Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-22 01:35:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b3cac601f6
gecko-dev/devtools/client
History
Kris Maglione b3cac601f6 Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs 
This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.

Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.

This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.

MozReview-Commit-ID: 5w17celRFr

--HG--
extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe
extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006
2018-01-24 14:56:48 -08:00
..
aboutdebugging Backed out changeset 00b1cae7d55f (bug 1425393) for failing devtools/client/aboutdebugging/test/browser_service_workers.js r=backout 2018-01-11 10:43:40 +01:00
animationinspector Bug 1426194 - Part 2: Add test. r=pbro 2017-12-22 00:49:18 +09:00
canvasdebugger Bug 1393464 - Remove Heritage from devtools helper view-helpers.js; r=pbro 2018-01-04 18:54:52 +01:00
commandline Backed out 9 changesets (bug 1412456) for crashing talos g2 and unexpected network connections in browser-chrome's browser_searchEngine_behaviors.js r=backout a=backout on a CLOSED TREE 2017-12-07 12:20:21 +02:00
debugger Bug 1272774 - migrate all listTabs() callers to use promise;r=ochameau 2018-01-15 18:38:34 +01:00
dom Bug 1417512 - Performance Tools to ES6 Classes, prop-types and react-dom-factories r=gregtatum 2017-11-15 17:00:45 +00:00
framework Bug 1272774 - migrate all listTabs() callers to use promise;r=ochameau 2018-01-15 18:38:34 +01:00
inspector Backed out changeset 0569381b5e5f (bug 1422635) for failing ESlint at /builds/worker/checkouts/gecko/devtools/client/shared/test/browser_inplace-editor_autocomplete_css_variable.js on a CLOSED TREE 2018-01-24 00:34:34 +02:00
jsonview Bug 1429271 - Use 'is' to compare so that the obtained value is logged when the assert fails. r=Honza 2018-01-10 16:33:14 +01:00
locales Bug 1429908 - Update Debugger Frontend v9.0. r=jdescottes 2018-01-15 18:52:22 +01:00
memory Bug 1426634 - Rename devtools/client/shared/components/Tree.js to VirtualizedTree.js; r=nchevobbe 2017-12-22 12:10:00 +08:00
netmonitor Merge mozilla-central to inbound. a=merge CLOSED TREE 2018-01-25 19:08:48 +02:00
performance Bug 1393464 - Remove Heritage from devtools helper view-helpers.js; r=pbro 2018-01-04 18:54:52 +01:00
performance-new Backed out changeset 36b3f7fb7d31 (bug 1408124)for chrome failures in devtools test devtools/shared/security/tests/chrome/test_websocket-transport.html r=backout on a CLOSED TREE 2017-11-28 21:47:41 +02:00
preferences Bug 1430855 - Update Debugger Frontend v9.1. r=jdescottes 2018-01-17 17:58:26 +01:00
responsive.html Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs 2018-01-24 14:56:48 -08:00
scratchpad Bug 1393464 - Remove Heritage from devtools helper view-helpers.js; r=pbro 2018-01-04 18:54:52 +01:00
shadereditor Bug 1393464 - Remove Heritage from devtools helper view-helpers.js; r=pbro 2018-01-04 18:54:52 +01:00
shared Backed out changeset 0569381b5e5f (bug 1422635) for failing ESlint at /builds/worker/checkouts/gecko/devtools/client/shared/test/browser_inplace-editor_autocomplete_css_variable.js on a CLOSED TREE 2018-01-24 00:34:34 +02:00
sourceeditor Bug 1397366 - restore source-editor commands controller for scratchpad & styleeditor menus;r=ochameau 2018-01-03 20:52:58 +01:00
storage Bug 1428745 - Remove support for version parameter from script loader - tests, r=jonco 2018-01-09 17:00:49 +01:00
styleeditor Backed out changeset 41262016e149 (bug 1431758) for build bustage. on a CLOSED TREE 2018-01-22 18:42:13 +02:00
themes Bug 1421225 - Clicking on a console.group Message should toggle the group. r=nchevobbe 2018-01-23 09:28:15 +05:30
webaudioeditor Bug 1416711 - Add registerAllActors API;r=ochameau 2017-11-13 21:22:15 +01:00
webconsole Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs 2018-01-24 14:56:48 -08:00
webide Bug 1272774 - migrate all listTabs() callers to use promise;r=ochameau 2018-01-15 18:38:34 +01:00
.eslintrc.js
definitions.js Backed out changeset 36b3f7fb7d31 (bug 1408124)for chrome failures in devtools test devtools/shared/security/tests/chrome/test_websocket-transport.html r=backout on a CLOSED TREE 2017-11-28 21:47:41 +02:00
jar.mn Bug 1428777 - Rename index files; r=gasolin 2018-01-10 17:16:37 +01:00
menus.js Bug 1405584 - Add telemetry to track toolbox open time. r=francois,jdescottes datareview=francois 2017-10-11 11:43:25 +02:00
moz.build Backed out changeset 36b3f7fb7d31 (bug 1408124)for chrome failures in devtools test devtools/shared/security/tests/chrome/test_websocket-transport.html r=backout on a CLOSED TREE 2017-11-28 21:47:41 +02:00