diff options
Diffstat (limited to 'dom')
-rw-r--r-- | dom/base/SimpleTreeIterator.h | 71 | ||||
-rwxr-xr-x | dom/base/moz.build | 1 | ||||
-rw-r--r-- | dom/base/nsDocument.cpp | 62 | ||||
-rw-r--r-- | dom/base/nsDocument.h | 38 | ||||
-rw-r--r-- | dom/base/nsIDocument.h | 24 | ||||
-rw-r--r-- | dom/base/nsINode.cpp | 29 | ||||
-rw-r--r-- | dom/base/test/test_x-frame-options.html | 26 | ||||
-rw-r--r-- | dom/bindings/CallbackObject.h | 3 | ||||
-rw-r--r-- | dom/events/EventListenerManager.cpp | 21 | ||||
-rw-r--r-- | dom/events/EventListenerManager.h | 8 | ||||
-rw-r--r-- | dom/html/nsHTMLDocument.cpp | 397 | ||||
-rw-r--r-- | dom/html/test/mochitest.ini | 1 | ||||
-rw-r--r-- | dom/html/test/test_bug172261.html | 67 | ||||
-rw-r--r-- | dom/html/test/test_bug255820.html | 38 | ||||
-rw-r--r-- | dom/tests/mochitest/bugs/test_bug346659.html | 2 |
15 files changed, 334 insertions, 454 deletions
diff --git a/dom/base/SimpleTreeIterator.h b/dom/base/SimpleTreeIterator.h new file mode 100644 index 000000000..7ca504082 --- /dev/null +++ b/dom/base/SimpleTreeIterator.h @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * This is a light-weight tree iterator for `for` loops when full iterator + * functionality isn't required. + */ + +#ifndef mozilla_dom_SimpleTreeIterator_h +#define mozilla_dom_SimpleTreeIterator_h + +#include "nsINode.h" +#include "nsTArray.h" +#include "mozilla/dom/Element.h" + +namespace mozilla { +namespace dom { + +class SimpleTreeIterator { +public: + /** + * Initialize an iterator with aRoot. After that it can be iterated with a + * range-based for loop. At the moment, that's the only supported form of use + * for this iterator. + */ + explicit SimpleTreeIterator(nsINode& aRoot) + : mCurrent(&aRoot) + { + mTree.AppendElement(&aRoot); + } + + // Basic support for range-based for loops. + // This will modify the iterator as it goes. + SimpleTreeIterator& begin() { return *this; } + + SimpleTreeIterator end() { return SimpleTreeIterator(); } + + bool operator!=(const SimpleTreeIterator& aOther) { + return mCurrent != aOther.mCurrent; + } + + void operator++() { Next(); } + + nsINode* operator*() { return mCurrent; } + +private: + // Constructor used only for end() to represent a drained iterator. + SimpleTreeIterator() + : mCurrent(nullptr) + {} + + void Next() { + MOZ_ASSERT(mCurrent, "Don't call Next() when we have no current node"); + + mCurrent = mCurrent->GetNextNode(mTree.LastElement()); + } + + // The current node. + nsINode* mCurrent; + + // The DOM tree that we're inside of right now. + AutoTArray<nsINode*, 1> mTree; +}; + +} // namespace dom +} // namespace mozilla + +#endif // mozilla_dom_SimpleTreeIterator_h diff --git a/dom/base/moz.build b/dom/base/moz.build index ebb76d617..75ddefded 100755 --- a/dom/base/moz.build +++ b/dom/base/moz.build @@ -210,6 +210,7 @@ EXPORTS.mozilla.dom += [ 'ScreenOrientation.h', 'ScriptSettings.h', 'ShadowRoot.h', + 'SimpleTreeIterator.h', 'StructuredCloneHolder.h', 'StructuredCloneTags.h', 'StyleSheetList.h', diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index e2be6b664..afe88a454 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -1968,22 +1968,10 @@ nsDocument::Reset(nsIChannel* aChannel, nsILoadGroup* aLoadGroup) } void -nsDocument::ResetToURI(nsIURI *aURI, nsILoadGroup *aLoadGroup, - nsIPrincipal* aPrincipal) -{ - NS_PRECONDITION(aURI, "Null URI passed to ResetToURI"); - - if (gDocumentLeakPRLog && MOZ_LOG_TEST(gDocumentLeakPRLog, LogLevel::Debug)) { - PR_LogPrint("DOCUMENT %p ResetToURI %s", this, - aURI->GetSpecOrDefault().get()); - } - - mSecurityInfo = nullptr; - - mDocumentLoadGroup = nullptr; - +nsDocument::DisconnectNodeTree() { // Delete references to sub-documents and kill the subdocument map, - // if any. It holds strong references + // if any. This is not strictly needed, but makes the node tree + // teardown a bit faster. delete mSubDocuments; mSubDocuments = nullptr; @@ -2019,6 +2007,22 @@ nsDocument::ResetToURI(nsIURI *aURI, nsILoadGroup *aLoadGroup, "After removing all children, there should be no root elem"); } mInUnlinkOrDeletion = oldVal; +} + +void +nsDocument::ResetToURI(nsIURI *aURI, nsILoadGroup *aLoadGroup, + nsIPrincipal* aPrincipal) +{ + NS_PRECONDITION(aURI, "Null URI passed to ResetToURI"); + + if (gDocumentLeakPRLog && MOZ_LOG_TEST(gDocumentLeakPRLog, LogLevel::Debug)) { + PR_LogPrint("DOCUMENT %p ResetToURI %s", this, + aURI->GetSpecOrDefault().get()); + } + + mSecurityInfo = nullptr; + + mDocumentLoadGroup = nullptr; // Reset our stylesheets ResetStylesheetsToURI(aURI); @@ -2029,6 +2033,8 @@ nsDocument::ResetToURI(nsIURI *aURI, nsILoadGroup *aLoadGroup, mListenerManager = nullptr; } + DisconnectNodeTree(); + // Release the stylesheets list. mDOMStyleSheets = nullptr; @@ -4506,18 +4512,6 @@ nsDocument::SetScriptGlobalObject(nsIScriptGlobalObject *aScriptGlobalObject) mLayoutHistoryState = nullptr; SetScopeObject(aScriptGlobalObject); mHasHadDefaultView = true; -#ifdef DEBUG - if (!mWillReparent) { - // We really shouldn't have a wrapper here but if we do we need to make sure - // it has the correct parent. - JSObject *obj = GetWrapperPreserveColor(); - if (obj) { - JSObject *newScope = aScriptGlobalObject->GetGlobalJSObject(); - NS_ASSERTION(js::GetGlobalForObjectCrossCompartment(obj) == newScope, - "Wrong scope, this is really bad!"); - } - } -#endif if (mAllowDNSPrefetch) { nsCOMPtr<nsIDocShell> docShell(mDocumentContainer); @@ -9077,7 +9071,8 @@ nsDocument::CloneDocHelper(nsDocument* clone) const } void -nsDocument::SetReadyStateInternal(ReadyState rs) +nsDocument::SetReadyStateInternal(ReadyState rs, + bool updateTimingInformation) { mReadyState = rs; if (rs == READYSTATE_UNINITIALIZED) { @@ -9086,7 +9081,12 @@ nsDocument::SetReadyStateInternal(ReadyState rs) // transition undetectable by Web content. return; } - if (mTiming) { + + if (updateTimingInformation && READYSTATE_LOADING == rs) { + mLoadingTimeStamp = mozilla::TimeStamp::Now(); + } + + if (updateTimingInformation && mTiming) { switch (rs) { case READYSTATE_LOADING: mTiming->NotifyDOMLoading(nsIDocument::GetDocumentURI()); @@ -9102,10 +9102,6 @@ nsDocument::SetReadyStateInternal(ReadyState rs) break; } } - // At the time of loading start, we don't have timing object, record time. - if (READYSTATE_LOADING == rs) { - mLoadingTimeStamp = mozilla::TimeStamp::Now(); - } RefPtr<AsyncEventDispatcher> asyncDispatcher = new AsyncEventDispatcher(this, NS_LITERAL_STRING("readystatechange"), diff --git a/dom/base/nsDocument.h b/dom/base/nsDocument.h index ac600eb43..8ea4993f0 100644 --- a/dom/base/nsDocument.h +++ b/dom/base/nsDocument.h @@ -704,7 +704,11 @@ public: virtual void BeginLoad() override; virtual void EndLoad() override; - virtual void SetReadyStateInternal(ReadyState rs) override; + // Set the readystate of the document. If updateTimingInformation is true, + // this will record relevant timestamps in the document's performance timing. + // Some consumers like document.open() don't want to do that. + virtual void SetReadyStateInternal(ReadyState rs, + bool updateTimingInformation = true) override; virtual void ContentStateChanged(nsIContent* aContent, mozilla::EventStates aStateMask) @@ -916,6 +920,14 @@ public: UpdateFrameRequestCallbackSchedulingState(); } + void SetLoadEventFiring(bool aFiring) override { mLoadEventFiring = aFiring; } + + bool SkipLoadEventAfterClose() override { + bool skip = mSkipLoadEventAfterClose; + mSkipLoadEventAfterClose = false; + return skip; + } + virtual nsIDocument* GetTemplateContentsOwner() override; NS_DECL_CYCLE_COLLECTION_SKIPPABLE_SCRIPT_HOLDER_CLASS_AMBIGUOUS(nsDocument, @@ -1255,6 +1267,11 @@ protected: */ Element* GetTitleElement(); + /** + * Perform tree disconnection needed by ResetToURI and document.open() + */ + void DisconnectNodeTree(); + public: // Get our title virtual void GetTitle(nsString& aTitle) override; @@ -1458,6 +1475,20 @@ public: // additional sheets and sheets from the nsStyleSheetService. bool mStyleSetFilled:1; + // The HTML spec has a "iframe load in progress" flag, but that doesn't seem + // to have the right semantics. See <https://github.com/whatwg/html/issues/4292>. + // What we have instead is a flag that is set while the window's 'load' event is + // firing if this document is the window's document. + bool mLoadEventFiring : 1; + + // The HTML spec has a "mute iframe load" flag, but that doesn't seem to have + // the right semantics. See <https://github.com/whatwg/html/issues/4292>. + // What we have instead is a flag that is set if completion of our document + // via document.close() should skip firing the load event. Note that this + // flag is only relevant for HTML documents, but lives here for reasons that + // are documented above on SkipLoadEventAfterClose(). + bool mSkipLoadEventAfterClose : 1; + uint8_t mPendingFullscreenRequests; uint8_t mXMLDeclarationBits; @@ -1615,11 +1646,6 @@ private: // Set to true when the document is possibly controlled by the ServiceWorker. // Used to prevent multiple requests to ServiceWorkerManager. bool mMaybeServiceWorkerControlled; - -#ifdef DEBUG -public: - bool mWillReparent; -#endif }; class nsDocumentOnStack diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h index d76a12d71..fdaee39ca 100644 --- a/dom/base/nsIDocument.h +++ b/dom/base/nsIDocument.h @@ -909,10 +909,6 @@ public: */ nsresult GetSrcdocData(nsAString& aSrcdocData); - bool DidDocumentOpen() { - return mDidDocumentOpen; - } - already_AddRefed<mozilla::dom::AnonymousContent> InsertAnonymousContent(mozilla::dom::Element& aElement, mozilla::ErrorResult& aError); @@ -1448,7 +1444,7 @@ public: virtual void EndLoad() = 0; enum ReadyState { READYSTATE_UNINITIALIZED = 0, READYSTATE_LOADING = 1, READYSTATE_INTERACTIVE = 3, READYSTATE_COMPLETE = 4}; - virtual void SetReadyStateInternal(ReadyState rs) = 0; + virtual void SetReadyStateInternal(ReadyState rs, bool updateTimingInformation = true) = 0; ReadyState GetReadyStateEnum() { return mReadyState; @@ -2187,6 +2183,19 @@ public: } /** + * Flag whether we're about to fire the window's load event for this document. + */ + virtual void SetLoadEventFiring(bool aFiring) = 0; + + /** + * Test whether we should be firing a load event for this document after a + * document.close(). + * This method should only be called at the point when the load event is about + * to be fired, since it resets `skip`. + */ + virtual bool SkipLoadEventAfterClose() = 0; + + /** * Returns the template content owner document that owns the content of * HTMLTemplateElement. */ @@ -3146,11 +3155,6 @@ protected: // Whether the document was created by a srcdoc iframe. bool mIsSrcdocDocument : 1; - // Records whether we've done a document.open. If this is true, it's possible - // for nodes from this document to have outdated wrappers in their wrapper - // caches. - bool mDidDocumentOpen : 1; - // Whether this document has a display document and thus is considered to // be a resource document. Normally this is the same as !!mDisplayDocument, // but mDisplayDocument is cleared during Unlink. mHasDisplayDocument is diff --git a/dom/base/nsINode.cpp b/dom/base/nsINode.cpp index ca507a5fc..212110b72 100644 --- a/dom/base/nsINode.cpp +++ b/dom/base/nsINode.cpp @@ -1550,27 +1550,6 @@ AdoptNodeIntoOwnerDoc(nsINode *aParent, nsINode *aNode) } static nsresult -CheckForOutdatedParent(nsINode* aParent, nsINode* aNode) -{ - if (JSObject* existingObjUnrooted = aNode->GetWrapper()) { - JS::Rooted<JSObject*> existingObj(RootingCx(), existingObjUnrooted); - - AutoJSContext cx; - nsIGlobalObject* global = aParent->OwnerDoc()->GetScopeObject(); - MOZ_ASSERT(global); - - if (js::GetGlobalForObjectCrossCompartment(existingObj) != - global->GetGlobalJSObject()) { - JSAutoCompartment ac(cx, existingObj); - nsresult rv = ReparentWrapper(cx, existingObj); - NS_ENSURE_SUCCESS(rv, rv); - } - } - - return NS_OK; -} - -static nsresult ReparentWrappersInSubtree(nsIContent* aRoot) { MOZ_ASSERT(ShouldUseXBLScope(aRoot)); @@ -1631,9 +1610,6 @@ nsINode::doInsertChildAt(nsIContent* aKid, uint32_t aIndex, if (OwnerDoc() != aKid->OwnerDoc()) { rv = AdoptNodeIntoOwnerDoc(this, aKid); NS_ENSURE_SUCCESS(rv, rv); - } else if (OwnerDoc()->DidDocumentOpen()) { - rv = CheckForOutdatedParent(this, aKid); - NS_ENSURE_SUCCESS(rv, rv); } uint32_t childCount = aChildArray.ChildCount(); @@ -2481,11 +2457,6 @@ nsINode::ReplaceOrInsertBefore(bool aReplace, nsINode* aNewChild, if (aError.Failed()) { return nullptr; } - } else if (doc->DidDocumentOpen()) { - aError = CheckForOutdatedParent(this, aNewChild); - if (aError.Failed()) { - return nullptr; - } } /* diff --git a/dom/base/test/test_x-frame-options.html b/dom/base/test/test_x-frame-options.html index a0c7acdc3..8e8cffcc3 100644 --- a/dom/base/test/test_x-frame-options.html +++ b/dom/base/test/test_x-frame-options.html @@ -113,19 +113,25 @@ var testFramesLoaded = function() { // test that a document can be framed under a javascript: URL opened by the // same site as the frame +// We can't set a load event listener before calling document.open/document.write, because those will remove such listeners. So we need to define a function that the new window will be able to call. +function frameInJSURILoaded(win) { + var test = win.document.getElementById("sameorigin3") + .contentDocument.getElementById("test"); + ok(test != null, "frame under javascript: URL should have loaded."); + win.close(); + + // run last test + if (!isUnique) { + testFrameInDataURI(); + } else { + testFrameNotLoadedInDataURI(); + } +} + var testFrameInJSURI = function() { var html = '<iframe id="sameorigin3" src="http://mochi.test:8888/tests/dom/base/test/file_x-frame-options_page.sjs?testid=sameorigin3&xfo=sameorigin"></iframe>'; var win = window.open(); - win.onload = function() { - var test = win.document.getElementById("sameorigin3") - .contentDocument.getElementById("test"); - ok(test != null, "frame under javascript: URL should have loaded."); - win.close(); - - // run last test - testFrameInDataURI(); - } - win.location.href = "javascript:document.write('"+html+"');document.close();"; + win.location.href = "javascript:document.open(); onload = opener.frameInJSURILoaded.bind(null, window); document.write('"+html+"');document.close();"; } // test that a document can be framed under a data: URL opened by the diff --git a/dom/bindings/CallbackObject.h b/dom/bindings/CallbackObject.h index 8a3d45dfc..5cc98fd5d 100644 --- a/dom/bindings/CallbackObject.h +++ b/dom/bindings/CallbackObject.h @@ -514,8 +514,9 @@ private: { // NS_IF_RELEASE because we might have been unlinked before nsISupports* ptr = GetISupports(); - NS_IF_RELEASE(ptr); + // Clear mPtrBits before the release to prevent reentrance. mPtrBits = 0; + NS_IF_RELEASE(ptr); } uintptr_t mPtrBits; diff --git a/dom/events/EventListenerManager.cpp b/dom/events/EventListenerManager.cpp index fe896870c..0774c3296 100644 --- a/dom/events/EventListenerManager.cpp +++ b/dom/events/EventListenerManager.cpp @@ -166,11 +166,11 @@ EventListenerManager::~EventListenerManager() // XXX azakai: Is there any reason to not just call Disconnect // from right here, if not previously called? NS_ASSERTION(!mTarget, "didn't call Disconnect"); - RemoveAllListeners(); + RemoveAllListenersSilently(); } void -EventListenerManager::RemoveAllListeners() +EventListenerManager::RemoveAllListenersSilently() { if (mClearingListeners) { return; @@ -1329,7 +1329,7 @@ void EventListenerManager::Disconnect() { mTarget = nullptr; - RemoveAllListeners(); + RemoveAllListenersSilently(); } void @@ -1734,6 +1734,21 @@ EventListenerManager::IsApzAwareEvent(nsIAtom* aEvent) return false; } +void +EventListenerManager::RemoveAllListeners() +{ + while (!mListeners.IsEmpty()) { + size_t idx = mListeners.Length() - 1; + nsCOMPtr<nsIAtom> type = mListeners.ElementAt(idx).mTypeAtom; + EventMessage message = mListeners.ElementAt(idx).mEventMessage; + mListeners.RemoveElementAt(idx); + NotifyEventListenerRemoved(type); + if (IsDeviceType(message)) { + DisableDevice(message); + } + } +} + already_AddRefed<nsIScriptGlobalObject> EventListenerManager::GetScriptGlobalAndDocument(nsIDocument** aDoc) { diff --git a/dom/events/EventListenerManager.h b/dom/events/EventListenerManager.h index 6b0927788..36637cfd7 100644 --- a/dom/events/EventListenerManager.h +++ b/dom/events/EventListenerManager.h @@ -472,6 +472,12 @@ public: bool IsApzAwareListener(Listener* aListener); bool IsApzAwareEvent(nsIAtom* aEvent); + /** + * Remove all event listeners from the event target this EventListenerManager + * is for. + */ + void RemoveAllListeners(); + protected: void HandleEventInternal(nsPresContext* aPresContext, WidgetEvent* aEvent, @@ -604,7 +610,7 @@ protected: const nsAString& aTypeString, const EventListenerFlags& aFlags, bool aAllEvents = false); - void RemoveAllListeners(); + void RemoveAllListenersSilently(); void NotifyEventListenerRemoved(nsIAtom* aUserType); const EventTypeData* GetTypeDataForIID(const nsIID& aIID); const EventTypeData* GetTypeDataForEventName(nsIAtom* aName); diff --git a/dom/html/nsHTMLDocument.cpp b/dom/html/nsHTMLDocument.cpp index d64c27727..0f2d90673 100644 --- a/dom/html/nsHTMLDocument.cpp +++ b/dom/html/nsHTMLDocument.cpp @@ -15,6 +15,7 @@ #include "nsPrintfCString.h" #include "nsReadableUtils.h" #include "nsUnicharUtils.h" +#include "nsIDocumentLoader.h" #include "nsIHTMLContentSink.h" #include "nsIXMLContentSink.h" #include "nsHTMLParts.h" @@ -84,6 +85,7 @@ #include "mozilla/dom/EncodingUtils.h" #include "mozilla/dom/FallbackEncoding.h" +#include "mozilla/EventListenerManager.h" #include "mozilla/LoadInfo.h" #include "nsIEditingSession.h" #include "nsIEditor.h" @@ -107,12 +109,14 @@ #include "nsIImageDocument.h" #include "mozilla/dom/HTMLBodyElement.h" #include "mozilla/dom/HTMLDocumentBinding.h" +#include "mozilla/dom/SimpleTreeIterator.h" #include "nsCharsetSource.h" #include "nsIStringBundle.h" #include "nsDOMClassInfo.h" #include "nsFocusManager.h" #include "nsIFrame.h" #include "nsIContent.h" +#include "nsIStructuredCloneContainer.h" #include "nsLayoutStylesheetCache.h" #include "mozilla/StyleSheet.h" #include "mozilla/StyleSheetInlines.h" @@ -842,6 +846,24 @@ nsHTMLDocument::EndLoad() if (turnOnEditing) { EditingStateChanged(); } + + if (!GetWindow()) { + // This is a document that's not in a window. For example, this could be an + // XMLHttpRequest responseXML document, or a document created via DOMParser + // or DOMImplementation. We don't reach this code normally for such + // documents (which is not obviously correct), but can reach it via + // document.open()/document.close(). + // + // Such documents don't fire load events, but per spec should set their + // readyState to "complete" when parsing and all loading of subresources is + // done. Parsing is done now, and documents not in a window don't load + // subresources, so just go ahead and mark ourselves as complete. + SetReadyStateInternal(nsIDocument::READYSTATE_COMPLETE, + /* updateTimingInformation = */ false); + + // Reset mSkipLoadEventAfterClose just in case. + mSkipLoadEventAfterClose = false; + } } void @@ -1410,19 +1432,21 @@ already_AddRefed<nsIDocument> nsHTMLDocument::Open(JSContext* cx, const nsAString& aType, const nsAString& aReplace, - ErrorResult& rv) + ErrorResult& aError) { - // Implements the "When called with two arguments (or fewer)" steps here: - // https://html.spec.whatwg.org/multipage/webappapis.html#opening-the-input-stream + // Implements + // <https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#document-open-steps> NS_ASSERTION(nsContentUtils::CanCallerAccess(static_cast<nsIDOMHTMLDocument*>(this)), "XOW should have caught this!"); + + // Step 1 - Throw if we're the wrong type of document. if (!IsHTMLDocument() || mDisableDocWrite || !IsMasterDocument()) { - // No calling document.open() on XHTML - rv.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); + aError.Throw(NS_ERROR_DOM_INVALID_STATE_ERR); return nullptr; } + // Set up the content type for insertion nsAutoCString contentType; contentType.AssignLiteral("text/html"); @@ -1435,51 +1459,7 @@ nsHTMLDocument::Open(JSContext* cx, contentType.AssignLiteral("text/plain"); } - // If we already have a parser we ignore the document.open call. - if (mParser || mParserAborted) { - // The WHATWG spec says: "If the document has an active parser that isn't - // a script-created parser, and the insertion point associated with that - // parser's input stream is not undefined (that is, it does point to - // somewhere in the input stream), then the method does nothing. Abort - // these steps and return the Document object on which the method was - // invoked." - // Note that aborting a parser leaves the parser "active" with its - // insertion point "not undefined". We track this using mParserAborted, - // because aborting a parser nulls out mParser. - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } - - // No calling document.open() without a script global object - if (!mScriptGlobalObject) { - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } - - nsPIDOMWindowOuter* outer = GetWindow(); - if (!outer || (GetInnerWindow() != outer->GetCurrentInnerWindow())) { - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } - - // check whether we're in the middle of unload. If so, ignore this call. - nsCOMPtr<nsIDocShell> shell(mDocumentContainer); - if (!shell) { - // We won't be able to create a parser anyway. - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } - - bool inUnload; - shell->GetIsInUnload(&inUnload); - if (inUnload) { - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } - - // Note: We want to use GetEntryDocument here because this document - // should inherit the security information of the document that's opening us, - // (since if it's secure, then it's presumably trusted). + // Step 3 - Get the entryDocument for security checks nsCOMPtr<nsIDocument> callerDoc = GetEntryDocument(); if (!callerDoc) { // If we're called from C++ or in some other way without an originating @@ -1489,67 +1469,39 @@ nsHTMLDocument::Open(JSContext* cx, // change the principals of a document for security reasons we'll have to // refuse to go ahead with this call. - rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + aError.Throw(NS_ERROR_DOM_SECURITY_ERR); return nullptr; } - // Grab a reference to the calling documents security info (if any) - // and URIs as they may be lost in the call to Reset(). - nsCOMPtr<nsISupports> securityInfo = callerDoc->GetSecurityInfo(); - nsCOMPtr<nsIURI> uri = callerDoc->GetDocumentURI(); - nsCOMPtr<nsIURI> baseURI = callerDoc->GetBaseURI(); - nsCOMPtr<nsIPrincipal> callerPrincipal = callerDoc->NodePrincipal(); - nsCOMPtr<nsIChannel> callerChannel = callerDoc->GetChannel(); - - // We're called from script. Make sure the script is from the same - // origin, not just that the caller can access the document. This is - // needed to keep document principals from ever changing, which is - // needed because of the way we use our XOW code, and is a sane - // thing to do anyways. - - bool equals = false; - if (NS_FAILED(callerPrincipal->Equals(NodePrincipal(), &equals)) || - !equals) { - -#ifdef DEBUG - nsCOMPtr<nsIURI> callerDocURI = callerDoc->GetDocumentURI(); - nsCOMPtr<nsIURI> thisURI = nsIDocument::GetDocumentURI(); - printf("nsHTMLDocument::Open callerDoc %s this %s\n", - callerDocURI ? callerDocURI->GetSpecOrDefault().get() : "", - thisURI ? thisURI->GetSpecOrDefault().get() : ""); -#endif - - rv.Throw(NS_ERROR_DOM_SECURITY_ERR); + // Step 4 - Throw if we're not same-origin + if (!callerDoc->NodePrincipal()->Equals(NodePrincipal())) { + aError.Throw(NS_ERROR_DOM_SECURITY_ERR); return nullptr; } - // Stop current loads targeted at the window this document is in. - if (mScriptGlobalObject) { - nsCOMPtr<nsIContentViewer> cv; - shell->GetContentViewer(getter_AddRefs(cv)); - - if (cv) { - bool okToUnload; - if (NS_SUCCEEDED(cv->PermitUnload(&okToUnload)) && !okToUnload) { - // We don't want to unload, so stop here, but don't throw an - // exception. - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } - - // Now double-check that our invariants still hold. - if (!mScriptGlobalObject) { - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } - - nsPIDOMWindowOuter* outer = GetWindow(); - if (!outer || (GetInnerWindow() != outer->GetCurrentInnerWindow())) { - nsCOMPtr<nsIDocument> ret = this; - return ret.forget(); - } + // Step 5 - If we have an active parser, abort with no-op + if (mParser || mParserAborted) { + nsCOMPtr<nsIDocument> ret = this; + return ret.forget(); + } + + // Step 6 - Check if document.open() is called during unload + nsCOMPtr<nsIDocShell> shell(mDocumentContainer); + if (shell) { + bool inUnload; + shell->GetIsInUnload(&inUnload); + if (inUnload) { + nsCOMPtr<nsIDocument> ret = this; + return ret.forget(); } + } + // Step 7 - Stop existing navigation of our browsing context (and all + // other loads it's doing) if we're the active document of our browsing + // context. If there's no existing navigation, we don't want to stop + // anything. + if (shell && IsCurrentActiveDocument() && + mScriptGlobalObject) { nsCOMPtr<nsIWebNavigation> webnav(do_QueryInterface(shell)); webnav->Stop(nsIWebNavigation::STOP_NETWORK); @@ -1560,189 +1512,121 @@ nsHTMLDocument::Open(JSContext* cx, EnsureOnloadBlocker(); } - // The open occurred after the document finished loading. - // So we reset the document and then reinitialize it. - nsCOMPtr<nsIChannel> channel; - nsCOMPtr<nsILoadGroup> group = do_QueryReferent(mDocumentLoadGroup); - rv = NS_NewChannel(getter_AddRefs(channel), - uri, - callerDoc, - nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, - nsIContentPolicy::TYPE_OTHER, - group); - - if (rv.Failed()) { - return nullptr; - } - - if (callerChannel) { - nsLoadFlags callerLoadFlags; - rv = callerChannel->GetLoadFlags(&callerLoadFlags); - if (rv.Failed()) { - return nullptr; - } - - nsLoadFlags loadFlags; - rv = channel->GetLoadFlags(&loadFlags); - if (rv.Failed()) { - return nullptr; - } - - loadFlags |= callerLoadFlags & nsIRequest::INHIBIT_PERSISTENT_CACHING; - - rv = channel->SetLoadFlags(loadFlags); - if (rv.Failed()) { - return nullptr; + // Step 8 - Clear all event listeners out of our DOM tree + for (nsINode* node : SimpleTreeIterator(*this)) { + if (EventListenerManager* elm = node->GetExistingListenerManager()) { + elm->RemoveAllListeners(); } + } - // If the user has allowed mixed content on the rootDoc, then we should propogate it - // down to the new document channel. - bool rootHasSecureConnection = false; - bool allowMixedContent = false; - bool isDocShellRoot = false; - nsresult rvalue = shell->GetAllowMixedContentAndConnectionData(&rootHasSecureConnection, &allowMixedContent, &isDocShellRoot); - if (NS_SUCCEEDED(rvalue) && allowMixedContent && isDocShellRoot) { - shell->SetMixedContentChannel(channel); + // Step 9 - Clear event listeners from our window, if we have one. + // + // Note that we explicitly want the inner window, and only if we're its + // document. We want to do this (per spec) even when we're not the "active + // document", so we can't go through GetWindow(), because it might forward to + // the wrong inner. + if (nsPIDOMWindowInner* win = GetInnerWindow()) { + if (win->GetExtantDoc() == this) { + if (EventListenerManager* elm = + nsGlobalWindow::Cast(win)->GetExistingListenerManager()) { + elm->RemoveAllListeners(); + } } } - // Before we reset the doc notify the globalwindow of the change, - // but only if we still have a window (i.e. our window object the - // current inner window in our outer window). - - // Hold onto ourselves on the offchance that we're down to one ref - nsCOMPtr<nsIDocument> kungFuDeathGrip = this; - - if (nsPIDOMWindowInner *window = GetInnerWindow()) { - // Remember the old scope in case the call to SetNewDocument changes it. - nsCOMPtr<nsIScriptGlobalObject> oldScope(do_QueryReferent(mScopeObject)); - -#ifdef DEBUG - bool willReparent = mWillReparent; - mWillReparent = true; + // Step 10 - Remove all of our DOM children without firing any mutation events. + DisconnectNodeTree(); - nsDocument* templateContentsOwner = - static_cast<nsDocument*>(mTemplateContentsOwner.get()); + // --- At this point our tree is clean and we can switch to the new URI --- - if (templateContentsOwner) { - templateContentsOwner->mWillReparent = true; - } -#endif + // Step 11 - If we're the current document in our docshell, do the + // equivalent of pushState() with the new URL we should have. + if (shell && IsCurrentActiveDocument()) { + nsCOMPtr<nsIURI> newURI = callerDoc->GetDocumentURI(); - // Per spec, we pass false here so that a new Window is created. - rv = window->SetNewDocument(this, nullptr, - /* aForceReuseInnerWindow */ false); - if (rv.Failed()) { + // UpdateURLAndHistory might do various member-setting, so make sure we're + // holding strong refs to all the refcounted args on the stack. We can + // assume that our caller is holding on to "this" already. + nsCOMPtr<nsIURI> currentURI = nsIDocument::GetDocumentURI(); + bool equalURIs; + nsresult rv = currentURI->Equals(newURI, &equalURIs); + if (NS_WARN_IF(NS_FAILED(rv))) { + aError.Throw(rv); return nullptr; } - -#ifdef DEBUG - if (templateContentsOwner) { - templateContentsOwner->mWillReparent = willReparent; + nsCOMPtr<nsIStructuredCloneContainer> stateContainer(mStateObjectContainer); + rv = shell->UpdateURLAndHistory(this, newURI, stateContainer, EmptyString(), + /* aReplace = */ true, currentURI, + equalURIs); + if (NS_WARN_IF(NS_FAILED(rv))) { + aError.Throw(rv); + return nullptr; } - mWillReparent = willReparent; -#endif + // And use the security info of the caller document as well, since + // it's the thing providing our data. + mSecurityInfo = callerDoc->GetSecurityInfo(); - // Now make sure we're not flagged as the initial document anymore, now - // that we've had stuff done to us. From now on, if anyone tries to - // document.open() us, they get a new inner window. + // This is not mentioned in the spec, but that's probably a spec bug. + // See <https://github.com/whatwg/html/issues/4299>. + // Since our URL may be changing away from about:blank here, we really want + // to unset this flag on any document.open(), since only about:blank can be + // an initial document. SetIsInitialDocument(false); - nsCOMPtr<nsIScriptGlobalObject> newScope(do_QueryReferent(mScopeObject)); - JS::Rooted<JSObject*> wrapper(cx, GetWrapper()); - if (oldScope && newScope != oldScope && wrapper) { - JSAutoCompartment ac(cx, wrapper); - rv = mozilla::dom::ReparentWrapper(cx, wrapper); - if (rv.Failed()) { - return nullptr; - } - - // Also reparent the template contents owner document - // because its global is set to the same as this document. - if (mTemplateContentsOwner) { - JS::Rooted<JSObject*> contentsOwnerWrapper(cx, - mTemplateContentsOwner->GetWrapper()); - if (contentsOwnerWrapper) { - rv = mozilla::dom::ReparentWrapper(cx, contentsOwnerWrapper); - if (rv.Failed()) { - return nullptr; - } - } - } - } - } + // And let our docloader know that it will need to track our load event. + nsDocShell::Cast(shell)->SetDocumentOpenedButNotLoaded(); + } - mDidDocumentOpen = true; + // Step 12 + mSkipLoadEventAfterClose = mLoadEventFiring; - // Call Reset(), this will now do the full reset - Reset(channel, group); - if (baseURI) { - mDocumentBaseURI = baseURI; - } + // Preliminary to steps 13-16. Set our ready state to uninitialized before + // we do anything else, so we can then proceed to later ready state levels. + SetReadyStateInternal(READYSTATE_UNINITIALIZED, + /* updateTimingInformation = */ false); - // Store the security info of the caller now that we're done - // resetting the document. - mSecurityInfo = securityInfo; + // Step 13 - Set our compatibility mode to standards. + SetCompatibilityMode(eCompatibility_FullStandards); + // Step 14 - Create a new parser associated with document. + // This also does step 16 implicitly. mParserAborted = false; mParser = nsHtml5Module::NewHtml5Parser(); - nsHtml5Module::Initialize(mParser, this, uri, shell, channel); + nsHtml5Module::Initialize(mParser, this, nsIDocument::GetDocumentURI(), shell, nullptr); if (mReferrerPolicySet) { // CSP may have set the referrer policy, so a speculative parser should // start with the new referrer policy. nsHtml5TreeOpExecutor* executor = nullptr; - executor = static_cast<nsHtml5TreeOpExecutor*> (mParser->GetContentSink()); + executor = static_cast<nsHtml5TreeOpExecutor*>(mParser->GetContentSink()); if (executor && mReferrerPolicySet) { - executor->SetSpeculationReferrerPolicy(static_cast<ReferrerPolicy>(mReferrerPolicy)); + executor->SetSpeculationReferrerPolicy( + static_cast<ReferrerPolicy>(mReferrerPolicy)); } } - // This will be propagated to the parser when someone actually calls write() - SetContentTypeInternal(contentType); - - // Prepare the docshell and the document viewer for the impending - // out of band document.write() - shell->PrepareForNewContentModel(); - - // Now check whether we were opened with a "replace" argument. If - // so, we need to tell the docshell to not create a new history - // entry for this load. Otherwise, make sure that we're doing a normal load, - // not whatever type of load was previously done on this docshell. - shell->SetLoadType(aReplace.LowerCaseEqualsLiteral("replace") ? - LOAD_NORMAL_REPLACE : LOAD_NORMAL); + if (shell) { + // Prepare the docshell and the document viewer for the impending + // out-of-band document.write() + shell->PrepareForNewContentModel(); - nsCOMPtr<nsIContentViewer> cv; - shell->GetContentViewer(getter_AddRefs(cv)); - if (cv) { - cv->LoadStart(this); + nsCOMPtr<nsIContentViewer> cv; + shell->GetContentViewer(getter_AddRefs(cv)); + if (cv) { + cv->LoadStart(this); + } } - // Add a wyciwyg channel request into the document load group - NS_ASSERTION(!mWyciwygChannel, "nsHTMLDocument::Open(): wyciwyg " - "channel already exists!"); - - // In case the editor is listening and will see the new channel - // being added, make sure mWriteLevel is non-zero so that the editor - // knows that document.open/write/close() is being called on this - // document. - ++mWriteLevel; - - CreateAndAddWyciwygChannel(); + // Step 15. + SetReadyStateInternal(nsIDocument::READYSTATE_LOADING, + /* updateTimingInformation = */ false); - --mWriteLevel; - - SetReadyStateInternal(nsIDocument::READYSTATE_LOADING); + // Step 16 happened with step 14 above. - // After changing everything around, make sure that the principal on the - // document's compartment exactly matches NodePrincipal(). - DebugOnly<JSObject*> wrapper = GetWrapperPreserveColor(); - MOZ_ASSERT_IF(wrapper, - JS_GetCompartmentPrincipals(js::GetObjectCompartment(wrapper)) == - nsJSPrincipals::get(NodePrincipal())); - - return kungFuDeathGrip.forget(); -} + // Step 17. + nsCOMPtr<nsIDocument> ret = this; + return ret.forget(); +} NS_IMETHODIMP nsHTMLDocument::Clear() @@ -1806,15 +1690,6 @@ nsHTMLDocument::Close(ErrorResult& rv) if (GetShell()) { FlushPendingNotifications(Flush_Layout); } - - // Removing the wyciwygChannel here is wrong when document.close() is - // called from within the document itself. However, legacy requires the - // channel to be removed here. Otherwise, the load event never fires. - NS_ASSERTION(mWyciwygChannel, "nsHTMLDocument::Close(): Trying to remove " - "nonexistent wyciwyg channel!"); - RemoveWyciwygChannel(); - NS_ASSERTION(!mWyciwygChannel, "nsHTMLDocument::Close(): " - "nsIWyciwygChannel could not be removed!"); } void diff --git a/dom/html/test/mochitest.ini b/dom/html/test/mochitest.ini index b9da7def8..024de1cd9 100644 --- a/dom/html/test/mochitest.ini +++ b/dom/html/test/mochitest.ini @@ -529,7 +529,6 @@ skip-if = toolkit == 'android' # plugins not supported [test_bug196523.html] [test_bug199692.html] skip-if = toolkit == 'android' #bug 811644 -[test_bug172261.html] [test_bug255820.html] [test_bug259332.html] [test_bug311681.html] diff --git a/dom/html/test/test_bug172261.html b/dom/html/test/test_bug172261.html deleted file mode 100644 index 2b5d752cd..000000000 --- a/dom/html/test/test_bug172261.html +++ /dev/null @@ -1,67 +0,0 @@ -<!DOCTYPE HTML> -<html> -<!-- -https://bugzilla.mozilla.org/show_bug.cgi?id=172261 ---> -<head> - <title>Test for Bug 172261</title> - <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> - <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> -</head> -<body> -<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=172261">Mozilla Bug 172261</a> -<p id="display"> - <iframe id="test"></iframe> -</p> -<div id="content" style="display: none"> - -</div> -<pre id="test"> -<script class="testbody" type="text/javascript"> - /** Test for Bug 172261 **/ - SimpleTest.waitForExplicitFinish(); - SimpleTest.requestFlakyTimeout("untriaged"); - - var callable = false; - function toggleCallable() { callable = true; } - - var doTestInIframe = false; - - // Shouldn't do history stuff from inside onload - addLoadEvent(function() { setTimeout(startTest, 10) }); - - function startTest() { - // First, create a dummy document. Use onunload handlers to make sure - // bfcache doesn't screw us up. - var doc = $("test").contentDocument; - - doc.write("<html><body onunload=''>First</body></html>"); - doc.close(); - - // Now write our test document - doc.write("<html><script>window.onerror = parent.onerror; if (parent.doTestInIframe) { parent.is(document.domain, parent.document.domain, 'Domains should match'); parent.toggleCallable(); } <" + "/script><body>Second</body></html>"); - doc.close(); - - $("test").onload = goForward; - history.back(); - } - - function goForward() { - $("test").onload = doTest; - doTestInIframe = true; - history.forward(); - } - - function doTest() { - is($("test").contentDocument.domain, document.domain, - "Domains should match 2"); - is($("test").contentDocument.location.href, location.href, - "Locations should match"); - is(callable, true, "Subframe should be able to call us"); - SimpleTest.finish(); - } -</script> -</pre> -</body> -</html> - diff --git a/dom/html/test/test_bug255820.html b/dom/html/test/test_bug255820.html index 20727fee4..18073497b 100644 --- a/dom/html/test/test_bug255820.html +++ b/dom/html/test/test_bug255820.html @@ -28,7 +28,7 @@ SimpleTest.waitForExplicitFinish(); is(document.characterSet, "UTF-8", "Unexpected character set for our document"); -var testsLeft = 4; +var testsLeft = 3; function testFinished() { --testsLeft; @@ -42,29 +42,11 @@ function charsetTestFinished(id, doc, charsetTarget) { testFinished(); } -function f2Continue() { -// Commented out pending discussion at the WHATWG -// $("f2"). -// setAttribute("onload", -// "charsetTestFinished('f2 reloaded', this.contentDocument, 'us-ascii');"); - $("f2"). - setAttribute("onload", - "testFinished();"); - $("f2").contentWindow.location.reload(); -} - function f3Continue() { var doc = $("f3").contentDocument; is(doc.defaultView.getComputedStyle(doc.body, "").color, "rgb(0, 180, 0)", - "Wrong color before reload"); - $("f3"). - setAttribute("onload", - 'var doc = this.contentDocument; ' + - 'is(doc.defaultView.getComputedStyle(doc.body, "").color, ' + - ' "rgb(0, 180, 0)",' + - ' "Wrong color after reload");' + - "charsetTestFinished('f1', this.contentDocument, 'UTF-8')"); - $("f3").contentWindow.location.reload(); + "Wrong color"); + charsetTestFinished('f3', doc, "UTF-8"); } function runTest() { @@ -74,12 +56,7 @@ function runTest() { doc.open(); doc.write('<html></html>'); doc.close(); - is(doc.characterSet, "UTF-8", - "Unexpected character set for first frame after write"); - $("f1"). - setAttribute("onload", - "charsetTestFinished('f1', this.contentDocument, 'UTF-8')"); - $("f1").contentWindow.location.reload(); + charsetTestFinished("f1", doc, "UTF-8"); doc = $("f2").contentDocument; is(doc.characterSet, "UTF-8", @@ -96,12 +73,11 @@ function runTest() { "Unexpected character set for second frame after write"); $("f2"). setAttribute("onload", - "charsetTestFinished('f2', this.contentDocument, 'UTF-8');" + - "f2Continue()"); + "charsetTestFinished('f2', this.contentDocument, 'UTF-8');"); doc = $("f3").contentDocument; is(doc.characterSet, "UTF-8", - "Unexpected initial character set for first frame"); + "Unexpected initial character set for third frame"); doc.open(); var str = '<html><head>'; str += '<style>body { color: rgb(255, 0, 0) }</style>'; @@ -111,7 +87,7 @@ function runTest() { doc.write(str); doc.close(); is(doc.characterSet, "UTF-8", - "Unexpected character set for first frame after write"); + "Unexpected character set for third frame after write"); $("f3").setAttribute("onload", "f3Continue()"); } diff --git a/dom/tests/mochitest/bugs/test_bug346659.html b/dom/tests/mochitest/bugs/test_bug346659.html index 78c1fc659..8596de7b1 100644 --- a/dom/tests/mochitest/bugs/test_bug346659.html +++ b/dom/tests/mochitest/bugs/test_bug346659.html @@ -108,7 +108,7 @@ function messageReceiver(evt) { is(testResult, "undefined", "Props on new window's child should go away when loading"); break; case 6: - is(testResult, "undefined", "Props on new window's child should go away when writing"); + is(testResult, "6", "Props on new window's child should go away when writing"); break; case 7: is(testResult, "7", "Props on different-domain window opened from different-domain new window can stay"); |