Skip to content

Instantly share code, notes, and snippets.

Avatar
🐢
Slow to respond. Apolgies to those left waiting.

Frederik Braun mozfreddyb

🐢
Slow to respond. Apolgies to those left waiting.
View GitHub Profile
@mozfreddyb
mozfreddyb / innerhtml-hook.js
Last active Nov 6, 2019
inspect assignments to innerHTML
View innerhtml-hook.js
/* inject via
ppmm.loadFrameScript("data:,<js source>", true);
(where ppmm is the message manager, e.g. in shell.js)
framescript documentation explains why this works[1] and
the message manager docs[2] explain that the parent process
manager defined as ppmm in shell.js[3] can be used.
[1] https://developer.mozilla.org/en-US/Firefox/Multiprocess_Firefox/Frame_script_loading_and_lifetime
@mozfreddyb
mozfreddyb / vimdiff.md
Last active Feb 5, 2020 — forked from mattratleph/vimdiff.md
vimdiff cheat sheet
View vimdiff.md

vimdiff cheat sheet

git mergetool

In the middle file (future merged file), you can navigate between conflicts with ]c and [c.

Choose which version you want to keep with :diffget //2 or :diffget //3 (the //2 and //3 are unique identifiers for the target/master copy and the merge/branch copy file names).

:diffupdate (to remove leftover spacing issues)
:only (once you’re done reviewing all conflicts, this shows only the middle/merged file)
@mozfreddyb
mozfreddyb / foo.js
Created Jul 27, 2020
turn searchfox results object into audit spreadsheet
View foo.js
/* This script can be run on a searchfox.org results page as it is.
* the results.normal from line 9 is already in global scope and can be iterated as it is
* Note that this "results.normal" does /not/ include occurences in tests or generated code.
* Use other properties of the "results" object instead, if you need these.
*/
// objkey is something like "Uses (searchterm)"
objkey = Object.keys(results.normal)[0];
occs = results.normal[objkey];
t = [];
@mozfreddyb
mozfreddyb / principals-reference.md
Last active Aug 3, 2020
reference sheet for principals in mozilla code
View principals-reference.md

Reference Sheet for Principals in Mozilla Code

Note: This is the "reference sheet" version. The details and the big picture are covered in Understanding Web Security Checks in Firefox (Part 1).

Principals as a level of privilege

A security context is always using one of these four kinds of Principals:

  • ContentPrincipal: This principal is used for typical web pages and can be serialized to an origin URL, e.g., https://example.com/
  • NullPrincipal: Some pages are never same-origin with anything else. E.g., <iframes sandbox> or documents loaded with a data: URI. The standard calls this an opaque origin.
  • SystemPrincipal: The SystemPrincipal is used for the browser's user interface, commonly referred to as "browser chrome". Pages like about:preferences use the SystemPrincipal.
You can’t perform that action at this time.