Kris Maglione 8ec2442bf5 Bug 1647519: Reject javascript: requests targeting other content processes. r=nika ... Loads targeting cross-process BrowsingContexts are by definition cross-origin, which should preclude any javascript: loads. While those loads are currently prevented by principal checks in the final target process, sending IPC messages for the attempts is unnecessary, and potentially opens a door to privilege escalation exploits by a compromised content process. This patch prevents any cross-process load requests from being sent by content processes, and adds checks in the parent process to kill any (potentially compromised) content process which attempts to send them. Differential Revision: https://phabricator.services.mozilla.com/D103529		2021-02-02 22:24:47 +00:00
..
browser	Bug 1643789 - fix use of alternate URI fixup for middle clicks, context menu clicks, etc., r=nika	2021-02-02 00:27:42 +00:00
chrome	Bug 1052471: Adjust test_bug453650.xhtml to perform its reflow-causing restyle a bit later, *after* the reflow observer is registered. r=jfkthame	2021-01-04 19:04:40 +00:00
iframesandbox	Bug 1650919 - Adding manifest annotations for xorigin test harness. r=kmag	2020-07-13 20:34:46 +00:00
mochitest	Bug 1647519: Reject javascript: requests targeting other content processes. r=nika	2021-02-02 22:24:47 +00:00
navigation	Backed out 11 changesets (bug 1681529) for mochitest failures at test_reload_large_postdata.html. CLOSED TREE	2021-02-02 22:02:59 +02:00
unit	Bug 1638215: Use https for canonization the URL. r=mak	2020-12-07 01:54:05 +00:00
unit_ipc
moz.build	Bug 1654103: Standardize on Black for Python code in mozilla-central.	2020-10-26 18:34:53 +00:00