gecko-dev

Граф коммитов

Автор	SHA1	Сообщение	Дата
Kris Maglione	219ed0cc06	Bug 1454813: Part 2b - Rename SpawnTask.js to AddTask.js. r=florian The old name no longer makes sense, since it no longer exports an spawn_task symbol, and add_task is what we really care about. MozReview-Commit-ID: IE7B8Czv8DH --HG-- rename : testing/mochitest/tests/SimpleTest/SpawnTask.js => testing/mochitest/tests/SimpleTest/AddTask.js extra : rebase_source : 03bca5aa69a7625a49b4455a6c96ce4c59de3a5a	2018-04-18 11:43:45 -07:00
Andrew McCreight	5dec0e0beb	Bug 1432992, part 1 - Remove definitions of Ci, Cr, Cc, and Cu. r=florian This patch was autogenerated by my decomponents.py It covers almost every file with the extension js, jsm, html, py, xhtml, or xul. It removes blank lines after removed lines, when the removed lines are preceded by either blank lines or the start of a new block. The "start of a new block" is defined fairly hackily: either the line starts with //, ends with */, ends with {, <![CDATA[, """ or '''. The first two cover comments, the third one covers JS, the fourth covers JS embedded in XUL, and the final two cover JS embedded in Python. This also applies if the removed line was the first line of the file. It covers the pattern matching cases like "var {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components;". It'll remove the entire thing if they are all either Ci, Cr, Cc or Cu, or it will remove the appropriate ones and leave the residue behind. If there's only one behind, then it will turn it into a normal, non-pattern matching variable definition. (For instance, "const { classes: Cc, Constructor: CC, interfaces: Ci, utils: Cu } = Components" becomes "const CC = Components.Constructor".) MozReview-Commit-ID: DeSHcClQ7cG --HG-- extra : rebase_source : d9c41878036c1ef7766ef5e91a7005025bc1d72b	2018-02-06 09:36:57 -08:00
Kris Maglione	b3cac601f6	Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs This is a short-term solution to our inability to apply CSP to chrome-privileged documents. Ideally, we should be preventing all inline script execution in chrome-privileged documents, since the reprecussions of XSS in chrome documents are much worse than in content documents. Unfortunately, that's not possible in the near term because a) we don't support CSP in system principal documents at all, and b) we rely heavily on inline JS in our static XUL. This stop-gap solution at least prevents some of the most common vectors of XSS attack, by automatically sanitizing any HTML fragment created for a chrome-privileged document. MozReview-Commit-ID: 5w17celRFr --HG-- extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006	2018-01-24 14:56:48 -08:00

Автор

SHA1

Сообщение

Дата

Kris Maglione

219ed0cc06

Bug 1454813: Part 2b - Rename SpawnTask.js to AddTask.js. r=florian

The old name no longer makes sense, since it no longer exports an spawn_task
symbol, and add_task is what we really care about.

MozReview-Commit-ID: IE7B8Czv8DH

--HG--
rename : testing/mochitest/tests/SimpleTest/SpawnTask.js => testing/mochitest/tests/SimpleTest/AddTask.js
extra : rebase_source : 03bca5aa69a7625a49b4455a6c96ce4c59de3a5a

2018-04-18 11:43:45 -07:00

Andrew McCreight

5dec0e0beb

Bug 1432992, part 1 - Remove definitions of Ci, Cr, Cc, and Cu. r=florian

This patch was autogenerated by my decomponents.py

It covers almost every file with the extension js, jsm, html, py,
xhtml, or xul.

It removes blank lines after removed lines, when the removed lines are
preceded by either blank lines or the start of a new block. The "start
of a new block" is defined fairly hackily: either the line starts with
//, ends with */, ends with {, <![CDATA[, """ or '''. The first two
cover comments, the third one covers JS, the fourth covers JS embedded
in XUL, and the final two cover JS embedded in Python. This also
applies if the removed line was the first line of the file.

It covers the pattern matching cases like "var {classes: Cc,
interfaces: Ci, utils: Cu, results: Cr} = Components;". It'll remove
the entire thing if they are all either Ci, Cr, Cc or Cu, or it will
remove the appropriate ones and leave the residue behind. If there's
only one behind, then it will turn it into a normal, non-pattern
matching variable definition. (For instance, "const { classes: Cc,
Constructor: CC, interfaces: Ci, utils: Cu } = Components" becomes
"const CC = Components.Constructor".)

MozReview-Commit-ID: DeSHcClQ7cG

--HG--
extra : rebase_source : d9c41878036c1ef7766ef5e91a7005025bc1d72b

2018-02-06 09:36:57 -08:00

Kris Maglione

b3cac601f6

Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs

This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.

Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.

This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.

MozReview-Commit-ID: 5w17celRFr

--HG--
extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe
extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006

2018-01-24 14:56:48 -08:00

3 Коммитов