[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.0-1] 8 commits: Bug 1738426 - Ignoring status 206 and vary header checking for opaque response...



Title: GitLab

richard pushed to branch tor-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

  • 2abd55fd
    by Eden Chuang at 2023-10-21T19:53:08+02:00
    Bug 1738426 - Ignoring status 206 and vary header checking for opaque response in Cache API. r=asuth
    
    Differential Revision: https://phabricator.services.mozilla.com/D186431
  • 9935a5d2
    by edgul at 2023-10-21T20:19:27+02:00
    Bug 1802057 - Block the following characters from use in the cookie name in the cookie string: 0x3B (semi-colon), 0x3D (equals), and 0x7F (del) r=dveditz,cookie-reviewers
    
    Differential Revision: https://phabricator.services.mozilla.com/D182373
    
  • 17f51380
    by Kelsey Gilbert at 2023-10-21T20:26:18+02:00
    Bug 1819497 - Don't race on static bool for initialization. r=gfx-reviewers,aosmond
    
    We could do non-racy static init here (e.g. with a static initializer
    self-calling-closure), but there doesn't seem to be a strong reason for
    this. Let's just use a switch and get robustness from -Werror=switch.
    
    Differential Revision: https://phabricator.services.mozilla.com/D188054
  • 220260c4
    by Mark Banner at 2023-10-21T20:56:11+02:00
    Bug 1845752. r=ckerschb
    
    Differential Revision: https://phabricator.services.mozilla.com/D186676
  • 12d376c9
    by Bob Owen at 2023-10-21T21:02:12+02:00
    Bug 1850072: Initialize RecordedDrawTargetCreation::mHasExistingData. r=jrmuizel
    
    This also specializes ElementStreamFormat for bool.
    
    Differential Revision: https://phabricator.services.mozilla.com/D187794
  • 2488f011
    by Malte Juergens at 2023-10-21T21:24:39+02:00
    Bug 1850200 - Add delay to HTTPS-Only "Continue to HTTPS Site" button r=freddyb
    
    Differential Revision: https://phabricator.services.mozilla.com/D187887
  • 523a7efe
    by Andreas Pehrson at 2023-10-21T21:42:20+02:00
    Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt
    
    Similar to MediaTrack::mDisabledMode, but this is for uses on the
    SourceMediaTrack producer thread. It is still signaled via a control message
    from the control thread to maintain order of operations, and is protected by the
    SourceMediaTrack mutex.
    
    Differential Revision: https://phabricator.services.mozilla.com/D187554
  • c932accf
    by richard at 2023-10-23T11:42:18+00:00
    Merge branch 'bug42191-confidential-issue' into 'tor-browser-115.4.0esr-13.0-1'
    
    Bug 42191: backports from 119 to esr115
    
    See merge request ma1/tor-browser-confidential!4

18 changed files:

Changes:

  • dom/cache/TypeUtils.cpp
    ... ... @@ -184,7 +184,7 @@ void TypeUtils::ToCacheResponseWithoutBody(CacheResponse& aOut,
    184 184
       aOut.statusText() = aIn.GetUnfilteredStatusText();
    
    185 185
       RefPtr<InternalHeaders> headers = aIn.UnfilteredHeaders();
    
    186 186
       MOZ_DIAGNOSTIC_ASSERT(headers);
    
    187
    -  if (HasVaryStar(headers)) {
    
    187
    +  if (aIn.Type() != ResponseType::Opaque && HasVaryStar(headers)) {
    
    188 188
         aRv.ThrowTypeError("Invalid Response object with a 'Vary: *' header.");
    
    189 189
         return;
    
    190 190
       }
    

  • dom/canvas/WebGLContextExtensions.cpp
    ... ... @@ -17,15 +17,10 @@
    17 17
     namespace mozilla {
    
    18 18
     
    
    19 19
     const char* GetExtensionName(const WebGLExtensionID ext) {
    
    20
    -  static EnumeratedArray<WebGLExtensionID, WebGLExtensionID::Max, const char*>
    
    21
    -      sExtensionNamesEnumeratedArray;
    
    22
    -  static bool initialized = false;
    
    23
    -
    
    24
    -  if (!initialized) {
    
    25
    -    initialized = true;
    
    26
    -
    
    20
    +  switch (ext) {
    
    27 21
     #define WEBGL_EXTENSION_IDENTIFIER(x) \
    
    28
    -  sExtensionNamesEnumeratedArray[WebGLExtensionID::x] = #x;
    
    22
    +  case WebGLExtensionID::x:           \
    
    23
    +    return #x;
    
    29 24
     
    
    30 25
         WEBGL_EXTENSION_IDENTIFIER(ANGLE_instanced_arrays)
    
    31 26
         WEBGL_EXTENSION_IDENTIFIER(EXT_blend_minmax)
    
    ... ... @@ -67,9 +62,11 @@ const char* GetExtensionName(const WebGLExtensionID ext) {
    67 62
         WEBGL_EXTENSION_IDENTIFIER(WEBGL_provoking_vertex)
    
    68 63
     
    
    69 64
     #undef WEBGL_EXTENSION_IDENTIFIER
    
    70
    -  }
    
    71 65
     
    
    72
    -  return sExtensionNamesEnumeratedArray[ext];
    
    66
    +    case WebGLExtensionID::Max:
    
    67
    +      break;
    
    68
    +  }
    
    69
    +  MOZ_CRASH("bad WebGLExtensionID");
    
    73 70
     }
    
    74 71
     
    
    75 72
     // ----------------------------
    

  • dom/media/MediaTrackGraph.cpp
    ... ... @@ -145,6 +145,27 @@ class GraphKey final {
    145 145
     nsTHashMap<nsGenericHashKey<GraphKey>, MediaTrackGraphImpl*> gGraphs;
    
    146 146
     }  // anonymous namespace
    
    147 147
     
    
    148
    +static void ApplyTrackDisabling(DisabledTrackMode aDisabledMode,
    
    149
    +                                MediaSegment* aSegment,
    
    150
    +                                MediaSegment* aRawSegment) {
    
    151
    +  if (aDisabledMode == DisabledTrackMode::ENABLED) {
    
    152
    +    return;
    
    153
    +  }
    
    154
    +  if (aDisabledMode == DisabledTrackMode::SILENCE_BLACK) {
    
    155
    +    aSegment->ReplaceWithDisabled();
    
    156
    +    if (aRawSegment) {
    
    157
    +      aRawSegment->ReplaceWithDisabled();
    
    158
    +    }
    
    159
    +  } else if (aDisabledMode == DisabledTrackMode::SILENCE_FREEZE) {
    
    160
    +    aSegment->ReplaceWithNull();
    
    161
    +    if (aRawSegment) {
    
    162
    +      aRawSegment->ReplaceWithNull();
    
    163
    +    }
    
    164
    +  } else {
    
    165
    +    MOZ_CRASH("Unsupported mode");
    
    166
    +  }
    
    167
    +}
    
    168
    +
    
    148 169
     MediaTrackGraphImpl::~MediaTrackGraphImpl() {
    
    149 170
       MOZ_ASSERT(mTracks.IsEmpty() && mSuspendedTracks.IsEmpty(),
    
    150 171
                  "All tracks should have been destroyed by messages from the main "
    
    ... ... @@ -2421,6 +2442,7 @@ RefPtr<GenericPromise> MediaTrack::RemoveListener(
    2421 2442
     
    
    2422 2443
     void MediaTrack::AddDirectListenerImpl(
    
    2423 2444
         already_AddRefed<DirectMediaTrackListener> aListener) {
    
    2445
    +  MOZ_ASSERT(mGraph->OnGraphThread());
    
    2424 2446
       // Base implementation, for tracks that don't support direct track listeners.
    
    2425 2447
       RefPtr<DirectMediaTrackListener> listener = aListener;
    
    2426 2448
       listener->NotifyDirectListenerInstalled(
    
    ... ... @@ -2503,6 +2525,7 @@ void MediaTrack::RunAfterPendingUpdates(
    2503 2525
     }
    
    2504 2526
     
    
    2505 2527
     void MediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) {
    
    2528
    +  MOZ_ASSERT(mGraph->OnGraphThread());
    
    2506 2529
       MOZ_DIAGNOSTIC_ASSERT(
    
    2507 2530
           aMode == DisabledTrackMode::ENABLED ||
    
    2508 2531
               mDisabledMode == DisabledTrackMode::ENABLED,
    
    ... ... @@ -2531,22 +2554,8 @@ void MediaTrack::SetDisabledTrackMode(DisabledTrackMode aMode) {
    2531 2554
     
    
    2532 2555
     void MediaTrack::ApplyTrackDisabling(MediaSegment* aSegment,
    
    2533 2556
                                          MediaSegment* aRawSegment) {
    
    2534
    -  if (mDisabledMode == DisabledTrackMode::ENABLED) {
    
    2535
    -    return;
    
    2536
    -  }
    
    2537
    -  if (mDisabledMode == DisabledTrackMode::SILENCE_BLACK) {
    
    2538
    -    aSegment->ReplaceWithDisabled();
    
    2539
    -    if (aRawSegment) {
    
    2540
    -      aRawSegment->ReplaceWithDisabled();
    
    2541
    -    }
    
    2542
    -  } else if (mDisabledMode == DisabledTrackMode::SILENCE_FREEZE) {
    
    2543
    -    aSegment->ReplaceWithNull();
    
    2544
    -    if (aRawSegment) {
    
    2545
    -      aRawSegment->ReplaceWithNull();
    
    2546
    -    }
    
    2547
    -  } else {
    
    2548
    -    MOZ_CRASH("Unsupported mode");
    
    2549
    -  }
    
    2557
    +  MOZ_ASSERT(mGraph->OnGraphThread());
    
    2558
    +  mozilla::ApplyTrackDisabling(mDisabledMode, aSegment, aRawSegment);
    
    2550 2559
     }
    
    2551 2560
     
    
    2552 2561
     void MediaTrack::AddMainThreadListener(
    
    ... ... @@ -2866,7 +2875,7 @@ TrackTime SourceMediaTrack::AppendData(MediaSegment* aSegment,
    2866 2875
     
    
    2867 2876
       // Apply track disabling before notifying any consumers directly
    
    2868 2877
       // or inserting into the graph
    
    2869
    -  ApplyTrackDisabling(aSegment, aRawSegment);
    
    2878
    +  mozilla::ApplyTrackDisabling(mDirectDisabledMode, aSegment, aRawSegment);
    
    2870 2879
     
    
    2871 2880
       ResampleAudioToGraphSampleRate(aSegment);
    
    2872 2881
     
    
    ... ... @@ -2910,6 +2919,7 @@ void SourceMediaTrack::NotifyDirectConsumers(MediaSegment* aSegment) {
    2910 2919
     
    
    2911 2920
     void SourceMediaTrack::AddDirectListenerImpl(
    
    2912 2921
         already_AddRefed<DirectMediaTrackListener> aListener) {
    
    2922
    +  MOZ_ASSERT(mGraph->OnGraphThread());
    
    2913 2923
       MutexAutoLock lock(mMutex);
    
    2914 2924
     
    
    2915 2925
       RefPtr<DirectMediaTrackListener> listener = aListener;
    
    ... ... @@ -2979,6 +2989,7 @@ void SourceMediaTrack::AddDirectListenerImpl(
    2979 2989
     
    
    2980 2990
     void SourceMediaTrack::RemoveDirectListenerImpl(
    
    2981 2991
         DirectMediaTrackListener* aListener) {
    
    2992
    +  mGraph->AssertOnGraphThreadOrNotRunning();
    
    2982 2993
       MutexAutoLock lock(mMutex);
    
    2983 2994
       for (int32_t i = mDirectTrackListeners.Length() - 1; i >= 0; --i) {
    
    2984 2995
         const RefPtr<DirectMediaTrackListener>& l = mDirectTrackListeners[i];
    
    ... ... @@ -3008,17 +3019,20 @@ void SourceMediaTrack::End() {
    3008 3019
     }
    
    3009 3020
     
    
    3010 3021
     void SourceMediaTrack::SetDisabledTrackModeImpl(DisabledTrackMode aMode) {
    
    3022
    +  MOZ_ASSERT(mGraph->OnGraphThread());
    
    3011 3023
       {
    
    3012 3024
         MutexAutoLock lock(mMutex);
    
    3025
    +    const DisabledTrackMode oldMode = mDirectDisabledMode;
    
    3026
    +    const bool oldEnabled = oldMode == DisabledTrackMode::ENABLED;
    
    3027
    +    const bool enabled = aMode == DisabledTrackMode::ENABLED;
    
    3028
    +    mDirectDisabledMode = aMode;
    
    3013 3029
         for (const auto& l : mDirectTrackListeners) {
    
    3014
    -      DisabledTrackMode oldMode = mDisabledMode;
    
    3015
    -      bool oldEnabled = oldMode == DisabledTrackMode::ENABLED;
    
    3016
    -      if (!oldEnabled && aMode == DisabledTrackMode::ENABLED) {
    
    3030
    +      if (!oldEnabled && enabled) {
    
    3017 3031
             LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting "
    
    3018 3032
                                   "direct listener enabled",
    
    3019 3033
                                   GraphImpl(), this));
    
    3020 3034
             l->DecreaseDisabled(oldMode);
    
    3021
    -      } else if (oldEnabled && aMode != DisabledTrackMode::ENABLED) {
    
    3035
    +      } else if (oldEnabled && !enabled) {
    
    3022 3036
             LOG(LogLevel::Debug, ("%p: SourceMediaTrack %p setting "
    
    3023 3037
                                   "direct listener disabled",
    
    3024 3038
                                   GraphImpl(), this));
    

  • dom/media/MediaTrackGraph.h
    ... ... @@ -652,18 +652,8 @@ class SourceMediaTrack : public MediaTrack {
    652 652
        */
    
    653 653
       void End();
    
    654 654
     
    
    655
    -  // Overriding allows us to hold the mMutex lock while changing the track
    
    656
    -  // enable status
    
    657 655
       void SetDisabledTrackModeImpl(DisabledTrackMode aMode) override;
    
    658 656
     
    
    659
    -  // Overriding allows us to ensure mMutex is locked while changing the track
    
    660
    -  // enable status
    
    661
    -  void ApplyTrackDisabling(MediaSegment* aSegment,
    
    662
    -                           MediaSegment* aRawSegment = nullptr) override {
    
    663
    -    mMutex.AssertCurrentThreadOwns();
    
    664
    -    MediaTrack::ApplyTrackDisabling(aSegment, aRawSegment);
    
    665
    -  }
    
    666
    -
    
    667 657
       uint32_t NumberOfChannels() const override;
    
    668 658
     
    
    669 659
       void RemoveAllDirectListenersImpl() override;
    
    ... ... @@ -742,6 +732,11 @@ class SourceMediaTrack : public MediaTrack {
    742 732
       // protected by mMutex
    
    743 733
       float mVolume MOZ_GUARDED_BY(mMutex) = 1.0;
    
    744 734
       UniquePtr<TrackData> mUpdateTrack MOZ_GUARDED_BY(mMutex);
    
    735
    +  // This track's associated disabled mode for uses on the producing thread.
    
    736
    +  // It can either by disabled by frames being replaced by black, or by
    
    737
    +  // retaining the previous frame.
    
    738
    +  DisabledTrackMode mDirectDisabledMode MOZ_GUARDED_BY(mMutex) =
    
    739
    +      DisabledTrackMode::ENABLED;
    
    745 740
       nsTArray<RefPtr<DirectMediaTrackListener>> mDirectTrackListeners
    
    746 741
           MOZ_GUARDED_BY(mMutex);
    
    747 742
     };
    

  • gfx/2d/RecordedEventImpl.h
    ... ... @@ -65,7 +65,7 @@ class RecordedDrawTargetCreation
    65 65
       BackendType mBackendType;
    
    66 66
       IntRect mRect;
    
    67 67
       SurfaceFormat mFormat;
    
    68
    -  bool mHasExistingData;
    
    68
    +  bool mHasExistingData = false;
    
    69 69
       RefPtr<SourceSurface> mExistingData;
    
    70 70
     
    
    71 71
      private:
    

  • gfx/2d/RecordingTypes.h
    ... ... @@ -24,6 +24,28 @@ struct ElementStreamFormat {
    24 24
         aStream.read(reinterpret_cast<char*>(&aElement), sizeof(T));
    
    25 25
       }
    
    26 26
     };
    
    27
    +template <class S>
    
    28
    +struct ElementStreamFormat<S, bool> {
    
    29
    +  static void Write(S& aStream, const bool& aElement) {
    
    30
    +    char boolChar = aElement ? '\x01' : '\x00';
    
    31
    +    aStream.write(&boolChar, sizeof(boolChar));
    
    32
    +  }
    
    33
    +  static void Read(S& aStream, bool& aElement) {
    
    34
    +    char boolChar;
    
    35
    +    aStream.read(&boolChar, sizeof(boolChar));
    
    36
    +    switch (boolChar) {
    
    37
    +      case '\x00':
    
    38
    +        aElement = false;
    
    39
    +        break;
    
    40
    +      case '\x01':
    
    41
    +        aElement = true;
    
    42
    +        break;
    
    43
    +      default:
    
    44
    +        aStream.SetIsBad();
    
    45
    +        break;
    
    46
    +    }
    
    47
    +  }
    
    48
    +};
    
    27 49
     
    
    28 50
     template <class S, class T>
    
    29 51
     void WriteElement(S& aStream, const T& aElement) {
    

  • netwerk/cookie/CookieCommons.cpp
    ... ... @@ -200,9 +200,9 @@ bool CookieCommons::CheckNameAndValueSize(const CookieStruct& aCookieData) {
    200 200
     
    
    201 201
     bool CookieCommons::CheckName(const CookieStruct& aCookieData) {
    
    202 202
       const char illegalNameCharacters[] = {
    
    203
    -      0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
    
    204
    -      0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
    
    205
    -      0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00};
    
    203
    +      0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
    
    204
    +      0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
    
    205
    +      0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x3B, 0x3D, 0x7F, 0x00};
    
    206 206
     
    
    207 207
       const auto* start = aCookieData.name().BeginReading();
    
    208 208
       const auto* end = aCookieData.name().EndReading();
    

  • testing/web-platform/meta/cookies/name/name-ctl.html.ini
    ... ... @@ -11,36 +11,6 @@
    11 11
       [Cookie with %xd in name is rejected (DOM).]
    
    12 12
         expected: FAIL
    
    13 13
     
    
    14
    -  [Cookie with %x7f in name is rejected (DOM).]
    
    15
    -    expected: FAIL
    
    16
    -
    
    17
    -  [Cookie with %x0 in name is rejected or modified (HTTP).]
    
    18
    -    expected: FAIL
    
    19
    -
    
    20
    -  [Cookie with %x1 in name is rejected (HTTP).]
    
    21
    -    expected: FAIL
    
    22
    -
    
    23
    -  [Cookie with %x2 in name is rejected (HTTP).]
    
    24
    -    expected: FAIL
    
    25
    -
    
    26
    -  [Cookie with %x3 in name is rejected (HTTP).]
    
    27
    -    expected: FAIL
    
    28
    -
    
    29
    -  [Cookie with %x4 in name is rejected (HTTP).]
    
    30
    -    expected: FAIL
    
    31
    -
    
    32
    -  [Cookie with %x5 in name is rejected (HTTP).]
    
    33
    -    expected: FAIL
    
    34
    -
    
    35
    -  [Cookie with %x6 in name is rejected (HTTP).]
    
    36
    -    expected: FAIL
    
    37
    -
    
    38
    -  [Cookie with %x7 in name is rejected (HTTP).]
    
    39
    -    expected: FAIL
    
    40
    -
    
    41
    -  [Cookie with %x8 in name is rejected (HTTP).]
    
    42
    -    expected: FAIL
    
    43
    -
    
    44 14
       [Cookie with %x9 in name is accepted (HTTP).]
    
    45 15
         expected: FAIL
    
    46 16
     
    

  • testing/web-platform/meta/service-workers/cache-storage/cache-put.https.any.js.ini deleted
    1
    -[cache-put.https.any.serviceworker.html]
    
    2
    -  expected:
    
    3
    -    if (os == "android") and fission: [OK, TIMEOUT]
    
    4
    -  [Cache.put with a VARY:* opaque response should not reject]
    
    5
    -    expected: FAIL
    
    6
    -
    
    7
    -
    
    8
    -[cache-put.https.any.sharedworker.html]
    
    9
    -  expected:
    
    10
    -    if (os == "android") and fission: [OK, TIMEOUT]
    
    11
    -  [Cache.put with a VARY:* opaque response should not reject]
    
    12
    -    expected: FAIL
    
    13
    -
    
    14
    -
    
    15
    -[cache-put.https.any.html]
    
    16
    -  expected:
    
    17
    -    if (os == "android") and fission: [OK, TIMEOUT]
    
    18
    -  [Cache.put with a VARY:* opaque response should not reject]
    
    19
    -    expected: FAIL
    
    20
    -
    
    21
    -
    
    22
    -[cache-put.https.any.worker.html]
    
    23
    -  expected:
    
    24
    -    if (os == "android") and fission: [OK, TIMEOUT]
    
    25
    -  [Cache.put with a VARY:* opaque response should not reject]
    
    26
    -    expected: FAIL

  • toolkit/components/httpsonlyerror/content/errorpage.html
    ... ... @@ -67,6 +67,7 @@
    67 67
             <button
    
    68 68
               id="openInsecure"
    
    69 69
               data-l10n-id="about-httpsonly-button-continue-to-site"
    
    70
    +          inert
    
    70 71
             ></button>
    
    71 72
           </div>
    
    72 73
           <div class="suggestion-box" hidden>
    

  • toolkit/components/httpsonlyerror/content/errorpage.js
    ... ... @@ -34,6 +34,11 @@ function initPage() {
    34 34
         .getElementById("openInsecure")
    
    35 35
         .addEventListener("click", onOpenInsecureButtonClick);
    
    36 36
     
    
    37
    +  const delay = RPMGetIntPref("security.dialog_enable_delay", 1000);
    
    38
    +  setTimeout(() => {
    
    39
    +    document.getElementById("openInsecure").removeAttribute("inert");
    
    40
    +  }, delay);
    
    41
    +
    
    37 42
       if (window.top == window) {
    
    38 43
         document
    
    39 44
           .getElementById("goBack")
    

  • toolkit/components/search/OpenSearchEngine.sys.mjs
    ... ... @@ -144,7 +144,12 @@ export class OpenSearchEngine extends SearchEngine {
    144 144
     
    
    145 145
         lazy.logConsole.debug("_install: Downloading engine from:", loadURI.spec);
    
    146 146
     
    
    147
    -    var chan = lazy.SearchUtils.makeChannel(loadURI);
    
    147
    +    var chan = lazy.SearchUtils.makeChannel(
    
    148
    +      loadURI,
    
    149
    +      // OpenSearchEngine is loading a definition file for a search engine,
    
    150
    +      // TYPE_DOCUMENT captures that load best
    
    151
    +      Ci.nsIContentPolicy.TYPE_DOCUMENT
    
    152
    +    );
    
    148 153
     
    
    149 154
         if (this._engineToUpdate && chan instanceof Ci.nsIHttpChannel) {
    
    150 155
           var lastModified = this._engineToUpdate.getAttr("updatelastmodified");
    

  • toolkit/components/search/SearchEngine.sys.mjs
    ... ... @@ -821,7 +821,10 @@ export class SearchEngine {
    821 821
               this._hasPreferredIcon = isPreferred;
    
    822 822
             };
    
    823 823
     
    
    824
    -        let chan = lazy.SearchUtils.makeChannel(uri);
    
    824
    +        let chan = lazy.SearchUtils.makeChannel(
    
    825
    +          uri,
    
    826
    +          Ci.nsIContentPolicy.TYPE_IMAGE
    
    827
    +        );
    
    825 828
             let listener = new lazy.SearchUtils.LoadListener(
    
    826 829
               chan,
    
    827 830
               /^image\//,
    

  • toolkit/components/search/SearchUtils.sys.mjs
    ... ... @@ -248,19 +248,24 @@ export var SearchUtils = {
    248 248
        *
    
    249 249
        * @param {string|nsIURI} url
    
    250 250
        *   The URL string from which to create an nsIChannel.
    
    251
    +   * @param {nsIContentPolicy} contentPolicyType
    
    252
    +   *   The type of document being loaded.
    
    251 253
        * @returns {nsIChannel}
    
    252 254
        *   an nsIChannel object, or null if the url is invalid.
    
    253 255
        */
    
    254
    -  makeChannel(url) {
    
    256
    +  makeChannel(url, contentPolicyType) {
    
    257
    +    if (!contentPolicyType) {
    
    258
    +      throw new Error("makeChannel called with invalid content policy type");
    
    259
    +    }
    
    255 260
         try {
    
    256 261
           let uri = typeof url == "string" ? Services.io.newURI(url) : url;
    
    257 262
           return Services.io.newChannelFromURI(
    
    258 263
             uri,
    
    259 264
             null /* loadingNode */,
    
    260
    -        Services.scriptSecurityManager.getSystemPrincipal(),
    
    265
    +        Services.scriptSecurityManager.createNullPrincipal({}),
    
    261 266
             null /* triggeringPrincipal */,
    
    262 267
             Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
    
    263
    -        Ci.nsIContentPolicy.TYPE_OTHER
    
    268
    +        contentPolicyType
    
    264 269
           );
    
    265 270
         } catch (ex) {}
    
    266 271
     
    

  • toolkit/components/search/tests/xpcshell/data/iconsRedirect.sjs
    ... ... @@ -10,7 +10,7 @@ function handleRequest(request, response) {
    10 10
       response.setStatusLine("1.1", 302, "Moved");
    
    11 11
       if (request.queryString == "type=invalid") {
    
    12 12
         response.setHeader("Content-Type", "image/png", false);
    
    13
    -    response.setHeader("Location", "engine.xml", false);
    
    13
    +    response.setHeader("Location", "/head_search.js", false);
    
    14 14
       } else {
    
    15 15
         response.setHeader("Content-Type", "text/html", false);
    
    16 16
         response.setHeader("Location", "remoteIcon.ico", false);
    

  • toolkit/components/search/tests/xpcshell/test_opensearch_icons_invalid.js
    ... ... @@ -12,9 +12,11 @@ add_task(async function setup() {
    12 12
     });
    
    13 13
     
    
    14 14
     add_task(async function test_installedresourceicon() {
    
    15
    +  // Attempts to load a resource:// url as an icon.
    
    15 16
       let engine1 = await SearchTestUtils.promiseNewSearchEngine({
    
    16 17
         url: `${gDataUrl}opensearch/resourceicon.xml`,
    
    17 18
       });
    
    19
    +  // Attempts to load a chrome:// url as an icon.
    
    18 20
       let engine2 = await SearchTestUtils.promiseNewSearchEngine({
    
    19 21
         url: `${gDataUrl}opensearch/chromeicon.xml`,
    
    20 22
       });
    
    ... ... @@ -32,12 +34,13 @@ add_task(async function test_installedhttpplace() {
    32 34
     
    
    33 35
       // The easiest way to test adding the icon is via a generated xml, otherwise
    
    34 36
       // we have to somehow insert the address of the server into it.
    
    37
    +  // Attempts to load a non-image page into an image icon.
    
    35 38
       let engine = await SearchTestUtils.promiseNewSearchEngine({
    
    36 39
         url:
    
    37 40
           `${gDataUrl}data/engineMaker.sjs?` +
    
    38 41
           JSON.stringify({
    
    39 42
             baseURL: gDataUrl,
    
    40
    -        image: "opensearch/resourceicon.xml",
    
    43
    +        image: "head_search.js",
    
    41 44
             name: "invalidicon",
    
    42 45
             method: "GET",
    
    43 46
           }),
    

  • toolkit/components/search/tests/xpcshell/test_webextensions_install.js
    ... ... @@ -5,6 +5,8 @@
    5 5
     
    
    6 6
     const { promiseShutdownManager, promiseStartupManager } = AddonTestUtils;
    
    7 7
     
    
    8
    +let gBaseUrl;
    
    9
    +
    
    8 10
     async function getEngineNames() {
    
    9 11
       let engines = await Services.search.getEngines();
    
    10 12
       return engines.map(engine => engine._name);
    
    ... ... @@ -13,6 +15,8 @@ async function getEngineNames() {
    13 15
     add_task(async function setup() {
    
    14 16
       let server = useHttpServer();
    
    15 17
       server.registerContentType("sjs", "sjs");
    
    18
    +  gBaseUrl = `http://localhost:${server.identity.primaryPort}/`;
    
    19
    +
    
    16 20
       await SearchTestUtils.useTestEngines("test-extensions");
    
    17 21
       await promiseStartupManager();
    
    18 22
     
    
    ... ... @@ -132,7 +136,7 @@ add_task(async function test_load_favicon_invalid() {
    132 136
       // User installs a new search engine
    
    133 137
       let extension = await SearchTestUtils.installSearchExtension(
    
    134 138
         {
    
    135
    -      favicon_url: `${gDataUrl}engine.xml`,
    
    139
    +      favicon_url: `${gBaseUrl}/head_search.js`,
    
    136 140
         },
    
    137 141
         { skipUnload: true }
    
    138 142
       );
    

  • toolkit/modules/RemotePageAccessManager.sys.mjs
    ... ... @@ -66,6 +66,7 @@ export let RemotePageAccessManager = {
    66 66
         },
    
    67 67
         "about:httpsonlyerror": {
    
    68 68
           RPMGetFormatURLPref: ["app.support.baseURL"],
    
    69
    +      RPMGetIntPref: ["security.dialog_enable_delay"],
    
    69 70
           RPMSendAsyncMessage: ["goBack", "openInsecure"],
    
    70 71
           RPMAddMessageListener: ["WWWReachable"],
    
    71 72
           RPMTryPingSecureWWWLink: ["*"],
    

  • _______________________________________________
    tor-commits mailing list
    tor-commits@xxxxxxxxxxxxxxxxxxxx
    https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits