30797d4da8
backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins
...
Potential attack: session supercookie.
[Moz Notes](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c5 ):
"The problem is that for unknown header names we store the first one we see and then later we case-insensitively match against that name *globally*. That means you can track if a user agent has already seen a certain header name used (by using a different casing and observing whether it gets normalized). This would allow you to see if a user has used a sensitive service that uses custom header names, or allows you to track a user across sites, by teaching the browser about a certain header case once and then observing if different casings get normalized to that.
What we should do instead is only store the casing for a header name for each header list and not globally. That way it only leaks where it's expected (and necessary) to leak."
[Moz fix note](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c8 ):
"nsHttpAtom now holds the old nsHttpAtom and a string that is case sensitive (only for not standard headers).
So nsHttpAtom holds a pointer to a header name. (header names are store on a static structure). This is how it used to be. I left that part the same but added a nsCString which holds a string that was used to resoled the header name. So when we parse headers we call ResolveHeader with a char*. If it is a new header name the char* will be stored in a HttpHeapAtom, nsHttpAtom::_val will point to HttpHeapAtom::value and the same strings will be stored in mLocalCaseSensitiveHeader. For the first resolve request they will be the same but for the following maybe not. At the end this nsHttpAtom will be stored in nsHttpHeaderArray. For all operation we will used the old char* except when we are returning it to a script using VisitHeaders."
2019-02-16 00:14:28 +08:00
b2aa38c719
DevTools - display newlines in some console messages
...
Issue #614
2019-02-16 00:08:08 +08:00
e5a253a7b0
Fix typos in comments - memory.properties
2019-02-16 00:07:59 +08:00
e5c896ce20
Fix typo in a comment - performance.dtd
2019-02-16 00:06:42 +08:00
36b1662a58
Fix typos in comments - animationinspector.properties
2019-02-16 00:06:15 +08:00
10487d6802
Use MOZ_AUSTRALIS to define common shared Australis features
2019-02-16 00:06:04 +08:00
0b79a22f0e
Replace Firefox with "the browser" in webide.properties.
2019-02-16 00:04:52 +08:00
5c9e19b2cc
Add extra Firefox -> browser changes in webide.properties
2019-02-16 00:03:34 +08:00
8bc34e125d
Correct the browser and platform names in devtools\client
2019-02-16 00:03:32 +08:00
d180a351b0
Added Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD to next files
2019-02-16 00:03:28 +08:00
7e72997490
Fix typos in comments - scratchpad.properties
2019-02-16 00:03:07 +08:00
867cbe5252
Remove Social API.
2019-02-15 23:59:43 +08:00
d4ac94cf3e
Remove support and tests for HSTS priming from the tree. Fixes #384
2019-02-15 23:59:39 +08:00
aa52f6bd53
Revert "Remove the Social API"
2019-02-15 23:58:52 +08:00
44dc9ecd8e
Remove the Social API
2019-02-15 23:58:48 +08:00
ebb869264d
Don't linkify data: or javascript: URLs in the web console.
2019-02-15 23:57:45 +08:00
14cceb8708
[follow up] DevTools - fix a comment in webConsole.dtd (Web Console and Browser Console - not in the context menu)
...
Issue #102 and #337
2019-02-15 23:56:41 +08:00
d5a58699de
DevTools - fix a comment in webConsole.dtd (Web Console and Browser Console)
...
Issue #102
2019-02-15 23:56:40 +08:00
30e2f6345d
[regression] DevTools - Web and Browser console - Added "Log request and response bodies" preference
...
Issue #102
2019-02-15 23:56:38 +08:00
745e1809b0
moebius#231: Consider blocking top level window data: URIs (tests)
...
https://github.com/MoonchildProductions/moebius/pull/231
2019-02-15 23:56:35 +08:00
9ab20590c6
Building with "--enable-debug" - fix some warnings
...
https://github.com/MoonchildProductions/moebius/pull/146
https://github.com/MoonchildProductions/Pale-Moon/pull/1400
2019-02-15 23:55:29 +08:00
dee826b7ee
Bug 1329032 - Extend loadURIWithOptions by a triggeringPrincipal (without an hard e10s)
2019-02-15 23:54:30 +08:00
ff4c810e26
[DevTools] Storage - style clean up - a check of the variable to see if it exists (an empty line)
...
Issue #102
2019-02-15 23:53:03 +08:00
ae2fd72616
[DevTools] Storage - style clean up - a check of the variable to see if it exists
...
Issue #102
2019-02-15 23:53:01 +08:00
b1dccb759a
[DevTools] Storage inspector throws an error when use arrow keys
...
Issue #102
2019-02-15 23:52:58 +08:00
37c73e0634
moebius#56: Fix: DataTransfer - Pasting image from clipboard fails in some cases
...
https://github.com/MoonchildProductions/moebius/pull/56
2019-02-15 23:48:56 +08:00
568b0dd9e5
[DevTools] Fix warnings: "Property contained reference to invalid variable"
...
Issue #121
2019-02-15 23:48:51 +08:00
83b729c6a1
[PALEMOON] [DevTools] Added support of the appmenu for DevTools menuitems (follow up)
...
Issue #96
Issue #102
2019-02-15 23:42:43 +08:00
c166a0abd4
[PALEMOON] [DevTools] Added support of the appmenu for DevTools menuitems (follow up)
...
Issue #96
Issue #102
2019-02-15 23:41:46 +08:00
f0d4b2476b
[DEVTOOLS] Resolve issues with dynamically created devtools menu items vs hardcoded vs overlay
...
Follow up to 1a36001
2019-02-15 23:41:45 +08:00
dee9b7b41d
Style clean up
2019-02-15 23:41:42 +08:00
e5b9c090ba
Use preprocessing instead of AppConstants.jsm
2019-02-15 23:41:40 +08:00
1661445308
CustomizableUI.jsm can't be used for Pale Moon - setting conditions
...
Issue #97
2019-02-15 23:41:39 +08:00
e5c504fca6
Added support of the appmenu for DevTools menuitems (optional)
...
Issue #96
2019-02-15 23:41:23 +08:00
93944a63e9
Remove unused variables (DevTools) in browser.js
...
Issue #95
2019-02-15 23:41:21 +08:00
01247d33ff
Fix some comment in devtools-browser.js
2019-02-15 23:41:20 +08:00
c9cb57f881
Removing the unused variable
2019-02-15 23:40:30 +08:00
359afc3ad5
Part 5: Update devtools to follow displayName change
...
Issue #87
2019-02-15 23:38:50 +08:00
0e7a16c088
Bug 755821: Function() should use the parser's argument parsing code
2019-02-15 23:38:10 +08:00
af7e635176
Bug 1442127 - Allow function call times to occur at the same time in browser_profiling-canvas.js for ESR branch. r=baku, a=test-only
...
MozReview-Commit-ID: Fev1JqBwJYO
--HG--
extra : transplant_source : %ADG%83%28%3B%94f%98%EAO%80%08%8A%DFs%D4%24C9%A8
extra : histedit_source : 4859a7fdd7b324e0c0231feb4e13437f836bdb9c
2019-02-15 23:37:31 +08:00
5149d56104
JS - Object - "TypeError: setting a property that has only a getter" without mentioning file and property name
2019-02-15 23:36:24 +08:00
b8bbffacbe
DOMContentLoaded and load does not work properly if "devtools.webconsole.persistlog == true" - is getting higher
...
Issue #52
2019-02-15 23:36:00 +08:00
da48941d63
Added a button to refresh the Storage Inspector display
...
Issue #45
2019-02-15 23:35:37 +08:00
d0c4a6bdf1
Copy as cURL (PATCH)
...
Issue #44
2019-02-15 23:35:35 +08:00
2786ef0259
[minor fix] DevTools - inspector.properties (fix typo)
2019-02-15 23:35:34 +08:00
1c0e05bca2
moebius#346: Storage Inspector should trim port from hosts for cookies
...
Issue #31
https://github.com/MoonchildProductions/moebius/pull/346
2019-02-15 23:35:32 +08:00
b95939dd3c
Bug 1302989: Make storage inspector work with file:// when # is in the URL
...
Issue #31
2019-02-15 23:35:31 +08:00
49ceae702e
Remove testing-only UI components for e10s
...
This removes front-end tools only applicable for testing e10s (open non-e10s window, etc.)
This resolves #37
2019-02-15 23:35:22 +08:00
ed8a17ae7d
moebius#93: DevTools: Network - DOMContentLoaded and load
...
Issue #31
Improvements: #34
https://github.com/MoonchildProductions/moebius/pull/93
2019-02-15 23:35:20 +08:00
558c645ef6
moebius#350: Don't display storage-sidebar after deleting all cookies
...
Issue #31
https://github.com/MoonchildProductions/moebius/pull/350
2019-02-15 23:35:19 +08:00
Gaming4JC
janekptacijarabaci
NTD
JustOff
Ascrod
Moonchild
Tom Ritter