roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 23:35:18 +00:00
Code Issues Projects Releases Wiki Activity
Files
fd2bb43e4b2a88b099ca6fc29a3e6bb96fb54704
palemoon27/caps/nsScriptSecurityManager.h
T
roytam1 2b832c18de import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1165162 - Rework the nsIScriptSecurityManager principal-minting API to be originAttributes-centric. r=gabor,r=bholley,sr=sicking (269536132)
- pointer style and mispatch (38b32b3bc)
- more misspatch & pointer style (ff2bc3057)
- Bug 1164014 - Fixing defaultShims. r=billm (bcf7f671a)
- Bug 1164014 - Workaround for GC bug 1172193. r=gkrizsanits (b25cf4dea)
- Bug 1158427 - r=roc (64037cb2c)
- Bug 1157994 - Ensure AudioContext operations are started and resolved in the same order. r=roc (757de0f81)
- Bug 1127188 - Properly handle AudioContext.close() calls right after the creation of an AudioContext. r=ehsan (88362873f)
- Bug 1164011 - interposition for CPOWS. r=billm (24a8134f6)
- Bug 1164014 - Shim optimization. r=billm (9a8498684)
- Bug 1178581 - Interning does not and should not imply infinite lifetime; r=sfink (91dfc5b77)
- Bug 1171053 - Remove JS_BindCallable. r=efaust (2e59b8c62)
- Bug 1174372 - Initialize ExecutableAllocator static fields in JS_Init. r=luke (d02620196)
- missing uid of 968334 (3c73a17db)
- missing uuid of 1152577 (13d58364c)
- add missing uuid of 1050500 (16c61b629)
- Bug 110567 - Remove nsIDocShell::GetURLSearchParams(), r=smaug (5018a0936)
- Bug 1132518, add a flag to nsIFrameTraversal to skip the popup checks, r=mats (8482fd8fd)
- Bug 1132518, make document navigation with F6/Shift+F6 work in e10s. This combines the document and tab navigation mechanisms together, r=smaug (2085e999b)
- Bug 1160307 - Capture async stack frames on Javascript timeline markers. r=fitzgen, r=smaug, r=Paolo (95c3e6b95)
2021-02-13 10:20:05 +08:00

144 lines
3.8 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=4 et sw=4 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsCOMPtr.h"
#include "nsIChannelEventSink.h"
#include "nsIObserver.h"
#include "plstr.h"
#include "js/TypeDecls.h"
#include <stdint.h>
class nsCString;
class nsIIOService;
class nsIStringBundle;
class nsSystemPrincipal;
namespace mozilla {
class OriginAttributes;
}
/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
#define NS_SCRIPTSECURITYMANAGER_CID \
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsScriptSecurityManager final : public nsIScriptSecurityManager,
public nsIChannelEventSink,
public nsIObserver
{
public:
static void Shutdown();
NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISCRIPTSECURITYMANAGER
NS_DECL_NSICHANNELEVENTSINK
NS_DECL_NSIOBSERVER
static nsScriptSecurityManager*
GetScriptSecurityManager();
// Invoked exactly once, by XPConnect.
static void InitStatics();
static nsSystemPrincipal*
SystemPrincipalSingletonConstructor();
JSContext* GetCurrentJSContext();
JSContext* GetSafeJSContext();
/**
* Utility method for comparing two URIs. For security purposes, two URIs
* are equivalent if their schemes, hosts, and ports (if any) match. This
* method returns true if aSubjectURI and aObjectURI have the same origin,
* false otherwise.
*/
static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
static uint32_t SecurityHashURI(nsIURI* aURI);
static uint16_t AppStatusForPrincipal(nsIPrincipal *aPrin);
static nsresult
ReportError(JSContext* cx, const nsAString& messageTag,
nsIURI* aSource, nsIURI* aTarget);
static uint32_t
HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
static bool
GetStrictFileOriginPolicy()
{
return sStrictFileOriginPolicy;
}
void DeactivateDomainPolicy();
private:
// GetScriptSecurityManager is the only call that can make one
nsScriptSecurityManager();
virtual ~nsScriptSecurityManager();
// Decides, based on CSP, whether or not eval() and stuff can be executed.
static bool
ContentSecurityPolicyPermitsJSAction(JSContext *cx);
static bool
JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);
// Returns null if a principal cannot be found; generally callers
// should error out at that point.
static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);
nsresult
Init();
nsresult
InitPrefs();
inline void
ScriptSecurityPrefChanged();
inline void
AddSitesToFileURIWhitelist(const nsCString& aSiteList);
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
bool mPrefInitialized;
bool mIsJavaScriptEnabled;
nsTArray<nsCOMPtr<nsIURI>> mFileURIWhitelist;
// This machinery controls new-style domain policies. The old-style
// policy machinery will be removed soon.
nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
static bool sStrictFileOriginPolicy;
static nsIIOService *sIOService;
static nsIStringBundle *sStrBundle;
static JSRuntime *sRuntime;
};
namespace mozilla {
void
GetJarPrefix(uint32_t aAppid,
bool aInMozBrowser,
nsACString& aJarPrefix);
} // namespace mozilla
#endif // nsScriptSecurityManager_h__
Reference in New Issue View Git Blame Copy Permalink