Граф коммитов

102 Коммитов

Автор SHA1 Сообщение Дата
Chung-Sheng Fu 63739feac3 Bug 1037335 - Add a pref to enable only within Nightly and Early Beta. r=ckerschb,smaug
MozReview-Commit-ID: Bi82dHm53qX

--HG--
extra : rebase_source : 61a7c517afb2759d672a1c486213a73ef505a324
extra : amend_source : 572a2c8613fe36ae1ebd613a361bb23acc019912
2017-11-29 16:55:00 +02:00
Chung-Sheng Fu 8dd7eb1b95 Bug 1037335 - Implement security policy violation event. r=ckerschb,smaug
MozReview-Commit-ID: 4BYThUXduI4

--HG--
extra : rebase_source : 5d4a34c5e6bb7fd3774fafb1de72e761bce4591f
2017-11-29 16:53:00 +02:00
Kris Maglione 326ce05075 Bug 1415352: Part 3a - Add preference to increase max length of CSP report source sample. r=ckerschb
This is necessary for tests which need to verify that reports are being sent
for the correct inline sources, where the current sample size is not enough to
completely distinguish them.

MozReview-Commit-ID: 2k2vAhJhIsi

--HG--
extra : rebase_source : 268a53d1450be6666081bf5093aa170352b398e1
2017-11-06 14:01:32 -08:00
Kris Maglione 98c0c61998 Bug 1407056: Follow-up: Don't try to truncate data URI strings to a longer length. r=me
MozReview-Commit-ID: CDsYXyrhB7T

--HG--
extra : rebase_source : 5647f2d05def805218a2ee45913da4388a4d9647
extra : amend_source : e5015c868db64dce924476600f713b6c3aac1e17
2017-10-12 16:56:37 -07:00
Jason Tarka a8b72c7aa8 Bug 1380755 - Examine & report on frame-ancestors CSP in report-only mode. r=ckerschb
Despite what the comment here says, there is nowhere in the W3C CSP spec stating
that frame-ancestors should be ignored in report-only mode.
2017-07-17 14:19:57 -04:00
Ben Kelly eec881a235 Bug 1391693 P3 Allow CSP report channels to be internally redirected. r=ckerschb 2017-10-09 10:03:40 -07:00
Chris Peterson a6a56ed916 Bug 870698 - Part 6: Replace Append(NS_LITERAL_CSTRING("")) with AppendLiteral(""). r=erahm
The NS_LITERAL_CSTRING macro creates a temporary nsLiteralCString to encapsulate the string literal and its length, but AssignLiteral() can determine the string literal's length at compile-time without nsLiteralCString.

MozReview-Commit-ID: F750v6NN81s

--HG--
extra : rebase_source : 714dd78df0f4c33e23e5b117615bd8fd561674c5
extra : source : 742bda9e6b1ddaf34d09894204ad18ce798b79b7
2017-09-07 18:25:25 -07:00
Nicholas Nethercote a83fefd956 Bug 1390036 (part 1) - Remove most remaining uses of nsXPIDLString. r=erahm.
CompareCacheHashEntry::mCrit[] is the only case where the nsXPIDLString-ness
was important. The patch adds an explicit SetIsVoid() call to that class's
constructor and changes some null checks to IsVoid() checks.

--HG--
extra : rebase_source : e68befcde4dd098bac2a550bc666eaf3bf1298d7
2017-08-11 18:31:22 +10:00
Cameron McCormack fdf6f9c5ef Bug 1384741 - Part 1: Add facility to buffer up CSP violation reports. r=bz
MozReview-Commit-ID: G4JLTmP1wD7
2017-08-07 10:09:32 +08:00
Eric Rahm 01f545fea7 Bug 1386825 - Part 1: Remove MOZ_B2G from dom. r=bkelly
MozReview-Commit-ID: 1zzP2r01B7U
2017-08-08 14:41:05 -07:00
Nicholas Nethercote f941156987 Bug 1386600 - Change nsIStringBundle methods to return |AString| instead of |wstring|. r=emk,sr=dbaron.
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.

The patch also removes a couple of unused declarations from
nsIStringBundle.idl.

Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.

--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
2017-08-04 14:40:52 +10:00
Kate McKinley 092434c08c Bug 1376651 - Pass the nsIScriptElement instead of allocating a string every time r=ckerschb
Change the interface to GetAlowsInline to take an nsISupports* instead
of a string, and pass the nsIScriptElement directly. If we don't have an
element, then pass nullptr or the mock string created as an
nsISupportsString.

MozReview-Commit-ID: pgIMxtplsi

--HG--
extra : rebase_source : 4691643bb67ff6c78a74a4886a04c4816cff6219
2017-07-27 11:01:24 -07:00
Bevis Tseng d935b29e72 Bug 1378930 - Part 1: Remove nsINamed::SetName(). r=billm
MozReview-Commit-ID: 7aM1yJRsfPH

--HG--
extra : rebase_source : f207a37be835ac4e6c431af56737cebacf5c566d
2017-07-21 11:50:43 +08:00
Nicholas Nethercote c86dc10505 Bug 1380227 - Avoid many UTF16toUTF8 and UTF8toUTF16 conversions in nsStringBundle. r=emk.
Most of the names passed to nsIStringBundle::{Get,Format}StringFromUTF8Name
have one of the two following forms:

- a 16-bit C string literal, which is then converted to an 8-bit string in
  order for the lookup to occur;

- an 8-bit C string literal converted to a 16-bit string, which is then
  converted back to an 8-bit string in order for the lookup to occur.

This patch introduces and uses alternative methods that can take an 8-bit C
string literal, which requires changing some signatures in other methods and
functions. It replaces all C++ uses of the old methods.

The patch also changes the existing {Get,Format}StringFromName() methods so
they take an AUTF8String argument for the name instead of a wstring, because
that's nicer for JS code.

Even though there is a method for C++ code and a different one for JS code,
|binaryname| is used so that the existing method names can be used for the
common case in both languages.

The change reduces the number of NS_ConvertUTF8toUTF16 and
NS_ConvertUTF16toUTF8 conversions while running Speedometer v2 from ~270,000 to
~160,000. (Most of these conversions involved the string
"deprecatedReferrerDirective" in nsCSPParser.cpp.)

--HG--
extra : rebase_source : 3bee57a501035f76a81230d95186f8c3f460ff8e
2017-07-12 15:13:37 +10:00
Bill McCloskey f115503a0b Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
Carsten "Tomcat" Book 8a1350b5a6 Backed out changeset 4f6302a98ae4 (bug 1372405)
--HG--
extra : rebase_source : 41632f3158e88e692809731394a683d065a73dfb
2017-06-21 13:59:26 +02:00
Bill McCloskey 6b3e84ed5f Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-20 21:44:11 -07:00
Carsten "Tomcat" Book ea1b86680c Backed out changeset 9846de3bd954 (bug 1372405)
--HG--
extra : rebase_source : 5d4a48e8ec394c329994689d938d2a6e9b2752b0
2017-06-20 08:27:02 +02:00
Bill McCloskey 4592152411 Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-19 22:25:47 -07:00
Wes Kocher 6c1a0ae549 Backed out 6 changesets (bug 1371699) for various failures including frequent img-blobURI-2.html failures and leaks a=backout
Backed out changeset 67a27cf0ab80 (bug 1371699)
Backed out changeset 7e494fa90087 (bug 1371699)
Backed out changeset 30405ec37e1e (bug 1371699)
Backed out changeset 2d67624a01dc (bug 1371699)
Backed out changeset 503c9d22e6bb (bug 1371699)
Backed out changeset eedcb67a9fb6 (bug 1371699)

MozReview-Commit-ID: 4HydLjK7Ond
2017-06-13 17:50:11 -07:00
Boris Zbarsky 3d884086c3 Bug 1371699 part 3. Make nsIStringInputStream not inherit from nsIInputStream anymore. r=bkelly
This will prevent ambiguous nsIInputStream inheritance once we also inherit from nsIAsyncInputStream.
2017-06-13 16:16:23 -04:00
Christoph Kerschbaumer 632fd14dfa Bug 1024557 - Ignore x-frame-options if CSP with frame-ancestors exists. r=smaug 2017-06-07 21:17:49 +02:00
Christoph Kerschbaumer e5865a7980 Bug 1355801: Nonce should only apply to script and style. r=dveditz 2017-05-10 08:52:24 +02:00
Thomas Nguyen afaba58d52 Bug 1339004 - Do DocGroup labeling in dom/security. r=ckerschb,smaug
MozReview-Commit-ID: 3QoH8P4J85I

--HG--
extra : rebase_source : 6f62454001fc02380f8aea99a56eff38de0e9fb6
2017-03-29 10:20:32 +08:00
Wei-Cheng Pan 510ba75c20 Bug 1310127 - Part 17: Use MOZ_MUST_USE in netwerk/protocol/http r=smaug
MozReview-Commit-ID: 5gvVZtsa3yS

--HG--
extra : rebase_source : 5e1ab2fc06ae58f18abb8909ac93f9512abbe220
2016-12-20 11:49:32 +08:00
Tom Tromey 5f8f360823 Bug 1060419 - make log_print use Printf.h, r=froydnj
MozReview-Commit-ID: BIZ1GQEZ1vs

--HG--
extra : rebase_source : 2f1f0aa12493c44f352d9a7e8683e7bb72d2d75b
2016-12-15 20:16:31 -07:00
Brendan Dahl b27f51d095 Bug 1277102 - Use nsIDocShellTreeItem::ItemType during nsCSPContext::PermitsAncestry. r=ckerschb 2017-02-01 14:58:00 -05:00
Christoph Kerschbaumer e7473c84f8 Bug 1329288: Allow content policy consumers to identify contentPolicy checks from docshell. r=bz,kmaglione 2017-01-22 18:05:03 +01:00
Sebastian Hengst a692f05c85 Backed out changeset 69fb2fc61535 (bug 1329288) 2017-01-22 13:09:48 +01:00
Christoph Kerschbaumer 130fcb1f75 Bug 1329288: Allow content policy consumers to identify contentPolicy checks from docshell. r=bz,kmaglione 2017-01-22 07:30:26 +01:00
Thomas Nguyen 0aaea58b69 Bug 1304623 - Create a pref to control the default referrer policy - part 3. r=bkelly
MozReview-Commit-ID: 1A6IHPeNYBQ
2017-01-05 11:29:56 +08:00
Sebastian Hengst 115286c614 Backed out changeset 9c1069e2a42e (bug 1236222) for failing xpcshell test test_csp_reports.js. r=backout 2016-11-09 11:31:38 +01:00
Tanuja Sawant 134e80abde Bug 1236222 - CSP: Blocked URI should be empty for inline violations. r=ckerschb 2016-11-07 19:22:53 +05:30
Christoph Kerschbaumer c267f70f91 Bug 1299483 - CSP: Implement 'strict-dynamic', enforcement changes. r=dveditz,freddyb 2016-11-08 12:55:23 +01:00
Christoph Kerschbaumer 066a3827af Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb 2016-10-14 20:07:32 +02:00
Sebastian Hengst 24324313f6 Backed out changeset f443b21ba9de (bug 1307321) for unexpected passing of scripthash-unicode-normalization.sub.html. r=backout 2016-10-14 17:51:22 +02:00
Christoph Kerschbaumer 0341cd9771 Bug 1307321 - Use correct length of CSP report when sending violations. r=jrgm,freddyb 2016-10-14 15:23:24 +02:00
Kate McKinley 694c12c743 Bug 1242019 - Truncate data URIs in CSP log messages. r=ckerschb
MozReview-Commit-ID: DaiGESRI1rb

--HG--
extra : transplant_source : %EC%7B%3F%20O%3A%A7g%BAl%82%BC-Xg%23%84%E2%3C%EE
2016-09-12 14:30:43 -07:00
Nicholas Nethercote 742fc7eb48 Bug 1297961 (part 1) - Introduce nsURI::GetSpecOrDefault(). r=hurley.
This function is an infallible alternative to nsIURI::GetSpec(). It's useful
when it's appropriate to handle a GetSpec() failure with a failure string, e.g.
for log/warning/error messages. It allows code like this:

  nsAutoCString spec;
  uri->GetSpec(spec);
  printf("uri: %s", spec.get());

to be changed to this:

  printf("uri: %s", uri->GetSpecOrDefault().get());

This introduces a slight behavioural change. Previously, if GetSpec() failed,
an empty string would be used here. Now, "[nsIURI::GetSpec failed]" will be
produced instead. In most cases this failure string will make for a clearer
log/warning/error message than the empty string.
* * *
Bug 1297961 (part 1b) - More GetSpecOrDefault() additions. r=hurley.

I will fold this into part 1 before landing.

--HG--
extra : rebase_source : ddc19a5624354ac098be019ca13cc24b99b80ddc
2016-08-26 16:02:31 +10:00
Christoph Kerschbaumer a80531eeb1 Bug 1298505 - CSP: Update StripURIForReporting to rely on NS_SecurityCompareURIs. r=dveditz
--HG--
extra : rebase_source : b3cd4f3ebed2ee079d88c896aa08e2e99e5c20a5
2016-08-27 08:30:43 +02:00
Christoph Kerschbaumer 653bf080a7 Bug 1297051 - CSPRO should not block mixed content. r=dveditz 2016-08-24 09:24:55 +02:00
Nicholas Nethercote 3b0485fcdb Bug 1294645 - Don't use NS_CALLBACK for callbacks in nsI{Input,Output,UnicharInput},Stream.idl. r=froydnj.
Slightly less than half (93 / 210) of the NS_METHOD instances in the codebase
are because of the use of NS_CALLBACK in
nsI{Input,Output,UnicharInput},Stream.idl. The use of __stdcall on Win32 isn't
important for these callbacks because they are only used as arguments to
[noscript] methods.

This patch converts them to vanilla |nsresult| functions. It increases the size
of xul.dll by about ~600 bytes, which is about 0.001%.

--HG--
extra : rebase_source : c15d85298e0975fd030cd8f8f8e54501f453959b
2016-08-12 17:36:22 +10:00
Michael Layzell 8e946df619 Bug 1293001 - Part 2: Change the BinaryName of nsIContentSecurityPolicy::getPolicy from GetPolicy (which overloaded another virtual method), to GetPolicyString, r=froydnj
MozReview-Commit-ID: 4XWRar3Uuw
2016-08-11 15:49:40 -04:00
Nicholas Nethercote e7f10a07fd Bug 1293603 (part 2) - Make Run() declarations consistent. r=erahm.
This patch makes most Run() declarations in subclasses of nsIRunnable have the
same form: |NS_IMETHOD Run() override|.

As a result of these changes, I had to add |override| to a couple of other
functions to satisfy clang's -Winconsistent-missing-override warning.

--HG--
extra : rebase_source : 815d0018b0b13329bb5698c410f500dddcc3ee12
2016-08-08 12:18:10 +10:00
Chris Peterson b175c9fdd5 Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo 2016-07-20 22:03:25 -07:00
Thomas Nguyen 941244dcc8 Bug 1286024 - Replace no document in SetRequestContext warning with a log. r=ckerschb
MozReview-Commit-ID: IitqAt0iLQF

--HG--
extra : rebase_source : 72c6bd3b894d8a36f65bfd43ddd8f294de1f2d22
2016-07-12 17:46:23 +08:00
Paul Roberts ec18fc5ff7 Bug 671389 - Implement CSP sandbox directive. r=ckerschb r=smaug
--HG--
extra : rebase_source : d9c5f5868c2558a3696cd489674da6f243be11ad
2016-06-29 07:48:44 -07:00
Christoph Kerschbaumer 76f6cc7739 Bug 1268327 - ReferrerPolicy should not be delivered through CSPRO r=tnguyen
--HG--
extra : rebase_source : 92bd320351de91b72304c2fc386f1ae295837a9e
2016-06-22 14:13:03 +02:00
Thomas Nguyen 4b7ad0e2c5 Bug 1223838 - Fix wrong policy associated with empty string. r=fkiefer,hsivonen
MozReview-Commit-ID: 7kFH39cegmH
2016-05-30 15:17:45 +08:00
Frederik Braun 404a0bbb99 Bug 1265318: add require-sri-for CSP directive. r=ckerschb
MozReview-Commit-ID: 200PAvKtBME
2016-05-31 11:14:00 +02:00