The Tor Browser: comparison content/base/src/nsFrameLoader.cpp

--1:000000000000
+:b0d170a785ee
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 sw=2 et tw=78: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+* Class for managing loading of a subframe (creation of the docshell,
+* handling of loads in it, recursion-checking).
+*/
+#include "base/basictypes.h"
+#include "prenv.h"
+#include "mozIApplication.h"
+#include "nsIDOMHTMLIFrameElement.h"
+#include "nsIDOMHTMLFrameElement.h"
+#include "nsIDOMMozBrowserFrame.h"
+#include "nsIDOMWindow.h"
+#include "nsIPresShell.h"
+#include "nsIContentInlines.h"
+#include "nsIContentViewer.h"
+#include "nsIDocument.h"
+#include "nsIDOMDocument.h"
+#include "nsIDOMFile.h"
+#include "nsPIDOMWindow.h"
+#include "nsIWebNavigation.h"
+#include "nsIWebProgress.h"
+#include "nsIDocShell.h"
+#include "nsIDocShellTreeOwner.h"
+#include "nsIDocShellLoadInfo.h"
+#include "nsIDOMApplicationRegistry.h"
+#include "nsIBaseWindow.h"
+#include "nsContentUtils.h"
+#include "nsCxPusher.h"
+#include "nsIXPConnect.h"
+#include "nsUnicharUtils.h"
+#include "nsIScriptGlobalObject.h"
+#include "nsIScriptSecurityManager.h"
+#include "nsIScrollable.h"
+#include "nsFrameLoader.h"
+#include "nsIDOMEventTarget.h"
+#include "nsIFrame.h"
+#include "nsIScrollableFrame.h"
+#include "nsSubDocumentFrame.h"
+#include "nsError.h"
+#include "nsISHistory.h"
+#include "nsISHistoryInternal.h"
+#include "nsIDOMHTMLDocument.h"
+#include "nsIXULWindow.h"
+#include "nsIEditor.h"
+#include "nsIMozBrowserFrame.h"
+#include "nsIPermissionManager.h"
+#include "nsISHistory.h"
+#include "nsNullPrincipal.h"
+#include "nsLayoutUtils.h"
+#include "nsView.h"
+#include "nsIURI.h"
+#include "nsIURL.h"
+#include "nsNetUtil.h"
+#include "nsGkAtoms.h"
+#include "nsNameSpaceManager.h"
+#include "nsThreadUtils.h"
+#include "nsIDOMChromeWindow.h"
+#include "nsInProcessTabChildGlobal.h"
+#include "Layers.h"
+#include "AppProcessChecker.h"
+#include "ContentParent.h"
+#include "TabParent.h"
+#include "mozilla/AsyncEventDispatcher.h"
+#include "mozilla/GuardObjects.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/unused.h"
+#include "mozilla/dom/Element.h"
+#include "mozilla/layout/RenderFrameParent.h"
+#include "nsIAppsService.h"
+#include "GeckoProfiler.h"
+#include "jsapi.h"
+#include "mozilla/dom/HTMLIFrameElement.h"
+#include "nsSandboxFlags.h"
+#include "JavaScriptParent.h"
+#include "mozilla/dom/StructuredCloneUtils.h"
+#ifdef MOZ_XUL
+#include "nsXULPopupManager.h"
+#endif
+using namespace mozilla;
+using namespace mozilla::hal;
+using namespace mozilla::dom;
+using namespace mozilla::dom::ipc;
+using namespace mozilla::layers;
+using namespace mozilla::layout;
+typedef FrameMetrics::ViewID ViewID;
+class nsAsyncDocShellDestroyer : public nsRunnable
+{
+public:
+nsAsyncDocShellDestroyer(nsIDocShell* aDocShell)
+: mDocShell(aDocShell)
+{
+}
+NS_IMETHOD Run()
+{
+nsCOMPtr<nsIBaseWindow> base_win(do_QueryInterface(mDocShell));
+if (base_win) {
+base_win->Destroy();
+}
+return NS_OK;
+}
+nsRefPtr<nsIDocShell> mDocShell;
+};
+NS_IMPL_ISUPPORTS(nsContentView, nsIContentView)
+nsresult
+nsContentView::Update(const ViewConfig& aConfig)
+{
+if (aConfig == mConfig) {
+return NS_OK;
+}
+mConfig = aConfig;
+// View changed.  Try to locate our subdoc frame and invalidate
+// it if found.
+if (!mFrameLoader) {
+if (IsRoot()) {
+// Oops, don't have a frame right now.  That's OK; the view
+// config persists and will apply to the next frame we get, if we
+// ever get one.
+return NS_OK;
+} else {
+// This view is no longer valid.
+return NS_ERROR_NOT_AVAILABLE;
+}
+}
+if (RenderFrameParent* rfp = mFrameLoader->GetCurrentRemoteFrame()) {
+rfp->ContentViewScaleChanged(this);
+}
+return NS_OK;
+}
+NS_IMETHODIMP
+nsContentView::ScrollTo(float aXpx, float aYpx)
+{
+ViewConfig config(mConfig);
+config.mScrollOffset = nsPoint(nsPresContext::CSSPixelsToAppUnits(aXpx),
+nsPresContext::CSSPixelsToAppUnits(aYpx));
+return Update(config);
+}
+NS_IMETHODIMP
+nsContentView::ScrollBy(float aDXpx, float aDYpx)
+{
+ViewConfig config(mConfig);
+config.mScrollOffset.MoveBy(nsPresContext::CSSPixelsToAppUnits(aDXpx),
+nsPresContext::CSSPixelsToAppUnits(aDYpx));
+return Update(config);
+}
+NS_IMETHODIMP
+nsContentView::SetScale(float aXScale, float aYScale)
+{
+ViewConfig config(mConfig);
+config.mXScale = aXScale;
+config.mYScale = aYScale;
+return Update(config);
+}
+NS_IMETHODIMP
+nsContentView::GetScrollX(float* aViewScrollX)
+{
+*aViewScrollX = nsPresContext::AppUnitsToFloatCSSPixels(
+mConfig.mScrollOffset.x);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsContentView::GetScrollY(float* aViewScrollY)
+{
+*aViewScrollY = nsPresContext::AppUnitsToFloatCSSPixels(
+mConfig.mScrollOffset.y);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsContentView::GetViewportWidth(float* aWidth)
+{
+*aWidth = nsPresContext::AppUnitsToFloatCSSPixels(mViewportSize.width);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsContentView::GetViewportHeight(float* aHeight)
+{
+*aHeight = nsPresContext::AppUnitsToFloatCSSPixels(mViewportSize.height);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsContentView::GetContentWidth(float* aWidth)
+{
+*aWidth = nsPresContext::AppUnitsToFloatCSSPixels(mContentSize.width);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsContentView::GetContentHeight(float* aHeight)
+{
+*aHeight = nsPresContext::AppUnitsToFloatCSSPixels(mContentSize.height);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsContentView::GetId(nsContentViewId* aId)
+{
+NS_ASSERTION(sizeof(nsContentViewId) == sizeof(ViewID),
+"ID size for XPCOM ID and internal ID type are not the same!");
+*aId = mScrollId;
+return NS_OK;
+}
+// Bug 136580: Limit to the number of nested content frames that can have the
+//             same URL. This is to stop content that is recursively loading
+//             itself.  Note that "#foo" on the end of URL doesn't affect
+//             whether it's considered identical, but "?foo" or ";foo" are
+//             considered and compared.
+// Bug 228829: Limit this to 1, like IE does.
+#define MAX_SAME_URL_CONTENT_FRAMES 1
+// Bug 8065: Limit content frame depth to some reasonable level. This
+// does not count chrome frames when determining depth, nor does it
+// prevent chrome recursion.  Number is fairly arbitrary, but meant to
+// keep number of shells to a reasonable number on accidental recursion with a
+// small (but not 1) branching factor.  With large branching factors the number
+// of shells can rapidly become huge and run us out of memory.  To solve that,
+// we'd need to re-institute a fixed version of bug 98158.
+#define MAX_DEPTH_CONTENT_FRAMES 10
+NS_IMPL_CYCLE_COLLECTION(nsFrameLoader, mDocShell, mMessageManager, mChildMessageManager)
+NS_IMPL_CYCLE_COLLECTING_ADDREF(nsFrameLoader)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(nsFrameLoader)
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(nsFrameLoader)
+NS_INTERFACE_MAP_ENTRY(nsIFrameLoader)
+NS_INTERFACE_MAP_ENTRY(nsIContentViewManager)
+NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIFrameLoader)
+NS_INTERFACE_MAP_END
+nsFrameLoader::nsFrameLoader(Element* aOwner, bool aNetworkCreated)
+: mOwnerContent(aOwner)
+, mAppIdSentToPermissionManager(nsIScriptSecurityManager::NO_APP_ID)
+, mDetachedSubdocViews(nullptr)
+, mDepthTooGreat(false)
+, mIsTopLevelContent(false)
+, mDestroyCalled(false)
+, mNeedsAsyncDestroy(false)
+, mInSwap(false)
+, mInShow(false)
+, mHideCalled(false)
+, mNetworkCreated(aNetworkCreated)
+, mRemoteBrowserShown(false)
+, mRemoteFrame(false)
+, mClipSubdocument(true)
+, mClampScrollPosition(true)
+, mRemoteBrowserInitialized(false)
+, mObservingOwnerContent(false)
+, mVisible(true)
+, mCurrentRemoteFrame(nullptr)
+, mRemoteBrowser(nullptr)
+, mChildID(0)
+, mRenderMode(RENDER_MODE_DEFAULT)
+, mEventMode(EVENT_MODE_NORMAL_DISPATCH)
+, mPendingFrameSent(false)
+{
+ResetPermissionManagerStatus();
+}
+nsFrameLoader::~nsFrameLoader()
+{
+mNeedsAsyncDestroy = true;
+if (mMessageManager) {
+mMessageManager->Disconnect();
+}
+nsFrameLoader::Destroy();
+}
+nsFrameLoader*
+nsFrameLoader::Create(Element* aOwner, bool aNetworkCreated)
+{
+NS_ENSURE_TRUE(aOwner, nullptr);
+nsIDocument* doc = aOwner->OwnerDoc();
+NS_ENSURE_TRUE(!doc->IsResourceDoc() &&
+((!doc->IsLoadedAsData() && aOwner->GetCurrentDoc()) ||
+doc->IsStaticDocument()),
+nullptr);
+return new nsFrameLoader(aOwner, aNetworkCreated);
+}
+NS_IMETHODIMP
+nsFrameLoader::LoadFrame()
+{
+NS_ENSURE_TRUE(mOwnerContent, NS_ERROR_NOT_INITIALIZED);
+nsAutoString src;
+bool isSrcdoc = mOwnerContent->IsHTML(nsGkAtoms::iframe) &&
+mOwnerContent->HasAttr(kNameSpaceID_None, nsGkAtoms::srcdoc);
+if (isSrcdoc) {
+src.AssignLiteral("about:srcdoc");
+}
+else {
+GetURL(src);
+src.Trim(" \t\n\r");
+if (src.IsEmpty()) {
+// If the frame is a XUL element and has the attribute 'nodefaultsrc=true'
+// then we will not use 'about:blank' as fallback but return early without
+// starting a load if no 'src' attribute is given (or it's empty).
+if (mOwnerContent->IsXUL() &&
+mOwnerContent->AttrValueIs(kNameSpaceID_None, nsGkAtoms::nodefaultsrc,
+nsGkAtoms::_true, eCaseMatters)) {
+return NS_OK;
+}
+src.AssignLiteral("about:blank");
+}
+}
+nsIDocument* doc = mOwnerContent->OwnerDoc();
+if (doc->IsStaticDocument()) {
+return NS_OK;
+}
+nsCOMPtr<nsIURI> base_uri = mOwnerContent->GetBaseURI();
+const nsAFlatCString &doc_charset = doc->GetDocumentCharacterSet();
+const char *charset = doc_charset.IsEmpty() ? nullptr : doc_charset.get();
+nsCOMPtr<nsIURI> uri;
+nsresult rv = NS_NewURI(getter_AddRefs(uri), src, charset, base_uri);
+// If the URI was malformed, try to recover by loading about:blank.
+if (rv == NS_ERROR_MALFORMED_URI) {
+rv = NS_NewURI(getter_AddRefs(uri), NS_LITERAL_STRING("about:blank"),
+charset, base_uri);
+}
+if (NS_SUCCEEDED(rv)) {
+rv = LoadURI(uri);
+}
+if (NS_FAILED(rv)) {
+FireErrorEvent();
+return rv;
+}
+return NS_OK;
+}
+void
+nsFrameLoader::FireErrorEvent()
+{
+if (!mOwnerContent) {
+return;
+}
+nsRefPtr<AsyncEventDispatcher > loadBlockingAsyncDispatcher =
+new LoadBlockingAsyncEventDispatcher(mOwnerContent,
+NS_LITERAL_STRING("error"),
+false, false);
+loadBlockingAsyncDispatcher->PostDOMEvent();
+}
+NS_IMETHODIMP
+nsFrameLoader::LoadURI(nsIURI* aURI)
+{
+if (!aURI)
+return NS_ERROR_INVALID_POINTER;
+NS_ENSURE_STATE(!mDestroyCalled && mOwnerContent);
+nsCOMPtr<nsIDocument> doc = mOwnerContent->OwnerDoc();
+nsresult rv = CheckURILoad(aURI);
+NS_ENSURE_SUCCESS(rv, rv);
+mURIToLoad = aURI;
+rv = doc->InitializeFrameLoader(this);
+if (NS_FAILED(rv)) {
+mURIToLoad = nullptr;
+}
+return rv;
+}
+nsresult
+nsFrameLoader::ReallyStartLoading()
+{
+nsresult rv = ReallyStartLoadingInternal();
+if (NS_FAILED(rv)) {
+FireErrorEvent();
+}
+return rv;
+}
+class DelayedStartLoadingRunnable : public nsRunnable
+{
+public:
+DelayedStartLoadingRunnable(nsFrameLoader* aFrameLoader)
+: mFrameLoader(aFrameLoader)
+{
+}
+NS_IMETHOD Run()
+{
+// Retry the request.
+mFrameLoader->ReallyStartLoading();
+// We delayed nsFrameLoader::ReallyStartLoading() after the child process is
+// ready and might not be able to notify the remote browser in
+// UpdatePositionAndSize() when reflow finished. Retrigger reflow.
+nsIFrame* frame = mFrameLoader->GetPrimaryFrameOfOwningContent();
+if (!frame) {
+return NS_OK;
+}
+frame->InvalidateFrame();
+frame->PresContext()->PresShell()->
+FrameNeedsReflow(frame, nsIPresShell::eResize, NS_FRAME_IS_DIRTY);
+return NS_OK;
+}
+private:
+nsRefPtr<nsFrameLoader> mFrameLoader;
+};
+nsresult
+nsFrameLoader::ReallyStartLoadingInternal()
+{
+NS_ENSURE_STATE(mURIToLoad && mOwnerContent && mOwnerContent->IsInDoc());
+PROFILER_LABEL("nsFrameLoader", "ReallyStartLoading");
+nsresult rv = MaybeCreateDocShell();
+if (NS_FAILED(rv)) {
+return rv;
+}
+if (mRemoteFrame) {
+if (!mRemoteBrowser) {
+if (!mPendingFrameSent) {
+nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+if (os && !mRemoteBrowserInitialized) {
+os->NotifyObservers(NS_ISUPPORTS_CAST(nsIFrameLoader*, this),
+"remote-browser-pending", nullptr);
+mPendingFrameSent = true;
+}
+}
+if (Preferences::GetBool("dom.ipc.processPrelaunch.enabled", false) &&
+!ContentParent::PreallocatedProcessReady()) {
+ContentParent::RunAfterPreallocatedProcessReady(
+new DelayedStartLoadingRunnable(this));
+return NS_ERROR_FAILURE;
+}
+TryRemoteBrowser();
+if (!mRemoteBrowser) {
+NS_WARNING("Couldn't create child process for iframe.");
+return NS_ERROR_FAILURE;
+}
+}
+if (mRemoteBrowserShown || ShowRemoteFrame(nsIntSize(0, 0))) {
+// FIXME get error codes from child
+mRemoteBrowser->LoadURL(mURIToLoad);
+} else {
+NS_WARNING("[nsFrameLoader] ReallyStartLoadingInternal tried but couldn't show remote browser.\n");
+}
+return NS_OK;
+}
+NS_ASSERTION(mDocShell,
+"MaybeCreateDocShell succeeded with a null mDocShell");
+// Just to be safe, recheck uri.
+rv = CheckURILoad(mURIToLoad);
+NS_ENSURE_SUCCESS(rv, rv);
+nsCOMPtr<nsIDocShellLoadInfo> loadInfo;
+mDocShell->CreateLoadInfo(getter_AddRefs(loadInfo));
+NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);
+// If this frame is sandboxed with respect to origin we will set it up with
+// a null principal later in nsDocShell::DoURILoad.
+// We do it there to correctly sandbox content that was loaded into
+// the frame via other methods than the src attribute.
+// We'll use our principal, not that of the document loaded inside us.  This
+// is very important; needed to prevent XSS attacks on documents loaded in
+// subframes!
+loadInfo->SetOwner(mOwnerContent->NodePrincipal());
+nsCOMPtr<nsIURI> referrer;
+nsAutoString srcdoc;
+bool isSrcdoc = mOwnerContent->IsHTML(nsGkAtoms::iframe) &&
+mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::srcdoc,
+srcdoc);
+if (isSrcdoc) {
+nsAutoString referrerStr;
+mOwnerContent->OwnerDoc()->GetReferrer(referrerStr);
+rv = NS_NewURI(getter_AddRefs(referrer), referrerStr);
+loadInfo->SetSrcdocData(srcdoc);
+nsCOMPtr<nsIURI> baseURI = mOwnerContent->GetBaseURI();
+loadInfo->SetBaseURI(baseURI);
+}
+else {
+rv = mOwnerContent->NodePrincipal()->GetURI(getter_AddRefs(referrer));
+NS_ENSURE_SUCCESS(rv, rv);
+}
+// Use referrer as long as it is not an nsNullPrincipalURI.
+// We could add a method such as GetReferrerURI to principals to make this
+// cleaner, but given that we need to start using Source Browsing Context for
+// referrer (see Bug 960639) this may be wasted effort at this stage.
+if (referrer) {
+bool isNullPrincipalScheme;
+rv = referrer->SchemeIs(NS_NULLPRINCIPAL_SCHEME, &isNullPrincipalScheme);
+if (NS_SUCCEEDED(rv) && !isNullPrincipalScheme) {
+loadInfo->SetReferrer(referrer);
+}
+}
+// Default flags:
+int32_t flags = nsIWebNavigation::LOAD_FLAGS_NONE;
+// Flags for browser frame:
+if (OwnerIsBrowserFrame()) {
+flags = nsIWebNavigation::LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP |
+nsIWebNavigation::LOAD_FLAGS_DISALLOW_INHERIT_OWNER;
+}
+// Kick off the load...
+bool tmpState = mNeedsAsyncDestroy;
+mNeedsAsyncDestroy = true;
+nsCOMPtr<nsIURI> uriToLoad = mURIToLoad;
+rv = mDocShell->LoadURI(uriToLoad, loadInfo, flags, false);
+mNeedsAsyncDestroy = tmpState;
+mURIToLoad = nullptr;
+NS_ENSURE_SUCCESS(rv, rv);
+return NS_OK;
+}
+nsresult
+nsFrameLoader::CheckURILoad(nsIURI* aURI)
+{
+// Check for security.  The fun part is trying to figure out what principals
+// to use.  The way I figure it, if we're doing a LoadFrame() accidentally
+// (eg someone created a frame/iframe node, we're being parsed, XUL iframes
+// are being reframed, etc.) then we definitely want to use the node
+// principal of mOwnerContent for security checks.  If, on the other hand,
+// someone's setting the src on our owner content, or created it via script,
+// or whatever, then they can clearly access it... and we should still use
+// the principal of mOwnerContent.  I don't think that leads to privilege
+// escalation, and it's reasonably guaranteed to not lead to XSS issues
+// (since caller can already access mOwnerContent in this case).  So just use
+// the principal of mOwnerContent no matter what.  If script wants to run
+// things with its own permissions, which differ from those of mOwnerContent
+// (which means the script is privileged in some way) it should set
+// window.location instead.
+nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
+// Get our principal
+nsIPrincipal* principal = mOwnerContent->NodePrincipal();
+// Check if we are allowed to load absURL
+nsresult rv =
+secMan->CheckLoadURIWithPrincipal(principal, aURI,
+nsIScriptSecurityManager::STANDARD);
+if (NS_FAILED(rv)) {
+return rv; // We're not
+}
+// Bail out if this is an infinite recursion scenario
+rv = MaybeCreateDocShell();
+if (NS_FAILED(rv)) {
+return rv;
+}
+if (mRemoteFrame) {
+return NS_OK;
+}
+return CheckForRecursiveLoad(aURI);
+}
+NS_IMETHODIMP
+nsFrameLoader::GetDocShell(nsIDocShell **aDocShell)
+{
+*aDocShell = nullptr;
+nsresult rv = NS_OK;
+// If we have an owner, make sure we have a docshell and return
+// that. If not, we're most likely in the middle of being torn down,
+// then we just return null.
+if (mOwnerContent) {
+nsresult rv = MaybeCreateDocShell();
+if (NS_FAILED(rv))
+return rv;
+if (mRemoteFrame) {
+NS_WARNING("No docshells for remote frames!");
+return rv;
+}
+NS_ASSERTION(mDocShell,
+"MaybeCreateDocShell succeeded, but null mDocShell");
+}
+*aDocShell = mDocShell;
+NS_IF_ADDREF(*aDocShell);
+return rv;
+}
+void
+nsFrameLoader::Finalize()
+{
+nsCOMPtr<nsIBaseWindow> base_win(do_QueryInterface(mDocShell));
+if (base_win) {
+base_win->Destroy();
+}
+mDocShell = nullptr;
+}
+static void
+FirePageHideEvent(nsIDocShellTreeItem* aItem,
+EventTarget* aChromeEventHandler)
+{
+nsCOMPtr<nsIDocument> internalDoc = do_GetInterface(aItem);
+NS_ASSERTION(internalDoc, "What happened here?");
+internalDoc->OnPageHide(true, aChromeEventHandler);
+int32_t childCount = 0;
+aItem->GetChildCount(&childCount);
+nsAutoTArray<nsCOMPtr<nsIDocShellTreeItem>, 8> kids;
+kids.AppendElements(childCount);
+for (int32_t i = 0; i < childCount; ++i) {
+aItem->GetChildAt(i, getter_AddRefs(kids[i]));
+}
+for (uint32_t i = 0; i < kids.Length(); ++i) {
+if (kids[i]) {
+FirePageHideEvent(kids[i], aChromeEventHandler);
+}
+}
+}
+// The pageshow event is fired for a given document only if IsShowing() returns
+// the same thing as aFireIfShowing.  This gives us a way to fire pageshow only
+// on documents that are still loading or only on documents that are already
+// loaded.
+static void
+FirePageShowEvent(nsIDocShellTreeItem* aItem,
+EventTarget* aChromeEventHandler,
+bool aFireIfShowing)
+{
+int32_t childCount = 0;
+aItem->GetChildCount(&childCount);
+nsAutoTArray<nsCOMPtr<nsIDocShellTreeItem>, 8> kids;
+kids.AppendElements(childCount);
+for (int32_t i = 0; i < childCount; ++i) {
+aItem->GetChildAt(i, getter_AddRefs(kids[i]));
+}
+for (uint32_t i = 0; i < kids.Length(); ++i) {
+if (kids[i]) {
+FirePageShowEvent(kids[i], aChromeEventHandler, aFireIfShowing);
+}
+}
+nsCOMPtr<nsIDocument> internalDoc = do_GetInterface(aItem);
+NS_ASSERTION(internalDoc, "What happened here?");
+if (internalDoc->IsShowing() == aFireIfShowing) {
+internalDoc->OnPageShow(true, aChromeEventHandler);
+}
+}
+static void
+SetTreeOwnerAndChromeEventHandlerOnDocshellTree(nsIDocShellTreeItem* aItem,
+nsIDocShellTreeOwner* aOwner,
+EventTarget* aHandler)
+{
+NS_PRECONDITION(aItem, "Must have item");
+aItem->SetTreeOwner(aOwner);
+int32_t childCount = 0;
+aItem->GetChildCount(&childCount);
+for (int32_t i = 0; i < childCount; ++i) {
+nsCOMPtr<nsIDocShellTreeItem> item;
+aItem->GetChildAt(i, getter_AddRefs(item));
+if (aHandler) {
+nsCOMPtr<nsIDocShell> shell(do_QueryInterface(item));
+shell->SetChromeEventHandler(aHandler);
+}
+SetTreeOwnerAndChromeEventHandlerOnDocshellTree(item, aOwner, aHandler);
+}
+}
+/**
+* Set the type of the treeitem and hook it up to the treeowner.
+* @param aItem the treeitem we're working with
+* @param aTreeOwner the relevant treeowner; might be null
+* @param aParentType the nsIDocShellTreeItem::GetType of our parent docshell
+* @param aParentNode if non-null, the docshell we should be added as a child to
+*
+* @return whether aItem is top-level content
+*/
+bool
+nsFrameLoader::AddTreeItemToTreeOwner(nsIDocShellTreeItem* aItem,
+nsIDocShellTreeOwner* aOwner,
+int32_t aParentType,
+nsIDocShell* aParentNode)
+{
+NS_PRECONDITION(aItem, "Must have docshell treeitem");
+NS_PRECONDITION(mOwnerContent, "Must have owning content");
+nsAutoString value;
+bool isContent = false;
+mOwnerContent->GetAttr(kNameSpaceID_None, TypeAttrName(), value);
+// we accept "content" and "content-xxx" values.
+// at time of writing, we expect "xxx" to be "primary" or "targetable", but
+// someday it might be an integer expressing priority or something else.
+isContent = value.LowerCaseEqualsLiteral("content") ||
+StringBeginsWith(value, NS_LITERAL_STRING("content-"),
+nsCaseInsensitiveStringComparator());
+// Force mozbrowser frames to always be typeContent, even if the
+// mozbrowser interfaces are disabled.
+nsCOMPtr<nsIDOMMozBrowserFrame> mozbrowser =
+do_QueryInterface(mOwnerContent);
+if (mozbrowser) {
+bool isMozbrowser = false;
+mozbrowser->GetMozbrowser(&isMozbrowser);
+isContent |= isMozbrowser;
+}
+if (isContent) {
+// The web shell's type is content.
+aItem->SetItemType(nsIDocShellTreeItem::typeContent);
+} else {
+// Inherit our type from our parent docshell.  If it is
+// chrome, we'll be chrome.  If it is content, we'll be
+// content.
+aItem->SetItemType(aParentType);
+}
+// Now that we have our type set, add ourselves to the parent, as needed.
+if (aParentNode) {
+aParentNode->AddChild(aItem);
+}
+bool retval = false;
+if (aParentType == nsIDocShellTreeItem::typeChrome && isContent) {
+retval = true;
+bool is_primary = value.LowerCaseEqualsLiteral("content-primary");
+if (aOwner) {
+bool is_targetable = is_primary ||
+value.LowerCaseEqualsLiteral("content-targetable");
+mOwnerContent->AddMutationObserver(this);
+mObservingOwnerContent = true;
+aOwner->ContentShellAdded(aItem, is_primary, is_targetable, value);
+}
+}
+return retval;
+}
+static bool
+AllDescendantsOfType(nsIDocShellTreeItem* aParentItem, int32_t aType)
+{
+int32_t childCount = 0;
+aParentItem->GetChildCount(&childCount);
+for (int32_t i = 0; i < childCount; ++i) {
+nsCOMPtr<nsIDocShellTreeItem> kid;
+aParentItem->GetChildAt(i, getter_AddRefs(kid));
+if (kid->ItemType() != aType || !AllDescendantsOfType(kid, aType)) {
+return false;
+}
+}
+return true;
+}
+/**
+* A class that automatically sets mInShow to false when it goes
+* out of scope.
+*/
+class MOZ_STACK_CLASS AutoResetInShow {
+private:
+nsFrameLoader* mFrameLoader;
+MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
+public:
+AutoResetInShow(nsFrameLoader* aFrameLoader MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
+: mFrameLoader(aFrameLoader)
+{
+MOZ_GUARD_OBJECT_NOTIFIER_INIT;
+}
+~AutoResetInShow() { mFrameLoader->mInShow = false; }
+};
+bool
+nsFrameLoader::Show(int32_t marginWidth, int32_t marginHeight,
+int32_t scrollbarPrefX, int32_t scrollbarPrefY,
+nsSubDocumentFrame* frame)
+{
+if (mInShow) {
+return false;
+}
+// Reset mInShow if we exit early.
+AutoResetInShow resetInShow(this);
+mInShow = true;
+nsresult rv = MaybeCreateDocShell();
+if (NS_FAILED(rv)) {
+return false;
+}
+if (!mRemoteFrame) {
+if (!mDocShell)
+return false;
+mDocShell->SetMarginWidth(marginWidth);
+mDocShell->SetMarginHeight(marginHeight);
+nsCOMPtr<nsIScrollable> sc = do_QueryInterface(mDocShell);
+if (sc) {
+sc->SetDefaultScrollbarPreferences(nsIScrollable::ScrollOrientation_X,
+scrollbarPrefX);
+sc->SetDefaultScrollbarPreferences(nsIScrollable::ScrollOrientation_Y,
+scrollbarPrefY);
+}
+nsCOMPtr<nsIPresShell> presShell = mDocShell->GetPresShell();
+if (presShell) {
+// Ensure root scroll frame is reflowed in case scroll preferences or
+// margins have changed
+nsIFrame* rootScrollFrame = presShell->GetRootScrollFrame();
+if (rootScrollFrame) {
+presShell->FrameNeedsReflow(rootScrollFrame, nsIPresShell::eResize,
+NS_FRAME_IS_DIRTY);
+}
+return true;
+}
+}
+nsIntSize size = frame->GetSubdocumentSize();
+if (mRemoteFrame) {
+return ShowRemoteFrame(size, frame);
+}
+nsView* view = frame->EnsureInnerView();
+if (!view)
+return false;
+nsCOMPtr<nsIBaseWindow> baseWindow = do_QueryInterface(mDocShell);
+NS_ASSERTION(baseWindow, "Found a nsIDocShell that isn't a nsIBaseWindow.");
+baseWindow->InitWindow(nullptr, view->GetWidget(), 0, 0,
+size.width, size.height);
+// This is kinda whacky, this "Create()" call doesn't really
+// create anything, one starts to wonder why this was named
+// "Create"...
+baseWindow->Create();
+baseWindow->SetVisibility(true);
+NS_ENSURE_TRUE(mDocShell, false);
+// Trigger editor re-initialization if midas is turned on in the
+// sub-document. This shouldn't be necessary, but given the way our
+// editor works, it is. See
+// https://bugzilla.mozilla.org/show_bug.cgi?id=284245
+nsCOMPtr<nsIPresShell> presShell = mDocShell->GetPresShell();
+if (presShell) {
+nsCOMPtr<nsIDOMHTMLDocument> doc =
+do_QueryInterface(presShell->GetDocument());
+if (doc) {
+nsAutoString designMode;
+doc->GetDesignMode(designMode);
+if (designMode.EqualsLiteral("on")) {
+// Hold on to the editor object to let the document reattach to the
+// same editor object, instead of creating a new one.
+nsCOMPtr<nsIEditor> editor;
+nsresult rv = mDocShell->GetEditor(getter_AddRefs(editor));
+NS_ENSURE_SUCCESS(rv, false);
+doc->SetDesignMode(NS_LITERAL_STRING("off"));
+doc->SetDesignMode(NS_LITERAL_STRING("on"));
+} else {
+// Re-initialize the presentation for contenteditable documents
+bool editable = false,
+hasEditingSession = false;
+mDocShell->GetEditable(&editable);
+mDocShell->GetHasEditingSession(&hasEditingSession);
+nsCOMPtr<nsIEditor> editor;
+mDocShell->GetEditor(getter_AddRefs(editor));
+if (editable && hasEditingSession && editor) {
+editor->PostCreate();
+}
+}
+}
+}
+mInShow = false;
+if (mHideCalled) {
+mHideCalled = false;
+Hide();
+return false;
+}
+return true;
+}
+void
+nsFrameLoader::MarginsChanged(uint32_t aMarginWidth,
+uint32_t aMarginHeight)
+{
+// We assume that the margins are always zero for remote frames.
+if (mRemoteFrame)
+return;
+// If there's no docshell, we're probably not up and running yet.
+// nsFrameLoader::Show() will take care of setting the right
+// margins.
+if (!mDocShell)
+return;
+// Set the margins
+mDocShell->SetMarginWidth(aMarginWidth);
+mDocShell->SetMarginHeight(aMarginHeight);
+// Trigger a restyle if there's a prescontext
+nsRefPtr<nsPresContext> presContext;
+mDocShell->GetPresContext(getter_AddRefs(presContext));
+if (presContext)
+presContext->RebuildAllStyleData(nsChangeHint(0));
+}
+bool
+nsFrameLoader::ShowRemoteFrame(const nsIntSize& size,
+nsSubDocumentFrame *aFrame)
+{
+NS_ASSERTION(mRemoteFrame, "ShowRemote only makes sense on remote frames.");
+if (!mRemoteBrowser) {
+TryRemoteBrowser();
+if (!mRemoteBrowser) {
+NS_ERROR("Couldn't create child process.");
+return false;
+}
+}
+// FIXME/bug 589337: Show()/Hide() is pretty expensive for
+// cross-process layers; need to figure out what behavior we really
+// want here.  For now, hack.
+if (!mRemoteBrowserShown) {
+if (!mOwnerContent ||
+!mOwnerContent->GetCurrentDoc()) {
+return false;
+}
+nsRefPtr<layers::LayerManager> layerManager =
+nsContentUtils::LayerManagerForDocument(mOwnerContent->GetCurrentDoc());
+if (!layerManager) {
+// This is just not going to work.
+return false;
+}
+mRemoteBrowser->Show(size);
+mRemoteBrowserShown = true;
+EnsureMessageManager();
+nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+if (os && !mRemoteBrowserInitialized) {
+if (!mPendingFrameSent) {
+os->NotifyObservers(NS_ISUPPORTS_CAST(nsIFrameLoader*, this),
+"remote-browser-pending", nullptr);
+mPendingFrameSent = true;
+}
+os->NotifyObservers(NS_ISUPPORTS_CAST(nsIFrameLoader*, this),
+"remote-browser-shown", nullptr);
+mRemoteBrowserInitialized = true;
+}
+} else {
+nsRect dimensions;
+NS_ENSURE_SUCCESS(GetWindowDimensions(dimensions), false);
+// Don't show remote iframe if we are waiting for the completion of reflow.
+if (!aFrame || !(aFrame->GetStateBits() & NS_FRAME_FIRST_REFLOW)) {
+mRemoteBrowser->UpdateDimensions(dimensions, size);
+}
+}
+return true;
+}
+void
+nsFrameLoader::Hide()
+{
+if (mHideCalled) {
+return;
+}
+if (mInShow) {
+mHideCalled = true;
+return;
+}
+if (!mDocShell)
+return;
+nsCOMPtr<nsIContentViewer> contentViewer;
+mDocShell->GetContentViewer(getter_AddRefs(contentViewer));
+if (contentViewer)
+contentViewer->SetSticky(false);
+nsCOMPtr<nsIBaseWindow> baseWin = do_QueryInterface(mDocShell);
+NS_ASSERTION(baseWin,
+"Found an nsIDocShell which doesn't implement nsIBaseWindow.");
+baseWin->SetVisibility(false);
+baseWin->SetParentWidget(nullptr);
+}
+nsresult
+nsFrameLoader::SwapWithOtherLoader(nsFrameLoader* aOther,
+nsRefPtr<nsFrameLoader>& aFirstToSwap,
+nsRefPtr<nsFrameLoader>& aSecondToSwap)
+{
+NS_PRECONDITION((aFirstToSwap == this && aSecondToSwap == aOther) ||
+(aFirstToSwap == aOther && aSecondToSwap == this),
+"Swapping some sort of random loaders?");
+NS_ENSURE_STATE(!mInShow && !aOther->mInShow);
+Element* ourContent = mOwnerContent;
+Element* otherContent = aOther->mOwnerContent;
+if (!ourContent || !otherContent) {
+// Can't handle this
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+// Make sure there are no same-origin issues
+bool equal;
+nsresult rv =
+ourContent->NodePrincipal()->Equals(otherContent->NodePrincipal(), &equal);
+if (NS_FAILED(rv) || !equal) {
+// Security problems loom.  Just bail on it all
+return NS_ERROR_DOM_SECURITY_ERR;
+}
+nsCOMPtr<nsIDocShell> ourDocshell = GetExistingDocShell();
+nsCOMPtr<nsIDocShell> otherDocshell = aOther->GetExistingDocShell();
+if (!ourDocshell || !otherDocshell) {
+// How odd
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+// To avoid having to mess with session history, avoid swapping
+// frameloaders that don't correspond to root same-type docshells,
+// unless both roots have session history disabled.
+nsCOMPtr<nsIDocShellTreeItem> ourRootTreeItem, otherRootTreeItem;
+ourDocshell->GetSameTypeRootTreeItem(getter_AddRefs(ourRootTreeItem));
+otherDocshell->GetSameTypeRootTreeItem(getter_AddRefs(otherRootTreeItem));
+nsCOMPtr<nsIWebNavigation> ourRootWebnav =
+do_QueryInterface(ourRootTreeItem);
+nsCOMPtr<nsIWebNavigation> otherRootWebnav =
+do_QueryInterface(otherRootTreeItem);
+if (!ourRootWebnav || !otherRootWebnav) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+nsCOMPtr<nsISHistory> ourHistory;
+nsCOMPtr<nsISHistory> otherHistory;
+ourRootWebnav->GetSessionHistory(getter_AddRefs(ourHistory));
+otherRootWebnav->GetSessionHistory(getter_AddRefs(otherHistory));
+if ((ourRootTreeItem != ourDocshell || otherRootTreeItem != otherDocshell) &&
+(ourHistory || otherHistory)) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+// Also make sure that the two docshells are the same type. Otherwise
+// swapping is certainly not safe. If this needs to be changed then
+// the code below needs to be audited as it assumes identical types.
+int32_t ourType = ourDocshell->ItemType();
+int32_t otherType = otherDocshell->ItemType();
+if (ourType != otherType) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+// One more twist here.  Setting up the right treeowners in a heterogeneous
+// tree is a bit of a pain.  So make sure that if ourType is not
+// nsIDocShellTreeItem::typeContent then all of our descendants are the same
+// type as us.
+if (ourType != nsIDocShellTreeItem::typeContent &&
+(!AllDescendantsOfType(ourDocshell, ourType) ||
+!AllDescendantsOfType(otherDocshell, otherType))) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+// Save off the tree owners, frame elements, chrome event handlers, and
+// docshell and document parents before doing anything else.
+nsCOMPtr<nsIDocShellTreeOwner> ourOwner, otherOwner;
+ourDocshell->GetTreeOwner(getter_AddRefs(ourOwner));
+otherDocshell->GetTreeOwner(getter_AddRefs(otherOwner));
+// Note: it's OK to have null treeowners.
+nsCOMPtr<nsIDocShellTreeItem> ourParentItem, otherParentItem;
+ourDocshell->GetParent(getter_AddRefs(ourParentItem));
+otherDocshell->GetParent(getter_AddRefs(otherParentItem));
+if (!ourParentItem || !otherParentItem) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+// Make sure our parents are the same type too
+int32_t ourParentType = ourParentItem->ItemType();
+int32_t otherParentType = otherParentItem->ItemType();
+if (ourParentType != otherParentType) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+nsCOMPtr<nsPIDOMWindow> ourWindow = do_GetInterface(ourDocshell);
+nsCOMPtr<nsPIDOMWindow> otherWindow = do_GetInterface(otherDocshell);
+nsCOMPtr<Element> ourFrameElement =
+ourWindow->GetFrameElementInternal();
+nsCOMPtr<Element> otherFrameElement =
+otherWindow->GetFrameElementInternal();
+nsCOMPtr<EventTarget> ourChromeEventHandler =
+do_QueryInterface(ourWindow->GetChromeEventHandler());
+nsCOMPtr<EventTarget> otherChromeEventHandler =
+do_QueryInterface(otherWindow->GetChromeEventHandler());
+NS_ASSERTION(SameCOMIdentity(ourFrameElement, ourContent) &&
+SameCOMIdentity(otherFrameElement, otherContent) &&
+SameCOMIdentity(ourChromeEventHandler, ourContent) &&
+SameCOMIdentity(otherChromeEventHandler, otherContent),
+"How did that happen, exactly?");
+nsCOMPtr<nsIDocument> ourChildDocument = ourWindow->GetExtantDoc();
+nsCOMPtr<nsIDocument> otherChildDocument = otherWindow ->GetExtantDoc();
+if (!ourChildDocument || !otherChildDocument) {
+// This shouldn't be happening
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+nsCOMPtr<nsIDocument> ourParentDocument =
+ourChildDocument->GetParentDocument();
+nsCOMPtr<nsIDocument> otherParentDocument =
+otherChildDocument->GetParentDocument();
+// Make sure to swap docshells between the two frames.
+nsIDocument* ourDoc = ourContent->GetCurrentDoc();
+nsIDocument* otherDoc = otherContent->GetCurrentDoc();
+if (!ourDoc || !otherDoc) {
+// Again, how odd, given that we had docshells
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+NS_ASSERTION(ourDoc == ourParentDocument, "Unexpected parent document");
+NS_ASSERTION(otherDoc == otherParentDocument, "Unexpected parent document");
+nsIPresShell* ourShell = ourDoc->GetShell();
+nsIPresShell* otherShell = otherDoc->GetShell();
+if (!ourShell || !otherShell) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+if (ourDocshell->GetIsBrowserElement() !=
+otherDocshell->GetIsBrowserElement() ||
+ourDocshell->GetIsApp() != otherDocshell->GetIsApp()) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+if (mInSwap || aOther->mInSwap) {
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+mInSwap = aOther->mInSwap = true;
+// Fire pageshow events on still-loading pages, and then fire pagehide
+// events.  Note that we do NOT fire these in the normal way, but just fire
+// them on the chrome event handlers.
+FirePageShowEvent(ourDocshell, ourChromeEventHandler, false);
+FirePageShowEvent(otherDocshell, otherChromeEventHandler, false);
+FirePageHideEvent(ourDocshell, ourChromeEventHandler);
+FirePageHideEvent(otherDocshell, otherChromeEventHandler);
+nsIFrame* ourFrame = ourContent->GetPrimaryFrame();
+nsIFrame* otherFrame = otherContent->GetPrimaryFrame();
+if (!ourFrame || !otherFrame) {
+mInSwap = aOther->mInSwap = false;
+FirePageShowEvent(ourDocshell, ourChromeEventHandler, true);
+FirePageShowEvent(otherDocshell, otherChromeEventHandler, true);
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+nsSubDocumentFrame* ourFrameFrame = do_QueryFrame(ourFrame);
+if (!ourFrameFrame) {
+mInSwap = aOther->mInSwap = false;
+FirePageShowEvent(ourDocshell, ourChromeEventHandler, true);
+FirePageShowEvent(otherDocshell, otherChromeEventHandler, true);
+return NS_ERROR_NOT_IMPLEMENTED;
+}
+// OK.  First begin to swap the docshells in the two nsIFrames
+rv = ourFrameFrame->BeginSwapDocShells(otherFrame);
+if (NS_FAILED(rv)) {
+mInSwap = aOther->mInSwap = false;
+FirePageShowEvent(ourDocshell, ourChromeEventHandler, true);
+FirePageShowEvent(otherDocshell, otherChromeEventHandler, true);
+return rv;
+}
+// Now move the docshells to the right docshell trees.  Note that this
+// resets their treeowners to null.
+ourParentItem->RemoveChild(ourDocshell);
+otherParentItem->RemoveChild(otherDocshell);
+if (ourType == nsIDocShellTreeItem::typeContent) {
+ourOwner->ContentShellRemoved(ourDocshell);
+otherOwner->ContentShellRemoved(otherDocshell);
+}
+ourParentItem->AddChild(otherDocshell);
+otherParentItem->AddChild(ourDocshell);
+// Restore the correct chrome event handlers.
+ourDocshell->SetChromeEventHandler(otherChromeEventHandler);
+otherDocshell->SetChromeEventHandler(ourChromeEventHandler);
+// Restore the correct treeowners
+// (and also chrome event handlers for content frames only).
+SetTreeOwnerAndChromeEventHandlerOnDocshellTree(ourDocshell, otherOwner,
+ourType == nsIDocShellTreeItem::typeContent ? otherChromeEventHandler : nullptr);
+SetTreeOwnerAndChromeEventHandlerOnDocshellTree(otherDocshell, ourOwner,
+ourType == nsIDocShellTreeItem::typeContent ? ourChromeEventHandler : nullptr);
+// Switch the owner content before we start calling AddTreeItemToTreeOwner.
+// Note that we rely on this to deal with setting mObservingOwnerContent to
+// false and calling RemoveMutationObserver as needed.
+SetOwnerContent(otherContent);
+aOther->SetOwnerContent(ourContent);
+AddTreeItemToTreeOwner(ourDocshell, otherOwner, otherParentType, nullptr);
+aOther->AddTreeItemToTreeOwner(otherDocshell, ourOwner, ourParentType,
+nullptr);
+// SetSubDocumentFor nulls out parent documents on the old child doc if a
+// new non-null document is passed in, so just go ahead and remove both
+// kids before reinserting in the parent subdoc maps, to avoid
+// complications.
+ourParentDocument->SetSubDocumentFor(ourContent, nullptr);
+otherParentDocument->SetSubDocumentFor(otherContent, nullptr);
+ourParentDocument->SetSubDocumentFor(ourContent, otherChildDocument);
+otherParentDocument->SetSubDocumentFor(otherContent, ourChildDocument);
+ourWindow->SetFrameElementInternal(otherFrameElement);
+otherWindow->SetFrameElementInternal(ourFrameElement);
+nsRefPtr<nsFrameMessageManager> ourMessageManager = mMessageManager;
+nsRefPtr<nsFrameMessageManager> otherMessageManager = aOther->mMessageManager;
+// Swap pointers in child message managers.
+if (mChildMessageManager) {
+nsInProcessTabChildGlobal* tabChild =
+static_cast<nsInProcessTabChildGlobal*>(mChildMessageManager.get());
+tabChild->SetOwner(otherContent);
+tabChild->SetChromeMessageManager(otherMessageManager);
+}
+if (aOther->mChildMessageManager) {
+nsInProcessTabChildGlobal* otherTabChild =
+static_cast<nsInProcessTabChildGlobal*>(aOther->mChildMessageManager.get());
+otherTabChild->SetOwner(ourContent);
+otherTabChild->SetChromeMessageManager(ourMessageManager);
+}
+// Swap and setup things in parent message managers.
+if (mMessageManager) {
+mMessageManager->SetCallback(aOther);
+}
+if (aOther->mMessageManager) {
+aOther->mMessageManager->SetCallback(this);
+}
+mMessageManager.swap(aOther->mMessageManager);
+aFirstToSwap.swap(aSecondToSwap);
+// Drop any cached content viewers in the two session histories.
+nsCOMPtr<nsISHistoryInternal> ourInternalHistory =
+do_QueryInterface(ourHistory);
+nsCOMPtr<nsISHistoryInternal> otherInternalHistory =
+do_QueryInterface(otherHistory);
+if (ourInternalHistory) {
+ourInternalHistory->EvictAllContentViewers();
+}
+if (otherInternalHistory) {
+otherInternalHistory->EvictAllContentViewers();
+}
+NS_ASSERTION(ourFrame == ourContent->GetPrimaryFrame() &&
+otherFrame == otherContent->GetPrimaryFrame(),
+"changed primary frame");
+ourFrameFrame->EndSwapDocShells(otherFrame);
+// If the content being swapped came from windows on two screens with
+// incompatible backing resolution (e.g. dragging a tab between windows on
+// hi-dpi and low-dpi screens), it will have style data that is based on
+// the wrong appUnitsPerDevPixel value. So we tell the PresShells that their
+// backing scale factor may have changed. (Bug 822266)
+ourShell->BackingScaleFactorChanged();
+otherShell->BackingScaleFactorChanged();
+ourParentDocument->FlushPendingNotifications(Flush_Layout);
+otherParentDocument->FlushPendingNotifications(Flush_Layout);
+FirePageShowEvent(ourDocshell, otherChromeEventHandler, true);
+FirePageShowEvent(otherDocshell, ourChromeEventHandler, true);
+mInSwap = aOther->mInSwap = false;
+return NS_OK;
+}
+void
+nsFrameLoader::DestroyChild()
+{
+if (mRemoteBrowser) {
+mRemoteBrowser->SetOwnerElement(nullptr);
+mRemoteBrowser->Destroy();
+mRemoteBrowser = nullptr;
+}
+}
+NS_IMETHODIMP
+nsFrameLoader::Destroy()
+{
+if (mDestroyCalled) {
+return NS_OK;
+}
+mDestroyCalled = true;
+if (mMessageManager) {
+mMessageManager->Disconnect();
+}
+if (mChildMessageManager) {
+static_cast<nsInProcessTabChildGlobal*>(mChildMessageManager.get())->Disconnect();
+}
+nsCOMPtr<nsIDocument> doc;
+bool dynamicSubframeRemoval = false;
+if (mOwnerContent) {
+doc = mOwnerContent->OwnerDoc();
+dynamicSubframeRemoval = !mIsTopLevelContent && !doc->InUnlinkOrDeletion();
+doc->SetSubDocumentFor(mOwnerContent, nullptr);
+SetOwnerContent(nullptr);
+}
+DestroyChild();
+// Seems like this is a dynamic frame removal.
+if (dynamicSubframeRemoval) {
+if (mDocShell) {
+mDocShell->RemoveFromSessionHistory();
+}
+}
+// Let the tree owner know we're gone.
+if (mIsTopLevelContent) {
+if (mDocShell) {
+nsCOMPtr<nsIDocShellTreeItem> parentItem;
+mDocShell->GetParent(getter_AddRefs(parentItem));
+nsCOMPtr<nsIDocShellTreeOwner> owner = do_GetInterface(parentItem);
+if (owner) {
+owner->ContentShellRemoved(mDocShell);
+}
+}
+}
+// Let our window know that we are gone
+nsCOMPtr<nsPIDOMWindow> win_private(do_GetInterface(mDocShell));
+if (win_private) {
+win_private->SetFrameElementInternal(nullptr);
+}
+if ((mNeedsAsyncDestroy || !doc ||
+NS_FAILED(doc->FinalizeFrameLoader(this))) && mDocShell) {
+nsCOMPtr<nsIRunnable> event = new nsAsyncDocShellDestroyer(mDocShell);
+NS_ENSURE_TRUE(event, NS_ERROR_OUT_OF_MEMORY);
+NS_DispatchToCurrentThread(event);
+// Let go of our docshell now that the async destroyer holds on to
+// the docshell.
+mDocShell = nullptr;
+}
+// NOTE: 'this' may very well be gone by now.
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetDepthTooGreat(bool* aDepthTooGreat)
+{
+*aDepthTooGreat = mDepthTooGreat;
+return NS_OK;
+}
+void
+nsFrameLoader::SetOwnerContent(Element* aContent)
+{
+if (mObservingOwnerContent) {
+mObservingOwnerContent = false;
+mOwnerContent->RemoveMutationObserver(this);
+}
+mOwnerContent = aContent;
+if (RenderFrameParent* rfp = GetCurrentRemoteFrame()) {
+rfp->OwnerContentChanged(aContent);
+}
+ResetPermissionManagerStatus();
+}
+bool
+nsFrameLoader::OwnerIsBrowserOrAppFrame()
+{
+nsCOMPtr<nsIMozBrowserFrame> browserFrame = do_QueryInterface(mOwnerContent);
+return browserFrame ? browserFrame->GetReallyIsBrowserOrApp() : false;
+}
+// The xpcom getter version
+NS_IMETHODIMP
+nsFrameLoader::GetOwnerIsBrowserOrAppFrame(bool* aResult)
+{
+*aResult = OwnerIsBrowserOrAppFrame();
+return NS_OK;
+}
+bool
+nsFrameLoader::OwnerIsAppFrame()
+{
+nsCOMPtr<nsIMozBrowserFrame> browserFrame = do_QueryInterface(mOwnerContent);
+return browserFrame ? browserFrame->GetReallyIsApp() : false;
+}
+bool
+nsFrameLoader::OwnerIsBrowserFrame()
+{
+return OwnerIsBrowserOrAppFrame() && !OwnerIsAppFrame();
+}
+void
+nsFrameLoader::GetOwnerAppManifestURL(nsAString& aOut)
+{
+aOut.Truncate();
+nsCOMPtr<nsIMozBrowserFrame> browserFrame = do_QueryInterface(mOwnerContent);
+if (browserFrame) {
+browserFrame->GetAppManifestURL(aOut);
+}
+}
+already_AddRefed<mozIApplication>
+nsFrameLoader::GetOwnApp()
+{
+nsAutoString manifest;
+GetOwnerAppManifestURL(manifest);
+if (manifest.IsEmpty()) {
+return nullptr;
+}
+nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
+NS_ENSURE_TRUE(appsService, nullptr);
+nsCOMPtr<mozIApplication> app;
+appsService->GetAppByManifestURL(manifest, getter_AddRefs(app));
+return app.forget();
+}
+already_AddRefed<mozIApplication>
+nsFrameLoader::GetContainingApp()
+{
+// See if our owner content's principal has an associated app.
+uint32_t appId = mOwnerContent->NodePrincipal()->GetAppId();
+MOZ_ASSERT(appId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
+if (appId == nsIScriptSecurityManager::NO_APP_ID ||
+appId == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
+return nullptr;
+}
+nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
+NS_ENSURE_TRUE(appsService, nullptr);
+nsCOMPtr<mozIApplication> app;
+appsService->GetAppByLocalId(appId, getter_AddRefs(app));
+return app.forget();
+}
+bool
+nsFrameLoader::ShouldUseRemoteProcess()
+{
+if (PR_GetEnv("MOZ_DISABLE_OOP_TABS") ||
+Preferences::GetBool("dom.ipc.tabs.disabled", false)) {
+return false;
+}
+// If we're inside a content process, don't use a remote process for this
+// frame; it won't work properly until bug 761935 is fixed.
+if (XRE_GetProcessType() == GeckoProcessType_Content) {
+return false;
+}
+// If we're an <iframe mozbrowser> and we don't have a "remote" attribute,
+// fall back to the default.
+if (OwnerIsBrowserOrAppFrame() &&
+!mOwnerContent->HasAttr(kNameSpaceID_None, nsGkAtoms::Remote)) {
+return Preferences::GetBool("dom.ipc.browser_frames.oop_by_default", false);
+}
+// Otherwise, we're remote if we have "remote=true" and we're either a
+// browser frame or a XUL element.
+return (OwnerIsBrowserOrAppFrame() ||
+mOwnerContent->GetNameSpaceID() == kNameSpaceID_XUL) &&
+mOwnerContent->AttrValueIs(kNameSpaceID_None,
+nsGkAtoms::Remote,
+nsGkAtoms::_true,
+eCaseMatters);
+}
+nsresult
+nsFrameLoader::MaybeCreateDocShell()
+{
+if (mDocShell) {
+return NS_OK;
+}
+if (mRemoteFrame) {
+return NS_OK;
+}
+NS_ENSURE_STATE(!mDestroyCalled);
+if (ShouldUseRemoteProcess()) {
+mRemoteFrame = true;
+return NS_OK;
+}
+// Get our parent docshell off the document of mOwnerContent
+// XXXbz this is such a total hack.... We really need to have a
+// better setup for doing this.
+nsIDocument* doc = mOwnerContent->OwnerDoc();
+if (!(doc->IsStaticDocument() || mOwnerContent->IsInDoc())) {
+return NS_ERROR_UNEXPECTED;
+}
+if (doc->IsResourceDoc() || !doc->IsActive()) {
+// Don't allow subframe loads in resource documents, nor
+// in non-active documents.
+return NS_ERROR_NOT_AVAILABLE;
+}
+nsCOMPtr<nsIDocShell> docShell = doc->GetDocShell();
+nsCOMPtr<nsIWebNavigation> parentAsWebNav = do_QueryInterface(docShell);
+NS_ENSURE_STATE(parentAsWebNav);
+// Create the docshell...
+mDocShell = do_CreateInstance("@mozilla.org/docshell;1");
+NS_ENSURE_TRUE(mDocShell, NS_ERROR_FAILURE);
+// Apply sandbox flags even if our owner is not an iframe, as this copies
+// flags from our owning content's owning document.
+uint32_t sandboxFlags = 0;
+HTMLIFrameElement* iframe = HTMLIFrameElement::FromContent(mOwnerContent);
+if (iframe) {
+sandboxFlags = iframe->GetSandboxFlags();
+}
+ApplySandboxFlags(sandboxFlags);
+if (!mNetworkCreated) {
+if (mDocShell) {
+mDocShell->SetCreatedDynamically(true);
+}
+}
+// Get the frame name and tell the docshell about it.
+NS_ENSURE_TRUE(mDocShell, NS_ERROR_FAILURE);
+nsAutoString frameName;
+int32_t namespaceID = mOwnerContent->GetNameSpaceID();
+if (namespaceID == kNameSpaceID_XHTML && !mOwnerContent->IsInHTMLDocument()) {
+mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::id, frameName);
+} else {
+mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::name, frameName);
+// XXX if no NAME then use ID, after a transition period this will be
+// changed so that XUL only uses ID too (bug 254284).
+if (frameName.IsEmpty() && namespaceID == kNameSpaceID_XUL) {
+mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::id, frameName);
+}
+}
+if (!frameName.IsEmpty()) {
+mDocShell->SetName(frameName);
+}
+// Inform our docShell that it has a new child.
+// Note: This logic duplicates a lot of logic in
+// nsSubDocumentFrame::AttributeChanged.  We should fix that.
+int32_t parentType = docShell->ItemType();
+// XXXbz why is this in content code, exactly?  We should handle
+// this some other way.....  Not sure how yet.
+nsCOMPtr<nsIDocShellTreeOwner> parentTreeOwner;
+docShell->GetTreeOwner(getter_AddRefs(parentTreeOwner));
+NS_ENSURE_STATE(parentTreeOwner);
+mIsTopLevelContent =
+AddTreeItemToTreeOwner(mDocShell, parentTreeOwner, parentType, docShell);
+// Make sure all shells have links back to the content element
+// in the nearest enclosing chrome shell.
+nsCOMPtr<nsIDOMEventTarget> chromeEventHandler;
+if (parentType == nsIDocShellTreeItem::typeChrome) {
+// Our parent shell is a chrome shell. It is therefore our nearest
+// enclosing chrome shell.
+chromeEventHandler = do_QueryInterface(mOwnerContent);
+NS_ASSERTION(chromeEventHandler,
+"This mContent should implement this.");
+} else {
+// Our parent shell is a content shell. Get the chrome event
+// handler from it and use that for our shell as well.
+docShell->GetChromeEventHandler(getter_AddRefs(chromeEventHandler));
+}
+mDocShell->SetChromeEventHandler(chromeEventHandler);
+// This is nasty, this code (the do_GetInterface(mDocShell) below)
+// *must* come *after* the above call to
+// mDocShell->SetChromeEventHandler() for the global window to get
+// the right chrome event handler.
+// Tell the window about the frame that hosts it.
+nsCOMPtr<Element> frame_element = mOwnerContent;
+NS_ASSERTION(frame_element, "frame loader owner element not a DOM element!");
+nsCOMPtr<nsPIDOMWindow> win_private(do_GetInterface(mDocShell));
+nsCOMPtr<nsIBaseWindow> base_win(do_QueryInterface(mDocShell));
+if (win_private) {
+win_private->SetFrameElementInternal(frame_element);
+}
+// This is kinda whacky, this call doesn't really create anything,
+// but it must be called to make sure things are properly
+// initialized.
+if (NS_FAILED(base_win->Create()) || !win_private) {
+// Do not call Destroy() here. See bug 472312.
+NS_WARNING("Something wrong when creating the docshell for a frameloader!");
+return NS_ERROR_FAILURE;
+}
+if (mIsTopLevelContent &&
+mOwnerContent->IsXUL(nsGkAtoms::browser) &&
+!mOwnerContent->HasAttr(kNameSpaceID_None, nsGkAtoms::disablehistory)) {
+nsresult rv;
+nsCOMPtr<nsISHistory> sessionHistory =
+do_CreateInstance(NS_SHISTORY_CONTRACTID, &rv);
+NS_ENSURE_SUCCESS(rv, rv);
+nsCOMPtr<nsIWebNavigation> webNav(do_QueryInterface(mDocShell));
+webNav->SetSessionHistory(sessionHistory);
+}
+EnsureMessageManager();
+if (OwnerIsAppFrame()) {
+// You can't be both an app and a browser frame.
+MOZ_ASSERT(!OwnerIsBrowserFrame());
+nsCOMPtr<mozIApplication> ownApp = GetOwnApp();
+MOZ_ASSERT(ownApp);
+uint32_t ownAppId = nsIScriptSecurityManager::NO_APP_ID;
+if (ownApp) {
+NS_ENSURE_SUCCESS(ownApp->GetLocalId(&ownAppId), NS_ERROR_FAILURE);
+}
+mDocShell->SetIsApp(ownAppId);
+}
+if (OwnerIsBrowserFrame()) {
+// You can't be both a browser and an app frame.
+MOZ_ASSERT(!OwnerIsAppFrame());
+nsCOMPtr<mozIApplication> containingApp = GetContainingApp();
+uint32_t containingAppId = nsIScriptSecurityManager::NO_APP_ID;
+if (containingApp) {
+NS_ENSURE_SUCCESS(containingApp->GetLocalId(&containingAppId),
+NS_ERROR_FAILURE);
+}
+mDocShell->SetIsBrowserInsideApp(containingAppId);
+}
+nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+if (os) {
+os->NotifyObservers(NS_ISUPPORTS_CAST(nsIFrameLoader*, this),
+"inprocess-browser-shown", nullptr);
+}
+if (OwnerIsBrowserOrAppFrame() && mMessageManager) {
+mMessageManager->LoadFrameScript(
+NS_LITERAL_STRING("chrome://global/content/BrowserElementChild.js"),
+/* allowDelayedLoad = */ true,
+/* aRunInGlobalScope */ true);
+}
+return NS_OK;
+}
+void
+nsFrameLoader::GetURL(nsString& aURI)
+{
+aURI.Truncate();
+if (mOwnerContent->Tag() == nsGkAtoms::object) {
+mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::data, aURI);
+} else {
+mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::src, aURI);
+}
+}
+nsresult
+nsFrameLoader::CheckForRecursiveLoad(nsIURI* aURI)
+{
+nsresult rv;
+mDepthTooGreat = false;
+rv = MaybeCreateDocShell();
+if (NS_FAILED(rv)) {
+return rv;
+}
+NS_ASSERTION(!mRemoteFrame,
+"Shouldn't call CheckForRecursiveLoad on remote frames.");
+if (!mDocShell) {
+return NS_ERROR_FAILURE;
+}
+// Check that we're still in the docshell tree.
+nsCOMPtr<nsIDocShellTreeOwner> treeOwner;
+mDocShell->GetTreeOwner(getter_AddRefs(treeOwner));
+NS_WARN_IF_FALSE(treeOwner,
+"Trying to load a new url to a docshell without owner!");
+NS_ENSURE_STATE(treeOwner);
+if (mDocShell->ItemType() != nsIDocShellTreeItem::typeContent) {
+// No need to do recursion-protection here XXXbz why not??  Do we really
+// trust people not to screw up with non-content docshells?
+return NS_OK;
+}
+// Bug 8065: Don't exceed some maximum depth in content frames
+// (MAX_DEPTH_CONTENT_FRAMES)
+nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
+mDocShell->GetSameTypeParent(getter_AddRefs(parentAsItem));
+int32_t depth = 0;
+while (parentAsItem) {
+++depth;
+if (depth >= MAX_DEPTH_CONTENT_FRAMES) {
+mDepthTooGreat = true;
+NS_WARNING("Too many nested content frames so giving up");
+return NS_ERROR_UNEXPECTED; // Too deep, give up!  (silently?)
+}
+nsCOMPtr<nsIDocShellTreeItem> temp;
+temp.swap(parentAsItem);
+temp->GetSameTypeParent(getter_AddRefs(parentAsItem));
+}
+// Bug 136580: Check for recursive frame loading excluding about:srcdoc URIs.
+// srcdoc URIs require their contents to be specified inline, so it isn't
+// possible for undesirable recursion to occur without the aid of a
+// non-srcdoc URI,  which this method will block normally.
+// Besides, URI is not enough to guarantee uniqueness of srcdoc documents.
+nsAutoCString buffer;
+rv = aURI->GetScheme(buffer);
+if (NS_SUCCEEDED(rv) && buffer.EqualsLiteral("about")) {
+rv = aURI->GetPath(buffer);
+if (NS_SUCCEEDED(rv) && buffer.EqualsLiteral("srcdoc")) {
+// Duplicates allowed up to depth limits
+return NS_OK;
+}
+}
+int32_t matchCount = 0;
+mDocShell->GetSameTypeParent(getter_AddRefs(parentAsItem));
+while (parentAsItem) {
+// Check the parent URI with the URI we're loading
+nsCOMPtr<nsIWebNavigation> parentAsNav(do_QueryInterface(parentAsItem));
+if (parentAsNav) {
+// Does the URI match the one we're about to load?
+nsCOMPtr<nsIURI> parentURI;
+parentAsNav->GetCurrentURI(getter_AddRefs(parentURI));
+if (parentURI) {
+// Bug 98158/193011: We need to ignore data after the #
+bool equal;
+rv = aURI->EqualsExceptRef(parentURI, &equal);
+NS_ENSURE_SUCCESS(rv, rv);
+if (equal) {
+matchCount++;
+if (matchCount >= MAX_SAME_URL_CONTENT_FRAMES) {
+NS_WARNING("Too many nested content frames have the same url (recursion?) so giving up");
+return NS_ERROR_UNEXPECTED;
+}
+}
+}
+}
+nsCOMPtr<nsIDocShellTreeItem> temp;
+temp.swap(parentAsItem);
+temp->GetSameTypeParent(getter_AddRefs(parentAsItem));
+}
+return NS_OK;
+}
+nsresult
+nsFrameLoader::GetWindowDimensions(nsRect& aRect)
+{
+// Need to get outer window position here
+nsIDocument* doc = mOwnerContent->GetDocument();
+if (!doc) {
+return NS_ERROR_FAILURE;
+}
+if (doc->IsResourceDoc()) {
+return NS_ERROR_FAILURE;
+}
+nsCOMPtr<nsIWebNavigation> parentAsWebNav =
+do_GetInterface(doc->GetWindow());
+if (!parentAsWebNav) {
+return NS_ERROR_FAILURE;
+}
+nsCOMPtr<nsIDocShellTreeItem> parentAsItem(do_QueryInterface(parentAsWebNav));
+nsCOMPtr<nsIDocShellTreeOwner> parentOwner;
+if (NS_FAILED(parentAsItem->GetTreeOwner(getter_AddRefs(parentOwner))) ||
+!parentOwner) {
+return NS_ERROR_FAILURE;
+}
+nsCOMPtr<nsIBaseWindow> treeOwnerAsWin(do_GetInterface(parentOwner));
+treeOwnerAsWin->GetPosition(&aRect.x, &aRect.y);
+treeOwnerAsWin->GetSize(&aRect.width, &aRect.height);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::UpdatePositionAndSize(nsSubDocumentFrame *aIFrame)
+{
+if (mRemoteFrame) {
+if (mRemoteBrowser) {
+nsIntSize size = aIFrame->GetSubdocumentSize();
+nsRect dimensions;
+NS_ENSURE_SUCCESS(GetWindowDimensions(dimensions), NS_ERROR_FAILURE);
+mRemoteBrowser->UpdateDimensions(dimensions, size);
+}
+return NS_OK;
+}
+return UpdateBaseWindowPositionAndSize(aIFrame);
+}
+nsresult
+nsFrameLoader::UpdateBaseWindowPositionAndSize(nsSubDocumentFrame *aIFrame)
+{
+nsCOMPtr<nsIDocShell> docShell;
+GetDocShell(getter_AddRefs(docShell));
+nsCOMPtr<nsIBaseWindow> baseWindow(do_QueryInterface(docShell));
+// resize the sub document
+if (baseWindow) {
+int32_t x = 0;
+int32_t y = 0;
+nsWeakFrame weakFrame(aIFrame);
+baseWindow->GetPositionAndSize(&x, &y, nullptr, nullptr);
+if (!weakFrame.IsAlive()) {
+// GetPositionAndSize() killed us
+return NS_OK;
+}
+nsIntSize size = aIFrame->GetSubdocumentSize();
+baseWindow->SetPositionAndSize(x, y, size.width, size.height, false);
+}
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetRenderMode(uint32_t* aRenderMode)
+{
+*aRenderMode = mRenderMode;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::SetRenderMode(uint32_t aRenderMode)
+{
+if (aRenderMode == mRenderMode) {
+return NS_OK;
+}
+mRenderMode = aRenderMode;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetEventMode(uint32_t* aEventMode)
+{
+*aEventMode = mEventMode;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::SetEventMode(uint32_t aEventMode)
+{
+mEventMode = aEventMode;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetClipSubdocument(bool* aResult)
+{
+*aResult = mClipSubdocument;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::SetClipSubdocument(bool aClip)
+{
+mClipSubdocument = aClip;
+nsIFrame* frame = GetPrimaryFrameOfOwningContent();
+if (frame) {
+frame->InvalidateFrame();
+frame->PresContext()->PresShell()->
+FrameNeedsReflow(frame, nsIPresShell::eResize, NS_FRAME_IS_DIRTY);
+nsSubDocumentFrame* subdocFrame = do_QueryFrame(frame);
+if (subdocFrame) {
+nsIFrame* subdocRootFrame = subdocFrame->GetSubdocumentRootFrame();
+if (subdocRootFrame) {
+nsIFrame* subdocRootScrollFrame = subdocRootFrame->PresContext()->PresShell()->
+GetRootScrollFrame();
+if (subdocRootScrollFrame) {
+frame->PresContext()->PresShell()->
+FrameNeedsReflow(frame, nsIPresShell::eResize, NS_FRAME_IS_DIRTY);
+}
+}
+}
+}
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetClampScrollPosition(bool* aResult)
+{
+*aResult = mClampScrollPosition;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::SetClampScrollPosition(bool aClamp)
+{
+mClampScrollPosition = aClamp;
+// When turning clamping on, make sure the current position is clamped.
+if (aClamp) {
+nsIFrame* frame = GetPrimaryFrameOfOwningContent();
+nsSubDocumentFrame* subdocFrame = do_QueryFrame(frame);
+if (subdocFrame) {
+nsIFrame* subdocRootFrame = subdocFrame->GetSubdocumentRootFrame();
+if (subdocRootFrame) {
+nsIScrollableFrame* subdocRootScrollFrame = subdocRootFrame->PresContext()->PresShell()->
+GetRootScrollFrameAsScrollable();
+if (subdocRootScrollFrame) {
+subdocRootScrollFrame->ScrollTo(subdocRootScrollFrame->GetScrollPosition(), nsIScrollableFrame::INSTANT);
+}
+}
+}
+}
+return NS_OK;
+}
+bool
+nsFrameLoader::TryRemoteBrowser()
+{
+NS_ASSERTION(!mRemoteBrowser, "TryRemoteBrowser called with a remote browser already?");
+nsIDocument* doc = mOwnerContent->GetDocument();
+if (!doc) {
+return false;
+}
+if (doc->IsResourceDoc()) {
+// Don't allow subframe loads in external reference documents
+return false;
+}
+nsCOMPtr<nsIWebNavigation> parentAsWebNav =
+do_GetInterface(doc->GetWindow());
+if (!parentAsWebNav) {
+return false;
+}
+nsCOMPtr<nsIDocShellTreeItem> parentAsItem(do_QueryInterface(parentAsWebNav));
+// <iframe mozbrowser> gets to skip these checks.
+if (!OwnerIsBrowserOrAppFrame()) {
+if (parentAsItem->ItemType() != nsIDocShellTreeItem::typeChrome) {
+return false;
+}
+if (!mOwnerContent->IsXUL()) {
+return false;
+}
+nsAutoString value;
+mOwnerContent->GetAttr(kNameSpaceID_None, nsGkAtoms::type, value);
+if (!value.LowerCaseEqualsLiteral("content") &&
+!StringBeginsWith(value, NS_LITERAL_STRING("content-"),
+nsCaseInsensitiveStringComparator())) {
+return false;
+}
+}
+uint32_t chromeFlags = 0;
+nsCOMPtr<nsIDocShellTreeOwner> parentOwner;
+if (NS_FAILED(parentAsItem->GetTreeOwner(getter_AddRefs(parentOwner))) ||
+!parentOwner) {
+return false;
+}
+nsCOMPtr<nsIXULWindow> window(do_GetInterface(parentOwner));
+if (!window) {
+return false;
+}
+if (NS_FAILED(window->GetChromeFlags(&chromeFlags))) {
+return false;
+}
+PROFILER_LABEL("nsFrameLoader", "CreateRemoteBrowser");
+MutableTabContext context;
+nsCOMPtr<mozIApplication> ownApp = GetOwnApp();
+nsCOMPtr<mozIApplication> containingApp = GetContainingApp();
+ScrollingBehavior scrollingBehavior = DEFAULT_SCROLLING;
+if (Preferences::GetBool("dom.browser_frames.useAsyncPanZoom", false) ||
+mOwnerContent->AttrValueIs(kNameSpaceID_None,
+nsGkAtoms::mozasyncpanzoom,
+nsGkAtoms::_true,
+eCaseMatters)) {
+scrollingBehavior = ASYNC_PAN_ZOOM;
+}
+bool rv = true;
+if (ownApp) {
+rv = context.SetTabContextForAppFrame(ownApp, containingApp, scrollingBehavior);
+} else if (OwnerIsBrowserFrame()) {
+// The |else| above is unnecessary; OwnerIsBrowserFrame() implies !ownApp.
+rv = context.SetTabContextForBrowserFrame(containingApp, scrollingBehavior);
+} else {
+rv = context.SetTabContextForNormalFrame(scrollingBehavior);
+}
+NS_ENSURE_TRUE(rv, false);
+nsCOMPtr<Element> ownerElement = mOwnerContent;
+mRemoteBrowser = ContentParent::CreateBrowserOrApp(context, ownerElement);
+if (mRemoteBrowser) {
+mChildID = mRemoteBrowser->Manager()->ChildID();
+nsCOMPtr<nsIDocShellTreeItem> rootItem;
+parentAsItem->GetRootTreeItem(getter_AddRefs(rootItem));
+nsCOMPtr<nsIDOMWindow> rootWin = do_GetInterface(rootItem);
+nsCOMPtr<nsIDOMChromeWindow> rootChromeWin = do_QueryInterface(rootWin);
+NS_ABORT_IF_FALSE(rootChromeWin, "How did we not get a chrome window here?");
+nsCOMPtr<nsIBrowserDOMWindow> browserDOMWin;
+rootChromeWin->GetBrowserDOMWindow(getter_AddRefs(browserDOMWin));
+mRemoteBrowser->SetBrowserDOMWindow(browserDOMWin);
+mContentParent = mRemoteBrowser->Manager();
+if (mOwnerContent->AttrValueIs(kNameSpaceID_None,
+nsGkAtoms::mozpasspointerevents,
+nsGkAtoms::_true,
+eCaseMatters)) {
+unused << mRemoteBrowser->SendSetUpdateHitRegion(true);
+}
+}
+return true;
+}
+mozilla::dom::PBrowserParent*
+nsFrameLoader::GetRemoteBrowser()
+{
+return mRemoteBrowser;
+}
+NS_IMETHODIMP
+nsFrameLoader::ActivateRemoteFrame() {
+if (mRemoteBrowser) {
+mRemoteBrowser->Activate();
+return NS_OK;
+}
+return NS_ERROR_UNEXPECTED;
+}
+NS_IMETHODIMP
+nsFrameLoader::DeactivateRemoteFrame() {
+if (mRemoteBrowser) {
+mRemoteBrowser->Deactivate();
+return NS_OK;
+}
+return NS_ERROR_UNEXPECTED;
+}
+NS_IMETHODIMP
+nsFrameLoader::SendCrossProcessMouseEvent(const nsAString& aType,
+float aX,
+float aY,
+int32_t aButton,
+int32_t aClickCount,
+int32_t aModifiers,
+bool aIgnoreRootScrollFrame)
+{
+if (mRemoteBrowser) {
+mRemoteBrowser->SendMouseEvent(aType, aX, aY, aButton,
+aClickCount, aModifiers,
+aIgnoreRootScrollFrame);
+return NS_OK;
+}
+return NS_ERROR_FAILURE;
+}
+NS_IMETHODIMP
+nsFrameLoader::ActivateFrameEvent(const nsAString& aType,
+bool aCapture)
+{
+if (mRemoteBrowser) {
+return mRemoteBrowser->SendActivateFrameEvent(nsString(aType), aCapture) ?
+NS_OK : NS_ERROR_NOT_AVAILABLE;
+}
+return NS_ERROR_FAILURE;
+}
+NS_IMETHODIMP
+nsFrameLoader::SendCrossProcessKeyEvent(const nsAString& aType,
+int32_t aKeyCode,
+int32_t aCharCode,
+int32_t aModifiers,
+bool aPreventDefault)
+{
+if (mRemoteBrowser) {
+mRemoteBrowser->SendKeyEvent(aType, aKeyCode, aCharCode, aModifiers,
+aPreventDefault);
+return NS_OK;
+}
+return NS_ERROR_FAILURE;
+}
+nsresult
+nsFrameLoader::CreateStaticClone(nsIFrameLoader* aDest)
+{
+nsFrameLoader* dest = static_cast<nsFrameLoader*>(aDest);
+dest->MaybeCreateDocShell();
+NS_ENSURE_STATE(dest->mDocShell);
+nsCOMPtr<nsIDocument> dummy = do_GetInterface(dest->mDocShell);
+nsCOMPtr<nsIContentViewer> viewer;
+dest->mDocShell->GetContentViewer(getter_AddRefs(viewer));
+NS_ENSURE_STATE(viewer);
+nsCOMPtr<nsIDocShell> origDocShell;
+GetDocShell(getter_AddRefs(origDocShell));
+nsCOMPtr<nsIDocument> doc = do_GetInterface(origDocShell);
+NS_ENSURE_STATE(doc);
+nsCOMPtr<nsIDocument> clonedDoc = doc->CreateStaticClone(dest->mDocShell);
+nsCOMPtr<nsIDOMDocument> clonedDOMDoc = do_QueryInterface(clonedDoc);
+viewer->SetDOMDocument(clonedDOMDoc);
+return NS_OK;
+}
+bool
+nsFrameLoader::DoLoadFrameScript(const nsAString& aURL, bool aRunInGlobalScope)
+{
+mozilla::dom::PBrowserParent* tabParent = GetRemoteBrowser();
+if (tabParent) {
+return tabParent->SendLoadRemoteScript(nsString(aURL), aRunInGlobalScope);
+}
+nsRefPtr<nsInProcessTabChildGlobal> tabChild =
+static_cast<nsInProcessTabChildGlobal*>(GetTabChildGlobalAsEventTarget());
+if (tabChild) {
+tabChild->LoadFrameScript(aURL, aRunInGlobalScope);
+}
+return true;
+}
+class nsAsyncMessageToChild : public nsSameProcessAsyncMessageBase,
+public nsRunnable
+{
+public:
+nsAsyncMessageToChild(JSContext* aCx,
+nsFrameLoader* aFrameLoader,
+const nsAString& aMessage,
+const StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal)
+: nsSameProcessAsyncMessageBase(aCx, aMessage, aData, aCpows, aPrincipal)
+, mFrameLoader(aFrameLoader)
+{
+}
+NS_IMETHOD Run()
+{
+nsInProcessTabChildGlobal* tabChild =
+static_cast<nsInProcessTabChildGlobal*>(mFrameLoader->mChildMessageManager.get());
+if (tabChild && tabChild->GetInnerManager()) {
+nsCOMPtr<nsIXPConnectJSObjectHolder> kungFuDeathGrip(tabChild->GetGlobal());
+ReceiveMessage(static_cast<EventTarget*>(tabChild),
+tabChild->GetInnerManager());
+}
+return NS_OK;
+}
+nsRefPtr<nsFrameLoader> mFrameLoader;
+};
+bool
+nsFrameLoader::DoSendAsyncMessage(JSContext* aCx,
+const nsAString& aMessage,
+const StructuredCloneData& aData,
+JS::Handle<JSObject *> aCpows,
+nsIPrincipal* aPrincipal)
+{
+TabParent* tabParent = mRemoteBrowser;
+if (tabParent) {
+ClonedMessageData data;
+ContentParent* cp = tabParent->Manager();
+if (!BuildClonedMessageDataForParent(cp, aData, data)) {
+return false;
+}
+InfallibleTArray<mozilla::jsipc::CpowEntry> cpows;
+if (aCpows && !cp->GetCPOWManager()->Wrap(aCx, aCpows, &cpows)) {
+return false;
+}
+return tabParent->SendAsyncMessage(nsString(aMessage), data, cpows,
+aPrincipal);
+}
+if (mChildMessageManager) {
+nsRefPtr<nsIRunnable> ev = new nsAsyncMessageToChild(aCx, this, aMessage,
+aData, aCpows,
+aPrincipal);
+NS_DispatchToCurrentThread(ev);
+return true;
+}
+// We don't have any targets to send our asynchronous message to.
+return false;
+}
+bool
+nsFrameLoader::CheckPermission(const nsAString& aPermission)
+{
+return AssertAppProcessPermission(GetRemoteBrowser(),
+NS_ConvertUTF16toUTF8(aPermission).get());
+}
+bool
+nsFrameLoader::CheckManifestURL(const nsAString& aManifestURL)
+{
+return AssertAppProcessManifestURL(GetRemoteBrowser(),
+NS_ConvertUTF16toUTF8(aManifestURL).get());
+}
+bool
+nsFrameLoader::CheckAppHasPermission(const nsAString& aPermission)
+{
+return AssertAppHasPermission(GetRemoteBrowser(),
+NS_ConvertUTF16toUTF8(aPermission).get());
+}
+NS_IMETHODIMP
+nsFrameLoader::GetMessageManager(nsIMessageSender** aManager)
+{
+EnsureMessageManager();
+if (mMessageManager) {
+CallQueryInterface(mMessageManager, aManager);
+}
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetContentViewsIn(float aXPx, float aYPx,
+float aTopSize, float aRightSize,
+float aBottomSize, float aLeftSize,
+uint32_t* aLength,
+nsIContentView*** aResult)
+{
+nscoord x = nsPresContext::CSSPixelsToAppUnits(aXPx - aLeftSize);
+nscoord y = nsPresContext::CSSPixelsToAppUnits(aYPx - aTopSize);
+nscoord w = nsPresContext::CSSPixelsToAppUnits(aLeftSize + aRightSize) + 1;
+nscoord h = nsPresContext::CSSPixelsToAppUnits(aTopSize + aBottomSize) + 1;
+nsRect target(x, y, w, h);
+nsIFrame* frame = GetPrimaryFrameOfOwningContent();
+nsTArray<ViewID> ids;
+nsLayoutUtils::GetRemoteContentIds(frame, target, ids, true);
+if (ids.Length() == 0 || !GetCurrentRemoteFrame()) {
+*aResult = nullptr;
+*aLength = 0;
+return NS_OK;
+}
+nsIContentView** result = reinterpret_cast<nsIContentView**>(
+NS_Alloc(ids.Length() * sizeof(nsIContentView*)));
+for (uint32_t i = 0; i < ids.Length(); i++) {
+nsIContentView* view = GetCurrentRemoteFrame()->GetContentView(ids[i]);
+NS_ABORT_IF_FALSE(view, "Retrieved ID from RenderFrameParent, it should be valid!");
+nsRefPtr<nsIContentView>(view).forget(&result[i]);
+}
+*aResult = result;
+*aLength = ids.Length();
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetRootContentView(nsIContentView** aContentView)
+{
+RenderFrameParent* rfp = GetCurrentRemoteFrame();
+if (!rfp) {
+*aContentView = nullptr;
+return NS_OK;
+}
+nsContentView* view = rfp->GetRootContentView();
+NS_ABORT_IF_FALSE(view, "Should always be able to create root scrollable!");
+nsRefPtr<nsIContentView>(view).forget(aContentView);
+return NS_OK;
+}
+nsresult
+nsFrameLoader::EnsureMessageManager()
+{
+NS_ENSURE_STATE(mOwnerContent);
+nsresult rv = MaybeCreateDocShell();
+if (NS_FAILED(rv)) {
+return rv;
+}
+if (!mIsTopLevelContent && !OwnerIsBrowserOrAppFrame() && !mRemoteFrame) {
+return NS_OK;
+}
+if (mMessageManager) {
+if (ShouldUseRemoteProcess() && mRemoteBrowserShown) {
+mMessageManager->InitWithCallback(this);
+}
+return NS_OK;
+}
+nsIScriptContext* sctx = mOwnerContent->GetContextForEventHandlers(&rv);
+NS_ENSURE_SUCCESS(rv, rv);
+NS_ENSURE_STATE(sctx);
+AutoPushJSContext cx(sctx->GetNativeContext());
+NS_ENSURE_STATE(cx);
+nsCOMPtr<nsIDOMChromeWindow> chromeWindow =
+do_QueryInterface(GetOwnerDoc()->GetWindow());
+nsCOMPtr<nsIMessageBroadcaster> parentManager;
+if (chromeWindow) {
+chromeWindow->GetMessageManager(getter_AddRefs(parentManager));
+}
+if (ShouldUseRemoteProcess()) {
+mMessageManager = new nsFrameMessageManager(mRemoteBrowserShown ? this : nullptr,
+static_cast<nsFrameMessageManager*>(parentManager.get()),
+MM_CHROME);
+} else {
+mMessageManager = new nsFrameMessageManager(nullptr,
+static_cast<nsFrameMessageManager*>(parentManager.get()),
+MM_CHROME);
+mChildMessageManager =
+new nsInProcessTabChildGlobal(mDocShell, mOwnerContent, mMessageManager);
+// Force pending frame scripts to be loaded.
+mMessageManager->InitWithCallback(this);
+}
+return NS_OK;
+}
+EventTarget*
+nsFrameLoader::GetTabChildGlobalAsEventTarget()
+{
+return static_cast<nsInProcessTabChildGlobal*>(mChildMessageManager.get());
+}
+NS_IMETHODIMP
+nsFrameLoader::GetOwnerElement(nsIDOMElement **aElement)
+{
+nsCOMPtr<nsIDOMElement> ownerElement = do_QueryInterface(mOwnerContent);
+ownerElement.forget(aElement);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetChildID(uint64_t* aChildID)
+{
+*aChildID = mChildID;
+return NS_OK;
+}
+void
+nsFrameLoader::SetRemoteBrowser(nsITabParent* aTabParent)
+{
+MOZ_ASSERT(!mRemoteBrowser);
+MOZ_ASSERT(!mCurrentRemoteFrame);
+mRemoteFrame = true;
+mRemoteBrowser = static_cast<TabParent*>(aTabParent);
+mChildID = mRemoteBrowser ? mRemoteBrowser->Manager()->ChildID() : 0;
+ShowRemoteFrame(nsIntSize(0, 0));
+}
+void
+nsFrameLoader::SetDetachedSubdocView(nsView* aDetachedViews,
+nsIDocument* aContainerDoc)
+{
+mDetachedSubdocViews = aDetachedViews;
+mContainerDocWhileDetached = aContainerDoc;
+}
+nsView*
+nsFrameLoader::GetDetachedSubdocView(nsIDocument** aContainerDoc) const
+{
+NS_IF_ADDREF(*aContainerDoc = mContainerDocWhileDetached);
+return mDetachedSubdocViews;
+}
+void
+nsFrameLoader::ApplySandboxFlags(uint32_t sandboxFlags)
+{
+if (mDocShell) {
+uint32_t parentSandboxFlags = mOwnerContent->OwnerDoc()->GetSandboxFlags();
+// The child can only add restrictions, never remove them.
+sandboxFlags |= parentSandboxFlags;
+mDocShell->SetSandboxFlags(sandboxFlags);
+}
+}
+/* virtual */ void
+nsFrameLoader::AttributeChanged(nsIDocument* aDocument,
+mozilla::dom::Element* aElement,
+int32_t      aNameSpaceID,
+nsIAtom*     aAttribute,
+int32_t      aModType)
+{
+MOZ_ASSERT(mObservingOwnerContent);
+// TODO: Implement ContentShellAdded for remote browsers (bug 658304)
+MOZ_ASSERT(!mRemoteBrowser);
+if (aNameSpaceID != kNameSpaceID_None || aAttribute != TypeAttrName()) {
+return;
+}
+if (aElement != mOwnerContent) {
+return;
+}
+// Note: This logic duplicates a lot of logic in
+// MaybeCreateDocshell.  We should fix that.
+// Notify our enclosing chrome that our type has changed.  We only do this
+// if our parent is chrome, since in all other cases we're random content
+// subframes and the treeowner shouldn't worry about us.
+if (!mDocShell) {
+return;
+}
+nsCOMPtr<nsIDocShellTreeItem> parentItem;
+mDocShell->GetParent(getter_AddRefs(parentItem));
+if (!parentItem) {
+return;
+}
+if (parentItem->ItemType() != nsIDocShellTreeItem::typeChrome) {
+return;
+}
+nsCOMPtr<nsIDocShellTreeOwner> parentTreeOwner;
+parentItem->GetTreeOwner(getter_AddRefs(parentTreeOwner));
+if (!parentTreeOwner) {
+return;
+}
+nsAutoString value;
+aElement->GetAttr(kNameSpaceID_None, TypeAttrName(), value);
+bool is_primary = value.LowerCaseEqualsLiteral("content-primary");
+#ifdef MOZ_XUL
+// when a content panel is no longer primary, hide any open popups it may have
+if (!is_primary) {
+nsXULPopupManager* pm = nsXULPopupManager::GetInstance();
+if (pm)
+pm->HidePopupsInDocShell(mDocShell);
+}
+#endif
+parentTreeOwner->ContentShellRemoved(mDocShell);
+if (value.LowerCaseEqualsLiteral("content") ||
+StringBeginsWith(value, NS_LITERAL_STRING("content-"),
+nsCaseInsensitiveStringComparator())) {
+bool is_targetable = is_primary ||
+value.LowerCaseEqualsLiteral("content-targetable");
+parentTreeOwner->ContentShellAdded(mDocShell, is_primary,
+is_targetable, value);
+}
+}
+void
+nsFrameLoader::ResetPermissionManagerStatus()
+{
+// The resetting of the permissions status can run only
+// in the main process.
+if (XRE_GetProcessType() == GeckoProcessType_Content) {
+return;
+}
+// Finding the new app Id:
+// . first we check if the owner is an app frame
+// . second, we check if the owner is a browser frame
+// in both cases we populate the appId variable.
+uint32_t appId = nsIScriptSecurityManager::NO_APP_ID;
+if (OwnerIsAppFrame()) {
+// You can't be both an app and a browser frame.
+MOZ_ASSERT(!OwnerIsBrowserFrame());
+nsCOMPtr<mozIApplication> ownApp = GetOwnApp();
+MOZ_ASSERT(ownApp);
+uint32_t ownAppId = nsIScriptSecurityManager::NO_APP_ID;
+if (ownApp && NS_SUCCEEDED(ownApp->GetLocalId(&ownAppId))) {
+appId = ownAppId;
+}
+}
+if (OwnerIsBrowserFrame()) {
+// You can't be both a browser and an app frame.
+MOZ_ASSERT(!OwnerIsAppFrame());
+nsCOMPtr<mozIApplication> containingApp = GetContainingApp();
+uint32_t containingAppId = nsIScriptSecurityManager::NO_APP_ID;
+if (containingApp && NS_SUCCEEDED(containingApp->GetLocalId(&containingAppId))) {
+appId = containingAppId;
+}
+}
+// Nothing changed.
+if (appId == mAppIdSentToPermissionManager) {
+return;
+}
+nsCOMPtr<nsIPermissionManager> permMgr = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
+if (!permMgr) {
+NS_ERROR("No PermissionManager available!");
+return;
+}
+// If previously we registered an appId, we have to unregister it.
+if (mAppIdSentToPermissionManager != nsIScriptSecurityManager::NO_APP_ID) {
+permMgr->ReleaseAppId(mAppIdSentToPermissionManager);
+mAppIdSentToPermissionManager = nsIScriptSecurityManager::NO_APP_ID;
+}
+// Register the new AppId.
+if (appId != nsIScriptSecurityManager::NO_APP_ID) {
+mAppIdSentToPermissionManager = appId;
+permMgr->AddrefAppId(mAppIdSentToPermissionManager);
+}
+}
+/* [infallible] */ NS_IMETHODIMP
+nsFrameLoader::SetVisible(bool aVisible)
+{
+if (mVisible == aVisible) {
+return NS_OK;
+}
+mVisible = aVisible;
+nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+if (os) {
+os->NotifyObservers(NS_ISUPPORTS_CAST(nsIFrameLoader*, this),
+"frameloader-visible-changed", nullptr);
+}
+return NS_OK;
+}
+/* [infallible] */ NS_IMETHODIMP
+nsFrameLoader::GetVisible(bool* aVisible)
+{
+*aVisible = mVisible;
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetTabParent(nsITabParent** aTabParent)
+{
+nsCOMPtr<nsITabParent> tp = mRemoteBrowser;
+tp.forget(aTabParent);
+return NS_OK;
+}
+NS_IMETHODIMP
+nsFrameLoader::GetLoadContext(nsILoadContext** aLoadContext)
+{
+nsCOMPtr<nsILoadContext> loadContext;
+if (mRemoteBrowser) {
+loadContext = mRemoteBrowser->GetLoadContext();
+} else {
+nsCOMPtr<nsIDocShell> docShell;
+GetDocShell(getter_AddRefs(docShell));
+loadContext = do_GetInterface(docShell);
+}
+loadContext.forget(aLoadContext);
+return NS_OK;
+}

The Tor Browser / file comparison

comparison: content/base/src/nsFrameLoader.cpp

content/base/src/nsFrameLoader.cpp