#457: M1414425 M1418854 M1411708 M1395508 M1408017 M1425000 + assertion tweaks

browser/base/content/browser.js

@@ -2476,9 +2476,12 @@ function losslessDecodeURI(aURI) {
                 //    a sequence that survived decodeURI, i.e. one for:
                 //    ';', '/', '?', ':', '@', '&', '=', '+', '$', ',', '#'
                 //    (RFC 3987 section 3.2)
-                // 2. Re-encode whitespace so that it doesn't get eaten away
+                // 2. Re-encode select whitespace so that it doesn't get eaten
-                //    by the location bar (bug 410726).
+                //    away by the location bar (bug 410726). Re-encode all
-                .replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]/ig,
+                //    adjacent whitespace, to prevent spoofing attempts where
+                //    invisible characters would push part of the URL to
+                //    overflow the location bar (bug 1395508).
+                .replace(/%(?!3B|2F|3F|3A|40|26|3D|2B|24|2C|23)|[\r\n\t]|\s(?=\s)|\s$/ig,
                          encodeURIComponent);
     } catch (e) {}
 

docshell/base/nsDocShell.cpp

@@ -6493,8 +6493,10 @@ nsDocShell::ScrollByPages(int32_t aNumPages)
 //*****************************************************************************
 
 NS_IMETHODIMP
-nsDocShell::RefreshURI(nsIURI* aURI, int32_t aDelay, bool aRepeat,
+nsDocShell::RefreshURI(nsIURI* aURI,
-                       bool aMetaRefresh)
+                       int32_t aDelay, bool aRepeat,
+                       bool aMetaRefresh,
+                       nsIPrincipal* aPrincipal)
 {
   NS_ENSURE_ARG(aURI);
 
@@ -6529,6 +6531,7 @@ nsDocShell::RefreshURI(nsIURI* aURI, int32_t aDelay, bool aRepeat,
   nsCOMPtr<nsISupports> dataRef = refreshTimer;  // Get the ref count to 1
 
   refreshTimer->mDocShell = this;
+  refreshTimer->mPrincipal = aPrincipal;
   refreshTimer->mURI = aURI;
   refreshTimer->mDelay = aDelay;
   refreshTimer->mRepeat = aRepeat;
@@ -6560,7 +6563,8 @@ nsresult
 nsDocShell::ForceRefreshURIFromTimer(nsIURI* aURI,
                                      int32_t aDelay,
                                      bool aMetaRefresh,
-                                     nsITimer* aTimer)
+                                     nsITimer* aTimer,
+                                     nsIPrincipal* aPrincipal)
 {
   NS_PRECONDITION(aTimer, "Must have a timer here");
 
@@ -6578,7 +6582,7 @@ nsDocShell::ForceRefreshURIFromTimer(nsIURI* aURI,
     }
   }
 
-  return ForceRefreshURI(aURI, aDelay, aMetaRefresh);
+  return ForceRefreshURI(aURI, aDelay, aMetaRefresh, aPrincipal);
 }
 
 bool
@@ -6608,7 +6612,7 @@ nsDocShell::DoAppRedirectIfNeeded(nsIURI* aURI,
 }
 
 NS_IMETHODIMP
-nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh)
+nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh, nsIPrincipal* aPrincipal)
 {
   NS_ENSURE_ARG(aURI);
 
@@ -6656,11 +6660,18 @@ nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh)
     loadInfo->SetLoadType(nsIDocShellLoadInfo::loadRefresh);
   }
 
+  // If the principal is null, the refresh will have a triggeringPrincipal
+  // derived from the referrer URI, or will be set to the system principal
+  // if there is no refererrer. See LoadURI()
+  if (aPrincipal) {
+    loadInfo->SetOwner(aPrincipal); // as called prior to bug 1286472
+  }
+
   /*
    * LoadURI(...) will cancel all refresh timers... This causes the
    * Timer and its refreshData instance to be released...
    */
-  LoadURI(aURI, loadInfo, nsIWebNavigation::LOAD_FLAGS_NONE, true);
+  LoadURI(aURI, loadInfo, nsIWebNavigation::LOAD_FLAGS_DISALLOW_INHERIT_OWNER, true); // XXX: LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL
 
   return NS_OK;
 }
@@ -6896,7 +6907,7 @@ nsDocShell::SetupRefreshURIFromHeader(nsIURI* aBaseURI,
           return NS_ERROR_FAILURE;
         }
 
-        rv = RefreshURI(uri, seconds * 1000, false, true);
+        rv = RefreshURI(uri, seconds * 1000, false, true, aPrincipal);
       }
     }
   }
@@ -12974,7 +12985,7 @@ nsRefreshTimer::Notify(nsITimer* aTimer)
     // Get the delay count to determine load type
     uint32_t delay = 0;
     aTimer->GetDelay(&delay);
-    mDocShell->ForceRefreshURIFromTimer(mURI, delay, mMetaRefresh, aTimer);
+    mDocShell->ForceRefreshURIFromTimer(mURI, delay, mMetaRefresh, aTimer, mPrincipal);
   }
   return NS_OK;
 }

docshell/base/nsDocShell.h

@@ -113,6 +113,7 @@ public:
 
   RefPtr<nsDocShell> mDocShell;
   nsCOMPtr<nsIURI> mURI;
+  nsCOMPtr<nsIPrincipal> mPrincipal;
   int32_t mDelay;
   bool mRepeat;
   bool mMetaRefresh;
@@ -244,7 +245,8 @@ public:
   // the timer involved out of mRefreshURIList if it's there.
   // aTimer must not be null.
   nsresult ForceRefreshURIFromTimer(nsIURI* aURI, int32_t aDelay,
-                                    bool aMetaRefresh, nsITimer* aTimer);
+                                    bool aMetaRefresh, nsITimer* aTimer,
+                                    nsIPrincipal* aPrincipal);
 
   friend class OnLinkClickEvent;
 

docshell/base/nsIRefreshURI.idl

@@ -18,23 +18,35 @@ interface nsIRefreshURI : nsISupports {
       * queued and executed when the current load finishes. 
       *
       * @param aUri The uri to refresh.
+      * @param aPrincipal The triggeringPrincipal for the refresh load
+      *   May be null, in which case a principal will be built based on the
+      *   referrer URI of the previous docshell load, or will use the system
+      *   principal when there is no referrer.
       * @param aMillis The number of milliseconds to wait.
       * @param aRepeat Flag to indicate if the uri is to be 
       *                repeatedly refreshed every aMillis milliseconds.
       * @param aMetaRefresh Flag to indicate if this is a Meta refresh.
       */
-    void refreshURI(in nsIURI aURI, in long aMillis, in boolean aRepeat,
+    void refreshURI(in nsIURI aURI,
-                    in boolean aMetaRefresh);
+                    in long aMillis, in boolean aRepeat,
+                    in boolean aMetaRefresh,
+                    [optional] in nsIPrincipal aPrincipal);
 
     /**
       * Loads a URI immediately as if it were a refresh.
       *
       * @param aURI The URI to refresh.
+      * @param aPrincipal The triggeringPrincipal for the refresh load
+      *   May be null, in which case a principal will be built based on the
+      *   referrer URI of the previous docshell load, or will use the system
+      *   principal when there is no referrer.
       * @param aMillis The number of milliseconds by which this refresh would
       *                be delayed if it were not being forced.
       * @param aMetaRefresh Flag to indicate if this is a meta refresh.
       */
-    void forceRefreshURI(in nsIURI aURI, in long aMillis, in boolean aMetaRefresh);
+    void forceRefreshURI(in nsIURI aURI,
+                         in long aMillis, in boolean aMetaRefresh,
+                         [optional] in nsIPrincipal aPrincipal);
 
     /**
       * Checks the passed in channel to see if there is a refresh header, 
@@ -57,10 +69,15 @@ interface nsIRefreshURI : nsISupports {
       * the current page finishes loading. 
       *
       * @param aBaseURI base URI to resolve refresh uri with.
-      * @param principal the associated principal
+      * @param aPrincipal The triggeringPrincipal for the refresh load
+      *   May be null, in which case a principal will be built based on the
+      *   referrer URI of the previous docshell load, or will use the system
+      *   principal when there is no referrer.
       * @param aHeader  The meta refresh header string.
       */
-    void setupRefreshURIFromHeader(in nsIURI aBaseURI, in nsIPrincipal principal, in ACString aHeader);
+    void setupRefreshURIFromHeader(in nsIURI aBaseURI,
+                                   in nsIPrincipal principal,
+                                   in ACString aHeader);
 
     /**
       * Cancels all timer loads.

gfx/thebes/gfxUserFontSet.h

@@ -607,6 +607,10 @@ public:
     void GetFamilyNameAndURIForLogging(nsACString& aFamilyName,
                                        nsACString& aURI);
 
+#ifdef DEBUG
+    gfxUserFontSet* GetUserFontSet() const { return mFontSet; }
+#endif
+
 protected:
     const uint8_t* SanitizeOpenTypeData(const uint8_t* aData,
                                         uint32_t aLength,

layout/style/FontFace.cpp

@@ -623,6 +623,11 @@ FontFace::SetUserFontEntry(gfxUserFontEntry* aEntry)
   if (mUserFontEntry) {
     mUserFontEntry->mFontFaces.AppendElement(this);
 
+    MOZ_ASSERT(mUserFontEntry->GetUserFontSet() ==
+                 mFontFaceSet->GetUserFontSet(),
+               "user font entry must be associated with the same user font set "
+               "as the FontFace");
+
     // Our newly assigned user font entry might be in the process of or
     // finished loading, so set our status accordingly.  But only do so
     // if we're not going "backwards" in status, which could otherwise

layout/style/FontFace.h

@@ -90,6 +90,8 @@ public:
   void AddFontFaceSet(FontFaceSet* aFontFaceSet);
   void RemoveFontFaceSet(FontFaceSet* aFontFaceSet);
 
+  FontFaceSet* GetPrimaryFontFaceSet() const { return mFontFaceSet; }
+
   /**
    * Gets the family name of the FontFace as a raw string (such as 'Times', as
    * opposed to GetFamily, which returns a CSS-escaped string, such as

layout/style/FontFaceSet.cpp

@@ -953,7 +953,7 @@ FontFaceSet::InsertRuleFontFace(FontFace* aFontFace, SheetType aSheetType,
   mUserFontSet->AddUserFontEntry(fontfamily, entry);
 }
 
-already_AddRefed<gfxUserFontEntry>
+/* static */ already_AddRefed<gfxUserFontEntry>
 FontFaceSet::FindOrCreateUserFontEntryFromFontFace(FontFace* aFontFace)
 {
   nsAutoString fontfamily;
@@ -967,11 +967,13 @@ FontFaceSet::FindOrCreateUserFontEntryFromFontFace(FontFace* aFontFace)
                                                SheetType::Doc);
 }
 
-already_AddRefed<gfxUserFontEntry>
+/* static */ already_AddRefed<gfxUserFontEntry>
 FontFaceSet::FindOrCreateUserFontEntryFromFontFace(const nsAString& aFamilyName,
                                                    FontFace* aFontFace,
                                                    SheetType aSheetType)
 {
+  FontFaceSet* set = aFontFace->GetPrimaryFontFaceSet();
+
   nsCSSValue val;
   nsCSSUnit unit;
 
@@ -1099,7 +1101,7 @@ FontFaceSet::FindOrCreateUserFontEntryFromFontFace(const nsAString& aFamilyName,
           face->mSourceType = gfxFontFaceSrc::eSourceType_URL;
           face->mURI = val.GetURLValue();
           face->mReferrer = val.GetURLStructValue()->mReferrer;
-          face->mReferrerPolicy = mDocument->GetReferrerPolicy();
+          face->mReferrerPolicy = set->mDocument->GetReferrerPolicy();
           face->mOriginPrincipal = val.GetURLStructValue()->mOriginPrincipal;
           NS_ASSERTION(face->mOriginPrincipal, "null origin principal in @font-face rule");
 
@@ -1160,11 +1162,11 @@ FontFaceSet::FindOrCreateUserFontEntryFromFontFace(const nsAString& aFamilyName,
   }
 
   RefPtr<gfxUserFontEntry> entry =
-    mUserFontSet->FindOrCreateUserFontEntry(aFamilyName, srcArray, weight,
+    set->mUserFontSet->FindOrCreateUserFontEntry(aFamilyName, srcArray, weight,
-                                            stretch, italicStyle,
+                                                 stretch, italicStyle,
-                                            featureSettings,
+                                                 featureSettings,
-                                            languageOverride,
+                                                 languageOverride,
-                                            unicodeRanges);
+                                                 unicodeRanges);
   return entry.forget();
 }
 

layout/style/FontFaceSet.h

@@ -122,7 +122,7 @@ public:
    * Finds an existing entry in the user font cache or creates a new user
    * font entry for the given FontFace object.
    */
-  already_AddRefed<gfxUserFontEntry>
+  static already_AddRefed<gfxUserFontEntry>
     FindOrCreateUserFontEntryFromFontFace(FontFace* aFontFace);
 
   /**
@@ -243,7 +243,7 @@ private:
     bool mLoadEventShouldFire;
   };
 
-  already_AddRefed<gfxUserFontEntry> FindOrCreateUserFontEntryFromFontFace(
+  static already_AddRefed<gfxUserFontEntry> FindOrCreateUserFontEntryFromFontFace(
                                                    const nsAString& aFamilyName,
                                                    FontFace* aFontFace,
                                                    SheetType aSheetType);

layout/style/nsCSSParser.cpp

@@ -67,6 +67,7 @@ static bool sUnprefixingServiceGloballyWhitelisted;
 #endif
 static bool sMozGradientsEnabled;
 static bool sControlCharVisibility;
+static bool sMozDocumentEnabledInContent;
 
 const uint32_t
 nsCSSProps::kParserVariantTable[eCSSProperty_COUNT_no_shorthands] = {
@@ -3725,6 +3726,11 @@ CSSParserImpl::ParseMediaRule(RuleAppendFunc aAppendFunc, void* aData)
 bool
 CSSParserImpl::ParseMozDocumentRule(RuleAppendFunc aAppendFunc, void* aData)
 {
+  if (mParsingMode == css::eAuthorSheetFeatures &&
+      !sMozDocumentEnabledInContent) {
+    return false;
+  }
+
   css::DocumentRule::URL *urls = nullptr;
   css::DocumentRule::URL **next = &urls;
 
@@ -16852,6 +16858,8 @@ nsCSSParser::Startup()
                                "layout.css.prefixes.gradients");
   Preferences::AddBoolVarCache(&sControlCharVisibility,
                                "layout.css.control-characters.visible");
+  Preferences::AddBoolVarCache(&sMozDocumentEnabledInContent,
+                               "layout.css.moz-document.content.enabled");
 }
 
 nsCSSParser::nsCSSParser(mozilla::css::Loader* aLoader,

modules/libpref/init/all.js

@@ -2230,6 +2230,9 @@ pref("layout.css.report_errors", true);
 // Should the :visited selector ever match (otherwise :link matches instead)?
 pref("layout.css.visited_links_enabled", true);
 
+// Pref to control whether @-moz-document rules are enabled in content pages.
+pref("layout.css.moz-document.content.enabled", true); // XXX: change in FPR6
+
 // Override DPI. A value of -1 means use the maximum of 96 and the system DPI.
 // A value of 0 means use the system DPI. A positive value is used as the DPI.
 // This sets the physical size of a device pixel and thus controls the

netwerk/base/AutoClose.h

@@ -8,6 +8,7 @@
 #define mozilla_net_AutoClose_h
 
 #include "nsCOMPtr.h"
+#include "mozilla/Mutex.h"
 
 namespace mozilla { namespace net {
 
@@ -18,49 +19,48 @@ template <typename T>
 class AutoClose
 {
 public:
-  AutoClose() { } 
+  AutoClose() : mMutex("net::AutoClose.mMutex") { }
   ~AutoClose(){
-    Close();
+    CloseAndRelease();
   }
 
-  explicit operator bool() const
+  explicit operator bool()
   {
+    MutexAutoLock lock(mMutex);
     return mPtr;
   }
 
   already_AddRefed<T> forget()
   {
+    MutexAutoLock lock(mMutex);
     return mPtr.forget();
   }
 
   void takeOver(nsCOMPtr<T> & rhs)
   {
-    Close();
+    already_AddRefed<T> other = rhs.forget();
-    mPtr = rhs.forget();
+    TakeOverInternal(&other);
-  }
-
-  void takeOver(AutoClose<T> & rhs)
-  {
-    Close();
-    mPtr = rhs.mPtr.forget();
   }
 
   void CloseAndRelease()
   {
-    Close();
+    TakeOverInternal(nullptr);
-    mPtr = nullptr;
-  }
-
-  T* operator->() const MOZ_NO_ADDREF_RELEASE_ON_RETURN
-  {
-    return mPtr.operator->();
   }
 
 private:
-  void Close()
+  void TakeOverInternal(already_AddRefed<T> *aOther)
   {
-    if (mPtr) {
+    nsCOMPtr<T> ptr;
-      mPtr->Close();
+    {
+      MutexAutoLock lock(mMutex);
+      ptr.swap(mPtr);
+      if (aOther) {
+        mPtr = *aOther;
+      }
+    }
+
+    if (ptr) {
+      ptr->Close();
     }
   }
 
@@ -68,6 +68,7 @@ private:
   AutoClose(const AutoClose<T> &) = delete;
 
   nsCOMPtr<T> mPtr;
+  Mutex mMutex;
 };
 
 } // namespace net

netwerk/protocol/http/nsHttpChannel.cpp

@@ -1096,8 +1096,9 @@ nsHttpChannel::CallOnStartRequest()
 
     LOG(("  calling mListener->OnStartRequest\n"));
     if (mListener) {
-        MOZ_ASSERT(!mOnStartRequestCalled,
+        NS_ASSERTION(!mOnStartRequestCalled,
-                   "We should not call OsStartRequest twice");
+                     "We should not call OsStartRequest twice");
+        if (mOnStartRequestCalled) return NS_OK;
         rv = mListener->OnStartRequest(this, mListenerContext);
         mOnStartRequestCalled = true;
         if (NS_FAILED(rv))

startupcache/StartupCache.cpp

@@ -738,6 +738,12 @@ StartupCacheWrapper* StartupCacheWrapper::gStartupCacheWrapper = nullptr;
 
 NS_IMPL_ISUPPORTS(StartupCacheWrapper, nsIStartupCache)
 
+StartupCacheWrapper::~StartupCacheWrapper()
+{
+  MOZ_ASSERT(gStartupCacheWrapper == this);
+  gStartupCacheWrapper = nullptr;
+}
+
 StartupCacheWrapper* StartupCacheWrapper::GetSingleton() 
 {
   if (!gStartupCacheWrapper)

startupcache/StartupCache.h

@@ -214,7 +214,7 @@ class StartupCacheDebugOutputStream final
 class StartupCacheWrapper final
   : public nsIStartupCache
 {
-  ~StartupCacheWrapper() {}
+  ~StartupCacheWrapper();
 
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSISTARTUPCACHE

toolkit/components/autocomplete/nsAutoCompleteController.cpp

@@ -1547,9 +1547,9 @@ nsAutoCompleteController::ProcessResult(int32_t aSearchIndex, nsIAutoCompleteRes
   if (mResults.IndexOf(aResult) == -1) {
     nsIAutoCompleteResult* oldResult = mResults.SafeObjectAt(aSearchIndex);
     if (oldResult) {
-      MOZ_ASSERT(false, "Passing new matches to OnSearchResult with a new "
+      NS_ASSERTION(false, "Passing new matches to OnSearchResult with a new "
-                        "nsIAutoCompleteResult every time is deprecated, please "
+                          "nsIAutoCompleteResult every time is deprecated, please "
-                        "update the same result until the search is done");
+                          "update the same result until the search is done");
       // Build a new nsIAutocompleteSimpleResult and merge results into it.
       RefPtr<nsAutoCompleteSimpleResult> mergedResult =
         new nsAutoCompleteSimpleResult();