(In reply to Sandor Molnar from comment #4) > Backed out for causing assertion failures in dom/security/DOMSecurityMonitor.cpp > > Backout link: https://hg.mozilla.org/integration/autoland/rev/7272e73dca36f2a96bf1aaafcd075c16388a0d7e > > [Push with failures](https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&selectedTaskRun=cAkkzpj_TH2F7d8e5jKyFg.0&resultStatus=success%2Ctestfailed%2Cbusted%2Cexception%2Crunnable&searchStr=linux%2C18.04%2Cx64%2Cwebrender%2Cdebug%2Cmochitests%2Cwithout%2Ce10s%2Cor%2Cfission%2Ctest-linux1804-64-qr%2Fdebug-mochitest-a11y-1proc%2Ca11y&revision=f1639812175b9ba66533e45504ce995725d82e73) > > [Failure log](https://treeherder.mozilla.org/logviewer?job_id=401644559&repo=autoland&lineNumber=2640) > > ``` > Assertion failure: false, at /builds/worker/checkouts/gecko/dom/security/DOMSecurityMonitor.cpp:111 Eemeli and Christoph, can you help? The C++ stack: ``` [task 2023-01-07T00:22:07.029Z] 00:22:07 INFO - rsp = 0x00007ffd9106ae80 r12 = 0x00007f97a43eff20 [task 2023-01-07T00:22:07.029Z] 00:22:07 INFO - r13 = 0x00000000ffffffff r14 = 0x00007ffd9106afe8 [task 2023-01-07T00:22:07.029Z] 00:22:07 INFO - r15 = 0x00007f97a43eff00 rip = 0x00007f97d756cb6b [task 2023-01-07T00:22:07.029Z] 00:22:07 INFO - Found by: call frame info [task 2023-01-07T00:22:07.029Z] 00:22:07 INFO - 2 libxul.so!mozilla::dom::L10nOverlays::TranslateElement(mozilla::dom::Element&, mozilla::dom::L10nMessage const&, nsTArray<mozilla::dom::L10nOverlaysError>&, mozilla::ErrorResult&) [L10nOverlays.cpp:f1639812175b9ba66533e45504ce995725d82e73 : 528 + 0x26] [task 2023-01-07T00:22:07.030Z] 00:22:07 INFO - rbx = 0x00007f97a6da2618 rbp = 0x00007ffd9106b0b0 [task 2023-01-07T00:22:07.030Z] 00:22:07 INFO - rsp = 0x00007ffd9106af70 r12 = 0x00007ffd9106afe8 [task 2023-01-07T00:22:07.030Z] 00:22:07 INFO - r13 = 0x00007f97a43eff00 r14 = 0x00007f97a43fbf70 [task 2023-01-07T00:22:07.030Z] 00:22:07 INFO - r15 = 0x00007ffd9106b3a0 rip = 0x00007f97d996a4f3 [task 2023-01-07T00:22:07.030Z] 00:22:07 INFO - Found by: call frame info [task 2023-01-07T00:22:07.030Z] 00:22:07 INFO - 3 libxul.so!mozilla::dom::DOMLocalization::ApplyTranslations(nsTArray<nsCOMPtr<mozilla::dom::Element> >&, nsTArray<mozilla::dom::Nullable<mozilla::dom::L10nMessage> >&, nsXULPrototypeDocument*, mozilla::ErrorResult&) [DOMLocalization.cpp:f1639812175b9ba66533e45504ce995725d82e73 : 521 + 0x15] [task 2023-01-07T00:22:07.030Z] 00:22:07 INFO - rbx = 0x0000000000000060 rbp = 0x00007ffd9106b140 [task 2023-01-07T00:22:07.031Z] 00:22:07 INFO - rsp = 0x00007ffd9106b0c0 r12 = 0x0000000000000000 [task 2023-01-07T00:22:07.031Z] 00:22:07 INFO - r13 = 0x00007ffd9106b3a0 r14 = 0x000000000000000b [task 2023-01-07T00:22:07.031Z] 00:22:07 INFO - r15 = 0x0000000000000048 rip = 0x00007f97d99699df [task 2023-01-07T00:22:07.031Z] 00:22:07 INFO - Found by: call frame info [task 2023-01-07T00:22:07.031Z] 00:22:07 INFO - 4 libxul.so!mozilla::dom::DOMLocalization::TranslateElements(nsTArray<mozilla::OwningNonNull<mozilla::dom::Element> > const&, nsXULPrototypeDocument*, mozilla::ErrorResult&) [DOMLocalization.cpp:f1639812175b9ba66533e45504ce995725d82e73 : 356 + 0x12] [task 2023-01-07T00:22:07.031Z] 00:22:07 INFO - rbx = 0x00007ffd9106b3a0 rbp = 0x00007ffd9106b1e0 [task 2023-01-07T00:22:07.032Z] 00:22:07 INFO - rsp = 0x00007ffd9106b150 r12 = 0x00007ffd9106b248 [task 2023-01-07T00:22:07.032Z] 00:22:07 INFO - r13 = 0x00007f97a7a91800 r14 = 0x00007f97a97305b0 [task 2023-01-07T00:22:07.032Z] 00:22:07 INFO - r15 = 0x00007ffd9106b3a0 rip = 0x00007f97d996959b [task 2023-01-07T00:22:07.032Z] 00:22:07 INFO - Found by: call frame info [task 2023-01-07T00:22:07.033Z] 00:22:07 INFO - 5 libxul.so!mozilla::dom::DOMLocalization::TranslateElements(nsTArray<mozilla::OwningNonNull<mozilla::dom::Element> > const&, mozilla::ErrorResult&) [DOMLocalization.cpp:f1639812175b9ba66533e45504ce995725d82e73 : 300] [task 2023-01-07T00:22:07.033Z] 00:22:07 INFO - Found by: inlining [task 2023-01-07T00:22:07.033Z] 00:22:07 INFO - 6 libxul.so!mozilla::dom::DOMLocalization::TranslateFragment(nsINode&, mozilla::ErrorResult&) [DOMLocalization.cpp:f1639812175b9ba66533e45504ce995725d82e73 : 184 + 0xf] [task 2023-01-07T00:22:07.033Z] 00:22:07 INFO - rbx = 0x00007ffd9106b3a0 rbp = 0x00007ffd9106b220 [task 2023-01-07T00:22:07.034Z] 00:22:07 INFO - rsp = 0x00007ffd9106b1f0 r12 = 0x00007ffd9106b260 [task 2023-01-07T00:22:07.034Z] 00:22:07 INFO - r13 = 0xaaaaaaaaaaaaaaaa r14 = 0x00007ffd9106b248 [task 2023-01-07T00:22:07.034Z] 00:22:07 INFO - r15 = 0x00007f97a7a91800 rip = 0x00007f97d9968dd3 [task 2023-01-07T00:22:07.034Z] 00:22:07 INFO - Found by: call frame info [task 2023-01-07T00:22:07.035Z] 00:22:07 INFO - 7 libxul.so!mozilla::dom::DOMLocalization::TranslateRoots(mozilla::ErrorResult&) [DOMLocalization.cpp:f1639812175b9ba66533e45504ce995725d82e73 : 413 + 0x2c] [task 2023-01-07T00:22:07.035Z] 00:22:07 INFO - rbx = 0x00007ffd9106b3a0 rbp = 0x00007ffd9106b370 [task 2023-01-07T00:22:07.035Z] 00:22:07 INFO - rsp = 0x00007ffd9106b230 r12 = 0x00007ffd9106b260 [task 2023-01-07T00:22:07.035Z] 00:22:07 INFO - r13 = 0xaaaaaaaaaaaaaaaa r14 = 0x00007f97a43f2190 [task 2023-01-07T00:22:07.035Z] 00:22:07 INFO - r15 = 0x00007ffd9106b248 rip = 0x00007f97d996a06f [task 2023-01-07T00:22:07.036Z] 00:22:07 INFO - Found by: call frame info [task 2023-01-07T00:22:07.036Z] 00:22:07 INFO - 8 libxul.so!mozilla::dom::DOMLocalization_Binding::translateRoots(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) [DOMLocalizationBinding.cpp: : 550] [task 2023-01-07T00:22:07.036Z] 00:22:07 INFO - Found by: inlining [task 2023-01-07T00:22:07.037Z] 00:22:07 INFO - 9 libxul.so!mozilla::dom::DOMLocalization_Binding::translateRoots_promiseWrapper(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) [DOMLocalizationBinding.cpp: : 566 + 0x75] [task 2023-01-07T00:22:07.037Z] 00:22:07 INFO - rbx = 0x00007ffd9106b398 rbp = 0x00007ffd9106b400 [task 2023-01-07T00:22:07.037Z] 00:22:07 INFO - rsp = 0x00007ffd9106b380 r12 = 0x00007f97a7a91800 [task 2023-01-07T00:22:07.037Z] 00:22:07 INFO - r13 = 0x00007ffd9106b430 r14 = 0x00007ffd9106b3a0 [task 2023-01-07T00:22:07.038Z] 00:22:07 INFO - r15 = 0x0000000000000000 rip = 0x00007f97d832e457 [task 2023-01-07T00:22:07.038Z] 00:22:07 INFO - Found by: call frame info ``` (rest elided) suggests this is from calling `translateRoots()` from JS. I don't understand why this would fail while calling `l10n.setAttributes()` and friends would succeed. AIUI the code in DOMSecurityMonitor (which I reviewed a few years back 😅) is there to prevent JS calls to `innerHTML`. But this isn't a JS call to `innerHTML`, but to `translateRoots()`, and I don't understand why it's being treated the same.
Bug 1807249 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Sandor Molnar from comment #4) > Backed out for causing assertion failures in dom/security/DOMSecurityMonitor.cpp > > Backout link: https://hg.mozilla.org/integration/autoland/rev/7272e73dca36f2a96bf1aaafcd075c16388a0d7e > > [Push with failures](https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&selectedTaskRun=cAkkzpj_TH2F7d8e5jKyFg.0&resultStatus=success%2Ctestfailed%2Cbusted%2Cexception%2Crunnable&searchStr=linux%2C18.04%2Cx64%2Cwebrender%2Cdebug%2Cmochitests%2Cwithout%2Ce10s%2Cor%2Cfission%2Ctest-linux1804-64-qr%2Fdebug-mochitest-a11y-1proc%2Ca11y&revision=f1639812175b9ba66533e45504ce995725d82e73) > > [Failure log](https://treeherder.mozilla.org/logviewer?job_id=401644559&repo=autoland&lineNumber=2640) > > ``` > Assertion failure: false, at /builds/worker/checkouts/gecko/dom/security/DOMSecurityMonitor.cpp:111 Eemeli and Christoph, can you help? The C++ stack: ```#01: DOMSecurityMonitor::AuditParsingOfHTMLXMLFragments(nsIPrincipal*, nsTSubstring<char16_t> const&) [dom/security/DOMSecurityMonitor.cpp:111] #02: nsContentUtils::ParseFragmentHTML(nsTSubstring<char16_t> const&, nsIContent*, nsAtom*, int, bool, bool, int) [dom/base/nsContentUtils.cpp:5370] #03: mozilla::dom::L10nOverlays::TranslateElement(mozilla::dom::Element&, mozilla::dom::L10nMessage const&, nsTArray<mozilla::dom::L10nOverlaysError>&, mozilla::ErrorResult&) [dom/l10n/L10nOverlays.cpp:528] #04: mozilla::dom::DOMLocalization::ApplyTranslations(nsTArray<nsCOMPtr<mozilla::dom::Element> >&, nsTArray<mozilla::dom::Nullable<mozilla::dom::L10nMessage> >&, nsXULPrototypeDocument*, mozilla::ErrorResult&) [dom/l10n/DOMLocalization.cpp:523] #05: mozilla::dom::DOMLocalization::TranslateElements(nsTArray<mozilla::OwningNonNull<mozilla::dom::Element> > const&, nsXULPrototypeDocument*, mozilla::ErrorResult&) [dom/l10n/DOMLocalization.cpp:357] #06: mozilla::dom::DOMLocalization::TranslateFragment(nsINode&, mozilla::ErrorResult&) [dom/l10n/DOMLocalization.cpp:0] #07: mozilla::dom::DOMLocalization::TranslateRoots(mozilla::ErrorResult&) [dom/l10n/DOMLocalization.cpp:413] #08: mozilla::dom::DOMLocalization_Binding::translateRoots_promiseWrapper(JSContext*, JS::Handle<JSObject*>, void*, JSJitMethodCallArgs const&) [s3:gecko-generated-sources:ae4d48bc21d7de7cf712c1b7095f410c12291e754d3bde43d440e1bac142c42fdf34567da90dd6d15b051ab5cf9b5b66bdaad87423210fe9ebbb5b7223129994/dom/bindings/DOMLocalizationBinding.cpp::566] ``` (rest elided) suggests this is from calling `translateRoots()` from JS. I don't understand why this would fail while calling `l10n.setAttributes()` and friends would succeed. AIUI the code in DOMSecurityMonitor (which I reviewed a few years back 😅) is there to prevent JS calls to `innerHTML`. But this isn't a JS call to `innerHTML`, but to `translateRoots()`, and I don't understand why it's being treated the same.