Name Description Size
CSPEvalChecker.cpp static 5985
CSPEvalChecker.h 1047
DOMSecurityMonitor.cpp static 5393
DOMSecurityMonitor.h The fragment parser is triggered anytime JS calls innerHTML or similar JS functions which can generate HTML fragments. This generation of HTML might be dangerous, hence we should ensure that no new instances of innerHTML and similar functions are introduced in system privileged contexts, or also about: pages, in our codebase. If the auditor detects a new instance of innerHTML or similar function it will CRASH using a strong assertion. 1597
FramingChecker.cpp static 8856
FramingChecker.h Logs to the window about a X-Frame-Options error. @param aMessageTag the error message identifier to log @param aChannel the HTTP Channel @param aURI the URI of the frame attempting to load @param aPolicy the header value string from the frame to the console. 1569
PolicyTokenizer.cpp 2289
PolicyTokenizer.h How does the parsing work? We generate tokens by splitting the policy-string by whitespace and semicolon. Interally the tokens are represented as an array of string-arrays: [ [ name, src, src, src, ... ], [ name, src, src, src, ... ], [ name, src, src, src, ... ] ] for example: [ [ img-src, http://www.example.com, http:www.test.com ], [ default-src, 'self'], [ script-src, 'unsafe-eval', 'unsafe-inline' ], ] 2096
ReferrerInfo.cpp Parse ReferrerPolicy from token. The supported tokens are defined in ReferrerPolicy.webidl. The legacy tokens are "never", "default", "always" and "origin-when-crossorigin". The legacy tokens are only supported in meta referrer content @param aContent content string to be transformed into ReferrerPolicyEnum, e.g. "origin". 44362
ReferrerInfo.h The ReferrerInfo class holds the raw referrer and potentially a referrer policy which allows to query the computed referrer which should be applied to a channel as the actual referrer value. The ReferrerInfo class solely contains readonly fields and represents a 1:1 sync to the referrer header of the corresponding channel. In turn that means the class is immutable - so any modifications require to clone the current ReferrerInfo. For example if a request undergoes a redirect, the new channel will need a new ReferrerInfo clone with members being updated accordingly. 15676
SRICheck.cpp Returns whether or not the sub-resource about to be loaded is eligible for integrity checks. If it's not, the checks will be skipped and the sub-resource will be loaded. 17289
SRICheck.h Parse the multiple hashes specified in the integrity attribute and return the strongest supported hash. 4056
SRILogHelper.h 691
SRIMetadata.cpp 6410
SRIMetadata.h Create an empty metadata object. 2787
SecFetch.cpp 12348
SecFetch.h 883
featurepolicy 11
fuzztest 3
moz.build 1972
nsCSPContext.cpp This function is only used for verification purposes within GatherSecurityPolicyViolationEventData. 70745
nsCSPContext.h SetRequestContextWithDocument() needs to be called before the innerWindowID is initialized on the document. Use this function to call back to flush queued up console messages and initialize the innerWindowID. Node, If SetRequestContextWithPrincipal() was called then we do not have a innerWindowID anyway and hence we can not flush messages to the correct console. 8214
nsCSPParser.cpp ===== nsCSPParser ==================== 43011
nsCSPParser.h The CSP parser only has one publicly accessible function, which is parseContentSecurityPolicy. Internally the input string is separated into string tokens and policy() is called, which starts parsing the policy. The parser calls one function after the other according the the source-list from http://www.w3.org/TR/CSP11/#source-list. E.g., the parser can only call port() after the parser has already processed any possible host in host(), similar to a finite state machine. 7515
nsCSPService.cpp static 14784
nsCSPService.h nsCSPService_h___ 1865
nsCSPUtils.cpp 53999
nsCSPUtils.h =============== Logging =================== 23046
nsContentSecurityManager.cpp static 44508
nsContentSecurityManager.h nsContentSecurityManager_h___ 1999
nsContentSecurityUtils.cpp A namespace class for static content security utilities. 43181
nsContentSecurityUtils.h A namespace class for static content security utilities. 2999
nsHTTPSOnlyStreamListener.cpp 8537
nsHTTPSOnlyStreamListener.h This event listener gets registered for requests that have been upgraded using the HTTPS-only mode to log failed upgrades to the console. 1513
nsHTTPSOnlyUtils.cpp static 20618
nsHTTPSOnlyUtils.h Returns if HTTPSOnly-Mode preference is enabled @param aFromPrivateWindow true if executing in private browsing mode @return true if HTTPS-Only Mode is enabled 6254
nsIHttpsOnlyModePermission.idl An interface to test for cookie permissions 889
nsMixedContentBlocker.cpp nsIChannelEventSink implementation This code is called when a request is redirected. We check the channel associated with the new uri is allowed to load in the current context 39521
nsMixedContentBlocker.h daf1461b-bf29-4f88-8d0e-4bcdf332c862 3437
sanitizer 4
test 11