This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
This no longer permits wasm modules to being instatiated;
and will perform an eval check even when no csp exists,
such as for JSMs.
Differential Revision: https://phabricator.services.mozilla.com/D148141
The remaining methods in ns[T]StringObsolete are all find+replace methods for
nsTSubstring. These were migrated in a similar way to the find methods, and
partially updated to avoid using methods from nsStringObsolete.cpp.
This change removes the ns[T]StringObsolete.cpp files completely, as they are
no longer necessary.
Differential Revision: https://phabricator.services.mozilla.com/D148301
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
These functions are used to check if an object or context should have storage access.
Therefore they belong in StorageAccess.h with other functions that serve this purpose.
Differential Revision: https://phabricator.services.mozilla.com/D148285
This makes it so that PageIconProtocolHandler uses RemoteStreamGetter in the event that the
privileged about content process attempts to use the page-icon: protocol. This allows the parent
to then remotely stream the favicons down to the privileged about content process.
This also adds a test to check that only the privileged about content process can use this
protocol, and that "normal" web content processes cannot.
Differential Revision: https://phabricator.services.mozilla.com/D147335
For backcompat, do not enforce wasm-unsafe-eval even if the extension
has specified a custom CSP. Do report the errors though, to allow
extension authors to discover the issue and fix it.
Differential Revision: https://phabricator.services.mozilla.com/D147105
Attempting to get the siteOrigin for a URI of something like "https://.mozilla.org"
was returning NS_ERROR_ILLEGAL_VALUE, which caused breakage in parts of the browser
UI when trying to initialize a window to point at that URI.
It looks like the NS_ERROR_ILLEGAL_VALUE stuff was added back in bug 1491728 as
part of an effort to better handle some IPv6 stuff. I tested the STR in bug 1491728
for the original bug, and I cannot reproduce the issue even witht his change.
nika suggested that instead of returning NS_ERROR_ILLEGAL_VALUE for this form of
URI, we return the same value as `nsIPrincipal.origin`.
Differential Revision: https://phabricator.services.mozilla.com/D142493
Apparently the esc_NonASCIIOnly and esc_Forced flags to NS_EscapeURL are
incompatible, meaning that the escaping and unescaping code was not
handling existing escape sequences properly. This patch adds an explicit
gtest to make sure sequences round-trip correctly, and switches
serialization to use `esc_Query | esc_Forced` instead, which may escape
more aggressively than required but should work correctly.
Differential Revision: https://phabricator.services.mozilla.com/D142111
This patch is meant to be a proposed short run fix to prevent ApplyAddonContentScriptCSP
from leaking the ExpandedPrincipal and nsCSPContext instance because they keep a reference
to each other.
This patch prevent that leak by creating a clone of the ExpandedPrincipal and then use
that cloned instance in the call to nsCSPContext::SetRequestContextWithPrincipal.
Once Bug 1548468 will move the CSP off the ExpandedPrincipal class, cloning the expanded
principal to prevent that leak should not be necessary anymore.
Differential Revision: https://phabricator.services.mozilla.com/D132144
The URL query stripping doesn't want the URLParams::Serialize() to
encode the result because it will encode the unstripped parameters. This
will change the unstripped parameters once stripping was happened.
Therefore, we introduce an parameter to URLParams::Serialize() to
disable encoding.
Differential Revision: https://phabricator.services.mozilla.com/D131964
We need a helper function for checking principal if it's in the foreign
allow list.
In this patch we will add a BasePrincipal::IsURIInList() because this is
needed for RejectForeignAllowList::Check().
Differential Revision: https://phabricator.services.mozilla.com/D123804
Automatically generated path that adds flag `REQUIRES_UNIFIED_BUILD = True` to `moz.build`
when the module governed by the build config file is not buildable outside on the unified environment.
This needs to be done in order to have a hybrid build system that adds the possibility of combing
unified build components with ones that are built outside of the unified eco system.
Differential Revision: https://phabricator.services.mozilla.com/D122345
