Dave Huseby
ce82855c42
Bug 1189086 - Eliminate nsIPrincipal::jarPrefix. r=dveditz
2016-10-24 13:52:00 +02:00
Tom Tromey
0dc689acdd
Bug 553032 - use MOZ_FORMAT_PRINTF in js; r=evilpie
...
MozReview-Commit-ID: DD3DJRkOxmC
--HG--
extra : rebase_source : 61cdf0da1a82b626abc79209ee41e43c3bb152ca
2016-10-11 12:44:40 -06:00
Sebastian Hengst
9e31a95f74
Backed out changeset 2bfd163f23f9 (bug 553032)
2016-10-19 18:29:36 +02:00
Tom Tromey
5b851428f8
Bug 553032 - use MOZ_FORMAT_PRINTF in js; r=evilpie
...
MozReview-Commit-ID: DD3DJRkOxmC
--HG--
extra : rebase_source : 4f98705e5e2c5ff9860f04384abbc6f5dc18a7a9
2016-10-11 12:44:40 -06:00
Christoph Kerschbaumer
fb07f658e3
Bug 1305012 - Downgrade a new channel's principal to NullPrincipal. r=smaug
2016-10-05 21:19:51 +02:00
Cameron McCormack
418bfe72a3
Bug 1300720 - Part 2: Lazily initialize nsScriptSecurityManager::mFileURIWhitelist. r=bholley
...
MozReview-Commit-ID: 8cqHUlOnsEH
2016-10-03 12:43:17 +08:00
Olli Pettay
9f0454f829
Bug 1306300, null check nsILoadContext in GetLoadContextCodebasePrincipal, r=baku
2016-09-29 20:31:50 +03:00
Gijs Kruitbosch
7de765df42
Bug 1290668 - unbreak view-source links between http and https pages, r=smaug
...
MozReview-Commit-ID: B4nXTkMC5LE
--HG--
extra : rebase_source : ad7086b7ff58f44b12c3eaaf9b7be8c8955762a5
2016-09-27 13:31:53 +01:00
Tooru Fujisawa
10dd75211d
Bug 1289050 - Part 2: Use ASCII or Latin1 variants of JS_ReportError in not-simple cases. r=jwalden
2016-08-15 19:20:01 +09:00
Ehsan Akhgari
6b65aceec2
Bug 1297687 - Part 1: Remove nsIScriptSecurityManager.createExpandedPrincipal(); r=bholley
2016-09-22 13:27:33 -04:00
Christoph Kerschbaumer
bc9a70d964
Bug 1297338
- Introduce concept of principalToInherit to docshell and scriptSecurityManager. r=bz
2016-09-20 08:36:25 +02:00
Yoshi Huang
10b437080c
Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug
2016-09-06 10:25:58 +08:00
Sebastian Hengst
c9519f7c29
Backed out changeset b9afda2804fd (bug 1260931)
2016-09-05 21:15:29 +02:00
Yoshi Huang
6cca1d0c54
Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug
2016-09-06 01:50:30 +08:00
Wes Kocher
a2ca4e17ce
Backed out changeset 1e7eb0625d3e (bug 1297687) a=merge
2016-09-02 13:18:37 -07:00
Sebastian Hengst
df3ad10e28
Backed out changeset 10da0eca7bbb (bug 1260931)
2016-09-02 15:33:51 +02:00
Sebastian Hengst
31c5f85098
Backed out 5 changesets (bug 1260931)
...
Backed out changeset 86e1a437021b (bug 1260931)
Backed out changeset be65e87da9e3 (bug 1260931)
Backed out changeset 39cff1d988fd (bug 1260931)
Backed out changeset 2fa7c4d8a5bc (bug 1260931)
Backed out changeset 075d612841fb (bug 1260931)
2016-09-02 14:55:59 +02:00
Sebastian Hengst
5bbaac898b
Backed out changeset 10da0eca7bbb (bug 1260931)
2016-09-02 14:38:42 +02:00
Yoshi Huang
88b9430165
Bug 1260931 - Part 3: Propagate firstPartyDomain. r=smaug
2016-09-02 15:04:40 +08:00
Nicholas Nethercote
b71747b2ac
Bug 1299727 - Rename NS_WARN_IF_FALSE as NS_WARNING_ASSERTION. r=erahm.
...
The new name makes the sense of the condition much clearer. E.g. compare:
NS_WARN_IF_FALSE(!rv.Failed());
with:
NS_WARNING_ASSERTION(!rv.Failed());
The new name also makes it clearer that it only has effect in debug builds,
because that's standard for assertions.
--HG--
extra : rebase_source : 886e57a9e433e0cb6ed635cc075b34b7ebf81853
2016-09-01 15:01:16 +10:00
Ehsan Akhgari
7d8261a6b9
Bug 1297687 - Use the OriginAttributes associated with a window principal when creating a Sandbox with an expanded principal; r=baku
2016-09-01 14:34:23 -04:00
Jan de Mooij
0ad12515f4
Bug 1292892 part 1 - Stop using JSRuntime outside SpiderMonkey. r=bz,terrence,fitzgen,kanru
2016-08-11 14:39:22 +02:00
Andrew McCreight
20456a6f50
Bug 1292289, part 2 - Remove includes of xpcprivate.h in caps/. r=mrbkap
...
Also remove some unused nsIXPConnect headers.
With the prior patch and this patch, touching xpcprivate.h does not
require rebuilding the caps directory.
MozReview-Commit-ID: HAL0FscGqjM
--HG--
extra : rebase_source : 6d0fcb66d5b6e2654919eb0d035c4365fb30273f
2016-08-04 11:19:24 -07:00
Yoshi Huang
84039380cc
Bug 1287073 - remove SEC_FORCE_INHERIT_PRINCIPAL_WAS_DROPPED from nsILoadInfo r=sicking
2016-07-28 15:56:32 +08:00
Chris Peterson
b175c9fdd5
Bug 1277106 - Part 2: Expand MOZ_UTF16() strings to u"" string literals. r=Waldo
2016-07-20 22:03:25 -07:00
Gijs Kruitbosch
ca0706d1c4
Bug 1281787, r=bz
...
MozReview-Commit-ID: JLdLD57pF87
--HG--
extra : rebase_source : c656044a8448d2fa70e484e9c126fc1955201579
2016-07-13 12:05:22 +01:00
Jan de Mooij
e4ae5f26da
Bug 1283855
part 20 - Make more principals code take JSContext instead of JSRuntime. r=luke
...
--HG--
extra : rebase_source : ad5f2f5b5bef9d20e4e248898a3c754adb306683
2016-07-05 16:49:46 +02:00
Jan de Mooij
078a91ca56
Bug 1283855
part 19 - Make security callbacks take JSContext instead of JSRuntime. r=jorendorff
...
--HG--
extra : rebase_source : c106826540912b00550b2d6162dcae6e1fb616d4
2016-07-05 16:49:44 +02:00
Jonathan Watt
b15368cfcb
Bug 1279451 - Remove a lot of unnecessary includes of nsAutoPtr.h. rs=sparky
2016-06-07 21:10:18 +01:00
Nicholas Nethercote
5592622f09
Bug 1277104 - Add strings to high-frequency MOZ_CRASH() occurrences. mccr8.
...
Some of these are guesses; it's not always clear from a crash report stack
trace which MOZ_CRASH() was hit.
2016-06-09 13:09:58 +10:00
Gijs Kruitbosch
4d279191b4
Bug 1277583, r=bz
...
MozReview-Commit-ID: E9gNZAOQzG9
--HG--
extra : rebase_source : 302534c6ef5c064c3956188dd52fcf668db0d0e1
extra : histedit_source : c97f8279ebeea7b9a6c93d88f6809c38cac2ee14
2016-06-02 19:42:21 +01:00
Jonathan Hao
525c086187
Bug 1259871 - Replace getSimpleCodebasePrincipal with createCodebasePrincipal. r=sicking
...
MozReview-Commit-ID: Frx0CjBzuve
--HG--
extra : histedit_source : 036eb321d9ccb20e0e071ba588b0a1249eb34bdd
2016-05-24 18:01:34 +08:00
Boris Zbarsky
dc120449d2
Bug 1275698. Get rid of nsScriptSecurityManager::ScriptAllowed and replace it with xpc::Scriptability::Get(obj).Allowed() for better performance and less indirection. r=khuey
2016-05-27 20:26:56 -04:00
Boris Zbarsky
4ec7cc4fc1
Bug 1276138. Remove the current/safe JSContext getters from nsScriptSecurityManager. r=mrbkap
2016-05-27 13:28:14 -04:00
Chris Peterson
e343bcae34
Bug 1274415 - Fix -Wshadow warnings in caps/ directory. r=dveditz
...
caps/BasePrincipal.cpp:562:28 [-Wshadow] declaration shadows a local variable
caps/nsScriptSecurityManager.cpp:675:18 [-Wshadow] declaration shadows a local variable
caps/nsScriptSecurityManager.cpp:854:14 [-Wshadow] declaration shadows a local variable
2016-05-19 01:04:46 -07:00
Jonathan Watt
73ea9dd190
Bug 1162772, part 3 - Add a getChannelResultPrincipalIfNotSandboxed method to nsIScriptSecurityManager. r=bz
...
MozReview-Commit-ID: 4QwM1y6wRb
2016-04-28 11:13:09 +01:00
Sebastian Hengst
bec59714da
Backed out changeset c32539fd746a (bug 1162772)
2016-04-30 09:54:01 +02:00
Jonathan Watt
c40b7e121f
Bug 1162772, part 3 - Add a getChannelResultPrincipalIfNotSandboxed method to nsIScriptSecurityManager. r=bz
...
MozReview-Commit-ID: 4QwM1y6wRb
2016-04-28 11:13:09 +01:00
Yoshi Huang
ba1bb72568
Bug 1263496 - Part 3: fix for nsNullPrincipal::Create
...
This fixed the locations listed by
http://searchfox.org/mozilla-central/search?q=nsNullPrincipal::Create (&redirect=true
that needs to inherit origin attributes.
2016-04-27 18:38:07 +08:00
Tanvi Vyas
c73e96a53d
Bug 1105556 - Call Create(originAttributes) when loadinfo->loadingPrincipal is null, instead of CreatePrincipalWithInheritedAttributes(). r=sicking
2016-04-13 16:30:22 -07:00
Dave Huseby
b9cbf42ad8
Bug 1237479 -- nsScriptSecurityManager needs to use the correct user context id in the origin attributes in a few places. r=sicking
2016-04-01 22:36:00 -04:00
Benjamin Bouvier
70202e15a1
Bug 1251308; r=luke
...
MozReview-Commit-ID: AqsMX4m7Qh9
--HG--
extra : rebase_source : 519aef2cf8c0bb39771d4589069e8fd1a06970c3
2016-03-09 11:20:11 +01:00
J. Ryan Stinnett
95f8000ac8
Bug 1238160 - Add assertions in non-desktop code paths. r=bz,fabrice
...
Several code paths try to ask the principal if it's in a browser element, but
the principal now only knows about *isolated* browser elements. All such code
paths are currently unused on desktop. The frame loader now asserts that
isolation remains enabled for cases where apps are used.
MozReview-Commit-ID: 775DZecc35t
2016-03-02 10:35:56 -06:00
J. Ryan Stinnett
2a55d065b7
Bug 1238160 - Rename OriginAttributes.mInBrowser and associated methods. r=bz,mayhemer
...
This change renames OriginAttributes.mInBrowser to mInIsolatedMozBrowser and
nsIPrincipal::GetIsInBrowserElement to GetIsInIsolatedMozBrowserElement. Other
methods that pass these values around also have name changes.
Tokens such as "inBrowser" have previously been serialized into cache keys, used
as DB column names, stored in app registries, etc. No changes are made to any
serialization formats. Only runtime method and variable names are updated.
No behavior changes are made in this patch, so some renamed methods may have
nonsensical implementations. These are corrected in subsequent patches
focused on behavior.
MozReview-Commit-ID: 66HfMlsXFLs
2016-03-02 10:35:56 -06:00
Boris Zbarsky
87574e4920
Bug 1251311. JS::DescribeScriptedCaller can't throw JS exceptions. Adjust some callers accordingly. r=khuey
2016-02-26 15:23:13 -05:00
Yoshi Huang
be5bd39145
Bug 1240651 - Annotate addonId into crash report (r=bholley)
2016-02-01 16:05:53 -08:00
Gijs Kruitbosch
ef04fd0f90
Bug 1172165 - check all nested URI schemes in CAPS. Make view-source dangerous to load, and about: URIs use per-URI flags so they keep working, r=bz
...
Also, add an opt-out for crashtest/reftest for the view-source thing so they don't all break, r=bz
--HG--
extra : commitid : 8NqvmbphSgh
extra : rebase_source : bbe0b6f11a77d7e6241a5733931d9baa95bb3fed
2015-12-11 08:06:41 -05:00
Henry Chang
b02a011eef
Bug 1211590 - Inherits OriginAttributes from loading principal for GetChannelURIPrincipal. r=sicking
2016-01-13 05:30:00 +01:00
Luke Wagner
72ea23c63e
Bug 1239601 - improve the UniquePtr situation (r=jandem)
...
--HG--
extra : commitid : JegWAoGsuQ9
extra : rebase_source : 995c1b6ab8e4fd3b83c44741cd84a2d7b0d934d7
2016-01-15 18:26:20 -06:00
Jonas Sicking
6cc5074df0
Bug 1226909 part 1: Do security checks in a redirect handler rather than when opening the redirected channel. r=ckerschb
2015-12-06 18:33:14 -05:00