338e1a2a10
Bug 754202 - Remove mContextPrincipal usage from within nsScriptSecurityManager. r=mrbkap
2012-06-28 23:47:55 +02:00
6def798e8f
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
2012-06-28 23:47:55 +02:00
ca009b979f
Backout bug 754202 (all patches, rather than just patches 3-7).
2012-06-10 17:22:31 -07:00
0ec5784959
Backout 90107a2a0c64 (bug 754202) for real due to orange.
2012-06-10 19:46:20 -04:00
5f2a19ee6e
Revert c39d36167b99 due to a horribly munged backout.
2012-06-10 19:44:50 -04:00
6d6c4efbab
Backout the bug 754202 backout due to orange.
2012-06-10 19:37:47 -04:00
75ea89c874
Merge backout.
2012-06-11 00:28:30 +02:00
b65e3d0fc1
Back out bug 754202. r=me
2012-06-11 00:28:05 +02:00
a4d0a2ae65
Bug 734891 - part 2: Adding ExpandedPrincipal support
2012-06-09 15:19:26 -07:00
c33eb75fc0
Bug 734891 - part 1: Decoupling URI based logic from caps/certificate related logic of nsPrincipal
2012-06-09 15:19:26 -07:00
8c6bec7d49
Bug 754202 - Remove mContextPrincipal usage from within nsScriptSecurityManager. r=mrbkap
2012-06-07 14:28:22 +02:00
ddbdb6b79b
Bug 754202 - Pull object principals directly off the compartment, and assert that behavior doesn't change. r=bz
2012-06-07 14:28:21 +02:00
82ff7027aa
Bug 716478 - update licence to MPL 2.
2012-05-21 12:12:37 +01:00
d55ff730fa
Use handles in API object hooks where possible, bug 750733. r=billm
2012-05-19 15:03:45 -07:00
66d81d0a7e
Backed out changeset 5fc7462dd394 for android orange.
2012-05-19 11:52:55 -07:00
7235558c07
Use handles in API object hooks where possible, bug 750733. r=billm
2012-05-19 09:48:09 -07:00
e6e34db54d
Bug 750859 - Remove (most of) SetCanEnableCapability. r=bz
2012-05-02 23:57:34 +02:00
c532e2d4c3
Bug 750859 - Kill the CAPS confirm dialog. r=bz
...
This will break addons using enablePrivilege, but that's going away too. We've been warning for many releases now, so it's time to bite the bullet.
2012-05-02 23:57:34 +02:00
bb0cb90d39
Bug 740688 - Use uintptr_t instead of PRUword, and intptr_t instead of PRWord. r=jwalden
...
--HG--
extra : rebase_source : 648a581323d2c2893df780f71fe34dadcc4bbaab
2012-04-11 17:17:44 -07:00
c8154dcd0e
bug 730221 - delegating serialization of script principals to the embedding. r=:luke,:bz
...
Currently to serialize principals stored in JSScript we have a rather complex
schema. First there is the transcode callback that the embedding must provide
to transcode principals using XDR API. Second we use rather complex glue code
to implement that callback in terms of writing/reading nsIObjectOutputStream/
nsIObjectInputStream. This glue code is duplicated in 3 places. All this can
be avoided if we simply delegate transcoding of principals to the caller. In
addition, at least in the case of the cached startup scripts we do not even
need to transcode the principals as the the cached scripts always have the
system principal so we can skip all the transcode complexity there.
The patch implemnts this idea. In particular, the code in JS engine
responsible for transcoding of principals is replaced by the single API
function JS_XDRSetPrincipals that the embedding can use to set principals for
decoded scripts and functions. Then the startup cache uses this to set the
principals for the decoded script to the system principals. The other two
places in nsJSContext::Serialize and XBL_SerializeFunction that need to
serialize principals together with a function or script now uses common
utilities in nsXPConnect so the serialization complexity resides in the single
place.
2012-02-13 14:10:04 +01:00
524dbd7e47
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz
...
In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 10:48:50 +01:00
92064e6d3f
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron
...
Landing on a CLOSED TREE
2011-10-17 10:59:28 -04:00
d2b70213ac
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones
...
--HG--
rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
dd8cec0710
Bug 667915 - Don't let content JS consume all the stack and cause chrome JS to OOM (r=waldo,mrbkap)
2011-06-30 09:26:56 -07:00
27331333ef
Bug 662000 part 2: Remove XPC_IDISPATCH_SUPPORT from the build-system and XPConnect. r=mrbkap
...
--HG--
extra : rebase_source : c456802fe36eef1e49381be996dbbdf820781206
2011-06-22 11:56:47 -04:00
eafdcc3af5
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-20 12:00:16 +09:00
e73d3d7ecd
Fix bug 657267. r=bz
2011-05-19 13:31:54 +02:00
7371ad00ed
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
7c610ca8ac
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
2010-06-08 16:43:54 -07:00
df91a46a76
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst.
...
--HG--
extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 15:55:24 +02:00
1090529f8c
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
893023f46a
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
7252ce7760
Bug 515437 CSP connection code, r=jst,dveditz sr=jst
2010-01-22 13:38:21 -08:00
153553d9b6
Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit
2010-01-14 17:19:11 -08:00
f2cab6a506
bug 515433, bug 515437: Content Security Policy (CSP) core
2010-01-13 14:18:24 -08:00
7050590b13
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
27e754d4d0
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
79905bec13
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
2009-05-14 15:17:56 -07:00
1942f8e50b
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
fa1eb8e272
Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz
2009-02-26 18:31:17 +01:00
e4aa8b0d67
Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky
2009-02-17 20:32:57 -08:00
4301671b45
Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg
2009-01-21 22:55:08 -08:00
4ecbd37ca7
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 16:16:25 +02:00
c72ef7d248
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 17:04:34 +02:00
97433a48ab
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 09:16:27 -04:00
5a19e3346c
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-07 00:21:43 +02:00
ab63fc8524
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
ec7a19c8b9
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
a4d3a2e2e3
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
29a96a03b8
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
Bobby Holley
L. David Baron
Ryan VanderMeulen
Gabor Krizsanits
Gervase Markham
Brian Hackett
Mark Capella
Igor Bukanov
Ehsan Akhgari
Michael Wu
Luke Wagner
Matheus Kerschbaum
Masayuki Nakano
Blake Kaplan
Luke Wagner
Dan Witte
Peter Van der Beken
Sid Stamm
Jonas Sicking
Daniel Veditz
Mook
Dan Mosedale
Daniel Holbert
Arpad Borsos
Ben Newman
jst@mozilla.org