The remaining methods in ns[T]StringObsolete are all find+replace methods for
nsTSubstring. These were migrated in a similar way to the find methods, and
partially updated to avoid using methods from nsStringObsolete.cpp.
This change removes the ns[T]StringObsolete.cpp files completely, as they are
no longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D148301
This prevents copies and avoids the hack we have to avoid this, which
right now is using nsDependent{C,}String.
Non-virtual actors can still use `nsString` if they need to on the
receiving end.
Differential Revision: https://phabricator.services.mozilla.com/D152519
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
The remaining methods in ns[T]StringObsolete are all find+replace methods for
nsTSubstring. These were migrated in a similar way to the find methods, and
partially updated to avoid using methods from nsStringObsolete.cpp.
This change removes the ns[T]StringObsolete.cpp files completely, as they are
no longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D148301
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
This makes it so that PageIconProtocolHandler uses RemoteStreamGetter in the event that the
privileged about content process attempts to use the page-icon: protocol. This allows the parent
to then remotely stream the favicons down to the privileged about content process.
This also adds a test to check that only the privileged about content process can use this
protocol, and that "normal" web content processes cannot.
Differential Revision: https://phabricator.services.mozilla.com/D147335
For backcompat, do not enforce wasm-unsafe-eval even if the extension
has specified a custom CSP. Do report the errors though, to allow
extension authors to discover the issue and fix it.
Differential Revision: https://phabricator.services.mozilla.com/D147105
Attempting to get the siteOrigin for a URI of something like "https://.mozilla.org"
was returning NS_ERROR_ILLEGAL_VALUE, which caused breakage in parts of the browser
UI when trying to initialize a window to point at that URI.
It looks like the NS_ERROR_ILLEGAL_VALUE stuff was added back in bug 1491728 as
part of an effort to better handle some IPv6 stuff. I tested the STR in bug 1491728
for the original bug, and I cannot reproduce the issue even witht his change.
nika suggested that instead of returning NS_ERROR_ILLEGAL_VALUE for this form of
URI, we return the same value as `nsIPrincipal.origin`.
Differential Revision: https://phabricator.services.mozilla.com/D142493
Apparently the esc_NonASCIIOnly and esc_Forced flags to NS_EscapeURL are
incompatible, meaning that the escaping and unescaping code was not
handling existing escape sequences properly. This patch adds an explicit
gtest to make sure sequences round-trip correctly, and switches
serialization to use `esc_Query | esc_Forced` instead, which may escape
more aggressively than required but should work correctly.
Differential Revision: https://phabricator.services.mozilla.com/D142111
This patch is meant to be a proposed short run fix to prevent ApplyAddonContentScriptCSP
from leaking the ExpandedPrincipal and nsCSPContext instance because they keep a reference
to each other.
This patch prevent that leak by creating a clone of the ExpandedPrincipal and then use
that cloned instance in the call to nsCSPContext::SetRequestContextWithPrincipal.
Once Bug 1548468 will move the CSP off the ExpandedPrincipal class, cloning the expanded
principal to prevent that leak should not be necessary anymore.
Differential Revision: https://phabricator.services.mozilla.com/D132144
The URL query stripping doesn't want the URLParams::Serialize() to
encode the result because it will encode the unstripped parameters. This
will change the unstripped parameters once stripping was happened.
Therefore, we introduce an parameter to URLParams::Serialize() to
disable encoding.
Differential Revision: https://phabricator.services.mozilla.com/D131964
Shane Caraveo
Mark Banner
Nika Layzell
Brenden Hyde
Butkovits Atila
Emilio Cobos Álvarez
Tooru Fujisawa
Tom Ritter
Iulian Moraru
Csoregi Natalia
criss
Benjamin VanderSloot
Marian-Vasile Laza
Molnar Sandor
Sylvestre Ledru
Mike Conley
Rob Wu
Tom Schuster
june wilde
Cosmin Sabou
Leslie Orellana
Bobby Holley
Kershaw Chang
Christian Holler
Luca Greco
Tim Huang
Niklas Goegge
Kagami Sascha Rosylight
Evgenia Kotovich
Noemi Erli