Commit Graph

1881 Commits

Author SHA1 Message Date
Timothy Guan-tin Chien
bfd7aeb85d Bug 1431255 - Part III, Create per-origin sandboxes from XPCJSRuntime and load UA widgets scripts r=bholley,jaws,sfink
This patch creates the basic structure on how the widget scripts can be loaded
and be pointed to the Shadow Root, from the UAWidgetsChild.jsm.

The UAWidgetsClass class asks for a sandbox from Cu.getUAWidgetScope(), which
calls into XPCJSRuntime::GetUAWidgetScope(). It creates and keeps the
sandboxes, in a GCHashMap keyed to the origin, so we could reuse it if needed.

MozReview-Commit-ID: J6W4PDQWMcN

--HG--
extra : rebase_source : a62b0a22195f09cdb508df72c954e20d18c7bf68
2018-06-27 11:34:07 -07:00
Boris Zbarsky
754087a992 Bug 1446940 part 5. Stop getting docshells from windows via getInterface in dom/editor/etc code. r=kmag 2018-08-01 13:07:11 -04:00
Jorg K
ba1be252a0 Bug 1478441 - Introduce nsIURIWithSpecialOrigin needed for Thunderbird. r=baku 2018-07-31 11:27:00 +03:00
Boris Zbarsky
75abc43e0d Bug 1476145 part 8. Stop using getInterface(nsIDOMWindowUtils) in various test code. r=kmag 2018-07-24 19:47:43 -04:00
Andrea Marchesini
f6768a8ff6 Bug 1228139 - Remove nsIURIWithPrincipal - part 3 - main part, r=bz
nsIURIWithPrincipal is currently used to retrieve the nsIPrincipal from a
BlobURL object.  BlobURLProtocolHandler has a hashtable containing, for each
blobURL, a BlobImpl and its nsIPrincipal. This patch introduces
BlobURLProtocolHandler::GetBlobURLPrincipal() that retrieves the nsIPrincipal
from this hashtable.

This patch fixes also a bug in how the revocation of blobURLs is broadcasted to
other processes. This should be done immediately because each process creates
its own timer to revoke them after 5 seconds.

An important change is related to NS_SecurityCompareURIs() where, if 1 (or
both) of the 2 URIs to compare, is a revoked BlobURL, we will QI its URL to
nsIStandardURL and fail out at that point.
2018-07-24 22:15:57 +02:00
Andrea Marchesini
212fc6788b Bug 1228139 - Remove nsIURIWithPrincipal - part 1 - Use of NullPrincipal when nsIURIWithPrincipal.getPrincipal() returns a nullptr, r=bz 2018-07-24 22:15:17 +02:00
Valentin Gosu
7937c7c4cc Bug 1476928 - Remove nsIURI.CloneIgnoringRef and nsIURI.CloneWithNewRef r=JuniorHsu
The patch introduces NS_GetURIWithNewRef and NS_GetURIWithNewRef which perform the same function.

Differential Revision: https://phabricator.services.mozilla.com/D2239

--HG--
extra : moz-landing-system : lando
2018-07-23 11:28:47 +00:00
Andrea Marchesini
4e97b69ebf Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 3 - ContentPrincipal, r=ckerschb 2018-07-17 21:38:48 +02:00
Andrea Marchesini
58f78c6f5d Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 2 - SystemPrincipal, r=ckerschb 2018-07-17 21:38:19 +02:00
Andrea Marchesini
a053cf1c15 Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 1 - NullPrincipal, r=ckerschb 2018-07-17 21:37:48 +02:00
Kris Maglione
caa1a1228b Bug 1473631: Part 10 - Replace pref observers with callbacks in ScriptSecurityManager. r=njn
MozReview-Commit-ID: COEgATfeEj

--HG--
extra : rebase_source : 8cdd70210041b0140ef951b3899dc324e0a9d74c
2018-07-05 14:53:14 -07:00
Bogdan Tara
a8850882a7 Merge autoland to mozilla-central. a=merge 2018-07-17 00:58:15 +03:00
Andrea Marchesini
ceea0172b0 Bug 1473587 - CSP Violation events should have the correct sample for inline contexts, r=jorendorff, r=ckerschb 2018-07-16 17:58:04 +02:00
Tim Huang
c0118a2d73 Bug 1473247 - Part 1: Fixing the issue that the IP addresses won't be set for first party domains. r=arthuredelstein,baku
Right now, the firstPartyDomain won't be set when using IP addresses as
first party domains. It is because of that the TLD service won't accept
IP addresses as valid hosts. The patch fixes this problem by detecting
that if the host is a IP address. If it is, we will still set the
firstPartyDoamin with the IP address.

Differential Revision: https://phabricator.services.mozilla.com/D1977

--HG--
extra : moz-landing-system : lando
2018-07-13 19:53:15 +00:00
Olli Pettay
de99e4460b Bug 1439153 - Make WebExtensions work with Shadow DOM/WebComponents, r=kmag
--HG--
extra : rebase_source : 83638cba42eea1523d32d06a2eb14df20cbab404
2018-07-14 05:26:15 +03:00
imjching
0c7582c716 Bug 1416066 - Enable caching for scripts with codebase URLs of about:home, about:newtab, and about:welcome. r=kmag
MozReview-Commit-ID: HC3cNVxWLe6

--HG--
extra : rebase_source : eab95e34618bf1ac856b44db89800b615c6503b8
2018-07-03 21:24:52 -04:00
Andrea Marchesini
5fff1762ad Bug 1418236 - Correct EventTarget for CSP violation events, r=ckerschb 2018-07-10 17:40:21 +02:00
Andrea Marchesini
14d462eeb3 Bug 1418246 - Return valid columnNumber value in CSP violation events, r=ckerschb 2018-07-05 08:21:04 +02:00
Tim Huang
f5dcf5b4b6 Bug 1470156 - Part 2: Fixing the crashing problem when using an invalid character in a firstPartyDomain. r=baku
This patch adds a sanitization of firstPartyDomain when calling the
OriginAttributes::CreateSuffix() and remove the release assert there.
The cookies API for the web extension can use a arbitrary string for the
firstPartyDomain. So, we should sanitize the firstPartyDomain before
we creating a suffix. The release assert is not required anymore since
the firstPartyDomain is sanitized

Depends on D1845.

Differential Revision: https://phabricator.services.mozilla.com/D1856

--HG--
extra : moz-landing-system : lando
2018-07-03 13:47:45 +00:00
Kris Maglione
26c59776be Bug 1470965: Fix refcount sanity in nsIPrincipal.addonPolicy getter. r=mixedpuppy
MozReview-Commit-ID: KuDN3joKi7S

--HG--
extra : source : d28d3a80e781ae10cbc97775415827ec93193c56
2018-06-26 00:19:46 -07:00
shindli
13098ab1ef Backed out 3 changesets (bug 1470023, bug 1469719, bug 1470965) for | toolkit/components/perfmonitoring/tests/browser/browser_compartments.js on a CLOSED TREE
Backed out changeset bab121b4dd84 (bug 1469719)
Backed out changeset d28d3a80e781 (bug 1470965)
Backed out changeset 1adc0372343e (bug 1470023)
2018-06-26 22:57:54 +03:00
Kris Maglione
ab6b58eddf Bug 1470965: Fix refcount sanity in nsIPrincipal.addonPolicy getter. r=mixedpuppy
MozReview-Commit-ID: KuDN3joKi7S

--HG--
extra : rebase_source : e2caed633f39896df6c065abcb18791b582d8f59
2018-06-26 00:19:46 -07:00
Valentin Gosu
a8e3a8c349 Bug 1448330 - Make nsIURI.clone a private method r=mayhemer
MozReview-Commit-ID: 1efpeaEPaXP

--HG--
extra : rebase_source : e660f1e5bcae9b7119bc5b37713691069272b375
2018-06-14 13:05:43 +02:00
Joel Maher
50b91c0a14 Bug 1405428 - skip-if = verify on mochitests which do not pass test-verify. r=gbrown 2018-06-10 05:01:47 -04:00
Emilio Cobos Álvarez
fffb25b74f Bug 1465585: Switch from mozilla::Move to std::move. r=froydnj
This was done automatically replacing:

  s/mozilla::Move/std::move/
  s/ Move(/ std::move(/
  s/(Move(/(std::move(/

Removing the 'using mozilla::Move;' lines.

And then with a few manual fixups, see the bug for the split series..

MozReview-Commit-ID: Jxze3adipUh
2018-06-01 10:45:27 +02:00
Jan de Mooij
08cef83f24 Bug 1464374 part 4 - Remove unused nsScriptSecurityManager::doGetObjectPrincipal. r=bz 2018-05-31 11:28:49 +02:00
Boris Zbarsky
b134958200 Bug 1452666. Implement nsISerializable on expanded principals. r=kmag 2018-05-24 02:43:14 -04:00
Tom Schuster
937d9326cd Bug 1453916 - Allow canvas extraction from webextension content-script even with resistFingerprinting turned on. r=kmag,bz
--HG--
extra : rebase_source : d67c589e8819407bb5acc4378d029288dd9295be
2018-05-14 20:49:32 +02:00
Gijs Kruitbosch
faf68417dc Bug 1461407 - make about:home unlinkable again and improve behavior of serialized principals across changes to URLs, r=bz,Mardak,mikedeboer
Making about:home unlinkable changes its URL structure. Prior to this change,
it is a nested URL. After this change, it no longer is.

We store serialized versions of principals in some cases. These include
details about whether the URI is nested etc. This is problematic for the
about:home change because the change in nesting changes the origin of the
page, so the origin  would mismatch between the principal and its URL.
To avoid this, we always re-create URIs for about: URIs when deserializing
them from strings, ensuring we don't create bogus principals.

MozReview-Commit-ID: 87zVUFgbusn

--HG--
extra : rebase_source : a7ad0dc3b1ea39521517da648f234d35d9a1729f
2018-05-14 22:04:49 +01:00
Adrian Wielgosik
074d88de5a Bug 1460940 - Convert nsIPrincipal to use nsIDocument. r=bz
MozReview-Commit-ID: z1TGWtS1KG

--HG--
extra : rebase_source : e5291c40eb017c1e3fd69333ac108dda852fb8cd
2018-05-11 19:46:15 +02:00
Brian Grinstead
a61cbe6dae Bug 1460685 - Backed out changeset 09ee763947c3 (bug 1352513);r=Gijs
The security.allow_chrome_frames_inside_content pref was added to support
XUL extension compat after the hiddenWindow special case was removed in
Bug 1145470. Since we don't need to support that use-case anymore, this
changeset backs out the change that relanded the special case with the pref.
MozReview-Commit-ID: 4keMEIQvt1Y

--HG--
extra : rebase_source : 1a9c54c9807eaed2645d0ea03b5064ed7472d7a4
2018-05-11 16:26:07 -07:00
Valentin Gosu
bd4365d7e7 Bug 1448058 - Remove nsIMutable from URI implementations r=mayhemer
* Also removes NS_TryToMakeImmutable, NS_TryToSetImmutable, URIIsImmutable
* NS_EnsureSafeToReturn, nsINetUtil.toImmutableURI

MozReview-Commit-ID: 5eFtFm2CQt7

--HG--
extra : rebase_source : 1f3d23ec646883e76844d42113bc1c71c01a1ad7
2018-05-09 18:21:24 +02:00
Andrea Marchesini
5b65a3ab01 Bug 1374745 - nsScriptSecurityManager should not use a string bundle before profile selection, r=ckerschb 2018-05-08 15:52:53 +02:00
Chris Peterson
71422dcaa9 Bug 1457813 - Part 2: Replace non-asserting NS_PRECONDITIONs with MOZ_ASSERTs. r=froydnj
s/NS_PRECONDITION/MOZ_ASSERT/ and reindent

MozReview-Commit-ID: KuUsnVe2h8L

--HG--
extra : source : c14655ab3df2c9b1465dd8102b9d25683359a37b
2018-04-28 12:50:58 -07:00
Kris Maglione
fc4672bb17 Bug 1456035: Follow-up: Delete redundant test_extensionURL.html, which fails with wrapper errors. r=me f=aswan CLOSED TREE
MozReview-Commit-ID: F5LmwfizygB

--HG--
extra : amend_source : 478bc62294f7a311f960a0b3e888261473254d15
2018-04-25 17:01:36 -07:00
Andrea Marchesini
6bcc1f6196 Bug 1328964 - part 2 - WorkletThread r=baku
Initial version r=smaug.
Rebased to c616a6fd5e4b by Jan-Ivar Bruaroey <jib@mozilla.com> r=karlt.
Rebased to 83de58ddda20 by Karl Tomlinson <karlt+@karlt.net> r=baku.

MozReview-Commit-ID: Lo8TWtN8qyz

--HG--
extra : rebase_source : ffcb7b835ea49cda3e25dfa94a91b3725fdbfb29
2018-04-12 15:14:48 +12:00
Tomislav Jovanovic
9e09943ad5 Bug 1441336 - Use addon permissions for PerformanceTiming properties r=bz,kmag
We need to side-step existing cross-origin checks in Performance Timing code
when the caller is a web extension content script that otherwise has permission
to access the cross-origin resource.

MozReview-Commit-ID: 8IgtqZgPWgY

--HG--
extra : rebase_source : e8152c5d8ab32096d1ff7f97311c1b43b57c3694
2018-04-04 16:54:26 +02:00
Boris Zbarsky
6c499a3613 Bug 1448414. Remove the DOM_OBJECT classinfo bit. r=kmag 2018-03-28 22:46:23 -04:00
Coroiu Cristina
29fa060fbe Backed out changeset 9e41e9c653f2 (bug 1448414) for mochitest failures Permission denied to create wrapper for object of class XPCComponents_Interfaces on a CLOSED TREE 2018-03-29 12:21:00 +03:00
Boris Zbarsky
7513177d1c Bug 1449211. Stop special-casing XUL command dispatchers and tree selections in content XBL scopes. r=kmag 2018-03-28 22:46:23 -04:00
Boris Zbarsky
05346e7ec6 Bug 1448414. Remove the DOM_OBJECT classinfo bit. r=kmag 2018-03-28 22:46:23 -04:00
Tom Ritter
449237fc51 Bug 1378552 - Reduce the liklihood of inadvertently misusing NullPrincipal::Create(). r=ckerschb
NullPrincipal::Create() (will null OA) may cause an OriginAttributes bypass.
We change Create() so OriginAttributes is no longer optional, and rename
Create() with no arguments to make it more explicit about what the caller is doing.

MozReview-Commit-ID: 7DQGlgh1tgJ
2018-03-22 13:36:20 -05:00
Valentin Gosu
af5eeff2e3 Bug 1442239 - Make URI deserialization (nsISerializable.read) happen via nsIURIMutator only r=mayhemer
* Deserialization now only happens via a mutator
* The CID for URI implementations actually returns the nsIURIMutator for each class
* The QueryInterface of mutators implementing nsISerializable will now act as a finalizer if passed the IID of an interface implemented by the URI it holds

MozReview-Commit-ID: H5MUJOEkpia

--HG--
extra : rebase_source : 01c8d16f7d31977eda6ca061e7889cedbf6940c2
2018-03-19 20:22:32 +01:00
Andreea Pavel
e5950c0d39 Backed out 2 changesets (bug 1442239) for xpcshell failures at widget/tests/unit/test_taskbar_jumplistitems.js on a CLOSED TREE
Backed out changeset 513cd669aca1 (bug 1442239)
Backed out changeset aef4c73f736f (bug 1442239)
2018-03-19 21:19:26 +02:00
Valentin Gosu
f0c7a1ae13 Bug 1442239 - Make URI deserialization (nsISerializable.read) happen via nsIURIMutator only r=mayhemer
* Deserialization now only happens via a mutator
* The CID for URI implementations actually returns the nsIURIMutator for each class
* The QueryInterface of mutators implementing nsISerializable will now act as a finalizer if passed the IID of an interface implemented by the URI it holds

MozReview-Commit-ID: H5MUJOEkpia

--HG--
extra : rebase_source : 8ebb459445cab23288a6c4c86e4e00c6ee611e34
2018-03-08 13:35:10 +01:00
Christian Holler
022546f573 Bug 1442716 - [caps] Handle empty origin gracefully in FUZZING. r=baku 2018-03-02 19:48:49 +01:00
Christian Holler
2d642a506c Bug 1440397 - Handle unexpected principal tag gracefully in FUZZING. r=baku 2018-03-02 19:01:00 +01:00
Valentin Gosu
34872b6d20 Bug 1441688 - Remove nsIIPCSerializableURI.Deserialize r=mayhemer
MozReview-Commit-ID: 8gwX3vSKWNX

--HG--
extra : rebase_source : a2c21a7e66aa8be3c2e345ca64feea967b380491
2018-03-05 04:14:44 +01:00
Valentin Gosu
f102a081b2 Bug 1434163 - Make all nsIURI attributes readonly r=mayhemer
MozReview-Commit-ID: KtjO8VWjPF5

--HG--
extra : rebase_source : 061a6db73e36b3a0b3732d44379bbc10e8268f9a
2018-02-27 00:07:48 +01:00
Nathan Froyd
c821ec9351 Bug 1441584 - part 1 - declare inner URI Mutator classes final; r=valentin
For documentation purposes and to assist the compiler.
2018-02-27 20:13:57 -05:00