corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
892,798 Commits 1 Branch 0 Tags
0461ae216d3ca580c5be979aaced4a83f05a7284
Commit Graph

361 Commits

Author SHA1 Message Date
Alexandru Marc
503f03519f Backed out changeset 6fefdfdfe325 (bug 1665056) for causing mass failures CLOSED TREE 2024-12-18 17:26:05 +02:00
Frederik Braun
feaece220f Bug 1665056 - do not change security.fileuri_strict_origin_policy at runtime r=asuth,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D232209
 2024-12-18 13:58:10 +00:00
Frédéric Wang
8a29748fb2 Bug 1931288 - Implement EnsureCSPDoesNotBlockStringCompilation as per CSP spec. r=smaug,tschuster 
See https://w3c.github.io/webappsec-csp/#can-compile-strings

Differential Revision: https://phabricator.services.mozilla.com/D229624
 2024-12-13 08:54:53 +00:00
Frédéric Wang
0f0df595a9 Bug 1931288 - Implement HostGetCodeForEval() hook as per the HTML spec. r=smaug,dom-core,peterv 
See https://html.spec.whatwg.org/multipage/webappapis.html#hostgetcodeforeval(argument)

Differential Revision: https://phabricator.services.mozilla.com/D229478
 2024-12-13 08:54:52 +00:00
Frédéric Wang
c94fbf2e3e Bug 1905239 - Add new parameters to HostEnsureCanCompileStrings hook. r=tschuster 
Currently, we do this via isRuntimeCodeGenEnabled whose single argument
is equivalent to codeString in "Dynamic Code Brand Checks" spec [1]. We
extend this hook to accept new parameters from that spec and adjust
PerformEval and CreateDynamicFunction accordingly. We don't change the
behavior for PerformShadowRealmEval [2] and WASM, i.e. we keep dummy
parameters.

[1] https://tc39.es/proposal-dynamic-code-brand-checks
[2] https://github.com/tc39/proposal-shadowrealm/issues/414

Differential Revision: https://phabricator.services.mozilla.com/D229588
 2024-12-11 20:00:32 +00:00
Frédéric Wang
410b2420a9 Bug 1905239 - Introduce HostGetCodeForEval hook for PerformEval. r=tschuster 
See https://tc39.es/proposal-dynamic-code-brand-checks

Differential Revision: https://phabricator.services.mozilla.com/D229477
 2024-12-11 20:00:31 +00:00
Alexandru Marc
2e177dcfbb Backed out 3 changesets (bug 1905239) for causing build bustages @ FrontendContext.cpp CLOSED TREE 
Backed out changeset 029305d7a99b (bug 1905239)
Backed out changeset a282ae3a55f7 (bug 1905239)
Backed out changeset f27e56ebfc0b (bug 1905239)
 2024-12-11 12:16:57 +02:00
Frédéric Wang
0754e0aeb8 Bug 1905239 - Add new parameters to HostEnsureCanCompileStrings hook. r=tschuster 
Currently, we do this via isRuntimeCodeGenEnabled whose single argument
is equivalent to codeString in "Dynamic Code Brand Checks" spec [1]. We
extend this hook to accept new parameters from that spec and adjust
PerformEval and CreateDynamicFunction accordingly. We don't change the
behavior for PerformShadowRealmEval [2] and WASM, i.e. we keep dummy
parameters.

[1] https://tc39.es/proposal-dynamic-code-brand-checks
[2] https://github.com/tc39/proposal-shadowrealm/issues/414

Differential Revision: https://phabricator.services.mozilla.com/D229588
 2024-12-11 09:40:20 +00:00
Frédéric Wang
b79e24df19 Bug 1905239 - Introduce HostGetCodeForEval hook for PerformEval. r=tschuster 
See https://tc39.es/proposal-dynamic-code-brand-checks

Differential Revision: https://phabricator.services.mozilla.com/D229477
 2024-12-11 09:40:19 +00:00
Rob Wu
cdef57f69d Bug 1930749 - Add option to Cu.Sandbox to specify CSP r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D228711
 2024-11-14 03:28:09 +00:00
serge-sans-paille
262f78c07f Bug 1922838 - Replace ArrayLength, ArrayEnd and MOZ_ARRAY_LENGTH by standard alternative r=glandium,necko-reviewers,jgilbert,application-update-reviewers,media-playback-reviewers,credential-management-reviewers,anti-tracking-reviewers,places-reviewers,profiler-reviewers,win-reviewers,dom-storage-reviewers,bytesized,janv,dimi,daisuke,karlt,gstoll,canaltinova,timhuang 
Namely std::size, std::end and std::size. This drops C support for
MOZ_ARRAY_LENGTH but it wasn't used anyway.

Differential Revision: https://phabricator.services.mozilla.com/D224611
 2024-10-28 08:21:19 +00:00
Alexandru Marc
a5eb905bf4 Backed out changeset d92f391b3b0c (bug 1922838) for backing out bug 1915351 2024-10-25 16:42:33 +03:00
serge-sans-paille
07101ac24d Bug 1922838 - Replace ArrayLength, ArrayEnd and MOZ_ARRAY_LENGTH by standard alternative r=glandium,necko-reviewers,jgilbert,application-update-reviewers,media-playback-reviewers,credential-management-reviewers,anti-tracking-reviewers,places-reviewers,profiler-reviewers,win-reviewers,dom-storage-reviewers,bytesized,janv,dimi,daisuke,karlt,gstoll,canaltinova,timhuang 
Namely std::size, std::end and std::size. This drops C support for
MOZ_ARRAY_LENGTH but it wasn't used anyway.

Differential Revision: https://phabricator.services.mozilla.com/D224611
 2024-10-24 09:06:01 +00:00
Alexandru Marc
004e704b22 Backed out changeset 448597bce69d (bug 1922838) for causing build bustages. CLOSED TREE 2024-10-24 11:37:49 +03:00
serge-sans-paille
2c916d4973 Bug 1922838 - Replace ArrayLength, ArrayEnd and MOZ_ARRAY_LENGTH by standard alternative r=glandium,necko-reviewers,jgilbert,application-update-reviewers,media-playback-reviewers,credential-management-reviewers,anti-tracking-reviewers,places-reviewers,profiler-reviewers,win-reviewers,dom-storage-reviewers,bytesized,janv,dimi,daisuke,karlt,gstoll,canaltinova,timhuang 
Namely std::size, std::end and std::size. This drops C support for
MOZ_ARRAY_LENGTH but it wasn't used anyway.

Differential Revision: https://phabricator.services.mozilla.com/D224611
 2024-10-24 07:38:30 +00:00
Emilio Cobos Álvarez
77c40caac6 Bug 1910698 - Remove nsIScriptError.sourceLine. r=smaug,devtools-reviewers,webdriver-reviewers,necko-reviewers,nchevobbe,kershaw,jdescottes,credential-management-reviewers,dimi 
Afaict the source lines are not exposed anywhere in the UI.

Differential Revision: https://phabricator.services.mozilla.com/D218115
 2024-08-01 17:12:48 +00:00
Emilio Cobos Álvarez
a44b49af0b Bug 1910698 - Add a struct to represent JS caller location and more general warning source location. r=smaug,necko-reviewers,anti-tracking-reviewers,dom-storage-reviewers,pbz,kershaw,janv 
Use it liberally across the tree. This could be cleaned up even more in the future.

Differential Revision: https://phabricator.services.mozilla.com/D218114
 2024-08-01 17:12:48 +00:00
Nika Layzell
44d99735f2 Bug 1906734 - Switch WebExtension resources to use only static protocol flags, r=extension-reviewers,necko-reviewers,kershaw,robwu 
Previously, the WebExtension protocol used dynamic protocol flags which
were based on the WebExtension policy in order to enforce things such as
availability in private browsing and the accessibility of certain
resources.

Since the shift to MV3, these checks have required more complex checks
than what was possible to specify with protocol flags, which required
the addition of WEBEXT_URI_WEB_ACCESSIBLE - a security flag which would
trigger further checks with the EPS to determine if the URI can be
loaded.

This was somewhat inefficient, as fetching the URI flags would require
looking up the policy each time dynamic flags were looked up, as well as
when policy specifics were being checked after loading flags. In
addition, it lead to a number of flags which were very specific to
extension protocols.

This patch changes extensions to no longer have dynamic flags, instead
specifying the static `URI_IS_WEBEXTENSION_RESOURCE` security flag. When
this flag is specified, security checks are made by querying the
ExtensionPolicyService to ask if the load should be permitted, combining
the specific security checks for Extension resources into a simpler
code-path, and avoids redundant checks.

Differential Revision: https://phabricator.services.mozilla.com/D216076
 2024-07-17 16:02:34 +00:00
Tom Schuster
feaa0c77a1 Bug 1904004 - Use OriginAttributes::IsPrivateBrowsing instead of open coding PBM checks. r=timhuang,cookie-reviewers,anti-tracking-reviewers,profiler-reviewers,necko-reviewers,kershaw,dom-storage-reviewers,janv,canaltinova,dom-worker-reviewers,asuth 
Differential Revision: https://phabricator.services.mozilla.com/D214532
 2024-06-24 11:06:18 +00:00
aiunusov
284c989d4f Bug 1883860 - nsDocShell::HandleSameDocumentNavigation() cause crash in SetDocumentURI, r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D204611
 2024-03-22 12:27:38 +00:00
Sandor Molnar
b53841b100 Backed out changeset 7b83373f7a9e (bug 1883860) for causing build bustages @ caps/tests/gtest/TestScriptSecurityManager.cpp CLOSED TREE 2024-03-22 02:35:03 +02:00
aiunusov
8e05e984ea Bug 1883860 - nsDocShell::HandleSameDocumentNavigation() cause crash in SetDocumentURI, r=smaug 
Differential Revision: https://phabricator.services.mozilla.com/D204611
 2024-03-22 00:07:27 +00:00
Tooru Fujisawa
209a1f050c Bug 1864168 - Part 1: Use 1-origin column number in nsIContentSecurityPolicy. r=smaug,devtools-reviewers,ochameau,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D193369
 2023-11-22 12:31:30 +00:00
Natalia Csoregi
e0d56104a6 Backed out 14 changesets (bug 1865005, bug 1864168, bug 1864155, bug 1862814, bug 1862693) for causing bustage on nsRFPService.cpp. CLOSED TREE 
Backed out changeset a4f3e7625abf (bug 1865005)
Backed out changeset ab38141e470b (bug 1862814)
Backed out changeset a679b50dc4a9 (bug 1862814)
Backed out changeset e340886ce62a (bug 1862814)
Backed out changeset 1378502e64b0 (bug 1862814)
Backed out changeset 8ee94e5e79c2 (bug 1862814)
Backed out changeset 6d4ef1cdfabb (bug 1864168)
Backed out changeset 2c30c4d757fc (bug 1864168)
Backed out changeset d4db9576559b (bug 1864168)
Backed out changeset 8ffec0d83028 (bug 1864168)
Backed out changeset fa77d852b494 (bug 1864168)
Backed out changeset f6646771a26a (bug 1864168)
Backed out changeset 7bd0ff6986df (bug 1864155)
Backed out changeset 39867b503289 (bug 1862693)
 2023-11-22 14:01:55 +02:00
Tooru Fujisawa
676bd2ea73 Bug 1864168 - Part 1: Use 1-origin column number in nsIContentSecurityPolicy. r=smaug,devtools-reviewers,ochameau,ckerschb 
Differential Revision: https://phabricator.services.mozilla.com/D193369
 2023-11-22 11:13:54 +00:00
Tooru Fujisawa
8b51569f3f Bug 1862692 - Part 16: Use 1-origin column number type in JS::DescribeScriptedCaller. r=iain 
Differential Revision: https://phabricator.services.mozilla.com/D193029
 2023-11-09 11:41:10 +00:00
Valentin Gosu
cdd5195292 Bug 1848694 - Remove/avoid global references to nsIIOService r=mccr8,necko-reviewers,kershaw 
This patch removes the static pointer to nsIIOService in nsContentUtils,
replacing it to calls to mozilla::components::IO::Service.

It also makes nsScriptSecurityManager::sIOService a StaticRefPtr.

Differential Revision: https://phabricator.services.mozilla.com/D188714
 2023-09-22 12:49:44 +00:00
Sandor Molnar
a8db14100e Backed out changeset b858a0740582 (bug 1848694) for causing build bustages on dom/base/Element.cpp CLOSED TREE 2023-09-21 16:45:57 +03:00
Valentin Gosu
e058782d44 Bug 1848694 - Remove/avoid global references to nsIIOService r=mccr8,necko-reviewers,kershaw 
This patch removes the static pointer to nsIIOService in nsContentUtils,
replacing it to calls to mozilla::components::IO::Service.

It also makes nsScriptSecurityManager::sIOService a StaticRefPtr.

Differential Revision: https://phabricator.services.mozilla.com/D188714
 2023-09-21 12:39:20 +00:00
Tooru Fujisawa
b4da7fa0cf Bug 1847469 - Part 24: Use column number types in JS::DescribeScriptedCaller. r=iain 
Differential Revision: https://phabricator.services.mozilla.com/D185762
 2023-08-16 17:31:42 +00:00
Tooru Fujisawa
63adc251d4 Bug 1847469 - Part 23: Use uint32_t for line and column in DescribeScriptedCaller* functions as a preparation to use column number types. r=iain 
Differential Revision: https://phabricator.services.mozilla.com/D185761
 2023-08-16 17:31:41 +00:00
Cristian Tuns
77d753c741 Backed out 27 changesets (bug 1847469) for causing spidermonkey bustages in Script.cpp CLOSED TREE 
Backed out changeset 9d6e2651a013 (bug 1847469)
Backed out changeset 9b72d668efd2 (bug 1847469)
Backed out changeset 86abf5cf0a22 (bug 1847469)
Backed out changeset 46833087f8ac (bug 1847469)
Backed out changeset f3e2207fdeec (bug 1847469)
Backed out changeset aed75776cfff (bug 1847469)
Backed out changeset 8292a38bd99f (bug 1847469)
Backed out changeset 1320f83fb8c7 (bug 1847469)
Backed out changeset df9f925f9837 (bug 1847469)
Backed out changeset 69f32cf1862a (bug 1847469)
Backed out changeset b2ddddec8818 (bug 1847469)
Backed out changeset 056eed7abc97 (bug 1847469)
Backed out changeset 5df4f43ac0bf (bug 1847469)
Backed out changeset cb57923f6532 (bug 1847469)
Backed out changeset a0993f2a2195 (bug 1847469)
Backed out changeset 782499fbedf2 (bug 1847469)
Backed out changeset cf84fb98c5e1 (bug 1847469)
Backed out changeset 1fa5ab59814b (bug 1847469)
Backed out changeset f5f78944df81 (bug 1847469)
Backed out changeset aa14337bf5c6 (bug 1847469)
Backed out changeset 6757db4575d7 (bug 1847469)
Backed out changeset 236ff135701e (bug 1847469)
Backed out changeset 9b4d5b435020 (bug 1847469)
Backed out changeset a0f789621bc8 (bug 1847469)
Backed out changeset c19b81f48055 (bug 1847469)
Backed out changeset b4521e546d7e (bug 1847469)
Backed out changeset f26a10289316 (bug 1847469)
 2023-08-16 07:08:01 -04:00
Tooru Fujisawa
fb38c26358 Bug 1847469 - Part 24: Use column number types in JS::DescribeScriptedCaller. r=iain 
Differential Revision: https://phabricator.services.mozilla.com/D185762
 2023-08-16 10:26:33 +00:00
Tooru Fujisawa
982cdf0ff7 Bug 1847469 - Part 23: Use uint32_t for line and column in DescribeScriptedCaller* functions as a preparation to use column number types. r=iain 
Differential Revision: https://phabricator.services.mozilla.com/D185761
 2023-08-16 10:26:33 +00:00
Nika Layzell
f6b916cc3e Bug 1443925 - Part 5: Make it possible to get the system principal from any thread, r=ckerschb 
This is required because the script security manager which currently owns the
singleton is main-thread only. This change still ties the lifecycle of the
static to that service, but also makes it generally available from any thread.

Differential Revision: https://phabricator.services.mozilla.com/D163035
 2022-12-02 00:53:51 +00:00
Nika Layzell
05b58381d5 Bug 1443925 - Part 3: Make nsScriptSecurityManager::GetStrictFileOriginPolicy threadsafe, r=ckerschb 
This is used in various places in principals, as well as in the implementation
of nsScriptSecurityManager::SecurityCompareURIs which is also now threadsafe
after this change.

Differential Revision: https://phabricator.services.mozilla.com/D163033
 2022-12-02 00:53:50 +00:00
Shane Caraveo
ed6a1bcba8 Bug 1783078 require web_accessible_resources for any extension loads from a content script r=robwu,ckerschb 
Enforce requiring web accessible resources in MV3 and use a pref to turn on later for MV2.

Differential Revision: https://phabricator.services.mozilla.com/D153677
 2022-08-05 04:36:30 +00:00
Shane Caraveo
4e3ceb6b90 Bug 1711168 support extension matching in webAccessibleResources r=zombie,smaug,rpl 
Differential Revision: https://phabricator.services.mozilla.com/D115114
 2022-08-02 17:08:58 +00:00
Butkovits Atila
b01ed36979 Backed out 3 changesets (bug 1711168, bug 1773115) for causing failures at test_ext_web_accessible_resources.html. CLOSED TREE 
Backed out changeset 703c909eb009 (bug 1773115)
Backed out changeset 902385a7ce60 (bug 1711168)
Backed out changeset 3d061ce03de7 (bug 1711168)
 2022-07-27 00:13:26 +03:00
Shane Caraveo
addcb41d12 Bug 1711168 support extension matching in webAccessibleResources r=zombie,smaug,rpl 
Differential Revision: https://phabricator.services.mozilla.com/D115114
 2022-07-26 19:39:14 +00:00
Emilio Cobos Álvarez
7a9e682999 Bug 1780788 - Use abstract strings as in-arguments for ipdl. r=nika,necko-reviewers,media-playback-reviewers,alwu,dragana 
This prevents copies and avoids the hack we have to avoid this, which
right now is using nsDependent{C,}String.

Non-virtual actors can still use `nsString` if they need to on the
receiving end.

Differential Revision: https://phabricator.services.mozilla.com/D152519
 2022-07-25 20:19:48 +00:00
Tom Ritter
7f2c1e4831 Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley 
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.

Differential Revision: https://phabricator.services.mozilla.com/D148141
 2022-06-29 13:45:57 +00:00
Iulian Moraru
a82ac63d87 Backed out changeset 6b0d5ebbdea5 (bug 1772378) for causing multiple xpcshell failures. 2022-06-28 01:47:11 +03:00
Tom Ritter
d9d91a7565 Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley 
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.

Differential Revision: https://phabricator.services.mozilla.com/D148141
 2022-06-27 19:28:05 +00:00
Csoregi Natalia
ff0ce1429b Backed out changeset 6085e9770cde (bug 1772378) for causing xpcshell crashes. CLOSED TREE 2022-06-27 21:47:32 +03:00
Tom Ritter
1cf82001d4 Bug 1772378: Move Eval checks higher to encompass JSMs r=bholley 
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.

Differential Revision: https://phabricator.services.mozilla.com/D148141
 2022-06-27 17:34:12 +00:00
Mike Conley
ecd91890a9 Bug 1354248 - Part 4: Make PageIconProtocolHandler use RemoteStreamGetter. r=necko-reviewers,nika,mak,ckerschb,kershaw 
This makes it so that PageIconProtocolHandler uses RemoteStreamGetter in the event that the
privileged about content process attempts to use the page-icon: protocol. This allows the parent
to then remotely stream the favicons down to the privileged about content process.

This also adds a test to check that only the privileged about content process can use this
protocol, and that "normal" web content processes cannot.

Differential Revision: https://phabricator.services.mozilla.com/D147335
 2022-06-03 15:17:34 +00:00
Rob Wu
ab4eaf5309 Bug 1770468 - Report-only wasm-unsafe-eval in MV2 r=mixedpuppy,freddyb,ckerschb 
For backcompat, do not enforce wasm-unsafe-eval even if the extension
has specified a custom CSP. Do report the errors though, to allow
extension authors to discover the issue and fix it.

Differential Revision: https://phabricator.services.mozilla.com/D147105
 2022-05-24 13:56:22 +00:00
Tom Schuster
0a3b024851 Bug 1740263 - Implement the CSP checking callback for WASM. r=dom-worker-reviewers,smaug,freddyb 
Differential Revision: https://phabricator.services.mozilla.com/D141979
 2022-05-19 14:13:50 +00:00
Iulian Moraru
979c59be19 Backed out 6 changesets (bug 1740263) for causing bp-hybrid bustages on nsScriptSecurityManager. CLOSED TREE 
Backed out changeset 2f5ec6ad0f81 (bug 1740263)
Backed out changeset a1e7766cdb94 (bug 1740263)
Backed out changeset 3978ccb95455 (bug 1740263)
Backed out changeset e34ba774b3f8 (bug 1740263)
Backed out changeset 8365b10be28e (bug 1740263)
Backed out changeset d923462c9cd0 (bug 1740263)
 2022-05-19 03:28:08 +03:00