mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
314 326 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

1125 Коммитов

Автор SHA1 Сообщение Дата
Chris Leary 975d974ac4 Merge mozilla-central and tracemonkey. 2011-05-23 00:02:05 -07:00
Chris Leary 3400d7a2e7 Merge mozilla-central and tracemonkey. 2011-05-20 14:29:36 -07:00
Daniel Holbert 2ee75e0a93 Bug 308590 patch 3.5: Add nsIURI::CloneIgnoringRef interface & impls. r=bz sr=biesi 2011-05-21 18:12:45 -07:00
Daniel Holbert f4110d2e96 Bug 308590 patch 3: Add nsIURI::EqualsExceptRef interface & impls. r=bz sr=biesi 2011-05-21 18:12:45 -07:00
Daniel Holbert a8ca33ca0f Bug 308590 patch 2: Move GetRef/SetRef from nsIURL to nsIURI. r=bz sr=biesi 2011-05-21 18:12:45 -07:00
Blake Kaplan e73d3d7ecd Fix bug 657267. r=bz 2011-05-19 13:31:54 +02:00
Chris Leary 4fef967f20 Bug 654301: Better interned string API, take 2. (r=Waldo) 2011-05-17 12:15:12 -07:00
Josh Aas 669eb04ac7 Bug 637253: Remove nsIPluginInstance interface. r=bsmedberg 2011-05-17 21:48:34 -04:00
Jason Orendorff c0b826d646 Bug 645160 - jsdIStackFrame is incorrectly truncated at indirect eval calls. r=mrbkap. 2011-05-11 11:11:40 -05:00
Chris Leary 0e34a9857c Back out bug 654301 to run again on try. 2011-05-16 19:03:20 -07:00
Chris Leary 36481bff9a Bug 654301: Better interned string API. (r=Waldo) 2011-05-16 18:18:59 -07:00
Justin Lebar d5dcbf68a6 Bug 592557 - Eliminate uses of PR_Atomic{Increment,Decrement} functions in favor of PR_ATOMIC_{INCREMENT,DECREMENT} macros. r=bsmedberg,gal 
--HG--
extra : rebase_source : 71069eb9c9d61131adee49279e136c8574dabc62
 2011-03-28 15:58:49 -04:00
timeless@mozdev.org eb6bf14c5f Bug 584977 mark deprecated caps interfaces and methods with [deprecated] 
r=dveditz
 2011-03-27 23:59:17 -04:00
Mike Shaver 6293a9a3ae Backed out changeset 4d86e63ff60d, diagnostic patch; back out 3da12edf735e, followup fix; back out bug 631135 completely, unexplained intermittent orange. r=waldo, a=orange 2011-02-19 20:46:44 -08:00
Jeff Walden 155cb95ef3 Bug 631135 - Objects created by or on behalf of fast natives and property ops (getters or setters) are parented to the wrong proto and global. r=lw,jst,mrbkap,bz, a=jst 
--HG--
extra : rebase_source : a2f6a11ac3bcc7925cbf122057b694a0aafac970
 2011-02-08 17:20:06 -08:00
Brandon Sterne 69a9afc059 Bug 600584 - add more detail to CSP violation report logging, r=jst, a=LegNeato 2011-01-31 10:09:44 -08:00
Blake Kaplan fbfc5f0ad6 Fix bug 614151. r=jst@mozilla.com, a=blocker 2010-12-28 11:21:30 -08:00
Chris Leary cba55906d2 Merge mozilla-central into tracemonkey. 2011-01-04 10:51:14 -08:00
Chris Jones 210c54df22 Bug 616412: Fix use-before-init bug. r=mrbkap a=a 2011-01-04 10:40:54 -06:00
Chris Leary b83b3feb7f Merge mozilla-central to tracemonkey. 2010-12-29 19:25:04 -05:00
Boris Zbarsky 8534ad52e2 Bug 549459. Don't show information about the object principal in the error string. r=mrbkap a=blocker 2010-12-22 19:55:42 -05:00
Asaf Romano a3601eb64c Bug 619800 - Enable scriptability for nsIPrincipal methods. r+sr+a=bz. 2010-12-22 15:58:22 +02:00
Luke Wagner 56b2810a26 Bug 609440, part 3 - remove fallible public APIs, update mozilla (r=bent,jst,mrbkap,waldo,sdwilsh) 2010-12-03 00:24:17 -08:00
Peter Van der Beken a6974efb9d Fix for bug 590612 (Speed up js-wrapping in classinfo when we already have a wrapper). r=bz, a=jst. 2010-08-28 10:04:25 +02:00
Benjamin Smedberg 2244eb5877 Remove browser_bug571289.js as a followup to bug 610381 and bug 608142. The test is meaningless because the condition is not allowed to happen. r=gal a=orange 2010-11-17 18:16:18 -05:00
Igor Bukanov 08acfd00c4 bug 610198 - Replacing JS_GetStringBytes usage with JS_EncodeString. r=gal 2010-11-11 21:40:29 +01:00
David Anderson b4ec0dde6d Backed out changeset 8e119f847f97 (build busted) 2010-11-11 11:19:42 -08:00
Igor Bukanov 048e1e0a13 bug 610198 - Replacing JS_GetStringBytes usage with JS_EncodeString. r=gal 2010-11-02 15:36:25 +01:00
Kyle Huey 50d2c1361b Bug 604940: Add various things to GARBAGE. r=Mitch a=NPOTB 2010-10-19 17:19:37 -04:00
Peter Van der Beken e036314b75 Bug 580128 - Always wrap Location objects in wrappers, even for same origin. r=mrbkap/gal 2010-09-29 10:00:52 -07:00
Blake Kaplan bdb04e3dcc bug 580128 - Avoid using the parent chain of proxies for anything because it's often wrong. r=jst 2010-09-24 18:00:58 -07:00
Blake Kaplan 4e10badc68 Bug 580128 - Make the system principal consistent over the strings it gives out. r=peterv 2010-09-17 14:54:40 -07:00
Justin Lebar 2158e8e0c9 Bug 571289 - Don't use nsScriptSecurityManager off the main thread. r=mrbkap, a2.0=blocking 
--HG--
extra : rebase_source : 2d945cee865472804ed3aff78af237a60f5a19d4
 2010-09-17 14:44:53 -07:00
Robert Sayre 2b6095f93d Merge mozilla-central to tracemonkey. 2010-09-10 11:47:11 -04:00
Luke Wagner 719f726121 Bug 581263 - remove slow natives (r=waldo,mrbkap) 2010-08-16 12:35:04 -07:00
Michael Wu 6937d281d7 Bug 556644 - 4. Fix tests, r=bsmedberg a=blocking2.0 
--HG--
rename : caps/tests/mochitest/test_bug292789.html => caps/tests/mochitest/test_bug292789.html.in
 2010-08-10 15:18:40 -07:00
Boris Zbarsky 7e4b4c8184 Bug 593026. Make it possible to get the system principal from script. r=jst a=jst 2010-09-07 15:10:41 -04:00
Bjarne ed732b9f7f Bug 546606 - Make redirect API async - part 2; r=honzab.moz,cbiesinger,bjarne,jst sr=jst 2010-08-04 22:15:55 -04:00
Igor Bukanov 7ae0ecc9d3 bug 571789 - merging JSObjectOps and JSExtendedClass into JSClass. r=jorendorff 2010-06-12 18:29:04 +02:00
Igor Bukanov 9842e59608 Backed out changeset 7b2b90efe57d -- the patch was landed against a tree with a lot of orange. This will hinder the orange resolution. 2010-07-28 14:36:06 +02:00
Igor Bukanov 781e5c46d7 bug 571789 - merging JSObjectOps and JSExtendedClass into JSClass. r=jorendorff 2010-06-12 18:29:04 +02:00
Luke Wagner 7371ad00ed Bug 549143 - fatvals 2010-07-14 23:19:36 -07:00
Saint Wesonga 4bd9280674 Bug 562387 - Convert NS_NEWXPCOM/NS_DELETEXPCOM to new/delete. r=bsmedberg 2010-07-05 11:42:18 +02:00
Dão Gottwald b2124655df Backed out changeset 59ace8d80ce8 2010-07-04 22:01:13 +02:00
Saint Wesonga 8952503f91 Bug 562387 - Convert NS_NEWXPCOM/NS_DELETEXPCOM to new/delete. r=bsmedberg 2010-07-04 21:39:17 +02:00
Benjamin Smedberg e17740e1ab Merge mozilla-central to the bug 568691 branch. 
--HG--
rename : gfx/public/nsITheme.h => gfx/src/nsITheme.h
 2010-06-30 14:23:23 -04:00
Benjamin Smedberg a73308ef4b Bug 568691 - Add CID data back to classinfo because it's required for fastload to work correctly. 2010-06-22 12:59:57 -04:00
Benjamin Smedberg a7e67d32ad Bug 568691 part B - mechanical changes to in-tree binary modules needed to get them building and registering correctly. After this patch, xpcshell appears to work. 2010-06-10 14:11:40 -04:00
Ehsan Akhgari 3e874ca35e Bug 519928 - IFRAME inside designMode disables JavaScript, breaking current clickjacking defenses; r=Olli.Pettay 
--HG--
extra : rebase_source : 7d01d90f59e60b63e64b96bb655937fe0d0c879a
 2010-06-04 17:03:50 -04:00
Dão Gottwald 0978149cf3 Backed out changeset db6f8068e9a5 2010-06-29 17:49:21 +02:00
Saint Wesonga c81affe35c Bug 562387 - Convert NS_NEWXPCOM/NS_DELETEXPCOM to new/delete. r=bsmedgerg 2010-06-29 17:14:36 +02:00
Ehsan Akhgari c06468921a Backed out changeset d1cbe16de6bf to fix oranges 2010-06-28 15:29:30 -04:00
Ehsan Akhgari 741c672888 Bug 519928 - IFRAME inside designMode disables JavaScript, breaking current clickjacking defenses; r=Olli.Pettay 2010-06-04 17:03:50 -04:00
Dan Witte 7c610ca8ac Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst 2010-06-08 16:43:54 -07:00
Robert Sayre 2a3fb0fb81 Merge mozilla-central to tracemonkey. 2010-05-24 09:05:39 -07:00
Robert Sayre 5da1b58f01 Merge mozilla-central to tracemonkey 2010-05-17 13:55:37 -04:00
Olli Pettay 927111fb28 Bug 549682 - Port the message-manager API to mozilla-central, r=jst 2010-05-18 15:28:37 +03:00
Olli Pettay 1c104f5606 Backout Bug 549682 2010-05-18 13:10:47 +03:00
Olli Pettay c719bc6e84 Bug 549682 - Port the message-manager API to mozilla-central, r=jst 
--HG--
extra : rebase_source : 45b28a7762428193873a636fa7d5108607f9e4a3
 2010-05-18 11:52:24 +03:00
Jason Orendorff 1e779602f9 Bug 560643 - Add a special jsval type to XPIDL. Part 1, rename JSVal -> jsval in existing IDL. r+sr=jst. 
--HG--
extra : rebase_source : 3d50f7468277883a26790df13a639ce37757a257
 2010-05-12 08:18:51 -05:00
Taras Glek 49db2378ea Bug 516085 - replace the most frequent IOService getter with an efficient one r=biesi 2010-04-12 08:44:28 -07:00
Mitchell Field 0fd15d94da Bug 564950 - Make more use of mozilla::services, r=surkov, jst, neil, smontagu, roc, joshmoz, gavin, shaver 2010-05-14 18:24:41 +09:00
Michael Kohler 6c0f59f4a6 Bug 506041 Part 2: Correct misspellings in source code 
r=timeless
 2010-05-13 14:19:50 +02:00
Peter Van der Beken df91a46a76 Fix for bug 560199 (Link XPConnect and caps into layout). r=jst. 
--HG--
extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
 2010-04-11 15:55:24 +02:00
Robert Sayre 66f3f0f7a3 Merge tracemonkey to mozilla-central. 2010-03-26 15:53:14 -07:00
Igor Bukanov 382035ba66 bug 549010 - folowup to replace PROTO access macros with the inlne function 2010-03-04 23:52:52 -08:00
Jonas Sicking 893023f46a Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap 2010-02-02 02:29:15 -08:00
Blake Kaplan 9c71e872ce Bug 371694 - Protect ourselves against null values. r=dveditz 2010-03-22 15:50:04 -07:00
Ben Newman 81a89a0871 Bug 553448 - nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction should return JS_TRUE when no subjectPrincipal exists. r=mrbkap sr=dveditz 
--HG--
extra : rebase_source : c47d6d55063c115921ee89114c4439444883c37d
 2010-03-18 17:27:39 -07:00
timeless@mozdev.org 7923ac31c7 Bug 504423 ReadAnnotationEntry leaks key if nsCStringKey sets rv to failure 
r=dveditz

--HG--
extra : rebase_source : 07b5d1d19d7533f1a620ab8a83f19b20f33ec6fc
 2010-03-12 07:50:11 +01:00
Sid Stamm 1090529f8c bug 515443 CSP no-eval support. r=mrbkap,brendan 2010-03-08 00:24:50 -08:00
Makoto Kato 340544f021 Bug 346010 - Decom nsIJAR by merging it into nsIZipReader. r=tglek, sr=bsmedberg 2010-03-07 22:56:45 +09:00
Jonas Sicking 6f0a0d424e Bug 543870: Implement File.url. r=bz sr=jst 2010-03-02 23:51:09 -08:00
Sid Stamm 7252ce7760 Bug 515437 CSP connection code, r=jst,dveditz sr=jst 2010-01-22 13:38:21 -08:00
Daniel Veditz 153553d9b6 Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit 2010-01-14 17:19:11 -08:00
Sid Stamm ext:(%2C%20Brandon%20Sterne%20%3Cbsterne%40mozilla.com%3E) f2cab6a506 bug 515433, bug 515437: Content Security Policy (CSP) core 2010-01-13 14:18:24 -08:00
Peter Van der Beken f93aeceb40 Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap. 
--HG--
extra : rebase_source : 4f7978e3ed1335fc4f58478afc038fb63576581b
 2009-09-18 12:43:48 +02:00
Taras Glek 1d126be6cd Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz 
--HG--
extra : rebase_source : c6ba6e900ceed210620d47f70c9b962a808a29fe
 2009-10-12 12:31:50 -07:00
Taras Glek d33c6f1c4a bug 521191: backed out e22bef491d84 2009-10-08 16:44:44 -07:00
Taras Glek 387de8cf2e Backed out changeset e22bef491d84 2009-10-08 16:43:55 -07:00
Peter Van der Beken 056df67f8f Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange. 2009-10-08 13:42:07 -07:00
Peter Van der Beken 5da982514b Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange. 2009-10-08 13:41:44 -07:00
Taras Glek d07c55d805 Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz 2009-10-08 11:22:50 -07:00
Peter Van der Beken 61f49bf3ac Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap. 
--HG--
extra : rebase_source : 95898b5ab53d60200058374c52cdb8161aabf78b
 2009-09-18 12:43:48 +02:00
Blake Kaplan 7050590b13 Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz 2009-08-21 18:20:20 -07:00
Igor Bukanov 8c03c81096 bug 513190 - avoiding jsint tagging of the private slot data. r=jorendorff 2009-09-05 19:59:11 +04:00
Benjamin Smedberg ba372f3a4c Followup to bug 398573 - remove REQUIRES from the tree since it is no longer used... automatically generated patch, rs=ted 2009-08-25 08:59:31 -07:00
Taras Glek d331cb9b8d Bug 468011 - Combine all chrome into browser+toolkit jars. r=bsmedberg 2009-08-14 09:32:40 -07:00
Blake Kaplan 27e754d4d0 Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky 2009-08-06 20:26:33 -07:00
Boris Zbarsky ba4bfdba03 Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst 2009-07-26 21:27:33 -04:00
David Zbarsky e5c3359049 Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg 2009-07-29 13:54:44 -04:00
Boris Zbarsky 79debaf781 Backed out changeset b55e7e3c0bfb to see whether bug 495176 might be causing the WinXP Txul regression 
--HG--
extra : rebase_source : c854c6a8afad67c583ff08e23bbac27cbf99c0cd
 2009-07-28 14:34:01 -04:00
Boris Zbarsky 1785137905 Backed out changeset 9d5e247b5052 to see whether bug 495176 might be causing 
the WinXP Txul regression.

--HG--
extra : rebase_source : 41a0fe73ec43dff97ada391db29dc121fb677403
 2009-07-28 14:32:45 -04:00
Boris Zbarsky 123cf2cf60 Fixing crashes during tests by null-checking the principal URI as appropriate. Bug 495176 2009-07-26 23:21:01 -04:00
Boris Zbarsky 57fdf8c806 Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst 2009-07-26 21:27:33 -04:00
Peter Van der Beken 88bc7e0eed Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap. 2009-05-12 22:20:42 +02:00
Johnny Stenback ac0964e5c0 Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org 2009-06-30 15:55:16 -07:00
Arpad Borsos 9c8455122d Back out b8e531a6c961 (Bug 474369), it really did cause the windows dhtml regression 
--HG--
extra : rebase_source : 568114bcfc5a7710d9e2c2fe5e234fa190bebba1
 2009-06-16 14:38:51 +02:00
Olli Pettay 9a08c869f6 Bug 489561 - nsPrincipal should cache nsIPrefBranch and codebase_principal_support pref, r+sr=dveditz, +comments from bz 2009-06-16 14:00:06 +03:00
Arpad Borsos 21896afffc Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 2009-05-07 17:15:26 +02:00
Phil Ringnalda 50afa4b02b Bug 495021 - CAPS unconditionally builds tests, r=shaver 2009-06-13 11:53:38 -07:00
Blake Kaplan eccda2d175 Bug 441714 - Protect caps against SJOWs. r+sr=dveditz 2009-06-12 14:38:05 -07:00
Arpad Borsos 118ee75268 Back out bug 474369, suspected of causing dhtml and tp3 regression 2009-06-12 23:20:55 +02:00
Arpad Borsos 990fceee6e Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 
--HG--
extra : rebase_source : 2f40cba97555521222512c7cd793c2a2adcca333
 2009-05-07 17:15:26 +02:00
Boris Zbarsky 0cccd6dadc Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap 2009-05-21 15:46:05 -04:00
Boris Zbarsky 9f358b989d Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap 2009-05-20 21:49:42 -04:00
Boris Zbarsky a45c2d01f1 Bug 410486. Fix test failures due to the exception message getting truncated. 2009-05-20 00:57:37 -04:00
timeless@mozdev.org b0af4b46b6 Bug 410486. Make sure to be in a request when reporting a pending exception. r=dveditz, sr=mrbkap. 2009-05-19 22:11:01 -04:00
Dave Townsend dd2848c629 Backed out changeset 461d728271d1 2009-05-19 13:51:18 +01:00
Arpad Borsos 6a70c37113 Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 2009-05-07 17:15:26 +02:00
Blake Kaplan 79905bec13 Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst 2009-05-14 15:17:56 -07:00
Blake Kaplan 1942f8e50b Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky 2009-05-13 15:01:01 -07:00
L. David Baron f0c43ecb3d Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer 2009-05-06 13:46:04 -07:00
Blake Kaplan 737c9a5565 Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky 2009-04-23 00:21:22 -07:00
Mook fa1eb8e272 Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz 2009-02-26 18:31:17 +01:00
Dan Mosedale e4aa8b0d67 Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky 2009-02-17 20:32:57 -08:00
Daniel Holbert 4301671b45 Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg 2009-01-21 22:55:08 -08:00
timeless@mozdev.org a09492561f Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal 
r=mrbkap sr=dveditz
 2009-01-07 20:42:15 -08:00
timeless@mozdev.org 95f9cbd69c Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz 2009-01-01 15:45:23 -08:00
Phil Ringnalda 37206afaf5 Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz 2009-01-01 15:45:23 -08:00
Tyler Downer b768fb620d Bug 471146 - remove old CAPS readme (already on devmo); r=brendan 2009-01-01 14:56:44 +01:00
Boris Zbarsky 402f7a9c31 Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking 2008-11-25 20:50:04 -05:00
Phil Ringnalda 538c9fb42a Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg 2008-11-03 19:46:28 -08:00
Blake Kaplan d897bc426d Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky 2008-10-22 13:15:22 -07:00
Ben Newman d98d55982b Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky 2008-10-16 10:56:51 -04:00
Igor Bukanov 4ecbd37ca7 Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap 2008-10-14 16:16:25 +02:00
Arpad Borsos c72ef7d248 Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan 2008-10-10 17:04:34 +02:00
Blake Kaplan 77100affc1 Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky 2008-10-08 15:05:25 -07:00
Terrence Cole aed2094b1c Bug 787580 - Root all jsval at the API surface; r=sfink sr=dmandelin 
--HG--
rename : layout/reftests/text-decoration/underline-select-2-ref.html => layout/reftests/text-decoration/underline-button-1-ref.html
rename : layout/reftests/text-decoration/underline-select-2.html => layout/reftests/text-decoration/underline-button-1.html
extra : rebase_source : 008f2bab76a005947a4c0bd10b6d9ea8531ea6d0
 2012-09-04 16:40:12 -07:00
Ben Newman 97433a48ab Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky 2008-10-08 09:16:27 -04:00
David Bienvenu 1438cc375a bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose 2008-09-21 15:21:07 -07:00
David Bienvenu 112c5625ca temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943 2008-09-20 08:14:14 -07:00
Arpad Borsos 5a19e3346c Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla) 2008-09-07 00:21:43 +02:00
Ben Turner 8afd9f92cd Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst. 2008-09-05 16:26:04 -07:00
Ben Turner 83f49405ee Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap. 2008-09-04 15:52:20 -07:00
Jason Orendorff 25cba5d7a3 Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst) 2008-08-30 18:58:36 -05:00
Shawn Wilsher eef2b5a677 Bug 452486 - Create components when we actually have a profile 
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
 2008-08-29 16:40:05 -04:00
Honza Bambas bec376906f Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-27 18:15:32 -07:00
Shawn Wilsher 8d4a24aab4 Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction) 
This changeset creates a threadsafe uri object for the null principal to use.
 2008-08-27 18:11:02 -04:00
Dave Camp 92adf93276 Backed out changeset 1e3d4775197a (bug 442812) 2008-08-19 22:52:05 -07:00
Honza Bambas 8b179c6230 Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-19 19:31:08 -07:00
Boris Zbarsky 5eedf39759 Bug 434522 follow-up bustage fix. 2008-07-28 23:37:58 -07:00
Boris Zbarsky f61641d25e Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking 2008-07-28 23:10:05 -07:00
Boris Zbarsky c941674d4d Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst 2008-07-28 23:03:19 -07:00
jonas@sicking.cc ab63fc8524 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com 7caae794f1 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 01:50:51 -07:00
dveditz@cruzio.com e9a165f03a tests for bug 292789 -- forgot during checkin 2008-04-12 17:55:45 -07:00
dveditz@cruzio.com 8a2c640ed4 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 14:26:19 -07:00
jonas@sicking.cc ec7a19c8b9 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
igor@mir2.org e05006a6f0 [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 03:34:29 -07:00
igor@mir2.org ec6b483779 [bug 424376] backing out - too much compatibility problems. 2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu d7fc979918 Fix bug 421228. r+sr=sicking 2008-03-27 20:46:15 -07:00
igor@mir2.org 8edd862903 bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API. 2008-03-23 03:16:40 -07:00
jst@mozilla.org a4d3a2e2e3 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 09:50:47 -07:00
igor@mir2.org 8c88d304f4 bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject 2008-03-21 01:19:23 -07:00
jst@mozilla.org c7eb261ec3 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-20 23:01:55 -07:00
jst@mozilla.org 29a96a03b8 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-20 21:39:08 -07:00
shaver@mozilla.org ba5430c6e5 Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor. 2008-03-20 01:19:15 -07:00
shaver@mozilla.org f23b424aa7 Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 15:14:51 -07:00
shaver@mozilla.org 4d79009864 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave. 2008-03-19 14:26:09 -07:00
jonas@sicking.cc 9552bd91fc Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu 94a044f0b1 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com 0fa7ce606a Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 07:10:48 -07:00
timeless@mozdev.org 620272feeb Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver 2008-03-11 10:30:23 -07:00
reed@reedloden.com 57ac4a582f Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc 28ea51311b Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org 7aff03fc46 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc 42bbc8327e Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi 652c1e007c Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 04:40:18 -08:00
reed@reedloden.com 5d4ef49dd4 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 00:59:20 -08:00
jonas@sicking.cc 2c0141fcd9 Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 00:16:54 -08:00
jst@mozilla.org 31b04a892e Fixing bustage. 2008-01-29 13:11:24 -08:00
jst@mozilla.org 892f0acecf Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
jst@mozilla.org 6fd0410f62 Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 09:51:38 -08:00
jst@mozilla.org 08983f83e3 Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us b3e87aa63b Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
dwitte@stanford.edu 3f33f45d2a thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 20:30:42 -08:00
dwitte@stanford.edu 8d74b831d4 partial backout in an attempt to fix orange. 2008-01-11 02:08:58 -08:00
dwitte@stanford.edu cc924d2d23 relanding bug 410250. 2008-01-11 01:13:04 -08:00
dwitte@stanford.edu f300515e36 backing out to fix orange. 2008-01-10 20:59:44 -08:00
dwitte@stanford.edu 09217db711 thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-10 19:56:00 -08:00
timeless@mozdev.org 1bd2741649 Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep 2008-01-06 06:53:24 -08:00
mrbkap@gmail.com 68ee3e9f08 Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-04 17:32:23 -08:00
jst@mozilla.org f0f4a78cce Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
mrbkap@gmail.com 2605476d7c XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 11:06:29 -08:00
jst@mozilla.org b30b544b5f Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
philringnalda@gmail.com 57e4af9c93 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-12 19:23:17 -08:00
tglek@mozilla.com 21a6a8dc26 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 13:47:11 -08:00
jonas@sicking.cc 4c1a3910ac bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu 26d7ccd742 Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore 2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu e252fc2b15 Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst 2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu 5983f838e4 Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst 2007-09-17 15:18:28 -07:00
dveditz@cruzio.com 2940b2f998 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com c0215549f6 Bug 304048 - Backing out patch due to TXUL regression. 2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com 5f9effcd34 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu 3c0f9ef02f Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com 681c6747e8 Bustage fix 2007-07-11 14:20:11 -07:00
jwalden@mit.edu 6d7584839a Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu 647cbff151 Make security manager API more useful from script. Make more things 
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
 2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu 434b4cf8db Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu ec536a72cf Make nsPrincipal::Equals compare codebases, not just certs, for certificate 
principals.  Bug 369201, r=dveditz, sr=jst
 2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us baab01ada6 Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 07:21:53 -07:00
dbaron@dbaron.org e7bb1b1c38 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
dbaron@dbaron.org d98d9fdec5 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
hg@mozilla.com 05e5d33a57 Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu d9f9d475bb When getting codebase principals, install the passed-in codebase on them even 
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
 2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu 382b095c94 Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz 2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu 8a1b6c5e34 Make the redirect check get principals the same way we get them elsewhere. 
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
 2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com ad22de3c0c Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz 2006-11-22 17:22:40 +00:00
sayrer%gmail.com 6aa99d403b Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz 2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu 730516b0a1 Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu 0a3a624149 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
 2006-11-10 23:49:08 +00:00
cbiesinger%web.de 74a2a1d30c Bug 351876 Move nsICryptoHash into necko 
r=darin
 2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu 50e969de0c Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
pkasting%google.com dafdf0b1eb Bug 337223: Don't expose moz-anno protocol to web pages. 
Patch by brettw
r=jst
sr=bzbarsky
 2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu e9379f3679 Remove special-casing of about:blank for security purposes; give about:blank 
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
 2006-08-15 17:31:16 +00:00
dveditz%cruzio.com d3379f18b5 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking 2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu 282ad6509b Fiox the special-casing for about:blank to deal with it now being 
moz-safe-about:blank as far as the security manager is concerned.  Bug 342108,
r=darin, sr=jst
 2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu 8cd320ad22 Allow about: modules to just set a flag to force script execution to be allowed 
for particular about: URIs, instead of hardcoding checks in the security
manager.  Bug 341313, r=darin, sr=jst
 2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu 4b3cf6e788 Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin 2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu 9a60679a4c Save the principal in the session history entry so that reloading a data: URL 
will do the right thing.  Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs).  Bug
337260, r=dveditz, sr=jst
 2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu 9509962b32 Move the safe vs unsafe about: distinction out of the security manager and into 
nsIAboutModule implementations.  Bug 337746, r=dveditz, sr=darin
 2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au 0f241835df Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan. 2006-06-13 03:07:47 +00:00
mrbkap%gmail.com 98997f8669 Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan 2006-06-12 22:39:55 +00:00
igor%mir2.org 65028a8035 Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan 2006-05-22 22:58:31 +00:00
bzbarsky%mit.edu f78182b042 Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu 6e7e8da8e6 Create our URIs by hand (since we have our own scheme), instead of going 
through the ioService.  Also fixes some threadsafety stuff.  Bug 337513,
r=dveditz, sr=darin.
 2006-05-11 16:06:35 +00:00
cbiesinger%web.de 51a89a8b1e bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and 
associated code. These options do not really work anymore.

r=bsmedberg
 2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu 3aaa1fe7df Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst
 2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu a40420a6d3 Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst 2006-05-04 02:29:46 +00:00
darin%meer.net 4a94571cee fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin 2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu 722b5218b2 Add an interface for nested URIs (like jar:, view-source:, etc) to implement 
and use it in various places.  Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:).  Bug 334407, r=biesi,dveditz, sr=darin
 2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu 000f1cb779 Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz 2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu dffe9c89ad Check rv before looking at port. Bug 334210, r+sr+branch181=jst 2006-04-17 23:19:44 +00:00
bzbarsky%mit.edu f15a96ed13 Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin 2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu af73fbf542 Fix refcounting bug. Followup to bug 327176; reviews pending. 2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu c44462a922 Followup to bug 326506 -- this comment got lost somehow. 2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu 40f15bd48c Init the system principal singleton when we init the security manager -- no 
need for lazy init here.  Bug 327176, r=mrbkap, sr=dveditz
 2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu 25ab5fffef Create a powerless non-principal and start using it. Bug 326506, r=mrbkap, 
sr=dveditz
 2006-04-02 20:58:26 +00:00
darin%meer.net 20837f71e1 fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron 2006-03-30 18:40:56 +00:00
martijn.martijn%gmail.com 9f0ff7ef3c Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky 2006-03-15 11:03:25 +00:00
bryner%brianryner.com 4cd1e2b280 Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin. 2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu 7e4ec9da94 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan
 2006-02-24 04:38:46 +00:00
timeless%mozdev.org 1ce5986f6b Bug 106386 Correct misspellings in source code 
r=bernd rs=brendan
 2006-02-23 09:36:43 +00:00
bzbarsky%mit.edu 52c46b8f53 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz
 2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu 18fc300f0b Backing out since tree is closed. 2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu 97bb5a58a9 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz
 2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu f8625ded52 Remove dead code. Bug 327171, r=mrbkap, sr=shaver 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu 36b98a62ac Fix debug code to assert the right thing. r=timeless 2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu 3b307aca09 Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver 2006-02-07 22:24:47 +00:00
cbiesinger%web.de c2d981f764 bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones 
r+sr=darin
 2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com ded8422135 Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu 2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com 8f1863159b Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org 2005-11-28 23:56:44 +00:00
timeless%mozdev.org db820cf720 Bug 106386 Correct misspellings in source code 
patch by unknown@simplemachines.org r=timeless rs=brendan
 2005-11-25 08:16:51 +00:00
brettw%gmail.com 9b7c8dae03 Bug 316077, r=annie.sullivan, sr=darin 
Protocol handler allowing access to binary annotations.
 2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu f02076fb6f Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de 9efd50d7d5 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz
 2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu d44ad313ae Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet 
changes, sr=jst
 2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com 44614095f4 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu b29c3a80b9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst
 2005-10-20 23:49:59 +00:00
mrbkap%gmail.com ca23c546c9 bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan 2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu 376ca84976 Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz 2005-09-30 03:30:40 +00:00
dbaron%dbaron.org b7065e027d Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky 2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu c48f061d3c Remove the security.checkloaduri preference. Please to be using the 
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.

Bug 307382, r=caillon, sr=dveditz
 2005-09-09 18:43:45 +00:00
dougt%meer.net 7c0ee6b9d3 Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 2005-08-26 06:46:21 +00:00
peterv%propagandism.org 72fafa8d29 Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan. 2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com da7005ed5c bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver 2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com 743b627878 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz 2005-08-17 16:55:00 +00:00
timeless%mozdev.org bc9ebac033 Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER 
r=caillon sr=dveditz
 2005-08-17 07:40:39 +00:00
timeless%mozdev.org 29ac1ad7b9 Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG 
r=dveditz sr=dveditz
 2005-08-12 23:13:46 +00:00
timeless%mozdev.org 9560fb68fc Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree 
r=caillon sr=dveditz
 2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu 0392b3384b Comment-only fixes I forgot to make. Bug 240661. 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu 10d1c576d9 Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org 831f32feaa Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
 2005-07-19 21:55:36 +00:00
bsmedberg%covad.net c70e951ba6 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 2005-07-14 17:46:55 +00:00
brendan%mozilla.org deb9f0c764 Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 2005-07-08 23:26:36 +00:00
timeless%mozdev.org 2ad41d5c36 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
 2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com 6127d03f79 bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 2005-06-16 08:28:50 +00:00
jst%mozilla.jstenback.com 97d3abd829 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 2005-06-09 01:11:21 +00:00
timeless%mozdev.org 9c0955251d Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
 2005-06-07 21:57:56 +00:00
dougt%meer.net 4c7f9052d3 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org f636ebe0de Fix bug 293671. r=caillon sr=dveditz a=asa 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org 8ca0c03467 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 2005-05-12 18:20:07 +00:00
brendan%mozilla.org eb7002903b Fix comment from last night to match today's code. 2005-05-04 18:58:24 +00:00
brendan%mozilla.org 371b8140d2 Undo gist of last change for now, it breaks too much even though it's safer. 2005-05-04 16:19:31 +00:00
brendan%mozilla.org ea9fd4132c Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu 7b45a8e4ba Fix crashes when privilegeManager methods are called by setting our our param 
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
 2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu 6d36e81b66 Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org bb7b3cd85f Revert kludge, want a general fix. 2005-04-07 19:48:57 +00:00
brendan%mozilla.org b02c276f35 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 2005-04-07 02:22:24 +00:00
timeless%mozdev.org 4efd7a5f8a Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong 
r=dveditz sr=dveditz
 2005-03-29 03:12:12 +00:00
bryner%brianryner.com e171eaba9b Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl 06f479dff9 bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net 361daac936 Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu 3a4edb10d6 Remove special-casing so non-chrome-principal pages, even with chrome: uris, 
can have script disabled as needed.  Bug 280120, r=peterv, sr=neil
 2005-02-22 21:18:31 +00:00
cbiesinger%web.de 92c940aa45 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz
 2005-02-06 12:39:31 +00:00
jshin%mailaps.org d30a1bda05 bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu d9f747cca2 Add about:license and about:licence and make about: link to them. Bug 256945, 
r=gerv, sr=darin
 2005-01-23 21:02:36 +00:00
bsmedberg%covad.net 79241940e8 Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees. 2004-12-09 19:28:35 +00:00
timeless%mozdev.org ffa869708f Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla 
r=caillon sr=dveditz
 2004-11-05 16:54:09 +00:00
timeless%mozdev.org b405b527b8 Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator] 
r=dveditz sr=jst
 2004-11-05 15:25:04 +00:00
bzbarsky%mit.edu 1f629aef08 Make it possible to disable checkloaduri on a per-site basis instead of 
disabling it globally.  Bug 233108, r=caillon, sr=jst
 2004-11-03 15:45:52 +00:00
jst%mozilla.jstenback.com f97343e1ac Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:53:35 +00:00
jst%mozilla.jstenback.com 08b3a16535 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:34:58 +00:00
dveditz%cruzio.com e67c6e5dcf Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
 2004-09-01 07:53:32 +00:00
cbiesinger%web.de 765d4043a5 removing myself from DEBUG_CAPS_HACKER list 2004-07-10 19:38:28 +00:00
roc+%cs.cmu.edu 0f4150a4e5 Bug 226439. Convert codebase to use AppendLiteral/AssignLiteral/LowerCaseEqualsLiteral. r+sr=darin 2004-06-17 00:13:25 +00:00
cbiesinger%web.de 914def148f fix DEBUG_CAPS_HACKER bustage due to bug 240106 
r=caillon sr=darin
 2004-06-16 15:58:22 +00:00
dveditz%cruzio.com e66742e59c bug 162020 option to delay enabling confirmation buttons r=mkaply,sr=sspitzer 2004-06-05 09:26:01 +00:00
mkaply%us.ibm.com 348998da9e #239580 
r=danm, sr=dveditz
Extend ConfirmEx to allow setting the default button - change default button for script security to no
 2004-05-24 13:33:51 +00:00
roc+%cs.cmu.edu 0e3ff503fb Bug 226439. Convert Seamonkey to EqualsLiteral. rs=darin 2004-05-22 22:15:22 +00:00
bzbarsky%mit.edu 4ede76717e Add a version of CheckLoadURI that takes a source principal instead of a source 
URI.  Update a bunch of callers to use it.  Bug 233108, r=caillon, sr=dveditz
 2004-04-25 16:55:27 +00:00
bryner%brianryner.com 642f7ede36 deCOMtaminate nsIScriptObjectPrincipal (bug 240745). This also fixes some code in nsCrypto.cpp that sems to have been mis-braced (I don't think it was working as intended). r+sr=jst. 2004-04-18 00:28:47 +00:00
gerv%gerv.net 9d2ee4928c Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
cbiesinger%web.de 6ad20397bf Bug 235504 Remove nsCString::EqualsWithConversion(const char*) 
r=darin sr=dbaron
 2004-04-14 20:09:30 +00:00
jst%mozilla.jstenback.com 2ee27045ba Backing out the fix for bug 235457 since it made typing URLs, and autocomplete in the the URL bar not work. 2004-03-16 19:06:10 +00:00
jst%mozilla.jstenback.com e1913b1f1e Fixing bug 235457. Make new windows opened through window.open be opened on the context of the opener, and make caps not lie about when capabilities are enabled. r=danm-moz@comcast.net, r=caillon@aillon.org, sr=brendan@mozilla.org, a=dbaron@dbaron.org 2004-03-16 06:57:54 +00:00
cbiesinger%web.de 2081246472 one more tweak, r=caillon 2004-03-06 20:54:47 +00:00
cbiesinger%web.de 344f084a76 making this sound less like it's PSM, rs=caillon 2004-03-06 20:47:21 +00:00
darin%meer.net c380c59f65 landing dbaron's patch for bug 235735 "fix callers that cast away const on result of ns[C]String::get" r+sr=darin 2004-02-28 22:34:07 +00:00
darin%meer.net f6875e2d3c fixes bug 234916 "Remove global/static NS_NAMED_LITERAL_C?STRING usage [was: Firefox crashes on startup on Mac OS X]" r=jst sr=dbaron 2004-02-25 02:08:34 +00:00
jst%mozilla.jstenback.com 505c634885 Fixing bug 233307. deCOMtaminating nsIScript* and related interfaces. r+sr=bryner@brianryner.com. 2004-02-09 22:48:53 +00:00
bsmedberg%covad.net d0f309943a Continuing to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet. 2004-01-07 13:37:00 +00:00
bsmedberg%covad.net 274ef7cd49 Beginning to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet. 2004-01-07 01:22:31 +00:00
neil%parkwaycc.co.uk 6394a7f9f8 Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 2003-12-19 21:51:37 +00:00
pkw%us.ibm.com 56dbd77c06 Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp 
r=caillon@aillon.org, sr=brendan@mozilla.org, a=brendan@mozilla.org
 2003-12-15 18:16:09 +00:00
caillon%returnzero.com c8e5f51fe0 227079 - Mozilla asks for security privileges where it shouldn't 
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron
 2003-12-04 02:14:07 +00:00
brendan%mozilla.org 7809adca33 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 2003-11-03 04:26:55 +00:00
dbaron%dbaron.org 6139d85dae Work around bustage. Temporary fix. b=223041 2003-11-02 02:31:53 +00:00
caillon%returnzero.com 6ea484e8b7 Permit content to link to about:logo 
Bug 223293; r=timeless sr=jst
 2003-10-30 01:35:09 +00:00
caillon%returnzero.com 66caced69a Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org 4878fd7a5e Better version of last change, thanks to caillon for reminding me. 2003-09-28 04:55:50 +00:00
brendan%mozilla.org 3915f74063 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 2003-09-28 04:44:33 +00:00
brendan%mozilla.org 4038563cd9 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon%returnzero.com a7aa61013a about:about 
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net
 2003-09-13 19:35:59 +00:00
bryner%brianryner.com 06fe994577 Fix build on gcc 3.4 by removing extra semicolons (bug 218551). r/sr=dbaron, a=brendan. 2003-09-07 21:37:51 +00:00
caillon%returnzero.com f8e8aed8a7 Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
 2003-08-22 03:06:53 +00:00
caillon%returnzero.com ae4593bec0 Bug 216234 
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org
 2003-08-20 00:40:13 +00:00
cls%seawood.org 1b51ba858c Set MODULE in makefiles at the top of a heirarchy so that module-deps lists are more precise and builds will have the proper order if some subdirs contain other modules. 2003-08-16 00:42:35 +00:00
caillon%returnzero.com c2d2462e51 Bug 214949 
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com
 2003-08-10 02:26:11 +00:00
brendan%mozilla.org b7cdb7debb Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 2003-08-05 20:09:21 +00:00
caillon%returnzero.com 4572ef1a55 Adding comments, per bzbarsky. bug 214050. 2003-07-29 19:03:00 +00:00
caillon%returnzero.com dac741004a Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050. 2003-07-29 09:07:43 +00:00
caillon%returnzero.com b6f6ad74ba Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
 2003-07-29 05:28:00 +00:00
caillon%returnzero.com 25a56a0d4b Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536. 
r=timeless,sr=bzbarsky on IRC.
 2003-07-27 07:00:25 +00:00
caillon%returnzero.com 007e7d68ad 213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue] 
r+sr+caillonIsStupid=bzbarsky@mit.edu
 2003-07-27 04:08:48 +00:00
caillon%returnzero.com 728cd6526c Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability. 
r+sr=bzbarsky@mit.edu
 2003-07-25 19:23:17 +00:00
mkaply%us.ibm.com b7fd1c6840 Ports bustage - remove NS_COM per bsmedberg 2003-07-24 18:58:30 +00:00
caillon%returnzero.com 91b7c60bee Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
 2003-07-24 05:15:20 +00:00
seawood%netscape.com beb45866ed Removing extra ^M. Fixing Irix cc bustage 2003-06-28 05:15:41 +00:00