Pull Basilisk-release forward.

author: wolfbeast <mcwerewolf@wolfbeast.com> 2019-08-18 16:25:15 +0200
committer: wolfbeast <mcwerewolf@wolfbeast.com> 2019-08-18 16:26:16 +0200
commit: 202296d02aa99afa90581333ab059c050b9c3ade (patch)
tree: 6ed8a1289bed1bb06d2703ea77cba5fccd3bdffa /netwerk/base
parent: 1530f48c27fb13d7cbd2708c9f0fcf2dabc6ed6a (diff)
parent: ab6242a93b849b0a3c7525b16bc01dd3172fc167 (diff)
download: UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar
UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.gz
UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.lz
UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.xz
UXP-202296d02aa99afa90581333ab059c050b9c3ade.zip
5 files changed, 53 insertions, 26 deletions
diff --git a/netwerk/base/nsIBrowserSearchService.idl b/netwerk/base/nsIBrowserSearchService.idl
index 045973e0c..4ca052e91 100644
--- a/netwerk/base/nsIBrowserSearchService.idl
+++ b/netwerk/base/nsIBrowserSearchService.idl
@@ -7,7 +7,7 @@
 interface nsIURI;
 interface nsIInputStream;
 
-[scriptable, uuid(5799251f-5b55-4df7-a9e7-0c27812c469a)]
+[scriptable, uuid(72599f7a-3712-4b93-90e9-86127006cd68)]
 interface nsISearchSubmission : nsISupports
 {
   /**
@@ -20,6 +20,12 @@ interface nsISearchSubmission : nsISupports
    * The URI to submit a search to.
    */
   readonly attribute nsIURI uri;
+  
+  /**
+   * The POST data associated with a search submission as an
+   * application/x-www-form-urlencoded string. May be null.
+   */
+  readonly attribute AString postDataString;
 };
 
 [scriptable, uuid(620bd920-0491-48c8-99a8-d6047e64802d)]
diff --git a/netwerk/base/nsIOService.cpp b/netwerk/base/nsIOService.cpp
index e0dc7d8e8..bd9a4a96f 100644
--- a/netwerk/base/nsIOService.cpp
+++ b/netwerk/base/nsIOService.cpp
@@ -166,6 +166,7 @@ uint32_t   nsIOService::gDefaultSegmentSize = 4096;
 uint32_t   nsIOService::gDefaultSegmentCount = 24;
 
 bool nsIOService::sBlockToplevelDataUriNavigations = false;
+bool nsIOService::sBlockFTPSubresources = false;
 
 ////////////////////////////////////////////////////////////////////////////////
 
@@ -243,6 +244,8 @@ nsIOService::Init()
 
     Preferences::AddBoolVarCache(&sBlockToplevelDataUriNavigations,
                                  "security.data_uri.block_toplevel_data_uri_navigations", false);
+    Preferences::AddBoolVarCache(&sBlockFTPSubresources,
+                                 "security.block_ftp_subresources", true);
     Preferences::AddBoolVarCache(&mOfflineMirrorsConnectivity, OFFLINE_MIRRORS_CONNECTIVITY, true);
 
     gIOService = this;
@@ -1869,5 +1872,11 @@ nsIOService::BlockToplevelDataUriNavigations()
   return sBlockToplevelDataUriNavigations;
 }
 
+/*static*/ bool
+nsIOService::BlockFTPSubresources()
+{
+  return sBlockFTPSubresources;
+}
+
 } // namespace net
 } // namespace mozilla
diff --git a/netwerk/base/nsIOService.h b/netwerk/base/nsIOService.h
index 19eed743a..f3a26f5d2 100644
--- a/netwerk/base/nsIOService.h
+++ b/netwerk/base/nsIOService.h
@@ -94,6 +94,8 @@ public:
 
     static bool BlockToplevelDataUriNavigations();
 
+    static bool BlockFTPSubresources();
+
     // Used to trigger a recheck of the captive portal status
     nsresult RecheckCaptivePortal();
 private:
@@ -175,6 +177,8 @@ private:
 
     static bool                          sBlockToplevelDataUriNavigations;
 
+    static bool                          sBlockFTPSubresources;
+
     // Time a network tearing down started.
     mozilla::Atomic<PRIntervalTime> mNetTearingDownStarted;
 public:
diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp
index 653a9003e..2974e26b0 100644
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -10,6 +10,7 @@
 #include "mozilla/LoadContext.h"
 #include "mozilla/LoadInfo.h"
 #include "mozilla/BasePrincipal.h"
+#include "mozilla/Preferences.h"
 #include "mozilla/Telemetry.h"
 #include "nsNetUtil.h"
 #include "nsNetUtilInlines.h"
@@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
     return false;
   }
 
-  //
-  // If the file to be loaded is in a subdirectory of the source
-  // (or same-dir if source is not a directory) then it will
-  // inherit its source principal and be scriptable by that source.
-  //
-  bool sourceIsDir;
-  bool allowed = false;
-  nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
-  if (NS_SUCCEEDED(rv) && sourceIsDir) {
-    rv = sourceFile->Contains(targetFile, &allowed);
-  } else {
-    nsCOMPtr<nsIFile> sourceParent;
-    rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
-    if (NS_SUCCEEDED(rv) && sourceParent) {
-      rv = sourceParent->Equals(targetFile, &allowed);
-      if (NS_FAILED(rv) || !allowed) {
-        rv = sourceParent->Contains(targetFile, &allowed);
-      } else {
-        MOZ_ASSERT(aAllowDirectoryTarget,
-                   "sourceFile->Parent == targetFile, but targetFile "
-                   "should've been disallowed if it is a directory");
+  bool uniqueOrigin = true;
+  uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
+  
+  // If treating all files as unique origins, we can skip this because
+  // it should always be refused.
+  if (!uniqueOrigin) {
+    //
+    // If the file to be loaded is in a subdirectory of the source
+    // (or same-dir if source is not a directory) then it will
+    // inherit its source principal and be scriptable by that source.
+    //
+    bool sourceIsDir;
+    bool allowed = false;
+    nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
+    if (NS_SUCCEEDED(rv) && sourceIsDir) {
+      rv = sourceFile->Contains(targetFile, &allowed);
+    } else {
+      nsCOMPtr<nsIFile> sourceParent;
+      rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
+      if (NS_SUCCEEDED(rv) && sourceParent) {
+        rv = sourceParent->Equals(targetFile, &allowed);
+        if (NS_FAILED(rv) || !allowed) {
+          rv = sourceParent->Contains(targetFile, &allowed);
+        } else {
+          MOZ_ASSERT(aAllowDirectoryTarget,
+                     "sourceFile->Parent == targetFile, but targetFile "
+                     "should've been disallowed if it is a directory");
+        }
       }
     }
-  }
 
-  if (NS_SUCCEEDED(rv) && allowed) {
-    return true;
+    if (NS_SUCCEEDED(rv) && allowed) {
+      return true;
+    }
   }
 
   return false;
diff --git a/netwerk/base/nsStandardURL.cpp b/netwerk/base/nsStandardURL.cpp
index dff4ecbc0..7317240c2 100644
--- a/netwerk/base/nsStandardURL.cpp
+++ b/netwerk/base/nsStandardURL.cpp
@@ -575,7 +575,7 @@ nsStandardURL::ValidIPv6orHostname(const char *host, uint32_t length)
     }
 
     const char *end = host + length;
-    if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"")) {
+    if (end != net_FindCharInSet(host, end, CONTROL_CHARACTERS " #/:?@[\\]*<>|\"^")) {
         // We still allow % because it is in the ID of addons.
         // Any percent encoded ASCII characters that are not allowed in the
         // hostname are not percent decoded, and will be parsed just fine.
author	wolfbeast <mcwerewolf@wolfbeast.com>	2019-08-18 16:25:15 +0200
committer	wolfbeast <mcwerewolf@wolfbeast.com>	2019-08-18 16:26:16 +0200
commit	202296d02aa99afa90581333ab059c050b9c3ade (patch)
tree	6ed8a1289bed1bb06d2703ea77cba5fccd3bdffa /netwerk/base
parent	1530f48c27fb13d7cbd2708c9f0fcf2dabc6ed6a (diff)
parent	ab6242a93b849b0a3c7525b16bc01dd3172fc167 (diff)
download	UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.gz UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.lz UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.xz UXP-202296d02aa99afa90581333ab059c050b9c3ade.zip