UXP - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Lines
*	Issue #991 Part 4: Network and URILoader	Ascrod	2019-04-13	-24/+4
\|
*	Part 2: Add tests	wolfbeast	2019-03-07	-0/+156
\| \| \| \|	Tag #993.
*	backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across ↵	Gaming4JC	2018-09-25	-10/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	origins Potential attack: session supercookie. [Moz Notes](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c5): "The problem is that for unknown header names we store the first one we see and then later we case-insensitively match against that name globally. That means you can track if a user agent has already seen a certain header name used (by using a different casing and observing whether it gets normalized). This would allow you to see if a user has used a sensitive service that uses custom header names, or allows you to track a user across sites, by teaching the browser about a certain header case once and then observing if different casings get normalized to that. What we should do instead is only store the casing for a header name for each header list and not globally. That way it only leaks where it's expected (and necessary) to leak." [Moz fix note](https://bugzilla.mozilla.org/show_bug.cgi?id=1334776#c8): "nsHttpAtom now holds the old nsHttpAtom and a string that is case sensitive (only for not standard headers). So nsHttpAtom holds a pointer to a header name. (header names are store on a static structure). This is how it used to be. I left that part the same but added a nsCString which holds a string that was used to resoled the header name. So when we parse headers we call ResolveHeader with a char. If it is a new header name the char will be stored in a HttpHeapAtom, nsHttpAtom::_val will point to HttpHeapAtom::value and the same strings will be stored in mLocalCaseSensitiveHeader. For the first resolve request they will be the same but for the following maybe not. At the end this nsHttpAtom will be stored in nsHttpHeaderArray. For all operation we will used the old char* except when we are returning it to a script using VisitHeaders."
*	Remove support for TLS session caches in TLSServerSocket.	wolfbeast	2018-09-01	-3/+0
\| \| \| \|	This resolves #738
*	Sanity-check in nsStandardURL::Deserialize(). r=mayhemer, a=RyanVM	Valentin Gosu	2018-06-07	-0/+16
\| \| \| \| \| \|	Also add test for faulty nsStandardURL deserialization. See Bug 1392739.
*	Issue #325 Part 11: Fix up build files.	wolfbeast	2018-05-04	-1/+1
\|
*	Merge pull request #175 from janekptacijarabaci/url_parser_2	New Tobin Paradigm	2018-04-16	-1/+21
\|\ \| \| \| \|	moebius#131: URL parser - stop preserving empty passwords
\| *	moebius#131: URL parser - stop preserving empty passwords	janekptacijarabaci	2018-04-15	-1/+21
\| \| \| \| \| \| \| \|	https://github.com/MoonchildProductions/moebius/issues/131
* \|	Merge pull request #174 from janekptacijarabaci/url_parser_1	New Tobin Paradigm	2018-04-16	-24/+8
\|\\| \| \| \| \|	moebius#130: URL parser - fix: don't allow empty host name
\| *	moebius#130: URL parser - fix: don't allow empty host name	janekptacijarabaci	2018-04-15	-24/+8
\| \| \| \| \| \| \| \|	https://github.com/MoonchildProductions/moebius/issues/130
* \|	Merge pull request #171 from janekptacijarabaci/js_location_hash_1	New Tobin Paradigm	2018-04-15	-0/+11
\|\ \ \| \|/ \|/\|	Fix: no escape single quote in location.hash
\| *	JS - location.hash - no escape single quote	janekptacijarabaci	2018-02-12	-0/+11
\| \|
* \|	Remove Windows XP specific code in netwerk.	wolfbeast	2018-02-19	-13/+0
\| \|
* \|	Two (and more) extensions together - http resume - basilisk crashes	janekptacijarabaci	2018-02-18	-0/+53
\|/
*	Add m-esr52 at 52.6.0	Matt A. Tobin	2018-02-02	-0/+65150