Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-22 09:45:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f0168929ca
gecko-dev/devtools/client/responsive.html
History
Kris Maglione b3cac601f6 Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs 
This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.

Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.

This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.

MozReview-Commit-ID: 5w17celRFr

--HG--
extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe
extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006
2018-01-24 14:56:48 -08:00
..
actions Bug 1429121 - Manual cleanup of RDM for async / await. r=ochameau 2018-01-09 17:03:48 -06:00
browser Bug 1429121 - Manual cleanup of RDM for async / await. r=ochameau 2018-01-09 17:03:48 -06:00
components Bug 1432966: Sanitize HTML fragments created for chrome-privileged documents. r=bz f=gijs 2018-01-24 14:56:48 -08:00
images Bug 1399886 - modify devtools SVG files to use fill=context-fill;r=gl 2017-10-04 16:57:11 +02:00
reducers Bug 1321675 - Rename removeDevice to removeDeviceAssoc. r=gl 2017-02-03 17:23:49 -06:00
test Bug 1429121 - Manual cleanup of RDM for async / await. r=ochameau 2018-01-09 17:03:48 -06:00
utils Bug 1421663 - Allow changing of custom viewport size in RDM with arrow keys. r=jryans 2017-12-06 00:31:57 +05:30
app.js Bug 1418274 - Responsive Design Mode to ES6 Classes, prop-types and react-dom-factories r=jryans 2017-11-17 12:22:29 +00:00
commands.js Bug 1429121 - Automated conversion of RDM to async / await. r=ochameau 2018-01-09 10:08:35 -06:00
constants.js
index.css Bug 1333254 - Adjust variations of 'device pixel ratio' spelling. r=jryans 2017-11-17 11:08:42 -06:00
index.js Bug 1429121 - Manual cleanup of RDM for async / await. r=ochameau 2018-01-09 17:03:48 -06:00
index.xhtml Bug 1342144 - Remove version parameter from the type attribute of script elements. r=jmaher 2017-02-23 06:10:07 +09:00
manager.js Bug 1429121 - Manual cleanup of RDM for async / await. r=ochameau 2018-01-09 17:03:48 -06:00
moz.build Bug 1305777 - Move RDM GCLI commands to new RDM. r=ochameau 2017-09-26 18:47:12 -05:00
reducers.js Bug 1276971 - Adding UI to display and change the current DPI / DPR setting; r=gl,jryans 2016-11-05 13:45:10 +01:00
responsive-ua.css
store.js
types.js Bug 1418274 - Responsive Design Mode to ES6 Classes, prop-types and react-dom-factories r=jryans 2017-11-17 12:22:29 +00:00