_PRECONDITION(aSink, "null out param");
+
+ *aSink = nullptr;
+
+ if (aIID.Equals(NS_GET_IID(nsICommandManager))) {
+ NS_ENSURE_SUCCESS(EnsureCommandHandler(), NS_ERROR_FAILURE);
+ *aSink = mCommandManager;
+ } else if (aIID.Equals(NS_GET_IID(nsIURIContentListener))) {
+ *aSink = mContentListener;
+ } else if ((aIID.Equals(NS_GET_IID(nsIScriptGlobalObject)) ||
+ aIID.Equals(NS_GET_IID(nsIGlobalObject)) ||
+ aIID.Equals(NS_GET_IID(nsPIDOMWindowOuter)) ||
+ aIID.Equals(NS_GET_IID(mozIDOMWindowProxy)) ||
+ aIID.Equals(NS_GET_IID(nsIDOMWindow)) ||
+ aIID.Equals(NS_GET_IID(nsIDOMWindowInternal))) &&
+ NS_SUCCEEDED(EnsureScriptEnvironment())) {
+ return mScriptGlobal->QueryInterface(aIID, aSink);
+ } else if (aIID.Equals(NS_GET_IID(nsIDOMDocument)) &&
+ NS_SUCCEEDED(EnsureContentViewer())) {
+ mContentViewer->GetDOMDocument((nsIDOMDocument**)aSink);
+ return *aSink ? NS_OK : NS_NOINTERFACE;
+ } else if (aIID.Equals(NS_GET_IID(nsIDocument)) &&
+ NS_SUCCEEDED(EnsureContentViewer())) {
+ nsCOMPtr<nsIDocument> doc = mContentViewer->GetDocument();
+ doc.forget(aSink);
+ return *aSink ? NS_OK : NS_NOINTERFACE;
+ } else if (aIID.Equals(NS_GET_IID(nsIApplicationCacheContainer))) {
+ *aSink = nullptr;
+
+ // Return application cache associated with this docshell, if any
+
+ nsCOMPtr<nsIContentViewer> contentViewer;
+ GetContentViewer(getter_AddRefs(contentViewer));
+ if (!contentViewer) {
+ return NS_ERROR_NO_INTERFACE;
+ }
+
+ nsCOMPtr<nsIDOMDocument> domDoc;
+ contentViewer->GetDOMDocument(getter_AddRefs(domDoc));
+ NS_ASSERTION(domDoc, "Should have a document.");
+ if (!domDoc) {
+ return NS_ERROR_NO_INTERFACE;
+ }
+
+#if defined(DEBUG)
+ MOZ_LOG(gDocShellLog, LogLevel::Debug,
+ ("nsDocShell[%p]: returning app cache container %p",
+ this, domDoc.get()));
+#endif
+ return domDoc->QueryInterface(aIID, aSink);
+ } else if (aIID.Equals(NS_GET_IID(nsIPrompt)) &&
+ NS_SUCCEEDED(EnsureScriptEnvironment())) {
+ nsresult rv;
+ nsCOMPtr<nsIWindowWatcher> wwatch =
+ do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Get the an auth prompter for our window so that the parenting
+ // of the dialogs works as it should when using tabs.
+ nsIPrompt* prompt;
+ rv = wwatch->GetNewPrompter(mScriptGlobal->AsOuter(), &prompt);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ *aSink = prompt;
+ return NS_OK;
+ } else if (aIID.Equals(NS_GET_IID(nsIAuthPrompt)) ||
+ aIID.Equals(NS_GET_IID(nsIAuthPrompt2))) {
+ return NS_SUCCEEDED(GetAuthPrompt(PROMPT_NORMAL, aIID, aSink)) ?
+ NS_OK : NS_NOINTERFACE;
+ } else if (aIID.Equals(NS_GET_IID(nsISHistory))) {
+ nsCOMPtr<nsISHistory> shistory;
+ nsresult rv = GetSessionHistory(getter_AddRefs(shistory));
+ if (NS_SUCCEEDED(rv) && shistory) {
+ shistory.forget(aSink);
+ return NS_OK;
+ }
+ return NS_NOINTERFACE;
+ } else if (aIID.Equals(NS_GET_IID(nsIWebBrowserFind))) {
+ nsresult rv = EnsureFind();
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ *aSink = mFind;
+ NS_ADDREF((nsISupports*)*aSink);
+ return NS_OK;
+ } else if (aIID.Equals(NS_GET_IID(nsIEditingSession))) {
+ nsCOMPtr<nsIEditingSession> es;
+ GetEditingSession(getter_AddRefs(es));
+ es.forget(aSink);
+ return *aSink ? NS_OK : NS_NOINTERFACE;
+ } else if (aIID.Equals(NS_GET_IID(nsIClipboardDragDropHookList)) &&
+ NS_SUCCEEDED(EnsureTransferableHookData())) {
+ *aSink = mTransferableHookData;
+ NS_ADDREF((nsISupports*)*aSink);
+ return NS_OK;
+ } else if (aIID.Equals(NS_GET_IID(nsISelectionDisplay))) {
+ nsIPresShell* shell = GetPresShell();
+ if (shell) {
+ return shell->QueryInterface(aIID, aSink);
+ }
+ } else if (aIID.Equals(NS_GET_IID(nsIDocShellTreeOwner))) {
+ nsCOMPtr<nsIDocShellTreeOwner> treeOwner;
+ nsresult rv = GetTreeOwner(getter_AddRefs(treeOwner));
+ if (NS_SUCCEEDED(rv) && treeOwner) {
+ return treeOwner->QueryInterface(aIID, aSink);
+ }
+ } else if (aIID.Equals(NS_GET_IID(nsITabChild))) {
+ *aSink = GetTabChild().take();
+ return *aSink ? NS_OK : NS_ERROR_FAILURE;
+ } else if (aIID.Equals(NS_GET_IID(nsIContentFrameMessageManager))) {
+ nsCOMPtr<nsITabChild> tabChild =
+ do_GetInterface(static_cast<nsIDocShell*>(this));
+ nsCOMPtr<nsIContentFrameMessageManager> mm;
+ if (tabChild) {
+ tabChild->GetMessageManager(getter_AddRefs(mm));
+ } else {
+ if (nsPIDOMWindowOuter* win = GetWindow()) {
+ mm = do_QueryInterface(win->GetParentTarget());
+ }
+ }
+ *aSink = mm.get();
+ } else {
+ return nsDocLoader::GetInterface(aIID, aSink);
+ }
+
+ NS_IF_ADDREF(((nsISupports*)*aSink));
+ return *aSink ? NS_OK : NS_NOINTERFACE;
+}
+
+uint32_t
+nsDocShell::ConvertDocShellLoadInfoToLoadType(
+ nsDocShellInfoLoadType aDocShellLoadType)
+{
+ uint32_t loadType = LOAD_NORMAL;
+
+ switch (aDocShellLoadType) {
+ case nsIDocShellLoadInfo::loadNormal:
+ loadType = LOAD_NORMAL;
+ break;
+ case nsIDocShellLoadInfo::loadNormalReplace:
+ loadType = LOAD_NORMAL_REPLACE;
+ break;
+ case nsIDocShellLoadInfo::loadNormalExternal:
+ loadType = LOAD_NORMAL_EXTERNAL;
+ break;
+ case nsIDocShellLoadInfo::loadHistory:
+ loadType = LOAD_HISTORY;
+ break;
+ case nsIDocShellLoadInfo::loadNormalBypassCache:
+ loadType = LOAD_NORMAL_BYPASS_CACHE;
+ break;
+ case nsIDocShellLoadInfo::loadNormalBypassProxy:
+ loadType = LOAD_NORMAL_BYPASS_PROXY;
+ break;
+ case nsIDocShellLoadInfo::loadNormalBypassProxyAndCache:
+ loadType = LOAD_NORMAL_BYPASS_PROXY_AND_CACHE;
+ break;
+ case nsIDocShellLoadInfo::loadNormalAllowMixedContent:
+ loadType = LOAD_NORMAL_ALLOW_MIXED_CONTENT;
+ break;
+ case nsIDocShellLoadInfo::loadReloadNormal:
+ loadType = LOAD_RELOAD_NORMAL;
+ break;
+ case nsIDocShellLoadInfo::loadReloadCharsetChange:
+ loadType = LOAD_RELOAD_CHARSET_CHANGE;
+ break;
+ case nsIDocShellLoadInfo::loadReloadBypassCache:
+ loadType = LOAD_RELOAD_BYPASS_CACHE;
+ break;
+ case nsIDocShellLoadInfo::loadReloadBypassProxy:
+ loadType = LOAD_RELOAD_BYPASS_PROXY;
+ break;
+ case nsIDocShellLoadInfo::loadReloadBypassProxyAndCache:
+ loadType = LOAD_RELOAD_BYPASS_PROXY_AND_CACHE;
+ break;
+ case nsIDocShellLoadInfo::loadLink:
+ loadType = LOAD_LINK;
+ break;
+ case nsIDocShellLoadInfo::loadRefresh:
+ loadType = LOAD_REFRESH;
+ break;
+ case nsIDocShellLoadInfo::loadBypassHistory:
+ loadType = LOAD_BYPASS_HISTORY;
+ break;
+ case nsIDocShellLoadInfo::loadStopContent:
+ loadType = LOAD_STOP_CONTENT;
+ break;
+ case nsIDocShellLoadInfo::loadStopContentAndReplace:
+ loadType = LOAD_STOP_CONTENT_AND_REPLACE;
+ break;
+ case nsIDocShellLoadInfo::loadPushState:
+ loadType = LOAD_PUSHSTATE;
+ break;
+ case nsIDocShellLoadInfo::loadReplaceBypassCache:
+ loadType = LOAD_REPLACE_BYPASS_CACHE;
+ break;
+ case nsIDocShellLoadInfo::loadReloadMixedContent:
+ loadType = LOAD_RELOAD_ALLOW_MIXED_CONTENT;
+ break;
+ default:
+ NS_NOTREACHED("Unexpected nsDocShellInfoLoadType value");
+ }
+
+ return loadType;
+}
+
+nsDocShellInfoLoadType
+nsDocShell::ConvertLoadTypeToDocShellLoadInfo(uint32_t aLoadType)
+{
+ nsDocShellInfoLoadType docShellLoadType = nsIDocShellLoadInfo::loadNormal;
+ switch (aLoadType) {
+ case LOAD_NORMAL:
+ docShellLoadType = nsIDocShellLoadInfo::loadNormal;
+ break;
+ case LOAD_NORMAL_REPLACE:
+ docShellLoadType = nsIDocShellLoadInfo::loadNormalReplace;
+ break;
+ case LOAD_NORMAL_EXTERNAL:
+ docShellLoadType = nsIDocShellLoadInfo::loadNormalExternal;
+ break;
+ case LOAD_NORMAL_BYPASS_CACHE:
+ docShellLoadType = nsIDocShellLoadInfo::loadNormalBypassCache;
+ break;
+ case LOAD_NORMAL_BYPASS_PROXY:
+ docShellLoadType = nsIDocShellLoadInfo::loadNormalBypassProxy;
+ break;
+ case LOAD_NORMAL_BYPASS_PROXY_AND_CACHE:
+ docShellLoadType = nsIDocShellLoadInfo::loadNormalBypassProxyAndCache;
+ break;
+ case LOAD_NORMAL_ALLOW_MIXED_CONTENT:
+ docShellLoadType = nsIDocShellLoadInfo::loadNormalAllowMixedContent;
+ break;
+ case LOAD_HISTORY:
+ docShellLoadType = nsIDocShellLoadInfo::loadHistory;
+ break;
+ case LOAD_RELOAD_NORMAL:
+ docShellLoadType = nsIDocShellLoadInfo::loadReloadNormal;
+ break;
+ case LOAD_RELOAD_CHARSET_CHANGE:
+ docShellLoadType = nsIDocShellLoadInfo::loadReloadCharsetChange;
+ break;
+ case LOAD_RELOAD_BYPASS_CACHE:
+ docShellLoadType = nsIDocShellLoadInfo::loadReloadBypassCache;
+ break;
+ case LOAD_RELOAD_BYPASS_PROXY:
+ docShellLoadType = nsIDocShellLoadInfo::loadReloadBypassProxy;
+ break;
+ case LOAD_RELOAD_BYPASS_PROXY_AND_CACHE:
+ docShellLoadType = nsIDocShellLoadInfo::loadReloadBypassProxyAndCache;
+ break;
+ case LOAD_LINK:
+ docShellLoadType = nsIDocShellLoadInfo::loadLink;
+ break;
+ case LOAD_REFRESH:
+ docShellLoadType = nsIDocShellLoadInfo::loadRefresh;
+ break;
+ case LOAD_BYPASS_HISTORY:
+ case LOAD_ERROR_PAGE:
+ docShellLoadType = nsIDocShellLoadInfo::loadBypassHistory;
+ break;
+ case LOAD_STOP_CONTENT:
+ docShellLoadType = nsIDocShellLoadInfo::loadStopContent;
+ break;
+ case LOAD_STOP_CONTENT_AND_REPLACE:
+ docShellLoadType = nsIDocShellLoadInfo::loadStopContentAndReplace;
+ break;
+ case LOAD_PUSHSTATE:
+ docShellLoadType = nsIDocShellLoadInfo::loadPushState;
+ break;
+ case LOAD_REPLACE_BYPASS_CACHE:
+ docShellLoadType = nsIDocShellLoadInfo::loadReplaceBypassCache;
+ break;
+ case LOAD_RELOAD_ALLOW_MIXED_CONTENT:
+ docShellLoadType = nsIDocShellLoadInfo::loadReloadMixedContent;
+ break;
+ default:
+ NS_NOTREACHED("Unexpected load type value");
+ }
+
+ return docShellLoadType;
+}
+
+NS_IMETHODIMP
+nsDocShell::LoadURI(nsIURI* aURI,
+ nsIDocShellLoadInfo* aLoadInfo,
+ uint32_t aLoadFlags,
+ bool aFirstParty)
+{
+ NS_PRECONDITION(aLoadInfo || (aLoadFlags & EXTRA_LOAD_FLAGS) == 0,
+ "Unexpected flags");
+ NS_PRECONDITION((aLoadFlags & 0xf) == 0, "Should not have these flags set");
+
+ // Note: we allow loads to get through here even if mFiredUnloadEvent is
+ // true; that case will get handled in LoadInternal or LoadHistoryEntry,
+ // so we pass false as the second parameter to IsNavigationAllowed.
+ // However, we don't allow the page to change location *in the middle of*
+ // firing beforeunload, so we do need to check if *beforeunload* is currently
+ // firing, so we call IsNavigationAllowed rather than just IsPrintingOrPP.
+ if (!IsNavigationAllowed(true, false)) {
+ return NS_OK; // JS may not handle returning of an error code
+ }
+
+ nsCOMPtr<nsIURI> referrer;
+ nsCOMPtr<nsIURI> originalURI;
+ bool loadReplace = false;
+ nsCOMPtr<nsIInputStream> postStream;
+ nsCOMPtr<nsIInputStream> headersStream;
+ nsCOMPtr<nsIPrincipal> triggeringPrincipal;
+ bool inheritPrincipal = false;
+ bool principalIsExplicit = false;
+ bool sendReferrer = true;
+ uint32_t referrerPolicy = mozilla::net::RP_Default;
+ bool isSrcdoc = false;
+ nsCOMPtr<nsISHEntry> shEntry;
+ nsXPIDLString target;
+ nsAutoString srcdoc;
+ nsCOMPtr<nsIDocShell> sourceDocShell;
+ nsCOMPtr<nsIURI> baseURI;
+
+ uint32_t loadType = MAKE_LOAD_TYPE(LOAD_NORMAL, aLoadFlags);
+
+ NS_ENSURE_ARG(aURI);
+
+ if (!StartupTimeline::HasRecord(StartupTimeline::FIRST_LOAD_URI) &&
+ mItemType == typeContent && !NS_IsAboutBlank(aURI)) {
+ StartupTimeline::RecordOnce(StartupTimeline::FIRST_LOAD_URI);
+ }
+
+ // Extract the info from the DocShellLoadInfo struct...
+ if (aLoadInfo) {
+ aLoadInfo->GetReferrer(getter_AddRefs(referrer));
+ aLoadInfo->GetOriginalURI(getter_AddRefs(originalURI));
+ aLoadInfo->GetLoadReplace(&loadReplace);
+ nsDocShellInfoLoadType lt = nsIDocShellLoadInfo::loadNormal;
+ aLoadInfo->GetLoadType(&lt);
+ // Get the appropriate loadType from nsIDocShellLoadInfo type
+ loadType = ConvertDocShellLoadInfoToLoadType(lt);
+
+ aLoadInfo->GetTriggeringPrincipal(getter_AddRefs(triggeringPrincipal));
+ aLoadInfo->GetInheritPrincipal(&inheritPrincipal);
+ aLoadInfo->GetPrincipalIsExplicit(&principalIsExplicit);
+ aLoadInfo->GetSHEntry(getter_AddRefs(shEntry));
+ aLoadInfo->GetTarget(getter_Copies(target));
+ aLoadInfo->GetPostDataStream(getter_AddRefs(postStream));
+ aLoadInfo->GetHeadersStream(getter_AddRefs(headersStream));
+ aLoadInfo->GetSendReferrer(&sendReferrer);
+ aLoadInfo->GetReferrerPolicy(&referrerPolicy);
+ aLoadInfo->GetIsSrcdocLoad(&isSrcdoc);
+ aLoadInfo->GetSrcdocData(srcdoc);
+ aLoadInfo->GetSourceDocShell(getter_AddRefs(sourceDocShell));
+ aLoadInfo->GetBaseURI(getter_AddRefs(baseURI));
+ }
+
+#if defined(DEBUG)
+ if (MOZ_LOG_TEST(gDocShellLog, LogLevel::Debug)) {
+ nsAutoCString uristr;
+ aURI->GetAsciiSpec(uristr);
+ MOZ_LOG(gDocShellLog, LogLevel::Debug,
+ ("nsDocShell[%p]: loading %s with flags 0x%08x",
+ this, uristr.get(), aLoadFlags));
+ }
+#endif
+
+ if (!shEntry &&
+ !LOAD_TYPE_HAS_FLAGS(loadType, LOAD_FLAGS_REPLACE_HISTORY)) {
+ // First verify if this is a subframe.
+ nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
+ GetSameTypeParent(getter_AddRefs(parentAsItem));
+ nsCOMPtr<nsIDocShell> parentDS(do_QueryInterface(parentAsItem));
+ uint32_t parentLoadType;
+
+ if (parentDS && parentDS != static_cast<nsIDocShell*>(this)) {
+ /* OK. It is a subframe. Checkout the
+ * parent's loadtype. If the parent was loaded thro' a history
+ * mechanism, then get the SH entry for the child from the parent.
+ * This is done to restore frameset navigation while going back/forward.
+ * If the parent was loaded through any other loadType, set the
+ * child's loadType too accordingly, so that session history does not
+ * get confused.
+ */
+
+ // Get the parent's load type
+ parentDS->GetLoadType(&parentLoadType);
+
+ // Get the ShEntry for the child from the parent
+ nsCOMPtr<nsISHEntry> currentSH;
+ bool oshe = false;
+ parentDS->GetCurrentSHEntry(getter_AddRefs(currentSH), &oshe);
+ bool dynamicallyAddedChild = mDynamicallyCreated;
+ if (!dynamicallyAddedChild && !oshe && currentSH) {
+ currentSH->HasDynamicallyAddedChild(&dynamicallyAddedChild);
+ }
+ if (!dynamicallyAddedChild) {
+ // Only use the old SHEntry, if we're sure enough that
+ // it wasn't originally for some other frame.
+ parentDS->GetChildSHEntry(mChildOffset, getter_AddRefs(shEntry));
+ }
+
+ // Make some decisions on the child frame's loadType based on the
+ // parent's loadType.
+ if (!mCurrentURI) {
+ // This is a newly created frame. Check for exception cases first.
+ // By default the subframe will inherit the parent's loadType.
+ if (shEntry && (parentLoadType == LOAD_NORMAL ||
+ parentLoadType == LOAD_LINK ||
+ parentLoadType == LOAD_NORMAL_EXTERNAL)) {
+ // The parent was loaded normally. In this case, this *brand new*
+ // child really shouldn't have a SHEntry. If it does, it could be
+ // because the parent is replacing an existing frame with a new frame,
+ // in the onLoadHandler. We don't want this url to get into session
+ // history. Clear off shEntry, and set load type to
+ // LOAD_BYPASS_HISTORY.
+ bool inOnLoadHandler = false;
+ parentDS->GetIsExecutingOnLoadHandler(&inOnLoadHandler);
+ if (inOnLoadHandler) {
+ loadType = LOAD_NORMAL_REPLACE;
+ shEntry = nullptr;
+ }
+ } else if (parentLoadType == LOAD_REFRESH) {
+ // Clear shEntry. For refresh loads, we have to load
+ // what comes thro' the pipe, not what's in history.
+ shEntry = nullptr;
+ } else if ((parentLoadType == LOAD_BYPASS_HISTORY) ||
+ (shEntry &&
+ ((parentLoadType & LOAD_CMD_HISTORY) ||
+ (parentLoadType == LOAD_RELOAD_NORMAL) ||
+ (parentLoadType == LOAD_RELOAD_CHARSET_CHANGE)))) {
+ // If the parent url, bypassed history or was loaded from
+ // history, pass on the parent's loadType to the new child
+ // frame too, so that the child frame will also
+ // avoid getting into history.
+ loadType = parentLoadType;
+ } else if (parentLoadType == LOAD_ERROR_PAGE) {
+ // If the parent document is an error page, we don't
+ // want to update global/session history. However,
+ // this child frame is not an error page.
+ loadType = LOAD_BYPASS_HISTORY;
+ } else if ((parentLoadType == LOAD_RELOAD_BYPASS_CACHE) ||
+ (parentLoadType == LOAD_RELOAD_BYPASS_PROXY) ||
+ (parentLoadType == LOAD_RELOAD_BYPASS_PROXY_AND_CACHE)) {
+ // the new frame should inherit the parent's load type so that it also
+ // bypasses the cache and/or proxy
+ loadType = parentLoadType;
+ }
+ } else {
+ // This is a pre-existing subframe. If the load was not originally
+ // initiated by session history, (if (!shEntry) condition succeeded) and
+ // mCurrentURI is not null, it is possible that a parent's onLoadHandler
+ // or even self's onLoadHandler is loading a new page in this child.
+ // Check parent's and self's busy flag and if it is set, we don't want
+ // this onLoadHandler load to get in to session history.
+ uint32_t parentBusy = BUSY_FLAGS_NONE;
+ uint32_t selfBusy = BUSY_FLAGS_NONE;
+ parentDS->GetBusyFlags(&parentBusy);
+ GetBusyFlags(&selfBusy);
+ if (parentBusy & BUSY_FLAGS_BUSY ||
+ selfBusy & BUSY_FLAGS_BUSY) {
+ loadType = LOAD_NORMAL_REPLACE;
+ shEntry = nullptr;
+ }
+ }
+ } // parentDS
+ else {
+ // This is the root docshell. If we got here while
+ // executing an onLoad Handler,this load will not go
+ // into session history.
+ bool inOnLoadHandler = false;
+ GetIsExecutingOnLoadHandler(&inOnLoadHandler);
+ if (inOnLoadHandler) {
+ loadType = LOAD_NORMAL_REPLACE;
+ }
+ }
+ } // !shEntry
+
+ if (shEntry) {
+#ifdef DEBUG
+ MOZ_LOG(gDocShellLog, LogLevel::Debug,
+ ("nsDocShell[%p]: loading from session history", this));
+#endif
+
+ return LoadHistoryEntry(shEntry, loadType);
+ }
+
+ // On history navigation via Back/Forward buttons, don't execute
+ // automatic JavaScript redirection such as |location.href = ...| or
+ // |window.open()|
+ //
+ // LOAD_NORMAL: window.open(...) etc.
+ // LOAD_STOP_CONTENT: location.href = ..., location.assign(...)
+ if ((loadType == LOAD_NORMAL || loadType == LOAD_STOP_CONTENT) &&
+ ShouldBlockLoadingForBackButton()) {
+ return NS_OK;
+ }
+
+ // Perform the load...
+
+ // We need a principalToInherit.
+ //
+ // If principalIsExplicit is not set there are 4 possibilities:
+ // (1) If the system principal or an expanded principal was passed
+ // in and we're a typeContent docshell, inherit the principal
+ // from the current document instead.
+ // (2) In all other cases when the principal passed in is not null,
+ // use that principal.
+ // (3) If the caller has allowed inheriting from the current document,
+ // or if we're being called from system code (eg chrome JS or pure
+ // C++) then inheritPrincipal should be true and InternalLoad will get
+ // a principal from the current document. If none of these things are
+ // true, then
+ // (4) we don't pass a principal into the channel, and a principal will be
+ // created later from the channel's internal data.
+ //
+ // If principalIsExplicit *is* set, there are 4 possibilities
+ // (1) If the system principal or an expanded principal was passed in
+ // and we're a typeContent docshell, return an error.
+ // (2) In all other cases when the principal passed in is not null,
+ // use that principal.
+ // (3) If the caller has allowed inheriting from the current document,
+ // then inheritPrincipal should be true and InternalLoad will get
+ // a principal from the current document. If none of these things are
+ // true, then
+ // (4) we dont' pass a principal into the channel, and a principal will be
+ // created later from the channel's internal data.
+ nsCOMPtr<nsIPrincipal> principalToInherit = triggeringPrincipal;
+ if (principalToInherit && mItemType != typeChrome) {
+ if (nsContentUtils::IsSystemPrincipal(principalToInherit)) {
+ if (principalIsExplicit) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+ principalToInherit = nullptr;
+ inheritPrincipal = true;
+ } else if (nsContentUtils::IsExpandedPrincipal(principalToInherit)) {
+ if (principalIsExplicit) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+ // Don't inherit from the current page. Just do the safe thing
+ // and pretend that we were loaded by a nullprincipal.
+ //
+ // We didn't inherit OriginAttributes here as ExpandedPrincipal doesn't
+ // have origin attributes.
+ principalToInherit = nsNullPrincipal::CreateWithInheritedAttributes(this);
+ inheritPrincipal = false;
+ }
+ }
+ if (!principalToInherit && !inheritPrincipal && !principalIsExplicit) {
+ // See if there's system or chrome JS code running
+ inheritPrincipal = nsContentUtils::LegacyIsCallerChromeOrNativeCode();
+ }
+
+ if (aLoadFlags & LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL) {
+ inheritPrincipal = false;
+ principalToInherit = nsNullPrincipal::CreateWithInheritedAttributes(this);
+ }
+
+ // If the triggeringPrincipal is not passed explicitly, we first try to create
+ // a principal from the referrer, since the referrer URI reflects the web origin
+ // that triggered the load. If there is no referrer URI, we fall back to using
+ // the SystemPrincipal. It's safe to assume that no provided triggeringPrincipal
+ // and no referrer simulate a load that was triggered by the system.
+ // It's important to note that this block of code needs to appear *after* the block
+ // where we munge the principalToInherit, because otherwise we would never enter
+ // code blocks checking if the principalToInherit is null and we will end up with
+ // a wrong inheritPrincipal flag.
+ if (!triggeringPrincipal) {
+ if (referrer) {
+ nsresult rv = CreatePrincipalFromReferrer(referrer,
+ getter_AddRefs(triggeringPrincipal));
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ else {
+ triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
+ }
+ }
+
+ uint32_t flags = 0;
+
+ if (inheritPrincipal) {
+ flags |= INTERNAL_LOAD_FLAGS_INHERIT_PRINCIPAL;
+ }
+
+ if (!sendReferrer) {
+ flags |= INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER;
+ }
+
+ if (aLoadFlags & LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP) {
+ flags |= INTERNAL_LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP;
+ }
+
+ if (aLoadFlags & LOAD_FLAGS_FIRST_LOAD) {
+ flags |= INTERNAL_LOAD_FLAGS_FIRST_LOAD;
+ }
+
+ if (aLoadFlags & LOAD_FLAGS_BYPASS_CLASSIFIER) {
+ flags |= INTERNAL_LOAD_FLAGS_BYPASS_CLASSIFIER;
+ }
+
+ if (aLoadFlags & LOAD_FLAGS_FORCE_ALLOW_COOKIES) {
+ flags |= INTERNAL_LOAD_FLAGS_FORCE_ALLOW_COOKIES;
+ }
+
+ if (isSrcdoc) {
+ flags |= INTERNAL_LOAD_FLAGS_IS_SRCDOC;
+ }
+
+ return InternalLoad(aURI,
+ originalURI,
+ loadReplace,
+ referrer,
+ referrerPolicy,
+ triggeringPrincipal,
+ principalToInherit,
+ flags,
+ target,
+ nullptr, // No type hint
+ NullString(), // No forced download
+ postStream,
+ headersStream,
+ loadType,
+ nullptr, // No SHEntry
+ aFirstParty,
+ srcdoc,
+ sourceDocShell,
+ baseURI,
+ nullptr, // No nsIDocShell
+ nullptr); // No nsIRequest
+}
+
+NS_IMETHODIMP
+nsDocShell::LoadStream(nsIInputStream* aStream, nsIURI* aURI,
+ const nsACString& aContentType,
+ const nsACString& aContentCharset,
+ nsIDocShellLoadInfo* aLoadInfo)
+{
+ NS_ENSURE_ARG(aStream);
+
+ mAllowKeywordFixup = false;
+
+ // if the caller doesn't pass in a URI we need to create a dummy URI. necko
+ // currently requires a URI in various places during the load. Some consumers
+ // do as well.
+ nsCOMPtr<nsIURI> uri = aURI;
+ if (!uri) {
+ // HACK ALERT
+ nsresult rv = NS_OK;
+ uri = do_CreateInstance(NS_SIMPLEURI_CONTRACTID, &rv);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ // Make sure that the URI spec "looks" like a protocol and path...
+ // For now, just use a bogus protocol called "internal"
+ rv = uri->SetSpec(NS_LITERAL_CSTRING("internal:load-stream"));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ }
+
+ uint32_t loadType = LOAD_NORMAL;
+ nsCOMPtr<nsIPrincipal> triggeringPrincipal;
+ if (aLoadInfo) {
+ nsDocShellInfoLoadType lt = nsIDocShellLoadInfo::loadNormal;
+ (void)aLoadInfo->GetLoadType(&lt);
+ // Get the appropriate LoadType from nsIDocShellLoadInfo type
+ loadType = ConvertDocShellLoadInfoToLoadType(lt);
+ aLoadInfo->GetTriggeringPrincipal(getter_AddRefs(triggeringPrincipal));
+ }
+
+ NS_ENSURE_SUCCESS(Stop(nsIWebNavigation::STOP_NETWORK), NS_ERROR_FAILURE);
+
+ mLoadType = loadType;
+
+ if (!triggeringPrincipal) {
+ triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
+ }
+
+ // build up a channel for this stream.
+ nsCOMPtr<nsIChannel> channel;
+ nsresult rv = NS_NewInputStreamChannel(getter_AddRefs(channel),
+ uri,
+ aStream,
+ triggeringPrincipal,
+ nsILoadInfo::SEC_NORMAL,
+ nsIContentPolicy::TYPE_OTHER,
+ aContentType,
+ aContentCharset);
+ NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
+
+ nsCOMPtr<nsIURILoader> uriLoader(do_GetService(NS_URI_LOADER_CONTRACTID));
+ NS_ENSURE_TRUE(uriLoader, NS_ERROR_FAILURE);
+
+ NS_ENSURE_SUCCESS(DoChannelLoad(channel, uriLoader, false),
+ NS_ERROR_FAILURE);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::CreateLoadInfo(nsIDocShellLoadInfo** aLoadInfo)
+{
+ nsDocShellLoadInfo* loadInfo = new nsDocShellLoadInfo();
+ nsCOMPtr<nsIDocShellLoadInfo> localRef(loadInfo);
+
+ localRef.forget(aLoadInfo);
+ return NS_OK;
+}
+
+/*
+ * Reset state to a new content model within the current document and the
+ * document viewer. Called by the document before initiating an out of band
+ * document.write().
+ */
+NS_IMETHODIMP
+nsDocShell::PrepareForNewContentModel()
+{
+ mEODForCurrentDocument = false;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::FirePageHideNotification(bool aIsUnload)
+{
+ if (mContentViewer && !mFiredUnloadEvent) {
+ // Keep an explicit reference since calling PageHide could release
+ // mContentViewer
+ nsCOMPtr<nsIContentViewer> contentViewer(mContentViewer);
+ mFiredUnloadEvent = true;
+
+ if (mTiming) {
+ mTiming->NotifyUnloadEventStart();
+ }
+
+ contentViewer->PageHide(aIsUnload);
+
+ if (mTiming) {
+ mTiming->NotifyUnloadEventEnd();
+ }
+
+ AutoTArray<nsCOMPtr<nsIDocShell>, 8> kids;
+ uint32_t n = mChildList.Length();
+ kids.SetCapacity(n);
+ for (uint32_t i = 0; i < n; i++) {
+ kids.AppendElement(do_QueryInterface(ChildAt(i)));
+ }
+
+ n = kids.Length();
+ for (uint32_t i = 0; i < n; ++i) {
+ if (kids[i]) {
+ kids[i]->FirePageHideNotification(aIsUnload);
+ }
+ }
+ // Now make sure our editor, if any, is detached before we go
+ // any farther.
+ DetachEditorFromWindow();
+ }
+
+ return NS_OK;
+}
+
+void
+nsDocShell::MaybeInitTiming()
+{
+ if (mTiming && !mBlankTiming) {
+ return;
+ }
+
+ if (mScriptGlobal && mBlankTiming) {
+ nsPIDOMWindowInner* innerWin =
+ mScriptGlobal->AsOuter()->GetCurrentInnerWindow();
+ if (innerWin && innerWin->GetPerformance()) {
+ mTiming = innerWin->GetPerformance()->GetDOMTiming();
+ mBlankTiming = false;
+ }
+ }
+
+ if (!mTiming) {
+ mTiming = new nsDOMNavigationTiming();
+ }
+
+ mTiming->NotifyNavigationStart(
+ mIsActive ? nsDOMNavigationTiming::DocShellState::eActive
+ : nsDOMNavigationTiming::DocShellState::eInactive);
+}
+
+//
+// Bug 13871: Prevent frameset spoofing
+//
+// This routine answers: 'Is origin's document from same domain as
+// target's document?'
+//
+// file: uris are considered the same domain for the purpose of
+// frame navigation regardless of script accessibility (bug 420425)
+//
+/* static */ bool
+nsDocShell::ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem,
+ nsIDocShellTreeItem* aTargetTreeItem)
+{
+ // We want to bypass this check for chrome callers, but only if there's
+ // JS on the stack. System callers still need to do it.
+ if (nsContentUtils::GetCurrentJSContext() &&
+ nsContentUtils::IsCallerChrome()) {
+ return true;
+ }
+
+ MOZ_ASSERT(aOriginTreeItem && aTargetTreeItem, "need two docshells");
+
+ // Get origin document principal
+ nsCOMPtr<nsIDocument> originDocument = aOriginTreeItem->GetDocument();
+ NS_ENSURE_TRUE(originDocument, false);
+
+ // Get target principal
+ nsCOMPtr<nsIDocument> targetDocument = aTargetTreeItem->GetDocument();
+ NS_ENSURE_TRUE(targetDocument, false);
+
+ bool equal;
+ nsresult rv = originDocument->NodePrincipal()->Equals(
+ targetDocument->NodePrincipal(), &equal);
+ if (NS_SUCCEEDED(rv) && equal) {
+ return true;
+ }
+
+ // Not strictly equal, special case if both are file: uris
+ bool originIsFile = false;
+ bool targetIsFile = false;
+ nsCOMPtr<nsIURI> originURI;
+ nsCOMPtr<nsIURI> targetURI;
+ nsCOMPtr<nsIURI> innerOriginURI;
+ nsCOMPtr<nsIURI> innerTargetURI;
+
+ rv = originDocument->NodePrincipal()->GetURI(getter_AddRefs(originURI));
+ if (NS_SUCCEEDED(rv) && originURI) {
+ innerOriginURI = NS_GetInnermostURI(originURI);
+ }
+
+ rv = targetDocument->NodePrincipal()->GetURI(getter_AddRefs(targetURI));
+ if (NS_SUCCEEDED(rv) && targetURI) {
+ innerTargetURI = NS_GetInnermostURI(targetURI);
+ }
+
+ return innerOriginURI && innerTargetURI &&
+ NS_SUCCEEDED(innerOriginURI->SchemeIs("file", &originIsFile)) &&
+ NS_SUCCEEDED(innerTargetURI->SchemeIs("file", &targetIsFile)) &&
+ originIsFile && targetIsFile;
+}
+
+nsresult
+nsDocShell::GetEldestPresContext(nsPresContext** aPresContext)
+{
+ NS_ENSURE_ARG_POINTER(aPresContext);
+ *aPresContext = nullptr;
+
+ nsCOMPtr<nsIContentViewer> viewer = mContentViewer;
+ while (viewer) {
+ nsCOMPtr<nsIContentViewer> prevViewer;
+ viewer->GetPreviousViewer(getter_AddRefs(prevViewer));
+ if (!prevViewer) {
+ return viewer->GetPresContext(aPresContext);
+ }
+ viewer = prevViewer;
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetPresContext(nsPresContext** aPresContext)
+{
+ NS_ENSURE_ARG_POINTER(aPresContext);
+ *aPresContext = nullptr;
+
+ if (!mContentViewer) {
+ return NS_OK;
+ }
+
+ return mContentViewer->GetPresContext(aPresContext);
+}
+
+NS_IMETHODIMP_(nsIPresShell*)
+nsDocShell::GetPresShell()
+{
+ RefPtr<nsPresContext> presContext;
+ (void)GetPresContext(getter_AddRefs(presContext));
+ return presContext ? presContext->GetPresShell() : nullptr;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetEldestPresShell(nsIPresShell** aPresShell)
+{
+ nsresult rv = NS_OK;
+
+ NS_ENSURE_ARG_POINTER(aPresShell);
+ *aPresShell = nullptr;
+
+ RefPtr<nsPresContext> presContext;
+ (void)GetEldestPresContext(getter_AddRefs(presContext));
+
+ if (presContext) {
+ NS_IF_ADDREF(*aPresShell = presContext->GetPresShell());
+ }
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetContentViewer(nsIContentViewer** aContentViewer)
+{
+ NS_ENSURE_ARG_POINTER(aContentViewer);
+
+ *aContentViewer = mContentViewer;
+ NS_IF_ADDREF(*aContentViewer);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetChromeEventHandler(nsIDOMEventTarget* aChromeEventHandler)
+{
+ // Weak reference. Don't addref.
+ nsCOMPtr<EventTarget> handler = do_QueryInterface(aChromeEventHandler);
+ mChromeEventHandler = handler.get();
+
+ if (mScriptGlobal) {
+ mScriptGlobal->SetChromeEventHandler(mChromeEventHandler);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetChromeEventHandler(nsIDOMEventTarget** aChromeEventHandler)
+{
+ NS_ENSURE_ARG_POINTER(aChromeEventHandler);
+ nsCOMPtr<EventTarget> handler = mChromeEventHandler;
+ handler.forget(aChromeEventHandler);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetCurrentURI(nsIURI* aURI)
+{
+ // Note that securityUI will set STATE_IS_INSECURE, even if
+ // the scheme of |aURI| is "https".
+ SetCurrentURI(aURI, nullptr, true, 0);
+ return NS_OK;
+}
+
+bool
+nsDocShell::SetCurrentURI(nsIURI* aURI, nsIRequest* aRequest,
+ bool aFireOnLocationChange, uint32_t aLocationFlags)
+{
+ if (gDocShellLeakLog && MOZ_LOG_TEST(gDocShellLeakLog, LogLevel::Debug)) {
+ PR_LogPrint("DOCSHELL %p SetCurrentURI %s\n",
+ this, aURI ? aURI->GetSpecOrDefault().get() : "");
+ }
+
+ // We don't want to send a location change when we're displaying an error
+ // page, and we don't want to change our idea of "current URI" either
+ if (mLoadType == LOAD_ERROR_PAGE) {
+ return false;
+ }
+
+ mCurrentURI = NS_TryToMakeImmutable(aURI);
+
+ if (!NS_IsAboutBlank(mCurrentURI)) {
+ mHasLoadedNonBlankURI = true;
+ }
+
+ bool isRoot = false; // Is this the root docshell
+ bool isSubFrame = false; // Is this a subframe navigation?
+
+ nsCOMPtr<nsIDocShellTreeItem> root;
+
+ GetSameTypeRootTreeItem(getter_AddRefs(root));
+ if (root.get() == static_cast<nsIDocShellTreeItem*>(this)) {
+ // This is the root docshell
+ isRoot = true;
+ }
+ if (mLSHE) {
+ mLSHE->GetIsSubFrame(&isSubFrame);
+ }
+
+ if (!isSubFrame && !isRoot) {
+ /*
+ * We don't want to send OnLocationChange notifications when
+ * a subframe is being loaded for the first time, while
+ * visiting a frameset page
+ */
+ return false;
+ }
+
+ if (aFireOnLocationChange) {
+ FireOnLocationChange(this, aRequest, aURI, aLocationFlags);
+ }
+ return !aFireOnLocationChange;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCharset(nsACString& aCharset)
+{
+ aCharset.Truncate();
+
+ nsIPresShell* presShell = GetPresShell();
+ NS_ENSURE_TRUE(presShell, NS_ERROR_FAILURE);
+ nsIDocument* doc = presShell->GetDocument();
+ NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE);
+ aCharset = doc->GetDocumentCharacterSet();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GatherCharsetMenuTelemetry()
+{
+ nsCOMPtr<nsIContentViewer> viewer;
+ GetContentViewer(getter_AddRefs(viewer));
+ if (!viewer) {
+ return NS_OK;
+ }
+
+ nsIDocument* doc = viewer->GetDocument();
+ if (!doc || doc->WillIgnoreCharsetOverride()) {
+ return NS_OK;
+ }
+
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_USED, true);
+
+ bool isFileURL = false;
+ nsIURI* url = doc->GetOriginalURI();
+ if (url) {
+ url->SchemeIs("file", &isFileURL);
+ }
+
+ int32_t charsetSource = doc->GetDocumentCharacterSetSource();
+ switch (charsetSource) {
+ case kCharsetFromTopLevelDomain:
+ // Unlabeled doc on a domain that we map to a fallback encoding
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 7);
+ break;
+ case kCharsetFromFallback:
+ case kCharsetFromDocTypeDefault:
+ case kCharsetFromCache:
+ case kCharsetFromParentFrame:
+ case kCharsetFromHintPrevDoc:
+ // Changing charset on an unlabeled doc.
+ if (isFileURL) {
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 0);
+ } else {
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 1);
+ }
+ break;
+ case kCharsetFromAutoDetection:
+ // Changing charset on unlabeled doc where chardet fired
+ if (isFileURL) {
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 2);
+ } else {
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 3);
+ }
+ break;
+ case kCharsetFromMetaPrescan:
+ case kCharsetFromMetaTag:
+ case kCharsetFromChannel:
+ // Changing charset on a doc that had a charset label.
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 4);
+ break;
+ case kCharsetFromParentForced:
+ case kCharsetFromUserForced:
+ // Changing charset on a document that already had an override.
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 5);
+ break;
+ case kCharsetFromIrreversibleAutoDetection:
+ case kCharsetFromOtherComponent:
+ case kCharsetFromByteOrderMark:
+ case kCharsetUninitialized:
+ default:
+ // Bug. This isn't supposed to happen.
+ Telemetry::Accumulate(Telemetry::CHARSET_OVERRIDE_SITUATION, 6);
+ break;
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetCharset(const nsACString& aCharset)
+{
+ // set the charset override
+ return SetForcedCharset(aCharset);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetForcedCharset(const nsACString& aCharset)
+{
+ if (aCharset.IsEmpty()) {
+ mForcedCharset.Truncate();
+ return NS_OK;
+ }
+ nsAutoCString encoding;
+ if (!EncodingUtils::FindEncodingForLabel(aCharset, encoding)) {
+ // Reject unknown labels
+ return NS_ERROR_INVALID_ARG;
+ }
+ if (!EncodingUtils::IsAsciiCompatible(encoding)) {
+ // Reject XSS hazards
+ return NS_ERROR_INVALID_ARG;
+ }
+ mForcedCharset = encoding;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetForcedCharset(nsACString& aResult)
+{
+ aResult = mForcedCharset;
+ return NS_OK;
+}
+
+void
+nsDocShell::SetParentCharset(const nsACString& aCharset,
+ int32_t aCharsetSource,
+ nsIPrincipal* aPrincipal)
+{
+ mParentCharset = aCharset;
+ mParentCharsetSource = aCharsetSource;
+ mParentCharsetPrincipal = aPrincipal;
+}
+
+void
+nsDocShell::GetParentCharset(nsACString& aCharset,
+ int32_t* aCharsetSource,
+ nsIPrincipal** aPrincipal)
+{
+ aCharset = mParentCharset;
+ *aCharsetSource = mParentCharsetSource;
+ NS_IF_ADDREF(*aPrincipal = mParentCharsetPrincipal);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetChannelIsUnsafe(bool* aUnsafe)
+{
+ *aUnsafe = false;
+
+ nsIChannel* channel = GetCurrentDocChannel();
+ if (!channel) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIJARChannel> jarChannel = do_QueryInterface(channel);
+ if (!jarChannel) {
+ return NS_OK;
+ }
+
+ return jarChannel->GetIsUnsafe(aUnsafe);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasMixedActiveContentLoaded(bool* aHasMixedActiveContentLoaded)
+{
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+ *aHasMixedActiveContentLoaded = doc && doc->GetHasMixedActiveContentLoaded();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasMixedActiveContentBlocked(bool* aHasMixedActiveContentBlocked)
+{
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+ *aHasMixedActiveContentBlocked =
+ doc && doc->GetHasMixedActiveContentBlocked();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasMixedDisplayContentLoaded(bool* aHasMixedDisplayContentLoaded)
+{
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+ *aHasMixedDisplayContentLoaded =
+ doc && doc->GetHasMixedDisplayContentLoaded();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasMixedDisplayContentBlocked(
+ bool* aHasMixedDisplayContentBlocked)
+{
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+ *aHasMixedDisplayContentBlocked =
+ doc && doc->GetHasMixedDisplayContentBlocked();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasTrackingContentBlocked(bool* aHasTrackingContentBlocked)
+{
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+ *aHasTrackingContentBlocked = doc && doc->GetHasTrackingContentBlocked();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasTrackingContentLoaded(bool* aHasTrackingContentLoaded)
+{
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+ *aHasTrackingContentLoaded = doc && doc->GetHasTrackingContentLoaded();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowPlugins(bool* aAllowPlugins)
+{
+ NS_ENSURE_ARG_POINTER(aAllowPlugins);
+
+ *aAllowPlugins = mAllowPlugins;
+ if (!mAllowPlugins) {
+ return NS_OK;
+ }
+
+ bool unsafe;
+ *aAllowPlugins = NS_SUCCEEDED(GetChannelIsUnsafe(&unsafe)) && !unsafe;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowPlugins(bool aAllowPlugins)
+{
+ mAllowPlugins = aAllowPlugins;
+ // XXX should enable or disable a plugin host
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowJavascript(bool* aAllowJavascript)
+{
+ NS_ENSURE_ARG_POINTER(aAllowJavascript);
+
+ *aAllowJavascript = mAllowJavascript;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowJavascript(bool aAllowJavascript)
+{
+ mAllowJavascript = aAllowJavascript;
+ RecomputeCanExecuteScripts();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetUsePrivateBrowsing(bool* aUsePrivateBrowsing)
+{
+ NS_ENSURE_ARG_POINTER(aUsePrivateBrowsing);
+ AssertOriginAttributesMatchPrivateBrowsing();
+ *aUsePrivateBrowsing = mPrivateBrowsingId > 0;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetUsePrivateBrowsing(bool aUsePrivateBrowsing)
+{
+ nsContentUtils::ReportToConsoleNonLocalized(
+ NS_LITERAL_STRING("Only internal code is allowed to set the usePrivateBrowsing attribute"),
+ nsIScriptError::warningFlag,
+ NS_LITERAL_CSTRING("Internal API Used"),
+ mContentViewer ? mContentViewer->GetDocument() : nullptr);
+
+ if (!CanSetOriginAttributes()) {
+ bool changed = aUsePrivateBrowsing != (mPrivateBrowsingId > 0);
+
+ return changed ? NS_ERROR_FAILURE : NS_OK;
+ }
+
+ return SetPrivateBrowsing(aUsePrivateBrowsing);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetPrivateBrowsing(bool aUsePrivateBrowsing)
+{
+ bool changed = aUsePrivateBrowsing != (mPrivateBrowsingId > 0);
+ if (changed) {
+ mPrivateBrowsingId = aUsePrivateBrowsing ? 1 : 0;
+
+ if (mItemType != typeChrome) {
+ mOriginAttributes.SyncAttributesWithPrivateBrowsing(aUsePrivateBrowsing);
+ }
+
+ if (mAffectPrivateSessionLifetime) {
+ if (aUsePrivateBrowsing) {
+ IncreasePrivateDocShellCount();
+ } else {
+ DecreasePrivateDocShellCount();
+ }
+ }
+ }
+
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsILoadContext> shell = do_QueryObject(iter.GetNext());
+ if (shell) {
+ shell->SetPrivateBrowsing(aUsePrivateBrowsing);
+ }
+ }
+
+ if (changed) {
+ nsTObserverArray<nsWeakPtr>::ForwardIterator iter(mPrivacyObservers);
+ while (iter.HasMore()) {
+ nsWeakPtr ref = iter.GetNext();
+ nsCOMPtr<nsIPrivacyTransitionObserver> obs = do_QueryReferent(ref);
+ if (!obs) {
+ mPrivacyObservers.RemoveElement(ref);
+ } else {
+ obs->PrivateModeChanged(aUsePrivateBrowsing);
+ }
+ }
+ }
+
+ AssertOriginAttributesMatchPrivateBrowsing();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasLoadedNonBlankURI(bool* aResult)
+{
+ NS_ENSURE_ARG_POINTER(aResult);
+
+ *aResult = mHasLoadedNonBlankURI;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetUseRemoteTabs(bool* aUseRemoteTabs)
+{
+ NS_ENSURE_ARG_POINTER(aUseRemoteTabs);
+
+ *aUseRemoteTabs = mUseRemoteTabs;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetRemoteTabs(bool aUseRemoteTabs)
+{
+#ifdef MOZ_CRASHREPORTER
+ if (aUseRemoteTabs) {
+ CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("DOMIPCEnabled"),
+ NS_LITERAL_CSTRING("1"));
+ }
+#endif
+
+ mUseRemoteTabs = aUseRemoteTabs;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAffectPrivateSessionLifetime(bool aAffectLifetime)
+{
+ bool change = aAffectLifetime != mAffectPrivateSessionLifetime;
+ if (change && UsePrivateBrowsing()) {
+ AssertOriginAttributesMatchPrivateBrowsing();
+ if (aAffectLifetime) {
+ IncreasePrivateDocShellCount();
+ } else {
+ DecreasePrivateDocShellCount();
+ }
+ }
+ mAffectPrivateSessionLifetime = aAffectLifetime;
+
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> shell = do_QueryObject(iter.GetNext());
+ if (shell) {
+ shell->SetAffectPrivateSessionLifetime(aAffectLifetime);
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAffectPrivateSessionLifetime(bool* aAffectLifetime)
+{
+ *aAffectLifetime = mAffectPrivateSessionLifetime;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::AddWeakPrivacyTransitionObserver(
+ nsIPrivacyTransitionObserver* aObserver)
+{
+ nsWeakPtr weakObs = do_GetWeakReference(aObserver);
+ if (!weakObs) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ return mPrivacyObservers.AppendElement(weakObs) ? NS_OK : NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::AddWeakReflowObserver(nsIReflowObserver* aObserver)
+{
+ nsWeakPtr weakObs = do_GetWeakReference(aObserver);
+ if (!weakObs) {
+ return NS_ERROR_FAILURE;
+ }
+ return mReflowObservers.AppendElement(weakObs) ? NS_OK : NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::RemoveWeakReflowObserver(nsIReflowObserver* aObserver)
+{
+ nsWeakPtr obs = do_GetWeakReference(aObserver);
+ return mReflowObservers.RemoveElement(obs) ? NS_OK : NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::NotifyReflowObservers(bool aInterruptible,
+ DOMHighResTimeStamp aStart,
+ DOMHighResTimeStamp aEnd)
+{
+ nsTObserverArray<nsWeakPtr>::ForwardIterator iter(mReflowObservers);
+ while (iter.HasMore()) {
+ nsWeakPtr ref = iter.GetNext();
+ nsCOMPtr<nsIReflowObserver> obs = do_QueryReferent(ref);
+ if (!obs) {
+ mReflowObservers.RemoveElement(ref);
+ } else if (aInterruptible) {
+ obs->ReflowInterruptible(aStart, aEnd);
+ } else {
+ obs->Reflow(aStart, aEnd);
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowMetaRedirects(bool* aReturn)
+{
+ NS_ENSURE_ARG_POINTER(aReturn);
+
+ *aReturn = mAllowMetaRedirects;
+ if (!mAllowMetaRedirects) {
+ return NS_OK;
+ }
+
+ bool unsafe;
+ *aReturn = NS_SUCCEEDED(GetChannelIsUnsafe(&unsafe)) && !unsafe;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowMetaRedirects(bool aValue)
+{
+ mAllowMetaRedirects = aValue;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowSubframes(bool* aAllowSubframes)
+{
+ NS_ENSURE_ARG_POINTER(aAllowSubframes);
+
+ *aAllowSubframes = mAllowSubframes;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowSubframes(bool aAllowSubframes)
+{
+ mAllowSubframes = aAllowSubframes;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowImages(bool* aAllowImages)
+{
+ NS_ENSURE_ARG_POINTER(aAllowImages);
+
+ *aAllowImages = mAllowImages;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowImages(bool aAllowImages)
+{
+ mAllowImages = aAllowImages;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowMedia(bool* aAllowMedia)
+{
+ *aAllowMedia = mAllowMedia;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowMedia(bool aAllowMedia)
+{
+ mAllowMedia = aAllowMedia;
+
+ // Mute or unmute audio contexts attached to the inner window.
+ if (mScriptGlobal) {
+ if (nsPIDOMWindowInner* innerWin =
+ mScriptGlobal->AsOuter()->GetCurrentInnerWindow()) {
+ if (aAllowMedia) {
+ innerWin->UnmuteAudioContexts();
+ } else {
+ innerWin->MuteAudioContexts();
+ }
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowDNSPrefetch(bool* aAllowDNSPrefetch)
+{
+ *aAllowDNSPrefetch = mAllowDNSPrefetch;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowDNSPrefetch(bool aAllowDNSPrefetch)
+{
+ mAllowDNSPrefetch = aAllowDNSPrefetch;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowWindowControl(bool* aAllowWindowControl)
+{
+ *aAllowWindowControl = mAllowWindowControl;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowWindowControl(bool aAllowWindowControl)
+{
+ mAllowWindowControl = aAllowWindowControl;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowContentRetargeting(bool* aAllowContentRetargeting)
+{
+ *aAllowContentRetargeting = mAllowContentRetargeting;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowContentRetargeting(bool aAllowContentRetargeting)
+{
+ mAllowContentRetargetingOnChildren = aAllowContentRetargeting;
+ mAllowContentRetargeting = aAllowContentRetargeting;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowContentRetargetingOnChildren(
+ bool* aAllowContentRetargetingOnChildren)
+{
+ *aAllowContentRetargetingOnChildren = mAllowContentRetargetingOnChildren;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowContentRetargetingOnChildren(
+ bool aAllowContentRetargetingOnChildren)
+{
+ mAllowContentRetargetingOnChildren = aAllowContentRetargetingOnChildren;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetInheritPrivateBrowsingId(bool* aInheritPrivateBrowsingId)
+{
+ *aInheritPrivateBrowsingId = mInheritPrivateBrowsingId;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetInheritPrivateBrowsingId(bool aInheritPrivateBrowsingId)
+{
+ mInheritPrivateBrowsingId = aInheritPrivateBrowsingId;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetFullscreenAllowed(bool* aFullscreenAllowed)
+{
+ NS_ENSURE_ARG_POINTER(aFullscreenAllowed);
+
+ // Browsers and apps have their mFullscreenAllowed retrieved from their
+ // corresponding iframe in their parent upon creation.
+ if (mFullscreenAllowed != CHECK_ATTRIBUTES) {
+ *aFullscreenAllowed = (mFullscreenAllowed == PARENT_ALLOWS);
+ return NS_OK;
+ }
+
+ // Assume false until we determine otherwise...
+ *aFullscreenAllowed = false;
+
+ nsCOMPtr<nsPIDOMWindowOuter> win = GetWindow();
+ if (!win) {
+ return NS_OK;
+ }
+ if (nsCOMPtr<Element> frameElement = win->GetFrameElementInternal()) {
+ if (frameElement->IsXULElement()) {
+ if (frameElement->HasAttr(kNameSpaceID_None,
+ nsGkAtoms::disablefullscreen)) {
+ // Document inside this frame is explicitly disabled.
+ return NS_OK;
+ }
+ } else {
+ // We do not allow document inside any containing element other
+ // than iframe to enter fullscreen.
+ if (frameElement->IsHTMLElement(nsGkAtoms::iframe)) {
+ // If any ancestor iframe does not have allowfullscreen attribute
+ // set, then fullscreen is not allowed.
+ if (!frameElement->HasAttr(kNameSpaceID_None,
+ nsGkAtoms::allowfullscreen) &&
+ !frameElement->HasAttr(kNameSpaceID_None,
+ nsGkAtoms::mozallowfullscreen)) {
+ return NS_OK;
+ }
+ } else if (frameElement->IsHTMLElement(nsGkAtoms::embed)) {
+ // Respect allowfullscreen only if this is a rewritten YouTube embed.
+ nsCOMPtr<nsIObjectLoadingContent> objectLoadingContent =
+ do_QueryInterface(frameElement);
+ if (!objectLoadingContent) {
+ return NS_OK;
+ }
+ nsObjectLoadingContent* olc =
+ static_cast<nsObjectLoadingContent*>(objectLoadingContent.get());
+ if (!olc->IsRewrittenYoutubeEmbed()) {
+ return NS_OK;
+ }
+ // We don't have to check prefixed attributes because Flash does not
+ // support them.
+ if (!frameElement->HasAttr(kNameSpaceID_None,
+ nsGkAtoms::allowfullscreen)) {
+ return NS_OK;
+ }
+ } else {
+ // neither iframe nor embed
+ return NS_OK;
+ }
+ }
+ }
+
+ // If we have no parent then we're the root docshell; no ancestor of the
+ // original docshell doesn't have a allowfullscreen attribute, so
+ // report fullscreen as allowed.
+ RefPtr<nsDocShell> parent = GetParentDocshell();
+ if (!parent) {
+ *aFullscreenAllowed = true;
+ return NS_OK;
+ }
+
+ // Otherwise, we have a parent, continue the checking for
+ // mozFullscreenAllowed in the parent docshell's ancestors.
+ return parent->GetFullscreenAllowed(aFullscreenAllowed);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetFullscreenAllowed(bool aFullscreenAllowed)
+{
+ if (!nsIDocShell::GetIsMozBrowserOrApp()) {
+ // Only allow setting of fullscreenAllowed on content/process boundaries.
+ // At non-boundaries the fullscreenAllowed attribute is calculated based on
+ // whether all enclosing frames have the "mozFullscreenAllowed" attribute
+ // set to "true". fullscreenAllowed is set at the process boundaries to
+ // propagate the value of the parent's "mozFullscreenAllowed" attribute
+ // across process boundaries.
+ return NS_ERROR_UNEXPECTED;
+ }
+ mFullscreenAllowed = (aFullscreenAllowed ? PARENT_ALLOWS : PARENT_PROHIBITS);
+ return NS_OK;
+}
+
+ScreenOrientationInternal
+nsDocShell::OrientationLock()
+{
+ return mOrientationLock;
+}
+
+void
+nsDocShell::SetOrientationLock(ScreenOrientationInternal aOrientationLock)
+{
+ mOrientationLock = aOrientationLock;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetMayEnableCharacterEncodingMenu(
+ bool* aMayEnableCharacterEncodingMenu)
+{
+ *aMayEnableCharacterEncodingMenu = false;
+ if (!mContentViewer) {
+ return NS_OK;
+ }
+ nsIDocument* doc = mContentViewer->GetDocument();
+ if (!doc) {
+ return NS_OK;
+ }
+ if (doc->WillIgnoreCharsetOverride()) {
+ return NS_OK;
+ }
+
+ *aMayEnableCharacterEncodingMenu = true;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetDocShellEnumerator(int32_t aItemType, int32_t aDirection,
+ nsISimpleEnumerator** aResult)
+{
+ NS_ENSURE_ARG_POINTER(aResult);
+ *aResult = nullptr;
+
+ RefPtr<nsDocShellEnumerator> docShellEnum;
+ if (aDirection == ENUMERATE_FORWARDS) {
+ docShellEnum = new nsDocShellForwardsEnumerator;
+ } else {
+ docShellEnum = new nsDocShellBackwardsEnumerator;
+ }
+
+ nsresult rv = docShellEnum->SetEnumDocShellType(aItemType);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ rv = docShellEnum->SetEnumerationRootItem((nsIDocShellTreeItem*)this);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ rv = docShellEnum->First();
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ rv = docShellEnum->QueryInterface(NS_GET_IID(nsISimpleEnumerator),
+ (void**)aResult);
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAppType(uint32_t* aAppType)
+{
+ *aAppType = mAppType;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAppType(uint32_t aAppType)
+{
+ mAppType = aAppType;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowAuth(bool* aAllowAuth)
+{
+ *aAllowAuth = mAllowAuth;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetAllowAuth(bool aAllowAuth)
+{
+ mAllowAuth = aAllowAuth;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetZoom(float* aZoom)
+{
+ NS_ENSURE_ARG_POINTER(aZoom);
+ *aZoom = 1.0f;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetZoom(float aZoom)
+{
+ return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetMarginWidth(int32_t* aWidth)
+{
+ NS_ENSURE_ARG_POINTER(aWidth);
+
+ *aWidth = mMarginWidth;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetMarginWidth(int32_t aWidth)
+{
+ mMarginWidth = aWidth;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetMarginHeight(int32_t* aHeight)
+{
+ NS_ENSURE_ARG_POINTER(aHeight);
+
+ *aHeight = mMarginHeight;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetMarginHeight(int32_t aHeight)
+{
+ mMarginHeight = aHeight;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetBusyFlags(uint32_t* aBusyFlags)
+{
+ NS_ENSURE_ARG_POINTER(aBusyFlags);
+
+ *aBusyFlags = mBusyFlags;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::TabToTreeOwner(bool aForward, bool aForDocumentNavigation, bool* aTookFocus)
+{
+ NS_ENSURE_ARG_POINTER(aTookFocus);
+
+ nsCOMPtr<nsIWebBrowserChromeFocus> chromeFocus = do_GetInterface(mTreeOwner);
+ if (chromeFocus) {
+ if (aForward) {
+ *aTookFocus = NS_SUCCEEDED(chromeFocus->FocusNextElement(aForDocumentNavigation));
+ } else {
+ *aTookFocus = NS_SUCCEEDED(chromeFocus->FocusPrevElement(aForDocumentNavigation));
+ }
+ } else {
+ *aTookFocus = false;
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSecurityUI(nsISecureBrowserUI** aSecurityUI)
+{
+ NS_IF_ADDREF(*aSecurityUI = mSecurityUI);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetSecurityUI(nsISecureBrowserUI* aSecurityUI)
+{
+ mSecurityUI = aSecurityUI;
+ mSecurityUI->SetDocShell(this);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetUseErrorPages(bool* aUseErrorPages)
+{
+ *aUseErrorPages = UseErrorPages();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetUseErrorPages(bool aUseErrorPages)
+{
+ // If mUseErrorPages is set explicitly, stop using sUseErrorPages.
+ if (mObserveErrorPages) {
+ mObserveErrorPages = false;
+ }
+ mUseErrorPages = aUseErrorPages;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetPreviousTransIndex(int32_t* aPreviousTransIndex)
+{
+ *aPreviousTransIndex = mPreviousTransIndex;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetLoadedTransIndex(int32_t* aLoadedTransIndex)
+{
+ *aLoadedTransIndex = mLoadedTransIndex;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::HistoryPurged(int32_t aNumEntries)
+{
+ // These indices are used for fastback cache eviction, to determine
+ // which session history entries are candidates for content viewer
+ // eviction. We need to adjust by the number of entries that we
+ // just purged from history, so that we look at the right session history
+ // entries during eviction.
+ mPreviousTransIndex = std::max(-1, mPreviousTransIndex - aNumEntries);
+ mLoadedTransIndex = std::max(0, mLoadedTransIndex - aNumEntries);
+
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> shell = do_QueryObject(iter.GetNext());
+ if (shell) {
+ shell->HistoryPurged(aNumEntries);
+ }
+ }
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::HistoryTransactionRemoved(int32_t aIndex)
+{
+ // These indices are used for fastback cache eviction, to determine
+ // which session history entries are candidates for content viewer
+ // eviction. We need to adjust by the number of entries that we
+ // just purged from history, so that we look at the right session history
+ // entries during eviction.
+ if (aIndex == mPreviousTransIndex) {
+ mPreviousTransIndex = -1;
+ } else if (aIndex < mPreviousTransIndex) {
+ --mPreviousTransIndex;
+ }
+ if (mLoadedTransIndex == aIndex) {
+ mLoadedTransIndex = 0;
+ } else if (aIndex < mLoadedTransIndex) {
+ --mLoadedTransIndex;
+ }
+
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> shell = do_QueryObject(iter.GetNext());
+ if (shell) {
+ static_cast<nsDocShell*>(shell.get())->HistoryTransactionRemoved(aIndex);
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetRecordProfileTimelineMarkers(bool aValue)
+{
+ bool currentValue = nsIDocShell::GetRecordProfileTimelineMarkers();
+ if (currentValue == aValue) {
+ return NS_OK;
+ }
+
+ RefPtr<TimelineConsumers> timelines = TimelineConsumers::Get();
+ if (!timelines) {
+ return NS_OK;
+ }
+
+ if (aValue) {
+ MOZ_ASSERT(!timelines->HasConsumer(this));
+ timelines->AddConsumer(this);
+ MOZ_ASSERT(timelines->HasConsumer(this));
+ UseEntryScriptProfiling();
+ } else {
+ MOZ_ASSERT(timelines->HasConsumer(this));
+ timelines->RemoveConsumer(this);
+ MOZ_ASSERT(!timelines->HasConsumer(this));
+ UnuseEntryScriptProfiling();
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetRecordProfileTimelineMarkers(bool* aValue)
+{
+ *aValue = !!mObserved;
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::PopProfileTimelineMarkers(
+ JSContext* aCx,
+ JS::MutableHandle<JS::Value> aOut)
+{
+ RefPtr<TimelineConsumers> timelines = TimelineConsumers::Get();
+ if (!timelines) {
+ return NS_OK;
+ }
+
+ nsTArray<dom::ProfileTimelineMarker> store;
+ SequenceRooter<dom::ProfileTimelineMarker> rooter(aCx, &store);
+
+ timelines->PopMarkers(this, aCx, store);
+
+ if (!ToJSValue(aCx, store, aOut)) {
+ JS_ClearPendingException(aCx);
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::Now(DOMHighResTimeStamp* aWhen)
+{
+ bool ignore;
+ *aWhen =
+ (TimeStamp::Now() - TimeStamp::ProcessCreation(ignore)).ToMilliseconds();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetWindowDraggingAllowed(bool aValue)
+{
+ RefPtr<nsDocShell> parent = GetParentDocshell();
+ if (!aValue && mItemType == typeChrome && !parent) {
+ // Window dragging is always allowed for top level
+ // chrome docshells.
+ return NS_ERROR_FAILURE;
+ }
+ mWindowDraggingAllowed = aValue;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetWindowDraggingAllowed(bool* aValue)
+{
+ // window dragging regions in CSS (-moz-window-drag:drag)
+ // can be slow. Default behavior is to only allow it for
+ // chrome top level windows.
+ RefPtr<nsDocShell> parent = GetParentDocshell();
+ if (mItemType == typeChrome && !parent) {
+ // Top level chrome window
+ *aValue = true;
+ } else {
+ *aValue = mWindowDraggingAllowed;
+ }
+ return NS_OK;
+}
+
+nsIDOMStorageManager*
+nsDocShell::TopSessionStorageManager()
+{
+ nsresult rv;
+
+ nsCOMPtr<nsIDocShellTreeItem> topItem;
+ rv = GetSameTypeRootTreeItem(getter_AddRefs(topItem));
+ if (NS_FAILED(rv)) {
+ return nullptr;
+ }
+
+ if (!topItem) {
+ return nullptr;
+ }
+
+ nsDocShell* topDocShell = static_cast<nsDocShell*>(topItem.get());
+ if (topDocShell != this) {
+ return topDocShell->TopSessionStorageManager();
+ }
+
+ if (!mSessionStorageManager) {
+ mSessionStorageManager =
+ do_CreateInstance("@mozilla.org/dom/sessionStorage-manager;1");
+ }
+
+ return mSessionStorageManager;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal,
+ const nsAString& aDocumentURI,
+ bool aCreate,
+ nsIDOMStorage** aStorage)
+{
+ nsCOMPtr<nsIDOMStorageManager> manager = TopSessionStorageManager();
+ if (!manager) {
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> domWin = GetWindow();
+
+ AssertOriginAttributesMatchPrivateBrowsing();
+ if (aCreate) {
+ return manager->CreateStorage(domWin->GetCurrentInnerWindow(), aPrincipal,
+ aDocumentURI, UsePrivateBrowsing(), aStorage);
+ }
+
+ return manager->GetStorage(domWin->GetCurrentInnerWindow(), aPrincipal,
+ UsePrivateBrowsing(), aStorage);
+}
+
+nsresult
+nsDocShell::AddSessionStorage(nsIPrincipal* aPrincipal, nsIDOMStorage* aStorage)
+{
+ RefPtr<DOMStorage> storage = static_cast<DOMStorage*>(aStorage);
+ if (!storage) {
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ nsIPrincipal* storagePrincipal = storage->GetPrincipal();
+ if (storagePrincipal != aPrincipal) {
+ NS_ERROR("Wanting to add a sessionStorage for different principal");
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+
+ nsCOMPtr<nsIDOMStorageManager> manager = TopSessionStorageManager();
+ if (!manager) {
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ return manager->CloneStorage(aStorage);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCurrentDocumentChannel(nsIChannel** aResult)
+{
+ NS_IF_ADDREF(*aResult = GetCurrentDocChannel());
+ return NS_OK;
+}
+
+nsIChannel*
+nsDocShell::GetCurrentDocChannel()
+{
+ if (mContentViewer) {
+ nsIDocument* doc = mContentViewer->GetDocument();
+ if (doc) {
+ return doc->GetChannel();
+ }
+ }
+ return nullptr;
+}
+
+NS_IMETHODIMP
+nsDocShell::AddWeakScrollObserver(nsIScrollObserver* aObserver)
+{
+ nsWeakPtr weakObs = do_GetWeakReference(aObserver);
+ if (!weakObs) {
+ return NS_ERROR_FAILURE;
+ }
+ return mScrollObservers.AppendElement(weakObs) ? NS_OK : NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::RemoveWeakScrollObserver(nsIScrollObserver* aObserver)
+{
+ nsWeakPtr obs = do_GetWeakReference(aObserver);
+ return mScrollObservers.RemoveElement(obs) ? NS_OK : NS_ERROR_FAILURE;
+}
+
+void
+nsDocShell::NotifyAsyncPanZoomStarted()
+{
+ nsTObserverArray<nsWeakPtr>::ForwardIterator iter(mScrollObservers);
+ while (iter.HasMore()) {
+ nsWeakPtr ref = iter.GetNext();
+ nsCOMPtr<nsIScrollObserver> obs = do_QueryReferent(ref);
+ if (obs) {
+ obs->AsyncPanZoomStarted();
+ } else {
+ mScrollObservers.RemoveElement(ref);
+ }
+ }
+}
+
+void
+nsDocShell::NotifyAsyncPanZoomStopped()
+{
+ nsTObserverArray<nsWeakPtr>::ForwardIterator iter(mScrollObservers);
+ while (iter.HasMore()) {
+ nsWeakPtr ref = iter.GetNext();
+ nsCOMPtr<nsIScrollObserver> obs = do_QueryReferent(ref);
+ if (obs) {
+ obs->AsyncPanZoomStopped();
+ } else {
+ mScrollObservers.RemoveElement(ref);
+ }
+ }
+}
+
+NS_IMETHODIMP
+nsDocShell::NotifyScrollObservers()
+{
+ nsTObserverArray<nsWeakPtr>::ForwardIterator iter(mScrollObservers);
+ while (iter.HasMore()) {
+ nsWeakPtr ref = iter.GetNext();
+ nsCOMPtr<nsIScrollObserver> obs = do_QueryReferent(ref);
+ if (obs) {
+ obs->ScrollPositionChanged();
+ } else {
+ mScrollObservers.RemoveElement(ref);
+ }
+ }
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIDocShellTreeItem
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::GetName(nsAString& aName)
+{
+ aName = mName;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetName(const nsAString& aName)
+{
+ mName = aName;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::NameEquals(const nsAString& aName, bool* aResult)
+{
+ NS_ENSURE_ARG_POINTER(aResult);
+ *aResult = mName.Equals(aName);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCustomUserAgent(nsAString& aCustomUserAgent)
+{
+ aCustomUserAgent = mCustomUserAgent;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetCustomUserAgent(const nsAString& aCustomUserAgent)
+{
+ mCustomUserAgent = aCustomUserAgent;
+ RefPtr<nsGlobalWindow> win = mScriptGlobal ?
+ mScriptGlobal->GetCurrentInnerWindowInternal() : nullptr;
+ if (win) {
+ ErrorResult ignored;
+ Navigator* navigator = win->GetNavigator(ignored);
+ ignored.SuppressException();
+ if (navigator) {
+ navigator->ClearUserAgentCache();
+ }
+ }
+
+ uint32_t childCount = mChildList.Length();
+ for (uint32_t i = 0; i < childCount; ++i) {
+ nsCOMPtr<nsIDocShell> childShell = do_QueryInterface(ChildAt(i));
+ if (childShell) {
+ childShell->SetCustomUserAgent(aCustomUserAgent);
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetTouchEventsOverride(uint32_t* aTouchEventsOverride)
+{
+ NS_ENSURE_ARG_POINTER(aTouchEventsOverride);
+
+ *aTouchEventsOverride = mTouchEventsOverride;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetTouchEventsOverride(uint32_t aTouchEventsOverride)
+{
+ if (!(aTouchEventsOverride == nsIDocShell::TOUCHEVENTS_OVERRIDE_NONE ||
+ aTouchEventsOverride == nsIDocShell::TOUCHEVENTS_OVERRIDE_ENABLED ||
+ aTouchEventsOverride == nsIDocShell::TOUCHEVENTS_OVERRIDE_DISABLED)) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ mTouchEventsOverride = aTouchEventsOverride;
+
+ uint32_t childCount = mChildList.Length();
+ for (uint32_t i = 0; i < childCount; ++i) {
+ nsCOMPtr<nsIDocShell> childShell = do_QueryInterface(ChildAt(i));
+ if (childShell) {
+ childShell->SetTouchEventsOverride(aTouchEventsOverride);
+ }
+ }
+ return NS_OK;
+}
+
+/* virtual */ int32_t
+nsDocShell::ItemType()
+{
+ return mItemType;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetItemType(int32_t* aItemType)
+{
+ NS_ENSURE_ARG_POINTER(aItemType);
+
+ *aItemType = ItemType();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetItemType(int32_t aItemType)
+{
+ NS_ENSURE_ARG((aItemType == typeChrome) || (typeContent == aItemType));
+
+ // Only allow setting the type on root docshells. Those would be the ones
+ // that have the docloader service as mParent or have no mParent at all.
+ nsCOMPtr<nsIDocumentLoader> docLoaderService =
+ do_GetService(NS_DOCUMENTLOADER_SERVICE_CONTRACTID);
+ NS_ENSURE_TRUE(docLoaderService, NS_ERROR_UNEXPECTED);
+
+ NS_ENSURE_STATE(!mParent || mParent == docLoaderService);
+
+ mItemType = aItemType;
+
+ // disable auth prompting for anything but content
+ mAllowAuth = mItemType == typeContent;
+
+ RefPtr<nsPresContext> presContext = nullptr;
+ GetPresContext(getter_AddRefs(presContext));
+ if (presContext) {
+ presContext->UpdateIsChrome();
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetParent(nsIDocShellTreeItem** aParent)
+{
+ if (!mParent) {
+ *aParent = nullptr;
+ } else {
+ CallQueryInterface(mParent, aParent);
+ }
+ // Note that in the case when the parent is not an nsIDocShellTreeItem we
+ // don't want to throw; we just want to return null.
+ return NS_OK;
+}
+
+already_AddRefed<nsDocShell>
+nsDocShell::GetParentDocshell()
+{
+ nsCOMPtr<nsIDocShell> docshell = do_QueryInterface(GetAsSupports(mParent));
+ return docshell.forget().downcast<nsDocShell>();
+}
+
+void
+nsDocShell::RecomputeCanExecuteScripts()
+{
+ bool old = mCanExecuteScripts;
+ RefPtr<nsDocShell> parent = GetParentDocshell();
+
+ // If we have no tree owner, that means that we've been detached from the
+ // docshell tree (this is distinct from having no parent dochshell, which
+ // is the case for root docshells). It would be nice to simply disallow
+ // script in detached docshells, but bug 986542 demonstrates that this
+ // behavior breaks at least one website.
+ //
+ // So instead, we use our previous value, unless mAllowJavascript has been
+ // explicitly set to false.
+ if (!mTreeOwner) {
+ mCanExecuteScripts = mCanExecuteScripts && mAllowJavascript;
+ // If scripting has been explicitly disabled on our docshell, we're done.
+ } else if (!mAllowJavascript) {
+ mCanExecuteScripts = false;
+ // If we have a parent, inherit.
+ } else if (parent) {
+ mCanExecuteScripts = parent->mCanExecuteScripts;
+ // Otherwise, we're the root of the tree, and we haven't explicitly disabled
+ // script. Allow.
+ } else {
+ mCanExecuteScripts = true;
+ }
+
+ // Inform our active DOM window.
+ //
+ // This will pass the outer, which will be in the scope of the active inner.
+ if (mScriptGlobal && mScriptGlobal->GetGlobalJSObject()) {
+ xpc::Scriptability& scriptability =
+ xpc::Scriptability::Get(mScriptGlobal->GetGlobalJSObject());
+ scriptability.SetDocShellAllowsScript(mCanExecuteScripts);
+ }
+
+ // If our value has changed, our children might be affected. Recompute their
+ // value as well.
+ if (old != mCanExecuteScripts) {
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ static_cast<nsDocShell*>(iter.GetNext())->RecomputeCanExecuteScripts();
+ }
+ }
+}
+
+nsresult
+nsDocShell::SetDocLoaderParent(nsDocLoader* aParent)
+{
+ bool wasFrame = IsFrame();
+#ifdef DEBUG
+ bool wasPrivate = UsePrivateBrowsing();
+#endif
+
+ nsresult rv = nsDocLoader::SetDocLoaderParent(aParent);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsISupportsPriority> priorityGroup = do_QueryInterface(mLoadGroup);
+ if (wasFrame != IsFrame() && priorityGroup) {
+ priorityGroup->AdjustPriority(wasFrame ? -1 : 1);
+ }
+
+ // Curse ambiguous nsISupports inheritance!
+ nsISupports* parent = GetAsSupports(aParent);
+
+ // If parent is another docshell, we inherit all their flags for
+ // allowing plugins, scripting etc.
+ bool value;
+ nsString customUserAgent;
+ nsCOMPtr<nsIDocShell> parentAsDocShell(do_QueryInterface(parent));
+ if (parentAsDocShell) {
+ if (mAllowPlugins && NS_SUCCEEDED(parentAsDocShell->GetAllowPlugins(&value))) {
+ SetAllowPlugins(value);
+ }
+ if (mAllowJavascript && NS_SUCCEEDED(parentAsDocShell->GetAllowJavascript(&value))) {
+ SetAllowJavascript(value);
+ }
+ if (mAllowMetaRedirects && NS_SUCCEEDED(parentAsDocShell->GetAllowMetaRedirects(&value))) {
+ SetAllowMetaRedirects(value);
+ }
+ if (mAllowSubframes && NS_SUCCEEDED(parentAsDocShell->GetAllowSubframes(&value))) {
+ SetAllowSubframes(value);
+ }
+ if (mAllowImages && NS_SUCCEEDED(parentAsDocShell->GetAllowImages(&value))) {
+ SetAllowImages(value);
+ }
+ SetAllowMedia(parentAsDocShell->GetAllowMedia() && mAllowMedia);
+ if (mAllowWindowControl && NS_SUCCEEDED(parentAsDocShell->GetAllowWindowControl(&value))) {
+ SetAllowWindowControl(value);
+ }
+ SetAllowContentRetargeting(mAllowContentRetargeting &&
+ parentAsDocShell->GetAllowContentRetargetingOnChildren());
+ if (parentAsDocShell->GetIsPrerendered()) {
+ SetIsPrerendered();
+ }
+ if (NS_SUCCEEDED(parentAsDocShell->GetIsActive(&value))) {
+ // a prerendered docshell is not active yet
+ SetIsActive(value && !mIsPrerendered);
+ }
+ if (NS_SUCCEEDED(parentAsDocShell->GetCustomUserAgent(customUserAgent)) &&
+ !customUserAgent.IsEmpty()) {
+ SetCustomUserAgent(customUserAgent);
+ }
+ if (NS_FAILED(parentAsDocShell->GetAllowDNSPrefetch(&value))) {
+ value = false;
+ }
+ SetAllowDNSPrefetch(mAllowDNSPrefetch && value);
+ if (mInheritPrivateBrowsingId) {
+ value = parentAsDocShell->GetAffectPrivateSessionLifetime();
+ SetAffectPrivateSessionLifetime(value);
+ }
+ uint32_t flags;
+ if (NS_SUCCEEDED(parentAsDocShell->GetDefaultLoadFlags(&flags))) {
+ SetDefaultLoadFlags(flags);
+ }
+ uint32_t touchEventsOverride;
+ if (NS_SUCCEEDED(parentAsDocShell->GetTouchEventsOverride(&touchEventsOverride))) {
+ SetTouchEventsOverride(touchEventsOverride);
+ }
+ }
+
+ nsCOMPtr<nsILoadContext> parentAsLoadContext(do_QueryInterface(parent));
+ if (parentAsLoadContext && mInheritPrivateBrowsingId &&
+ NS_SUCCEEDED(parentAsLoadContext->GetUsePrivateBrowsing(&value))) {
+ SetPrivateBrowsing(value);
+ }
+
+ nsCOMPtr<nsIURIContentListener> parentURIListener(do_GetInterface(parent));
+ if (parentURIListener) {
+ mContentListener->SetParentContentListener(parentURIListener);
+ }
+
+ // Our parent has changed. Recompute scriptability.
+ RecomputeCanExecuteScripts();
+
+ NS_ASSERTION(mInheritPrivateBrowsingId || wasPrivate == UsePrivateBrowsing(),
+ "Private browsing state changed while inheritance was disabled");
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSameTypeParent(nsIDocShellTreeItem** aParent)
+{
+ NS_ENSURE_ARG_POINTER(aParent);
+ *aParent = nullptr;
+
+ if (nsIDocShell::GetIsMozBrowserOrApp()) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIDocShellTreeItem> parent =
+ do_QueryInterface(GetAsSupports(mParent));
+ if (!parent) {
+ return NS_OK;
+ }
+
+ if (parent->ItemType() == mItemType) {
+ parent.swap(*aParent);
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSameTypeParentIgnoreBrowserAndAppBoundaries(nsIDocShell** aParent)
+{
+ NS_ENSURE_ARG_POINTER(aParent);
+ *aParent = nullptr;
+
+ nsCOMPtr<nsIDocShellTreeItem> parent =
+ do_QueryInterface(GetAsSupports(mParent));
+ if (!parent) {
+ return NS_OK;
+ }
+
+ if (parent->ItemType() == mItemType) {
+ nsCOMPtr<nsIDocShell> parentDS = do_QueryInterface(parent);
+ parentDS.forget(aParent);
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetRootTreeItem(nsIDocShellTreeItem** aRootTreeItem)
+{
+ NS_ENSURE_ARG_POINTER(aRootTreeItem);
+
+ RefPtr<nsDocShell> root = this;
+ RefPtr<nsDocShell> parent = root->GetParentDocshell();
+ while (parent) {
+ root = parent;
+ parent = root->GetParentDocshell();
+ }
+
+ root.forget(aRootTreeItem);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSameTypeRootTreeItem(nsIDocShellTreeItem** aRootTreeItem)
+{
+ NS_ENSURE_ARG_POINTER(aRootTreeItem);
+ *aRootTreeItem = static_cast<nsIDocShellTreeItem*>(this);
+
+ nsCOMPtr<nsIDocShellTreeItem> parent;
+ NS_ENSURE_SUCCESS(GetSameTypeParent(getter_AddRefs(parent)),
+ NS_ERROR_FAILURE);
+ while (parent) {
+ *aRootTreeItem = parent;
+ NS_ENSURE_SUCCESS(
+ (*aRootTreeItem)->GetSameTypeParent(getter_AddRefs(parent)),
+ NS_ERROR_FAILURE);
+ }
+ NS_ADDREF(*aRootTreeItem);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSameTypeRootTreeItemIgnoreBrowserAndAppBoundaries(nsIDocShell ** aRootTreeItem)
+{
+ NS_ENSURE_ARG_POINTER(aRootTreeItem);
+ *aRootTreeItem = static_cast<nsIDocShell *>(this);
+
+ nsCOMPtr<nsIDocShell> parent;
+ NS_ENSURE_SUCCESS(GetSameTypeParentIgnoreBrowserAndAppBoundaries(getter_AddRefs(parent)),
+ NS_ERROR_FAILURE);
+ while (parent) {
+ *aRootTreeItem = parent;
+ NS_ENSURE_SUCCESS((*aRootTreeItem)->
+ GetSameTypeParentIgnoreBrowserAndAppBoundaries(getter_AddRefs(parent)),
+ NS_ERROR_FAILURE);
+ }
+ NS_ADDREF(*aRootTreeItem);
+ return NS_OK;
+}
+
+/* static */
+bool
+nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
+ nsIDocShellTreeItem* aAccessingItem,
+ bool aConsiderOpener)
+{
+ NS_PRECONDITION(aTargetItem, "Must have target item!");
+
+ if (!gValidateOrigin || !aAccessingItem) {
+ // Good to go
+ return true;
+ }
+
+ // XXXbz should we care if aAccessingItem or the document therein is
+ // chrome? Should those get extra privileges?
+
+ // For historical context, see:
+ //
+ // Bug 13871: Prevent frameset spoofing
+ // Bug 103638: Targets with same name in different windows open in wrong
+ // window with javascript
+ // Bug 408052: Adopt "ancestor" frame navigation policy
+
+ // Now do a security check.
+ //
+ // Disallow navigation if the two frames are not part of the same app, or if
+ // they have different is-in-browser-element states.
+ //
+ // Allow navigation if
+ // 1) aAccessingItem can script aTargetItem or one of its ancestors in
+ // the frame hierarchy or
+ // 2) aTargetItem is a top-level frame and aAccessingItem is its descendant
+ // 3) aTargetItem is a top-level frame and aAccessingItem can target
+ // its opener per rule (1) or (2).
+
+ if (aTargetItem == aAccessingItem) {
+ // A frame is allowed to navigate itself.
+ return true;
+ }
+
+ nsCOMPtr<nsIDocShell> targetDS = do_QueryInterface(aTargetItem);
+ nsCOMPtr<nsIDocShell> accessingDS = do_QueryInterface(aAccessingItem);
+ if (!targetDS || !accessingDS) {
+ // We must be able to convert both to nsIDocShell.
+ return false;
+ }
+
+ if (targetDS->GetIsInIsolatedMozBrowserElement() !=
+ accessingDS->GetIsInIsolatedMozBrowserElement() ||
+ targetDS->GetAppId() != accessingDS->GetAppId()) {
+ return false;
+ }
+
+ nsCOMPtr<nsIDocShellTreeItem> accessingRoot;
+ aAccessingItem->GetSameTypeRootTreeItem(getter_AddRefs(accessingRoot));
+ nsCOMPtr<nsIDocShell> accessingRootDS = do_QueryInterface(accessingRoot);
+
+ nsCOMPtr<nsIDocShellTreeItem> targetRoot;
+ aTargetItem->GetSameTypeRootTreeItem(getter_AddRefs(targetRoot));
+ nsCOMPtr<nsIDocShell> targetRootDS = do_QueryInterface(targetRoot);
+
+ DocShellOriginAttributes targetOA =
+ static_cast<nsDocShell*>(targetDS.get())->GetOriginAttributes();
+ DocShellOriginAttributes accessingOA =
+ static_cast<nsDocShell*>(accessingDS.get())->GetOriginAttributes();
+
+ // When the first party isolation is on, the top-level docShell may not have
+ // the firstPartyDomain in its originAttributes, but its document will have
+ // it. So we get the firstPartyDomain from the nodePrincipal of the document
+ // before we compare the originAttributes.
+ if (OriginAttributes::IsFirstPartyEnabled()) {
+ if (accessingDS == accessingRootDS &&
+ aAccessingItem->ItemType() == nsIDocShellTreeItem::typeContent &&
+ !accessingDS->GetIsMozBrowserOrApp()) {
+
+ nsCOMPtr<nsIDocument> accessingDoc = aAccessingItem->GetDocument();
+
+ if (accessingDoc) {
+ nsCOMPtr<nsIPrincipal> accessingPrincipal = accessingDoc->NodePrincipal();
+
+ accessingOA.mFirstPartyDomain =
+ BasePrincipal::Cast(accessingPrincipal)->OriginAttributesRef().mFirstPartyDomain;
+ }
+ }
+
+ if (targetDS == targetRootDS &&
+ aTargetItem->ItemType() == nsIDocShellTreeItem::typeContent &&
+ !targetDS->GetIsMozBrowserOrApp()) {
+
+ nsCOMPtr<nsIDocument> targetDoc = aAccessingItem->GetDocument();
+
+ if (targetDoc) {
+ nsCOMPtr<nsIPrincipal> targetPrincipal = targetDoc->NodePrincipal();
+
+ targetOA.mFirstPartyDomain =
+ BasePrincipal::Cast(targetPrincipal)->OriginAttributesRef().mFirstPartyDomain;
+ }
+ }
+ }
+
+ if (targetOA != accessingOA) {
+ return false;
+ }
+
+ // A private document can't access a non-private one, and vice versa.
+ if (static_cast<nsDocShell*>(targetDS.get())->UsePrivateBrowsing() !=
+ static_cast<nsDocShell*>(accessingDS.get())->UsePrivateBrowsing()) {
+ return false;
+ }
+
+ if (aTargetItem == accessingRoot) {
+ // A frame can navigate its root.
+ return true;
+ }
+
+ // Check if aAccessingItem can navigate one of aTargetItem's ancestors.
+ nsCOMPtr<nsIDocShellTreeItem> target = aTargetItem;
+ do {
+ if (ValidateOrigin(aAccessingItem, target)) {
+ return true;
+ }
+
+ nsCOMPtr<nsIDocShellTreeItem> parent;
+ target->GetSameTypeParent(getter_AddRefs(parent));
+ parent.swap(target);
+ } while (target);
+
+ if (aTargetItem != targetRoot) {
+ // target is a subframe, not in accessor's frame hierarchy, and all its
+ // ancestors have origins different from that of the accessor. Don't
+ // allow access.
+ return false;
+ }
+
+ if (!aConsiderOpener) {
+ // All done here
+ return false;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> targetWindow = aTargetItem->GetWindow();
+ if (!targetWindow) {
+ NS_ERROR("This should not happen, really");
+ return false;
+ }
+
+ nsCOMPtr<mozIDOMWindowProxy> targetOpener = targetWindow->GetOpener();
+ nsCOMPtr<nsIWebNavigation> openerWebNav(do_GetInterface(targetOpener));
+ nsCOMPtr<nsIDocShellTreeItem> openerItem(do_QueryInterface(openerWebNav));
+
+ if (!openerItem) {
+ return false;
+ }
+
+ return CanAccessItem(openerItem, aAccessingItem, false);
+}
+
+static bool
+ItemIsActive(nsIDocShellTreeItem* aItem)
+{
+ if (nsCOMPtr<nsPIDOMWindowOuter> window = aItem->GetWindow()) {
+ auto* win = nsGlobalWindow::Cast(window);
+ MOZ_ASSERT(win->IsOuterWindow());
+ if (!win->GetClosedOuter()) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+NS_IMETHODIMP
+nsDocShell::FindItemWithName(const nsAString& aName,
+ nsISupports* aRequestor,
+ nsIDocShellTreeItem* aOriginalRequestor,
+ nsIDocShellTreeItem** aResult)
+{
+ NS_ENSURE_ARG_POINTER(aResult);
+
+ // If we don't find one, we return NS_OK and a null result
+ *aResult = nullptr;
+
+ if (aName.IsEmpty()) {
+ return NS_OK;
+ }
+
+ if (aRequestor) {
+ // If aRequestor is not null we don't need to check special names, so
+ // just hand straight off to the search by actual name function.
+ return DoFindItemWithName(aName, aRequestor, aOriginalRequestor, aResult);
+ } else {
+ // This is the entry point into the target-finding algorithm. Check
+ // for special names. This should only be done once, hence the check
+ // for a null aRequestor.
+
+ nsCOMPtr<nsIDocShellTreeItem> foundItem;
+ if (aName.LowerCaseEqualsLiteral("_self")) {
+ foundItem = this;
+ } else if (aName.LowerCaseEqualsLiteral("_blank")) {
+ // Just return null. Caller must handle creating a new window with
+ // a blank name himself.
+ return NS_OK;
+ } else if (aName.LowerCaseEqualsLiteral("_parent")) {
+ GetSameTypeParent(getter_AddRefs(foundItem));
+ if (!foundItem) {
+ foundItem = this;
+ }
+ } else if (aName.LowerCaseEqualsLiteral("_top")) {
+ GetSameTypeRootTreeItem(getter_AddRefs(foundItem));
+ NS_ASSERTION(foundItem, "Must have this; worst case it's us!");
+ } else {
+ // Do the search for item by an actual name.
+ DoFindItemWithName(aName, aRequestor, aOriginalRequestor,
+ getter_AddRefs(foundItem));
+ }
+
+ if (foundItem && !CanAccessItem(foundItem, aOriginalRequestor)) {
+ foundItem = nullptr;
+ }
+
+ // DoFindItemWithName only returns active items and we don't check if
+ // the item is active for the special cases.
+ if (foundItem) {
+ foundItem.swap(*aResult);
+ }
+ return NS_OK;
+ }
+}
+
+void
+nsDocShell::AssertOriginAttributesMatchPrivateBrowsing() {
+ // Chrome docshells must not have a private browsing OriginAttribute
+ // Content docshells must maintain the equality:
+ // mOriginAttributes.mPrivateBrowsingId == mPrivateBrowsingId
+ if (mItemType == typeChrome) {
+ MOZ_DIAGNOSTIC_ASSERT(mOriginAttributes.mPrivateBrowsingId == 0);
+ } else {
+ MOZ_DIAGNOSTIC_ASSERT(mOriginAttributes.mPrivateBrowsingId == mPrivateBrowsingId);
+ }
+}
+
+nsresult
+nsDocShell::DoFindItemWithName(const nsAString& aName,
+ nsISupports* aRequestor,
+ nsIDocShellTreeItem* aOriginalRequestor,
+ nsIDocShellTreeItem** aResult)
+{
+ // First we check our name.
+ if (mName.Equals(aName) && ItemIsActive(this) &&
+ CanAccessItem(this, aOriginalRequestor)) {
+ NS_ADDREF(*aResult = this);
+ return NS_OK;
+ }
+
+ // This QI may fail, but the places where we want to compare, comparing
+ // against nullptr serves the same purpose.
+ nsCOMPtr<nsIDocShellTreeItem> reqAsTreeItem(do_QueryInterface(aRequestor));
+
+ // Second we check our children making sure not to ask a child if
+ // it is the aRequestor.
+#ifdef DEBUG
+ nsresult rv =
+#endif
+ FindChildWithName(aName, true, true, reqAsTreeItem, aOriginalRequestor,
+ aResult);
+ NS_ASSERTION(NS_SUCCEEDED(rv),
+ "FindChildWithName should not be failing here.");
+ if (*aResult) {
+ return NS_OK;
+ }
+
+ // Third if we have a parent and it isn't the requestor then we
+ // should ask it to do the search. If it is the requestor we
+ // should just stop here and let the parent do the rest. If we
+ // don't have a parent, then we should ask the
+ // docShellTreeOwner to do the search.
+ nsCOMPtr<nsIDocShellTreeItem> parentAsTreeItem =
+ do_QueryInterface(GetAsSupports(mParent));
+ if (parentAsTreeItem) {
+ if (parentAsTreeItem == reqAsTreeItem) {
+ return NS_OK;
+ }
+
+ // If we have a same-type parent, respecting browser and app boundaries.
+ // NOTE: Could use GetSameTypeParent if the issues described in bug 1310344 are fixed.
+ if (!GetIsMozBrowserOrApp() && parentAsTreeItem->ItemType() == mItemType) {
+ return parentAsTreeItem->FindItemWithName(
+ aName,
+ static_cast<nsIDocShellTreeItem*>(this),
+ aOriginalRequestor,
+ aResult);
+ }
+ }
+
+ // If we have a null parent or the parent is not of the same type, we need to
+ // give up on finding it in our tree, and start looking in our TabGroup.
+ nsCOMPtr<nsPIDOMWindowOuter> window = GetWindow();
+ if (window) {
+ RefPtr<mozilla::dom::TabGroup> tabGroup = window->TabGroup();
+ // We don't want to make the request to our TabGroup if they are the ones
+ // which made a request to us.
+ if (tabGroup != aRequestor) {
+ tabGroup->FindItemWithName(aName, this, aOriginalRequestor, aResult);
+ }
+ }
+
+ return NS_OK;
+}
+
+bool
+nsDocShell::IsSandboxedFrom(nsIDocShell* aTargetDocShell)
+{
+ // If no target then not sandboxed.
+ if (!aTargetDocShell) {
+ return false;
+ }
+
+ // We cannot be sandboxed from ourselves.
+ if (aTargetDocShell == this) {
+ return false;
+ }
+
+ // Default the sandbox flags to our flags, so that if we can't retrieve the
+ // active document, we will still enforce our own.
+ uint32_t sandboxFlags = mSandboxFlags;
+ if (mContentViewer) {
+ nsCOMPtr<nsIDocument> doc = mContentViewer->GetDocument();
+ if (doc) {
+ sandboxFlags = doc->GetSandboxFlags();
+ }
+ }
+
+ // If no flags, we are not sandboxed at all.
+ if (!sandboxFlags) {
+ return false;
+ }
+
+ // If aTargetDocShell has an ancestor, it is not top level.
+ nsCOMPtr<nsIDocShellTreeItem> ancestorOfTarget;
+ aTargetDocShell->GetSameTypeParent(getter_AddRefs(ancestorOfTarget));
+ if (ancestorOfTarget) {
+ do {
+ // We are not sandboxed if we are an ancestor of target.
+ if (ancestorOfTarget == this) {
+ return false;
+ }
+ nsCOMPtr<nsIDocShellTreeItem> tempTreeItem;
+ ancestorOfTarget->GetSameTypeParent(getter_AddRefs(tempTreeItem));
+ tempTreeItem.swap(ancestorOfTarget);
+ } while (ancestorOfTarget);
+
+ // Otherwise, we are sandboxed from aTargetDocShell.
+ return true;
+ }
+
+ // aTargetDocShell is top level, are we the "one permitted sandboxed
+ // navigator", i.e. did we open aTargetDocShell?
+ nsCOMPtr<nsIDocShell> permittedNavigator;
+ aTargetDocShell->GetOnePermittedSandboxedNavigator(
+ getter_AddRefs(permittedNavigator));
+ if (permittedNavigator == this) {
+ return false;
+ }
+
+ // If SANDBOXED_TOPLEVEL_NAVIGATION flag is not on, we are not sandboxed
+ // from our top.
+ if (!(sandboxFlags & SANDBOXED_TOPLEVEL_NAVIGATION)) {
+ nsCOMPtr<nsIDocShellTreeItem> rootTreeItem;
+ GetSameTypeRootTreeItem(getter_AddRefs(rootTreeItem));
+ if (SameCOMIdentity(aTargetDocShell, rootTreeItem)) {
+ return false;
+ }
+ }
+
+ // Otherwise, we are sandboxed from aTargetDocShell.
+ return true;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetTreeOwner(nsIDocShellTreeOwner** aTreeOwner)
+{
+ NS_ENSURE_ARG_POINTER(aTreeOwner);
+
+ *aTreeOwner = mTreeOwner;
+ NS_IF_ADDREF(*aTreeOwner);
+ return NS_OK;
+}
+
+#ifdef DEBUG_DOCSHELL_FOCUS
+static void
+PrintDocTree(nsIDocShellTreeItem* aParentNode, int aLevel)
+{
+ for (int32_t i = 0; i < aLevel; i++) {
+ printf(" ");
+ }
+
+ int32_t childWebshellCount;
+ aParentNode->GetChildCount(&childWebshellCount);
+ nsCOMPtr<nsIDocShell> parentAsDocShell(do_QueryInterface(aParentNode));
+ int32_t type = aParentNode->ItemType();
+ nsCOMPtr<nsIPresShell> presShell = parentAsDocShell->GetPresShell();
+ RefPtr<nsPresContext> presContext;
+ parentAsDocShell->GetPresContext(getter_AddRefs(presContext));
+ nsIDocument* doc = presShell->GetDocument();
+
+ nsCOMPtr<nsPIDOMWindowOuter> domwin(doc->GetWindow());
+
+ nsCOMPtr<nsIWidget> widget;
+ nsViewManager* vm = presShell->GetViewManager();
+ if (vm) {
+ vm->GetWidget(getter_AddRefs(widget));
+ }
+ dom::Element* rootElement = doc->GetRootElement();
+
+ printf("DS %p Ty %s Doc %p DW %p EM %p CN %p\n",
+ (void*)parentAsDocShell.get(),
+ type == nsIDocShellTreeItem::typeChrome ? "Chr" : "Con",
+ (void*)doc, (void*)domwin.get(),
+ (void*)presContext->EventStateManager(), (void*)rootElement);
+
+ if (childWebshellCount > 0) {
+ for (int32_t i = 0; i < childWebshellCount; i++) {
+ nsCOMPtr<nsIDocShellTreeItem> child;
+ aParentNode->GetChildAt(i, getter_AddRefs(child));
+ PrintDocTree(child, aLevel + 1);
+ }
+ }
+}
+
+static void
+PrintDocTree(nsIDocShellTreeItem* aParentNode)
+{
+ NS_ASSERTION(aParentNode, "Pointer is null!");
+
+ nsCOMPtr<nsIDocShellTreeItem> parentItem;
+ aParentNode->GetParent(getter_AddRefs(parentItem));
+ while (parentItem) {
+ nsCOMPtr<nsIDocShellTreeItem> tmp;
+ parentItem->GetParent(getter_AddRefs(tmp));
+ if (!tmp) {
+ break;
+ }
+ parentItem = tmp;
+ }
+
+ if (!parentItem) {
+ parentItem = aParentNode;
+ }
+
+ PrintDocTree(parentItem, 0);
+}
+#endif
+
+NS_IMETHODIMP
+nsDocShell::SetTreeOwner(nsIDocShellTreeOwner* aTreeOwner)
+{
+#ifdef DEBUG_DOCSHELL_FOCUS
+ nsCOMPtr<nsIDocShellTreeItem> item(do_QueryInterface(aTreeOwner));
+ if (item) {
+ PrintDocTree(item);
+ }
+#endif
+
+ // Don't automatically set the progress based on the tree owner for frames
+ if (!IsFrame()) {
+ nsCOMPtr<nsIWebProgress> webProgress =
+ do_QueryInterface(GetAsSupports(this));
+
+ if (webProgress) {
+ nsCOMPtr<nsIWebProgressListener> oldListener =
+ do_QueryInterface(mTreeOwner);
+ nsCOMPtr<nsIWebProgressListener> newListener =
+ do_QueryInterface(aTreeOwner);
+
+ if (oldListener) {
+ webProgress->RemoveProgressListener(oldListener);
+ }
+
+ if (newListener) {
+ webProgress->AddProgressListener(newListener,
+ nsIWebProgress::NOTIFY_ALL);
+ }
+ }
+ }
+
+ mTreeOwner = aTreeOwner; // Weak reference per API
+
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShellTreeItem> child = do_QueryObject(iter.GetNext());
+ NS_ENSURE_TRUE(child, NS_ERROR_FAILURE);
+
+ if (child->ItemType() == mItemType) {
+ child->SetTreeOwner(aTreeOwner);
+ }
+ }
+
+ // Our tree owner has changed. Recompute scriptability.
+ //
+ // Note that this is near-redundant with the recomputation in
+ // SetDocLoaderParent(), but not so for the root DocShell, where the call to
+ // SetTreeOwner() happens after the initial AddDocLoaderAsChildOfRoot(),
+ // and we never set another parent. Given that this is neither expensive nor
+ // performance-critical, let's be safe and unconditionally recompute this
+ // state whenever dependent state changes.
+ RecomputeCanExecuteScripts();
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetChildOffset(uint32_t aChildOffset)
+{
+ mChildOffset = aChildOffset;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHistoryID(uint64_t* aID)
+{
+ *aID = mHistoryID;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetIsInUnload(bool* aIsInUnload)
+{
+ *aIsInUnload = mFiredUnloadEvent;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetChildCount(int32_t* aChildCount)
+{
+ NS_ENSURE_ARG_POINTER(aChildCount);
+ *aChildCount = mChildList.Length();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::AddChild(nsIDocShellTreeItem* aChild)
+{
+ NS_ENSURE_ARG_POINTER(aChild);
+
+ RefPtr<nsDocLoader> childAsDocLoader = GetAsDocLoader(aChild);
+ NS_ENSURE_TRUE(childAsDocLoader, NS_ERROR_UNEXPECTED);
+
+ // Make sure we're not creating a loop in the docshell tree
+ nsDocLoader* ancestor = this;
+ do {
+ if (childAsDocLoader == ancestor) {
+ return NS_ERROR_ILLEGAL_VALUE;
+ }
+ ancestor = ancestor->GetParent();
+ } while (ancestor);
+
+ // Make sure to remove the child from its current parent.
+ nsDocLoader* childsParent = childAsDocLoader->GetParent();
+ if (childsParent) {
+ nsresult rv = childsParent->RemoveChildLoader(childAsDocLoader);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // Make sure to clear the treeowner in case this child is a different type
+ // from us.
+ aChild->SetTreeOwner(nullptr);
+
+ nsresult res = AddChildLoader(childAsDocLoader);
+ NS_ENSURE_SUCCESS(res, res);
+ NS_ASSERTION(!mChildList.IsEmpty(),
+ "child list must not be empty after a successful add");
+
+ nsCOMPtr<nsIDocShell> childDocShell = do_QueryInterface(aChild);
+ bool dynamic = false;
+ childDocShell->GetCreatedDynamically(&dynamic);
+ if (!dynamic) {
+ nsCOMPtr<nsISHEntry> currentSH;
+ bool oshe = false;
+ GetCurrentSHEntry(getter_AddRefs(currentSH), &oshe);
+ if (currentSH) {
+ currentSH->HasDynamicallyAddedChild(&dynamic);
+ }
+ }
+ childDocShell->SetChildOffset(dynamic ? -1 : mChildList.Length() - 1);
+
+ /* Set the child's global history if the parent has one */
+ if (mUseGlobalHistory) {
+ childDocShell->SetUseGlobalHistory(true);
+ }
+
+ if (aChild->ItemType() != mItemType) {
+ return NS_OK;
+ }
+
+ aChild->SetTreeOwner(mTreeOwner);
+
+ nsCOMPtr<nsIDocShell> childAsDocShell(do_QueryInterface(aChild));
+ if (!childAsDocShell) {
+ return NS_OK;
+ }
+
+ // charset, style-disabling, and zoom will be inherited in SetupNewViewer()
+
+ // Now take this document's charset and set the child's parentCharset field
+ // to it. We'll later use that field, in the loading process, for the
+ // charset choosing algorithm.
+ // If we fail, at any point, we just return NS_OK.
+ // This code has some performance impact. But this will be reduced when
+ // the current charset will finally be stored as an Atom, avoiding the
+ // alias resolution extra look-up.
+
+ // we are NOT going to propagate the charset is this Chrome's docshell
+ if (mItemType == nsIDocShellTreeItem::typeChrome) {
+ return NS_OK;
+ }
+
+ // get the parent's current charset
+ if (!mContentViewer) {
+ return NS_OK;
+ }
+ nsIDocument* doc = mContentViewer->GetDocument();
+ if (!doc) {
+ return NS_OK;
+ }
+
+ bool isWyciwyg = false;
+
+ if (mCurrentURI) {
+ // Check if the url is wyciwyg
+ mCurrentURI->SchemeIs("wyciwyg", &isWyciwyg);
+ }
+
+ if (!isWyciwyg) {
+ // If this docshell is loaded from a wyciwyg: URI, don't
+ // advertise our charset since it does not in any way reflect
+ // the actual source charset, which is what we're trying to
+ // expose here.
+
+ const nsACString& parentCS = doc->GetDocumentCharacterSet();
+ int32_t charsetSource = doc->GetDocumentCharacterSetSource();
+ // set the child's parentCharset
+ childAsDocShell->SetParentCharset(parentCS,
+ charsetSource,
+ doc->NodePrincipal());
+ }
+
+ // printf("### 1 >>> Adding child. Parent CS = %s. ItemType = %d.\n",
+ // NS_LossyConvertUTF16toASCII(parentCS).get(), mItemType);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::RemoveChild(nsIDocShellTreeItem* aChild)
+{
+ NS_ENSURE_ARG_POINTER(aChild);
+
+ RefPtr<nsDocLoader> childAsDocLoader = GetAsDocLoader(aChild);
+ NS_ENSURE_TRUE(childAsDocLoader, NS_ERROR_UNEXPECTED);
+
+ nsresult rv = RemoveChildLoader(childAsDocLoader);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ aChild->SetTreeOwner(nullptr);
+
+ return nsDocLoader::AddDocLoaderAsChildOfRoot(childAsDocLoader);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetChildAt(int32_t aIndex, nsIDocShellTreeItem** aChild)
+{
+ NS_ENSURE_ARG_POINTER(aChild);
+
+#ifdef DEBUG
+ if (aIndex < 0) {
+ NS_WARNING("Negative index passed to GetChildAt");
+ } else if (static_cast<uint32_t>(aIndex) >= mChildList.Length()) {
+ NS_WARNING("Too large an index passed to GetChildAt");
+ }
+#endif
+
+ nsIDocumentLoader* child = ChildAt(aIndex);
+ NS_ENSURE_TRUE(child, NS_ERROR_UNEXPECTED);
+
+ return CallQueryInterface(child, aChild);
+}
+
+NS_IMETHODIMP
+nsDocShell::FindChildWithName(const nsAString& aName,
+ bool aRecurse, bool aSameType,
+ nsIDocShellTreeItem* aRequestor,
+ nsIDocShellTreeItem* aOriginalRequestor,
+ nsIDocShellTreeItem** aResult)
+{
+ NS_ENSURE_ARG_POINTER(aResult);
+
+ // if we don't find one, we return NS_OK and a null result
+ *aResult = nullptr;
+
+ if (aName.IsEmpty()) {
+ return NS_OK;
+ }
+
+ nsXPIDLString childName;
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShellTreeItem> child = do_QueryObject(iter.GetNext());
+ NS_ENSURE_TRUE(child, NS_ERROR_FAILURE);
+ int32_t childType = child->ItemType();
+
+ if (aSameType && (childType != mItemType)) {
+ continue;
+ }
+
+ bool childNameEquals = false;
+ child->NameEquals(aName, &childNameEquals);
+ if (childNameEquals && ItemIsActive(child) &&
+ CanAccessItem(child, aOriginalRequestor)) {
+ child.swap(*aResult);
+ break;
+ }
+
+ // Only ask it to check children if it is same type
+ if (childType != mItemType) {
+ continue;
+ }
+
+ // Only ask the child if it isn't the requestor
+ if (aRecurse && (aRequestor != child)) {
+ // See if child contains the shell with the given name
+#ifdef DEBUG
+ nsresult rv =
+#endif
+ child->FindChildWithName(aName, true, aSameType,
+ static_cast<nsIDocShellTreeItem*>(this),
+ aOriginalRequestor, aResult);
+ NS_ASSERTION(NS_SUCCEEDED(rv), "FindChildWithName should not fail here");
+ if (*aResult) {
+ // found it
+ return NS_OK;
+ }
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetChildSHEntry(int32_t aChildOffset, nsISHEntry** aResult)
+{
+ nsresult rv = NS_OK;
+
+ NS_ENSURE_ARG_POINTER(aResult);
+ *aResult = nullptr;
+
+ // A nsISHEntry for a child is *only* available when the parent is in
+ // the progress of loading a document too...
+
+ if (mLSHE) {
+ /* Before looking for the subframe's url, check
+ * the expiration status of the parent. If the parent
+ * has expired from cache, then subframes will not be
+ * loaded from history in certain situations.
+ */
+ bool parentExpired = false;
+ mLSHE->GetExpirationStatus(&parentExpired);
+
+ /* Get the parent's Load Type so that it can be set on the child too.
+ * By default give a loadHistory value
+ */
+ uint32_t loadType = nsIDocShellLoadInfo::loadHistory;
+ mLSHE->GetLoadType(&loadType);
+ // If the user did a shift-reload on this frameset page,
+ // we don't want to load the subframes from history.
+ if (loadType == nsIDocShellLoadInfo::loadReloadBypassCache ||
+ loadType == nsIDocShellLoadInfo::loadReloadBypassProxy ||
+ loadType == nsIDocShellLoadInfo::loadReloadBypassProxyAndCache ||
+ loadType == nsIDocShellLoadInfo::loadRefresh) {
+ return rv;
+ }
+
+ /* If the user pressed reload and the parent frame has expired
+ * from cache, we do not want to load the child frame from history.
+ */
+ if (parentExpired && (loadType == nsIDocShellLoadInfo::loadReloadNormal)) {
+ // The parent has expired. Return null.
+ *aResult = nullptr;
+ return rv;
+ }
+
+ nsCOMPtr<nsISHContainer> container(do_QueryInterface(mLSHE));
+ if (container) {
+ // Get the child subframe from session history.
+ rv = container->GetChildAt(aChildOffset, aResult);
+ if (*aResult) {
+ (*aResult)->SetLoadType(loadType);
+ }
+ }
+ }
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::AddChildSHEntry(nsISHEntry* aCloneRef, nsISHEntry* aNewEntry,
+ int32_t aChildOffset, uint32_t aLoadType,
+ bool aCloneChildren)
+{
+ nsresult rv = NS_OK;
+
+ if (mLSHE && aLoadType != LOAD_PUSHSTATE) {
+ /* You get here if you are currently building a
+ * hierarchy ie.,you just visited a frameset page
+ */
+ nsCOMPtr<nsISHContainer> container(do_QueryInterface(mLSHE, &rv));
+ if (container) {
+ if (NS_FAILED(container->ReplaceChild(aNewEntry))) {
+ rv = container->AddChild(aNewEntry, aChildOffset);
+ }
+ }
+ } else if (!aCloneRef) {
+ /* This is an initial load in some subframe. Just append it if we can */
+ nsCOMPtr<nsISHContainer> container(do_QueryInterface(mOSHE, &rv));
+ if (container) {
+ rv = container->AddChild(aNewEntry, aChildOffset);
+ }
+ } else {
+ rv = AddChildSHEntryInternal(aCloneRef, aNewEntry, aChildOffset,
+ aLoadType, aCloneChildren);
+ }
+ return rv;
+}
+
+nsresult
+nsDocShell::AddChildSHEntryInternal(nsISHEntry* aCloneRef,
+ nsISHEntry* aNewEntry,
+ int32_t aChildOffset,
+ uint32_t aLoadType,
+ bool aCloneChildren)
+{
+ nsresult rv = NS_OK;
+ if (mSessionHistory) {
+ /* You are currently in the rootDocShell.
+ * You will get here when a subframe has a new url
+ * to load and you have walked up the tree all the
+ * way to the top to clone the current SHEntry hierarchy
+ * and replace the subframe where a new url was loaded with
+ * a new entry.
+ */
+ int32_t index = -1;
+ nsCOMPtr<nsISHEntry> currentHE;
+ mSessionHistory->GetIndex(&index);
+ if (index < 0) {
+ return NS_ERROR_FAILURE;
+ }
+
+ rv = mSessionHistory->GetEntryAtIndex(index, false,
+ getter_AddRefs(currentHE));
+ NS_ENSURE_TRUE(currentHE, NS_ERROR_FAILURE);
+
+ nsCOMPtr<nsISHEntry> currentEntry(do_QueryInterface(currentHE));
+ if (currentEntry) {
+ uint32_t cloneID = 0;
+ nsCOMPtr<nsISHEntry> nextEntry;
+ aCloneRef->GetID(&cloneID);
+ rv = CloneAndReplace(currentEntry, this, cloneID, aNewEntry,
+ aCloneChildren, getter_AddRefs(nextEntry));
+
+ if (NS_SUCCEEDED(rv)) {
+ nsCOMPtr<nsISHistoryInternal> shPrivate =
+ do_QueryInterface(mSessionHistory);
+ NS_ENSURE_TRUE(shPrivate, NS_ERROR_FAILURE);
+ rv = shPrivate->AddEntry(nextEntry, true);
+ }
+ }
+ } else {
+ /* Just pass this along */
+ nsCOMPtr<nsIDocShell> parent =
+ do_QueryInterface(GetAsSupports(mParent), &rv);
+ if (parent) {
+ rv = static_cast<nsDocShell*>(parent.get())->AddChildSHEntryInternal(
+ aCloneRef, aNewEntry, aChildOffset, aLoadType, aCloneChildren);
+ }
+ }
+ return rv;
+}
+
+nsresult
+nsDocShell::AddChildSHEntryToParent(nsISHEntry* aNewEntry, int32_t aChildOffset,
+ bool aCloneChildren)
+{
+ /* You will get here when you are in a subframe and
+ * a new url has been loaded on you.
+ * The mOSHE in this subframe will be the previous url's
+ * mOSHE. This mOSHE will be used as the identification
+ * for this subframe in the CloneAndReplace function.
+ */
+
+ // In this case, we will end up calling AddEntry, which increases the
+ // current index by 1
+ nsCOMPtr<nsISHistory> rootSH;
+ GetRootSessionHistory(getter_AddRefs(rootSH));
+ if (rootSH) {
+ rootSH->GetIndex(&mPreviousTransIndex);
+ }
+
+ nsresult rv;
+ nsCOMPtr<nsIDocShell> parent = do_QueryInterface(GetAsSupports(mParent), &rv);
+ if (parent) {
+ rv = parent->AddChildSHEntry(mOSHE, aNewEntry, aChildOffset, mLoadType,
+ aCloneChildren);
+ }
+
+ if (rootSH) {
+ rootSH->GetIndex(&mLoadedTransIndex);
+#ifdef DEBUG_PAGE_CACHE
+ printf("Previous index: %d, Loaded index: %d\n\n", mPreviousTransIndex,
+ mLoadedTransIndex);
+#endif
+ }
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetUseGlobalHistory(bool aUseGlobalHistory)
+{
+ nsresult rv;
+
+ mUseGlobalHistory = aUseGlobalHistory;
+
+ if (!aUseGlobalHistory) {
+ mGlobalHistory = nullptr;
+ return NS_OK;
+ }
+
+ // No need to initialize mGlobalHistory if IHistory is available.
+ nsCOMPtr<IHistory> history = services::GetHistoryService();
+ if (history) {
+ return NS_OK;
+ }
+
+ if (mGlobalHistory) {
+ return NS_OK;
+ }
+
+ mGlobalHistory = do_GetService(NS_GLOBALHISTORY2_CONTRACTID, &rv);
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetUseGlobalHistory(bool* aUseGlobalHistory)
+{
+ *aUseGlobalHistory = mUseGlobalHistory;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::RemoveFromSessionHistory()
+{
+ nsCOMPtr<nsISHistoryInternal> internalHistory;
+ nsCOMPtr<nsISHistory> sessionHistory;
+ nsCOMPtr<nsIDocShellTreeItem> root;
+ GetSameTypeRootTreeItem(getter_AddRefs(root));
+ if (root) {
+ nsCOMPtr<nsIWebNavigation> rootAsWebnav = do_QueryInterface(root);
+ if (rootAsWebnav) {
+ rootAsWebnav->GetSessionHistory(getter_AddRefs(sessionHistory));
+ internalHistory = do_QueryInterface(sessionHistory);
+ }
+ }
+ if (!internalHistory) {
+ return NS_OK;
+ }
+
+ int32_t index = 0;
+ sessionHistory->GetIndex(&index);
+ AutoTArray<uint64_t, 16> ids({mHistoryID});
+ internalHistory->RemoveEntries(ids, index);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetCreatedDynamically(bool aDynamic)
+{
+ mDynamicallyCreated = aDynamic;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCreatedDynamically(bool* aDynamic)
+{
+ *aDynamic = mDynamicallyCreated;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCurrentSHEntry(nsISHEntry** aEntry, bool* aOSHE)
+{
+ *aOSHE = false;
+ *aEntry = nullptr;
+ if (mLSHE) {
+ NS_ADDREF(*aEntry = mLSHE);
+ } else if (mOSHE) {
+ NS_ADDREF(*aEntry = mOSHE);
+ *aOSHE = true;
+ }
+ return NS_OK;
+}
+
+nsIScriptGlobalObject*
+nsDocShell::GetScriptGlobalObject()
+{
+ NS_ENSURE_SUCCESS(EnsureScriptEnvironment(), nullptr);
+ return mScriptGlobal;
+}
+
+nsIDocument*
+nsDocShell::GetDocument()
+{
+ NS_ENSURE_SUCCESS(EnsureContentViewer(), nullptr);
+ return mContentViewer->GetDocument();
+}
+
+nsPIDOMWindowOuter*
+nsDocShell::GetWindow()
+{
+ if (NS_FAILED(EnsureScriptEnvironment())) {
+ return nullptr;
+ }
+ return mScriptGlobal->AsOuter();
+}
+
+NS_IMETHODIMP
+nsDocShell::SetDeviceSizeIsPageSize(bool aValue)
+{
+ if (mDeviceSizeIsPageSize != aValue) {
+ mDeviceSizeIsPageSize = aValue;
+ RefPtr<nsPresContext> presContext;
+ GetPresContext(getter_AddRefs(presContext));
+ if (presContext) {
+ presContext->MediaFeatureValuesChanged(nsRestyleHint(0));
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetDeviceSizeIsPageSize(bool* aValue)
+{
+ *aValue = mDeviceSizeIsPageSize;
+ return NS_OK;
+}
+
+void
+nsDocShell::ClearFrameHistory(nsISHEntry* aEntry)
+{
+ nsCOMPtr<nsISHContainer> shcontainer = do_QueryInterface(aEntry);
+ nsCOMPtr<nsISHistory> rootSH;
+ GetRootSessionHistory(getter_AddRefs(rootSH));
+ nsCOMPtr<nsISHistoryInternal> history = do_QueryInterface(rootSH);
+ if (!history || !shcontainer) {
+ return;
+ }
+
+ int32_t count = 0;
+ shcontainer->GetChildCount(&count);
+ AutoTArray<uint64_t, 16> ids;
+ for (int32_t i = 0; i < count; ++i) {
+ nsCOMPtr<nsISHEntry> child;
+ shcontainer->GetChildAt(i, getter_AddRefs(child));
+ if (child) {
+ uint64_t id = 0;
+ child->GetDocshellID(&id);
+ ids.AppendElement(id);
+ }
+ }
+ int32_t index = 0;
+ rootSH->GetIndex(&index);
+ history->RemoveEntries(ids, index);
+}
+
+//-------------------------------------
+//-- Helper Method for Print discovery
+//-------------------------------------
+bool
+nsDocShell::IsPrintingOrPP(bool aDisplayErrorDialog)
+{
+ if (mIsPrintingOrPP && aDisplayErrorDialog) {
+ DisplayLoadError(NS_ERROR_DOCUMENT_IS_PRINTMODE, nullptr, nullptr, nullptr);
+ }
+
+ return mIsPrintingOrPP;
+}
+
+bool
+nsDocShell::IsNavigationAllowed(bool aDisplayPrintErrorDialog,
+ bool aCheckIfUnloadFired)
+{
+ bool isAllowed = !IsPrintingOrPP(aDisplayPrintErrorDialog) &&
+ (!aCheckIfUnloadFired || !mFiredUnloadEvent);
+ if (!isAllowed) {
+ return false;
+ }
+ if (!mContentViewer) {
+ return true;
+ }
+ bool firingBeforeUnload;
+ mContentViewer->GetBeforeUnloadFiring(&firingBeforeUnload);
+ return !firingBeforeUnload;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIWebNavigation
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::GetCanGoBack(bool* aCanGoBack)
+{
+ if (!IsNavigationAllowed(false)) {
+ *aCanGoBack = false;
+ return NS_OK; // JS may not handle returning of an error code
+ }
+ nsresult rv;
+ nsCOMPtr<nsISHistory> rootSH;
+ rv = GetRootSessionHistory(getter_AddRefs(rootSH));
+ nsCOMPtr<nsIWebNavigation> webnav(do_QueryInterface(rootSH));
+ NS_ENSURE_TRUE(webnav, NS_ERROR_FAILURE);
+ rv = webnav->GetCanGoBack(aCanGoBack);
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCanGoForward(bool* aCanGoForward)
+{
+ if (!IsNavigationAllowed(false)) {
+ *aCanGoForward = false;
+ return NS_OK; // JS may not handle returning of an error code
+ }
+ nsresult rv;
+ nsCOMPtr<nsISHistory> rootSH;
+ rv = GetRootSessionHistory(getter_AddRefs(rootSH));
+ nsCOMPtr<nsIWebNavigation> webnav(do_QueryInterface(rootSH));
+ NS_ENSURE_TRUE(webnav, NS_ERROR_FAILURE);
+ rv = webnav->GetCanGoForward(aCanGoForward);
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GoBack()
+{
+ if (!IsNavigationAllowed()) {
+ return NS_OK; // JS may not handle returning of an error code
+ }
+ nsresult rv;
+ nsCOMPtr<nsISHistory> rootSH;
+ rv = GetRootSessionHistory(getter_AddRefs(rootSH));
+ nsCOMPtr<nsIWebNavigation> webnav(do_QueryInterface(rootSH));
+ NS_ENSURE_TRUE(webnav, NS_ERROR_FAILURE);
+ rv = webnav->GoBack();
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GoForward()
+{
+ if (!IsNavigationAllowed()) {
+ return NS_OK; // JS may not handle returning of an error code
+ }
+ nsresult rv;
+ nsCOMPtr<nsISHistory> rootSH;
+ rv = GetRootSessionHistory(getter_AddRefs(rootSH));
+ nsCOMPtr<nsIWebNavigation> webnav(do_QueryInterface(rootSH));
+ NS_ENSURE_TRUE(webnav, NS_ERROR_FAILURE);
+ rv = webnav->GoForward();
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GotoIndex(int32_t aIndex)
+{
+ if (!IsNavigationAllowed()) {
+ return NS_OK; // JS may not handle returning of an error code
+ }
+ nsresult rv;
+ nsCOMPtr<nsISHistory> rootSH;
+ rv = GetRootSessionHistory(getter_AddRefs(rootSH));
+ nsCOMPtr<nsIWebNavigation> webnav(do_QueryInterface(rootSH));
+ NS_ENSURE_TRUE(webnav, NS_ERROR_FAILURE);
+ rv = webnav->GotoIndex(aIndex);
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::LoadURI(const char16_t* aURI,
+ uint32_t aLoadFlags,
+ nsIURI* aReferringURI,
+ nsIInputStream* aPostStream,
+ nsIInputStream* aHeaderStream)
+{
+ return LoadURIWithOptions(aURI, aLoadFlags, aReferringURI,
+ mozilla::net::RP_Default, aPostStream,
+ aHeaderStream, nullptr);
+}
+
+NS_IMETHODIMP
+nsDocShell::LoadURIWithOptions(const char16_t* aURI,
+ uint32_t aLoadFlags,
+ nsIURI* aReferringURI,
+ uint32_t aReferrerPolicy,
+ nsIInputStream* aPostStream,
+ nsIInputStream* aHeaderStream,
+ nsIURI* aBaseURI)
+{
+ NS_ASSERTION((aLoadFlags & 0xf) == 0, "Unexpected flags");
+
+ if (!IsNavigationAllowed()) {
+ return NS_OK; // JS may not handle returning of an error code
+ }
+ nsCOMPtr<nsIURI> uri;
+ nsCOMPtr<nsIInputStream> postStream(aPostStream);
+ nsresult rv = NS_OK;
+
+ // Create a URI from our string; if that succeeds, we want to
+ // change aLoadFlags to not include the ALLOW_THIRD_PARTY_FIXUP
+ // flag.
+
+ NS_ConvertUTF16toUTF8 uriString(aURI);
+ // Cleanup the empty spaces that might be on each end.
+ uriString.Trim(" ");
+ // Eliminate embedded newlines, which single-line text fields now allow:
+ uriString.StripChars("\r\n");
+ NS_ENSURE_TRUE(!uriString.IsEmpty(), NS_ERROR_FAILURE);
+
+ rv = NS_NewURI(getter_AddRefs(uri), uriString);
+ if (uri) {
+ aLoadFlags &= ~LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP;
+ }
+
+ nsCOMPtr<nsIURIFixupInfo> fixupInfo;
+ if (sURIFixup) {
+ // Call the fixup object. This will clobber the rv from NS_NewURI
+ // above, but that's fine with us. Note that we need to do this even
+ // if NS_NewURI returned a URI, because fixup handles nested URIs, etc
+ // (things like view-source:mozilla.org for example).
+ uint32_t fixupFlags = 0;
+ if (aLoadFlags & LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP) {
+ fixupFlags |= nsIURIFixup::FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP;
+ }
+ if (aLoadFlags & LOAD_FLAGS_FIXUP_SCHEME_TYPOS) {
+ fixupFlags |= nsIURIFixup::FIXUP_FLAG_FIX_SCHEME_TYPOS;
+ }
+ nsCOMPtr<nsIInputStream> fixupStream;
+ rv = sURIFixup->GetFixupURIInfo(uriString, fixupFlags,
+ getter_AddRefs(fixupStream),
+ getter_AddRefs(fixupInfo));
+
+ if (NS_SUCCEEDED(rv)) {
+ fixupInfo->GetPreferredURI(getter_AddRefs(uri));
+ fixupInfo->SetConsumer(GetAsSupports(this));
+ }
+
+ if (fixupStream) {
+ // GetFixupURIInfo only returns a post data stream if it succeeded
+ // and changed the URI, in which case we should override the
+ // passed-in post data.
+ postStream = fixupStream;
+ }
+
+ if (aLoadFlags & LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP) {
+ nsCOMPtr<nsIObserverService> serv = services::GetObserverService();
+ if (serv) {
+ serv->NotifyObservers(fixupInfo, "keyword-uri-fixup", aURI);
+ }
+ }
+ }
+ // else no fixup service so just use the URI we created and see
+ // what happens
+
+ if (NS_ERROR_MALFORMED_URI == rv) {
+ if (DisplayLoadError(rv, uri, aURI, nullptr) &&
+ (aLoadFlags & LOAD_FLAGS_ERROR_LOAD_CHANGES_RV) != 0) {
+ return NS_ERROR_LOAD_SHOWED_ERRORPAGE;
+ }
+ }
+
+ if (NS_FAILED(rv) || !uri) {
+ return NS_ERROR_FAILURE;
+ }
+
+ PopupControlState popupState;
+ if (aLoadFlags & LOAD_FLAGS_ALLOW_POPUPS) {
+ popupState = openAllowed;
+ aLoadFlags &= ~LOAD_FLAGS_ALLOW_POPUPS;
+ } else {
+ popupState = openOverridden;
+ }
+ nsAutoPopupStatePusher statePusher(popupState);
+
+ // Don't pass certain flags that aren't needed and end up confusing
+ // ConvertLoadTypeToDocShellLoadInfo. We do need to ensure that they are
+ // passed to LoadURI though, since it uses them.
+ uint32_t extraFlags = (aLoadFlags & EXTRA_LOAD_FLAGS);
+ aLoadFlags &= ~EXTRA_LOAD_FLAGS;
+
+ nsCOMPtr<nsIDocShellLoadInfo> loadInfo;
+ rv = CreateLoadInfo(getter_AddRefs(loadInfo));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ /*
+ * If the user "Disables Protection on This Page", we have to make sure to
+ * remember the users decision when opening links in child tabs [Bug 906190]
+ */
+ uint32_t loadType;
+ if (aLoadFlags & LOAD_FLAGS_ALLOW_MIXED_CONTENT) {
+ loadType = MAKE_LOAD_TYPE(LOAD_NORMAL_ALLOW_MIXED_CONTENT, aLoadFlags);
+ } else {
+ loadType = MAKE_LOAD_TYPE(LOAD_NORMAL, aLoadFlags);
+ }
+
+ loadInfo->SetLoadType(ConvertLoadTypeToDocShellLoadInfo(loadType));
+ loadInfo->SetPostDataStream(postStream);
+ loadInfo->SetReferrer(aReferringURI);
+ loadInfo->SetReferrerPolicy(aReferrerPolicy);
+ loadInfo->SetHeadersStream(aHeaderStream);
+ loadInfo->SetBaseURI(aBaseURI);
+
+ if (fixupInfo) {
+ nsAutoString searchProvider, keyword;
+ fixupInfo->GetKeywordProviderName(searchProvider);
+ fixupInfo->GetKeywordAsSent(keyword);
+ MaybeNotifyKeywordSearchLoading(searchProvider, keyword);
+ }
+
+ rv = LoadURI(uri, loadInfo, extraFlags, true);
+
+ // Save URI string in case it's needed later when
+ // sending to search engine service in EndPageLoad()
+ mOriginalUriString = uriString;
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
+ const char16_t* aURL,
+ nsIChannel* aFailedChannel,
+ bool* aDisplayedErrorPage)
+{
+ *aDisplayedErrorPage = false;
+ // Get prompt and string bundle servcies
+ nsCOMPtr<nsIPrompt> prompter;
+ nsCOMPtr<nsIStringBundle> stringBundle;
+ GetPromptAndStringBundle(getter_AddRefs(prompter),
+ getter_AddRefs(stringBundle));
+
+ NS_ENSURE_TRUE(stringBundle, NS_ERROR_FAILURE);
+ NS_ENSURE_TRUE(prompter, NS_ERROR_FAILURE);
+
+ nsAutoString error;
+ const uint32_t kMaxFormatStrArgs = 3;
+ nsAutoString formatStrs[kMaxFormatStrArgs];
+ uint32_t formatStrCount = 0;
+ bool addHostPort = false;
+ nsresult rv = NS_OK;
+ nsAutoString messageStr;
+ nsAutoCString cssClass;
+ nsAutoCString errorPage;
+
+ errorPage.AssignLiteral("neterror");
+
+ // Turn the error code into a human readable error message.
+ if (NS_ERROR_UNKNOWN_PROTOCOL == aError) {
+ NS_ENSURE_ARG_POINTER(aURI);
+
+ // Extract the schemes into a comma delimited list.
+ nsAutoCString scheme;
+ aURI->GetScheme(scheme);
+ CopyASCIItoUTF16(scheme, formatStrs[0]);
+ nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(aURI);
+ while (nestedURI) {
+ nsCOMPtr<nsIURI> tempURI;
+ nsresult rv2;
+ rv2 = nestedURI->GetInnerURI(getter_AddRefs(tempURI));
+ if (NS_SUCCEEDED(rv2) && tempURI) {
+ tempURI->GetScheme(scheme);
+ formatStrs[0].AppendLiteral(", ");
+ AppendASCIItoUTF16(scheme, formatStrs[0]);
+ }
+ nestedURI = do_QueryInterface(tempURI);
+ }
+ formatStrCount = 1;
+ error.AssignLiteral("unknownProtocolFound");
+ } else if (NS_ERROR_FILE_NOT_FOUND == aError) {
+ NS_ENSURE_ARG_POINTER(aURI);
+ error.AssignLiteral("fileNotFound");
+ } else if (NS_ERROR_FILE_ACCESS_DENIED == aError) {
+ NS_ENSURE_ARG_POINTER(aURI);
+ error.AssignLiteral("fileAccessDenied");
+ } else if (NS_ERROR_UNKNOWN_HOST == aError) {
+ NS_ENSURE_ARG_POINTER(aURI);
+ // Get the host
+ nsAutoCString host;
+ nsCOMPtr<nsIURI> innermostURI = NS_GetInnermostURI(aURI);
+ innermostURI->GetHost(host);
+ CopyUTF8toUTF16(host, formatStrs[0]);
+ formatStrCount = 1;
+ error.AssignLiteral("dnsNotFound");
+ } else if (NS_ERROR_CONNECTION_REFUSED == aError) {
+ NS_ENSURE_ARG_POINTER(aURI);
+ addHostPort = true;
+ error.AssignLiteral("connectionFailure");
+ } else if (NS_ERROR_NET_INTERRUPT == aError) {
+ NS_ENSURE_ARG_POINTER(aURI);
+ addHostPort = true;
+ error.AssignLiteral("netInterrupt");
+ } else if (NS_ERROR_NET_TIMEOUT == aError) {
+ NS_ENSURE_ARG_POINTER(aURI);
+ // Get the host
+ nsAutoCString host;
+ aURI->GetHost(host);
+ CopyUTF8toUTF16(host, formatStrs[0]);
+ formatStrCount = 1;
+ error.AssignLiteral("netTimeout");
+ } else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError ||
+ NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) {
+ // CSP error
+ cssClass.AssignLiteral("neterror");
+ error.AssignLiteral("cspBlocked");
+ } else if (NS_ERROR_GET_MODULE(aError) == NS_ERROR_MODULE_SECURITY) {
+ nsCOMPtr<nsINSSErrorsService> nsserr =
+ do_GetService(NS_NSS_ERRORS_SERVICE_CONTRACTID);
+
+ uint32_t errorClass;
+ if (!nsserr || NS_FAILED(nsserr->GetErrorClass(aError, &errorClass))) {
+ errorClass = nsINSSErrorsService::ERROR_CLASS_SSL_PROTOCOL;
+ }
+
+ nsCOMPtr<nsISupports> securityInfo;
+ nsCOMPtr<nsITransportSecurityInfo> tsi;
+ if (aFailedChannel) {
+ aFailedChannel->GetSecurityInfo(getter_AddRefs(securityInfo));
+ }
+ tsi = do_QueryInterface(securityInfo);
+ if (tsi) {
+ uint32_t securityState;
+ tsi->GetSecurityState(&securityState);
+ if (securityState & nsIWebProgressListener::STATE_USES_SSL_3) {
+ error.AssignLiteral("sslv3Used");
+ addHostPort = true;
+ } else if (securityState & nsIWebProgressListener::STATE_USES_WEAK_CRYPTO) {
+ error.AssignLiteral("weakCryptoUsed");
+ addHostPort = true;
+ } else {
+ // Usually we should have aFailedChannel and get a detailed message
+ tsi->GetErrorMessage(getter_Copies(messageStr));
+ }
+ } else {
+ // No channel, let's obtain the generic error message
+ if (nsserr) {
+ nsserr->GetErrorMessage(aError, messageStr);
+ }
+ }
+ if (!messageStr.IsEmpty()) {
+ if (errorClass == nsINSSErrorsService::ERROR_CLASS_BAD_CERT) {
+ error.AssignLiteral("nssBadCert");
+
+ // If this is an HTTP Strict Transport Security host or a pinned host
+ // and the certificate is bad, don't allow overrides (RFC 6797 section
+ // 12.1, HPKP draft spec section 2.6).
+ uint32_t flags =
+ UsePrivateBrowsing() ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
+ bool isStsHost = false;
+ bool isPinnedHost = false;
+ if (XRE_IsParentProcess()) {
+ nsCOMPtr<nsISiteSecurityService> sss =
+ do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI,
+ flags, nullptr, &isStsHost);
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HPKP, aURI,
+ flags, nullptr, &isPinnedHost);
+ NS_ENSURE_SUCCESS(rv, rv);
+ } else {
+ mozilla::dom::ContentChild* cc =
+ mozilla::dom::ContentChild::GetSingleton();
+ mozilla::ipc::URIParams uri;
+ SerializeURI(aURI, uri);
+ cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, flags,
+ &isStsHost);
+ cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HPKP, uri, flags,
+ &isPinnedHost);
+ }
+
+ if (Preferences::GetBool(
+ "browser.xul.error_pages.expert_bad_cert", false)) {
+ cssClass.AssignLiteral("expertBadCert");
+ }
+
+ // HSTS/pinning takes precedence over the expert bad cert pref. We
+ // never want to show the "Add Exception" button for these sites.
+ // In the future we should differentiate between an HSTS host and a
+ // pinned host and display a more informative message to the user.
+ if (isStsHost || isPinnedHost) {
+ cssClass.AssignLiteral("badStsCert");
+ }
+
+ uint32_t bucketId;
+ if (isStsHost) {
+ // measuring STS separately allows us to measure click through
+ // rates easily
+ bucketId = nsISecurityUITelemetry::WARNING_BAD_CERT_TOP_STS;
+ } else {
+ bucketId = nsISecurityUITelemetry::WARNING_BAD_CERT_TOP;
+ }
+
+ // See if an alternate cert error page is registered
+ nsAdoptingCString alternateErrorPage =
+ Preferences::GetCString("security.alternate_certificate_error_page");
+ if (alternateErrorPage) {
+ errorPage.Assign(alternateErrorPage);
+ }
+
+ if (!IsFrame() && errorPage.EqualsIgnoreCase("certerror")) {
+ Telemetry::Accumulate(mozilla::Telemetry::SECURITY_UI, bucketId);
+ }
+
+ } else {
+ error.AssignLiteral("nssFailure2");
+ }
+ }
+ } else if (NS_ERROR_PHISHING_URI == aError ||
+ NS_ERROR_MALWARE_URI == aError ||
+ NS_ERROR_UNWANTED_URI == aError) {
+ nsAutoCString host;
+ aURI->GetHost(host);
+ CopyUTF8toUTF16(host, formatStrs[0]);
+ formatStrCount = 1;
+
+ // Malware and phishing detectors may want to use an alternate error
+ // page, but if the pref's not set, we'll fall back on the standard page
+ nsAdoptingCString alternateErrorPage =
+ Preferences::GetCString("urlclassifier.alternate_error_page");
+ if (alternateErrorPage) {
+ errorPage.Assign(alternateErrorPage);
+ }
+
+ uint32_t bucketId;
+ bool sendTelemetry = false;
+ if (NS_ERROR_PHISHING_URI == aError) {
+ sendTelemetry = true;
+ error.AssignLiteral("deceptiveBlocked");
+ bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_PHISHING_PAGE_FRAME
+ : nsISecurityUITelemetry::WARNING_PHISHING_PAGE_TOP;
+ } else if (NS_ERROR_MALWARE_URI == aError) {
+ sendTelemetry = true;
+ error.AssignLiteral("malwareBlocked");
+ bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_MALWARE_PAGE_FRAME
+ : nsISecurityUITelemetry::WARNING_MALWARE_PAGE_TOP;
+ } else if (NS_ERROR_UNWANTED_URI == aError) {
+ sendTelemetry = true;
+ error.AssignLiteral("unwantedBlocked");
+ bucketId = IsFrame() ? nsISecurityUITelemetry::WARNING_UNWANTED_PAGE_FRAME
+ : nsISecurityUITelemetry::WARNING_UNWANTED_PAGE_TOP;
+ }
+
+ if (sendTelemetry && errorPage.EqualsIgnoreCase("blocked")) {
+ Telemetry::Accumulate(Telemetry::SECURITY_UI, bucketId);
+ }
+
+ cssClass.AssignLiteral("blacklist");
+ } else if (NS_ERROR_CONTENT_CRASHED == aError) {
+ errorPage.AssignLiteral("tabcrashed");
+ error.AssignLiteral("tabcrashed");
+
+ nsCOMPtr<EventTarget> handler = mChromeEventHandler;
+ if (handler) {
+ nsCOMPtr<Element> element = do_QueryInterface(handler);
+ element->GetAttribute(NS_LITERAL_STRING("crashedPageTitle"), messageStr);
+ }
+
+ // DisplayLoadError requires a non-empty messageStr to proceed and call
+ // LoadErrorPage. If the page doesn't have a title, we will use a blank
+ // space which will be trimmed and thus treated as empty by the front-end.
+ if (messageStr.IsEmpty()) {
+ messageStr.AssignLiteral(u" ");
+ }
+ } else {
+ // Errors requiring simple formatting
+ switch (aError) {
+ case NS_ERROR_MALFORMED_URI:
+ // URI is malformed
+ error.AssignLiteral("malformedURI");
+ break;
+ case NS_ERROR_REDIRECT_LOOP:
+ // Doc failed to load because the server generated too many redirects
+ error.AssignLiteral("redirectLoop");
+ break;
+ case NS_ERROR_UNKNOWN_SOCKET_TYPE:
+ // Doc failed to load because PSM is not installed
+ error.AssignLiteral("unknownSocketType");
+ break;
+ case NS_ERROR_NET_RESET:
+ // Doc failed to load because the server kept reseting the connection
+ // before we could read any data from it
+ error.AssignLiteral("netReset");
+ break;
+ case NS_ERROR_DOCUMENT_NOT_CACHED:
+ // Doc failed to load because the cache does not contain a copy of
+ // the document.
+ error.AssignLiteral("notCached");
+ break;
+ case NS_ERROR_OFFLINE:
+ // Doc failed to load because we are offline.
+ error.AssignLiteral("netOffline");
+ break;
+ case NS_ERROR_DOCUMENT_IS_PRINTMODE:
+ // Doc navigation attempted while Printing or Print Preview
+ error.AssignLiteral("isprinting");
+ break;
+ case NS_ERROR_PORT_ACCESS_NOT_ALLOWED:
+ // Port blocked for security reasons
+ addHostPort = true;
+ error.AssignLiteral("deniedPortAccess");
+ break;
+ case NS_ERROR_UNKNOWN_PROXY_HOST:
+ // Proxy hostname could not be resolved.
+ error.AssignLiteral("proxyResolveFailure");
+ break;
+ case NS_ERROR_PROXY_CONNECTION_REFUSED:
+ // Proxy connection was refused.
+ error.AssignLiteral("proxyConnectFailure");
+ break;
+ case NS_ERROR_INVALID_CONTENT_ENCODING:
+ // Bad Content Encoding.
+ error.AssignLiteral("contentEncodingError");
+ break;
+ case NS_ERROR_REMOTE_XUL:
+ error.AssignLiteral("remoteXUL");
+ break;
+ case NS_ERROR_UNSAFE_CONTENT_TYPE:
+ // Channel refused to load from an unrecognized content type.
+ error.AssignLiteral("unsafeContentType");
+ break;
+ case NS_ERROR_CORRUPTED_CONTENT:
+ // Broken Content Detected. e.g. Content-MD5 check failure.
+ error.AssignLiteral("corruptedContentErrorv2");
+ break;
+ case NS_ERROR_INTERCEPTION_FAILED:
+ // ServiceWorker intercepted request, but something went wrong.
+ error.AssignLiteral("corruptedContentErrorv2");
+ break;
+ case NS_ERROR_NET_INADEQUATE_SECURITY:
+ // Server negotiated bad TLS for HTTP/2.
+ error.AssignLiteral("inadequateSecurityError");
+ addHostPort = true;
+ break;
+ default:
+ break;
+ }
+ }
+
+ // Test if the error should be displayed
+ if (error.IsEmpty()) {
+ return NS_OK;
+ }
+
+ // Test if the error needs to be formatted
+ if (!messageStr.IsEmpty()) {
+ // already obtained message
+ } else {
+ if (addHostPort) {
+ // Build up the host:port string.
+ nsAutoCString hostport;
+ if (aURI) {
+ aURI->GetHostPort(hostport);
+ } else {
+ hostport.Assign('?');
+ }
+ CopyUTF8toUTF16(hostport, formatStrs[formatStrCount++]);
+ }
+
+ nsAutoCString spec;
+ rv = NS_ERROR_NOT_AVAILABLE;
+ if (aURI) {
+ // displaying "file://" is aesthetically unpleasing and could even be
+ // confusing to the user
+ bool isFileURI = false;
+ rv = aURI->SchemeIs("file", &isFileURI);
+ if (NS_SUCCEEDED(rv) && isFileURI) {
+ aURI->GetPath(spec);
+ } else {
+ aURI->GetSpec(spec);
+ }
+
+ nsAutoCString charset;
+ // unescape and convert from origin charset
+ aURI->GetOriginCharset(charset);
+ nsCOMPtr<nsITextToSubURI> textToSubURI(
+ do_GetService(NS_ITEXTTOSUBURI_CONTRACTID, &rv));
+ if (NS_SUCCEEDED(rv)) {
+ rv = textToSubURI->UnEscapeURIForUI(charset, spec,
+ formatStrs[formatStrCount]);
+ }
+ } else {
+ spec.Assign('?');
+ }
+ if (NS_FAILED(rv)) {
+ CopyUTF8toUTF16(spec, formatStrs[formatStrCount]);
+ }
+ rv = NS_OK;
+ ++formatStrCount;
+
+ const char16_t* strs[kMaxFormatStrArgs];
+ for (uint32_t i = 0; i < formatStrCount; i++) {
+ strs[i] = formatStrs[i].get();
+ }
+ nsXPIDLString str;
+ rv = stringBundle->FormatStringFromName(error.get(), strs, formatStrCount,
+ getter_Copies(str));
+ NS_ENSURE_SUCCESS(rv, rv);
+ messageStr.Assign(str.get());
+ }
+
+ // Display the error as a page or an alert prompt
+ NS_ENSURE_FALSE(messageStr.IsEmpty(), NS_ERROR_FAILURE);
+
+ if (NS_ERROR_NET_INTERRUPT == aError || NS_ERROR_NET_RESET == aError) {
+ bool isSecureURI = false;
+ rv = aURI->SchemeIs("https", &isSecureURI);
+ if (NS_SUCCEEDED(rv) && isSecureURI) {
+ // Maybe TLS intolerant. Treat this as an SSL error.
+ error.AssignLiteral("nssFailure2");
+ }
+ }
+
+ if (UseErrorPages()) {
+ // Display an error page
+ nsresult loadedPage = LoadErrorPage(aURI, aURL, errorPage.get(),
+ error.get(), messageStr.get(),
+ cssClass.get(), aFailedChannel);
+ *aDisplayedErrorPage = NS_SUCCEEDED(loadedPage);
+ } else {
+ // The prompter reqires that our private window has a document (or it
+ // asserts). Satisfy that assertion now since GetDoc will force
+ // creation of one if it hasn't already been created.
+ if (mScriptGlobal) {
+ Unused << mScriptGlobal->GetDoc();
+ }
+
+ // Display a message box
+ prompter->Alert(nullptr, messageStr.get());
+ }
+
+ return NS_OK;
+}
+
+#define PREF_SAFEBROWSING_ALLOWOVERRIDE "browser.safebrowsing.allowOverride"
+
+NS_IMETHODIMP
+nsDocShell::LoadErrorPage(nsIURI* aURI, const char16_t* aURL,
+ const char* aErrorPage,
+ const char16_t* aErrorType,
+ const char16_t* aDescription,
+ const char* aCSSClass,
+ nsIChannel* aFailedChannel)
+{
+#if defined(DEBUG)
+ if (MOZ_LOG_TEST(gDocShellLog, LogLevel::Debug)) {
+ nsAutoCString chanName;
+ if (aFailedChannel) {
+ aFailedChannel->GetName(chanName);
+ } else {
+ chanName.AssignLiteral("<no channel>");
+ }
+
+ MOZ_LOG(gDocShellLog, LogLevel::Debug,
+ ("nsDocShell[%p]::LoadErrorPage(\"%s\", \"%s\", {...}, [%s])\n", this,
+ aURI->GetSpecOrDefault().get(), NS_ConvertUTF16toUTF8(aURL).get(),
+ chanName.get()));
+ }
+#endif
+ mFailedChannel = aFailedChannel;
+ mFailedURI = aURI;
+ mFailedLoadType = mLoadType;
+
+ if (mLSHE) {
+ // Abandon mLSHE's BFCache entry and create a new one. This way, if
+ // we go back or forward to another SHEntry with the same doc
+ // identifier, the error page won't persist.
+ mLSHE->AbandonBFCacheEntry();
+ }
+
+ nsAutoCString url;
+ nsAutoCString charset;
+ if (aURI) {
+ nsresult rv = aURI->GetSpec(url);
+ NS_ENSURE_SUCCESS(rv, rv);
+ rv = aURI->GetOriginCharset(charset);
+ NS_ENSURE_SUCCESS(rv, rv);
+ } else if (aURL) {
+ CopyUTF16toUTF8(aURL, url);
+ } else {
+ return NS_ERROR_INVALID_POINTER;
+ }
+
+ // Create a URL to pass all the error information through to the page.
+
+#undef SAFE_ESCAPE
+#define SAFE_ESCAPE(output, input, params) \
+ if (NS_WARN_IF(!NS_Escape(input, output, params))) { \
+ return NS_ERROR_OUT_OF_MEMORY; \
+ }
+
+ nsCString escapedUrl, escapedCharset, escapedError, escapedDescription,
+ escapedCSSClass;
+ SAFE_ESCAPE(escapedUrl, url, url_Path);
+ SAFE_ESCAPE(escapedCharset, charset, url_Path);
+ SAFE_ESCAPE(escapedError, NS_ConvertUTF16toUTF8(aErrorType), url_Path);
+ SAFE_ESCAPE(escapedDescription,
+ NS_ConvertUTF16toUTF8(aDescription), url_Path);
+ if (aCSSClass) {
+ nsCString cssClass(aCSSClass);
+ SAFE_ESCAPE(escapedCSSClass, cssClass, url_Path);
+ }
+ nsCString errorPageUrl("about:");
+ errorPageUrl.AppendASCII(aErrorPage);
+ errorPageUrl.AppendLiteral("?e=");
+
+ errorPageUrl.AppendASCII(escapedError.get());
+ errorPageUrl.AppendLiteral("&u=");
+ errorPageUrl.AppendASCII(escapedUrl.get());
+ if ((strcmp(aErrorPage, "blocked") == 0) &&
+ Preferences::GetBool(PREF_SAFEBROWSING_ALLOWOVERRIDE, true)) {
+ errorPageUrl.AppendLiteral("&o=1");
+ }
+ if (!escapedCSSClass.IsEmpty()) {
+ errorPageUrl.AppendLiteral("&s=");
+ errorPageUrl.AppendASCII(escapedCSSClass.get());
+ }
+ errorPageUrl.AppendLiteral("&c=");
+ errorPageUrl.AppendASCII(escapedCharset.get());
+
+ nsAutoCString frameType(FrameTypeToString(mFrameType));
+ errorPageUrl.AppendLiteral("&f=");
+ errorPageUrl.AppendASCII(frameType.get());
+
+ // Append the manifest URL if the error comes from an app.
+ nsString manifestURL;
+ nsresult rv = GetAppManifestURL(manifestURL);
+ if (manifestURL.Length() > 0) {
+ nsCString manifestParam;
+ SAFE_ESCAPE(manifestParam, NS_ConvertUTF16toUTF8(manifestURL), url_Path);
+ errorPageUrl.AppendLiteral("&m=");
+ errorPageUrl.AppendASCII(manifestParam.get());
+ }
+
+ nsCOMPtr<nsICaptivePortalService> cps = do_GetService(NS_CAPTIVEPORTAL_CID);
+ int32_t cpsState;
+ if (cps && NS_SUCCEEDED(cps->GetState(&cpsState)) &&
+ cpsState == nsICaptivePortalService::LOCKED_PORTAL) {
+ errorPageUrl.AppendLiteral("&captive=true");
+ }
+
+ // netError.xhtml's getDescription only handles the "d" parameter at the
+ // end of the URL, so append it last.
+ errorPageUrl.AppendLiteral("&d=");
+ errorPageUrl.AppendASCII(escapedDescription.get());
+
+ nsCOMPtr<nsIURI> errorPageURI;
+ rv = NS_NewURI(getter_AddRefs(errorPageURI), errorPageUrl);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ return InternalLoad(errorPageURI, nullptr, false, nullptr,
+ mozilla::net::RP_Default,
+ nsContentUtils::GetSystemPrincipal(), nullptr,
+ INTERNAL_LOAD_FLAGS_NONE, EmptyString(),
+ nullptr, NullString(), nullptr, nullptr, LOAD_ERROR_PAGE,
+ nullptr, true, NullString(), this, nullptr, nullptr,
+ nullptr);
+}
+
+NS_IMETHODIMP
+nsDocShell::Reload(uint32_t aReloadFlags)
+{
+ if (!IsNavigationAllowed()) {
+ return NS_OK; // JS may not handle returning of an error code
+ }
+ nsresult rv;
+ NS_ASSERTION(((aReloadFlags & 0xf) == 0),
+ "Reload command not updated to use load flags!");
+ NS_ASSERTION((aReloadFlags & EXTRA_LOAD_FLAGS) == 0,
+ "Don't pass these flags to Reload");
+
+ uint32_t loadType = MAKE_LOAD_TYPE(LOAD_RELOAD_NORMAL, aReloadFlags);
+ NS_ENSURE_TRUE(IsValidLoadType(loadType), NS_ERROR_INVALID_ARG);
+
+ // Send notifications to the HistoryListener if any, about the impending
+ // reload
+ nsCOMPtr<nsISHistory> rootSH;
+ rv = GetRootSessionHistory(getter_AddRefs(rootSH));
+ nsCOMPtr<nsISHistoryInternal> shistInt(do_QueryInterface(rootSH));
+ bool canReload = true;
+ if (rootSH) {
+ shistInt->NotifyOnHistoryReload(mCurrentURI, aReloadFlags, &canReload);
+ }
+
+ if (!canReload) {
+ return NS_OK;
+ }
+
+ /* If you change this part of code, make sure bug 45297 does not re-occur */
+ if (mOSHE) {
+ rv = LoadHistoryEntry(mOSHE, loadType);
+ } else if (mLSHE) { // In case a reload happened before the current load is done
+ rv = LoadHistoryEntry(mLSHE, loadType);
+ } else {
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+
+ if (!doc) {
+ return NS_OK;
+ }
+
+ // Do not inherit owner from document
+ uint32_t flags = INTERNAL_LOAD_FLAGS_NONE;
+ nsAutoString srcdoc;
+ nsCOMPtr<nsIURI> baseURI;
+ nsCOMPtr<nsIURI> originalURI;
+ bool loadReplace = false;
+
+ nsIPrincipal* triggeringPrincipal = doc->NodePrincipal();
+ nsAutoString contentTypeHint;
+ doc->GetContentType(contentTypeHint);
+
+ if (doc->IsSrcdocDocument()) {
+ doc->GetSrcdocData(srcdoc);
+ flags |= INTERNAL_LOAD_FLAGS_IS_SRCDOC;
+ baseURI = doc->GetBaseURI();
+ }
+ nsCOMPtr<nsIChannel> chan = doc->GetChannel();
+ if (chan) {
+ uint32_t loadFlags;
+ chan->GetLoadFlags(&loadFlags);
+ loadReplace = loadFlags & nsIChannel::LOAD_REPLACE;
+ nsCOMPtr<nsIHttpChannel> httpChan(do_QueryInterface(chan));
+ if (httpChan) {
+ httpChan->GetOriginalURI(getter_AddRefs(originalURI));
+ }
+ }
+
+ MOZ_ASSERT(triggeringPrincipal, "Need a valid triggeringPrincipal");
+
+ // Stack variables to ensure changes to the member variables don't affect to
+ // the call.
+ nsCOMPtr<nsIURI> currentURI = mCurrentURI;
+ nsCOMPtr<nsIURI> referrerURI = mReferrerURI;
+ uint32_t referrerPolicy = mReferrerPolicy;
+ rv = InternalLoad(currentURI,
+ originalURI,
+ loadReplace,
+ referrerURI,
+ referrerPolicy,
+ triggeringPrincipal,
+ triggeringPrincipal,
+ flags,
+ EmptyString(), // No window target
+ NS_LossyConvertUTF16toASCII(contentTypeHint).get(),
+ NullString(), // No forced download
+ nullptr, // No post data
+ nullptr, // No headers data
+ loadType, // Load type
+ nullptr, // No SHEntry
+ true,
+ srcdoc, // srcdoc argument for iframe
+ this, // For reloads we are the source
+ baseURI,
+ nullptr, // No nsIDocShell
+ nullptr); // No nsIRequest
+ }
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::Stop(uint32_t aStopFlags)
+{
+ // Revoke any pending event related to content viewer restoration
+ mRestorePresentationEvent.Revoke();
+
+ if (mLoadType == LOAD_ERROR_PAGE) {
+ if (mLSHE) {
+ // Since error page loads never unset mLSHE, do so now
+ SetHistoryEntry(&mOSHE, mLSHE);
+ SetHistoryEntry(&mLSHE, nullptr);
+ }
+
+ mFailedChannel = nullptr;
+ mFailedURI = nullptr;
+ }
+
+ if (nsIWebNavigation::STOP_CONTENT & aStopFlags) {
+ // Stop the document loading
+ if (mContentViewer) {
+ nsCOMPtr<nsIContentViewer> cv = mContentViewer;
+ cv->Stop();
+ }
+ }
+
+ if (nsIWebNavigation::STOP_NETWORK & aStopFlags) {
+ // Suspend any timers that were set for this loader. We'll clear
+ // them out for good in CreateContentViewer.
+ if (mRefreshURIList) {
+ SuspendRefreshURIs();
+ mSavedRefreshURIList.swap(mRefreshURIList);
+ mRefreshURIList = nullptr;
+ }
+
+ // XXXbz We could also pass |this| to nsIURILoader::Stop. That will
+ // just call Stop() on us as an nsIDocumentLoader... We need fewer
+ // redundant apis!
+ Stop();
+ }
+
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIWebNavigation> shellAsNav(do_QueryObject(iter.GetNext()));
+ if (shellAsNav) {
+ shellAsNav->Stop(aStopFlags);
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetDocument(nsIDOMDocument** aDocument)
+{
+ NS_ENSURE_ARG_POINTER(aDocument);
+ NS_ENSURE_SUCCESS(EnsureContentViewer(), NS_ERROR_FAILURE);
+
+ return mContentViewer->GetDOMDocument(aDocument);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCurrentURI(nsIURI** aURI)
+{
+ NS_ENSURE_ARG_POINTER(aURI);
+
+ if (mCurrentURI) {
+ return NS_EnsureSafeToReturn(mCurrentURI, aURI);
+ }
+
+ *aURI = nullptr;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetReferringURI(nsIURI** aURI)
+{
+ NS_ENSURE_ARG_POINTER(aURI);
+
+ *aURI = mReferrerURI;
+ NS_IF_ADDREF(*aURI);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetSessionHistory(nsISHistory* aSessionHistory)
+{
+ NS_ENSURE_TRUE(aSessionHistory, NS_ERROR_FAILURE);
+ // make sure that we are the root docshell and
+ // set a handle to root docshell in SH.
+
+ nsCOMPtr<nsIDocShellTreeItem> root;
+ /* Get the root docshell. If *this* is the root docshell
+ * then save a handle to *this* in SH. SH needs it to do
+ * traversions thro' its entries
+ */
+ GetSameTypeRootTreeItem(getter_AddRefs(root));
+ NS_ENSURE_TRUE(root, NS_ERROR_FAILURE);
+ if (root.get() == static_cast<nsIDocShellTreeItem*>(this)) {
+ mSessionHistory = aSessionHistory;
+ nsCOMPtr<nsISHistoryInternal> shPrivate =
+ do_QueryInterface(mSessionHistory);
+ NS_ENSURE_TRUE(shPrivate, NS_ERROR_FAILURE);
+ shPrivate->SetRootDocShell(this);
+ return NS_OK;
+ }
+ return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSessionHistory(nsISHistory** aSessionHistory)
+{
+ NS_ENSURE_ARG_POINTER(aSessionHistory);
+ *aSessionHistory = mSessionHistory;
+ NS_IF_ADDREF(*aSessionHistory);
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIWebPageDescriptor
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::LoadPage(nsISupports* aPageDescriptor, uint32_t aDisplayType)
+{
+ nsCOMPtr<nsISHEntry> shEntryIn(do_QueryInterface(aPageDescriptor));
+
+ // Currently, the opaque 'page descriptor' is an nsISHEntry...
+ if (!shEntryIn) {
+ return NS_ERROR_INVALID_POINTER;
+ }
+
+ // Now clone shEntryIn, since we might end up modifying it later on, and we
+ // want a page descriptor to be reusable.
+ nsCOMPtr<nsISHEntry> shEntry;
+ nsresult rv = shEntryIn->Clone(getter_AddRefs(shEntry));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Give our cloned shEntry a new bfcache entry so this load is independent
+ // of all other loads. (This is important, in particular, for bugs 582795
+ // and 585298.)
+ rv = shEntry->AbandonBFCacheEntry();
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ //
+ // load the page as view-source
+ //
+ if (nsIWebPageDescriptor::DISPLAY_AS_SOURCE == aDisplayType) {
+ nsCOMPtr<nsIURI> oldUri, newUri;
+ nsCString spec, newSpec;
+
+ // Create a new view-source URI and replace the original.
+ rv = shEntry->GetURI(getter_AddRefs(oldUri));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ oldUri->GetSpec(spec);
+ newSpec.AppendLiteral("view-source:");
+ newSpec.Append(spec);
+
+ rv = NS_NewURI(getter_AddRefs(newUri), newSpec);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ shEntry->SetURI(newUri);
+ shEntry->SetOriginalURI(nullptr);
+ }
+
+ rv = LoadHistoryEntry(shEntry, LOAD_HISTORY);
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCurrentDescriptor(nsISupports** aPageDescriptor)
+{
+ NS_PRECONDITION(aPageDescriptor, "Null out param?");
+
+ *aPageDescriptor = nullptr;
+
+ nsISHEntry* src = mOSHE ? mOSHE : mLSHE;
+ if (src) {
+ nsCOMPtr<nsISHEntry> dest;
+
+ nsresult rv = src->Clone(getter_AddRefs(dest));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ // null out inappropriate cloned attributes...
+ dest->SetParent(nullptr);
+ dest->SetIsSubFrame(false);
+
+ return CallQueryInterface(dest, aPageDescriptor);
+ }
+
+ return NS_ERROR_NOT_AVAILABLE;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIBaseWindow
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::InitWindow(nativeWindow aParentNativeWindow,
+ nsIWidget* aParentWidget, int32_t aX, int32_t aY,
+ int32_t aWidth, int32_t aHeight)
+{
+ SetParentWidget(aParentWidget);
+ SetPositionAndSize(aX, aY, aWidth, aHeight, 0);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::Create()
+{
+ if (mCreated) {
+ // We've already been created
+ return NS_OK;
+ }
+
+ NS_ASSERTION(mItemType == typeContent || mItemType == typeChrome,
+ "Unexpected item type in docshell");
+
+ NS_ENSURE_TRUE(Preferences::GetRootBranch(), NS_ERROR_FAILURE);
+ mCreated = true;
+
+ if (gValidateOrigin == 0xffffffff) {
+ // Check pref to see if we should prevent frameset spoofing
+ gValidateOrigin =
+ Preferences::GetBool("browser.frame.validate_origin", true);
+ }
+
+ // Should we use XUL error pages instead of alerts if possible?
+ mUseErrorPages =
+ Preferences::GetBool("browser.xul.error_pages.enabled", mUseErrorPages);
+
+ if (!gAddedPreferencesVarCache) {
+ Preferences::AddBoolVarCache(&sUseErrorPages,
+ "browser.xul.error_pages.enabled",
+ mUseErrorPages);
+ gAddedPreferencesVarCache = true;
+ }
+
+ mDisableMetaRefreshWhenInactive =
+ Preferences::GetBool("browser.meta_refresh_when_inactive.disabled",
+ mDisableMetaRefreshWhenInactive);
+
+ mDeviceSizeIsPageSize =
+ Preferences::GetBool("docshell.device_size_is_page_size",
+ mDeviceSizeIsPageSize);
+
+ nsCOMPtr<nsIObserverService> serv = services::GetObserverService();
+ if (serv) {
+ const char* msg = mItemType == typeContent ?
+ NS_WEBNAVIGATION_CREATE : NS_CHROME_WEBNAVIGATION_CREATE;
+ serv->NotifyObservers(GetAsSupports(this), msg, nullptr);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::Destroy()
+{
+ NS_ASSERTION(mItemType == typeContent || mItemType == typeChrome,
+ "Unexpected item type in docshell");
+
+ if (!mIsBeingDestroyed) {
+ nsCOMPtr<nsIObserverService> serv = services::GetObserverService();
+ if (serv) {
+ const char* msg = mItemType == typeContent ?
+ NS_WEBNAVIGATION_DESTROY : NS_CHROME_WEBNAVIGATION_DESTROY;
+ serv->NotifyObservers(GetAsSupports(this), msg, nullptr);
+ }
+ }
+
+ mIsBeingDestroyed = true;
+
+ // Make sure we don't record profile timeline markers anymore
+ SetRecordProfileTimelineMarkers(false);
+
+ // Remove our pref observers
+ if (mObserveErrorPages) {
+ mObserveErrorPages = false;
+ }
+
+ // Make sure to blow away our mLoadingURI just in case. No loads
+ // from inside this pagehide.
+ mLoadingURI = nullptr;
+
+ // Fire unload event before we blow anything away.
+ (void)FirePageHideNotification(true);
+
+ // Clear pointers to any detached nsEditorData that's lying
+ // around in shistory entries. Breaks cycle. See bug 430921.
+ if (mOSHE) {
+ mOSHE->SetEditorData(nullptr);
+ }
+ if (mLSHE) {
+ mLSHE->SetEditorData(nullptr);
+ }
+
+ // Note: mContentListener can be null if Init() failed and we're being
+ // called from the destructor.
+ if (mContentListener) {
+ mContentListener->DropDocShellReference();
+ mContentListener->SetParentContentListener(nullptr);
+ // Note that we do NOT set mContentListener to null here; that
+ // way if someone tries to do a load in us after this point
+ // the nsDSURIContentListener will block it. All of which
+ // means that we should do this before calling Stop(), of
+ // course.
+ }
+
+ // Stop any URLs that are currently being loaded...
+ Stop(nsIWebNavigation::STOP_ALL);
+
+ mEditorData = nullptr;
+
+ mTransferableHookData = nullptr;
+
+ // Save the state of the current document, before destroying the window.
+ // This is needed to capture the state of a frameset when the new document
+ // causes the frameset to be destroyed...
+ PersistLayoutHistoryState();
+
+ // Remove this docshell from its parent's child list
+ nsCOMPtr<nsIDocShellTreeItem> docShellParentAsItem =
+ do_QueryInterface(GetAsSupports(mParent));
+ if (docShellParentAsItem) {
+ docShellParentAsItem->RemoveChild(this);
+ }
+
+ if (mContentViewer) {
+ mContentViewer->Close(nullptr);
+ mContentViewer->Destroy();
+ mContentViewer = nullptr;
+ }
+
+ nsDocLoader::Destroy();
+
+ mParentWidget = nullptr;
+ mCurrentURI = nullptr;
+
+ if (mScriptGlobal) {
+ mScriptGlobal->DetachFromDocShell();
+ mScriptGlobal = nullptr;
+ }
+
+ if (mSessionHistory) {
+ // We want to destroy these content viewers now rather than
+ // letting their destruction wait for the session history
+ // entries to get garbage collected. (Bug 488394)
+ nsCOMPtr<nsISHistoryInternal> shPrivate =
+ do_QueryInterface(mSessionHistory);
+ if (shPrivate) {
+ shPrivate->EvictAllContentViewers();
+ }
+ mSessionHistory = nullptr;
+ }
+
+ SetTreeOwner(nullptr);
+
+ mOnePermittedSandboxedNavigator = nullptr;
+
+ // required to break ref cycle
+ mSecurityUI = nullptr;
+
+ // Cancel any timers that were set for this docshell; this is needed
+ // to break the cycle between us and the timers.
+ CancelRefreshURITimers();
+
+ if (UsePrivateBrowsing()) {
+ mPrivateBrowsingId = 0;
+ mOriginAttributes.SyncAttributesWithPrivateBrowsing(false);
+ if (mAffectPrivateSessionLifetime) {
+ DecreasePrivateDocShellCount();
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetUnscaledDevicePixelsPerCSSPixel(double* aScale)
+{
+ if (mParentWidget) {
+ *aScale = mParentWidget->GetDefaultScale().scale;
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIBaseWindow> ownerWindow(do_QueryInterface(mTreeOwner));
+ if (ownerWindow) {
+ return ownerWindow->GetUnscaledDevicePixelsPerCSSPixel(aScale);
+ }
+
+ *aScale = 1.0;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetDevicePixelsPerDesktopPixel(double* aScale)
+{
+ if (mParentWidget) {
+ *aScale = mParentWidget->GetDesktopToDeviceScale().scale;
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIBaseWindow> ownerWindow(do_QueryInterface(mTreeOwner));
+ if (ownerWindow) {
+ return ownerWindow->GetDevicePixelsPerDesktopPixel(aScale);
+ }
+
+ *aScale = 1.0;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetPosition(int32_t aX, int32_t aY)
+{
+ mBounds.x = aX;
+ mBounds.y = aY;
+
+ if (mContentViewer) {
+ NS_ENSURE_SUCCESS(mContentViewer->Move(aX, aY), NS_ERROR_FAILURE);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetPositionDesktopPix(int32_t aX, int32_t aY)
+{
+ nsCOMPtr<nsIBaseWindow> ownerWindow(do_QueryInterface(mTreeOwner));
+ if (ownerWindow) {
+ return ownerWindow->SetPositionDesktopPix(aX, aY);
+ }
+
+ double scale = 1.0;
+ GetDevicePixelsPerDesktopPixel(&scale);
+ return SetPosition(NSToIntRound(aX * scale), NSToIntRound(aY * scale));
+}
+
+NS_IMETHODIMP
+nsDocShell::GetPosition(int32_t* aX, int32_t* aY)
+{
+ return GetPositionAndSize(aX, aY, nullptr, nullptr);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetSize(int32_t aWidth, int32_t aHeight, bool aRepaint)
+{
+ int32_t x = 0, y = 0;
+ GetPosition(&x, &y);
+ return SetPositionAndSize(x, y, aWidth, aHeight,
+ aRepaint ? nsIBaseWindow::eRepaint : 0);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSize(int32_t* aWidth, int32_t* aHeight)
+{
+ return GetPositionAndSize(nullptr, nullptr, aWidth, aHeight);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetPositionAndSize(int32_t aX, int32_t aY, int32_t aWidth,
+ int32_t aHeight, uint32_t aFlags)
+{
+ mBounds.x = aX;
+ mBounds.y = aY;
+ mBounds.width = aWidth;
+ mBounds.height = aHeight;
+
+ // Hold strong ref, since SetBounds can make us null out mContentViewer
+ nsCOMPtr<nsIContentViewer> viewer = mContentViewer;
+ if (viewer) {
+ uint32_t cvflags = (aFlags & nsIBaseWindow::eDelayResize) ?
+ nsIContentViewer::eDelayResize : 0;
+ // XXX Border figured in here or is that handled elsewhere?
+ nsresult rv = viewer->SetBoundsWithFlags(mBounds, cvflags);
+ NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetPositionAndSize(int32_t* aX, int32_t* aY, int32_t* aWidth,
+ int32_t* aHeight)
+{
+ if (mParentWidget) {
+ // ensure size is up-to-date if window has changed resolution
+ LayoutDeviceIntRect r = mParentWidget->GetClientBounds();
+ SetPositionAndSize(mBounds.x, mBounds.y, r.width, r.height, 0);
+ }
+
+ // We should really consider just getting this information from
+ // our window instead of duplicating the storage and code...
+ if (aWidth || aHeight) {
+ // Caller wants to know our size; make sure to give them up to
+ // date information.
+ nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(mParent)));
+ if (doc) {
+ doc->FlushPendingNotifications(Flush_Layout);
+ }
+ }
+
+ DoGetPositionAndSize(aX, aY, aWidth, aHeight);
+ return NS_OK;
+}
+
+void
+nsDocShell::DoGetPositionAndSize(int32_t* aX, int32_t* aY, int32_t* aWidth,
+ int32_t* aHeight)
+{
+ if (aX) {
+ *aX = mBounds.x;
+ }
+ if (aY) {
+ *aY = mBounds.y;
+ }
+ if (aWidth) {
+ *aWidth = mBounds.width;
+ }
+ if (aHeight) {
+ *aHeight = mBounds.height;
+ }
+}
+
+NS_IMETHODIMP
+nsDocShell::Repaint(bool aForce)
+{
+ nsCOMPtr<nsIPresShell> presShell = GetPresShell();
+ NS_ENSURE_TRUE(presShell, NS_ERROR_FAILURE);
+
+ nsViewManager* viewManager = presShell->GetViewManager();
+ NS_ENSURE_TRUE(viewManager, NS_ERROR_FAILURE);
+
+ viewManager->InvalidateAllViews();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetParentWidget(nsIWidget** aParentWidget)
+{
+ NS_ENSURE_ARG_POINTER(aParentWidget);
+
+ *aParentWidget = mParentWidget;
+ NS_IF_ADDREF(*aParentWidget);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetParentWidget(nsIWidget* aParentWidget)
+{
+ mParentWidget = aParentWidget;
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetParentNativeWindow(nativeWindow* aParentNativeWindow)
+{
+ NS_ENSURE_ARG_POINTER(aParentNativeWindow);
+
+ if (mParentWidget) {
+ *aParentNativeWindow = mParentWidget->GetNativeData(NS_NATIVE_WIDGET);
+ } else {
+ *aParentNativeWindow = nullptr;
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetParentNativeWindow(nativeWindow aParentNativeWindow)
+{
+ return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetNativeHandle(nsAString& aNativeHandle)
+{
+ // the nativeHandle should be accessed from nsIXULWindow
+ return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetVisibility(bool* aVisibility)
+{
+ NS_ENSURE_ARG_POINTER(aVisibility);
+
+ *aVisibility = false;
+
+ if (!mContentViewer) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIPresShell> presShell = GetPresShell();
+ if (!presShell) {
+ return NS_OK;
+ }
+
+ // get the view manager
+ nsViewManager* vm = presShell->GetViewManager();
+ NS_ENSURE_TRUE(vm, NS_ERROR_FAILURE);
+
+ // get the root view
+ nsView* view = vm->GetRootView(); // views are not ref counted
+ NS_ENSURE_TRUE(view, NS_ERROR_FAILURE);
+
+ // if our root view is hidden, we are not visible
+ if (view->GetVisibility() == nsViewVisibility_kHide) {
+ return NS_OK;
+ }
+
+ // otherwise, we must walk up the document and view trees checking
+ // for a hidden view, unless we're an off screen browser, which
+ // would make this test meaningless.
+
+ RefPtr<nsDocShell> docShell = this;
+ RefPtr<nsDocShell> parentItem = docShell->GetParentDocshell();
+ while (parentItem) {
+ presShell = docShell->GetPresShell();
+
+ nsCOMPtr<nsIPresShell> pPresShell = parentItem->GetPresShell();
+
+ // Null-check for crash in bug 267804
+ if (!pPresShell) {
+ NS_NOTREACHED("parent docshell has null pres shell");
+ return NS_OK;
+ }
+
+ vm = presShell->GetViewManager();
+ if (vm) {
+ view = vm->GetRootView();
+ }
+
+ if (view) {
+ view = view->GetParent(); // anonymous inner view
+ if (view) {
+ view = view->GetParent(); // subdocumentframe's view
+ }
+ }
+
+ nsIFrame* frame = view ? view->GetFrame() : nullptr;
+ bool isDocShellOffScreen = false;
+ docShell->GetIsOffScreenBrowser(&isDocShellOffScreen);
+ if (frame &&
+ !frame->IsVisibleConsideringAncestors(
+ nsIFrame::VISIBILITY_CROSS_CHROME_CONTENT_BOUNDARY) &&
+ !isDocShellOffScreen) {
+ return NS_OK;
+ }
+
+ docShell = parentItem;
+ parentItem = docShell->GetParentDocshell();
+ }
+
+ nsCOMPtr<nsIBaseWindow> treeOwnerAsWin(do_QueryInterface(mTreeOwner));
+ if (!treeOwnerAsWin) {
+ *aVisibility = true;
+ return NS_OK;
+ }
+
+ // Check with the tree owner as well to give embedders a chance to
+ // expose visibility as well.
+ return treeOwnerAsWin->GetVisibility(aVisibility);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetIsOffScreenBrowser(bool aIsOffScreen)
+{
+ mIsOffScreenBrowser = aIsOffScreen;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetIsOffScreenBrowser(bool* aIsOffScreen)
+{
+ *aIsOffScreen = mIsOffScreenBrowser;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetIsActive(bool aIsActive)
+{
+ // We disallow setting active on chrome docshells.
+ if (mItemType == nsIDocShellTreeItem::typeChrome) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ // Keep track ourselves.
+ mIsActive = aIsActive;
+
+ // Clear prerender flag if necessary.
+ mIsPrerendered &= !aIsActive;
+
+ // Tell the PresShell about it.
+ nsCOMPtr<nsIPresShell> pshell = GetPresShell();
+ if (pshell) {
+ pshell->SetIsActive(aIsActive);
+ }
+
+ // Tell the window about it
+ if (mScriptGlobal) {
+ mScriptGlobal->SetIsBackground(!aIsActive);
+ if (nsCOMPtr<nsIDocument> doc = mScriptGlobal->GetExtantDoc()) {
+ // Update orientation when the top-level browsing context becomes active.
+ // We make an exception for apps because they currently rely on
+ // orientation locks persisting across browsing contexts.
+ if (aIsActive && !GetIsApp()) {
+ nsCOMPtr<nsIDocShellTreeItem> parent;
+ GetSameTypeParent(getter_AddRefs(parent));
+ if (!parent) {
+ // We only care about the top-level browsing context.
+ uint16_t orientation = OrientationLock();
+ ScreenOrientation::UpdateActiveOrientationLock(orientation);
+ }
+ }
+
+ doc->PostVisibilityUpdateEvent();
+ }
+ }
+
+ // Tell the nsDOMNavigationTiming about it
+ RefPtr<nsDOMNavigationTiming> timing = mTiming;
+ if (!timing && mContentViewer) {
+ nsIDocument* doc = mContentViewer->GetDocument();
+ if (doc) {
+ timing = doc->GetNavigationTiming();
+ }
+ }
+ if (timing) {
+ timing->NotifyDocShellStateChanged(
+ aIsActive ? nsDOMNavigationTiming::DocShellState::eActive
+ : nsDOMNavigationTiming::DocShellState::eInactive);
+ }
+
+ // Recursively tell all of our children, but don't tell <iframe mozbrowser>
+ // children; they handle their state separately.
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> docshell = do_QueryObject(iter.GetNext());
+ if (!docshell) {
+ continue;
+ }
+
+ if (!docshell->GetIsMozBrowserOrApp()) {
+ docshell->SetIsActive(aIsActive);
+ }
+ }
+
+ // Restart or stop meta refresh timers if necessary
+ if (mDisableMetaRefreshWhenInactive) {
+ if (mIsActive) {
+ ResumeRefreshURIs();
+ } else {
+ SuspendRefreshURIs();
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetIsActive(bool* aIsActive)
+{
+ *aIsActive = mIsActive;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetIsPrerendered()
+{
+ MOZ_ASSERT(!mIsPrerendered,
+ "SetIsPrerendered() called on already prerendered docshell");
+ SetIsActive(false);
+ mIsPrerendered = true;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetIsPrerendered(bool* aIsPrerendered)
+{
+ *aIsPrerendered = mIsPrerendered;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetIsAppTab(bool aIsAppTab)
+{
+ mIsAppTab = aIsAppTab;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetIsAppTab(bool* aIsAppTab)
+{
+ *aIsAppTab = mIsAppTab;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetSandboxFlags(uint32_t aSandboxFlags)
+{
+ mSandboxFlags = aSandboxFlags;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetSandboxFlags(uint32_t* aSandboxFlags)
+{
+ *aSandboxFlags = mSandboxFlags;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetOnePermittedSandboxedNavigator(nsIDocShell* aSandboxedNavigator)
+{
+ if (mOnePermittedSandboxedNavigator) {
+ NS_ERROR("One Permitted Sandboxed Navigator should only be set once.");
+ return NS_OK;
+ }
+
+ mOnePermittedSandboxedNavigator = do_GetWeakReference(aSandboxedNavigator);
+ NS_ASSERTION(mOnePermittedSandboxedNavigator,
+ "One Permitted Sandboxed Navigator must support weak references.");
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetOnePermittedSandboxedNavigator(nsIDocShell** aSandboxedNavigator)
+{
+ NS_ENSURE_ARG_POINTER(aSandboxedNavigator);
+ nsCOMPtr<nsIDocShell> permittedNavigator =
+ do_QueryReferent(mOnePermittedSandboxedNavigator);
+ permittedNavigator.forget(aSandboxedNavigator);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetDefaultLoadFlags(uint32_t aDefaultLoadFlags)
+{
+ mDefaultLoadFlags = aDefaultLoadFlags;
+
+ // Tell the load group to set these flags all requests in the group
+ if (mLoadGroup) {
+ mLoadGroup->SetDefaultLoadFlags(aDefaultLoadFlags);
+ } else {
+ NS_WARNING("nsDocShell::SetDefaultLoadFlags has no loadGroup to propagate the flags to");
+ }
+
+ // Recursively tell all of our children. We *do not* skip
+ // <iframe mozbrowser> children - if someone sticks custom flags in this
+ // docShell then they too get the same flags.
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> docshell = do_QueryObject(iter.GetNext());
+ if (!docshell) {
+ continue;
+ }
+ docshell->SetDefaultLoadFlags(aDefaultLoadFlags);
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetDefaultLoadFlags(uint32_t* aDefaultLoadFlags)
+{
+ *aDefaultLoadFlags = mDefaultLoadFlags;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetMixedContentChannel(nsIChannel* aMixedContentChannel)
+{
+#ifdef DEBUG
+ // if the channel is non-null
+ if (aMixedContentChannel) {
+ // Get the root docshell.
+ nsCOMPtr<nsIDocShellTreeItem> root;
+ GetSameTypeRootTreeItem(getter_AddRefs(root));
+ NS_WARNING_ASSERTION(root.get() == static_cast<nsIDocShellTreeItem*>(this),
+ "Setting mMixedContentChannel on a docshell that is "
+ "not the root docshell");
+ }
+#endif
+ mMixedContentChannel = aMixedContentChannel;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetFailedChannel(nsIChannel** aFailedChannel)
+{
+ NS_ENSURE_ARG_POINTER(aFailedChannel);
+ nsIDocument* doc = GetDocument();
+ if (!doc) {
+ *aFailedChannel = nullptr;
+ return NS_OK;
+ }
+ NS_IF_ADDREF(*aFailedChannel = doc->GetFailedChannel());
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetMixedContentChannel(nsIChannel** aMixedContentChannel)
+{
+ NS_ENSURE_ARG_POINTER(aMixedContentChannel);
+ NS_IF_ADDREF(*aMixedContentChannel = mMixedContentChannel);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAllowMixedContentAndConnectionData(bool* aRootHasSecureConnection,
+ bool* aAllowMixedContent,
+ bool* aIsRootDocShell)
+{
+ *aRootHasSecureConnection = true;
+ *aAllowMixedContent = false;
+ *aIsRootDocShell = false;
+
+ nsCOMPtr<nsIDocShellTreeItem> sameTypeRoot;
+ GetSameTypeRootTreeItem(getter_AddRefs(sameTypeRoot));
+ NS_ASSERTION(sameTypeRoot,
+ "No document shell root tree item from document shell tree item!");
+ *aIsRootDocShell =
+ sameTypeRoot.get() == static_cast<nsIDocShellTreeItem*>(this);
+
+ // now get the document from sameTypeRoot
+ nsCOMPtr<nsIDocument> rootDoc = sameTypeRoot->GetDocument();
+ if (rootDoc) {
+ nsCOMPtr<nsIPrincipal> rootPrincipal = rootDoc->NodePrincipal();
+
+ // For things with system principal (e.g. scratchpad) there is no uri
+ // aRootHasSecureConnection should be false.
+ nsCOMPtr<nsIURI> rootUri;
+ if (nsContentUtils::IsSystemPrincipal(rootPrincipal) ||
+ NS_FAILED(rootPrincipal->GetURI(getter_AddRefs(rootUri))) || !rootUri ||
+ NS_FAILED(rootUri->SchemeIs("https", aRootHasSecureConnection))) {
+ *aRootHasSecureConnection = false;
+ }
+
+ // Check the root doc's channel against the root docShell's
+ // mMixedContentChannel to see if they are the same. If they are the same,
+ // the user has overriden the block.
+ nsCOMPtr<nsIDocShell> rootDocShell = do_QueryInterface(sameTypeRoot);
+ nsCOMPtr<nsIChannel> mixedChannel;
+ rootDocShell->GetMixedContentChannel(getter_AddRefs(mixedChannel));
+ *aAllowMixedContent =
+ mixedChannel && (mixedChannel == rootDoc->GetChannel());
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetVisibility(bool aVisibility)
+{
+ // Show()/Hide() may change mContentViewer.
+ nsCOMPtr<nsIContentViewer> cv = mContentViewer;
+ if (!cv) {
+ return NS_OK;
+ }
+ if (aVisibility) {
+ cv->Show();
+ } else {
+ cv->Hide();
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetEnabled(bool* aEnabled)
+{
+ NS_ENSURE_ARG_POINTER(aEnabled);
+ *aEnabled = true;
+ return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetEnabled(bool aEnabled)
+{
+ return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetFocus()
+{
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetMainWidget(nsIWidget** aMainWidget)
+{
+ // We don't create our own widget, so simply return the parent one.
+ return GetParentWidget(aMainWidget);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetTitle(char16_t** aTitle)
+{
+ NS_ENSURE_ARG_POINTER(aTitle);
+
+ *aTitle = ToNewUnicode(mTitle);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetTitle(const char16_t* aTitle)
+{
+ // Store local title
+ mTitle = aTitle;
+
+ nsCOMPtr<nsIDocShellTreeItem> parent;
+ GetSameTypeParent(getter_AddRefs(parent));
+
+ // When title is set on the top object it should then be passed to the
+ // tree owner.
+ if (!parent) {
+ nsCOMPtr<nsIBaseWindow> treeOwnerAsWin(do_QueryInterface(mTreeOwner));
+ if (treeOwnerAsWin) {
+ treeOwnerAsWin->SetTitle(aTitle);
+ }
+ }
+
+ AssertOriginAttributesMatchPrivateBrowsing();
+ if (mCurrentURI && mLoadType != LOAD_ERROR_PAGE && mUseGlobalHistory &&
+ !UsePrivateBrowsing()) {
+ nsCOMPtr<IHistory> history = services::GetHistoryService();
+ if (history) {
+ history->SetURITitle(mCurrentURI, mTitle);
+ } else if (mGlobalHistory) {
+ mGlobalHistory->SetPageTitle(mCurrentURI, nsString(mTitle));
+ }
+ }
+
+ // Update SessionHistory with the document's title.
+ if (mOSHE && mLoadType != LOAD_BYPASS_HISTORY &&
+ mLoadType != LOAD_ERROR_PAGE) {
+ mOSHE->SetTitle(mTitle);
+ }
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::GetCurScrollPos(int32_t aScrollOrientation, int32_t* aCurPos)
+{
+ NS_ENSURE_ARG_POINTER(aCurPos);
+
+ nsIScrollableFrame* sf = GetRootScrollFrame();
+ if (!sf) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsPoint pt = sf->GetScrollPosition();
+
+ switch (aScrollOrientation) {
+ case ScrollOrientation_X:
+ *aCurPos = pt.x;
+ return NS_OK;
+
+ case ScrollOrientation_Y:
+ *aCurPos = pt.y;
+ return NS_OK;
+
+ default:
+ NS_ENSURE_TRUE(false, NS_ERROR_INVALID_ARG);
+ }
+}
+
+nsresult
+nsDocShell::SetCurScrollPosEx(int32_t aCurHorizontalPos,
+ int32_t aCurVerticalPos)
+{
+ nsIScrollableFrame* sf = GetRootScrollFrame();
+ NS_ENSURE_TRUE(sf, NS_ERROR_FAILURE);
+
+ sf->ScrollTo(nsPoint(aCurHorizontalPos, aCurVerticalPos),
+ nsIScrollableFrame::INSTANT);
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIScrollable
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::GetDefaultScrollbarPreferences(int32_t aScrollOrientation,
+ int32_t* aScrollbarPref)
+{
+ NS_ENSURE_ARG_POINTER(aScrollbarPref);
+ switch (aScrollOrientation) {
+ case ScrollOrientation_X:
+ *aScrollbarPref = mDefaultScrollbarPref.x;
+ return NS_OK;
+
+ case ScrollOrientation_Y:
+ *aScrollbarPref = mDefaultScrollbarPref.y;
+ return NS_OK;
+
+ default:
+ NS_ENSURE_TRUE(false, NS_ERROR_INVALID_ARG);
+ }
+ return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetDefaultScrollbarPreferences(int32_t aScrollOrientation,
+ int32_t aScrollbarPref)
+{
+ switch (aScrollOrientation) {
+ case ScrollOrientation_X:
+ mDefaultScrollbarPref.x = aScrollbarPref;
+ return NS_OK;
+
+ case ScrollOrientation_Y:
+ mDefaultScrollbarPref.y = aScrollbarPref;
+ return NS_OK;
+
+ default:
+ NS_ENSURE_TRUE(false, NS_ERROR_INVALID_ARG);
+ }
+ return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetScrollbarVisibility(bool* aVerticalVisible,
+ bool* aHorizontalVisible)
+{
+ nsIScrollableFrame* sf = GetRootScrollFrame();
+ NS_ENSURE_TRUE(sf, NS_ERROR_FAILURE);
+
+ uint32_t scrollbarVisibility = sf->GetScrollbarVisibility();
+ if (aVerticalVisible) {
+ *aVerticalVisible =
+ (scrollbarVisibility & nsIScrollableFrame::VERTICAL) != 0;
+ }
+ if (aHorizontalVisible) {
+ *aHorizontalVisible =
+ (scrollbarVisibility & nsIScrollableFrame::HORIZONTAL) != 0;
+ }
+
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell::nsITextScroll
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::ScrollByLines(int32_t aNumLines)
+{
+ nsIScrollableFrame* sf = GetRootScrollFrame();
+ NS_ENSURE_TRUE(sf, NS_ERROR_FAILURE);
+
+ sf->ScrollBy(nsIntPoint(0, aNumLines), nsIScrollableFrame::LINES,
+ nsIScrollableFrame::SMOOTH);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::ScrollByPages(int32_t aNumPages)
+{
+ nsIScrollableFrame* sf = GetRootScrollFrame();
+ NS_ENSURE_TRUE(sf, NS_ERROR_FAILURE);
+
+ sf->ScrollBy(nsIntPoint(0, aNumPages), nsIScrollableFrame::PAGES,
+ nsIScrollableFrame::SMOOTH);
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIRefreshURI
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::RefreshURI(nsIURI* aURI,
+ int32_t aDelay, bool aRepeat,
+ bool aMetaRefresh,
+ nsIPrincipal* aPrincipal)
+{
+ NS_ENSURE_ARG(aURI);
+
+ /* Check if Meta refresh/redirects are permitted. Some
+ * embedded applications may not want to do this.
+ * Must do this before sending out NOTIFY_REFRESH events
+ * because listeners may have side effects (e.g. displaying a
+ * button to manually trigger the refresh later).
+ */
+ bool allowRedirects = true;
+ GetAllowMetaRedirects(&allowRedirects);
+ if (!allowRedirects) {
+ return NS_OK;
+ }
+
+ // If any web progress listeners are listening for NOTIFY_REFRESH events,
+ // give them a chance to block this refresh.
+ bool sameURI;
+ nsresult rv = aURI->Equals(mCurrentURI, &sameURI);
+ if (NS_FAILED(rv)) {
+ sameURI = false;
+ }
+ if (!RefreshAttempted(this, aURI, aDelay, sameURI)) {
+ return NS_OK;
+ }
+
+ nsRefreshTimer* refreshTimer = new nsRefreshTimer();
+ uint32_t busyFlags = 0;
+ GetBusyFlags(&busyFlags);
+
+ nsCOMPtr<nsISupports> dataRef = refreshTimer; // Get the ref count to 1
+
+ refreshTimer->mDocShell = this;
+ refreshTimer->mPrincipal = aPrincipal;
+ refreshTimer->mURI = aURI;
+ refreshTimer->mDelay = aDelay;
+ refreshTimer->mRepeat = aRepeat;
+ refreshTimer->mMetaRefresh = aMetaRefresh;
+
+ if (!mRefreshURIList) {
+ mRefreshURIList = nsArray::Create();
+ }
+
+ if (busyFlags & BUSY_FLAGS_BUSY || (!mIsActive && mDisableMetaRefreshWhenInactive)) {
+ // We don't want to create the timer right now. Instead queue up the request
+ // and trigger the timer in EndPageLoad() or whenever we become active.
+ mRefreshURIList->AppendElement(refreshTimer, /*weak =*/ false);
+ } else {
+ // There is no page loading going on right now. Create the
+ // timer and fire it right away.
+ nsCOMPtr<nsITimer> timer = do_CreateInstance("@mozilla.org/timer;1");
+ NS_ENSURE_TRUE(timer, NS_ERROR_FAILURE);
+
+ mRefreshURIList->AppendElement(timer, /*weak =*/ false); // owning timer ref
+ timer->InitWithCallback(refreshTimer, aDelay, nsITimer::TYPE_ONE_SHOT);
+ }
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::ForceRefreshURIFromTimer(nsIURI* aURI,
+ int32_t aDelay,
+ bool aMetaRefresh,
+ nsITimer* aTimer,
+ nsIPrincipal* aPrincipal)
+{
+ NS_PRECONDITION(aTimer, "Must have a timer here");
+
+ // Remove aTimer from mRefreshURIList if needed
+ if (mRefreshURIList) {
+ uint32_t n = 0;
+ mRefreshURIList->GetLength(&n);
+
+ for (uint32_t i = 0; i < n; ++i) {
+ nsCOMPtr<nsITimer> timer = do_QueryElementAt(mRefreshURIList, i);
+ if (timer == aTimer) {
+ mRefreshURIList->RemoveElementAt(i);
+ break;
+ }
+ }
+ }
+
+ return ForceRefreshURI(aURI, aDelay, aMetaRefresh, aPrincipal);
+}
+
+NS_IMETHODIMP
+nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh, nsIPrincipal* aPrincipal)
+{
+ NS_ENSURE_ARG(aURI);
+
+ nsCOMPtr<nsIDocShellLoadInfo> loadInfo;
+ CreateLoadInfo(getter_AddRefs(loadInfo));
+ NS_ENSURE_TRUE(loadInfo, NS_ERROR_OUT_OF_MEMORY);
+
+ /* We do need to pass in a referrer, but we don't want it to
+ * be sent to the server.
+ */
+ loadInfo->SetSendReferrer(false);
+
+ /* for most refreshes the current URI is an appropriate
+ * internal referrer
+ */
+ loadInfo->SetReferrer(mCurrentURI);
+
+ /* Don't ever "guess" on which principal to use to avoid picking
+ * the current principal.
+ */
+ loadInfo->SetPrincipalIsExplicit(true);
+
+ /* Check if this META refresh causes a redirection
+ * to another site.
+ */
+ bool equalUri = false;
+ nsresult rv = aURI->Equals(mCurrentURI, &equalUri);
+ if (NS_SUCCEEDED(rv) && (!equalUri) && aMetaRefresh &&
+ aDelay <= REFRESH_REDIRECT_TIMER) {
+ /* It is a META refresh based redirection within the threshold time
+ * we have in mind (15000 ms as defined by REFRESH_REDIRECT_TIMER).
+ * Pass a REPLACE flag to LoadURI().
+ */
+ loadInfo->SetLoadType(nsIDocShellLoadInfo::loadNormalReplace);
+
+ /* for redirects we mimic HTTP, which passes the
+ * original referrer
+ */
+ nsCOMPtr<nsIURI> internalReferrer;
+ GetReferringURI(getter_AddRefs(internalReferrer));
+ if (internalReferrer) {
+ loadInfo->SetReferrer(internalReferrer);
+ }
+ } else {
+ loadInfo->SetLoadType(nsIDocShellLoadInfo::loadRefresh);
+ }
+
+ // If the principal is null, the refresh will have a triggeringPrincipal
+ // derived from the referrer URI, or will be set to the system principal
+ // if there is no refererrer. See LoadURI()
+ if (aPrincipal) {
+ loadInfo->SetTriggeringPrincipal(aPrincipal);
+ }
+
+ /*
+ * LoadURI(...) will cancel all refresh timers... This causes the
+ * Timer and its refreshData instance to be released...
+ */
+ LoadURI(aURI, loadInfo, nsIWebNavigation::LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL, true);
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::SetupRefreshURIFromHeader(nsIURI* aBaseURI,
+ nsIPrincipal* aPrincipal,
+ const nsACString& aHeader)
+{
+ // Refresh headers are parsed with the following format in mind
+ // <META HTTP-EQUIV=REFRESH CONTENT="5; URL=http://uri">
+ // By the time we are here, the following is true:
+ // header = "REFRESH"
+ // content = "5; URL=http://uri" // note the URL attribute is
+ // optional, if it is absent, the currently loaded url is used.
+ // Also note that the seconds and URL separator can be either
+ // a ';' or a ','. The ',' separator should be illegal but CNN
+ // is using it.
+ //
+ // We need to handle the following strings, where
+ // - X is a set of digits
+ // - URI is either a relative or absolute URI
+ //
+ // Note that URI should start with "url=" but we allow omission
+ //
+ // "" || ";" || ","
+ // empty string. use the currently loaded URI
+ // and refresh immediately.
+ // "X" || "X;" || "X,"
+ // Refresh the currently loaded URI in X seconds.
+ // "X; URI" || "X, URI"
+ // Refresh using URI as the destination in X seconds.
+ // "URI" || "; URI" || ", URI"
+ // Refresh immediately using URI as the destination.
+ //
+ // Currently, anything immediately following the URI, if
+ // separated by any char in the set "'\"\t\r\n " will be
+ // ignored. So "10; url=go.html ; foo=bar" will work,
+ // and so will "10; url='go.html'; foo=bar". However,
+ // "10; url=go.html; foo=bar" will result in the uri
+ // "go.html;" since ';' and ',' are valid uri characters.
+ //
+ // Note that we need to remove any tokens wrapping the URI.
+ // These tokens currently include spaces, double and single
+ // quotes.
+
+ // when done, seconds is 0 or the given number of seconds
+ // uriAttrib is empty or the URI specified
+ MOZ_ASSERT(aPrincipal);
+
+ nsAutoCString uriAttrib;
+ int32_t seconds = 0;
+ bool specifiesSeconds = false;
+
+ nsACString::const_iterator iter, tokenStart, doneIterating;
+
+ aHeader.BeginReading(iter);
+ aHeader.EndReading(doneIterating);
+
+ // skip leading whitespace
+ while (iter != doneIterating && nsCRT::IsAsciiSpace(*iter)) {
+ ++iter;
+ }
+
+ tokenStart = iter;
+
+ // skip leading + and -
+ if (iter != doneIterating && (*iter == '-' || *iter == '+')) {
+ ++iter;
+ }
+
+ // parse number
+ while (iter != doneIterating && (*iter >= '0' && *iter <= '9')) {
+ seconds = seconds * 10 + (*iter - '0');
+ specifiesSeconds = true;
+ ++iter;
+ }
+
+ if (iter != doneIterating) {
+ // if we started with a '-', number is negative
+ if (*tokenStart == '-') {
+ seconds = -seconds;
+ }
+
+ // skip to next ';' or ','
+ nsACString::const_iterator iterAfterDigit = iter;
+ while (iter != doneIterating && !(*iter == ';' || *iter == ',')) {
+ if (specifiesSeconds) {
+ // Non-whitespace characters here mean that the string is
+ // malformed but tolerate sites that specify a decimal point,
+ // even though meta refresh only works on whole seconds.
+ if (iter == iterAfterDigit &&
+ !nsCRT::IsAsciiSpace(*iter) && *iter != '.') {
+ // The characters between the seconds and the next
+ // section are just garbage!
+ // e.g. content="2a0z+,URL=http://www.mozilla.org/"
+ // Just ignore this redirect.
+ return NS_ERROR_FAILURE;
+ } else if (nsCRT::IsAsciiSpace(*iter)) {
+ // We've had at least one whitespace so tolerate the mistake
+ // and drop through.
+ // e.g. content="10 foo"
+ ++iter;
+ break;
+ }
+ }
+ ++iter;
+ }
+
+ // skip any remaining whitespace
+ while (iter != doneIterating && nsCRT::IsAsciiSpace(*iter)) {
+ ++iter;
+ }
+
+ // skip ';' or ','
+ if (iter != doneIterating && (*iter == ';' || *iter == ',')) {
+ ++iter;
+ }
+
+ // skip whitespace
+ while (iter != doneIterating && nsCRT::IsAsciiSpace(*iter)) {
+ ++iter;
+ }
+ }
+
+ // possible start of URI
+ tokenStart = iter;
+
+ // skip "url = " to real start of URI
+ if (iter != doneIterating && (*iter == 'u' || *iter == 'U')) {
+ ++iter;
+ if (iter != doneIterating && (*iter == 'r' || *iter == 'R')) {
+ ++iter;
+ if (iter != doneIterating && (*iter == 'l' || *iter == 'L')) {
+ ++iter;
+
+ // skip whitespace
+ while (iter != doneIterating && nsCRT::IsAsciiSpace(*iter)) {
+ ++iter;
+ }
+
+ if (iter != doneIterating && *iter == '=') {
+ ++iter;
+
+ // skip whitespace
+ while (iter != doneIterating && nsCRT::IsAsciiSpace(*iter)) {
+ ++iter;
+ }
+
+ // found real start of URI
+ tokenStart = iter;
+ }
+ }
+ }
+ }
+
+ // skip a leading '"' or '\''.
+
+ bool isQuotedURI = false;
+ if (tokenStart != doneIterating &&
+ (*tokenStart == '"' || *tokenStart == '\'')) {
+ isQuotedURI = true;
+ ++tokenStart;
+ }
+
+ // set iter to start of URI
+ iter = tokenStart;
+
+ // tokenStart here points to the beginning of URI
+
+ // grab the rest of the URI
+ while (iter != doneIterating) {
+ if (isQuotedURI && (*iter == '"' || *iter == '\'')) {
+ break;
+ }
+ ++iter;
+ }
+
+ // move iter one back if the last character is a '"' or '\''
+ if (iter != tokenStart && isQuotedURI) {
+ --iter;
+ if (!(*iter == '"' || *iter == '\'')) {
+ ++iter;
+ }
+ }
+
+ // URI is whatever's contained from tokenStart to iter.
+ // note: if tokenStart == doneIterating, so is iter.
+
+ nsresult rv = NS_OK;
+
+ nsCOMPtr<nsIURI> uri;
+ bool specifiesURI = false;
+ if (tokenStart == iter) {
+ uri = aBaseURI;
+ } else {
+ uriAttrib = Substring(tokenStart, iter);
+ // NS_NewURI takes care of any whitespace surrounding the URL
+ rv = NS_NewURI(getter_AddRefs(uri), uriAttrib, nullptr, aBaseURI);
+ specifiesURI = true;
+ }
+
+ // No URI or seconds were specified
+ if (!specifiesSeconds && !specifiesURI) {
+ // Do nothing because the alternative is to spin around in a refresh
+ // loop forever!
+ return NS_ERROR_FAILURE;
+ }
+
+ if (NS_SUCCEEDED(rv)) {
+ nsCOMPtr<nsIScriptSecurityManager> securityManager(
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
+ if (NS_SUCCEEDED(rv)) {
+ rv = securityManager->CheckLoadURIWithPrincipal(
+ aPrincipal, uri,
+ nsIScriptSecurityManager::LOAD_IS_AUTOMATIC_DOCUMENT_REPLACEMENT);
+
+ if (NS_SUCCEEDED(rv)) {
+ bool isjs = true;
+ rv = NS_URIChainHasFlags(
+ uri, nsIProtocolHandler::URI_OPENING_EXECUTES_SCRIPT, &isjs);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ if (isjs) {
+ return NS_ERROR_FAILURE;
+ }
+ }
+
+ if (NS_SUCCEEDED(rv)) {
+ // Since we can't travel back in time yet, just pretend
+ // negative numbers do nothing at all.
+ if (seconds < 0) {
+ return NS_ERROR_FAILURE;
+ }
+
+ rv = RefreshURI(uri, seconds * 1000, false, true, aPrincipal);
+ }
+ }
+ }
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetupRefreshURI(nsIChannel* aChannel)
+{
+ nsresult rv;
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel, &rv));
+ if (NS_SUCCEEDED(rv)) {
+ nsAutoCString refreshHeader;
+ rv = httpChannel->GetResponseHeader(NS_LITERAL_CSTRING("refresh"),
+ refreshHeader);
+
+ if (!refreshHeader.IsEmpty()) {
+ nsCOMPtr<nsIScriptSecurityManager> secMan =
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsIPrincipal> principal;
+ rv = secMan->GetChannelResultPrincipal(aChannel,
+ getter_AddRefs(principal));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ SetupReferrerFromChannel(aChannel);
+ rv = SetupRefreshURIFromHeader(mCurrentURI, principal, refreshHeader);
+ if (NS_SUCCEEDED(rv)) {
+ return NS_REFRESHURI_HEADER_FOUND;
+ }
+ }
+ }
+ return rv;
+}
+
+static void
+DoCancelRefreshURITimers(nsIMutableArray* aTimerList)
+{
+ if (!aTimerList) {
+ return;
+ }
+
+ uint32_t n = 0;
+ aTimerList->GetLength(&n);
+
+ while (n) {
+ nsCOMPtr<nsITimer> timer(do_QueryElementAt(aTimerList, --n));
+
+ aTimerList->RemoveElementAt(n); // bye bye owning timer ref
+
+ if (timer) {
+ timer->Cancel();
+ }
+ }
+}
+
+NS_IMETHODIMP
+nsDocShell::CancelRefreshURITimers()
+{
+ DoCancelRefreshURITimers(mRefreshURIList);
+ DoCancelRefreshURITimers(mSavedRefreshURIList);
+ mRefreshURIList = nullptr;
+ mSavedRefreshURIList = nullptr;
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetRefreshPending(bool* aResult)
+{
+ if (!mRefreshURIList) {
+ *aResult = false;
+ return NS_OK;
+ }
+
+ uint32_t count;
+ nsresult rv = mRefreshURIList->GetLength(&count);
+ if (NS_SUCCEEDED(rv)) {
+ *aResult = (count != 0);
+ }
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::SuspendRefreshURIs()
+{
+ if (mRefreshURIList) {
+ uint32_t n = 0;
+ mRefreshURIList->GetLength(&n);
+
+ for (uint32_t i = 0; i < n; ++i) {
+ nsCOMPtr<nsITimer> timer = do_QueryElementAt(mRefreshURIList, i);
+ if (!timer) {
+ continue; // this must be a nsRefreshURI already
+ }
+
+ // Replace this timer object with a nsRefreshTimer object.
+ nsCOMPtr<nsITimerCallback> callback;
+ timer->GetCallback(getter_AddRefs(callback));
+
+ timer->Cancel();
+
+ nsCOMPtr<nsITimerCallback> rt = do_QueryInterface(callback);
+ NS_ASSERTION(rt,
+ "RefreshURIList timer callbacks should only be RefreshTimer objects");
+
+ mRefreshURIList->ReplaceElementAt(rt, i, /*weak =*/ false);
+ }
+ }
+
+ // Suspend refresh URIs for our child shells as well.
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> shell = do_QueryObject(iter.GetNext());
+ if (shell) {
+ shell->SuspendRefreshURIs();
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::ResumeRefreshURIs()
+{
+ RefreshURIFromQueue();
+
+ // Resume refresh URIs for our child shells as well.
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> shell = do_QueryObject(iter.GetNext());
+ if (shell) {
+ shell->ResumeRefreshURIs();
+ }
+ }
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::RefreshURIFromQueue()
+{
+ if (!mRefreshURIList) {
+ return NS_OK;
+ }
+ uint32_t n = 0;
+ mRefreshURIList->GetLength(&n);
+
+ while (n) {
+ nsCOMPtr<nsITimerCallback> refreshInfo =
+ do_QueryElementAt(mRefreshURIList, --n);
+
+ if (refreshInfo) {
+ // This is the nsRefreshTimer object, waiting to be
+ // setup in a timer object and fired.
+ // Create the timer and trigger it.
+ uint32_t delay =
+ static_cast<nsRefreshTimer*>(
+ static_cast<nsITimerCallback*>(refreshInfo))->GetDelay();
+ nsCOMPtr<nsITimer> timer = do_CreateInstance("@mozilla.org/timer;1");
+ if (timer) {
+ // Replace the nsRefreshTimer element in the queue with
+ // its corresponding timer object, so that in case another
+ // load comes through before the timer can go off, the timer will
+ // get cancelled in CancelRefreshURITimer()
+ mRefreshURIList->ReplaceElementAt(timer, n, /*weak =*/ false);
+ timer->InitWithCallback(refreshInfo, delay, nsITimer::TYPE_ONE_SHOT);
+ }
+ }
+ }
+
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIContentViewerContainer
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::Embed(nsIContentViewer* aContentViewer,
+ const char* aCommand, nsISupports* aExtraInfo)
+{
+ // Save the LayoutHistoryState of the previous document, before
+ // setting up new document
+ PersistLayoutHistoryState();
+
+ nsresult rv = SetupNewViewer(aContentViewer);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // If we are loading a wyciwyg url from history, change the base URI for
+ // the document to the original http url that created the document.write().
+ // This makes sure that all relative urls in a document.written page loaded
+ // via history work properly.
+ if (mCurrentURI &&
+ (mLoadType & LOAD_CMD_HISTORY ||
+ mLoadType == LOAD_RELOAD_NORMAL ||
+ mLoadType == LOAD_RELOAD_CHARSET_CHANGE)) {
+ bool isWyciwyg = false;
+ // Check if the url is wyciwyg
+ rv = mCurrentURI->SchemeIs("wyciwyg", &isWyciwyg);
+ if (isWyciwyg && NS_SUCCEEDED(rv)) {
+ SetBaseUrlForWyciwyg(aContentViewer);
+ }
+ }
+ // XXX What if SetupNewViewer fails?
+ if (mLSHE) {
+ // Restore the editing state, if it's stored in session history.
+ if (mLSHE->HasDetachedEditor()) {
+ ReattachEditorToWindow(mLSHE);
+ }
+ // Set history.state
+ SetDocCurrentStateObj(mLSHE);
+
+ SetHistoryEntry(&mOSHE, mLSHE);
+ }
+
+ bool updateHistory = true;
+
+ // Determine if this type of load should update history
+ switch (mLoadType) {
+ case LOAD_NORMAL_REPLACE:
+ case LOAD_STOP_CONTENT_AND_REPLACE:
+ case LOAD_RELOAD_BYPASS_CACHE:
+ case LOAD_RELOAD_BYPASS_PROXY:
+ case LOAD_RELOAD_BYPASS_PROXY_AND_CACHE:
+ case LOAD_REPLACE_BYPASS_CACHE:
+ updateHistory = false;
+ break;
+ default:
+ break;
+ }
+
+ if (!updateHistory) {
+ SetLayoutHistoryState(nullptr);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetIsPrinting(bool aIsPrinting)
+{
+ mIsPrintingOrPP = aIsPrinting;
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIWebProgressListener
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::OnProgressChange(nsIWebProgress* aProgress,
+ nsIRequest* aRequest,
+ int32_t aCurSelfProgress,
+ int32_t aMaxSelfProgress,
+ int32_t aCurTotalProgress,
+ int32_t aMaxTotalProgress)
+{
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::OnStateChange(nsIWebProgress* aProgress, nsIRequest* aRequest,
+ uint32_t aStateFlags, nsresult aStatus)
+{
+ if ((~aStateFlags & (STATE_START | STATE_IS_NETWORK)) == 0) {
+ // Save timing statistics.
+ nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+ nsCOMPtr<nsIURI> uri;
+ channel->GetURI(getter_AddRefs(uri));
+ nsAutoCString aURI;
+ uri->GetAsciiSpec(aURI);
+
+ nsCOMPtr<nsIWyciwygChannel> wcwgChannel(do_QueryInterface(aRequest));
+ nsCOMPtr<nsIWebProgress> webProgress =
+ do_QueryInterface(GetAsSupports(this));
+
+ // We don't update navigation timing for wyciwyg channels
+ if (this == aProgress && !wcwgChannel) {
+ MaybeInitTiming();
+ mTiming->NotifyFetchStart(uri,
+ ConvertLoadTypeToNavigationType(mLoadType));
+ }
+
+ // Was the wyciwyg document loaded on this docshell?
+ if (wcwgChannel && !mLSHE && (mItemType == typeContent) &&
+ aProgress == webProgress.get()) {
+ bool equalUri = true;
+ // Store the wyciwyg url in session history, only if it is
+ // being loaded fresh for the first time. We don't want
+ // multiple entries for successive loads
+ if (mCurrentURI &&
+ NS_SUCCEEDED(uri->Equals(mCurrentURI, &equalUri)) &&
+ !equalUri) {
+ nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
+ GetSameTypeParent(getter_AddRefs(parentAsItem));
+ nsCOMPtr<nsIDocShell> parentDS(do_QueryInterface(parentAsItem));
+ bool inOnLoadHandler = false;
+ if (parentDS) {
+ parentDS->GetIsExecutingOnLoadHandler(&inOnLoadHandler);
+ }
+ if (inOnLoadHandler) {
+ // We're handling parent's load event listener, which causes
+ // document.write in a subdocument.
+ // Need to clear the session history for all child
+ // docshells so that we can handle them like they would
+ // all be added dynamically.
+ nsCOMPtr<nsIDocShell> parent = do_QueryInterface(parentAsItem);
+ if (parent) {
+ bool oshe = false;
+ nsCOMPtr<nsISHEntry> entry;
+ parent->GetCurrentSHEntry(getter_AddRefs(entry), &oshe);
+ static_cast<nsDocShell*>(parent.get())->ClearFrameHistory(entry);
+ }
+ }
+
+ // This is a document.write(). Get the made-up url
+ // from the channel and store it in session history.
+ // Pass false for aCloneChildren, since we're creating
+ // a new DOM here.
+ AddToSessionHistory(uri, wcwgChannel, nullptr, nullptr, false,
+ getter_AddRefs(mLSHE));
+ SetCurrentURI(uri, aRequest, true, 0);
+ // Save history state of the previous page
+ PersistLayoutHistoryState();
+ // We'll never get an Embed() for this load, so just go ahead
+ // and SetHistoryEntry now.
+ SetHistoryEntry(&mOSHE, mLSHE);
+ }
+ }
+ // Page has begun to load
+ mBusyFlags = BUSY_FLAGS_BUSY | BUSY_FLAGS_BEFORE_PAGE_LOAD;
+
+ if ((aStateFlags & STATE_RESTORING) == 0) {
+ // Show the progress cursor if the pref is set
+ if (nsContentUtils::UseActivityCursor()) {
+ nsCOMPtr<nsIWidget> mainWidget;
+ GetMainWidget(getter_AddRefs(mainWidget));
+ if (mainWidget) {
+ mainWidget->SetCursor(eCursor_spinning);
+ }
+ }
+ }
+ } else if ((~aStateFlags & (STATE_TRANSFERRING | STATE_IS_DOCUMENT)) == 0) {
+ // Page is loading
+ mBusyFlags = BUSY_FLAGS_BUSY | BUSY_FLAGS_PAGE_LOADING;
+ } else if ((aStateFlags & STATE_STOP) && (aStateFlags & STATE_IS_NETWORK)) {
+ // Page has finished loading
+ mBusyFlags = BUSY_FLAGS_NONE;
+
+ // Hide the progress cursor if the pref is set
+ if (nsContentUtils::UseActivityCursor()) {
+ nsCOMPtr<nsIWidget> mainWidget;
+ GetMainWidget(getter_AddRefs(mainWidget));
+ if (mainWidget) {
+ mainWidget->SetCursor(eCursor_standard);
+ }
+ }
+ }
+ if ((~aStateFlags & (STATE_IS_DOCUMENT | STATE_STOP)) == 0) {
+ nsCOMPtr<nsIWebProgress> webProgress =
+ do_QueryInterface(GetAsSupports(this));
+ // Is the document stop notification for this document?
+ if (aProgress == webProgress.get()) {
+ nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+ EndPageLoad(aProgress, channel, aStatus);
+ }
+ }
+ // note that redirect state changes will go through here as well, but it
+ // is better to handle those in OnRedirectStateChange where more
+ // information is available.
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::OnLocationChange(nsIWebProgress* aProgress, nsIRequest* aRequest,
+ nsIURI* aURI, uint32_t aFlags)
+{
+ NS_NOTREACHED("notification excluded in AddProgressListener(...)");
+ return NS_OK;
+}
+
+void
+nsDocShell::OnRedirectStateChange(nsIChannel* aOldChannel,
+ nsIChannel* aNewChannel,
+ uint32_t aRedirectFlags,
+ uint32_t aStateFlags)
+{
+ NS_ASSERTION(aStateFlags & STATE_REDIRECTING,
+ "Calling OnRedirectStateChange when there is no redirect");
+
+ // If mixed content is allowed for the old channel, we forward
+ // the permission to the new channel if it has the same origin
+ // as the old one.
+ if (mMixedContentChannel && mMixedContentChannel == aOldChannel) {
+ nsresult rv = nsContentUtils::CheckSameOrigin(mMixedContentChannel, aNewChannel);
+ if (NS_SUCCEEDED(rv)) {
+ SetMixedContentChannel(aNewChannel); // Same origin: forward permission.
+ } else {
+ SetMixedContentChannel(nullptr); // Different origin: clear mMixedContentChannel.
+ }
+ }
+
+ if (!(aStateFlags & STATE_IS_DOCUMENT)) {
+ return; // not a toplevel document
+ }
+
+ nsCOMPtr<nsIURI> oldURI, newURI;
+ aOldChannel->GetURI(getter_AddRefs(oldURI));
+ aNewChannel->GetURI(getter_AddRefs(newURI));
+ if (!oldURI || !newURI) {
+ return;
+ }
+
+ // Below a URI visit is saved (see AddURIVisit method doc).
+ // The visit chain looks something like:
+ // ...
+ // Site N - 1
+ // => Site N
+ // (redirect to =>) Site N + 1 (we are here!)
+
+ // Get N - 1 and transition type
+ nsCOMPtr<nsIURI> previousURI;
+ uint32_t previousFlags = 0;
+ ExtractLastVisit(aOldChannel, getter_AddRefs(previousURI), &previousFlags);
+
+ if (aRedirectFlags & nsIChannelEventSink::REDIRECT_INTERNAL ||
+ ChannelIsPost(aOldChannel)) {
+ // 1. Internal redirects are ignored because they are specific to the
+ // channel implementation.
+ // 2. POSTs are not saved by global history.
+ //
+ // Regardless, we need to propagate the previous visit to the new
+ // channel.
+ SaveLastVisit(aNewChannel, previousURI, previousFlags);
+ } else {
+ nsCOMPtr<nsIURI> referrer;
+ // Treat referrer as null if there is an error getting it.
+ (void)NS_GetReferrerFromChannel(aOldChannel, getter_AddRefs(referrer));
+
+ // Get the HTTP response code, if available.
+ uint32_t responseStatus = 0;
+ nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aOldChannel);
+ if (httpChannel) {
+ (void)httpChannel->GetResponseStatus(&responseStatus);
+ }
+
+ // Add visit N -1 => N
+ AddURIVisit(oldURI, referrer, previousURI, previousFlags, responseStatus);
+
+ // Since N + 1 could be the final destination, we will not save N => N + 1
+ // here. OnNewURI will do that, so we will cache it.
+ SaveLastVisit(aNewChannel, oldURI, aRedirectFlags);
+ }
+
+ // check if the new load should go through the application cache.
+ nsCOMPtr<nsIApplicationCacheChannel> appCacheChannel =
+ do_QueryInterface(aNewChannel);
+ if (appCacheChannel) {
+ if (GeckoProcessType_Default != XRE_GetProcessType()) {
+ // Permission will be checked in the parent process.
+ appCacheChannel->SetChooseApplicationCache(true);
+ } else {
+ nsCOMPtr<nsIScriptSecurityManager> secMan =
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+
+ if (secMan) {
+ nsCOMPtr<nsIPrincipal> principal;
+ secMan->GetDocShellCodebasePrincipal(newURI, this,
+ getter_AddRefs(principal));
+ appCacheChannel->SetChooseApplicationCache(
+ NS_ShouldCheckAppCache(principal, UsePrivateBrowsing()));
+ }
+ }
+ }
+
+ if (!(aRedirectFlags & nsIChannelEventSink::REDIRECT_INTERNAL) &&
+ mLoadType & (LOAD_CMD_RELOAD | LOAD_CMD_HISTORY)) {
+ mLoadType = LOAD_NORMAL_REPLACE;
+ SetHistoryEntry(&mLSHE, nullptr);
+ }
+}
+
+NS_IMETHODIMP
+nsDocShell::OnStatusChange(nsIWebProgress* aWebProgress,
+ nsIRequest* aRequest,
+ nsresult aStatus, const char16_t* aMessage)
+{
+ NS_NOTREACHED("notification excluded in AddProgressListener(...)");
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::OnSecurityChange(nsIWebProgress* aWebProgress,
+ nsIRequest* aRequest, uint32_t aState)
+{
+ NS_NOTREACHED("notification excluded in AddProgressListener(...)");
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
+ nsIChannel* aChannel, nsresult aStatus)
+{
+ if (!aChannel) {
+ return NS_ERROR_NULL_POINTER;
+ }
+
+ nsCOMPtr<nsIConsoleReportCollector> reporter = do_QueryInterface(aChannel);
+ if (reporter) {
+ reporter->FlushConsoleReports(GetDocument());
+ }
+
+ nsCOMPtr<nsIURI> url;
+ nsresult rv = aChannel->GetURI(getter_AddRefs(url));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ nsCOMPtr<nsITimedChannel> timingChannel = do_QueryInterface(aChannel);
+ if (timingChannel) {
+ TimeStamp channelCreationTime;
+ rv = timingChannel->GetChannelCreation(&channelCreationTime);
+ if (NS_SUCCEEDED(rv) && !channelCreationTime.IsNull()) {
+ Telemetry::AccumulateTimeDelta(Telemetry::TOTAL_CONTENT_PAGE_LOAD_TIME,
+ channelCreationTime);
+ nsCOMPtr<nsPILoadGroupInternal> internalLoadGroup =
+ do_QueryInterface(mLoadGroup);
+ if (internalLoadGroup) {
+ internalLoadGroup->OnEndPageLoad(aChannel);
+ }
+ }
+ }
+
+ // Timing is picked up by the window, we don't need it anymore
+ mTiming = nullptr;
+
+ // clean up reload state for meta charset
+ if (eCharsetReloadRequested == mCharsetReloadState) {
+ mCharsetReloadState = eCharsetReloadStopOrigional;
+ } else {
+ mCharsetReloadState = eCharsetReloadInit;
+ }
+
+ // Save a pointer to the currently-loading history entry.
+ // nsDocShell::EndPageLoad will clear mLSHE, but we may need this history
+ // entry further down in this method.
+ nsCOMPtr<nsISHEntry> loadingSHE = mLSHE;
+ mozilla::Unused << loadingSHE; // XXX: Not sure if we need this anymore
+
+ //
+ // one of many safeguards that prevent death and destruction if
+ // someone is so very very rude as to bring this window down
+ // during this load handler.
+ //
+ nsCOMPtr<nsIDocShell> kungFuDeathGrip(this);
+
+ // Notify the ContentViewer that the Document has finished loading. This
+ // will cause any OnLoad(...) and PopState(...) handlers to fire.
+ if (!mEODForCurrentDocument && mContentViewer) {
+ mIsExecutingOnLoadHandler = true;
+ mContentViewer->LoadComplete(aStatus);
+ mIsExecutingOnLoadHandler = false;
+
+ mEODForCurrentDocument = true;
+
+ // If all documents have completed their loading
+ // favor native event dispatch priorities
+ // over performance
+ if (--gNumberOfDocumentsLoading == 0) {
+ // Hint to use normal native event dispatch priorities
+ FavorPerformanceHint(false);
+ }
+ }
+ /* Check if the httpChannel has any cache-control related response headers,
+ * like no-store, no-cache. If so, update SHEntry so that
+ * when a user goes back/forward to this page, we appropriately do
+ * form value restoration or load from server.
+ */
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
+ if (!httpChannel) {
+ // HttpChannel could be hiding underneath a Multipart channel.
+ GetHttpChannel(aChannel, getter_AddRefs(httpChannel));
+ }
+
+ if (httpChannel) {
+ // figure out if SH should be saving layout state.
+ bool discardLayoutState = ShouldDiscardLayoutState(httpChannel);
+ if (mLSHE && discardLayoutState && (mLoadType & LOAD_CMD_NORMAL) &&
+ (mLoadType != LOAD_BYPASS_HISTORY) && (mLoadType != LOAD_ERROR_PAGE)) {
+ mLSHE->SetSaveLayoutStateFlag(false);
+ }
+ }
+
+ // Clear mLSHE after calling the onLoadHandlers. This way, if the
+ // onLoadHandler tries to load something different in
+ // itself or one of its children, we can deal with it appropriately.
+ if (mLSHE) {
+ mLSHE->SetLoadType(nsIDocShellLoadInfo::loadHistory);
+
+ // Clear the mLSHE reference to indicate document loading is done one
+ // way or another.
+ SetHistoryEntry(&mLSHE, nullptr);
+ }
+ // if there's a refresh header in the channel, this method
+ // will set it up for us.
+ if (mIsActive || !mDisableMetaRefreshWhenInactive)
+ RefreshURIFromQueue();
+
+ // Test whether this is the top frame or a subframe
+ bool isTopFrame = true;
+ nsCOMPtr<nsIDocShellTreeItem> targetParentTreeItem;
+ rv = GetSameTypeParent(getter_AddRefs(targetParentTreeItem));
+ if (NS_SUCCEEDED(rv) && targetParentTreeItem) {
+ isTopFrame = false;
+ }
+
+ //
+ // If the page load failed, then deal with the error condition...
+ // Errors are handled as follows:
+ // 1. Check to see if it's a file not found error or bad content
+ // encoding error.
+ // 2. Send the URI to a keyword server (if enabled)
+ // 3. If the error was DNS failure, then add www and .com to the URI
+ // (if appropriate).
+ // 4. Throw an error dialog box...
+ //
+ if (url && NS_FAILED(aStatus)) {
+ if (aStatus == NS_ERROR_FILE_NOT_FOUND ||
+ aStatus == NS_ERROR_FILE_ACCESS_DENIED ||
+ aStatus == NS_ERROR_CORRUPTED_CONTENT ||
+ aStatus == NS_ERROR_INVALID_CONTENT_ENCODING) {
+ DisplayLoadError(aStatus, url, nullptr, aChannel);
+ return NS_OK;
+ } else if (aStatus == NS_ERROR_INVALID_SIGNATURE) {
+ // NS_ERROR_INVALID_SIGNATURE indicates a content-signature error.
+ // This currently only happens in case a remote about page fails.
+ // We have to load a fallback in this case.
+ // XXX: We always load about blank here, firefox has to overwrite this if
+ // it wants to display something else.
+ return LoadURI(u"about:blank", // URI string
+ nsIChannel::LOAD_NORMAL, // Load flags
+ nullptr, // Referring URI
+ nullptr, // Post data stream
+ nullptr); // Headers stream
+ }
+
+ // Handle iframe document not loading error because source was
+ // a tracking URL. We make a note of this iframe node by including
+ // it in a dedicated array of blocked tracking nodes under its parent
+ // document. (document of parent window of blocked document)
+ if (isTopFrame == false && aStatus == NS_ERROR_TRACKING_URI) {
+ // frameElement is our nsIContent to be annotated
+ nsCOMPtr<nsIDOMElement> frameElement;
+ nsPIDOMWindowOuter* thisWindow = GetWindow();
+ if (!thisWindow) {
+ return NS_OK;
+ }
+
+ frameElement = thisWindow->GetFrameElement();
+ if (!frameElement) {
+ return NS_OK;
+ }
+
+ // Parent window
+ nsCOMPtr<nsIDocShellTreeItem> parentItem;
+ GetSameTypeParent(getter_AddRefs(parentItem));
+ if (!parentItem) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIDocument> parentDoc;
+ parentDoc = parentItem->GetDocument();
+ if (!parentDoc) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIContent> cont = do_QueryInterface(frameElement);
+ parentDoc->AddBlockedTrackingNode(cont);
+
+ return NS_OK;
+ }
+
+ if (sURIFixup) {
+ //
+ // Try and make an alternative URI from the old one
+ //
+ nsCOMPtr<nsIURI> newURI;
+ nsCOMPtr<nsIInputStream> newPostData;
+
+ nsAutoCString oldSpec;
+ url->GetSpec(oldSpec);
+
+ //
+ // First try keyword fixup
+ //
+ nsAutoString keywordProviderName, keywordAsSent;
+ if (aStatus == NS_ERROR_UNKNOWN_HOST && mAllowKeywordFixup) {
+ bool keywordsEnabled = Preferences::GetBool("keyword.enabled", false);
+
+ nsAutoCString host;
+ url->GetHost(host);
+
+ nsAutoCString scheme;
+ url->GetScheme(scheme);
+
+ int32_t dotLoc = host.FindChar('.');
+
+ // we should only perform a keyword search under the following
+ // conditions:
+ // (0) Pref keyword.enabled is true
+ // (1) the url scheme is http (or https)
+ // (2) the url does not have a protocol scheme
+ // If we don't enforce such a policy, then we end up doing
+ // keyword searchs on urls we don't intend like imap, file,
+ // mailbox, etc. This could lead to a security problem where we
+ // send data to the keyword server that we shouldn't be.
+ // Someone needs to clean up keywords in general so we can
+ // determine on a per url basis if we want keywords
+ // enabled...this is just a bandaid...
+ if (keywordsEnabled && !scheme.IsEmpty() &&
+ (scheme.Find("http") != 0)) {
+ keywordsEnabled = false;
+ }
+
+ if (keywordsEnabled && (kNotFound == dotLoc)) {
+ nsCOMPtr<nsIURIFixupInfo> info;
+ // only send non-qualified hosts to the keyword server
+ if (!mOriginalUriString.IsEmpty()) {
+ sURIFixup->KeywordToURI(mOriginalUriString,
+ getter_AddRefs(newPostData),
+ getter_AddRefs(info));
+ } else {
+ //
+ // If this string was passed through nsStandardURL by
+ // chance, then it may have been converted from UTF-8 to
+ // ACE, which would result in a completely bogus keyword
+ // query. Here we try to recover the original Unicode
+ // value, but this is not 100% correct since the value may
+ // have been normalized per the IDN normalization rules.
+ //
+ // Since we don't have access to the exact original string
+ // that was entered by the user, this will just have to do.
+ bool isACE;
+ nsAutoCString utf8Host;
+ nsCOMPtr<nsIIDNService> idnSrv =
+ do_GetService(NS_IDNSERVICE_CONTRACTID);
+ if (idnSrv &&
+ NS_SUCCEEDED(idnSrv->IsACE(host, &isACE)) && isACE &&
+ NS_SUCCEEDED(idnSrv->ConvertACEtoUTF8(host, utf8Host))) {
+ sURIFixup->KeywordToURI(utf8Host,
+ getter_AddRefs(newPostData),
+ getter_AddRefs(info));
+ } else {
+ sURIFixup->KeywordToURI(host,
+ getter_AddRefs(newPostData),
+ getter_AddRefs(info));
+ }
+ }
+
+ info->GetPreferredURI(getter_AddRefs(newURI));
+ if (newURI) {
+ info->GetKeywordAsSent(keywordAsSent);
+ info->GetKeywordProviderName(keywordProviderName);
+ }
+ } // end keywordsEnabled
+ }
+
+ //
+ // Now try change the address, e.g. turn http://foo into
+ // http://www.foo.com
+ //
+ if (aStatus == NS_ERROR_UNKNOWN_HOST ||
+ aStatus == NS_ERROR_NET_RESET) {
+ bool doCreateAlternate = true;
+
+ // Skip fixup for anything except a normal document load
+ // operation on the topframe.
+
+ if (mLoadType != LOAD_NORMAL || !isTopFrame) {
+ doCreateAlternate = false;
+ } else {
+ // Test if keyword lookup produced a new URI or not
+ if (newURI) {
+ bool sameURI = false;
+ url->Equals(newURI, &sameURI);
+ if (!sameURI) {
+ // Keyword lookup made a new URI so no need to try
+ // an alternate one.
+ doCreateAlternate = false;
+ }
+ }
+
+ if (doCreateAlternate) {
+ // Skip doing this if our channel was redirected, because we
+ // shouldn't be guessing things about the post-redirect URI.
+ nsLoadFlags loadFlags = 0;
+ if (NS_FAILED(aChannel->GetLoadFlags(&loadFlags)) ||
+ (loadFlags & nsIChannel::LOAD_REPLACE)) {
+ doCreateAlternate = false;
+ }
+ }
+ }
+ if (doCreateAlternate) {
+ newURI = nullptr;
+ newPostData = nullptr;
+ keywordProviderName.Truncate();
+ keywordAsSent.Truncate();
+ sURIFixup->CreateFixupURI(oldSpec,
+ nsIURIFixup::FIXUP_FLAGS_MAKE_ALTERNATE_URI,
+ getter_AddRefs(newPostData),
+ getter_AddRefs(newURI));
+ }
+ }
+
+ // Did we make a new URI that is different to the old one? If so
+ // load it.
+ //
+ if (newURI) {
+ // Make sure the new URI is different from the old one,
+ // otherwise there's little point trying to load it again.
+ bool sameURI = false;
+ url->Equals(newURI, &sameURI);
+ if (!sameURI) {
+ nsAutoCString newSpec;
+ newURI->GetSpec(newSpec);
+ NS_ConvertUTF8toUTF16 newSpecW(newSpec);
+
+ // This notification is meant for Firefox Health Report so it
+ // can increment counts from the search engine
+ MaybeNotifyKeywordSearchLoading(keywordProviderName, keywordAsSent);
+
+ return LoadURI(newSpecW.get(), // URI string
+ LOAD_FLAGS_NONE, // Load flags
+ nullptr, // Referring URI
+ newPostData, // Post data stream
+ nullptr); // Headers stream
+ }
+ }
+ }
+
+ // Well, fixup didn't work :-(
+ // It is time to throw an error dialog box, and be done with it...
+
+ // Errors to be shown only on top-level frames
+ if ((aStatus == NS_ERROR_UNKNOWN_HOST ||
+ aStatus == NS_ERROR_CONNECTION_REFUSED ||
+ aStatus == NS_ERROR_UNKNOWN_PROXY_HOST ||
+ aStatus == NS_ERROR_PROXY_CONNECTION_REFUSED) &&
+ (isTopFrame || UseErrorPages())) {
+ DisplayLoadError(aStatus, url, nullptr, aChannel);
+ } else if (aStatus == NS_ERROR_NET_TIMEOUT ||
+ aStatus == NS_ERROR_REDIRECT_LOOP ||
+ aStatus == NS_ERROR_UNKNOWN_SOCKET_TYPE ||
+ aStatus == NS_ERROR_NET_INTERRUPT ||
+ aStatus == NS_ERROR_NET_RESET ||
+ aStatus == NS_ERROR_OFFLINE ||
+ aStatus == NS_ERROR_MALWARE_URI ||
+ aStatus == NS_ERROR_PHISHING_URI ||
+ aStatus == NS_ERROR_UNWANTED_URI ||
+ aStatus == NS_ERROR_UNSAFE_CONTENT_TYPE ||
+ aStatus == NS_ERROR_REMOTE_XUL ||
+ aStatus == NS_ERROR_INTERCEPTION_FAILED ||
+ aStatus == NS_ERROR_NET_INADEQUATE_SECURITY ||
+ NS_ERROR_GET_MODULE(aStatus) == NS_ERROR_MODULE_SECURITY) {
+ // Errors to be shown for any frame
+ DisplayLoadError(aStatus, url, nullptr, aChannel);
+ } else if (aStatus == NS_ERROR_DOCUMENT_NOT_CACHED) {
+ // Non-caching channels will simply return NS_ERROR_OFFLINE.
+ // Caching channels would have to look at their flags to work
+ // out which error to return. Or we can fix up the error here.
+ if (!(mLoadType & LOAD_CMD_HISTORY)) {
+ aStatus = NS_ERROR_OFFLINE;
+ }
+ DisplayLoadError(aStatus, url, nullptr, aChannel);
+ }
+ } else if (url && NS_SUCCEEDED(aStatus)) {
+ // If we have a host
+ mozilla::net::PredictorLearnRedirect(url, aChannel, this);
+ }
+
+ return NS_OK;
+}
+
+//*****************************************************************************
+// nsDocShell: Content Viewer Management
+//*****************************************************************************
+
+nsresult
+nsDocShell::EnsureContentViewer()
+{
+ if (mContentViewer) {
+ return NS_OK;
+ }
+ if (mIsBeingDestroyed) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIURI> baseURI;
+ nsIPrincipal* principal = GetInheritedPrincipal(false);
+ nsCOMPtr<nsIDocShellTreeItem> parentItem;
+ GetSameTypeParent(getter_AddRefs(parentItem));
+ if (parentItem) {
+ if (nsCOMPtr<nsPIDOMWindowOuter> domWin = GetWindow()) {
+ nsCOMPtr<Element> parentElement = domWin->GetFrameElementInternal();
+ if (parentElement) {
+ baseURI = parentElement->GetBaseURI();
+ }
+ }
+ }
+
+ nsresult rv = CreateAboutBlankContentViewer(principal, baseURI);
+
+ NS_ENSURE_STATE(mContentViewer);
+
+ if (NS_SUCCEEDED(rv)) {
+ nsCOMPtr<nsIDocument> doc(GetDocument());
+ NS_ASSERTION(doc,
+ "Should have doc if CreateAboutBlankContentViewer "
+ "succeeded!");
+
+ doc->SetIsInitialDocument(true);
+ }
+
+ return rv;
+}
+
+nsresult
+nsDocShell::CreateAboutBlankContentViewer(nsIPrincipal* aPrincipal,
+ nsIURI* aBaseURI,
+ bool aTryToSaveOldPresentation)
+{
+ nsCOMPtr<nsIDocument> blankDoc;
+ nsCOMPtr<nsIContentViewer> viewer;
+ nsresult rv = NS_ERROR_FAILURE;
+
+ /* mCreatingDocument should never be true at this point. However, it's
+ a theoretical possibility. We want to know about it and make it stop,
+ and this sounds like a job for an assertion. */
+ NS_ASSERTION(!mCreatingDocument,
+ "infinite(?) loop creating document averted");
+ if (mCreatingDocument) {
+ return NS_ERROR_FAILURE;
+ }
+
+ // mContentViewer->PermitUnload may release |this| docshell.
+ nsCOMPtr<nsIDocShell> kungFuDeathGrip(this);
+
+ AutoRestore<bool> creatingDocument(mCreatingDocument);
+ mCreatingDocument = true;
+
+ if (aPrincipal && !nsContentUtils::IsSystemPrincipal(aPrincipal) &&
+ mItemType != typeChrome) {
+ MOZ_ASSERT(ChromeUtils::IsOriginAttributesEqualIgnoringAddonId(
+ BasePrincipal::Cast(aPrincipal)->OriginAttributesRef(),
+ mOriginAttributes));
+ }
+
+ // Make sure timing is created. But first record whether we had it
+ // already, so we don't clobber the timing for an in-progress load.
+ bool hadTiming = mTiming;
+ MaybeInitTiming();
+ if (mContentViewer) {
+ // We've got a content viewer already. Make sure the user
+ // permits us to discard the current document and replace it
+ // with about:blank. And also ensure we fire the unload events
+ // in the current document.
+
+ // Unload gets fired first for
+ // document loaded from the session history.
+ mTiming->NotifyBeforeUnload();
+
+ bool okToUnload;
+ rv = mContentViewer->PermitUnload(&okToUnload);
+
+ if (NS_SUCCEEDED(rv) && !okToUnload) {
+ // The user chose not to unload the page, interrupt the load.
+ return NS_ERROR_FAILURE;
+ }
+
+ mSavingOldViewer = aTryToSaveOldPresentation &&
+ CanSavePresentation(LOAD_NORMAL, nullptr, nullptr);
+
+ if (mTiming) {
+ mTiming->NotifyUnloadAccepted(mCurrentURI);
+ }
+
+ // Make sure to blow away our mLoadingURI just in case. No loads
+ // from inside this pagehide.
+ mLoadingURI = nullptr;
+
+ // Stop any in-progress loading, so that we don't accidentally trigger any
+ // PageShow notifications from Embed() interrupting our loading below.
+ Stop();
+
+ // Notify the current document that it is about to be unloaded!!
+ //
+ // It is important to fire the unload() notification *before* any state
+ // is changed within the DocShell - otherwise, javascript will get the
+ // wrong information :-(
+ //
+ (void)FirePageHideNotification(!mSavingOldViewer);
+ }
+
+ // Now make sure we don't think we're in the middle of firing unload after
+ // this point. This will make us fire unload when the about:blank document
+ // unloads... but that's ok, more or less. Would be nice if it fired load
+ // too, of course.
+ mFiredUnloadEvent = false;
+
+ nsCOMPtr<nsIDocumentLoaderFactory> docFactory =
+ nsContentUtils::FindInternalContentViewer(NS_LITERAL_CSTRING("text/html"));
+
+ if (docFactory) {
+ nsCOMPtr<nsIPrincipal> principal;
+ if (mSandboxFlags & SANDBOXED_ORIGIN) {
+ if (aPrincipal) {
+ principal = nsNullPrincipal::CreateWithInheritedAttributes(aPrincipal);
+ } else {
+ principal = nsNullPrincipal::CreateWithInheritedAttributes(this);
+ }
+ } else {
+ principal = aPrincipal;
+ }
+ // generate (about:blank) document to load
+ docFactory->CreateBlankDocument(mLoadGroup, principal,
+ getter_AddRefs(blankDoc));
+ if (blankDoc) {
+ // Hack: set the base URI manually, since this document never
+ // got Reset() with a channel.
+ blankDoc->SetBaseURI(aBaseURI);
+
+ blankDoc->SetContainer(this);
+
+ // Copy our sandbox flags to the document. These are immutable
+ // after being set here.
+ blankDoc->SetSandboxFlags(mSandboxFlags);
+
+ // create a content viewer for us and the new document
+ docFactory->CreateInstanceForDocument(
+ NS_ISUPPORTS_CAST(nsIDocShell*, this), blankDoc, "view",
+ getter_AddRefs(viewer));
+
+ // hook 'em up
+ if (viewer) {
+ viewer->SetContainer(this);
+ rv = Embed(viewer, "", 0);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ SetCurrentURI(blankDoc->GetDocumentURI(), nullptr, true, 0);
+ rv = mIsBeingDestroyed ? NS_ERROR_NOT_AVAILABLE : NS_OK;
+ }
+ }
+ }
+
+ // The transient about:blank viewer doesn't have a session history entry.
+ SetHistoryEntry(&mOSHE, nullptr);
+
+ // Clear out our mTiming like we would in EndPageLoad, if we didn't
+ // have one before entering this function.
+ if (!hadTiming) {
+ mTiming = nullptr;
+ mBlankTiming = true;
+ }
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::CreateAboutBlankContentViewer(nsIPrincipal* aPrincipal)
+{
+ return CreateAboutBlankContentViewer(aPrincipal, nullptr);
+}
+
+bool
+nsDocShell::CanSavePresentation(uint32_t aLoadType,
+ nsIRequest* aNewRequest,
+ nsIDocument* aNewDocument)
+{
+ if (!mOSHE) {
+ return false; // no entry to save into
+ }
+
+ nsCOMPtr<nsIContentViewer> viewer;
+ mOSHE->GetContentViewer(getter_AddRefs(viewer));
+ if (viewer) {
+ NS_WARNING("mOSHE already has a content viewer!");
+ return false;
+ }
+
+ // Only save presentation for "normal" loads and link loads. Anything else
+ // probably wants to refetch the page, so caching the old presentation
+ // would be incorrect.
+ if (aLoadType != LOAD_NORMAL &&
+ aLoadType != LOAD_HISTORY &&
+ aLoadType != LOAD_LINK &&
+ aLoadType != LOAD_STOP_CONTENT &&
+ aLoadType != LOAD_STOP_CONTENT_AND_REPLACE &&
+ aLoadType != LOAD_ERROR_PAGE) {
+ return false;
+ }
+
+ // If the session history entry has the saveLayoutState flag set to false,
+ // then we should not cache the presentation.
+ bool canSaveState;
+ mOSHE->GetSaveLayoutStateFlag(&canSaveState);
+ if (!canSaveState) {
+ return false;
+ }
+
+ // If the document is not done loading, don't cache it.
+ if (!mScriptGlobal || mScriptGlobal->IsLoading()) {
+ return false;
+ }
+
+ if (mScriptGlobal->WouldReuseInnerWindow(aNewDocument)) {
+ return false;
+ }
+
+ // Avoid doing the work of saving the presentation state in the case where
+ // the content viewer cache is disabled.
+ if (nsSHistory::GetMaxTotalViewers() == 0) {
+ return false;
+ }
+
+ // Don't cache the content viewer if we're in a subframe and the subframe
+ // pref is disabled.
+ bool cacheFrames =
+ Preferences::GetBool("browser.sessionhistory.cache_subframes", false);
+ if (!cacheFrames) {
+ nsCOMPtr<nsIDocShellTreeItem> root;
+ GetSameTypeParent(getter_AddRefs(root));
+ if (root && root != this) {
+ return false; // this is a subframe load
+ }
+ }
+
+ // If the document does not want its presentation cached, then don't.
+ nsCOMPtr<nsIDocument> doc = mScriptGlobal->GetExtantDoc();
+ return doc && doc->CanSavePresentation(aNewRequest);
+}
+
+void
+nsDocShell::ReattachEditorToWindow(nsISHEntry* aSHEntry)
+{
+ NS_ASSERTION(!mEditorData,
+ "Why reattach an editor when we already have one?");
+ NS_ASSERTION(aSHEntry && aSHEntry->HasDetachedEditor(),
+ "Reattaching when there's not a detached editor.");
+
+ if (mEditorData || !aSHEntry) {
+ return;
+ }
+
+ mEditorData = aSHEntry->ForgetEditorData();
+ if (mEditorData) {
+#ifdef DEBUG
+ nsresult rv =
+#endif
+ mEditorData->ReattachToWindow(this);
+ NS_ASSERTION(NS_SUCCEEDED(rv), "Failed to reattach editing session");
+ }
+}
+
+void
+nsDocShell::DetachEditorFromWindow()
+{
+ if (!mEditorData || mEditorData->WaitingForLoad()) {
+ // If there's nothing to detach, or if the editor data is actually set
+ // up for the _new_ page that's coming in, don't detach.
+ return;
+ }
+
+ NS_ASSERTION(!mOSHE || !mOSHE->HasDetachedEditor(),
+ "Detaching editor when it's already detached.");
+
+ nsresult res = mEditorData->DetachFromWindow();
+ NS_ASSERTION(NS_SUCCEEDED(res), "Failed to detach editor");
+
+ if (NS_SUCCEEDED(res)) {
+ // Make mOSHE hold the owning ref to the editor data.
+ if (mOSHE) {
+ mOSHE->SetEditorData(mEditorData.forget());
+ } else {
+ mEditorData = nullptr;
+ }
+ }
+
+#ifdef DEBUG
+ {
+ bool isEditable;
+ GetEditable(&isEditable);
+ NS_ASSERTION(!isEditable,
+ "Window is still editable after detaching editor.");
+ }
+#endif // DEBUG
+}
+
+nsresult
+nsDocShell::CaptureState()
+{
+ if (!mOSHE || mOSHE == mLSHE) {
+ // No entry to save into, or we're replacing the existing entry.
+ return NS_ERROR_FAILURE;
+ }
+
+ if (!mScriptGlobal) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsISupports> windowState = mScriptGlobal->SaveWindowState();
+ NS_ENSURE_TRUE(windowState, NS_ERROR_FAILURE);
+
+#ifdef DEBUG_PAGE_CACHE
+ nsCOMPtr<nsIURI> uri;
+ mOSHE->GetURI(getter_AddRefs(uri));
+ nsAutoCString spec;
+ if (uri) {
+ uri->GetSpec(spec);
+ }
+ printf("Saving presentation into session history\n");
+ printf(" SH URI: %s\n", spec.get());
+#endif
+
+ nsresult rv = mOSHE->SetWindowState(windowState);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Suspend refresh URIs and save off the timer queue
+ rv = mOSHE->SetRefreshURIList(mSavedRefreshURIList);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Capture the current content viewer bounds.
+ if (mContentViewer) {
+ nsIntRect bounds;
+ mContentViewer->GetBounds(bounds);
+ rv = mOSHE->SetViewerBounds(bounds);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // Capture the docshell hierarchy.
+ mOSHE->ClearChildShells();
+
+ uint32_t childCount = mChildList.Length();
+ for (uint32_t i = 0; i < childCount; ++i) {
+ nsCOMPtr<nsIDocShellTreeItem> childShell = do_QueryInterface(ChildAt(i));
+ NS_ASSERTION(childShell, "null child shell");
+
+ mOSHE->AddChildShell(childShell);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::RestorePresentationEvent::Run()
+{
+ if (mDocShell && NS_FAILED(mDocShell->RestoreFromHistory())) {
+ NS_WARNING("RestoreFromHistory failed");
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::BeginRestore(nsIContentViewer* aContentViewer, bool aTop)
+{
+ nsresult rv;
+ if (!aContentViewer) {
+ rv = EnsureContentViewer();
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ aContentViewer = mContentViewer;
+ }
+
+ // Dispatch events for restoring the presentation. We try to simulate
+ // the progress notifications loading the document would cause, so we add
+ // the document's channel to the loadgroup to initiate stateChange
+ // notifications.
+
+ nsCOMPtr<nsIDOMDocument> domDoc;
+ aContentViewer->GetDOMDocument(getter_AddRefs(domDoc));
+ nsCOMPtr<nsIDocument> doc = do_QueryInterface(domDoc);
+ if (doc) {
+ nsIChannel* channel = doc->GetChannel();
+ if (channel) {
+ mEODForCurrentDocument = false;
+ mIsRestoringDocument = true;
+ mLoadGroup->AddRequest(channel, nullptr);
+ mIsRestoringDocument = false;
+ }
+ }
+
+ if (!aTop) {
+ // This point corresponds to us having gotten OnStartRequest or
+ // STATE_START, so do the same thing that CreateContentViewer does at
+ // this point to ensure that unload/pagehide events for this document
+ // will fire when it's unloaded again.
+ mFiredUnloadEvent = false;
+
+ // For non-top frames, there is no notion of making sure that the
+ // previous document is in the domwindow when STATE_START notifications
+ // happen. We can just call BeginRestore for all of the child shells
+ // now.
+ rv = BeginRestoreChildren();
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::BeginRestoreChildren()
+{
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> child = do_QueryObject(iter.GetNext());
+ if (child) {
+ nsresult rv = child->BeginRestore(nullptr, false);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::FinishRestore()
+{
+ // First we call finishRestore() on our children. In the simulated load,
+ // all of the child frames finish loading before the main document.
+
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> child = do_QueryObject(iter.GetNext());
+ if (child) {
+ child->FinishRestore();
+ }
+ }
+
+ if (mOSHE && mOSHE->HasDetachedEditor()) {
+ ReattachEditorToWindow(mOSHE);
+ }
+
+ nsCOMPtr<nsIDocument> doc = GetDocument();
+ if (doc) {
+ // Finally, we remove the request from the loadgroup. This will
+ // cause onStateChange(STATE_STOP) to fire, which will fire the
+ // pageshow event to the chrome.
+
+ nsIChannel* channel = doc->GetChannel();
+ if (channel) {
+ mIsRestoringDocument = true;
+ mLoadGroup->RemoveRequest(channel, nullptr, NS_OK);
+ mIsRestoringDocument = false;
+ }
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetRestoringDocument(bool* aRestoring)
+{
+ *aRestoring = mIsRestoringDocument;
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::RestorePresentation(nsISHEntry* aSHEntry, bool* aRestoring)
+{
+ NS_ASSERTION(mLoadType & LOAD_CMD_HISTORY,
+ "RestorePresentation should only be called for history loads");
+
+ nsCOMPtr<nsIContentViewer> viewer;
+ aSHEntry->GetContentViewer(getter_AddRefs(viewer));
+
+#ifdef DEBUG_PAGE_CACHE
+ nsCOMPtr<nsIURI> uri;
+ aSHEntry->GetURI(getter_AddRefs(uri));
+
+ nsAutoCString spec;
+ if (uri) {
+ uri->GetSpec(spec);
+ }
+#endif
+
+ *aRestoring = false;
+
+ if (!viewer) {
+#ifdef DEBUG_PAGE_CACHE
+ printf("no saved presentation for uri: %s\n", spec.get());
+#endif
+ return NS_OK;
+ }
+
+ // We need to make sure the content viewer's container is this docshell.
+ // In subframe navigation, it's possible for the docshell that the
+ // content viewer was originally loaded into to be replaced with a
+ // different one. We don't currently support restoring the presentation
+ // in that case.
+
+ nsCOMPtr<nsIDocShell> container;
+ viewer->GetContainer(getter_AddRefs(container));
+ if (!::SameCOMIdentity(container, GetAsSupports(this))) {
+#ifdef DEBUG_PAGE_CACHE
+ printf("No valid container, clearing presentation\n");
+#endif
+ aSHEntry->SetContentViewer(nullptr);
+ return NS_ERROR_FAILURE;
+ }
+
+ NS_ASSERTION(mContentViewer != viewer, "Restoring existing presentation");
+
+#ifdef DEBUG_PAGE_CACHE
+ printf("restoring presentation from session history: %s\n", spec.get());
+#endif
+
+ SetHistoryEntry(&mLSHE, aSHEntry);
+
+ // Post an event that will remove the request after we've returned
+ // to the event loop. This mimics the way it is called by nsIChannel
+ // implementations.
+
+ // Revoke any pending restore (just in case)
+ NS_ASSERTION(!mRestorePresentationEvent.IsPending(),
+ "should only have one RestorePresentationEvent");
+ mRestorePresentationEvent.Revoke();
+
+ RefPtr<RestorePresentationEvent> evt = new RestorePresentationEvent(this);
+ nsresult rv = NS_DispatchToCurrentThread(evt);
+ if (NS_SUCCEEDED(rv)) {
+ mRestorePresentationEvent = evt.get();
+ // The rest of the restore processing will happen on our event
+ // callback.
+ *aRestoring = true;
+ }
+
+ return rv;
+}
+
+namespace {
+class MOZ_STACK_CLASS PresentationEventForgetter
+{
+public:
+ explicit PresentationEventForgetter(
+ nsRevocableEventPtr<nsDocShell::RestorePresentationEvent>&
+ aRestorePresentationEvent)
+ : mRestorePresentationEvent(aRestorePresentationEvent)
+ , mEvent(aRestorePresentationEvent.get())
+ {
+ }
+
+ ~PresentationEventForgetter()
+ {
+ Forget();
+ }
+
+ void Forget()
+ {
+ if (mRestorePresentationEvent.get() == mEvent) {
+ mRestorePresentationEvent.Forget();
+ mEvent = nullptr;
+ }
+ }
+
+private:
+ nsRevocableEventPtr<nsDocShell::RestorePresentationEvent>&
+ mRestorePresentationEvent;
+ RefPtr<nsDocShell::RestorePresentationEvent> mEvent;
+};
+
+} // namespace
+
+nsresult
+nsDocShell::RestoreFromHistory()
+{
+ MOZ_ASSERT(mRestorePresentationEvent.IsPending());
+ PresentationEventForgetter forgetter(mRestorePresentationEvent);
+
+ // This section of code follows the same ordering as CreateContentViewer.
+ if (!mLSHE) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIContentViewer> viewer;
+ mLSHE->GetContentViewer(getter_AddRefs(viewer));
+ if (!viewer) {
+ return NS_ERROR_FAILURE;
+ }
+
+ if (mSavingOldViewer) {
+ // We determined that it was safe to cache the document presentation
+ // at the time we initiated the new load. We need to check whether
+ // it's still safe to do so, since there may have been DOM mutations
+ // or new requests initiated.
+ nsCOMPtr<nsIDOMDocument> domDoc;
+ viewer->GetDOMDocument(getter_AddRefs(domDoc));
+ nsCOMPtr<nsIDocument> doc = do_QueryInterface(domDoc);
+ nsIRequest* request = nullptr;
+ if (doc) {
+ request = doc->GetChannel();
+ }
+ mSavingOldViewer = CanSavePresentation(mLoadType, request, doc);
+ }
+
+ nsCOMPtr<nsIContentViewer> oldCv(mContentViewer);
+ nsCOMPtr<nsIContentViewer> newCv(viewer);
+ int32_t minFontSize = 0;
+ float textZoom = 1.0f;
+ float pageZoom = 1.0f;
+ float overrideDPPX = 0.0f;
+
+ bool styleDisabled = false;
+ if (oldCv && newCv) {
+ oldCv->GetMinFontSize(&minFontSize);
+ oldCv->GetTextZoom(&textZoom);
+ oldCv->GetFullZoom(&pageZoom);
+ oldCv->GetOverrideDPPX(&overrideDPPX);
+ oldCv->GetAuthorStyleDisabled(&styleDisabled);
+ }
+
+ // Protect against mLSHE going away via a load triggered from
+ // pagehide or unload.
+ nsCOMPtr<nsISHEntry> origLSHE = mLSHE;
+
+ // Make sure to blow away our mLoadingURI just in case. No loads
+ // from inside this pagehide.
+ mLoadingURI = nullptr;
+
+ // Notify the old content viewer that it's being hidden.
+ FirePageHideNotification(!mSavingOldViewer);
+
+ // If mLSHE was changed as a result of the pagehide event, then
+ // something else was loaded. Don't finish restoring.
+ if (mLSHE != origLSHE) {
+ return NS_OK;
+ }
+
+ // Add the request to our load group. We do this before swapping out
+ // the content viewers so that consumers of STATE_START can access
+ // the old document. We only deal with the toplevel load at this time --
+ // to be consistent with normal document loading, subframes cannot start
+ // loading until after data arrives, which is after STATE_START completes.
+
+ RefPtr<RestorePresentationEvent> currentPresentationRestoration =
+ mRestorePresentationEvent.get();
+ Stop();
+ // Make sure we're still restoring the same presentation.
+ // If we aren't, docshell is in process doing another load already.
+ NS_ENSURE_STATE(currentPresentationRestoration ==
+ mRestorePresentationEvent.get());
+ BeginRestore(viewer, true);
+ NS_ENSURE_STATE(currentPresentationRestoration ==
+ mRestorePresentationEvent.get());
+ forgetter.Forget();
+
+ // Set mFiredUnloadEvent = false so that the unload handler for the
+ // *new* document will fire.
+ mFiredUnloadEvent = false;
+
+ mURIResultedInDocument = true;
+ nsCOMPtr<nsISHistory> rootSH;
+ GetRootSessionHistory(getter_AddRefs(rootSH));
+ if (rootSH) {
+ nsCOMPtr<nsISHistoryInternal> hist = do_QueryInterface(rootSH);
+ rootSH->GetIndex(&mPreviousTransIndex);
+ hist->UpdateIndex();
+ rootSH->GetIndex(&mLoadedTransIndex);
+#ifdef DEBUG_PAGE_CACHE
+ printf("Previous index: %d, Loaded index: %d\n\n", mPreviousTransIndex,
+ mLoadedTransIndex);
+#endif
+ }
+
+ // Rather than call Embed(), we will retrieve the viewer from the session
+ // history entry and swap it in.
+ // XXX can we refactor this so that we can just call Embed()?
+ PersistLayoutHistoryState();
+ nsresult rv;
+ if (mContentViewer) {
+ if (mSavingOldViewer && NS_FAILED(CaptureState())) {
+ if (mOSHE) {
+ mOSHE->SyncPresentationState();
+ }
+ mSavingOldViewer = false;
+ }
+ }
+
+ mSavedRefreshURIList = nullptr;
+
+ // In cases where we use a transient about:blank viewer between loads,
+ // we never show the transient viewer, so _its_ previous viewer is never
+ // unhooked from the view hierarchy. Destroy any such previous viewer now,
+ // before we grab the root view sibling, so that we don't grab a view
+ // that's about to go away.
+
+ if (mContentViewer) {
+ nsCOMPtr<nsIContentViewer> previousViewer;
+ mContentViewer->GetPreviousViewer(getter_AddRefs(previousViewer));
+ if (previousViewer) {
+ mContentViewer->SetPreviousViewer(nullptr);
+ previousViewer->Destroy();
+ }
+ }
+
+ // Save off the root view's parent and sibling so that we can insert the
+ // new content viewer's root view at the same position. Also save the
+ // bounds of the root view's widget.
+
+ nsView* rootViewSibling = nullptr;
+ nsView* rootViewParent = nullptr;
+ nsIntRect newBounds(0, 0, 0, 0);
+
+ nsCOMPtr<nsIPresShell> oldPresShell = GetPresShell();
+ if (oldPresShell) {
+ nsViewManager* vm = oldPresShell->GetViewManager();
+ if (vm) {
+ nsView* oldRootView = vm->GetRootView();
+
+ if (oldRootView) {
+ rootViewSibling = oldRootView->GetNextSibling();
+ rootViewParent = oldRootView->GetParent();
+
+ mContentViewer->GetBounds(newBounds);
+ }
+ }
+ }
+
+ nsCOMPtr<nsIContent> container;
+ nsCOMPtr<nsIDocument> sibling;
+ if (rootViewParent && rootViewParent->GetParent()) {
+ nsIFrame* frame = rootViewParent->GetParent()->GetFrame();
+ container = frame ? frame->GetContent() : nullptr;
+ }
+ if (rootViewSibling) {
+ nsIFrame* frame = rootViewSibling->GetFrame();
+ sibling =
+ frame ? frame->PresContext()->PresShell()->GetDocument() : nullptr;
+ }
+
+ // Transfer ownership to mContentViewer. By ensuring that either the
+ // docshell or the session history, but not both, have references to the
+ // content viewer, we prevent the viewer from being torn down after
+ // Destroy() is called.
+
+ if (mContentViewer) {
+ mContentViewer->Close(mSavingOldViewer ? mOSHE.get() : nullptr);
+ viewer->SetPreviousViewer(mContentViewer);
+ }
+ if (mOSHE && (!mContentViewer || !mSavingOldViewer)) {
+ // We don't plan to save a viewer in mOSHE; tell it to drop
+ // any other state it's holding.
+ mOSHE->SyncPresentationState();
+ }
+
+ // Order the mContentViewer setup just like Embed does.
+ mContentViewer = nullptr;
+
+ // Now that we're about to switch documents, forget all of our children.
+ // Note that we cached them as needed up in CaptureState above.
+ DestroyChildren();
+
+ mContentViewer.swap(viewer);
+
+ // Grab all of the related presentation from the SHEntry now.
+ // Clearing the viewer from the SHEntry will clear all of this state.
+ nsCOMPtr<nsISupports> windowState;
+ mLSHE->GetWindowState(getter_AddRefs(windowState));
+ mLSHE->SetWindowState(nullptr);
+
+ bool sticky;
+ mLSHE->GetSticky(&sticky);
+
+ nsCOMPtr<nsIDOMDocument> domDoc;
+ mContentViewer->GetDOMDocument(getter_AddRefs(domDoc));
+
+ nsCOMArray<nsIDocShellTreeItem> childShells;
+ int32_t i = 0;
+ nsCOMPtr<nsIDocShellTreeItem> child;
+ while (NS_SUCCEEDED(mLSHE->ChildShellAt(i++, getter_AddRefs(child))) &&
+ child) {
+ childShells.AppendObject(child);
+ }
+
+ // get the previous content viewer size
+ nsIntRect oldBounds(0, 0, 0, 0);
+ mLSHE->GetViewerBounds(oldBounds);
+
+ // Restore the refresh URI list. The refresh timers will be restarted
+ // when EndPageLoad() is called.
+ nsCOMPtr<nsIMutableArray> refreshURIList;
+ mLSHE->GetRefreshURIList(getter_AddRefs(refreshURIList));
+
+ // Reattach to the window object.
+ mIsRestoringDocument = true; // for MediaDocument::BecomeInteractive
+ rv = mContentViewer->Open(windowState, mLSHE);
+ mIsRestoringDocument = false;
+
+ // Hack to keep nsDocShellEditorData alive across the
+ // SetContentViewer(nullptr) call below.
+ nsAutoPtr<nsDocShellEditorData> data(mLSHE->ForgetEditorData());
+
+ // Now remove it from the cached presentation.
+ mLSHE->SetContentViewer(nullptr);
+ mEODForCurrentDocument = false;
+
+ mLSHE->SetEditorData(data.forget());
+
+#ifdef DEBUG
+ {
+ nsCOMPtr<nsIMutableArray> refreshURIs;
+ mLSHE->GetRefreshURIList(getter_AddRefs(refreshURIs));
+ nsCOMPtr<nsIDocShellTreeItem> childShell;
+ mLSHE->ChildShellAt(0, getter_AddRefs(childShell));
+ NS_ASSERTION(!refreshURIs && !childShell,
+ "SHEntry should have cleared presentation state");
+ }
+#endif
+
+ // Restore the sticky state of the viewer. The viewer has set this state
+ // on the history entry in Destroy() just before marking itself non-sticky,
+ // to avoid teardown of the presentation.
+ mContentViewer->SetSticky(sticky);
+
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // mLSHE is now our currently-loaded document.
+ SetHistoryEntry(&mOSHE, mLSHE);
+
+ // XXX special wyciwyg handling in Embed()?
+
+ // We aren't going to restore any items from the LayoutHistoryState,
+ // but we don't want them to stay around in case the page is reloaded.
+ SetLayoutHistoryState(nullptr);
+
+ // This is the end of our Embed() replacement
+
+ mSavingOldViewer = false;
+ mEODForCurrentDocument = false;
+
+ // Tell the event loop to favor plevents over user events, see comments
+ // in CreateContentViewer.
+ if (++gNumberOfDocumentsLoading == 1) {
+ FavorPerformanceHint(true);
+ }
+
+ if (oldCv && newCv) {
+ newCv->SetMinFontSize(minFontSize);
+ newCv->SetTextZoom(textZoom);
+ newCv->SetFullZoom(pageZoom);
+ newCv->SetOverrideDPPX(overrideDPPX);
+ newCv->SetAuthorStyleDisabled(styleDisabled);
+ }
+
+ nsCOMPtr<nsIDocument> document = do_QueryInterface(domDoc);
+ if (document) {
+ RefPtr<nsDocShell> parent = GetParentDocshell();
+ if (parent) {
+ nsCOMPtr<nsIDocument> d = parent->GetDocument();
+ if (d) {
+ if (d->EventHandlingSuppressed()) {
+ document->SuppressEventHandling(nsIDocument::eEvents,
+ d->EventHandlingSuppressed());
+ }
+
+ // Ick, it'd be nicer to not rewalk all of the subdocs here.
+ if (d->AnimationsPaused()) {
+ document->SuppressEventHandling(nsIDocument::eAnimationsOnly,
+ d->AnimationsPaused());
+ }
+ }
+ }
+
+ // Use the uri from the mLSHE we had when we entered this function
+ // (which need not match the document's URI if anchors are involved),
+ // since that's the history entry we're loading. Note that if we use
+ // origLSHE we don't have to worry about whether the entry in question
+ // is still mLSHE or whether it's now mOSHE.
+ nsCOMPtr<nsIURI> uri;
+ origLSHE->GetURI(getter_AddRefs(uri));
+ SetCurrentURI(uri, document->GetChannel(), true, 0);
+ }
+
+ // This is the end of our CreateContentViewer() replacement.
+ // Now we simulate a load. First, we restore the state of the javascript
+ // window object.
+ nsCOMPtr<nsPIDOMWindowOuter> privWin = GetWindow();
+ NS_ASSERTION(privWin, "could not get nsPIDOMWindow interface");
+
+ // Now, dispatch a title change event which would happen as the
+ // <head> is parsed.
+ document->NotifyPossibleTitleChange(false);
+
+ // Now we simulate appending child docshells for subframes.
+ for (i = 0; i < childShells.Count(); ++i) {
+ nsIDocShellTreeItem* childItem = childShells.ObjectAt(i);
+ nsCOMPtr<nsIDocShell> childShell = do_QueryInterface(childItem);
+
+ // Make sure to not clobber the state of the child. Since AddChild
+ // always clobbers it, save it off first.
+ bool allowPlugins;
+ childShell->GetAllowPlugins(&allowPlugins);
+
+ bool allowJavascript;
+ childShell->GetAllowJavascript(&allowJavascript);
+
+ bool allowRedirects;
+ childShell->GetAllowMetaRedirects(&allowRedirects);
+
+ bool allowSubframes;
+ childShell->GetAllowSubframes(&allowSubframes);
+
+ bool allowImages;
+ childShell->GetAllowImages(&allowImages);
+
+ bool allowMedia = childShell->GetAllowMedia();
+
+ bool allowDNSPrefetch;
+ childShell->GetAllowDNSPrefetch(&allowDNSPrefetch);
+
+ bool allowContentRetargeting = childShell->GetAllowContentRetargeting();
+ bool allowContentRetargetingOnChildren =
+ childShell->GetAllowContentRetargetingOnChildren();
+
+ uint32_t defaultLoadFlags;
+ childShell->GetDefaultLoadFlags(&defaultLoadFlags);
+
+ // this.AddChild(child) calls child.SetDocLoaderParent(this), meaning that
+ // the child inherits our state. Among other things, this means that the
+ // child inherits our mIsActive, mIsPrerendered and mPrivateBrowsingId,
+ // which is what we want.
+ AddChild(childItem);
+
+ childShell->SetAllowPlugins(allowPlugins);
+ childShell->SetAllowJavascript(allowJavascript);
+ childShell->SetAllowMetaRedirects(allowRedirects);
+ childShell->SetAllowSubframes(allowSubframes);
+ childShell->SetAllowImages(allowImages);
+ childShell->SetAllowMedia(allowMedia);
+ childShell->SetAllowDNSPrefetch(allowDNSPrefetch);
+ childShell->SetAllowContentRetargeting(allowContentRetargeting);
+ childShell->SetAllowContentRetargetingOnChildren(
+ allowContentRetargetingOnChildren);
+ childShell->SetDefaultLoadFlags(defaultLoadFlags);
+
+ rv = childShell->BeginRestore(nullptr, false);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // Make sure to restore the window state after adding the child shells back
+ // to the tree. This is necessary for Thaw() and Resume() to propagate
+ // properly.
+ rv = privWin->RestoreWindowState(windowState);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsIPresShell> shell = GetPresShell();
+
+ // We may be displayed on a different monitor (or in a different
+ // HiDPI mode) than when we got into the history list. So we need
+ // to check if this has happened. See bug 838239.
+
+ // Because the prescontext normally handles resolution changes via
+ // a runnable (see nsPresContext::UIResolutionChanged), its device
+ // context won't be -immediately- updated as a result of calling
+ // shell->BackingScaleFactorChanged().
+
+ // But we depend on that device context when adjusting the view size
+ // via mContentViewer->SetBounds(newBounds) below. So we need to
+ // explicitly tell it to check for changed resolution here.
+ if (shell && shell->GetPresContext()->DeviceContext()->CheckDPIChange()) {
+ shell->BackingScaleFactorChanged();
+ }
+
+ nsViewManager* newVM = shell ? shell->GetViewManager() : nullptr;
+ nsView* newRootView = newVM ? newVM->GetRootView() : nullptr;
+
+ // Insert the new root view at the correct location in the view tree.
+ if (container) {
+ nsSubDocumentFrame* subDocFrame =
+ do_QueryFrame(container->GetPrimaryFrame());
+ rootViewParent = subDocFrame ? subDocFrame->EnsureInnerView() : nullptr;
+ } else {
+ rootViewParent = nullptr;
+ }
+ if (sibling &&
+ sibling->GetShell() &&
+ sibling->GetShell()->GetViewManager()) {
+ rootViewSibling = sibling->GetShell()->GetViewManager()->GetRootView();
+ } else {
+ rootViewSibling = nullptr;
+ }
+ if (rootViewParent && newRootView &&
+ newRootView->GetParent() != rootViewParent) {
+ nsViewManager* parentVM = rootViewParent->GetViewManager();
+ if (parentVM) {
+ // InsertChild(parent, child, sib, true) inserts the child after
+ // sib in content order, which is before sib in view order. BUT
+ // when sib is null it inserts at the end of the the document
+ // order, i.e., first in view order. But when oldRootSibling is
+ // null, the old root as at the end of the view list --- last in
+ // content order --- and we want to call InsertChild(parent, child,
+ // nullptr, false) in that case.
+ parentVM->InsertChild(rootViewParent, newRootView,
+ rootViewSibling,
+ rootViewSibling ? true : false);
+
+ NS_ASSERTION(newRootView->GetNextSibling() == rootViewSibling,
+ "error in InsertChild");
+ }
+ }
+
+ nsCOMPtr<nsPIDOMWindowInner> privWinInner = privWin->GetCurrentInnerWindow();
+
+ // If parent is suspended, increase suspension count.
+ // This can't be done as early as event suppression since this
+ // depends on docshell tree.
+ privWinInner->SyncStateFromParentWindow();
+
+ // Now that all of the child docshells have been put into place, we can
+ // restart the timers for the window and all of the child frames.
+ privWinInner->Resume();
+
+ // Restore the refresh URI list. The refresh timers will be restarted
+ // when EndPageLoad() is called.
+ mRefreshURIList = refreshURIList;
+
+ // Meta-refresh timers have been restarted for this shell, but not
+ // for our children. Walk the child shells and restart their timers.
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(mChildList);
+ while (iter.HasMore()) {
+ nsCOMPtr<nsIDocShell> child = do_QueryObject(iter.GetNext());
+ if (child) {
+ child->ResumeRefreshURIs();
+ }
+ }
+
+ // Make sure this presentation is the same size as the previous
+ // presentation. If this is not the same size we showed it at last time,
+ // then we need to resize the widget.
+
+ // XXXbryner This interacts poorly with Firefox's infobar. If the old
+ // presentation had the infobar visible, then we will resize the new
+ // presentation to that smaller size. However, firing the locationchanged
+ // event will hide the infobar, which will immediately resize the window
+ // back to the larger size. A future optimization might be to restore
+ // the presentation at the "wrong" size, then fire the locationchanged
+ // event and check whether the docshell's new size is the same as the
+ // cached viewer size (skipping the resize if they are equal).
+
+ if (newRootView) {
+ if (!newBounds.IsEmpty() && !newBounds.IsEqualEdges(oldBounds)) {
+#ifdef DEBUG_PAGE_CACHE
+ printf("resize widget(%d, %d, %d, %d)\n", newBounds.x,
+ newBounds.y, newBounds.width, newBounds.height);
+#endif
+ mContentViewer->SetBounds(newBounds);
+ } else {
+ nsIScrollableFrame* rootScrollFrame =
+ shell->GetRootScrollFrameAsScrollableExternal();
+ if (rootScrollFrame) {
+ rootScrollFrame->PostScrolledAreaEventForCurrentArea();
+ }
+ }
+ }
+
+ // The FinishRestore call below can kill these, null them out so we don't
+ // have invalid pointer lying around.
+ newRootView = rootViewSibling = rootViewParent = nullptr;
+ newVM = nullptr;
+
+ // Simulate the completion of the load.
+ nsDocShell::FinishRestore();
+
+ // Restart plugins, and paint the content.
+ if (shell) {
+ shell->Thaw();
+ }
+
+ return privWin->FireDelayedDOMEvents();
+}
+
+nsresult
+nsDocShell::CreateContentViewer(const nsACString& aContentType,
+ nsIRequest* aRequest,
+ nsIStreamListener** aContentHandler)
+{
+ *aContentHandler = nullptr;
+
+ // Can we check the content type of the current content viewer
+ // and reuse it without destroying it and re-creating it?
+
+ NS_ASSERTION(mLoadGroup, "Someone ignored return from Init()?");
+
+ // Instantiate the content viewer object
+ nsCOMPtr<nsIContentViewer> viewer;
+ nsresult rv = NewContentViewerObj(aContentType, aRequest, mLoadGroup,
+ aContentHandler, getter_AddRefs(viewer));
+
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ // Notify the current document that it is about to be unloaded!!
+ //
+ // It is important to fire the unload() notification *before* any state
+ // is changed within the DocShell - otherwise, javascript will get the
+ // wrong information :-(
+ //
+
+ if (mSavingOldViewer) {
+ // We determined that it was safe to cache the document presentation
+ // at the time we initiated the new load. We need to check whether
+ // it's still safe to do so, since there may have been DOM mutations
+ // or new requests initiated.
+ nsCOMPtr<nsIDOMDocument> domDoc;
+ viewer->GetDOMDocument(getter_AddRefs(domDoc));
+ nsCOMPtr<nsIDocument> doc = do_QueryInterface(domDoc);
+ mSavingOldViewer = CanSavePresentation(mLoadType, aRequest, doc);
+ }
+
+ NS_ASSERTION(!mLoadingURI, "Re-entering unload?");
+
+ nsCOMPtr<nsIChannel> aOpenedChannel = do_QueryInterface(aRequest);
+ if (aOpenedChannel) {
+ aOpenedChannel->GetURI(getter_AddRefs(mLoadingURI));
+ }
+ FirePageHideNotification(!mSavingOldViewer);
+ mLoadingURI = nullptr;
+
+ // Set mFiredUnloadEvent = false so that the unload handler for the
+ // *new* document will fire.
+ mFiredUnloadEvent = false;
+
+ // we've created a new document so go ahead and call
+ // OnLoadingSite(), but don't fire OnLocationChange()
+ // notifications before we've called Embed(). See bug 284993.
+ mURIResultedInDocument = true;
+
+ if (mLoadType == LOAD_ERROR_PAGE) {
+ // We need to set the SH entry and our current URI here and not
+ // at the moment we load the page. We want the same behavior
+ // of Stop() as for a normal page load. See bug 514232 for details.
+
+ // Revert mLoadType to load type to state the page load failed,
+ // following function calls need it.
+ mLoadType = mFailedLoadType;
+
+ nsCOMPtr<nsIChannel> failedChannel = mFailedChannel;
+
+ nsIDocument* doc = viewer->GetDocument();
+ if (doc) {
+ doc->SetFailedChannel(failedChannel);
+ }
+
+ // Make sure we have a URI to set currentURI.
+ nsCOMPtr<nsIURI> failedURI;
+ if (failedChannel) {
+ NS_GetFinalChannelURI(failedChannel, getter_AddRefs(failedURI));
+ }
+
+ if (!failedURI) {
+ failedURI = mFailedURI;
+ }
+ if (!failedURI) {
+ // We need a URI object to store a session history entry, so make up a URI
+ NS_NewURI(getter_AddRefs(failedURI), "about:blank");
+ }
+
+ // When we don't have failedURI, something wrong will happen. See
+ // bug 291876.
+ MOZ_ASSERT(failedURI, "We don't have a URI for history APIs.");
+
+ mFailedChannel = nullptr;
+ mFailedURI = nullptr;
+
+ // Create an shistory entry for the old load.
+ if (failedURI) {
+ bool errorOnLocationChangeNeeded = OnNewURI(
+ failedURI, failedChannel, nullptr, nullptr, mLoadType, false, false, false);
+
+ if (errorOnLocationChangeNeeded) {
+ FireOnLocationChange(this, failedChannel, failedURI,
+ LOCATION_CHANGE_ERROR_PAGE);
+ }
+ }
+
+ // Be sure to have a correct mLSHE, it may have been cleared by
+ // EndPageLoad. See bug 302115.
+ if (mSessionHistory && !mLSHE) {
+ int32_t idx;
+ mSessionHistory->GetRequestedIndex(&idx);
+ if (idx == -1) {
+ mSessionHistory->GetIndex(&idx);
+ }
+ mSessionHistory->GetEntryAtIndex(idx, false, getter_AddRefs(mLSHE));
+ }
+
+ mLoadType = LOAD_ERROR_PAGE;
+ }
+
+ bool onLocationChangeNeeded = OnLoadingSite(aOpenedChannel, false);
+
+ // let's try resetting the load group if we need to...
+ nsCOMPtr<nsILoadGroup> currentLoadGroup;
+ NS_ENSURE_SUCCESS(
+ aOpenedChannel->GetLoadGroup(getter_AddRefs(currentLoadGroup)),
+ NS_ERROR_FAILURE);
+
+ if (currentLoadGroup != mLoadGroup) {
+ nsLoadFlags loadFlags = 0;
+
+ // Cancel any URIs that are currently loading...
+ // XXX: Need to do this eventually Stop();
+ //
+ // Retarget the document to this loadgroup...
+ //
+ /* First attach the channel to the right loadgroup
+ * and then remove from the old loadgroup. This
+ * puts the notifications in the right order and
+ * we don't null-out mLSHE in OnStateChange() for
+ * all redirected urls
+ */
+ aOpenedChannel->SetLoadGroup(mLoadGroup);
+
+ // Mark the channel as being a document URI...
+ aOpenedChannel->GetLoadFlags(&loadFlags);
+ loadFlags |= nsIChannel::LOAD_DOCUMENT_URI;
+
+ aOpenedChannel->SetLoadFlags(loadFlags);
+
+ mLoadGroup->AddRequest(aRequest, nullptr);
+ if (currentLoadGroup) {
+ currentLoadGroup->RemoveRequest(aRequest, nullptr, NS_BINDING_RETARGETED);
+ }
+
+ // Update the notification callbacks, so that progress and
+ // status information are sent to the right docshell...
+ aOpenedChannel->SetNotificationCallbacks(this);
+ }
+
+ NS_ENSURE_SUCCESS(Embed(viewer, "", nullptr), NS_ERROR_FAILURE);
+
+ mSavedRefreshURIList = nullptr;
+ mSavingOldViewer = false;
+ mEODForCurrentDocument = false;
+
+ // if this document is part of a multipart document,
+ // the ID can be used to distinguish it from the other parts.
+ nsCOMPtr<nsIMultiPartChannel> multiPartChannel(do_QueryInterface(aRequest));
+ if (multiPartChannel) {
+ nsCOMPtr<nsIPresShell> shell = GetPresShell();
+ if (NS_SUCCEEDED(rv) && shell) {
+ nsIDocument* doc = shell->GetDocument();
+ if (doc) {
+ uint32_t partID;
+ multiPartChannel->GetPartID(&partID);
+ doc->SetPartID(partID);
+ }
+ }
+ }
+
+ // Give hint to native plevent dispatch mechanism. If a document
+ // is loading the native plevent dispatch mechanism should favor
+ // performance over normal native event dispatch priorities.
+ if (++gNumberOfDocumentsLoading == 1) {
+ // Hint to favor performance for the plevent notification mechanism.
+ // We want the pages to load as fast as possible even if its means
+ // native messages might be starved.
+ FavorPerformanceHint(true);
+ }
+
+ if (onLocationChangeNeeded) {
+ FireOnLocationChange(this, aRequest, mCurrentURI, 0);
+ }
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::NewContentViewerObj(const nsACString& aContentType,
+ nsIRequest* aRequest, nsILoadGroup* aLoadGroup,
+ nsIStreamListener** aContentHandler,
+ nsIContentViewer** aViewer)
+{
+ nsCOMPtr<nsIChannel> aOpenedChannel = do_QueryInterface(aRequest);
+
+ nsCOMPtr<nsIDocumentLoaderFactory> docLoaderFactory =
+ nsContentUtils::FindInternalContentViewer(aContentType);
+ if (!docLoaderFactory) {
+ return NS_ERROR_FAILURE;
+ }
+
+ // Now create an instance of the content viewer nsLayoutDLF makes the
+ // determination if it should be a "view-source" instead of "view"
+ nsresult rv = docLoaderFactory->CreateInstance("view",
+ aOpenedChannel,
+ aLoadGroup, aContentType,
+ this,
+ nullptr,
+ aContentHandler,
+ aViewer);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ (*aViewer)->SetContainer(this);
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::SetupNewViewer(nsIContentViewer* aNewViewer)
+{
+ //
+ // Copy content viewer state from previous or parent content viewer.
+ //
+ // The following logic is mirrored in nsHTMLDocument::StartDocumentLoad!
+ //
+ // Do NOT to maintain a reference to the old content viewer outside
+ // of this "copying" block, or it will not be destroyed until the end of
+ // this routine and all <SCRIPT>s and event handlers fail! (bug 20315)
+ //
+ // In this block of code, if we get an error result, we return it
+ // but if we get a null pointer, that's perfectly legal for parent
+ // and parentContentViewer.
+ //
+
+ int32_t x = 0;
+ int32_t y = 0;
+ int32_t cx = 0;
+ int32_t cy = 0;
+
+ // This will get the size from the current content viewer or from the
+ // Init settings
+ DoGetPositionAndSize(&x, &y, &cx, &cy);
+
+ nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
+ NS_ENSURE_SUCCESS(GetSameTypeParent(getter_AddRefs(parentAsItem)),
+ NS_ERROR_FAILURE);
+ nsCOMPtr<nsIDocShell> parent(do_QueryInterface(parentAsItem));
+
+ nsAutoCString forceCharset;
+ nsAutoCString hintCharset;
+ int32_t hintCharsetSource;
+ int32_t minFontSize;
+ float textZoom;
+ float pageZoom;
+ float overrideDPPX;
+ bool styleDisabled;
+ // |newMUDV| also serves as a flag to set the data from the above vars
+ nsCOMPtr<nsIContentViewer> newCv;
+
+ if (mContentViewer || parent) {
+ nsCOMPtr<nsIContentViewer> oldCv;
+ if (mContentViewer) {
+ // Get any interesting state from old content viewer
+ // XXX: it would be far better to just reuse the document viewer ,
+ // since we know we're just displaying the same document as before
+ oldCv = mContentViewer;
+
+ // Tell the old content viewer to hibernate in session history when
+ // it is destroyed.
+
+ if (mSavingOldViewer && NS_FAILED(CaptureState())) {
+ if (mOSHE) {
+ mOSHE->SyncPresentationState();
+ }
+ mSavingOldViewer = false;
+ }
+ } else {
+ // No old content viewer, so get state from parent's content viewer
+ parent->GetContentViewer(getter_AddRefs(oldCv));
+ }
+
+ if (oldCv) {
+ newCv = aNewViewer;
+ if (newCv) {
+ NS_ENSURE_SUCCESS(oldCv->GetForceCharacterSet(forceCharset),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(oldCv->GetHintCharacterSet(hintCharset),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(oldCv->GetHintCharacterSetSource(&hintCharsetSource),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(oldCv->GetMinFontSize(&minFontSize),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(oldCv->GetTextZoom(&textZoom),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(oldCv->GetFullZoom(&pageZoom),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(oldCv->GetOverrideDPPX(&overrideDPPX),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(oldCv->GetAuthorStyleDisabled(&styleDisabled),
+ NS_ERROR_FAILURE);
+ }
+ }
+ }
+
+ nscolor bgcolor = NS_RGBA(0, 0, 0, 0);
+ // Ensure that the content viewer is destroyed *after* the GC - bug 71515
+ nsCOMPtr<nsIContentViewer> contentViewer = mContentViewer;
+ if (contentViewer) {
+ // Stop any activity that may be happening in the old document before
+ // releasing it...
+ contentViewer->Stop();
+
+ // Try to extract the canvas background color from the old
+ // presentation shell, so we can use it for the next document.
+ nsCOMPtr<nsIPresShell> shell;
+ contentViewer->GetPresShell(getter_AddRefs(shell));
+
+ if (shell) {
+ bgcolor = shell->GetCanvasBackground();
+ }
+
+ contentViewer->Close(mSavingOldViewer ? mOSHE.get() : nullptr);
+ aNewViewer->SetPreviousViewer(contentViewer);
+ }
+ if (mOSHE && (!mContentViewer || !mSavingOldViewer)) {
+ // We don't plan to save a viewer in mOSHE; tell it to drop
+ // any other state it's holding.
+ mOSHE->SyncPresentationState();
+ }
+
+ mContentViewer = nullptr;
+
+ // Now that we're about to switch documents, forget all of our children.
+ // Note that we cached them as needed up in CaptureState above.
+ DestroyChildren();
+
+ mContentViewer = aNewViewer;
+
+ nsCOMPtr<nsIWidget> widget;
+ NS_ENSURE_SUCCESS(GetMainWidget(getter_AddRefs(widget)), NS_ERROR_FAILURE);
+
+ nsIntRect bounds(x, y, cx, cy);
+
+ mContentViewer->SetNavigationTiming(mTiming);
+
+ if (NS_FAILED(mContentViewer->Init(widget, bounds))) {
+ mContentViewer = nullptr;
+ NS_WARNING("ContentViewer Initialization failed");
+ return NS_ERROR_FAILURE;
+ }
+
+ // If we have old state to copy, set the old state onto the new content
+ // viewer
+ if (newCv) {
+ NS_ENSURE_SUCCESS(newCv->SetForceCharacterSet(forceCharset),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newCv->SetHintCharacterSet(hintCharset),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newCv->SetHintCharacterSetSource(hintCharsetSource),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newCv->SetMinFontSize(minFontSize),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newCv->SetTextZoom(textZoom),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newCv->SetFullZoom(pageZoom),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newCv->SetOverrideDPPX(overrideDPPX),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newCv->SetAuthorStyleDisabled(styleDisabled),
+ NS_ERROR_FAILURE);
+ }
+
+ // Stuff the bgcolor from the old pres shell into the new
+ // pres shell. This improves page load continuity.
+ nsCOMPtr<nsIPresShell> shell;
+ mContentViewer->GetPresShell(getter_AddRefs(shell));
+
+ if (shell) {
+ shell->SetCanvasBackground(bgcolor);
+ }
+
+ // XXX: It looks like the LayoutState gets restored again in Embed()
+ // right after the call to SetupNewViewer(...)
+
+ // We don't show the mContentViewer yet, since we want to draw the old page
+ // until we have enough of the new page to show. Just return with the new
+ // viewer still set to hidden.
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::SetDocCurrentStateObj(nsISHEntry* aShEntry)
+{
+ NS_ENSURE_STATE(mContentViewer);
+ nsCOMPtr<nsIDocument> document = GetDocument();
+ NS_ENSURE_TRUE(document, NS_ERROR_FAILURE);
+
+ nsCOMPtr<nsIStructuredCloneContainer> scContainer;
+ if (aShEntry) {
+ nsresult rv = aShEntry->GetStateData(getter_AddRefs(scContainer));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // If aShEntry is null, just set the document's state object to null.
+ }
+
+ // It's OK for scContainer too be null here; that just means there's no
+ // state data associated with this history entry.
+ document->SetStateObject(scContainer);
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::CheckLoadingPermissions()
+{
+ // This method checks whether the caller may load content into
+ // this docshell. Even though we've done our best to hide windows
+ // from code that doesn't have the right to access them, it's
+ // still possible for an evil site to open a window and access
+ // frames in the new window through window.frames[] (which is
+ // allAccess for historic reasons), so we still need to do this
+ // check on load.
+ nsresult rv = NS_OK;
+
+ if (!gValidateOrigin || !IsFrame()) {
+ // Origin validation was turned off, or we're not a frame.
+ // Permit all loads.
+
+ return rv;
+ }
+
+ // Note - The check for a current JSContext here isn't necessarily sensical.
+ // It's just designed to preserve the old semantics during a mass-conversion
+ // patch.
+ if (!nsContentUtils::GetCurrentJSContext()) {
+ return NS_OK;
+ }
+
+ // Check if the caller is from the same origin as this docshell,
+ // or any of its ancestors.
+ nsCOMPtr<nsIDocShellTreeItem> item(this);
+ do {
+ nsCOMPtr<nsIScriptGlobalObject> sgo = do_GetInterface(item);
+ nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(sgo));
+
+ nsIPrincipal* p;
+ if (!sop || !(p = sop->GetPrincipal())) {
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ if (nsContentUtils::SubjectPrincipal()->Subsumes(p)) {
+ // Same origin, permit load
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIDocShellTreeItem> tmp;
+ item->GetSameTypeParent(getter_AddRefs(tmp));
+ item.swap(tmp);
+ } while (item);
+
+ return NS_ERROR_DOM_PROP_ACCESS_DENIED;
+}
+
+//*****************************************************************************
+// nsDocShell: Site Loading
+//*****************************************************************************
+
+namespace {
+
+#ifdef MOZ_PLACES
+// Callback used by CopyFavicon to inform the favicon service that one URI
+// (mNewURI) has the same favicon URI (OnComplete's aFaviconURI) as another.
+class nsCopyFaviconCallback final : public nsIFaviconDataCallback
+{
+public:
+ NS_DECL_ISUPPORTS
+
+ nsCopyFaviconCallback(mozIAsyncFavicons* aSvc,
+ nsIURI* aNewURI,
+ nsIPrincipal* aLoadingPrincipal,
+ bool aInPrivateBrowsing)
+ : mSvc(aSvc)
+ , mNewURI(aNewURI)
+ , mLoadingPrincipal(aLoadingPrincipal)
+ , mInPrivateBrowsing(aInPrivateBrowsing)
+ {
+ }
+
+ NS_IMETHOD
+ OnComplete(nsIURI* aFaviconURI, uint32_t aDataLen,
+ const uint8_t* aData, const nsACString& aMimeType) override
+ {
+ // Continue only if there is an associated favicon.
+ if (!aFaviconURI) {
+ return NS_OK;
+ }
+
+ MOZ_ASSERT(aDataLen == 0,
+ "We weren't expecting the callback to deliver data.");
+
+ nsCOMPtr<mozIPlacesPendingOperation> po;
+ return mSvc->SetAndFetchFaviconForPage(
+ mNewURI, aFaviconURI, false,
+ mInPrivateBrowsing ? nsIFaviconService::FAVICON_LOAD_PRIVATE :
+ nsIFaviconService::FAVICON_LOAD_NON_PRIVATE,
+ nullptr, mLoadingPrincipal, getter_AddRefs(po));
+ }
+
+private:
+ ~nsCopyFaviconCallback() {}
+
+ nsCOMPtr<mozIAsyncFavicons> mSvc;
+ nsCOMPtr<nsIURI> mNewURI;
+ nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
+ bool mInPrivateBrowsing;
+};
+
+NS_IMPL_ISUPPORTS(nsCopyFaviconCallback, nsIFaviconDataCallback)
+#endif
+
+} // namespace
+
+void
+nsDocShell::CopyFavicon(nsIURI* aOldURI,
+ nsIURI* aNewURI,
+ nsIPrincipal* aLoadingPrincipal,
+ bool aInPrivateBrowsing)
+{
+ if (XRE_IsContentProcess()) {
+ dom::ContentChild* contentChild = dom::ContentChild::GetSingleton();
+ if (contentChild) {
+ mozilla::ipc::URIParams oldURI, newURI;
+ SerializeURI(aOldURI, oldURI);
+ SerializeURI(aNewURI, newURI);
+ contentChild->SendCopyFavicon(oldURI, newURI,
+ IPC::Principal(aLoadingPrincipal),
+ aInPrivateBrowsing);
+ }
+ return;
+ }
+
+#ifdef MOZ_PLACES
+ nsCOMPtr<mozIAsyncFavicons> favSvc =
+ do_GetService("@mozilla.org/browser/favicon-service;1");
+ if (favSvc) {
+ nsCOMPtr<nsIFaviconDataCallback> callback =
+ new nsCopyFaviconCallback(favSvc, aNewURI,
+ aLoadingPrincipal,
+ aInPrivateBrowsing);
+ favSvc->GetFaviconURLForPage(aOldURI, callback);
+ }
+#endif
+}
+
+class InternalLoadEvent : public Runnable
+{
+public:
+ InternalLoadEvent(nsDocShell* aDocShell, nsIURI* aURI,
+ nsIURI* aOriginalURI, bool aLoadReplace,
+ nsIURI* aReferrer, uint32_t aReferrerPolicy,
+ nsIPrincipal* aTriggeringPrincipal,
+ nsIPrincipal* aPrincipalToInherit, uint32_t aFlags,
+ const char* aTypeHint, nsIInputStream* aPostData,
+ nsIInputStream* aHeadersData, uint32_t aLoadType,
+ nsISHEntry* aSHEntry, bool aFirstParty,
+ const nsAString& aSrcdoc, nsIDocShell* aSourceDocShell,
+ nsIURI* aBaseURI)
+ : mSrcdoc(aSrcdoc)
+ , mDocShell(aDocShell)
+ , mURI(aURI)
+ , mOriginalURI(aOriginalURI)
+ , mLoadReplace(aLoadReplace)
+ , mReferrer(aReferrer)
+ , mReferrerPolicy(aReferrerPolicy)
+ , mTriggeringPrincipal(aTriggeringPrincipal)
+ , mPrincipalToInherit(aPrincipalToInherit)
+ , mPostData(aPostData)
+ , mHeadersData(aHeadersData)
+ , mSHEntry(aSHEntry)
+ , mFlags(aFlags)
+ , mLoadType(aLoadType)
+ , mFirstParty(aFirstParty)
+ , mSourceDocShell(aSourceDocShell)
+ , mBaseURI(aBaseURI)
+ {
+ // Make sure to keep null things null as needed
+ if (aTypeHint) {
+ mTypeHint = aTypeHint;
+ }
+ }
+
+ NS_IMETHOD
+ Run() override
+ {
+ return mDocShell->InternalLoad(mURI, mOriginalURI,
+ mLoadReplace,
+ mReferrer,
+ mReferrerPolicy,
+ mTriggeringPrincipal, mPrincipalToInherit,
+ mFlags, EmptyString(), mTypeHint.get(),
+ NullString(), mPostData, mHeadersData,
+ mLoadType, mSHEntry, mFirstParty,
+ mSrcdoc, mSourceDocShell, mBaseURI,
+ nullptr, nullptr);
+ }
+
+private:
+ // Use IDL strings so .get() returns null by default
+ nsXPIDLString mWindowTarget;
+ nsXPIDLCString mTypeHint;
+ nsString mSrcdoc;
+
+ RefPtr<nsDocShell> mDocShell;
+ nsCOMPtr<nsIURI> mURI;
+ nsCOMPtr<nsIURI> mOriginalURI;
+ bool mLoadReplace;
+ nsCOMPtr<nsIURI> mReferrer;
+ uint32_t mReferrerPolicy;
+ nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
+ nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
+ nsCOMPtr<nsIInputStream> mPostData;
+ nsCOMPtr<nsIInputStream> mHeadersData;
+ nsCOMPtr<nsISHEntry> mSHEntry;
+ uint32_t mFlags;
+ uint32_t mLoadType;
+ bool mFirstParty;
+ nsCOMPtr<nsIDocShell> mSourceDocShell;
+ nsCOMPtr<nsIURI> mBaseURI;
+};
+
+/**
+ * Returns true if we started an asynchronous load (i.e., from the network), but
+ * the document we're loading there hasn't yet become this docshell's active
+ * document.
+ *
+ * When JustStartedNetworkLoad is true, you should be careful about modifying
+ * mLoadType and mLSHE. These are both set when the asynchronous load first
+ * starts, and the load expects that, when it eventually runs InternalLoad,
+ * mLoadType and mLSHE will have their original values.
+ */
+bool
+nsDocShell::JustStartedNetworkLoad()
+{
+ return mDocumentRequest && mDocumentRequest != GetCurrentDocChannel();
+}
+
+nsresult
+nsDocShell::CreatePrincipalFromReferrer(nsIURI* aReferrer,
+ nsIPrincipal** aResult)
+{
+ PrincipalOriginAttributes attrs;
+ attrs.InheritFromDocShellToDoc(mOriginAttributes, aReferrer);
+ nsCOMPtr<nsIPrincipal> prin =
+ BasePrincipal::CreateCodebasePrincipal(aReferrer, attrs);
+ prin.forget(aResult);
+
+ return *aResult ? NS_OK : NS_ERROR_FAILURE;
+}
+
+bool
+nsDocShell::IsAboutNewtab(nsIURI* aURI)
+{
+ if (!aURI) {
+ return false;
+ }
+ bool isAbout;
+ if (NS_WARN_IF(NS_FAILED(aURI->SchemeIs("about", &isAbout)))) {
+ return false;
+ }
+ if (!isAbout) {
+ return false;
+ }
+
+ nsAutoCString module;
+ if (NS_WARN_IF(NS_FAILED(NS_GetAboutModuleName(aURI, module)))) {
+ return false;
+ }
+ return module.Equals("newtab");
+}
+
+NS_IMETHODIMP
+nsDocShell::InternalLoad(nsIURI* aURI,
+ nsIURI* aOriginalURI,
+ bool aLoadReplace,
+ nsIURI* aReferrer,
+ uint32_t aReferrerPolicy,
+ nsIPrincipal* aTriggeringPrincipal,
+ nsIPrincipal* aPrincipalToInherit,
+ uint32_t aFlags,
+ const nsAString& aWindowTarget,
+ const char* aTypeHint,
+ const nsAString& aFileName,
+ nsIInputStream* aPostData,
+ nsIInputStream* aHeadersData,
+ uint32_t aLoadType,
+ nsISHEntry* aSHEntry,
+ bool aFirstParty,
+ const nsAString& aSrcdoc,
+ nsIDocShell* aSourceDocShell,
+ nsIURI* aBaseURI,
+ nsIDocShell** aDocShell,
+ nsIRequest** aRequest)
+{
+ MOZ_ASSERT(aTriggeringPrincipal, "need a valid TriggeringPrincipal");
+
+ nsresult rv = NS_OK;
+ mOriginalUriString.Truncate();
+
+ if (gDocShellLeakLog && MOZ_LOG_TEST(gDocShellLeakLog, LogLevel::Debug)) {
+ PR_LogPrint("DOCSHELL %p InternalLoad %s\n",
+ this, aURI ? aURI->GetSpecOrDefault().get() : "");
+ }
+ // Initialize aDocShell/aRequest
+ if (aDocShell) {
+ *aDocShell = nullptr;
+ }
+ if (aRequest) {
+ *aRequest = nullptr;
+ }
+
+ if (!aURI) {
+ return NS_ERROR_NULL_POINTER;
+ }
+
+ NS_ENSURE_TRUE(IsValidLoadType(aLoadType), NS_ERROR_INVALID_ARG);
+
+ NS_ENSURE_TRUE(!mIsBeingDestroyed, NS_ERROR_NOT_AVAILABLE);
+
+ rv = EnsureScriptEnvironment();
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ // wyciwyg urls can only be loaded through history. Any normal load of
+ // wyciwyg through docshell is illegal. Disallow such loads.
+ if (aLoadType & LOAD_CMD_NORMAL) {
+ bool isWyciwyg = false;
+ rv = aURI->SchemeIs("wyciwyg", &isWyciwyg);
+ if ((isWyciwyg && NS_SUCCEEDED(rv)) || NS_FAILED(rv)) {
+ return NS_ERROR_FAILURE;
+ }
+ }
+
+ bool isJavaScript = false;
+ if (NS_FAILED(aURI->SchemeIs("javascript", &isJavaScript))) {
+ isJavaScript = false;
+ }
+
+ bool isTargetTopLevelDocShell = false;
+ nsCOMPtr<nsIDocShell> targetDocShell;
+ if (!aWindowTarget.IsEmpty()) {
+ // Locate the target DocShell.
+ nsCOMPtr<nsIDocShellTreeItem> targetItem;
+ // Only _self, _parent, and _top are supported in noopener case. But we
+ // have to be careful to not apply that to the noreferrer case. See bug
+ // 1358469.
+ bool allowNamedTarget = !(aFlags & INTERNAL_LOAD_FLAGS_NO_OPENER) ||
+ (aFlags & INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER);
+ if (allowNamedTarget ||
+ aWindowTarget.LowerCaseEqualsLiteral("_self") ||
+ aWindowTarget.LowerCaseEqualsLiteral("_parent") ||
+ aWindowTarget.LowerCaseEqualsLiteral("_top")) {
+ rv = FindItemWithName(aWindowTarget, nullptr, this,
+ getter_AddRefs(targetItem));
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ targetDocShell = do_QueryInterface(targetItem);
+ if (targetDocShell) {
+ // If the targetDocShell and the rootDocShell are the same, then the
+ // targetDocShell is the top level document and hence we should
+ // consider this TYPE_DOCUMENT
+ //
+ // For example:
+ // 1. target="_top"
+ // 2. target="_parent", where this docshell is in the 2nd level of
+ // docshell tree.
+ nsCOMPtr<nsIDocShellTreeItem> sameTypeRoot;
+ targetDocShell->GetSameTypeRootTreeItem(getter_AddRefs(sameTypeRoot));
+ NS_ASSERTION(sameTypeRoot,
+ "No document shell root tree item from targetDocShell!");
+ nsCOMPtr<nsIDocShell> rootShell = do_QueryInterface(sameTypeRoot);
+ NS_ASSERTION(rootShell,
+ "No root docshell from document shell root tree item.");
+ isTargetTopLevelDocShell = targetDocShell == rootShell;
+ } else {
+ // If the targetDocShell doesn't exist, then this is a new docShell
+ // and we should consider this a TYPE_DOCUMENT load
+ //
+ // For example, when target="_blank"
+ isTargetTopLevelDocShell = true;
+ }
+ }
+
+ // The contentType will be INTERNAL_(I)FRAME if:
+ // 1. This docshell is for iframe.
+ // 2. AND aWindowTarget is not a new window, nor a top-level window.
+ //
+ // This variable will be used when we call NS_CheckContentLoadPolicy, and
+ // later when we call DoURILoad.
+ uint32_t contentType;
+ if (IsFrame() && !isTargetTopLevelDocShell) {
+ nsCOMPtr<Element> requestingElement =
+ mScriptGlobal->AsOuter()->GetFrameElementInternal();
+ if (requestingElement) {
+ contentType = requestingElement->IsHTMLElement(nsGkAtoms::iframe) ?
+ nsIContentPolicy::TYPE_INTERNAL_IFRAME : nsIContentPolicy::TYPE_INTERNAL_FRAME;
+ } else {
+ // If we have lost our frame element by now, just assume we're
+ // an iframe since that's more common.
+ contentType = nsIContentPolicy::TYPE_INTERNAL_IFRAME;
+ }
+ } else {
+ contentType = nsIContentPolicy::TYPE_DOCUMENT;
+ }
+
+ // If there's no targetDocShell, that means we are about to create a new window,
+ // perform a content policy check before creating the window.
+ if (!targetDocShell) {
+ nsCOMPtr<Element> requestingElement;
+ nsISupports* requestingContext = nullptr;
+
+ if (contentType == nsIContentPolicy::TYPE_DOCUMENT) {
+ if (XRE_IsContentProcess()) {
+ // In e10s the child process doesn't have access to the element that
+ // contains the browsing context (because that element is in the chrome
+ // process). So we just pass mScriptGlobal.
+ requestingContext = ToSupports(mScriptGlobal);
+ } else {
+ // This is for loading non-e10s tabs and toplevel windows of various
+ // sorts.
+ // For the toplevel window cases, requestingElement will be null.
+ requestingElement = mScriptGlobal->AsOuter()->GetFrameElementInternal();
+ requestingContext = requestingElement;
+ }
+ } else {
+ requestingElement = mScriptGlobal->AsOuter()->GetFrameElementInternal();
+ requestingContext = requestingElement;
+
+#ifdef DEBUG
+ if (requestingElement) {
+ // Get the docshell type for requestingElement.
+ nsCOMPtr<nsIDocument> requestingDoc = requestingElement->OwnerDoc();
+ nsCOMPtr<nsIDocShell> elementDocShell = requestingDoc->GetDocShell();
+
+ // requestingElement docshell type = current docshell type.
+ MOZ_ASSERT(mItemType == elementDocShell->ItemType(),
+ "subframes should have the same docshell type as their parent");
+ }
+#endif
+ }
+
+ int16_t shouldLoad = nsIContentPolicy::ACCEPT;
+ rv = NS_CheckContentLoadPolicy(contentType,
+ aURI,
+ aTriggeringPrincipal,
+ requestingContext,
+ EmptyCString(), // mime guess
+ nullptr, // extra
+ &shouldLoad);
+
+ if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
+ if (NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) {
+ return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
+ }
+
+ return NS_ERROR_CONTENT_BLOCKED;
+ }
+
+ // If HSTS priming was set by nsMixedContentBlocker::ShouldLoad, and we
+ // would block due to mixed content, go ahead and block here. If we try to
+ // proceed with priming, we will error out later on.
+ nsCOMPtr<nsIDocShell> docShell = NS_CP_GetDocShellFromContext(requestingContext);
+ // When loading toplevel windows, requestingContext can be null. We don't
+ // really care about HSTS in that situation, though; loads in toplevel
+ // windows should all be browser UI.
+ if (docShell) {
+ nsIDocument* document = docShell->GetDocument();
+ NS_ENSURE_TRUE(document, NS_OK);
+
+ HSTSPrimingState state = document->GetHSTSPrimingStateForLocation(aURI);
+ if (state == HSTSPrimingState::eHSTS_PRIMING_BLOCK) {
+ // HSTS Priming currently disabled for InternalLoad, so we need to clear
+ // the location that was added by nsMixedContentBlocker::ShouldLoad
+ // Bug 1269815 will address images loaded via InternalLoad
+ document->ClearHSTSPrimingLocation(aURI);
+ return NS_ERROR_CONTENT_BLOCKED;
+ }
+ }
+ }
+
+ nsCOMPtr<nsIPrincipal> principalToInherit = aPrincipalToInherit;
+ //
+ // Get a principal from the current document if necessary. Note that we only
+ // do this for URIs that inherit a security context and local file URIs;
+ // in particular we do NOT do this for about:blank. This way, random
+ // about:blank loads that have no principal (which basically means they were
+ // done by someone from chrome manually messing with our nsIWebNavigation
+ // or by C++ setting document.location) don't get a funky principal. If
+ // callers want something interesting to happen with the about:blank
+ // principal in this case, they should pass aPrincipalToInherit in.
+ //
+ {
+ bool inherits;
+ // One more twist: Don't inherit the principal for external loads.
+ if (aLoadType != LOAD_NORMAL_EXTERNAL && !principalToInherit &&
+ (aFlags & INTERNAL_LOAD_FLAGS_INHERIT_PRINCIPAL) &&
+ NS_SUCCEEDED(nsContentUtils::URIInheritsSecurityContext(aURI,
+ &inherits)) &&
+ inherits) {
+ principalToInherit = GetInheritedPrincipal(true);
+ }
+ }
+
+ // Don't allow loads that would inherit our security context
+ // if this document came from an unsafe channel.
+ {
+ bool willInherit;
+ // This condition needs to match the one in
+ // nsContentUtils::ChannelShouldInheritPrincipal.
+ // Except we reverse the rv check to be safe in case
+ // nsContentUtils::URIInheritsSecurityContext fails here and
+ // succeeds there.
+ rv = nsContentUtils::URIInheritsSecurityContext(aURI, &willInherit);
+ if (NS_FAILED(rv) || willInherit || NS_IsAboutBlank(aURI)) {
+ nsCOMPtr<nsIDocShellTreeItem> treeItem = this;
+ do {
+ nsCOMPtr<nsIDocShell> itemDocShell = do_QueryInterface(treeItem);
+ bool isUnsafe;
+ if (itemDocShell &&
+ NS_SUCCEEDED(itemDocShell->GetChannelIsUnsafe(&isUnsafe)) &&
+ isUnsafe) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+
+ nsCOMPtr<nsIDocShellTreeItem> parent;
+ treeItem->GetSameTypeParent(getter_AddRefs(parent));
+ parent.swap(treeItem);
+ } while (treeItem);
+ }
+ }
+
+ //
+ // Resolve the window target before going any further...
+ // If the load has been targeted to another DocShell, then transfer the
+ // load to it...
+ //
+ if (!aWindowTarget.IsEmpty()) {
+ // We've already done our owner-inheriting. Mask out that bit, so we
+ // don't try inheriting an owner from the target window if we came up
+ // with a null owner above.
+ aFlags = aFlags & ~INTERNAL_LOAD_FLAGS_INHERIT_PRINCIPAL;
+
+ bool isNewWindow = false;
+ if (!targetDocShell) {
+ // If the docshell's document is sandboxed, only open a new window
+ // if the document's SANDBOXED_AUXILLARY_NAVIGATION flag is not set.
+ // (i.e. if allow-popups is specified)
+ NS_ENSURE_TRUE(mContentViewer, NS_ERROR_FAILURE);
+ nsIDocument* doc = mContentViewer->GetDocument();
+ uint32_t sandboxFlags = 0;
+
+ if (doc) {
+ sandboxFlags = doc->GetSandboxFlags();
+ if (sandboxFlags & SANDBOXED_AUXILIARY_NAVIGATION) {
+ return NS_ERROR_DOM_INVALID_ACCESS_ERR;
+ }
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> win = GetWindow();
+ NS_ENSURE_TRUE(win, NS_ERROR_NOT_AVAILABLE);
+
+ nsCOMPtr<nsPIDOMWindowOuter> newWin;
+ nsAutoCString spec;
+ if (aURI) {
+ aURI->GetSpec(spec);
+ }
+ // If we are a noopener load, we just hand the whole thing over to our
+ // window.
+ if (aFlags & INTERNAL_LOAD_FLAGS_NO_OPENER) {
+ // Various asserts that we know to hold because NO_OPENER loads can only
+ // happen for links.
+ MOZ_ASSERT(!aLoadReplace);
+ MOZ_ASSERT(aPrincipalToInherit == aTriggeringPrincipal);
+ MOZ_ASSERT(aFlags == INTERNAL_LOAD_FLAGS_NO_OPENER ||
+ aFlags == (INTERNAL_LOAD_FLAGS_NO_OPENER |
+ INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER));
+ MOZ_ASSERT(!aPostData);
+ MOZ_ASSERT(!aHeadersData);
+ MOZ_ASSERT(aLoadType == LOAD_LINK);
+ MOZ_ASSERT(!aSHEntry);
+ MOZ_ASSERT(aFirstParty); // Windowwatcher will assume this.
+
+ nsCOMPtr<nsIDocShellLoadInfo> loadInfo;
+ rv = CreateLoadInfo(getter_AddRefs(loadInfo));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ // Set up our loadinfo so it will do the load as much like we would have
+ // as possible.
+ loadInfo->SetReferrer(aReferrer);
+ loadInfo->SetReferrerPolicy(aReferrerPolicy);
+ loadInfo->SetSendReferrer(!(aFlags &
+ INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER));
+ loadInfo->SetOriginalURI(aOriginalURI);
+ loadInfo->SetLoadReplace(aLoadReplace);
+ loadInfo->SetTriggeringPrincipal(aTriggeringPrincipal);
+ loadInfo->SetInheritPrincipal(
+ aFlags & INTERNAL_LOAD_FLAGS_INHERIT_PRINCIPAL);
+ // Explicit principal because we do not want any guesses as to what the
+ // principal to inherit is: it should be aTriggeringPrincipal.
+ loadInfo->SetPrincipalIsExplicit(true);
+ loadInfo->SetLoadType(ConvertLoadTypeToDocShellLoadInfo(LOAD_LINK));
+
+ rv = win->Open(NS_ConvertUTF8toUTF16(spec),
+ aWindowTarget, // window name
+ EmptyString(), // Features
+ loadInfo,
+ true, // aForceNoOpener
+ getter_AddRefs(newWin));
+ MOZ_ASSERT(!newWin);
+ return rv;
+ }
+
+ rv = win->OpenNoNavigate(NS_ConvertUTF8toUTF16(spec),
+ aWindowTarget, // window name
+ EmptyString(), // Features
+ getter_AddRefs(newWin));
+
+ // In some cases the Open call doesn't actually result in a new
+ // window being opened. We can detect these cases by examining the
+ // document in |newWin|, if any.
+ nsCOMPtr<nsPIDOMWindowOuter> piNewWin = do_QueryInterface(newWin);
+ if (piNewWin) {
+ nsCOMPtr<nsIDocument> newDoc = piNewWin->GetExtantDoc();
+ if (!newDoc || newDoc->IsInitialDocument()) {
+ isNewWindow = true;
+ aFlags |= INTERNAL_LOAD_FLAGS_FIRST_LOAD;
+ }
+ }
+
+ nsCOMPtr<nsIWebNavigation> webNav = do_GetInterface(newWin);
+ targetDocShell = do_QueryInterface(webNav);
+ }
+
+ //
+ // Transfer the load to the target DocShell... Pass nullptr as the
+ // window target name from to prevent recursive retargeting!
+ //
+ if (NS_SUCCEEDED(rv) && targetDocShell) {
+ rv = targetDocShell->InternalLoad(aURI,
+ aOriginalURI,
+ aLoadReplace,
+ aReferrer,
+ aReferrerPolicy,
+ aTriggeringPrincipal,
+ principalToInherit,
+ aFlags,
+ EmptyString(), // No window target
+ aTypeHint,
+ NullString(), // No forced download
+ aPostData,
+ aHeadersData,
+ aLoadType,
+ aSHEntry,
+ aFirstParty,
+ aSrcdoc,
+ aSourceDocShell,
+ aBaseURI,
+ aDocShell,
+ aRequest);
+ if (rv == NS_ERROR_NO_CONTENT) {
+ // XXXbz except we never reach this code!
+ if (isNewWindow) {
+ //
+ // At this point, a new window has been created, but the
+ // URI did not have any data associated with it...
+ //
+ // So, the best we can do, is to tear down the new window
+ // that was just created!
+ //
+ if (nsCOMPtr<nsPIDOMWindowOuter> domWin = targetDocShell->GetWindow()) {
+ domWin->Close();
+ }
+ }
+ //
+ // NS_ERROR_NO_CONTENT should not be returned to the
+ // caller... This is an internal error code indicating that
+ // the URI had no data associated with it - probably a
+ // helper-app style protocol (ie. mailto://)
+ //
+ rv = NS_OK;
+ } else if (isNewWindow) {
+ // XXX: Once new windows are created hidden, the new
+ // window will need to be made visible... For now,
+ // do nothing.
+ }
+ }
+
+ // Else we ran out of memory, or were a popup and got blocked,
+ // or something.
+
+ return rv;
+ }
+
+ //
+ // Load is being targetted at this docshell so return an error if the
+ // docshell is in the process of being destroyed.
+ //
+ if (mIsBeingDestroyed) {
+ return NS_ERROR_FAILURE;
+ }
+
+ NS_ENSURE_STATE(!HasUnloadedParent());
+
+ rv = CheckLoadingPermissions();
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ if (mFiredUnloadEvent) {
+ if (IsOKToLoadURI(aURI)) {
+ NS_PRECONDITION(aWindowTarget.IsEmpty(),
+ "Shouldn't have a window target here!");
+
+ // If this is a replace load, make whatever load triggered
+ // the unload event also a replace load, so we don't
+ // create extra history entries.
+ if (LOAD_TYPE_HAS_FLAGS(aLoadType, LOAD_FLAGS_REPLACE_HISTORY)) {
+ mLoadType = LOAD_NORMAL_REPLACE;
+ }
+
+ // Do this asynchronously
+ nsCOMPtr<nsIRunnable> ev =
+ new InternalLoadEvent(this, aURI, aOriginalURI, aLoadReplace,
+ aReferrer, aReferrerPolicy,
+ aTriggeringPrincipal, principalToInherit,
+ aFlags, aTypeHint, aPostData, aHeadersData,
+ aLoadType, aSHEntry, aFirstParty, aSrcdoc,
+ aSourceDocShell, aBaseURI);
+ return NS_DispatchToCurrentThread(ev);
+ }
+
+ // Just ignore this load attempt
+ return NS_OK;
+ }
+
+ // If a source docshell has been passed, check to see if we are sandboxed
+ // from it as the result of an iframe or CSP sandbox.
+ if (aSourceDocShell && aSourceDocShell->IsSandboxedFrom(this)) {
+ return NS_ERROR_DOM_INVALID_ACCESS_ERR;
+ }
+
+ // If this docshell is owned by a frameloader, make sure to cancel
+ // possible frameloader initialization before loading a new page.
+ nsCOMPtr<nsIDocShellTreeItem> parent = GetParentDocshell();
+ if (parent) {
+ nsCOMPtr<nsIDocument> doc = parent->GetDocument();
+ if (doc) {
+ doc->TryCancelFrameLoaderInitialization(this);
+ }
+ }
+
+ // Before going any further vet loads initiated by external programs.
+ if (aLoadType == LOAD_NORMAL_EXTERNAL) {
+ // Disallow external chrome: loads targetted at content windows
+ bool isChrome = false;
+ if (NS_SUCCEEDED(aURI->SchemeIs("chrome", &isChrome)) && isChrome) {
+ NS_WARNING("blocked external chrome: url -- use '--chrome' option");
+ return NS_ERROR_FAILURE;
+ }
+
+ // clear the decks to prevent context bleed-through (bug 298255)
+ rv = CreateAboutBlankContentViewer(nullptr, nullptr);
+ if (NS_FAILED(rv)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ // reset loadType so we don't have to add lots of tests for
+ // LOAD_NORMAL_EXTERNAL after this point
+ aLoadType = LOAD_NORMAL;
+ }
+
+ mAllowKeywordFixup =
+ (aFlags & INTERNAL_LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP) != 0;
+ mURIResultedInDocument = false; // reset the clock...
+
+ if (aLoadType == LOAD_NORMAL ||
+ aLoadType == LOAD_STOP_CONTENT ||
+ LOAD_TYPE_HAS_FLAGS(aLoadType, LOAD_FLAGS_REPLACE_HISTORY) ||
+ aLoadType == LOAD_HISTORY ||
+ aLoadType == LOAD_LINK) {
+ nsCOMPtr<nsIURI> currentURI = mCurrentURI;
+
+ nsAutoCString curHash, newHash;
+ bool curURIHasRef = false, newURIHasRef = false;
+
+ nsresult rvURINew = aURI->GetRef(newHash);
+ if (NS_SUCCEEDED(rvURINew)) {
+ rvURINew = aURI->GetHasRef(&newURIHasRef);
+ }
+
+ bool sameExceptHashes = false;
+ if (currentURI && NS_SUCCEEDED(rvURINew)) {
+ nsresult rvURIOld = currentURI->GetRef(curHash);
+ if (NS_SUCCEEDED(rvURIOld)) {
+ rvURIOld = currentURI->GetHasRef(&curURIHasRef);
+ }
+ if (NS_SUCCEEDED(rvURIOld)) {
+ if (NS_FAILED(currentURI->EqualsExceptRef(aURI, &sameExceptHashes))) {
+ sameExceptHashes = false;
+ }
+ }
+ }
+
+ if (!sameExceptHashes && sURIFixup && currentURI &&
+ NS_SUCCEEDED(rvURINew)) {
+ // Maybe aURI came from the exposable form of currentURI?
+ nsCOMPtr<nsIURI> currentExposableURI;
+ rv = sURIFixup->CreateExposableURI(currentURI,
+ getter_AddRefs(currentExposableURI));
+ NS_ENSURE_SUCCESS(rv, rv);
+ nsresult rvURIOld = currentExposableURI->GetRef(curHash);
+ if (NS_SUCCEEDED(rvURIOld)) {
+ rvURIOld = currentExposableURI->GetHasRef(&curURIHasRef);
+ }
+ if (NS_SUCCEEDED(rvURIOld)) {
+ if (NS_FAILED(currentExposableURI->EqualsExceptRef(aURI, &sameExceptHashes))) {
+ sameExceptHashes = false;
+ }
+ }
+ }
+
+ bool historyNavBetweenSameDoc = false;
+ if (mOSHE && aSHEntry) {
+ // We're doing a history load.
+
+ mOSHE->SharesDocumentWith(aSHEntry, &historyNavBetweenSameDoc);
+
+#ifdef DEBUG
+ if (historyNavBetweenSameDoc) {
+ nsCOMPtr<nsIInputStream> currentPostData;
+ mOSHE->GetPostData(getter_AddRefs(currentPostData));
+ NS_ASSERTION(currentPostData == aPostData,
+ "Different POST data for entries for the same page?");
+ }
+#endif
+ }
+
+ // A short-circuited load happens when we navigate between two SHEntries
+ // for the same document. We do a short-circuited load under two
+ // circumstances. Either
+ //
+ // a) we're navigating between two different SHEntries which share a
+ // document, or
+ //
+ // b) we're navigating to a new shentry whose URI differs from the
+ // current URI only in its hash, the new hash is non-empty, and
+ // we're not doing a POST.
+ //
+ // The restriction tha the SHEntries in (a) must be different ensures
+ // that history.go(0) and the like trigger full refreshes, rather than
+ // short-circuited loads.
+ bool doShortCircuitedLoad =
+ (historyNavBetweenSameDoc && mOSHE != aSHEntry) ||
+ (!aSHEntry && !aPostData &&
+ sameExceptHashes && newURIHasRef);
+
+ if (doShortCircuitedLoad) {
+ // Save the position of the scrollers.
+ nscoord cx = 0, cy = 0;
+ GetCurScrollPos(ScrollOrientation_X, &cx);
+ GetCurScrollPos(ScrollOrientation_Y, &cy);
+
+ // Reset mLoadType to its original value once we exit this block,
+ // because this short-circuited load might have started after a
+ // normal, network load, and we don't want to clobber its load type.
+ // See bug 737307.
+ AutoRestore<uint32_t> loadTypeResetter(mLoadType);
+
+ // If a non-short-circuit load (i.e., a network load) is pending,
+ // make this a replacement load, so that we don't add a SHEntry here
+ // and the network load goes into the SHEntry it expects to.
+ if (JustStartedNetworkLoad() && (aLoadType & LOAD_CMD_NORMAL)) {
+ mLoadType = LOAD_NORMAL_REPLACE;
+ } else {
+ mLoadType = aLoadType;
+ }
+
+ mURIResultedInDocument = true;
+
+ nsCOMPtr<nsISHEntry> oldLSHE = mLSHE;
+
+ /* we need to assign mLSHE to aSHEntry right here, so that on History
+ * loads, SetCurrentURI() called from OnNewURI() will send proper
+ * onLocationChange() notifications to the browser to update
+ * back/forward buttons.
+ */
+ SetHistoryEntry(&mLSHE, aSHEntry);
+
+ // Set the doc's URI according to the new history entry's URI.
+ nsCOMPtr<nsIDocument> doc = GetDocument();
+ NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE);
+ doc->SetDocumentURI(aURI);
+
+ /* This is a anchor traversal with in the same page.
+ * call OnNewURI() so that, this traversal will be
+ * recorded in session and global history.
+ */
+ nsCOMPtr<nsIPrincipal> triggeringPrincipal, principalToInherit;
+ if (mOSHE) {
+ mOSHE->GetTriggeringPrincipal(getter_AddRefs(triggeringPrincipal));
+ mOSHE->GetPrincipalToInherit(getter_AddRefs(principalToInherit));
+ }
+ // Pass true for aCloneSHChildren, since we're not
+ // changing documents here, so all of our subframes are
+ // still relevant to the new session history entry.
+ //
+ // It also makes OnNewURI(...) set LOCATION_CHANGE_SAME_DOCUMENT
+ // flag on firing onLocationChange(...).
+ // Anyway, aCloneSHChildren param is simply reflecting
+ // doShortCircuitedLoad in this scope.
+ OnNewURI(aURI, nullptr, triggeringPrincipal, principalToInherit,
+ mLoadType, true, true, true);
+
+ nsCOMPtr<nsIInputStream> postData;
+ nsCOMPtr<nsISupports> cacheKey;
+
+ bool scrollRestorationIsManual = false;
+ if (mOSHE) {
+ /* save current position of scroller(s) (bug 59774) */
+ mOSHE->SetScrollPosition(cx, cy);
+ mOSHE->GetScrollRestorationIsManual(&scrollRestorationIsManual);
+ // Get the postdata and page ident from the current page, if
+ // the new load is being done via normal means. Note that
+ // "normal means" can be checked for just by checking for
+ // LOAD_CMD_NORMAL, given the loadType and allowScroll check
+ // above -- it filters out some LOAD_CMD_NORMAL cases that we
+ // wouldn't want here.
+ if (aLoadType & LOAD_CMD_NORMAL) {
+ mOSHE->GetPostData(getter_AddRefs(postData));
+ mOSHE->GetCacheKey(getter_AddRefs(cacheKey));
+
+ // Link our new SHEntry to the old SHEntry's back/forward
+ // cache data, since the two SHEntries correspond to the
+ // same document.
+ if (mLSHE) {
+ if (!aSHEntry) {
+ // If we're not doing a history load, scroll restoration
+ // should be inherited from the previous session history entry.
+ mLSHE->SetScrollRestorationIsManual(scrollRestorationIsManual);
+ }
+ mLSHE->AdoptBFCacheEntry(mOSHE);
+ }
+ }
+ }
+
+ // If we're doing a history load, use its scroll restoration state.
+ if (aSHEntry) {
+ aSHEntry->GetScrollRestorationIsManual(&scrollRestorationIsManual);
+ }
+
+ /* Assign mOSHE to mLSHE. This will either be a new entry created
+ * by OnNewURI() for normal loads or aSHEntry for history loads.
+ */
+ if (mLSHE) {
+ SetHistoryEntry(&mOSHE, mLSHE);
+ // Save the postData obtained from the previous page
+ // in to the session history entry created for the
+ // anchor page, so that any history load of the anchor
+ // page will restore the appropriate postData.
+ if (postData) {
+ mOSHE->SetPostData(postData);
+ }
+
+ // Make sure we won't just repost without hitting the
+ // cache first
+ if (cacheKey) {
+ mOSHE->SetCacheKey(cacheKey);
+ }
+ }
+
+ /* Restore the original LSHE if we were loading something
+ * while short-circuited load was initiated.
+ */
+ SetHistoryEntry(&mLSHE, oldLSHE);
+ /* Set the title for the SH entry for this target url. so that
+ * SH menus in go/back/forward buttons won't be empty for this.
+ */
+ if (mSessionHistory) {
+ int32_t index = -1;
+ mSessionHistory->GetIndex(&index);
+ nsCOMPtr<nsISHEntry> shEntry;
+ mSessionHistory->GetEntryAtIndex(index, false, getter_AddRefs(shEntry));
+ NS_ENSURE_TRUE(shEntry, NS_ERROR_FAILURE);
+ shEntry->SetTitle(mTitle);
+ }
+
+ /* Set the title for the Global History entry for this anchor url.
+ */
+ if (mUseGlobalHistory && !UsePrivateBrowsing()) {
+ nsCOMPtr<IHistory> history = services::GetHistoryService();
+ if (history) {
+ history->SetURITitle(aURI, mTitle);
+ } else if (mGlobalHistory) {
+ mGlobalHistory->SetPageTitle(aURI, mTitle);
+ }
+ }
+
+ SetDocCurrentStateObj(mOSHE);
+
+ // Inform the favicon service that the favicon for oldURI also
+ // applies to aURI.
+ CopyFavicon(currentURI, aURI, doc->NodePrincipal(), UsePrivateBrowsing());
+
+ RefPtr<nsGlobalWindow> scriptGlobal = mScriptGlobal;
+ RefPtr<nsGlobalWindow> win = scriptGlobal ?
+ scriptGlobal->GetCurrentInnerWindowInternal() : nullptr;
+
+ // ScrollToAnchor doesn't necessarily cause us to scroll the window;
+ // the function decides whether a scroll is appropriate based on the
+ // arguments it receives. But even if we don't end up scrolling,
+ // ScrollToAnchor performs other important tasks, such as informing
+ // the presShell that we have a new hash. See bug 680257.
+ rv = ScrollToAnchor(curURIHasRef, newURIHasRef, newHash, aLoadType);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ /* restore previous position of scroller(s), if we're moving
+ * back in history (bug 59774)
+ */
+ nscoord bx = 0;
+ nscoord by = 0;
+ bool needsScrollPosUpdate = false;
+ if (mOSHE && (aLoadType == LOAD_HISTORY ||
+ aLoadType == LOAD_RELOAD_NORMAL) &&
+ !scrollRestorationIsManual) {
+ needsScrollPosUpdate = true;
+ mOSHE->GetScrollPosition(&bx, &by);
+ }
+
+ // Dispatch the popstate and hashchange events, as appropriate.
+ //
+ // The event dispatch below can cause us to re-enter script and
+ // destroy the docshell, nulling out mScriptGlobal. Hold a stack
+ // reference to avoid null derefs. See bug 914521.
+ if (win) {
+ // Fire a hashchange event URIs differ, and only in their hashes.
+ bool doHashchange = sameExceptHashes &&
+ (curURIHasRef != newURIHasRef || !curHash.Equals(newHash));
+
+ if (historyNavBetweenSameDoc || doHashchange) {
+ win->DispatchSyncPopState();
+ }
+
+ if (needsScrollPosUpdate && win->AsInner()->HasActiveDocument()) {
+ SetCurScrollPosEx(bx, by);
+ }
+
+ if (doHashchange) {
+ // Note that currentURI hasn't changed because it's on the
+ // stack, so we can just use it directly as the old URI.
+ win->DispatchAsyncHashchange(currentURI, aURI);
+ }
+ }
+
+ return NS_OK;
+ }
+ }
+
+ // mContentViewer->PermitUnload can destroy |this| docShell, which
+ // causes the next call of CanSavePresentation to crash.
+ // Hold onto |this| until we return, to prevent a crash from happening.
+ // (bug#331040)
+ nsCOMPtr<nsIDocShell> kungFuDeathGrip(this);
+
+ // Don't init timing for javascript:, since it generally doesn't
+ // actually start a load or anything. If it does, we'll init
+ // timing then, from OnStateChange.
+
+ // XXXbz mTiming should know what channel it's for, so we don't
+ // need this hackery. Note that this is still broken in cases
+ // when we're loading something that's not javascript: and the
+ // beforeunload handler denies the load. That will screw up
+ // timing for the next load!
+ if (!isJavaScript) {
+ MaybeInitTiming();
+ }
+ bool timeBeforeUnload = aFileName.IsVoid();
+ if (mTiming && timeBeforeUnload) {
+ mTiming->NotifyBeforeUnload();
+ }
+ // Check if the page doesn't want to be unloaded. The javascript:
+ // protocol handler deals with this for javascript: URLs.
+ if (!isJavaScript && aFileName.IsVoid() && mContentViewer) {
+ bool okToUnload;
+ rv = mContentViewer->PermitUnload(&okToUnload);
+
+ if (NS_SUCCEEDED(rv) && !okToUnload) {
+ // The user chose not to unload the page, interrupt the
+ // load.
+ return NS_OK;
+ }
+ }
+
+ if (mTiming && timeBeforeUnload) {
+ mTiming->NotifyUnloadAccepted(mCurrentURI);
+ }
+
+ // Check if the webbrowser chrome wants the load to proceed; this can be
+ // used to cancel attempts to load URIs in the wrong process.
+ nsCOMPtr<nsIWebBrowserChrome3> browserChrome3 = do_GetInterface(mTreeOwner);
+ if (browserChrome3) {
+ // In case this is a remote newtab load, set aURI to aOriginalURI (newtab).
+ // This ensures that the verifySignedContent flag is set on loadInfo in
+ // DoURILoad.
+ nsIURI* uriForShouldLoadCheck = aURI;
+ if (IsAboutNewtab(aOriginalURI)) {
+ uriForShouldLoadCheck = aOriginalURI;
+ }
+ bool shouldLoad;
+ rv = browserChrome3->ShouldLoadURI(this, uriForShouldLoadCheck, aReferrer,
+ &shouldLoad);
+ if (NS_SUCCEEDED(rv) && !shouldLoad) {
+ return NS_OK;
+ }
+ }
+
+ // Whenever a top-level browsing context is navigated, the user agent MUST
+ // lock the orientation of the document to the document's default
+ // orientation. We don't explicitly check for a top-level browsing context
+ // here because orientation is only set on top-level browsing contexts.
+ // We make an exception for apps because they currently rely on
+ // orientation locks persisting across browsing contexts.
+ if (OrientationLock() != eScreenOrientation_None && !GetIsApp()) {
+#ifdef DEBUG
+ nsCOMPtr<nsIDocShellTreeItem> parent;
+ GetSameTypeParent(getter_AddRefs(parent));
+ MOZ_ASSERT(!parent);
+#endif
+ SetOrientationLock(eScreenOrientation_None);
+ if (mIsActive) {
+ ScreenOrientation::UpdateActiveOrientationLock(eScreenOrientation_None);
+ }
+ }
+
+ // Check for saving the presentation here, before calling Stop().
+ // This is necessary so that we can catch any pending requests.
+ // Since the new request has not been created yet, we pass null for the
+ // new request parameter.
+ // Also pass nullptr for the document, since it doesn't affect the return
+ // value for our purposes here.
+ bool savePresentation = CanSavePresentation(aLoadType, nullptr, nullptr);
+
+ // Don't stop current network activity for javascript: URL's since
+ // they might not result in any data, and thus nothing should be
+ // stopped in those cases. In the case where they do result in
+ // data, the javascript: URL channel takes care of stopping
+ // current network activity.
+ if (!isJavaScript && aFileName.IsVoid()) {
+ // Stop any current network activity.
+ // Also stop content if this is a zombie doc. otherwise
+ // the onload will be delayed by other loads initiated in the
+ // background by the first document that
+ // didn't fully load before the next load was initiated.
+ // If not a zombie, don't stop content until data
+ // starts arriving from the new URI...
+
+ nsCOMPtr<nsIContentViewer> zombieViewer;
+ if (mContentViewer) {
+ mContentViewer->GetPreviousViewer(getter_AddRefs(zombieViewer));
+ }
+
+ if (zombieViewer ||
+ LOAD_TYPE_HAS_FLAGS(aLoadType, LOAD_FLAGS_STOP_CONTENT)) {
+ rv = Stop(nsIWebNavigation::STOP_ALL);
+ } else {
+ rv = Stop(nsIWebNavigation::STOP_NETWORK);
+ }
+
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ }
+
+ mLoadType = aLoadType;
+
+ // mLSHE should be assigned to aSHEntry, only after Stop() has
+ // been called. But when loading an error page, do not clear the
+ // mLSHE for the real page.
+ if (mLoadType != LOAD_ERROR_PAGE) {
+ SetHistoryEntry(&mLSHE, aSHEntry);
+ }
+
+ mSavingOldViewer = savePresentation;
+
+ // If we have a saved content viewer in history, restore and show it now.
+ if (aSHEntry && (mLoadType & LOAD_CMD_HISTORY)) {
+ // Make sure our history ID points to the same ID as
+ // SHEntry's docshell ID.
+ aSHEntry->GetDocshellID(&mHistoryID);
+
+ // It's possible that the previous viewer of mContentViewer is the
+ // viewer that will end up in aSHEntry when it gets closed. If that's
+ // the case, we need to go ahead and force it into its shentry so we
+ // can restore it.
+ if (mContentViewer) {
+ nsCOMPtr<nsIContentViewer> prevViewer;
+ mContentViewer->GetPreviousViewer(getter_AddRefs(prevViewer));
+ if (prevViewer) {
+#ifdef DEBUG
+ nsCOMPtr<nsIContentViewer> prevPrevViewer;
+ prevViewer->GetPreviousViewer(getter_AddRefs(prevPrevViewer));
+ NS_ASSERTION(!prevPrevViewer, "Should never have viewer chain here");
+#endif
+ nsCOMPtr<nsISHEntry> viewerEntry;
+ prevViewer->GetHistoryEntry(getter_AddRefs(viewerEntry));
+ if (viewerEntry == aSHEntry) {
+ // Make sure this viewer ends up in the right place
+ mContentViewer->SetPreviousViewer(nullptr);
+ prevViewer->Destroy();
+ }
+ }
+ }
+ nsCOMPtr<nsISHEntry> oldEntry = mOSHE;
+ bool restoring;
+ rv = RestorePresentation(aSHEntry, &restoring);
+ if (restoring) {
+ return rv;
+ }
+
+ // We failed to restore the presentation, so clean up.
+ // Both the old and new history entries could potentially be in
+ // an inconsistent state.
+ if (NS_FAILED(rv)) {
+ if (oldEntry) {
+ oldEntry->SyncPresentationState();
+ }
+
+ aSHEntry->SyncPresentationState();
+ }
+ }
+
+ nsAutoString srcdoc;
+ if (aFlags & INTERNAL_LOAD_FLAGS_IS_SRCDOC) {
+ srcdoc = aSrcdoc;
+ } else {
+ srcdoc = NullString();
+ }
+
+ net::PredictorLearn(aURI, nullptr,
+ nsINetworkPredictor::LEARN_LOAD_TOPLEVEL, this);
+ net::PredictorPredict(aURI, nullptr,
+ nsINetworkPredictor::PREDICT_LOAD, this, nullptr);
+
+ nsCOMPtr<nsIRequest> req;
+ rv = DoURILoad(aURI, aOriginalURI, aLoadReplace, aReferrer,
+ !(aFlags & INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER),
+ aReferrerPolicy,
+ aTriggeringPrincipal, principalToInherit, aTypeHint,
+ aFileName, aPostData, aHeadersData,
+ aFirstParty, aDocShell, getter_AddRefs(req),
+ (aFlags & INTERNAL_LOAD_FLAGS_FIRST_LOAD) != 0,
+ (aFlags & INTERNAL_LOAD_FLAGS_BYPASS_CLASSIFIER) != 0,
+ (aFlags & INTERNAL_LOAD_FLAGS_FORCE_ALLOW_COOKIES) != 0,
+ srcdoc, aBaseURI, contentType);
+ if (req && aRequest) {
+ NS_ADDREF(*aRequest = req);
+ }
+
+ if (NS_FAILED(rv)) {
+ nsCOMPtr<nsIChannel> chan(do_QueryInterface(req));
+ if (DisplayLoadError(rv, aURI, nullptr, chan) &&
+ (aFlags & LOAD_FLAGS_ERROR_LOAD_CHANGES_RV) != 0) {
+ return NS_ERROR_LOAD_SHOWED_ERRORPAGE;
+ }
+ }
+
+ return rv;
+}
+
+nsIPrincipal*
+nsDocShell::GetInheritedPrincipal(bool aConsiderCurrentDocument)
+{
+ nsCOMPtr<nsIDocument> document;
+ bool inheritedFromCurrent = false;
+
+ if (aConsiderCurrentDocument && mContentViewer) {
+ document = mContentViewer->GetDocument();
+ inheritedFromCurrent = true;
+ }
+
+ if (!document) {
+ nsCOMPtr<nsIDocShellTreeItem> parentItem;
+ GetSameTypeParent(getter_AddRefs(parentItem));
+ if (parentItem) {
+ document = parentItem->GetDocument();
+ }
+ }
+
+ if (!document) {
+ if (!aConsiderCurrentDocument) {
+ return nullptr;
+ }
+
+ // Make sure we end up with _something_ as the principal no matter
+ // what.If this fails, we'll just get a null docViewer and bail.
+ EnsureContentViewer();
+ if (!mContentViewer) {
+ return nullptr;
+ }
+ document = mContentViewer->GetDocument();
+ }
+
+ //-- Get the document's principal
+ if (document) {
+ nsIPrincipal* docPrincipal = document->NodePrincipal();
+
+ // Don't allow loads in typeContent docShells to inherit the system
+ // principal from existing documents.
+ if (inheritedFromCurrent &&
+ mItemType == typeContent &&
+ nsContentUtils::IsSystemPrincipal(docPrincipal)) {
+ return nullptr;
+ }
+
+ return docPrincipal;
+ }
+
+ return nullptr;
+}
+
+nsresult
+nsDocShell::DoURILoad(nsIURI* aURI,
+ nsIURI* aOriginalURI,
+ bool aLoadReplace,
+ nsIURI* aReferrerURI,
+ bool aSendReferrer,
+ uint32_t aReferrerPolicy,
+ nsIPrincipal* aTriggeringPrincipal,
+ nsIPrincipal* aPrincipalToInherit,
+ const char* aTypeHint,
+ const nsAString& aFileName,
+ nsIInputStream* aPostData,
+ nsIInputStream* aHeadersData,
+ bool aFirstParty,
+ nsIDocShell** aDocShell,
+ nsIRequest** aRequest,
+ bool aIsNewWindowTarget,
+ bool aBypassClassifier,
+ bool aForceAllowCookies,
+ const nsAString& aSrcdoc,
+ nsIURI* aBaseURI,
+ nsContentPolicyType aContentPolicyType)
+{
+ // Double-check that we're still around to load this URI.
+ if (mIsBeingDestroyed) {
+ // Return NS_OK despite not doing anything to avoid throwing exceptions from
+ // nsLocation::SetHref if the unload handler of the existing page tears us
+ // down.
+ return NS_OK;
+ }
+
+ nsresult rv;
+ nsCOMPtr<nsIURILoader> uriLoader = do_GetService(NS_URI_LOADER_CONTRACTID, &rv);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ if (IsFrame()) {
+
+ MOZ_ASSERT(aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IFRAME ||
+ aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME,
+ "DoURILoad thinks this is a frame and InternalLoad does not");
+
+ // Only allow view-source scheme in top-level docshells. view-source is
+ // the only scheme to which this applies at the moment due to potential
+ // timing attacks to read data from cross-origin iframes. If this widens
+ // we should add a protocol flag for whether the scheme is allowed in
+ // frames and use something like nsNetUtil::NS_URIChainHasFlags.
+ nsCOMPtr<nsIURI> tempURI = aURI;
+ nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(tempURI);
+ while (nestedURI) {
+ // view-source should always be an nsINestedURI, loop and check the
+ // scheme on this and all inner URIs that are also nested URIs.
+ bool isViewSource = false;
+ rv = tempURI->SchemeIs("view-source", &isViewSource);
+ if (NS_FAILED(rv) || isViewSource) {
+ return NS_ERROR_UNKNOWN_PROTOCOL;
+ }
+ nestedURI->GetInnerURI(getter_AddRefs(tempURI));
+ nestedURI = do_QueryInterface(tempURI);
+ }
+ } else {
+ MOZ_ASSERT(aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT,
+ "DoURILoad thinks this is a document and InternalLoad does not");
+ }
+
+ // open a channel for the url
+ nsCOMPtr<nsIChannel> channel;
+
+ bool isSrcdoc = !aSrcdoc.IsVoid();
+
+ // There are two cases we care about:
+ // * Top-level load: In this case, loadingNode is null, but loadingWindow
+ // is our mScriptGlobal. We pass null for loadingPrincipal in this case.
+ // * Subframe load: loadingWindow is null, but loadingNode is the frame
+ // element for the load. loadingPrincipal is the NodePrincipal of the frame
+ // element.
+ nsCOMPtr<nsINode> loadingNode;
+ nsCOMPtr<nsPIDOMWindowOuter> loadingWindow;
+ nsCOMPtr<nsIPrincipal> loadingPrincipal;
+
+ if (aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) {
+ loadingNode = nullptr;
+ loadingPrincipal = nullptr;
+ loadingWindow = mScriptGlobal->AsOuter();
+ } else {
+ loadingWindow = nullptr;
+ loadingNode = mScriptGlobal->AsOuter()->GetFrameElementInternal();
+ if (loadingNode) {
+ // If we have a loading node, then use that as our loadingPrincipal.
+ loadingPrincipal = loadingNode->NodePrincipal();
+ } else {
+ // If this isn't a top-level load and mScriptGlobal's frame element is
+ // null, then the element got removed from the DOM while we were trying
+ // to load this resource. This docshell is scheduled for destruction
+ // already, so bail out here.
+ return NS_OK;
+ }
+ }
+
+ // Getting the right triggeringPrincipal needs to be updated and is only
+ // ready for use once bug 1182569 landed. Until then, we cannot rely on
+ // the triggeringPrincipal for TYPE_DOCUMENT loads.
+ MOZ_ASSERT(aTriggeringPrincipal, "Need a valid triggeringPrincipal");
+
+ bool isSandBoxed = mSandboxFlags & SANDBOXED_ORIGIN;
+ // only inherit if we have a aPrincipalToInherit
+ bool inherit = false;
+
+ if (aPrincipalToInherit) {
+ inherit = nsContentUtils::ChannelShouldInheritPrincipal(
+ aPrincipalToInherit,
+ aURI,
+ true, // aInheritForAboutBlank
+ isSrcdoc);
+ }
+
+ nsLoadFlags loadFlags = mDefaultLoadFlags;
+ nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
+
+ if (aFirstParty) {
+ // tag first party URL loads
+ loadFlags |= nsIChannel::LOAD_INITIAL_DOCUMENT_URI;
+ }
+
+ if (mLoadType == LOAD_ERROR_PAGE) {
+ // Error pages are LOAD_BACKGROUND
+ loadFlags |= nsIChannel::LOAD_BACKGROUND;
+ securityFlags |= nsILoadInfo::SEC_LOAD_ERROR_PAGE;
+ }
+
+ if (inherit) {
+ securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
+ }
+ if (isSandBoxed) {
+ securityFlags |= nsILoadInfo::SEC_SANDBOXED;
+ }
+
+ nsCOMPtr<nsILoadInfo> loadInfo =
+ (aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) ?
+ new LoadInfo(loadingWindow, aTriggeringPrincipal,
+ securityFlags) :
+ new LoadInfo(loadingPrincipal, aTriggeringPrincipal, loadingNode,
+ securityFlags, aContentPolicyType);
+
+ if (aPrincipalToInherit) {
+ loadInfo->SetPrincipalToInherit(aPrincipalToInherit);
+ }
+
+ // We have to do this in case our OriginAttributes are different from the
+ // OriginAttributes of the parent document. Or in case there isn't a
+ // parent document.
+ NeckoOriginAttributes neckoAttrs;
+ bool isTopLevelDoc = aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT &&
+ mItemType == typeContent &&
+ !GetIsMozBrowserOrApp();
+ neckoAttrs.InheritFromDocShellToNecko(GetOriginAttributes(), isTopLevelDoc, aURI);
+ rv = loadInfo->SetOriginAttributes(neckoAttrs);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ if (!isSrcdoc) {
+ rv = NS_NewChannelInternal(getter_AddRefs(channel),
+ aURI,
+ loadInfo,
+ nullptr, // loadGroup
+ static_cast<nsIInterfaceRequestor*>(this),
+ loadFlags);
+
+ if (NS_FAILED(rv)) {
+ if (rv == NS_ERROR_UNKNOWN_PROTOCOL) {
+ // This is a uri with a protocol scheme we don't know how
+ // to handle. Embedders might still be interested in
+ // handling the load, though, so we fire a notification
+ // before throwing the load away.
+ bool abort = false;
+ nsresult rv2 = mContentListener->OnStartURIOpen(aURI, &abort);
+ if (NS_SUCCEEDED(rv2) && abort) {
+ // Hey, they're handling the load for us! How convenient!
+ return NS_OK;
+ }
+ }
+ return rv;
+ }
+
+ if (aBaseURI) {
+ nsCOMPtr<nsIViewSourceChannel> vsc = do_QueryInterface(channel);
+ if (vsc) {
+ vsc->SetBaseURI(aBaseURI);
+ }
+ }
+ } else {
+ nsAutoCString scheme;
+ rv = aURI->GetScheme(scheme);
+ NS_ENSURE_SUCCESS(rv, rv);
+ bool isViewSource;
+ aURI->SchemeIs("view-source", &isViewSource);
+
+ if (isViewSource) {
+ nsViewSourceHandler* vsh = nsViewSourceHandler::GetInstance();
+ NS_ENSURE_TRUE(vsh, NS_ERROR_FAILURE);
+
+ rv = vsh->NewSrcdocChannel(aURI, aBaseURI, aSrcdoc,
+ loadInfo, getter_AddRefs(channel));
+ } else {
+ rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel),
+ aURI,
+ aSrcdoc,
+ NS_LITERAL_CSTRING("text/html"),
+ loadInfo,
+ true);
+ NS_ENSURE_SUCCESS(rv, rv);
+ nsCOMPtr<nsIInputStreamChannel> isc = do_QueryInterface(channel);
+ MOZ_ASSERT(isc);
+ isc->SetBaseURI(aBaseURI);
+ }
+ }
+
+ nsCOMPtr<nsIApplicationCacheChannel> appCacheChannel =
+ do_QueryInterface(channel);
+ if (appCacheChannel) {
+ // Any document load should not inherit application cache.
+ appCacheChannel->SetInheritApplicationCache(false);
+
+ // Loads with the correct permissions should check for a matching
+ // application cache.
+ if (GeckoProcessType_Default != XRE_GetProcessType()) {
+ // Permission will be checked in the parent process
+ appCacheChannel->SetChooseApplicationCache(true);
+ } else {
+ nsCOMPtr<nsIScriptSecurityManager> secMan =
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+
+ if (secMan) {
+ nsCOMPtr<nsIPrincipal> principal;
+ secMan->GetDocShellCodebasePrincipal(aURI, this,
+ getter_AddRefs(principal));
+ appCacheChannel->SetChooseApplicationCache(
+ NS_ShouldCheckAppCache(principal, UsePrivateBrowsing()));
+ }
+ }
+ }
+
+ // Make sure to give the caller a channel if we managed to create one
+ // This is important for correct error page/session history interaction
+ if (aRequest) {
+ NS_ADDREF(*aRequest = channel);
+ }
+
+ if (aOriginalURI) {
+ channel->SetOriginalURI(aOriginalURI);
+ if (aLoadReplace) {
+ uint32_t loadFlags;
+ channel->GetLoadFlags(&loadFlags);
+ NS_ENSURE_SUCCESS(rv, rv);
+ channel->SetLoadFlags(loadFlags | nsIChannel::LOAD_REPLACE);
+ }
+ } else {
+ channel->SetOriginalURI(aURI);
+ }
+
+ if (aTypeHint && *aTypeHint) {
+ channel->SetContentType(nsDependentCString(aTypeHint));
+ mContentTypeHint = aTypeHint;
+ } else {
+ mContentTypeHint.Truncate();
+ }
+
+ if (!aFileName.IsVoid()) {
+ rv = channel->SetContentDisposition(nsIChannel::DISPOSITION_ATTACHMENT);
+ NS_ENSURE_SUCCESS(rv, rv);
+ if (!aFileName.IsEmpty()) {
+ rv = channel->SetContentDispositionFilename(aFileName);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ }
+
+ if (mLoadType == LOAD_NORMAL_ALLOW_MIXED_CONTENT ||
+ mLoadType == LOAD_RELOAD_ALLOW_MIXED_CONTENT) {
+ rv = SetMixedContentChannel(channel);
+ NS_ENSURE_SUCCESS(rv, rv);
+ } else if (mMixedContentChannel) {
+ /*
+ * If the user "Disables Protection on This Page", we call
+ * SetMixedContentChannel for the first time, otherwise
+ * mMixedContentChannel is still null.
+ * Later, if the new channel passes a same orign check, we remember the
+ * users decision by calling SetMixedContentChannel using the new channel.
+ * This way, the user does not have to click the disable protection button
+ * over and over for browsing the same site.
+ */
+ rv = nsContentUtils::CheckSameOrigin(mMixedContentChannel, channel);
+ if (NS_FAILED(rv) || NS_FAILED(SetMixedContentChannel(channel))) {
+ SetMixedContentChannel(nullptr);
+ }
+ }
+
+ // hack
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel));
+ nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal(
+ do_QueryInterface(channel));
+ if (httpChannelInternal) {
+ if (aForceAllowCookies) {
+ httpChannelInternal->SetThirdPartyFlags(
+ nsIHttpChannelInternal::THIRD_PARTY_FORCE_ALLOW);
+ }
+ if (aFirstParty) {
+ httpChannelInternal->SetDocumentURI(aURI);
+ } else {
+ httpChannelInternal->SetDocumentURI(aReferrerURI);
+ }
+ httpChannelInternal->SetRedirectMode(
+ nsIHttpChannelInternal::REDIRECT_MODE_MANUAL);
+ }
+
+ nsCOMPtr<nsIWritablePropertyBag2> props(do_QueryInterface(channel));
+ if (props) {
+ // save true referrer for those who need it (e.g. xpinstall whitelisting)
+ // Currently only http and ftp channels support this.
+ props->SetPropertyAsInterface(NS_LITERAL_STRING("docshell.internalReferrer"),
+ aReferrerURI);
+ }
+
+ nsCOMPtr<nsICacheInfoChannel> cacheChannel(do_QueryInterface(channel));
+ /* Get the cache Key from SH */
+ nsCOMPtr<nsISupports> cacheKey;
+ if (cacheChannel) {
+ if (mLSHE) {
+ mLSHE->GetCacheKey(getter_AddRefs(cacheKey));
+ } else if (mOSHE) { // for reload cases
+ mOSHE->GetCacheKey(getter_AddRefs(cacheKey));
+ }
+ }
+
+ // figure out if we need to set the post data stream on the channel...
+ if (aPostData) {
+ nsCOMPtr<nsIFormPOSTActionChannel> postChannel(do_QueryInterface(channel));
+ if (postChannel) {
+ // XXX it's a bit of a hack to rewind the postdata stream here but
+ // it has to be done in case the post data is being reused multiple
+ // times.
+ nsCOMPtr<nsISeekableStream> postDataSeekable =
+ do_QueryInterface(aPostData);
+ if (postDataSeekable) {
+ rv = postDataSeekable->Seek(nsISeekableStream::NS_SEEK_SET, 0);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ // we really need to have a content type associated with this stream!!
+ postChannel->SetUploadStream(aPostData, EmptyCString(), -1);
+ }
+
+ /* If there is a valid postdata *and* it is a History Load,
+ * set up the cache key on the channel, to retrieve the
+ * data *only* from the cache. If it is a normal reload, the
+ * cache is free to go to the server for updated postdata.
+ */
+ if (cacheChannel && cacheKey) {
+ if (mLoadType == LOAD_HISTORY ||
+ mLoadType == LOAD_RELOAD_CHARSET_CHANGE) {
+ cacheChannel->SetCacheKey(cacheKey);
+ uint32_t loadFlags;
+ if (NS_SUCCEEDED(channel->GetLoadFlags(&loadFlags))) {
+ channel->SetLoadFlags(
+ loadFlags | nsICachingChannel::LOAD_ONLY_FROM_CACHE);
+ }
+ } else if (mLoadType == LOAD_RELOAD_NORMAL) {
+ cacheChannel->SetCacheKey(cacheKey);
+ }
+ }
+ } else {
+ /* If there is no postdata, set the cache key on the channel, and
+ * do not set the LOAD_ONLY_FROM_CACHE flag, so that the channel
+ * will be free to get it from net if it is not found in cache.
+ * New cache may use it creatively on CGI pages with GET
+ * method and even on those that say "no-cache"
+ */
+ if (mLoadType == LOAD_HISTORY ||
+ mLoadType == LOAD_RELOAD_NORMAL ||
+ mLoadType == LOAD_RELOAD_CHARSET_CHANGE) {
+ if (cacheChannel && cacheKey) {
+ cacheChannel->SetCacheKey(cacheKey);
+ }
+ }
+ }
+
+ if (httpChannel) {
+ if (aHeadersData) {
+ rv = AddHeadersToChannel(aHeadersData, httpChannel);
+ }
+ // Set the referrer explicitly
+ if (aReferrerURI && aSendReferrer) {
+ // Referrer is currenly only set for link clicks here.
+ httpChannel->SetReferrerWithPolicy(aReferrerURI, aReferrerPolicy);
+ }
+ // set Content-Signature enforcing bit if aOriginalURI == about:newtab
+ if (aOriginalURI && httpChannel) {
+ if (IsAboutNewtab(aOriginalURI)) {
+ nsCOMPtr<nsILoadInfo> loadInfo = httpChannel->GetLoadInfo();
+ if (loadInfo) {
+ loadInfo->SetVerifySignedContent(true);
+ }
+ }
+ }
+ }
+
+ nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
+ if (scriptChannel) {
+ // Allow execution against our context if the principals match
+ scriptChannel->SetExecutionPolicy(nsIScriptChannel::EXECUTE_NORMAL);
+ }
+
+ if (aIsNewWindowTarget) {
+ nsCOMPtr<nsIWritablePropertyBag2> props = do_QueryInterface(channel);
+ if (props) {
+ props->SetPropertyAsBool(NS_LITERAL_STRING("docshell.newWindowTarget"),
+ true);
+ }
+ }
+
+ nsCOMPtr<nsITimedChannel> timedChannel(do_QueryInterface(channel));
+ if (timedChannel) {
+ timedChannel->SetTimingEnabled(true);
+
+ nsCOMPtr<nsPIDOMWindowOuter> win = GetWindow();
+ if (IsFrame() && win) {
+ nsCOMPtr<Element> frameElement = win->GetFrameElementInternal();
+ if (frameElement) {
+ timedChannel->SetInitiatorType(frameElement->LocalName());
+ }
+ }
+ }
+
+ rv = DoChannelLoad(channel, uriLoader, aBypassClassifier);
+
+ //
+ // If the channel load failed, we failed and nsIWebProgress just ain't
+ // gonna happen.
+ //
+ if (NS_SUCCEEDED(rv)) {
+ if (aDocShell) {
+ *aDocShell = this;
+ NS_ADDREF(*aDocShell);
+ }
+ }
+
+ return rv;
+}
+
+static nsresult
+AppendSegmentToString(nsIInputStream* aIn,
+ void* aClosure,
+ const char* aFromRawSegment,
+ uint32_t aToOffset,
+ uint32_t aCount,
+ uint32_t* aWriteCount)
+{
+ // aFromSegment now contains aCount bytes of data.
+
+ nsAutoCString* buf = static_cast<nsAutoCString*>(aClosure);
+ buf->Append(aFromRawSegment, aCount);
+
+ // Indicate that we have consumed all of aFromSegment
+ *aWriteCount = aCount;
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::AddHeadersToChannel(nsIInputStream* aHeadersData,
+ nsIChannel* aGenericChannel)
+{
+ nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aGenericChannel);
+ NS_ENSURE_STATE(httpChannel);
+
+ uint32_t numRead;
+ nsAutoCString headersString;
+ nsresult rv = aHeadersData->ReadSegments(AppendSegmentToString,
+ &headersString,
+ UINT32_MAX,
+ &numRead);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // used during the manipulation of the String from the InputStream
+ nsAutoCString headerName;
+ nsAutoCString headerValue;
+ int32_t crlf;
+ int32_t colon;
+
+ //
+ // Iterate over the headersString: for each "\r\n" delimited chunk,
+ // add the value as a header to the nsIHttpChannel
+ //
+
+ static const char kWhitespace[] = "\b\t\r\n ";
+ while (true) {
+ crlf = headersString.Find("\r\n");
+ if (crlf == kNotFound) {
+ return NS_OK;
+ }
+
+ const nsCSubstring& oneHeader = StringHead(headersString, crlf);
+
+ colon = oneHeader.FindChar(':');
+ if (colon == kNotFound) {
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ headerName = StringHead(oneHeader, colon);
+ headerValue = Substring(oneHeader, colon + 1);
+
+ headerName.Trim(kWhitespace);
+ headerValue.Trim(kWhitespace);
+
+ headersString.Cut(0, crlf + 2);
+
+ //
+ // FINALLY: we can set the header!
+ //
+
+ rv = httpChannel->SetRequestHeader(headerName, headerValue, true);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ NS_NOTREACHED("oops");
+ return NS_ERROR_UNEXPECTED;
+}
+
+nsresult
+nsDocShell::DoChannelLoad(nsIChannel* aChannel,
+ nsIURILoader* aURILoader,
+ bool aBypassClassifier)
+{
+ nsresult rv;
+ // Mark the channel as being a document URI and allow content sniffing...
+ nsLoadFlags loadFlags = 0;
+ (void)aChannel->GetLoadFlags(&loadFlags);
+ loadFlags |= nsIChannel::LOAD_DOCUMENT_URI |
+ nsIChannel::LOAD_CALL_CONTENT_SNIFFERS;
+
+ // Load attributes depend on load type...
+ switch (mLoadType) {
+ case LOAD_HISTORY: {
+ // Only send VALIDATE_NEVER if mLSHE's URI was never changed via
+ // push/replaceState (bug 669671).
+ bool uriModified = false;
+ if (mLSHE) {
+ mLSHE->GetURIWasModified(&uriModified);
+ }
+
+ if (!uriModified) {
+ loadFlags |= nsIRequest::VALIDATE_NEVER;
+ }
+ break;
+ }
+
+ case LOAD_RELOAD_CHARSET_CHANGE: {
+ // Use SetAllowStaleCacheContent (not LOAD_FROM_CACHE flag) since we only want
+ // to force cache load for this channel, not the whole loadGroup.
+ nsCOMPtr<nsICacheInfoChannel> cachingChannel = do_QueryInterface(aChannel);
+ if (cachingChannel) {
+ cachingChannel->SetAllowStaleCacheContent(true);
+ }
+ break;
+ }
+
+ case LOAD_RELOAD_NORMAL:
+ case LOAD_REFRESH:
+ loadFlags |= nsIRequest::VALIDATE_ALWAYS;
+ break;
+
+ case LOAD_NORMAL_BYPASS_CACHE:
+ case LOAD_NORMAL_BYPASS_PROXY:
+ case LOAD_NORMAL_BYPASS_PROXY_AND_CACHE:
+ case LOAD_NORMAL_ALLOW_MIXED_CONTENT:
+ case LOAD_RELOAD_BYPASS_CACHE:
+ case LOAD_RELOAD_BYPASS_PROXY:
+ case LOAD_RELOAD_BYPASS_PROXY_AND_CACHE:
+ case LOAD_RELOAD_ALLOW_MIXED_CONTENT:
+ case LOAD_REPLACE_BYPASS_CACHE:
+ loadFlags |= nsIRequest::LOAD_BYPASS_CACHE |
+ nsIRequest::LOAD_FRESH_CONNECTION;
+ break;
+
+ case LOAD_NORMAL:
+ case LOAD_LINK:
+ // Set cache checking flags
+ switch (Preferences::GetInt("browser.cache.check_doc_frequency", -1)) {
+ case 0:
+ loadFlags |= nsIRequest::VALIDATE_ONCE_PER_SESSION;
+ break;
+ case 1:
+ loadFlags |= nsIRequest::VALIDATE_ALWAYS;
+ break;
+ case 2:
+ loadFlags |= nsIRequest::VALIDATE_NEVER;
+ break;
+ }
+ break;
+ }
+
+ if (!aBypassClassifier) {
+ loadFlags |= nsIChannel::LOAD_CLASSIFY_URI;
+ }
+
+ // If the user pressed shift-reload, then do not allow ServiceWorker
+ // interception to occur. See step 12.1 of the SW HandleFetch algorithm.
+ if (IsForceReloadType(mLoadType)) {
+ loadFlags |= nsIChannel::LOAD_BYPASS_SERVICE_WORKER;
+ }
+
+ (void)aChannel->SetLoadFlags(loadFlags);
+
+ uint32_t openFlags = 0;
+ if (mLoadType == LOAD_LINK) {
+ openFlags |= nsIURILoader::IS_CONTENT_PREFERRED;
+ }
+ if (!mAllowContentRetargeting) {
+ openFlags |= nsIURILoader::DONT_RETARGET;
+ }
+ rv = aURILoader->OpenURI(aChannel, openFlags, this);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::ScrollToAnchor(bool aCurHasRef, bool aNewHasRef,
+ nsACString& aNewHash, uint32_t aLoadType)
+{
+ if (!mCurrentURI) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIPresShell> shell = GetPresShell();
+ if (!shell) {
+ // If we failed to get the shell, or if there is no shell,
+ // nothing left to do here.
+ return NS_OK;
+ }
+
+ nsIScrollableFrame* rootScroll = shell->GetRootScrollFrameAsScrollable();
+ if (rootScroll) {
+ rootScroll->ClearDidHistoryRestore();
+ }
+
+ // If we have no new anchor, we do not want to scroll, unless there is a
+ // current anchor and we are doing a history load. So return if we have no
+ // new anchor, and there is no current anchor or the load is not a history
+ // load.
+ if ((!aCurHasRef || aLoadType != LOAD_HISTORY) && !aNewHasRef) {
+ return NS_OK;
+ }
+
+ // Both the new and current URIs refer to the same page. We can now
+ // browse to the hash stored in the new URI.
+
+ if (!aNewHash.IsEmpty()) {
+ // anchor is there, but if it's a load from history,
+ // we don't have any anchor jumping to do
+ bool scroll = aLoadType != LOAD_HISTORY &&
+ aLoadType != LOAD_RELOAD_NORMAL;
+
+ char* str = ToNewCString(aNewHash);
+ if (!str) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ // nsUnescape modifies the string that is passed into it.
+ nsUnescape(str);
+
+ // We assume that the bytes are in UTF-8, as it says in the
+ // spec:
+ // http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.1
+
+ // We try the UTF-8 string first, and then try the document's
+ // charset (see below). If the string is not UTF-8,
+ // conversion will fail and give us an empty Unicode string.
+ // In that case, we should just fall through to using the
+ // page's charset.
+ nsresult rv = NS_ERROR_FAILURE;
+ NS_ConvertUTF8toUTF16 uStr(str);
+ if (!uStr.IsEmpty()) {
+ rv = shell->GoToAnchor(NS_ConvertUTF8toUTF16(str), scroll,
+ nsIPresShell::SCROLL_SMOOTH_AUTO);
+ }
+ free(str);
+
+ // Above will fail if the anchor name is not UTF-8. Need to
+ // convert from document charset to unicode.
+ if (NS_FAILED(rv)) {
+ // Get a document charset
+ NS_ENSURE_TRUE(mContentViewer, NS_ERROR_FAILURE);
+ nsIDocument* doc = mContentViewer->GetDocument();
+ NS_ENSURE_TRUE(doc, NS_ERROR_FAILURE);
+ const nsACString& aCharset = doc->GetDocumentCharacterSet();
+
+ nsCOMPtr<nsITextToSubURI> textToSubURI =
+ do_GetService(NS_ITEXTTOSUBURI_CONTRACTID, &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Unescape and convert to unicode
+ nsXPIDLString uStr;
+
+ rv = textToSubURI->UnEscapeAndConvert(PromiseFlatCString(aCharset).get(),
+ PromiseFlatCString(aNewHash).get(),
+ getter_Copies(uStr));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Ignore return value of GoToAnchor, since it will return an error
+ // if there is no such anchor in the document, which is actually a
+ // success condition for us (we want to update the session history
+ // with the new URI no matter whether we actually scrolled
+ // somewhere).
+ //
+ // When aNewHash contains "%00", unescaped string may be empty.
+ // And GoToAnchor asserts if we ask it to scroll to an empty ref.
+ shell->GoToAnchor(uStr, scroll && !uStr.IsEmpty(),
+ nsIPresShell::SCROLL_SMOOTH_AUTO);
+ }
+ } else {
+ // Tell the shell it's at an anchor, without scrolling.
+ shell->GoToAnchor(EmptyString(), false);
+
+ // An empty anchor was found, but if it's a load from history,
+ // we don't have to jump to the top of the page. Scrollbar
+ // position will be restored by the caller, based on positions
+ // stored in session history.
+ if (aLoadType == LOAD_HISTORY || aLoadType == LOAD_RELOAD_NORMAL) {
+ return NS_OK;
+ }
+ // An empty anchor. Scroll to the top of the page. Ignore the
+ // return value; failure to scroll here (e.g. if there is no
+ // root scrollframe) is not grounds for canceling the load!
+ SetCurScrollPosEx(0, 0);
+ }
+
+ return NS_OK;
+}
+
+void
+nsDocShell::SetupReferrerFromChannel(nsIChannel* aChannel)
+{
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
+ if (httpChannel) {
+ nsCOMPtr<nsIURI> referrer;
+ nsresult rv = httpChannel->GetReferrer(getter_AddRefs(referrer));
+ if (NS_SUCCEEDED(rv)) {
+ SetReferrerURI(referrer);
+ }
+ uint32_t referrerPolicy;
+ rv = httpChannel->GetReferrerPolicy(&referrerPolicy);
+ if (NS_SUCCEEDED(rv)) {
+ SetReferrerPolicy(referrerPolicy);
+ }
+ }
+}
+
+bool
+nsDocShell::OnNewURI(nsIURI* aURI, nsIChannel* aChannel,
+ nsIPrincipal* aTriggeringPrincipal,
+ nsIPrincipal* aPrincipalToInherit,
+ uint32_t aLoadType, bool aFireOnLocationChange,
+ bool aAddToGlobalHistory, bool aCloneSHChildren)
+{
+ NS_PRECONDITION(aURI, "uri is null");
+ NS_PRECONDITION(!aChannel || !aTriggeringPrincipal, "Shouldn't have both set");
+
+ MOZ_ASSERT(!aPrincipalToInherit || (aPrincipalToInherit && aTriggeringPrincipal));
+
+#if defined(DEBUG)
+ if (MOZ_LOG_TEST(gDocShellLog, LogLevel::Debug)) {
+ nsAutoCString chanName;
+ if (aChannel) {
+ aChannel->GetName(chanName);
+ } else {
+ chanName.AssignLiteral("<no channel>");
+ }
+
+ MOZ_LOG(gDocShellLog, LogLevel::Debug,
+ ("nsDocShell[%p]::OnNewURI(\"%s\", [%s], 0x%x)\n",
+ this, aURI->GetSpecOrDefault().get(), chanName.get(), aLoadType));
+ }
+#endif
+
+ bool equalUri = false;
+
+ // Get the post data and the HTTP response code from the channel.
+ uint32_t responseStatus = 0;
+ nsCOMPtr<nsIInputStream> inputStream;
+ if (aChannel) {
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
+
+ // Check if the HTTPChannel is hiding under a multiPartChannel
+ if (!httpChannel) {
+ GetHttpChannel(aChannel, getter_AddRefs(httpChannel));
+ }
+
+ if (httpChannel) {
+ nsCOMPtr<nsIUploadChannel> uploadChannel(do_QueryInterface(httpChannel));
+ if (uploadChannel) {
+ uploadChannel->GetUploadStream(getter_AddRefs(inputStream));
+ }
+
+ // If the response status indicates an error, unlink this session
+ // history entry from any entries sharing its document.
+ nsresult rv = httpChannel->GetResponseStatus(&responseStatus);
+ if (mLSHE && NS_SUCCEEDED(rv) && responseStatus >= 400) {
+ mLSHE->AbandonBFCacheEntry();
+ }
+ }
+ }
+
+ // Determine if this type of load should update history.
+ bool updateGHistory = !(aLoadType == LOAD_BYPASS_HISTORY ||
+ aLoadType == LOAD_ERROR_PAGE ||
+ aLoadType & LOAD_CMD_HISTORY);
+
+ // We don't update session history on reload unless we're loading
+ // an iframe in shift-reload case.
+ bool updateSHistory = updateGHistory &&
+ (!(aLoadType & LOAD_CMD_RELOAD) ||
+ (IsForceReloadType(aLoadType) && IsFrame()));
+
+ // Create SH Entry (mLSHE) only if there is a SessionHistory object in the
+ // current frame or in the root docshell.
+ nsCOMPtr<nsISHistory> rootSH = mSessionHistory;
+ if (!rootSH) {
+ // Get the handle to SH from the root docshell
+ GetRootSessionHistory(getter_AddRefs(rootSH));
+ if (!rootSH) {
+ updateSHistory = false;
+ updateGHistory = false; // XXX Why global history too?
+ }
+ }
+
+ // Check if the url to be loaded is the same as the one already loaded.
+ if (mCurrentURI) {
+ aURI->Equals(mCurrentURI, &equalUri);
+ }
+
+#ifdef DEBUG
+ bool shAvailable = (rootSH != nullptr);
+
+ // XXX This log message is almost useless because |updateSHistory|
+ // and |updateGHistory| are not correct at this point.
+
+ MOZ_LOG(gDocShellLog, LogLevel::Debug,
+ (" shAvailable=%i updateSHistory=%i updateGHistory=%i"
+ " equalURI=%i\n",
+ shAvailable, updateSHistory, updateGHistory, equalUri));
+
+ if (shAvailable && mCurrentURI && !mOSHE && aLoadType != LOAD_ERROR_PAGE) {
+ NS_ASSERTION(NS_IsAboutBlank(mCurrentURI),
+ "no SHEntry for a non-transient viewer?");
+ }
+#endif
+
+ /* If the url to be loaded is the same as the one already there,
+ * and the original loadType is LOAD_NORMAL, LOAD_LINK, or
+ * LOAD_STOP_CONTENT, set loadType to LOAD_NORMAL_REPLACE so that
+ * AddToSessionHistory() won't mess with the current SHEntry and
+ * if this page has any frame children, it also will be handled
+ * properly. see bug 83684
+ *
+ * NB: If mOSHE is null but we have a current URI, then it means
+ * that we must be at the transient about:blank content viewer
+ * (asserted above) and we should let the normal load continue,
+ * since there's nothing to replace.
+ *
+ * XXX Hopefully changing the loadType at this time will not hurt
+ * anywhere. The other way to take care of sequentially repeating
+ * frameset pages is to add new methods to nsIDocShellTreeItem.
+ * Hopefully I don't have to do that.
+ */
+ if (equalUri &&
+ mOSHE &&
+ (mLoadType == LOAD_NORMAL ||
+ mLoadType == LOAD_LINK ||
+ mLoadType == LOAD_STOP_CONTENT) &&
+ !inputStream) {
+ mLoadType = LOAD_NORMAL_REPLACE;
+ }
+
+ // If this is a refresh to the currently loaded url, we don't
+ // have to update session or global history.
+ if (mLoadType == LOAD_REFRESH && !inputStream && equalUri) {
+ SetHistoryEntry(&mLSHE, mOSHE);
+ }
+
+ /* If the user pressed shift-reload, cache will create a new cache key
+ * for the page. Save the new cacheKey in Session History.
+ * see bug 90098
+ */
+ if (aChannel && IsForceReloadType(aLoadType)) {
+ MOZ_ASSERT(!updateSHistory || IsFrame(),
+ "We shouldn't be updating session history for forced"
+ " reloads unless we're in a newly created iframe!");
+
+ nsCOMPtr<nsICacheInfoChannel> cacheChannel(do_QueryInterface(aChannel));
+ nsCOMPtr<nsISupports> cacheKey;
+ // Get the Cache Key and store it in SH.
+ if (cacheChannel) {
+ cacheChannel->GetCacheKey(getter_AddRefs(cacheKey));
+ }
+ // If we already have a loading history entry, store the new cache key
+ // in it. Otherwise, since we're doing a reload and won't be updating
+ // our history entry, store the cache key in our current history entry.
+ if (mLSHE) {
+ mLSHE->SetCacheKey(cacheKey);
+ } else if (mOSHE) {
+ mOSHE->SetCacheKey(cacheKey);
+ }
+
+ // Since we're force-reloading, clear all the sub frame history.
+ ClearFrameHistory(mLSHE);
+ ClearFrameHistory(mOSHE);
+ }
+
+ if (aLoadType == LOAD_RELOAD_NORMAL) {
+ nsCOMPtr<nsISHEntry> currentSH;
+ bool oshe = false;
+ GetCurrentSHEntry(getter_AddRefs(currentSH), &oshe);
+ bool dynamicallyAddedChild = false;
+ if (currentSH) {
+ currentSH->HasDynamicallyAddedChild(&dynamicallyAddedChild);
+ }
+ if (dynamicallyAddedChild) {
+ ClearFrameHistory(currentSH);
+ }
+ }
+
+ if (aLoadType == LOAD_REFRESH) {
+ ClearFrameHistory(mLSHE);
+ ClearFrameHistory(mOSHE);
+ }
+
+ if (updateSHistory) {
+ // Update session history if necessary...
+ if (!mLSHE && (mItemType == typeContent) && mURIResultedInDocument) {
+ /* This is a fresh page getting loaded for the first time
+ *.Create a Entry for it and add it to SH, if this is the
+ * rootDocShell
+ */
+ (void)AddToSessionHistory(aURI, aChannel, aTriggeringPrincipal,
+ aPrincipalToInherit, aCloneSHChildren,
+ getter_AddRefs(mLSHE));
+ }
+ } else if (mSessionHistory && mLSHE && mURIResultedInDocument) {
+ // Even if we don't add anything to SHistory, ensure the current index
+ // points to the same SHEntry as our mLSHE.
+ int32_t index = 0;
+ mSessionHistory->GetRequestedIndex(&index);
+ if (index == -1) {
+ mSessionHistory->GetIndex(&index);
+ }
+ nsCOMPtr<nsISHEntry> currentSH;
+ mSessionHistory->GetEntryAtIndex(index, false, getter_AddRefs(currentSH));
+ if (currentSH != mLSHE) {
+ nsCOMPtr<nsISHistoryInternal> shPrivate =
+ do_QueryInterface(mSessionHistory);
+ shPrivate->ReplaceEntry(index, mLSHE);
+ }
+ }
+
+ // If this is a POST request, we do not want to include this in global
+ // history.
+ if (updateGHistory && aAddToGlobalHistory && !ChannelIsPost(aChannel)) {
+ nsCOMPtr<nsIURI> previousURI;
+ uint32_t previousFlags = 0;
+
+ if (aLoadType & LOAD_CMD_RELOAD) {
+ // On a reload request, we don't set redirecting flags.
+ previousURI = aURI;
+ } else {
+ ExtractLastVisit(aChannel, getter_AddRefs(previousURI), &previousFlags);
+ }
+
+ // Note: We don't use |referrer| when our global history is
+ // based on IHistory.
+ nsCOMPtr<nsIURI> referrer;
+ // Treat referrer as null if there is an error getting it.
+ (void)NS_GetReferrerFromChannel(aChannel, getter_AddRefs(referrer));
+
+ AddURIVisit(aURI, referrer, previousURI, previousFlags, responseStatus);
+ }
+
+ // If this was a history load or a refresh, or it was a history load but
+ // later changed to LOAD_NORMAL_REPLACE due to redirection, update the index
+ // in session history.
+ if (rootSH &&
+ ((mLoadType & (LOAD_CMD_HISTORY | LOAD_CMD_RELOAD)) ||
+ mLoadType == LOAD_NORMAL_REPLACE)) {
+ nsCOMPtr<nsISHistoryInternal> shInternal(do_QueryInterface(rootSH));
+ if (shInternal) {
+ rootSH->GetIndex(&mPreviousTransIndex);
+ shInternal->UpdateIndex();
+ rootSH->GetIndex(&mLoadedTransIndex);
+#ifdef DEBUG_PAGE_CACHE
+ printf("Previous index: %d, Loaded index: %d\n\n",
+ mPreviousTransIndex, mLoadedTransIndex);
+#endif
+ }
+ }
+
+ // aCloneSHChildren exactly means "we are not loading a new document".
+ uint32_t locationFlags =
+ aCloneSHChildren ? uint32_t(LOCATION_CHANGE_SAME_DOCUMENT) : 0;
+
+ bool onLocationChangeNeeded = SetCurrentURI(aURI, aChannel,
+ aFireOnLocationChange,
+ locationFlags);
+ // Make sure to store the referrer from the channel, if any
+ SetupReferrerFromChannel(aChannel);
+ return onLocationChangeNeeded;
+}
+
+bool
+nsDocShell::OnLoadingSite(nsIChannel* aChannel, bool aFireOnLocationChange,
+ bool aAddToGlobalHistory)
+{
+ nsCOMPtr<nsIURI> uri;
+ // If this a redirect, use the final url (uri)
+ // else use the original url
+ //
+ // Note that this should match what documents do (see nsDocument::Reset).
+ NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
+ NS_ENSURE_TRUE(uri, false);
+
+ // Pass false for aCloneSHChildren, since we're loading a new page here.
+ return OnNewURI(uri, aChannel, nullptr, nullptr, mLoadType, aFireOnLocationChange,
+ aAddToGlobalHistory, false);
+}
+
+void
+nsDocShell::SetReferrerURI(nsIURI* aURI)
+{
+ mReferrerURI = aURI; // This assigment addrefs
+}
+
+void
+nsDocShell::SetReferrerPolicy(uint32_t aReferrerPolicy)
+{
+ mReferrerPolicy = aReferrerPolicy;
+}
+
+//*****************************************************************************
+// nsDocShell: Session History
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::AddState(JS::Handle<JS::Value> aData, const nsAString& aTitle,
+ const nsAString& aURL, bool aReplace, JSContext* aCx)
+{
+ // Implements History.pushState and History.replaceState
+
+ // Here's what we do, roughly in the order specified by HTML5:
+ // 1. Serialize aData using structured clone.
+ // 2. If the third argument is present,
+ // a. Resolve the url, relative to the first script's base URL
+ // b. If (a) fails, raise a SECURITY_ERR
+ // c. Compare the resulting absolute URL to the document's address. If
+ // any part of the URLs difer other than the <path>, <query>, and
+ // <fragment> components, raise a SECURITY_ERR and abort.
+ // 3. If !aReplace:
+ // Remove from the session history all entries after the current entry,
+ // as we would after a regular navigation, and save the current
+ // entry's scroll position (bug 590573).
+ // 4. As apropriate, either add a state object entry to the session history
+ // after the current entry with the following properties, or modify the
+ // current session history entry to set
+ // a. cloned data as the state object,
+ // b. if the third argument was present, the absolute URL found in
+ // step 2
+ // Also clear the new history entry's POST data (see bug 580069).
+ // 5. If aReplace is false (i.e. we're doing a pushState instead of a
+ // replaceState), notify bfcache that we've navigated to a new page.
+ // 6. If the third argument is present, set the document's current address
+ // to the absolute URL found in step 2.
+ //
+ // It's important that this function not run arbitrary scripts after step 1
+ // and before completing step 5. For example, if a script called
+ // history.back() before we completed step 5, bfcache might destroy an
+ // active content viewer. Since EvictOutOfRangeContentViewers at the end of
+ // step 5 might run script, we can't just put a script blocker around the
+ // critical section.
+ //
+ // Note that we completely ignore the aTitle parameter.
+
+ nsresult rv;
+
+ // Don't clobber the load type of an existing network load.
+ AutoRestore<uint32_t> loadTypeResetter(mLoadType);
+
+ // pushState effectively becomes replaceState when we've started a network
+ // load but haven't adopted its document yet. This mirrors what we do with
+ // changes to the hash at this stage of the game.
+ if (JustStartedNetworkLoad()) {
+ aReplace = true;
+ }
+
+ nsCOMPtr<nsIDocument> document = GetDocument();
+ NS_ENSURE_TRUE(document, NS_ERROR_FAILURE);
+
+ // Step 1: Serialize aData using structured clone.
+ nsCOMPtr<nsIStructuredCloneContainer> scContainer;
+
+ // scContainer->Init might cause arbitrary JS to run, and this code might
+ // navigate the page we're on, potentially to a different origin! (bug
+ // 634834) To protect against this, we abort if our principal changes due
+ // to the InitFromJSVal() call.
+ {
+ nsCOMPtr<nsIDocument> origDocument = GetDocument();
+ if (!origDocument) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+ nsCOMPtr<nsIPrincipal> origPrincipal = origDocument->NodePrincipal();
+
+ scContainer = new nsStructuredCloneContainer();
+ rv = scContainer->InitFromJSVal(aData, aCx);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsIDocument> newDocument = GetDocument();
+ if (!newDocument) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+ nsCOMPtr<nsIPrincipal> newPrincipal = newDocument->NodePrincipal();
+
+ bool principalsEqual = false;
+ origPrincipal->Equals(newPrincipal, &principalsEqual);
+ NS_ENSURE_TRUE(principalsEqual, NS_ERROR_DOM_SECURITY_ERR);
+ }
+
+ // Check that the state object isn't too long.
+ // Default max length: 640k bytes.
+ int32_t maxStateObjSize =
+ Preferences::GetInt("browser.history.maxStateObjectSize", 0xA0000);
+ if (maxStateObjSize < 0) {
+ maxStateObjSize = 0;
+ }
+
+ uint64_t scSize;
+ rv = scContainer->GetSerializedNBytes(&scSize);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ NS_ENSURE_TRUE(scSize <= (uint32_t)maxStateObjSize, NS_ERROR_ILLEGAL_VALUE);
+
+ // Step 2: Resolve aURL
+ bool equalURIs = true;
+ nsCOMPtr<nsIURI> currentURI;
+ if (sURIFixup && mCurrentURI) {
+ rv = sURIFixup->CreateExposableURI(mCurrentURI, getter_AddRefs(currentURI));
+ NS_ENSURE_SUCCESS(rv, rv);
+ } else {
+ currentURI = mCurrentURI;
+ }
+ nsCOMPtr<nsIURI> oldURI = currentURI;
+ nsCOMPtr<nsIURI> newURI;
+ if (aURL.Length() == 0) {
+ newURI = currentURI;
+ } else {
+ // 2a: Resolve aURL relative to mURI
+
+ nsIURI* docBaseURI = document->GetDocBaseURI();
+ if (!docBaseURI) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsAutoCString spec;
+ docBaseURI->GetSpec(spec);
+
+ nsAutoCString charset;
+ rv = docBaseURI->GetOriginCharset(charset);
+ NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
+
+ rv = NS_NewURI(getter_AddRefs(newURI), aURL, charset.get(), docBaseURI);
+
+ // 2b: If 2a fails, raise a SECURITY_ERR
+ if (NS_FAILED(rv)) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+
+ // 2c: Same-origin check.
+ if (!nsContentUtils::URIIsLocalFile(newURI)) {
+ // In addition to checking that the security manager says that
+ // the new URI has the same origin as our current URI, we also
+ // check that the two URIs have the same userpass. (The
+ // security manager says that |http://foo.com| and
+ // |http://me@foo.com| have the same origin.) currentURI
+ // won't contain the password part of the userpass, so this
+ // means that it's never valid to specify a password in a
+ // pushState or replaceState URI.
+
+ nsCOMPtr<nsIScriptSecurityManager> secMan =
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+ NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
+
+ // It's very important that we check that newURI is of the same
+ // origin as currentURI, not docBaseURI, because a page can
+ // set docBaseURI arbitrarily to any domain.
+ nsAutoCString currentUserPass, newUserPass;
+ NS_ENSURE_SUCCESS(currentURI->GetUserPass(currentUserPass),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(newURI->GetUserPass(newUserPass), NS_ERROR_FAILURE);
+ if (NS_FAILED(secMan->CheckSameOriginURI(currentURI, newURI, true)) ||
+ !currentUserPass.Equals(newUserPass)) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+ } else {
+ // It's a file:// URI
+ nsCOMPtr<nsIScriptObjectPrincipal> docScriptObj =
+ do_QueryInterface(document);
+
+ if (!docScriptObj) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+
+ nsCOMPtr<nsIPrincipal> principal = docScriptObj->GetPrincipal();
+
+ if (!principal ||
+ NS_FAILED(principal->CheckMayLoad(newURI, true, false))) {
+ return NS_ERROR_DOM_SECURITY_ERR;
+ }
+ }
+
+ if (currentURI) {
+ currentURI->Equals(newURI, &equalURIs);
+ } else {
+ equalURIs = false;
+ }
+
+ } // end of same-origin check
+
+ // Step 3: Create a new entry in the session history. This will erase
+ // all SHEntries after the new entry and make this entry the current
+ // one. This operation may modify mOSHE, which we need later, so we
+ // keep a reference here.
+ NS_ENSURE_TRUE(mOSHE, NS_ERROR_FAILURE);
+ nsCOMPtr<nsISHEntry> oldOSHE = mOSHE;
+
+ mLoadType = LOAD_PUSHSTATE;
+
+ nsCOMPtr<nsISHEntry> newSHEntry;
+ if (!aReplace) {
+ // Save the current scroll position (bug 590573).
+ nscoord cx = 0, cy = 0;
+ GetCurScrollPos(ScrollOrientation_X, &cx);
+ GetCurScrollPos(ScrollOrientation_Y, &cy);
+ mOSHE->SetScrollPosition(cx, cy);
+
+ bool scrollRestorationIsManual = false;
+ mOSHE->GetScrollRestorationIsManual(&scrollRestorationIsManual);
+
+ // Since we're not changing which page we have loaded, pass
+ // true for aCloneChildren.
+ rv = AddToSessionHistory(newURI, nullptr, nullptr, nullptr, true,
+ getter_AddRefs(newSHEntry));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ NS_ENSURE_TRUE(newSHEntry, NS_ERROR_FAILURE);
+
+ // Session history entries created by pushState inherit scroll restoration
+ // mode from the current entry.
+ newSHEntry->SetScrollRestorationIsManual(scrollRestorationIsManual);
+
+ // Link the new SHEntry to the old SHEntry's BFCache entry, since the
+ // two entries correspond to the same document.
+ NS_ENSURE_SUCCESS(newSHEntry->AdoptBFCacheEntry(oldOSHE), NS_ERROR_FAILURE);
+
+ // Set the new SHEntry's title (bug 655273).
+ nsString title;
+ mOSHE->GetTitle(getter_Copies(title));
+ newSHEntry->SetTitle(title);
+
+ // AddToSessionHistory may not modify mOSHE. In case it doesn't,
+ // we'll just set mOSHE here.
+ mOSHE = newSHEntry;
+
+ } else {
+ newSHEntry = mOSHE;
+ newSHEntry->SetURI(newURI);
+ newSHEntry->SetOriginalURI(newURI);
+ newSHEntry->SetLoadReplace(false);
+ }
+
+ // Step 4: Modify new/original session history entry and clear its POST
+ // data, if there is any.
+ newSHEntry->SetStateData(scContainer);
+ newSHEntry->SetPostData(nullptr);
+
+ // If this push/replaceState changed the document's current URI and the new
+ // URI differs from the old URI in more than the hash, or if the old
+ // SHEntry's URI was modified in this way by a push/replaceState call
+ // set URIWasModified to true for the current SHEntry (bug 669671).
+ bool sameExceptHashes = true, oldURIWasModified = false;
+ newURI->EqualsExceptRef(currentURI, &sameExceptHashes);
+ oldOSHE->GetURIWasModified(&oldURIWasModified);
+ newSHEntry->SetURIWasModified(!sameExceptHashes || oldURIWasModified);
+
+ // Step 5: If aReplace is false, indicating that we're doing a pushState
+ // rather than a replaceState, notify bfcache that we've added a page to
+ // the history so it can evict content viewers if appropriate. Otherwise
+ // call ReplaceEntry so that we notify nsIHistoryListeners that an entry
+ // was replaced.
+ nsCOMPtr<nsISHistory> rootSH;
+ GetRootSessionHistory(getter_AddRefs(rootSH));
+ NS_ENSURE_TRUE(rootSH, NS_ERROR_UNEXPECTED);
+
+ nsCOMPtr<nsISHistoryInternal> internalSH = do_QueryInterface(rootSH);
+ NS_ENSURE_TRUE(internalSH, NS_ERROR_UNEXPECTED);
+
+ if (!aReplace) {
+ int32_t curIndex = -1;
+ rv = rootSH->GetIndex(&curIndex);
+ if (NS_SUCCEEDED(rv) && curIndex > -1) {
+ internalSH->EvictOutOfRangeContentViewers(curIndex);
+ }
+ } else {
+ nsCOMPtr<nsISHEntry> rootSHEntry = GetRootSHEntry(newSHEntry);
+
+ int32_t index = -1;
+ rv = rootSH->GetIndexOfEntry(rootSHEntry, &index);
+ if (NS_SUCCEEDED(rv) && index > -1) {
+ internalSH->ReplaceEntry(index, rootSHEntry);
+ }
+ }
+
+ // Step 6: If the document's URI changed, update document's URI and update
+ // global history.
+ //
+ // We need to call FireOnLocationChange so that the browser's address bar
+ // gets updated and the back button is enabled, but we only need to
+ // explicitly call FireOnLocationChange if we're not calling SetCurrentURI,
+ // since SetCurrentURI will call FireOnLocationChange for us.
+ //
+ // Both SetCurrentURI(...) and FireDummyOnLocationChange() pass
+ // nullptr for aRequest param to FireOnLocationChange(...). Such an update
+ // notification is allowed only when we know docshell is not loading a new
+ // document and it requires LOCATION_CHANGE_SAME_DOCUMENT flag. Otherwise,
+ // FireOnLocationChange(...) breaks security UI.
+ if (!equalURIs) {
+ document->SetDocumentURI(newURI);
+ // We can't trust SetCurrentURI to do always fire locationchange events
+ // when we expect it to, so we hack around that by doing it ourselves...
+ SetCurrentURI(newURI, nullptr, false, LOCATION_CHANGE_SAME_DOCUMENT);
+ if (mLoadType != LOAD_ERROR_PAGE) {
+ FireDummyOnLocationChange();
+ }
+
+ AddURIVisit(newURI, oldURI, oldURI, 0);
+
+ // AddURIVisit doesn't set the title for the new URI in global history,
+ // so do that here.
+ if (mUseGlobalHistory && !UsePrivateBrowsing()) {
+ nsCOMPtr<IHistory> history = services::GetHistoryService();
+ if (history) {
+ history->SetURITitle(newURI, mTitle);
+ } else if (mGlobalHistory) {
+ mGlobalHistory->SetPageTitle(newURI, mTitle);
+ }
+ }
+
+ // Inform the favicon service that our old favicon applies to this new
+ // URI.
+ CopyFavicon(oldURI, newURI, document->NodePrincipal(), UsePrivateBrowsing());
+ } else {
+ FireDummyOnLocationChange();
+ }
+ document->SetStateObject(scContainer);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetCurrentScrollRestorationIsManual(bool* aIsManual)
+{
+ *aIsManual = false;
+ if (mOSHE) {
+ mOSHE->GetScrollRestorationIsManual(aIsManual);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetCurrentScrollRestorationIsManual(bool aIsManual)
+{
+ if (mOSHE) {
+ mOSHE->SetScrollRestorationIsManual(aIsManual);
+ }
+
+ return NS_OK;
+}
+
+bool
+nsDocShell::ShouldAddToSessionHistory(nsIURI* aURI)
+{
+ // I believe none of the about: urls should go in the history. But then
+ // that could just be me... If the intent is only deny about:blank then we
+ // should just do a spec compare, rather than two gets of the scheme and
+ // then the path. -Gagan
+ nsresult rv;
+ nsAutoCString buf;
+
+ rv = aURI->GetScheme(buf);
+ if (NS_FAILED(rv)) {
+ return false;
+ }
+
+ if (buf.EqualsLiteral("about")) {
+ rv = aURI->GetPath(buf);
+ if (NS_FAILED(rv)) {
+ return false;
+ }
+
+ if (buf.EqualsLiteral("blank") || buf.EqualsLiteral("newtab")) {
+ return false;
+ }
+ }
+
+ return true;
+}
+
+nsresult
+nsDocShell::AddToSessionHistory(nsIURI* aURI, nsIChannel* aChannel,
+ nsIPrincipal* aTriggeringPrincipal,
+ nsIPrincipal* aPrincipalToInherit,
+ bool aCloneChildren,
+ nsISHEntry** aNewEntry)
+{
+ NS_PRECONDITION(aURI, "uri is null");
+ NS_PRECONDITION(!aChannel || !aTriggeringPrincipal, "Shouldn't have both set");
+
+#if defined(DEBUG)
+ if (MOZ_LOG_TEST(gDocShellLog, LogLevel::Debug)) {
+ nsAutoCString chanName;
+ if (aChannel) {
+ aChannel->GetName(chanName);
+ } else {
+ chanName.AssignLiteral("<no channel>");
+ }
+
+ MOZ_LOG(gDocShellLog, LogLevel::Debug,
+ ("nsDocShell[%p]::AddToSessionHistory(\"%s\", [%s])\n",
+ this, aURI->GetSpecOrDefault().get(), chanName.get()));
+ }
+#endif
+
+ nsresult rv = NS_OK;
+ nsCOMPtr<nsISHEntry> entry;
+ bool shouldPersist;
+
+ shouldPersist = ShouldAddToSessionHistory(aURI);
+
+ // Get a handle to the root docshell
+ nsCOMPtr<nsIDocShellTreeItem> root;
+ GetSameTypeRootTreeItem(getter_AddRefs(root));
+ /*
+ * If this is a LOAD_FLAGS_REPLACE_HISTORY in a subframe, we use
+ * the existing SH entry in the page and replace the url and
+ * other vitalities.
+ */
+ if (LOAD_TYPE_HAS_FLAGS(mLoadType, LOAD_FLAGS_REPLACE_HISTORY) &&
+ root != static_cast<nsIDocShellTreeItem*>(this)) {
+ // This is a subframe
+ entry = mOSHE;
+ nsCOMPtr<nsISHContainer> shContainer(do_QueryInterface(entry));
+ if (shContainer) {
+ int32_t childCount = 0;
+ shContainer->GetChildCount(&childCount);
+ // Remove all children of this entry
+ for (int32_t i = childCount - 1; i >= 0; i--) {
+ nsCOMPtr<nsISHEntry> child;
+ shContainer->GetChildAt(i, getter_AddRefs(child));
+ shContainer->RemoveChild(child);
+ }
+ entry->AbandonBFCacheEntry();
+ }
+ }
+
+ // Create a new entry if necessary.
+ if (!entry) {
+ entry = do_CreateInstance(NS_SHENTRY_CONTRACTID);
+
+ if (!entry) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+ }
+
+ // Get the post data & referrer
+ nsCOMPtr<nsIInputStream> inputStream;
+ nsCOMPtr<nsIURI> originalURI;
+ bool loadReplace = false;
+ nsCOMPtr<nsIURI> referrerURI;
+ uint32_t referrerPolicy = mozilla::net::RP_Default;
+ nsCOMPtr<nsISupports> cacheKey;
+ nsCOMPtr<nsIPrincipal> triggeringPrincipal = aTriggeringPrincipal;
+ nsCOMPtr<nsIPrincipal> principalToInherit = aPrincipalToInherit;
+ bool expired = false;
+ bool discardLayoutState = false;
+ nsCOMPtr<nsICacheInfoChannel> cacheChannel;
+ if (aChannel) {
+ cacheChannel = do_QueryInterface(aChannel);
+
+ /* If there is a caching channel, get the Cache Key and store it
+ * in SH.
+ */
+ if (cacheChannel) {
+ cacheChannel->GetCacheKey(getter_AddRefs(cacheKey));
+ }
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
+
+ // Check if the httpChannel is hiding under a multipartChannel
+ if (!httpChannel) {
+ GetHttpChannel(aChannel, getter_AddRefs(httpChannel));
+ }
+ if (httpChannel) {
+ nsCOMPtr<nsIUploadChannel> uploadChannel(do_QueryInterface(httpChannel));
+ if (uploadChannel) {
+ uploadChannel->GetUploadStream(getter_AddRefs(inputStream));
+ }
+ httpChannel->GetOriginalURI(getter_AddRefs(originalURI));
+ uint32_t loadFlags;
+ aChannel->GetLoadFlags(&loadFlags);
+ loadReplace = loadFlags & nsIChannel::LOAD_REPLACE;
+ httpChannel->GetReferrer(getter_AddRefs(referrerURI));
+ httpChannel->GetReferrerPolicy(&referrerPolicy);
+
+ discardLayoutState = ShouldDiscardLayoutState(httpChannel);
+ }
+
+ // XXX Bug 1286838: Replace channel owner with loadInfo triggeringPrincipal
+ nsCOMPtr<nsISupports> owner;
+ aChannel->GetOwner(getter_AddRefs(owner));
+ triggeringPrincipal = do_QueryInterface(owner);
+
+ nsCOMPtr<nsILoadInfo> loadInfo = aChannel->GetLoadInfo();
+ if (loadInfo) {
+ if (!triggeringPrincipal) {
+ triggeringPrincipal = loadInfo->TriggeringPrincipal();
+ }
+
+ // For now keep storing just the principal in the SHEntry.
+ if (!principalToInherit) {
+ if (loadInfo->GetLoadingSandboxed()) {
+ if (loadInfo->LoadingPrincipal()) {
+ principalToInherit = nsNullPrincipal::CreateWithInheritedAttributes(
+ loadInfo->LoadingPrincipal());
+ } else {
+ // get the OriginAttributes
+ NeckoOriginAttributes nAttrs;
+ loadInfo->GetOriginAttributes(&nAttrs);
+ PrincipalOriginAttributes pAttrs;
+ pAttrs.InheritFromNecko(nAttrs);
+ principalToInherit = nsNullPrincipal::Create(pAttrs);
+ }
+ } else {
+ principalToInherit = loadInfo->PrincipalToInherit();
+ }
+ }
+ }
+ }
+
+ // Title is set in nsDocShell::SetTitle()
+ entry->Create(aURI, // uri
+ EmptyString(), // Title
+ inputStream, // Post data stream
+ nullptr, // LayoutHistory state
+ cacheKey, // CacheKey
+ mContentTypeHint, // Content-type
+ triggeringPrincipal, // Channel or provided principal
+ principalToInherit,
+ mHistoryID,
+ mDynamicallyCreated);
+
+ entry->SetOriginalURI(originalURI);
+ entry->SetLoadReplace(loadReplace);
+ entry->SetReferrerURI(referrerURI);
+ entry->SetReferrerPolicy(referrerPolicy);
+ nsCOMPtr<nsIInputStreamChannel> inStrmChan = do_QueryInterface(aChannel);
+ if (inStrmChan) {
+ bool isSrcdocChannel;
+ inStrmChan->GetIsSrcdocChannel(&isSrcdocChannel);
+ if (isSrcdocChannel) {
+ nsAutoString srcdoc;
+ inStrmChan->GetSrcdocData(srcdoc);
+ entry->SetSrcdocData(srcdoc);
+ nsCOMPtr<nsIURI> baseURI;
+ inStrmChan->GetBaseURI(getter_AddRefs(baseURI));
+ entry->SetBaseURI(baseURI);
+ }
+ }
+ /* If cache got a 'no-store', ask SH not to store
+ * HistoryLayoutState. By default, SH will set this
+ * flag to true and save HistoryLayoutState.
+ */
+ if (discardLayoutState) {
+ entry->SetSaveLayoutStateFlag(false);
+ }
+ if (cacheChannel) {
+ // Check if the page has expired from cache
+ uint32_t expTime = 0;
+ cacheChannel->GetCacheTokenExpirationTime(&expTime);
+ uint32_t now = PRTimeToSeconds(PR_Now());
+ if (expTime <= now) {
+ expired = true;
+ }
+ }
+ if (expired) {
+ entry->SetExpirationStatus(true);
+ }
+
+ if (root == static_cast<nsIDocShellTreeItem*>(this) && mSessionHistory) {
+ // If we need to clone our children onto the new session
+ // history entry, do so now.
+ if (aCloneChildren && mOSHE) {
+ uint32_t cloneID;
+ mOSHE->GetID(&cloneID);
+ nsCOMPtr<nsISHEntry> newEntry;
+ CloneAndReplace(mOSHE, this, cloneID, entry, true,
+ getter_AddRefs(newEntry));
+ NS_ASSERTION(entry == newEntry,
+ "The new session history should be in the new entry");
+ }
+
+ // This is the root docshell
+ bool addToSHistory = !LOAD_TYPE_HAS_FLAGS(mLoadType, LOAD_FLAGS_REPLACE_HISTORY);
+ if (!addToSHistory) {
+ // Replace current entry in session history; If the requested index is
+ // valid, it indicates the loading was triggered by a history load, and
+ // we should replace the entry at requested index instead.
+ int32_t index = 0;
+ mSessionHistory->GetRequestedIndex(&index);
+ if (index == -1) {
+ mSessionHistory->GetIndex(&index);
+ }
+ nsCOMPtr<nsISHistoryInternal> shPrivate =
+ do_QueryInterface(mSessionHistory);
+ // Replace the current entry with the new entry
+ if (index >= 0) {
+ if (shPrivate) {
+ rv = shPrivate->ReplaceEntry(index, entry);
+ }
+ } else {
+ // If we're trying to replace an inexistant shistory entry, append.
+ addToSHistory = true;
+ }
+ }
+
+ if (addToSHistory) {
+ // Add to session history
+ nsCOMPtr<nsISHistoryInternal> shPrivate =
+ do_QueryInterface(mSessionHistory);
+ NS_ENSURE_TRUE(shPrivate, NS_ERROR_FAILURE);
+ mSessionHistory->GetIndex(&mPreviousTransIndex);
+ rv = shPrivate->AddEntry(entry, shouldPersist);
+ mSessionHistory->GetIndex(&mLoadedTransIndex);
+#ifdef DEBUG_PAGE_CACHE
+ printf("Previous index: %d, Loaded index: %d\n\n",
+ mPreviousTransIndex, mLoadedTransIndex);
+#endif
+ }
+ } else {
+ // This is a subframe.
+ if (!mOSHE || !LOAD_TYPE_HAS_FLAGS(mLoadType, LOAD_FLAGS_REPLACE_HISTORY)) {
+ rv = AddChildSHEntryToParent(entry, mChildOffset, aCloneChildren);
+ }
+ }
+
+ // Return the new SH entry...
+ if (aNewEntry) {
+ *aNewEntry = nullptr;
+ if (NS_SUCCEEDED(rv)) {
+ entry.forget(aNewEntry);
+ }
+ }
+
+ return rv;
+}
+
+nsresult
+nsDocShell::LoadHistoryEntry(nsISHEntry* aEntry, uint32_t aLoadType)
+{
+ if (!IsNavigationAllowed()) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIURI> uri;
+ nsCOMPtr<nsIURI> originalURI;
+ bool loadReplace = false;
+ nsCOMPtr<nsIInputStream> postData;
+ nsCOMPtr<nsIURI> referrerURI;
+ uint32_t referrerPolicy;
+ nsAutoCString contentType;
+ nsCOMPtr<nsIPrincipal> triggeringPrincipal;
+ nsCOMPtr<nsIPrincipal> principalToInherit;
+
+ NS_ENSURE_TRUE(aEntry, NS_ERROR_FAILURE);
+
+ NS_ENSURE_SUCCESS(aEntry->GetURI(getter_AddRefs(uri)), NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetOriginalURI(getter_AddRefs(originalURI)),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetLoadReplace(&loadReplace),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetReferrerURI(getter_AddRefs(referrerURI)),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetReferrerPolicy(&referrerPolicy),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetPostData(getter_AddRefs(postData)),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetContentType(contentType), NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetTriggeringPrincipal(getter_AddRefs(triggeringPrincipal)),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_SUCCESS(aEntry->GetPrincipalToInherit(getter_AddRefs(principalToInherit)),
+ NS_ERROR_FAILURE);
+
+ // Calling CreateAboutBlankContentViewer can set mOSHE to null, and if
+ // that's the only thing holding a ref to aEntry that will cause aEntry to
+ // die while we're loading it. So hold a strong ref to aEntry here, just
+ // in case.
+ nsCOMPtr<nsISHEntry> kungFuDeathGrip(aEntry);
+ bool isJS;
+ nsresult rv = uri->SchemeIs("javascript", &isJS);
+ if (NS_FAILED(rv) || isJS) {
+ // We're loading a URL that will execute script from inside asyncOpen.
+ // Replace the current document with about:blank now to prevent
+ // anything from the current document from leaking into any JavaScript
+ // code in the URL.
+ // Don't cache the presentation if we're going to just reload the
+ // current entry. Caching would lead to trying to save the different
+ // content viewers in the same nsISHEntry object.
+ rv = CreateAboutBlankContentViewer(principalToInherit, nullptr,
+ aEntry != mOSHE);
+
+ if (NS_FAILED(rv)) {
+ // The creation of the intermittent about:blank content
+ // viewer failed for some reason (potentially because the
+ // user prevented it). Interrupt the history load.
+ return NS_OK;
+ }
+
+ if (!triggeringPrincipal) {
+ // Ensure that we have a triggeringPrincipal. Otherwise javascript:
+ // URIs will pick it up from the about:blank page we just loaded,
+ // and we don't really want even that in this case.
+ triggeringPrincipal = nsNullPrincipal::CreateWithInheritedAttributes(this);
+ }
+ }
+
+ /* If there is a valid postdata *and* the user pressed
+ * reload or shift-reload, take user's permission before we
+ * repost the data to the server.
+ */
+ if ((aLoadType & LOAD_CMD_RELOAD) && postData) {
+ bool repost;
+ rv = ConfirmRepost(&repost);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ // If the user pressed cancel in the dialog, return. We're done here.
+ if (!repost) {
+ return NS_BINDING_ABORTED;
+ }
+ }
+
+ // Do not inherit principal from document (security-critical!);
+ uint32_t flags = INTERNAL_LOAD_FLAGS_NONE;
+
+ nsAutoString srcdoc;
+ bool isSrcdoc;
+ nsCOMPtr<nsIURI> baseURI;
+ aEntry->GetIsSrcdocEntry(&isSrcdoc);
+ if (isSrcdoc) {
+ aEntry->GetSrcdocData(srcdoc);
+ aEntry->GetBaseURI(getter_AddRefs(baseURI));
+ flags |= INTERNAL_LOAD_FLAGS_IS_SRCDOC;
+ } else {
+ srcdoc = NullString();
+ }
+
+ // If there is no triggeringPrincipal we can fall back to using the
+ // SystemPrincipal as the triggeringPrincipal for loading the history
+ // entry, since the history entry can only end up in history if security
+ // checks passed in the initial loading phase.
+ if (!triggeringPrincipal) {
+ triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
+ }
+
+ // Passing nullptr as aSourceDocShell gives the same behaviour as before
+ // aSourceDocShell was introduced. According to spec we should be passing
+ // the source browsing context that was used when the history entry was
+ // first created. bug 947716 has been created to address this issue.
+ rv = InternalLoad(uri,
+ originalURI,
+ loadReplace,
+ referrerURI,
+ referrerPolicy,
+ triggeringPrincipal,
+ principalToInherit,
+ flags,
+ EmptyString(), // No window target
+ contentType.get(), // Type hint
+ NullString(), // No forced file download
+ postData, // Post data stream
+ nullptr, // No headers stream
+ aLoadType, // Load type
+ aEntry, // SHEntry
+ true,
+ srcdoc,
+ nullptr, // Source docshell, see comment above
+ baseURI,
+ nullptr, // No nsIDocShell
+ nullptr); // No nsIRequest
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetShouldSaveLayoutState(bool* aShould)
+{
+ *aShould = false;
+ if (mOSHE) {
+ // Don't capture historystate and save it in history
+ // if the page asked not to do so.
+ mOSHE->GetSaveLayoutStateFlag(aShould);
+ }
+
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::PersistLayoutHistoryState()
+{
+ nsresult rv = NS_OK;
+
+ if (mOSHE) {
+ bool scrollRestorationIsManual = false;
+ mOSHE->GetScrollRestorationIsManual(&scrollRestorationIsManual);
+
+ nsCOMPtr<nsIPresShell> shell = GetPresShell();
+ nsCOMPtr<nsILayoutHistoryState> layoutState;
+ if (shell) {
+ rv = shell->CaptureHistoryState(getter_AddRefs(layoutState));
+ } else if (scrollRestorationIsManual) {
+ // Even if we don't have layout anymore, we may want to reset the current
+ // scroll state in layout history.
+ GetLayoutHistoryState(getter_AddRefs(layoutState));
+ }
+
+ if (scrollRestorationIsManual && layoutState) {
+ layoutState->ResetScrollState();
+ }
+ }
+
+ return rv;
+}
+
+/* static */ nsresult
+nsDocShell::WalkHistoryEntries(nsISHEntry* aRootEntry,
+ nsDocShell* aRootShell,
+ WalkHistoryEntriesFunc aCallback,
+ void* aData)
+{
+ NS_ENSURE_TRUE(aRootEntry, NS_ERROR_FAILURE);
+
+ nsCOMPtr<nsISHContainer> container(do_QueryInterface(aRootEntry));
+ if (!container) {
+ return NS_ERROR_FAILURE;
+ }
+
+ int32_t childCount;
+ container->GetChildCount(&childCount);
+ for (int32_t i = 0; i < childCount; i++) {
+ nsCOMPtr<nsISHEntry> childEntry;
+ container->GetChildAt(i, getter_AddRefs(childEntry));
+ if (!childEntry) {
+ // childEntry can be null for valid reasons, for example if the
+ // docshell at index i never loaded anything useful.
+ // Remember to clone also nulls in the child array (bug 464064).
+ aCallback(nullptr, nullptr, i, aData);
+ continue;
+ }
+
+ nsDocShell* childShell = nullptr;
+ if (aRootShell) {
+ // Walk the children of aRootShell and see if one of them
+ // has srcChild as a SHEntry.
+ nsTObserverArray<nsDocLoader*>::ForwardIterator iter(
+ aRootShell->mChildList);
+ while (iter.HasMore()) {
+ nsDocShell* child = static_cast<nsDocShell*>(iter.GetNext());
+
+ if (child->HasHistoryEntry(childEntry)) {
+ childShell = child;
+ break;
+ }
+ }
+ }
+ nsresult rv = aCallback(childEntry, childShell, i, aData);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ return NS_OK;
+}
+
+// callback data for WalkHistoryEntries
+struct MOZ_STACK_CLASS CloneAndReplaceData
+{
+ CloneAndReplaceData(uint32_t aCloneID, nsISHEntry* aReplaceEntry,
+ bool aCloneChildren, nsISHEntry* aDestTreeParent)
+ : cloneID(aCloneID)
+ , cloneChildren(aCloneChildren)
+ , replaceEntry(aReplaceEntry)
+ , destTreeParent(aDestTreeParent)
+ {
+ }
+
+ uint32_t cloneID;
+ bool cloneChildren;
+ nsISHEntry* replaceEntry;
+ nsISHEntry* destTreeParent;
+ nsCOMPtr<nsISHEntry> resultEntry;
+};
+
+/* static */ nsresult
+nsDocShell::CloneAndReplaceChild(nsISHEntry* aEntry, nsDocShell* aShell,
+ int32_t aEntryIndex, void* aData)
+{
+ nsCOMPtr<nsISHEntry> dest;
+
+ CloneAndReplaceData* data = static_cast<CloneAndReplaceData*>(aData);
+ uint32_t cloneID = data->cloneID;
+ nsISHEntry* replaceEntry = data->replaceEntry;
+
+ nsCOMPtr<nsISHContainer> container = do_QueryInterface(data->destTreeParent);
+ if (!aEntry) {
+ if (container) {
+ container->AddChild(nullptr, aEntryIndex);
+ }
+ return NS_OK;
+ }
+
+ uint32_t srcID;
+ aEntry->GetID(&srcID);
+
+ nsresult rv = NS_OK;
+ if (srcID == cloneID) {
+ // Replace the entry
+ dest = replaceEntry;
+ } else {
+ // Clone the SHEntry...
+ rv = aEntry->Clone(getter_AddRefs(dest));
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ dest->SetIsSubFrame(true);
+
+ if (srcID != cloneID || data->cloneChildren) {
+ // Walk the children
+ CloneAndReplaceData childData(cloneID, replaceEntry,
+ data->cloneChildren, dest);
+ rv = WalkHistoryEntries(aEntry, aShell,
+ CloneAndReplaceChild, &childData);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ if (srcID != cloneID && aShell) {
+ aShell->SwapHistoryEntries(aEntry, dest);
+ }
+
+ if (container) {
+ container->AddChild(dest, aEntryIndex);
+ }
+
+ data->resultEntry = dest;
+ return rv;
+}
+
+/* static */ nsresult
+nsDocShell::CloneAndReplace(nsISHEntry* aSrcEntry,
+ nsDocShell* aSrcShell,
+ uint32_t aCloneID,
+ nsISHEntry* aReplaceEntry,
+ bool aCloneChildren,
+ nsISHEntry** aResultEntry)
+{
+ NS_ENSURE_ARG_POINTER(aResultEntry);
+ NS_ENSURE_TRUE(aReplaceEntry, NS_ERROR_FAILURE);
+
+ CloneAndReplaceData data(aCloneID, aReplaceEntry, aCloneChildren, nullptr);
+ nsresult rv = CloneAndReplaceChild(aSrcEntry, aSrcShell, 0, &data);
+
+ data.resultEntry.swap(*aResultEntry);
+ return rv;
+}
+
+void
+nsDocShell::SwapHistoryEntries(nsISHEntry* aOldEntry, nsISHEntry* aNewEntry)
+{
+ if (aOldEntry == mOSHE) {
+ mOSHE = aNewEntry;
+ }
+
+ if (aOldEntry == mLSHE) {
+ mLSHE = aNewEntry;
+ }
+}
+
+struct SwapEntriesData
+{
+ nsDocShell* ignoreShell; // constant; the shell to ignore
+ nsISHEntry* destTreeRoot; // constant; the root of the dest tree
+ nsISHEntry* destTreeParent; // constant; the node under destTreeRoot
+ // whose children will correspond to aEntry
+};
+
+nsresult
+nsDocShell::SetChildHistoryEntry(nsISHEntry* aEntry, nsDocShell* aShell,
+ int32_t aEntryIndex, void* aData)
+{
+ SwapEntriesData* data = static_cast<SwapEntriesData*>(aData);
+ nsDocShell* ignoreShell = data->ignoreShell;
+
+ if (!aShell || aShell == ignoreShell) {
+ return NS_OK;
+ }
+
+ nsISHEntry* destTreeRoot = data->destTreeRoot;
+
+ nsCOMPtr<nsISHEntry> destEntry;
+ nsCOMPtr<nsISHContainer> container = do_QueryInterface(data->destTreeParent);
+
+ if (container) {
+ // aEntry is a clone of some child of destTreeParent, but since the
+ // trees aren't necessarily in sync, we'll have to locate it.
+ // Note that we could set aShell's entry to null if we don't find a
+ // corresponding entry under destTreeParent.
+
+ uint32_t targetID, id;
+ aEntry->GetID(&targetID);
+
+ // First look at the given index, since this is the common case.
+ nsCOMPtr<nsISHEntry> entry;
+ container->GetChildAt(aEntryIndex, getter_AddRefs(entry));
+ if (entry && NS_SUCCEEDED(entry->GetID(&id)) && id == targetID) {
+ destEntry.swap(entry);
+ } else {
+ int32_t childCount;
+ container->GetChildCount(&childCount);
+ for (int32_t i = 0; i < childCount; ++i) {
+ container->GetChildAt(i, getter_AddRefs(entry));
+ if (!entry) {
+ continue;
+ }
+
+ entry->GetID(&id);
+ if (id == targetID) {
+ destEntry.swap(entry);
+ break;
+ }
+ }
+ }
+ } else {
+ destEntry = destTreeRoot;
+ }
+
+ aShell->SwapHistoryEntries(aEntry, destEntry);
+
+ // Now handle the children of aEntry.
+ SwapEntriesData childData = { ignoreShell, destTreeRoot, destEntry };
+ return WalkHistoryEntries(aEntry, aShell, SetChildHistoryEntry, &childData);
+}
+
+static nsISHEntry*
+GetRootSHEntry(nsISHEntry* aEntry)
+{
+ nsCOMPtr<nsISHEntry> rootEntry = aEntry;
+ nsISHEntry* result = nullptr;
+ while (rootEntry) {
+ result = rootEntry;
+ result->GetParent(getter_AddRefs(rootEntry));
+ }
+
+ return result;
+}
+
+void
+nsDocShell::SetHistoryEntry(nsCOMPtr<nsISHEntry>* aPtr, nsISHEntry* aEntry)
+{
+ // We need to sync up the docshell and session history trees for
+ // subframe navigation. If the load was in a subframe, we forward up to
+ // the root docshell, which will then recursively sync up all docshells
+ // to their corresponding entries in the new session history tree.
+ // If we don't do this, then we can cache a content viewer on the wrong
+ // cloned entry, and subsequently restore it at the wrong time.
+
+ nsISHEntry* newRootEntry = GetRootSHEntry(aEntry);
+ if (newRootEntry) {
+ // newRootEntry is now the new root entry.
+ // Find the old root entry as well.
+
+ // Need a strong ref. on |oldRootEntry| so it isn't destroyed when
+ // SetChildHistoryEntry() does SwapHistoryEntries() (bug 304639).
+ nsCOMPtr<nsISHEntry> oldRootEntry = GetRootSHEntry(*aPtr);
+ if (oldRootEntry) {
+ nsCOMPtr<nsIDocShellTreeItem> rootAsItem;
+ GetSameTypeRootTreeItem(getter_AddRefs(rootAsItem));
+ nsCOMPtr<nsIDocShell> rootShell = do_QueryInterface(rootAsItem);
+ if (rootShell) { // if we're the root just set it, nothing to swap
+ SwapEntriesData data = { this, newRootEntry };
+ nsIDocShell* rootIDocShell = static_cast<nsIDocShell*>(rootShell);
+ nsDocShell* rootDocShell = static_cast<nsDocShell*>(rootIDocShell);
+
+#ifdef DEBUG
+ nsresult rv =
+#endif
+ SetChildHistoryEntry(oldRootEntry, rootDocShell, 0, &data);
+ NS_ASSERTION(NS_SUCCEEDED(rv), "SetChildHistoryEntry failed");
+ }
+ }
+ }
+
+ *aPtr = aEntry;
+}
+
+nsresult
+nsDocShell::GetRootSessionHistory(nsISHistory** aReturn)
+{
+ nsresult rv;
+
+ nsCOMPtr<nsIDocShellTreeItem> root;
+ // Get the root docshell
+ rv = GetSameTypeRootTreeItem(getter_AddRefs(root));
+ // QI to nsIWebNavigation
+ nsCOMPtr<nsIWebNavigation> rootAsWebnav(do_QueryInterface(root));
+ if (rootAsWebnav) {
+ // Get the handle to SH from the root docshell
+ rv = rootAsWebnav->GetSessionHistory(aReturn);
+ }
+ return rv;
+}
+
+nsresult
+nsDocShell::GetHttpChannel(nsIChannel* aChannel, nsIHttpChannel** aReturn)
+{
+ NS_ENSURE_ARG_POINTER(aReturn);
+ if (!aChannel) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIMultiPartChannel> multiPartChannel(do_QueryInterface(aChannel));
+ if (multiPartChannel) {
+ nsCOMPtr<nsIChannel> baseChannel;
+ multiPartChannel->GetBaseChannel(getter_AddRefs(baseChannel));
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(baseChannel));
+ *aReturn = httpChannel;
+ NS_IF_ADDREF(*aReturn);
+ }
+ return NS_OK;
+}
+
+bool
+nsDocShell::ShouldDiscardLayoutState(nsIHttpChannel* aChannel)
+{
+ // By default layout State will be saved.
+ if (!aChannel) {
+ return false;
+ }
+
+ // figure out if SH should be saving layout state
+ bool noStore = false;
+ aChannel->IsNoStoreResponse(&noStore);
+ return noStore;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetEditor(nsIEditor** aEditor)
+{
+ NS_ENSURE_ARG_POINTER(aEditor);
+
+ if (!mEditorData) {
+ *aEditor = nullptr;
+ return NS_OK;
+ }
+
+ return mEditorData->GetEditor(aEditor);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetEditor(nsIEditor* aEditor)
+{
+ nsresult rv = EnsureEditorData();
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ return mEditorData->SetEditor(aEditor);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetEditable(bool* aEditable)
+{
+ NS_ENSURE_ARG_POINTER(aEditable);
+ *aEditable = mEditorData && mEditorData->GetEditable();
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetHasEditingSession(bool* aHasEditingSession)
+{
+ NS_ENSURE_ARG_POINTER(aHasEditingSession);
+
+ if (mEditorData) {
+ nsCOMPtr<nsIEditingSession> editingSession;
+ mEditorData->GetEditingSession(getter_AddRefs(editingSession));
+ *aHasEditingSession = (editingSession.get() != nullptr);
+ } else {
+ *aHasEditingSession = false;
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::MakeEditable(bool aInWaitForUriLoad)
+{
+ nsresult rv = EnsureEditorData();
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ return mEditorData->MakeEditable(aInWaitForUriLoad);
+}
+
+bool
+nsDocShell::ChannelIsPost(nsIChannel* aChannel)
+{
+ nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
+ if (!httpChannel) {
+ return false;
+ }
+
+ nsAutoCString method;
+ httpChannel->GetRequestMethod(method);
+ return method.EqualsLiteral("POST");
+}
+
+void
+nsDocShell::ExtractLastVisit(nsIChannel* aChannel,
+ nsIURI** aURI,
+ uint32_t* aChannelRedirectFlags)
+{
+ nsCOMPtr<nsIPropertyBag2> props(do_QueryInterface(aChannel));
+ if (!props) {
+ return;
+ }
+
+ nsresult rv = props->GetPropertyAsInterface(
+ NS_LITERAL_STRING("docshell.previousURI"),
+ NS_GET_IID(nsIURI),
+ reinterpret_cast<void**>(aURI));
+
+ if (NS_FAILED(rv)) {
+ // There is no last visit for this channel, so this must be the first
+ // link. Link the visit to the referrer of this request, if any.
+ // Treat referrer as null if there is an error getting it.
+ (void)NS_GetReferrerFromChannel(aChannel, aURI);
+ } else {
+ rv = props->GetPropertyAsUint32(NS_LITERAL_STRING("docshell.previousFlags"),
+ aChannelRedirectFlags);
+
+ NS_WARNING_ASSERTION(
+ NS_SUCCEEDED(rv),
+ "Could not fetch previous flags, URI will be treated like referrer");
+ }
+}
+
+void
+nsDocShell::SaveLastVisit(nsIChannel* aChannel,
+ nsIURI* aURI,
+ uint32_t aChannelRedirectFlags)
+{
+ nsCOMPtr<nsIWritablePropertyBag2> props(do_QueryInterface(aChannel));
+ if (!props || !aURI) {
+ return;
+ }
+
+ props->SetPropertyAsInterface(NS_LITERAL_STRING("docshell.previousURI"),
+ aURI);
+ props->SetPropertyAsUint32(NS_LITERAL_STRING("docshell.previousFlags"),
+ aChannelRedirectFlags);
+}
+
+void
+nsDocShell::AddURIVisit(nsIURI* aURI,
+ nsIURI* aReferrerURI,
+ nsIURI* aPreviousURI,
+ uint32_t aChannelRedirectFlags,
+ uint32_t aResponseStatus)
+{
+ MOZ_ASSERT(aURI, "Visited URI is null!");
+ MOZ_ASSERT(mLoadType != LOAD_ERROR_PAGE &&
+ mLoadType != LOAD_BYPASS_HISTORY,
+ "Do not add error or bypass pages to global history");
+
+ // Only content-type docshells save URI visits. Also don't do
+ // anything here if we're not supposed to use global history.
+ if (mItemType != typeContent || !mUseGlobalHistory || UsePrivateBrowsing()) {
+ return;
+ }
+
+ nsCOMPtr<IHistory> history = services::GetHistoryService();
+
+ if (history) {
+ uint32_t visitURIFlags = 0;
+
+ if (!IsFrame()) {
+ visitURIFlags |= IHistory::TOP_LEVEL;
+ }
+
+ if (aChannelRedirectFlags & nsIChannelEventSink::REDIRECT_TEMPORARY) {
+ visitURIFlags |= IHistory::REDIRECT_TEMPORARY;
+ } else if (aChannelRedirectFlags & nsIChannelEventSink::REDIRECT_PERMANENT) {
+ visitURIFlags |= IHistory::REDIRECT_PERMANENT;
+ }
+
+ if (aResponseStatus >= 300 && aResponseStatus < 400) {
+ visitURIFlags |= IHistory::REDIRECT_SOURCE;
+ }
+ // Errors 400-501 and 505 are considered unrecoverable, in the sense a
+ // simple retry attempt by the user is unlikely to solve them.
+ // 408 is special cased, since may actually indicate a temporary
+ // connection problem.
+ else if (aResponseStatus != 408 &&
+ ((aResponseStatus >= 400 && aResponseStatus <= 501) ||
+ aResponseStatus == 505)) {
+ visitURIFlags |= IHistory::UNRECOVERABLE_ERROR;
+ }
+
+ (void)history->VisitURI(aURI, aPreviousURI, visitURIFlags);
+ } else if (mGlobalHistory) {
+ // Falls back to sync global history interface.
+ (void)mGlobalHistory->AddURI(aURI,
+ !!aChannelRedirectFlags,
+ !IsFrame(),
+ aReferrerURI);
+ }
+}
+
+//*****************************************************************************
+// nsDocShell: Helper Routines
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::SetLoadType(uint32_t aLoadType)
+{
+ mLoadType = aLoadType;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetLoadType(uint32_t* aLoadType)
+{
+ *aLoadType = mLoadType;
+ return NS_OK;
+}
+
+nsresult
+nsDocShell::ConfirmRepost(bool* aRepost)
+{
+ nsCOMPtr<nsIPrompt> prompter;
+ CallGetInterface(this, static_cast<nsIPrompt**>(getter_AddRefs(prompter)));
+ if (!prompter) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ nsCOMPtr<nsIStringBundleService> stringBundleService =
+ mozilla::services::GetStringBundleService();
+ if (!stringBundleService) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIStringBundle> appBundle;
+ nsresult rv = stringBundleService->CreateBundle(kAppstringsBundleURL,
+ getter_AddRefs(appBundle));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsIStringBundle> brandBundle;
+ rv = stringBundleService->CreateBundle(kBrandBundleURL,
+ getter_AddRefs(brandBundle));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ NS_ASSERTION(prompter && brandBundle && appBundle,
+ "Unable to set up repost prompter.");
+
+ nsXPIDLString brandName;
+ rv = brandBundle->GetStringFromName(u"brandShortName",
+ getter_Copies(brandName));
+
+ nsXPIDLString msgString, button0Title;
+ if (NS_FAILED(rv)) { // No brand, use the generic version.
+ rv = appBundle->GetStringFromName(u"confirmRepostPrompt",
+ getter_Copies(msgString));
+ } else {
+ // Brand available - if the app has an override file with formatting, the
+ // app name will be included. Without an override, the prompt will look
+ // like the generic version.
+ const char16_t* formatStrings[] = { brandName.get() };
+ rv = appBundle->FormatStringFromName(u"confirmRepostPrompt",
+ formatStrings,
+ ArrayLength(formatStrings),
+ getter_Copies(msgString));
+ }
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ rv = appBundle->GetStringFromName(u"resendButton.label",
+ getter_Copies(button0Title));
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ int32_t buttonPressed;
+ // The actual value here is irrelevant, but we can't pass an invalid
+ // bool through XPConnect.
+ bool checkState = false;
+ rv = prompter->ConfirmEx(
+ nullptr, msgString.get(),
+ (nsIPrompt::BUTTON_POS_0 * nsIPrompt::BUTTON_TITLE_IS_STRING) +
+ (nsIPrompt::BUTTON_POS_1 * nsIPrompt::BUTTON_TITLE_CANCEL),
+ button0Title.get(), nullptr, nullptr, nullptr, &checkState, &buttonPressed);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ *aRepost = (buttonPressed == 0);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetPromptAndStringBundle(nsIPrompt** aPrompt,
+ nsIStringBundle** aStringBundle)
+{
+ NS_ENSURE_SUCCESS(GetInterface(NS_GET_IID(nsIPrompt), (void**)aPrompt),
+ NS_ERROR_FAILURE);
+
+ nsCOMPtr<nsIStringBundleService> stringBundleService =
+ mozilla::services::GetStringBundleService();
+ NS_ENSURE_TRUE(stringBundleService, NS_ERROR_FAILURE);
+
+ NS_ENSURE_SUCCESS(
+ stringBundleService->CreateBundle(kAppstringsBundleURL, aStringBundle),
+ NS_ERROR_FAILURE);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetChildOffset(nsIDOMNode* aChild, nsIDOMNode* aParent,
+ int32_t* aOffset)
+{
+ NS_ENSURE_ARG_POINTER(aChild || aParent);
+
+ nsCOMPtr<nsIDOMNodeList> childNodes;
+ NS_ENSURE_SUCCESS(aParent->GetChildNodes(getter_AddRefs(childNodes)),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_TRUE(childNodes, NS_ERROR_FAILURE);
+
+ int32_t i = 0;
+
+ for (; true; i++) {
+ nsCOMPtr<nsIDOMNode> childNode;
+ NS_ENSURE_SUCCESS(childNodes->Item(i, getter_AddRefs(childNode)),
+ NS_ERROR_FAILURE);
+ NS_ENSURE_TRUE(childNode, NS_ERROR_FAILURE);
+
+ if (childNode.get() == aChild) {
+ *aOffset = i;
+ return NS_OK;
+ }
+ }
+
+ return NS_ERROR_FAILURE;
+}
+
+nsIScrollableFrame*
+nsDocShell::GetRootScrollFrame()
+{
+ nsCOMPtr<nsIPresShell> shell = GetPresShell();
+ NS_ENSURE_TRUE(shell, nullptr);
+
+ return shell->GetRootScrollFrameAsScrollableExternal();
+}
+
+NS_IMETHODIMP
+nsDocShell::EnsureScriptEnvironment()
+{
+ if (mScriptGlobal) {
+ return NS_OK;
+ }
+
+ if (mIsBeingDestroyed) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+#ifdef DEBUG
+ NS_ASSERTION(!mInEnsureScriptEnv,
+ "Infinite loop! Calling EnsureScriptEnvironment() from "
+ "within EnsureScriptEnvironment()!");
+
+ // Yeah, this isn't re-entrant safe, but that's ok since if we
+ // re-enter this method, we'll infinitely loop...
+ AutoRestore<bool> boolSetter(mInEnsureScriptEnv);
+ mInEnsureScriptEnv = true;
+#endif
+
+ nsCOMPtr<nsIWebBrowserChrome> browserChrome(do_GetInterface(mTreeOwner));
+ NS_ENSURE_TRUE(browserChrome, NS_ERROR_NOT_AVAILABLE);
+
+ uint32_t chromeFlags;
+ browserChrome->GetChromeFlags(&chromeFlags);
+
+ bool isModalContentWindow =
+ (mItemType == typeContent) &&
+ (chromeFlags & nsIWebBrowserChrome::CHROME_MODAL_CONTENT_WINDOW);
+ // There can be various other content docshells associated with the
+ // top-level window, like sidebars. Make sure that we only create an
+ // nsGlobalModalWindow for the primary content shell.
+ if (isModalContentWindow) {
+ nsCOMPtr<nsIDocShellTreeItem> primaryItem;
+ nsresult rv =
+ mTreeOwner->GetPrimaryContentShell(getter_AddRefs(primaryItem));
+ NS_ENSURE_SUCCESS(rv, rv);
+ isModalContentWindow = (primaryItem == this);
+ }
+
+ // If our window is modal and we're not opened as chrome, make
+ // this window a modal content window.
+ mScriptGlobal =
+ NS_NewScriptGlobalObject(mItemType == typeChrome, isModalContentWindow);
+ MOZ_ASSERT(mScriptGlobal);
+
+ mScriptGlobal->SetDocShell(this);
+
+ // Ensure the script object is set up to run script.
+ return mScriptGlobal->EnsureScriptEnvironment();
+}
+
+NS_IMETHODIMP
+nsDocShell::EnsureEditorData()
+{
+ bool openDocHasDetachedEditor = mOSHE && mOSHE->HasDetachedEditor();
+ if (!mEditorData && !mIsBeingDestroyed && !openDocHasDetachedEditor) {
+ // We shouldn't recreate the editor data if it already exists, or
+ // we're shutting down, or we already have a detached editor data
+ // stored in the session history. We should only have one editordata
+ // per docshell.
+ mEditorData = new nsDocShellEditorData(this);
+ }
+
+ return mEditorData ? NS_OK : NS_ERROR_NOT_AVAILABLE;
+}
+
+nsresult
+nsDocShell::EnsureTransferableHookData()
+{
+ if (!mTransferableHookData) {
+ mTransferableHookData = new nsTransferableHookData();
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::EnsureFind()
+{
+ nsresult rv;
+ if (!mFind) {
+ mFind = do_CreateInstance("@mozilla.org/embedcomp/find;1", &rv);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ }
+
+ // we promise that the nsIWebBrowserFind that we return has been set
+ // up to point to the focused, or content window, so we have to
+ // set that up each time.
+
+ nsIScriptGlobalObject* scriptGO = GetScriptGlobalObject();
+ NS_ENSURE_TRUE(scriptGO, NS_ERROR_UNEXPECTED);
+
+ // default to our window
+ nsCOMPtr<nsPIDOMWindowOuter> ourWindow = do_QueryInterface(scriptGO);
+ nsCOMPtr<nsPIDOMWindowOuter> windowToSearch;
+ nsFocusManager::GetFocusedDescendant(ourWindow, true,
+ getter_AddRefs(windowToSearch));
+
+ nsCOMPtr<nsIWebBrowserFindInFrames> findInFrames = do_QueryInterface(mFind);
+ if (!findInFrames) {
+ return NS_ERROR_NO_INTERFACE;
+ }
+
+ rv = findInFrames->SetRootSearchFrame(ourWindow);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+ rv = findInFrames->SetCurrentSearchFrame(windowToSearch);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ return NS_OK;
+}
+
+bool
+nsDocShell::IsFrame()
+{
+ nsCOMPtr<nsIDocShellTreeItem> parent;
+ GetSameTypeParent(getter_AddRefs(parent));
+ return !!parent;
+}
+
+NS_IMETHODIMP
+nsDocShell::IsBeingDestroyed(bool* aDoomed)
+{
+ NS_ENSURE_ARG(aDoomed);
+ *aDoomed = mIsBeingDestroyed;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetIsExecutingOnLoadHandler(bool* aResult)
+{
+ NS_ENSURE_ARG(aResult);
+ *aResult = mIsExecutingOnLoadHandler;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetLayoutHistoryState(nsILayoutHistoryState** aLayoutHistoryState)
+{
+ if (mOSHE) {
+ mOSHE->GetLayoutHistoryState(aLayoutHistoryState);
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetLayoutHistoryState(nsILayoutHistoryState* aLayoutHistoryState)
+{
+ if (mOSHE) {
+ mOSHE->SetLayoutHistoryState(aLayoutHistoryState);
+ }
+ return NS_OK;
+}
+
+nsRefreshTimer::nsRefreshTimer()
+ : mDelay(0), mRepeat(false), mMetaRefresh(false)
+{
+}
+
+nsRefreshTimer::~nsRefreshTimer()
+{
+}
+
+NS_IMPL_ADDREF(nsRefreshTimer)
+NS_IMPL_RELEASE(nsRefreshTimer)
+
+NS_INTERFACE_MAP_BEGIN(nsRefreshTimer)
+ NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsITimerCallback)
+ NS_INTERFACE_MAP_ENTRY(nsITimerCallback)
+NS_INTERFACE_MAP_END_THREADSAFE
+
+NS_IMETHODIMP
+nsRefreshTimer::Notify(nsITimer* aTimer)
+{
+ NS_ASSERTION(mDocShell, "DocShell is somehow null");
+
+ if (mDocShell && aTimer) {
+ // Get the delay count to determine load type
+ uint32_t delay = 0;
+ aTimer->GetDelay(&delay);
+ mDocShell->ForceRefreshURIFromTimer(mURI, delay, mMetaRefresh, aTimer, mPrincipal);
+ }
+ return NS_OK;
+}
+
+nsDocShell::InterfaceRequestorProxy::InterfaceRequestorProxy(
+ nsIInterfaceRequestor* aRequestor)
+{
+ if (aRequestor) {
+ mWeakPtr = do_GetWeakReference(aRequestor);
+ }
+}
+
+nsDocShell::InterfaceRequestorProxy::~InterfaceRequestorProxy()
+{
+ mWeakPtr = nullptr;
+}
+
+NS_IMPL_ISUPPORTS(nsDocShell::InterfaceRequestorProxy, nsIInterfaceRequestor)
+
+NS_IMETHODIMP
+nsDocShell::InterfaceRequestorProxy::GetInterface(const nsIID& aIID,
+ void** aSink)
+{
+ NS_ENSURE_ARG_POINTER(aSink);
+ nsCOMPtr<nsIInterfaceRequestor> ifReq = do_QueryReferent(mWeakPtr);
+ if (ifReq) {
+ return ifReq->GetInterface(aIID, aSink);
+ }
+ *aSink = nullptr;
+ return NS_NOINTERFACE;
+}
+
+nsresult
+nsDocShell::SetBaseUrlForWyciwyg(nsIContentViewer* aContentViewer)
+{
+ if (!aContentViewer) {
+ return NS_ERROR_FAILURE;
+ }
+
+ nsCOMPtr<nsIURI> baseURI;
+ nsresult rv = NS_ERROR_NOT_AVAILABLE;
+
+ if (sURIFixup) {
+ rv = sURIFixup->CreateExposableURI(mCurrentURI, getter_AddRefs(baseURI));
+ }
+
+ // Get the current document and set the base uri
+ if (baseURI) {
+ nsIDocument* document = aContentViewer->GetDocument();
+ if (document) {
+ document->SetBaseURI(baseURI);
+ }
+ }
+ return rv;
+}
+
+//*****************************************************************************
+// nsDocShell::nsIAuthPromptProvider
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::GetAuthPrompt(uint32_t aPromptReason, const nsIID& aIID,
+ void** aResult)
+{
+ // a priority prompt request will override a false mAllowAuth setting
+ bool priorityPrompt = (aPromptReason == PROMPT_PROXY);
+
+ if (!mAllowAuth && !priorityPrompt) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ // we're either allowing auth, or it's a proxy request
+ nsresult rv;
+ nsCOMPtr<nsIPromptFactory> wwatch =
+ do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ rv = EnsureScriptEnvironment();
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Get the an auth prompter for our window so that the parenting
+ // of the dialogs works as it should when using tabs.
+
+ return wwatch->GetPrompt(mScriptGlobal->AsOuter(), aIID,
+ reinterpret_cast<void**>(aResult));
+}
+
+//*****************************************************************************
+// nsDocShell::nsILoadContext
+//*****************************************************************************
+
+NS_IMETHODIMP
+nsDocShell::GetAssociatedWindow(mozIDOMWindowProxy** aWindow)
+{
+ CallGetInterface(this, aWindow);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetTopWindow(mozIDOMWindowProxy** aWindow)
+{
+ nsCOMPtr<nsPIDOMWindowOuter> win = GetWindow();
+ if (win) {
+ win = win->GetTop();
+ }
+ win.forget(aWindow);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetTopFrameElement(nsIDOMElement** aElement)
+{
+ *aElement = nullptr;
+ nsCOMPtr<nsPIDOMWindowOuter> win = GetWindow();
+ if (!win) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> top = win->GetScriptableTop();
+ NS_ENSURE_TRUE(top, NS_ERROR_FAILURE);
+
+ // GetFrameElementInternal, /not/ GetScriptableFrameElement -- if |top| is
+ // inside <iframe mozbrowser>, we want to return the iframe, not null.
+ // And we want to cross the content/chrome boundary.
+ nsCOMPtr<nsIDOMElement> elt =
+ do_QueryInterface(top->GetFrameElementInternal());
+ elt.forget(aElement);
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetNestedFrameId(uint64_t* aId)
+{
+ *aId = 0;
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::IsTrackingProtectionOn(bool* aIsTrackingProtectionOn)
+{
+ if (Preferences::GetBool("privacy.trackingprotection.enabled", false)) {
+ *aIsTrackingProtectionOn = true;
+ } else if (UsePrivateBrowsing() &&
+ Preferences::GetBool("privacy.trackingprotection.pbmode.enabled", false)) {
+ *aIsTrackingProtectionOn = true;
+ } else {
+ *aIsTrackingProtectionOn = false;
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetIsContent(bool* aIsContent)
+{
+ *aIsContent = (mItemType == typeContent);
+ return NS_OK;
+}
+
+bool
+nsDocShell::IsOKToLoadURI(nsIURI* aURI)
+{
+ NS_PRECONDITION(aURI, "Must have a URI!");
+
+ if (!mFiredUnloadEvent) {
+ return true;
+ }
+
+ if (!mLoadingURI) {
+ return false;
+ }
+
+ nsCOMPtr<nsIScriptSecurityManager> secMan =
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+ return secMan &&
+ NS_SUCCEEDED(secMan->CheckSameOriginURI(aURI, mLoadingURI, false));
+}
+
+//
+// Routines for selection and clipboard
+//
+nsresult
+nsDocShell::GetControllerForCommand(const char* aCommand,
+ nsIController** aResult)
+{
+ NS_ENSURE_ARG_POINTER(aResult);
+ *aResult = nullptr;
+
+ NS_ENSURE_TRUE(mScriptGlobal, NS_ERROR_FAILURE);
+
+ nsCOMPtr<nsPIWindowRoot> root = mScriptGlobal->GetTopWindowRoot();
+ NS_ENSURE_TRUE(root, NS_ERROR_FAILURE);
+
+ return root->GetControllerForCommand(aCommand, aResult);
+}
+
+NS_IMETHODIMP
+nsDocShell::IsCommandEnabled(const char* aCommand, bool* aResult)
+{
+ NS_ENSURE_ARG_POINTER(aResult);
+ *aResult = false;
+
+ nsresult rv = NS_ERROR_FAILURE;
+
+ nsCOMPtr<nsIController> controller;
+ rv = GetControllerForCommand(aCommand, getter_AddRefs(controller));
+ if (controller) {
+ rv = controller->IsCommandEnabled(aCommand, aResult);
+ }
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::DoCommand(const char* aCommand)
+{
+ nsresult rv = NS_ERROR_FAILURE;
+
+ nsCOMPtr<nsIController> controller;
+ rv = GetControllerForCommand(aCommand, getter_AddRefs(controller));
+ if (controller) {
+ rv = controller->DoCommand(aCommand);
+ }
+
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::DoCommandWithParams(const char* aCommand, nsICommandParams* aParams)
+{
+ nsCOMPtr<nsIController> controller;
+ nsresult rv = GetControllerForCommand(aCommand, getter_AddRefs(controller));
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ nsCOMPtr<nsICommandController> commandController =
+ do_QueryInterface(controller, &rv);
+ if (NS_WARN_IF(NS_FAILED(rv))) {
+ return rv;
+ }
+
+ return commandController->DoCommandWithParams(aCommand, aParams);
+}
+
+nsresult
+nsDocShell::EnsureCommandHandler()
+{
+ if (!mCommandManager) {
+ nsCOMPtr<nsPICommandUpdater> commandUpdater =
+ do_CreateInstance("@mozilla.org/embedcomp/command-manager;1");
+ if (!commandUpdater) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ nsCOMPtr<nsPIDOMWindowOuter> domWindow = GetWindow();
+ nsresult rv = commandUpdater->Init(domWindow);
+ if (NS_SUCCEEDED(rv)) {
+ mCommandManager = do_QueryInterface(commandUpdater);
+ }
+ }
+
+ return mCommandManager ? NS_OK : NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::CanCutSelection(bool* aResult)
+{
+ return IsCommandEnabled("cmd_cut", aResult);
+}
+
+NS_IMETHODIMP
+nsDocShell::CanCopySelection(bool* aResult)
+{
+ return IsCommandEnabled("cmd_copy", aResult);
+}
+
+NS_IMETHODIMP
+nsDocShell::CanCopyLinkLocation(bool* aResult)
+{
+ return IsCommandEnabled("cmd_copyLink", aResult);
+}
+
+NS_IMETHODIMP
+nsDocShell::CanCopyImageLocation(bool* aResult)
+{
+ return IsCommandEnabled("cmd_copyImageLocation", aResult);
+}
+
+NS_IMETHODIMP
+nsDocShell::CanCopyImageContents(bool* aResult)
+{
+ return IsCommandEnabled("cmd_copyImageContents", aResult);
+}
+
+NS_IMETHODIMP
+nsDocShell::CanPaste(bool* aResult)
+{
+ return IsCommandEnabled("cmd_paste", aResult);
+}
+
+NS_IMETHODIMP
+nsDocShell::CutSelection(void)
+{
+ return DoCommand("cmd_cut");
+}
+
+NS_IMETHODIMP
+nsDocShell::CopySelection(void)
+{
+ return DoCommand("cmd_copy");
+}
+
+NS_IMETHODIMP
+nsDocShell::CopyLinkLocation(void)
+{
+ return DoCommand("cmd_copyLink");
+}
+
+NS_IMETHODIMP
+nsDocShell::CopyImageLocation(void)
+{
+ return DoCommand("cmd_copyImageLocation");
+}
+
+NS_IMETHODIMP
+nsDocShell::CopyImageContents(void)
+{
+ return DoCommand("cmd_copyImageContents");
+}
+
+NS_IMETHODIMP
+nsDocShell::Paste(void)
+{
+ return DoCommand("cmd_paste");
+}
+
+NS_IMETHODIMP
+nsDocShell::SelectAll(void)
+{
+ return DoCommand("cmd_selectAll");
+}
+
+//
+// SelectNone
+//
+// Collapses the current selection, insertion point ends up at beginning
+// of previous selection.
+//
+NS_IMETHODIMP
+nsDocShell::SelectNone(void)
+{
+ return DoCommand("cmd_selectNone");
+}
+
+// link handling
+
+class OnLinkClickEvent : public Runnable
+{
+public:
+ OnLinkClickEvent(nsDocShell* aHandler, nsIContent* aContent,
+ nsIURI* aURI,
+ const char16_t* aTargetSpec,
+ const nsAString& aFileName,
+ nsIInputStream* aPostDataStream,
+ nsIInputStream* aHeadersDataStream,
+ bool aIsTrusted);
+
+ NS_IMETHOD Run() override
+ {
+ nsAutoPopupStatePusher popupStatePusher(mPopupState);
+
+ // We need to set up an AutoJSAPI here for the following reason: When we do
+ // OnLinkClickSync we'll eventually end up in nsGlobalWindow::OpenInternal
+ // which only does popup blocking if !LegacyIsCallerChromeOrNativeCode().
+ // So we need to fake things so that we don't look like native code as far
+ // as LegacyIsCallerNativeCode() is concerned.
+ AutoJSAPI jsapi;
+ if (mIsTrusted || jsapi.Init(mContent->OwnerDoc()->GetScopeObject())) {
+ mHandler->OnLinkClickSync(mContent, mURI,
+ mTargetSpec.get(), mFileName,
+ mPostDataStream, mHeadersDataStream,
+ nullptr, nullptr);
+ }
+ return NS_OK;
+ }
+
+private:
+ RefPtr<nsDocShell> mHandler;
+ nsCOMPtr<nsIURI> mURI;
+ nsString mTargetSpec;
+ nsString mFileName;
+ nsCOMPtr<nsIInputStream> mPostDataStream;
+ nsCOMPtr<nsIInputStream> mHeadersDataStream;
+ nsCOMPtr<nsIContent> mContent;
+ PopupControlState mPopupState;
+ bool mIsTrusted;
+};
+
+OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
+ nsIContent* aContent,
+ nsIURI* aURI,
+ const char16_t* aTargetSpec,
+ const nsAString& aFileName,
+ nsIInputStream* aPostDataStream,
+ nsIInputStream* aHeadersDataStream,
+ bool aIsTrusted)
+ : mHandler(aHandler)
+ , mURI(aURI)
+ , mTargetSpec(aTargetSpec)
+ , mFileName(aFileName)
+ , mPostDataStream(aPostDataStream)
+ , mHeadersDataStream(aHeadersDataStream)
+ , mContent(aContent)
+ , mPopupState(mHandler->mScriptGlobal->GetPopupControlState())
+ , mIsTrusted(aIsTrusted)
+{
+}
+
+NS_IMETHODIMP
+nsDocShell::OnLinkClick(nsIContent* aContent,
+ nsIURI* aURI,
+ const char16_t* aTargetSpec,
+ const nsAString& aFileName,
+ nsIInputStream* aPostDataStream,
+ nsIInputStream* aHeadersDataStream,
+ bool aIsTrusted)
+{
+ NS_ASSERTION(NS_IsMainThread(), "wrong thread");
+
+ if (!IsNavigationAllowed() || !IsOKToLoadURI(aURI)) {
+ return NS_OK;
+ }
+
+ // On history navigation through Back/Forward buttons, don't execute
+ // automatic JavaScript redirection such as |anchorElement.click()| or
+ // |formElement.submit()|.
+ //
+ // XXX |formElement.submit()| bypasses this checkpoint because it calls
+ // nsDocShell::OnLinkClickSync(...) instead.
+ if (ShouldBlockLoadingForBackButton()) {
+ return NS_OK;
+ }
+
+ if (aContent->IsEditable()) {
+ return NS_OK;
+ }
+
+ nsresult rv = NS_ERROR_FAILURE;
+ nsAutoString target;
+
+ nsCOMPtr<nsIWebBrowserChrome3> browserChrome3 = do_GetInterface(mTreeOwner);
+ if (browserChrome3) {
+ nsCOMPtr<nsIDOMNode> linkNode = do_QueryInterface(aContent);
+ nsAutoString oldTarget(aTargetSpec);
+ rv = browserChrome3->OnBeforeLinkTraversal(oldTarget, aURI,
+ linkNode, mIsAppTab, target);
+ }
+
+ if (NS_FAILED(rv)) {
+ target = aTargetSpec;
+ }
+
+ nsCOMPtr<nsIRunnable> ev =
+ new OnLinkClickEvent(this, aContent, aURI, target.get(), aFileName,
+ aPostDataStream, aHeadersDataStream, aIsTrusted);
+ return NS_DispatchToCurrentThread(ev);
+}
+
+NS_IMETHODIMP
+nsDocShell::OnLinkClickSync(nsIContent* aContent,
+ nsIURI* aURI,
+ const char16_t* aTargetSpec,
+ const nsAString& aFileName,
+ nsIInputStream* aPostDataStream,
+ nsIInputStream* aHeadersDataStream,
+ nsIDocShell** aDocShell,
+ nsIRequest** aRequest)
+{
+ // Initialize the DocShell / Request
+ if (aDocShell) {
+ *aDocShell = nullptr;
+ }
+ if (aRequest) {
+ *aRequest = nullptr;
+ }
+
+ if (!IsNavigationAllowed() || !IsOKToLoadURI(aURI)) {
+ return NS_OK;
+ }
+
+ // XXX When the linking node was HTMLFormElement, it is synchronous event.
+ // That is, the caller of this method is not |OnLinkClickEvent::Run()|
+ // but |HTMLFormElement::SubmitSubmission(...)|.
+ if (aContent->IsHTMLElement(nsGkAtoms::form) &&
+ ShouldBlockLoadingForBackButton()) {
+ return NS_OK;
+ }
+
+ if (aContent->IsEditable()) {
+ return NS_OK;
+ }
+
+ {
+ // defer to an external protocol handler if necessary...
+ nsCOMPtr<nsIExternalProtocolService> extProtService =
+ do_GetService(NS_EXTERNALPROTOCOLSERVICE_CONTRACTID);
+ if (extProtService) {
+ nsAutoCString scheme;
+ aURI->GetScheme(scheme);
+ if (!scheme.IsEmpty()) {
+ // if the URL scheme does not correspond to an exposed protocol, then we
+ // need to hand this link click over to the external protocol handler.
+ bool isExposed;
+ nsresult rv =
+ extProtService->IsExposedProtocol(scheme.get(), &isExposed);
+ if (NS_SUCCEEDED(rv) && !isExposed) {
+ return extProtService->LoadURI(aURI, this);
+ }
+ }
+ }
+ }
+
+ uint32_t flags = INTERNAL_LOAD_FLAGS_NONE;
+ if (IsElementAnchor(aContent)) {
+ MOZ_ASSERT(aContent->IsHTMLElement());
+ nsAutoString referrer;
+ aContent->GetAttr(kNameSpaceID_None, nsGkAtoms::rel, referrer);
+ nsWhitespaceTokenizerTemplate<nsContentUtils::IsHTMLWhitespace> tok(referrer);
+ while (tok.hasMoreTokens()) {
+ const nsAString& token = tok.nextToken();
+ if (token.LowerCaseEqualsLiteral("noreferrer")) {
+ flags |= INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER |
+ INTERNAL_LOAD_FLAGS_NO_OPENER;
+ // We now have all the flags we could possibly have, so just stop.
+ break;
+ }
+ if (token.LowerCaseEqualsLiteral("noopener")) {
+ flags |= INTERNAL_LOAD_FLAGS_NO_OPENER;
+ }
+ }
+ }
+
+ // Get the owner document of the link that was clicked, this will be
+ // the document that the link is in, or the last document that the
+ // link was in. From that document, we'll get the URI to use as the
+ // referer, since the current URI in this docshell may be a
+ // new document that we're in the process of loading.
+ nsCOMPtr<nsIDocument> refererDoc = aContent->OwnerDoc();
+ NS_ENSURE_TRUE(refererDoc, NS_ERROR_UNEXPECTED);
+
+ // Now check that the refererDoc's inner window is the current inner
+ // window for mScriptGlobal. If it's not, then we don't want to
+ // follow this link.
+ nsPIDOMWindowInner* refererInner = refererDoc->GetInnerWindow();
+ NS_ENSURE_TRUE(refererInner, NS_ERROR_UNEXPECTED);
+ if (!mScriptGlobal ||
+ mScriptGlobal->AsOuter()->GetCurrentInnerWindow() != refererInner) {
+ // We're no longer the current inner window
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIURI> referer = refererDoc->GetDocumentURI();
+ uint32_t refererPolicy = refererDoc->GetReferrerPolicy();
+
+ // get referrer attribute from clicked link and parse it
+ // if per element referrer is enabled, the element referrer overrules
+ // the document wide referrer
+ if (IsElementAnchor(aContent)) {
+ net::ReferrerPolicy refPolEnum = aContent->AsElement()->GetReferrerPolicyAsEnum();
+ if (refPolEnum != net::RP_Unset) {
+ refererPolicy = refPolEnum;
+ }
+ }
+
+ // referer could be null here in some odd cases, but that's ok,
+ // we'll just load the link w/o sending a referer in those cases.
+
+ nsAutoString target(aTargetSpec);
+
+ // If this is an anchor element, grab its type property to use as a hint
+ nsAutoString typeHint;
+ nsCOMPtr<nsIDOMHTMLAnchorElement> anchor(do_QueryInterface(aContent));
+ if (anchor) {
+ anchor->GetType(typeHint);
+ NS_ConvertUTF16toUTF8 utf8Hint(typeHint);
+ nsAutoCString type, dummy;
+ NS_ParseRequestContentType(utf8Hint, type, dummy);
+ CopyUTF8toUTF16(type, typeHint);
+ }
+
+ // Clone the URI now, in case a content policy or something messes
+ // with it under InternalLoad; we do _not_ want to change the URI
+ // our caller passed in.
+ nsCOMPtr<nsIURI> clonedURI;
+ aURI->Clone(getter_AddRefs(clonedURI));
+ if (!clonedURI) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ nsresult rv = InternalLoad(clonedURI, // New URI
+ nullptr, // Original URI
+ false, // LoadReplace
+ referer, // Referer URI
+ refererPolicy, // Referer policy
+ aContent->NodePrincipal(), // Triggering is our node's
+ // principal
+ aContent->NodePrincipal(),
+ flags,
+ target, // Window target
+ NS_LossyConvertUTF16toASCII(typeHint).get(),
+ aFileName, // Download as file
+ aPostDataStream, // Post data stream
+ aHeadersDataStream, // Headers stream
+ LOAD_LINK, // Load type
+ nullptr, // No SHEntry
+ true, // first party site
+ NullString(), // No srcdoc
+ this, // We are the source
+ nullptr, // baseURI not needed
+ aDocShell, // DocShell out-param
+ aRequest); // Request out-param
+ if (NS_SUCCEEDED(rv)) {
+ DispatchPings(this, aContent, aURI, referer, refererPolicy);
+ }
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::OnOverLink(nsIContent* aContent,
+ nsIURI* aURI,
+ const char16_t* aTargetSpec)
+{
+ if (aContent->IsEditable()) {
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIWebBrowserChrome2> browserChrome2 = do_GetInterface(mTreeOwner);
+ nsresult rv = NS_ERROR_FAILURE;
+
+ nsCOMPtr<nsIWebBrowserChrome> browserChrome;
+ if (!browserChrome2) {
+ browserChrome = do_GetInterface(mTreeOwner);
+ if (!browserChrome) {
+ return rv;
+ }
+ }
+
+ nsCOMPtr<nsITextToSubURI> textToSubURI =
+ do_GetService(NS_ITEXTTOSUBURI_CONTRACTID, &rv);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
+
+ // use url origin charset to unescape the URL
+ nsAutoCString charset;
+ rv = aURI->GetOriginCharset(charset);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsAutoCString spec;
+ rv = aURI->GetSpec(spec);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsAutoString uStr;
+ rv = textToSubURI->UnEscapeURIForUI(charset, spec, uStr);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ mozilla::net::PredictorPredict(aURI, mCurrentURI,
+ nsINetworkPredictor::PREDICT_LINK,
+ this, nullptr);
+
+ if (browserChrome2) {
+ nsCOMPtr<nsIDOMElement> element = do_QueryInterface(aContent);
+ rv = browserChrome2->SetStatusWithContext(nsIWebBrowserChrome::STATUS_LINK,
+ uStr, element);
+ } else {
+ rv = browserChrome->SetStatus(nsIWebBrowserChrome::STATUS_LINK, uStr.get());
+ }
+ return rv;
+}
+
+NS_IMETHODIMP
+nsDocShell::OnLeaveLink()
+{
+ nsCOMPtr<nsIWebBrowserChrome> browserChrome(do_GetInterface(mTreeOwner));
+ nsresult rv = NS_ERROR_FAILURE;
+
+ if (browserChrome) {
+ rv = browserChrome->SetStatus(nsIWebBrowserChrome::STATUS_LINK,
+ EmptyString().get());
+ }
+ return rv;
+}
+
+bool
+nsDocShell::ShouldBlockLoadingForBackButton()
+{
+ if (!(mLoadType & LOAD_CMD_HISTORY) ||
+ EventStateManager::IsHandlingUserInput() ||
+ !Preferences::GetBool("accessibility.blockjsredirection")) {
+ return false;
+ }
+
+ bool canGoForward = false;
+ GetCanGoForward(&canGoForward);
+ return canGoForward;
+}
+
+bool
+nsDocShell::PluginsAllowedInCurrentDoc()
+{
+ bool pluginsAllowed = false;
+
+ if (!mContentViewer) {
+ return false;
+ }
+
+ nsIDocument* doc = mContentViewer->GetDocument();
+ if (!doc) {
+ return false;
+ }
+
+ doc->GetAllowPlugins(&pluginsAllowed);
+ return pluginsAllowed;
+}
+
+//----------------------------------------------------------------------
+// Web Shell Services API
+
+// This functions is only called when a new charset is detected in loading a
+// document. Its name should be changed to "CharsetReloadDocument"
+NS_IMETHODIMP
+nsDocShell::ReloadDocument(const char* aCharset, int32_t aSource)
+{
+ // XXX hack. keep the aCharset and aSource wait to pick it up
+ nsCOMPtr<nsIContentViewer> cv;
+ NS_ENSURE_SUCCESS(GetContentViewer(getter_AddRefs(cv)), NS_ERROR_FAILURE);
+ if (cv) {
+ int32_t hint;
+ cv->GetHintCharacterSetSource(&hint);
+ if (aSource > hint) {
+ nsCString charset(aCharset);
+ cv->SetHintCharacterSet(charset);
+ cv->SetHintCharacterSetSource(aSource);
+ if (eCharsetReloadRequested != mCharsetReloadState) {
+ mCharsetReloadState = eCharsetReloadRequested;
+ return Reload(LOAD_FLAGS_CHARSET_CHANGE);
+ }
+ }
+ }
+ // return failure if this request is not accepted due to mCharsetReloadState
+ return NS_ERROR_DOCSHELL_REQUEST_REJECTED;
+}
+
+NS_IMETHODIMP
+nsDocShell::StopDocumentLoad(void)
+{
+ if (eCharsetReloadRequested != mCharsetReloadState) {
+ Stop(nsIWebNavigation::STOP_ALL);
+ return NS_OK;
+ }
+ // return failer if this request is not accepted due to mCharsetReloadState
+ return NS_ERROR_DOCSHELL_REQUEST_REJECTED;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetPrintPreview(nsIWebBrowserPrint** aPrintPreview)
+{
+ *aPrintPreview = nullptr;
+#if NS_PRINT_PREVIEW
+ nsCOMPtr<nsIDocumentViewerPrint> print = do_QueryInterface(mContentViewer);
+ if (!print || !print->IsInitializedForPrintPreview()) {
+ Stop(nsIWebNavigation::STOP_ALL);
+ nsCOMPtr<nsIPrincipal> principal = nsNullPrincipal::CreateWithInheritedAttributes(this);
+ nsresult rv = CreateAboutBlankContentViewer(principal, nullptr);
+ NS_ENSURE_SUCCESS(rv, rv);
+ print = do_QueryInterface(mContentViewer);
+ NS_ENSURE_STATE(print);
+ print->InitializeForPrintPreview();
+ }
+ nsCOMPtr<nsIWebBrowserPrint> result = do_QueryInterface(print);
+ result.forget(aPrintPreview);
+ return NS_OK;
+#else
+ return NS_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
+#ifdef DEBUG
+unsigned long nsDocShell::gNumberOfDocShells = 0;
+#endif
+
+NS_IMETHODIMP
+nsDocShell::GetCanExecuteScripts(bool* aResult)
+{
+ *aResult = mCanExecuteScripts;
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::SetFrameType(uint32_t aFrameType)
+{
+ mFrameType = aFrameType;
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetFrameType(uint32_t* aFrameType)
+{
+ *aFrameType = mFrameType;
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetIsApp(bool* aIsApp)
+{
+ *aIsApp = (mFrameType == FRAME_TYPE_APP);
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetIsMozBrowserOrApp(bool* aIsMozBrowserOrApp)
+{
+ *aIsMozBrowserOrApp = (mFrameType != FRAME_TYPE_REGULAR);
+ return NS_OK;
+}
+
+uint32_t
+nsDocShell::GetInheritedFrameType()
+{
+ if (mFrameType != FRAME_TYPE_REGULAR) {
+ return mFrameType;
+ }
+
+ nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
+ GetSameTypeParent(getter_AddRefs(parentAsItem));
+
+ nsCOMPtr<nsIDocShell> parent = do_QueryInterface(parentAsItem);
+ if (!parent) {
+ return FRAME_TYPE_REGULAR;
+ }
+
+ return static_cast<nsDocShell*>(parent.get())->GetInheritedFrameType();
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetIsIsolatedMozBrowserElement(bool* aIsIsolatedMozBrowserElement)
+{
+ bool result = mFrameType == FRAME_TYPE_BROWSER &&
+ mOriginAttributes.mInIsolatedMozBrowser;
+ *aIsIsolatedMozBrowserElement = result;
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetIsInIsolatedMozBrowserElement(bool* aIsInIsolatedMozBrowserElement)
+{
+ MOZ_ASSERT(!mOriginAttributes.mInIsolatedMozBrowser ||
+ (GetInheritedFrameType() == FRAME_TYPE_BROWSER),
+ "Isolated mozbrowser should only be true inside browser frames");
+ bool result = (GetInheritedFrameType() == FRAME_TYPE_BROWSER) &&
+ mOriginAttributes.mInIsolatedMozBrowser;
+ *aIsInIsolatedMozBrowserElement = result;
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetIsInMozBrowserOrApp(bool* aIsInMozBrowserOrApp)
+{
+ *aIsInMozBrowserOrApp = (GetInheritedFrameType() != FRAME_TYPE_REGULAR);
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetIsTopLevelContentDocShell(bool* aIsTopLevelContentDocShell)
+{
+ *aIsTopLevelContentDocShell = false;
+
+ if (mItemType == typeContent) {
+ nsCOMPtr<nsIDocShellTreeItem> root;
+ GetSameTypeRootTreeItem(getter_AddRefs(root));
+ *aIsTopLevelContentDocShell = root.get() == static_cast<nsIDocShellTreeItem*>(this);
+ }
+
+ return NS_OK;
+}
+
+/* [infallible] */ NS_IMETHODIMP
+nsDocShell::GetAppId(uint32_t* aAppId)
+{
+ if (mOriginAttributes.mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID) {
+ *aAppId = mOriginAttributes.mAppId;
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIDocShell> parent;
+ GetSameTypeParentIgnoreBrowserAndAppBoundaries(getter_AddRefs(parent));
+
+ if (!parent) {
+ *aAppId = nsIScriptSecurityManager::NO_APP_ID;
+ return NS_OK;
+ }
+
+ return parent->GetAppId(aAppId);
+}
+
+// Implements nsILoadContext.originAttributes
+NS_IMETHODIMP
+nsDocShell::GetOriginAttributes(JS::MutableHandle<JS::Value> aVal)
+{
+ JSContext* cx = nsContentUtils::GetCurrentJSContext();
+ MOZ_ASSERT(cx);
+
+ return GetOriginAttributes(cx, aVal);
+}
+
+// Implements nsIDocShell.GetOriginAttributes()
+NS_IMETHODIMP
+nsDocShell::GetOriginAttributes(JSContext* aCx,
+ JS::MutableHandle<JS::Value> aVal)
+{
+ bool ok = ToJSValue(aCx, mOriginAttributes, aVal);
+ NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
+ return NS_OK;
+}
+
+bool
+nsDocShell::CanSetOriginAttributes()
+{
+ MOZ_ASSERT(mChildList.IsEmpty());
+ if (!mChildList.IsEmpty()) {
+ return false;
+ }
+
+ // TODO: Bug 1273058 - mContentViewer should be null when setting origin
+ // attributes.
+ if (mContentViewer) {
+ nsIDocument* doc = mContentViewer->GetDocument();
+ if (doc) {
+ nsIURI* uri = doc->GetDocumentURI();
+ if (!uri) {
+ return false;
+ }
+ nsCString uriSpec = uri->GetSpecOrDefault();
+ MOZ_ASSERT(uriSpec.EqualsLiteral("about:blank"));
+ if (!uriSpec.EqualsLiteral("about:blank")) {
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
+nsresult
+nsDocShell::SetOriginAttributes(const DocShellOriginAttributes& aAttrs)
+{
+ if (!CanSetOriginAttributes()) {
+ return NS_ERROR_FAILURE;
+ }
+
+ AssertOriginAttributesMatchPrivateBrowsing();
+ mOriginAttributes = aAttrs;
+
+ bool isPrivate = mOriginAttributes.mPrivateBrowsingId > 0;
+ // Chrome docshell can not contain OriginAttributes.mPrivateBrowsingId
+ if (mItemType == typeChrome && isPrivate) {
+ mOriginAttributes.mPrivateBrowsingId = 0;
+ }
+
+ SetPrivateBrowsing(isPrivate);
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::SetOriginAttributesBeforeLoading(JS::Handle<JS::Value> aOriginAttributes)
+{
+ if (!aOriginAttributes.isObject()) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ AutoJSAPI jsapi;
+ if (!jsapi.Init(&aOriginAttributes.toObject())) {
+ return NS_ERROR_UNEXPECTED;
+ }
+
+ JSContext* cx = jsapi.cx();
+ if (NS_WARN_IF(!cx)) {
+ return NS_ERROR_FAILURE;
+ }
+
+ DocShellOriginAttributes attrs;
+ if (!aOriginAttributes.isObject() || !attrs.Init(cx, aOriginAttributes)) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ return SetOriginAttributes(attrs);
+}
+
+NS_IMETHODIMP
+nsDocShell::SetOriginAttributes(JS::Handle<JS::Value> aOriginAttributes,
+ JSContext* aCx)
+{
+ DocShellOriginAttributes attrs;
+ if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
+ return NS_ERROR_INVALID_ARG;
+ }
+
+ return SetOriginAttributes(attrs);
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAppManifestURL(nsAString& aAppManifestURL)
+{
+ uint32_t appId = nsIDocShell::GetAppId();
+ if (appId != nsIScriptSecurityManager::NO_APP_ID &&
+ appId != nsIScriptSecurityManager::UNKNOWN_APP_ID) {
+ nsCOMPtr<nsIAppsService> appsService =
+ do_GetService(APPS_SERVICE_CONTRACTID);
+ NS_ASSERTION(appsService, "No AppsService available");
+ appsService->GetManifestURLByLocalId(appId, aAppManifestURL);
+ } else {
+ aAppManifestURL.SetLength(0);
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetAsyncPanZoomEnabled(bool* aOut)
+{
+ if (nsIPresShell* presShell = GetPresShell()) {
+ *aOut = presShell->AsyncPanZoomEnabled();
+ return NS_OK;
+ }
+
+ // If we don't have a presShell, fall back to the default platform value of
+ // whether or not APZ is enabled.
+ *aOut = gfxPlatform::AsyncPanZoomEnabled();
+ return NS_OK;
+}
+
+bool
+nsDocShell::HasUnloadedParent()
+{
+ RefPtr<nsDocShell> parent = GetParentDocshell();
+ while (parent) {
+ bool inUnload = false;
+ parent->GetIsInUnload(&inUnload);
+ if (inUnload) {
+ return true;
+ }
+ parent = parent->GetParentDocshell();
+ }
+ return false;
+}
+
+bool
+nsDocShell::IsInvisible()
+{
+ return mInvisible;
+}
+
+void
+nsDocShell::SetInvisible(bool aInvisible)
+{
+ mInvisible = aInvisible;
+}
+
+void
+nsDocShell::SetOpener(nsITabParent* aOpener)
+{
+ mOpener = do_GetWeakReference(aOpener);
+}
+
+nsITabParent*
+nsDocShell::GetOpener()
+{
+ nsCOMPtr<nsITabParent> opener(do_QueryReferent(mOpener));
+ return opener;
+}
+
+// The caller owns |aAsyncCause| here.
+void
+nsDocShell::NotifyJSRunToCompletionStart(const char* aReason,
+ const char16_t* aFunctionName,
+ const char16_t* aFilename,
+ const uint32_t aLineNumber,
+ JS::Handle<JS::Value> aAsyncStack,
+ const char* aAsyncCause)
+{
+ // If first start, mark interval start.
+ if (mJSRunToCompletionDepth == 0) {
+ RefPtr<TimelineConsumers> timelines = TimelineConsumers::Get();
+ if (timelines && timelines->HasConsumer(this)) {
+ timelines->AddMarkerForDocShell(this, Move(
+ mozilla::MakeUnique<JavascriptTimelineMarker>(
+ aReason, aFunctionName, aFilename, aLineNumber, MarkerTracingType::START,
+ aAsyncStack, aAsyncCause)));
+ }
+ }
+
+ mJSRunToCompletionDepth++;
+}
+
+void
+nsDocShell::NotifyJSRunToCompletionStop()
+{
+ mJSRunToCompletionDepth--;
+
+ // If last stop, mark interval end.
+ if (mJSRunToCompletionDepth == 0) {
+ RefPtr<TimelineConsumers> timelines = TimelineConsumers::Get();
+ if (timelines && timelines->HasConsumer(this)) {
+ timelines->AddMarkerForDocShell(this, "Javascript", MarkerTracingType::END);
+ }
+ }
+}
+
+void
+nsDocShell::MaybeNotifyKeywordSearchLoading(const nsString& aProvider,
+ const nsString& aKeyword)
+{
+ if (aProvider.IsEmpty()) {
+ return;
+ }
+
+ if (XRE_IsContentProcess()) {
+ dom::ContentChild* contentChild = dom::ContentChild::GetSingleton();
+ if (contentChild) {
+ contentChild->SendNotifyKeywordSearchLoading(aProvider, aKeyword);
+ }
+ return;
+ }
+
+#ifdef MOZ_TOOLKIT_SEARCH
+ nsCOMPtr<nsIBrowserSearchService> searchSvc =
+ do_GetService("@mozilla.org/browser/search-service;1");
+ if (searchSvc) {
+ nsCOMPtr<nsISearchEngine> searchEngine;
+ searchSvc->GetEngineByName(aProvider, getter_AddRefs(searchEngine));
+ if (searchEngine) {
+ nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
+ if (obsSvc) {
+ // Note that "keyword-search" refers to a search via the url
+ // bar, not a bookmarks keyword search.
+ obsSvc->NotifyObservers(searchEngine, "keyword-search", aKeyword.get());
+ }
+ }
+ }
+#endif
+}
+
+NS_IMETHODIMP
+nsDocShell::ShouldPrepareForIntercept(nsIURI* aURI, bool aIsNonSubresourceRequest,
+ bool* aShouldIntercept)
+{
+ *aShouldIntercept = false;
+ // No in private browsing
+ if (UsePrivateBrowsing()) {
+ return NS_OK;
+ }
+
+ if (mSandboxFlags) {
+ // If we're sandboxed, don't intercept.
+ return NS_OK;
+ }
+
+ RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
+ if (!swm) {
+ return NS_OK;
+ }
+
+ nsresult result;
+ nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
+ do_GetService(THIRDPARTYUTIL_CONTRACTID, &result);
+ NS_ENSURE_SUCCESS(result, result);
+
+ if (mCurrentURI &&
+ nsContentUtils::CookiesBehavior() == nsICookieService::BEHAVIOR_REJECT_FOREIGN) {
+ nsAutoCString uriSpec;
+ if (!(mCurrentURI->GetSpecOrDefault().EqualsLiteral("about:blank"))) {
+ // Reject the interception of third-party iframes if the cookie behaviour
+ // is set to reject all third-party cookies (1). In case that this pref
+ // is not set or can't be read, we default to allow all cookies (0) as
+ // this is the default value in all.js.
+ bool isThirdPartyURI = true;
+ result = thirdPartyUtil->IsThirdPartyURI(mCurrentURI, aURI,
+ &isThirdPartyURI);
+ if (NS_FAILED(result)) {
+ return result;
+ }
+
+ if (isThirdPartyURI) {
+ return NS_OK;
+ }
+ }
+ }
+
+ if (aIsNonSubresourceRequest) {
+ PrincipalOriginAttributes attrs;
+ attrs.InheritFromDocShellToDoc(mOriginAttributes, aURI);
+ nsCOMPtr<nsIPrincipal> principal =
+ BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
+ *aShouldIntercept = swm->IsAvailable(principal, aURI);
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIDocument> doc = GetDocument();
+ if (!doc) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+
+ ErrorResult rv;
+ *aShouldIntercept = swm->IsControlled(doc, rv);
+ if (NS_WARN_IF(rv.Failed())) {
+ return rv.StealNSResult();
+ }
+
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::ChannelIntercepted(nsIInterceptedChannel* aChannel)
+{
+ RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
+ if (!swm) {
+ aChannel->Cancel(NS_ERROR_INTERCEPTION_FAILED);
+ return NS_OK;
+ }
+
+ nsCOMPtr<nsIChannel> channel;
+ nsresult rv = aChannel->GetChannel(getter_AddRefs(channel));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsCOMPtr<nsIDocument> doc;
+
+ bool isSubresourceLoad = !nsContentUtils::IsNonSubresourceRequest(channel);
+ if (isSubresourceLoad) {
+ doc = GetDocument();
+ if (!doc) {
+ return NS_ERROR_NOT_AVAILABLE;
+ }
+ } else {
+ // For top-level navigations, save a document ID which will be passed to
+ // the FetchEvent as the clientId later on.
+ rv = nsIDocument::GenerateDocumentId(mInterceptedDocumentId);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
+ bool isReload = mLoadType & LOAD_CMD_RELOAD;
+
+ nsCOMPtr<nsIURI> uri;
+ rv = channel->GetURI(getter_AddRefs(uri));
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ PrincipalOriginAttributes attrs;
+ attrs.InheritFromDocShellToDoc(mOriginAttributes, uri);
+
+ ErrorResult error;
+ swm->DispatchFetchEvent(attrs, doc, mInterceptedDocumentId, aChannel,
+ isReload, isSubresourceLoad, error);
+ if (NS_WARN_IF(error.Failed())) {
+ return error.StealNSResult();
+ }
+
+ return NS_OK;
+}
+
+bool
+nsDocShell::InFrameSwap()
+{
+ RefPtr<nsDocShell> shell = this;
+ do {
+ if (shell->mInFrameSwap) {
+ return true;
+ }
+ shell = shell->GetParentDocshell();
+ } while (shell);
+ return false;
+}
+
+NS_IMETHODIMP
+nsDocShell::IssueWarning(uint32_t aWarning, bool aAsError)
+{
+ if (mContentViewer) {
+ nsCOMPtr<nsIDocument> doc = mContentViewer->GetDocument();
+ if (doc) {
+ doc->WarnOnceAbout(nsIDocument::DeprecatedOperations(aWarning), aAsError);
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetEditingSession(nsIEditingSession** aEditSession)
+{
+ if (!NS_SUCCEEDED(EnsureEditorData())) {
+ return NS_ERROR_FAILURE;
+ }
+
+ mEditorData->GetEditingSession(aEditSession);
+ return *aEditSession ? NS_OK : NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetScriptableTabChild(nsITabChild** aTabChild)
+{
+ *aTabChild = GetTabChild().take();
+ return *aTabChild ? NS_OK : NS_ERROR_FAILURE;
+}
+
+already_AddRefed<nsITabChild>
+nsDocShell::GetTabChild()
+{
+ nsCOMPtr<nsIDocShellTreeOwner> owner(mTreeOwner);
+ nsCOMPtr<nsITabChild> tc = do_GetInterface(owner);
+ return tc.forget();
+}
+
+nsICommandManager*
+nsDocShell::GetCommandManager()
+{
+ NS_ENSURE_SUCCESS(EnsureCommandHandler(), nullptr);
+ return mCommandManager;
+}
+
+NS_IMETHODIMP
+nsDocShell::GetProcessLockReason(uint32_t* aReason)
+{
+ MOZ_ASSERT(aReason);
+
+ nsPIDOMWindowOuter* outer = GetWindow();
+ MOZ_ASSERT(outer);
+
+ // Check if we are a toplevel window
+ if (outer->GetScriptableParentOrNull()) {
+ *aReason = PROCESS_LOCK_IFRAME;
+ return NS_OK;
+ }
+
+ // If we have any other toplevel windows in our tab group, then we cannot
+ // perform the navigation.
+ nsTArray<nsPIDOMWindowOuter*> toplevelWindows =
+ outer->TabGroup()->GetTopLevelWindows();
+ if (toplevelWindows.Length() > 1) {
+ *aReason = PROCESS_LOCK_RELATED_CONTEXTS;
+ return NS_OK;
+ }
+ MOZ_ASSERT(toplevelWindows.Length() == 1);
+ MOZ_ASSERT(toplevelWindows[0] == outer);
+
+ // If we aren't in a content process, we cannot perform a cross-process load.
+ if (!XRE_IsContentProcess()) {
+ *aReason = PROCESS_LOCK_NON_CONTENT;
+ return NS_OK;
+ }
+
+ *aReason = PROCESS_LOCK_NONE;
+ return NS_OK;
+}