These macros will produce better outputs when they fail than these existing
patterns using `ENSURE_TRUE(NS_SUCCEEDED(...))` or similar, so this is a bulk
rewrite of existing tests to use them.
It should also help with discoverability when people base their tests off of
other existing tests.
Differential Revision: https://phabricator.services.mozilla.com/D157214
The remaining methods in ns[T]StringObsolete are all find+replace methods for
nsTSubstring. These were migrated in a similar way to the find methods, and
partially updated to avoid using methods from nsStringObsolete.cpp.
This change removes the ns[T]StringObsolete.cpp files completely, as they are
no longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D148301
This prevents copies and avoids the hack we have to avoid this, which
right now is using nsDependent{C,}String.
Non-virtual actors can still use `nsString` if they need to on the
receiving end.
Differential Revision: https://phabricator.services.mozilla.com/D152519
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
The remaining methods in ns[T]StringObsolete are all find+replace methods for
nsTSubstring. These were migrated in a similar way to the find methods, and
partially updated to avoid using methods from nsStringObsolete.cpp.
This change removes the ns[T]StringObsolete.cpp files completely, as they are
no longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D148301
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
This makes it so that PageIconProtocolHandler uses RemoteStreamGetter in the event that the
privileged about content process attempts to use the page-icon: protocol. This allows the parent
to then remotely stream the favicons down to the privileged about content process.
This also adds a test to check that only the privileged about content process can use this
protocol, and that "normal" web content processes cannot.
Differential Revision: https://phabricator.services.mozilla.com/D147335
For backcompat, do not enforce wasm-unsafe-eval even if the extension
has specified a custom CSP. Do report the errors though, to allow
extension authors to discover the issue and fix it.
Differential Revision: https://phabricator.services.mozilla.com/D147105
Attempting to get the siteOrigin for a URI of something like "https://.mozilla.org"
was returning NS_ERROR_ILLEGAL_VALUE, which caused breakage in parts of the browser
UI when trying to initialize a window to point at that URI.
It looks like the NS_ERROR_ILLEGAL_VALUE stuff was added back in bug 1491728 as
part of an effort to better handle some IPv6 stuff. I tested the STR in bug 1491728
for the original bug, and I cannot reproduce the issue even witht his change.
nika suggested that instead of returning NS_ERROR_ILLEGAL_VALUE for this form of
URI, we return the same value as `nsIPrincipal.origin`.
Differential Revision: https://phabricator.services.mozilla.com/D142493
Apparently the esc_NonASCIIOnly and esc_Forced flags to NS_EscapeURL are
incompatible, meaning that the escaping and unescaping code was not
handling existing escape sequences properly. This patch adds an explicit
gtest to make sure sequences round-trip correctly, and switches
serialization to use `esc_Query | esc_Forced` instead, which may escape
more aggressively than required but should work correctly.
Differential Revision: https://phabricator.services.mozilla.com/D142111
This patch is meant to be a proposed short run fix to prevent ApplyAddonContentScriptCSP
from leaking the ExpandedPrincipal and nsCSPContext instance because they keep a reference
to each other.
This patch prevent that leak by creating a clone of the ExpandedPrincipal and then use
that cloned instance in the call to nsCSPContext::SetRequestContextWithPrincipal.
Once Bug 1548468 will move the CSP off the ExpandedPrincipal class, cloning the expanded
principal to prevent that leak should not be necessary anymore.
Differential Revision: https://phabricator.services.mozilla.com/D132144
The URL query stripping doesn't want the URLParams::Serialize() to
encode the result because it will encode the unstripped parameters. This
will change the unstripped parameters once stripping was happened.
Therefore, we introduce an parameter to URLParams::Serialize() to
disable encoding.
Differential Revision: https://phabricator.services.mozilla.com/D131964
We need a helper function for checking principal if it's in the foreign
allow list.
In this patch we will add a BasePrincipal::IsURIInList() because this is
needed for RejectForeignAllowList::Check().
Differential Revision: https://phabricator.services.mozilla.com/D123804
Automatically generated path that adds flag `REQUIRES_UNIFIED_BUILD = True` to `moz.build`
when the module governed by the build config file is not buildable outside on the unified environment.
This needs to be done in order to have a hybrid build system that adds the possibility of combing
unified build components with ones that are built outside of the unified eco system.
Differential Revision: https://phabricator.services.mozilla.com/D122345
For every cookie permission check CookieJarSettings::CookiePermission has to create a new principal.
This is slow. It uses a cloned principal so it can strip the origin attributes which should not be
used for the permission check.
With this patch we no longer need to clone the principal. We pass in the original principal and perform
the OA stripping on an OA copy in BasePrincipal::EqualsForPermission.
Before, EqualsForPermission was guaranteed to get a content principal, because ClonePrincipalForPermission
enforced it. BasePrincipal::EqualsForPermission was refactored to account for non content principals.
Differential Revision: https://phabricator.services.mozilla.com/D120834
These test various ways of loading documents which will end up with null
principals, and verify that they are loaded with the expected precursor URI.
Depends on D119693
Differential Revision: https://phabricator.services.mozilla.com/D119694
This change stores a generated nsID directly on the LoadInfo, rather
than the full SandboxedLoadingPrincipal. This allows for the sandboxed
principal to be constructed from GetChannelResultPrincipal using the
unsandboxed result principal as a precursor, rather than the loading
principal.
The nsID is reset by HttpChannelBase whenever a non-internal redirect
occurs to reduce the chance of multiple null result principals during a
redirect with the same nsID, but different precursors.
Depends on D119692
Differential Revision: https://phabricator.services.mozilla.com/D119693
This provides a getter which can be used to interact with the precursor
attribute of the null principal.
Depends on D119691
Differential Revision: https://phabricator.services.mozilla.com/D119692
If a URI has the URI_INHERITS_SECURITY_CONTEXT flag it will not be given
a content principal by CreateContentPrincipal. This patch changes the
algorithm for creating result principals for network requests such that
the null principal created in this situation has a precursor principal
tracked on it.
Depends on D119689
Differential Revision: https://phabricator.services.mozilla.com/D119690
This method will be the primary way to track the precursor for a null
principal, and will automatically handle tracking precursors in some common
cases.
While sandboxed principals are created with `CreateWithInheritedAttributes`,
they unfortunately currently use the wrong precursor principal, which will be
fixed in a later part.
Depends on D119688
Differential Revision: https://phabricator.services.mozilla.com/D119689
This patch only adds the machinery for tracking a precursor origin to the
principal, and does not actually track the precursor origin in any situations.
That is done in follow-up patches.
Differential Revision: https://phabricator.services.mozilla.com/D119688
This is slightly complicated by the fact that the editor code wants to be able
to set this from the content process, so we really need separate
BrowsingContext and WindowContext flags, the latter of which can be set by the
owning process.
Differential Revision: https://phabricator.services.mozilla.com/D114899
This is a step towards separating the mutable state on principals from const
state which can be made threadsafe. The remaining mutable fields will either
need to be moved off of nsIPrincipal or made threadsafe to destroy (e.g. using
nsMainThreadPtrHandle) and stored behind a mutex.
Serialization is handled for most types using a separate Deserializer class,
like how it was handled with `nsIURI` mutators. SystemPrincipal wasn't changed
as the `Read` method is a no-op for that class.
Differential Revision: https://phabricator.services.mozilla.com/D115092
This is necessary to remove the Init methods from principals, allowing
immutable fields to be marked as const and clearly separated from mutable
fields to improve threadsafety.
Differential Revision: https://phabricator.services.mozilla.com/D115091
This patch implements support for the manifest V3 matches property
which limits what hosts may load an extensions web_accessible_resources.
Differential Revision: https://phabricator.services.mozilla.com/D107746
Removes NPAPI plugin features from tests outside of dom/plugins. Some tests are updated to avoid NPAPI behavior and others are deleted if they no longer offer anthing useful.
Differential Revision: https://phabricator.services.mozilla.com/D107134
Removes NPAPI plugin features from tests outside of dom/plugins. Some tests are updated to avoid NPAPI behavior and others are deleted if they no longer offer anthing useful.
Differential Revision: https://phabricator.services.mozilla.com/D107134
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
This moves the exception prettifying to the script security manager for all JS
callers, where it is much cheaper and more consistently applied.
Differential Revision: https://phabricator.services.mozilla.com/D101492
Implement manifest v3 CSP that is compatible with the current chrome implementation.
Support for content_security_policy.isolated_world (a.k.a. content_security_policy.content_scripts)
has been removed for consistency with
345390adf6%5E%21/
Differential Revision: https://phabricator.services.mozilla.com/D100573
Bug 1583109 introduced new function templates StringJoin and StringJoinAppend.
These are now used to replace several custom loops across the codebase that
implement string-joining algorithms to simplify the code.
Differential Revision: https://phabricator.services.mozilla.com/D98750
Bug 1583109 introduced new function templates StringJoin and StringJoinAppend.
These are now used to replace several custom loops across the codebase that
implement string-joining algorithms to simplify the code.
Differential Revision: https://phabricator.services.mozilla.com/D98750
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
We want to partition the CORS preflight cache by the network state
partitioning. So, we have done two things in the patch. First, we make
the CORS preflight cache to be aware of the OriginAttributes. Second, we
use the originAttributes of the network state partitioning in the CORS
preflight cache. As the result, the CORS preflight cache will be
partitioned by the originAttributes.partitionKey as well as other
originAttributes fields if present.
Differential Revision: https://phabricator.services.mozilla.com/D93683
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Make some ad-hoc manual updates to `testing/marionette/client/setup.py`, `testing/marionette/harness/setup.py`, and `testing/firefox-ui/harness/setup.py`, which have hard-coded regexes that break after the reformat.
5. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
Allow-list all Python code in tree for use with the black linter, and re-format all code in-tree accordingly.
To produce this patch I did all of the following:
1. Make changes to tools/lint/black.yml to remove include: stanza and update list of source extensions.
2. Run ./mach lint --linter black --fix
3. Make some ad-hoc manual updates to python/mozbuild/mozbuild/test/configure/test_configure.py -- it has some hard-coded line numbers that the reformat breaks.
4. Add a set of exclusions to black.yml. These will be deleted in a follow-up bug (1672023).
# ignore-this-changeset
Differential Revision: https://phabricator.services.mozilla.com/D94045
In many cases with wpt, most of the tests in the file pass, but it is rather time consuming to annotate
.ini files case by case.
Differential Revision: https://phabricator.services.mozilla.com/D91977