Граф коммитов

20 Коммитов

Автор SHA1 Сообщение Дата
Tom Ritter 20c32a0175 Bug 1570738 - Record Telemetry if eval() is used in the Parent Process r=ckerschb
Differential Revision: https://phabricator.services.mozilla.com/D40332

--HG--
extra : moz-landing-system : lando
2019-08-06 19:56:23 +00:00
Tom Ritter 0b9efb84de Bug 1567623 - Add Event Telemetry for cases where eval is triggered as System Principal r=chutten,bzbarsky,tcampbell
Differential Revision: https://phabricator.services.mozilla.com/D39559

--HG--
extra : moz-landing-system : lando
2019-08-01 20:45:31 +00:00
Tom Ritter ef67c0b08b Bug 1567623 - Update AssertEvalNotUsingSystemPrincipal and re-enable it r=ckerschb
We now correctly handle the following cases:
 - Thunderbird
 - the Browser Toolbox/Console
 - Two safe and common idioms
 - when general.config.filename is set and userChromeJS does shenanigans

We also change the function to only crash in Debug mode, and for Release channels
we report diagnostic information in a way that does not reveal user data.

Differential Revision: https://phabricator.services.mozilla.com/D39557

--HG--
extra : moz-landing-system : lando
2019-08-01 20:45:01 +00:00
Jonas Allmann adabaeabe2 Bug 1541858, AssertEvalNotUsingSystemPrincipal into the ContentSecurityManager and also call it for worker code r=ckerschb
Bug 1541858 - Extended eval()-Assertion whitelist, r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D28052

--HG--
extra : moz-landing-system : lando
2019-04-18 13:54:43 +00:00
Emilio Cobos Álvarez d2ed260822 Bug 1517241 - Rename nsIDocument to mozilla::dom::Document. r=smaug
Summary: Really sorry for the size of the patch. It's mostly automatic
s/nsIDocument/Document/ but I had to fix up in a bunch of places manually to
add the right namespacing and such.

Overall it's not a very interesting patch I think.

nsDocument.cpp turns into Document.cpp, nsIDocument.h into Document.h and
nsIDocumentInlines.h into DocumentInlines.h.

I also changed a bunch of nsCOMPtr usage to RefPtr, but not all of it.

While fixing up some of the bits I also removed some unneeded OwnerDoc() null
checks and such, but I didn't do anything riskier than that.
2019-01-03 17:48:33 +01:00
Sylvestre Ledru 265e672179 Bug 1511181 - Reformat everything to the Google coding style r=ehsan a=clang-format
# ignore-this-changeset

--HG--
extra : amend_source : 4d301d3b0b8711c4692392aa76088ba7fd7d1022
2018-11-30 11:46:48 +01:00
Tom Schuster b12501054b Bug 1404744 - Check for FTP subresource after applying CSP. r=ckerschb
--HG--
extra : rebase_source : 642ba0d40d6b1d2e7ef85fdc52dffa72b5a24f5b
extra : histedit_source : 117afa5310977211fd18007e5ed7d2991a8b8837
2018-04-06 00:27:02 +02:00
Tom Schuster 8e3324212f Bug 1404744 - Block loading FTP as a subresource everywhere. r=ckerschb
--HG--
extra : rebase_source : 479f1b7f55c3133c7f46c1a343a394fef15e9f59
2018-03-26 21:05:08 +02:00
Christoph Kerschbaumer a6c1ffb498 Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer 2018-02-18 19:52:52 +01:00
Christoph Kerschbaumer 3d0a1f002e Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug 2017-11-03 13:23:11 +01:00
Christoph Kerschbaumer ebfa77072c Bug 1408451: Log to web console when blocking toplevel data: URI navigations. r=bz 2017-10-16 14:18:52 +02:00
Christoph Kerschbaumer 04a3ca2e32 Bug 1403641: Allow data: URI downloads even if data: URI navigations are blocked. r=bz 2017-10-04 08:43:56 +02:00
Christoph Kerschbaumer 9522e28631 Bug 1394554: Block toplevel data: URI navigations after redirect. r=smaug 2017-09-06 09:33:10 +02:00
Jonas Sicking 6cc5074df0 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-06 18:33:14 -05:00
Sebastian Hengst 774236075d Backed out changeset 09d64535bcda (bug 1216687), a7f1a289dd78, 4dbf06183e6c, 26318a5e3006, 9ae2af3cf86d (bug 1226909) for M(1,2,5) oranges. r=backout 2015-12-05 16:34:47 +01:00
Jonas Sicking df33e62850 Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb 2015-12-05 01:46:20 -08:00
Christoph Kerschbaumer 6d3847c487 Bug 1204703 - Make nsContentSecurityManager scriptable (r=sicking)
--HG--
extra : source : 977d5b7ecba32a0617d40c231e2f16963bf4a4ef
2015-09-18 09:27:15 -07:00
Wes Kocher 8414be2356 Backed out 3 changesets (bug 1143922) for landing with the wrong bug number
Backed out changeset 309b4d1ab81c (bug 1143922)
Backed out changeset deda472458fd (bug 1143922)
Backed out changeset 977d5b7ecba3 (bug 1143922)
2015-09-18 14:13:33 -07:00
Christoph Kerschbaumer b01fc3ad90 Bug 1143922 - Make nsContentSecurityManager scriptable (r=sicking) 2015-09-18 09:27:15 -07:00
Christoph Kerschbaumer bab1940d4a Bug 1143922 - Add AsyncOpen2 to nsIChannel and perform security checks when opening a channel - securitymanager (r=sicking,tanvi) 2015-07-19 19:12:11 -07:00