b5118e1ddf
Bug 1302449 - Remove the "referrer" directive in CSP, r=ckerschb
2018-05-09 13:15:08 +02:00
920a60992c
Bug 1458504 - Move Tokenizer into it's own file so it can be shared by the CSP Parser and the Feature Policy Parser. r=jkt
2018-05-02 16:36:51 +02:00
71422dcaa9
Bug 1457813 - Part 2: Replace non-asserting NS_PRECONDITIONs with MOZ_ASSERTs. r=froydnj
...
s/NS_PRECONDITION/MOZ_ASSERT/ and reindent
MozReview-Commit-ID: KuUsnVe2h8L
--HG--
extra : source : c14655ab3df2c9b1465dd8102b9d25683359a37b
2018-04-28 12:50:58 -07:00
4220b1f019
Bug 1439330 - Test added to check if eval is blocked if 'strict-dynamic' is enabled. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D1011
2018-05-07 15:01:22 -04:00
ea1f6cdedb
Bug 1439330 - Condition added to block eval if only strict-dynamic is present without unsafe-eval keyword. r=ckerschb
...
Differential Revision: https://phabricator.services.mozilla.com/D859
2018-05-07 14:59:51 -04:00
5a642e8bf6
Bug 1458449 - Allow FTP subresource in FTP documents. r=ckerschb
...
--HG--
extra : rebase_source : 035bd3782abb6deeff4aaf1d227ce7197f9234a6
2018-05-02 13:32:08 +02:00
09f2e3f364
Bug 1353608 - Disabled test_frameNavigation.html on Win7 and Win10. r=jmaher
...
--HG--
extra : histedit_source : e020d87a947376884dae2e796ed1b7b7f50f31da
2018-04-29 00:04:00 +03:00
fc66c485b6
Bug 1456882 - Enable some passing mochitests on linux64-qr. r=jrmuizel
...
MozReview-Commit-ID: 5VIHjwx6A2j
--HG--
extra : rebase_source : d986028cff52ba52a58887225e272bf04ad88de3
2018-04-25 11:29:07 -04:00
59f801793b
Merge inbound to mozilla-central. a=merge
2018-04-25 00:50:59 +03:00
e45c9ffe52
Bug 1456407: Add test for same site cookies using a meta refresh. r=mgoodwin
...
--HG--
extra : rebase_source : ac0ef378dbd480ecd4fdaca6ef6d4a4c2da374f1
2018-04-24 11:08:00 +02:00
be5f3caad5
Bug 1422710 Block opaque tainted requests that do not follow redirects. r=ckerschb
2018-04-23 09:43:36 -07:00
0d79353b7d
Bug 1439425 - Ignore empty CSP directives. r=ckerschb
...
MozReview-Commit-ID: 67Ach2vCs8A
--HG--
rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html => dom/security/test/csp/file_empty_directive.html
rename : dom/security/test/csp/file_self_none_as_hostname_confusion.html^headers^ => dom/security/test/csp/file_empty_directive.html^headers^
rename : dom/security/test/csp/test_self_none_as_hostname_confusion.html => dom/security/test/csp/test_empty_directive.html
extra : rebase_source : 1270d3d1aa8d53389e8708d29d2e363e52c02029
2018-03-06 18:48:26 -08:00
e9186f7449
Merge mozilla-central to inbound. a=merge CLOSED TREE
...
--HG--
rename : testing/mozharness/mozharness/mozilla/testing/verify_tools.py => testing/mozharness/mozharness/mozilla/testing/per_test_base.py
2018-04-20 01:38:32 +03:00
f1f4e87948
Bug 1454813: Part 1b - Stop automatically exposing Task singleton to browser tests. r=florian
...
Now that Task.jsm is deprecated and add_task no longer accepts generators, it
doesn't make sense to continue making this automatically available in test
scopes.
MozReview-Commit-ID: AckO5nnFngG
--HG--
extra : rebase_source : 826b7cce67d9ab000d6385663c543bc72eef174b
2018-04-19 14:52:47 -07:00
708b70167e
Bug 1455162 - Test about: URLs with and without same-site.enabled. r=ckerschb
...
MozReview-Commit-ID: Wi8SXkGIci
--HG--
extra : rebase_source : 88305c0be0117e538bd996626aace14a5a952749
2018-04-18 17:01:01 -07:00
12b47687b7
Merge mozilla-central to mozilla-inbound. CLOSED TREE
2018-04-18 14:09:24 +03:00
374b919ce6
Merge inbound to mozilla-central a=merge
2018-04-18 13:44:22 +03:00
0d9a8521e4
Bug 1454721 - Add same-site cookie test for about:blank and about:srcdoc. r=dveditz
2018-04-18 10:27:28 +02:00
e9579ce027
Bug 1454027 - Test SameSite cookie handling inside iframes.r=mgoodwin
2018-04-17 18:26:15 +02:00
3f98737f56
Bug 1454460 - Hoist SRI helper into Loader.cpp. r=bz
...
MozReview-Commit-ID: 2wgVAJDgHDl
2018-04-17 16:27:09 -07:00
055086766b
Bug 1454460 - Buffer the potentially-BOM-related bytes separately and handle them on the fly. r=bz
...
MozReview-Commit-ID: 5zrKyadBppO
2018-04-17 16:27:08 -07:00
805cb19c1d
Merge mozilla-central to autoland. a=merge CLOSED TREE
2018-04-17 01:45:58 +03:00
4faa99b475
Bug 1454242: Test samesite cookie on top-level page from cross-origin context. r=mgoodwin
2018-04-16 08:51:33 +02:00
15cc8023f7
Bug 1453814: Test redirects and same-site cookies. r=mgoodwin on a CLOSED TREE
...
--HG--
extra : source : 86a4c50c98f64dd8b86900274147e7ca2855e586
extra : amend_source : 299c2c905d56933681fa4445e6f76c7b473998f5
2018-04-13 15:42:12 +02:00
c98766975d
Backed out 2 changesets (bug 1453814) for failing dom/base/test/chrome/test_bug884693.xul on a CLOSED TREE
...
Backed out changeset 86a4c50c98f6 (bug 1453814)
Backed out changeset 4d37ff0c232e (bug 1453814)
2018-04-13 20:19:39 +03:00
804d7c0625
Bug 1453814: Test redirects and same-site cookies. r=mgoodwin
2018-04-13 15:42:12 +02:00
0819f35e51
Backed out 4 changesets (bug 525063) on request from Andi. a=backout
...
Backed out changeset 516c4fb1e4b8 (bug 525063)
Backed out changeset 6ff8aaef2866 (bug 525063)
Backed out changeset bf13e4103150 (bug 525063)
Backed out changeset d7d2f08e051c (bug 525063)
2018-04-13 16:01:28 +03:00
d8d0197f4e
Bug 1452496: Test for discarding same-site cookies using inline scripts in cross origin context. r=mgoodwin
2018-04-12 12:53:48 +02:00
3117bd6483
Bug 1452496: Test for discarding same-site cookie in cross site context. r=mgoodwin
2018-04-12 12:53:33 +02:00
29ba7b4974
Merge mozilla-central to mozilla-inbound. a=merge on a CLOSED TREE
2018-04-11 17:40:37 +03:00
a3a77c0312
Bug 525063 - Initialize uninitialized class attributes in m-c. r=ehsan
2018-04-10 21:11:02 +02:00
719a001ee1
Backed out 2 changesets (bug 1452496) for bustage on build/src/netwerk/test/TestNamedPipeService.cpp on a CLOSED TREE
...
Backed out changeset 071ecf5e3680 (bug 1452496)
Backed out changeset 8bf36c469e22 (bug 1452496)
2018-04-10 19:22:01 +03:00
818bd556c8
Bug 1452496: Test for diiscarding same-site cookie in cross site context. r=mgoodwin
2018-04-10 17:18:04 +02:00
8ac645b0cd
Bug 1452699 - Add a temporary pref to disable same-site cookies. r=ckerschb,valentin
...
MozReview-Commit-ID: LRnaSmdSgVW
--HG--
extra : rebase_source : 9dd301f4d49b0fe6f81531d81bac2466032cc3a3
2018-04-13 18:52:28 -07:00
b3433d151f
Bug 1452699 - Work-around caching issues in test_same_site_cookies_*. r=ckerschb
...
MozReview-Commit-ID: cTH2uyPMTA
--HG--
extra : rebase_source : e17cf902fe4df3fb209805f02838a0c01ab032be
2018-04-13 18:49:58 -07:00
f6a05ddbd5
Bug 1427726 - remove support for remote JAR files, r=michal
...
MozReview-Commit-ID: H7aaTmj3FI1
--HG--
rename : modules/libjar/test/mochitest/bug403331.zip => modules/libjar/test/mochitest/bug1173171.zip
rename : modules/libjar/test/mochitest/bug403331.zip^headers^ => modules/libjar/test/mochitest/bug1173171.zip^headers^
extra : rebase_source : 30a8e937840bbfed5fe7e66202a5d2893b19c037
2018-02-07 13:54:39 +00:00
f9b34d3781
Backed out 5 changesets (bug 1427726) for failing linux asan at modules/libjar/test/unit/test_bug407303.js on a CLOSED TREE
...
Backed out changeset ee9abd6f1ba5 (bug 1427726)
Backed out changeset b1b76f9dff73 (bug 1427726)
Backed out changeset f41cf7811770 (bug 1427726)
Backed out changeset cb35e7b10235 (bug 1427726)
Backed out changeset 753ece6c9f1b (bug 1427726)
--HG--
rename : modules/libjar/test/mochitest/bug1173171.zip => modules/libjar/test/mochitest/bug403331.zip
rename : modules/libjar/test/mochitest/bug1173171.zip^headers^ => modules/libjar/test/mochitest/bug403331.zip^headers^
2018-04-11 12:46:20 +03:00
1f5038413e
Bug 1427726 - remove support for remote JAR files, r=michal
...
MozReview-Commit-ID: H7aaTmj3FI1
--HG--
rename : modules/libjar/test/mochitest/bug403331.zip => modules/libjar/test/mochitest/bug1173171.zip
rename : modules/libjar/test/mochitest/bug403331.zip^headers^ => modules/libjar/test/mochitest/bug1173171.zip^headers^
extra : rebase_source : 0fbe2ed07a3ccdb3693973e966e1ea3e43dd1623
2018-02-07 13:54:39 +00:00
b0dadb57b5
Bug 1452701 - Add pref to allow FTP subresources. r=ckerschb
...
--HG--
extra : rebase_source : 571060a866cc46ab253b0718d33dcbbd0f7e0a87
2018-04-09 21:07:01 +02:00
1c93e06911
Bug 1286861: Add tests for same site top-level. r=mgoodwin
2018-04-08 19:53:08 +02:00
fc9d4babcc
Bug 1286861: Add tests for same site subrequests. r=mgoodwin
2018-04-08 19:52:49 +02:00
b12501054b
Bug 1404744 - Check for FTP subresource after applying CSP. r=ckerschb
...
--HG--
extra : rebase_source : 642ba0d40d6b1d2e7ef85fdc52dffa72b5a24f5b
extra : histedit_source : 117afa5310977211fd18007e5ed7d2991a8b8837
2018-04-06 00:27:02 +02:00
4292bca4ee
Bug 1449631 part 6. Remove nsIDOMEventTarget::DispatchEvent. r=smaug
...
MozReview-Commit-ID: 8YMgmMwZkAL
2018-04-05 13:42:41 -04:00
f2161b8a15
Bug 1404744 - Simple sub-resource only test. r=ckerschb
...
--HG--
extra : rebase_source : b9f35ec37ae00eb4c3a8d3fbcb3eb0e488351527
2018-04-01 20:07:06 +02:00
8e3324212f
Bug 1404744 - Block loading FTP as a subresource everywhere. r=ckerschb
...
--HG--
extra : rebase_source : 479f1b7f55c3133c7f46c1a343a394fef15e9f59
2018-03-26 21:05:08 +02:00
27171aed4f
Bug 1236222 - CSP: Blocked URI should be empty for inline violations. r=ckerschb
...
MozReview-Commit-ID: 6bMAVJl9RTG
--HG--
extra : rebase_source : e2cceb777ac659f7fd1a84f6d8408dc7e7179a35
2018-03-08 16:23:03 -08:00
e2dffad4ac
Bug 1448500: Add speculative request content policy type. r=bz, r=kmag
...
Adds a new TYPE_SPECULATIVE to nsIContentPolicy uses it as the type for
speculative connection channels from the IO service. I believe I've added it to
all the content policies in tree to make sure it behaves the same as TYPE_OTHER
used to.
The webextension test shows that the webextension proxy API sees speculative
lookups requested through the IO service.
MozReview-Commit-ID: DQ4Kq0xdUOD
--HG--
extra : rebase_source : d9460fdac118bc68f0db79749a16f181b580f2e7
2018-03-23 15:27:08 -07:00
109ffb9beb
Bug 1420680: Remove the mechanism to buffer CSP violations. r=bz
...
With the previous patch it's unused.
MozReview-Commit-ID: 4EKufeNu0Jz
2018-04-03 16:22:51 +02:00
c6574d2c99
Bug 1400487 - Move img src declaration after onload and onerror declaration in file_meta_element.html. r=ckerschb
2018-03-29 15:22:53 -04:00
4197b7d96d
Bug 1439713 - Update tests relying on nsIContentPolicy. r=bz
2018-03-29 11:14:58 +02:00
a929955d1f
Bug 1439713 - Change nsIContentPolicy shouldLoad to take an <uri, loadInfo> pair instead of the various args. r=bz
2018-03-29 12:16:23 +02:00
302a55b534
Merge inbound to mozilla-central. a=merge
2018-03-27 12:12:57 +03:00
eaa2f6b46b
Bug 1395114 - Remove nsIUnicharStreamLoader. r=emilio,michal
...
MozReview-Commit-ID: ECKNnJt80oK
--HG--
extra : rebase_source : 6f09937e0648c65d035dfb4935d6e9a06d0223df
2018-03-26 12:45:31 +03:00
42549de27c
Bug 1440582 - Add CSP test with default-src 'none' that uses window.open() r=ckerschb
...
--HG--
extra : amend_source : 1d5a5367f7eabaa06fb7a75216eaca892be1b1e7
2018-03-26 18:33:43 +03:00
24cafeec62
Bug 1416045. r=mayhemer CLOSED TREE
...
Reviewers: mayhemer
Reviewed By: mayhemer
Subscribers: freddyb, dveditz, mayhemer, ckerschb, vinoth
Tags: PHID-PROJ-wkydohdk6pajyfn2llkb
Bug #: 1416045
Differential Revision: https://phabricator.services.mozilla.com/D675
--HG--
extra : rebase_source : 65fb235d787b6955da1433ea2ffd56082cab0b30
extra : amend_source : affac492394597daf9b3294d4aca2f61bc27fc73
2018-03-22 21:02:16 +02:00
c28a0c2d53
Bug 1414541 - Intermittent failure fixed for toplevel data: URI. r=ckerschb
2018-03-21 17:18:00 -04:00
28c7245f64
Bug 1391823 - Don't run |finish() called multiple times| for dom/security/test/mixedcontentblocker/test_frameNavigation.html. r=ckerschb
...
Reviewers: ckerschb
Reviewed By: ckerschb
Subscribers: ckerschb
Bug #: 1391823
Differential Revision: https://phabricator.services.mozilla.com/D562
--HG--
extra : rebase_source : 0ff9fc78d2ca00c2c347f14167de34e31ded1967
extra : amend_source : f2a350607bb0645e3140b51cc57353a50f7c2261
2018-03-19 12:00:55 +02:00
1adba8c1fc
Bug 1442465 - Part 4.2: Stop unnecessarily awaiting on BrowserTestUtils.removeTab (simple part). r=dao
2018-03-19 11:16:45 +09:00
10ebc30d5d
Bug 1440701 - Adding in telemetry for upgrading display content. r=ckerschb,valentin
...
MozReview-Commit-ID: 7oEIith4Ehv
--HG--
extra : rebase_source : 454d56277aa5dc08bf8cfd7cd9c1e24d31014838
2018-03-04 14:33:33 +00:00
5784769019
Bug 1443079 - nsScriptError.isFromPrivateWindow must match the correct value also in e10s mode, r=smaug
2018-03-13 06:40:38 +01:00
aebd2b4f26
Bug 1391823 - Disable dom/security/test/mixedcontentblocker/test_frameNavigation.html for frequent failures. r=jmaher
2018-03-03 05:16:00 +02:00
118e03a936
merge mozilla-central to mozilla-inbound
2018-03-01 20:32:20 +02:00
61d400da1c
Merge inbound to mozilla-central. a=merge
2018-03-01 19:29:00 +02:00
f58841a715
Tests updated/added for bug 1382359 r=ckerschb CLOSED TREE
2018-03-01 10:13:22 +01:00
dd4fb3ba9f
Bug 1382359: Treat .onion as a secure context
...
Websites which collect passwords but don't use HTTPS start showing scary
warnings from Firefox 51 onwards and mixed context blocking has been
available even longer.
.onion sites without HTTPS support are affected as well, although their
traffic is encrypted and authenticated. This patch addresses this
shortcoming by making sure .onion sites are treated as potentially
trustworthy origins.
The secure context specification
(https://w3c.github.io/webappsec-secure-contexts/ ) is pretty much focused
on tying security and trustworthiness to the protocol over which domains
are accessed. However, it is not obvious why .onion sites should not be
treated as potentially trustworthy given:
"A potentially trustworthy origin is one which a user agent can
generally trust as delivering data securely.
This algorithms [sic] considers certain hosts, scheme, and origins as
potentially trustworthy, even though they might not be authenticated and
encrypted in the traditional sense."
(https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy )
We use step 8 in the algorithm to establish trustworthiness of .onion
sites by whitelisting them given the encrypted and authenticated nature
of their traffic.
2018-03-01 09:44:30 +01:00
fc42b2fa73
Bug 1355166 - Remove remote newtab's dead code. r=ursula
2018-02-28 16:44:00 +02:00
8ea55ce28a
Bug 1382606 - Switch webconsole to new event-emitter; r=Honza.
...
MozReview-Commit-ID: HBogPeOI7WM
--HG--
extra : rebase_source : 4ad1fb922ffc818d175ae3c09820ce31ba416487
2018-02-23 09:10:36 +01:00
c714053d73
Bug 1433175 - scripted patch to replace Components.classes[, Components.interfaces.nsI, Components.utils. and Components.results. with Cc, Ci, Cu and Cr, r=Mossop.
2018-02-28 18:51:33 +01:00
84b854ce2c
Bug 1433958 - Change code that sets nsIURI.userPass to use nsIURIMutator r=mayhemer
...
* Code in XMLHttpRequestMainThread is converted to set the username and password individually. This is because when the parameters are empty, it ended up calling SetUserPass(":") which always returns an error.
MozReview-Commit-ID: 3cK5HeyzjFE
--HG--
extra : rebase_source : f34400c11245d88648b0ae9c196637628afa9517
2018-02-26 20:43:46 +01:00
e8f5150467
Bug 1439444: resource and chrome images and styles should not be subject to CSP. r=gijs
2018-03-01 13:45:04 +01:00
eab7568bd9
Bug 1441794 - Add deprecation warning to passive OBJECT_SUBREQUEST loads. r=ckerschb
...
MozReview-Commit-ID: 3j2t5FDZFmp
--HG--
extra : rebase_source : f18623e42ba4fd54335d26536e4d40deab15c584
2018-02-28 13:56:35 +00:00
2a77281049
Merge mozilla-central to autoland. a=merge CLOSED TREE
2018-02-21 19:30:44 +02:00
a6c1ffb498
Bug 1434357: Exempt Web Extensions from insecure redirects to data: URIs. r=kmag,mayhemer
2018-02-18 19:52:52 +01:00
8afc412494
Bug 1435733 - Upgrade mixed display content pref. r=baku,ckerschb,francois,mayhemer
...
MozReview-Commit-ID: ETIgVF3zhRu
--HG--
extra : rebase_source : e4c59f50584158f4b31527347b10424b56692fa1
2018-02-05 15:37:27 +00:00
1407489a4b
Bug 1432358: Make resource URIs subject to CSP. r=gijs
...
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
extra : intermediate-source : 91c948c94506089d6f40dc59d13c75ab78ce914d
2018-01-25 14:20:31 +01:00
a6cab8c4e8
Backed out 4 changesets (bug 1432358) for failing xpcshell's test_ext_contentscript_triggeringPrincipal.js
...
Backed out changeset ef7b8eef07c1 (bug 1432358)
Backed out changeset 2fa11c525da3 (bug 1432358)
Backed out changeset a67e95bd0ccf (bug 1432358)
Backed out changeset 91c948c94506 (bug 1432358)
2018-02-12 19:58:28 +02:00
6575d66c41
Bug 1432358: Make resource URIs subject to CSP. r=gijs
...
--HG--
extra : source : 60852dec9e041887bea80313a70ad2a4cba745a6
2018-01-25 14:20:31 +01:00
b7bb86d0d4
Bug 1436184 - Remove definitions of Ci, Cr, Cc, and Cu from httpd.js and .sjs files. r=florian
...
MozReview-Commit-ID: IKKb9zr2OSf
--HG--
extra : rebase_source : 72d949405c18e6d421422e7865182352eee0c407
2018-02-06 15:03:13 -08:00
5dec0e0beb
Bug 1432992, part 1 - Remove definitions of Ci, Cr, Cc, and Cu. r=florian
...
This patch was autogenerated by my decomponents.py
It covers almost every file with the extension js, jsm, html, py,
xhtml, or xul.
It removes blank lines after removed lines, when the removed lines are
preceded by either blank lines or the start of a new block. The "start
of a new block" is defined fairly hackily: either the line starts with
//, ends with */, ends with {, <![CDATA[, """ or '''. The first two
cover comments, the third one covers JS, the fourth covers JS embedded
in XUL, and the final two cover JS embedded in Python. This also
applies if the removed line was the first line of the file.
It covers the pattern matching cases like "var {classes: Cc,
interfaces: Ci, utils: Cu, results: Cr} = Components;". It'll remove
the entire thing if they are all either Ci, Cr, Cc or Cu, or it will
remove the appropriate ones and leave the residue behind. If there's
only one behind, then it will turn it into a normal, non-pattern
matching variable definition. (For instance, "const { classes: Cc,
Constructor: CC, interfaces: Ci, utils: Cu } = Components" becomes
"const CC = Components.Constructor".)
MozReview-Commit-ID: DeSHcClQ7cG
--HG--
extra : rebase_source : d9c41878036c1ef7766ef5e91a7005025bc1d72b
2018-02-06 09:36:57 -08:00
2b1c8dccb6
Bug 1339461 - script-generated patch to convert foo.indexOf(...) == -1 to foo.includes(), r=Mossop.
2018-02-01 20:45:22 +01:00
918ed6c474
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
2018-01-29 15:20:18 -08:00
7c392f077e
Bug 1418085 part 6. Remove nsIDOMHTMLElement. r=mystor
...
MozReview-Commit-ID: 5QUyFeAQYZQ
2018-01-30 00:25:36 -05:00
9da3878bc9
Bug 1418076 part 11. Eliminate the nsIDOMHTMLDocument interface. r=mystor
...
MozReview-Commit-ID: 4lEcUeenbg3
2018-01-26 01:03:25 -05:00
9a65a40178
Backed out 3 changesets (bug 1431533) for Android mochitest failures on testEventDispatcher on a CLOSED TREE
...
Backed out changeset a1eca62826a1 (bug 143153314315331431533
2018-01-30 07:17:48 +02:00
e565b1fe1b
Bug 1432944 part 11. Remove nsIDOMElement::GetAttribute. r=mccr8
...
MozReview-Commit-ID: 2f1vFvRdCPG
2018-01-29 23:28:00 -05:00
f60fd673d6
Bug 1432186 part 19. Remove the nsIDOMNode::*_NODE constants. r=mccr8
...
MozReview-Commit-ID: KvKjeKIOB9K
2018-01-29 23:10:53 -05:00
6476f95b13
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
2018-01-29 15:20:18 -08:00
af8879d1eb
Backed out 2 changesets (bug 1431533) for ESlint failures on a CLOSED TREE
...
Backed out changeset 6e56f4c8843e (bug 14315331431533
2018-01-30 02:32:43 +02:00
c276bb9375
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
This was done using the following script:
37e3803c7a/processors/chromeutils-import.jsm
2018-01-29 15:20:18 -08:00
7b23ba9165
Bug 1397740 - Removed security.xcto_nosniff_block_images from about:config r=ckerschb,fkiefer
...
MozReview-Commit-ID: HTalMWq694W
--HG--
extra : rebase_source : 0ce03ae0ed6bb754791f7aadb52bc6c55aa6c7cd
2018-01-05 10:43:17 +01:00
9d7a2186b4
Bug 1370468 - frame-ancestor tests added for userpass r=ckerschb,fkiefer
...
MozReview-Commit-ID: 4wW24JnxaKh
--HG--
extra : rebase_source : b926ea06208c1fbd91fe1a9fdee100f8cb21e8d1
2017-08-30 15:58:20 +02:00
c6da271117
Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug
...
* * *
Bug 1425458 - Resource timing entries Workers - part 10 - Correct parameters in NS_NewChannel in nsDataObj.cpp, r=me
2018-01-24 17:17:31 +01:00
aec63e140c
Backed out 3 changesets (bug 1431533) for Android mochitest bustage. CLOSED TREE
...
MozReview-Commit-ID: 5ubE9EMQpZ9
--HG--
extra : histedit_source : df68d7595925c07d9d6e8bacc2c46e69556f479a%2C72b768b9825e20ede6603ead75f871c50dc041f7
2018-01-24 22:04:59 -08:00
30b3a49bfd
Bug 1431533: Part 5a - Auto-rewrite code to use ChromeUtils import methods. r=florian
...
MozReview-Commit-ID: 8V1ZT53ReiP
--HG--
extra : rebase_source : 12b5f8c3e125111db7382eb3d7d20a99fb2c35b3
extra : absorb_source : e99fa7f6eee02e7e6cadeb898c7fcf6dac9c902a
extra : histedit_source : d0dfc31fadc2b81d341c9d0cd1efec02923c003b
2018-01-24 15:48:47 -08:00
368c3d5b6b
Backed out 12 changesets (bug 1425458) for mochitest failures on WorkerPrivate.cpp on a CLOSED TREE
...
Backed out changeset 11997de13778 (bug 1425458)
Backed out changeset 100b9d4f36bc (bug 1425458)
Backed out changeset a29e9dbb8c42 (bug 1425458)
Backed out changeset b96d58fd945c (bug 1425458)
Backed out changeset f140da44ba68 (bug 1425458)
Backed out changeset af56400233d9 (bug 1425458)
Backed out changeset 7034af4332e4 (bug 1425458)
Backed out changeset f70500179140 (bug 1425458)
Backed out changeset 793bbfc23257 (bug 1425458)
Backed out changeset 2efb375a8ffc (bug 1425458)
Backed out changeset 07e781e37451 (bug 1425458)
Backed out changeset e875f3702a5f (bug 1425458)
2018-01-24 20:47:48 +02:00
6480b95ba3
Bug 1425458 - Resource timing entries Workers - part 0 - NS_NewChannel, r=smaug
2018-01-24 17:17:31 +01:00
16dba8baf1
Bug 1432137 - Add test to verify insecure redirects to data: URIs are blocked for script modules. r=jonco
2018-01-23 14:04:21 +01:00
d8e2caf90a
Bug 1428793: Test block insecure redirects to data: URIs. r=smaug
2018-01-23 09:58:06 +01:00
47e37d6df2
Bug 1428793: Block insecure redirects to data: URIs. r=smaug
2018-01-23 09:57:47 +01:00
0319902c5b
Bug 1418243 - Fix mochitest failures due to violationDirective change. r=ckerschb
...
MozReview-Commit-ID: AphtAxYo6Hr
--HG--
extra : rebase_source : 24cd7773cb1f3583c524d142908f859ff5e88e8a
2018-01-16 23:00:00 +02:00
d1124b72c7
Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
...
MozReview-Commit-ID: 8DQ7CI5exUL
--HG--
extra : rebase_source : 69181c5e5f61f6fee5224def74c54985c3b47dee
2018-01-16 22:59:00 +02:00
a1765c1a3c
Bug 1430758 - No CSP directive for nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD, r=ckerschb
2018-01-16 15:03:02 +01:00
77efdcf21a
Backed out 2 changesets (bug 1418243) for failing mochitest at dom/security/test/csp/test_frame_ancestors_ro.html and mochitest devtools at devtools/client/webconsole/test/browser_webconsole_bug_1010953_cspro.js a=merge
...
Backed out changeset 5357dbb6df2b (bug 1418243)
Backed out changeset 778a37000696 (bug 1418243)
2018-01-16 13:02:32 +02:00
eaddf31393
Bug 1418243 - Fix SecurityPolicyViolationEvent.violatedDirective. r=ckerschb
...
MozReview-Commit-ID: 8DQ7CI5exUL
2018-01-15 23:30:00 +02:00
37efe4d0e6
Bug 1428535 - Add missing override specifiers to overridden virtual functions. r=froydnj
...
MozReview-Commit-ID: DCPTnyBooIe
--HG--
extra : rebase_source : cfec2d96faeb11656d86d760a34e0a04cacddb13
extra : intermediate-source : 6176724d63788b0fe8caa3f91607c2d93dbaa7ec
extra : source : eebbb0600447f9b64aae3bcd47b4be66c02a51ea
2017-11-05 19:37:28 -08:00
c3f3b8d161
Bug 1391277 - Investigative logging in CSP: log when 'upgrade-insecure-requests' CSP is added to the CSP context, r=bz
2018-01-11 10:57:00 +02:00
9d094a2464
Bug 1427302 - Stop supporting type=content-* on XUL <browser>s, r=bz
...
Was: Backed out changeset 83fbff91e9d2 (bug 1328605).
MozReview-Commit-ID: 2itUgw8Ogkl
--HG--
extra : rebase_source : bad855f0292b28eb61b1549a1d96914a792c0fb6
2018-01-10 19:37:29 +00:00
e97980a95e
Bug 1424917 - Remove support for HSTS Priming. r=mayhemer, r=ckerschb
...
This patch removes support and tests for HSTS priming from the tree.
2018-01-10 11:07:00 -05:00
41dae4c2d2
Bug 1425968 - Skip HSTS browser-chrome tests because the feature is being removed and they depend on an expiring Telemetry probe. r=kmckinley
2018-01-03 16:46:35 -05:00
392a4bf408
Bug 725490 - Change XFO sameorigin to check all ancestors for same origin. r=smaug
...
MozReview-Commit-ID: 5fPxGpcdVms
--HG--
extra : rebase_source : 48fb23e477a49c71e4f09735efd05dd02c46be8d
2017-11-03 15:37:10 +00:00
032c961e0a
Bug 1421992 - script-generated patch to replace do_check_* functions with their Assert.* equivalents, rs=Gijs.
2017-12-21 11:08:17 +01:00
ffc0ed12d2
Bug 1425363 - remove onWindowTitleChanged given that nobody uses it, r=bgrins
...
MozReview-Commit-ID: ALslAwZo4K9
--HG--
extra : rebase_source : ca1add0015eea86128c0c5f209252ebb6a228998
2017-12-14 21:55:44 -06:00
4f18e92ffb
Bug 1334189 - Enable mochitest-plain for linux64-qr. r=jrmuizel
...
MozReview-Commit-ID: nbcWhDq5de
--HG--
extra : rebase_source : 25e2c2b8b996ae11cd25dee07d9092ba574a9e40
2017-12-13 18:38:39 -05:00
9f4d083047
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-07 12:55:24 -08:00
89531e8dc3
Backed out 9 changesets (bug 1412456) for crashing talos g2 and unexpected network connections in browser-chrome's browser_searchEngine_behaviors.js r=backout a=backout on a CLOSED TREE
...
Backed out changeset 0c01a98f4fd5 (bug 1412456)
Backed out changeset 27077db47231 (bug 1412456)
Backed out changeset f35ec2a884f8 (bug 1412456)
Backed out changeset 602b30ac3c69 (bug 1412456)
Backed out changeset b1ff1050c589 (bug 1412456)
Backed out changeset f100d953f9eb (bug 1412456)
Backed out changeset d85af60fe259 (bug 1412456)
Backed out changeset 736f38486832 (bug 1412456)
Backed out changeset 13a637602dc2 (bug 1412456)
2017-12-07 12:20:21 +02:00
bef7c122df
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 21:17:05 -08:00
eb65c24c7b
Backed out 8 changesets (bug 1412456) for ESlint failure on browser_urlbarKeepStateAcrossTabSwitches.js:13:49 r=backout on a CLOSED TREE
...
Backed out changeset 0e88de036c55 (bug 1412456)
Backed out changeset 49b93f807db0 (bug 1412456)
Backed out changeset 039e980b7dc6 (bug 1412456)
Backed out changeset c7698410ddbd (bug 1412456)
Backed out changeset e56a1ba26b7c (bug 1412456)
Backed out changeset 0c4506e124ac (bug 1412456)
Backed out changeset a7aec2ce903b (bug 1412456)
Backed out changeset 3e9fb71f1e8e (bug 1412456)
2017-12-07 07:09:33 +02:00
be77cf4a01
Bug 1412456 - Test changes to no longer use interposition (r=felipe,bgrins,mrbkap)
...
MozReview-Commit-ID: 2nQPOSGTr1s
2017-12-06 20:46:58 -08:00
e77ee731e9
Bug 1222924 - stop allowing webpages to link to moz-icon: , r=mrbkap
...
MozReview-Commit-ID: FKEDboWIfFQ
--HG--
extra : rebase_source : 801317b5746c6e84431c6a8f2097b83523646016
2017-11-22 21:31:41 +00:00
63739feac3
Bug 1037335 - Add a pref to enable only within Nightly and Early Beta. r=ckerschb,smaug
...
MozReview-Commit-ID: Bi82dHm53qX
--HG--
extra : rebase_source : 61a7c517afb2759d672a1c486213a73ef505a324
extra : amend_source : 572a2c8613fe36ae1ebd613a361bb23acc019912
2017-11-29 16:55:00 +02:00
a3b493b9ca
Bug 1037335 - Add a mochitest for security policy violation event. r=ckerschb
...
MozReview-Commit-ID: 7l5jJFEtIaT
--HG--
extra : rebase_source : 49b6794482f0be79919b20226aa571d6ebe066de
2017-11-29 16:54:00 +02:00
8dd7eb1b95
Bug 1037335 - Implement security policy violation event. r=ckerschb,smaug
...
MozReview-Commit-ID: 4BYThUXduI4
--HG--
extra : rebase_source : 5d4a34c5e6bb7fd3774fafb1de72e761bce4591f
2017-11-29 16:53:00 +02:00
513ba7660d
Backed out changeset b3d1e9847a7a (bug 725490) for mochitest failures in dom/base/test/test_x-frame-options.html r=backout on a CLOSED TREE
2017-11-29 12:01:19 +02:00
099e4fa549
Bug 1421458 - Add more initial configuration setup and prepare .eslintignore for enabling ESLint on more xpcshell-test directories. r=mossop
...
MozReview-Commit-ID: 4nbTuNNnAdZ
--HG--
extra : rebase_source : 7131f0ddad79d28615a5799c657972bd84a69180
2017-11-28 22:57:08 +00:00
6986c42dfa
Bug 1190623 - Add a pref to consider object sub requests as active. r=tanvi, r=ckerschb
...
MozReview-Commit-ID: Br2F89IfWng
2017-11-11 01:15:06 +00:00
5565689b54
Bug 725490 - Change XFO sameorigin to check all ancestors for same origin. r=smaug
...
MozReview-Commit-ID: 5fPxGpcdVms
--HG--
extra : rebase_source : f25e525c1e5f6cfe2c5002779fefe17263896d02
2017-11-03 15:37:10 +00:00
326ce05075
Bug 1415352: Part 3a - Add preference to increase max length of CSP report source sample. r=ckerschb
...
This is necessary for tests which need to verify that reports are being sent
for the correct inline sources, where the current sample size is not enough to
completely distinguish them.
MozReview-Commit-ID: 2k2vAhJhIsi
--HG--
extra : rebase_source : 268a53d1450be6666081bf5093aa170352b398e1
2017-11-06 14:01:32 -08:00
e011d320e1
Bug 1398229 - Save-link-as feature should use the loading principal - part 4 - Comment updated, r=me
2017-11-19 08:53:47 +01:00
92d28bd8f2
Merge inbound to mozilla-central r=merge a=merge
2017-11-17 11:59:03 +02:00
97baa05333
Bug 1398229 - Save-link-as feature should use the loading principal - part 3 - implementation of nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD, r=ckerschb, r=tanvi
2017-11-16 12:27:01 +01:00
59de60ae4b
Bug 1407343 Silence multiple classes of warnings for the MinGW build, including not enabling format warnings unless -Wformat is set r=froydnj,glandium
...
MozReview-Commit-ID: ALmo1hbqVxC
--HG--
extra : rebase_source : a68475b90372cd5679c37474fb6705b2a5d48ddf
2017-11-16 12:36:33 -06:00
6c1d6be6fb
Backed out 3 changesets (bug 1398229) for failing own browser-chrome browser/components/contextualidentity/test/browser/browser_saveLink.js. r=backout on a CLOSED TREE
...
Backed out changeset 5b3b0a38b2d1 (bug 1398229)
Backed out changeset a726fc7506ca (bug 1398229)
Backed out changeset 53dae7764e58 (bug 1398229)
2017-11-15 20:49:09 +02:00
11eefa61bb
Bug 1398229 - Save-link-as feature should use the loading principal - part 3 - implementation of nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD, r=ckerschb
2017-11-15 18:16:29 +01:00
c848c91be9
Bug 1415612: Allow all plain text types when navigating top-level data URIs. r=bz
2017-11-13 21:25:02 +01:00
1ea20715d4
Bug 1407891: Test navigation for right-click view-image on data:image/svg. r=bz
2017-11-08 17:43:26 +01:00
6584da597b
Bug 1407891: Allow view-image to open a data: URI by setting a flag on the loadinfo. r=bz
2017-11-08 20:01:41 +01:00
d5958a52e0
Bug 1403870: Test toplevel data URI navigation to application/json is allowed. r=smaug
2017-11-03 13:27:01 +01:00
078474c979
Bug 1403870: Allow toplevel data URI navigation data:application/json. r=smaug
2017-11-03 13:26:28 +01:00
3d0a1f002e
Bug 1403814 - Block toplevel data: URI navigations only if openend in the browser. r=smaug
2017-11-03 13:23:11 +01:00
60bd93b916
Bug 1403814 - Update tests for toplevel data URI blocking because we know block after we have received the response. r=smaug
2017-11-03 13:22:57 +01:00
8f13729a0f
Bug 1403814: Test navigation to data:text/csv. r=smaug
2017-10-11 22:47:12 +02:00
5703b12317
Bug 1302667 - CSP: Update test_child-src_worker.html because child-src falls back to script-src. r=dveditz,mckinley
2017-10-30 18:46:34 +01:00
67c85139df
Bug 1302667 - CSP: Test 'frame-src'. r=dveditz,mckinley
2017-10-30 18:46:19 +01:00
d1b704d00d
Bug 1302667 - CSP: Test 'worker-src'. r=dveditz,mckinley
2017-10-30 18:46:05 +01:00
5d54a394cc
Bug 1302667 - CSP: Add Parser test for 'worker-src'. r=dveditz,mckinley
2017-10-30 18:45:50 +01:00
2fd8493f7f
Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley
2017-10-30 18:45:36 +01:00
75fc345254
bug 1406391 - Remove toolkit.telemetry.enabled manipulation from tests r=Dexter
...
Minor note:
reftests should've turned off uploadEnabled in the first place.
reftests should have unified telemetry on. It's the future.
MozReview-Commit-ID: 9spzuUAXwwP
2017-10-30 10:47:39 -04:00
44d1b50592
Backed out changeset 70ccfda99dbc::ca6ae38c0432 (bug 1302667) for frequently failing mochitest in security/test/csp/test_worker_src.html r=backout a=backout on a CLOSED TREE
...
Backed out changeset ca6ae38c0432 (bug 1302667)
Backed out changeset ff86e185e09d (bug 1302667)
Backed out changeset 8ec6b8bf8c6c (bug 1302667)
Backed out changeset 21c73f9d8fac (bug 1302667)
Backed out changeset e982481dbf2c (bug 1302667)
Backed out changeset 70ccfda99dbc (bug 1302667)
2017-10-30 14:19:29 +02:00
f74ce8742c
Bug 1302667 - CSP: Update test_child-src_worker.html because child-src falls back to script-src. r=dveditz,mckinley
2017-10-30 09:07:31 +01:00
3a0a307bf0
Bug 1302667 - CSP: Test 'frame-src'. r=dveditz,mckinley
2017-10-30 09:07:12 +01:00
5fc9f5eebd
Bug 1302667 - CSP: Test 'worker-src'. r=dveditz,mckinley
2017-10-30 09:06:53 +01:00
0de95dd051
Bug 1302667 - CSP: Add Parser test for 'worker-src'. r=dveditz,mckinley
2017-10-30 09:06:35 +01:00
58b63c1576
Bug 1302667 - CSP: Implement 'worker-src'. r=baku,dveditz,mckinley
2017-10-30 09:10:36 +01:00
4bc2b1615d
Backed out 4 changesets (bug 1408433, bug 1406391, bug 1408512) for crashing tests by touching the network contacting incoming.telemetry.mozilla.org on nightly builds
...
Backed out changeset 9bfd4b0927dc (bug 1408433)
Backed out changeset 555850d5107e (bug 1408512)
Backed out changeset 15d959b9123e (bug 1406391)
Backed out changeset e1f34ba9cecc (bug 1406391)
MozReview-Commit-ID: BVoGRsD73Hf
2017-10-27 21:08:27 -07:00
8e6dd31d55
bug 1406391 - Remove toolkit.telemetry.enabled manipulation from tests r=Dexter
...
Minor note:
reftests should've turned off uploadEnabled in the first place.
MozReview-Commit-ID: 9spzuUAXwwP
2017-10-27 10:59:43 -04:00
298aa82710
Bug 1412125, part 2 - Fix dom/ mode lines. r=qdot
...
This was automatically generated by the script modeline.py.
MozReview-Commit-ID: BgulzkGteAL
--HG--
extra : rebase_source : a4b9d16a4c06c4e85d7d85f485221b1e4ebdfede
2017-10-26 15:08:41 -07:00
1d0acbdb9b
Bug 1412125, part 1 - Manually add mode lines and MPL to files that were missing them entirely. r=qdot
...
These were detected by the script used to generate part 2.
MozReview-Commit-ID: VMcT154f6f
--HG--
extra : rebase_source : 2f5fc8a314302fcacac840a8dbe0ff874d518e51
2017-10-26 14:54:59 -07:00
ebfa77072c
Bug 1408451: Log to web console when blocking toplevel data: URI navigations. r=bz
2017-10-16 14:18:52 +02:00
42bc28d260
Bug 1399956 - Disable some mochitests in headless. r=jrmuizel
...
These tests will need more work and are low priority.
MozReview-Commit-ID: H0J16E8FqNr
2017-10-16 16:15:45 -07:00
98c0c61998
Bug 1407056: Follow-up: Don't try to truncate data URI strings to a longer length. r=me
...
MozReview-Commit-ID: CDsYXyrhB7T
--HG--
extra : rebase_source : 5647f2d05def805218a2ee45913da4388a4d9647
extra : amend_source : e5015c868db64dce924476600f713b6c3aac1e17
2017-10-12 16:56:37 -07:00
84fb189b82
Bug 1407056: Part 2 - Override page CSP for loads by expanded principals. r=bz,krizsa
...
Per the CSP specification, content injected by extensions is meant to be
exempt from page CSP. This patch takes care of the most common case of content
injected by extension content scripts, which always have expanded principals
which inherit from the page principal.
In a follow-up, we'll probably need to extend the exemption to stylesheet
content loaded by extension codebase principals.
MozReview-Commit-ID: GlY887QAb5V
--HG--
extra : rebase_source : 1371b4e4e7f330b7f7721d4aa169fcb52a7622d0
2017-10-07 14:53:30 -07:00
5fdcb5a5d2
Bug 1407056: Part 1 - Provide more consistent principal/origin URL to content policies. r=bz,ckerschb
...
We're currently fairly vague and inconsistent about the values we provide to
content policy implementations for requestOrigin and requestPrincipal. In some
cases they're the triggering principal, sometimes the loading principal,
sometimes the channel principal.
Our existing content policy implementations which require or expect a loading
principal currently retrieve it from the context node. Since no current
callers require the principal to be the loading principal, and some already
expect it to be the triggering principal (which there's currently no other way
to retrieve), I chose to pass the triggering principal whenever possible, but
use the loading principal to determine the origin URL.
As a follow-up, I'd like to change the nsIContentPolicy interface to
explicitly receive loading and triggering principals, or possibly just
LoadInfo instances, rather than poorly-defined request
origin/principal/context args. But since that may cause trouble for
comm-central, I'd rather not do it as part of this bug.
MozReview-Commit-ID: LqD9GxdzMte
--HG--
extra : rebase_source : 41ce439912ae7b895e0a3b0e660fa6ba571eb50f
2017-10-12 15:43:55 -07:00
159f6b5627
Bug 1406794 - Provide the CSP keywords in both UTF8 and UTF16 forms. r=ckerschb
...
This avoids the need for numerous 8-to-16-bit and 16-to-8-bit string
conversions.
The patch also introduces a higher-order macro, FOR_EACH_CSP_KEYWORD, which
defines all the stuff about the keywords in a single place and makes the code
nicer.
--HG--
extra : rebase_source : b0f655546aa397749bb18dc7d6d27fbc12fe8fca
2017-10-06 16:16:52 +11:00
a8b72c7aa8
Bug 1380755 - Examine & report on frame-ancestors CSP in report-only mode. r=ckerschb
...
Despite what the comment here says, there is nowhere in the W3C CSP spec stating
that frame-ancestors should be ignored in report-only mode.
2017-07-17 14:19:57 -04:00
eec881a235
Bug 1391693 P3 Allow CSP report channels to be internally redirected. r=ckerschb
2017-10-09 10:03:40 -07:00
e51c33aaf4
Bug 1399379 - Use memcpy to import/export SRI hashes to the JS bytecode buffer. r=francois
2017-10-03 10:00:00 -04:00
b0dac2b742
Bug 1403641: Test data: URI download. r=bz
2017-10-04 08:44:36 +02:00
04a3ca2e32
Bug 1403641: Allow data: URI downloads even if data: URI navigations are blocked. r=bz
2017-10-04 08:43:56 +02:00
a3d6a913cc
Bug 1402363: Test Mixed Content Redirect Blocking. r=tanvi,kate
2017-10-02 09:12:12 +02:00
8944f6c302
Bug 1402363: Explicitly cancel channel after mixed content redirect. r=honza,kate
2017-10-02 09:11:57 +02:00
e69b3c7976
Bug 1403024 part 1 - Add nsContentUtils::SchemeIs helper function. r=bholley
...
MozReview-Commit-ID: 2NVc5QJSjl
--HG--
extra : rebase_source : 5d25c9c507eaa2a08d68c331a8ba9d304c97f305
2017-09-26 10:21:01 +10:00
5698729243
Bug 870698 - Part 10: Replace Append(NS_LITERAL_STRING("")) with AppendLiteral(u""). r=erahm
...
The NS_LITERAL_STRING macro creates a temporary nsLiteralString to encapsulate the char16_t string literal and its length, but AssignLiteral() can determine the char16_t string literal's length at compile-time without nsLiteralString.
MozReview-Commit-ID: H9I6vNDMdIr
--HG--
extra : rebase_source : cf537a1f65af003c6c4f8919b925b0f305c1dd4d
extra : source : 13b89ce4e6a66c840f82a335c71f5a12938aba22
2017-09-07 18:32:54 -07:00
a6a56ed916
Bug 870698 - Part 6: Replace Append(NS_LITERAL_CSTRING("")) with AppendLiteral(""). r=erahm
...
The NS_LITERAL_CSTRING macro creates a temporary nsLiteralCString to encapsulate the string literal and its length, but AssignLiteral() can determine the string literal's length at compile-time without nsLiteralCString.
MozReview-Commit-ID: F750v6NN81s
--HG--
extra : rebase_source : 714dd78df0f4c33e23e5b117615bd8fd561674c5
extra : source : 742bda9e6b1ddaf34d09894204ad18ce798b79b7
2017-09-07 18:25:25 -07:00
a0c8081df4
Bug 870698 - Part 4: Replace Equals("") with EqualsLiteral(""). r=erahm
...
MozReview-Commit-ID: G1GhyvD29WK
--HG--
extra : rebase_source : 115842c37a40041bdca7b4e1ff0a5680b02ced15
extra : source : 90bfff9c01d80086cdc17637f310e898fea295ea
2017-09-06 01:13:45 -07:00
ece368a815
Bug 1398692: Test toplevel navigation to a data:application/pdf. r=bz
2017-09-14 07:37:07 +02:00
929390bec4
Bug 1398692: Allow toplevel navigation to a data:application/pdf. r=bz
2017-09-14 07:34:41 +02:00
2cbe4b9466
Bug 1398691 - Unescape data: URI for console message when blocking toplevel data: URI navigations. r=smaug
2017-09-12 07:06:38 +02:00
d43805d4f6
Bug 1396320: Fix CSP sandbox regression for allow-scripts. r=dveditz
2017-09-07 09:11:38 +02:00
9db4e41781
Bug 1396798: Test toplevel data: URI navigation to images. r=smaug
2017-09-06 16:16:18 +02:00
1e7caa84a1
Bug 1396798: Do not block toplevel data: navigation to image (except svgs). r=smaug
2017-09-06 16:27:05 +02:00
11ddd453de
Bug 1394554: Test block data: URI toplevel navigations after redirect. r=smaug
2017-09-06 09:34:59 +02:00
8cc650c579
Bug 1394554: Test block data: URI toplevel navigations after redirect. r=smaug
2017-09-06 09:34:38 +02:00
9522e28631
Bug 1394554: Block toplevel data: URI navigations after redirect. r=smaug
2017-09-06 09:33:10 +02:00
1b8c06e845
Bug 1331740: Pass correct context for TYPE_DOCUMENT loads within docshell. r=smaug
2017-09-05 18:01:07 +02:00
3c8567b60d
Bug 1354989 - Avoid pivoting via UTF-16 when loading CSS in the Stylo mode. r=jdm,SimonSapin
...
MozReview-Commit-ID: Llt29dvB4Io
--HG--
extra : rebase_source : 3ae51dc8beff3fb19e9318a6c7c30c9ab08a5b57
2017-08-29 16:01:42 +03:00
90189a558c
Bug 863246 - Fix test failures r=Gijs
...
MozReview-Commit-ID: 8tUr27zvs8z
--HG--
extra : rebase_source : 997ace66c37098701d433508c682ed7621a78479
2017-07-19 17:30:01 +08:00
a8f25b8f67
Backed out changeset a7b0c6ddd812 (bug 863246)
2017-08-25 16:43:33 +02:00
2c9f10e897
Bug 863246 - Fix test failures r=Gijs
...
MozReview-Commit-ID: 8tUr27zvs8z
--HG--
extra : rebase_source : f9ce0f19c1cceeefac0a015d33b94bb787a34ffb
2017-07-19 17:30:01 +08:00
a33f11e0f5
Bug 1391803 - Use nsStringFwd.h for forward declaring string classes. r=froydnj
...
We should not be declaring forward declarations for nsString classes directly,
instead we should use nsStringFwd.h. This will make changing the underlying
types easier.
--HG--
extra : rebase_source : b2c7554e8632f078167ff2f609392e63a136c299
2017-08-16 16:48:52 -07:00
2ae1ae3098
Bug 1387871 - CSP: Test 'self' within meta csp in data: URI iframe. r=dveditz
2017-08-23 09:50:20 +02:00
79a239cba5
Bug 1387684 - CSP: Special case 'self' for unique opaque origins. r=dveditz
2017-08-23 10:05:12 +02:00
d6143e40d8
Bug 1391011: CSP: Test upgrade-insecure-requests for toplevel navigations when base it https. r=smaug
2017-08-21 08:58:01 +02:00
366445521c
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: DjSlrmDFfe3
2017-08-16 17:14:41 -07:00
5c5de1568b
Bug 1390687 - remove versioned javascript and legacy generator code r=emk
...
MozReview-Commit-ID: 5f3NQdjQ68v
--HG--
extra : rebase_source : 6216fa33d168fb39b885f7cd0e4f7622af8dc3df
2017-08-15 16:08:16 -07:00
722233fed1
Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
...
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-16 13:00:22 +02:00
eea1986e03
merge mozilla-inbound to mozilla-central a=merge
2017-08-16 11:23:24 +02:00
1fc6e56a12
merge autoland to mozilla-central a=merge
2017-08-16 11:20:31 +02:00
a478b0ef54
Backed out changeset adf5ed713e0d (bug 1376895)
2017-08-16 11:15:50 +02:00
a83fefd956
Bug 1390036 (part 1) - Remove most remaining uses of nsXPIDLString. r=erahm.
...
CompareCacheHashEntry::mCrit[] is the only case where the nsXPIDLString-ness
was important. The patch adds an explicit SetIsVoid() call to that class's
constructor and changes some null checks to IsVoid() checks.
--HG--
extra : rebase_source : e68befcde4dd098bac2a550bc666eaf3bf1298d7
2017-08-11 18:31:22 +10:00
3945278423
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: D96bIJACwZe
2017-08-15 19:16:12 -07:00
38894511bc
Bug 1390106 - Stop using versioned scripts in dom. r=mrbkap
...
MozReview-Commit-ID: 89KvCoTAg3I
--HG--
extra : rebase_source : 24831fa454a1cc6fff70a9b1eb509d0f5aeb800a
2017-08-14 20:42:55 +09:00
a53261ca24
Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
...
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-15 14:05:17 +02:00
7f90eb21ad
Bug 1384741 - Part 4: Test that we don't send CSP violation reports for cached fonts we don't actually use. r=jfkthame
...
MozReview-Commit-ID: Hlu6Dp1Hc1D
2017-08-07 10:13:31 +08:00
d531dc4afb
Bug 1384741 - Part 2: Allow file_report_chromescript.js to listen for more than one CSP violation report. r=bz
...
MozReview-Commit-ID: 8ym5OqSUTMW
2017-08-07 10:11:04 +08:00
fdf6f9c5ef
Bug 1384741 - Part 1: Add facility to buffer up CSP violation reports. r=bz
...
MozReview-Commit-ID: G4JLTmP1wD7
2017-08-07 10:09:32 +08:00
0262e6e6ac
Bug 1388552 - Export the HUDService object directly instead of individual methods and properties;r=nchevobbe
...
MozReview-Commit-ID: 9AYCuqqv1U7
--HG--
extra : rebase_source : 83612fd2c4edfde5c86cfc11a70682cc74ebfa12
2017-08-11 09:07:04 -07:00
32e5d77ba4
Bug 1387805 - Remove [deprecated] nsIScriptSecurityManager.getCodebasePrincipal(). r=bz
...
MozReview-Commit-ID: CY47PBaQ5oy
--HG--
extra : rebase_source : 6a82bae0d3caafadc772a08a1d392ab30c4ad914
2017-08-06 15:31:31 +09:00
01f545fea7
Bug 1386825 - Part 1: Remove MOZ_B2G from dom. r=bkelly
...
MozReview-Commit-ID: 1zzP2r01B7U
2017-08-08 14:41:05 -07:00
a1341ccf6d
Bug 1387811 - Follow up for Test within Bug 1381761: CSP JSON is never null, hence it's better to check actual contents of JSON for testing. r=dveditz
2017-08-06 11:37:09 +02:00
4c276ebc38
Bug 1382869: Test data document should ignore meta csp. r=bz
2017-08-08 15:38:22 +02:00
23c8b30d23
Bug 1381282 - Change nsScriptErrorBase::InitWithWindowID so that it does not call GetSensitiveInfoHiddenSpec as much as now. r=bz r=valentin
2017-08-07 15:56:30 +02:00
f941156987
Bug 1386600 - Change nsIStringBundle methods to return |AString| instead of |wstring|. r=emk,sr=dbaron.
...
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.
The patch also removes a couple of unused declarations from
nsIStringBundle.idl.
Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.
--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
2017-08-04 14:40:52 +10:00
8b713b2b0f
Bug 1375125 - Stop using nsILocalFile in the tree. r=froydnj
...
This mechanically replaces nsILocalFile with nsIFile in
*.js, *.jsm, *.sjs, *.html, *.xul, *.xml, and *.py.
MozReview-Commit-ID: 4ecl3RZhOwC
--HG--
extra : rebase_source : 412880ea27766118c38498d021331a3df6bccc70
2017-08-04 17:49:22 +09:00
092434c08c
Bug 1376651 - Pass the nsIScriptElement instead of allocating a string every time r=ckerschb
...
Change the interface to GetAlowsInline to take an nsISupports* instead
of a string, and pass the nsIScriptElement directly. If we don't have an
element, then pass nullptr or the mock string created as an
nsISupportsString.
MozReview-Commit-ID: pgIMxtplsi
--HG--
extra : rebase_source : 4691643bb67ff6c78a74a4886a04c4816cff6219
2017-07-27 11:01:24 -07:00
8b999864f0
Bug 1381761 - Test data: URIs inherit the CSP even if treated as unique, opaque origins. r=dveditz
2017-08-04 14:10:38 +02:00
38a3b36992
Bug 1386183 - Test Meta CSP on data: URI iframe to be merged with CSP from including context. r=dveditz
2017-08-03 10:52:27 +02:00
20689fef47
Backed out 2 changesets (bug 1376895) for breaking browser_identity_UI.js with assertions in nsPermissionManager.cpp a=backout
...
Backed out changeset 620d01ac103a (bug 1376895)
Backed out changeset 3a06ab7fda1a (bug 1376895)
MozReview-Commit-ID: 2C8kUg77dz8
2017-08-14 13:13:45 -07:00
7f2b53e79a
Bug 1376895 - Make preloaded browser use pre-existing content process. r=mconley
...
We want to avoid to have several cached content processes, one for each
preloaded browser (one per window) and one for the preallocated process.
For that we force the preloaded browser to choose an existing process and
during the first navigation in that tab, that leaves about:newtab, we re-run
the process selecting algorithm
2017-08-14 17:42:05 +02:00
ddd4030358
merge mozilla-inbound to mozilla-central. r=merge a=merge
...
MozReview-Commit-ID: IrMqWiJhwan
2017-08-01 11:23:57 +02:00
73558eac3d
Bug 1384834 (part 2) - Remove remaining uses of nsAdoptingCString. r=erahm.
...
--HG--
extra : rebase_source : 70a385a0a06bc88e728d51459e7460a68f15f7fb
2017-07-28 11:21:47 +10:00
d18fdecf67
Bug 1384834 (part 1) - Remove remaining uses of nsAdoptingString. r=erahm.
...
--HG--
extra : rebase_source : c81ee11b9d08198a000979760a8e29a01e9498d0
2017-07-28 11:21:45 +10:00
b11975d1ad
Merge m-c to autoland, a=merge
...
MozReview-Commit-ID: L5cEw8jWPNI
2017-07-31 17:53:14 -07:00
915c63c332
merge mozilla-central to mozilla-inbound. r=merge a=merge
2017-07-31 11:28:37 +02:00
72c884bf74
Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
...
--HG--
extra : rebase_source : d317b25be2ec21d1a60d25da3689e46cdce0b649
2017-07-31 14:28:48 +10:00
ef8d138ba7
Bug 1279218 - Remove tests related to the applet tag; r=bz
...
MozReview-Commit-ID: FzzA5Qic4Uq
--HG--
extra : rebase_source : 64206ee3e5073bafd822b23040fe6e24dda3463f
2017-07-10 16:15:16 -07:00
d360d49d2a
merge mozilla-inbound to mozilla-central a=merge
2017-07-27 10:57:25 +02:00
d935b29e72
Bug 1378930 - Part 1: Remove nsINamed::SetName(). r=billm
...
MozReview-Commit-ID: 7aM1yJRsfPH
--HG--
extra : rebase_source : f207a37be835ac4e6c431af56737cebacf5c566d
2017-07-21 11:50:43 +08:00
ba4b3b9101
Bug 1384233 - Remove SizePrintfMacros.h. r=froydnj
...
We have a minimum requirement of VS 2015 for Windows builds, which supports
the z length modifier for format specifiers. So we don't need SizePrintfMacros.h
any more, and can just use %zu and friends directly everywhere.
MozReview-Commit-ID: 6s78RvPFMzv
--HG--
extra : rebase_source : 009ea39eb4dac1c927aa03e4f97d8ab673de8a0e
2017-07-26 16:03:57 -04:00
e4b4af3900
Bug 1331351: Disable mochitest on android. r=me
2017-07-25 13:33:50 +02:00
2d37dad0be
Bug 1331351: Test allow toplevel window data: URI navigations from system. r=smaug
2017-07-24 18:51:39 +02:00
e116c4627b
Bug 1331351: Test block toplevel window data: URI navigations. r=smaug
2017-07-24 18:52:01 +02:00
bf7fff95f0
Bug 1379786, part 4 - Use GetIsSystemPrincipal() method instead of going through secman in CHECK_PRINCIPAL_AND_DATA. r=mrbkap
...
MozReview-Commit-ID: INBsjjxbXZz
--HG--
extra : rebase_source : fd6d491d01acc70be1bf51e25ec31bbcde81344a
2017-07-10 15:00:03 -07:00
112cadfae3
Merge m-c to autoland. a=merge
2017-07-14 09:52:56 -04:00
1ad55fc00a
Bug 1380683 - Fix test_frameNavigation.html to pass with webrender enabled. r=jhao
...
MozReview-Commit-ID: 7CiM1eAFNJU
--HG--
extra : rebase_source : 0900fcc0cee8d44957408929f5451093e1db0728
2017-07-13 11:17:16 -04:00
3e3a7ddb9b
Bug 1367814 - Let nsContentSecurityManager check if a redirect may load against the target channel's final URI, r=bz
...
This allows protocol handlers that load data from a privileged URI (chrome/file/jar) to make the channel's principal
as well as the redirect to look like (to) an unprivileged URI or a URI allowed to load to function correctly.
2017-07-13 05:51:00 +02:00
6ea5505659
Backed out changeset 13a9e2bbb96a (bug 1256122) for landing with wrong bug number in commit message
2017-07-13 15:41:53 +02:00
1fead4cd75
Bug 1256122 - Let nsContentSecurityManager check if a redirect may load against the target channel's final URI, r=bz
...
This allows protocol handlers that load data from a privileged URI (chrome/file/jar) to make the channel's principal
as well as the redirect to look like (to) an unprivileged URI or a URI allowed to load to function correctly.
2017-07-13 05:51:00 +02:00
c86dc10505
Bug 1380227 - Avoid many UTF16toUTF8 and UTF8toUTF16 conversions in nsStringBundle. r=emk.
...
Most of the names passed to nsIStringBundle::{Get,Format}StringFromUTF8Name
have one of the two following forms:
- a 16-bit C string literal, which is then converted to an 8-bit string in
order for the lookup to occur;
- an 8-bit C string literal converted to a 16-bit string, which is then
converted back to an 8-bit string in order for the lookup to occur.
This patch introduces and uses alternative methods that can take an 8-bit C
string literal, which requires changing some signatures in other methods and
functions. It replaces all C++ uses of the old methods.
The patch also changes the existing {Get,Format}StringFromName() methods so
they take an AUTF8String argument for the name instead of a wstring, because
that's nicer for JS code.
Even though there is a method for C++ code and a different one for JS code,
|binaryname| is used so that the existing method names can be used for the
common case in both languages.
The change reduces the number of NS_ConvertUTF8toUTF16 and
NS_ConvertUTF16toUTF8 conversions while running Speedometer v2 from ~270,000 to
~160,000. (Most of these conversions involved the string
"deprecatedReferrerDirective" in nsCSPParser.cpp.)
--HG--
extra : rebase_source : 3bee57a501035f76a81230d95186f8c3f460ff8e
2017-07-12 15:13:37 +10:00
84d5adef43
Bug 1331730 - Log CORS messages from the content process r=bz,mayhemer
...
In e10s, a channel created by parent does not have a reliable reference
to the inner window ID that initiated the request. Without that, the
channel must request that the content process log and blocked messages
to the web console. This patch creates a new ipdl interface to pass the
message from the parent to the child process. The nsCORSListenerProxy
also needs to keep a reference to the nsIHttpChannel that created it so
it can find its way back to the child. Additionally, the
HttpChannelParent needs to be propagated when creating a new channel for
CORS.
MozReview-Commit-ID: 8CUhlVCTWxt
--HG--
extra : rebase_source : 350f39ad6f7ada39e88dfcc69c4f2c470e2be0de
2017-02-15 12:40:41 +09:00
a6583be403
Bug 1376238 - Skip browser_hsts-priming_include-subdomains.js on linux for intermittent failures; r=me,test-only
2017-07-12 10:48:29 -06:00
9ff74a50f4
Bug 1373513 - Part 3: Revert Bug 1363634. r=ckerschb
...
Revert what we did in Bug 1363634, from the spec, data:text/css should be same origin.
2017-07-12 11:00:34 +08:00
250d4b1ff8
Bug 1377426 - Set CSP on freshly created nullprincipal when iframe is sandboxed. r=dveditz
2017-07-11 08:48:37 +02:00
4e9cf83ee8
Bug 1378712 - Remove all trailing whitespaces r=Ehsan
...
MozReview-Commit-ID: Kdz2xtTF9EG
--HG--
extra : rebase_source : 7235b3802f25bab29a8c6ba40a181a722f3df0ce
2017-07-06 14:00:35 +02:00
f115503a0b
Bug 1372405 - Provide names for all runnables in the tree (r=froydnj)
...
MozReview-Commit-ID: DKR6ROiHRS7
2017-06-26 14:19:58 -07:00
a039d5288b
Bug 1311239 - Intermittent dom/security/test/hsts/browser_hsts-priming_hsts_after_mixed.js. temporarily disable. r=gbrown
...
MozReview-Commit-ID: EWCAOjebfcH
2017-06-23 15:12:34 -04:00
f1364a75ea
Bug 1374580 (part 3) - Remove ns{,C}Substring typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsSubstring --> nsAString
- nsCSubstring --> nsACString
--HG--
extra : rebase_source : cfd2238c52e3cb4d13e3bd5ddb80ba6584ab6d91
2017-06-20 19:19:52 +10:00
fe9268c4cd
Bug 1374580 (part 2) - Remove nsAFlat{,C}String typedefs. r=froydnj.
...
All the instances are converted as follows.
- nsAFlatString --> nsString
- nsAFlatCString --> nsCString
--HG--
extra : rebase_source : b37350642c58a85a08363df2e7c610873faa6e41
2017-06-20 19:19:05 +10:00
66f6d259bc
Bug 1374282 - script generated patch to remove Task.jsm calls, r=Mossop.
2017-06-22 12:51:42 +02:00
10ee6a5c4e
Bug 1362970 - Part 2 - Script-generated patch to convert .then(null, ...) to .catch(...). r=florian
...
Changes to Promise tests designed to test .then(null) have been reverted, and the browser/extensions directory was excluded because the projects it contains have a separate process for accepting changes.
MozReview-Commit-ID: 1buqgX1EP4P
--HG--
extra : rebase_source : 3a9ea310d3e4a8642aabbc10636c04bfe2e77070
2017-06-19 11:32:37 +01:00
396962011a
Bug 1363546 - Store and report HSTS upgrade source r=francois,keeler,mayhemer p=francois
...
Add a field to the HSTS cache which indicates the source of the HSTS
entry if known, from the preload list, organically seen header, or HSTS
priming, or unknown otherwise. Also adds telemetry to collect the source
when upgrading in NS_ShouldSecureUpgrade.
MozReview-Commit-ID: 3IwyYe3Cn73
--HG--
extra : rebase_source : 9b8daac3aa02bd7a1b4285fb1e5731a817a76b7f
2017-05-23 15:31:37 -07:00
Andrea Marchesini
Christoph Kerschbaumer
Chris Peterson
vinoth
Tom Schuster
Cristina Coroiu
Kartikaya Gupta
Brindusan Cristian
Ben Kelly
Jonathan Kingston
Cosmin Sabou
Kris Maglione
Francois Marier
Dorel Luca
Bobby Holley
shindli
Andreea Pavel
Sebastian Hengst
Tristan Bourvon
Gurzau Raul
Gijs Kruitbosch
Boris Zbarsky
Dave Townsend
Emilio Cobos Álvarez
Bogdan Tara
Henri Sivonen
Vinothkumar Nagasayanan
Tooru Fujisawa
Cristian Brindusan
Tiberius Oros
Georg Koppen
Adam Kasztenny
Nicolas Chevobbe
Florian Quèze
Valentin Gosu
Andrew McCreight
Chung-Sheng Fu
Honza Bambas
Kate McKinley
Ryan VanderMeulen
Bill McCloskey
arthur.iakab
Mark Banner
Ciure Andrei
Tom Ritter
Chris H-C
Phil Ringnalda
Brendan Dahl
Nicholas Nethercote
Jason Tarka
Nicolas B. Pierron
Xidorn Quan
Eric Rahm
Wes Kocher
Gabor Krizsanits
Carsten "Tomcat" Book
Masatoshi Kimura
Cameron McCormack
Brian Grinstead
Dragana Damjanovic dd.mozilla@gmail.com
Kyle Machulis
Bevis Tseng
Geoff Brown
Yoshi Huang
Sylvestre Ledru
Joel Maher
Paolo Amadini