Pier Angelo Vendrame pushed to branch tor-browser-115.28.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 6ffceaac by Valentin Gosu at 2025-10-08T14:15:40+02:00 Bug 1881258 - Make HTML mimesniffing match the spec r=necko-reviewers,jesup,devtools-reviewers,nchevobbe Differential Revision: https://phabricator.services.mozilla.com/D255120 - - - - - beca59e1 by Jonathan Kew at 2025-10-08T14:15:44+02:00 Bug 1988244 - Guard the space-features bit vectors with the feature-info mutex. a=RyanVM DONTBUILD Original Revision: https://phabricator.services.mozilla.com/D266136 Differential Revision: https://phabricator.services.mozilla.com/D267025 - - - - - db14671a by Christian Holler (:decoder) at 2025-10-08T14:15:45+02:00 Bug 1990085 - Improve enum serialization in gfx. r=lsalzman a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D266443 - - - - - 13 changed files: - devtools/client/webconsole/test/browser/browser_webconsole_context_menu_copy_entire_message.js - devtools/client/webconsole/test/browser/browser_webconsole_context_menu_copy_message_with_async_stacktrace.js - devtools/client/webconsole/test/browser/browser_webconsole_context_menu_copy_message_with_framework_stacktrace.js - devtools/client/webconsole/test/browser/browser_webconsole_context_menu_export_console_output.js - devtools/client/webconsole/test/browser/browser_webconsole_css_error_impacted_elements.js - devtools/client/webconsole/test/browser/browser_webconsole_filter_by_input.js - devtools/shared/commands/resource/tests/browser_resources_css_messages.js - dom/tests/browser/set-samesite-cookies-and-redirect.sjs - gfx/2d/RecordingTypes.h - gfx/thebes/gfxFont.cpp - gfx/thebes/gfxFontEntry.h - modules/libpref/init/StaticPrefList.yaml - netwerk/streamconv/converters/nsUnknownDecoder.cpp Changes: ===================================== devtools/client/webconsole/test/browser/browser_webconsole_context_menu_copy_entire_message.js ===================================== @@ -5,6 +5,7 @@ const httpServer = createTestHTTPServer(); httpServer.registerPathHandler(`/`, function (request, response) { + response.setHeader("Content-Type", "text/html"); response.setStatusLine(request.httpVersion, 200, "OK"); response.write(` <meta charset=utf8> ===================================== devtools/client/webconsole/test/browser/browser_webconsole_context_menu_copy_message_with_async_stacktrace.js ===================================== @@ -8,6 +8,7 @@ const httpServer = createTestHTTPServer(); httpServer.registerPathHandler(`/`, function (request, response) { + response.setHeader("Content-Type", "text/html"); response.setStatusLine(request.httpVersion, 200, "OK"); response.write(`<script type="text/javascript" src="test.js"></script>`); }); ===================================== devtools/client/webconsole/test/browser/browser_webconsole_context_menu_copy_message_with_framework_stacktrace.js ===================================== @@ -5,6 +5,7 @@ const httpServer = createTestHTTPServer(); httpServer.registerPathHandler(`/`, function (request, response) { + response.setHeader("Content-Type", "text/html"); response.setStatusLine(request.httpVersion, 200, "OK"); response.write(` <meta charset=utf8> ===================================== devtools/client/webconsole/test/browser/browser_webconsole_context_menu_export_console_output.js ===================================== @@ -6,6 +6,7 @@ const httpServer = createTestHTTPServer(); httpServer.registerPathHandler(`/`, function (request, response) { response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "text/html"); response.write(` <html> <head> ===================================== devtools/client/webconsole/test/browser/browser_webconsole_css_error_impacted_elements.js ===================================== @@ -7,6 +7,7 @@ const httpServer = createTestHTTPServer(); httpServer.registerPathHandler(`/`, function (request, response) { response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "text/html"); response.write(` <html> <head> ===================================== devtools/client/webconsole/test/browser/browser_webconsole_filter_by_input.js ===================================== @@ -207,6 +207,7 @@ function createServerAndGetTestUrl() { "/" + HTML_FILENAME, function (request, response) { response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "text/html"); response.write(HTML_CONTENT); } ); ===================================== devtools/shared/commands/resource/tests/browser_resources_css_messages.js ===================================== @@ -12,6 +12,7 @@ const { MESSAGE_CATEGORY } = require("resource://devtools/shared/constants.js"); const httpServer = createTestHTTPServer(); httpServer.registerPathHandler(`/test_css_messages.html`, (req, res) => { res.setStatusLine(req.httpVersion, 200, "OK"); + res.setHeader("Content-Type", "text/html"); res.write(`<meta charset=utf8> <style> html { ===================================== dom/tests/browser/set-samesite-cookies-and-redirect.sjs ===================================== @@ -17,6 +17,7 @@ function handleRequest(request, response) { "strictHeader=true; path=/; SameSite=Strict", true ); + response.setHeader("Content-Type", "text/html"); response.write(` <head> <meta http-equiv='set-cookie' content='laxMeta=true; path=/; SameSite=Lax'> @@ -33,6 +34,7 @@ function handleRequest(request, response) { let baseURI = "https://example.org/" + request.path.replace(/[a-z-]*\.sjs/, "mimeme.sjs?type="); + response.setHeader("Content-Type", "text/html"); response.write(` <link rel="stylesheet" type="text/css" href="${baseURI}css"> <iframe src="${baseURI}html"></iframe> ===================================== gfx/2d/RecordingTypes.h ===================================== @@ -70,9 +70,16 @@ void ReadElement(S& aStream, T& aElement) { template <class S, class T> void ReadElementConstrained(S& aStream, T& aElement, const T& aMinValue, const T& aMaxValue) { - ElementStreamFormat<S, T>::Read(aStream, aElement); - if (aElement < aMinValue || aElement > aMaxValue) { + std::underlying_type_t<T> value = 0; + ReadElement(aStream, value); + + auto minInt = static_cast<std::underlying_type_t<T>>(aMinValue); + auto maxInt = static_cast<std::underlying_type_t<T>>(aMaxValue); + + if (value < minInt || value > maxInt) { aStream.SetIsBad(); + } else { + aElement = static_cast<T>(value); } } template <class S, class T> ===================================== gfx/thebes/gfxFont.cpp ===================================== @@ -1378,6 +1378,7 @@ void gfxFont::CheckForFeaturesInvolvingSpace() const { flags = flags | gfxFontEntry::SpaceFeatures::HasFeatures; uint32_t index = static_cast<uint32_t>(s) >> 5; uint32_t bit = static_cast<uint32_t>(s) & 0x1f; + MutexAutoLock lock(mFontEntry->mFeatureInfoLock); if (isDefaultFeature) { mFontEntry->mDefaultSubSpaceFeatures[index] |= (1 << bit); } else { @@ -1391,8 +1392,11 @@ void gfxFont::CheckForFeaturesInvolvingSpace() const { // spaces in default features of default script? // ==> can't use word cache, skip GPOS analysis bool canUseWordCache = true; - if (HasSubstitution(mFontEntry->mDefaultSubSpaceFeatures, Script::COMMON)) { - canUseWordCache = false; + { + MutexAutoLock lock(mFontEntry->mFeatureInfoLock); + if (HasSubstitution(mFontEntry->mDefaultSubSpaceFeatures, Script::COMMON)) { + canUseWordCache = false; + } } // GPOS lookups - distinguish kerning from non-kerning features @@ -1411,6 +1415,7 @@ void gfxFont::CheckForFeaturesInvolvingSpace() const { } if (MOZ_UNLIKELY(log)) { + MutexAutoLock lock(mFontEntry->mFeatureInfoLock); TimeDuration elapsed = TimeStamp::Now() - start; LOG_FONTINIT(( "(fontinit-spacelookups) font: %s - " @@ -1445,6 +1450,7 @@ bool gfxFont::HasSubstitutionRulesWithSpaceLookups(Script aRunScript) const { } // default features have space lookups ==> true + MutexAutoLock lock(mFontEntry->mFeatureInfoLock); if (HasSubstitution(mFontEntry->mDefaultSubSpaceFeatures, Script::COMMON) || HasSubstitution(mFontEntry->mDefaultSubSpaceFeatures, aRunScript)) { return true; ===================================== gfx/thebes/gfxFontEntry.h ===================================== @@ -592,9 +592,10 @@ class gfxFontEntry { // bitvector of substitution space features per script, one each // for default and non-default features - uint32_t mDefaultSubSpaceFeatures[(int(Script::NUM_SCRIPT_CODES) + 31) / 32]; - uint32_t - mNonDefaultSubSpaceFeatures[(int(Script::NUM_SCRIPT_CODES) + 31) / 32]; + uint32_t mDefaultSubSpaceFeatures[(int(Script::NUM_SCRIPT_CODES) + 31) / + 32] MOZ_GUARDED_BY(mFeatureInfoLock); + uint32_t mNonDefaultSubSpaceFeatures[(int(Script::NUM_SCRIPT_CODES) + 31) / + 32] MOZ_GUARDED_BY(mFeatureInfoLock); mozilla::Atomic<uint32_t> mUVSOffset; ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -12833,6 +12833,14 @@ value: true mirror: always +# If true, it will include extra tags to be sniffed by nsUnknownDecoder +# These tags were previously sniffed by Firefox for legacy/webcompat but +# are not part of the MIME sniffing spec. +- name: network.mimesniff.extra_moz_html_tags + type: RelaxedAtomicBool + value: false + mirror: always + # The maximum count that we allow socket prrocess to crash. If this count is # reached, we won't use networking over socket process. - name: network.max_socket_process_failed_count ===================================== netwerk/streamconv/converters/nsUnknownDecoder.cpp ===================================== @@ -492,6 +492,7 @@ void nsUnknownDecoder::DetermineContentType(nsIRequest* aRequest) { #endif } +// https://mimesniff.spec.whatwg.org/#identifying-a-resource-with-an-unknown-mi... bool nsUnknownDecoder::SniffForHTML(nsIRequest* aRequest) { MutexAutoLock lock(mMutex); @@ -517,34 +518,44 @@ bool nsUnknownDecoder::SniffForHTML(nsIRequest* aRequest) { return false; } - // If we seem to be SGML or XML and we got down here, just pretend we're HTML - if (*str == '!' || *str == '?') { - mContentType = TEXT_HTML; + uint32_t bufSize = end - str; + nsDependentCSubstring substr(str, bufSize); + + if (StringBeginsWith(substr, "?xml"_ns)) { + mContentType = TEXT_XML; return true; } - uint32_t bufSize = end - str; // We use sizeof(_tagstr) below because that's the length of _tagstr // with the one char " " or ">" appended. -#define MATCHES_TAG(_tagstr) \ - (bufSize >= sizeof(_tagstr) && \ - (nsCRT::strncasecmp(str, _tagstr " ", sizeof(_tagstr)) == 0 || \ - nsCRT::strncasecmp(str, _tagstr ">", sizeof(_tagstr)) == 0)) +#define MATCHES_TAG(_tagstr) \ + (substr.Length() >= sizeof(_tagstr) && \ + StringBeginsWith(substr, _tagstr##_ns, \ + nsCaseInsensitiveCStringComparator) && \ + (substr[sizeof(_tagstr) - 1] == ' ' || substr[sizeof(_tagstr) - 1] == '>')) - if (MATCHES_TAG("html") || MATCHES_TAG("frameset") || MATCHES_TAG("body") || + if (MATCHES_TAG("!DOCTYPE HTML") || MATCHES_TAG("html") || MATCHES_TAG("head") || MATCHES_TAG("script") || MATCHES_TAG("iframe") || - MATCHES_TAG("a") || MATCHES_TAG("img") || MATCHES_TAG("table") || - MATCHES_TAG("title") || MATCHES_TAG("link") || MATCHES_TAG("base") || - MATCHES_TAG("style") || MATCHES_TAG("div") || MATCHES_TAG("p") || - MATCHES_TAG("font") || MATCHES_TAG("applet") || MATCHES_TAG("meta") || - MATCHES_TAG("center") || MATCHES_TAG("form") || MATCHES_TAG("isindex") || - MATCHES_TAG("h1") || MATCHES_TAG("h2") || MATCHES_TAG("h3") || - MATCHES_TAG("h4") || MATCHES_TAG("h5") || MATCHES_TAG("h6") || - MATCHES_TAG("b") || MATCHES_TAG("pre")) { + MATCHES_TAG("h1") || MATCHES_TAG("div") || MATCHES_TAG("font") || + MATCHES_TAG("table") || MATCHES_TAG("a") || MATCHES_TAG("style") || + MATCHES_TAG("title") || MATCHES_TAG("b") || MATCHES_TAG("body") || + MATCHES_TAG("br") || MATCHES_TAG("p") || MATCHES_TAG("!--")) { mContentType = TEXT_HTML; return true; } + if (StaticPrefs::network_mimesniff_extra_moz_html_tags()) { + if (MATCHES_TAG("frameset") || MATCHES_TAG("img") || MATCHES_TAG("link") || + MATCHES_TAG("base") || MATCHES_TAG("applet") || MATCHES_TAG("meta") || + MATCHES_TAG("center") || MATCHES_TAG("form") || + MATCHES_TAG("isindex") || MATCHES_TAG("h2") || MATCHES_TAG("h3") || + MATCHES_TAG("h4") || MATCHES_TAG("h5") || MATCHES_TAG("h6") || + MATCHES_TAG("pre")) { + mContentType = TEXT_HTML; + return true; + } + } + #undef MATCHES_TAG return false; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1a51c17... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/1a51c17... You're receiving this email because of your account on gitlab.torproject.org.