Index: branches/2017Q4/www/firefox/Makefile =================================================================== --- branches/2017Q4/www/firefox/Makefile (revision 454979) +++ branches/2017Q4/www/firefox/Makefile (revision 454980) @@ -1,77 +1,77 @@ # Created by: Alan Eldridge # $FreeBSD$ PORTNAME= firefox DISTVERSION= 56.0.2 DISTVERSIONSUFFIX=.source -PORTREVISION= 6 +PORTREVISION= 10 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= MOZILLA/${PORTNAME}/releases/${DISTVERSION}/source \ MOZILLA/${PORTNAME}/candidates/${DISTVERSION}-candidates/build1/source MAINTAINER= gecko@FreeBSD.org COMMENT= Web browser based on the browser portion of Mozilla BUILD_DEPENDS= nspr>=4.16:devel/nspr \ nss>=3.32.1:security/nss \ icu>=59.1,1:devel/icu \ libevent>=2.1.8:devel/libevent \ harfbuzz>=1.4.7:print/harfbuzz \ graphite2>=1.3.10:graphics/graphite2 \ png>=1.6.31:graphics/png \ libvorbis>=1.3.5,3:audio/libvorbis \ libvpx>=1.5.0:multimedia/libvpx \ sqlite3>=3.19.3:databases/sqlite3 \ ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3 \ v4l_compat>0:multimedia/v4l_compat \ autoconf-2.13:devel/autoconf213 \ yasm:devel/yasm \ llvm40>0:devel/llvm40 \ zip:archivers/zip # soundtouch>=1.9.0:audio/soundtouch \ LIB_DEPENDS= libv4l2.so:multimedia/libv4l USE_GECKO= gecko CONFLICTS_INSTALL= firefox-esr-45.* firefox-esr-3[18].* firefox-esr-24.* MOZ_PKGCONFIG_FILES= # empty USE_MOZILLA= -soundtouch MOZILLA_NAME= Firefox USE_GL= gl USES= tar:xz FIREFOX_ICON= ${MOZILLA}.png FIREFOX_ICON_SRC= ${PREFIX}/lib/${MOZILLA}/browser/chrome/icons/default/default48.png MOZ_EXPORT= BINDGEN_CFLAGS="-isystem${LOCALBASE}/include/nspr \ -isystem${LOCALBASE}/include/pixman-1" # XXX bug 1341234 MOZ_OPTIONS= --enable-application=browser \ --enable-official-branding OPTIONS_DEFAULT= BUNDLED_CAIRO OPTIONS_EXCLUDE= GNOMEUI .include "${.CURDIR}/../../www/firefox/Makefile.options" WRKSRC:= ${WRKDIR}/${PORTNAME}-${DISTVERSION} post-extract: @${SED} -e 's|@FIREFOX_ICON@|${FIREFOX_ICON}|' -e 's|@MOZILLA@|${MOZILLA}|' \ -e 's|@MOZILLA_NAME@|${MOZILLA_NAME}|' \ <${FILESDIR}/firefox.desktop.in >${WRKDIR}/${MOZILLA}.desktop post-patch: @${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \ ${WRKSRC}/browser/app/nsBrowserApp.cpp pre-configure: (cd ${WRKSRC} && ${LOCALBASE}/bin/autoconf-2.13) (cd ${WRKSRC}/js/src/ && ${LOCALBASE}/bin/autoconf-2.13) post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/share/pixmaps ${INSTALL_DATA} ${WRKDIR}/${MOZILLA}.desktop ${STAGEDIR}${PREFIX}/share/applications/ ${LN} -sf ${FIREFOX_ICON_SRC} ${STAGEDIR}${PREFIX}/share/pixmaps/${FIREFOX_ICON} .include Index: branches/2017Q4/www/firefox/files/patch-a-bug1399540 =================================================================== --- branches/2017Q4/www/firefox/files/patch-a-bug1399540 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-a-bug1399540 (revision 454980) @@ -0,0 +1,148 @@ +commit 99ad73e4743d +Author: Jonathan Kew +Date: Sat Sep 16 11:49:47 2017 +0100 + + Bug 1399540 - patch 1 - Failure to decode an individual label within the IDN should not block decoding of other valid punycode labels. r=valentin +--- + netwerk/dns/nsIDNService.cpp | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index 9cc8fdcf6fa1..3adcddf654e1 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -300,6 +300,10 @@ nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval, + // RFC 3490 - 4.2 ToUnicode + // ToUnicode never fails. If any step fails, then the original input + // sequence is returned immediately in that step. ++ // ++ // Note that this refers to the decoding of a single label. ++ // ACEtoUTF8 may be called with a sequence of labels separated by dots; ++ // this test applies individually to each label. + + uint32_t len = 0, offset = 0; + nsAutoCString decodedBuf; +@@ -313,13 +317,15 @@ nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval, + while (start != end) { + len++; + if (*start++ == '.') { +- if (NS_FAILED(decodeACE(Substring(input, offset, len - 1), decodedBuf, +- flag))) { +- _retval.Assign(input); +- return NS_OK; ++ nsDependentCSubstring origLabel(input, offset, len - 1); ++ if (NS_FAILED(decodeACE(origLabel, decodedBuf, flag))) { ++ // If decoding failed, use the original input sequence ++ // for this label. ++ _retval.Append(origLabel); ++ } else { ++ _retval.Append(decodedBuf); + } + +- _retval.Append(decodedBuf); + _retval.Append('.'); + offset += len; + len = 0; +@@ -327,11 +333,12 @@ nsresult nsIDNService::ACEtoUTF8(const nsACString & input, nsACString & _retval, + } + // decode the last node + if (len) { +- if (NS_FAILED(decodeACE(Substring(input, offset, len), decodedBuf, +- flag))) +- _retval.Assign(input); +- else ++ nsDependentCSubstring origLabel(input, offset, len); ++ if (NS_FAILED(decodeACE(origLabel, decodedBuf, flag))) { ++ _retval.Append(origLabel); ++ } else { + _retval.Append(decodedBuf); ++ } + } + + return NS_OK; + +commit eddd7a4f4eae +Author: Jonathan Kew +Date: Sat Sep 16 11:49:56 2017 +0100 + + Bug 1399540 - patch 2 - Handle invalid punycode better in stringPrep to avoid mangling display of fake-punycode labels. r=valentin +--- + netwerk/dns/nsIDNService.cpp | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index 3adcddf654e1..4c45a2d52e45 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -222,7 +222,15 @@ nsIDNService::IDNA2008StringPrep(const nsAString& input, + } + NS_ENSURE_SUCCESS(rv, rv); + +- // Output the result of nameToUnicode even if there were errors ++ // Output the result of nameToUnicode even if there were errors. ++ // But in the case of invalid punycode, the uidna_labelToUnicode result ++ // appears to get an appended U+FFFD REPLACEMENT CHARACTER, which will ++ // confuse our subsequent processing, so we drop that. ++ // (https://bugzilla.mozilla.org/show_bug.cgi?id=1399540#c9) ++ if ((info.errors & UIDNA_ERROR_PUNYCODE) && ++ outLen > 0 && outputBuffer[outLen - 1] == 0xfffd) { ++ --outLen; ++ } + ICUUtils::AssignUCharArrayToString(outputBuffer, outLen, output); + + if (flag == eStringPrepIgnoreErrors) { + +commit 2a3883ef55d2 +Author: Jonathan Kew +Date: Sat Sep 16 11:50:08 2017 +0100 + + Bug 1399540 - Add some IDN testcases with mixed punycode and non-punycode labels. r=valentin +--- + netwerk/test/unit/test_idn_urls.js | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git netwerk/test/unit/test_idn_urls.js netwerk/test/unit/test_idn_urls.js +index 358854093f65..0d8cf3216293 100644 +--- netwerk/test/unit/test_idn_urls.js ++++ netwerk/test/unit/test_idn_urls.js +@@ -286,10 +286,17 @@ const testcases = [ + // Thai (also tests that node with over 63 UTF-8 octets doesn't fail) + ["เครื่องทําน้ําทําน้ําแข็ง", + "xn--22cdjb2fanb9fyepcbbb9dwh4a3igze4fdcd", +- false, true, true] ++ false, true, true], ++ ++ // Effect of adding valid or invalid subdomains (bug 1399540) ++ ["䕮䕵䕶䕱.ascii", "xn--google.ascii", false, true, true], ++ ["ascii.䕮䕵䕶䕱", "ascii.xn--google", false, true, true], ++ ["中国123.䕮䕵䕶䕱", "xn--123-u68dy61b.xn--google", false, true, true], ++ ["䕮䕵䕶䕱.中国123", "xn--google.xn--123-u68dy61b", false, true, true], ++ ["xn--accountlogin.䕮䕵䕶䕱", "xn--accountlogin.xn--google", false, true, true], ++ ["䕮䕵䕶䕱.xn--accountlogin", "xn--google.xn--accountlogin", false, true, true], + ]; + +- + const profiles = ["ASCII", "high", "moderate"]; + + function run_test() { +@@ -311,13 +318,13 @@ function run_test() { + var expectedUnicode = test[2 + i]; + var isASCII = {}; + +- var result; +- try { +- result = idnService.convertToDisplayIDN(URL, isASCII); +- } catch(e) { +- result = ".com"; +- } +- if (punycodeURL.substr(0, 4) == "xn--") { ++ var result; ++ try { ++ result = idnService.convertToDisplayIDN(URL, isASCII); ++ } catch(e) { ++ result = ".com"; ++ } ++ if (punycodeURL.substr(0, 4) == "xn--" || punycodeURL.indexOf(".xn--") > 0) { + // test convertToDisplayIDN with a Unicode URL and with a + // Punycode URL if we have one + do_check_eq(escape(result), Property changes on: branches/2017Q4/www/firefox/files/patch-a-bug1399540 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1261175 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1261175 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1261175 (revision 454980) @@ -0,0 +1,25 @@ +commit deccfad4c8ba +Author: Matt Woodrow +Date: Thu Oct 12 13:10:27 2017 +1300 + + Bug 1261175. r=tnikkel, a=ritu + + --HG-- + extra : source : 8281ed36bd4946af69af747b199814cc1a51fb52 +--- + view/nsViewManager.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git view/nsViewManager.cpp view/nsViewManager.cpp +index f3540f3478da..230512c0dcc0 100644 +--- view/nsViewManager.cpp ++++ view/nsViewManager.cpp +@@ -100,7 +100,7 @@ nsViewManager::~nsViewManager() + gViewManagers = nullptr; + } + +- mPresShell = nullptr; ++ MOZ_RELEASE_ASSERT(!mPresShell, "Releasing nsViewManager without having called Destroy on the PresShell!"); + } + + // We don't hold a reference to the presentation context because it Property changes on: branches/2017Q4/www/firefox/files/patch-bug1261175 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1325923 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1325923 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1325923 (revision 454980) @@ -0,0 +1,121 @@ +commit d9ad239a35bf +Author: Blake Kaplan +Date: Wed Aug 16 16:39:32 2017 -0700 + + Bug 1325923 - Implement the "cookie averse document" concept. r=Ehsan + + See https://html.spec.whatwg.org/multipage/dom.html#resource-metadata-management:cookie-averse-document-object + + MozReview-Commit-ID: GndxqhU77cS +--- + dom/base/nsIDocument.h | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git dom/base/nsIDocument.h dom/base/nsIDocument.h +index e834f5785cad..921e03e107d1 100644 +--- dom/base/nsIDocument.h ++++ dom/base/nsIDocument.h +@@ -2073,6 +2073,34 @@ public: + return mMarkedCCGeneration; + } + ++ /** ++ * Returns whether this document is cookie averse. See ++ * https://html.spec.whatwg.org/multipage/dom.html#cookie-averse-document-object ++ */ ++ bool IsCookieAverse() const ++ { ++ // If we are a document that "has no browsing context." ++ if (!GetInnerWindow()) { ++ return true; ++ } ++ ++ // If we are a document "whose URL's scheme is not a network scheme." ++ // NB: Explicitly allow file: URIs to store cookies. ++ nsCOMPtr codebaseURI; ++ NodePrincipal()->GetURI(getter_AddRefs(codebaseURI)); ++ ++ if (!codebaseURI) { ++ return true; ++ } ++ ++ nsAutoCString scheme; ++ codebaseURI->GetScheme(scheme); ++ return !scheme.EqualsLiteral("http") && ++ !scheme.EqualsLiteral("https") && ++ !scheme.EqualsLiteral("ftp") && ++ !scheme.EqualsLiteral("file"); ++ } ++ + bool IsLoadedAsData() + { + return mLoadedAsData; + +commit 10775852824c +Author: Blake Kaplan +Date: Wed Aug 16 16:58:19 2017 -0700 + + Bug 1325923 - Use this new API. r=Ehsan + + MozReview-Commit-ID: 6tuaEqQA551 +--- + dom/base/nsContentSink.cpp | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git dom/base/nsContentSink.cpp dom/base/nsContentSink.cpp +index c52761c8521f..c3e9f43846d4 100644 +--- dom/base/nsContentSink.cpp ++++ dom/base/nsContentSink.cpp +@@ -843,6 +843,12 @@ nsContentSink::ProcessMETATag(nsIContent* aContent) + return NS_OK; + } + ++ // Don't allow setting cookies in in cookie averse ++ // documents. ++ if (nsGkAtoms::setcookie->Equals(header) && mDocument->IsCookieAverse()) { ++ return NS_OK; ++ } ++ + nsAutoString result; + aContent->GetAttr(kNameSpaceID_None, nsGkAtoms::content, result); + if (!result.IsEmpty()) { + +commit f48bc2cbf262 +Author: Blake Kaplan +Date: Wed Aug 16 17:22:31 2017 -0700 + + Bug 1325923 - Use this API where we're supposed to. r=Ehsan + + MozReview-Commit-ID: HGU5YtUzv9U +--- + dom/html/nsHTMLDocument.cpp | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git dom/html/nsHTMLDocument.cpp dom/html/nsHTMLDocument.cpp +index fa3d614854d9..b146698b6494 100644 +--- dom/html/nsHTMLDocument.cpp ++++ dom/html/nsHTMLDocument.cpp +@@ -1347,6 +1347,11 @@ nsHTMLDocument::GetCookie(nsAString& aCookie, ErrorResult& rv) + return; + } + ++ // If the document is a cookie-averse Document... return the empty string. ++ if (IsCookieAverse()) { ++ return; ++ } ++ + // not having a cookie service isn't an error + nsCOMPtr service = do_GetService(NS_COOKIESERVICE_CONTRACTID); + if (service) { +@@ -1400,6 +1405,11 @@ nsHTMLDocument::SetCookie(const nsAString& aCookie, ErrorResult& rv) + return; + } + ++ // If the document is a cookie-averse Document... do nothing. ++ if (IsCookieAverse()) { ++ return; ++ } ++ + // not having a cookie service isn't an error + nsCOMPtr service = do_GetService(NS_COOKIESERVICE_CONTRACTID); + if (service && mDocumentURI) { Property changes on: branches/2017Q4/www/firefox/files/patch-bug1325923 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1343147 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1343147 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1343147 (revision 454980) @@ -0,0 +1,117 @@ +commit e215b167b9b9 +Author: cku +Date: Tue Oct 3 11:29:19 2017 +0800 + + Bug 1343147 - Do not double applying transform vector of the root frame in a glyph mask into the target context. r=mstange, a=ritu + + When we generate the glyph mask for a transformed frame in + GenerateAndPushTextMask, the transform vector had been applied into aContext[1], + so we should find a way to prevent applying the vector again when painting the + glyph mask. + + In bug 1299715, I tried to prevent double apply at [2], it caused two problems: + 1. We only skip generating nsDisplayTransform, but we may still create a + nsDisplayPerspactive bellow. Since the parent of a nsDisplayPerspective must be + a nsDisplayTransform, which have been ignored, so we hit this assertion. + 2. We skip all transform for all frames while painting the glyph mask, which is + not correct. We should only skip double applying transform vector of the root + frame. + + This patch fixes both of these issues: + a. We will still create a nsDisplayTransform for the root frame if need. But + the transform matrix we apply into the target context will be an identity + matrix, so we fix #1 above. + b. In #a, we change the transform matrix to an identity matrix only for the root + frame of the glyph mask, so we fix #2. + + [1] + https://hg.mozilla.org/mozilla-central/file/59e5ec5729db/layout/painting/nsDisplayList.cpp#l752 + [2] + https://hg.mozilla.org/mozilla-central/file/ce2c129f0a87/layout/generic/nsFrame.cpp#l2806 + + MozReview-Commit-ID: 973lkQQxLB6 + + --HG-- + extra : source : 84451d723686bc47b81c44ed2ddf6c61f3e35915 +--- + layout/generic/nsFrame.cpp | 13 +++++-------- + layout/painting/nsDisplayList.cpp | 9 ++++++++- + 2 files changed, 13 insertions(+), 9 deletions(-) + +diff --git layout/generic/nsFrame.cpp layout/generic/nsFrame.cpp +index 37f2e2801220..dbfd61b7e142 100644 +--- layout/generic/nsFrame.cpp ++++ layout/generic/nsFrame.cpp +@@ -2803,14 +2803,11 @@ nsIFrame::BuildDisplayListForStackingContext(nsDisplayListBuilder* aBuilder, + buildingDisplayList.SetReferenceFrameAndCurrentOffset(outerReferenceFrame, + GetOffsetToCrossDoc(outerReferenceFrame)); + +- if (!aBuilder->IsForGenerateGlyphMask() && +- !aBuilder->IsForPaintingSelectionBG()) { +- nsDisplayTransform *transformItem = +- new (aBuilder) nsDisplayTransform(aBuilder, this, +- &resultList, dirtyRect, 0, +- allowAsyncAnimation); +- resultList.AppendNewToTop(transformItem); +- } ++ nsDisplayTransform *transformItem = ++ new (aBuilder) nsDisplayTransform(aBuilder, this, ++ &resultList, dirtyRect, 0, ++ allowAsyncAnimation); ++ resultList.AppendNewToTop(transformItem); + + if (hasPerspective) { + if (clipCapturedBy == ContainerItemType::ePerspective) { +diff --git layout/painting/nsDisplayList.cpp layout/painting/nsDisplayList.cpp +index 801e1ea2fb4d..6477bda52f01 100644 +--- layout/painting/nsDisplayList.cpp ++++ layout/painting/nsDisplayList.cpp +@@ -7976,11 +7976,18 @@ already_AddRefed nsDisplayTransform::BuildLayer(nsDisplayListBuilder *aBu + LayerManager *aManager, + const ContainerLayerParameters& aContainerParameters) + { ++ // While generating a glyph mask, the transform vector of the root frame had ++ // been applied into the target context, so stop applying it again here. ++ const bool shouldSkipTransform = ++ (aBuilder->RootReferenceFrame() == mFrame) && ++ (aBuilder->IsForGenerateGlyphMask() || aBuilder->IsForPaintingSelectionBG()); ++ + /* For frames without transform, it would not be removed for + * backface hidden here. But, it would be removed by the init + * function of nsDisplayTransform. + */ +- const Matrix4x4& newTransformMatrix = GetTransformForRendering(); ++ const Matrix4x4 newTransformMatrix = ++ shouldSkipTransform ? Matrix4x4(): GetTransformForRendering(); + + uint32_t flags = FrameLayerBuilder::CONTAINER_ALLOW_PULL_BACKGROUND_COLOR; + RefPtr container = aManager->GetLayerBuilder()-> +diff --git dom/svg/crashtests/1343147.svg dom/svg/crashtests/1343147.svg +new file mode 100644 +index 000000000000..d9c2611ca822 +--- /dev/null ++++ dom/svg/crashtests/1343147.svg +@@ -0,0 +1,13 @@ ++ ++ ++ hello ++ +diff --git dom/svg/crashtests/crashtests.list dom/svg/crashtests/crashtests.list +index 1727a206ec4f..57ab320161e2 100644 +--- dom/svg/crashtests/crashtests.list ++++ dom/svg/crashtests/crashtests.list +@@ -90,4 +90,5 @@ load 1329849-5.svg + load 1329849-6.svg + load 1329093-1.html + load 1329093-2.html ++load 1343147.svg + load 1402798.html Property changes on: branches/2017Q4/www/firefox/files/patch-bug1343147 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1355576 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1355576 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1355576 (revision 454980) @@ -0,0 +1,262 @@ +commit e530ba4d4394 +Author: Thomas Wisniewski +Date: Tue Jul 4 20:59:26 2017 -0400 + + Bug 1355576 - Add ability to clear all localStorage with the browsingData API; r=bsilverberg,janv + + MozReview-Commit-ID: 4UUqg62yIo9 + + --HG-- + extra : rebase_source : 9c6154bbe878fc3921d22027fdc90dbdaed05be9 +--- + browser/components/extensions/ext-browsingData.js | 10 +++ + .../extensions/schemas/browsing_data.json | 1 - + .../extensions/test/browser/browser-common.ini | 1 + + .../browser_ext_browsingData_localStorage.js | 93 ++++++++++++++++++++++ + .../test/xpcshell/test_ext_browsingData.js | 4 +- + dom/storage/LocalStorageManager.cpp | 3 +- + dom/storage/StorageObserver.cpp | 12 +++ + .../extensions/schemas/browsing_data.json | 1 - + 8 files changed, 120 insertions(+), 5 deletions(-) + +diff --git browser/components/extensions/ext-browsingData.js browser/components/extensions/ext-browsingData.js +index fd59141dd15d..109ec9601487 100644 +--- browser/components/extensions/ext-browsingData.js ++++ browser/components/extensions/ext-browsingData.js +@@ -83,6 +83,10 @@ const clearHistory = options => { + return sanitizer.items.history.clear(makeRange(options)); + }; + ++const clearLocalStorage = async function(options) { ++ Services.obs.notifyObservers(null, "extension:purge-localStorage"); ++}; ++ + const clearPasswords = async function(options) { + let loginManager = Services.logins; + let yieldCounter = 0; +@@ -152,6 +156,9 @@ const doRemoval = (options, dataToRemove, extension) => { + case "history": + removalPromises.push(clearHistory(options)); + break; ++ case "localStorage": ++ removalPromises.push(clearLocalStorage(options)); ++ break; + case "passwords": + removalPromises.push(clearPasswords(options)); + break; +@@ -225,6 +232,9 @@ this.browsingData = class extends ExtensionAPI { + removeHistory(options) { + return doRemoval(options, {history: true}); + }, ++ removeLocalStorage(options) { ++ return doRemoval(options, {localStorage: true}); ++ }, + removePasswords(options) { + return doRemoval(options, {passwords: true}); + }, +diff --git browser/components/extensions/schemas/browsing_data.json browser/components/extensions/schemas/browsing_data.json +index a780f5640c8f..7755714eb898 100644 +--- browser/components/extensions/schemas/browsing_data.json ++++ browser/components/extensions/schemas/browsing_data.json +@@ -341,7 +341,6 @@ + "description": "Clears websites' local storage data.", + "type": "function", + "async": "callback", +- "unsupported": true, + "parameters": [ + { + "$ref": "RemovalOptions", +diff --git browser/components/extensions/test/browser/browser-common.ini browser/components/extensions/test/browser/browser-common.ini +index 464b8ba18f37..e3f7700f3939 100644 +--- browser/components/extensions/test/browser/browser-common.ini ++++ browser/components/extensions/test/browser/browser-common.ini +@@ -46,6 +46,7 @@ skip-if = (os == 'win' && !debug) # bug 1352668 + [browser_ext_browserAction_theme_icons.js] + [browser_ext_browsingData_formData.js] + [browser_ext_browsingData_history.js] ++[browser_ext_browsingData_localStorage.js] + [browser_ext_browsingData_pluginData.js] + [browser_ext_browsingData_serviceWorkers.js] + [browser_ext_commands_execute_browser_action.js] +diff --git browser/components/extensions/test/browser/browser_ext_browsingData_localStorage.js browser/components/extensions/test/browser/browser_ext_browsingData_localStorage.js +new file mode 100644 +index 000000000000..215f26d1fcb6 +--- /dev/null ++++ browser/components/extensions/test/browser/browser_ext_browsingData_localStorage.js +@@ -0,0 +1,93 @@ ++/* -*- Mode: indent-tabs-mode: nil; js-indent-level: 2 -*- */ ++/* vim: set sts=2 sw=2 et tw=80: */ ++"use strict"; ++ ++add_task(async function testLocalStorage() { ++ async function background() { ++ function openTabs() { ++ let promise = new Promise(resolve => { ++ let tabURLs = [ ++ "http://example.com/", ++ "http://example.net/", ++ ]; ++ ++ let tabs; ++ let waitingCount = tabURLs.length; ++ ++ let listener = async msg => { ++ if (msg !== "content-script-ready" || --waitingCount) { ++ return; ++ } ++ browser.runtime.onMessage.removeListener(listener); ++ resolve(Promise.all(tabs)); ++ }; ++ ++ browser.runtime.onMessage.addListener(listener); ++ ++ tabs = tabURLs.map(url => { ++ return browser.tabs.create({url: url}); ++ }); ++ }); ++ ++ return promise; ++ } ++ ++ function sendMessageToTabs(tabs, message) { ++ return Promise.all( ++ tabs.map(tab => { return browser.tabs.sendMessage(tab.id, message); })); ++ } ++ ++ let tabs = await openTabs(); ++ ++ await sendMessageToTabs(tabs, "resetLocalStorage"); ++ await sendMessageToTabs(tabs, "checkLocalStorageSet"); ++ await browser.browsingData.removeLocalStorage({}); ++ await sendMessageToTabs(tabs, "checkLocalStorageCleared"); ++ ++ await sendMessageToTabs(tabs, "resetLocalStorage"); ++ await sendMessageToTabs(tabs, "checkLocalStorageSet"); ++ await browser.browsingData.remove({}, {localStorage: true}); ++ await sendMessageToTabs(tabs, "checkLocalStorageCleared"); ++ ++ browser.tabs.remove(tabs.map(tab => tab.id)); ++ ++ browser.test.notifyPass("done"); ++ } ++ ++ function contentScript() { ++ browser.runtime.onMessage.addListener(msg => { ++ if (msg === "resetLocalStorage") { ++ localStorage.clear(); ++ localStorage.setItem("test", "test"); ++ } else if (msg === "checkLocalStorageSet") { ++ browser.test.assertEq("test", localStorage.getItem("test")); ++ } else if (msg === "checkLocalStorageCleared") { ++ browser.test.assertEq(null, localStorage.getItem("test")); ++ } ++ }); ++ browser.runtime.sendMessage("content-script-ready"); ++ } ++ ++ let extension = ExtensionTestUtils.loadExtension({ ++ background, ++ manifest: { ++ "permissions": ["browsingData"], ++ "content_scripts": [{ ++ "matches": [ ++ "http://example.com/", ++ "http://example.net/", ++ ], ++ "js": ["content-script.js"], ++ "run_at": "document_start", ++ }], ++ }, ++ files: { ++ "content-script.js": contentScript, ++ }, ++ }); ++ ++ await extension.startup(); ++ await extension.awaitFinish("done"); ++ await extension.unload(); ++}); ++ +diff --git browser/components/extensions/test/xpcshell/test_ext_browsingData.js browser/components/extensions/test/xpcshell/test_ext_browsingData.js +index 0c1c4874ca44..0b8972058e64 100644 +--- browser/components/extensions/test/xpcshell/test_ext_browsingData.js ++++ browser/components/extensions/test/xpcshell/test_ext_browsingData.js +@@ -44,7 +44,7 @@ add_task(async function testInvalidArguments() { + + add_task(async function testUnimplementedDataType() { + function background() { +- browser.browsingData.remove({}, {localStorage: true}); ++ browser.browsingData.remove({}, {indexedDB: true}); + browser.test.sendMessage("finished"); + } + +@@ -61,6 +61,6 @@ add_task(async function testUnimplementedDataType() { + await extension.unload(); + }); + +- let warningObserved = messages.find(line => /Firefox does not support dataTypes: localStorage/.test(line)); ++ let warningObserved = messages.find(line => /Firefox does not support dataTypes: indexedDB/.test(line)); + ok(warningObserved, "Warning issued when calling remove with an unimplemented dataType."); + }); +diff --git dom/storage/LocalStorageManager.cpp dom/storage/LocalStorageManager.cpp +index a161de2bc596..f366e7874a90 100644 +--- dom/storage/LocalStorageManager.cpp ++++ dom/storage/LocalStorageManager.cpp +@@ -386,7 +386,8 @@ LocalStorageManager::Observe(const char* aTopic, + } + + // Clear everything, caches + database +- if (!strcmp(aTopic, "cookie-cleared")) { ++ if (!strcmp(aTopic, "cookie-cleared") || ++ !strcmp(aTopic, "extension:purge-localStorage-caches")) { + ClearCaches(LocalStorageCache::kUnloadComplete, pattern, EmptyCString()); + return NS_OK; + } +diff --git dom/storage/StorageObserver.cpp dom/storage/StorageObserver.cpp +index e5b010f88c7b..48d484748209 100644 +--- dom/storage/StorageObserver.cpp ++++ dom/storage/StorageObserver.cpp +@@ -66,6 +66,7 @@ StorageObserver::Init() + obs->AddObserver(sSelf, "browser:purge-domain-data", true); + obs->AddObserver(sSelf, "last-pb-context-exited", true); + obs->AddObserver(sSelf, "clear-origin-attributes-data", true); ++ obs->AddObserver(sSelf, "extension:purge-localStorage", true); + + // Shutdown + obs->AddObserver(sSelf, "profile-after-change", true); +@@ -270,6 +271,23 @@ StorageObserver::Observe(nsISupports* aSubject, + + Notify("session-only-cleared", NS_ConvertUTF8toUTF16(originSuffix), + originScope); ++ ++ return NS_OK; ++ } ++ ++ if (!strcmp(aTopic, "extension:purge-localStorage")) { ++ StorageDBChild* storageChild = StorageDBChild::GetOrCreate(); ++ if (NS_WARN_IF(!storageChild)) { ++ return NS_ERROR_FAILURE; ++ } ++ ++ storageChild->AsyncClearAll(); ++ ++ if (XRE_IsParentProcess()) { ++ storageChild->SendClearAll(); ++ } ++ ++ Notify("extension:purge-localStorage-caches"); + + return NS_OK; + } +diff --git mobile/android/components/extensions/schemas/browsing_data.json mobile/android/components/extensions/schemas/browsing_data.json +index 483a462d422c..1019c1a23953 100644 +--- mobile/android/components/extensions/schemas/browsing_data.json ++++ mobile/android/components/extensions/schemas/browsing_data.json +@@ -345,7 +345,6 @@ + "description": "Clears websites' local storage data.", + "type": "function", + "async": "callback", +- "unsupported": true, + "parameters": [ + { + "$ref": "RemovalOptions", Property changes on: branches/2017Q4/www/firefox/files/patch-bug1355576 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1365894 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1365894 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1365894 (revision 454980) @@ -0,0 +1,60 @@ +commit 97515a9302ed +Author: James Cheng +Date: Mon Oct 9 13:40:12 2017 -0400 + + Bug 1365894 - Make SystemGroupImpl be a normal ref-counted object. r=ehsan, a=ritu + + MozReview-Commit-ID: LUcoBhNx2M5 + + --HG-- + extra : source : 3959033a31666770047dd460979032464a48ba66 +--- + xpcom/threads/SystemGroup.cpp | 18 +++++------------- + 1 file changed, 5 insertions(+), 13 deletions(-) + +diff --git xpcom/threads/SystemGroup.cpp xpcom/threads/SystemGroup.cpp +index a95ecc6cdd77..04bf3bd248ef 100644 +--- xpcom/threads/SystemGroup.cpp ++++ xpcom/threads/SystemGroup.cpp +@@ -16,7 +16,7 @@ class SystemGroupImpl final : public SchedulerGroup + { + public: + SystemGroupImpl(); +- ~SystemGroupImpl() {} ++ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SystemGroupImpl) + + static void InitStatic(); + static void ShutdownStatic(); +@@ -24,20 +24,12 @@ public: + + static bool Initialized() { return !!sSingleton; } + +- NS_METHOD_(MozExternalRefCountType) AddRef(void) +- { +- return 2; +- } +- NS_METHOD_(MozExternalRefCountType) Release(void) +- { +- return 1; +- } +- + private: +- static UniquePtr sSingleton; ++ ~SystemGroupImpl() = default; ++ static StaticRefPtr sSingleton; + }; + +-UniquePtr SystemGroupImpl::sSingleton; ++StaticRefPtr SystemGroupImpl::sSingleton; + + SystemGroupImpl::SystemGroupImpl() + { +@@ -49,7 +41,7 @@ SystemGroupImpl::InitStatic() + { + MOZ_ASSERT(!sSingleton); + MOZ_ASSERT(NS_IsMainThread()); +- sSingleton = MakeUnique(); ++ sSingleton = new SystemGroupImpl(); + } + + /* static */ void Property changes on: branches/2017Q4/www/firefox/files/patch-bug1365894 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1366420 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1366420 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1366420 (revision 454980) @@ -0,0 +1,128 @@ +commit dfe9efffb57b +Author: Marco Bonardo +Date: Wed Oct 4 11:13:19 2017 +0200 + + Bug 1366420. r=standard8, a=ritu + + MozReview-Commit-ID: FOIqr5RdRjz + + --HG-- + extra : source : 08312cdfb2304264e6871357fe2e6e7831272d21 +--- + toolkit/components/places/BookmarkHTMLUtils.jsm | 2 +- + .../unit/test_bookmarks_html_escape_entities.js | 81 ++++++++++++++++++++++ + toolkit/components/places/tests/unit/xpcshell.ini | 1 + + 3 files changed, 83 insertions(+), 1 deletion(-) + +diff --git toolkit/components/places/BookmarkHTMLUtils.jsm toolkit/components/places/BookmarkHTMLUtils.jsm +index 653e29fc5875..f4c1e7495d32 100644 +--- toolkit/components/places/BookmarkHTMLUtils.jsm ++++ toolkit/components/places/BookmarkHTMLUtils.jsm +@@ -1143,7 +1143,7 @@ BookmarkExporter.prototype = { + if (aItem.charset) + this._writeAttribute("LAST_CHARSET", escapeHtmlEntities(aItem.charset)); + if (aItem.tags) +- this._writeAttribute("TAGS", aItem.tags); ++ this._writeAttribute("TAGS", escapeHtmlEntities(aItem.tags)); + this._writeLine(">" + escapeHtmlEntities(aItem.title) + ""); + this._writeDescription(aItem, aIndent); + }, +diff --git toolkit/components/places/tests/unit/test_bookmarks_html_escape_entities.js toolkit/components/places/tests/unit/test_bookmarks_html_escape_entities.js +new file mode 100644 +index 000000000000..73c5e0e0744d +--- /dev/null ++++ toolkit/components/places/tests/unit/test_bookmarks_html_escape_entities.js +@@ -0,0 +1,81 @@ ++/* Any copyright is dedicated to the Public Domain. ++ * http://creativecommons.org/publicdomain/zero/1.0/ */ ++ ++"use strict"; ++ ++// Checks that html entities are escaped in bookmarks.html files. ++ ++const DESCRIPTION_ANNO = "bookmarkProperties/description"; ++ ++add_task(async function() { ++ // Removes bookmarks.html if the file already exists. ++ let HTMLFile = OS.Path.join(OS.Constants.Path.profileDir, "bookmarks.html"); ++ if ((await OS.File.exists(HTMLFile))) { ++ await OS.File.remove(HTMLFile); ++ } ++ ++ let unescaped = ''; ++ // Adds bookmarks and tags to the database. ++ const url = 'http://www.google.it/"/'; ++ let bm = await PlacesUtils.bookmarks.insert({ ++ parentGuid: PlacesUtils.bookmarks.unfiledGuid, ++ url, ++ title: unescaped ++ }); ++ await PlacesUtils.keywords.insert({ url, keyword: unescaped, postData: unescaped }) ++ let uri = Services.io.newURI(url); ++ PlacesUtils.tagging.tagURI(uri, [unescaped]); ++ await PlacesUtils.setCharsetForURI(uri, unescaped); ++ PlacesUtils.annotations.setItemAnnotation( ++ await PlacesUtils.promiseItemId(bm.guid), ++ DESCRIPTION_ANNO, unescaped, 0, PlacesUtils.annotations.EXPIRE_NEVER); ++ ++ // Exports the bookmarks as a HTML file. ++ await BookmarkHTMLUtils.exportToFile(HTMLFile); ++ await PlacesUtils.bookmarks.remove(bm); ++ ++ // Check there are no unescaped entities in the html file. ++ let xml = await new Promise((resolve, reject) => { ++ let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"] ++ .createInstance(Ci.nsIXMLHttpRequest); ++ xhr.onload = () => { ++ try { ++ resolve(xhr.responseXML); ++ } catch (e) { ++ reject(e); ++ } ++ }; ++ xhr.onabort = xhr.onerror = xhr.ontimeout = () => { ++ reject(new Error("xmlhttprequest failed")); ++ }; ++ xhr.open("GET", OS.Path.toFileURI(HTMLFile)); ++ xhr.responseType = "document"; ++ xhr.overrideMimeType("text/html"); ++ xhr.send(); ++ }); ++ ++ let checksCount = 6; ++ for (let current = xml; current; ++ current = current.firstChild || current.nextSibling || current.parentNode.nextSibling) { ++ switch (current.nodeType) { ++ case Ci.nsIDOMNode.ELEMENT_NODE: ++ for (let {name, value} of current.attributes) { ++ do_print("Found attribute: " + name); ++ // Check tags, keyword, postData and charSet. ++ if (["tags", "last_charset", "shortcuturl", "post_data"].includes(name)) { ++ Assert.equal(value, unescaped, `Attribute ${name} should be complete`); ++ checksCount--; ++ } ++ } ++ break; ++ case Ci.nsIDOMNode.TEXT_NODE: ++ // Check Title and description. ++ if (!current.data.startsWith("\n") && !current.data.includes("Bookmarks")) { ++ Assert.equal(current.data.trim(), unescaped, "Text node should be complete"); ++ checksCount--; ++ } ++ break; ++ } ++ } ++ Assert.equal(checksCount, 0, "All the checks ran") ++}); +diff --git toolkit/components/places/tests/unit/xpcshell.ini toolkit/components/places/tests/unit/xpcshell.ini +index 6952e4158753..776e7e548f92 100644 +--- toolkit/components/places/tests/unit/xpcshell.ini ++++ toolkit/components/places/tests/unit/xpcshell.ini +@@ -67,6 +67,7 @@ skip-if = (os == "win" && os_version == "5.1") # Bug 1158887 + [test_bookmarks_json.js] + [test_bookmarks_html.js] + [test_bookmarks_html_corrupt.js] ++[test_bookmarks_html_escape_entities.js] + [test_bookmarks_html_import_tags.js] + [test_bookmarks_html_singleframe.js] + [test_bookmarks_restore_notification.js] Property changes on: branches/2017Q4/www/firefox/files/patch-bug1366420 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1369561 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1369561 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1369561 (revision 454980) @@ -0,0 +1,66 @@ +commit 4a1737e0c456 +Author: David Keeler +Date: Fri Sep 15 14:47:54 2017 -0700 + + Bug 1369561 - Address misc. SnprintfLiteral correctness nits. r=jld, r=froydnj, a=ritu + + --HG-- + extra : source : f5533b6cd09c35eef381e311940b5bd5231d3553 +--- + security/sandbox/linux/SandboxUtil.cpp | 17 ++++++++++------- + xpcom/base/nsSystemInfo.cpp | 2 +- + 2 files changed, 11 insertions(+), 8 deletions(-) + +diff --git security/sandbox/linux/SandboxUtil.cpp security/sandbox/linux/SandboxUtil.cpp +index ad6003ecaad5..999329882364 100644 +--- security/sandbox/linux/SandboxUtil.cpp ++++ security/sandbox/linux/SandboxUtil.cpp +@@ -62,7 +62,6 @@ UnshareUserNamespace() + uid_t uid = getuid(); + gid_t gid = getgid(); + char buf[80]; +- size_t len; + + if (syscall(__NR_unshare, CLONE_NEWUSER) != 0) { + return false; +@@ -84,17 +83,21 @@ UnshareUserNamespace() + // current thread. However, CLONE_NEWUSER can be unshared only in a + // single-threaded process, so those are equivalent if we reach this + // point. +- len = size_t(SprintfLiteral(buf, "%u %u 1\n", uid, uid)); +- MOZ_ASSERT(len < sizeof(buf)); +- if (!WriteStringToFile("/proc/self/uid_map", buf, len)) { ++ int len = SprintfLiteral(buf, "%u %u 1\n", uid, uid); ++ if (len >= int(sizeof(buf)) || len < 0) { ++ return false; ++ } ++ if (!WriteStringToFile("/proc/self/uid_map", buf, size_t(len))) { + MOZ_CRASH("Failed to write /proc/self/uid_map"); + } + + Unused << WriteStringToFile("/proc/self/setgroups", "deny", 4); + +- len = size_t(SprintfLiteral(buf, "%u %u 1\n", gid, gid)); +- MOZ_ASSERT(len < sizeof(buf)); +- if (!WriteStringToFile("/proc/self/gid_map", buf, len)) { ++ len = SprintfLiteral(buf, "%u %u 1\n", gid, gid); ++ if (len >= int(sizeof(buf)) || len < 0) { ++ return false; ++ } ++ if (!WriteStringToFile("/proc/self/gid_map", buf, size_t(len))) { + MOZ_CRASH("Failed to write /proc/self/gid_map"); + } + return true; +diff --git xpcom/base/nsSystemInfo.cpp xpcom/base/nsSystemInfo.cpp +index e5a7fe97be03..782dc9abf37d 100644 +--- xpcom/base/nsSystemInfo.cpp ++++ xpcom/base/nsSystemInfo.cpp +@@ -706,7 +706,7 @@ nsSystemInfo::Init() + } + + nsAutoCString secondaryLibrary; +- if (gtkver_len > 0) { ++ if (gtkver_len > 0 && gtkver_len < int(sizeof(gtkver))) { + secondaryLibrary.Append(nsDependentCSubstring(gtkver, gtkver_len)); + } + Property changes on: branches/2017Q4/www/firefox/files/patch-bug1369561 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1370497 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1370497 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1370497 (revision 454980) @@ -0,0 +1,100 @@ +commit c79086d4c25c +Author: Jonathan Kew +Date: Wed Sep 27 11:16:35 2017 +0100 + + Bug 1370497 - Check ScriptExtensions property of combining marks when available. r=valentin, a=ritu + + --HG-- + extra : source : 6bd2d96c0c3d952b205e1bb2f6915cbc820a61a1 + extra : amend_source : b0c6b6fbea0bf77c8d1527e131d3773b4d959ea0 +--- + netwerk/dns/nsIDNService.cpp | 45 ++++++++++++++++++++++++++++++++------ + netwerk/test/unit/test_idn_urls.js | 5 +++++ + 2 files changed, 43 insertions(+), 7 deletions(-) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index 4c45a2d52e45..e07910a7e70d 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -26,6 +26,7 @@ + const bool kIDNA2008_TransitionalProcessing = false; + + #include "ICUUtils.h" ++#include "unicode/uscript.h" + #endif + + using namespace mozilla::unicode; +@@ -900,8 +901,8 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + } + + // Check for mixed numbering systems +- if (GetGeneralCategory(ch) == +- HB_UNICODE_GENERAL_CATEGORY_DECIMAL_NUMBER) { ++ auto genCat = GetGeneralCategory(ch); ++ if (genCat == HB_UNICODE_GENERAL_CATEGORY_DECIMAL_NUMBER) { + uint32_t zeroCharacter = ch - GetNumericValue(ch); + if (savedNumberingSystem == 0) { + // If we encounter a decimal number, save the zero character from that +@@ -912,11 +913,41 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + } + } + +- // Check for consecutive non-spacing marks +- if (previousChar != 0 && +- previousChar == ch && +- GetGeneralCategory(ch) == HB_UNICODE_GENERAL_CATEGORY_NON_SPACING_MARK) { +- return false; ++ if (genCat == HB_UNICODE_GENERAL_CATEGORY_NON_SPACING_MARK) { ++ // Check for consecutive non-spacing marks. ++ if (previousChar != 0 && previousChar == ch) { ++ return false; ++ } ++ // Check for marks whose expected script doesn't match the base script. ++ if (lastScript != Script::INVALID) { ++ const size_t kMaxScripts = 32; // more than ample for current values ++ // of ScriptExtensions property ++ UScriptCode scripts[kMaxScripts]; ++ UErrorCode errorCode = U_ZERO_ERROR; ++ int nScripts = uscript_getScriptExtensions(ch, scripts, kMaxScripts, ++ &errorCode); ++ MOZ_ASSERT(U_SUCCESS(errorCode), "uscript_getScriptExtensions failed"); ++ if (U_FAILURE(errorCode)) { ++ return false; ++ } ++ // nScripts will always be >= 1, because even for undefined characters ++ // uscript_getScriptExtensions will return Script::INVALID. ++ // If the mark just has script=COMMON or INHERITED, we can't check any ++ // more carefully, but if it has specific scriptExtension codes, then ++ // assume those are the only valid scripts to use it with. ++ if (nScripts > 1 || ++ (Script(scripts[0]) != Script::COMMON && ++ Script(scripts[0]) != Script::INHERITED)) { ++ while (--nScripts >= 0) { ++ if (Script(scripts[nScripts]) == lastScript) { ++ break; ++ } ++ } ++ if (nScripts == -1) { ++ return false; ++ } ++ } ++ } + } + + // Simplified/Traditional Chinese check temporarily disabled -- bug 857481 +diff --git netwerk/test/unit/test_idn_urls.js netwerk/test/unit/test_idn_urls.js +index 0d8cf3216293..f39a9650a13b 100644 +--- netwerk/test/unit/test_idn_urls.js ++++ netwerk/test/unit/test_idn_urls.js +@@ -295,6 +295,11 @@ const testcases = [ + ["䕮䕵䕶䕱.中国123", "xn--google.xn--123-u68dy61b", false, true, true], + ["xn--accountlogin.䕮䕵䕶䕱", "xn--accountlogin.xn--google", false, true, true], + ["䕮䕵䕶䕱.xn--accountlogin", "xn--google.xn--accountlogin", false, true, true], ++ ++ // Arabic diacritic not allowed in Latin text (bug 1370497) ++ ["goo\u0650gle", "xn--google-yri", false, false, false], ++ // ...but Arabic diacritics are allowed on Arabic text ++ ["العَرَبِي", "xn--mgbc0a5a6cxbzabt", false, true, true], + ]; + + const profiles = ["ASCII", "high", "moderate"]; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1370497 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1375146 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1375146 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1375146 (revision 454980) @@ -0,0 +1,37 @@ +commit b481800095d4 +Author: Stone Shih +Date: Tue Sep 19 15:41:52 2017 +0800 + + Bug 1375146 - Revise sending drag event. r=smaug, a=ritu + + --HG-- + extra : source : d4496b8befbf0ef5ae124a9fbda37ad5b885f9e1 +--- + dom/events/EventStateManager.cpp | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git dom/events/EventStateManager.cpp dom/events/EventStateManager.cpp +index b94dc0c88e01..1f48884058de 100644 +--- dom/events/EventStateManager.cpp ++++ dom/events/EventStateManager.cpp +@@ -1292,8 +1292,9 @@ EventStateManager::DispatchCrossProcessEvent(WidgetEvent* aEvent, + return; + } + case eDragEventClass: { +- if (remote->Manager()->IsContentParent()) { +- remote->Manager()->AsContentParent()->MaybeInvokeDragSession(remote); ++ RefPtr tabParent = remote; ++ if (tabParent->Manager()->IsContentParent()) { ++ tabParent->Manager()->AsContentParent()->MaybeInvokeDragSession(tabParent); + } + + nsCOMPtr dragSession = nsContentUtils::GetDragSession(); +@@ -1309,7 +1310,7 @@ EventStateManager::DispatchCrossProcessEvent(WidgetEvent* aEvent, + } + } + +- remote->SendRealDragEvent(*aEvent->AsDragEvent(), action, dropEffect); ++ tabParent->SendRealDragEvent(*aEvent->AsDragEvent(), action, dropEffect); + return; + } + case ePluginEventClass: { Property changes on: branches/2017Q4/www/firefox/files/patch-bug1375146 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1377587 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1377587 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1377587 (revision 454980) @@ -0,0 +1,929 @@ +commit 2b68b38709b1 +Author: Andrew McCreight +Date: Tue Aug 22 14:24:11 2017 -0700 + + Bug 1377587, part 1 - Always act like __exposedProps__ is missing. r=krizsa + + This patch gently removes support for __exposedProps__ by changing + ExposedPropertiesOnly::check() to always return false, while still + failing silently in deny for some kinds of access. + + The tests that I changed all involve testing the behavior with + __exposedProps__. I adjusted them to expect it to fail, or to adjust + the error message they get when they fail. That seemed better than + deleting them entirely. + + Note that test_bug1065185.html had a bug, so that it never executed + the first case. I fixed that, and then fixed up the test to work when + __exposedProps__ is not supported. + + This also removes various bits of the test framework that use + __exposedProps__, but don't actually need to. + + MozReview-Commit-ID: 8fvkAmITmXY + + --HG-- + extra : rebase_source : ef7e2c55adc12511f17f3865ebb46c343875f0b3 +--- + addon-sdk/source/lib/sdk/console/plain-text.js | 10 -- + addon-sdk/source/lib/sdk/test/loader.js | 5 - + .../addons/e10s-content/lib/test-content-script.js | 6 +- + addon-sdk/source/test/test-content-script.js | 6 +- + devtools/server/tests/unit/test_objectgrips-17.js | 4 - + dom/base/nsDeprecatedOperationList.h | 1 - + dom/base/test/chrome/cpows_child.js | 12 +- + dom/locales/en-US/chrome/dom/dom.properties | 2 - + js/xpconnect/src/XPCJSRuntime.cpp | 1 - + js/xpconnect/src/xpcprivate.h | 1 - + js/xpconnect/tests/chrome/test_bug1065185.html | 6 +- + js/xpconnect/tests/chrome/test_cows.xul | 80 +++------ + js/xpconnect/tests/chrome/test_exposeInDerived.xul | 13 +- + js/xpconnect/tests/unit/test_bug1082450.js | 20 +-- + js/xpconnect/tests/unit/test_bug780370.js | 7 +- + js/xpconnect/tests/unit/test_bug813901.js | 2 +- + js/xpconnect/tests/unit/test_bug853709.js | 4 +- + js/xpconnect/tests/unit/test_bug854558.js | 2 +- + js/xpconnect/tests/unit/test_bug930091.js | 2 +- + js/xpconnect/wrappers/AccessCheck.cpp | 179 --------------------- + js/xpconnect/wrappers/AccessCheck.h | 11 +- + js/xpconnect/wrappers/ChromeObjectWrapper.h | 6 +- + js/xpconnect/wrappers/WrapperFactory.cpp | 4 +- + js/xpconnect/wrappers/XrayWrapper.cpp | 2 +- + testing/mochitest/tests/SimpleTest/ChromePowers.js | 9 -- + .../specialpowers/content/MockPermissionPrompt.jsm | 12 -- + .../components/addoncompat/RemoteAddonsParent.jsm | 2 +- + 27 files changed, 74 insertions(+), 335 deletions(-) + +diff --git addon-sdk/source/lib/sdk/console/plain-text.js addon-sdk/source/lib/sdk/console/plain-text.js +index 0e44cf106d52..07b8eb629e12 100644 +--- addon-sdk/source/lib/sdk/console/plain-text.js ++++ addon-sdk/source/lib/sdk/console/plain-text.js +@@ -62,16 +62,6 @@ function PlainTextConsole(print, innerID) { + } + }); + +- // We defined the `__exposedProps__` in our console chrome object. +- // +- // Meanwhile we're investigating with the platform team if `__exposedProps__` +- // are needed, or are just a left-over. +- +- console.__exposedProps__ = Object.keys(ConsoleAPI.prototype).reduce(function(exposed, prop) { +- exposed[prop] = "r"; +- return exposed; +- }, {}); +- + Object.freeze(console); + return console; + }; +diff --git addon-sdk/source/lib/sdk/test/loader.js addon-sdk/source/lib/sdk/test/loader.js +index 33ba2ca5a029..b555de63f02a 100644 +--- addon-sdk/source/lib/sdk/test/loader.js ++++ addon-sdk/source/lib/sdk/test/loader.js +@@ -53,11 +53,6 @@ function HookedPlainTextConsole(hook, print, innerID) { + this.exception = hook.bind(null, "exception", innerID); + this.time = hook.bind(null, "time", innerID); + this.timeEnd = hook.bind(null, "timeEnd", innerID); +- +- this.__exposedProps__ = { +- log: "rw", info: "rw", warn: "rw", error: "rw", debug: "rw", +- exception: "rw", time: "rw", timeEnd: "rw" +- }; + } + + // Creates a custom loader instance whose console module is hooked in order +diff --git addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js +index 477895e40481..3dccfec618d3 100644 +--- addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js ++++ addon-sdk/source/test/addons/e10s-content/lib/test-content-script.js +@@ -444,7 +444,7 @@ exports["test Highlight toString Behavior"] = createProxyTest("", function (help + let strToString = helper.rawWindow.Object.prototype.toString.call(""); + assert.ok(/\[object String.*\]/.test(strToString), "strings are strings"); + +- let o = {__exposedProps__:{}}; ++ let o = {}; + let objToString = helper.rawWindow.Object.prototype.toString.call(o); + assert.ok(/\[object Object.*\]/.test(objToString), "objects are objects"); + +@@ -622,10 +622,6 @@ exports["test Functions"] = createProxyTest("", function (helper) { + helper.rawWindow.isEqual = function isEqual(a, b) { + return a == b; + }; +- // bug 784116: workaround in order to allow proxy code to cache proxies on +- // these functions: +- helper.rawWindow.callFunction.__exposedProps__ = {__proxy: 'rw'}; +- helper.rawWindow.isEqual.__exposedProps__ = {__proxy: 'rw'}; + + helper.createWorker( + 'new ' + function ContentScriptScope() { +diff --git addon-sdk/source/test/test-content-script.js addon-sdk/source/test/test-content-script.js +index 709fb5a3aa91..a02e66f65eea 100644 +--- addon-sdk/source/test/test-content-script.js ++++ addon-sdk/source/test/test-content-script.js +@@ -444,7 +444,7 @@ exports["test Highlight toString Behavior"] = createProxyTest("", function (help + let strToString = helper.rawWindow.Object.prototype.toString.call(""); + assert.ok(/\[object String.*\]/.test(strToString), "strings are strings"); + +- let o = {__exposedProps__:{}}; ++ let o = {}; + let objToString = helper.rawWindow.Object.prototype.toString.call(o); + assert.ok(/\[object Object.*\]/.test(objToString), "objects are objects"); + +@@ -622,10 +622,6 @@ exports["test Functions"] = createProxyTest("", function (helper) { + helper.rawWindow.isEqual = function isEqual(a, b) { + return a == b; + }; +- // bug 784116: workaround in order to allow proxy code to cache proxies on +- // these functions: +- helper.rawWindow.callFunction.__exposedProps__ = {__proxy: 'rw'}; +- helper.rawWindow.isEqual.__exposedProps__ = {__proxy: 'rw'}; + + helper.createWorker( + 'new ' + function ContentScriptScope() { +diff --git dom/base/nsDeprecatedOperationList.h dom/base/nsDeprecatedOperationList.h +index 2523187c63a7..adcf4d9d8202 100644 +--- dom/base/nsDeprecatedOperationList.h ++++ dom/base/nsDeprecatedOperationList.h +@@ -21,7 +21,6 @@ DEPRECATED_OPERATION(NodeValue) + DEPRECATED_OPERATION(TextContent) + DEPRECATED_OPERATION(EnablePrivilege) + DEPRECATED_OPERATION(DOMExceptionCode) +-DEPRECATED_OPERATION(NoExposedProps) + DEPRECATED_OPERATION(MutationEvent) + DEPRECATED_OPERATION(Components) + DEPRECATED_OPERATION(PrefixedVisibilityAPI) +diff --git dom/base/test/chrome/cpows_child.js dom/base/test/chrome/cpows_child.js +index 6d240a7eaa51..fc7e3f2c9d0f 100644 +--- dom/base/test/chrome/cpows_child.js ++++ dom/base/test/chrome/cpows_child.js +@@ -105,7 +105,13 @@ function parent_test(finish) + + addMessageListener("cpows:from_parent", (msg) => { + let obj = msg.objects.obj; +- ok(obj.a == 1, "correct value from parent"); ++ if (is_remote) { ++ ok(obj.a == undefined, "__exposedProps__ should not work"); ++ } else { ++ // The same process test is not run as content, so the field can ++ // be accessed even though __exposedProps__ has been removed. ++ ok(obj.a == 1, "correct value from parent"); ++ } + + // Test that a CPOW reference to a function in the chrome process + // is callable from unprivileged content. Greasemonkey uses this +@@ -260,11 +266,11 @@ function lifetime_test(finish) + var obj = {"will_die": {"f": 1}}; + let [result] = sendRpcMessage("cpows:lifetime_test_1", {}, {obj: obj}); + ok(result == 10, "got sync result"); +- ok(obj.wont_die.f == 2, "got reverse CPOW"); ++ ok(obj.wont_die.f == undefined, "got reverse CPOW"); + obj.will_die = null; + Components.utils.schedulePreciseGC(function() { + addMessageListener("cpows:lifetime_test_3", (msg) => { +- ok(obj.wont_die.f == 2, "reverse CPOW still works"); ++ ok(obj.wont_die.f == undefined, "reverse CPOW still works"); + finish(); + }); + sendRpcMessage("cpows:lifetime_test_2"); +diff --git dom/locales/en-US/chrome/dom/dom.properties dom/locales/en-US/chrome/dom/dom.properties +index 5c94a580287a..ac9dbed58e08 100644 +--- dom/locales/en-US/chrome/dom/dom.properties ++++ dom/locales/en-US/chrome/dom/dom.properties +@@ -154,8 +154,6 @@ MediaEMENoCapabilitiesDeprecatedWarning=Calling navigator.requestMediaKeySystemA + MediaEMENoCodecsDeprecatedWarning=Calling navigator.requestMediaKeySystemAccess() (at %S) passing a candidate MediaKeySystemConfiguration containing audioCapabilities or videoCapabilities without a contentType with a “codecs” string is deprecated and will soon become unsupported. + # LOCALIZATION NOTE: Do not translate "DOMException", "code" and "name" + DOMExceptionCodeWarning=Use of DOMException’s code attribute is deprecated. Use name instead. +-# LOCALIZATION NOTE: Do not translate "__exposedProps__" +-NoExposedPropsWarning=Exposing chrome JS objects to content without __exposedProps__ is insecure and deprecated. See https://developer.mozilla.org/en/XPConnect_wrappers for more information. + # LOCALIZATION NOTE: Do not translate "Mutation Event" and "MutationObserver" + MutationEventWarning=Use of Mutation Events is deprecated. Use MutationObserver instead. + # LOCALIZATION NOTE: Do not translate "Components" +diff --git js/xpconnect/src/XPCJSRuntime.cpp js/xpconnect/src/XPCJSRuntime.cpp +index 455b9f8e963f..ff9aea0a41eb 100644 +--- js/xpconnect/src/XPCJSRuntime.cpp ++++ js/xpconnect/src/XPCJSRuntime.cpp +@@ -93,7 +93,6 @@ const char* const XPCJSRuntime::mStrings[] = { + "item", // IDX_ITEM + "__proto__", // IDX_PROTO + "__iterator__", // IDX_ITERATOR +- "__exposedProps__", // IDX_EXPOSEDPROPS + "eval", // IDX_EVAL + "controllers", // IDX_CONTROLLERS + "Controllers", // IDX_CONTROLLERS_CLASS +diff --git js/xpconnect/src/xpcprivate.h js/xpconnect/src/xpcprivate.h +index fb7e43c22cd0..5d877f09d301 100644 +--- js/xpconnect/src/xpcprivate.h ++++ js/xpconnect/src/xpcprivate.h +@@ -460,7 +460,6 @@ public: + IDX_ITEM , + IDX_PROTO , + IDX_ITERATOR , +- IDX_EXPOSEDPROPS , + IDX_EVAL , + IDX_CONTROLLERS , + IDX_CONTROLLERS_CLASS , +diff --git js/xpconnect/tests/chrome/test_bug1065185.html js/xpconnect/tests/chrome/test_bug1065185.html +index cdd65326f9c8..7ea81fc8aa6f 100644 +--- js/xpconnect/tests/chrome/test_bug1065185.html ++++ js/xpconnect/tests/chrome/test_bug1065185.html +@@ -25,11 +25,11 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1065185 + + var gLoadCount = 0; + function loaded() { +- switch(++gLoadCount) { ++ switch(gLoadCount++) { + case 0: +- doMonitor([]); ++ doMonitor([/access to property "a"/i]); + window[0].wrappedJSObject.probe = { a: 2, __exposedProps__: { 'a': 'r' } }; +- is(window[0].eval('probe.a'), 2, "Accessed exposed prop"); ++ is(window[0].eval('probe.a'), undefined, "Accessed exposed prop"); + endMonitor(); + break; + case 1: +diff --git js/xpconnect/tests/chrome/test_cows.xul js/xpconnect/tests/chrome/test_cows.xul +index 75c5250dd150..adfdd686540b 100644 +--- js/xpconnect/tests/chrome/test_cows.xul ++++ js/xpconnect/tests/chrome/test_cows.xul +@@ -49,13 +49,6 @@ sandbox.getCOW = getCOW; + const TEST_API = ['is', 'isnot', 'ok', 'todo_is', 'todo_isnot', 'todo']; + TEST_API.forEach(function(name) { sandbox[name] = window[name]; }); + +-sandbox.alienObject = { +- __exposedProps__: {funProp: 'r'}, +- funProp: function foo(x) { +- return x + 1; +- } +-}; +- + sandbox.chromeGet = function (obj, prop) { return obj[prop]; }; + + function COWTests() { +@@ -74,17 +67,6 @@ function COWTests() { + // functions like assertIsWritable(myObj, 'someproperty') might + // be useful. + +- function isProp(obj, propName, value, desc) { +- try { +- is(obj[propName], value, "getting " + propName + " on " + desc); +- ok(propName in obj, +- propName + " on " + desc + " should exist"); +- ok(Object.hasOwnProperty.call(obj, propName), +- propName + " on " + desc + " should exist"); +- } catch (e) { +- ok(false, "getting " + propName + " on " + desc + " threw " + e); +- } +- } + function isPropHidden(obj, propName, desc) { + try { + is(obj[propName], undefined, +@@ -103,7 +85,7 @@ function COWTests() { + var empty = {}; + var nonempty = {foo: 42, bar: 33}; + is(getCOW(empty).foo, undefined, +- "shouldn't throw when accessing exposed properties that doesn't exist"); ++ "shouldn't throw when accessing exposed properties that don't exist"); + + PROPS_TO_TEST.forEach(function(name) { + isPropHidden(getCOW(nonempty), name, "object without exposedProps"); +@@ -135,18 +117,12 @@ function COWTests() { + var strict = { __exposedProps__: { foo: "r" }, foo: "foo property" }; + var strictCOWr = getCOW(strict); + PROPS_TO_TEST.forEach(function(name) { +- if (name == "foo") { +- isProp(strictCOWr, name, "foo property", +- "object with exposed 'foo'"); +- } +- else { +- isPropHidden(strictCOW, name, "object with exposed 'foo'"); +- } ++ isPropHidden(strictCOW, name, "object with exposed 'foo'"); + }); +- is(getNames(strictCOWr).length, 1, +- "object with exposedProps only enumerate exposed props"); +- is(getNames(strictCOWr)[0], "foo", +- "object with exposedProps only enumerate exposed props"); ++ is(getNames(strictCOWr).length, 0, ++ "exposed props does not enumerate anything"); ++ is(getNames(strictCOWr)[0], undefined, ++ "exposed props does not enumerate anything"); + + // Test writable property + var writable = getCOW({ __exposedProps__: {foo: 'w'}}); +@@ -154,25 +130,18 @@ function COWTests() { + ok(!("foo" in writable), + "non-existing write-only property shouldn't exist"); + writable.foo = 5; +- is(chromeGet(writable, "foo"), 5, "writing to a write-only exposed prop works"); +- todo("foo" in writable, +- "existing write-only property should exist"); +- } catch (e) { +- ok(false, "writing to a write-only exposed prop shouldn't throw " + e); +- } +- try { +- writable.foo; +- todo(false, "reading from a write-only exposed prop should throw"); ++ ok(false, "writing to a write-only exposed prop should throw"); + } catch (e) { +- todo(/Permission denied/.test(e), +- "reading from a write-only exposed prop should throw"); ++ ok(/Permission denied/.test(e), ++ "writing to a write-only exposed prop should throw the right error"); + } ++ is(writable.foo, undefined, ++ "reading from a write-only exposed prop should return undefined"); + try { + delete writable.foo; +- is(chromeGet(writable, "foo"), undefined, +- "deleting a write-only exposed prop works"); ++ ok(false, "deleting a write-only exposed prop should throw"); + } catch (e) { +- ok(false, "deleting a write-only exposed prop shouldn't throw " + e); ++ ok(true, "deleting a write-only exposed prop should throw " + e); + } + + // Test readable property +@@ -180,8 +149,8 @@ function COWTests() { + foo: 5, + bar: 6 }; + try { +- isProp(getCOW(readable), "foo", 5, +- "reading from a readable exposed prop works"); ++ isPropHidden(getCOW(readable), "foo", undefined, ++ "reading from a readable exposed prop shouldn't work"); + } catch (e) { + ok(false, "reading from a readable exposed prop shouldn't throw " + e); + } +@@ -202,8 +171,7 @@ function COWTests() { + + try { + var props = getNames(getCOW(readable)); +- is(props.length, 1, "COW w/ one exposed prop should enumerate once"); +- is(props[0], 'foo', "COW w/ one exposed prop should enumerate it"); ++ is(props.length, 0, "COW w/ one exposed prop should not enumerate"); + } catch (e) { + ok(false, "COW w/ a readable prop should not raise exc " + + "on enumeration: " + e); +@@ -215,21 +183,17 @@ function COWTests() { + ok(!("foo" in readwrite), + "non-existing readwrite property shouldn't exist"); + readwrite.foo = 5; +- is(readwrite.foo, 5, "writing to a readwrite exposed prop looks like it worked"); +- is(chromeGet(readwrite, "foo"), 5, "writing to a readwrite exposed prop works"); +- ok("foo" in readwrite, +- "existing readwrite property should exist"); ++ ok(false, "writing to a readwrite exposed prop should throw"); + } catch (e) { +- ok(false, "writing to a readwrite exposed prop shouldn't throw " + e); ++ ok(/Permission denied/.test(e), ++ "writing to a readwrite exposed prop should throw the right error"); + } + try { + delete readwrite.foo; +- is(readwrite.foo, undefined, "deleting readwrite prop looks like it worked"); +- ok(!("foo" in readwrite), "deleting readwrite prop looks like it really worked"); +- is(chromeGet(readwrite, "foo"), undefined, +- "deleting a readwrite exposed prop works"); ++ ok(false, "deleting a readwrite prop should throw"); + } catch (e) { +- ok(false, "deleting a readwrite exposed prop shouldn't throw " + e); ++ ok(/Permission denied/.test(e), ++ "deleting a readwrite exposed prop should throw the right error"); + } + + // Readables and functions +diff --git js/xpconnect/tests/chrome/test_exposeInDerived.xul js/xpconnect/tests/chrome/test_exposeInDerived.xul +index 2ed3bb91e7fd..7e6c24e56db1 100644 +--- js/xpconnect/tests/chrome/test_exposeInDerived.xul ++++ js/xpconnect/tests/chrome/test_exposeInDerived.xul +@@ -17,7 +17,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=804630 + + +diff --git js/xpconnect/tests/unit/test_bug1082450.js js/xpconnect/tests/unit/test_bug1082450.js +index 07f45f06beef..5880fcbcd4e6 100644 +--- js/xpconnect/tests/unit/test_bug1082450.js ++++ js/xpconnect/tests/unit/test_bug1082450.js +@@ -5,9 +5,9 @@ function run_test() { + function checkThrows(str, rgxp) { + try { + sb.eval(str); +- do_check_true(false); ++ do_check_true(false, "eval should have thrown"); + } catch (e) { +- do_check_true(rgxp.test(e)); ++ do_check_true(rgxp.test(e), "error message should match"); + } + } + +@@ -29,12 +29,12 @@ function run_test() { + chromeCallableValueProp: 'r' } + }; + +- do_check_eq(sb.eval('exposed.simpleValueProp'), 42); +- do_check_eq(sb.eval('exposed.objectValueProp.val'), 42); +- checkThrows('exposed.getterProp;', /privileged accessor/i); +- checkThrows('exposed.setterProp = 42;', /privileged accessor/i); +- checkThrows('exposed.getterSetterProp;', /privileged accessor/i); +- checkThrows('exposed.getterSetterProp = 42;', /privileged accessor/i); +- do_check_eq(sb.eval('exposed.contentCallableValueProp()'), 42); +- checkThrows('exposed.chromeCallableValueProp();', /privileged or cross-origin callable/i); ++ do_check_eq(sb.eval('exposed.simpleValueProp'), undefined); ++ do_check_eq(sb.eval('exposed.objectValueProp'), undefined); ++ do_check_eq(sb.eval('exposed.getterProp;'), undefined); ++ do_check_eq(sb.eval('exposed.getterSetterProp;'), undefined); ++ checkThrows('exposed.setterProp = 42;', /Permission denied/i); ++ checkThrows('exposed.getterSetterProp = 42;', /Permission denied/i); ++ do_check_eq(sb.eval('exposed.contentCallableValueProp'), undefined); ++ checkThrows('exposed.chromeCallableValueProp();', /is not a function/i); + } +diff --git js/xpconnect/tests/unit/test_bug780370.js js/xpconnect/tests/unit/test_bug780370.js +index 40d6f9748015..7ae757f0cd01 100644 +--- js/xpconnect/tests/unit/test_bug780370.js ++++ js/xpconnect/tests/unit/test_bug780370.js +@@ -14,10 +14,5 @@ function run_test() + var sb = Cu.Sandbox("http://www.example.com"); + sb.obj = { foo: 42, __exposedProps__: { hasOwnProperty: 'r' } }; + do_check_eq(Cu.evalInSandbox('typeof obj.foo', sb), 'undefined', "COW works as expected"); +- try { +- Cu.evalInSandbox('obj.hasOwnProperty', sb); +- do_check_true(false); +- } catch (e) { +- do_check_true(/privileged or cross-origin callable/i.test(e)); +- } ++ do_check_eq(Cu.evalInSandbox('obj.hasOwnProperty', sb), undefined); + } +diff --git js/xpconnect/tests/unit/test_bug813901.js js/xpconnect/tests/unit/test_bug813901.js +index 42f981581b51..2efc6539e879 100644 +--- js/xpconnect/tests/unit/test_bug813901.js ++++ js/xpconnect/tests/unit/test_bug813901.js +@@ -21,5 +21,5 @@ function run_test() { + checkThrows('obj.foo = 3;', sb, /denied/); + Cu.evalInSandbox("var p = {__exposedProps__: {foo: 'rw'}};", sb); + sb.obj.__proto__ = sb.p; +- checkThrows('obj.foo = 4;', sb, /__exposedProps__/); ++ checkThrows('obj.foo = 4;', sb, /denied/); + } +diff --git js/xpconnect/tests/unit/test_bug853709.js js/xpconnect/tests/unit/test_bug853709.js +index c7e51757dc63..1667d2241f93 100644 +--- js/xpconnect/tests/unit/test_bug853709.js ++++ js/xpconnect/tests/unit/test_bug853709.js +@@ -8,7 +8,7 @@ function setupChromeSandbox() { + function checkDefineThrows(sb, obj, prop, desc) { + var result = Cu.evalInSandbox('(function() { try { Object.defineProperty(' + obj + ', "' + prop + '", ' + desc.toSource() + '); return "nothrow"; } catch (e) { return e.toString(); }})();', sb); + do_check_neq(result, 'nothrow'); +- do_check_true(!!/denied/.exec(result)); ++ do_check_true(!!/denied|prohibited/.exec(result)); + do_check_true(result.indexOf(prop) != -1); // Make sure the prop name is in the error message. + } + +@@ -19,7 +19,7 @@ function run_test() { + contentSB.chromeObj = chromeSB.chromeObj; + contentSB.chromeArr = chromeSB.chromeArr; + +- do_check_eq(Cu.evalInSandbox('chromeObj.a', contentSB), 2); ++ do_check_eq(Cu.evalInSandbox('chromeObj.a', contentSB), undefined); + try { + Cu.evalInSandbox('chromeArr[1]', contentSB); + do_check_true(false); +diff --git js/xpconnect/tests/unit/test_bug854558.js js/xpconnect/tests/unit/test_bug854558.js +index d60d23a5baf8..574194dc3f52 100644 +--- js/xpconnect/tests/unit/test_bug854558.js ++++ js/xpconnect/tests/unit/test_bug854558.js +@@ -7,5 +7,5 @@ function run_test() { + contentSB.foo = chromeSB.foo; + do_check_eq(Cu.evalInSandbox('foo.a', contentSB), undefined, "Default deny with no __exposedProps__"); + Cu.evalInSandbox('this.foo.__exposedProps__ = {a: "r"}', chromeSB); +- do_check_eq(Cu.evalInSandbox('foo.a', contentSB), 2, "works with __exposedProps__"); ++ do_check_eq(Cu.evalInSandbox('foo.a', contentSB), undefined, "Still not allowed with __exposedProps__"); + } +diff --git js/xpconnect/tests/unit/test_bug930091.js js/xpconnect/tests/unit/test_bug930091.js +index aa11d5db2640..ecb2a60aed11 100644 +--- js/xpconnect/tests/unit/test_bug930091.js ++++ js/xpconnect/tests/unit/test_bug930091.js +@@ -5,7 +5,7 @@ function checkThrows(fn) { + fn(); + ok(false, "Should have thrown"); + } catch (e) { +- do_check_true(/denied|insecure/.test(e)); ++ do_check_true(/denied|insecure|prohibited/.test(e)); + } + } + +diff --git js/xpconnect/wrappers/AccessCheck.cpp js/xpconnect/wrappers/AccessCheck.cpp +index 07599ce7906a..b730310731e2 100644 +--- js/xpconnect/wrappers/AccessCheck.cpp ++++ js/xpconnect/wrappers/AccessCheck.cpp +@@ -252,20 +252,6 @@ AccessCheck::checkPassToPrivilegedCode(JSContext* cx, HandleObject wrapper, Hand + return true; + } + +- // COWs are fine to pass to chrome if and only if they have __exposedProps__, +- // since presumably content should never have a reason to pass an opaque +- // object back to chrome. +- if (AccessCheck::isChrome(js::UncheckedUnwrap(wrapper)) && WrapperFactory::IsCOW(obj)) { +- RootedObject target(cx, js::UncheckedUnwrap(obj)); +- JSAutoCompartment ac(cx, target); +- RootedId id(cx, GetJSIDByIndex(cx, XPCJSContext::IDX_EXPOSEDPROPS)); +- bool found = false; +- if (!JS_HasPropertyById(cx, target, id, &found)) +- return false; +- if (found) +- return true; +- } +- + // Same-origin wrappers are fine. + if (AccessCheck::wrapperSubsumes(obj)) + return true; +@@ -323,171 +309,6 @@ AccessCheck::reportCrossOriginDenial(JSContext* cx, JS::HandleId id, + MOZ_ALWAYS_TRUE(rv.MaybeSetPendingException(cx)); + } + +-enum Access { READ = (1<<0), WRITE = (1<<1), NO_ACCESS = 0 }; +- +-static void +-EnterAndThrowASCII(JSContext* cx, JSObject* wrapper, const char* msg) +-{ +- JSAutoCompartment ac(cx, wrapper); +- JS_ReportErrorASCII(cx, "%s", msg); +-} +- +-bool +-ExposedPropertiesOnly::check(JSContext* cx, HandleObject wrapper, HandleId id, Wrapper::Action act) +-{ +- RootedObject wrappedObject(cx, Wrapper::wrappedObject(wrapper)); +- +- if (act == Wrapper::CALL) +- return false; +- +- // For the case of getting a property descriptor, we allow if either GET or SET +- // is allowed, and rely on FilteringWrapper to filter out any disallowed accessors. +- if (act == Wrapper::GET_PROPERTY_DESCRIPTOR) { +- return check(cx, wrapper, id, Wrapper::GET) || +- check(cx, wrapper, id, Wrapper::SET); +- } +- +- RootedId exposedPropsId(cx, GetJSIDByIndex(cx, XPCJSContext::IDX_EXPOSEDPROPS)); +- +- // We need to enter the wrappee's compartment to look at __exposedProps__, +- // but we want to be in the wrapper's compartment if we call Deny(). +- // +- // Unfortunately, |cx| can be in either compartment when we call ::check. :-( +- JSAutoCompartment ac(cx, wrappedObject); +- +- bool found = false; +- if (!JS_HasPropertyById(cx, wrappedObject, exposedPropsId, &found)) +- return false; +- +- // If no __exposedProps__ existed, deny access. +- if (!found) { +- // Previously we automatically granted access to indexed properties and +- // .length for Array COWs. We're not doing that anymore, so make sure to +- // let people know what's going on. +- bool isArray; +- if (!JS_IsArrayObject(cx, wrappedObject, &isArray)) +- return false; +- if (!isArray) +- isArray = JS_IsTypedArrayObject(wrappedObject); +- bool isIndexedAccessOnArray = isArray && JSID_IS_INT(id) && JSID_TO_INT(id) >= 0; +- bool isLengthAccessOnArray = isArray && JSID_IS_STRING(id) && +- JS_FlatStringEqualsAscii(JSID_TO_FLAT_STRING(id), "length"); +- if (isIndexedAccessOnArray || isLengthAccessOnArray) { +- JSAutoCompartment ac2(cx, wrapper); +- ReportWrapperDenial(cx, id, WrapperDenialForCOW, +- "Access to elements and length of privileged Array not permitted"); +- } +- +- return false; +- } +- +- if (id == JSID_VOID) +- return true; +- +- Rooted desc(cx); +- if (!JS_GetPropertyDescriptorById(cx, wrappedObject, exposedPropsId, &desc)) +- return false; +- +- if (!desc.object()) +- return false; +- +- if (desc.hasGetterOrSetter()) { +- EnterAndThrowASCII(cx, wrapper, "__exposedProps__ must be a value property"); +- return false; +- } +- +- RootedValue exposedProps(cx, desc.value()); +- if (exposedProps.isNullOrUndefined()) +- return false; +- +- if (!exposedProps.isObject()) { +- EnterAndThrowASCII(cx, wrapper, "__exposedProps__ must be undefined, null, or an Object"); +- return false; +- } +- +- RootedObject hallpass(cx, &exposedProps.toObject()); +- +- if (!AccessCheck::subsumes(js::UncheckedUnwrap(hallpass), wrappedObject)) { +- EnterAndThrowASCII(cx, wrapper, "Invalid __exposedProps__"); +- return false; +- } +- +- Access access = NO_ACCESS; +- +- if (!JS_GetPropertyDescriptorById(cx, hallpass, id, &desc)) { +- return false; // Error +- } +- if (!desc.object() || !desc.enumerable()) +- return false; +- +- if (!desc.value().isString()) { +- EnterAndThrowASCII(cx, wrapper, "property must be a string"); +- return false; +- } +- +- JSFlatString* flat = JS_FlattenString(cx, desc.value().toString()); +- if (!flat) +- return false; +- +- size_t length = JS_GetStringLength(JS_FORGET_STRING_FLATNESS(flat)); +- +- for (size_t i = 0; i < length; ++i) { +- char16_t ch = JS_GetFlatStringCharAt(flat, i); +- switch (ch) { +- case 'r': +- if (access & READ) { +- EnterAndThrowASCII(cx, wrapper, "duplicate 'readable' property flag"); +- return false; +- } +- access = Access(access | READ); +- break; +- +- case 'w': +- if (access & WRITE) { +- EnterAndThrowASCII(cx, wrapper, "duplicate 'writable' property flag"); +- return false; +- } +- access = Access(access | WRITE); +- break; +- +- default: +- EnterAndThrowASCII(cx, wrapper, "properties can only be readable or read and writable"); +- return false; +- } +- } +- +- if (access == NO_ACCESS) { +- EnterAndThrowASCII(cx, wrapper, "specified properties must have a permission bit set"); +- return false; +- } +- +- if ((act == Wrapper::SET && !(access & WRITE)) || +- (act != Wrapper::SET && !(access & READ))) { +- return false; +- } +- +- // Inspect the property on the underlying object to check for red flags. +- if (!JS_GetPropertyDescriptorById(cx, wrappedObject, id, &desc)) +- return false; +- +- // Reject accessor properties. +- if (desc.hasGetterOrSetter()) { +- EnterAndThrowASCII(cx, wrapper, "Exposing privileged accessor properties is prohibited"); +- return false; +- } +- +- // Reject privileged or cross-origin callables. +- if (desc.value().isObject()) { +- RootedObject maybeCallable(cx, js::UncheckedUnwrap(&desc.value().toObject())); +- if (JS::IsCallable(maybeCallable) && !AccessCheck::subsumes(wrapper, maybeCallable)) { +- EnterAndThrowASCII(cx, wrapper, "Exposing privileged or cross-origin callable is prohibited"); +- return false; +- } +- } +- +- return true; +-} +- + bool + ExposedPropertiesOnly::deny(JSContext* cx, js::Wrapper::Action act, HandleId id, + bool mayThrow) +diff --git js/xpconnect/wrappers/AccessCheck.h js/xpconnect/wrappers/AccessCheck.h +index 678dce3e0b81..c4873760ab7a 100644 +--- js/xpconnect/wrappers/AccessCheck.h ++++ js/xpconnect/wrappers/AccessCheck.h +@@ -104,10 +104,15 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy { + } + }; + +-// This policy only permits access to properties if they appear in the +-// objects exposed properties list. ++// This class used to support permitting access to properties if they ++// appeared in an access list on the object, but now it acts like an ++// Opaque wrapper, with the exception that it fails silently for GET, ++// ENUMERATE, and GET_PROPERTY_DESCRIPTOR. This is done for backwards ++// compatibility. See bug 1397513. + struct ExposedPropertiesOnly : public Policy { +- static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act); ++ static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act) { ++ return false; ++ } + + static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id, + bool mayThrow); +diff --git js/xpconnect/wrappers/ChromeObjectWrapper.h js/xpconnect/wrappers/ChromeObjectWrapper.h +index 8b273e470814..c17feed10b9a 100644 +--- js/xpconnect/wrappers/ChromeObjectWrapper.h ++++ js/xpconnect/wrappers/ChromeObjectWrapper.h +@@ -16,9 +16,9 @@ namespace xpc { + struct ExposedPropertiesOnly; + + // When a vanilla chrome JS object is exposed to content, we use a wrapper that +-// supports __exposedProps__ for legacy reasons. For extra security, we override +-// the traps that allow content to pass an object to chrome, and perform extra +-// security checks on them. ++// fails silently on GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR for legacy ++// reasons. For extra security, we override the traps that allow content to pass ++// an object to chrome, and perform extra security checks on them. + #define ChromeObjectWrapperBase \ + FilteringWrapper + +diff --git js/xpconnect/wrappers/WrapperFactory.cpp js/xpconnect/wrappers/WrapperFactory.cpp +index 6296f69fbea4..760d2c9afda8 100644 +--- js/xpconnect/wrappers/WrapperFactory.cpp ++++ js/xpconnect/wrappers/WrapperFactory.cpp +@@ -514,8 +514,8 @@ WrapperFactory::Rewrap(JSContext* cx, HandleObject existing, HandleObject obj) + wrapper = &FilteringWrapper::singleton; + } + +- // For Vanilla JSObjects exposed from chrome to content, we use a wrapper +- // that supports __exposedProps__. We'd like to get rid of these eventually, ++ // For vanilla JSObjects exposed from chrome to content, we use a wrapper ++ // that fails silently in a few cases. We'd like to get rid of this eventually, + // but in their current form they don't cause much trouble. + else if (IdentifyStandardInstance(obj) == JSProto_Object) { + wrapper = &ChromeObjectWrapper::singleton; +diff --git js/xpconnect/wrappers/XrayWrapper.cpp js/xpconnect/wrappers/XrayWrapper.cpp +index 44dd7cb47146..28e29ea13d93 100644 +--- js/xpconnect/wrappers/XrayWrapper.cpp ++++ js/xpconnect/wrappers/XrayWrapper.cpp +@@ -291,7 +291,7 @@ ReportWrapperDenial(JSContext* cx, HandleId id, WrapperDenialType type, const ch + MOZ_ASSERT(type == WrapperDenialForCOW); + errorMessage.emplace("Security wrapper denied access to property %s on privileged " + "Javascript object. Support for exposing privileged objects " +- "to untrusted content via __exposedProps__ is being gradually " ++ "to untrusted content via __exposedProps__ has been " + "removed - use WebIDL bindings or Components.utils.cloneInto " + "instead. Note that only the first denied property access from a " + "given global object will be reported.", +diff --git testing/mochitest/tests/SimpleTest/ChromePowers.js testing/mochitest/tests/SimpleTest/ChromePowers.js +index 97de578157c0..7fbf66e2fd00 100644 +--- testing/mochitest/tests/SimpleTest/ChromePowers.js ++++ testing/mochitest/tests/SimpleTest/ChromePowers.js +@@ -104,15 +104,6 @@ ChromePowers.prototype.executeAfterFlushingMessageQueue = function(aCallback) { + aCallback(); + }; + +-// Expose everything but internal APIs (starting with underscores) to +-// web content. We cannot use Object.keys to view SpecialPowers.prototype since +-// we are using the functions from SpecialPowersAPI.prototype +-ChromePowers.prototype.__exposedProps__ = {}; +-for (var i in ChromePowers.prototype) { +- if (i.charAt(0) != "_") +- ChromePowers.prototype.__exposedProps__[i] = "r"; +-} +- + if ((window.parent !== null) && + (window.parent !== undefined) && + (window.parent.wrappedJSObject.SpecialPowers) && +diff --git testing/specialpowers/content/MockPermissionPrompt.jsm testing/specialpowers/content/MockPermissionPrompt.jsm +index 71d0f5d2768a..1d86cc00e360 100644 +--- testing/specialpowers/content/MockPermissionPrompt.jsm ++++ testing/specialpowers/content/MockPermissionPrompt.jsm +@@ -83,15 +83,3 @@ MockPermissionPromptInstance.prototype = { + request.allow(); + } + }; +- +-// Expose everything to content. We call reset() here so that all of the relevant +-// lazy expandos get added. +-MockPermissionPrompt.reset(); +-function exposeAll(obj) { +- var props = {}; +- for (var prop in obj) +- props[prop] = "rw"; +- obj.__exposedProps__ = props; +-} +-exposeAll(MockPermissionPrompt); +-exposeAll(MockPermissionPromptInstance.prototype); +diff --git toolkit/components/addoncompat/RemoteAddonsParent.jsm toolkit/components/addoncompat/RemoteAddonsParent.jsm +index 1adbc0397729..d640c47d31f8 100644 +--- toolkit/components/addoncompat/RemoteAddonsParent.jsm ++++ toolkit/components/addoncompat/RemoteAddonsParent.jsm +@@ -735,7 +735,7 @@ var SandboxParent = { + if (rest.length) { + // Do a shallow copy of the options object into the child + // process. This way we don't have to access it through a Chrome +- // object wrapper, which would require __exposedProps__. ++ // object wrapper, which would not let us access any properties. + // + // The only object property here is sandboxPrototype. We assume + // it's a child process object (since that's what Greasemonkey +commit f89c72edb79e +Author: Andrew McCreight +Date: Thu Sep 7 11:17:16 2017 -0700 + + Bug 1377587, part 2 - Rename ExposedPropertiesOnly to OpaqueWithSilentFailing. r=krizsa + + This class doesn't have anything to do with __exposedProps__ any more, + so give it a more descriptive name. We'd still like to remove it + entirely eventually. + + MozReview-Commit-ID: 87KCpG6f8rI + + --HG-- + extra : rebase_source : 98a51a6af0fc8446dbcd8efa083d6c79286279d3 +--- + js/xpconnect/wrappers/AccessCheck.cpp | 4 ++-- + js/xpconnect/wrappers/AccessCheck.h | 2 +- + js/xpconnect/wrappers/ChromeObjectWrapper.h | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git js/xpconnect/wrappers/AccessCheck.cpp js/xpconnect/wrappers/AccessCheck.cpp +index b730310731e2..620f1f678f51 100644 +--- js/xpconnect/wrappers/AccessCheck.cpp ++++ js/xpconnect/wrappers/AccessCheck.cpp +@@ -310,8 +310,8 @@ AccessCheck::reportCrossOriginDenial(JSContext* cx, JS::HandleId id, + } + + bool +-ExposedPropertiesOnly::deny(JSContext* cx, js::Wrapper::Action act, HandleId id, +- bool mayThrow) ++OpaqueWithSilentFailing::deny(JSContext* cx, js::Wrapper::Action act, HandleId id, ++ bool mayThrow) + { + // Fail silently for GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR. + if (act == js::Wrapper::GET || act == js::Wrapper::ENUMERATE || +diff --git js/xpconnect/wrappers/AccessCheck.h js/xpconnect/wrappers/AccessCheck.h +index c4873760ab7a..6783258f8d94 100644 +--- js/xpconnect/wrappers/AccessCheck.h ++++ js/xpconnect/wrappers/AccessCheck.h +@@ -109,7 +109,7 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy { + // Opaque wrapper, with the exception that it fails silently for GET, + // ENUMERATE, and GET_PROPERTY_DESCRIPTOR. This is done for backwards + // compatibility. See bug 1397513. +-struct ExposedPropertiesOnly : public Policy { ++struct OpaqueWithSilentFailing : public Policy { + static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act) { + return false; + } +diff --git js/xpconnect/wrappers/ChromeObjectWrapper.h js/xpconnect/wrappers/ChromeObjectWrapper.h +index c17feed10b9a..da4870237501 100644 +--- js/xpconnect/wrappers/ChromeObjectWrapper.h ++++ js/xpconnect/wrappers/ChromeObjectWrapper.h +@@ -13,14 +13,14 @@ + + namespace xpc { + +-struct ExposedPropertiesOnly; ++struct OpaqueWithSilentFailing; + + // When a vanilla chrome JS object is exposed to content, we use a wrapper that + // fails silently on GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR for legacy + // reasons. For extra security, we override the traps that allow content to pass + // an object to chrome, and perform extra security checks on them. + #define ChromeObjectWrapperBase \ +- FilteringWrapper ++ FilteringWrapper + + class ChromeObjectWrapper : public ChromeObjectWrapperBase + { + Property changes on: branches/2017Q4/www/firefox/files/patch-bug1377587 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1381761 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1381761 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1381761 (revision 454980) @@ -0,0 +1,362 @@ +commit 256e249566d8 +Author: Christoph Kerschbaumer +Date: Fri Aug 4 14:11:17 2017 +0200 + + Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP. r=smaug,dveditz +--- + caps/moz.build | 1 + + caps/nsScriptSecurityManager.cpp | 96 +++++++++++++++++++++++++--------------- + 2 files changed, 62 insertions(+), 35 deletions(-) + +diff --git caps/moz.build caps/moz.build +index 46331e93f097..af369e3268e0 100644 +--- caps/moz.build ++++ caps/moz.build +@@ -56,6 +56,7 @@ LOCAL_INCLUDES += [ + '/docshell/base', + '/dom/base', + '/js/xpconnect/src', ++ '/netwerk/base', + ] + + if CONFIG['ENABLE_TESTS']: +diff --git caps/nsScriptSecurityManager.cpp caps/nsScriptSecurityManager.cpp +index a930b324a6a2..90695ebd126f 100644 +--- caps/nsScriptSecurityManager.cpp ++++ caps/nsScriptSecurityManager.cpp +@@ -45,6 +45,7 @@ + #include "nsIWindowWatcher.h" + #include "nsIConsoleService.h" + #include "nsIObserverService.h" ++#include "nsIOService.h" + #include "nsIContent.h" + #include "nsDOMJSUtils.h" + #include "nsAboutProtocolUtils.h" +@@ -265,6 +266,61 @@ nsScriptSecurityManager::GetChannelResultPrincipalIfNotSandboxed(nsIChannel* aCh + /*aIgnoreSandboxing*/ true); + } + ++static void ++InheritAndSetCSPOnPrincipalIfNeeded(nsIChannel* aChannel, nsIPrincipal* aPrincipal) ++{ ++ // loading a data: URI into an iframe, or loading frame[srcdoc] need ++ // to inherit the CSP (see Bug 1073952, 1381761). ++ MOZ_ASSERT(aChannel && aPrincipal, "need a valid channel and principal"); ++ if (!aChannel) { ++ return; ++ } ++ ++ nsCOMPtr loadInfo = aChannel->GetLoadInfo(); ++ if (!loadInfo || ++ loadInfo->GetExternalContentPolicyType() != nsIContentPolicy::TYPE_SUBDOCUMENT) { ++ return; ++ } ++ ++ nsCOMPtr uri; ++ nsresult rv = aChannel->GetURI(getter_AddRefs(uri)); ++ NS_ENSURE_SUCCESS_VOID(rv); ++ nsAutoCString URISpec; ++ rv = uri->GetSpec(URISpec); ++ NS_ENSURE_SUCCESS_VOID(rv); ++ ++ bool isSrcDoc = URISpec.EqualsLiteral("about:srcdoc"); ++ bool isData = (NS_SUCCEEDED(uri->SchemeIs("data", &isData)) && isData); ++ ++ if (!isSrcDoc && !isData) { ++ return; ++ } ++ ++ nsCOMPtr principalToInherit = loadInfo->PrincipalToInherit(); ++ if (!principalToInherit) { ++ principalToInherit = loadInfo->TriggeringPrincipal(); ++ } ++ nsCOMPtr originalCSP; ++ principalToInherit->GetCsp(getter_AddRefs(originalCSP)); ++ if (!originalCSP) { ++ return; ++ } ++ ++ // if the principalToInherit had a CSP, add it to the before ++ // created NullPrincipal (unless it already has one) ++ MOZ_ASSERT(aPrincipal->GetIsNullPrincipal(), ++ "inheriting the CSP only valid for NullPrincipal"); ++ nsCOMPtr nullPrincipalCSP; ++ aPrincipal->GetCsp(getter_AddRefs(nullPrincipalCSP)); ++ if (nullPrincipalCSP) { ++ MOZ_ASSERT(nullPrincipalCSP == originalCSP, ++ "There should be no other CSP here."); ++ // CSPs are equal, no need to set it again. ++ return; ++ } ++ aPrincipal->SetCsp(originalCSP); ++} ++ + nsresult + nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel, + nsIPrincipal** aPrincipal, +@@ -295,40 +351,7 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel, + if (!aIgnoreSandboxing && loadInfo->GetLoadingSandboxed()) { + MOZ_ALWAYS_TRUE(NS_SUCCEEDED(loadInfo->GetSandboxedLoadingPrincipal(aPrincipal))); + MOZ_ASSERT(*aPrincipal); +- // if the new NullPrincipal (above) loads an iframe[srcdoc], we +- // need to inherit an existing CSP to avoid bypasses (bug 1073952). +- // We continue inheriting for nested frames with e.g., data: URLs. +- if (loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_SUBDOCUMENT) { +- nsCOMPtr uri; +- aChannel->GetURI(getter_AddRefs(uri)); +- nsAutoCString URISpec; +- uri->GetSpec(URISpec); +- bool isData = (NS_SUCCEEDED(uri->SchemeIs("data", &isData)) && isData); +- if (URISpec.EqualsLiteral("about:srcdoc") || isData) { +- nsCOMPtr principalToInherit = loadInfo->PrincipalToInherit(); +- if (!principalToInherit) { +- principalToInherit = loadInfo->TriggeringPrincipal(); +- } +- nsCOMPtr originalCSP; +- principalToInherit->GetCsp(getter_AddRefs(originalCSP)); +- if (originalCSP) { +- // if the principalToInherit had a CSP, +- // add it to the newly created NullPrincipal +- // (unless it already has one) +- nsCOMPtr nullPrincipalCSP; +- (*aPrincipal)->GetCsp(getter_AddRefs(nullPrincipalCSP)); +- if (nullPrincipalCSP) { +- MOZ_ASSERT(nullPrincipalCSP == originalCSP, +- "There should be no other CSP here."); +- // CSPs are equal, no need to set it again. +- return NS_OK; +- } else { +- nsresult rv = (*aPrincipal)->SetCsp(originalCSP); +- NS_ENSURE_SUCCESS(rv, rv); +- } +- } +- } +- } ++ InheritAndSetCSPOnPrincipalIfNeeded(aChannel, *aPrincipal); + return NS_OK; + } + +@@ -376,7 +399,10 @@ nsScriptSecurityManager::GetChannelResultPrincipal(nsIChannel* aChannel, + } + } + } +- return GetChannelURIPrincipal(aChannel, aPrincipal); ++ nsresult rv = GetChannelURIPrincipal(aChannel, aPrincipal); ++ NS_ENSURE_SUCCESS(rv, rv); ++ InheritAndSetCSPOnPrincipalIfNeeded(aChannel, *aPrincipal); ++ return NS_OK; + } + + /* The principal of the URI that this channel is loading. This is never + +commit 9427f1bbd826 +Author: Christoph Kerschbaumer +Date: Fri Aug 4 14:10:21 2017 +0200 + + Bug 1381761 - Convert test browser_911547.js to comply with new data: URI inheritance model. r=dveditz +--- + .../components/sessionstore/test/browser_911547.js | 47 ++++++++++++++++------ + .../sessionstore/test/browser_911547_sample.html | 6 +-- + 2 files changed, 37 insertions(+), 16 deletions(-) + +diff --git browser/components/sessionstore/test/browser_911547.js browser/components/sessionstore/test/browser_911547.js +index f0da70ed8f8c..cb95ddad7f2a 100644 +--- browser/components/sessionstore/test/browser_911547.js ++++ browser/components/sessionstore/test/browser_911547.js +@@ -1,11 +1,17 @@ + /* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +-// This tests that session restore component does restore the right content +-// security policy with the document. +-// The policy being tested disallows inline scripts ++// This test is two fold: ++// a) if security.data_uri.unique_opaque_origin == false, then ++// this tests that session restore component does restore the right ++// content security policy with the document. (The policy being ++// tested disallows inline scripts). ++// b) if security.data_uri.unique_opaque_origin == true, then ++// this tests that data: URIs do not inherit the CSP from ++// it's enclosing context. + + add_task(async function test() { ++ let dataURIPref = Services.prefs.getBoolPref("security.data_uri.unique_opaque_origin"); + // create a tab that has a CSP + let testURL = "http://mochi.test:8888/browser/browser/components/sessionstore/test/browser_911547_sample.html"; + let tab = gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, testURL); +@@ -16,23 +22,33 @@ add_task(async function test() { + + // this is a baseline to ensure CSP is active + // attempt to inject and run a script via inline (pre-restore, allowed) +- await injectInlineScript(browser, `document.getElementById("test_id").value = "fail";`); ++ await injectInlineScript(browser, `document.getElementById("test_id1").value = "id1_modified";`); + + let loadedPromise = promiseBrowserLoaded(browser); + await ContentTask.spawn(browser, null, function() { +- is(content.document.getElementById("test_id").value, "ok", ++ is(content.document.getElementById("test_id1").value, "id1_initial", + "CSP should block the inline script that modifies test_id"); + +- // attempt to click a link to a data: URI (will inherit the CSP of the +- // origin document) and navigate to the data URI in the link. ++ ++ // (a) if security.data_uri.unique_opaque_origin == false: ++ // attempt to click a link to a data: URI (will inherit the CSP of ++ // the origin document) and navigate to the data URI in the link. ++ // (b) if security.data_uri.unique_opaque_origin == true: ++ // attempt to click a link to a data: URI (will *not* inherit the CSP of ++ // the origin document) and navigate to the data URI in the link. + content.document.getElementById("test_data_link").click(); + }); + + await loadedPromise; + +- await ContentTask.spawn(browser, null, function() { +- is(content.document.getElementById("test_id2").value, "ok", +- "CSP should block the script loaded by the clicked data URI"); ++ await ContentTask.spawn(browser, {dataURIPref}, function( {dataURIPref}) { // eslint-disable-line ++ if (dataURIPref) { ++ is(content.document.getElementById("test_id2").value, "id2_modified", ++ "data: URI should *not* inherit the CSP of the enclosing context"); ++ } else { ++ is(content.document.getElementById("test_id2").value, "id2_initial", ++ "CSP should block the script loaded by the clicked data URI"); ++ } + }); + + // close the tab +@@ -43,9 +59,14 @@ add_task(async function test() { + await promiseTabRestored(tab); + browser = tab.linkedBrowser; + +- await ContentTask.spawn(browser, null, function() { +- is(content.document.getElementById("test_id2").value, "ok", +- "CSP should block the script loaded by the clicked data URI after restore"); ++ await ContentTask.spawn(browser, {dataURIPref}, function({dataURIPref}) { // eslint-disable-line ++ if (dataURIPref) { ++ is(content.document.getElementById("test_id2").value, "id2_modified", ++ "data: URI should *not* inherit the CSP of the enclosing context"); ++ } else { ++ is(content.document.getElementById("test_id2").value, "id2_initial", ++ "CSP should block the script loaded by the clicked data URI after restore"); ++ } + }); + + // clean up +diff --git browser/components/sessionstore/test/browser_911547_sample.html browser/components/sessionstore/test/browser_911547_sample.html +index ccc2011593d4..73cb99ee41f1 100644 +--- browser/components/sessionstore/test/browser_911547_sample.html ++++ browser/components/sessionstore/test/browser_911547_sample.html +@@ -8,12 +8,12 @@ + + +- ++ + +- Test Link ++ Test Link + + + + +commit 8b999864f0bb +Author: Christoph Kerschbaumer +Date: Fri Aug 4 14:10:38 2017 +0200 + + Bug 1381761 - Test data: URIs inherit the CSP even if treated as unique, opaque origins. r=dveditz +--- + .../test/csp/file_data_csp_inheritance.html | 21 +++++++++++++ + dom/security/test/csp/mochitest.ini | 2 ++ + .../test/csp/test_data_csp_inheritance.html | 34 ++++++++++++++++++++++ + 3 files changed, 57 insertions(+) + +diff --git dom/security/test/csp/file_data_csp_inheritance.html dom/security/test/csp/file_data_csp_inheritance.html +new file mode 100644 +index 000000000000..299c30255aa6 +--- /dev/null ++++ dom/security/test/csp/file_data_csp_inheritance.html +@@ -0,0 +1,21 @@ ++ ++ ++ ++ Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git dom/security/test/csp/mochitest.ini dom/security/test/csp/mochitest.ini +index ba391ad59799..09f80b2969d7 100644 +--- dom/security/test/csp/mochitest.ini ++++ dom/security/test/csp/mochitest.ini +@@ -217,6 +217,7 @@ support-files = + file_ignore_xfo.html^headers^ + file_ro_ignore_xfo.html + file_ro_ignore_xfo.html^headers^ ++ file_data_csp_inheritance.html + file_report_font_cache-1.html + file_report_font_cache-2.html + file_report_font_cache-2.html^headers^ +@@ -308,4 +309,5 @@ tags = mcb + [test_websocket_self.html] + skip-if = toolkit == 'android' + [test_ignore_xfo.html] ++[test_data_csp_inheritance.html] + [test_data_csp_merge.html] +diff --git dom/security/test/csp/test_data_csp_inheritance.html dom/security/test/csp/test_data_csp_inheritance.html +new file mode 100644 +index 000000000000..3afc4f7c02bc +--- /dev/null ++++ dom/security/test/csp/test_data_csp_inheritance.html +@@ -0,0 +1,34 @@ ++ ++ ++ ++ Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Property changes on: branches/2017Q4/www/firefox/files/patch-bug1381761 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1383019 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1383019 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1383019 (revision 454980) @@ -0,0 +1,200 @@ +commit 6b3da0609f95 +Author: Byron Campen [:bwc] +Date: Thu Sep 14 12:19:24 2017 -0500 + + Bug 1383019: Move more logic under the protection of nsTimerImpl::mMutex, and simplify. r=froydnj, a=abillings + + MozReview-Commit-ID: JjYScKwyika + + --HG-- + extra : rebase_source : a5a8a17f86459ace51d9250454bd4cf1433130b0 +--- + xpcom/threads/TimerThread.cpp | 12 ++++++---- + xpcom/threads/TimerThread.h | 32 ------------------------- + xpcom/threads/nsTimerImpl.cpp | 56 +++++++++++++++++++++---------------------- + xpcom/threads/nsTimerImpl.h | 5 ++-- + 4 files changed, 36 insertions(+), 69 deletions(-) + +diff --git xpcom/threads/TimerThread.cpp xpcom/threads/TimerThread.cpp +index b91b27b2073a..99a40d91b3c0 100644 +--- xpcom/threads/TimerThread.cpp ++++ xpcom/threads/TimerThread.cpp +@@ -331,7 +331,7 @@ TimerThread::Shutdown() + return NS_ERROR_NOT_INITIALIZED; + } + +- nsTArray> timers; ++ nsTArray> timers; + { + // lock scope + MonitorAutoLock lock(mMonitor); +@@ -350,12 +350,14 @@ TimerThread::Shutdown() + // might potentially call some code reentering the same lock + // that leads to unexpected behavior or deadlock. + // See bug 422472. +- mTimers.SwapElements(timers); ++ for (const UniquePtr& entry : mTimers) { ++ timers.AppendElement(entry->Take()); ++ } ++ ++ mTimers.Clear(); + } + +- uint32_t timersCount = timers.Length(); +- for (uint32_t i = 0; i < timersCount; i++) { +- RefPtr timer = timers[i]->Take(); ++ for (const RefPtr& timer : timers) { + if (timer) { + timer->Cancel(); + } +diff --git xpcom/threads/TimerThread.h xpcom/threads/TimerThread.h +index f65c501c50e8..6610f5bf387b 100644 +--- xpcom/threads/TimerThread.h ++++ xpcom/threads/TimerThread.h +@@ -129,36 +129,4 @@ private: + uint32_t mAllowedEarlyFiringMicroseconds; + }; + +-struct TimerAdditionComparator +-{ +- TimerAdditionComparator(const mozilla::TimeStamp& aNow, +- nsTimerImpl* aTimerToInsert) : +- now(aNow) +-#ifdef DEBUG +- , timerToInsert(aTimerToInsert) +-#endif +- { +- } +- +- bool LessThan(nsTimerImpl* aFromArray, nsTimerImpl* aNewTimer) const +- { +- MOZ_ASSERT(aNewTimer == timerToInsert, "Unexpected timer ordering"); +- +- // Skip any overdue timers. +- return aFromArray->mTimeout <= now || +- aFromArray->mTimeout <= aNewTimer->mTimeout; +- } +- +- bool Equals(nsTimerImpl* aFromArray, nsTimerImpl* aNewTimer) const +- { +- return false; +- } +- +-private: +- const mozilla::TimeStamp& now; +-#ifdef DEBUG +- const nsTimerImpl* const timerToInsert; +-#endif +-}; +- + #endif /* TimerThread_h___ */ +diff --git xpcom/threads/nsTimerImpl.cpp xpcom/threads/nsTimerImpl.cpp +index f6803791fe45..735271af089a 100644 +--- xpcom/threads/nsTimerImpl.cpp ++++ xpcom/threads/nsTimerImpl.cpp +@@ -133,16 +133,8 @@ nsTimer::Release(void) + NS_LOG_RELEASE(this, count, "nsTimer"); + + if (count == 1) { +- if (!mImpl->CancelCheckIfFiring()) { +- // Last ref, in nsTimerImpl::mITimer. Make sure the cycle is broken. +- // (when Cancel fails, nsTimerImpl::Fire is in progress, which has grabbed +- // another ref to the nsITimer since we checked the value of mRefCnt +- // above) +- // If there is a nsTimerEvent in a queue for this timer, the nsTimer will +- // live until that event pops, otherwise the nsTimerImpl will go away and +- // the nsTimer along with it. +- mImpl = nullptr; +- } ++ // Last ref, in nsTimerImpl::mITimer. Make sure the cycle is broken. ++ mImpl->CancelImpl(true); + } else if (count == 0) { + delete this; + } +@@ -322,31 +314,37 @@ nsTimerImpl::Init(nsIObserver* aObserver, uint32_t aDelay, uint32_t aType) + return InitCommon(aDelay, aType, mozilla::Move(cb)); + } + +-bool +-nsTimerImpl::CancelCheckIfFiring() ++nsresult ++nsTimerImpl::Cancel() + { +- Callback cb; ++ CancelImpl(false); ++ return NS_OK; ++} + +- MutexAutoLock lock(mMutex); ++void ++nsTimerImpl::CancelImpl(bool aClearITimer) ++{ ++ Callback cbTrash; ++ RefPtr timerTrash; + +- if (gThread) { +- gThread->RemoveTimer(this); +- } ++ { ++ MutexAutoLock lock(mMutex); ++ if (gThread) { ++ gThread->RemoveTimer(this); ++ } + +- cb.swap(mCallback); +- ++mGeneration; ++ cbTrash.swap(mCallback); ++ ++mGeneration; + +- if (mCallbackDuringFire.mType != Callback::Type::Unknown) { +- return true; ++ // Don't clear this if we're firing; once Fire returns, we'll get this call ++ // again. ++ if (aClearITimer && ++ (mCallbackDuringFire.mType == Callback::Type::Unknown)) { ++ MOZ_RELEASE_ASSERT(mITimer, "mITimer was nulled already! " ++ "This indicates that someone has messed up the refcount on nsTimer!"); ++ timerTrash.swap(mITimer); ++ } + } +- return false; +-} +- +-nsresult +-nsTimerImpl::Cancel() +-{ +- (void)CancelCheckIfFiring(); +- return NS_OK; + } + + nsresult +diff --git xpcom/threads/nsTimerImpl.h xpcom/threads/nsTimerImpl.h +index 4b26cd21d80a..1cb530c0be3d 100644 +--- xpcom/threads/nsTimerImpl.h ++++ xpcom/threads/nsTimerImpl.h +@@ -56,7 +56,7 @@ public: + static void Shutdown(); + + void SetDelayInternal(uint32_t aDelay, TimeStamp aBase = TimeStamp::Now()); +- bool CancelCheckIfFiring(); ++ void CancelImpl(bool aClearITimer); + + void Fire(int32_t aGeneration); + +@@ -211,7 +211,7 @@ public: + static double sDeltaSum; + static double sDeltaSumSquared; + static double sDeltaNum; +- const RefPtr mITimer; ++ RefPtr mITimer; + mozilla::Mutex mMutex; + Callback mCallback; + Callback mCallbackDuringFire; +@@ -225,7 +225,6 @@ public: + + friend class TimerThread; + friend class nsTimerEvent; +- friend struct TimerAdditionComparator; + + NS_DECL_THREADSAFE_ISUPPORTS + NS_FORWARD_SAFE_NSITIMER(mImpl); Property changes on: branches/2017Q4/www/firefox/files/patch-bug1383019 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1384121 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1384121 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1384121 (revision 454980) @@ -0,0 +1,218 @@ +commit 485ed2f2b015 +Author: Jan de Mooij +Date: Mon Sep 18 15:08:44 2017 +0200 + + Bug 1384121 part 1 - Don't sweep ObjectGroups under IC helper functions. r=bhackett +--- + js/src/jit/IonCacheIRCompiler.cpp | 4 ++-- + js/src/vm/ObjectGroup.h | 2 ++ + js/src/vm/TypeInference-inl.h | 29 ++++++++++++++++++++++------- + js/src/vm/UnboxedObject.cpp | 2 +- + 4 files changed, 27 insertions(+), 10 deletions(-) + +diff --git js/src/jit/IonCacheIRCompiler.cpp js/src/jit/IonCacheIRCompiler.cpp +index b11aed7966b6..bbfbdae57b12 100644 +--- js/src/jit/IonCacheIRCompiler.cpp ++++ js/src/jit/IonCacheIRCompiler.cpp +@@ -1324,9 +1324,9 @@ IonCacheIRCompiler::emitCallStringSplitResult() + static bool + GroupHasPropertyTypes(ObjectGroup* group, jsid* id, Value* v) + { +- if (group->unknownProperties()) ++ if (group->unknownPropertiesDontCheckGeneration()) + return true; +- HeapTypeSet* propTypes = group->maybeGetProperty(*id); ++ HeapTypeSet* propTypes = group->maybeGetPropertyDontCheckGeneration(*id); + if (!propTypes) + return true; + if (!propTypes->nonConstantProperty()) +diff --git js/src/vm/ObjectGroup.h js/src/vm/ObjectGroup.h +index 237b5a152576..0eba71ee084f 100644 +--- js/src/vm/ObjectGroup.h ++++ js/src/vm/ObjectGroup.h +@@ -390,6 +390,7 @@ class ObjectGroup : public gc::TenuredCell + + /* Get a property only if it already exists. */ + MOZ_ALWAYS_INLINE HeapTypeSet* maybeGetProperty(jsid id); ++ MOZ_ALWAYS_INLINE HeapTypeSet* maybeGetPropertyDontCheckGeneration(jsid id); + + /* + * Iterate through the group's properties. getPropertyCount overapproximates +@@ -471,6 +472,7 @@ class ObjectGroup : public gc::TenuredCell + } + + inline uint32_t basePropertyCount(); ++ inline uint32_t basePropertyCountDontCheckGeneration(); + + private: + inline void setBasePropertyCount(uint32_t count); +diff --git js/src/vm/TypeInference-inl.h js/src/vm/TypeInference-inl.h +index f7cd3459ef19..f2b0b9a52fbc 100644 +--- js/src/vm/TypeInference-inl.h ++++ js/src/vm/TypeInference-inl.h +@@ -369,10 +369,10 @@ TypeMonitorCall(JSContext* cx, const js::CallArgs& args, bool constructing) + MOZ_ALWAYS_INLINE bool + TrackPropertyTypes(JSObject* obj, jsid id) + { +- if (obj->hasLazyGroup() || obj->group()->unknownProperties()) ++ if (obj->hasLazyGroup() || obj->group()->unknownPropertiesDontCheckGeneration()) + return false; + +- if (obj->isSingleton() && !obj->group()->maybeGetProperty(id)) ++ if (obj->isSingleton() && !obj->group()->maybeGetPropertyDontCheckGeneration(id)) + return false; + + return true; +@@ -410,7 +410,7 @@ HasTrackedPropertyType(JSObject* obj, jsid id, TypeSet::Type type) + MOZ_ASSERT(id == IdToTypeId(id)); + MOZ_ASSERT(TrackPropertyTypes(obj, id)); + +- if (HeapTypeSet* types = obj->group()->maybeGetProperty(id)) { ++ if (HeapTypeSet* types = obj->group()->maybeGetPropertyDontCheckGeneration(id)) { + if (!types->hasType(type)) + return false; + // Non-constant properties are only relevant for singleton objects. +@@ -1074,10 +1074,18 @@ TypeSet::getObjectClass(unsigned i) const + // ObjectGroup + ///////////////////////////////////////////////////////////////////// + ++inline uint32_t ++ObjectGroup::basePropertyCountDontCheckGeneration() ++{ ++ uint32_t flags = flagsDontCheckGeneration(); ++ return (flags & OBJECT_FLAG_PROPERTY_COUNT_MASK) >> OBJECT_FLAG_PROPERTY_COUNT_SHIFT; ++} ++ + inline uint32_t + ObjectGroup::basePropertyCount() + { +- return (flags() & OBJECT_FLAG_PROPERTY_COUNT_MASK) >> OBJECT_FLAG_PROPERTY_COUNT_SHIFT; ++ maybeSweep(nullptr); ++ return basePropertyCountDontCheckGeneration(); + } + + inline void +@@ -1134,14 +1142,14 @@ ObjectGroup::getProperty(JSContext* cx, JSObject* obj, jsid id) + } + + MOZ_ALWAYS_INLINE HeapTypeSet* +-ObjectGroup::maybeGetProperty(jsid id) ++ObjectGroup::maybeGetPropertyDontCheckGeneration(jsid id) + { + MOZ_ASSERT(JSID_IS_VOID(id) || JSID_IS_EMPTY(id) || JSID_IS_STRING(id) || JSID_IS_SYMBOL(id)); + MOZ_ASSERT_IF(!JSID_IS_EMPTY(id), id == IdToTypeId(id)); +- MOZ_ASSERT(!unknownProperties()); ++ MOZ_ASSERT(!unknownPropertiesDontCheckGeneration()); + + Property* prop = TypeHashSet::Lookup +- (propertySet, basePropertyCount(), id); ++ (propertySet, basePropertyCountDontCheckGeneration(), id); + + if (!prop) + return nullptr; +@@ -1150,6 +1158,13 @@ ObjectGroup::maybeGetProperty(jsid id) + return &prop->types; + } + ++MOZ_ALWAYS_INLINE HeapTypeSet* ++ObjectGroup::maybeGetProperty(jsid id) ++{ ++ maybeSweep(nullptr); ++ return maybeGetPropertyDontCheckGeneration(id); ++} ++ + inline unsigned + ObjectGroup::getPropertyCount() + { +diff --git js/src/vm/UnboxedObject.cpp js/src/vm/UnboxedObject.cpp +index c155b7dc47c9..4e007489a67e 100644 +--- js/src/vm/UnboxedObject.cpp ++++ js/src/vm/UnboxedObject.cpp +@@ -363,7 +363,7 @@ UnboxedPlainObject::ensureExpando(JSContext* cx, Handle obj + bool + UnboxedPlainObject::containsUnboxedOrExpandoProperty(JSContext* cx, jsid id) const + { +- if (layout().lookup(id)) ++ if (layoutDontCheckGeneration().lookup(id)) + return true; + + if (maybeExpando() && maybeExpando()->containsShapeOrElement(cx, id)) +commit e240cf665f74 +Author: Jan de Mooij +Date: Wed Sep 20 12:13:54 2017 +0200 + + Bug 1384121 part 2 - Add asserts to catch similar bugs and fix some false positives. r=nbp +--- + js/src/jit/Bailouts.cpp | 4 ---- + js/src/jit/JSJitFrameIter.cpp | 2 ++ + js/src/jit/VMFunctions.cpp | 1 - + js/src/jit/arm/Trampoline-arm.cpp | 9 ++++++--- + js/src/jit/arm64/Trampoline-arm64.cpp | 9 ++++++--- + js/src/jit/mips32/Trampoline-mips32.cpp | 9 ++++++--- + js/src/jit/mips64/Trampoline-mips64.cpp | 9 ++++++--- + js/src/jit/x64/Trampoline-x64.cpp | 9 ++++++--- + js/src/jit/x86/Trampoline-x86.cpp | 9 ++++++--- + js/src/vm/ObjectGroup-inl.h | 1 + + js/src/vm/Stack.cpp | 2 ++ + js/src/vm/TypeInference.cpp | 3 +++ + 12 files changed, 44 insertions(+), 23 deletions(-) + +diff --git js/src/jit/JSJitFrameIter.cpp js/src/jit/JSJitFrameIter.cpp +index 3774b327d21c..ae76bc2abaf0 100644 +--- js/src/jit/JitFrameIterator.cpp ++++ js/src/jit/JitFrameIterator.cpp +@@ -25,6 +25,8 @@ JSJitFrameIter::JSJitFrameIter(const JitActivation* activation) + current_ = activation_->bailoutData()->fp(); + frameSize_ = activation_->bailoutData()->topFrameSize(); + type_ = JitFrame_Bailout; ++ } else { ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); + } + } + +diff --git js/src/vm/ObjectGroup-inl.h js/src/vm/ObjectGroup-inl.h +index 7e023ecbad8e..d7caa63d8725 100644 +--- js/src/vm/ObjectGroup-inl.h ++++ js/src/vm/ObjectGroup-inl.h +@@ -16,6 +16,7 @@ ObjectGroup::needsSweep() + { + // Note: this can be called off thread during compacting GCs, in which case + // nothing will be running on the active thread. ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); + return generation() != zoneFromAnyThread()->types.generation; + } + +diff --git js/src/vm/Stack.cpp js/src/vm/Stack.cpp +index d3c0038db5ca..0406195abd56 100644 +--- js/src/vm/Stack.cpp ++++ js/src/vm/Stack.cpp +@@ -605,6 +605,8 @@ FrameIter::popInterpreterFrame() + void + FrameIter::settleOnActivation() + { ++ MOZ_ASSERT(!data_.cx_->inUnsafeCallWithABI); ++ + while (true) { + if (data_.activations_.done()) { + data_.state_ = DONE; +diff --git js/src/vm/TypeInference.cpp js/src/vm/TypeInference.cpp +index f0562a4355f8..eba18e34397e 100644 +--- js/src/vm/TypeInference.cpp ++++ js/src/vm/TypeInference.cpp +@@ -4428,6 +4428,8 @@ ObjectGroup::sweep(AutoClearTypeInferenceStateOnOOM* oom) + /* static */ void + JSScript::maybeSweepTypes(AutoClearTypeInferenceStateOnOOM* oom) + { ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); ++ + if (!types_ || typesGeneration() == zone()->types.generation) + return; + +@@ -4611,6 +4613,7 @@ AutoClearTypeInferenceStateOnOOM::AutoClearTypeInferenceStateOnOOM(Zone* zone) + : zone(zone), oom(false) + { + MOZ_RELEASE_ASSERT(CurrentThreadCanAccessZone(zone)); ++ MOZ_ASSERT(!TlsContext.get()->inUnsafeCallWithABI); + zone->types.setSweepingTypes(true); + } + Property changes on: branches/2017Q4/www/firefox/files/patch-bug1384121 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1387799 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1387799 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1387799 (revision 454980) @@ -0,0 +1,49 @@ +commit e1c252eab1f4 +Author: Milan Sreckovic +Date: Mon Oct 23 16:22:47 2017 -0400 + + Bug 1387799 - Keep an extra reference. r=jrmuizel, a=ritu + + --HG-- + extra : source : 8199078921c6b4c0ee4c984100d33750dfe8e144 +--- + gfx/layers/ipc/CompositorBridgeChild.cpp | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git gfx/layers/ipc/CompositorBridgeChild.cpp gfx/layers/ipc/CompositorBridgeChild.cpp +index 9419f4b2da36..55fd9c10871b 100644 +--- gfx/layers/ipc/CompositorBridgeChild.cpp ++++ gfx/layers/ipc/CompositorBridgeChild.cpp +@@ -523,10 +523,14 @@ CompositorBridgeChild::RecvHideAllPlugins(const uintptr_t& aParentWidget) + } + + mozilla::ipc::IPCResult +-CompositorBridgeChild::RecvDidComposite(const uint64_t& aId, const uint64_t& aTransactionId, ++CompositorBridgeChild::RecvDidComposite(const uint64_t& aId, ++ const uint64_t& aTransactionId, + const TimeStamp& aCompositeStart, + const TimeStamp& aCompositeEnd) + { ++ // Hold a reference to keep texture pools alive. See bug 1387799 ++ AutoTArray,2> texturePools = mTexturePools; ++ + if (mLayerManager) { + MOZ_ASSERT(aId == 0); + MOZ_ASSERT(mLayerManager->GetBackendType() == LayersBackend::LAYERS_CLIENT || +@@ -541,13 +545,14 @@ CompositorBridgeChild::RecvDidComposite(const uint64_t& aId, const uint64_t& aTr + } + } + +- for (size_t i = 0; i < mTexturePools.Length(); i++) { +- mTexturePools[i]->ReturnDeferredClients(); ++ for (size_t i = 0; i < texturePools.Length(); i++) { ++ texturePools[i]->ReturnDeferredClients(); + } + + return IPC_OK(); + } + ++ + void + CompositorBridgeChild::ActorDestroy(ActorDestroyReason aWhy) + { Property changes on: branches/2017Q4/www/firefox/files/patch-bug1387799 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1387811 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1387811 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1387811 (revision 454980) @@ -0,0 +1,42 @@ +commit a1341ccf6d63 +Author: Christoph Kerschbaumer +Date: Sun Aug 6 11:37:09 2017 +0200 + + Bug 1387811 - Follow up for Test within Bug 1381761: CSP JSON is never null, hence it's better to check actual contents of JSON for testing. r=dveditz +--- + dom/security/test/csp/file_data_csp_inheritance.html | 6 ++++-- + dom/security/test/csp/test_data_csp_inheritance.html | 4 +++- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git dom/security/test/csp/file_data_csp_inheritance.html dom/security/test/csp/file_data_csp_inheritance.html +index 299c30255aa6..cbb4865343db 100644 +--- dom/security/test/csp/file_data_csp_inheritance.html ++++ dom/security/test/csp/file_data_csp_inheritance.html +@@ -13,8 +13,10 @@ + var frame = document.getElementById("dataFrame"); + var principal = SpecialPowers.wrap(frame.contentDocument).nodePrincipal; + var cspJSON = principal.cspJSON; +- var result = principal.cspJSON ? "dataInheritsCSP" : "dataDoesNotInheritCSP"; +- window.parent.postMessage({result}, "*"); ++ var cspOBJ = JSON.parse(principal.cspJSON); ++ // make sure we got >>one<< policy ++ var policies = cspOBJ["csp-policies"]; ++ window.parent.postMessage({result: policies.length}, "*"); + + + +diff --git dom/security/test/csp/test_data_csp_inheritance.html dom/security/test/csp/test_data_csp_inheritance.html +index 3afc4f7c02bc..bde2f5617e65 100644 +--- dom/security/test/csp/test_data_csp_inheritance.html ++++ dom/security/test/csp/test_data_csp_inheritance.html +@@ -22,7 +22,9 @@ SimpleTest.waitForExplicitFinish(); + window.addEventListener("message", receiveMessage); + function receiveMessage(event) { + window.removeEventListener("message", receiveMessage); +- is(event.data.result, "dataInheritsCSP", ++ // toplevel CSP should apply to data: URI iframe hence resulting ++ // in 1 applied policy. ++ is(event.data.result, 1, + "data: URI iframe inherits CSP from including context"); + SimpleTest.finish(); + } Property changes on: branches/2017Q4/www/firefox/files/patch-bug1387811 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1387845 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1387845 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1387845 (revision 454980) @@ -0,0 +1,38 @@ +commit 8687f49efa88 +Author: sotaro +Date: Wed Aug 23 13:49:29 2017 +0900 + + Bug 1387845 - Add more NS_BUILD_REFCNT_LOGGING in AtomicRefCountedWithFinalize r=nical +--- + gfx/layers/AtomicRefCountedWithFinalize.h | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git gfx/layers/AtomicRefCountedWithFinalize.h gfx/layers/AtomicRefCountedWithFinalize.h +index 37f0a9f592a1..9941ccb13f2d 100644 +--- gfx/layers/AtomicRefCountedWithFinalize.h ++++ gfx/layers/AtomicRefCountedWithFinalize.h +@@ -101,8 +101,12 @@ public: + private: + void AddRef() { + MOZ_ASSERT(mRefCount >= 0, "AddRef() during/after Finalize()/dtor."); +- mRefCount++; +- NS_LOG_ADDREF(this, mRefCount, mName, sizeof(*this)); ++#ifdef NS_BUILD_REFCNT_LOGGING ++ int currCount = ++mRefCount; ++ NS_LOG_ADDREF(this, currCount, mName, sizeof(*this)); ++#else ++ ++mRefCount; ++#endif + } + + void Release() { +@@ -118,7 +122,9 @@ private: + ++mRefCount; + return; + } ++#ifdef NS_BUILD_REFCNT_LOGGING + NS_LOG_RELEASE(this, currCount, mName); ++#endif + + if (0 == currCount) { + mRefCount = detail::DEAD; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1387845 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1394031 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1394031 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1394031 (revision 454980) @@ -0,0 +1,387 @@ +commit e70d76485c22 +Author: Thomas Nguyen +Date: Tue Sep 5 17:14:54 2017 +0800 + + Bug 1394031 - Remove mCryptoHash members of nsUrlClassifierDBServiceWorker and ProtocolParser + + The usage of cryptoHash consists of a complete set of Init, Update, and Finish, there's + no reason to keep it around + + MozReview-Commit-ID: 7bT9IsWEM5m +--- + toolkit/components/url-classifier/Classifier.cpp | 5 +--- + toolkit/components/url-classifier/Classifier.h | 2 -- + toolkit/components/url-classifier/Entries.h | 12 ++++++---- + .../components/url-classifier/ProtocolParser.cpp | 15 ++++-------- + toolkit/components/url-classifier/ProtocolParser.h | 4 ---- + .../url-classifier/nsUrlClassifierDBService.cpp | 8 ------- + .../url-classifier/nsUrlClassifierDBService.h | 3 --- + .../url-classifier/tests/gtest/Common.cpp | 3 +-- + .../url-classifier/tests/gtest/TestCaching.cpp | 28 ++++++++-------------- + .../url-classifier/tests/gtest/TestClassifier.cpp | 3 +-- + .../tests/gtest/TestLookupCacheV4.cpp | 3 +-- + .../tests/unit/head_urlclassifier.js | 3 +++ + 12 files changed, 29 insertions(+), 60 deletions(-) + +diff --git toolkit/components/url-classifier/Classifier.cpp toolkit/components/url-classifier/Classifier.cpp +index 68169925d2d0..404e31e2421e 100644 +--- toolkit/components/url-classifier/Classifier.cpp ++++ toolkit/components/url-classifier/Classifier.cpp +@@ -257,9 +257,6 @@ Classifier::Open(nsIFile& aCacheDirectory) + rv = CreateStoreDirectory(); + NS_ENSURE_SUCCESS(rv, rv); + +- mCryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); +- NS_ENSURE_SUCCESS(rv, rv); +- + // Build the list of know urlclassifier lists + // XXX: Disk IO potentially on the main thread during startup + RegenActiveTables(); +@@ -470,7 +467,7 @@ Classifier::Check(const nsACString& aSpec, + // Now check each lookup fragment against the entries in the DB. + for (uint32_t i = 0; i < fragments.Length(); i++) { + Completion lookupHash; +- lookupHash.FromPlaintext(fragments[i], mCryptoHash); ++ lookupHash.FromPlaintext(fragments[i]); + + if (LOG_ENABLED()) { + nsAutoCString checking; +diff --git toolkit/components/url-classifier/Classifier.h toolkit/components/url-classifier/Classifier.h +index 83cbcecf5ee8..e8bf890dc95a 100644 +--- toolkit/components/url-classifier/Classifier.h ++++ toolkit/components/url-classifier/Classifier.h +@@ -13,7 +13,6 @@ + #include "nsCOMPtr.h" + #include "nsString.h" + #include "nsIFile.h" +-#include "nsICryptoHash.h" + #include "nsDataHashtable.h" + + class nsIThread; +@@ -207,7 +206,6 @@ private: + nsCOMPtr mBackupDirectory; + nsCOMPtr mUpdatingDirectory; // For update only. + nsCOMPtr mToDeleteDirectory; +- nsCOMPtr mCryptoHash; + nsTArray mLookupCaches; // For query only. + nsTArray mActiveTablesCache; + uint32_t mHashKey; +diff --git toolkit/components/url-classifier/Entries.h toolkit/components/url-classifier/Entries.h +index bb32204db0f3..d664b57f1d27 100644 +--- toolkit/components/url-classifier/Entries.h ++++ toolkit/components/url-classifier/Entries.h +@@ -35,21 +35,25 @@ struct SafebrowsingHash + typedef SafebrowsingHash self_type; + uint8_t buf[S]; + +- nsresult FromPlaintext(const nsACString& aPlainText, nsICryptoHash* aHash) { ++ nsresult FromPlaintext(const nsACString& aPlainText) { + // From the protocol doc: + // Each entry in the chunk is composed + // of the SHA 256 hash of a suffix/prefix expression. ++ nsresult rv; ++ nsCOMPtr hash = ++ do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); ++ NS_ENSURE_SUCCESS(rv, rv); + +- nsresult rv = aHash->Init(nsICryptoHash::SHA256); ++ rv = hash->Init(nsICryptoHash::SHA256); + NS_ENSURE_SUCCESS(rv, rv); + +- rv = aHash->Update ++ rv = hash->Update + (reinterpret_cast(aPlainText.BeginReading()), + aPlainText.Length()); + NS_ENSURE_SUCCESS(rv, rv); + + nsAutoCString hashed; +- rv = aHash->Finish(false, hashed); ++ rv = hash->Finish(false, hashed); + NS_ENSURE_SUCCESS(rv, rv); + + NS_ASSERTION(hashed.Length() >= sHashSize, +diff --git toolkit/components/url-classifier/ProtocolParser.cpp toolkit/components/url-classifier/ProtocolParser.cpp +index 5f61c7bbcf6b..d4fce581e394 100644 +--- toolkit/components/url-classifier/ProtocolParser.cpp ++++ toolkit/components/url-classifier/ProtocolParser.cpp +@@ -80,13 +80,6 @@ ProtocolParser::~ProtocolParser() + CleanupUpdates(); + } + +-nsresult +-ProtocolParser::Init(nsICryptoHash* aHasher) +-{ +- mCryptoHash = aHasher; +- return NS_OK; +-} +- + void + ProtocolParser::CleanupUpdates() + { +@@ -404,7 +397,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + if (mChunkState.type == CHUNK_ADD) { + if (mChunkState.hashSize == COMPLETE_SIZE) { + Completion hash; +- hash.FromPlaintext(line, mCryptoHash); ++ hash.FromPlaintext(line); + nsresult rv = mTableUpdate->NewAddComplete(mChunkState.num, hash); + if (NS_FAILED(rv)) { + return rv; +@@ -412,7 +405,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + } else { + NS_ASSERTION(mChunkState.hashSize == 4, "Only 32- or 4-byte hashes can be used for add chunks."); + Prefix hash; +- hash.FromPlaintext(line, mCryptoHash); ++ hash.FromPlaintext(line); + nsresult rv = mTableUpdate->NewAddPrefix(mChunkState.num, hash); + if (NS_FAILED(rv)) { + return rv; +@@ -433,7 +426,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + + if (mChunkState.hashSize == COMPLETE_SIZE) { + Completion hash; +- hash.FromPlaintext(Substring(iter, end), mCryptoHash); ++ hash.FromPlaintext(Substring(iter, end)); + nsresult rv = mTableUpdate->NewSubComplete(addChunk, hash, mChunkState.num); + if (NS_FAILED(rv)) { + return rv; +@@ -441,7 +434,7 @@ ProtocolParserV2::ProcessPlaintextChunk(const nsACString& aChunk) + } else { + NS_ASSERTION(mChunkState.hashSize == 4, "Only 32- or 4-byte hashes can be used for add chunks."); + Prefix hash; +- hash.FromPlaintext(Substring(iter, end), mCryptoHash); ++ hash.FromPlaintext(Substring(iter, end)); + nsresult rv = mTableUpdate->NewSubPrefix(addChunk, hash, mChunkState.num); + if (NS_FAILED(rv)) { + return rv; +diff --git toolkit/components/url-classifier/ProtocolParser.h toolkit/components/url-classifier/ProtocolParser.h +index 329911621f18..066e8892df7b 100644 +--- toolkit/components/url-classifier/ProtocolParser.h ++++ toolkit/components/url-classifier/ProtocolParser.h +@@ -7,7 +7,6 @@ + #define ProtocolParser_h__ + + #include "HashStore.h" +-#include "nsICryptoHMAC.h" + #include "safebrowsing.pb.h" + + namespace mozilla { +@@ -28,8 +27,6 @@ public: + + nsresult Status() const { return mUpdateStatus; } + +- nsresult Init(nsICryptoHash* aHasher); +- + #ifdef MOZ_SAFEBROWSING_DUMP_FAILED_UPDATES + virtual nsCString GetRawTableUpdates() const { return mPending; } + #endif +@@ -73,7 +70,6 @@ protected: + nsTArray mTableUpdates; + + nsTArray mForwards; +- nsCOMPtr mCryptoHash; + + // The table names that were requested from the client. + nsTArray mRequestedTables; +diff --git toolkit/components/url-classifier/nsUrlClassifierDBService.cpp toolkit/components/url-classifier/nsUrlClassifierDBService.cpp +index 6d82c25de7cf..40de1b4130b0 100644 +--- toolkit/components/url-classifier/nsUrlClassifierDBService.cpp ++++ toolkit/components/url-classifier/nsUrlClassifierDBService.cpp +@@ -8,8 +8,6 @@ + #include "nsAppDirectoryServiceDefs.h" + #include "nsArrayUtils.h" + #include "nsCRT.h" +-#include "nsICryptoHash.h" +-#include "nsICryptoHMAC.h" + #include "nsIDirectoryService.h" + #include "nsIKeyModule.h" + #include "nsIObserverService.h" +@@ -467,8 +465,6 @@ nsUrlClassifierDBServiceWorker::BeginStream(const nsACString &table) + return NS_ERROR_OUT_OF_MEMORY; + } + +- mProtocolParser->Init(mCryptoHash); +- + if (!table.IsEmpty()) { + mProtocolParser->SetCurrentTable(table); + } +@@ -809,7 +805,6 @@ nsUrlClassifierDBServiceWorker::CloseDb() + mClassifier = nullptr; + } + +- mCryptoHash = nullptr; + LOG(("urlclassifier db closed\n")); + + return NS_OK; +@@ -944,9 +939,6 @@ nsUrlClassifierDBServiceWorker::OpenDb() + } + + nsresult rv; +- mCryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv); +- NS_ENSURE_SUCCESS(rv, rv); +- + nsAutoPtr classifier(new (fallible) Classifier()); + if (!classifier) { + return NS_ERROR_OUT_OF_MEMORY; +diff --git toolkit/components/url-classifier/nsUrlClassifierDBService.h toolkit/components/url-classifier/nsUrlClassifierDBService.h +index 8d284f5b0842..a4c5952e91bb 100644 +--- toolkit/components/url-classifier/nsUrlClassifierDBService.h ++++ toolkit/components/url-classifier/nsUrlClassifierDBService.h +@@ -270,9 +270,6 @@ private: + + bool IsSameAsLastResults(CacheResultArray& aResult); + +- // Can only be used on the background thread +- nsCOMPtr mCryptoHash; +- + nsAutoPtr mClassifier; + // The class that actually parses the update chunks. + nsAutoPtr mProtocolParser; +diff --git toolkit/components/url-classifier/tests/gtest/Common.cpp toolkit/components/url-classifier/tests/gtest/Common.cpp +index 2d11cf87ccca..812151f569a4 100644 +--- toolkit/components/url-classifier/tests/gtest/Common.cpp ++++ toolkit/components/url-classifier/tests/gtest/Common.cpp +@@ -152,8 +152,7 @@ nsCString + GeneratePrefix(const nsCString& aFragment, uint8_t aLength) + { + Completion complete; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- complete.FromPlaintext(aFragment, cryptoHash); ++ complete.FromPlaintext(aFragment); + + nsCString hash; + hash.Assign((const char *)complete.buf, aLength); +diff --git toolkit/components/url-classifier/tests/gtest/TestCaching.cpp toolkit/components/url-classifier/tests/gtest/TestCaching.cpp +index b280f7c61af6..7a9f5cdbb0e7 100644 +--- toolkit/components/url-classifier/tests/gtest/TestCaching.cpp ++++ toolkit/components/url-classifier/tests/gtest/TestCaching.cpp +@@ -18,14 +18,11 @@ SetupCacheEntry(LookupCacheV2* aLookupCache, + MissPrefixArray misses; + MissPrefixArray emptyMisses; + +- nsCOMPtr cryptoHash = +- do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- + AddComplete* add = completes.AppendElement(fallible); +- add->complete.FromPlaintext(aCompletion, cryptoHash); ++ add->complete.FromPlaintext(aCompletion); + + Prefix* prefix = misses.AppendElement(fallible); +- prefix->FromPlaintext(aCompletion, cryptoHash); ++ prefix->FromPlaintext(aCompletion); + + // Setup positive cache first otherwise negative cache expiry will be + // overwritten. +@@ -45,9 +42,7 @@ SetupCacheEntry(LookupCacheV4* aLookupCache, + FullHashResponseMap map; + + Prefix prefix; +- nsCOMPtr cryptoHash = +- do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- prefix.FromPlaintext(aCompletion, cryptoHash); ++ prefix.FromPlaintext(aCompletion); + + CachedFullHashResponse* response = map.LookupOrAdd(prefix.ToUint32()); + +@@ -104,8 +99,7 @@ TestCache(const _Fragment& aFragment, + T* aCache = nullptr) + { + Completion lookupHash; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- lookupHash.FromPlaintext(aFragment, cryptoHash); ++ lookupHash.FromPlaintext(aFragment); + + TestCache(lookupHash, aExpectedHas, aExpectedConfirmed, aExpectedInCache, aCache); + } +@@ -148,13 +142,12 @@ TEST(UrlClassifierCaching, InNegativeCacheNotExpired) + { + // Create a fullhash whose prefix matches the prefix in negative cache + // but completion doesn't match any fullhash in positive cache. +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); + + Completion prefix; +- prefix.FromPlaintext(_Fragment("cache.notexpired.com/"), cryptoHash); ++ prefix.FromPlaintext(_Fragment("cache.notexpired.com/")); + + Completion fullhash; +- fullhash.FromPlaintext(_Fragment("firefox.com/"), cryptoHash); ++ fullhash.FromPlaintext(_Fragment("firefox.com/")); + + // Overwrite the 4-byte prefix of `fullhash` so that it conflicts with `prefix`. + // Since "cache.notexpired.com" is added to database in TestCache as a +@@ -171,13 +164,12 @@ TEST(UrlClassifierCaching, InNegativeCacheNotExpired) + TEST(UrlClassifierCaching, InNegativeCacheExpired) + { + // Create a fullhash whose prefix is in the cache. +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); + + Completion prefix; +- prefix.FromPlaintext(_Fragment("cache.expired.com/"), cryptoHash); ++ prefix.FromPlaintext(_Fragment("cache.expired.com/")); + + Completion fullhash; +- fullhash.FromPlaintext(_Fragment("firefox.com/"), cryptoHash); ++ fullhash.FromPlaintext(_Fragment("firefox.com/")); + + memcpy(fullhash.buf, prefix.buf, 10); + +@@ -255,7 +247,7 @@ TEST(UrlClassifierCaching, NegativeCacheExpireV2) + + MissPrefixArray misses; + Prefix* prefix = misses.AppendElement(fallible); +- prefix->FromPlaintext(NEG_CACHE_EXPIRED_URL, cryptoHash); ++ prefix->FromPlaintext(NEG_CACHE_EXPIRED_URL); + + AddCompleteArray dummy; + cache->AddGethashResultToCache(dummy, misses, EXPIRED_TIME_SEC); +@@ -275,7 +267,7 @@ TEST(UrlClassifierCaching, NegativeCacheExpireV4) + FullHashResponseMap map; + Prefix prefix; + nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- prefix.FromPlaintext(NEG_CACHE_EXPIRED_URL, cryptoHash); ++ prefix.FromPlaintext(NEG_CACHE_EXPIRED_URL); + CachedFullHashResponse* response = map.LookupOrAdd(prefix.ToUint32()); + + response->negativeCacheExpirySec = EXPIRED_TIME_SEC; +diff --git toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp +index a4d21581315e..23b7e9ef59d1 100644 +--- toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp ++++ toolkit/components/url-classifier/tests/gtest/TestClassifier.cpp +@@ -71,8 +71,7 @@ TestReadNoiseEntries(Classifier* classifier, + const nsCString& aFragment) + { + Completion lookupHash; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- lookupHash.FromPlaintext(aFragment, cryptoHash); ++ lookupHash.FromPlaintext(aFragment); + LookupResult result; + result.hash.complete = lookupHash; + +diff --git toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp +index b2ed091ae308..3fbea2d9d475 100644 +--- toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp ++++ toolkit/components/url-classifier/tests/gtest/TestLookupCacheV4.cpp +@@ -17,8 +17,7 @@ TestHasPrefix(const _Fragment& aFragment, bool aExpectedHas, bool aExpectedCompl + UniquePtr cache = SetupLookupCache(array); + + Completion lookupHash; +- nsCOMPtr cryptoHash = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID); +- lookupHash.FromPlaintext(aFragment, cryptoHash); ++ lookupHash.FromPlaintext(aFragment); + + bool has, confirmed; + uint32_t matchLength; +diff --git toolkit/components/url-classifier/tests/unit/head_urlclassifier.js toolkit/components/url-classifier/tests/unit/head_urlclassifier.js +index f52ded37c2e9..61b0c170d457 100644 +--- toolkit/components/url-classifier/tests/unit/head_urlclassifier.js ++++ toolkit/components/url-classifier/tests/unit/head_urlclassifier.js +@@ -17,6 +17,9 @@ do_get_profile(); + + var dirSvc = Cc["@mozilla.org/file/directory_service;1"].getService(Ci.nsIProperties); + ++// Ensure PSM is initialized before the test ++Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); ++ + var iosvc = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService); + + var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"] Property changes on: branches/2017Q4/www/firefox/files/patch-bug1394031 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1394265 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1394265 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1394265 (revision 454980) @@ -0,0 +1,24 @@ +commit a51675964a63 +Author: Jeff Gilbert +Date: Tue Oct 17 17:14:29 2017 -0700 + + Bug 1394265 - Set MAX_COMBINED_TEXTURE_IMAGE_UNITS to 0 if GetIntegeriv fails. - r=daoshengmu a=ritu + + MozReview-Commit-ID: 5h6UPXczKhb +--- + dom/canvas/WebGLContextValidate.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git dom/canvas/WebGLContextValidate.cpp dom/canvas/WebGLContextValidate.cpp +index a8334e546414..ebf0aa8c2d78 100644 +--- dom/canvas/WebGLContextValidate.cpp ++++ dom/canvas/WebGLContextValidate.cpp +@@ -554,7 +554,7 @@ WebGLContext::InitAndValidateGL(FailureReason* const out_failReason) + if (MinCapabilityMode()) + mGLMaxTextureUnits = MINVALUE_GL_MAX_COMBINED_TEXTURE_IMAGE_UNITS; + else +- gl->fGetIntegerv(LOCAL_GL_MAX_COMBINED_TEXTURE_IMAGE_UNITS, &mGLMaxTextureUnits); ++ mGLMaxTextureUnits = gl->GetIntAs(LOCAL_GL_MAX_COMBINED_TEXTURE_IMAGE_UNITS); + + if (mGLMaxTextureUnits < 8) { + const nsPrintfCString reason("GL_MAX_COMBINED_TEXTURE_IMAGE_UNITS: %d is < 8!", Property changes on: branches/2017Q4/www/firefox/files/patch-bug1394265 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1394530 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1394530 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1394530 (revision 454980) @@ -0,0 +1,60 @@ +commit a2b75aa9409c +Author: Tooru Fujisawa +Date: Sun Sep 17 19:52:04 2017 +0900 + + Bug 1394530 - Stop using optimized path for non PromiseObject. r=till, a=sledru + + --HG-- + extra : source : 079ff8998fd50540948d3262a3a8b1f4d61b43e9 +--- + js/src/builtin/Promise.cpp | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git js/src/builtin/Promise.cpp js/src/builtin/Promise.cpp +index 1cb1cff0682e..e316f090504d 100644 +--- js/src/builtin/Promise.cpp ++++ js/src/builtin/Promise.cpp +@@ -2365,6 +2365,15 @@ NewReactionRecord(JSContext* cx, HandleObject resultPromise, HandleValue onFulfi + HandleValue onRejected, HandleObject resolve, HandleObject reject, + HandleObject incumbentGlobalObject) + { ++ // Either of the following conditions must be met: ++ // * resultPromise is a PromiseObject ++ // * resolve and reject are callable ++ // except for Async Generator, there resultPromise can be nullptr. ++ MOZ_ASSERT_IF(resultPromise && !resultPromise->is(), resolve); ++ MOZ_ASSERT_IF(resultPromise && !resultPromise->is(), IsCallable(resolve)); ++ MOZ_ASSERT_IF(resultPromise && !resultPromise->is(), reject); ++ MOZ_ASSERT_IF(resultPromise && !resultPromise->is(), IsCallable(reject)); ++ + Rooted reaction(cx, NewObjectWithClassProto(cx)); + if (!reaction) + return nullptr; +@@ -3072,7 +3081,7 @@ BlockOnPromise(JSContext* cx, HandleValue promiseVal, HandleObject blockedPromis + // rejected promises list. + bool addToDependent = true; + +- if (C == PromiseCtor) { ++ if (C == PromiseCtor && resultPromise->is()) { + addToDependent = false; + } else { + // 25.4.5.3., step 4. +@@ -3131,12 +3140,14 @@ BlockOnPromise(JSContext* cx, HandleValue promiseVal, HandleObject blockedPromis + return false; + } + +- // If the object to depend on isn't a, maybe-wrapped, Promise instance, +- // we ignore it. All this does is lose some small amount of debug +- // information in scenarios that are highly unlikely to occur in useful +- // code. ++ // If either the object to depend on or the object that gets blocked isn't ++ // a, maybe-wrapped, Promise instance, we ignore it. All this does is lose ++ // some small amount of debug information in scenarios that are highly ++ // unlikely to occur in useful code. + if (!unwrappedPromiseObj->is()) + return true; ++ if (!blockedPromise_->is()) ++ return true; + + Rooted promise(cx, &unwrappedPromiseObj->as()); + return AddPromiseReaction(cx, promise, UndefinedHandleValue, UndefinedHandleValue, Property changes on: branches/2017Q4/www/firefox/files/patch-bug1394530 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1395138 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1395138 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1395138 (revision 454980) @@ -0,0 +1,49 @@ +commit 8ab8a207d511 +Author: Jamie Nicol +Date: Mon Oct 9 17:48:59 2017 +0100 + + Bug 1395138 - Hold reference to layers in ContainerLayerComposite::mPrepared. r=mattwoodrow, a=sledru + + MozReview-Commit-ID: 6qUDRnRcFAw +--- + gfx/layers/composite/ContainerLayerComposite.cpp | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git gfx/layers/composite/ContainerLayerComposite.cpp gfx/layers/composite/ContainerLayerComposite.cpp +index aad2993629fc..28d9e79925a0 100755 +--- gfx/layers/composite/ContainerLayerComposite.cpp ++++ gfx/layers/composite/ContainerLayerComposite.cpp +@@ -161,12 +161,12 @@ static gfx::IntRect ContainerVisibleRect(ContainerT* aContainer) + /* all of the per-layer prepared data we need to maintain */ + struct PreparedLayer + { +- PreparedLayer(LayerComposite *aLayer, ++ PreparedLayer(Layer *aLayer, + RenderTargetIntRect aClipRect, + Maybe&& aGeometry) + : mLayer(aLayer), mClipRect(aClipRect), mGeometry(Move(aGeometry)) {} + +- LayerComposite* mLayer; ++ RefPtr mLayer; + RenderTargetIntRect mClipRect; + Maybe mGeometry; + }; +@@ -230,7 +230,8 @@ ContainerPrepare(ContainerT* aContainer, + CULLING_LOG("Preparing sublayer %p\n", layerToRender->GetLayer()); + + layerToRender->Prepare(clipRect); +- aContainer->mPrepared->mLayers.AppendElement(PreparedLayer(layerToRender, clipRect, ++ aContainer->mPrepared->mLayers.AppendElement(PreparedLayer(layerToRender->GetLayer(), ++ clipRect, + Move(layer.geometry))); + } + +@@ -408,7 +409,7 @@ RenderLayers(ContainerT* aContainer, LayerManagerComposite* aManager, + PreparedLayer& preparedData = aContainer->mPrepared->mLayers[i]; + + const gfx::IntRect clipRect = preparedData.mClipRect.ToUnknownRect(); +- LayerComposite* layerToRender = preparedData.mLayer; ++ LayerComposite* layerToRender = static_cast(preparedData.mLayer->ImplData()); + const Maybe& childGeometry = preparedData.mGeometry; + + Layer* layer = layerToRender->GetLayer(); Property changes on: branches/2017Q4/www/firefox/files/patch-bug1395138 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1397811 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1397811 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1397811 (revision 454980) @@ -0,0 +1,48 @@ +commit 2bffd0136caf +Author: Olli Pettay +Date: Fri Oct 20 11:02:29 2017 +0100 + + Bug 1397811 - In order to not leak properties, ensure all the properties of adopted nodes are removed in case the adopt call fails. r=bz, a=lizzard + + --HG-- + extra : source : b609906f34b50f8e4236d0fee8d01338181dd906 +--- + dom/base/nsNodeUtils.cpp | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git dom/base/nsNodeUtils.cpp dom/base/nsNodeUtils.cpp +index dd958aa443ce..20e714d54065 100644 +--- dom/base/nsNodeUtils.cpp ++++ dom/base/nsNodeUtils.cpp +@@ -605,6 +605,15 @@ nsNodeUtils::CloneAndAdopt(nsINode *aNode, bool aClone, bool aDeep, + } + } + ++ if (aNodesWithProperties && aNode->HasProperties()) { ++ bool ok = aNodesWithProperties->AppendObject(aNode); ++ MOZ_RELEASE_ASSERT(ok, "Out of memory"); ++ if (aClone) { ++ ok = aNodesWithProperties->AppendObject(clone); ++ MOZ_RELEASE_ASSERT(ok, "Out of memory"); ++ } ++ } ++ + if (aDeep && (!aClone || !aNode->IsNodeOfType(nsINode::eATTRIBUTE))) { + // aNode's children. + for (nsIContent* cloneChild = aNode->GetFirstChild(); +@@ -664,15 +673,6 @@ nsNodeUtils::CloneAndAdopt(nsINode *aNode, bool aClone, bool aDeep, + } + #endif + +- if (aNodesWithProperties && aNode->HasProperties()) { +- bool ok = aNodesWithProperties->AppendObject(aNode); +- if (aClone) { +- ok = ok && aNodesWithProperties->AppendObject(clone); +- } +- +- NS_ENSURE_TRUE(ok, NS_ERROR_OUT_OF_MEMORY); +- } +- + clone.forget(aResult); + + return NS_OK; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1397811 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1399922 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1399922 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1399922 (revision 454980) @@ -0,0 +1,104 @@ +commit aec4b24e060f +Author: Jan-Ivar Bruaroey +Date: Thu Sep 21 10:45:56 2017 -0400 + + Bug 1399922 - Use a static mutex for getting deviceId keys in MediaParent. r=jesup, a=sledru + + MozReview-Commit-ID: E6pzyAM4jOQ + + --HG-- + extra : source : b030607a3ddbc015d30dbffc5eba0789cae6db62 +--- + dom/media/systemservices/MediaParent.cpp | 32 +++++++++++++++++++++----------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +diff --git dom/media/systemservices/MediaParent.cpp dom/media/systemservices/MediaParent.cpp +index c7798dd73dc6..485f9bdee808 100644 +--- dom/media/systemservices/MediaParent.cpp ++++ dom/media/systemservices/MediaParent.cpp +@@ -37,6 +37,7 @@ mozilla::LazyLogModule gMediaParentLog("MediaParent"); + namespace mozilla { + namespace media { + ++StaticMutex sOriginKeyStoreMutex; + static OriginKeyStore* sOriginKeyStore = nullptr; + + class OriginKeyStore : public nsISupports +@@ -396,6 +397,7 @@ class OriginKeyStore : public nsISupports + private: + virtual ~OriginKeyStore() + { ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); + sOriginKeyStore = nullptr; + LOG((__FUNCTION__)); + } +@@ -404,6 +406,7 @@ public: + static OriginKeyStore* Get() + { + MOZ_ASSERT(NS_IsMainThread()); ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); + if (!sOriginKeyStore) { + sOriginKeyStore = new OriginKeyStore(); + } +@@ -447,8 +450,8 @@ Parent::RecvGetPrincipalKey(const uint32_t& aRequestId, + return IPCResult(this, false); + } + +- // Then over to stream-transport thread to do the actual file io. +- // Stash a pledge to hold the answer and get an id for this request. ++ // Then over to stream-transport thread (a thread pool) to do the actual ++ // file io. Stash a pledge to hold the answer and get an id for this request. + + RefPtr> p = new Pledge(); + uint32_t id = mOutstandingPledges.Append(*p); +@@ -460,14 +463,18 @@ Parent::RecvGetPrincipalKey(const uint32_t& aRequestId, + rv = sts->Dispatch(NewRunnableFrom([this, that, id, profileDir, + aPrincipalInfo, aPersist]() -> nsresult { + MOZ_ASSERT(!NS_IsMainThread()); +- mOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); ++ if (!sOriginKeyStore) { ++ return NS_ERROR_FAILURE; ++ } ++ sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); + + nsresult rv; + nsAutoCString result; + if (IsPincipalInfoPrivate(aPrincipalInfo)) { +- rv = mOriginKeyStore->mPrivateBrowsingOriginKeys.GetPrincipalKey(aPrincipalInfo, result); ++ rv = sOriginKeyStore->mPrivateBrowsingOriginKeys.GetPrincipalKey(aPrincipalInfo, result); + } else { +- rv = mOriginKeyStore->mOriginKeys.GetPrincipalKey(aPrincipalInfo, result, aPersist); ++ rv = sOriginKeyStore->mOriginKeys.GetPrincipalKey(aPrincipalInfo, result, aPersist); + } + + if (NS_WARN_IF(NS_FAILED(rv))) { +@@ -518,19 +525,22 @@ Parent::RecvSanitizeOriginKeys(const uint64_t& aSinceWhen, + if (NS_WARN_IF(NS_FAILED(rv))) { + return IPCResult(this, false); + } +- // Over to stream-transport thread to do the file io. ++ // Over to stream-transport thread (a thread pool) to do the file io. + + nsCOMPtr sts = do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID); + MOZ_ASSERT(sts); +- RefPtr store(mOriginKeyStore); + +- rv = sts->Dispatch(NewRunnableFrom([profileDir, store, aSinceWhen, ++ rv = sts->Dispatch(NewRunnableFrom([profileDir, aSinceWhen, + aOnlyPrivateBrowsing]() -> nsresult { + MOZ_ASSERT(!NS_IsMainThread()); +- store->mPrivateBrowsingOriginKeys.Clear(aSinceWhen); ++ StaticMutexAutoLock lock(sOriginKeyStoreMutex); ++ if (!sOriginKeyStore) { ++ return NS_ERROR_FAILURE; ++ } ++ sOriginKeyStore->mPrivateBrowsingOriginKeys.Clear(aSinceWhen); + if (!aOnlyPrivateBrowsing) { +- store->mOriginKeys.SetProfileDir(profileDir); +- store->mOriginKeys.Clear(aSinceWhen); ++ sOriginKeyStore->mOriginKeys.SetProfileDir(profileDir); ++ sOriginKeyStore->mOriginKeys.Clear(aSinceWhen); + } + return NS_OK; + }), NS_DISPATCH_NORMAL); Property changes on: branches/2017Q4/www/firefox/files/patch-bug1399922 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1400003 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1400003 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1400003 (revision 454980) @@ -0,0 +1,120 @@ +commit 677c707a4f11 +Author: Jon Coppeard +Date: Mon Oct 9 10:03:20 2017 +0100 + + Bug 1400003 - Mark Heap and barrier classes as MOZ_NON_MEMMOVABLE. r=sfink, r=froydnj, a=lizzard + + --HG-- + extra : source : 6ad5b916c9659aeb4b901d8f9ec7f121dc2c4418 +--- + js/public/RootingAPI.h | 10 +++++++++- + js/src/gc/Barrier.h | 5 ++++- + xpcom/ds/nsTArray.h | 27 +++++++++++++-------------- + 3 files changed, 26 insertions(+), 16 deletions(-) + +diff --git js/public/RootingAPI.h js/public/RootingAPI.h +index 74a61af93703..f8ec7c5a1f5b 100644 +--- js/public/RootingAPI.h ++++ js/public/RootingAPI.h +@@ -231,7 +231,7 @@ AssertGCThingIsNotAnObjectSubclass(js::gc::Cell* cell) {} + * Type T must be a public GC pointer type. + */ + template +-class Heap : public js::HeapBase> ++class MOZ_NON_MEMMOVABLE Heap : public js::HeapBase> + { + // Please note: this can actually also be used by nsXBLMaybeCompiled, for legacy reasons. + static_assert(js::IsHeapConstructibleType::value, +@@ -1246,6 +1246,14 @@ class JS_PUBLIC_API(ObjectPtr) + + explicit ObjectPtr(JSObject* obj) : value(obj) {} + ++ ObjectPtr(const ObjectPtr& other) : value(other.value) {} ++ ++ ObjectPtr(ObjectPtr&& other) ++ : value(other.value) ++ { ++ other.value = nullptr; ++ } ++ + /* Always call finalize before the destructor. */ + ~ObjectPtr() { MOZ_ASSERT(!value); } + +diff --git js/src/gc/Barrier.h js/src/gc/Barrier.h +index 9c4f53975752..1740315c14e9 100644 +--- js/src/gc/Barrier.h ++++ js/src/gc/Barrier.h +@@ -318,8 +318,11 @@ struct InternalBarrierMethods + }; + + // Base class of all barrier types. ++// ++// This is marked non-memmovable since post barriers added by derived classes ++// can add pointers to class instances to the store buffer. + template +-class BarrieredBase ++class MOZ_NON_MEMMOVABLE BarrieredBase + { + protected: + // BarrieredBase is not directly instantiable. +diff --git xpcom/ds/nsTArray.h xpcom/ds/nsTArray.h +index 424a50ba421e..4e9b57126bfb 100644 +--- xpcom/ds/nsTArray.h ++++ xpcom/ds/nsTArray.h +@@ -37,6 +37,7 @@ + namespace JS { + template + class Heap; ++class ObjectPtr; + } /* namespace JS */ + + class nsRegion; +@@ -708,7 +709,7 @@ struct nsTArray_CopyWithConstructors + template + struct MOZ_NEEDS_MEMMOVABLE_TYPE nsTArray_CopyChooser + { +- typedef nsTArray_CopyWithMemutils Type; ++ using Type = nsTArray_CopyWithMemutils; + }; + + // +@@ -719,14 +720,18 @@ struct MOZ_NEEDS_MEMMOVABLE_TYPE nsTArray_CopyChooser + template<> \ + struct nsTArray_CopyChooser \ + { \ +- typedef nsTArray_CopyWithConstructors Type; \ ++ using Type = nsTArray_CopyWithConstructors; \ + }; + +-template +-struct nsTArray_CopyChooser> +-{ +- typedef nsTArray_CopyWithConstructors> Type; +-}; ++#define DECLARE_USE_COPY_CONSTRUCTORS_FOR_TEMPLATE(T) \ ++ template \ ++ struct nsTArray_CopyChooser> \ ++ { \ ++ using Type = nsTArray_CopyWithConstructors>; \ ++ }; ++ ++DECLARE_USE_COPY_CONSTRUCTORS_FOR_TEMPLATE(JS::Heap) ++DECLARE_USE_COPY_CONSTRUCTORS_FOR_TEMPLATE(std::function) + + DECLARE_USE_COPY_CONSTRUCTORS(nsRegion) + DECLARE_USE_COPY_CONSTRUCTORS(nsIntRegion) +@@ -740,13 +745,7 @@ DECLARE_USE_COPY_CONSTRUCTORS(mozilla::dom::indexedDB::SerializedStructuredClone + DECLARE_USE_COPY_CONSTRUCTORS(JSStructuredCloneData) + DECLARE_USE_COPY_CONSTRUCTORS(mozilla::dom::MessagePortMessage) + DECLARE_USE_COPY_CONSTRUCTORS(mozilla::SourceBufferTask) +- +-template +-struct nsTArray_CopyChooser> +-{ +- typedef nsTArray_CopyWithConstructors> Type; +-}; +- ++DECLARE_USE_COPY_CONSTRUCTORS(JS::ObjectPtr) + + // + // Base class for nsTArray_Impl that is templated on element type and derived Property changes on: branches/2017Q4/www/firefox/files/patch-bug1400003 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1400554 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1400554 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1400554 (revision 454980) @@ -0,0 +1,27 @@ +commit 62b41b600acc +Author: Dragana Damjanovic +Date: Mon Oct 9 14:59:32 2017 -0400 + + Bug 1400554 - Cancel a time in TLSFilterTransaction if transaction is canceled. r=mcmanus, a=ritu + + --HG-- + extra : source : 67315954145e9cae0efe8c5323452a70a13c5484 +--- + netwerk/protocol/http/TunnelUtils.cpp | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git netwerk/protocol/http/TunnelUtils.cpp netwerk/protocol/http/TunnelUtils.cpp +index d0f6ef0b1873..0cf3ea4f3008 100644 +--- netwerk/protocol/http/TunnelUtils.cpp ++++ netwerk/protocol/http/TunnelUtils.cpp +@@ -126,6 +126,10 @@ TLSFilterTransaction::Close(nsresult aReason) + return; + } + ++ if (mTimer) { ++ mTimer->Cancel(); ++ mTimer = nullptr; ++ } + mTransaction->Close(aReason); + mTransaction = nullptr; + } Property changes on: branches/2017Q4/www/firefox/files/patch-bug1400554 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1401339 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1401339 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1401339 (revision 454980) @@ -0,0 +1,76 @@ +commit 5d3c733f43dd +Author: Gabriele Svelto +Date: Fri Sep 22 15:06:22 2017 +0200 + + Bug 1401339 - Look for libcurl under platform-specific paths; r=Dexter a=sylvestre + + MozReview-Commit-ID: 6wijqLsar56 + + --HG-- + extra : source : ebd3c3b2d64442c2b5eb7ab3e87c4b423311f3f4 +--- + .../pingsender/pingsender_unix_common.cpp | 40 +++++++++++++++------- + 1 file changed, 28 insertions(+), 12 deletions(-) + +diff --git toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +index b1cea81f6288..ae20f4114193 100644 +--- toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp ++++ toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +@@ -80,29 +80,45 @@ CurlWrapper::~CurlWrapper() + bool + CurlWrapper::Init() + { +- // libcurl might show up under different names, try them all until we find it ++ const char* libcurlPaths[] = { ++ "/usr/lib", ++#ifdef XP_LINUX ++ "/usr/lib32", ++ "/usr/lib64", ++ "/usr/lib/i386-linux-gnu", // Debian 32-bit x86 ++ "/usr/lib/x86_64-linux-gnu", // Debian 64-bit x86 ++#endif // XP_LINUX ++ }; ++ + const char* libcurlNames[] = { ++#ifdef XP_LINUX + "libcurl.so", + "libcurl.so.4", + // Debian gives libcurl a different name when it is built against GnuTLS ++ "libcurl-gnutls.so", + "libcurl-gnutls.so.4", +- // Older libcurl if we can't find anything better ++ // Older versions in case we find nothing better + "libcurl.so.3", +-#ifndef HAVE_64BIT_BUILD +- // 32-bit versions on 64-bit hosts +- "/usr/lib32/libcurl.so", +- "/usr/lib32/libcurl.so.4", +- "/usr/lib32/libcurl-gnutls.so.4", +- "/usr/lib32/libcurl.so.3", +-#endif ++ "libcurl-gnutls.so.3", // See above for Debian ++#elif defined(XP_MACOSX) + // macOS + "libcurl.dylib", + "libcurl.4.dylib", +- "libcurl.3.dylib" ++ "libcurl.3.dylib", ++#endif + }; + +- for (const char* libname : libcurlNames) { +- mLib = dlopen(libname, RTLD_NOW); ++ // libcurl might show up under different names, try them all until we find it ++ ++ for (const char* libpath : libcurlPaths) { ++ for (const char* libname : libcurlNames) { ++ string fullpath = string(libpath) + "/" + libname; ++ mLib = dlopen(fullpath.c_str(), RTLD_NOW); ++ ++ if (mLib) { ++ break; ++ } ++ } + + if (mLib) { + break; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1401339 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1401804 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1401804 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1401804 (revision 454980) @@ -0,0 +1,31 @@ +commit 38e6bb85066b +Author: Jon Coppeard +Date: Fri Sep 22 13:09:44 2017 +0100 + + Bug 1401804 - Fix IsMarkedBlack check used in gray marking asserts r=sfink a=sylvestre +--- + js/src/gc/Barrier.cpp | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +diff --git js/src/gc/Barrier.cpp js/src/gc/Barrier.cpp +index 5a5dfbe9bed0..0c42d16e7117 100644 +--- js/src/gc/Barrier.cpp ++++ js/src/gc/Barrier.cpp +@@ -33,15 +33,8 @@ RuntimeFromActiveCooperatingThreadIsHeapMajorCollecting(JS::shadow::Zone* shadow + bool + IsMarkedBlack(JSObject* obj) + { +- // Note: we assume conservatively that Nursery things will be live. +- if (!obj->isTenured()) +- return true; +- +- gc::TenuredCell& tenured = obj->asTenured(); +- if (tenured.isMarkedAny() || tenured.arena()->allocatedDuringIncremental) +- return true; +- +- return false; ++ return obj->isMarkedBlack() || ++ (obj->isTenured() && obj->asTenured().arena()->allocatedDuringIncremental); + } + + bool Property changes on: branches/2017Q4/www/firefox/files/patch-bug1401804 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1402363 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1402363 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1402363 (revision 454980) @@ -0,0 +1,199 @@ +commit 3b1474dc71b8 +Author: Christoph Kerschbaumer +Date: Mon Oct 2 09:11:57 2017 +0200 + + Bug 1402363 - Explicitly cancel channel after mixed content redirect. r=honza, r=kate, a=ritu + + --HG-- + extra : source : 2773796df8a337e5de31811acb4662ce67955f93 +--- + dom/security/nsMixedContentBlocker.cpp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git dom/security/nsMixedContentBlocker.cpp dom/security/nsMixedContentBlocker.cpp +index 46760e69cb91..28740da9efca 100644 +--- dom/security/nsMixedContentBlocker.cpp ++++ dom/security/nsMixedContentBlocker.cpp +@@ -394,7 +394,11 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, + nullptr, // aExtra + requestingPrincipal, + &decision); +- NS_ENSURE_SUCCESS(rv, rv); ++ if (NS_FAILED(rv)) { ++ autoCallback.DontCallback(); ++ aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI); ++ return NS_BINDING_FAILED; ++ } + + if (nsMixedContentBlocker::sSendHSTSPriming) { + // The LoadInfo passed in is for the original channel, HSTS priming needs to +@@ -419,6 +423,7 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel, + // If the channel is about to load mixed content, abort the channel + if (!NS_CP_ACCEPTED(decision)) { + autoCallback.DontCallback(); ++ aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI); + return NS_BINDING_FAILED; + } + + +commit a709f413ebbd (tag: FIREFOX_57_0b5_RELEASE, tag: FIREFOX_57_0b5_BUILD1) +Author: Christoph Kerschbaumer +Date: Mon Oct 2 09:12:12 2017 +0200 + + Bug 1402363 - Test Mixed Content Redirect Blocking. r=tanvi, r=kate, a=ritu + + --HG-- + extra : source : fcefba24074f60e2d3296996e20a8dd8bc6bebe0 +--- + .../test/mixedcontentblocker/file_redirect.html | 31 ++++++++++++++ + .../mixedcontentblocker/file_redirect_handler.sjs | 29 +++++++++++++ + .../test/mixedcontentblocker/mochitest.ini | 3 ++ + .../test/mixedcontentblocker/test_redirect.html | 50 ++++++++++++++++++++++ + 4 files changed, 113 insertions(+) + +diff --git dom/security/test/mixedcontentblocker/file_redirect.html dom/security/test/mixedcontentblocker/file_redirect.html +new file mode 100644 +index 000000000000..99e187379139 +--- /dev/null ++++ dom/security/test/mixedcontentblocker/file_redirect.html +@@ -0,0 +1,31 @@ ++ ++ ++ ++ Bug1402363: Test mixed content redirects ++ ++ ++ ++ ++ ++ +diff --git dom/security/test/mixedcontentblocker/file_redirect_handler.sjs dom/security/test/mixedcontentblocker/file_redirect_handler.sjs +new file mode 100644 +index 000000000000..88dc849fe9a7 +--- /dev/null ++++ dom/security/test/mixedcontentblocker/file_redirect_handler.sjs +@@ -0,0 +1,29 @@ ++// custom *.sjs file for ++// Bug 1402363: Test Mixed Content Redirect Blocking. ++ ++const URL_PATH = "example.com/tests/dom/security/test/mixedcontentblocker/"; ++ ++function handleRequest(request, response) { ++ response.setHeader("Cache-Control", "no-cache", false); ++ let queryStr = request.queryString; ++ ++ if (queryStr === "https-to-https-redirect") { ++ response.setStatusLine("1.1", 302, "Found"); ++ response.setHeader("Location", ++ "https://" + URL_PATH + "file_redirect_handler.sjs?load", false); ++ return; ++ } ++ ++ if (queryStr === "https-to-http-redirect") { ++ response.setStatusLine("1.1", 302, "Found"); ++ response.setHeader("Location", ++ "http://" + URL_PATH + "file_redirect_handler.sjs?load", false); ++ return; ++ } ++ ++ if (queryStr === "load") { ++ response.setHeader("Content-Type", "text/html", false); ++ response.write("foo"); ++ return; ++ } ++} +diff --git dom/security/test/mixedcontentblocker/mochitest.ini dom/security/test/mixedcontentblocker/mochitest.ini +index 7eed89effbce..9daf1f0ae73b 100644 +--- dom/security/test/mixedcontentblocker/mochitest.ini ++++ dom/security/test/mixedcontentblocker/mochitest.ini +@@ -14,6 +14,8 @@ support-files = + file_server.sjs + !/dom/media/test/320x240.ogv + !/image/test/mochitest/blue.png ++ file_redirect.html ++ file_redirect_handler.sjs + + [test_main.html] + skip-if = toolkit == 'android' #TIMED_OUT +@@ -21,3 +23,4 @@ skip-if = toolkit == 'android' #TIMED_OUT + skip-if = toolkit == 'android' || (os=='linux' && bits==32) #Android: TIMED_OUT; Linux32:bug 1324870 + [test_frameNavigation.html] + skip-if = toolkit == 'android' #TIMED_OUT ++[test_redirect.html] +diff --git dom/security/test/mixedcontentblocker/test_redirect.html dom/security/test/mixedcontentblocker/test_redirect.html +new file mode 100644 +index 000000000000..f4aeef3d9895 +--- /dev/null ++++ dom/security/test/mixedcontentblocker/test_redirect.html +@@ -0,0 +1,50 @@ ++ ++ ++ ++ Bug1402363: Test mixed content redirects ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Property changes on: branches/2017Q4/www/firefox/files/patch-bug1402363 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1402442 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1402442 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1402442 (revision 454980) @@ -0,0 +1,181 @@ +commit 44b4458e2d21 +Author: Emilio Cobos Álvarez +Date: Mon Sep 25 18:25:29 2017 +0200 + + Bug 1402442 - Properly remove display: contents pseudo-frames. r=mats, a=ritu + + MozReview-Commit-ID: 4pjVLQfv3YR + Signed-off-by: Emilio Cobos Álvarez + + --HG-- + extra : source : faa69ac1c14b79838cc0aac842b470a110542ebd + extra : amend_source : 3a76e0123bf3f7d10295000cc44fd8bdddf700df +--- + layout/base/nsCSSFrameConstructor.cpp | 26 +++++++++++++++------- + testing/web-platform/meta/MANIFEST.json | 25 +++++++++++++++++++++ + ...dynamic-generated-content-fieldset-001.html.ini | 4 ++++ + ...dynamic-generated-content-fieldset-001-ref.html | 16 +++++++++++++ + ...nts-dynamic-generated-content-fieldset-001.html | 26 ++++++++++++++++++++++ + 5 files changed, 89 insertions(+), 8 deletions(-) + +diff --git layout/base/nsCSSFrameConstructor.cpp layout/base/nsCSSFrameConstructor.cpp +index 99b1211b399b..4fce3fb381a7 100644 +--- layout/base/nsCSSFrameConstructor.cpp ++++ layout/base/nsCSSFrameConstructor.cpp +@@ -1698,6 +1698,17 @@ nsCSSFrameConstructor::NotifyDestroyingFrame(nsIFrame* aFrame) + nsFrameManager::NotifyDestroyingFrame(aFrame); + } + ++static bool ++HasGeneratedContent(const nsIContent* aChild) ++{ ++ if (!aChild->MayHaveAnonymousChildren()) { ++ return false; ++ } ++ ++ return nsLayoutUtils::GetBeforeFrame(aChild) || ++ nsLayoutUtils::GetAfterFrame(aChild); ++} ++ + struct nsGenConInitializer { + nsAutoPtr mNode; + nsGenConList* mList; +@@ -8642,16 +8653,15 @@ nsCSSFrameConstructor::ContentRemoved(nsIContent* aCo + MOZ_ASSERT(!childFrame || !GetDisplayContentsStyleFor(aChild), + "display:contents nodes shouldn't have a frame"); + if (!childFrame && GetDisplayContentsStyleFor(aChild)) { +- nsIContent* ancestor = aContainer; +- MOZ_ASSERT(ancestor, "display: contents on the root?"); +- while (!ancestor->GetPrimaryFrame()) { +- // FIXME(emilio): Should this use the flattened tree parent instead? +- ancestor = ancestor->GetParent(); +- MOZ_ASSERT(ancestor, "we can't have a display: contents subtree root!"); +- } ++ if (HasGeneratedContent(aChild)) { ++ nsIContent* ancestor = aContainer; ++ MOZ_ASSERT(ancestor, "display: contents on the root?"); ++ while (!ancestor->GetPrimaryFrame()) { ++ // FIXME(emilio): Should this use the flattened tree parent instead? ++ ancestor = ancestor->GetParent(); ++ MOZ_ASSERT(ancestor, "we can't have a display: contents subtree root!"); ++ } + +- nsIFrame* ancestorFrame = ancestor->GetPrimaryFrame(); +- if (ancestorFrame->GetProperty(nsIFrame::GenConProperty())) { + *aDidReconstruct = true; + LAYOUT_PHASE_TEMP_EXIT(); + +diff --git testing/web-platform/meta/MANIFEST.json testing/web-platform/meta/MANIFEST.json +index 5f05321c5a70..8aed4a4b5078 100644 +--- testing/web-platform/meta/MANIFEST.json ++++ testing/web-platform/meta/MANIFEST.json +@@ -102975,6 +102975,18 @@ + {} + ] + ], ++ "css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html": [ ++ [ ++ "/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html", ++ [ ++ [ ++ "/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001-ref.html", ++ "==" ++ ] ++ ], ++ {} ++ ] ++ ], + "css/css-display-3/display-contents-dynamic-inline-flex-001-inline.html": [ + [ + "/css/css-display-3/display-contents-dynamic-inline-flex-001-inline.html", +@@ -227658,6 +227670,11 @@ + {} + ] + ], ++ "css/css-display-3/display-contents-dynamic-generated-content-fieldset-001-ref.html": [ ++ [ ++ {} ++ ] ++ ], + "css/css-display-3/display-contents-flex-001-ref.html": [ + [ + {} +@@ -502880,6 +502897,14 @@ + "a2d7c9368ed8c01ca06c36646666270e85aee070", + "reftest" + ], ++ "css/css-display-3/display-contents-dynamic-generated-content-fieldset-001-ref.html": [ ++ "30ec5c8ddacfbfef8434c37ca7a0a766f2bbc89a", ++ "support" ++ ], ++ "css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html": [ ++ "984bebb3c3b8661aedef4a229848dfa818bb1f4a", ++ "reftest" ++ ], + "css/css-display-3/display-contents-dynamic-inline-flex-001-inline.html": [ + "40fb07e8ada1530e6835ff2d4e49c5571ffb0baa", + "reftest" +diff --git testing/web-platform/meta/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html.ini testing/web-platform/meta/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html.ini +new file mode 100644 +index 000000000000..63c7442a2362 +--- /dev/null ++++ testing/web-platform/meta/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html.ini +@@ -0,0 +1,4 @@ ++[display-contents-dynamic-generated-content-fieldset-001.html] ++ type: reftest ++ expected: ++ if not stylo: FAIL +diff --git testing/web-platform/tests/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001-ref.html testing/web-platform/tests/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001-ref.html +new file mode 100644 +index 000000000000..651bc19b83e9 +--- /dev/null ++++ testing/web-platform/tests/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001-ref.html +@@ -0,0 +1,16 @@ ++ ++ ++CSS Reftest Reference ++ ++ ++

++ Test passes if there is no red text and no red border. ++

++
++
++
+diff --git testing/web-platform/tests/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html testing/web-platform/tests/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html +new file mode 100644 +index 000000000000..8f8a0ba47971 +--- /dev/null ++++ testing/web-platform/tests/css/css-display-3/display-contents-dynamic-generated-content-fieldset-001.html +@@ -0,0 +1,26 @@ ++ ++ ++CSS Test: Dynamic changes to display: contents generated content in fieldsets. ++ ++ ++ ++ ++

++ Test passes if there is no red text and no red border. ++

++
++
++
++ Property changes on: branches/2017Q4/www/firefox/files/patch-bug1402442 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1402876 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1402876 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1402876 (revision 454980) @@ -0,0 +1,66 @@ +commit 434da479b6e1 +Author: Jan de Mooij +Date: Wed Sep 27 14:43:36 2017 +0200 + + Bug 1402876 - Remove unnecessary InvalidateCompilerOutputsForScript call. r=nbp, a=sledru + + --HG-- + extra : source : c1a158ca2b1cfc009cd1545538cacbc4feabc48b +--- + js/src/jit/Ion.cpp | 3 --- + js/src/vm/TypeInference.cpp | 12 ------------ + js/src/vm/TypeInference.h | 4 ---- + 3 files changed, 19 deletions(-) + +diff --git js/src/jit/Ion.cpp js/src/jit/Ion.cpp +index ba583fe12297..f205b83d2893 100644 +--- js/src/jit/Ion.cpp ++++ js/src/jit/Ion.cpp +@@ -574,9 +574,6 @@ jit::LinkIonScript(JSContext* cx, HandleScript calleeScript) + // doesn't has code to handle it after linking happened. So it's + // not OK to throw a catchable exception from there. + cx->clearPendingException(); +- +- // Reset the TypeZone's compiler output for this script, if any. +- InvalidateCompilerOutputsForScript(cx, calleeScript); + } + } + +diff --git js/src/vm/TypeInference.cpp js/src/vm/TypeInference.cpp +index de98bb654fa8..70d6dfc19d20 100644 +--- js/src/vm/TypeInference.cpp ++++ js/src/vm/TypeInference.cpp +@@ -1511,18 +1511,6 @@ js::FinishCompilation(JSContext* cx, HandleScript script, CompilerConstraintList + return true; + } + +-void +-js::InvalidateCompilerOutputsForScript(JSContext* cx, HandleScript script) +-{ +- TypeZone& types = cx->zone()->types; +- if (types.compilerOutputs) { +- for (auto& co : *types.compilerOutputs) { +- if (co.script() == script) +- co.invalidate(); +- } +- } +-} +- + static void + CheckDefinitePropertiesTypeSet(JSContext* cx, TemporaryTypeSet* frozen, StackTypeSet* actual) + { +diff --git js/src/vm/TypeInference.h js/src/vm/TypeInference.h +index df2d496ca879..318c3e813b1a 100644 +--- js/src/vm/TypeInference.h ++++ js/src/vm/TypeInference.h +@@ -1299,10 +1299,6 @@ bool + FinishCompilation(JSContext* cx, HandleScript script, CompilerConstraintList* constraints, + RecompileInfo* precompileInfo, bool* isValidOut); + +-// Reset any CompilerOutput present for a script. +-void +-InvalidateCompilerOutputsForScript(JSContext* cx, HandleScript script); +- + // Update the actual types in any scripts queried by constraints with any + // speculative types added during the definite properties analysis. + void Property changes on: branches/2017Q4/www/firefox/files/patch-bug1402876 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1402896 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1402896 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1402896 (revision 454980) @@ -0,0 +1,40 @@ +commit 6bf098b436b0 +Author: Gijs Kruitbosch +Date: Mon Sep 25 17:24:26 2017 +0100 + + Bug 1402896 - Make the url bar strip javascript even when preceded by control characters. r=mak, a=sledru + + MozReview-Commit-ID: 5ZO8n5lfvnl + + --HG-- + extra : source : 638e145f6bba437642d55f7b2baf5458df61419a +--- + browser/base/content/browser.js | 2 +- + .../content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git browser/base/content/browser.js browser/base/content/browser.js +index 8b0fb0276d19..b73ab2a3dd7e 100755 +--- browser/base/content/browser.js ++++ browser/base/content/browser.js +@@ -6128,7 +6128,7 @@ function stripUnsafeProtocolOnPaste(pasteData) { + // LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL for those. + let changed = false; + let pasteDataNoJS = pasteData.replace(/\r?\n/g, "") +- .replace(/^(?:\s*javascript:)+/i, ++ .replace(/^(?:\W*javascript:)+/i, + () => { + changed = true; + return ""; +diff --git browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js +index 6f6682d51688..27129297b0a3 100644 +--- browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js ++++ browser/base/content/test/urlbar/browser_removeUnsafeProtocolsFromURLBarPaste.js +@@ -7,6 +7,7 @@ var pairs = [ + ["javascript:", ""], + ["javascript:1+1", "1+1"], + ["javascript:document.domain", "document.domain"], ++ [" \u0001\u0002\u0003\u0004\u0005\u0006\u0007\u0008\u0009javascript:document.domain", "document.domain"], + ["java\nscript:foo", "foo"], + ["http://\nexample.com", "http://example.com"], + ["http://\nexample.com\n", "http://example.com"], Property changes on: branches/2017Q4/www/firefox/files/patch-bug1402896 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1402966 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1402966 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1402966 (revision 454980) @@ -0,0 +1,51 @@ +commit 6149574dc0f9 +Author: Gabriele Svelto +Date: Tue Sep 26 09:35:03 2017 +0200 + + Bug 1402966 - Search for libcurl in more paths to support various *BSDs. r=Dexter, a=sledru + + MozReview-Commit-ID: J4ykuSVEa0y + + --HG-- + extra : source : 4741b93cfdf29517ff8eae863825fdc2ab5bd7bd +--- + .../telemetry/pingsender/pingsender_unix_common.cpp | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +index ae20f4114193..7817e93e3d1f 100644 +--- toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp ++++ toolkit/components/telemetry/pingsender/pingsender_unix_common.cpp +@@ -88,10 +88,19 @@ CurlWrapper::Init() + "/usr/lib/i386-linux-gnu", // Debian 32-bit x86 + "/usr/lib/x86_64-linux-gnu", // Debian 64-bit x86 + #endif // XP_LINUX ++#if !defined(XP_MACOSX) && !defined(XP_LINUX) // Various BSDs ++ "/usr/local/lib", // FreeBSD, OpenBSD ++ "/usr/pkg/lib", // NetBSD ++#endif // !defined(XP_MACOSX) && !defined(XP_LINUX) + }; + + const char* libcurlNames[] = { +-#ifdef XP_LINUX ++#if defined(XP_MACOSX) ++ // macOS ++ "libcurl.dylib", ++ "libcurl.4.dylib", ++ "libcurl.3.dylib", ++#else // Linux, *BSD, ... + "libcurl.so", + "libcurl.so.4", + // Debian gives libcurl a different name when it is built against GnuTLS +@@ -100,11 +109,6 @@ CurlWrapper::Init() + // Older versions in case we find nothing better + "libcurl.so.3", + "libcurl-gnutls.so.3", // See above for Debian +-#elif defined(XP_MACOSX) +- // macOS +- "libcurl.dylib", +- "libcurl.4.dylib", +- "libcurl.3.dylib", + #endif + }; + Property changes on: branches/2017Q4/www/firefox/files/patch-bug1402966 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1403646 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1403646 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1403646 (revision 454980) @@ -0,0 +1,392 @@ +commit 474ae0592f23 +Author: Boris Zbarsky +Date: Thu Sep 28 22:05:43 2017 -0400 + + Bug 1403646 - Make sure dead object proxies have the same background-finalization status as the wrapper they replace. r=jonco, a=sledru + + MozReview-Commit-ID: GTKbR0azcRy + + --HG-- + extra : source : 296e1b4704deb1c6b3f9a6f5fc56688e89c01117 +--- + js/src/proxy/DeadObjectProxy.cpp | 204 +++++++++++++++++++++++++++------------ + js/src/proxy/DeadObjectProxy.h | 13 ++- + 2 files changed, 156 insertions(+), 61 deletions(-) + +diff --git js/src/proxy/DeadObjectProxy.cpp js/src/proxy/DeadObjectProxy.cpp +index 3bd7a405c002..658880a07616 100644 +--- js/src/proxy/DeadObjectProxy.cpp ++++ js/src/proxy/DeadObjectProxy.cpp +@@ -20,73 +20,81 @@ ReportDead(JSContext *cx) + JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_DEAD_OBJECT); + } + +-template ++template + bool +-DeadObjectProxy::getOwnPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id, +- MutableHandle desc) const ++DeadObjectProxy::getOwnPropertyDescriptor(JSContext* cx, HandleObject wrapper, HandleId id, ++ MutableHandle desc) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::defineProperty(JSContext* cx, HandleObject wrapper, HandleId id, +- Handle desc, +- ObjectOpResult& result) const ++DeadObjectProxy::defineProperty(JSContext* cx, HandleObject wrapper, HandleId id, ++ Handle desc, ++ ObjectOpResult& result) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::ownPropertyKeys(JSContext* cx, HandleObject wrapper, +- AutoIdVector& props) const ++DeadObjectProxy::ownPropertyKeys(JSContext* cx, HandleObject wrapper, ++ AutoIdVector& props) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::delete_(JSContext* cx, HandleObject wrapper, HandleId id, +- ObjectOpResult& result) const ++DeadObjectProxy::delete_(JSContext* cx, HandleObject wrapper, HandleId id, ++ ObjectOpResult& result) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::getPrototype(JSContext* cx, HandleObject proxy, +- MutableHandleObject protop) const ++DeadObjectProxy::getPrototype(JSContext* cx, HandleObject proxy, ++ MutableHandleObject protop) const + { + protop.set(nullptr); + return true; + } + +-template ++template + bool +-DeadObjectProxy::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary, +- MutableHandleObject protop) const ++DeadObjectProxy::getPrototypeIfOrdinary(JSContext* cx, HandleObject proxy, bool* isOrdinary, ++ MutableHandleObject protop) const + { + *isOrdinary = false; + return true; + } + +-template ++template + bool +-DeadObjectProxy::preventExtensions(JSContext* cx, HandleObject proxy, +- ObjectOpResult& result) const ++DeadObjectProxy::preventExtensions(JSContext* cx, HandleObject proxy, ++ ObjectOpResult& result) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) const ++DeadObjectProxy::isExtensible(JSContext* cx, HandleObject proxy, bool* extensible) const + { + // This is kind of meaningless, but dead-object semantics aside, + // [[Extensible]] always being true is consistent with other proxy types. +@@ -94,95 +102,141 @@ DeadObjectProxy::isExtensible(JSContext* cx, HandleObject proxy, bool* exten + return true; + } + +-template ++template + bool +-DeadObjectProxy::call(JSContext* cx, HandleObject wrapper, const CallArgs& args) const ++DeadObjectProxy::call(JSContext* cx, HandleObject wrapper, const CallArgs& args) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::construct(JSContext* cx, HandleObject wrapper, const CallArgs& args) const ++DeadObjectProxy::construct(JSContext* cx, HandleObject wrapper, const CallArgs& args) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, +- const CallArgs& args) const ++DeadObjectProxy::nativeCall(JSContext* cx, IsAcceptableThis test, NativeImpl impl, ++ const CallArgs& args) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v, +- bool* bp) const ++DeadObjectProxy::hasInstance(JSContext* cx, HandleObject proxy, MutableHandleValue v, ++ bool* bp) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::getBuiltinClass(JSContext* cx, HandleObject proxy, ESClass* cls) const ++DeadObjectProxy::getBuiltinClass(JSContext* cx, HandleObject proxy, ESClass* cls) const + { + ReportDead(cx); + return false; + } + +-template ++template + bool +-DeadObjectProxy::isArray(JSContext* cx, HandleObject obj, JS::IsArrayAnswer* answer) const ++DeadObjectProxy::isArray(JSContext* cx, HandleObject obj, JS::IsArrayAnswer* answer) const + { + ReportDead(cx); + return false; + } + +-template ++template + const char* +-DeadObjectProxy::className(JSContext* cx, HandleObject wrapper) const ++DeadObjectProxy::className(JSContext* cx, HandleObject wrapper) const + { + return "DeadObject"; + } + +-template ++template + JSString* +-DeadObjectProxy::fun_toString(JSContext* cx, HandleObject proxy, bool isToSource) const ++DeadObjectProxy::fun_toString(JSContext* cx, HandleObject proxy, bool isToSource) const + { + ReportDead(cx); + return nullptr; + } + +-template ++template + RegExpShared* +-DeadObjectProxy::regexp_toShared(JSContext* cx, HandleObject proxy) const ++DeadObjectProxy::regexp_toShared(JSContext* cx, HandleObject proxy) const + { + ReportDead(cx); + return nullptr; + } + + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; + template <> +-const char DeadObjectProxy::family = 0; ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; ++template <> ++const char DeadObjectProxy::family = 0; + + bool + js::IsDeadProxyObject(JSObject* obj) + { +- return IsDerivedProxyObject(obj, DeadObjectProxy::singleton()) || +- IsDerivedProxyObject(obj, DeadObjectProxy::singleton()) || +- IsDerivedProxyObject(obj, DeadObjectProxy::singleton()) || +- IsDerivedProxyObject(obj, DeadObjectProxy::singleton()); ++ return ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()) || ++ IsDerivedProxyObject(obj, ++ DeadObjectProxy::singleton()); + } + + +@@ -190,19 +244,48 @@ const BaseProxyHandler* + js::SelectDeadProxyHandler(ProxyObject* obj) + { + // When nuking scripted proxies, isCallable and isConstructor values for +- // the proxy needs to be preserved. ++ // the proxy needs to be preserved. So does background-finalization status. + uint32_t callable = obj->handler()->isCallable(obj); + uint32_t constructor = obj->handler()->isConstructor(obj); ++ bool finalizeInBackground = obj->handler()->finalizeInBackground(obj->private_()); + + if (callable) { +- if (constructor) +- return DeadObjectProxy::singleton(); +- return DeadObjectProxy::singleton(); ++ if (constructor) { ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); ++ } else { ++ return DeadObjectProxy::singleton(); ++ } ++ } ++ ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); ++ } ++ ++ return DeadObjectProxy::singleton(); ++ } ++ ++ if (constructor) { ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); ++ } ++ ++ return DeadObjectProxy::singleton(); ++ } ++ ++ if (finalizeInBackground) { ++ return DeadObjectProxy::singleton(); + } + +- if (constructor) +- return DeadObjectProxy::singleton(); +- return DeadObjectProxy::singleton(); ++ return DeadObjectProxy::singleton(); + } + + JSObject* +@@ -214,7 +297,8 @@ js::NewDeadProxyObject(JSContext* cx, JSObject* origObj) + if (origObj && origObj->is()) + handler = SelectDeadProxyHandler(&origObj->as()); + else +- handler = DeadObjectProxy::singleton(); ++ handler = DeadObjectProxy::singleton(); + + return NewProxyObject(cx, handler, NullHandleValue, nullptr, ProxyOptions()); + } +diff --git js/src/proxy/DeadObjectProxy.h js/src/proxy/DeadObjectProxy.h +index 42f21288d0e3..f29c972cf10a 100644 +--- js/src/proxy/DeadObjectProxy.h ++++ js/src/proxy/DeadObjectProxy.h +@@ -21,7 +21,14 @@ enum DeadProxyIsCallableIsConstructorOption + DeadProxyIsCallableIsConstructor + }; + +-template ++enum class DeadProxyBackgroundFinalized ++{ ++ Yes, ++ No ++}; ++ ++template + class DeadObjectProxy : public BaseProxyHandler + { + public: +@@ -70,6 +77,10 @@ class DeadObjectProxy : public BaseProxyHandler + return CC == DeadProxyIsCallableIsConstructor || CC == DeadProxyNotCallableIsConstructor; + } + ++ virtual bool finalizeInBackground(const JS::Value& priv) const override { ++ return BackgroundFinalized == DeadProxyBackgroundFinalized::Yes; ++ } ++ + static const DeadObjectProxy* singleton() { + static DeadObjectProxy singleton; + return &singleton; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1403646 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1404324 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1404324 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1404324 (revision 454980) @@ -0,0 +1,299 @@ +commit 5647dde295f4 +Author: Emilio Cobos Álvarez +Date: Wed Oct 4 11:36:20 2017 +0200 + + Bug 1404324 - Use the placeholder state to remove out-of-flows that aren't real descendants of the destruction root. r=bz, a=ritu + + Using the style of the frame can mess things up when we reparent them due to + ::first-line before removing them. + + MozReview-Commit-ID: 3Dt0wF2XRAH + + --HG-- + extra : source : 5a034cdb513208dd19adf0babf30ee734968a78f + extra : histedit_source : 4cd958939c5a76e013695e931d721454268a0dc7%2C96bdeda302c567493c7db5105f306595d25332e1 +--- + layout/base/nsCSSFrameConstructor.cpp | 8 +++--- + layout/base/nsLayoutUtils.cpp | 46 +++------------------------------ + layout/generic/nsPlaceholderFrame.cpp | 27 ++++++++++++++++--- + layout/generic/nsPlaceholderFrame.h | 21 ++++++++------- + layout/style/crashtests/1404324-1.html | 12 +++++++++ + layout/style/crashtests/1404324-2.html | 10 +++++++ + layout/style/crashtests/1404324-3.html | 14 ++++++++++ + layout/style/crashtests/crashtests.list | 3 +++ + 8 files changed, 83 insertions(+), 58 deletions(-) + +diff --git layout/base/nsCSSFrameConstructor.cpp layout/base/nsCSSFrameConstructor.cpp +index c840416fd6a7..99b1211b399b 100644 +--- layout/base/nsCSSFrameConstructor.cpp ++++ layout/base/nsCSSFrameConstructor.cpp +@@ -1260,8 +1260,10 @@ nsFrameConstructorState::GetOutOfFlowFrameItems(nsIFrame* aNewFrame, + if (disp->mTopLayer != NS_STYLE_TOP_LAYER_NONE) { + *aPlaceholderType = PLACEHOLDER_FOR_TOPLAYER; + if (disp->mPosition == NS_STYLE_POSITION_FIXED) { ++ *aPlaceholderType |= PLACEHOLDER_FOR_FIXEDPOS; + return &mTopLayerFixedItems; + } ++ *aPlaceholderType |= PLACEHOLDER_FOR_ABSPOS; + return &mTopLayerAbsoluteItems; + } + if (disp->mPosition == NS_STYLE_POSITION_ABSOLUTE) { +@@ -1303,11 +1305,11 @@ nsFrameConstructorState::ConstructBackdropFrameFor(nsIContent* aContent, + nsAbsoluteItems* frameItems = GetOutOfFlowFrameItems(backdropFrame, + true, true, false, + &placeholderType); +- MOZ_ASSERT(placeholderType == PLACEHOLDER_FOR_TOPLAYER); ++ MOZ_ASSERT(placeholderType & PLACEHOLDER_FOR_TOPLAYER); + + nsIFrame* placeholder = nsCSSFrameConstructor:: + CreatePlaceholderFrameFor(mPresShell, aContent, backdropFrame, +- frame, nullptr, PLACEHOLDER_FOR_TOPLAYER); ++ frame, nullptr, placeholderType); + nsFrameList temp(placeholder, placeholder); + frame->SetInitialChildList(nsIFrame::kBackdropList, temp); + +@@ -1361,7 +1363,7 @@ nsFrameConstructorState::AddChild(nsIFrame* aNewFrame, + // Add the placeholder frame to the flow + aFrameItems.AddChild(placeholderFrame); + +- if (placeholderType == PLACEHOLDER_FOR_TOPLAYER) { ++ if (placeholderType & PLACEHOLDER_FOR_TOPLAYER) { + ConstructBackdropFrameFor(aContent, aNewFrame); + } + } +diff --git layout/base/nsLayoutUtils.cpp layout/base/nsLayoutUtils.cpp +index cb010c0a1a80..94ead9830c25 100644 +--- layout/base/nsLayoutUtils.cpp ++++ layout/base/nsLayoutUtils.cpp +@@ -1525,6 +1525,8 @@ nsLayoutUtils::GetChildListNameFor(nsIFrame* aChildFrame) + { + nsIFrame::ChildListID id = nsIFrame::kPrincipalList; + ++ MOZ_DIAGNOSTIC_ASSERT(!(aChildFrame->GetStateBits() & NS_FRAME_OUT_OF_FLOW)); ++ + if (aChildFrame->GetStateBits() & NS_FRAME_IS_OVERFLOW_CONTAINER) { + nsIFrame* pif = aChildFrame->GetPrevInFlow(); + if (pif->GetParent() == aChildFrame->GetParent()) { +@@ -1533,35 +1535,6 @@ nsLayoutUtils::GetChildListNameFor(nsIFrame* aChildFrame) + else { + id = nsIFrame::kOverflowContainersList; + } +- } +- // See if the frame is moved out of the flow +- else if (aChildFrame->GetStateBits() & NS_FRAME_OUT_OF_FLOW) { +- // Look at the style information to tell +- const nsStyleDisplay* disp = aChildFrame->StyleDisplay(); +- +- if (NS_STYLE_POSITION_ABSOLUTE == disp->mPosition) { +- id = nsIFrame::kAbsoluteList; +- } else if (NS_STYLE_POSITION_FIXED == disp->mPosition) { +- if (nsLayoutUtils::IsReallyFixedPos(aChildFrame)) { +- id = nsIFrame::kFixedList; +- } else { +- id = nsIFrame::kAbsoluteList; +- } +-#ifdef MOZ_XUL +- } else if (StyleDisplay::MozPopup == disp->mDisplay) { +- // Out-of-flows that are DISPLAY_POPUP must be kids of the root popup set +-#ifdef DEBUG +- nsIFrame* parent = aChildFrame->GetParent(); +- NS_ASSERTION(parent && parent->IsPopupSetFrame(), "Unexpected parent"); +-#endif // DEBUG +- +- id = nsIFrame::kPopupList; +-#endif // MOZ_XUL +- } else { +- NS_ASSERTION(aChildFrame->IsFloating(), "not a floated frame"); +- id = nsIFrame::kFloatList; +- } +- + } else { + LayoutFrameType childType = aChildFrame->Type(); + if (LayoutFrameType::MenuPopup == childType) { +@@ -1596,19 +1569,8 @@ nsLayoutUtils::GetChildListNameFor(nsIFrame* aChildFrame) + nsContainerFrame* parent = aChildFrame->GetParent(); + bool found = parent->GetChildList(id).ContainsFrame(aChildFrame); + if (!found) { +- if (!(aChildFrame->GetStateBits() & NS_FRAME_OUT_OF_FLOW)) { +- found = parent->GetChildList(nsIFrame::kOverflowList) +- .ContainsFrame(aChildFrame); +- } +- else if (aChildFrame->IsFloating()) { +- found = parent->GetChildList(nsIFrame::kOverflowOutOfFlowList) +- .ContainsFrame(aChildFrame); +- if (!found) { +- found = parent->GetChildList(nsIFrame::kPushedFloatsList) +- .ContainsFrame(aChildFrame); +- } +- } +- // else it's positioned and should have been on the 'id' child list. ++ found = parent->GetChildList(nsIFrame::kOverflowList) ++ .ContainsFrame(aChildFrame); + NS_POSTCONDITION(found, "not in child list"); + } + #endif +diff --git layout/generic/nsPlaceholderFrame.cpp layout/generic/nsPlaceholderFrame.cpp +index 7da2582ae526..4b2e1bf84b36 100644 +--- layout/generic/nsPlaceholderFrame.cpp ++++ layout/generic/nsPlaceholderFrame.cpp +@@ -25,9 +25,9 @@ using namespace mozilla::gfx; + + nsIFrame* + NS_NewPlaceholderFrame(nsIPresShell* aPresShell, nsStyleContext* aContext, +- nsFrameState aTypeBit) ++ nsFrameState aTypeBits) + { +- return new (aPresShell) nsPlaceholderFrame(aContext, aTypeBit); ++ return new (aPresShell) nsPlaceholderFrame(aContext, aTypeBits); + } + + NS_IMPL_FRAMEARENA_HELPERS(nsPlaceholderFrame) +@@ -155,6 +155,26 @@ nsPlaceholderFrame::Reflow(nsPresContext* aPresContext, + NS_FRAME_SET_TRUNCATION(aStatus, aReflowInput, aDesiredSize); + } + ++static nsIFrame::ChildListID ++ChildListIDForOutOfFlow(nsFrameState aPlaceholderState, nsIFrame* aChild) ++{ ++ if (aPlaceholderState & PLACEHOLDER_FOR_FLOAT) { ++ return nsIFrame::kFloatList; ++ } ++ if (aPlaceholderState & PLACEHOLDER_FOR_POPUP) { ++ return nsIFrame::kPopupList; ++ } ++ if (aPlaceholderState & PLACEHOLDER_FOR_FIXEDPOS) { ++ return nsLayoutUtils::IsReallyFixedPos(aChild) ++ ? nsIFrame::kFixedList : nsIFrame::kAbsoluteList; ++ } ++ if (aPlaceholderState & PLACEHOLDER_FOR_ABSPOS) { ++ return nsIFrame::kAbsoluteList; ++ } ++ MOZ_DIAGNOSTIC_ASSERT(false, "unknown list"); ++ return nsIFrame::kFloatList; ++} ++ + void + nsPlaceholderFrame::DestroyFrom(nsIFrame* aDestructRoot) + { +@@ -162,12 +182,13 @@ nsPlaceholderFrame::DestroyFrom(nsIFrame* aDestructRoot) + if (oof) { + mOutOfFlowFrame = nullptr; + oof->DeleteProperty(nsIFrame::PlaceholderFrameProperty()); ++ + // If aDestructRoot is not an ancestor of the out-of-flow frame, + // then call RemoveFrame on it here. + // Also destroy it here if it's a popup frame. (Bug 96291) + if ((GetStateBits() & PLACEHOLDER_FOR_POPUP) || + !nsLayoutUtils::IsProperAncestorFrame(aDestructRoot, oof)) { +- ChildListID listId = nsLayoutUtils::GetChildListNameFor(oof); ++ ChildListID listId = ChildListIDForOutOfFlow(GetStateBits(), oof); + nsFrameManager* fm = PresContext()->GetPresShell()->FrameManager(); + fm->RemoveFrame(listId, oof); + } +diff --git layout/generic/nsPlaceholderFrame.h layout/generic/nsPlaceholderFrame.h +index e270c76cdd31..2af9b4ccbc93 100644 +--- layout/generic/nsPlaceholderFrame.h ++++ layout/generic/nsPlaceholderFrame.h +@@ -40,7 +40,7 @@ + + nsIFrame* NS_NewPlaceholderFrame(nsIPresShell* aPresShell, + nsStyleContext* aContext, +- nsFrameState aTypeBit); ++ nsFrameState aTypeBits); + + #define PLACEHOLDER_TYPE_MASK (PLACEHOLDER_FOR_FLOAT | \ + PLACEHOLDER_FOR_ABSPOS | \ +@@ -65,18 +65,19 @@ public: + */ + friend nsIFrame* NS_NewPlaceholderFrame(nsIPresShell* aPresShell, + nsStyleContext* aContext, +- nsFrameState aTypeBit); +- nsPlaceholderFrame(nsStyleContext* aContext, nsFrameState aTypeBit) ++ nsFrameState aTypeBits); ++ nsPlaceholderFrame(nsStyleContext* aContext, nsFrameState aTypeBits) + : nsFrame(aContext, kClassID) + , mOutOfFlowFrame(nullptr) + { +- NS_PRECONDITION(aTypeBit == PLACEHOLDER_FOR_FLOAT || +- aTypeBit == PLACEHOLDER_FOR_ABSPOS || +- aTypeBit == PLACEHOLDER_FOR_FIXEDPOS || +- aTypeBit == PLACEHOLDER_FOR_POPUP || +- aTypeBit == PLACEHOLDER_FOR_TOPLAYER, +- "Unexpected type bit"); +- AddStateBits(aTypeBit); ++ MOZ_ASSERT(aTypeBits == PLACEHOLDER_FOR_FLOAT || ++ aTypeBits == PLACEHOLDER_FOR_ABSPOS || ++ aTypeBits == PLACEHOLDER_FOR_FIXEDPOS || ++ aTypeBits == PLACEHOLDER_FOR_POPUP || ++ aTypeBits == (PLACEHOLDER_FOR_TOPLAYER | PLACEHOLDER_FOR_ABSPOS) || ++ aTypeBits == (PLACEHOLDER_FOR_TOPLAYER | PLACEHOLDER_FOR_FIXEDPOS), ++ "Unexpected type bit"); ++ AddStateBits(aTypeBits); + } + + // Get/Set the associated out of flow frame +diff --git layout/style/crashtests/1404324-1.html layout/style/crashtests/1404324-1.html +new file mode 100644 +index 000000000000..574a5437cb1b +--- /dev/null ++++ layout/style/crashtests/1404324-1.html +@@ -0,0 +1,12 @@ ++ ++ +diff --git layout/style/crashtests/1404324-2.html layout/style/crashtests/1404324-2.html +new file mode 100644 +index 000000000000..797347d5c058 +--- /dev/null ++++ layout/style/crashtests/1404324-2.html +@@ -0,0 +1,10 @@ ++ ++ ++ +diff --git layout/style/crashtests/1404324-3.html layout/style/crashtests/1404324-3.html +new file mode 100644 +index 000000000000..3b06f12a2bf6 +--- /dev/null ++++ layout/style/crashtests/1404324-3.html +@@ -0,0 +1,14 @@ ++ ++ ++ +diff --git layout/style/crashtests/crashtests.list layout/style/crashtests/crashtests.list +index be9a46c52bfa..5eaba6935ee2 100644 +--- layout/style/crashtests/crashtests.list ++++ layout/style/crashtests/crashtests.list +@@ -238,3 +238,6 @@ load 1403615.html + load 1387481-1.html + load 1387499.html + load 1391577.html ++asserts-if(stylo,1) load 1404324-1.html # bug 1405605 ++load 1404324-2.html ++load 1404324-3.html Property changes on: branches/2017Q4/www/firefox/files/patch-bug1404324 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1404636 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1404636 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1404636 (revision 454980) @@ -0,0 +1,111 @@ +commit 3eff0850dd67 +Author: Jan de Mooij +Date: Thu Oct 26 16:15:35 2017 +0200 + + Bug 1404636 - Special-case typed arrays in PropertyReadNeedsTypeBarrier. r=bhackett, a=lizzard + + --HG-- + extra : source : 74d76655c9192b20dc69ddfa40c38e65fa9a47e3 +--- + js/src/jit/IonBuilder.cpp | 26 -------------------------- + js/src/jit/MIR.cpp | 8 ++++++++ + js/src/jit/MIR.h | 23 +++++++++++++++++++++++ + 3 files changed, 31 insertions(+), 26 deletions(-) + +diff --git js/src/jit/IonBuilder.cpp js/src/jit/IonBuilder.cpp +index 0f78e9d5d3b7..f0ef380da2bc 100644 +--- js/src/jit/IonBuilder.cpp ++++ js/src/jit/IonBuilder.cpp +@@ -7825,9 +7825,6 @@ IonBuilder::getElemTryTypedObject(bool* emitted, MDefinition* obj, MDefinition* + MOZ_CRASH("Bad kind"); + } + +-static MIRType +-MIRTypeForTypedArrayRead(Scalar::Type arrayType, bool observedDouble); +- + bool + IonBuilder::checkTypedObjectIndexInBounds(uint32_t elemSize, + MDefinition* obj, +@@ -8793,29 +8790,6 @@ IonBuilder::convertShiftToMaskForStaticTypedArray(MDefinition* id, + return ptr; + } + +-static MIRType +-MIRTypeForTypedArrayRead(Scalar::Type arrayType, bool observedDouble) +-{ +- switch (arrayType) { +- case Scalar::Int8: +- case Scalar::Uint8: +- case Scalar::Uint8Clamped: +- case Scalar::Int16: +- case Scalar::Uint16: +- case Scalar::Int32: +- return MIRType::Int32; +- case Scalar::Uint32: +- return observedDouble ? MIRType::Double : MIRType::Int32; +- case Scalar::Float32: +- return MIRType::Float32; +- case Scalar::Float64: +- return MIRType::Double; +- default: +- break; +- } +- MOZ_CRASH("Unknown typed array type"); +-} +- + AbortReasonOr + IonBuilder::jsop_getelem_typed(MDefinition* obj, MDefinition* index, + Scalar::Type arrayType) +diff --git js/src/jit/MIR.cpp js/src/jit/MIR.cpp +index bac5948bfc21..ef286b7d546c 100644 +--- js/src/jit/MIR.cpp ++++ js/src/jit/MIR.cpp +@@ -6235,6 +6235,14 @@ PropertyReadNeedsTypeBarrier(CompilerConstraintList* constraints, + return BarrierKind::TypeSet; + } + ++ if (!name && IsTypedArrayClass(key->clasp())) { ++ Scalar::Type arrayType = Scalar::Type(key->clasp() - &TypedArrayObject::classes[0]); ++ MIRType type = MIRTypeForTypedArrayRead(arrayType, true); ++ if (observed->mightBeMIRType(type)) ++ return BarrierKind::NoBarrier; ++ return BarrierKind::TypeSet; ++ } ++ + jsid id = name ? NameToId(name) : JSID_VOID; + HeapTypeSetKey property = key->property(id); + if (property.maybeTypes()) { +diff --git js/src/jit/MIR.h js/src/jit/MIR.h +index d6d895b2caf2..16824b3f67ad 100644 +--- js/src/jit/MIR.h ++++ js/src/jit/MIR.h +@@ -15107,6 +15107,29 @@ ArrayPrototypeHasIndexedProperty(IonBuilder* builder, JSScript* script); + AbortReasonOr + TypeCanHaveExtraIndexedProperties(IonBuilder* builder, TemporaryTypeSet* types); + ++inline MIRType ++MIRTypeForTypedArrayRead(Scalar::Type arrayType, bool observedDouble) ++{ ++ switch (arrayType) { ++ case Scalar::Int8: ++ case Scalar::Uint8: ++ case Scalar::Uint8Clamped: ++ case Scalar::Int16: ++ case Scalar::Uint16: ++ case Scalar::Int32: ++ return MIRType::Int32; ++ case Scalar::Uint32: ++ return observedDouble ? MIRType::Double : MIRType::Int32; ++ case Scalar::Float32: ++ return MIRType::Float32; ++ case Scalar::Float64: ++ return MIRType::Double; ++ default: ++ break; ++ } ++ MOZ_CRASH("Unknown typed array type"); ++} ++ + } // namespace jit + } // namespace js + Property changes on: branches/2017Q4/www/firefox/files/patch-bug1404636 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1404910 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1404910 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1404910 (revision 454980) @@ -0,0 +1,170 @@ +commit 2c8bf0ecbc5d +Author: Andrea Marchesini +Date: Wed Oct 4 14:18:19 2017 +0200 + + Bug 1404910 - WebSocket should consider the corrent top-level window principal. r=smaug, a=ritu + + --HG-- + extra : source : c543c0a50db700883b57c052710c97b5ef731e1f +--- + dom/base/WebSocket.cpp | 15 ++++--- + dom/base/test/iframe_webSocket_sandbox.html | 65 +++++++++++++++++++++++++++++ + dom/base/test/mochitest.ini | 3 ++ + dom/base/test/test_webSocket_sandbox.html | 34 +++++++++++++++ + 4 files changed, 109 insertions(+), 8 deletions(-) + +diff --git dom/base/WebSocket.cpp dom/base/WebSocket.cpp +index dc2c1c70107b..982c67cd2abd 100644 +--- dom/base/WebSocket.cpp ++++ dom/base/WebSocket.cpp +@@ -1666,18 +1666,17 @@ WebSocketImpl::Init(JSContext* aCx, + nsCOMPtr innerWindow; + + while (true) { +- if (principal) { +- bool isNullPrincipal = true; +- isNullPrincipal = principal->GetIsNullPrincipal(); +- if (isNullPrincipal || nsContentUtils::IsSystemPrincipal(principal)) { +- break; +- } ++ if (principal && !principal->GetIsNullPrincipal()) { ++ break; + } + + if (!innerWindow) { + innerWindow = do_QueryInterface(globalObject); +- if (NS_WARN_IF(!innerWindow)) { +- return NS_ERROR_DOM_SECURITY_ERR; ++ if (!innerWindow) { ++ // If we are in a XPConnect sandbox or in a JS component, ++ // innerWindow will be null. There is nothing on top of this to be ++ // considered. ++ break; + } + } + +diff --git dom/base/test/iframe_webSocket_sandbox.html dom/base/test/iframe_webSocket_sandbox.html +new file mode 100644 +index 000000000000..d889a79b05da +--- /dev/null ++++ dom/base/test/iframe_webSocket_sandbox.html +@@ -0,0 +1,65 @@ ++ ++ ++ ++ +diff --git dom/base/test/mochitest.ini dom/base/test/mochitest.ini +index 670dd5ae0a06..5d59fe1ea7b8 100644 +--- dom/base/test/mochitest.ini ++++ dom/base/test/mochitest.ini +@@ -804,6 +804,9 @@ skip-if = toolkit == 'android' + skip-if = toolkit == 'android' + [test_websocket_permessage_deflate.html] + skip-if = toolkit == 'android' ++[test_webSocket_sandbox.html] ++skip-if = toolkit == 'android' ++support-files = iframe_webSocket_sandbox.html + [test_websocket1.html] + skip-if = toolkit == 'android' + [test_websocket2.html] +diff --git dom/base/test/test_webSocket_sandbox.html dom/base/test/test_webSocket_sandbox.html +new file mode 100644 +index 000000000000..b343fa784f39 +--- /dev/null ++++ dom/base/test/test_webSocket_sandbox.html +@@ -0,0 +1,34 @@ ++ ++ ++ ++ Bug 1252751 ++ ++ ++ ++ ++
++ ++ ++ ++ Property changes on: branches/2017Q4/www/firefox/files/patch-bug1404910 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1406154 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1406154 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1406154 (revision 454980) @@ -0,0 +1,53 @@ +commit 3708901c15ba +Author: Byron Campen [:bwc] +Date: Thu Oct 12 12:12:40 2017 -0500 + + Bug 1406154 - Ensure that we avoid truncating the interface description strings in a couple of corner cases. r=drno, a=sledru + + MozReview-Commit-ID: KMTpbkvA4N + + --HG-- + extra : source : 5c8d4905c2bdbb3cfa0db5e07a3cd6ba4eb23fdd +--- + media/mtransport/nrinterfaceprioritizer.cpp | 2 +- + media/mtransport/third_party/nICEr/src/net/transport_addr.c | 6 +++++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git media/mtransport/nrinterfaceprioritizer.cpp media/mtransport/nrinterfaceprioritizer.cpp +index 37756991239c..34b941c53a45 100644 +--- media/mtransport/nrinterfaceprioritizer.cpp ++++ media/mtransport/nrinterfaceprioritizer.cpp +@@ -28,7 +28,7 @@ public: + bool Init(const nr_local_addr& local_addr) { + ifname_ = local_addr.addr.ifname; + +- char buf[MAXIFNAME + 41]; ++ char buf[MAXIFNAME + 47]; + int r = nr_transport_addr_fmt_ifname_addr_string(&local_addr.addr, buf, sizeof(buf)); + if (r) { + MOZ_MTLOG(ML_ERROR, "Error formatting interface key."); +diff --git media/mtransport/third_party/nICEr/src/net/transport_addr.c media/mtransport/third_party/nICEr/src/net/transport_addr.c +index 99564a08e8b9..ae849f43387e 100644 +--- media/mtransport/third_party/nICEr/src/net/transport_addr.c ++++ media/mtransport/third_party/nICEr/src/net/transport_addr.c +@@ -98,7 +98,8 @@ int nr_transport_addr_fmt_addr_string(nr_transport_addr *addr) + int nr_transport_addr_fmt_ifname_addr_string(const nr_transport_addr *addr, char *buf, int len) + { + int _status; +- char buffer[40]; ++ /* leave room for a fully-expanded IPV4-mapped IPV6 address */ ++ char buffer[46]; + + switch(addr->ip_version){ + case NR_IPV4: +@@ -114,7 +115,10 @@ int nr_transport_addr_fmt_ifname_addr_string(const nr_transport_addr *addr, char + default: + ABORT(R_INTERNAL); + } ++ buffer[sizeof(buffer) - 1] = '\0'; ++ + snprintf(buf,len,"%s:%s",addr->ifname,buffer); ++ buf[len - 1] = '\0'; + + _status=0; + abort: Property changes on: branches/2017Q4/www/firefox/files/patch-bug1406154 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1406398 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1406398 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1406398 (revision 454980) @@ -0,0 +1,36 @@ +commit c79dd79bdb5c +Author: André Bargull +Date: Thu Oct 12 09:20:07 2017 -0700 + + Bug 1406398 - Avoid rooting the object twice in EnumerableOwnProperties. r=jandem, a=lizzard + + --HG-- + extra : source : c2cecb6d6f9bb85f258a66cf8e94c1860adde7e5 +--- + js/src/builtin/Object.cpp | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git js/src/builtin/Object.cpp js/src/builtin/Object.cpp +index dff377a1cd97..ff4dd029cb52 100644 +--- js/src/builtin/Object.cpp ++++ js/src/builtin/Object.cpp +@@ -1246,9 +1246,6 @@ EnumerableOwnProperties(JSContext* cx, const JS::CallArgs& args, EnumerableOwnPr + RootedId id(cx); + RootedValue key(cx); + RootedValue value(cx); +- RootedNativeObject nobj(cx); +- if (obj->is()) +- nobj = &obj->as(); + RootedShape shape(cx); + Rooted desc(cx); + // Step 4. +@@ -1265,7 +1262,8 @@ EnumerableOwnProperties(JSContext* cx, const JS::CallArgs& args, EnumerableOwnPr + } + + // Step 4.a.i. +- if (nobj) { ++ if (obj->is()) { ++ HandleNativeObject nobj = obj.as(); + if (JSID_IS_INT(id) && nobj->containsDenseElement(JSID_TO_INT(id))) { + value = nobj->getDenseOrTypedArrayElement(JSID_TO_INT(id)); + } else { Property changes on: branches/2017Q4/www/firefox/files/patch-bug1406398 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1406750 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1406750 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1406750 (revision 454980) @@ -0,0 +1,47 @@ +commit f2e38d27a7e3 +Author: Emilio Cobos Álvarez +Date: Tue Oct 24 17:44:12 2017 -0400 + + Bug 1406750 - Use GetStyleContextNoFlush in UpdateCurrentStyleSources, and avoid flushing mPresShell twice. r=bz, a=abillings + + MozReview-Commit-ID: Nfu9FZcIzQ + + --HG-- + extra : source : c73db1c3b6e78a5fad216ca7cc7e4ce312c30a98 + extra : amend_source : 9b31fa281368a9dc39a4a949cb85ae2f354a4308 +--- + layout/style/nsComputedDOMStyle.cpp | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git layout/style/nsComputedDOMStyle.cpp layout/style/nsComputedDOMStyle.cpp +index 062e00ffebc5..1aa07e691d4a 100644 +--- layout/style/nsComputedDOMStyle.cpp ++++ layout/style/nsComputedDOMStyle.cpp +@@ -832,6 +832,11 @@ nsComputedDOMStyle::UpdateCurrentStyleSources(bool aNeedsLayoutFlush) + return; + } + ++ nsCOMPtr presShellForContent = GetPresShellForContent(mContent); ++ if (presShellForContent && presShellForContent != mPresShell) { ++ presShellForContent->FlushPendingNotifications(FlushType::Style); ++ } ++ + // We need to use GetUndisplayedRestyleGeneration instead of + // GetRestyleGeneration, because the caching of mStyleContext is an + // optimization that is useful only for displayed elements. +@@ -922,10 +927,11 @@ nsComputedDOMStyle::UpdateCurrentStyleSources(bool aNeedsLayoutFlush) + #endif + // Need to resolve a style context + RefPtr resolvedStyleContext = +- nsComputedDOMStyle::GetStyleContext(mContent->AsElement(), +- mPseudo, +- mPresShell, +- mStyleType); ++ nsComputedDOMStyle::GetStyleContextNoFlush( ++ mContent->AsElement(), ++ mPseudo, ++ presShellForContent ? presShellForContent.get() : mPresShell, ++ mStyleType); + if (!resolvedStyleContext) { + ClearStyleContext(); + return; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1406750 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1407032 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1407032 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1407032 (revision 454980) @@ -0,0 +1,48 @@ +commit 5666a545d8a1 +Author: David Anderson +Date: Mon Oct 23 16:18:24 2017 -0400 + + Bug 1407032 - Reorder when GPUProcessHosts are destroyed. r=rhunt, a=ritu + + --HG-- + extra : source : 2fb069813d832de4338028cf84c8dab483ba0fda +--- + gfx/ipc/GPUProcessHost.cpp | 19 ++++++------------- + 1 file changed, 6 insertions(+), 13 deletions(-) + +diff --git gfx/ipc/GPUProcessHost.cpp gfx/ipc/GPUProcessHost.cpp +index 544baea242cf..249decc52a95 100644 +--- gfx/ipc/GPUProcessHost.cpp ++++ gfx/ipc/GPUProcessHost.cpp +@@ -190,25 +190,18 @@ GPUProcessHost::Shutdown() + void + GPUProcessHost::OnChannelClosed() + { +- if (!mShutdownRequested) { ++ mChannelClosed = true; ++ ++ if (!mShutdownRequested && mListener) { + // This is an unclean shutdown. Notify our listener that we're going away. +- mChannelClosed = true; +- if (mListener) { +- mListener->OnProcessUnexpectedShutdown(this); +- } ++ mListener->OnProcessUnexpectedShutdown(this); ++ } else { ++ DestroyProcess(); + } + + // Release the actor. + GPUChild::Destroy(Move(mGPUChild)); + MOZ_ASSERT(!mGPUChild); +- +- // If the owner of GPUProcessHost already requested shutdown, we can now +- // schedule destruction. Otherwise we must wait for someone to call +- // Shutdown. Note that GPUProcessManager calls Shutdown within +- // OnProcessUnexpectedShutdown. +- if (mShutdownRequested) { +- DestroyProcess(); +- } + } + + void Property changes on: branches/2017Q4/www/firefox/files/patch-bug1407032 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1407375 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1407375 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1407375 (revision 454980) @@ -0,0 +1,28 @@ +commit b2d46387afc9 +Author: Boris Zbarsky +Date: Wed Oct 11 22:19:06 2017 -0400 + + Bug 1407375 - Make sure to call NodeInfoChanged whenever we change the nodeinfo on a node. r=peterv, a=ritu + + MozReview-Commit-ID: 71k1jv8thFA + + --HG-- + extra : source : 51ff2d13e50c1e8f7731e4c7243064bb96d2e4d0 +--- + dom/base/nsNodeUtils.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git dom/base/nsNodeUtils.cpp dom/base/nsNodeUtils.cpp +index 64ab9e852966..dd958aa443ce 100644 +--- dom/base/nsNodeUtils.cpp ++++ dom/base/nsNodeUtils.cpp +@@ -593,6 +593,9 @@ nsNodeUtils::CloneAndAdopt(nsINode *aNode, bool aClone, bool aDeep, + aNode->OwnerDoc()->UnregisterActivityObserver(aNode->AsElement()); + } + aNode->mNodeInfo.swap(newNodeInfo); ++ if (elem) { ++ elem->NodeInfoChanged(newDoc); ++ } + if (wasRegistered) { + aNode->OwnerDoc()->RegisterActivityObserver(aNode->AsElement()); + } Property changes on: branches/2017Q4/www/firefox/files/patch-bug1407375 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1407740 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1407740 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1407740 (revision 454980) @@ -0,0 +1,26 @@ +commit a8fee72c6fc1 +Author: Andrew McCreight +Date: Fri Oct 20 16:11:26 2017 -0400 + + Bug 1407740 - Fix a crash by setting a flag to true. r=bz, a=lizzard + + --HG-- + extra : source : 23d3b458f69c56b0f3b2b8faa1453f79e32ce70c +--- + docshell/base/nsDocShell.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git docshell/base/nsDocShell.cpp docshell/base/nsDocShell.cpp +index 6748a2722e5a..f7dc1508a74d 100644 +--- docshell/base/nsDocShell.cpp ++++ docshell/base/nsDocShell.cpp +@@ -881,6 +881,9 @@ nsDocShell::~nsDocShell() + { + MOZ_ASSERT(!mObserved); + ++ // Avoid notifying observers while we're in the dtor. ++ mIsBeingDestroyed = true; ++ + Destroy(); + + nsCOMPtr shPrivate(do_QueryInterface(mSessionHistory)); Property changes on: branches/2017Q4/www/firefox/files/patch-bug1407740 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1407751 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1407751 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1407751 (revision 454980) @@ -0,0 +1,35 @@ +commit 390b56f13f00 +Author: Andrea Marchesini +Date: Fri Oct 13 07:11:40 2017 +0200 + + Bug 1407751 - DefineOSFileConstants should return false if OSFileConstants service is not initialized. r=froydnj, a=ritu + + --HG-- + extra : source : 2f76e40db328035331dd6aa79d0e5fbf04db7c96 +--- + dom/system/OSFileConstants.cpp | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git dom/system/OSFileConstants.cpp dom/system/OSFileConstants.cpp +index edafe9f1c560..3cd77f6c3c12 100644 +--- dom/system/OSFileConstants.cpp ++++ dom/system/OSFileConstants.cpp +@@ -346,6 +346,7 @@ void CleanupOSFileConstants() + + gInitialized = false; + delete gPaths; ++ gPaths = nullptr; + } + + +@@ -874,9 +875,7 @@ bool SetStringProperty(JSContext *cx, JS::Handle aObject, const char + */ + bool DefineOSFileConstants(JSContext *cx, JS::Handle global) + { +- MOZ_ASSERT(gInitialized); +- +- if (gPaths == nullptr) { ++ if (!gInitialized || gPaths == nullptr) { + // If an initialization error was ignored, we may end up with + // |gInitialized == true| but |gPaths == nullptr|. We cannot + // |MOZ_ASSERT| this, as this would kill precompile_cache.js, Property changes on: branches/2017Q4/www/firefox/files/patch-bug1407751 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1408005 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1408005 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1408005 (revision 454980) @@ -0,0 +1,25 @@ +commit 988e61cc6282 +Author: Andrew McCreight +Date: Mon Oct 23 10:18:42 2017 -0400 + + Bug 1408005 - Clear gApplicationReputationService in the dtor. r=francois, a=abillings + + --HG-- + extra : source : 1613834d8d1145200886a039f733b1e066c63cbd +--- + toolkit/components/downloads/ApplicationReputation.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git toolkit/components/downloads/ApplicationReputation.cpp toolkit/components/downloads/ApplicationReputation.cpp +index b19841d8235d..18bc3b71728d 100644 +--- toolkit/components/downloads/ApplicationReputation.cpp ++++ toolkit/components/downloads/ApplicationReputation.cpp +@@ -1576,6 +1576,8 @@ ApplicationReputationService::ApplicationReputationService() + + ApplicationReputationService::~ApplicationReputationService() { + LOG(("Application reputation service shutting down")); ++ MOZ_ASSERT(gApplicationReputationService == this); ++ gApplicationReputationService = nullptr; + } + + NS_IMETHODIMP Property changes on: branches/2017Q4/www/firefox/files/patch-bug1408005 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1408412 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1408412 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1408412 (revision 454980) @@ -0,0 +1,37 @@ +commit 81f184512a09 +Author: Jan de Mooij +Date: Wed Oct 25 11:30:17 2017 +0200 + + Bug 1408412 - Use ARGS_LENGTH_MAX as upper bound in MArgumentsLength::computeRange. r=nbp, a=lizzard + + --HG-- + extra : source : aaf54dce048a85806833529a5d53ecc46156ef47 +--- + js/src/jit/RangeAnalysis.cpp | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git js/src/jit/RangeAnalysis.cpp js/src/jit/RangeAnalysis.cpp +index a3daefa848a7..19715ccc250a 100644 +--- js/src/jit/RangeAnalysis.cpp ++++ js/src/jit/RangeAnalysis.cpp +@@ -15,6 +15,7 @@ + #include "jit/MIRGenerator.h" + #include "jit/MIRGraph.h" + #include "js/Conversions.h" ++#include "vm/ArgumentsObject.h" + #include "vm/TypedArrayObject.h" + + #include "jsopcodeinlines.h" +@@ -1845,9 +1846,9 @@ MArgumentsLength::computeRange(TempAllocator& alloc) + { + // This is is a conservative upper bound on what |TooManyActualArguments| + // checks. If exceeded, Ion will not be entered in the first place. +- MOZ_ASSERT(JitOptions.maxStackArgs <= UINT32_MAX, +- "NewUInt32Range requires a uint32 value"); +- setRange(Range::NewUInt32Range(alloc, 0, JitOptions.maxStackArgs)); ++ static_assert(ARGS_LENGTH_MAX <= UINT32_MAX, ++ "NewUInt32Range requires a uint32 value"); ++ setRange(Range::NewUInt32Range(alloc, 0, ARGS_LENGTH_MAX)); + } + + void Property changes on: branches/2017Q4/www/firefox/files/patch-bug1408412 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1408782 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1408782 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1408782 (revision 454980) @@ -0,0 +1,55 @@ +commit 5b8d4bd1ffaa +Author: Jonathan Kew +Date: Wed Oct 18 10:24:03 2017 +0100 + + Bug 1408782 - Force punycode display for IDNs with a sequence. r=valentin a=ritu +--- + netwerk/dns/nsIDNService.cpp | 9 +++++++++ + netwerk/test/unit/test_idn_urls.js | 7 +++++++ + 2 files changed, 16 insertions(+) + +diff --git netwerk/dns/nsIDNService.cpp netwerk/dns/nsIDNService.cpp +index e07910a7e70d..a89b4301ea07 100644 +--- netwerk/dns/nsIDNService.cpp ++++ netwerk/dns/nsIDNService.cpp +@@ -867,6 +867,7 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + + Script lastScript = Script::INVALID; + uint32_t previousChar = 0; ++ uint32_t baseChar = 0; // last non-diacritic seen (base char for marks) + uint32_t savedNumberingSystem = 0; + // Simplified/Traditional Chinese check temporarily disabled -- bug 857481 + #if 0 +@@ -948,6 +949,14 @@ bool nsIDNService::isLabelSafe(const nsAString &label) + } + } + } ++ // Check for diacritics on dotless-i, which would be indistinguishable ++ // from normal accented letter i. ++ if (baseChar == 0x0131 && ++ ((ch >= 0x0300 && ch <= 0x0314) || ch == 0x031a)) { ++ return false; ++ } ++ } else { ++ baseChar = ch; + } + + // Simplified/Traditional Chinese check temporarily disabled -- bug 857481 +diff --git netwerk/test/unit/test_idn_urls.js netwerk/test/unit/test_idn_urls.js +index f39a9650a13b..e0d73ca512ee 100644 +--- netwerk/test/unit/test_idn_urls.js ++++ netwerk/test/unit/test_idn_urls.js +@@ -300,6 +300,13 @@ const testcases = [ + ["goo\u0650gle", "xn--google-yri", false, false, false], + // ...but Arabic diacritics are allowed on Arabic text + ["العَرَبِي", "xn--mgbc0a5a6cxbzabt", false, true, true], ++ ++ // Accents above dotless-i are not allowed ++ ["na\u0131\u0308ve", "xn--nave-mza04z", false, false, false], ++ ["d\u0131\u0302ner", "xn--dner-lza40z", false, false, false], ++ // but the corresponding accented-i (based on dotted i) is OK ++ ["na\u00efve.com", "xn--nave-6pa.com", false, true, true], ++ ["d\u00eener.com", "xn--dner-0pa.com", false, true, true], + ]; + + const profiles = ["ASCII", "high", "moderate"]; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1408782 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1408990 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1408990 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1408990 (revision 454980) @@ -0,0 +1,34 @@ +commit 53a3958e0a76 +Author: Valentin Gosu +Date: Sat Oct 28 00:15:01 2017 +0200 + + Bug 1408990 - Only add the entry to the performance object if the loading document's principal is the same as the triggering principal. r=bz, r=dragana, a=lizzard + + MozReview-Commit-ID: 7o8XKHioP1p + + --HG-- + extra : rebase_source : 33d4044b4901cee460cc69a0bae1fe0e84dab2aa + extra : source : ff9e841ff8544053f184d2e425500d5dd13ee14d +--- + netwerk/protocol/http/HttpBaseChannel.cpp | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git netwerk/protocol/http/HttpBaseChannel.cpp netwerk/protocol/http/HttpBaseChannel.cpp +index 8a5c4d8d9f45..16e59241e2fc 100644 +--- netwerk/protocol/http/HttpBaseChannel.cpp ++++ netwerk/protocol/http/HttpBaseChannel.cpp +@@ -4088,6 +4088,14 @@ HttpBaseChannel::GetPerformance() + return nullptr; + } + ++ // We only add to the document's performance object if it has the same ++ // principal as the one triggering the load. This is to prevent navigations ++ // triggered _by_ the iframe from showing up in the parent document's ++ // performance entries if they have different origins. ++ if (!mLoadInfo->TriggeringPrincipal()->Equals(loadingDocument->NodePrincipal())) { ++ return nullptr; ++ } ++ + nsCOMPtr innerWindow = loadingDocument->GetInnerWindow(); + if (!innerWindow) { + return nullptr; Property changes on: branches/2017Q4/www/firefox/files/patch-bug1408990 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1411458 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1411458 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1411458 (revision 454980) @@ -0,0 +1,44 @@ +commit da2637dd8a23 +Author: David Keeler +Date: Wed Oct 25 09:54:13 2017 -0700 + + Bug 1411458 - Confirm we actually have a PKCS#7 signedData content info. r=jcj, a=ritu + + MozReview-Commit-ID: GKfL1C0EPWt + + --HG-- + extra : source : 22a772cfa62ae6908751b1cdd98a9234f2ea6105 +--- + security/manager/ssl/nsDataSignatureVerifier.cpp | 6 ++++++ + security/nss.symbols | 1 + + 2 files changed, 7 insertions(+) + +diff --git security/manager/ssl/nsDataSignatureVerifier.cpp security/manager/ssl/nsDataSignatureVerifier.cpp +index f78740365e1a..2527431dd9ae 100644 +--- security/manager/ssl/nsDataSignatureVerifier.cpp ++++ security/manager/ssl/nsDataSignatureVerifier.cpp +@@ -170,6 +170,12 @@ VerifyCMSDetachedSignatureIncludingCertificate( + return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO; + } + ++ // We're expecting this to be a PKCS#7 signedData content info. ++ if (NSS_CMSContentInfo_GetContentTypeTag(cinfo) ++ != SEC_OID_PKCS7_SIGNED_DATA) { ++ return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO; ++ } ++ + // signedData is non-owning + NSSCMSSignedData* signedData = + static_cast(NSS_CMSContentInfo_GetContent(cinfo)); +diff --git security/nss.symbols security/nss.symbols +index 626fc64d96f9..517a577a8de4 100644 +--- security/nss.symbols ++++ security/nss.symbols +@@ -181,6 +181,7 @@ HASH_ResultLenByOidTag + HASH_Update + NSSBase64_EncodeItem_Util + NSS_CMSContentInfo_GetContent ++NSS_CMSContentInfo_GetContentTypeTag + NSS_CMSContentInfo_SetContent_Data + NSS_CMSContentInfo_SetContent_EnvelopedData + NSS_CMSContentInfo_SetContent_SignedData Property changes on: branches/2017Q4/www/firefox/files/patch-bug1411458 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4/www/firefox/files/patch-bug1412252 =================================================================== --- branches/2017Q4/www/firefox/files/patch-bug1412252 (nonexistent) +++ branches/2017Q4/www/firefox/files/patch-bug1412252 (revision 454980) @@ -0,0 +1,42 @@ +commit 4bb201af8ede +Author: Emilio Cobos Álvarez +Date: Sun Oct 29 17:39:20 2017 -0400 + + Bug 1412252 - Only fetch mPresShell after flushing the relevant content pres shell. r=bz, a=ritu + + MozReview-Commit-ID: BkcYtu2MsNs + + --HG-- + extra : rebase_source : aaf4e69af1cfb4e6becd491f3f4a6e4924cb307a + extra : source : 044406030675adf7dfdb0317fca3852fa1ea3ff7 +--- + layout/style/nsComputedDOMStyle.cpp | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git layout/style/nsComputedDOMStyle.cpp layout/style/nsComputedDOMStyle.cpp +index 1aa07e691d4a..1eb9fbebdc8d 100644 +--- layout/style/nsComputedDOMStyle.cpp ++++ layout/style/nsComputedDOMStyle.cpp +@@ -826,17 +826,17 @@ nsComputedDOMStyle::UpdateCurrentStyleSources(bool aNeedsLayoutFlush) + mFlushedPendingReflows = aNeedsLayoutFlush; + #endif + ++ nsCOMPtr presShellForContent = GetPresShellForContent(mContent); ++ if (presShellForContent && presShellForContent != document->GetShell()) { ++ presShellForContent->FlushPendingNotifications(FlushType::Style); ++ } ++ + mPresShell = document->GetShell(); + if (!mPresShell || !mPresShell->GetPresContext()) { + ClearStyleContext(); + return; + } + +- nsCOMPtr presShellForContent = GetPresShellForContent(mContent); +- if (presShellForContent && presShellForContent != mPresShell) { +- presShellForContent->FlushPendingNotifications(FlushType::Style); +- } +- + // We need to use GetUndisplayedRestyleGeneration instead of + // GetRestyleGeneration, because the caching of mStyleContext is an + // optimization that is useful only for displayed elements. Property changes on: branches/2017Q4/www/firefox/files/patch-bug1412252 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q4 =================================================================== --- branches/2017Q4 (revision 454979) +++ branches/2017Q4 (revision 454980) Property changes on: branches/2017Q4 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r454000,454192