KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:30:27 +00:00
Code Issues Projects Releases Wiki Activity
Files
1e24b22ef4bf07746ce57eee5aaa1c6bed6de131
palemoon27/dom/security/nsCSPContext.h
T
roytam1 1e24b22ef4 remove nsINetUtil_ESR_38, fixup and import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1150366 - Remove duplicate d3.js. r=jsantell (71f991da6)
- Bug 1175352 - Refactor LoadInfo arguments to be more self contained (r=bent) (3f7d08164)
- Bug 1181533 - Add nsCRTGlue.h and prtime.h includes to nsDownloadManager.cpp to fix --disable-safe-browsing build bustage. r=froydnj (af338edf1)
- Bug 905127 - Part 1 - Make some functions from nsNetUtil not inline. r=jduell Bug 905127 - Part 2 - remove unnecessary nsNetUtil.h includes r=jduell Bug 905127 - Make some functions from nsNetUtil not inline. r=jduell (bc47d5b3a)
- Bug 1117650 - Part 1: Move all CORS tests into dom/security/test. r=sicking (6f727387c)
- Bug 1117650 - Part 2: Move all MixedContent tests into dom/security/test. r=tanvi (73f273829)
- Bug 1004703 - ignore 'unsafe-inline' if nonce- or hash-source specifed - tests (r=sstamm) (ebf411159)
- Bug 921493 - CSP: test whitelisting of scheme-relative sources (r=dveditz) (f0618b189)
- Bug 1139569 - Optimize update function for element editors in markup view;r=mratcliffe (c60d38dca)
- Partil of Bug 1139644 - Make markupview use sdk timers instead of individual timers for each window;r=pbrosset (8bc1a4d66)
- Bug 1146568 - Avoid unsafe CPOW usage warnings in browser_markupview_tag_edit_08.js; r=bgrins Making use of the devtools test frame-script to set the test node's attributes instead of using a CPOW. (61d7eed64)
- Bug 1146568 - Avoid unsafe CPOW usage in markupview tests, in assertAttributes helper; r=bgrins (efc492d5d)
- Bug 858038 - Allow moving elements in the markupview by drag/drop; r=pbrosset (51d79c15c)
- Bug 1139644 - Flash only relevant attributes in markup view when changed;r=pbrosset (29807fa46)
- Bug 1147128 - Make sure attribute shows up in markup view after removing and setting to the previous value;r=mratcliffe (1947f7417)
- Bug 1147325 - Clear box model timer on markup view destroy. r=pbrosset Prevents 'this._inspector.toolbox is null' spam in mochitest-dt (1d6808b4a)
- Bug 921102 - 1 - Linkify URIs in the inspector; r=tromey, miker This first part adds a parser for node attributes which, given some node information and an attribute name, generates a small AST-like array of objects that tells which parts of the attribute (if any) are links, and what they link to. Using this, the markup-view generates the right HTML structure to display these parts as links. This part 1 doesn't yet allow users to follow these links. (c500e270e)
- Bug 1139667 - CSP tests for fetch(). r=ckirschb (df030457f)
- Bug 1086999 - CSP: Asterisk (*) wildcard should not allow blob:, data:, or filesystem: when matching source expressions - tests (r=sstamm) (dee0f2239)
- Bug 1117650 - Part 3: Move all CSP tests into dom/security/test. r=sstamm (29c95475c)
- Bug 1146566 - 1 - Use devtools common frame-script in markupview tests and add helper; r=bgrins (b10e42468)
- Bug 1146566 - 2 - Avoid using CPOWs in test browser_markupview_tag_edit_03.js; r=bgrins This change updates the browser_markupview_tag_edit_03.js test by making use of the getDomElementInfo message listener to retrieve information about the tested nodes without having to go through CPOWs. (07f0ee3ff)
- Bug 1036324 - Adds option to walker.parents() to not traverse DocShellTreeItems of different types (24123a5d2)
- Bug 921102 - 2 - Markup-view tests for attribute links; r=miker (f6da81799)
- Bug 901250 - Add scroll into view menu item for the inspector. r=bgrins (bfc7518b1)
- Bug 994055 - Part 1: Add a toggle sidebar panel button to the inspector. r=miker This adds a new icon, next to the searchbox (like in the debugger) to expand or collapse the sidebar panel in the inspector. The state is *not* persisted yet when the toolbox is closed. The button is hidden when the toolbox host switches to 'side'. (87730e20a)
- Bug 994055 - Part 2: Add tests for the inspector sidebar toggle button. r=miker (2872c3fbd)
- Bug 921102 - 3 - Open/copy markup-view attribute links; r=bgrins This part adds contextual menu items that become enabled when the user right clicks on an attribute that has a link. Depending on the nature of the link, a new tab will be opened or a node selected. The user can also choose to copy the link in the clipboard. (9b93485f6)
- Bug 921102 - 4 - Tests for the open/copy links on markup-view attributes; r=bgrins (861ba51f6)
2021-05-21 09:14:47 +08:00

125 lines
4.3 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsCSPContext_h___
#define nsCSPContext_h___
#include "mozilla/dom/nsCSPUtils.h"
#include "nsDataHashtable.h"
#include "nsIChannel.h"
#include "nsIChannelEventSink.h"
#include "nsIClassInfo.h"
#include "nsIContentSecurityPolicy.h"
#include "nsIInterfaceRequestor.h"
#include "nsISerializable.h"
#include "nsIStreamListener.h"
#include "nsWeakReference.h"
#include "nsXPCOM.h"
#define NS_CSPCONTEXT_CONTRACTID "@mozilla.org/cspcontext;1"
// 09d9ed1a-e5d4-4004-bfe0-27ceb923d9ac
#define NS_CSPCONTEXT_CID \
{ 0x09d9ed1a, 0xe5d4, 0x4004, \
{ 0xbf, 0xe0, 0x27, 0xce, 0xb9, 0x23, 0xd9, 0xac } }
class nsINetworkInterceptController;
class nsCSPContext : public nsIContentSecurityPolicy
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICONTENTSECURITYPOLICY
NS_DECL_NSISERIALIZABLE
protected:
virtual ~nsCSPContext();
public:
nsCSPContext();
nsresult SendReports(nsISupports* aBlockedContentSource,
nsIURI* aOriginalURI,
nsAString& aViolatedDirective,
uint32_t aViolatedPolicyIndex,
nsAString& aSourceFile,
nsAString& aScriptSample,
uint32_t aLineNum);
nsresult AsyncReportViolation(nsISupports* aBlockedContentSource,
nsIURI* aOriginalURI,
const nsAString& aViolatedDirective,
uint32_t aViolatedPolicyIndex,
const nsAString& aObserverSubject,
const nsAString& aSourceFile,
const nsAString& aScriptSample,
uint32_t aLineNum);
private:
NS_IMETHODIMP getAllowsInternal(nsContentPolicyType aContentType,
enum CSPKeyword aKeyword,
const nsAString& aNonceOrContent,
bool* outShouldReportViolations,
bool* outIsAllowed) const;
bool permitsInternal(CSPDirective aDir,
nsIURI* aContentLocation,
nsIURI* aOriginalURI,
const nsAString& aNonce,
bool aWasRedirected,
bool aIsPreload,
bool aSpecific,
bool aSendViolationReports,
bool aSendContentLocationInViolationReports);
nsCOMPtr<nsIURI> mReferrer;
uint64_t mInnerWindowID; // used for web console logging
nsTArray<nsCSPPolicy*> mPolicies;
nsCOMPtr<nsIURI> mSelfURI;
nsDataHashtable<nsCStringHashKey, int16_t> mShouldLoadCache;
nsCOMPtr<nsILoadGroup> mCallingChannelLoadGroup;
nsWeakPtr mLoadingContext;
};
// Class that listens to violation report transmission and logs errors.
class CSPViolationReportListener : public nsIStreamListener
{
public:
NS_DECL_NSISTREAMLISTENER
NS_DECL_NSIREQUESTOBSERVER
NS_DECL_ISUPPORTS
public:
CSPViolationReportListener();
protected:
virtual ~CSPViolationReportListener();
};
// The POST of the violation report (if it happens) should not follow
// redirects, per the spec. hence, we implement an nsIChannelEventSink
// with an object so we can tell XHR to abort if a redirect happens.
class CSPReportRedirectSink final : public nsIChannelEventSink,
public nsIInterfaceRequestor
{
public:
NS_DECL_NSICHANNELEVENTSINK
NS_DECL_NSIINTERFACEREQUESTOR
NS_DECL_ISUPPORTS
public:
CSPReportRedirectSink();
void SetInterceptController(nsINetworkInterceptController* aInterceptController);
protected:
virtual ~CSPReportRedirectSink();
private:
nsCOMPtr<nsINetworkInterceptController> mInterceptController;
};
#endif /* nsCSPContext_h___ */
Reference in New Issue View Git Blame Copy Permalink