Tom Ritter
20c32a0175
Bug 1570738 - Record Telemetry if eval() is used in the Parent Process r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D40332
--HG--
extra : moz-landing-system : lando
2019-08-06 19:56:23 +00:00
Tom Ritter
0b9efb84de
Bug 1567623 - Add Event Telemetry for cases where eval is triggered as System Principal r=chutten,bzbarsky,tcampbell
...
Differential Revision: https://phabricator.services.mozilla.com/D39559
--HG--
extra : moz-landing-system : lando
2019-08-01 20:45:31 +00:00
Tom Ritter
ef67c0b08b
Bug 1567623 - Update AssertEvalNotUsingSystemPrincipal and re-enable it r=ckerschb
...
We now correctly handle the following cases:
- Thunderbird
- the Browser Toolbox/Console
- Two safe and common idioms
- when general.config.filename is set and userChromeJS does shenanigans
We also change the function to only crash in Debug mode, and for Release channels
we report diagnostic information in a way that does not reveal user data.
Differential Revision: https://phabricator.services.mozilla.com/D39557
--HG--
extra : moz-landing-system : lando
2019-08-01 20:45:01 +00:00
Jonas Allmann
adabaeabe2
Bug 1541858, AssertEvalNotUsingSystemPrincipal into the ContentSecurityManager and also call it for worker code r=ckerschb
...
Bug 1541858 - Extended eval()-Assertion whitelist, r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D28052
--HG--
extra : moz-landing-system : lando
2019-04-18 13:54:43 +00:00
Emilio Cobos Álvarez
d2ed260822
Bug 1517241 - Rename nsIDocument to mozilla::dom::Document. r=smaug
...
Summary: Really sorry for the size of the patch. It's mostly automatic
s/nsIDocument/Document/ but I had to fix up in a bunch of places manually to
add the right namespacing and such.
Overall it's not a very interesting patch I think.
nsDocument.cpp turns into Document.cpp, nsIDocument.h into Document.h and
nsIDocumentInlines.h into DocumentInlines.h.
I also changed a bunch of nsCOMPtr usage to RefPtr, but not all of it.
While fixing up some of the bits I also removed some unneeded OwnerDoc() null
checks and such, but I didn't do anything riskier than that.
2019-01-03 17:48:33 +01:00
Sylvestre Ledru
265e672179
Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
...
# ignore-this-changeset
--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
2018-11-30 11:46:48 +01:00
Tom Schuster
b12501054b
Bug 1404744 - Check for FTP subresource after applying CSP. r=ckerschb
...
--HG--
extra : rebase_source : 642ba0d40d6b1d2e7ef85fdc52dffa72b5a24f5b
extra : histedit_source : 117afa5310977211fd18007e5ed7d2991a8b8837
2018-04-06 00:27:02 +02:00
Tom Schuster
8e3324212f
Bug 1404744 - Block loading FTP as a subresource everywhere. r=ckerschb
...
--HG--
extra : rebase_source : 479f1b7f55c3133c7f46c1a343a394fef15e9f59
2018-03-26 21:05:08 +02:00
Christoph Kerschbaumer
a6c1ffb498
Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer
2018-02-18 19:52:52 +01:00
Christoph Kerschbaumer
3d0a1f002e
Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug
2017-11-03 13:23:11 +01:00
Christoph Kerschbaumer
ebfa77072c
Bug 1408451: Log to web console when blocking toplevel data: URI navigations. r=bz
2017-10-16 14:18:52 +02:00
Christoph Kerschbaumer
04a3ca2e32
Bug 1403641: Allow data: URI downloads even if data: URI navigations are blocked. r=bz
2017-10-04 08:43:56 +02:00
Christoph Kerschbaumer
9522e28631
Bug 1394554: Block toplevel data: URI navigations after redirect. r=smaug
2017-09-06 09:33:10 +02:00
Jonas Sicking
6cc5074df0
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-06 18:33:14 -05:00
Sebastian Hengst
774236075d
Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout
2015-12-05 16:34:47 +01:00
Jonas Sicking
df33e62850
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-05 01:46:20 -08:00
Christoph Kerschbaumer
6d3847c487
Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking)
...
--HG--
extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef
2015-09-18 09:27:15 -07:00
Wes Kocher
8414be2356
Backed out 3 changesets (bug 1143922) for landing with the wrong bug number
...
Backed out changeset 309b4d1ab81c (bug 1143922)
Backed out changeset deda472458fd (bug 1143922)
Backed out changeset 977d5b7ecba3 (bug 1143922)
2015-09-18 14:13:33 -07:00
Christoph Kerschbaumer
b01fc3ad90
Bug 1143922 - Make nsContentSecurityManager scriptable (r=sicking)
2015-09-18 09:27:15 -07:00
Christoph Kerschbaumer
bab1940d4a
Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi)
2015-07-19 19:12:11 -07:00