I don't understand how the new mozbrowser API privilege works

[paulrouget]

Maybe I missed something in the recent changes in the mozbrowser API, and codegen (#11308 and #11465), but:

The interface BrowserElementPrivileged describes special methods that should be only available if:

1. the <iframe> is in the top level document,
2. the <iframe> has a mozbrowser attribute
3. the preference dom.enabled.mozbrowser is set to true

In HTMLIFrameElement.webidl it says: HTMLIFrameElement implements BrowserElement; without any condition.

I see [Func="Window::global_is_mozbrowser"] for the mozbrowser attribute, but not for all the other methods.

So if I'm not mistaken, that means that all the mozbrowser methods will be visible from any iframe, no matter what (even if the 3 conditions are not met) and only throw if 2 is false?

Also - HTMLIFrameElement.mozbrowser is only available if Window::global_is_mozbrowser, but that doesn't prevent me to do iframe.setAttribute("mozbrowser", true), does it?

I'm under the impression that:

• the mozbrowser API is visible no matter what
• the dom.mozbrowser preference does nothing
• setting the mozbrowser attribute is enough to get the privileges
• mozbrowser API is available in non top level pipelines

[paulrouget]

Here is a test (load a.html in servo):

<!-- a.html -->
<iframe mozbrowser="true" src="b.html"></iframe>
<script>
  var iframe = document.querySelector("iframe");
  iframe.addEventListener("mozbrowserloadend", _ => {
    console.log("a.html: mozbrowser event");
  });
  setTimeout(() => {
    console.log("a.html: " + iframe.goForward);
    try {
      iframe.goForward();
      console.log("a.html goForward() succeeded");
    } catch(e) {
      console.log("a.html goForward() failed: " + e);
    }
  }, 2000);
</script>

<!-- b.html -->
<iframe mozbrowser="true" src="data:,c"></iframe>
<script>
  var iframe = document.querySelector("iframe");
  iframe.addEventListener("mozbrowserloadend", _ => {
    console.log("b.html: mozbrowser event");
  });
  setTimeout(() => {
    console.log("b.html: " + iframe.goForward);
    try {
      iframe.goForward();
      console.log("b.html goForward() succeeded");
    } catch(e) {
      console.log("b.html goForward() failed: " + e);
    }
  }, 1000);
</script>

Without the pref, I see:

b.html: function goForward() {
    [native code]
}
b.html goForward() succeeded
a.html: function goForward() {
    [native code]
}
a.html goForward() succeeded

We should see:

b.html: undefined
b.html goForward() failed
a.html: undefined
a.html goForward() failed

With the pref I see:

b.html: mozbrowser event
a.html: mozbrowser event
b.html: function goForward() {
    [native code]
}
b.html goForward() succeeded
a.html: function goForward() {
    [native code]
}
a.html goForward() succeeded

We should see:

a.html: mozbrowser event
b.html: undefined
b.html goForward() failed
a.html: function goForward() {
    [native code]
}
a.html goForward() succeeded

[nox]

So I should restore some of the checks in HTMLIFrameElement::Mozbrowser and add [Func] in BrowserElement.webidl. I had done that in my initial PR but I fumbled a rebase after addressing one of @jdm's comments I think.