ma1 pushed to branch tor-browser-115.28.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 2bd05cc0 by Daniel Holbert at 2025-09-15T19:02:10+02:00 Bug 1970490: Use loading principal (rather than triggering principal) for CORS checks, by default. a=RyanVM This is essentially a backout of bug 1496505, putting its change behind a new off-by-default about:config pref[1] for now, in case there are use cases that require it. [1] content.cors.use_triggering_principal Original Revision: https://phabricator.services.mozilla.com/D252611 Differential Revision: https://phabricator.services.mozilla.com/D263611 - - - - - ecda4d58 by Jon Coppeard at 2025-09-15T19:36:49+02:00 Bug 1979502 - Check slices vector not empty before accessing the last slice r=sfink a=RyanVM |aborted| is reset to false at the end of a slice but GCRuntime::waitBackgroundSweepEnd can be called outside of a slice. Differential Revision: https://phabricator.services.mozilla.com/D260685 - - - - - 688debf8 by Lee Salzman at 2025-09-15T19:57:24+02:00 Bug 1981283. r=ahale a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260412 - - - - - 1a51c17d by Jed Davis at 2025-09-15T20:11:50+02:00 Bug 1982763 - Re-add `CLONE_NEWIPC` to the Linux GMP sandbox. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D260923 Differential Revision: https://phabricator.services.mozilla.com/D263007 - - - - - 5 changed files: - dom/canvas/WebGLContext.cpp - dom/security/nsContentSecurityManager.cpp - js/src/gc/Statistics.cpp - modules/libpref/init/StaticPrefList.yaml - security/sandbox/linux/launch/SandboxLaunch.cpp Changes: ===================================== dom/canvas/WebGLContext.cpp ===================================== @@ -7,8 +7,9 @@ #include <algorithm> #include <bitset> +#include <cctype> +#include <iterator> #include <queue> -#include <regex> #include "AccessCheck.h" #include "CompositableHost.h" @@ -2011,30 +2012,59 @@ Maybe<std::string> WebGLContext::GetString(const GLenum pname) const { // --------------------------------- Maybe<webgl::IndexedName> webgl::ParseIndexed(const std::string& str) { - static const std::regex kRegex("(.*)\\[([0-9]+)\\]"); - - std::smatch match; - if (!std::regex_match(str, match, kRegex)) return {}; + // Check if the string ends with a close bracket + if (str.size() < 2 || str.back() != ']') { + return {}; + } + // Search for the open bracket, only allow digits between brackets + const size_t closeBracket = str.size() - 1; + size_t openBracket = closeBracket; + for (;;) { + char c = str[--openBracket]; + if (isdigit(c)) { + if (openBracket <= 0) { + // At the beginning of string without an open bracket + return {}; + } + } else if (c == '[') { + // Found the open bracket + break; + } else { + // Found a non-digit + return {}; + } + } - const auto index = std::stoull(match[2]); - return Some(webgl::IndexedName{match[1], index}); + // Ensure non-empty digit sequence + size_t firstDigit = openBracket + 1; + if (firstDigit >= closeBracket) { + return {}; + } + const auto index = + std::stoull(str.substr(firstDigit, closeBracket - firstDigit)); + std::string name = str.substr(0, openBracket); + return Some(webgl::IndexedName{name, index}); } // ExplodeName("foo.bar[3].x") -> ["foo", ".", "bar", "[", "3", "]", ".", "x"] static std::vector<std::string> ExplodeName(const std::string& str) { std::vector<std::string> ret; - - static const std::regex kSep("[.[\\]]"); - - auto itr = std::regex_token_iterator<decltype(str.begin())>( - str.begin(), str.end(), kSep, {-1, 0}); - const auto end = decltype(itr)(); - - for (; itr != end; ++itr) { - const auto& part = itr->str(); - if (part.size()) { - ret.push_back(part); + size_t curPos = 0; + while (curPos < str.size()) { + // Find the next separator + size_t nextPos = str.find_first_of(".[]", curPos); + if (nextPos == std::string::npos) { + // If no separator found, add remaining substring + ret.push_back(str.substr(curPos)); + break; + } + // Add string between separators, if not empty + if (curPos < nextPos) { + ret.push_back(str.substr(curPos, nextPos - curPos)); } + // Add the separator + ret.push_back(str.substr(nextPos, 1)); + curPos = nextPos + 1; } return ret; } ===================================== dom/security/nsContentSecurityManager.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_content.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" @@ -364,10 +365,17 @@ static nsresult DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo, return NS_OK; } - // We use the triggering principal here, rather than the loading principal - // to ensure that anonymous CORS content in the browser resources and in - // WebExtensions is allowed to load. - nsIPrincipal* principal = aLoadInfo->TriggeringPrincipal(); + nsIPrincipal* principal = aLoadInfo->GetLoadingPrincipal(); + if (StaticPrefs::content_cors_use_triggering_principal()) { + // We use the triggering principal here, rather than the loading principal, + // to ensure that WebExtensions can reuse their own resources from content + // that they inject into a page. + // + // TODO(dholbert): Is there actually a legitimate reason that WebExtensions + // might need this (as opposed to exposing their resources for use in + // web-content via the 'web_accessible_resources' manifest field)? + principal = aLoadInfo->TriggeringPrincipal(); + } RefPtr<nsCORSListenerProxy> corsListener = new nsCORSListenerProxy( aInAndOutListener, principal, aLoadInfo->GetCookiePolicy() == nsILoadInfo::SEC_COOKIES_INCLUDE); ===================================== js/src/gc/Statistics.cpp ===================================== @@ -1515,7 +1515,7 @@ void Statistics::recordParallelPhase(PhaseKind phaseKind, TimeDuration duration) { MOZ_ASSERT(CurrentThreadCanAccessRuntime(gc->rt)); - if (aborted) { + if (slices_.empty()) { return; } ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -1915,6 +1915,14 @@ value: false mirror: always +# If true, we'll use the triggering principal rather than the loading principal +# when doing CORS checks. This might be needed for WebExtensions to load their +# own resources from content that they inject into sites. +- name: content.cors.use_triggering_principal + type: bool + value: false + mirror: always + # Back off timer notification after count. # -1 means never. - name: content.notify.backoffcount ===================================== security/sandbox/linux/launch/SandboxLaunch.cpp ===================================== @@ -317,6 +317,8 @@ void SandboxLaunchPrepare(GeckoProcessType aType, return; } + // Warning: don't combine multiple case labels, even if the code is + // currently the same, to avoid mistakes when changes are made. switch (aType) { case GeckoProcessType_Socket: if (level >= 1) { @@ -325,6 +327,12 @@ void SandboxLaunchPrepare(GeckoProcessType aType, } break; case GeckoProcessType_GMPlugin: + if (level >= 1) { + canChroot = true; + flags |= CLONE_NEWIPC; + flags |= CLONE_NEWNET; + } + break; case GeckoProcessType_RDD: if (level >= 1) { canChroot = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0ae6e8e... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0ae6e8e... You're receiving this email because of your account on gitlab.torproject.org.