9f0ff7ef3c
Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky
2006-03-15 11:03:25 +00:00
4cd1e2b280
Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin.
2006-03-15 04:59:42 +00:00
7e4ec9da94
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
1ce5986f6b
Bug 106386 Correct misspellings in source code
...
r=bernd rs=brendan
2006-02-23 09:36:43 +00:00
52c46b8f53
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
18fc300f0b
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
97bb5a58a9
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
f8625ded52
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
36b98a62ac
Fix debug code to assert the right thing. r=timeless
2006-02-14 20:20:49 +00:00
3b307aca09
Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver
2006-02-07 22:24:47 +00:00
c2d981f764
bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones
...
r+sr=darin
2006-02-03 14:18:39 +00:00
ded8422135
Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu
2005-11-29 06:00:36 +00:00
8f1863159b
Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org
2005-11-28 23:56:44 +00:00
db820cf720
Bug 106386 Correct misspellings in source code
...
patch by unknown@simplemachines.org r=timeless rs=brendan
2005-11-25 08:16:51 +00:00
9b7c8dae03
Bug 316077, r=annie.sullivan, sr=darin
...
Protocol handler allowing access to binary annotations.
2005-11-17 18:39:00 +00:00
f02076fb6f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
9efd50d7d5
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
d44ad313ae
Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
...
changes, sr=jst
2005-11-02 00:41:51 +00:00
44614095f4
Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2005-10-25 00:29:28 +00:00
b29c3a80b9
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
ca23c546c9
bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan
2005-10-14 18:57:26 +00:00
376ca84976
Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz
2005-09-30 03:30:40 +00:00
b7065e027d
Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky
2005-09-14 04:16:27 +00:00
c48f061d3c
Remove the security.checkloaduri preference. Please to be using the
...
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.
Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
7c0ee6b9d3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
72fafa8d29
Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan.
2005-08-25 11:51:42 +00:00
da7005ed5c
bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver
2005-08-22 05:09:11 +00:00
743b627878
Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz
2005-08-17 16:55:00 +00:00
bc9ebac033
Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
...
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
29ac1ad7b9
Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
...
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
9560fb68fc
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
0392b3384b
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
831f32feaa
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
c70e951ba6
Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa
2005-07-14 17:46:55 +00:00
deb9f0c764
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
2ad41d5c36
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
6127d03f79
bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay
2005-06-16 08:28:50 +00:00
97d3abd829
Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org
2005-06-09 01:11:21 +00:00
9c0955251d
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
4c7f9052d3
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
f636ebe0de
Fix bug 293671. r=caillon sr=dveditz a=asa
2005-05-12 18:26:41 +00:00
8ca0c03467
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
eb7002903b
Fix comment from last night to match today's code.
2005-05-04 18:58:24 +00:00
371b8140d2
Undo gist of last change for now, it breaks too much even though it's safer.
2005-05-04 16:19:31 +00:00
ea9fd4132c
Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).
2005-05-04 06:28:36 +00:00
7b45a8e4ba
Fix crashes when privilegeManager methods are called by setting our our param
...
on success return. Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
2005-04-12 05:13:26 +00:00
6d36e81b66
Do less addrefing of principals in the script security manager. Bug 289643,
...
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
bb7b3cd85f
Revert kludge, want a general fix.
2005-04-07 19:48:57 +00:00
b02c276f35
Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).
2005-04-07 02:22:24 +00:00
martijn.martijn%gmail.com
bryner%brianryner.com
bzbarsky%mit.edu
timeless%mozdev.org
cbiesinger%web.de
jst%mozilla.jstenback.com
brettw%gmail.com
mrbkap%gmail.com
dbaron%dbaron.org
dougt%meer.net
peterv%propagandism.org
mconnor%steelgryphon.com
gavin%gavinsharp.com
bsmedberg%covad.net
brendan%mozilla.org