Bug Summary

File:var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h
Warning:line 40, column 7
Excessive padding in 'class nsDocShellLoadState' (45 padding bytes, where 5 is optimal). Optimal fields order: mRefCnt, _mOwningThread, mReferrerInfo, mURI, mOriginalURI, mResultPrincipalURI, mTriggeringPrincipal, mTriggeringWindowId, mCsp, mPrincipalToInherit, mPartitionedPrincipalToInherit, mSHEntry, mLoadingSessionHistoryInfo, mPostDataStream, mHeadersStream, mBaseURI, mPendingRedirectedChannel, mChannelRegistrarId, mLoadIdentifier, mUnstrippedURI, mTarget, mTargetBrowsingContext, mSrcdocData, mSourceBrowsingContext, mTypeHint, mFileName, mTriggeringRemoteType, mOriginalURIString, mRemoteTypeOverride, mTriggeringSandboxFlags, mLoadType, mLoadFlags, mInternalLoadFlags, mCancelContentJSEpoch, mResultPrincipalURIIsSome, mTriggeringStorageAccess, mKeepResultPrincipalURIIfSet, mLoadReplace, mInheritPrincipal, mPrincipalIsExplicit, mNotifiedBeforeUnloadListeners, mForceAllowDataURI, mIsExemptFromHTTPSFirstMode, mOriginalFrameSrc, mIsFormSubmission, mFirstParty, mHasValidUserGestureActivation, mAllowFocusMove, mIsFromProcessingFrameAttributes, mChannelInitialized, mIsMetaRefresh, mWasCreatedRemotely, mWasSchemelessInput, consider reordering the fields or adding explicit padding members

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name AccessibleWrap.cpp -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -fhalf-no-semantic-interposition -mframe-pointer=all -relaxed-aliasing -ffp-contract=off -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fdebug-compilation-dir=/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/atk -fcoverage-compilation-dir=/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/atk -resource-dir /usr/lib/llvm-18/lib/clang/18 -include /var/lib/jenkins/workspace/firefox-scan-build/config/gcc_hidden.h -include /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/mozilla-config.h -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/stl_wrappers -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/system_wrappers -U _FORTIFY_SOURCE -D _FORTIFY_SOURCE=2 -D DEBUG=1 -D MOZ_HAS_MOZGLUE -D MOZILLA_INTERNAL_API -D IMPL_LIBXUL -D STATIC_EXPORTABLE_JS_API -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/atk -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/accessible/atk -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/base -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/generic -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/html -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/ipc -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/xpcom -I /var/lib/jenkins/workspace/firefox-scan-build/accessible/xul -I /var/lib/jenkins/workspace/firefox-scan-build/layout/generic -I /var/lib/jenkins/workspace/firefox-scan-build/other-licenses/atk-1.0 -I /var/lib/jenkins/workspace/firefox-scan-build/widget -I /var/lib/jenkins/workspace/firefox-scan-build/widget/gtk -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/ipc/ipdl/_ipdlheaders -I /var/lib/jenkins/workspace/firefox-scan-build/ipc/chromium/src -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nspr -I /var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nss -D MOZILLA_CLIENT -I /usr/include/gtk-3.0 -I /usr/include/pango-1.0 -I /usr/include/glib-2.0 -I /usr/lib/x86_64-linux-gnu/glib-2.0/include -I /usr/include/harfbuzz -I /usr/include/freetype2 -I /usr/include/libpng16 -I /usr/include/libmount -I /usr/include/blkid -I /usr/include/fribidi -I /usr/include/cairo -I /usr/include/pixman-1 -I /usr/include/gdk-pixbuf-2.0 -I /usr/include/x86_64-linux-gnu -I /usr/include/webp -I /usr/include/gio-unix-2.0 -I /usr/include/cloudproviders -I /usr/include/atk-1.0 -I /usr/include/at-spi2-atk/2.0 -I /usr/include/at-spi-2.0 -I /usr/include/dbus-1.0 -I /usr/lib/x86_64-linux-gnu/dbus-1.0/include -I /usr/include/gtk-3.0/unix-print -I /usr/include/dbus-1.0 -I /usr/lib/x86_64-linux-gnu/dbus-1.0/include -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/x86_64-linux-gnu/c++/13 -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../include/c++/13/backward -internal-isystem /usr/lib/llvm-18/lib/clang/18/include -internal-isystem /usr/local/include -internal-isystem /usr/bin/../lib/gcc/x86_64-linux-gnu/13/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-error=tautological-type-limit-compare -Wno-invalid-offsetof -Wno-range-loop-analysis -Wno-deprecated-anon-enum-enum-conversion -Wno-deprecated-enum-enum-conversion -Wno-deprecated-this-capture -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wno-psabi -Wno-error=builtin-macro-redefined -Wno-vla-cxx-extension -Wno-unknown-warning-option -Wno-error=unused-function -Wno-unused-local-typedefs -fdeprecated-macro -ferror-limit 19 -stack-protector 2 -fstack-clash-protection -ftrivial-auto-var-init=pattern -fno-rtti -fgnuc-version=4.2.1 -fno-aligned-allocation -vectorize-loops -vectorize-slp -analyzer-checker optin.performance.Padding -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2024-05-16-034744-15991-1 -x c++ /var/lib/jenkins/workspace/firefox-scan-build/accessible/atk/AccessibleWrap.cpp
1/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2/* vim: set ts=8 sts=2 et sw=2 tw=80: */
3/* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7#ifndef nsDocShellLoadState_h__
8#define nsDocShellLoadState_h__
9
10#include "mozilla/dom/BrowsingContext.h"
11#include "mozilla/dom/SessionHistoryEntry.h"
12
13// Helper Classes
14#include "mozilla/Maybe.h"
15#include "nsCOMPtr.h"
16#include "nsString.h"
17#include "nsDocShellLoadTypes.h"
18#include "nsTArrayForwardDeclare.h"
19
20class nsIContentSecurityPolicy;
21class nsIInputStream;
22class nsISHEntry;
23class nsIURI;
24class nsIDocShell;
25class nsIChannel;
26class nsIReferrerInfo;
27namespace mozilla {
28class OriginAttributes;
29template <typename, class>
30class UniquePtr;
31namespace dom {
32class DocShellLoadStateInit;
33} // namespace dom
34} // namespace mozilla
35
36/**
37 * nsDocShellLoadState contains setup information used in a nsIDocShell::loadURI
38 * call.
39 */
40class nsDocShellLoadState final {
Excessive padding in 'class nsDocShellLoadState' (45 padding bytes, where 5 is optimal). Optimal fields order: mRefCnt, _mOwningThread, mReferrerInfo, mURI, mOriginalURI, mResultPrincipalURI, mTriggeringPrincipal, mTriggeringWindowId, mCsp, mPrincipalToInherit, mPartitionedPrincipalToInherit, mSHEntry, mLoadingSessionHistoryInfo, mPostDataStream, mHeadersStream, mBaseURI, mPendingRedirectedChannel, mChannelRegistrarId, mLoadIdentifier, mUnstrippedURI, mTarget, mTargetBrowsingContext, mSrcdocData, mSourceBrowsingContext, mTypeHint, mFileName, mTriggeringRemoteType, mOriginalURIString, mRemoteTypeOverride, mTriggeringSandboxFlags, mLoadType, mLoadFlags, mInternalLoadFlags, mCancelContentJSEpoch, mResultPrincipalURIIsSome, mTriggeringStorageAccess, mKeepResultPrincipalURIIfSet, mLoadReplace, mInheritPrincipal, mPrincipalIsExplicit, mNotifiedBeforeUnloadListeners, mForceAllowDataURI, mIsExemptFromHTTPSFirstMode, mOriginalFrameSrc, mIsFormSubmission, mFirstParty, mHasValidUserGestureActivation, mAllowFocusMove, mIsFromProcessingFrameAttributes, mChannelInitialized, mIsMetaRefresh, mWasCreatedRemotely, mWasSchemelessInput, consider reordering the fields or adding explicit padding members
41 using BrowsingContext = mozilla::dom::BrowsingContext;
42 template <typename T>
43 using MaybeDiscarded = mozilla::dom::MaybeDiscarded<T>;
44
45 public:
46 NS_INLINE_DECL_REFCOUNTING(nsDocShellLoadState)public: MozExternalRefCountType AddRef(void) { static_assert(
!std::is_destructible_v<nsDocShellLoadState>, "Reference-counted class "
"nsDocShellLoadState" " should not have a public destructor. "
"Make this class's destructor non-public"); do { static_assert
( mozilla::detail::AssertionConditionType<decltype(int32_t
(mRefCnt) >= 0)>::isValid, "invalid assertion condition"
); if ((__builtin_expect(!!(!(!!(int32_t(mRefCnt) >= 0))),
0))) { do { } while (false); MOZ_ReportAssertionFailure("int32_t(mRefCnt) >= 0"
" (" "illegal refcnt" ")", "/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h"
, 46); AnnotateMozCrashReason("MOZ_ASSERT" "(" "int32_t(mRefCnt) >= 0"
") (" "illegal refcnt" ")"); do { *((volatile int*)__null) =
46; __attribute__((nomerge)) ::abort(); } while (false); } }
while (false); _mOwningThread.AssertOwnership("nsDocShellLoadState"
" not thread-safe"); ++mRefCnt; NS_LogAddRef((this), (mRefCnt
), ("nsDocShellLoadState"), (uint32_t)(sizeof(*this))); return
mRefCnt; } MozExternalRefCountType Release(void) { do { static_assert
( mozilla::detail::AssertionConditionType<decltype(int32_t
(mRefCnt) > 0)>::isValid, "invalid assertion condition"
); if ((__builtin_expect(!!(!(!!(int32_t(mRefCnt) > 0))), 0
))) { do { } while (false); MOZ_ReportAssertionFailure("int32_t(mRefCnt) > 0"
" (" "dup release" ")", "/var/lib/jenkins/workspace/firefox-scan-build/obj-x86_64-pc-linux-gnu/dist/include/nsDocShellLoadState.h"
, 46); AnnotateMozCrashReason("MOZ_ASSERT" "(" "int32_t(mRefCnt) > 0"
") (" "dup release" ")"); do { *((volatile int*)__null) = 46
; __attribute__((nomerge)) ::abort(); } while (false); } } while
(false); _mOwningThread.AssertOwnership("nsDocShellLoadState"
" not thread-safe"); --mRefCnt; NS_LogRelease((this), (mRefCnt
), ("nsDocShellLoadState")); if (mRefCnt == 0) { mRefCnt = 1;
delete (this); return 0; } return mRefCnt; } using HasThreadSafeRefCnt
= std::false_type; protected: nsAutoRefCnt mRefCnt; nsAutoOwningThread
_mOwningThread; public:
;
47
48 explicit nsDocShellLoadState(nsIURI* aURI);
49 explicit nsDocShellLoadState(
50 const mozilla::dom::DocShellLoadStateInit& aLoadState,
51 mozilla::ipc::IProtocol* aActor, bool* aReadSuccess);
52 explicit nsDocShellLoadState(const nsDocShellLoadState& aOther);
53 nsDocShellLoadState(nsIURI* aURI, uint64_t aLoadIdentifier);
54
55 static nsresult CreateFromPendingChannel(nsIChannel* aPendingChannel,
56 uint64_t aLoadIdentifier,
57 uint64_t aRegistarId,
58 nsDocShellLoadState** aResult);
59
60 static nsresult CreateFromLoadURIOptions(
61 BrowsingContext* aBrowsingContext, const nsAString& aURI,
62 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
63 nsDocShellLoadState** aResult);
64 static nsresult CreateFromLoadURIOptions(
65 BrowsingContext* aBrowsingContext, nsIURI* aURI,
66 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
67 nsDocShellLoadState** aResult);
68
69 // Getters and Setters
70
71 nsIReferrerInfo* GetReferrerInfo() const;
72
73 void SetReferrerInfo(nsIReferrerInfo* aReferrerInfo);
74
75 nsIURI* URI() const;
76
77 void SetURI(nsIURI* aURI);
78
79 nsIURI* OriginalURI() const;
80
81 void SetOriginalURI(nsIURI* aOriginalURI);
82
83 nsIURI* ResultPrincipalURI() const;
84
85 void SetResultPrincipalURI(nsIURI* aResultPrincipalURI);
86
87 bool ResultPrincipalURIIsSome() const;
88
89 void SetResultPrincipalURIIsSome(bool aIsSome);
90
91 bool KeepResultPrincipalURIIfSet() const;
92
93 void SetKeepResultPrincipalURIIfSet(bool aKeep);
94
95 nsIPrincipal* PrincipalToInherit() const;
96
97 void SetPrincipalToInherit(nsIPrincipal* aPrincipalToInherit);
98
99 nsIPrincipal* PartitionedPrincipalToInherit() const;
100
101 void SetPartitionedPrincipalToInherit(
102 nsIPrincipal* aPartitionedPrincipalToInherit);
103
104 bool LoadReplace() const;
105
106 void SetLoadReplace(bool aLoadReplace);
107
108 nsIPrincipal* TriggeringPrincipal() const;
109
110 void SetTriggeringPrincipal(nsIPrincipal* aTriggeringPrincipal);
111
112 uint32_t TriggeringSandboxFlags() const;
113
114 void SetTriggeringSandboxFlags(uint32_t aTriggeringSandboxFlags);
115
116 uint64_t TriggeringWindowId() const;
117
118 void SetTriggeringWindowId(uint64_t aTriggeringWindowId);
119
120 bool TriggeringStorageAccess() const;
121
122 void SetTriggeringStorageAccess(bool aTriggeringStorageAccess);
123
124 nsIContentSecurityPolicy* Csp() const;
125
126 void SetCsp(nsIContentSecurityPolicy* aCsp);
127
128 bool InheritPrincipal() const;
129
130 void SetInheritPrincipal(bool aInheritPrincipal);
131
132 bool PrincipalIsExplicit() const;
133
134 void SetPrincipalIsExplicit(bool aPrincipalIsExplicit);
135
136 // If true, "beforeunload" event listeners were notified by the creater of the
137 // LoadState and given the chance to abort the navigation, and should not be
138 // notified again.
139 bool NotifiedBeforeUnloadListeners() const;
140
141 void SetNotifiedBeforeUnloadListeners(bool aNotifiedBeforeUnloadListeners);
142
143 bool ForceAllowDataURI() const;
144
145 void SetForceAllowDataURI(bool aForceAllowDataURI);
146
147 bool IsExemptFromHTTPSFirstMode() const;
148
149 void SetIsExemptFromHTTPSFirstMode(bool aIsExemptFromHTTPSFirstMode);
150
151 bool OriginalFrameSrc() const;
152
153 void SetOriginalFrameSrc(bool aOriginalFrameSrc);
154
155 bool IsFormSubmission() const;
156
157 void SetIsFormSubmission(bool aIsFormSubmission);
158
159 uint32_t LoadType() const;
160
161 void SetLoadType(uint32_t aLoadType);
162
163 nsISHEntry* SHEntry() const;
164
165 void SetSHEntry(nsISHEntry* aSHEntry);
166
167 const mozilla::dom::LoadingSessionHistoryInfo* GetLoadingSessionHistoryInfo()
168 const;
169
170 // Copies aLoadingInfo and stores the copy in this nsDocShellLoadState.
171 void SetLoadingSessionHistoryInfo(
172 const mozilla::dom::LoadingSessionHistoryInfo& aLoadingInfo);
173
174 // Stores aLoadingInfo in this nsDocShellLoadState.
175 void SetLoadingSessionHistoryInfo(
176 mozilla::UniquePtr<mozilla::dom::LoadingSessionHistoryInfo> aLoadingInfo);
177
178 bool LoadIsFromSessionHistory() const;
179
180 const nsString& Target() const;
181
182 void SetTarget(const nsAString& aTarget);
183
184 nsIInputStream* PostDataStream() const;
185
186 void SetPostDataStream(nsIInputStream* aStream);
187
188 nsIInputStream* HeadersStream() const;
189
190 void SetHeadersStream(nsIInputStream* aHeadersStream);
191
192 bool IsSrcdocLoad() const;
193
194 const nsString& SrcdocData() const;
195
196 void SetSrcdocData(const nsAString& aSrcdocData);
197
198 const MaybeDiscarded<BrowsingContext>& SourceBrowsingContext() const {
199 return mSourceBrowsingContext;
200 }
201
202 void SetSourceBrowsingContext(BrowsingContext*);
203
204 void SetAllowFocusMove(bool aAllow) { mAllowFocusMove = aAllow; }
205
206 bool AllowFocusMove() const { return mAllowFocusMove; }
207
208 const MaybeDiscarded<BrowsingContext>& TargetBrowsingContext() const {
209 return mTargetBrowsingContext;
210 }
211
212 void SetTargetBrowsingContext(BrowsingContext* aTargetBrowsingContext);
213
214 nsIURI* BaseURI() const;
215
216 void SetBaseURI(nsIURI* aBaseURI);
217
218 // Helper function allowing convenient work with mozilla::Maybe in C++, hiding
219 // resultPrincipalURI and resultPrincipalURIIsSome attributes from the
220 // consumer.
221 void GetMaybeResultPrincipalURI(
222 mozilla::Maybe<nsCOMPtr<nsIURI>>& aRPURI) const;
223
224 void SetMaybeResultPrincipalURI(
225 mozilla::Maybe<nsCOMPtr<nsIURI>> const& aRPURI);
226
227 uint32_t LoadFlags() const;
228
229 void SetLoadFlags(uint32_t aFlags);
230
231 void SetLoadFlag(uint32_t aFlag);
232
233 void UnsetLoadFlag(uint32_t aFlag);
234
235 bool HasLoadFlags(uint32_t aFlag);
236
237 uint32_t InternalLoadFlags() const;
238
239 void SetInternalLoadFlags(uint32_t aFlags);
240
241 void SetInternalLoadFlag(uint32_t aFlag);
242
243 void UnsetInternalLoadFlag(uint32_t aFlag);
244
245 bool HasInternalLoadFlags(uint32_t aFlag);
246
247 bool FirstParty() const;
248
249 void SetFirstParty(bool aFirstParty);
250
251 bool HasValidUserGestureActivation() const;
252
253 void SetHasValidUserGestureActivation(bool HasValidUserGestureActivation);
254
255 const nsCString& TypeHint() const;
256
257 void SetTypeHint(const nsCString& aTypeHint);
258
259 const nsString& FileName() const;
260
261 void SetFileName(const nsAString& aFileName);
262
263 nsIURI* GetUnstrippedURI() const;
264
265 void SetUnstrippedURI(nsIURI* aUnstrippedURI);
266
267 // Give the type of DocShell we're loading into (chrome/content/etc) and
268 // origin attributes for the URI we're loading, figure out if we should
269 // inherit our principal from the document the load was requested from, or
270 // else if the principal should be set up later in the process (after loads).
271 // See comments in function for more info on principal selection algorithm
272 nsresult SetupInheritingPrincipal(
273 mozilla::dom::BrowsingContext::Type aType,
274 const mozilla::OriginAttributes& aOriginAttributes);
275
276 // If no triggering principal exists at the moment, create one using referrer
277 // information and origin attributes.
278 nsresult SetupTriggeringPrincipal(
279 const mozilla::OriginAttributes& aOriginAttributes);
280
281 void SetIsFromProcessingFrameAttributes() {
282 mIsFromProcessingFrameAttributes = true;
283 }
284 bool GetIsFromProcessingFrameAttributes() const {
285 return mIsFromProcessingFrameAttributes;
286 }
287
288 nsIChannel* GetPendingRedirectedChannel() {
289 return mPendingRedirectedChannel;
290 }
291
292 uint64_t GetPendingRedirectChannelRegistrarId() const {
293 return mChannelRegistrarId;
294 }
295
296 void SetOriginalURIString(const nsCString& aOriginalURI) {
297 mOriginalURIString.emplace(aOriginalURI);
298 }
299 const mozilla::Maybe<nsCString>& GetOriginalURIString() const {
300 return mOriginalURIString;
301 }
302
303 void SetCancelContentJSEpoch(int32_t aCancelEpoch) {
304 mCancelContentJSEpoch.emplace(aCancelEpoch);
305 }
306 const mozilla::Maybe<int32_t>& GetCancelContentJSEpoch() const {
307 return mCancelContentJSEpoch;
308 }
309
310 uint64_t GetLoadIdentifier() const { return mLoadIdentifier; }
311
312 void SetChannelInitialized(bool aInitilized) {
313 mChannelInitialized = aInitilized;
314 }
315
316 bool GetChannelInitialized() const { return mChannelInitialized; }
317
318 void SetIsMetaRefresh(bool aMetaRefresh) { mIsMetaRefresh = aMetaRefresh; }
319
320 bool IsMetaRefresh() const { return mIsMetaRefresh; }
321
322 const mozilla::Maybe<nsCString>& GetRemoteTypeOverride() const {
323 return mRemoteTypeOverride;
324 }
325
326 void SetRemoteTypeOverride(const nsCString& aRemoteTypeOverride);
327
328 void SetWasSchemelessInput(bool aWasSchemelessInput) {
329 mWasSchemelessInput = aWasSchemelessInput;
330 }
331
332 bool GetWasSchemelessInput() { return mWasSchemelessInput; }
333
334 // Determine the remote type of the process which should be considered
335 // responsible for this load for the purposes of security checks.
336 //
337 // This will generally be the process which created the nsDocShellLoadState
338 // originally, however non-errorpage history loads are always considered to be
339 // triggered by the parent process, as we can validate them against the
340 // history entry.
341 const nsCString& GetEffectiveTriggeringRemoteType() const;
342
343 void SetTriggeringRemoteType(const nsACString& aTriggeringRemoteType);
344
345 // Diagnostic assert if this is a system-principal triggered load, and it is
346 // trivial to determine that the effective triggering remote type would not be
347 // allowed to perform this load.
348 //
349 // This is called early during the load to crash as close to the cause as
350 // possible. See bug 1838686 for details.
351#ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED1
352 void AssertProcessCouldTriggerLoadIfSystem();
353#else
354 void AssertProcessCouldTriggerLoadIfSystem() {}
355#endif
356
357 // When loading a document through nsDocShell::LoadURI(), a special set of
358 // flags needs to be set based on other values in nsDocShellLoadState. This
359 // function calculates those flags, before the LoadState is passed to
360 // nsDocShell::InternalLoad.
361 void CalculateLoadURIFlags();
362
363 // Compute the load flags to be used by creating channel. aUriModified and
364 // aIsEmbeddingBlockedError are expected to be Nothing when called from parent
365 // process.
366 nsLoadFlags CalculateChannelLoadFlags(
367 mozilla::dom::BrowsingContext* aBrowsingContext,
368 mozilla::Maybe<bool> aUriModified,
369 mozilla::Maybe<bool> aIsEmbeddingBlockedError);
370
371 mozilla::dom::DocShellLoadStateInit Serialize(
372 mozilla::ipc::IProtocol* aActor);
373
374 void SetLoadIsFromSessionHistory(int32_t aOffset, bool aLoadingCurrentEntry);
375 void ClearLoadIsFromSessionHistory();
376
377 void MaybeStripTrackerQueryStrings(mozilla::dom::BrowsingContext* aContext);
378
379 protected:
380 // Destructor can't be defaulted or inlined, as header doesn't have all type
381 // includes it needs to do so.
382 ~nsDocShellLoadState();
383
384 // Given the original `nsDocShellLoadState` which was sent to a content
385 // process, validate that they corespond to the same load.
386 // Returns a static (telemetry-safe) string naming what did not match, or
387 // nullptr if it succeeds.
388 const char* ValidateWithOriginalState(nsDocShellLoadState* aOriginalState);
389
390 static nsresult CreateFromLoadURIOptions(
391 BrowsingContext* aBrowsingContext, nsIURI* aURI,
392 const mozilla::dom::LoadURIOptions& aLoadURIOptions,
393 uint32_t aLoadFlagsOverride, nsIInputStream* aPostDataOverride,
394 nsDocShellLoadState** aResult);
395
396 // This is the referrer for the load.
397 nsCOMPtr<nsIReferrerInfo> mReferrerInfo;
398
399 // The URI we are navigating to. Will not be null once set.
400 nsCOMPtr<nsIURI> mURI;
401
402 // The URI to set as the originalURI on the channel that does the load. If
403 // null, aURI will be set as the originalURI.
404 nsCOMPtr<nsIURI> mOriginalURI;
405
406 // The URI to be set to loadInfo.resultPrincipalURI
407 // - When Nothing, there will be no change
408 // - When Some, the principal URI will overwrite even
409 // with a null value.
410 //
411 // Valid only if mResultPrincipalURIIsSome is true (has the same meaning as
412 // isSome() on mozilla::Maybe.)
413 nsCOMPtr<nsIURI> mResultPrincipalURI;
414 bool mResultPrincipalURIIsSome;
415
416 // The principal of the load, that is, the entity responsible for causing the
417 // load to occur. In most cases the referrer and the triggeringPrincipal's URI
418 // will be identical.
419 //
420 // Please note that this is the principal that is used for security checks. If
421 // the argument aURI is provided by the web, then please do not pass a
422 // SystemPrincipal as the triggeringPrincipal.
423 nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
424
425 // The SandboxFlags of the load, that are, the SandboxFlags of the entity
426 // responsible for causing the load to occur. Most likely this are the
427 // SandboxFlags of the document that started the load.
428 uint32_t mTriggeringSandboxFlags;
429
430 // The window ID and current "has storage access" value of the entity
431 // triggering the load. This allows the identification of self-initiated
432 // same-origin navigations that should propogate unpartitioned storage access.
433 uint64_t mTriggeringWindowId;
434 bool mTriggeringStorageAccess;
435
436 // The CSP of the load, that is, the CSP of the entity responsible for causing
437 // the load to occur. Most likely this is the CSP of the document that started
438 // the load. In case the entity starting the load did not use a CSP, then mCsp
439 // can be null. Please note that this is also the CSP that will be applied to
440 // the load in case the load encounters a server side redirect.
441 nsCOMPtr<nsIContentSecurityPolicy> mCsp;
442
443 // If a refresh is caused by http-equiv="refresh" we want to set
444 // aResultPrincipalURI, but we do not want to overwrite the channel's
445 // ResultPrincipalURI, if it has already been set on the channel by a protocol
446 // handler.
447 bool mKeepResultPrincipalURIIfSet;
448
449 // If set LOAD_REPLACE flag will be set on the channel. If aOriginalURI is
450 // null, this argument is ignored.
451 bool mLoadReplace;
452
453 // If this attribute is true and no triggeringPrincipal is specified,
454 // copy the principal from the referring document.
455 bool mInheritPrincipal;
456
457 // If this attribute is true only ever use the principal specified
458 // by the triggeringPrincipal and inheritPrincipal attributes.
459 // If there are security reasons for why this is unsafe, such
460 // as trying to use a systemprincipal as the triggeringPrincipal
461 // for a content docshell the load fails.
462 bool mPrincipalIsExplicit;
463
464 bool mNotifiedBeforeUnloadListeners;
465
466 // Principal we're inheriting. If null, this means the principal should be
467 // inherited from the current document. If set to NullPrincipal, the channel
468 // will fill in principal information later in the load. See internal comments
469 // of SetupInheritingPrincipal for more info.
470 //
471 // When passed to InternalLoad, If this argument is null then
472 // principalToInherit is computed differently. See nsDocShell::InternalLoad
473 // for more comments.
474
475 nsCOMPtr<nsIPrincipal> mPrincipalToInherit;
476
477 nsCOMPtr<nsIPrincipal> mPartitionedPrincipalToInherit;
478
479 // If this attribute is true, then a top-level navigation
480 // to a data URI will be allowed.
481 bool mForceAllowDataURI;
482
483 // If this attribute is true, then the top-level navigaion
484 // will be exempt from HTTPS-Only-Mode upgrades.
485 bool mIsExemptFromHTTPSFirstMode;
486
487 // If this attribute is true, this load corresponds to a frame
488 // element loading its original src (or srcdoc) attribute.
489 bool mOriginalFrameSrc;
490
491 // If this attribute is true, then the load was initiated by a
492 // form submission.
493 bool mIsFormSubmission;
494
495 // Contains a load type as specified by the nsDocShellLoadTypes::load*
496 // constants
497 uint32_t mLoadType;
498
499 // Active Session History entry (if loading from SH)
500 nsCOMPtr<nsISHEntry> mSHEntry;
501
502 // Loading session history info for the load
503 mozilla::UniquePtr<mozilla::dom::LoadingSessionHistoryInfo>
504 mLoadingSessionHistoryInfo;
505
506 // Target for load, like _content, _blank etc.
507 nsString mTarget;
508
509 // When set, this is the Target Browsing Context for the navigation
510 // after retargeting.
511 MaybeDiscarded<BrowsingContext> mTargetBrowsingContext;
512
513 // Post data stream (if POSTing)
514 nsCOMPtr<nsIInputStream> mPostDataStream;
515
516 // Additional Headers
517 nsCOMPtr<nsIInputStream> mHeadersStream;
518
519 // When set, the load will be interpreted as a srcdoc load, where contents of
520 // this string will be loaded instead of the URI. Setting srcdocData sets
521 // isSrcdocLoad to true
522 nsString mSrcdocData;
523
524 // When set, this is the Source Browsing Context for the navigation.
525 MaybeDiscarded<BrowsingContext> mSourceBrowsingContext;
526
527 // Used for srcdoc loads to give view-source knowledge of the load's base URI
528 // as this information isn't embedded in the load's URI.
529 nsCOMPtr<nsIURI> mBaseURI;
530
531 // Set of Load Flags, taken from nsDocShellLoadTypes.h and nsIWebNavigation
532 uint32_t mLoadFlags;
533
534 // Set of internal load flags
535 uint32_t mInternalLoadFlags;
536
537 // Is this a First Party Load?
538 bool mFirstParty;
539
540 // Is this load triggered by a user gesture?
541 bool mHasValidUserGestureActivation;
542
543 // Whether this load can steal the focus from the source browsing context.
544 bool mAllowFocusMove;
545
546 // A hint as to the content-type of the resulting data. If no hint, IsVoid()
547 // should return true.
548 nsCString mTypeHint;
549
550 // Non-void when the link should be downloaded as the given filename.
551 // mFileName being non-void but empty means that no filename hint was
552 // specified, but link should still trigger a download. If not a download,
553 // mFileName.IsVoid() should return true.
554 nsString mFileName;
555
556 // This will be true if this load is triggered by attribute changes.
557 // See nsILoadInfo.isFromProcessingFrameAttributes
558 bool mIsFromProcessingFrameAttributes;
559
560 // If set, a pending cross-process redirected channel should be used to
561 // perform the load. The channel will be stored in this value.
562 nsCOMPtr<nsIChannel> mPendingRedirectedChannel;
563
564 // An optional string representation of mURI, before any
565 // fixups were applied, so that we can send it to a search
566 // engine service if needed.
567 mozilla::Maybe<nsCString> mOriginalURIString;
568
569 // An optional value to pass to nsIDocShell::setCancelJSEpoch
570 // when initiating the load.
571 mozilla::Maybe<int32_t> mCancelContentJSEpoch;
572
573 // If mPendingRedirectChannel is set, then this is the identifier
574 // that the parent-process equivalent channel has been registered
575 // with using RedirectChannelRegistrar.
576 uint64_t mChannelRegistrarId;
577
578 // An identifier to make it possible to examine if two loads are
579 // equal, and which browsing context they belong to (see
580 // BrowsingContext::{Get, Set}CurrentLoadIdentifier)
581 const uint64_t mLoadIdentifier;
582
583 // Optional value to indicate that a channel has been
584 // pre-initialized in the parent process.
585 bool mChannelInitialized;
586
587 // True if the load was triggered by a meta refresh.
588 bool mIsMetaRefresh;
589
590 // True if the nsDocShellLoadState was received over IPC.
591 bool mWasCreatedRemotely = false;
592
593 // The original URI before query stripping happened. If it's present, it shows
594 // the query stripping happened. Otherwise, it will be a nullptr.
595 nsCOMPtr<nsIURI> mUnstrippedURI;
596
597 // If set, the remote type which the load should be completed within.
598 mozilla::Maybe<nsCString> mRemoteTypeOverride;
599
600 // Remote type of the process which originally requested the load.
601 nsCString mTriggeringRemoteType;
602
603 // if the to-be-loaded address had it protocol added through a fixup
604 bool mWasSchemelessInput = false;
605};
606
607#endif /* nsDocShellLoadState_h__ */