July 2024 - tor-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-13.5.1-build1
by Pier Angelo Vendrame (＠pierov) 09 Jul '24

09 Jul '24

Pier Angelo Vendrame pushed new tag mb-13.5.1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5.1-build1
by Pier Angelo Vendrame (＠pierov) 09 Jul '24

09 Jul '24

Pier Angelo Vendrame pushed new tag tbb-13.5.1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.5] 2 commits: Bug 41166: Use the GitHub repository for firefox-l10n.
by Pier Angelo Vendrame (＠pierov) 09 Jul '24

09 Jul '24

Pier Angelo Vendrame pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: abe0d0a3 by Pier Angelo Vendrame at 2024-07-09T17:44:19+02:00 Bug 41166: Use the GitHub repository for firefox-l10n. Mozilla uplifted Bug 1900421 to 115 to 128, so we have to switch to the new GitHub repository immediately as well. - - - - - 902b2dbe by Pier Angelo Vendrame at 2024-07-09T17:44:23+02:00 Bug 41174, 41175: Tor, Mullvad Browser 13.5.1 release preparation - - - - - 12 changed files: - README - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/firefox-android/config - projects/firefox-l10n/config - projects/firefox/config - projects/geckoview/config - projects/go/config - projects/manual/config - projects/translation/config - rbm.conf Changes: ===================================== README ===================================== @@ -10,7 +10,7 @@ etc ...). You will need to install the uidmap package, providing the newuidmap and newgidmap commands. The sources of most components are downloaded using git, which needs to -be installed. The mercurial package is also needed. +be installed. Zstandard (zstd) is used to compress some tarballs and needs to be installed. You'll also need tar >= 1.31, for zstd support. @@ -46,7 +46,7 @@ If you are running Debian or Ubuntu, you can install them with: libparallel-forkmanager-perl libpath-tiny-perl \ libsort-versions-perl libstring-shellquote-perl \ libtemplate-perl libxml-libxml-perl libxml-writer-perl \ - libyaml-libyaml-perl git mercurial uidmap zstd + libyaml-libyaml-perl git uidmap zstd If you are running Fedora, CentOS or RHEL, you can install them with: @@ -57,7 +57,7 @@ If you are running Fedora, CentOS or RHEL, you can install them with: "perl(File::Copy::Recursive)" "perl(String::ShellQuote)" \ "perl(Sort::Versions)" "perl(Digest::SHA)" "perl(Data::UUID)" \ "perl(Data::Dump)" "perl(DateTime)" "perl(XML::Writer)" \ - "perl(Parallel::ForkManager)" perl-ph mercurial git zstd + "perl(Parallel::ForkManager)" perl-ph git zstd If you are running an Arch based system, you should be able to install them with: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,17 @@ +Mullvad Browser 13.5.1 - July 09 2024 + * All Platforms + * Updated Firefox to 115.13.0esr + * Bug 317: Rebase Mullvad Browser stable onto 115.13.0esr [mullvad-browser] + * Bug 42693: Backports security fixes from Firefox 128 [tor-browser] + * Linux + * Bug 314: Mullvad Browser is not listed as a possible default browser application for Gnome on Ubuntu / Fedora [mullvad-browser] + * Build System + * All Platforms + * Bug 41166: Use the GitHub repository for firefox-l10n [tor-browser-build] + * Bug 41173: Fix permission issue on files in the debian directory [tor-browser-build] + * Windows + * Bug 41177: Include Windows installer without -portable- in download json files [tor-browser-build] + Mullvad Browser 13.5 - June 17 2024 * All Platforms * Bug 222: Hide "List all tabs" when the tabs don't overflow [mullvad-browser] ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,18 @@ +Tor Browser 13.5.1 - July 09 2024 + * All Platforms + * Bug 42689: Rebase Tor Browser onto 115.13.0esr [tor-browser] + * Bug 42693: Backports security fixes from Firefox 128 [tor-browser] + * Windows + macOS + Linux + * Updated Firefox to 115.13.0esr + * Android + * Updated GeckoView to 115.13.0esr + * Build System + * All Platforms + * Updated Go to 1.21.12 + * Bug 41166: Use the GitHub repository for firefox-l10n [tor-browser-build] + * Windows + * Bug 41177: Include Windows installer without -portable- in download json files [tor-browser-build] + Tor Browser 13.5 - June 17 2024 * All Platforms * Bug 40856: Add a default for preferences in TorSettings [tor-browser] ===================================== projects/browser/allowed_addons.json ===================================== Binary files a/projects/browser/allowed_addons.json and b/projects/browser/allowed_addons.json differ ===================================== projects/firefox-android/config ===================================== @@ -16,7 +16,7 @@ container: var: fenix_version: 115.2.1 browser_branch: 13.5-1 - browser_build: 12 + browser_build: 13 variant: Beta # This should be updated when the list of gradle dependencies is changed. gradle_dependencies_version: 1 ===================================== projects/firefox-l10n/config ===================================== @@ -2,15 +2,22 @@ version: '[% pc("firefox", "abbrev") %]' filename: '[% project %]-[% c("var/osname") %]-[% c("version") %]-[% c("var/build_id") %]' link_input_files: 1 +# We need to specify git_url in the root to make this project recognized as a +# git project, we canoot specify the git_url only in the step. +# However, once we specify a git_url, we need to specify a valid git_hash for +# the final stage, even though we are not going to use it. +# Any hash will work, as long as we can run git archive on it. +git_url: https://github.com/mozilla-l10n/firefox-l10n.git +git_hash: c1523924f0e10259e1a80b8268556f6f7a0b29bf steps: fetch_locale: - filename: 'l10n-[% c("input_file_var/locale") %]-[% c("hg_hash") %]-[% c("var/build_id") %].tar.xz' - version: '[% c("hg_hash") %]' + filename: 'l10n-[% c("input_file_var/locale") %]-[% c("abbrev") %]-[% c("var/build_id") %].tar.xz' + version: '[% c("git_hash") %]' fetch_locale: | [% c("var/set_default_env") -%] tar xf '[% project %]-[% c("version") %].tar.[% c("compress_tar") %]' - mv [% project %]-[% c("version") %] [% c("input_file_var/locale") %] + cd [% project %]-[% c("version") %] tar caf '[% dest_dir %]/[% c("filename") %]' [% c("input_file_var/locale") %] input_files: [] --- | @@ -38,9 +45,7 @@ steps: name => $locale, project => 'firefox-l10n', pkg_type => 'fetch_locale', - hg_hash => $revision, - hg_url => "https://hg.mozilla.org/l10n-central/$locale", - hg_clone_subdir => $locale, + git_hash => $revision, input_file_var => { locale => $locale, }, ===================================== projects/firefox/config ===================================== @@ -14,12 +14,12 @@ container: use_container: 1 var: - firefox_platform_version: 115.12.0 + firefox_platform_version: 115.13.0 firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 3 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' ===================================== projects/geckoview/config ===================================== @@ -14,9 +14,9 @@ container: use_container: 1 var: - geckoview_version: 115.12.0esr + geckoview_version: 115.13.0esr browser_branch: 13.5-1 - browser_build: 3 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/go/config ===================================== @@ -7,7 +7,7 @@ container: var: use_go_1_20: 0 - go_1_21: 1.21.11 + go_1_21: 1.21.12 go_1_20: 1.20.14 no_crosscompile: 1 setup: | @@ -131,7 +131,7 @@ input_files: enable: '[% ! c("var/linux") %]' - URL: 'https://go.dev/dl/go[% c("var/go_1_21") %].src.tar.gz' name: go - sha256sum: 42aee9bf2b6956c75a7ad6aa3f0a51b5821ffeac57f5a2e733a2d6eae1e6d9d2 + sha256sum: 30e68af27bc1f1df231e3ab74f3d17d3b8d52a089c79bcaab573b4f1b807ed4f enable: '[% !c("var/use_go_1_20") %]' - URL: 'https://go.dev/dl/go[% c("var/go_1_20") %].src.tar.gz' name: go ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 172720 +version: 179205 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: f2abffe1471ae63046cff06b853685c6614e117cc67bdf51228dc0792344441c + sha256sum: ca3489c12f3de44f7ae93eae4d50fb2bc36265f7a319d5046efb760c19658250 - filename: packagemanual.py name: package_script ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: dc59db634f066298e903142227834da483ec197d + git_hash: 6ff73b6f7a6cec4849c2cd1e1ee1dc6fc8894169 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: de4f91a5020d637ab5d66459718525a5f9207be2 + git_hash: 427819f80eaca95645bf0c1876d6a728d6ce7093 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 53faf8718484be3f90c8e7532981f068da76135c + git_hash: 09ba85f8320b264467a8a7b2bfbfccd1fea61f86 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -73,18 +73,18 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.5' - torbrowser_build: 'build2' + torbrowser_version: '13.5.1' + torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2024/06/11 12:00:00' + browser_release_date: '2024/07/08 12:00:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: + - '13.5' - 13.0.16 - 13.0.15 - - 13.0.14 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' # By default, we sort the list of installed packages. This allows sharing View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android] Pushed new tag firefox-android-115.2.1-13.5-1-build13
by ma1 (＠ma1) 09 Jul '24

09 Jul '24

ma1 pushed new tag firefox-android-115.2.1-13.5-1-build13 at The Tor Project / Applications / firefox-android -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/tree/firef… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-115.13.0esr-13.5-1-build2
by ma1 (＠ma1) 09 Jul '24

09 Jul '24

ma1 pushed new tag base-browser-115.13.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.13.0esr-13.5-1] 11 commits: Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug
by ma1 (＠ma1) 09 Jul '24

09 Jul '24

ma1 pushed to branch base-browser-115.13.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 7c8b558c by Edgar Chen at 2024-07-09T16:34:24+02:00 Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211621 - - - - - bdf856f3 by Edgar Chen at 2024-07-09T16:34:24+02:00 Bug 1743329 - Release pointer lock when xul popup is open; r=smaug,pbz Differential Revision: https://phabricator.services.mozilla.com/D211620 - - - - - 0dd2cc3a by Edgar Chen at 2024-07-09T16:34:25+02:00 Bug 1743329 - Use nsMenuPopupFrame in GetVisiblePopups(); r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211619 A further change was needed in nsCaret.cpp, see https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - - - - - 27ce49d5 by Otto Länd at 2024-07-09T16:34:25+02:00 Bug 1743329: apply code formatting via Lando # ignore-this-changeset - - - - - bad880b6 by edgul at 2024-07-09T16:34:26+02:00 Bug 1879952 - Fix test expectations with samesite=lax turned on r=tschuster Differential Revision: https://phabricator.services.mozilla.com/D201639 - - - - - 0165eb24 by edgul at 2024-07-09T16:34:26+02:00 Bug 1844827 - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. r=cookie-reviewers,valentin,bvandersloot a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D204074 - - - - - c310d435 by Ed at 2024-07-09T16:34:26+02:00 Bug 1844827 - Update the cookie test expectations for iframe samesite r=cookie-reviewers,valentin a=RyanVM Depends on D199770 Differential Revision: https://phabricator.services.mozilla.com/D199772 - - - - - 44cac309 by Julian Descottes at 2024-07-09T16:34:27+02:00 Bug 1880374 - Disable DNS prefetching if document nodePrincipal is systemPrincipal r=valentin Differential Revision: https://phabricator.services.mozilla.com/D210830 - - - - - 537f4dc7 by Edgar Chen at 2024-07-09T16:34:27+02:00 Bug 1883396 - Exit fullscreen when two Escape keyup events occur in a short time; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D209667 - - - - - 4f428345 by Jan de Mooij at 2024-07-09T16:34:28+02:00 Bug 1900523 - Don't use bailout data for JSJitToWasm frames. r=iain Differential Revision: https://phabricator.services.mozilla.com/D212554 - - - - - ff246121 by Jan de Mooij at 2024-07-09T16:34:28+02:00 Bug 1902983 - Don't use bailout data after iterating Wasm frames. a=RyanVM This is similar to bug 1900523, but the fix there was incomplete because the `JSJitToWasm` frame type is only used when we go through the Wasm JIT entry trampoline. Ion can also call Wasm functions directly and in that case the type will be `FrameType::Exit`. Original Revision: https://phabricator.services.mozilla.com/D214098 Differential Revision: https://phabricator.services.mozilla.com/D214375 - - - - - 22 changed files: - browser/base/content/test/popupNotifications/browser_popupNotification_security_delay.js - dom/base/PointerLockManager.cpp - dom/base/PointerLockManager.h - dom/html/HTMLDNSPrefetch.cpp - dom/ipc/BrowserChild.cpp - dom/ipc/BrowserChild.h - dom/ipc/BrowserParent.cpp - dom/ipc/PBrowser.ipdl - + js/src/jit-test/tests/ion/bug1900523.js - + js/src/jit-test/tests/ion/bug1902983.js - js/src/jit/JSJitFrameIter.cpp - js/src/jit/JSJitFrameIter.h - layout/base/PresShell.cpp - layout/base/PresShell.h - layout/base/nsCaret.cpp - layout/base/nsLayoutUtils.cpp - layout/xul/nsXULPopupManager.cpp - layout/xul/nsXULPopupManager.h - modules/libpref/init/StaticPrefList.yaml - netwerk/cookie/CookieService.cpp - netwerk/cookie/CookieServiceChild.cpp - testing/web-platform/meta/cookies/samesite/setcookie-navigation.https.html.ini Changes: ===================================== browser/base/content/test/popupNotifications/browser_popupNotification_security_delay.js ===================================== @@ -558,5 +558,7 @@ add_task(async function test_notificationDuringFullScreenTransition() { info("Wait for full screen transition end."); await promiseFullScreenTransitionEnd; info("Full screen transition end"); + + await SpecialPowers.popPrefEnv(); }); }); ===================================== dom/base/PointerLockManager.cpp ===================================== @@ -17,8 +17,10 @@ #include "mozilla/dom/BrowsingContext.h" #include "mozilla/dom/Document.h" #include "mozilla/dom/Element.h" +#include "mozilla/dom/PointerEventHandler.h" #include "mozilla/dom/WindowContext.h" #include "nsCOMPtr.h" +#include "nsMenuPopupFrame.h" #include "nsSandboxFlags.h" namespace mozilla { @@ -86,6 +88,25 @@ static void DispatchPointerLockError(Document* aTarget, const char* aMessage) { aMessage); } +static bool IsPopupOpened() { + // Check if any popup is open. + nsXULPopupManager* pm = nsXULPopupManager::GetInstance(); + if (!pm) { + return false; + } + + nsTArray<nsMenuPopupFrame*> popups; + pm->GetVisiblePopups(popups, true); + + for (nsMenuPopupFrame* popup : popups) { + if (popup->GetPopupType() != widget::PopupType::Tooltip) { + return true; + } + } + + return false; +} + static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock, bool aNoFocusCheck = false) { // Check if pointer lock pref is enabled @@ -136,6 +157,10 @@ static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock, } } + if (IsPopupOpened()) { + return "PointerLockDeniedFailedToLock"; + } + return nullptr; } @@ -167,6 +192,14 @@ void PointerLockManager::RequestLock(Element* aElement, /* static */ void PointerLockManager::Unlock(Document* aDoc) { + if (sLockedRemoteTarget) { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(!sIsLocked); + Unused << sLockedRemoteTarget->SendReleasePointerLock(); + sLockedRemoteTarget = nullptr; + return; + } + if (!sIsLocked) { return; } @@ -311,14 +344,24 @@ bool PointerLockManager::IsInLockContext(BrowsingContext* aContext) { } /* static */ -bool PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent) { +void PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent, + nsACString& aError) { MOZ_ASSERT(XRE_IsParentProcess()); if (sLockedRemoteTarget) { - return sLockedRemoteTarget == aBrowserParent; + if (sLockedRemoteTarget != aBrowserParent) { + aError = "PointerLockDeniedInUse"_ns; + } + return; + } + + // Check if any popup is open. + if (IsPopupOpened()) { + aError = "PointerLockDeniedFailedToLock"_ns; + return; } sLockedRemoteTarget = aBrowserParent; - return true; + PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget(); } /* static */ ===================================== dom/base/PointerLockManager.h ===================================== @@ -47,7 +47,8 @@ class PointerLockManager final { // Set/release pointer lock remote target. Should only be called in parent // process. - static bool SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent); + static void SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent, + nsACString& aError); static void ReleaseLockedRemoteTarget(dom::BrowserParent* aBrowserParent); private: ===================================== dom/html/HTMLDNSPrefetch.cpp ===================================== @@ -180,6 +180,13 @@ static bool EnsureDNSService() { } bool HTMLDNSPrefetch::IsAllowed(Document* aDocument) { + // Do not use prefetch if the document's node principal is the system + // principal. + nsCOMPtr<nsIPrincipal> principal = aDocument->NodePrincipal(); + if (principal->IsSystemPrincipal()) { + return false; + } + // There is no need to do prefetch on non UI scenarios such as XMLHttpRequest. return aDocument->IsDNSPrefetchAllowed() && aDocument->GetWindow(); } ===================================== dom/ipc/BrowserChild.cpp ===================================== @@ -39,6 +39,7 @@ #include "mozilla/MouseEvents.h" #include "mozilla/NativeKeyBindingsType.h" #include "mozilla/NullPrincipal.h" +#include "mozilla/PointerLockManager.h" #include "mozilla/Preferences.h" #include "mozilla/PresShell.h" #include "mozilla/ProcessHangMonitor.h" @@ -3184,6 +3185,11 @@ mozilla::ipc::IPCResult BrowserChild::RecvReleaseAllPointerCapture() { return IPC_OK(); } +mozilla::ipc::IPCResult BrowserChild::RecvReleasePointerLock() { + PointerLockManager::Unlock(); + return IPC_OK(); +} + PPaymentRequestChild* BrowserChild::AllocPPaymentRequestChild() { MOZ_CRASH( "We should never be manually allocating PPaymentRequestChild actors"); ===================================== dom/ipc/BrowserChild.h ===================================== @@ -696,6 +696,8 @@ class BrowserChild final : public nsMessageManagerScriptExecutor, mozilla::ipc::IPCResult RecvReleaseAllPointerCapture(); + mozilla::ipc::IPCResult RecvReleasePointerLock(); + private: void HandleDoubleTap(const CSSPoint& aPoint, const Modifiers& aModifiers, const ScrollableLayerGuid& aGuid); ===================================== dom/ipc/BrowserParent.cpp ===================================== @@ -4067,15 +4067,14 @@ static BrowserParent* GetTopLevelBrowserParent(BrowserParent* aBrowserParent) { mozilla::ipc::IPCResult BrowserParent::RecvRequestPointerLock( RequestPointerLockResolver&& aResolve) { - nsCString error; if (sTopLevelWebFocus != GetTopLevelBrowserParent(this)) { - error = "PointerLockDeniedNotFocused"; - } else if (!PointerLockManager::SetLockedRemoteTarget(this)) { - error = "PointerLockDeniedInUse"; - } else { - PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget(); + aResolve("PointerLockDeniedNotFocused"_ns); + return IPC_OK(); } - aResolve(error); + + nsCString error; + PointerLockManager::SetLockedRemoteTarget(this, error); + aResolve(std::move(error)); return IPC_OK(); } ===================================== dom/ipc/PBrowser.ipdl ===================================== @@ -557,18 +557,18 @@ parent: async ImageLoadComplete(nsresult aResult); - /** - * Child informs the parent that a pointer lock has requested/released. - */ - async RequestPointerLock() returns (nsCString error); - async ReleasePointerLock(); - /** * Child informs the parent that a pointer capture has requested/released. */ async RequestPointerCapture(uint32_t aPointerId) returns (bool aSuccess); async ReleasePointerCapture(uint32_t aPointerId); +both: + /** + * informs that a pointer lock has released. + */ + async ReleasePointerLock(); + child: async NativeSynthesisResponse(uint64_t aObserverId, nsCString aResponse); async UpdateSHistory(); ===================================== js/src/jit-test/tests/ion/bug1900523.js ===================================== @@ -0,0 +1,28 @@ +// |jit-test| --fast-warmup; --no-threads; skip-if: !wasmIsSupported() +function f1() { + Promise.allSettled().catch(e => null); + do { + f2(10n, -1n); + try { + f2(-2147483648n); + } catch {} + } while (!inIon()); +} +function f2(x, y) { + const z = x >> x; + z <= z ? z : z; + y ^ y; +} +const binary = wasmTextToBinary(` + (module + (import "m" "f" (func $f)) + (func (export "test") + (call $f) + ) + ) +`); +const mod = new WebAssembly.Module(binary); +const inst = new WebAssembly.Instance(mod, {"m": {"f": f1}}); +for (let i = 0; i < 6; i++) { + inst.exports.test(); +} ===================================== js/src/jit-test/tests/ion/bug1902983.js ===================================== @@ -0,0 +1,24 @@ +// |jit-test| --fast-warmup; --gc-zeal=21,100; skip-if: !wasmIsSupported() +let counter = 0; +function g() { + counter++; + const y = BigInt.asIntN(counter, -883678545n); + const z = y >> y; + BigInt.asUintN(2 ** counter, 883678545n); + try { g(); } catch (e) { } +} +function f() { + for (let i = 0; i < 5; i++) { + for (let j = 0; j < 30; j++) { } + Promise.allSettled().catch(e => null); + counter = 0; + g(); + } +} +const binary = wasmTextToBinary(`(module (import "m" "f" (func $f)) (func (export "test") (call $f)))`); +const mod = new WebAssembly.Module(binary); +const inst = new WebAssembly.Instance(mod, { m: { f: f } }); +for (let i = 0; i < 100; i++) { } +for (let i = 0; i < 5; i++) { + inst.exports.test(); +} ===================================== js/src/jit/JSJitFrameIter.cpp ===================================== @@ -26,22 +26,29 @@ using namespace js; using namespace js::jit; JSJitFrameIter::JSJitFrameIter(const JitActivation* activation) - : JSJitFrameIter(activation, FrameType::Exit, activation->jsExitFP()) {} - -JSJitFrameIter::JSJitFrameIter(const JitActivation* activation, - FrameType frameType, uint8_t* fp) - : current_(fp), - type_(frameType), - resumePCinCurrentFrame_(nullptr), - cachedSafepointIndex_(nullptr), + : current_(activation->jsExitFP()), + type_(FrameType::Exit), activation_(activation) { - MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit); + // If we're currently performing a bailout, we have to use the activation's + // bailout data when we start iterating over the activation's frames. if (activation_->bailoutData()) { current_ = activation_->bailoutData()->fp(); type_ = FrameType::Bailout; - } else { - MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); } + MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); +} + +JSJitFrameIter::JSJitFrameIter(const JitActivation* activation, + FrameType frameType, uint8_t* fp) + : current_(fp), type_(frameType), activation_(activation) { + // This constructor is only used when resuming iteration after iterating Wasm + // frames in the same JitActivation so ignore activation_->bailoutData(). + // + // Note: FrameType::JSJitToWasm is used for JIT => Wasm calls through the Wasm + // JIT entry trampoline. FrameType::Exit is used for direct Ion => Wasm calls. + MOZ_ASSERT(fp > activation->jsOrWasmExitFP()); + MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit); + MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); } bool JSJitFrameIter::checkInvalidation() const { ===================================== js/src/jit/JSJitFrameIter.h ===================================== @@ -111,14 +111,14 @@ class JSJitFrameIter { protected: uint8_t* current_; FrameType type_; - uint8_t* resumePCinCurrentFrame_; + uint8_t* resumePCinCurrentFrame_ = nullptr; // Size of the current Baseline frame. Equivalent to // BaselineFrame::debugFrameSize_ in debug builds. mozilla::Maybe<uint32_t> baselineFrameSize_; private: - mutable const SafepointIndex* cachedSafepointIndex_; + mutable const SafepointIndex* cachedSafepointIndex_ = nullptr; const JitActivation* activation_; void dumpBaseline() const; ===================================== layout/base/PresShell.cpp ===================================== @@ -8463,24 +8463,46 @@ void PresShell::EventHandler::MaybeHandleKeyboardEventBeforeDispatch( // The event listeners in chrome can prevent this ESC behavior by // calling prevent default on the preceding keydown/press events. - if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed && - aKeyboardEvent->mMessage == eKeyUp) { - // ESC key released while in DOM fullscreen mode. - // Fully exit all browser windows and documents from - // fullscreen mode. - Document::AsyncExitFullscreen(nullptr); + if (aKeyboardEvent->mMessage == eKeyUp) { + bool shouldExitFullscreen = + !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed; + if (!shouldExitFullscreen) { + if (mPresShell->mLastConsumedEscapeKeyUpForFullscreen && + (aKeyboardEvent->mTimeStamp - + mPresShell->mLastConsumedEscapeKeyUpForFullscreen) <= + TimeDuration::FromMilliseconds( + StaticPrefs:: + dom_fullscreen_force_exit_on_multiple_escape_interval())) { + shouldExitFullscreen = true; + mPresShell->mLastConsumedEscapeKeyUpForFullscreen = TimeStamp(); + } else { + mPresShell->mLastConsumedEscapeKeyUpForFullscreen = + aKeyboardEvent->mTimeStamp; + } + } + + if (shouldExitFullscreen) { + // ESC key released while in DOM fullscreen mode. + // Fully exit all browser windows and documents from + // fullscreen mode. + Document::AsyncExitFullscreen(nullptr); + } } } - nsCOMPtr<Document> pointerLockedDoc = PointerLockManager::GetLockedDocument(); - if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed && pointerLockedDoc) { - // XXX See above comment to understand the reason why this needs - // to claim that the Escape key event is consumed by content - // even though it will be dispatched only into chrome. - aKeyboardEvent->PreventDefaultBeforeDispatch(CrossProcessForwarding::eStop); - aKeyboardEvent->mFlags.mOnlyChromeDispatch = true; - if (aKeyboardEvent->mMessage == eKeyUp) { - PointerLockManager::Unlock(); + if (XRE_IsParentProcess() && + !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed) { + if (PointerLockManager::GetLockedRemoteTarget() || + PointerLockManager::IsLocked()) { + // XXX See above comment to understand the reason why this needs + // to claim that the Escape key event is consumed by content + // even though it will be dispatched only into chrome. + aKeyboardEvent->PreventDefaultBeforeDispatch( + CrossProcessForwarding::eStop); + aKeyboardEvent->mFlags.mOnlyChromeDispatch = true; + if (aKeyboardEvent->mMessage == eKeyUp) { + PointerLockManager::Unlock(); + } } } } ===================================== layout/base/PresShell.h ===================================== @@ -3209,6 +3209,10 @@ class PresShell final : public nsStubDocumentObserver, bool mProcessingReflowCommands : 1; bool mPendingDidDoReflow : 1; + // The last TimeStamp when the keyup event did not exit fullscreen because it + // was consumed. + TimeStamp mLastConsumedEscapeKeyUpForFullscreen; + struct CapturingContentInfo final { CapturingContentInfo() : mRemoteTarget(nullptr), ===================================== layout/base/nsCaret.cpp ===================================== @@ -855,7 +855,7 @@ size_t nsCaret::SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) const { bool nsCaret::IsMenuPopupHidingCaret() { // Check if there are open popups. nsXULPopupManager* popMgr = nsXULPopupManager::GetInstance(); - nsTArray<nsIFrame*> popups; + nsTArray<nsMenuPopupFrame*> popups; popMgr->GetVisiblePopups(popups); if (popups.Length() == 0) @@ -873,7 +873,7 @@ bool nsCaret::IsMenuPopupHidingCaret() { // If there's a menu popup open before the popup with // the caret, don't show the caret. for (uint32_t i = 0; i < popups.Length(); i++) { - nsMenuPopupFrame* popupFrame = static_cast<nsMenuPopupFrame*>(popups[i]); + nsMenuPopupFrame* popupFrame = popups[i]; nsIContent* popupContent = popupFrame->GetContent(); if (caretContent->IsInclusiveDescendantOf(popupContent)) { ===================================== layout/base/nsLayoutUtils.cpp ===================================== @@ -138,6 +138,7 @@ #include "nsIScrollableFrame.h" #include "nsIWidget.h" #include "nsListControlFrame.h" +#include "nsMenuPopupFrame.h" #include "nsPIDOMWindow.h" #include "nsPlaceholderFrame.h" #include "nsPresContext.h" @@ -1757,10 +1758,10 @@ nsIFrame* nsLayoutUtils::GetPopupFrameForPoint( if (!pm) { return nullptr; } - nsTArray<nsIFrame*> popups; + nsTArray<nsMenuPopupFrame*> popups; pm->GetVisiblePopups(popups); // Search from top to bottom - for (nsIFrame* popup : popups) { + for (nsMenuPopupFrame* popup : popups) { if (popup->PresContext()->GetRootPresContext() != aRootPresContext) { continue; } ===================================== layout/xul/nsXULPopupManager.cpp ===================================== @@ -53,6 +53,7 @@ #include "mozilla/EventStateManager.h" #include "mozilla/LookAndFeel.h" #include "mozilla/MouseEvents.h" +#include "mozilla/PointerLockManager.h" #include "mozilla/PresShell.h" #include "mozilla/Services.h" #include "mozilla/StaticPrefs_layout.h" @@ -987,6 +988,7 @@ bool nsXULPopupManager::ShowPopupAsNativeMenu(Element* aPopup, int32_t aXPos, EventStateManager::ClearGlobalActiveContent(activeESM); activeESM->StopTrackingDragGesture(true); } + PointerLockManager::Unlock(); PresShell::ReleaseCapturingContent(); return true; @@ -1201,6 +1203,10 @@ void nsXULPopupManager::ShowPopupCallback(Element* aPopup, // Caret visibility may have been affected, ensure that // the caret isn't now drawn when it shouldn't be. CheckCaretDrawingState(); + + if (popupType != PopupType::Tooltip) { + PointerLockManager::Unlock(); + } } nsMenuChainItem* nsXULPopupManager::FindPopup(Element* aPopup) const { @@ -1851,8 +1857,17 @@ nsIContent* nsXULPopupManager::GetTopActiveMenuItemContent() { return nullptr; } -void nsXULPopupManager::GetVisiblePopups(nsTArray<nsIFrame*>& aPopups) { +void nsXULPopupManager::GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups, + bool aIncludeNativeMenu) { aPopups.Clear(); + if (aIncludeNativeMenu && mNativeMenu) { + nsCOMPtr<nsIContent> popup = mNativeMenu->Element(); + nsMenuPopupFrame* popupFrame = GetPopupFrameForContent(popup, true); + if (popupFrame && popupFrame->IsVisible() && + !popupFrame->IsMouseTransparent()) { + aPopups.AppendElement(popupFrame); + } + } for (nsMenuChainItem* item = mPopups.get(); item; item = item->GetParent()) { // Skip panels which are not visible as well as popups that are transparent // to mouse events. ===================================== layout/xul/nsXULPopupManager.h ===================================== @@ -184,10 +184,10 @@ using HidePopupOptions = mozilla::EnumSet<HidePopupOption>; */ extern const nsNavigationDirection DirectionFromKeyCodeTable[2][6]; -#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode) \ - (DirectionFromKeyCodeTable[static_cast<uint8_t>( \ - (frame)->StyleVisibility()->mDirection)][( \ - keycode)-mozilla::dom::KeyboardEvent_Binding::DOM_VK_END]) +#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode) \ + (DirectionFromKeyCodeTable \ + [static_cast<uint8_t>((frame)->StyleVisibility()->mDirection)] \ + [(keycode) - mozilla::dom::KeyboardEvent_Binding::DOM_VK_END]) // Used to hold information about a popup that is about to be opened. struct PendingPopup { @@ -601,8 +601,10 @@ class nsXULPopupManager final : public nsIDOMEventListener, /** * Return an array of all the open and visible popup frames for * menus, in order from top to bottom. + * XXX should we always include native menu? */ - void GetVisiblePopups(nsTArray<nsIFrame*>& aPopups); + void GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups, + bool aIncludeNativeMenu = false); /** * Get the node that last triggered a popup or tooltip in the document ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -2701,6 +2701,13 @@ value: false mirror: always +# The interval in milliseconds between two Escape key events where the second +# key event will exit fullscreen, even if it is consumed. +- name: dom.fullscreen.force_exit_on_multiple_escape_interval + type: uint32_t + value: 500 + mirror: always + # Whether fullscreen should make the rest of the document inert. # This matches other browsers but historically not Gecko. - name: dom.fullscreen.modal @@ -11417,6 +11424,11 @@ value: false mirror: always +- name: network.cookie.sameSite.crossSiteIframeSetCheck + type: bool + value: true + mirror: always + - name: network.cookie.thirdparty.sessionOnly type: bool value: false ===================================== netwerk/cookie/CookieService.cpp ===================================== @@ -675,6 +675,18 @@ CookieService::SetCookieStringFromHttp(nsIURI* aHostURI, if (!addonAllowsLoad) { mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeignAndNotAddon); + + // include sub-document navigations from cross-site to same-site + // wrt top-level in our check for thirdparty-ness + if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() && + !isForeignAndNotAddon && + loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_SUBDOCUMENT) { + bool triggeringPrincipalIsThirdParty = false; + BasePrincipal::Cast(loadInfo->TriggeringPrincipal()) + ->IsThirdPartyURI(channelURI, &triggeringPrincipalIsThirdParty); + isForeignAndNotAddon |= triggeringPrincipalIsThirdParty; + } } nsCString cookieHeader(aCookieHeader); ===================================== netwerk/cookie/CookieServiceChild.cpp ===================================== @@ -517,6 +517,18 @@ CookieServiceChild::SetCookieStringFromHttp(nsIURI* aHostURI, if (!addonAllowsLoad) { mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeignAndNotAddon); + + // include sub-document navigations from cross-site to same-site + // wrt top-level in our check for thirdparty-ness + if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() && + !isForeignAndNotAddon && + loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_SUBDOCUMENT) { + bool triggeringPrincipalIsThirdParty = false; + BasePrincipal::Cast(loadInfo->TriggeringPrincipal()) + ->IsThirdPartyURI(finalChannelURI, &triggeringPrincipalIsThirdParty); + isForeignAndNotAddon |= triggeringPrincipalIsThirdParty; + } } bool moreCookies; ===================================== testing/web-platform/meta/cookies/samesite/setcookie-navigation.https.html.ini ===================================== @@ -1,11 +1,4 @@ [setcookie-navigation.https.html] + prefs: [network.cookie.sameSite.laxByDefault:true, network.cookie.sameSite.noneRequiresSecure:true] expected: if (os == "android") and fission: [OK, TIMEOUT] - [Cross-site to same-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL - - [Same-site to cross-site-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL - - [Cross-site to cross-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9d5f7f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/9d5f7f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.13.0esr-13.5-1-build2
by ma1 (＠ma1) 09 Jul '24

09 Jul '24

ma1 pushed new tag mullvad-browser-115.13.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.13.0esr-13.5-1] 11 commits: Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug
by ma1 (＠ma1) 09 Jul '24

09 Jul '24

ma1 pushed to branch mullvad-browser-115.13.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser Commits: 55b8abf1 by Edgar Chen at 2024-07-09T16:29:04+02:00 Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211621 - - - - - 0019972d by Edgar Chen at 2024-07-09T16:31:30+02:00 Bug 1743329 - Release pointer lock when xul popup is open; r=smaug,pbz Differential Revision: https://phabricator.services.mozilla.com/D211620 - - - - - 84063db0 by Edgar Chen at 2024-07-09T16:31:36+02:00 Bug 1743329 - Use nsMenuPopupFrame in GetVisiblePopups(); r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211619 A further change was needed in nsCaret.cpp, see https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - - - - - f77f91b1 by Otto Länd at 2024-07-09T16:31:37+02:00 Bug 1743329: apply code formatting via Lando # ignore-this-changeset - - - - - d2415441 by edgul at 2024-07-09T16:31:37+02:00 Bug 1879952 - Fix test expectations with samesite=lax turned on r=tschuster Differential Revision: https://phabricator.services.mozilla.com/D201639 - - - - - 4f7651bf by edgul at 2024-07-09T16:31:38+02:00 Bug 1844827 - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. r=cookie-reviewers,valentin,bvandersloot a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D204074 - - - - - 2e663f7b by Ed at 2024-07-09T16:31:38+02:00 Bug 1844827 - Update the cookie test expectations for iframe samesite r=cookie-reviewers,valentin a=RyanVM Depends on D199770 Differential Revision: https://phabricator.services.mozilla.com/D199772 - - - - - bb413ac1 by Julian Descottes at 2024-07-09T16:31:39+02:00 Bug 1880374 - Disable DNS prefetching if document nodePrincipal is systemPrincipal r=valentin Differential Revision: https://phabricator.services.mozilla.com/D210830 - - - - - 4e320ce3 by Edgar Chen at 2024-07-09T16:31:39+02:00 Bug 1883396 - Exit fullscreen when two Escape keyup events occur in a short time; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D209667 - - - - - 0c986a88 by Jan de Mooij at 2024-07-09T16:31:40+02:00 Bug 1900523 - Don't use bailout data for JSJitToWasm frames. r=iain Differential Revision: https://phabricator.services.mozilla.com/D212554 - - - - - 3716357a by Jan de Mooij at 2024-07-09T16:31:40+02:00 Bug 1902983 - Don't use bailout data after iterating Wasm frames. a=RyanVM This is similar to bug 1900523, but the fix there was incomplete because the `JSJitToWasm` frame type is only used when we go through the Wasm JIT entry trampoline. Ion can also call Wasm functions directly and in that case the type will be `FrameType::Exit`. Original Revision: https://phabricator.services.mozilla.com/D214098 Differential Revision: https://phabricator.services.mozilla.com/D214375 - - - - - 22 changed files: - browser/base/content/test/popupNotifications/browser_popupNotification_security_delay.js - dom/base/PointerLockManager.cpp - dom/base/PointerLockManager.h - dom/html/HTMLDNSPrefetch.cpp - dom/ipc/BrowserChild.cpp - dom/ipc/BrowserChild.h - dom/ipc/BrowserParent.cpp - dom/ipc/PBrowser.ipdl - + js/src/jit-test/tests/ion/bug1900523.js - + js/src/jit-test/tests/ion/bug1902983.js - js/src/jit/JSJitFrameIter.cpp - js/src/jit/JSJitFrameIter.h - layout/base/PresShell.cpp - layout/base/PresShell.h - layout/base/nsCaret.cpp - layout/base/nsLayoutUtils.cpp - layout/xul/nsXULPopupManager.cpp - layout/xul/nsXULPopupManager.h - modules/libpref/init/StaticPrefList.yaml - netwerk/cookie/CookieService.cpp - netwerk/cookie/CookieServiceChild.cpp - testing/web-platform/meta/cookies/samesite/setcookie-navigation.https.html.ini Changes: ===================================== browser/base/content/test/popupNotifications/browser_popupNotification_security_delay.js ===================================== @@ -558,5 +558,7 @@ add_task(async function test_notificationDuringFullScreenTransition() { info("Wait for full screen transition end."); await promiseFullScreenTransitionEnd; info("Full screen transition end"); + + await SpecialPowers.popPrefEnv(); }); }); ===================================== dom/base/PointerLockManager.cpp ===================================== @@ -17,8 +17,10 @@ #include "mozilla/dom/BrowsingContext.h" #include "mozilla/dom/Document.h" #include "mozilla/dom/Element.h" +#include "mozilla/dom/PointerEventHandler.h" #include "mozilla/dom/WindowContext.h" #include "nsCOMPtr.h" +#include "nsMenuPopupFrame.h" #include "nsSandboxFlags.h" namespace mozilla { @@ -86,6 +88,25 @@ static void DispatchPointerLockError(Document* aTarget, const char* aMessage) { aMessage); } +static bool IsPopupOpened() { + // Check if any popup is open. + nsXULPopupManager* pm = nsXULPopupManager::GetInstance(); + if (!pm) { + return false; + } + + nsTArray<nsMenuPopupFrame*> popups; + pm->GetVisiblePopups(popups, true); + + for (nsMenuPopupFrame* popup : popups) { + if (popup->GetPopupType() != widget::PopupType::Tooltip) { + return true; + } + } + + return false; +} + static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock, bool aNoFocusCheck = false) { // Check if pointer lock pref is enabled @@ -136,6 +157,10 @@ static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock, } } + if (IsPopupOpened()) { + return "PointerLockDeniedFailedToLock"; + } + return nullptr; } @@ -167,6 +192,14 @@ void PointerLockManager::RequestLock(Element* aElement, /* static */ void PointerLockManager::Unlock(Document* aDoc) { + if (sLockedRemoteTarget) { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(!sIsLocked); + Unused << sLockedRemoteTarget->SendReleasePointerLock(); + sLockedRemoteTarget = nullptr; + return; + } + if (!sIsLocked) { return; } @@ -311,14 +344,24 @@ bool PointerLockManager::IsInLockContext(BrowsingContext* aContext) { } /* static */ -bool PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent) { +void PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent, + nsACString& aError) { MOZ_ASSERT(XRE_IsParentProcess()); if (sLockedRemoteTarget) { - return sLockedRemoteTarget == aBrowserParent; + if (sLockedRemoteTarget != aBrowserParent) { + aError = "PointerLockDeniedInUse"_ns; + } + return; + } + + // Check if any popup is open. + if (IsPopupOpened()) { + aError = "PointerLockDeniedFailedToLock"_ns; + return; } sLockedRemoteTarget = aBrowserParent; - return true; + PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget(); } /* static */ ===================================== dom/base/PointerLockManager.h ===================================== @@ -47,7 +47,8 @@ class PointerLockManager final { // Set/release pointer lock remote target. Should only be called in parent // process. - static bool SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent); + static void SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent, + nsACString& aError); static void ReleaseLockedRemoteTarget(dom::BrowserParent* aBrowserParent); private: ===================================== dom/html/HTMLDNSPrefetch.cpp ===================================== @@ -180,6 +180,13 @@ static bool EnsureDNSService() { } bool HTMLDNSPrefetch::IsAllowed(Document* aDocument) { + // Do not use prefetch if the document's node principal is the system + // principal. + nsCOMPtr<nsIPrincipal> principal = aDocument->NodePrincipal(); + if (principal->IsSystemPrincipal()) { + return false; + } + // There is no need to do prefetch on non UI scenarios such as XMLHttpRequest. return aDocument->IsDNSPrefetchAllowed() && aDocument->GetWindow(); } ===================================== dom/ipc/BrowserChild.cpp ===================================== @@ -39,6 +39,7 @@ #include "mozilla/MouseEvents.h" #include "mozilla/NativeKeyBindingsType.h" #include "mozilla/NullPrincipal.h" +#include "mozilla/PointerLockManager.h" #include "mozilla/Preferences.h" #include "mozilla/PresShell.h" #include "mozilla/ProcessHangMonitor.h" @@ -3184,6 +3185,11 @@ mozilla::ipc::IPCResult BrowserChild::RecvReleaseAllPointerCapture() { return IPC_OK(); } +mozilla::ipc::IPCResult BrowserChild::RecvReleasePointerLock() { + PointerLockManager::Unlock(); + return IPC_OK(); +} + PPaymentRequestChild* BrowserChild::AllocPPaymentRequestChild() { MOZ_CRASH( "We should never be manually allocating PPaymentRequestChild actors"); ===================================== dom/ipc/BrowserChild.h ===================================== @@ -696,6 +696,8 @@ class BrowserChild final : public nsMessageManagerScriptExecutor, mozilla::ipc::IPCResult RecvReleaseAllPointerCapture(); + mozilla::ipc::IPCResult RecvReleasePointerLock(); + private: void HandleDoubleTap(const CSSPoint& aPoint, const Modifiers& aModifiers, const ScrollableLayerGuid& aGuid); ===================================== dom/ipc/BrowserParent.cpp ===================================== @@ -4067,15 +4067,14 @@ static BrowserParent* GetTopLevelBrowserParent(BrowserParent* aBrowserParent) { mozilla::ipc::IPCResult BrowserParent::RecvRequestPointerLock( RequestPointerLockResolver&& aResolve) { - nsCString error; if (sTopLevelWebFocus != GetTopLevelBrowserParent(this)) { - error = "PointerLockDeniedNotFocused"; - } else if (!PointerLockManager::SetLockedRemoteTarget(this)) { - error = "PointerLockDeniedInUse"; - } else { - PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget(); + aResolve("PointerLockDeniedNotFocused"_ns); + return IPC_OK(); } - aResolve(error); + + nsCString error; + PointerLockManager::SetLockedRemoteTarget(this, error); + aResolve(std::move(error)); return IPC_OK(); } ===================================== dom/ipc/PBrowser.ipdl ===================================== @@ -557,18 +557,18 @@ parent: async ImageLoadComplete(nsresult aResult); - /** - * Child informs the parent that a pointer lock has requested/released. - */ - async RequestPointerLock() returns (nsCString error); - async ReleasePointerLock(); - /** * Child informs the parent that a pointer capture has requested/released. */ async RequestPointerCapture(uint32_t aPointerId) returns (bool aSuccess); async ReleasePointerCapture(uint32_t aPointerId); +both: + /** + * informs that a pointer lock has released. + */ + async ReleasePointerLock(); + child: async NativeSynthesisResponse(uint64_t aObserverId, nsCString aResponse); async UpdateSHistory(); ===================================== js/src/jit-test/tests/ion/bug1900523.js ===================================== @@ -0,0 +1,28 @@ +// |jit-test| --fast-warmup; --no-threads; skip-if: !wasmIsSupported() +function f1() { + Promise.allSettled().catch(e => null); + do { + f2(10n, -1n); + try { + f2(-2147483648n); + } catch {} + } while (!inIon()); +} +function f2(x, y) { + const z = x >> x; + z <= z ? z : z; + y ^ y; +} +const binary = wasmTextToBinary(` + (module + (import "m" "f" (func $f)) + (func (export "test") + (call $f) + ) + ) +`); +const mod = new WebAssembly.Module(binary); +const inst = new WebAssembly.Instance(mod, {"m": {"f": f1}}); +for (let i = 0; i < 6; i++) { + inst.exports.test(); +} ===================================== js/src/jit-test/tests/ion/bug1902983.js ===================================== @@ -0,0 +1,24 @@ +// |jit-test| --fast-warmup; --gc-zeal=21,100; skip-if: !wasmIsSupported() +let counter = 0; +function g() { + counter++; + const y = BigInt.asIntN(counter, -883678545n); + const z = y >> y; + BigInt.asUintN(2 ** counter, 883678545n); + try { g(); } catch (e) { } +} +function f() { + for (let i = 0; i < 5; i++) { + for (let j = 0; j < 30; j++) { } + Promise.allSettled().catch(e => null); + counter = 0; + g(); + } +} +const binary = wasmTextToBinary(`(module (import "m" "f" (func $f)) (func (export "test") (call $f)))`); +const mod = new WebAssembly.Module(binary); +const inst = new WebAssembly.Instance(mod, { m: { f: f } }); +for (let i = 0; i < 100; i++) { } +for (let i = 0; i < 5; i++) { + inst.exports.test(); +} ===================================== js/src/jit/JSJitFrameIter.cpp ===================================== @@ -26,22 +26,29 @@ using namespace js; using namespace js::jit; JSJitFrameIter::JSJitFrameIter(const JitActivation* activation) - : JSJitFrameIter(activation, FrameType::Exit, activation->jsExitFP()) {} - -JSJitFrameIter::JSJitFrameIter(const JitActivation* activation, - FrameType frameType, uint8_t* fp) - : current_(fp), - type_(frameType), - resumePCinCurrentFrame_(nullptr), - cachedSafepointIndex_(nullptr), + : current_(activation->jsExitFP()), + type_(FrameType::Exit), activation_(activation) { - MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit); + // If we're currently performing a bailout, we have to use the activation's + // bailout data when we start iterating over the activation's frames. if (activation_->bailoutData()) { current_ = activation_->bailoutData()->fp(); type_ = FrameType::Bailout; - } else { - MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); } + MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); +} + +JSJitFrameIter::JSJitFrameIter(const JitActivation* activation, + FrameType frameType, uint8_t* fp) + : current_(fp), type_(frameType), activation_(activation) { + // This constructor is only used when resuming iteration after iterating Wasm + // frames in the same JitActivation so ignore activation_->bailoutData(). + // + // Note: FrameType::JSJitToWasm is used for JIT => Wasm calls through the Wasm + // JIT entry trampoline. FrameType::Exit is used for direct Ion => Wasm calls. + MOZ_ASSERT(fp > activation->jsOrWasmExitFP()); + MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit); + MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); } bool JSJitFrameIter::checkInvalidation() const { ===================================== js/src/jit/JSJitFrameIter.h ===================================== @@ -111,14 +111,14 @@ class JSJitFrameIter { protected: uint8_t* current_; FrameType type_; - uint8_t* resumePCinCurrentFrame_; + uint8_t* resumePCinCurrentFrame_ = nullptr; // Size of the current Baseline frame. Equivalent to // BaselineFrame::debugFrameSize_ in debug builds. mozilla::Maybe<uint32_t> baselineFrameSize_; private: - mutable const SafepointIndex* cachedSafepointIndex_; + mutable const SafepointIndex* cachedSafepointIndex_ = nullptr; const JitActivation* activation_; void dumpBaseline() const; ===================================== layout/base/PresShell.cpp ===================================== @@ -8463,24 +8463,46 @@ void PresShell::EventHandler::MaybeHandleKeyboardEventBeforeDispatch( // The event listeners in chrome can prevent this ESC behavior by // calling prevent default on the preceding keydown/press events. - if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed && - aKeyboardEvent->mMessage == eKeyUp) { - // ESC key released while in DOM fullscreen mode. - // Fully exit all browser windows and documents from - // fullscreen mode. - Document::AsyncExitFullscreen(nullptr); + if (aKeyboardEvent->mMessage == eKeyUp) { + bool shouldExitFullscreen = + !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed; + if (!shouldExitFullscreen) { + if (mPresShell->mLastConsumedEscapeKeyUpForFullscreen && + (aKeyboardEvent->mTimeStamp - + mPresShell->mLastConsumedEscapeKeyUpForFullscreen) <= + TimeDuration::FromMilliseconds( + StaticPrefs:: + dom_fullscreen_force_exit_on_multiple_escape_interval())) { + shouldExitFullscreen = true; + mPresShell->mLastConsumedEscapeKeyUpForFullscreen = TimeStamp(); + } else { + mPresShell->mLastConsumedEscapeKeyUpForFullscreen = + aKeyboardEvent->mTimeStamp; + } + } + + if (shouldExitFullscreen) { + // ESC key released while in DOM fullscreen mode. + // Fully exit all browser windows and documents from + // fullscreen mode. + Document::AsyncExitFullscreen(nullptr); + } } } - nsCOMPtr<Document> pointerLockedDoc = PointerLockManager::GetLockedDocument(); - if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed && pointerLockedDoc) { - // XXX See above comment to understand the reason why this needs - // to claim that the Escape key event is consumed by content - // even though it will be dispatched only into chrome. - aKeyboardEvent->PreventDefaultBeforeDispatch(CrossProcessForwarding::eStop); - aKeyboardEvent->mFlags.mOnlyChromeDispatch = true; - if (aKeyboardEvent->mMessage == eKeyUp) { - PointerLockManager::Unlock(); + if (XRE_IsParentProcess() && + !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed) { + if (PointerLockManager::GetLockedRemoteTarget() || + PointerLockManager::IsLocked()) { + // XXX See above comment to understand the reason why this needs + // to claim that the Escape key event is consumed by content + // even though it will be dispatched only into chrome. + aKeyboardEvent->PreventDefaultBeforeDispatch( + CrossProcessForwarding::eStop); + aKeyboardEvent->mFlags.mOnlyChromeDispatch = true; + if (aKeyboardEvent->mMessage == eKeyUp) { + PointerLockManager::Unlock(); + } } } } ===================================== layout/base/PresShell.h ===================================== @@ -3209,6 +3209,10 @@ class PresShell final : public nsStubDocumentObserver, bool mProcessingReflowCommands : 1; bool mPendingDidDoReflow : 1; + // The last TimeStamp when the keyup event did not exit fullscreen because it + // was consumed. + TimeStamp mLastConsumedEscapeKeyUpForFullscreen; + struct CapturingContentInfo final { CapturingContentInfo() : mRemoteTarget(nullptr), ===================================== layout/base/nsCaret.cpp ===================================== @@ -855,7 +855,7 @@ size_t nsCaret::SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) const { bool nsCaret::IsMenuPopupHidingCaret() { // Check if there are open popups. nsXULPopupManager* popMgr = nsXULPopupManager::GetInstance(); - nsTArray<nsIFrame*> popups; + nsTArray<nsMenuPopupFrame*> popups; popMgr->GetVisiblePopups(popups); if (popups.Length() == 0) @@ -873,7 +873,7 @@ bool nsCaret::IsMenuPopupHidingCaret() { // If there's a menu popup open before the popup with // the caret, don't show the caret. for (uint32_t i = 0; i < popups.Length(); i++) { - nsMenuPopupFrame* popupFrame = static_cast<nsMenuPopupFrame*>(popups[i]); + nsMenuPopupFrame* popupFrame = popups[i]; nsIContent* popupContent = popupFrame->GetContent(); if (caretContent->IsInclusiveDescendantOf(popupContent)) { ===================================== layout/base/nsLayoutUtils.cpp ===================================== @@ -138,6 +138,7 @@ #include "nsIScrollableFrame.h" #include "nsIWidget.h" #include "nsListControlFrame.h" +#include "nsMenuPopupFrame.h" #include "nsPIDOMWindow.h" #include "nsPlaceholderFrame.h" #include "nsPresContext.h" @@ -1757,10 +1758,10 @@ nsIFrame* nsLayoutUtils::GetPopupFrameForPoint( if (!pm) { return nullptr; } - nsTArray<nsIFrame*> popups; + nsTArray<nsMenuPopupFrame*> popups; pm->GetVisiblePopups(popups); // Search from top to bottom - for (nsIFrame* popup : popups) { + for (nsMenuPopupFrame* popup : popups) { if (popup->PresContext()->GetRootPresContext() != aRootPresContext) { continue; } ===================================== layout/xul/nsXULPopupManager.cpp ===================================== @@ -53,6 +53,7 @@ #include "mozilla/EventStateManager.h" #include "mozilla/LookAndFeel.h" #include "mozilla/MouseEvents.h" +#include "mozilla/PointerLockManager.h" #include "mozilla/PresShell.h" #include "mozilla/Services.h" #include "mozilla/StaticPrefs_layout.h" @@ -987,6 +988,7 @@ bool nsXULPopupManager::ShowPopupAsNativeMenu(Element* aPopup, int32_t aXPos, EventStateManager::ClearGlobalActiveContent(activeESM); activeESM->StopTrackingDragGesture(true); } + PointerLockManager::Unlock(); PresShell::ReleaseCapturingContent(); return true; @@ -1201,6 +1203,10 @@ void nsXULPopupManager::ShowPopupCallback(Element* aPopup, // Caret visibility may have been affected, ensure that // the caret isn't now drawn when it shouldn't be. CheckCaretDrawingState(); + + if (popupType != PopupType::Tooltip) { + PointerLockManager::Unlock(); + } } nsMenuChainItem* nsXULPopupManager::FindPopup(Element* aPopup) const { @@ -1851,8 +1857,17 @@ nsIContent* nsXULPopupManager::GetTopActiveMenuItemContent() { return nullptr; } -void nsXULPopupManager::GetVisiblePopups(nsTArray<nsIFrame*>& aPopups) { +void nsXULPopupManager::GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups, + bool aIncludeNativeMenu) { aPopups.Clear(); + if (aIncludeNativeMenu && mNativeMenu) { + nsCOMPtr<nsIContent> popup = mNativeMenu->Element(); + nsMenuPopupFrame* popupFrame = GetPopupFrameForContent(popup, true); + if (popupFrame && popupFrame->IsVisible() && + !popupFrame->IsMouseTransparent()) { + aPopups.AppendElement(popupFrame); + } + } for (nsMenuChainItem* item = mPopups.get(); item; item = item->GetParent()) { // Skip panels which are not visible as well as popups that are transparent // to mouse events. ===================================== layout/xul/nsXULPopupManager.h ===================================== @@ -184,10 +184,10 @@ using HidePopupOptions = mozilla::EnumSet<HidePopupOption>; */ extern const nsNavigationDirection DirectionFromKeyCodeTable[2][6]; -#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode) \ - (DirectionFromKeyCodeTable[static_cast<uint8_t>( \ - (frame)->StyleVisibility()->mDirection)][( \ - keycode)-mozilla::dom::KeyboardEvent_Binding::DOM_VK_END]) +#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode) \ + (DirectionFromKeyCodeTable \ + [static_cast<uint8_t>((frame)->StyleVisibility()->mDirection)] \ + [(keycode) - mozilla::dom::KeyboardEvent_Binding::DOM_VK_END]) // Used to hold information about a popup that is about to be opened. struct PendingPopup { @@ -601,8 +601,10 @@ class nsXULPopupManager final : public nsIDOMEventListener, /** * Return an array of all the open and visible popup frames for * menus, in order from top to bottom. + * XXX should we always include native menu? */ - void GetVisiblePopups(nsTArray<nsIFrame*>& aPopups); + void GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups, + bool aIncludeNativeMenu = false); /** * Get the node that last triggered a popup or tooltip in the document ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -2701,6 +2701,13 @@ value: false mirror: always +# The interval in milliseconds between two Escape key events where the second +# key event will exit fullscreen, even if it is consumed. +- name: dom.fullscreen.force_exit_on_multiple_escape_interval + type: uint32_t + value: 500 + mirror: always + # Whether fullscreen should make the rest of the document inert. # This matches other browsers but historically not Gecko. - name: dom.fullscreen.modal @@ -11417,6 +11424,11 @@ value: false mirror: always +- name: network.cookie.sameSite.crossSiteIframeSetCheck + type: bool + value: true + mirror: always + - name: network.cookie.thirdparty.sessionOnly type: bool value: false ===================================== netwerk/cookie/CookieService.cpp ===================================== @@ -675,6 +675,18 @@ CookieService::SetCookieStringFromHttp(nsIURI* aHostURI, if (!addonAllowsLoad) { mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeignAndNotAddon); + + // include sub-document navigations from cross-site to same-site + // wrt top-level in our check for thirdparty-ness + if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() && + !isForeignAndNotAddon && + loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_SUBDOCUMENT) { + bool triggeringPrincipalIsThirdParty = false; + BasePrincipal::Cast(loadInfo->TriggeringPrincipal()) + ->IsThirdPartyURI(channelURI, &triggeringPrincipalIsThirdParty); + isForeignAndNotAddon |= triggeringPrincipalIsThirdParty; + } } nsCString cookieHeader(aCookieHeader); ===================================== netwerk/cookie/CookieServiceChild.cpp ===================================== @@ -517,6 +517,18 @@ CookieServiceChild::SetCookieStringFromHttp(nsIURI* aHostURI, if (!addonAllowsLoad) { mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeignAndNotAddon); + + // include sub-document navigations from cross-site to same-site + // wrt top-level in our check for thirdparty-ness + if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() && + !isForeignAndNotAddon && + loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_SUBDOCUMENT) { + bool triggeringPrincipalIsThirdParty = false; + BasePrincipal::Cast(loadInfo->TriggeringPrincipal()) + ->IsThirdPartyURI(finalChannelURI, &triggeringPrincipalIsThirdParty); + isForeignAndNotAddon |= triggeringPrincipalIsThirdParty; + } } bool moreCookies; ===================================== testing/web-platform/meta/cookies/samesite/setcookie-navigation.https.html.ini ===================================== @@ -1,11 +1,4 @@ [setcookie-navigation.https.html] + prefs: [network.cookie.sameSite.laxByDefault:true, network.cookie.sameSite.noneRequiresSecure:true] expected: if (os == "android") and fission: [OK, TIMEOUT] - [Cross-site to same-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL - - [Same-site to cross-site-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL - - [Cross-site to cross-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/0b… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/0b… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.13.0esr-13.5-1-build2
by ma1 (＠ma1) 09 Jul '24

09 Jul '24

ma1 pushed new tag tor-browser-115.13.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.13.0esr-13.5-1] 11 commits: Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug
by ma1 (＠ma1) 09 Jul '24

09 Jul '24

ma1 pushed to branch tor-browser-115.13.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: cf5b43c4 by Edgar Chen at 2024-07-08T17:07:59+02:00 Bug 1743329 - Handle ESC key to release pointer lock in parent process; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211621 - - - - - 0405b9bc by Edgar Chen at 2024-07-09T10:30:51+02:00 Bug 1743329 - Release pointer lock when xul popup is open; r=smaug,pbz Differential Revision: https://phabricator.services.mozilla.com/D211620 - - - - - 76ccec93 by Edgar Chen at 2024-07-09T14:55:38+02:00 Bug 1743329 - Use nsMenuPopupFrame in GetVisiblePopups(); r=smaug Differential Revision: https://phabricator.services.mozilla.com/D211619 A further change was needed in nsCaret.cpp, see https://gitlab.torproject.org/tpo/applications/tor-browser/-/merge_requests… - - - - - facbce89 by Otto Länd at 2024-07-09T14:56:07+02:00 Bug 1743329: apply code formatting via Lando # ignore-this-changeset - - - - - caf39658 by edgul at 2024-07-09T16:09:28+02:00 Bug 1879952 - Fix test expectations with samesite=lax turned on r=tschuster Differential Revision: https://phabricator.services.mozilla.com/D201639 - - - - - 50a92664 by edgul at 2024-07-09T16:09:29+02:00 Bug 1844827 - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. r=cookie-reviewers,valentin,bvandersloot a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D204074 - - - - - f7fe0408 by Ed at 2024-07-09T16:09:29+02:00 Bug 1844827 - Update the cookie test expectations for iframe samesite r=cookie-reviewers,valentin a=RyanVM Depends on D199770 Differential Revision: https://phabricator.services.mozilla.com/D199772 - - - - - d5c45977 by Julian Descottes at 2024-07-09T16:09:30+02:00 Bug 1880374 - Disable DNS prefetching if document nodePrincipal is systemPrincipal r=valentin Differential Revision: https://phabricator.services.mozilla.com/D210830 - - - - - f70cc12f by Edgar Chen at 2024-07-09T16:09:30+02:00 Bug 1883396 - Exit fullscreen when two Escape keyup events occur in a short time; r=smaug Differential Revision: https://phabricator.services.mozilla.com/D209667 - - - - - 956347dd by Jan de Mooij at 2024-07-09T16:09:31+02:00 Bug 1900523 - Don't use bailout data for JSJitToWasm frames. r=iain Differential Revision: https://phabricator.services.mozilla.com/D212554 - - - - - dd7037b5 by Jan de Mooij at 2024-07-09T16:09:31+02:00 Bug 1902983 - Don't use bailout data after iterating Wasm frames. a=RyanVM This is similar to bug 1900523, but the fix there was incomplete because the `JSJitToWasm` frame type is only used when we go through the Wasm JIT entry trampoline. Ion can also call Wasm functions directly and in that case the type will be `FrameType::Exit`. Original Revision: https://phabricator.services.mozilla.com/D214098 Differential Revision: https://phabricator.services.mozilla.com/D214375 - - - - - 22 changed files: - browser/base/content/test/popupNotifications/browser_popupNotification_security_delay.js - dom/base/PointerLockManager.cpp - dom/base/PointerLockManager.h - dom/html/HTMLDNSPrefetch.cpp - dom/ipc/BrowserChild.cpp - dom/ipc/BrowserChild.h - dom/ipc/BrowserParent.cpp - dom/ipc/PBrowser.ipdl - + js/src/jit-test/tests/ion/bug1900523.js - + js/src/jit-test/tests/ion/bug1902983.js - js/src/jit/JSJitFrameIter.cpp - js/src/jit/JSJitFrameIter.h - layout/base/PresShell.cpp - layout/base/PresShell.h - layout/base/nsCaret.cpp - layout/base/nsLayoutUtils.cpp - layout/xul/nsXULPopupManager.cpp - layout/xul/nsXULPopupManager.h - modules/libpref/init/StaticPrefList.yaml - netwerk/cookie/CookieService.cpp - netwerk/cookie/CookieServiceChild.cpp - testing/web-platform/meta/cookies/samesite/setcookie-navigation.https.html.ini Changes: ===================================== browser/base/content/test/popupNotifications/browser_popupNotification_security_delay.js ===================================== @@ -558,5 +558,7 @@ add_task(async function test_notificationDuringFullScreenTransition() { info("Wait for full screen transition end."); await promiseFullScreenTransitionEnd; info("Full screen transition end"); + + await SpecialPowers.popPrefEnv(); }); }); ===================================== dom/base/PointerLockManager.cpp ===================================== @@ -17,8 +17,10 @@ #include "mozilla/dom/BrowsingContext.h" #include "mozilla/dom/Document.h" #include "mozilla/dom/Element.h" +#include "mozilla/dom/PointerEventHandler.h" #include "mozilla/dom/WindowContext.h" #include "nsCOMPtr.h" +#include "nsMenuPopupFrame.h" #include "nsSandboxFlags.h" namespace mozilla { @@ -86,6 +88,25 @@ static void DispatchPointerLockError(Document* aTarget, const char* aMessage) { aMessage); } +static bool IsPopupOpened() { + // Check if any popup is open. + nsXULPopupManager* pm = nsXULPopupManager::GetInstance(); + if (!pm) { + return false; + } + + nsTArray<nsMenuPopupFrame*> popups; + pm->GetVisiblePopups(popups, true); + + for (nsMenuPopupFrame* popup : popups) { + if (popup->GetPopupType() != widget::PopupType::Tooltip) { + return true; + } + } + + return false; +} + static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock, bool aNoFocusCheck = false) { // Check if pointer lock pref is enabled @@ -136,6 +157,10 @@ static const char* GetPointerLockError(Element* aElement, Element* aCurrentLock, } } + if (IsPopupOpened()) { + return "PointerLockDeniedFailedToLock"; + } + return nullptr; } @@ -167,6 +192,14 @@ void PointerLockManager::RequestLock(Element* aElement, /* static */ void PointerLockManager::Unlock(Document* aDoc) { + if (sLockedRemoteTarget) { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(!sIsLocked); + Unused << sLockedRemoteTarget->SendReleasePointerLock(); + sLockedRemoteTarget = nullptr; + return; + } + if (!sIsLocked) { return; } @@ -311,14 +344,24 @@ bool PointerLockManager::IsInLockContext(BrowsingContext* aContext) { } /* static */ -bool PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent) { +void PointerLockManager::SetLockedRemoteTarget(BrowserParent* aBrowserParent, + nsACString& aError) { MOZ_ASSERT(XRE_IsParentProcess()); if (sLockedRemoteTarget) { - return sLockedRemoteTarget == aBrowserParent; + if (sLockedRemoteTarget != aBrowserParent) { + aError = "PointerLockDeniedInUse"_ns; + } + return; + } + + // Check if any popup is open. + if (IsPopupOpened()) { + aError = "PointerLockDeniedFailedToLock"_ns; + return; } sLockedRemoteTarget = aBrowserParent; - return true; + PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget(); } /* static */ ===================================== dom/base/PointerLockManager.h ===================================== @@ -47,7 +47,8 @@ class PointerLockManager final { // Set/release pointer lock remote target. Should only be called in parent // process. - static bool SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent); + static void SetLockedRemoteTarget(dom::BrowserParent* aBrowserParent, + nsACString& aError); static void ReleaseLockedRemoteTarget(dom::BrowserParent* aBrowserParent); private: ===================================== dom/html/HTMLDNSPrefetch.cpp ===================================== @@ -180,6 +180,13 @@ static bool EnsureDNSService() { } bool HTMLDNSPrefetch::IsAllowed(Document* aDocument) { + // Do not use prefetch if the document's node principal is the system + // principal. + nsCOMPtr<nsIPrincipal> principal = aDocument->NodePrincipal(); + if (principal->IsSystemPrincipal()) { + return false; + } + // There is no need to do prefetch on non UI scenarios such as XMLHttpRequest. return aDocument->IsDNSPrefetchAllowed() && aDocument->GetWindow(); } ===================================== dom/ipc/BrowserChild.cpp ===================================== @@ -39,6 +39,7 @@ #include "mozilla/MouseEvents.h" #include "mozilla/NativeKeyBindingsType.h" #include "mozilla/NullPrincipal.h" +#include "mozilla/PointerLockManager.h" #include "mozilla/Preferences.h" #include "mozilla/PresShell.h" #include "mozilla/ProcessHangMonitor.h" @@ -3184,6 +3185,11 @@ mozilla::ipc::IPCResult BrowserChild::RecvReleaseAllPointerCapture() { return IPC_OK(); } +mozilla::ipc::IPCResult BrowserChild::RecvReleasePointerLock() { + PointerLockManager::Unlock(); + return IPC_OK(); +} + PPaymentRequestChild* BrowserChild::AllocPPaymentRequestChild() { MOZ_CRASH( "We should never be manually allocating PPaymentRequestChild actors"); ===================================== dom/ipc/BrowserChild.h ===================================== @@ -696,6 +696,8 @@ class BrowserChild final : public nsMessageManagerScriptExecutor, mozilla::ipc::IPCResult RecvReleaseAllPointerCapture(); + mozilla::ipc::IPCResult RecvReleasePointerLock(); + private: void HandleDoubleTap(const CSSPoint& aPoint, const Modifiers& aModifiers, const ScrollableLayerGuid& aGuid); ===================================== dom/ipc/BrowserParent.cpp ===================================== @@ -4088,15 +4088,14 @@ static BrowserParent* GetTopLevelBrowserParent(BrowserParent* aBrowserParent) { mozilla::ipc::IPCResult BrowserParent::RecvRequestPointerLock( RequestPointerLockResolver&& aResolve) { - nsCString error; if (sTopLevelWebFocus != GetTopLevelBrowserParent(this)) { - error = "PointerLockDeniedNotFocused"; - } else if (!PointerLockManager::SetLockedRemoteTarget(this)) { - error = "PointerLockDeniedInUse"; - } else { - PointerEventHandler::ReleaseAllPointerCaptureRemoteTarget(); + aResolve("PointerLockDeniedNotFocused"_ns); + return IPC_OK(); } - aResolve(error); + + nsCString error; + PointerLockManager::SetLockedRemoteTarget(this, error); + aResolve(std::move(error)); return IPC_OK(); } ===================================== dom/ipc/PBrowser.ipdl ===================================== @@ -557,18 +557,17 @@ parent: async ImageLoadComplete(nsresult aResult); - /** - * Child informs the parent that a pointer lock has requested/released. - */ - async RequestPointerLock() returns (nsCString error); - async ReleasePointerLock(); - /** * Child informs the parent that a pointer capture has requested/released. */ async RequestPointerCapture(uint32_t aPointerId) returns (bool aSuccess); async ReleasePointerCapture(uint32_t aPointerId); + /** + * Child informs the parent that a pointer lock has requested. + */ + async RequestPointerLock() returns (nsCString error); + /** * This function is used to notify the parent that it should display a * onion services client authentication prompt. @@ -578,6 +577,12 @@ parent: */ async ShowOnionServicesAuthPrompt(nsCString aOnionHost, nsCString aTopic); +both: + /** + * informs that a pointer lock has released. + */ + async ReleasePointerLock(); + child: async NativeSynthesisResponse(uint64_t aObserverId, nsCString aResponse); async UpdateSHistory(); ===================================== js/src/jit-test/tests/ion/bug1900523.js ===================================== @@ -0,0 +1,28 @@ +// |jit-test| --fast-warmup; --no-threads; skip-if: !wasmIsSupported() +function f1() { + Promise.allSettled().catch(e => null); + do { + f2(10n, -1n); + try { + f2(-2147483648n); + } catch {} + } while (!inIon()); +} +function f2(x, y) { + const z = x >> x; + z <= z ? z : z; + y ^ y; +} +const binary = wasmTextToBinary(` + (module + (import "m" "f" (func $f)) + (func (export "test") + (call $f) + ) + ) +`); +const mod = new WebAssembly.Module(binary); +const inst = new WebAssembly.Instance(mod, {"m": {"f": f1}}); +for (let i = 0; i < 6; i++) { + inst.exports.test(); +} ===================================== js/src/jit-test/tests/ion/bug1902983.js ===================================== @@ -0,0 +1,24 @@ +// |jit-test| --fast-warmup; --gc-zeal=21,100; skip-if: !wasmIsSupported() +let counter = 0; +function g() { + counter++; + const y = BigInt.asIntN(counter, -883678545n); + const z = y >> y; + BigInt.asUintN(2 ** counter, 883678545n); + try { g(); } catch (e) { } +} +function f() { + for (let i = 0; i < 5; i++) { + for (let j = 0; j < 30; j++) { } + Promise.allSettled().catch(e => null); + counter = 0; + g(); + } +} +const binary = wasmTextToBinary(`(module (import "m" "f" (func $f)) (func (export "test") (call $f)))`); +const mod = new WebAssembly.Module(binary); +const inst = new WebAssembly.Instance(mod, { m: { f: f } }); +for (let i = 0; i < 100; i++) { } +for (let i = 0; i < 5; i++) { + inst.exports.test(); +} ===================================== js/src/jit/JSJitFrameIter.cpp ===================================== @@ -26,22 +26,29 @@ using namespace js; using namespace js::jit; JSJitFrameIter::JSJitFrameIter(const JitActivation* activation) - : JSJitFrameIter(activation, FrameType::Exit, activation->jsExitFP()) {} - -JSJitFrameIter::JSJitFrameIter(const JitActivation* activation, - FrameType frameType, uint8_t* fp) - : current_(fp), - type_(frameType), - resumePCinCurrentFrame_(nullptr), - cachedSafepointIndex_(nullptr), + : current_(activation->jsExitFP()), + type_(FrameType::Exit), activation_(activation) { - MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit); + // If we're currently performing a bailout, we have to use the activation's + // bailout data when we start iterating over the activation's frames. if (activation_->bailoutData()) { current_ = activation_->bailoutData()->fp(); type_ = FrameType::Bailout; - } else { - MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); } + MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); +} + +JSJitFrameIter::JSJitFrameIter(const JitActivation* activation, + FrameType frameType, uint8_t* fp) + : current_(fp), type_(frameType), activation_(activation) { + // This constructor is only used when resuming iteration after iterating Wasm + // frames in the same JitActivation so ignore activation_->bailoutData(). + // + // Note: FrameType::JSJitToWasm is used for JIT => Wasm calls through the Wasm + // JIT entry trampoline. FrameType::Exit is used for direct Ion => Wasm calls. + MOZ_ASSERT(fp > activation->jsOrWasmExitFP()); + MOZ_ASSERT(type_ == FrameType::JSJitToWasm || type_ == FrameType::Exit); + MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); } bool JSJitFrameIter::checkInvalidation() const { ===================================== js/src/jit/JSJitFrameIter.h ===================================== @@ -111,14 +111,14 @@ class JSJitFrameIter { protected: uint8_t* current_; FrameType type_; - uint8_t* resumePCinCurrentFrame_; + uint8_t* resumePCinCurrentFrame_ = nullptr; // Size of the current Baseline frame. Equivalent to // BaselineFrame::debugFrameSize_ in debug builds. mozilla::Maybe<uint32_t> baselineFrameSize_; private: - mutable const SafepointIndex* cachedSafepointIndex_; + mutable const SafepointIndex* cachedSafepointIndex_ = nullptr; const JitActivation* activation_; void dumpBaseline() const; ===================================== layout/base/PresShell.cpp ===================================== @@ -8463,24 +8463,46 @@ void PresShell::EventHandler::MaybeHandleKeyboardEventBeforeDispatch( // The event listeners in chrome can prevent this ESC behavior by // calling prevent default on the preceding keydown/press events. - if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed && - aKeyboardEvent->mMessage == eKeyUp) { - // ESC key released while in DOM fullscreen mode. - // Fully exit all browser windows and documents from - // fullscreen mode. - Document::AsyncExitFullscreen(nullptr); + if (aKeyboardEvent->mMessage == eKeyUp) { + bool shouldExitFullscreen = + !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed; + if (!shouldExitFullscreen) { + if (mPresShell->mLastConsumedEscapeKeyUpForFullscreen && + (aKeyboardEvent->mTimeStamp - + mPresShell->mLastConsumedEscapeKeyUpForFullscreen) <= + TimeDuration::FromMilliseconds( + StaticPrefs:: + dom_fullscreen_force_exit_on_multiple_escape_interval())) { + shouldExitFullscreen = true; + mPresShell->mLastConsumedEscapeKeyUpForFullscreen = TimeStamp(); + } else { + mPresShell->mLastConsumedEscapeKeyUpForFullscreen = + aKeyboardEvent->mTimeStamp; + } + } + + if (shouldExitFullscreen) { + // ESC key released while in DOM fullscreen mode. + // Fully exit all browser windows and documents from + // fullscreen mode. + Document::AsyncExitFullscreen(nullptr); + } } } - nsCOMPtr<Document> pointerLockedDoc = PointerLockManager::GetLockedDocument(); - if (!mPresShell->mIsLastChromeOnlyEscapeKeyConsumed && pointerLockedDoc) { - // XXX See above comment to understand the reason why this needs - // to claim that the Escape key event is consumed by content - // even though it will be dispatched only into chrome. - aKeyboardEvent->PreventDefaultBeforeDispatch(CrossProcessForwarding::eStop); - aKeyboardEvent->mFlags.mOnlyChromeDispatch = true; - if (aKeyboardEvent->mMessage == eKeyUp) { - PointerLockManager::Unlock(); + if (XRE_IsParentProcess() && + !mPresShell->mIsLastChromeOnlyEscapeKeyConsumed) { + if (PointerLockManager::GetLockedRemoteTarget() || + PointerLockManager::IsLocked()) { + // XXX See above comment to understand the reason why this needs + // to claim that the Escape key event is consumed by content + // even though it will be dispatched only into chrome. + aKeyboardEvent->PreventDefaultBeforeDispatch( + CrossProcessForwarding::eStop); + aKeyboardEvent->mFlags.mOnlyChromeDispatch = true; + if (aKeyboardEvent->mMessage == eKeyUp) { + PointerLockManager::Unlock(); + } } } } ===================================== layout/base/PresShell.h ===================================== @@ -3209,6 +3209,10 @@ class PresShell final : public nsStubDocumentObserver, bool mProcessingReflowCommands : 1; bool mPendingDidDoReflow : 1; + // The last TimeStamp when the keyup event did not exit fullscreen because it + // was consumed. + TimeStamp mLastConsumedEscapeKeyUpForFullscreen; + struct CapturingContentInfo final { CapturingContentInfo() : mRemoteTarget(nullptr), ===================================== layout/base/nsCaret.cpp ===================================== @@ -855,7 +855,7 @@ size_t nsCaret::SizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf) const { bool nsCaret::IsMenuPopupHidingCaret() { // Check if there are open popups. nsXULPopupManager* popMgr = nsXULPopupManager::GetInstance(); - nsTArray<nsIFrame*> popups; + nsTArray<nsMenuPopupFrame*> popups; popMgr->GetVisiblePopups(popups); if (popups.Length() == 0) @@ -873,7 +873,7 @@ bool nsCaret::IsMenuPopupHidingCaret() { // If there's a menu popup open before the popup with // the caret, don't show the caret. for (uint32_t i = 0; i < popups.Length(); i++) { - nsMenuPopupFrame* popupFrame = static_cast<nsMenuPopupFrame*>(popups[i]); + nsMenuPopupFrame* popupFrame = popups[i]; nsIContent* popupContent = popupFrame->GetContent(); if (caretContent->IsInclusiveDescendantOf(popupContent)) { ===================================== layout/base/nsLayoutUtils.cpp ===================================== @@ -138,6 +138,7 @@ #include "nsIScrollableFrame.h" #include "nsIWidget.h" #include "nsListControlFrame.h" +#include "nsMenuPopupFrame.h" #include "nsPIDOMWindow.h" #include "nsPlaceholderFrame.h" #include "nsPresContext.h" @@ -1757,10 +1758,10 @@ nsIFrame* nsLayoutUtils::GetPopupFrameForPoint( if (!pm) { return nullptr; } - nsTArray<nsIFrame*> popups; + nsTArray<nsMenuPopupFrame*> popups; pm->GetVisiblePopups(popups); // Search from top to bottom - for (nsIFrame* popup : popups) { + for (nsMenuPopupFrame* popup : popups) { if (popup->PresContext()->GetRootPresContext() != aRootPresContext) { continue; } ===================================== layout/xul/nsXULPopupManager.cpp ===================================== @@ -53,6 +53,7 @@ #include "mozilla/EventStateManager.h" #include "mozilla/LookAndFeel.h" #include "mozilla/MouseEvents.h" +#include "mozilla/PointerLockManager.h" #include "mozilla/PresShell.h" #include "mozilla/Services.h" #include "mozilla/StaticPrefs_layout.h" @@ -987,6 +988,7 @@ bool nsXULPopupManager::ShowPopupAsNativeMenu(Element* aPopup, int32_t aXPos, EventStateManager::ClearGlobalActiveContent(activeESM); activeESM->StopTrackingDragGesture(true); } + PointerLockManager::Unlock(); PresShell::ReleaseCapturingContent(); return true; @@ -1201,6 +1203,10 @@ void nsXULPopupManager::ShowPopupCallback(Element* aPopup, // Caret visibility may have been affected, ensure that // the caret isn't now drawn when it shouldn't be. CheckCaretDrawingState(); + + if (popupType != PopupType::Tooltip) { + PointerLockManager::Unlock(); + } } nsMenuChainItem* nsXULPopupManager::FindPopup(Element* aPopup) const { @@ -1851,8 +1857,17 @@ nsIContent* nsXULPopupManager::GetTopActiveMenuItemContent() { return nullptr; } -void nsXULPopupManager::GetVisiblePopups(nsTArray<nsIFrame*>& aPopups) { +void nsXULPopupManager::GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups, + bool aIncludeNativeMenu) { aPopups.Clear(); + if (aIncludeNativeMenu && mNativeMenu) { + nsCOMPtr<nsIContent> popup = mNativeMenu->Element(); + nsMenuPopupFrame* popupFrame = GetPopupFrameForContent(popup, true); + if (popupFrame && popupFrame->IsVisible() && + !popupFrame->IsMouseTransparent()) { + aPopups.AppendElement(popupFrame); + } + } for (nsMenuChainItem* item = mPopups.get(); item; item = item->GetParent()) { // Skip panels which are not visible as well as popups that are transparent // to mouse events. ===================================== layout/xul/nsXULPopupManager.h ===================================== @@ -184,10 +184,10 @@ using HidePopupOptions = mozilla::EnumSet<HidePopupOption>; */ extern const nsNavigationDirection DirectionFromKeyCodeTable[2][6]; -#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode) \ - (DirectionFromKeyCodeTable[static_cast<uint8_t>( \ - (frame)->StyleVisibility()->mDirection)][( \ - keycode)-mozilla::dom::KeyboardEvent_Binding::DOM_VK_END]) +#define NS_DIRECTION_FROM_KEY_CODE(frame, keycode) \ + (DirectionFromKeyCodeTable \ + [static_cast<uint8_t>((frame)->StyleVisibility()->mDirection)] \ + [(keycode) - mozilla::dom::KeyboardEvent_Binding::DOM_VK_END]) // Used to hold information about a popup that is about to be opened. struct PendingPopup { @@ -601,8 +601,10 @@ class nsXULPopupManager final : public nsIDOMEventListener, /** * Return an array of all the open and visible popup frames for * menus, in order from top to bottom. + * XXX should we always include native menu? */ - void GetVisiblePopups(nsTArray<nsIFrame*>& aPopups); + void GetVisiblePopups(nsTArray<nsMenuPopupFrame*>& aPopups, + bool aIncludeNativeMenu = false); /** * Get the node that last triggered a popup or tooltip in the document ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -2709,6 +2709,13 @@ value: false mirror: always +# The interval in milliseconds between two Escape key events where the second +# key event will exit fullscreen, even if it is consumed. +- name: dom.fullscreen.force_exit_on_multiple_escape_interval + type: uint32_t + value: 500 + mirror: always + # Whether fullscreen should make the rest of the document inert. # This matches other browsers but historically not Gecko. - name: dom.fullscreen.modal @@ -11425,6 +11432,11 @@ value: false mirror: always +- name: network.cookie.sameSite.crossSiteIframeSetCheck + type: bool + value: true + mirror: always + - name: network.cookie.thirdparty.sessionOnly type: bool value: false ===================================== netwerk/cookie/CookieService.cpp ===================================== @@ -675,6 +675,18 @@ CookieService::SetCookieStringFromHttp(nsIURI* aHostURI, if (!addonAllowsLoad) { mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeignAndNotAddon); + + // include sub-document navigations from cross-site to same-site + // wrt top-level in our check for thirdparty-ness + if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() && + !isForeignAndNotAddon && + loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_SUBDOCUMENT) { + bool triggeringPrincipalIsThirdParty = false; + BasePrincipal::Cast(loadInfo->TriggeringPrincipal()) + ->IsThirdPartyURI(channelURI, &triggeringPrincipalIsThirdParty); + isForeignAndNotAddon |= triggeringPrincipalIsThirdParty; + } } nsCString cookieHeader(aCookieHeader); ===================================== netwerk/cookie/CookieServiceChild.cpp ===================================== @@ -517,6 +517,18 @@ CookieServiceChild::SetCookieStringFromHttp(nsIURI* aHostURI, if (!addonAllowsLoad) { mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeignAndNotAddon); + + // include sub-document navigations from cross-site to same-site + // wrt top-level in our check for thirdparty-ness + if (StaticPrefs::network_cookie_sameSite_crossSiteIframeSetCheck() && + !isForeignAndNotAddon && + loadInfo->GetExternalContentPolicyType() == + ExtContentPolicy::TYPE_SUBDOCUMENT) { + bool triggeringPrincipalIsThirdParty = false; + BasePrincipal::Cast(loadInfo->TriggeringPrincipal()) + ->IsThirdPartyURI(finalChannelURI, &triggeringPrincipalIsThirdParty); + isForeignAndNotAddon |= triggeringPrincipalIsThirdParty; + } } bool moreCookies; ===================================== testing/web-platform/meta/cookies/samesite/setcookie-navigation.https.html.ini ===================================== @@ -1,11 +1,4 @@ [setcookie-navigation.https.html] + prefs: [network.cookie.sameSite.laxByDefault:true, network.cookie.sameSite.noneRequiresSecure:true] expected: if (os == "android") and fission: [OK, TIMEOUT] - [Cross-site to same-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL - - [Same-site to cross-site-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL - - [Cross-site to cross-site iframe navigation should only be able to set SameSite=None cookies.] - expected: FAIL View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/062981… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/062981… You're receiving this email because of your account on gitlab.torproject.org.

1 0