When we open a new window from a content process, we create a nested event
loop to wait for it to be initialized by the parent. The problem with this is
that the OpenWindow code which calls the window provider expects the window to
be in-process and uninitialized, so that it can load its own initial URI into
it, and correctly fulfil the spec-codified contract of window.open(). If
another caller initiates a load in the new window during the nested event
loop, those invariants are broken, and any manner of undefined behavior can
occur.
This patch adds a new flag to the BrowsingContext, marking it as uninitialized
until the end of the nested event loop, and blocking any attempts to load a
new URI into it in the meantime.
Differential Revision: https://phabricator.services.mozilla.com/D57667
When we open a new window from a content process, we create a nested event
loop to wait for it to be initialized by the parent. The problem with this is
that the OpenWindow code which calls the window provider expects the window to
be in-process and uninitialized, so that it can load its own initial URI into
it, and correctly fulfil the spec-codified contract of window.open(). If
another caller initiates a load in the new window during the nested event
loop, those invariants are broken, and any manner of undefined behavior can
occur.
This patch adds a new flag to the BrowsingContext, marking it as uninitialized
until the end of the nested event loop, and blocking any attempts to load a
new URI into it in the meantime.
Differential Revision: https://phabricator.services.mozilla.com/D57667
Fission puts subdocuments (potentially) in separate processes, so we can't
just EnumerateSubDocuments and poke the TimeoutManagers for each one.
Differential Revision: https://phabricator.services.mozilla.com/D56547
This reference is necessary when sending session storage data for
all browsing context to the parent process. Note that it entails
making SessionStorageManager a cycle collection participant, since
adding this reference creates a cycle.
Differential Revision: https://phabricator.services.mozilla.com/D55659
With Fission enabled we do not necessarily have access to the
nsDocShell that holds the top-level browsing context, so the
BrowsingContext is a better place to store information that needs
to be accessible to nested browsing contexts.
Differential Revision: https://phabricator.services.mozilla.com/D55276
This reference is necessary when sending session storage data for
all browsing context to the parent process. Note that it entails
making SessionStorageManager a cycle collection participant, since
adding this reference creates a cycle.
Depends on D55276
Differential Revision: https://phabricator.services.mozilla.com/D55659
With Fission enabled we do not necessarily have access to the
nsDocShell that holds the top-level browsing context, so the
BrowsingContext is a better place to store information that needs
to be accessible to nested browsing contexts.
Differential Revision: https://phabricator.services.mozilla.com/D55276
Bug 1534012 added a test for postMessage during load and that revealed that mLoading flag isn't always updated
soon enough, so add BrowsingContext::IsLoading which checks also possible local loading status.
Depends on D54754
Differential Revision: https://phabricator.services.mozilla.com/D54836
If the page has already had same type pending request, then we don't want to send another request. If the page has already got the response from the request, we also don't want to send another request again.
In order to achieve that, we decide to store the request's staus on the top-browsing context to make sure that all media elements in the same browsing context tree can share the same status. Thereforw, we could avoid sending redudant request when there is a pending request, and reuse the previous request's result.
Differential Revision: https://phabricator.services.mozilla.com/D52431
If the page has already had same type pending request, then we don't want to send another request. If the page has already got the response from the request, we also don't want to send another request again.
In order to achieve that, we decide to store the request's staus on the top-browsing context to make sure that all media elements in the same browsing context tree can share the same status. Thereforw, we could avoid sending redudant request when there is a pending request, and reuse the previous request's result.
Differential Revision: https://phabricator.services.mozilla.com/D52431
This also converts MaybeCloseWindowHelper, and results in the window close operations being always run in the parent (even without DocumentChannel).
Differential Revision: https://phabricator.services.mozilla.com/D49528
These methods are only callable from the parent process, so it doesn't make
sense to have the method available driectly on BrowsingContext.
Differential Revision: https://phabricator.services.mozilla.com/D50854
Also some minor cleanup in nsWindowWatcher, as well as a small fix,
where GetWindowByName forgot to addref its return value (as changed in
Part 1).
Differential Revision: https://phabricator.services.mozilla.com/D48976
Also some minor cleanup in nsWindowWatcher, as well as a small fix,
where GetWindowByName forgot to addref its return value (as changed in
Part 1).
Differential Revision: https://phabricator.services.mozilla.com/D48976
We attempt to enforce the same (approximate) access checks to Location-based
navigation that we use for loads that use named targeting (e.g., via
window.open), so that a frame that can't be navigated via, e.g., window.open,
also can't be navigated via, e.g., window.parent[1].location = url. For the
in-process case, this is handled by a somewhat hidden call to
CheckLoadingPermissions() in nsDocShell::InternalLoad, where the former checks
whether the principal of whatever JS context happens to be on the stack
subsumes the principal of the target DocShell or any of its ancestors, and
blocks the load if it doesn't.
Since there is no JS context on the stack when we call into the DocShell
loading code in the cross-process case, the check is simply ignored.
So we need to instead do the check in BrowsingContext::LoadURI, where we
already have an explicit accessor, and can simply use the standard access
checks that we use elsewhere.
Differential Revision: https://phabricator.services.mozilla.com/D48443
