This is a short-term solution to our inability to apply CSP to
chrome-privileged documents.
Ideally, we should be preventing all inline script execution in
chrome-privileged documents, since the reprecussions of XSS in chrome
documents are much worse than in content documents. Unfortunately, that's not
possible in the near term because a) we don't support CSP in system principal
documents at all, and b) we rely heavily on inline JS in our static XUL.
This stop-gap solution at least prevents some of the most common vectors of
XSS attack, by automatically sanitizing any HTML fragment created for a
chrome-privileged document.
MozReview-Commit-ID: 5w17celRFr
--HG--
extra : rebase_source : 1c0a1448a06d5b65e548d9f5362d06cc6d865dbe
extra : amend_source : 7184593019f238b86fd1e261941d8e8286fa4006
Now that accessing nsIContent slots is not a blob of virtual function calls, we
should be able to unify logic here, and speed up the not-so-rare case for
chrome, while keeping the usual case fast.
MozReview-Commit-ID: 87iY5Cbhx4T
Give the compiler the chance to devirtualize / inline a bit more.
MozReview-Commit-ID: D5u2AxaZ7a1
--HG--
extra : rebase_source : e235b8b60322a113f459067e2762ea237cb26ec5
The textarea is inserted under a Shadow host, with no matching insertion point,
so its flattened tree parent node is null.
We're treating this case in the restyle root code as "the parent is the
document", but that's very wrong.
MozReview-Commit-ID: JlzUMRIYaYZ
--HG--
extra : rebase_source : feeaf7a7333097aa87b35358172472790f6c74a7
This is necessary in order to capture the correct triggering principal for
inline <style> nodes.
MozReview-Commit-ID: 9EaD40vRNkH
--HG--
extra : rebase_source : cdd4a730f24dc57783edcf666ae803379c0d6173
This is necessary in order to parse style attributes using the subject
principal of the caller, rather than defaulting to the page principal.
MozReview-Commit-ID: GIshajQ28la
--HG--
extra : rebase_source : 5dba46f61d70ec647cae16383b62961ac72d2f47
It's a sub-class of nsAtom, useful for cases where you know you are dealing
exclusively with static atoms. The nice thing about it is that you can use
raw nsStaticAtom pointers instead of RefPtr<>. (In fact, the AddRef/Release
implementations ensure that we'll crash if we use RefPtr<nsStaticAtom>.)
MozReview-Commit-ID: 4Q6QHX5h44V
--HG--
extra : rebase_source : e4237f85b4821b684db0ef84d1f9c5e17cdee428
I'm drive-by removing the comment about the frame tree state because I looked
into it, and the answer is: we properly restore it.
The gotcha is that we retain it too much, indeed, we retain it enough that it
can leak. See bug 1397239.
MozReview-Commit-ID: LP6bXkduEZ4
--HG--
extra : rebase_source : f7e18fc35e48b75c07fcc84b939614d379926828
We could also check whether it is a subdocument frame or what not (not that
we're going to render anything down there). But at that point the value of
avoiding the FFI call starts diluting.
MozReview-Commit-ID: BBIv0O3fFuk
--HG--
extra : rebase_source : 663ead4fe3df83ea1d929b8726c8c1ab8b05c06a
I'm not adding a crashtest because the one provided is kinda unreliable, and I
suck and I wasn't able to find a better one.
MozReview-Commit-ID: CmaF0NO4Dff
--HG--
extra : rebase_source : 5d324499b1a258f9d73266c06adbc46ae98db896
In order to tailor certain security checks to the caller that is attempting to
load a particular piece of content, we need to be able to attach an
appropriate triggering principal to the corresponding requests. Since most
HTML content is loaded based on attribute values, that means capturing the
subject principal of the caller who sets those attributes, which means making
it available to AfterSetAttr hooks.
MozReview-Commit-ID: BMDL2Uepg0X
--HG--
extra : rebase_source : 25e438c243700a9368c393e40e3a6002d968d6c8
(Path is actually r=froydnj.)
Bug 1400459 devirtualized nsIAtom so that it is no longer a subclass of
nsISupports. This means that nsAtom is now a better name for it than nsIAtom.
MozReview-Commit-ID: 91U22X2NydP
--HG--
rename : xpcom/ds/nsIAtom.h => xpcom/ds/nsAtom.h
extra : rebase_source : ac3e904a21b8b48e74534fff964f1623ee937c67
