GitLab

at 2024-07-08T17:07:59+02:00

Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D211621
Bug 1743329 - Release pointer lock when xul popup is open; r=smaug,pbz

Differential Revision: https://phabricator.services.mozilla.com/D211620

Bug 1743329 - Use nsMenuPopupFrame in GetVisiblePopups(); r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D211619

A further change was needed in nsCaret.cpp, see
https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests/1048#note_3046018

Bug 1743329: apply code formatting via Lando

# ignore-this-changeset
Bug 1879952 - Fix test expectations with samesite=lax turned on r=tschuster

Differential Revision: https://phabricator.services.mozilla.com/D201639
Bug 1844827 - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. r=cookie-reviewers,valentin,bvandersloot a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D204074
Bug 1844827 - Update the cookie test expectations for iframe samesite r=cookie-reviewers,valentin a=RyanVM

Depends on D199770

Differential Revision: https://phabricator.services.mozilla.com/D199772
Bug 1880374 - Disable DNS prefetching if document nodePrincipal is systemPrincipal r=valentin

Differential Revision: https://phabricator.services.mozilla.com/D210830
Bug 1883396 - Exit fullscreen when two Escape keyup events occur in a short time; r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D209667

Bug 1900523 - Don't use bailout data for JSJitToWasm frames. r=iain

Differential Revision: https://phabricator.services.mozilla.com/D212554
Bug 1902983 - Don't use bailout data after iterating Wasm frames.  a=RyanVM

This is similar to bug 1900523, but the fix there was incomplete because the
`JSJitToWasm` frame type is only used when we go through the Wasm JIT entry
trampoline. Ion can also call Wasm functions directly and in that case the type
will be `FrameType::Exit`.

Original Revision: https://phabricator.services.mozilla.com/D214098

Differential Revision: https://phabricator.services.mozilla.com/D214375
     info("Wait for full screen transition end.");

     await promiseFullScreenTransitionEnd;

     info("Full screen transition end");

+

+    await SpecialPowers.popPrefEnv();

   });

 });
 #include "mozilla/dom/BrowsingContext.h"

 #include "mozilla/dom/Document.h"

 #include "mozilla/dom/Element.h"

+#include "mozilla/dom/PointerEventHandler.h"

 #include "mozilla/dom/WindowContext.h"

 #include "nsCOMPtr.h"

+#include "nsMenuPopupFrame.h"

 #include "nsSandboxFlags.h"

 namespace mozilla {

                                   aMessage);

 }

+static bool IsPopupOpened() {

+  // Check if any popup is open.

+  nsXULPopupManager* pm = nsXULPopupManager::GetInstance();

+  if (!pm) {

+    return false;

+  }

+

+  nsTArray<nsMenuPopupFrame*> popups;

+  pm->GetVisiblePopups(popups, true);

+

+  for (nsMenuPopupFrame* popup : popups) {

+    if (popup->GetPopupType() != widget::PopupType::Tooltip) {

+      return true;

+    }

+  }

+

+  return false;

+}

+

 static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock,

                                        bool aNoFocusCheck = false) {

   // Check if pointer lock pref is enabled

     }

   }

+  if (IsPopupOpened()) {

+    return "PointerLockDeniedFailedToLock";

+  }

+

   return nullptr;

 }

 /* static */

 void PointerLockManager::Unlock(Document* aDoc) {

+  if (sLockedRemoteTarget) {

+    MOZ_ASSERT(XRE_IsParentProcess());

+    MOZ_ASSERT(!sIsLocked);

+    Unused << sLockedRemoteTarget->SendReleasePointerLock();

+    sLockedRemoteTarget = nullptr;

+    return;

+  }

+

   if (!sIsLocked) {

     return;

   }

 }

 /* static */

-bool PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent) {

+void PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent,

+                                               nsACString& aError) {

   MOZ_ASSERT(XRE_IsParentProcess());

   if (sLockedRemoteTarget) {

-    return sLockedRemoteTarget == aBrowserParent;

+    if (sLockedRemoteTarget != aBrowserParent) {

+      aError = "PointerLockDeniedInUse"_ns;

+    }

+    return;

+  }

+

+  // Check if any popup is open.

+  if (IsPopupOpened()) {

+    aError = "PointerLockDeniedFailedToLock"_ns;

+    return;

   }

   sLockedRemoteTarget = aBrowserParent;

-  return true;

+  PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget();

 }

 /* static */

   // Set/release pointer lock remote target. Should only be called in parent

   // process.

-  static bool SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent);

+  static void SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent,

+                                    nsACString& aError);

   static void ReleaseLockedRemoteTarget(dom::BrowserParent* aBrowserParent);

  private:

 }

 bool HTMLDNSPrefetch::IsAllowed(Document* aDocument) {

+  // Do not use prefetch if the document's node principal is the system

+  // principal.

+  nsCOMPtr<nsIPrincipal> principal = aDocument->NodePrincipal();

+  if (principal->IsSystemPrincipal()) {

+    return false;

+  }

+

   // There is no need to do prefetch on non UI scenarios such as XMLHttpRequest.

   return aDocument->IsDNSPrefetchAllowed() && aDocument->GetWindow();

 }

 #include "mozilla/MouseEvents.h"

 #include "mozilla/NativeKeyBindingsType.h"

 #include "mozilla/NullPrincipal.h"

+#include "mozilla/PointerLockManager.h"

 #include "mozilla/Preferences.h"

 #include "mozilla/PresShell.h"

 #include "mozilla/ProcessHangMonitor.h"

   return IPC_OK();

 }

+mozilla::ipc::IPCResult BrowserChild::RecvReleasePointerLock() {

+  PointerLockManager::Unlock();

+  return IPC_OK();

+}

+

 PPaymentRequestChild* BrowserChild::AllocPPaymentRequestChild() {

   MOZ_CRASH(

       "We should never be manually allocating PPaymentRequestChild actors");

   mozilla::ipc::IPCResult RecvReleaseAllPointerCapture();

+  mozilla::ipc::IPCResult RecvReleasePointerLock();

+

  private:

   void HandleDoubleTap(const CSSPoint& aPoint, const Modifiers& aModifiers,

                        const ScrollableLayerGuid& aGuid);

 mozilla::ipc::IPCResult BrowserParent::RecvRequestPointerLock(

     RequestPointerLockResolver&& aResolve) {

-  nsCString error;

   if (sTopLevelWebFocus != GetTopLevelBrowserParent(this)) {

-    error = "PointerLockDeniedNotFocused";

-  } else if (!PointerLockManager::SetLockedRemoteTarget(this)) {

-    error = "PointerLockDeniedInUse";

-  } else {

-    PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget();

+    aResolve("PointerLockDeniedNotFocused"_ns);

+    return IPC_OK();

   }

-  aResolve(error);

+

+  nsCString error;

+  PointerLockManager::SetLockedRemoteTarget(this, error);

+  aResolve(std::move(error));

   return IPC_OK();

 }

     async ImageLoadComplete(nsresult aResult);

-    /**

-     * Child informs the parent that a pointer lock has requested/released.

-     */

-    async RequestPointerLock() returns (nsCString error);

-    async ReleasePointerLock();

-

     /**

      * Child informs the parent that a pointer capture has requested/released.

      */

     async RequestPointerCapture(uint32_t aPointerId) returns (bool aSuccess);

     async ReleasePointerCapture(uint32_t aPointerId);

+    /**

+     * Child informs the parent that a pointer lock has requested.

+     */

+    async RequestPointerLock() returns (nsCString error);

+

     /**

      * This function is used to notify the parent that it should display a

      * onion services client authentication prompt.

      */

     async ShowOnionServicesAuthPrompt(nsCString aOnionHost, nsCString aTopic);

+both:

+    /**

+     * informs that a pointer lock has released.

+     */

+    async ReleasePointerLock();

+

 child:

     async NativeSynthesisResponse(uint64_t aObserverId, nsCString aResponse);

     async UpdateSHistory();

+// |jit-test| --fast-warmup; --no-threads; skip-if: !wasmIsSupported()

+function f1() {

+  Promise.allSettled().catch(e => null);

+  do {

+    f2(10n, -1n);

+    try {

+      f2(-2147483648n);

+    } catch {}

+  } while (!inIon());

+}

+function f2(x, y) {

+  const z = x >> x;

+  z <= z ? z : z;

+  y ^ y;

+}

+const binary = wasmTextToBinary(`

+  (module

+    (import "m" "f" (func $f))

+    (func (export "test")

+      (call $f)

+    )

+  )

+`);

+const mod = new WebAssembly.Module(binary);

+const inst = new WebAssembly.Instance(mod, {"m": {"f": f1}});

+for (let i = 0; i < 6; i++) {

+  inst.exports.test();

+}
+// |jit-test| --fast-warmup; --gc-zeal=21,100; skip-if: !wasmIsSupported()

+let counter = 0;

+function g() {

+    counter++;

+    const y = BigInt.asIntN(counter, -883678545n);

+    const z = y >> y;

+    BigInt.asUintN(2 ** counter, 883678545n);

+    try { g(); } catch (e) { }

+}

+function f() {

+    for (let i = 0; i < 5; i++) {

+        for (let j = 0; j < 30; j++) { }

+        Promise.allSettled().catch(e => null);

+        counter = 0;

+        g();

+    }

+}

+const binary = wasmTextToBinary(`(module (import "m" "f" (func $f)) (func (export "test") (call $f)))`);

+const mod = new WebAssembly.Module(binary);

+const inst = new WebAssembly.Instance(mod, { m: { f: f } });

+for (let i = 0; i < 100; i++) { }

+for (let i = 0; i < 5; i++) {

+    inst.exports.test();

+}
 using namespace js::jit;

 JSJitFrameIter::JSJitFrameIter(const JitActivation* activation)

-    : JSJitFrameIter(activation, FrameType::Exit, activation->jsExitFP()) {}

-

-JSJitFrameIter::JSJitFrameIter(const JitActivation* activation,

-                               FrameType frameType, uint8_t* fp)

-    : current_(fp),

-      type_(frameType),

-      resumePCinCurrentFrame_(nullptr),

-      cachedSafepointIndex_(nullptr),

+    : current_(activation->jsExitFP()),

+      type_(FrameType::Exit),

       activation_(activation) {

-  MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit);

+  // If we're currently performing a bailout, we have to use the activation's

+  // bailout data when we start iterating over the activation's frames.

   if (activation_->bailoutData()) {

     current_ = activation_->bailoutData()->fp();

     type_ = FrameType::Bailout;

-  } else {

-    MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI);

   }

+  MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI);

+}

+

+JSJitFrameIter::JSJitFrameIter(const JitActivation* activation,

+                               FrameType frameType, uint8_t* fp)

+    : current_(fp), type_(frameType), activation_(activation) {

+  // This constructor is only used when resuming iteration after iterating Wasm

+  // frames in the same JitActivation so ignore activation_->bailoutData().

+  //

+  // Note: FrameType::JSJitToWasm is used for JIT => Wasm calls through the Wasm

+  // JIT entry trampoline. FrameType::Exit is used for direct Ion => Wasm calls.

+  MOZ_ASSERT(fp > activation->jsOrWasmExitFP());

+  MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit);

+  MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI);

 }

 bool JSJitFrameIter::checkInvalidation() const {

  protected:

   uint8_t* current_;

   FrameType type_;

-  uint8_t* resumePCinCurrentFrame_;

+  uint8_t* resumePCinCurrentFrame_ = nullptr;

   // Size of the current Baseline frame. Equivalent to

   // BaselineFrame::debugFrameSize_ in debug builds.

   mozilla::Maybe<uint32_t> baselineFrameSize_;

  private:

-  mutable const SafepointIndex* cachedSafepointIndex_;

+  mutable const SafepointIndex* cachedSafepointIndex_ = nullptr;

   const JitActivation* activation_;

   void dumpBaseline() const;

     // The event listeners in chrome can prevent this ESC behavior by

     // calling prevent default on the preceding keydown/press events.

-    if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed &&

-        aKeyboardEvent->mMessage == eKeyUp) {

-      // ESC key released while in DOM fullscreen mode.

-      // Fully exit all browser windows and documents from

-      // fullscreen mode.

-      Document::AsyncExitFullscreen(nullptr);

+    if (aKeyboardEvent->mMessage == eKeyUp) {

+      bool shouldExitFullscreen =

+          !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed;

+      if (!shouldExitFullscreen) {

+        if (mPresShell->mLastConsumedEscapeKeyUpForFullscreen &&

+            (aKeyboardEvent->mTimeStamp -

+             mPresShell->mLastConsumedEscapeKeyUpForFullscreen) <=

+                TimeDuration::FromMilliseconds(

+                    StaticPrefs::

+                        dom_fullscreen_force_exit_on_multiple_escape_interval())) {

+          shouldExitFullscreen = true;

+          mPresShell->mLastConsumedEscapeKeyUpForFullscreen = TimeStamp();

+        } else {

+          mPresShell->mLastConsumedEscapeKeyUpForFullscreen =

+              aKeyboardEvent->mTimeStamp;

+        }

+      }

+

+      if (shouldExitFullscreen) {

+        // ESC key released while in DOM fullscreen mode.

+        // Fully exit all browser windows and documents from

+        // fullscreen mode.

+        Document::AsyncExitFullscreen(nullptr);

+      }

     }

   }

-  nsCOMPtr<Document> pointerLockedDoc = PointerLockManager::GetLockedDocument();

-  if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed && pointerLockedDoc) {

-    // XXX See above comment to understand the reason why this needs

-    //     to claim that the Escape key event is consumed by content

-    //     even though it will be dispatched only into chrome.

-    aKeyboardEvent->PreventDefaultBeforeDispatch(CrossProcessForwarding::eStop);

-    aKeyboardEvent->mFlags.mOnlyChromeDispatch = true;

-    if (aKeyboardEvent->mMessage == eKeyUp) {

-      PointerLockManager::Unlock();

+  if (XRE_IsParentProcess() &&

+      !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed) {

+    if (PointerLockManager::GetLockedRemoteTarget() ||

+        PointerLockManager::IsLocked()) {

+      // XXX See above comment to understand the reason why this needs

+      //     to claim that the Escape key event is consumed by content

+      //     even though it will be dispatched only into chrome.

+      aKeyboardEvent->PreventDefaultBeforeDispatch(

+          CrossProcessForwarding::eStop);

+      aKeyboardEvent->mFlags.mOnlyChromeDispatch = true;

+      if (aKeyboardEvent->mMessage == eKeyUp) {

+        PointerLockManager::Unlock();

+      }

     }

   }

 }

   bool mProcessingReflowCommands : 1;

   bool mPendingDidDoReflow : 1;

+  // The last TimeStamp when the keyup event did not exit fullscreen because it

+  // was consumed.

+  TimeStamp mLastConsumedEscapeKeyUpForFullscreen;

+

   struct CapturingContentInfo final {

     CapturingContentInfo()

         : mRemoteTarget(nullptr),

 bool nsCaret::IsMenuPopupHidingCaret() {

   // Check if there are open popups.

   nsXULPopupManager* popMgr = nsXULPopupManager::GetInstance();

-  nsTArray<nsIFrame*> popups;

+  nsTArray<nsMenuPopupFrame*> popups;

   popMgr->GetVisiblePopups(popups);

   if (popups.Length() == 0)

   // If there's a menu popup open before the popup with

   // the caret, don't show the caret.

   for (uint32_t i = 0; i < popups.Length(); i++) {

-    nsMenuPopupFrame* popupFrame = static_cast<nsMenuPopupFrame*>(popups[i]);

+    nsMenuPopupFrame* popupFrame = popups[i];

     nsIContent* popupContent = popupFrame->GetContent();

     if (caretContent->IsInclusiveDescendantOf(popupContent)) {

 #include "nsIScrollableFrame.h"

 #include "nsIWidget.h"

 #include "nsListControlFrame.h"

+#include "nsMenuPopupFrame.h"

 #include "nsPIDOMWindow.h"

 #include "nsPlaceholderFrame.h"

 #include "nsPresContext.h"

   if (!pm) {

     return nullptr;

   }

-  nsTArray<nsIFrame*> popups;

+  nsTArray<nsMenuPopupFrame*> popups;

   pm->GetVisiblePopups(popups);

   // Search from top to bottom

-  for (nsIFrame* popup : popups) {

+  for (nsMenuPopupFrame* popup : popups) {

     if (popup->PresContext()->GetRootPresContext() != aRootPresContext) {

       continue;

     }

 #include "mozilla/EventStateManager.h"

 #include "mozilla/LookAndFeel.h"

 #include "mozilla/MouseEvents.h"

+#include "mozilla/PointerLockManager.h"

 #include "mozilla/PresShell.h"

 #include "mozilla/Services.h"

 #include "mozilla/StaticPrefs_layout.h"

     EventStateManager::ClearGlobalActiveContent(activeESM);

     activeESM->StopTrackingDragGesture(true);

   }

+  PointerLockManager::Unlock();

   PresShell::ReleaseCapturingContent();

   return true;

   // Caret visibility may have been affected, ensure that

   // the caret isn't now drawn when it shouldn't be.

   CheckCaretDrawingState();

+

+  if (popupType != PopupType::Tooltip) {

+    PointerLockManager::Unlock();

+  }

 }

 nsMenuChainItem* nsXULPopupManager::FindPopup(Element* aPopup) const {

   return nullptr;

 }

-void nsXULPopupManager::GetVisiblePopups(nsTArray<nsIFrame*>& aPopups) {

+void nsXULPopupManager::GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups,

+                                         bool aIncludeNativeMenu) {

   aPopups.Clear();

+  if (aIncludeNativeMenu && mNativeMenu) {

+    nsCOMPtr<nsIContent> popup = mNativeMenu->Element();

+    nsMenuPopupFrame* popupFrame = GetPopupFrameForContent(popup, true);

+    if (popupFrame && popupFrame->IsVisible() &&

+        !popupFrame->IsMouseTransparent()) {

+      aPopups.AppendElement(popupFrame);

+    }

+  }

   for (nsMenuChainItem* item = mPopups.get(); item; item = item->GetParent()) {

     // Skip panels which are not visible as well as popups that are transparent

     // to mouse events.

  */

 extern const nsNavigationDirection DirectionFromKeyCodeTable[2][6];

-#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode) \

-  (DirectionFromKeyCodeTable[static_cast<uint8_t>( \

-      (frame)->StyleVisibility()->mDirection)][(   \

-      keycode)-mozilla::dom::KeyboardEvent_Binding::DOM_VK_END])

+#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode)                    \

+  (DirectionFromKeyCodeTable                                          \

+       [static_cast<uint8_t>((frame)->StyleVisibility()->mDirection)] \

+       [(keycode) - mozilla::dom::KeyboardEvent_Binding::DOM_VK_END])

 // Used to hold information about a popup that is about to be opened.

 struct PendingPopup {

   /**

    * Return an array of all the open and visible popup frames for

    * menus, in order from top to bottom.

+   * XXX should we always include native menu?

    */

-  void GetVisiblePopups(nsTArray<nsIFrame*>& aPopups);

+  void GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups,

+                        bool aIncludeNativeMenu = false);

   /**

    * Get the node that last triggered a popup or tooltip in the document

   value: false

   mirror: always

+# The interval in milliseconds between two Escape key events where the second

+# key event will exit fullscreen, even if it is consumed.

+- name: dom.fullscreen.force_exit_on_multiple_escape_interval

+  type: uint32_t

+  value: 500

+  mirror: always

+

 # Whether fullscreen should make the rest of the document inert.

 # This matches other browsers but historically not Gecko.

 - name: dom.fullscreen.modal

   value: false

   mirror: always

+- name: network.cookie.sameSite.crossSiteIframeSetCheck

+  type: bool

+  value: true

+  mirror: always

+

 - name: network.cookie.thirdparty.sessionOnly

   type: bool

   value: false

   if (!addonAllowsLoad) {

     mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI,

                                          &isForeignAndNotAddon);

+

+    // include sub-document navigations from cross-site to same-site

+    // wrt top-level in our check for thirdparty-ness

+    if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() &&

+        !isForeignAndNotAddon &&

+        loadInfo->GetExternalContentPolicyType() ==

+            ExtContentPolicy::TYPE_SUBDOCUMENT) {

+      bool triggeringPrincipalIsThirdParty = false;

+      BasePrincipal::Cast(loadInfo->TriggeringPrincipal())

+          ->IsThirdPartyURI(channelURI, &triggeringPrincipalIsThirdParty);

+      isForeignAndNotAddon |= triggeringPrincipalIsThirdParty;

+    }

   }

   nsCString cookieHeader(aCookieHeader);

   if (!addonAllowsLoad) {

     mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI,

                                          &isForeignAndNotAddon);

+

+    // include sub-document navigations from cross-site to same-site

+    // wrt top-level in our check for thirdparty-ness

+    if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() &&

+        !isForeignAndNotAddon &&

+        loadInfo->GetExternalContentPolicyType() ==

+            ExtContentPolicy::TYPE_SUBDOCUMENT) {

+      bool triggeringPrincipalIsThirdParty = false;

+      BasePrincipal::Cast(loadInfo->TriggeringPrincipal())

+          ->IsThirdPartyURI(finalChannelURI, &triggeringPrincipalIsThirdParty);

+      isForeignAndNotAddon |= triggeringPrincipalIsThirdParty;

+    }

   }

   bool moreCookies;

 [setcookie-navigation.https.html]

+  prefs: [network.cookie.sameSite.laxByDefault:true, network.cookie.sameSite.noneRequiresSecure:true]

   expected:

     if (os == "android") and fission: [OK, TIMEOUT]
-  [Cross-site to same-site iframe navigation should only be able to set SameSite=None cookies.]

-    expected: FAIL

-

-  [Same-site to cross-site-site iframe navigation should only be able to set SameSite=None cookies.]

-    expected: FAIL

-

-  [Cross-site to cross-site iframe navigation should only be able to set SameSite=None cookies.]

-    expected: FAIL

ma1 pushed to branch tor-browser-115.13.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits:

22 changed files:

Changes: