Commit Graph

186 Commits

Author SHA1 Message Date
Christoph Kerschbaumer
60e3239dee Bug 1490874: Log Principal based Security Errors to the Security pane in the console. r=smaug 2018-09-25 07:25:05 +02:00
shindli
0b6d93ef4d Backed out changeset 510e95767aeb (bug 1490874) for security failures in browser/components/payments/test/mochitest/test_basic_card_form.html CLOSED TREE 2018-09-24 11:43:30 +03:00
Christoph Kerschbaumer
0df81cd9f4 Bug 1490874: Log Principal based Security Errors to the Security pane in the console. r=smaug 2018-09-24 09:34:04 +02:00
Andrea Marchesini
a053cf1c15 Bug 1476306 - Moving NullPrincipal/ContentPrincipal/SystemPrincipal under mozilla namespace - part 1 - NullPrincipal, r=ckerschb 2018-07-17 21:37:48 +02:00
Kris Maglione
caa1a1228b Bug 1473631: Part 10 - Replace pref observers with callbacks in ScriptSecurityManager. r=njn
MozReview-Commit-ID: COEgATfeEj

--HG--
extra : rebase_source : 8cdd70210041b0140ef951b3899dc324e0a9d74c
2018-07-05 14:53:14 -07:00
Andrea Marchesini
ceea0172b0 Bug 1473587 - CSP Violation events should have the correct sample for inline contexts, r=jorendorff, r=ckerschb 2018-07-16 17:58:04 +02:00
Andrea Marchesini
5fff1762ad Bug 1418236 - Correct EventTarget for CSP violation events, r=ckerschb 2018-07-10 17:40:21 +02:00
Andrea Marchesini
14d462eeb3 Bug 1418246 - Return valid columnNumber value in CSP violation events, r=ckerschb 2018-07-05 08:21:04 +02:00
Jan de Mooij
08cef83f24 Bug 1464374 part 4 - Remove unused nsScriptSecurityManager::doGetObjectPrincipal. r=bz 2018-05-31 11:28:49 +02:00
Brian Grinstead
a61cbe6dae Bug 1460685 - Backed out changeset 09ee763947c3 (bug 1352513);r=Gijs
The security.allow_chrome_frames_inside_content pref was added to support
XUL extension compat after the hiddenWindow special case was removed in
Bug 1145470. Since we don't need to support that use-case anymore, this
changeset backs out the change that relanded the special case with the pref.
MozReview-Commit-ID: 4keMEIQvt1Y

--HG--
extra : rebase_source : 1a9c54c9807eaed2645d0ea03b5064ed7472d7a4
2018-05-11 16:26:07 -07:00
Andrea Marchesini
5b65a3ab01 Bug 1374745 - nsScriptSecurityManager should not use a string bundle before profile selection, r=ckerschb 2018-05-08 15:52:53 +02:00
Chris Peterson
71422dcaa9 Bug 1457813 - Part 2: Replace non-asserting NS_PRECONDITIONs with MOZ_ASSERTs. r=froydnj
s/NS_PRECONDITION/MOZ_ASSERT/ and reindent

MozReview-Commit-ID: KuUsnVe2h8L

--HG--
extra : source : c14655ab3df2c9b1465dd8102b9d25683359a37b
2018-04-28 12:50:58 -07:00
Boris Zbarsky
6c499a3613 Bug 1448414. Remove the DOM_OBJECT classinfo bit. r=kmag 2018-03-28 22:46:23 -04:00
Coroiu Cristina
29fa060fbe Backed out changeset 9e41e9c653f2 (bug 1448414) for mochitest failures Permission denied to create wrapper for object of class XPCComponents_Interfaces on a CLOSED TREE 2018-03-29 12:21:00 +03:00
Boris Zbarsky
7513177d1c Bug 1449211. Stop special-casing XUL command dispatchers and tree selections in content XBL scopes. r=kmag 2018-03-28 22:46:23 -04:00
Boris Zbarsky
05346e7ec6 Bug 1448414. Remove the DOM_OBJECT classinfo bit. r=kmag 2018-03-28 22:46:23 -04:00
Valentin Gosu
27e9e0be9f Bug 1433958 - Change code that sets nsIURI.host to use nsIURIMutator r=mayhemer
MozReview-Commit-ID: 7T5gCu8WOfa

--HG--
extra : rebase_source : 752c34e5f9dde2e16fc9243c11860b987acbcb93
2018-02-26 20:43:47 +01:00
Boris Zbarsky
0920564cb3 Bug 1435483 part 3. Remove nsIXPCException. r=qdot
This interface is not usable from JS, because we don't expose initialize() in
the WebIDL bindings for Exception.  And C++ doesn't use it.

MozReview-Commit-ID: LsIm4YA0YZE
2018-02-05 16:34:04 -05:00
Boris Zbarsky
7ebac0960f Bug 1424474 part 1. Make sure we don't call into the chrome registry's AllowContentToAccess with non-chrome URLs. r=gijs
MozReview-Commit-ID: I3DyrYGpGC2
2017-12-21 10:54:43 -05:00
Gijs Kruitbosch
0d38343e35 Bug 1424261, r=bz
--HG--
extra : rebase_source : 2bead652bbfd4cd251b431e04e3002c38c1a7a7b
2017-12-12 10:53:10 -06:00
Gijs Kruitbosch
e77ee731e9 Bug 1222924 - stop allowing webpages to link to moz-icon: , r=mrbkap
MozReview-Commit-ID: FKEDboWIfFQ

--HG--
extra : rebase_source : 801317b5746c6e84431c6a8f2097b83523646016
2017-11-22 21:31:41 +00:00
Kris Maglione
27c96362b9 Bug 1412345: Downgrade expanded principals before inheriting. r=bz,krizsa
There are several ways that expanded principals can be used as triggering
principals for requests. While that works fine for security checks, it also
sometimes causes them to be inherited, and used as result principals in
contexts where expanded principals aren't allowed.

This patch changes our inheritance behavior so that expanded principals are
downgraded to the most appropriate constituent principal when they would
otherwise be inherited.

The logic for choosing the most appropriate principal is a bit suspect, and
may eventually need to be changed to always select the last whitelist
principal, but I chose it to preserve the current principal downgrade behavior
used by XMLHttpRequest for the time being.

MozReview-Commit-ID: 9fvAKr2e2fa

--HG--
extra : rebase_source : c30df1b3851c11fed5a1d6a7fb158cec14933182
2017-11-02 19:56:27 -07:00
Kris Maglione
b46bd8b6b0 Bug 1411817: Add do_AddRef overloads for nsCOMPtr<T> and nsRevocableEventPtr<T>. r=froydnj
MozReview-Commit-ID: gEU7whtNHc

--HG--
extra : rebase_source : 6763e6b31be8a3341f968eef057b756fbfe3cbbe
extra : amend_source : da6140fb0559d78b46e80e72e8b6768bf2364fb1
2017-10-25 19:46:50 -07:00
Kris Maglione
257d9118dc Bug 1409249: Require singleton constructors to return explicit already_AddRefed. r=froydnj
Right now, NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR expects singleton
constructors to return already-addrefed raw pointers, and while it accepts
constructors that return already_AddRefed, most existing don't do so.

Meanwhile, the convention elsewhere is that a raw pointer return value is
owned by the callee, and that the caller needs to addref it if it wants to
keep its own reference to it.

The difference in convention makes it easy to leak (I've definitely caused
more than one shutdown leak this way), so it would be better if we required
the singleton getters to return an explicit already_AddRefed, which would
behave the same for all callers.


This also cleans up several singleton constructors that left a dangling
pointer to their singletons when their initialization methods failed, when
they released their references without clearing their global raw pointers.

MozReview-Commit-ID: 9peyG4pRYcr

--HG--
extra : rebase_source : 2f5bd89c17cb554541be38444672a827c1392f3f
2017-10-16 21:08:42 -07:00
Nicholas Nethercote
7c69d69eb3 Bug 1409960 - Remove ClassInfoData. r=bz.
This class does some caching of an nsIClassInfo's flags and name. Presumably it
made sense at some time in the past, but now it's only used by
CanCreateWrapper(). It's simpler to just directly get the flags and name when
needed, so this patch does that and removes the class.

--HG--
extra : rebase_source : 0f11844ca6be4ff007b50d95bb8f5a88037fb1b5
2017-10-19 10:11:21 +11:00
Nicholas Nethercote
78030c0e7b Bug 1409598 - Change nsIXPCScriptable::className and nsIClassInfo::{contractID,classDescription} from string to AUTF8String. r=froydnj.
This lets us replace moz_xstrdup() of string literals with AssignLiteral(),
among other improvements.

--HG--
extra : rebase_source : 9994d8ccb4f196cf63564b0dac2ae6c4370defb4
2017-10-18 13:17:26 +11:00
Kris Maglione
bd6d63772a Bug 1407428: Hand out a const array reference for expanded principal whiteList. r=krizsa
The current API makes the life time and ownership of the result array unclear
without careful reading. The result array is always owned by the principal,
and its lifetime tied to the lifetime of the principal itself. Returning a
const array reference makes this clear, and should prevent callers from
accidentally modifying the returned array.

MozReview-Commit-ID: 3f8mhynkKAj

--HG--
extra : source : 237acf2879f6222bc4b076c377bf026d18a6ebef
extra : amend_source : dfaf6e88e3c4758f7fdcf7fb422d457edafab1b7
2017-10-10 15:00:16 -07:00
Sebastian Hengst
11a2b8ef67 Backed out changeset 237acf2879f6 (bug 1407428) for frequent crashes, e.g. in xpcshell's test_bug248970_cookie.js. r=backout on a CLOSED TREE
--HG--
extra : amend_source : 1ccac4fb953566239cba8db7d6f8bdca4ce48b35
2017-10-16 00:00:15 +02:00
Kris Maglione
7d8f8ea3d6 Bug 1407428: Hand out a const array reference for expanded principal whiteList. r=krizsa
The current API makes the life time and ownership of the result array unclear
without careful reading. The result array is always owned by the principal,
and its lifetime tied to the lifetime of the principal itself. Returning a
const array reference makes this clear, and should prevent callers from
accidentally modifying the returned array.

MozReview-Commit-ID: 3f8mhynkKAj

--HG--
extra : rebase_source : d2a5e0862f8c964fb5a3e46b50c2e9629b218699
extra : amend_source : 27d7a7ef5da6fe2aa1104009b6ee067465db73e1
2017-10-10 15:00:16 -07:00
Jason Orendorff
ddaf859c55 Bug 1363200 - JSAPI for realms: Change a few XPConnect methods to take Realm arguments instead of JSCompartments. r=mrbkap
This also introduces JS::GetObjectRealmOrNull, which returns an object's realm,
or null if the object is a cross-compartment wrapper. In the new order,
wrappers can't have realms, since they must be shared across all realms in a
compartment. We're introducing this new function early (even though it's
*currently* possible to assign a realm to wrappers) in order to see in
advance if the possibility of returning null will cause problems.
(It looks like it won't.)

--HG--
extra : rebase_source : e55ebbbc4edf2a18ce267198928246592060e339
extra : source : d6bfce1187aa13dbfab03f9566ff7b05b6705e70
2017-06-28 12:31:53 -07:00
Jason Orendorff
ce74f6c158 Bug 1363200 - JSAPI for realms: Move mIsContentXBLScope to the CompartmentPrivate. r=mrbkap
In the new order, it will be a compartment-level bit rather than a
realm-level bit, so it does not belong on the Scope.

--HG--
extra : rebase_source : 44aa4620f7fd7f8d253c8c7f09bf8c97c00ff061
extra : source : 5a9c01720d7929e43aa70341d3821bfaa2479592
2017-07-12 15:00:47 -05:00
Kris Maglione
b3ba0520ee Bug 1396449: Part 1 - Use WebExtensionPolicy objects in extension content principals. r=krizsa
Going through the extension policy service rather than using
WebExtensionPolicy objects directly adds a lot of unnecessary overhead to
common operations on extension principals, and also makes the code more
complicated than it needs to be.

We also use weak references to policy objects here, since principals should
ideally lose as much of their elevated privileges as possible once the
extension instance that created them has been destroyed (which is something we
couldn't handle easily when we simply tracked ID strings).

MozReview-Commit-ID: KDNvVdvLkIt

--HG--
extra : rebase_source : 1b567919d2461bd0315d1a7d89f330cbd585f579
2017-09-05 11:04:43 -07:00
Chung-Sheng Fu
6a8ee766d6 Bug 863246 - Content can only load resource:// URIs declared content-accessible in manifests r=billm,bz
bz:
    caps/nsScriptSecurityManager.cpp

billm:
    browser/extensions/activity-stream/jar.mn
    browser/extensions/onboarding/jar.mn
    chrome/RegistryMessageUtils.h
    chrome/nsChromeRegistry.h
    chrome/nsChromeRegistryChrome.cpp
    chrome/nsChromeRegistryContent.cpp
    netwerk/protocol/res/SubstitutingProtocolHandler.cpp
    netwerk/protocol/res/SubstitutingProtocolHandler.h
    netwerk/protocol/res/nsIResProtocolHandler.idl
    netwerk/protocol/res/nsISubstitutingProtocolHandler.idl
    netwerk/protocol/res/nsResProtocolHandler.cpp
    netwerk/protocol/res/nsResProtocolHandler.h
    xpcom/components/ManifestParser.cpp

MozReview-Commit-ID: 1RXeNn7jdBf

--HG--
extra : rebase_source : 83000448abf58b7956c2eb122604d7ab38ad0f7c
2017-06-08 17:44:09 +08:00
Sebastian Hengst
163be910bb Backed out changeset 05fc8d2d7ca9 (bug 863246) for failing various reftests, e.g. parser/htmlparser/tests/reftest/bug535530-2.html. r=backout on a CLOSED TREE 2017-08-25 16:44:40 +02:00
Chung-Sheng Fu
68b806c637 Bug 863246 - Content can only load resource:// URIs declared content-accessible in manifests r=billm,bz
bz:
    caps/nsScriptSecurityManager.cpp

billm:
    browser/extensions/activity-stream/jar.mn
    browser/extensions/onboarding/jar.mn
    chrome/RegistryMessageUtils.h
    chrome/nsChromeRegistry.h
    chrome/nsChromeRegistryChrome.cpp
    chrome/nsChromeRegistryContent.cpp
    netwerk/protocol/res/SubstitutingProtocolHandler.cpp
    netwerk/protocol/res/SubstitutingProtocolHandler.h
    netwerk/protocol/res/nsIResProtocolHandler.idl
    netwerk/protocol/res/nsISubstitutingProtocolHandler.idl
    netwerk/protocol/res/nsResProtocolHandler.cpp
    netwerk/protocol/res/nsResProtocolHandler.h
    xpcom/components/ManifestParser.cpp

MozReview-Commit-ID: 1RXeNn7jdBf

--HG--
extra : rebase_source : 749673b7a5bb0b50192a57496b2ea7962bf6b2d7
2017-06-08 17:44:09 +08:00
Nicholas Nethercote
f582d96b98 Bug 1390428 (part 9) - Remove nsXPIDLCString. r=erahm.
This is straightforward, with only two notable things.

- `#include "nsXPIDLString.h" is replaced with `#include "nsString.h"`
  throughout, because all nsXPIDLString.h did was include nsString.h. The
  exception is for files which already include nsString.h, in which case the
  patch just removes the nsXPIDLString.h inclusion.

- The patch removes the |xpidl_string| gtest, but improves the |voided| test to
  cover some of its ground, e.g. testing Adopt(nullptr).

--HG--
extra : rebase_source : 452cc4a08046a1adb1a8099a7e85a1917de5add8
2017-08-17 15:29:03 +10:00
Masatoshi Kimura
32e5d77ba4 Bug 1387805 - Remove [deprecated] nsIScriptSecurityManager.getCodebasePrincipal(). r=bz
MozReview-Commit-ID: CY47PBaQ5oy

--HG--
extra : rebase_source : 6a82bae0d3caafadc772a08a1d392ab30c4ad914
2017-08-06 15:31:31 +09:00
Thomas Wisniewski
c20797f0fa Bug 1261289 - Allow webextensions to open view-source links. r=mixedpuppy, r=smaug
MozReview-Commit-ID: A8TGE448vBs
2017-06-20 15:23:49 -04:00
Nicholas Nethercote
f941156987 Bug 1386600 - Change nsIStringBundle methods to return |AString| instead of |wstring|. r=emk,sr=dbaron.
This removes about 2/3 of the occurrences of nsXPIDLString in the tree. The
places where nsXPIDLStrings are null-checked are replaced with |rv| checks.

The patch also removes a couple of unused declarations from
nsIStringBundle.idl.

Note that nsStringBundle::GetStringFromNameHelper() was merged into
GetStringFromName(), because they both would have had the same signature.

--HG--
extra : rebase_source : ac40bc31c2a4997f2db0bd5069cc008757a2df6d
2017-08-04 14:40:52 +10:00
Christoph Kerschbaumer
256e249566 Bug 1381761 - Treating 'data:' documents as unique, opaque origins should still inherit the CSP. r=smaug,dveditz 2017-08-04 14:11:17 +02:00
Nicholas Nethercote
72c884bf74 Bug 1384835 (part 3, attempt 2) - Remove the Preferences::Get*CString() variants that return nsAdoptingCString. r=froydnj.
--HG--
extra : rebase_source : d317b25be2ec21d1a60d25da3689e46cdce0b649
2017-07-31 14:28:48 +10:00
Nicholas Nethercote
d4f9aa5530 Bug 1384835 (part 2, attempt 2) - Remove the Preferences::Get*String() variants that return nsAdoptingString. r=froydnj.
--HG--
extra : rebase_source : 6c24fbacb03d4adebe5f22b5e7fc60b069913f20
2017-07-31 14:23:50 +10:00
Bob Owen
9fe7a4201d Bug 1378377 Part 1: Expose file:// URI whitelist check to chrome JS. r=bz
This is required so that we can check the whitelist and run domains that are
allowed to use file:// URIs in the file content process.
2017-07-19 09:37:25 +01:00
Nicholas Nethercote
c86dc10505 Bug 1380227 - Avoid many UTF16toUTF8 and UTF8toUTF16 conversions in nsStringBundle. r=emk.
Most of the names passed to nsIStringBundle::{Get,Format}StringFromUTF8Name
have one of the two following forms:

- a 16-bit C string literal, which is then converted to an 8-bit string in
  order for the lookup to occur;

- an 8-bit C string literal converted to a 16-bit string, which is then
  converted back to an 8-bit string in order for the lookup to occur.

This patch introduces and uses alternative methods that can take an 8-bit C
string literal, which requires changing some signatures in other methods and
functions. It replaces all C++ uses of the old methods.

The patch also changes the existing {Get,Format}StringFromName() methods so
they take an AUTF8String argument for the name instead of a wstring, because
that's nicer for JS code.

Even though there is a method for C++ code and a different one for JS code,
|binaryname| is used so that the existing method names can be used for the
common case in both languages.

The change reduces the number of NS_ConvertUTF8toUTF16 and
NS_ConvertUTF16toUTF8 conversions while running Speedometer v2 from ~270,000 to
~160,000. (Most of these conversions involved the string
"deprecatedReferrerDirective" in nsCSPParser.cpp.)

--HG--
extra : rebase_source : 3bee57a501035f76a81230d95186f8c3f460ff8e
2017-07-12 15:13:37 +10:00
Peter Van der Beken
9b9495bf79 Bug 1252211 - Remove DOMCI for TreeSelection, XULCommandDispatcher and XULControllers. r=bz.
--HG--
extra : rebase_source : 5a24af4928dbd7754850c6e3ceff6646bfe58c93
2017-05-18 09:07:25 +02:00
Carsten "Tomcat" Book
4a5a3d9f30 Backed out changeset 2c51cdd42834 (bug 1252211) for bustage 2017-06-13 12:20:33 +02:00
Peter Van der Beken
9d549d2f23 Bug 1252211 - Remove DOMCI for TreeSelection, XULCommandDispatcher and XULControllers. r=bz.
--HG--
extra : rebase_source : db24985f7e8f6d4ca4df13015d565ec0063ba355
extra : source : f361697cb50b47dc4db94a6730b6604ab69217f5
2017-05-18 09:07:25 +02:00
Andrea Marchesini
e7eda19b3d Bug 1369323 - Get rid of nsScriptSecurityManager::GetNoAppCodebasePrincipal, r=bholley 2017-06-02 11:05:28 +02:00
Andrea Marchesini
1cb008c2f2 Bug 1369314 - Get rid of nsScriptSecurityManager::GetAppCodebasePrincipal, r=bholley 2017-06-02 11:05:28 +02:00
Gijs Kruitbosch
a81cfadca0 Bug 1356193 - rename securityFlags local variable for code clarity reasons, r=ckerschb
MozReview-Commit-ID: DmU4ORvXHNY

--HG--
extra : rebase_source : 687cf2ee500839182c4a2f785fc51e9b71476f3c
2017-04-13 11:36:18 +01:00