mstoltz%netscape.com
d0eab90dbb
Bug 154930 - If one page has explicitly set document.domain and another has not,
...
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
harishd%netscape.com
23d9c4988e
Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst
2002-07-02 23:26:08 +00:00
mstoltz%netscape.com
6e12a5ca9f
Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
...
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
harishd%netscape.com
0031d01a28
Backing out my checkin to see if it fixes the Txul breakage
2002-06-27 23:32:51 +00:00
harishd%netscape.com
5ce8f55dd0
** checking in for mstoltz **
...
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst
2002-06-27 20:58:42 +00:00
mstoltz%netscape.com
6f5d99be4c
133170 - Need to re-check host for security on a redirect after a call to
...
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
dougt%netscape.com
c683a217ab
Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756
2002-05-15 18:55:21 +00:00
darin%netscape.com
6fd5862e6e
fixes bug 142870 "nsIFile should use UCS-2 instead of UTF-8"
...
r=dougt sr=alecf
2002-05-07 23:07:19 +00:00
ben%netscape.com
7d003ba281
[Chrome FastLoad]
...
Ensure that principals are written as Compound Objects using |WriteCompoundObject|, not using |WriteObject|
r=mstoltz, sr=brendan
2002-05-03 03:00:46 +00:00
darin%netscape.com
e554d83626
fixes bug 129279 "nsIFile unicode/utf8/ascii task"
...
r=dougt sr=alecf
2002-04-27 05:33:09 +00:00
mstoltz%netscape.com
8b4ac18c14
Bug 136993 - Put the "trusted codebase principals" feature back in.
...
r=harishd, sr=jst, a=valeski
2002-04-13 01:53:46 +00:00
darin%netscape.com
e73746ce67
fixes bug 134546 "Memory leak in nsScriptSecurityManager::GetBaseURIScheme()"
...
patch=pj@ludd.luth.se , r=mstoltz, sr=darin, a=rjesup@wgate.com
2002-04-03 20:23:57 +00:00
mstoltz%netscape.com
03fe97372a
A bunch of fixes in caps:
...
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)
All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
timeless%mac.com
dec943eb10
Bug 106386 rid source of misspellings
...
r=db48x sr=blake a=asa
2002-03-19 04:30:17 +00:00
alecf%netscape.com
e5d4028f9d
fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed
...
(and not leaked!)
r=mstoltz, sr=vidur, a=asa
2002-03-10 00:41:08 +00:00
rginda%netscape.com
35fde24f6c
Bug 129503, "IsCapabilityEnabled should return PR_TRUE if no script on stack"
...
sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
. Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native. If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)
2002-03-08 02:20:55 +00:00
darin%netscape.com
f1a6738b6c
fixes bug 124042 "support internationalized URIs" r=dougt, sr=alecf, a=asa
2002-03-06 07:48:55 +00:00
jband%netscape.com
3ac1b33f9c
remove stale DEBUG_jband block. rs=jband a=dbaron
2002-03-05 08:02:05 +00:00
mstoltz%netscape.com
18c8067fae
Bug 127938 - chrome scripts should be exempt from the security check put in for
...
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
75f6bd3583
partially backing out my last change - weird dependency problem
2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
82659b14ca
32571, present confirmation dialog before allowing scripts to close windows.
...
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
2002-02-26 04:50:21 +00:00
jst%netscape.com
beae4f7953
Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com
2002-02-20 05:51:05 +00:00
cathleen%netscape.com
124339899e
eliminate nsCRT::strlen for char* strings (part 1), bug 124536 r=dp sr=brendan
2002-02-19 07:36:56 +00:00
mcafee%netscape.com
1a3a52cce7
Backing out mstoltz. r=dbaron,jrgm
2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
cc94447571
Bug 105050 - return null window.opener to scripts if opener is a mail window.
...
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
2002-02-19 01:09:45 +00:00
mkaply%us.ibm.com
cbcd4c677a
OS/2 bustage - callback needs to be in header
2002-02-13 13:30:06 +00:00
mstoltz%netscape.com
4756b7169c
Bug 119646 - Rewrite of the security manager policy database for improved
...
performance. r=jst, sr=jband.
2002-02-13 04:20:46 +00:00
alecf%netscape.com
5483b6f627
one more part of fix for bug 107575, including the much coveted whitespace
...
remove aIgnoreCase parameter from all nsString and nsCString consumers
sr=jag, r=shaver
2002-02-01 01:53:09 +00:00
sfraser%netscape.com
d133d4956f
Making the nsModuleComponentInfo data const; bug 74803. r=dp, sr=waterson
2002-01-30 21:14:20 +00:00
seawood%netscape.com
45bfbf0658
Landing the rest of the win32 gmake changes:
...
* Adds Makefile.ins to win32 specific dirs
* Adds WINNT ifdefs to Makefile.ins
* Causes NSPR to be compiled with --with-mozilla
* Misc general Makefile.in cleanup
Bug #58981 r=mcafee
2001-12-18 09:14:29 +00:00
jaggernaut%netscape.com
97b0530073
Bug 104158: Use NS_LITERAL_STRING instead of XXXWithConversion("..."). r=bryner, rs=alecf
2001-12-16 11:58:03 +00:00
mstoltz%netscape.com
cb9ae92896
Bug 107387 - rename security.properties to caps.properties. r=nhotta, rs=jst.
2001-12-12 04:43:35 +00:00
ccarlen%netscape.com
993cd4c06f
Bug 98349 - Convert Mac build to CW7 and XML projects. Removing obsolete .mcp files. r=pink/sr=sfraser
2001-12-11 04:54:47 +00:00
ccarlen%netscape.com
6d8ea78b52
Adding new files for conversion to CW7 and XML project files. Bug 98349 r=pink/sr=sfraser.
2001-12-10 20:25:12 +00:00
mstoltz%netscape.com
3c9f658ac2
Bug 109113 - misplaced #ifdef DEBUG caused fix not to work in opt builds.
...
Moved #endif to exclude important call. r/sr=jst.
2001-11-27 00:29:20 +00:00
jband%netscape.com
ee23501c42
trivial patch to make what is supposed to be a warning really a warning instead of an assert. rs=jband
2001-11-22 23:26:34 +00:00
peterv%netscape.com
99fc30ce49
Fixing mac debug bustage. Patch suggested by jst, sr=jst.
2001-11-16 10:50:33 +00:00
mstoltz%netscape.com
25276e6b94
Bug 109113, second half of fix. r=jst, sr=brendan. Adding new CheckObjectAccess
...
callback to enforce the same-origin policy on function.caller.
2001-11-16 06:17:24 +00:00
dbaron%fas.harvard.edu
8cd8d91750
Ensure that string literals are used as |const char*| rather than |char*|. r=jag sr=brendan b=107052
2001-11-07 06:24:10 +00:00
seawood%netscape.com
be10c3b1a8
Backing out fix for remote mach-o builds as it left mach-o builds fragile.
...
Add TK_CFLAGS back to default CFLAGS/CXXFLAGS.
Bug #107696
2001-11-03 03:29:05 +00:00
seawood%netscape.com
8a2a775382
Since '-framework Carbon' causes binaries to require console access to run, do not link using that flag by default. Otherwise, remote builds & non-console tinderboxes will break. Mac OSX Mach-O only.
...
Bug #107696 r=mozbot
2001-11-01 00:54:48 +00:00
mstoltz%netscape.com
f634fa73d2
bug 106535, adding the ability to enable codebase principals for a single host
...
instead of for all hosts. r=vidur, sr=jst.
2001-10-26 23:00:48 +00:00
jaggernaut%netscape.com
45107c0d97
Bug 53057: Fixing up users of implicit |CharT*| conversion operators for nsCString to use |.get()| instead, rr=dbaron, rs=scc
2001-10-25 06:13:52 +00:00
bnesse%netscape.com
73c9a1111f
Fix for bug 103883. Add weak ref support for prefs observers to help reduce MLK cycles with preferences. r=ccarlen, darin, gordon, hewitt, mstoltz, srilatha, sspitzer. sr=alecf.
2001-10-22 20:54:48 +00:00
dougt%netscape.com
d18d7e2b17
nsIObserver and nsIObserverService API freeze. r=rpotts@netscape.com, alecf@netscape.com. bug 99163
2001-10-19 20:52:59 +00:00
bzbarsky%mit.edu
8986a0ad12
Make CAPS correctly observe changes to capability.policy prefs. Needed
...
for having UI for these suckers. Bug 101150, r=mstoltz,sr=jst
2001-10-02 21:56:51 +00:00
jaggernaut%netscape.com
ca6197295f
Bug 100476: Convert uses of member functions ToNewUnicode, ToNewCString and ToNewUTF8String to their global versions and remove support from nsCString and nsString. r=dbaron, rs=scc
2001-09-29 08:28:41 +00:00
gerv%gerv.net
11248436dd
License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/.
2001-09-25 01:03:58 +00:00
gerv%gerv.net
1856815ff1
Oops.
2001-09-20 00:02:59 +00:00
scc%mozilla.org
102170b2a0
bug #98089 : ripped new license
2001-09-19 20:09:47 +00:00