Граф коммитов

138 Коммитов

Автор SHA1 Сообщение Дата
Andrea Marchesini 9290eb7909 Bug 1488165 - Remove security.csp.enable_violation_events pref, r=dveditz 2018-09-06 09:05:10 +02:00
Andrea Marchesini 44ce53c72e Bug 1476592 - Remove the cache from nsCSPContext - part 2 - sendViolationReports parameter, r=ckerschb, r=aosmond 2018-08-01 06:35:24 +02:00
Andrea Marchesini 277949ed10 Bug 1476592 - Remove the cache from nsCSPContext - part 1, r=ckerschb 2018-08-01 06:35:21 +02:00
Valentin Gosu 7937c7c4cc Bug 1476928 - Remove nsIURI.CloneIgnoringRef and nsIURI.CloneWithNewRef r=JuniorHsu
The patch introduces NS_GetURIWithNewRef and NS_GetURIWithNewRef which perform the same function.

Differential Revision: https://phabricator.services.mozilla.com/D2239

--HG--
extra : moz-landing-system : lando
2018-07-23 11:28:47 +00:00
Christoph Kerschbaumer adac33969a Bug 1304645: Pass individual CSP errors as categories to web console error messages. r=baku 2018-07-20 19:57:21 +02:00
Andreea Pavel b5a482c899 Backed out 3 changesets (bug 1475073, bug 1304645, bug 1474537) for failing wpt and mochitest on a CLOSED TREE
Backed out changeset 4fbeea69b10d (bug 1475073)
Backed out changeset d3ac68d9ead9 (bug 1304645)
Backed out changeset 113b601a3b59 (bug 1474537)
2018-07-20 14:00:09 +03:00
Christoph Kerschbaumer 1de27c0297 Bug 1304645: Pass individual CSP errors as categories to web console error messages. r=baku 2018-07-20 10:42:46 +02:00
Nicholas Nethercote fc1f4bb4ae Bug 1476820 - Convert some VarCache prefs in dom/security/ to use StaticPrefs. r=ckerschb
Specifically:
- "security.csp.enable"
- "security.csp.experimentalEnabled"
- "security.csp.enableStrictDynamic"
- "security.csp.reporting.script-sample.max-length"
- "security.csp.enable_violation_events"

MozReview-Commit-ID: G1ie4ut9QaK

--HG--
extra : rebase_source : d6b5a0e79eb7046a13a8b4fe957c82c11831c86c
2018-07-19 10:43:29 +10:00
Andrea Marchesini d3cf48d4ba Bug 1332422 - CSP should not use 'aExtra' to indicate redirects within ContentPolicy, r=ckerschb
Instead, let's pass a nsIURI object to indicate when we have to check a
redirect CSP loading.
2018-07-19 13:25:50 +02:00
Andrea Marchesini 595fee0d91 Bug 1476280 - SecurityPolicyViolationEvent.blockedURI should contain the original URL in case of redirects, r=ckerschb 2018-07-18 16:49:18 +02:00
Andrea Marchesini 14262bdc7c Bug 1418241 - CSP violation: blockedURI inline/eval, r=ckerschb 2018-07-17 11:13:12 +02:00
Andrea Marchesini ceea0172b0 Bug 1473587 - CSP Violation events should have the correct sample for inline contexts, r=jorendorff, r=ckerschb 2018-07-16 17:58:04 +02:00
Andrea Marchesini 8fe4d55300 Bug 1472927 - Fix CSP violation events in workers, r=asuth, r=ckerschb 2018-07-10 18:53:03 +02:00
Andrea Marchesini 5fff1762ad Bug 1418236 - Correct EventTarget for CSP violation events, r=ckerschb 2018-07-10 17:40:21 +02:00
Andrea Marchesini 11176d20f1 Bug 1473827 - Fix a typo in nsCSPContext related to columnNumber, r=me 2018-07-06 10:28:44 +02:00
Andrea Marchesini 9042bfbc94 Bug 1473218 - Implement report-sample support for CSP directives, r=ckerschb 2018-07-06 08:01:49 +02:00
Andrea Marchesini 14d462eeb3 Bug 1418246 - Return valid columnNumber value in CSP violation events, r=ckerschb 2018-07-05 08:21:04 +02:00
Boris Zbarsky bea3100e53 Bug 1455676 part 14. Remove most use of nsIDOMNode in dom/. r=qdot 2018-05-29 22:58:49 -04:00
Adrian Wielgosik 074d88de5a Bug 1460940 - Convert nsIPrincipal to use nsIDocument. r=bz
MozReview-Commit-ID: z1TGWtS1KG

--HG--
extra : rebase_source : e5291c40eb017c1e3fd69333ac108dda852fb8cd
2018-05-11 19:46:15 +02:00
Andrea Marchesini b5118e1ddf Bug 1302449 - Remove the "referrer" directive in CSP, r=ckerschb 2018-05-09 13:15:08 +02:00
Chris Peterson 71422dcaa9 Bug 1457813 - Part 2: Replace non-asserting NS_PRECONDITIONs with MOZ_ASSERTs. r=froydnj
s/NS_PRECONDITION/MOZ_ASSERT/ and reindent

MozReview-Commit-ID: KuUsnVe2h8L

--HG--
extra : source : c14655ab3df2c9b1465dd8102b9d25683359a37b
2018-04-28 12:50:58 -07:00
Boris Zbarsky 4292bca4ee Bug 1449631 part 6. Remove nsIDOMEventTarget::DispatchEvent. r=smaug
MozReview-Commit-ID: 8YMgmMwZkAL
2018-04-05 13:42:41 -04:00
Jonathan Kingston 27171aed4f Bug 1236222 - CSP: Blocked URI should be empty for inline violations. r=ckerschb
MozReview-Commit-ID: 6bMAVJl9RTG

--HG--
extra : rebase_source : e2cceb777ac659f7fd1a84f6d8408dc7e7179a35
2018-03-08 16:23:03 -08:00
Emilio Cobos Álvarez 109ffb9beb Bug 1420680: Remove the mechanism to buffer CSP violations. r=bz
With the previous patch it's unused.

MozReview-Commit-ID: 4EKufeNu0Jz
2018-04-03 16:22:51 +02:00
Andrea Marchesini 5784769019 Bug 1443079 - nsScriptError.isFromPrivateWindow must match the correct value also in e10s mode, r=smaug 2018-03-13 06:40:38 +01:00
Valentin Gosu 84b854ce2c Bug 1433958 - Change code that sets nsIURI.userPass to use nsIURIMutator r=mayhemer
* Code in XMLHttpRequestMainThread is converted to set the username and password individually. This is because when the parameters are empty, it ended up calling SetUserPass(":") which always returns an error.

MozReview-Commit-ID: 3cK5HeyzjFE

--HG--
extra : rebase_source : f34400c11245d88648b0ae9c196637628afa9517
2018-02-26 20:43:46 +01:00
Boris Zbarsky 7c392f077e Bug 1418085 part 6. Remove nsIDOMHTMLElement. r=mystor
MozReview-Commit-ID: 5QUyFeAQYZQ
2018-01-30 00:25:36 -05:00
Boris Zbarsky 9da3878bc9 Bug 1418076 part 11. Eliminate the nsIDOMHTMLDocument interface. r=mystor
MozReview-Commit-ID: 4lEcUeenbg3
2018-01-26 01:03:25 -05:00
Boris Zbarsky e565b1fe1b Bug 1432944 part 11. Remove nsIDOMElement::GetAttribute. r=mccr8
MozReview-Commit-ID: 2f1vFvRdCPG
2018-01-29 23:28:00 -05:00
Andrea Marchesini c6da271117 Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug
* * *
Bug 1425458 - Resource timing entries Workers - part 10 - Correct parameters in NS_NewChannel in nsDataObj.cpp, r=me
2018-01-24 17:17:31 +01:00
Brindusan Cristian 368c3d5b6b Backed out 12 changesets (bug 1425458) for mochitest failures on WorkerPrivate.cpp on a CLOSED TREE
Backed out changeset 11997de13778 (bug 1425458)
Backed out changeset 100b9d4f36bc (bug 1425458)
Backed out changeset a29e9dbb8c42 (bug 1425458)
Backed out changeset b96d58fd945c (bug 1425458)
Backed out changeset f140da44ba68 (bug 1425458)
Backed out changeset af56400233d9 (bug 1425458)
Backed out changeset 7034af4332e4 (bug 1425458)
Backed out changeset f70500179140 (bug 1425458)
Backed out changeset 793bbfc23257 (bug 1425458)
Backed out changeset 2efb375a8ffc (bug 1425458)
Backed out changeset 07e781e37451 (bug 1425458)
Backed out changeset e875f3702a5f (bug 1425458)
2018-01-24 20:47:48 +02:00
Andrea Marchesini 6480b95ba3 Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug 2018-01-24 17:17:31 +01:00
Chung-Sheng Fu d1124b72c7 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
MozReview-Commit-ID: 8DQ7CI5exUL

--HG--
extra : rebase_source : 69181c5e5f61f6fee5224def74c54985c3b47dee
2018-01-16 22:59:00 +02:00
Andreea Pavel 77efdcf21a Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge
Backed out changeset 5357dbb6df2b (bug 1418243)
Backed out changeset 778a37000696 (bug 1418243)
2018-01-16 13:02:32 +02:00
Chung-Sheng Fu eaddf31393 Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
MozReview-Commit-ID: 8DQ7CI5exUL
2018-01-15 23:30:00 +02:00
Honza Bambas c3f3b8d161 Bug 1391277 - Investigative logging in CSP: log when 'upgrade-insecure-requests' CSP is added to the CSP context, r=bz 2018-01-11 10:57:00 +02:00
Chung-Sheng Fu 63739feac3 Bug 1037335 - Add a pref to enable only within Nightly and Early Beta. r=ckerschb,smaug
MozReview-Commit-ID: Bi82dHm53qX

--HG--
extra : rebase_source : 61a7c517afb2759d672a1c486213a73ef505a324
extra : amend_source : 572a2c8613fe36ae1ebd613a361bb23acc019912
2017-11-29 16:55:00 +02:00
Chung-Sheng Fu 8dd7eb1b95 Bug 1037335 - Implement security policy violation event. r=ckerschb,smaug
MozReview-Commit-ID: 4BYThUXduI4

--HG--
extra : rebase_source : 5d4a34c5e6bb7fd3774fafb1de72e761bce4591f
2017-11-29 16:53:00 +02:00
Kris Maglione 326ce05075 Bug 1415352: Part 3a - Add preference to increase max length of CSP report source sample. r=ckerschb
This is necessary for tests which need to verify that reports are being sent
for the correct inline sources, where the current sample size is not enough to
completely distinguish them.

MozReview-Commit-ID: 2k2vAhJhIsi

--HG--
extra : rebase_source : 268a53d1450be6666081bf5093aa170352b398e1
2017-11-06 14:01:32 -08:00
Kris Maglione 98c0c61998 Bug 1407056: Follow-up: Don't try to truncate data URI strings to a longer length. r=me
MozReview-Commit-ID: CDsYXyrhB7T

--HG--
extra : rebase_source : 5647f2d05def805218a2ee45913da4388a4d9647
extra : amend_source : e5015c868db64dce924476600f713b6c3aac1e17
2017-10-12 16:56:37 -07:00
Jason Tarka a8b72c7aa8 Bug 1380755 - Examine & report on frame-ancestors CSP in report-only mode. r=ckerschb
Despite what the comment here says, there is nowhere in the W3C CSP spec stating
that frame-ancestors should be ignored in report-only mode.
2017-07-17 14:19:57 -04:00
Ben Kelly eec881a235 Bug 1391693 P3 Allow CSP report channels to be internally redirected. r=ckerschb 2017-10-09 10:03:40 -07:00
Chris Peterson a6a56ed916 Bug 870698 - Part 6: Replace Append(NS_LITERAL_CSTRING("")) with AppendLiteral(""). r=erahm
The NS_LITERAL_CSTRING macro creates a temporary nsLiteralCString to encapsulate the string literal and its length, but AssignLiteral() can determine the string literal's length at compile-time without nsLiteralCString.

MozReview-Commit-ID: F750v6NN81s

--HG--
extra : rebase_source : 714dd78df0f4c33e23e5b117615bd8fd561674c5
extra : source : 742bda9e6b1ddaf34d09894204ad18ce798b79b7
2017-09-07 18:25:25 -07:00
Nicholas Nethercote a83fefd956 Bug 1390036 (part 1) - Remove most remaining uses of nsXPIDLString. r=erahm.
CompareCacheHashEntry::mCrit[] is the only case where the nsXPIDLString-ness
was important. The patch adds an explicit SetIsVoid() call to that class's
constructor and changes some null checks to IsVoid() checks.

--HG--
extra : rebase_source : e68befcde4dd098bac2a550bc666eaf3bf1298d7
2017-08-11 18:31:22 +10:00
Cameron McCormack fdf6f9c5ef Bug 1384741 - Part 1: Add facility to buffer up CSP violation reports. r=bz
MozReview-Commit-ID: G4JLTmP1wD7
2017-08-07 10:09:32 +08:00
Eric Rahm 01f545fea7 Bug 1386825 - Part 1: Remove MOZ_B2G from dom. r=bkelly
MozReview-Commit-ID: 1zzP2r01B7U
2017-08-08 14:41:05 -07:00
Nicholas Nethercote f941156987 Bug 1386600 - Change nsIStringBundle methods to return |AString| instead of |wstring|. r=emk,sr=dbaron.
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.

The patch also removes a couple of unused declarations from
nsIStringBundle.idl.

Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.

--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
2017-08-04 14:40:52 +10:00
Kate McKinley 092434c08c Bug 1376651 - Pass the nsIScriptElement instead of allocating a string every time r=ckerschb
Change the interface to GetAlowsInline to take an nsISupports* instead
of a string, and pass the nsIScriptElement directly. If we don't have an
element, then pass nullptr or the mock string created as an
nsISupportsString.

MozReview-Commit-ID: pgIMxtplsi

--HG--
extra : rebase_source : 4691643bb67ff6c78a74a4886a04c4816cff6219
2017-07-27 11:01:24 -07:00
Bevis Tseng d935b29e72 Bug 1378930 - Part 1: Remove nsINamed::SetName(). r=billm
MozReview-Commit-ID: 7aM1yJRsfPH

--HG--
extra : rebase_source : f207a37be835ac4e6c431af56737cebacf5c566d
2017-07-21 11:50:43 +08:00
Nicholas Nethercote c86dc10505 Bug 1380227 - Avoid many UTF16toUTF8 and UTF8toUTF16 conversions in nsStringBundle. r=emk.
Most of the names passed to nsIStringBundle::{Get,Format}StringFromUTF8Name
have one of the two following forms:

- a 16-bit C string literal, which is then converted to an 8-bit string in
  order for the lookup to occur;

- an 8-bit C string literal converted to a 16-bit string, which is then
  converted back to an 8-bit string in order for the lookup to occur.

This patch introduces and uses alternative methods that can take an 8-bit C
string literal, which requires changing some signatures in other methods and
functions. It replaces all C++ uses of the old methods.

The patch also changes the existing {Get,Format}StringFromName() methods so
they take an AUTF8String argument for the name instead of a wstring, because
that's nicer for JS code.

Even though there is a method for C++ code and a different one for JS code,
|binaryname| is used so that the existing method names can be used for the
common case in both languages.

The change reduces the number of NS_ConvertUTF8toUTF16 and
NS_ConvertUTF16toUTF8 conversions while running Speedometer v2 from ~270,000 to
~160,000. (Most of these conversions involved the string
"deprecatedReferrerDirective" in nsCSPParser.cpp.)

--HG--
extra : rebase_source : 3bee57a501035f76a81230d95186f8c3f460ff8e
2017-07-12 15:13:37 +10:00