Bug Summary

File:var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h
Warning:line 41, column 7
Excessive padding in 'class nsDocShellLoadState' (48 padding bytes, where 0 is optimal). Optimal fields order: mRefCnt, _mOwningThread, mReferrerInfo, mURI, mOriginalURI, mResultPrincipalURI, mTriggeringPrincipal, mTriggeringWindowId, mCsp, mPrincipalToInherit, mPartitionedPrincipalToInherit, mHttpsFirstDowngradeData, mSHEntry, mLoadingSessionHistoryInfo, mPostDataStream, mHeadersStream, mBaseURI, mPendingRedirectedChannel, mChannelRegistrarId, mLoadIdentifier, mUnstrippedURI, mTarget, mTargetBrowsingContext, mSrcdocData, mSourceBrowsingContext, mTypeHint, mFileName, mTriggeringRemoteType, mOriginalURIString, mRemoteTypeOverride, mTriggeringSandboxFlags, mLoadType, mLoadFlags, mInternalLoadFlags, mHttpsUpgradeTelemetry, mCancelContentJSEpoch, mResultPrincipalURIIsSome, mTriggeringStorageAccess, mKeepResultPrincipalURIIfSet, mLoadReplace, mInheritPrincipal, mPrincipalIsExplicit, mNotifiedBeforeUnloadListeners, mForceAllowDataURI, mIsExemptFromHTTPSFirstMode, mOriginalFrameSrc, mIsFormSubmission, mFirstParty, mHasValidUserGestureActivation, mTextDirectiveUserActivation, mAllowFocusMove, mIsFromProcessingFrameAttributes, mChannelInitialized, mIsMetaRefresh, mWasCreatedRemotely, mWasSchemelessInput, consider reordering the fields or adding explicit padding members

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name AccessibleWrap.cpp -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -ffp-contract=off -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/atk -fcoverage-compilation-dir=/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/atk -resource-dir /usr/lib/llvm-19/lib/clang/19 -include /var/lib/jenkins/workspace/firefox-scan-build/config/gcc_hidden.h -include /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/mozilla-config.h -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/stl_wrappers -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/system_wrappers -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D DEBUG=1 -D MOZ_HAS_MOZGLUE -D MOZILLA_INTERNAL_API -D IMPL_LIBXUL -D MOZ_SUPPORT_LEAKCHECKING -D STATIC_EXPORTABLE_JS_API -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/atk -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/atk -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/base -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/generic -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/html -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/ipc -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/xpcom -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/xul -I /var/lib/jenkins/workspace/firefox-scan-build/layout/generic -I /var/lib/jenkins/workspace/firefox-scan-build/other-licenses/atk-1.0 -I /var/lib/jenkins/workspace/firefox-scan-build/widget -I /var/lib/jenkins/workspace/firefox-scan-build/widget/gtk -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/ipc/ipdl/_ipdlheaders -I /var/lib/jenkins/workspace/firefox-scan-build/ipc/chromium/src -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nspr -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nss -D MOZILLA_CLIENT -I /usr/include/gtk-3.0 -I /usr/include/pango-1.0 -I /usr/include/glib-2.0 -I /usr/lib/x86_64-linux-gnu/glib-2.0/include -I /usr/include/sysprof-6 -I /usr/include/harfbuzz -I /usr/include/freetype2 -I /usr/include/libpng16 -I /usr/include/libmount -I /usr/include/blkid -I /usr/include/fribidi -I /usr/include/cairo -I /usr/include/pixman-1 -I /usr/include/gdk-pixbuf-2.0 -I /usr/include/x86_64-linux-gnu -I /usr/include/webp -I /usr/include/gio-unix-2.0 -I /usr/include/cloudproviders -I /usr/include/atk-1.0 -I /usr/include/at-spi2-atk/2.0 -I /usr/include/at-spi-2.0 -I /usr/include/dbus-1.0 -I /usr/lib/x86_64-linux-gnu/dbus-1.0/include -I /usr/include/gtk-3.0/unix-print -I /usr/include/dbus-1.0 -I /usr/lib/x86_64-linux-gnu/dbus-1.0/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/x86_64-linux-gnu/c++/14 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/backward -internal-isystem /usr/lib/llvm-19/lib/clang/19/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/14/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-error=tautological-type-limit-compare -Wno-invalid-offsetof -Wno-range-loop-analysis -Wno-deprecated-anon-enum-enum-conversion -Wno-deprecated-enum-enum-conversion -Wno-deprecated-this-capture -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wno-psabi -Wno-error=builtin-macro-redefined -Wno-vla-cxx-extension -Wno-unknown-warning-option -Wno-error=unused-function -Wno-unused-local-typedefs -fdeprecated-macro -ferror-limit 19 -fstrict-flex-arrays=1 -stack-protector 2 -fstack-clash-protection -ftrivial-auto-var-init=pattern -fno-rtti -fgnuc-version=4.2.1 -fskip-odr-check-in-gmf -fno-sized-deallocation -fno-aligned-allocation -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-09-22-115206-3586786-1 -x c++ /var/lib/jenkins/workspace/firefox-scan-build/accessible/atk/AccessibleWrap.cpp
1/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3/* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7#ifndef nsDocShellLoadState_h__
8#define nsDocShellLoadState_h__
9
10#include "mozilla/dom/BrowsingContext.h"
11#include "mozilla/dom/SessionHistoryEntry.h"
12
13// Helper Classes
14#include "mozilla/Maybe.h"
15#include "nsCOMPtr.h"
16#include "nsString.h"
17#include "nsDocShellLoadTypes.h"
18#include "nsTArrayForwardDeclare.h"
19
20class nsIContentSecurityPolicy;
21class nsIInputStream;
22class nsISHEntry;
23class nsIURI;
24class nsIDocShell;
25class nsIChannel;
26class nsIReferrerInfo;
27struct HTTPSFirstDowngradeData;
28namespace mozilla {
29class OriginAttributes;
30template <typename, class>
31class UniquePtr;
32namespace dom {
33class DocShellLoadStateInit;
34} // namespace dom
35} // namespace mozilla
36
37/**
38 * nsDocShellLoadState contains setup information used in a nsIDocShell::loadURI
39 * call.
40 */
41class nsDocShellLoadState final {
Excessive padding in 'class nsDocShellLoadState' (48 padding bytes, where 0 is optimal). Optimal fields order: mRefCnt, _mOwningThread, mReferrerInfo, mURI, mOriginalURI, mResultPrincipalURI, mTriggeringPrincipal, mTriggeringWindowId, mCsp, mPrincipalToInherit, mPartitionedPrincipalToInherit, mHttpsFirstDowngradeData, mSHEntry, mLoadingSessionHistoryInfo, mPostDataStream, mHeadersStream, mBaseURI, mPendingRedirectedChannel, mChannelRegistrarId, mLoadIdentifier, mUnstrippedURI, mTarget, mTargetBrowsingContext, mSrcdocData, mSourceBrowsingContext, mTypeHint, mFileName, mTriggeringRemoteType, mOriginalURIString, mRemoteTypeOverride, mTriggeringSandboxFlags, mLoadType, mLoadFlags, mInternalLoadFlags, mHttpsUpgradeTelemetry, mCancelContentJSEpoch, mResultPrincipalURIIsSome, mTriggeringStorageAccess, mKeepResultPrincipalURIIfSet, mLoadReplace, mInheritPrincipal, mPrincipalIsExplicit, mNotifiedBeforeUnloadListeners, mForceAllowDataURI, mIsExemptFromHTTPSFirstMode, mOriginalFrameSrc, mIsFormSubmission, mFirstParty, mHasValidUserGestureActivation, mTextDirectiveUserActivation, mAllowFocusMove, mIsFromProcessingFrameAttributes, mChannelInitialized, mIsMetaRefresh, mWasCreatedRemotely, mWasSchemelessInput, consider reordering the fields or adding explicit padding members
42 using BrowsingContext = mozilla::dom::BrowsingContext;
43 template <typename T>
44 using MaybeDiscarded = mozilla::dom::MaybeDiscarded<T>;
45
46 public:
47 NS_INLINE_DECL_REFCOUNTING(nsDocShellLoadState)public: MozExternalRefCountType AddRef(void) { static_assert(
!std::is_destructible_v<nsDocShellLoadState>, "Reference-counted class "
"nsDocShellLoadState" " should not have a public destructor. "
"Make this class's destructor non-public"); do { static_assert
( mozilla::detail::AssertionConditionType<decltype(int32_t
(mRefCnt) >= 0)>::isValid, "invalid assertion condition"
); if ((__builtin_expect(!!(!(!!(int32_t(mRefCnt) >= 0))),
0))) { do { } while (false); MOZ_ReportAssertionFailure("int32_t(mRefCnt) >= 0"
" (" "illegal refcnt" ")", "/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h"
, 47); AnnotateMozCrashReason("MOZ_ASSERT" "(" "int32_t(mRefCnt) >= 0"
") (" "illegal refcnt" ")"); do { *((volatile int*)__null) =
47; __attribute__((nomerge)) ::abort(); } while (false); } }
while (false); _mOwningThread.AssertOwnership("nsDocShellLoadState"
" not thread-safe"); ++mRefCnt; NS_LogAddRef((this), (mRefCnt
), ("nsDocShellLoadState"), (uint32_t)(sizeof(*this))); return
mRefCnt; } MozExternalRefCountType Release(void) { do { static_assert
( mozilla::detail::AssertionConditionType<decltype(int32_t
(mRefCnt) > 0)>::isValid, "invalid assertion condition"
); if ((__builtin_expect(!!(!(!!(int32_t(mRefCnt) > 0))), 0
))) { do { } while (false); MOZ_ReportAssertionFailure("int32_t(mRefCnt) > 0"
" (" "dup release" ")", "/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h"
, 47); AnnotateMozCrashReason("MOZ_ASSERT" "(" "int32_t(mRefCnt) > 0"
") (" "dup release" ")"); do { *((volatile int*)__null) = 47
; __attribute__((nomerge)) ::abort(); } while (false); } } while
(false); _mOwningThread.AssertOwnership("nsDocShellLoadState"
" not thread-safe"); --mRefCnt; NS_LogRelease((this), (mRefCnt
), ("nsDocShellLoadState")); if (mRefCnt == 0) { mRefCnt = 1;
delete (this); return 0; } return mRefCnt; } using HasThreadSafeRefCnt
= std::false_type; protected: nsAutoRefCnt mRefCnt; nsAutoOwningThread
_mOwningThread; public:
;
48
49 explicit nsDocShellLoadState(nsIURI* aURI);
50 explicit nsDocShellLoadState(
51 const mozilla::dom::DocShellLoadStateInit& aLoadState,
52 mozilla::ipc::IProtocol* aActor, bool* aReadSuccess);
53 explicit nsDocShellLoadState(const nsDocShellLoadState& aOther);
54 nsDocShellLoadState(nsIURI* aURI, uint64_t aLoadIdentifier);
55
56 static nsresult CreateFromPendingChannel(nsIChannel* aPendingChannel,
57 uint64_t aLoadIdentifier,
58 uint64_t aRegistarId,
59 nsDocShellLoadState** aResult);
60
61 static nsresult CreateFromLoadURIOptions(
62 BrowsingContext* aBrowsingContext, const nsAString& aURI,
63 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
64 nsDocShellLoadState** aResult);
65 static nsresult CreateFromLoadURIOptions(
66 BrowsingContext* aBrowsingContext, nsIURI* aURI,
67 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
68 nsDocShellLoadState** aResult);
69
70 // Getters and Setters
71
72 nsIReferrerInfo* GetReferrerInfo() const;
73
74 void SetReferrerInfo(nsIReferrerInfo* aReferrerInfo);
75
76 nsIURI* URI() const;
77
78 void SetURI(nsIURI* aURI);
79
80 nsIURI* OriginalURI() const;
81
82 void SetOriginalURI(nsIURI* aOriginalURI);
83
84 nsIURI* ResultPrincipalURI() const;
85
86 void SetResultPrincipalURI(nsIURI* aResultPrincipalURI);
87
88 bool ResultPrincipalURIIsSome() const;
89
90 void SetResultPrincipalURIIsSome(bool aIsSome);
91
92 bool KeepResultPrincipalURIIfSet() const;
93
94 void SetKeepResultPrincipalURIIfSet(bool aKeep);
95
96 nsIPrincipal* PrincipalToInherit() const;
97
98 void SetPrincipalToInherit(nsIPrincipal* aPrincipalToInherit);
99
100 nsIPrincipal* PartitionedPrincipalToInherit() const;
101
102 void SetPartitionedPrincipalToInherit(
103 nsIPrincipal* aPartitionedPrincipalToInherit);
104
105 bool LoadReplace() const;
106
107 void SetLoadReplace(bool aLoadReplace);
108
109 nsIPrincipal* TriggeringPrincipal() const;
110
111 void SetTriggeringPrincipal(nsIPrincipal* aTriggeringPrincipal);
112
113 uint32_t TriggeringSandboxFlags() const;
114
115 void SetTriggeringSandboxFlags(uint32_t aTriggeringSandboxFlags);
116
117 uint64_t TriggeringWindowId() const;
118
119 void SetTriggeringWindowId(uint64_t aTriggeringWindowId);
120
121 bool TriggeringStorageAccess() const;
122
123 void SetTriggeringStorageAccess(bool aTriggeringStorageAccess);
124
125 nsIContentSecurityPolicy* Csp() const;
126
127 void SetCsp(nsIContentSecurityPolicy* aCsp);
128
129 bool InheritPrincipal() const;
130
131 void SetInheritPrincipal(bool aInheritPrincipal);
132
133 bool PrincipalIsExplicit() const;
134
135 void SetPrincipalIsExplicit(bool aPrincipalIsExplicit);
136
137 // If true, "beforeunload" event listeners were notified by the creater of the
138 // LoadState and given the chance to abort the navigation, and should not be
139 // notified again.
140 bool NotifiedBeforeUnloadListeners() const;
141
142 void SetNotifiedBeforeUnloadListeners(bool aNotifiedBeforeUnloadListeners);
143
144 bool ForceAllowDataURI() const;
145
146 void SetForceAllowDataURI(bool aForceAllowDataURI);
147
148 bool IsExemptFromHTTPSFirstMode() const;
149
150 void SetIsExemptFromHTTPSFirstMode(bool aIsExemptFromHTTPSFirstMode);
151
152 RefPtr<HTTPSFirstDowngradeData> GetHttpsFirstDowngradeData() const;
153
154 void SetHttpsFirstDowngradeData(
155 RefPtr<HTTPSFirstDowngradeData> const& aHttpsFirstTelemetryData);
156
157 bool OriginalFrameSrc() const;
158
159 void SetOriginalFrameSrc(bool aOriginalFrameSrc);
160
161 bool IsFormSubmission() const;
162
163 void SetIsFormSubmission(bool aIsFormSubmission);
164
165 uint32_t LoadType() const;
166
167 void SetLoadType(uint32_t aLoadType);
168
169 nsISHEntry* SHEntry() const;
170
171 void SetSHEntry(nsISHEntry* aSHEntry);
172
173 const mozilla::dom::LoadingSessionHistoryInfo* GetLoadingSessionHistoryInfo()
174 const;
175
176 // Copies aLoadingInfo and stores the copy in this nsDocShellLoadState.
177 void SetLoadingSessionHistoryInfo(
178 const mozilla::dom::LoadingSessionHistoryInfo& aLoadingInfo);
179
180 // Stores aLoadingInfo in this nsDocShellLoadState.
181 void SetLoadingSessionHistoryInfo(
182 mozilla::UniquePtr<mozilla::dom::LoadingSessionHistoryInfo> aLoadingInfo);
183
184 bool LoadIsFromSessionHistory() const;
185
186 const nsString& Target() const;
187
188 void SetTarget(const nsAString& aTarget);
189
190 nsIInputStream* PostDataStream() const;
191
192 void SetPostDataStream(nsIInputStream* aStream);
193
194 nsIInputStream* HeadersStream() const;
195
196 void SetHeadersStream(nsIInputStream* aHeadersStream);
197
198 bool IsSrcdocLoad() const;
199
200 const nsString& SrcdocData() const;
201
202 void SetSrcdocData(const nsAString& aSrcdocData);
203
204 const MaybeDiscarded<BrowsingContext>& SourceBrowsingContext() const {
205 return mSourceBrowsingContext;
206 }
207
208 void SetSourceBrowsingContext(BrowsingContext*);
209
210 void SetAllowFocusMove(bool aAllow) { mAllowFocusMove = aAllow; }
211
212 bool AllowFocusMove() const { return mAllowFocusMove; }
213
214 const MaybeDiscarded<BrowsingContext>& TargetBrowsingContext() const {
215 return mTargetBrowsingContext;
216 }
217
218 void SetTargetBrowsingContext(BrowsingContext* aTargetBrowsingContext);
219
220 nsIURI* BaseURI() const;
221
222 void SetBaseURI(nsIURI* aBaseURI);
223
224 // Helper function allowing convenient work with mozilla::Maybe in C++, hiding
225 // resultPrincipalURI and resultPrincipalURIIsSome attributes from the
226 // consumer.
227 void GetMaybeResultPrincipalURI(
228 mozilla::Maybe<nsCOMPtr<nsIURI>>& aRPURI) const;
229
230 void SetMaybeResultPrincipalURI(
231 mozilla::Maybe<nsCOMPtr<nsIURI>> const& aRPURI);
232
233 uint32_t LoadFlags() const;
234
235 void SetLoadFlags(uint32_t aFlags);
236
237 void SetLoadFlag(uint32_t aFlag);
238
239 void UnsetLoadFlag(uint32_t aFlag);
240
241 bool HasLoadFlags(uint32_t aFlag);
242
243 uint32_t InternalLoadFlags() const;
244
245 void SetInternalLoadFlags(uint32_t aFlags);
246
247 void SetInternalLoadFlag(uint32_t aFlag);
248
249 void UnsetInternalLoadFlag(uint32_t aFlag);
250
251 bool HasInternalLoadFlags(uint32_t aFlag);
252
253 bool FirstParty() const;
254
255 void SetFirstParty(bool aFirstParty);
256
257 bool HasValidUserGestureActivation() const;
258
259 void SetHasValidUserGestureActivation(bool HasValidUserGestureActivation);
260
261 void SetTextDirectiveUserActivation(bool aTextDirectiveUserActivation);
262
263 bool GetTextDirectiveUserActivation();
264
265 const nsCString& TypeHint() const;
266
267 void SetTypeHint(const nsCString& aTypeHint);
268
269 const nsString& FileName() const;
270
271 void SetFileName(const nsAString& aFileName);
272
273 nsIURI* GetUnstrippedURI() const;
274
275 void SetUnstrippedURI(nsIURI* aUnstrippedURI);
276
277 // Give the type of DocShell we're loading into (chrome/content/etc) and
278 // origin attributes for the URI we're loading, figure out if we should
279 // inherit our principal from the document the load was requested from, or
280 // else if the principal should be set up later in the process (after loads).
281 // See comments in function for more info on principal selection algorithm
282 nsresult SetupInheritingPrincipal(
283 mozilla::dom::BrowsingContext::Type aType,
284 const mozilla::OriginAttributes& aOriginAttributes);
285
286 // If no triggering principal exists at the moment, create one using referrer
287 // information and origin attributes.
288 nsresult SetupTriggeringPrincipal(
289 const mozilla::OriginAttributes& aOriginAttributes);
290
291 void SetIsFromProcessingFrameAttributes() {
292 mIsFromProcessingFrameAttributes = true;
293 }
294 bool GetIsFromProcessingFrameAttributes() const {
295 return mIsFromProcessingFrameAttributes;
296 }
297
298 nsIChannel* GetPendingRedirectedChannel() {
299 return mPendingRedirectedChannel;
300 }
301
302 uint64_t GetPendingRedirectChannelRegistrarId() const {
303 return mChannelRegistrarId;
304 }
305
306 void SetOriginalURIString(const nsCString& aOriginalURI) {
307 mOriginalURIString.emplace(aOriginalURI);
308 }
309 const mozilla::Maybe<nsCString>& GetOriginalURIString() const {
310 return mOriginalURIString;
311 }
312
313 void SetCancelContentJSEpoch(int32_t aCancelEpoch) {
314 mCancelContentJSEpoch.emplace(aCancelEpoch);
315 }
316 const mozilla::Maybe<int32_t>& GetCancelContentJSEpoch() const {
317 return mCancelContentJSEpoch;
318 }
319
320 uint64_t GetLoadIdentifier() const { return mLoadIdentifier; }
321
322 void SetChannelInitialized(bool aInitilized) {
323 mChannelInitialized = aInitilized;
324 }
325
326 bool GetChannelInitialized() const { return mChannelInitialized; }
327
328 void SetIsMetaRefresh(bool aMetaRefresh) { mIsMetaRefresh = aMetaRefresh; }
329
330 bool IsMetaRefresh() const { return mIsMetaRefresh; }
331
332 const mozilla::Maybe<nsCString>& GetRemoteTypeOverride() const {
333 return mRemoteTypeOverride;
334 }
335
336 void SetRemoteTypeOverride(const nsCString& aRemoteTypeOverride);
337
338 void SetWasSchemelessInput(bool aWasSchemelessInput) {
339 mWasSchemelessInput = aWasSchemelessInput;
340 }
341
342 bool GetWasSchemelessInput() { return mWasSchemelessInput; }
343
344 void SetHttpsUpgradeTelemetry(
345 nsILoadInfo::HTTPSUpgradeTelemetryType aHttpsUpgradeTelemetry) {
346 mHttpsUpgradeTelemetry = aHttpsUpgradeTelemetry;
347 }
348
349 nsILoadInfo::HTTPSUpgradeTelemetryType GetHttpsUpgradeTelemetry() {
350 return mHttpsUpgradeTelemetry;
351 }
352
353 // Determine the remote type of the process which should be considered
354 // responsible for this load for the purposes of security checks.
355 //
356 // This will generally be the process which created the nsDocShellLoadState
357 // originally, however non-errorpage history loads are always considered to be
358 // triggered by the parent process, as we can validate them against the
359 // history entry.
360 const nsCString& GetEffectiveTriggeringRemoteType() const;
361
362 void SetTriggeringRemoteType(const nsACString& aTriggeringRemoteType);
363
364 // Diagnostic assert if this is a system-principal triggered load, and it is
365 // trivial to determine that the effective triggering remote type would not be
366 // allowed to perform this load.
367 //
368 // This is called early during the load to crash as close to the cause as
369 // possible. See bug 1838686 for details.
370#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED1
371 void AssertProcessCouldTriggerLoadIfSystem();
372#else
373 void AssertProcessCouldTriggerLoadIfSystem() {}
374#endif
375
376 // When loading a document through nsDocShell::LoadURI(), a special set of
377 // flags needs to be set based on other values in nsDocShellLoadState. This
378 // function calculates those flags, before the LoadState is passed to
379 // nsDocShell::InternalLoad.
380 void CalculateLoadURIFlags();
381
382 // Compute the load flags to be used by creating channel. aUriModified and
383 // aIsEmbeddingBlockedError are expected to be Nothing when called from parent
384 // process.
385 nsLoadFlags CalculateChannelLoadFlags(
386 mozilla::dom::BrowsingContext* aBrowsingContext,
387 mozilla::Maybe<bool> aUriModified,
388 mozilla::Maybe<bool> aIsEmbeddingBlockedError);
389
390 mozilla::dom::DocShellLoadStateInit Serialize(
391 mozilla::ipc::IProtocol* aActor);
392
393 void SetLoadIsFromSessionHistory(int32_t aOffset, bool aLoadingCurrentEntry);
394 void ClearLoadIsFromSessionHistory();
395
396 void MaybeStripTrackerQueryStrings(mozilla::dom::BrowsingContext* aContext);
397
398 protected:
399 // Destructor can't be defaulted or inlined, as header doesn't have all type
400 // includes it needs to do so.
401 ~nsDocShellLoadState();
402
403 // Given the original `nsDocShellLoadState` which was sent to a content
404 // process, validate that they corespond to the same load.
405 // Returns a static (telemetry-safe) string naming what did not match, or
406 // nullptr if it succeeds.
407 const char* ValidateWithOriginalState(nsDocShellLoadState* aOriginalState);
408
409 static nsresult CreateFromLoadURIOptions(
410 BrowsingContext* aBrowsingContext, nsIURI* aURI,
411 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
412 uint32_t aLoadFlagsOverride, nsIInputStream* aPostDataOverride,
413 nsDocShellLoadState** aResult);
414
415 // This is the referrer for the load.
416 nsCOMPtr<nsIReferrerInfo> mReferrerInfo;
417
418 // The URI we are navigating to. Will not be null once set.
419 nsCOMPtr<nsIURI> mURI;
420
421 // The URI to set as the originalURI on the channel that does the load. If
422 // null, aURI will be set as the originalURI.
423 nsCOMPtr<nsIURI> mOriginalURI;
424
425 // The URI to be set to loadInfo.resultPrincipalURI
426 // - When Nothing, there will be no change
427 // - When Some, the principal URI will overwrite even
428 // with a null value.
429 //
430 // Valid only if mResultPrincipalURIIsSome is true (has the same meaning as
431 // isSome() on mozilla::Maybe.)
432 nsCOMPtr<nsIURI> mResultPrincipalURI;
433 bool mResultPrincipalURIIsSome;
434
435 // The principal of the load, that is, the entity responsible for causing the
436 // load to occur. In most cases the referrer and the triggeringPrincipal's URI
437 // will be identical.
438 //
439 // Please note that this is the principal that is used for security checks. If
440 // the argument aURI is provided by the web, then please do not pass a
441 // SystemPrincipal as the triggeringPrincipal.
442 nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
443
444 // The SandboxFlags of the load, that are, the SandboxFlags of the entity
445 // responsible for causing the load to occur. Most likely this are the
446 // SandboxFlags of the document that started the load.
447 uint32_t mTriggeringSandboxFlags;
448
449 // The window ID and current "has storage access" value of the entity
450 // triggering the load. This allows the identification of self-initiated
451 // same-origin navigations that should propogate unpartitioned storage access.
452 uint64_t mTriggeringWindowId;
453 bool mTriggeringStorageAccess;
454
455 // The CSP of the load, that is, the CSP of the entity responsible for causing
456 // the load to occur. Most likely this is the CSP of the document that started
457 // the load. In case the entity starting the load did not use a CSP, then mCsp
458 // can be null. Please note that this is also the CSP that will be applied to
459 // the load in case the load encounters a server side redirect.
460 nsCOMPtr<nsIContentSecurityPolicy> mCsp;
461
462 // If a refresh is caused by http-equiv="refresh" we want to set
463 // aResultPrincipalURI, but we do not want to overwrite the channel's
464 // ResultPrincipalURI, if it has already been set on the channel by a protocol
465 // handler.
466 bool mKeepResultPrincipalURIIfSet;
467
468 // If set LOAD_REPLACE flag will be set on the channel. If aOriginalURI is
469 // null, this argument is ignored.
470 bool mLoadReplace;
471
472 // If this attribute is true and no triggeringPrincipal is specified,
473 // copy the principal from the referring document.
474 bool mInheritPrincipal;
475
476 // If this attribute is true only ever use the principal specified
477 // by the triggeringPrincipal and inheritPrincipal attributes.
478 // If there are security reasons for why this is unsafe, such
479 // as trying to use a systemprincipal as the triggeringPrincipal
480 // for a content docshell the load fails.
481 bool mPrincipalIsExplicit;
482
483 bool mNotifiedBeforeUnloadListeners;
484
485 // Principal we're inheriting. If null, this means the principal should be
486 // inherited from the current document. If set to NullPrincipal, the channel
487 // will fill in principal information later in the load. See internal comments
488 // of SetupInheritingPrincipal for more info.
489 //
490 // When passed to InternalLoad, If this argument is null then
491 // principalToInherit is computed differently. See nsDocShell::InternalLoad
492 // for more comments.
493
494 nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
495
496 nsCOMPtr<nsIPrincipal> mPartitionedPrincipalToInherit;
497
498 // If this attribute is true, then a top-level navigation
499 // to a data URI will be allowed.
500 bool mForceAllowDataURI;
501
502 // If this attribute is true, then the top-level navigaion
503 // will be exempt from HTTPS-Only-Mode upgrades.
504 bool mIsExemptFromHTTPSFirstMode;
505
506 // If set, this load is a HTTPS-First downgrade, and the downgrade data will
507 // be submitted to telemetry later if the load succeeds.
508 RefPtr<HTTPSFirstDowngradeData> mHttpsFirstDowngradeData;
509
510 // If this attribute is true, this load corresponds to a frame
511 // element loading its original src (or srcdoc) attribute.
512 bool mOriginalFrameSrc;
513
514 // If this attribute is true, then the load was initiated by a
515 // form submission.
516 bool mIsFormSubmission;
517
518 // Contains a load type as specified by the nsDocShellLoadTypes::load*
519 // constants
520 uint32_t mLoadType;
521
522 // Active Session History entry (if loading from SH)
523 nsCOMPtr<nsISHEntry> mSHEntry;
524
525 // Loading session history info for the load
526 mozilla::UniquePtr<mozilla::dom::LoadingSessionHistoryInfo>
527 mLoadingSessionHistoryInfo;
528
529 // Target for load, like _content, _blank etc.
530 nsString mTarget;
531
532 // When set, this is the Target Browsing Context for the navigation
533 // after retargeting.
534 MaybeDiscarded<BrowsingContext> mTargetBrowsingContext;
535
536 // Post data stream (if POSTing)
537 nsCOMPtr<nsIInputStream> mPostDataStream;
538
539 // Additional Headers
540 nsCOMPtr<nsIInputStream> mHeadersStream;
541
542 // When set, the load will be interpreted as a srcdoc load, where contents of
543 // this string will be loaded instead of the URI. Setting srcdocData sets
544 // isSrcdocLoad to true
545 nsString mSrcdocData;
546
547 // When set, this is the Source Browsing Context for the navigation.
548 MaybeDiscarded<BrowsingContext> mSourceBrowsingContext;
549
550 // Used for srcdoc loads to give view-source knowledge of the load's base URI
551 // as this information isn't embedded in the load's URI.
552 nsCOMPtr<nsIURI> mBaseURI;
553
554 // Set of Load Flags, taken from nsDocShellLoadTypes.h and nsIWebNavigation
555 uint32_t mLoadFlags;
556
557 // Set of internal load flags
558 uint32_t mInternalLoadFlags;
559
560 // Is this a First Party Load?
561 bool mFirstParty;
562
563 // Is this load triggered by a user gesture?
564 bool mHasValidUserGestureActivation;
565
566 // True if a text directive can be scrolled to. This is true either if the
567 // load is triggered by a user, or the document has an unconsumed activation
568 // (eg. client redirect).
569 bool mTextDirectiveUserActivation = false;
570
571 // Whether this load can steal the focus from the source browsing context.
572 bool mAllowFocusMove;
573
574 // A hint as to the content-type of the resulting data. If no hint, IsVoid()
575 // should return true.
576 nsCString mTypeHint;
577
578 // Non-void when the link should be downloaded as the given filename.
579 // mFileName being non-void but empty means that no filename hint was
580 // specified, but link should still trigger a download. If not a download,
581 // mFileName.IsVoid() should return true.
582 nsString mFileName;
583
584 // This will be true if this load is triggered by attribute changes.
585 // See nsILoadInfo.isFromProcessingFrameAttributes
586 bool mIsFromProcessingFrameAttributes;
587
588 // If set, a pending cross-process redirected channel should be used to
589 // perform the load. The channel will be stored in this value.
590 nsCOMPtr<nsIChannel> mPendingRedirectedChannel;
591
592 // An optional string representation of mURI, before any
593 // fixups were applied, so that we can send it to a search
594 // engine service if needed.
595 mozilla::Maybe<nsCString> mOriginalURIString;
596
597 // An optional value to pass to nsIDocShell::setCancelJSEpoch
598 // when initiating the load.
599 mozilla::Maybe<int32_t> mCancelContentJSEpoch;
600
601 // If mPendingRedirectChannel is set, then this is the identifier
602 // that the parent-process equivalent channel has been registered
603 // with using RedirectChannelRegistrar.
604 uint64_t mChannelRegistrarId;
605
606 // An identifier to make it possible to examine if two loads are
607 // equal, and which browsing context they belong to (see
608 // BrowsingContext::{Get, Set}CurrentLoadIdentifier)
609 const uint64_t mLoadIdentifier;
610
611 // Optional value to indicate that a channel has been
612 // pre-initialized in the parent process.
613 bool mChannelInitialized;
614
615 // True if the load was triggered by a meta refresh.
616 bool mIsMetaRefresh;
617
618 // True if the nsDocShellLoadState was received over IPC.
619 bool mWasCreatedRemotely = false;
620
621 // The original URI before query stripping happened. If it's present, it shows
622 // the query stripping happened. Otherwise, it will be a nullptr.
623 nsCOMPtr<nsIURI> mUnstrippedURI;
624
625 // If set, the remote type which the load should be completed within.
626 mozilla::Maybe<nsCString> mRemoteTypeOverride;
627
628 // Remote type of the process which originally requested the load.
629 nsCString mTriggeringRemoteType;
630
631 // if the to-be-loaded address had it protocol added through a fixup
632 bool mWasSchemelessInput = false;
633
634 // Solely for the use of collecting Telemetry for HTTPS upgrades.
635 nsILoadInfo::HTTPSUpgradeTelemetryType mHttpsUpgradeTelemetry =
636 nsILoadInfo::NOT_INITIALIZED;
637};
638
639#endif /* nsDocShellLoadState_h__ */