firefox-main/dom/security
Name Description Size Coverage
CSPEvalChecker.cpp static 5255 -
CSPEvalChecker.h 900 -
CSPViolationData.cpp static 3147 -
CSPViolationData.h 2228 -
DomSecurityIPCUtils.h 1545 -
DOMSecurityMonitor.cpp static 5074 -
DOMSecurityMonitor.h The fragment parser is triggered anytime JS calls innerHTML or similar JS functions which can generate HTML fragments. This generation of HTML might be dangerous, hence we should ensure that no new instances of innerHTML and similar functions are introduced in system privileged contexts, or also about: pages, in our codebase. If the auditor detects a new instance of innerHTML or similar function it will CRASH using a strong assertion. 1476 -
featurepolicy -
FramingChecker.cpp static 8254 -
FramingChecker.h Logs to the window about a X-Frame-Options error. @param aMessageTag the error message identifier to log @param aChannel the HTTP Channel @param aURI the URI of the frame attempting to load @param aPolicy the header value string from the frame to the console. 1455 -
fuzztest -
IntegrityPolicy.cpp static 15780 -
IntegrityPolicy.h IntegrityPolicy_h_ 3767 -
IntegrityPolicyService.cpp nsIContentPolicy implementation 13791 -
IntegrityPolicyService.h IntegrityPolicyService_h_ 1406 -
IntegrityPolicyWAICT.cpp static 16383 -
IntegrityPolicyWAICT.h IsExclusive 3190 -
metrics.yaml 27390 -
moz.build 2388 -
nsContentSecurityManager.cpp static 68607 -
nsContentSecurityManager.h nsContentSecurityManager_h_ 4090 -
nsContentSecurityUtils.cpp A namespace class for static content security utilities. 82090 -
nsContentSecurityUtils.h A namespace class for static content security utilities. 4350 -
nsCSPContext.cpp This function is only used for verification purposes within GatherSecurityPolicyViolationEventData. 86603 -
nsCSPContext.h SetRequestContextWithDocument() needs to be called before the innerWindowID is initialized on the document. Use this function to call back to flush queued up console messages and initialize the innerWindowID. Node, If SetRequestContextWithPrincipal() was called then we do not have a innerWindowID anyway and hence we can not flush messages to the correct console. 10877 -
nsCSPParser.cpp ===== nsCSPParser ==================== 53891 -
nsCSPParser.h The CSP parser only has one main publicly accessible function, which is parseContentSecurityPolicy. Internally the input string is separated into string tokens and policy() is called, which starts parsing the policy. The parser calls one function after the other according the the source-list from http://www.w3.org/TR/CSP11/#source-list. E.g., the parser can only call port() after the parser has already processed any possible host in host(), similar to a finite state machine. 8290 -
nsCSPService.cpp static 14750 -
nsCSPService.h nsCSPService_h_ 1473 -
nsCSPUtils.cpp 68233 -
nsCSPUtils.h =============== Logging =================== 26860 -
nsHTTPSOnlyStreamListener.cpp 9231 -
nsHTTPSOnlyStreamListener.h This event listener gets registered for requests that have been upgraded using the HTTPS-only mode to log failed upgrades to the console. 1406 -
nsHTTPSOnlyUtils.cpp static 46758 -
nsHTTPSOnlyUtils.h Returns the upgrade mode which should be used for a given load, based on the prefs currently set. @param aFromPrivateWindow Whether the load in question is from a private window. @param aSchemelessInputType Information about the load possibly originating from a schemeful or schemeless address bar input. @return Upgrade mode as an enum. 13966 -
nsIHttpsOnlyModePermission.idl HTTPS-Only/First permission types 1218 -
nsMixedContentBlocker.cpp nsIChannelEventSink implementation This code is called when a request is redirected. We check the channel associated with the new uri is allowed to load in the current context 40008 -
nsMixedContentBlocker.h daf1461b-bf29-4f88-8d0e-4bcdf332c862 3303 -
OffThreadCSPContext.cpp static 3052 -
OffThreadCSPContext.h 1651 -
pings.yaml 759 -
PolicyContainer.cpp 6999 -
PolicyContainer.h Implementation of https://html.spec.whatwg.org/multipage/browsers.html#policy-containers. Copied around the browser in the same way as CSP is copied, in fact, it replaces all the CSP inheritance code. 2860 -
PolicyTokenizer.cpp 2168 -
PolicyTokenizer.h How does the parsing work? We generate tokens by splitting the policy-string by whitespace and semicolon. Interally the tokens are represented as an array of string-arrays: [ [ name, src, src, src, ... ], [ name, src, src, src, ... ], [ name, src, src, src, ... ] ] for example: [ [ img-src, http://www.example.com, http:www.test.com ], [ default-src, 'self'], [ script-src, 'unsafe-eval', 'unsafe-inline' ], ] 1968 -
ReferrerInfo.cpp Default referrer policy to use 56004 -
ReferrerInfo.h The ReferrerInfo class holds the raw referrer and potentially a referrer policy which allows to query the computed referrer which should be applied to a channel as the actual referrer value. The ReferrerInfo class solely contains readonly fields and represents a 1:1 sync to the referrer header of the corresponding channel. In turn that means the class is immutable - so any modifications require to clone the current ReferrerInfo. For example if a request undergoes a redirect, the new channel will need a new ReferrerInfo clone with members being updated accordingly. 16631 -
ResourceHasher.cpp aASCII = 2176 -
ResourceHasher.h 1009 -
sanitizer -
SecFetch.cpp 14784 -
SecFetch.h 736 -
SRICheck.cpp Returns whether or not the sub-resource about to be loaded is eligible for integrity checks. If it's not, the checks will be skipped and the sub-resource will be loaded. 18068 -
SRICheck.h Parse the multiple hashes specified in the integrity attribute and return the strongest supported hash. 4114 -
SRILogHelper.h 544 -
SRIMetadata.cpp 7025 -
SRIMetadata.h Create an empty metadata object. 2764 -
test -
trusted-types -
WAICTUtils.cpp 1475 -
WAICTUtils.h 768 -