Skip to content

Instantly share code, notes, and snippets.

Slow to respond. Apolgies to those left waiting.

Frederik Braun mozfreddyb

Slow to respond. Apolgies to those left waiting.
View GitHub Profile
mozfreddyb / innerhtml-hook.js
Last active Nov 6, 2019
inspect assignments to innerHTML
View innerhtml-hook.js
/* inject via
ppmm.loadFrameScript("data:,<js source>", true);
(where ppmm is the message manager, e.g. in shell.js)
framescript documentation explains why this works[1] and
the message manager docs[2] explain that the parent process
manager defined as ppmm in shell.js[3] can be used.
mozfreddyb /
Last active Feb 5, 2020 — forked from mattratleph/
vimdiff cheat sheet

vimdiff cheat sheet

git mergetool

In the middle file (future merged file), you can navigate between conflicts with ]c and [c.

Choose which version you want to keep with :diffget //2 or :diffget //3 (the //2 and //3 are unique identifiers for the target/master copy and the merge/branch copy file names).

:diffupdate (to remove leftover spacing issues)
:only (once you’re done reviewing all conflicts, this shows only the middle/merged file)
mozfreddyb / foo.js
Created Jul 27, 2020
turn searchfox results object into audit spreadsheet
View foo.js
/* This script can be run on a results page as it is.
* the results.normal from line 9 is already in global scope and can be iterated as it is
* Note that this "results.normal" does /not/ include occurences in tests or generated code.
* Use other properties of the "results" object instead, if you need these.
// objkey is something like "Uses (searchterm)"
objkey = Object.keys(results.normal)[0];
occs = results.normal[objkey];
t = [];
mozfreddyb /
Last active Aug 3, 2020
reference sheet for principals in mozilla code

Reference Sheet for Principals in Mozilla Code

Note: This is the "reference sheet" version. The details and the big picture are covered in Understanding Web Security Checks in Firefox (Part 1).

Principals as a level of privilege

A security context is always using one of these four kinds of Principals:

  • ContentPrincipal: This principal is used for typical web pages and can be serialized to an origin URL, e.g.,
  • NullPrincipal: Some pages are never same-origin with anything else. E.g., <iframes sandbox> or documents loaded with a data: URI. The standard calls this an opaque origin.
  • SystemPrincipal: The SystemPrincipal is used for the browser's user interface, commonly referred to as "browser chrome". Pages like about:preferences use the SystemPrincipal.
You can’t perform that action at this time.