Граф коммитов

418 Коммитов

Автор SHA1 Сообщение Дата
blakeross%telocity.com dbb8a13378 Fix 49334: gopher support, minor restructuring of directory viewer. necko: r=darin,dougt sr=rpotts other: r=waterson,mstoltz,jag sr=alecf
Fix 70404: assertions or datetime and finger. r=dougt, sr=rpotts

Both patches by Bradley Baetz (bbaetz@cs.mcgill.ca)
2001-03-14 02:42:39 +00:00
dprice%netscape.com edb387e49c 71057 sr=waterson new order files. NOT PART OF THE REGULAR BUILD 2001-03-13 10:47:37 +00:00
valeski%netscape.com 68017cb9e2 sr=rpotts, r=gagan. 70743. switching over to new extensible URI::SchemeIs() api 2001-03-13 02:02:05 +00:00
suresh%netscape.com 2b0091da37 Adding aim protocol to the list. No Specific bug number. r=syd. sr=mstoltz 2001-03-07 05:58:45 +00:00
beard%netscape.com 3d142549b8 Switch from NS_STATIC_CAST to NS_REINTERPRET_CAST to fix bustage on Mac. r=mstoltz 2001-03-02 01:13:35 +00:00
mstoltz%netscape.com 33c8110175 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 2001-03-02 00:09:20 +00:00
dprice%netscape.com 199c935b04 # 65845 sr=waterson, new order files will greatly reduce the number of link warnings. 2001-02-27 04:38:19 +00:00
mstoltz%netscape.com 6ddb173736 bug 63451 - moved signature verification functions from nsIZipReader to nsIJAR. r=sgehani, sr=shaver 2001-02-23 00:15:04 +00:00
disttsc%bart.nl a6f2f5861a Mass REQUIRES update to synch up with string lib and xul changes in an attempt to fix senna bustage. r=jst, sr=cls 2001-02-22 09:35:51 +00:00
mstoltz%netscape.com 5dbb3f0b61 Bug 66331, nsCodebasePrincipal::GetOrigin needs to specify the port
if nonstnandard. Fixes a bug in LiveConnect. r=dougt, sr=jband.
2001-02-14 00:27:34 +00:00
dprice%netscape.com 10d25d3581 65845 First cut of the order files 2001-02-13 02:34:59 +00:00
beard%netscape.com 7f321c0039 fix for bug #63466, r=mstoltz, sr=brendan, a=leaf 2001-02-12 07:47:28 +00:00
gagan%netscape.com 79713bc4c2 Optimization for scheme comparison of URIs. See bug 66577 for details. r=darin, sr=brendan@mozilla.org 2001-01-31 01:33:03 +00:00
mstoltz%netscape.com 41054417f6 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 2001-01-27 01:42:20 +00:00
bryner%uiuc.edu e0ba7c504e Removing .cvsignore file so this directory will go away. Not part of build. 2000-12-28 21:08:29 +00:00
jband%netscape.com b3d21fb8f4 fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 2000-11-30 05:32:08 +00:00
cls%seawood.org 66a18fcbbf Resurrect REQUIRES so that we have some sort of means to track intermodule dependencies. Bug #59454 r=blizzard@mozilla.org 2000-11-20 07:16:06 +00:00
dbaron%fas.harvard.edu 5dd72c255e Make nsDestroyJSPrincipals stop confusing the leak stats by calling AddRef, but not when the refcount is 0. r=mstoltz@netscape.com sr=brendan@mozilla.org b=59135 2000-11-08 03:06:57 +00:00
mstoltz%netscape.com e875395364 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan.
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan
2000-11-07 01:14:08 +00:00
mstoltz%netscape.com 886042fb63 Bug 57937, signed frames denied access to unsigned frames. r=mccabe, sr=brendan 2000-10-30 20:05:07 +00:00
warren%netscape.com cd56c0575b Bug 47207. Backing out logging/PRINTF changes until we can fix stopwatch.h, introduce double parens, etc. 2000-10-28 22:17:53 +00:00
warren%netscape.com 9a6d92a433 Bug 47207. Changing printf to PRINTF to use new logging facility. r=valeski,sr=waterson 2000-10-27 22:43:51 +00:00
mscott%netscape.com 729c07b2f0 Bug #48403 --> don't allow JS running in a mailnews sand box to change the name of it's containing iframe.
this code was contributed by mstoltz.
r=beard, sr=mscott
2000-10-24 00:52:02 +00:00
pollmann%netscape.com 3da7c0c668 Bug 13871: Prevent frameset spoofing r=mstoltz, sr=mscott, a=rpotts 2000-10-19 10:25:49 +00:00
mstoltz%netscape.com f1137e89ec Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc 2000-10-13 22:59:47 +00:00
mstoltz%netscape.com b3f1af8772 Fixing 52497, security problem in document.implementation, r=jst a=brendan 2000-09-20 23:38:28 +00:00
warren%netscape.com 181bb2dcb2 Landing jar packaging from jar_restructuring_branch. r=hyatt,dprice,sfraser,dveditz,vishy,sgehani 2000-09-20 19:35:24 +00:00
jband%netscape.com 267dc6688d fix memory corruption bug 52382. r=mstoltz 2000-09-14 08:48:53 +00:00
rayw%netscape.com 0257791053 Bug 37275, Changing value of all progids, and changing everywhere a progid
is mentioned to mention a contractid, including in identifiers.

r=warren
2000-09-13 23:57:52 +00:00
jdunn%netscape.com fbf1607c62 Fix warning which requires a return value from functions
r= brendan@mozilla.org scc@mozilla.org
#= 52254
2000-09-13 11:29:18 +00:00
mstoltz%netscape.com c063d33489 bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 2000-09-09 00:53:21 +00:00
mstoltz%netscape.com 63ce73fabf bug 50304, adding "static" to security policy struct, should save some memory and time. r=rogerl 2000-09-07 19:03:23 +00:00
scc%mozilla.org 084f48c90f more GCC fixes 2000-09-03 06:41:18 +00:00
jtaylor%netscape.com 85b41b9623 Not part of build. Adding security regression test suite driver (mozDriver). 2000-08-29 21:50:56 +00:00
dp%netscape.com e5e279fe36 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com ea5d41851a Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 2000-08-22 02:06:52 +00:00
warren%netscape.com a94aa1aa52 Fix for hash code performance problem discovered by bienvenu. 'Sampling' hash code was statistically evil. 2000-08-20 21:29:10 +00:00
shaver%mozilla.org f66cde2438 Fix 47354 and 39975 by providing a system-privileged scope backstop for
JS Components, and teaching the ScriptSecurityManager to check for
XPC-wrapped native objects in the scope chain when looking for an
object's principal. r=jband/a=brendan
2000-08-16 04:01:02 +00:00
dougt%netscape.com c3182f98ef Changing the nsDirectoryService define. This should have been done with the rest of the nsDirectorySerivce changes. r=conrad. 2000-08-14 22:38:27 +00:00
jtaylor%netscape.com e2560fe87a Fixes bug #45877. r=mstoltz. 2000-08-11 03:11:24 +00:00
warren%netscape.com 84b5fd67e3 Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson 2000-08-10 06:19:37 +00:00
jband%netscape.com 2c1dd9e9ec fix bug 47410. Allow JS components to implement nsISecurityCheckedComponent and have sidebar componnet implement it to allow access from untrusted scripts. a=brendan@mozilla.org a=johng@netscape.com 2000-08-08 23:59:32 +00:00
warren%netscape.com da15eda254 Getting jar files in shape. Mostly works on unix, status bar missing (not in build yet). 2000-08-02 06:48:45 +00:00
mstoltz%netscape.com b65db40d35 Fixing 40159, nasty infinite recursion on startup. r&a=beard 2000-07-26 04:53:01 +00:00
mstoltz%netscape.com 3910fcba0b fix for 42387, r=dveditz 2000-07-20 01:16:15 +00:00
mstoltz%netscape.com a8545c4aed Fixing 40159 and 44822, both [nsbeta2+] regressions on signed scripts. r=sgehani 2000-07-12 03:10:33 +00:00
cls%seawood.org e87a1b7b11 Start tedious process of removing obsolete mozilla/include files from build. This patch should take us down to 19 of 101. Bug #38061 2000-07-10 07:13:31 +00:00
mstoltz%netscape.com d1da06c856 DOM properties default to same origin access only. Bug 28443. r=rginda 2000-07-05 19:08:20 +00:00
dcone%netscape.com 36783deb8e Added the IDL file for Vidur. 2000-06-23 15:22:38 +00:00
vidur%netscape.com 79c210a6b9 Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 2000-06-23 14:32:38 +00:00
joki%netscape.com 786f234766 Part of fix for 38117, prevent scripts from running event handlers on windows from other domains. r:mstoltz 2000-06-21 00:21:50 +00:00
mstoltz%netscape.com f458590f07 Dogfood bug 42076 - allowing file:// urls to load chrome:// URLs. r=evaughan. 2000-06-16 22:22:38 +00:00
warren%netscape.com 512c8bf433 Renaming nsIAllocator to nsIMemory (and nsAllocator to nsMemory). API cleanup/freeze. Bug #18433 2000-06-03 09:46:12 +00:00
mstoltz%netscape.com 8256c128d9 On Mac, we should look for systemSignature.jar in Essential FIles, not the bin directory. Bug 40468, r=sgehani, a=clayton. 2000-06-02 22:22:11 +00:00
mstoltz%netscape.com e0c61ab51a Fix for 16858 w/o breaking directory browser. r=waterson a=beard 2000-06-01 23:57:48 +00:00
mstoltz%netscape.com 40dc18d415 Fixed bug in DOM security checks, fixes bug 37907, 23516. Added security check for htmlelement.innerhtml, fixes 39083. Added location check to BASE HREF=, fixes 35859. r=vidur. Added check to style= tag, fixes 16858, r=pierre. 2000-05-26 23:28:40 +00:00
cls%seawood.org a8000b8bb5 Mass replace of -lmozjs with $(MOZ_JS_LIBS) needed for OS/2 and consistency. 2000-05-17 06:45:45 +00:00
mstoltz%netscape.com ead929a4a4 Allow scripting of plugins by untrusted web scripts. Bug 36375. 2000-05-17 02:38:22 +00:00
mstoltz%netscape.com 11718e9f56 Removing archive attribute from nsCertificatePrincipal. This will not be used. 2000-05-16 22:37:38 +00:00
mstoltz%netscape.com e260596697 Fixing bustage in nsCertificatePrincipal.cpp 2000-05-16 04:15:56 +00:00
mstoltz%netscape.com e0fc50a6d4 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 2000-05-16 03:40:51 +00:00
danm%netscape.com 0d46d1e3f2 correct typo in last checkin 2000-05-14 10:38:48 +00:00
danm%netscape.com 67209592fb new chrome hierarchy 2000-05-14 10:37:30 +00:00
danm%netscape.com c0ae0cbbf6 top-level chrome dirs are now packages,locales,skins 2000-05-13 21:29:08 +00:00
scc%netscape.com 383fdc142e string backsliding. r=mjudge 2000-05-12 07:53:02 +00:00
mstoltz%netscape.com 85d27fc1b1 added files: mozilla/caps/idl/nsISignatureVerifier.idl 2000-05-10 01:50:00 +00:00
mstoltz%netscape.com 74488c46a3 Removed dependency of libjar on psm-glue, bug 36853. Fixed out parameter type problem in PSMComponent::HashEnd 2000-05-10 01:49:33 +00:00
thayes%netscape.com e4c6cab6d9 Replace implementation of nsISupports with thread-safe version. This allows
SSL/HTTPS operations to complete on debug builds with thread-safety checking.
r=bryner
2000-05-03 00:04:48 +00:00
mstoltz%netscape.com ad755522c3 Added archive attribute to nsICertificatePrincipal...part of fix for 37481. 2000-05-01 23:39:51 +00:00
nisheeth%netscape.com 7e37fb4356 1) Added support for loading an XML document "out of band" from script and manipulating it via dom interfaces.
2) Fixed compile errors in XSL glue code that happened after the recent nsString landing by scc.
3) Added a check for a null URI before de-referencing it in nsCodeBasePrincipal.cpp.
2000-05-01 06:58:53 +00:00
mstoltz%netscape.com 0274ea8235 Fix bustage on Sun and HP compilers...was casting void* to PRInt16. Added intermediate cast. 2000-04-26 20:54:02 +00:00
mstoltz%netscape.com 9bb975256e Fixes for 27010, 32878, and 32948. 2000-04-26 03:50:07 +00:00
jband%netscape.com 84c0a0901a Do something safe if this call fails 2000-04-25 04:50:49 +00:00
jefft%netscape.com da50b52420 fixed bug 17100 - [FEATURE] enabled partial message download for pop3 2000-04-25 01:48:00 +00:00
mstoltz%netscape.com 57feeae5ec Backing out changes until I can figure out why it's crashing on startup. 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com 62bffdd26e Fixes for bugs 27010, 32878, 32948. 2000-04-23 20:30:29 +00:00
danm%netscape.com d0d8c4d5c3 dist...chrome restructuring 2000-04-19 21:42:30 +00:00
scc%netscape.com e84a7d5347 making string conversions explicit 2000-04-15 05:29:33 +00:00
norris%netscape.com e356de6476 Fix
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com 16e912ab31 # 34082
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
2000-04-05 02:32:07 +00:00
cls%seawood.org f6740baa20 Moved static MOZ_COMPONENT_NSPR_LIBS, MOZ_COMPONENT_XPCOM_LIBS, MOZ_COMPONENT_LIBS definitions from configure.in to config.mk. Replaced -lxpcom in Makefiles to $(XPCOM_LIBS) so that we can optionally link against -lboehm when needed. Bug #31287 2000-04-04 04:46:38 +00:00
scc%netscape.com c05019b2a8 making string conversions explicit 2000-04-01 00:39:02 +00:00
scc%netscape.com 4ea707a4ba make string conversions explicit 2000-04-01 00:36:50 +00:00
scc%netscape.com 89f8378252 turn on source browser in debug build; moved camelot added files into their right spots 2000-04-01 00:32:53 +00:00
mstoltz%netscape.com efa5624e14 Fixed bug 30915 using nsAggregatePrincipal. r=norris 2000-03-31 00:31:18 +00:00
warren%netscape.com 727f312b32 Necko API changes: primarily nsIChannel, changing initialization parameters to accessors. Got javascript: evaluation to happen at the right time (when AsyncRead is called) as well as on the right thread. 2000-03-29 03:58:50 +00:00
scc%netscape.com 11c6f51246 small changes to clients of string conversion APIs 2000-03-26 01:19:41 +00:00
norris%netscape.com 4eb52aa84b Fix
32088 Circumventing Same Origin security policy using javascript: URLs
        32040 about: can't be link
Also remove deprecated method
r=mstoltz
2000-03-24 22:15:37 +00:00
norris%netscape.com 593a12b912 Fix bug 32904 Asserts at startup in nsScriptSecurityManager.cpp
r=mstoltz
2000-03-23 23:42:46 +00:00
mstoltz%netscape.com e5f86d1226 heckLoadURI now handles jar: URL's correctly. r=norris 2000-03-23 04:37:37 +00:00
norris%netscape.com ea9d7682c1 Fix 31998 nsScriptSecurityManager not thread safe breaks table regress 2000-03-21 23:12:16 +00:00
mstoltz%netscape.com d655019842 added files: mozilla/caps/idl/nsIAggregatePrincipal.idl 2000-03-21 04:06:47 +00:00
mstoltz%netscape.com 672a1c6484 added files: mozilla/caps/src/nsAggregatePrincipal.cpp 2000-03-21 04:06:33 +00:00
norris%netscape.com 7d053b70b0 Adding nsAggregatePrincipal support. r=norris 2000-03-21 04:05:35 +00:00
norris%netscape.com 060e388a6b Files:
caps/idl/nsICertificatePrincipal.idl
	caps/idl/nsIPrincipal.idl
	caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com

Files:
	caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com

Files:
	caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com

Files:
	dom/public/nsDOMPropEnums.h
	dom/public/nsDOMPropNames.h
	dom/src/base/nsGlobalWindow.cpp
	modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com

Files:
	dom/src/base/nsJSUtils.cpp
	dom/src/base/nsJSUtils.h
	dom/src/base/nsJSEnvironment.cpp
	dom/tools/JSStubGen.cpp
	layout/base/src/nsDocument.cpp
	layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com

Files:
	layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
2000-03-11 06:32:42 +00:00
norris%netscape.com e81e4f8fa6 Fix 29419 nsScriptSecurityManager should do casinsensitive compaires
Patch submitted by andreas.otte@primus-online.de
r=norris,a=jar
2000-03-08 04:57:05 +00:00
bryner%uiuc.edu f28f63a5d7 This allows clicked "finger:" links to work. r=norris@netscape.com. 2000-02-26 23:37:08 +00:00
norris%netscape.com bdef85f8cd Fix meta refresh problems with etrade, etc.
r=mstoltz
a='do the right thing'
2000-02-24 19:17:59 +00:00
norris%netscape.com d64387736b Fix 28612 META Refresh allowed in Mail/News
r=mstoltz,a=jar
Fix 28658 File upload vulnerability
r=vidur,a=jar
2000-02-23 22:34:40 +00:00
norris%netscape.com 5a9d717919 Work around bug where dialog message is truncated.
a=chofmann,r=mstoltz
2000-02-19 00:37:02 +00:00
norris%netscape.com 5567200a75 Fix 18439 windows.status allows reading links
r=mstoltz
2000-02-11 04:18:39 +00:00
norris%netscape.com 96add55c93 For some reason the sun compiler doesn't like the ?: assignment. 2000-02-10 06:24:38 +00:00
norris%netscape.com 72152baded Fix bad separator in Makefile problem. 2000-02-10 05:33:49 +00:00
norris%netscape.com 2b4b436f5f Fix 25062 Reload vulnerability
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
scc%netscape.com 73802d6f2e Pro5 update 2000-02-07 23:06:04 +00:00
norris%netscape.com b5850888fc Fix crash in nsCodebasePrincipal::Equals when browser.registration.enable is set to true.
r=racham
2000-02-03 23:47:00 +00:00
norris%netscape.com c68664297c Fix domain generalization for site-specific security policy.
also fix bug with enablePrivilege.
r=mstoltz
2000-02-03 23:28:36 +00:00
brade%netscape.com 49568eb54e fix paths for move to CW5 (bug #25779) 2000-02-02 15:27:53 +00:00
norris%netscape.com c04c4d51f9 Fix bug #25864 watch() vulnerability
r=vidur,rogerl
2000-02-02 00:22:58 +00:00
norris%netscape.com 6d132fae66 Fix warning. 2000-01-27 15:59:34 +00:00
norris%netscape.com 7ec9655d07 Fix 23227 Document object vulnerability
r=mstoltz
2000-01-26 15:33:57 +00:00
jband%netscape.com eef6de8432 Lots of xpconnect bug fixes...
- fix bug 12954 "should throw when setting non-settable props".

- fix bug 13418 "xpconnect needs to be threadsafe".
I think I filled in the cracks. Tests would be nice :)

- fix bug 22802 "[MLK] XPConnect Leaks".

- fix bug 24119 "[MLK] Reminder about cleaning up maps".

- fix bug 24453 "xpconnect needs default security manager".
I also changed the code in DOM and caps to just install a default secman and
not install a secman for each JSContext.

- fix bug 24687 "xpconect should avoid resolve performance suckage".
Added (modified) patch from shaver to create my JSObjects with the
global object as the temporary proto to avoid losing lookup.

- hack for bug 24688 "runtime errors in wrapped JS are not made obvious"
Added a debug only printf. We still need a JSErrorConsole service for this.

- fix bug 16130 "createInstanace and getService can create wrappers around wrappers"
Fixing this one really entailed changing the semantics of nsIXPConnect::wrapNative
and nsIXPConnect::wrapJS to use common code in xpcconvert that deals with existing
wrappers and DOM objects (with their own schemes for wrapping and unwrapping).
So, I changed the callers because the params changed slightly and some callers
were doing more work than necessary given the new semantics.

- Continued in the crusade to replace manaual refcounting with nsCOMPtrs whenever
touching old code.

- Added myself as first contributor to xpconnect files (vanity prevails!)

- Added new copyright header on some files that were missing it.

- Added some API comments.

- Converted nsXPCWrappedJS to implement nsIXPConnectWrappedJS via MI rather than
the old loser scheme of the nsIXPConnectWrappedJSMethods tearoff object.

- added DumpJSStack as globals to xpconnect and DOM dlls to be callable from
debuggers. I have ideas on how to improve and expand this support soon.

r=mccabe
2000-01-26 08:38:10 +00:00
norris%netscape.com 8507a58ec3 Files:
caps/include/nsScriptSecurityManager.h
	caps/src/nsScriptSecurityManager.cpp
	modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson

Files:
	dom/src/base/nsGlobalWindow.cpp
	layout/base/src/nsDocument.cpp
	layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.


Files:
	dom/src/jsurl/nsJSProtocolHandler.cpp
	webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth

Files:
	layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
2000-01-23 04:23:14 +00:00
mstoltz%netscape.com 69ef846a00 Fixed build blocker on HPUX, AIX, and Solaris by adding a cast. r=norris a=jar bug=24322 2000-01-20 00:19:30 +00:00
norris%netscape.com c5ed5dbd3d Fix bug 24378 All DOM security checks inadvertently disabled
r=mstoltz,rogerl;a=jar
2000-01-19 23:39:07 +00:00
norris%netscape.com d4cf23a2bf Fix build bustage caused by mismatch of NS_IMETHOD usage. 2000-01-18 22:45:05 +00:00
waterson%netscape.com d0cbc99c85 Fix build bustage. 2000-01-18 22:35:27 +00:00
mstoltz%netscape.com 5014545a00 Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 2000-01-18 21:54:01 +00:00
norris%netscape.com b0ba1f5b70 Fix 18592 Fix example: XPCom components cannot be used under
r=mstoltz
2000-01-14 00:03:46 +00:00
norris%netscape.com a488d900ba Fix bug 16536.
r=mstoltz
2000-01-12 01:42:37 +00:00
norris%netscape.com ab39816cf4 Get IRCChat working without compromising security.
Fix bugs 20261, 23518
r=rginda,mstoltz
2000-01-11 22:02:06 +00:00
jdunn%netscape.com cb0c532e85 Fix base class specifiers, since be default if they aren't specified it is Private
# 23237
r= warren@netscape.com, ftang@netscape.com, jband@netscape.com
2000-01-11 01:45:34 +00:00
norris%netscape.com ddb2282b6c Fix
858  [Feature] JavaScript auto-disable per-domain RFE
    13023 Users must be able to disable Java and JavaScript (for JS in mail)
    21923 Executing functions in "chrome:" protocol - #2.
    r=mstoltz

    (Checked in with red on Mac; Wan-Teh says his changes are localized so
     it shouldn't interfere with his fixing bustage.)
2000-01-08 16:51:54 +00:00
norris%netscape.com 4f128298d2 Fix 22909 previousSibling vulnerability
r=mstoltz
2000-01-06 00:59:18 +00:00
dougt%netscape.com 2e995c5f17 Converting to use nsIModule macro. r=dp. 2000-01-03 22:59:05 +00:00
jband%netscape.com ef9c82db1e Landing big set of DOM and XPConnect changes:
DOM: getting rid of JS_GetContextPrivate wherever possible. Use static parent
links where we can. When we do need to find this info about the caller
we call a function that knows how to get that info rather than inline calls
to JS_GetContextPrivate. This is all required for calling DOM objects on
non-DOM JSContexts as we do via xpconnect.

XPConnect: basic refactoring work to disassociate wrappers from the JSContext
that was active when the wrapper was constructed. This allows for calling into
wrapped JS objects on the right JSContext and for proper grouping of wrapped
native objects so that they can share proto objects. This also allows for
better sharing of objects and lays the foundations for threadsafety and
interface flattening.

Also, xpconnect tests are reorganized and improved.

fixes bugs: 13419, 17736, 17746, 17952, 22086

r=vidur r=mccabe r=norris r=cbegle
a=chofmann
1999-12-18 20:29:29 +00:00
warren%netscape.com 7d4fa072a5 Fix for leak/bloat stats going negative. a=jar 1999-12-10 04:27:52 +00:00
norris%netscape.com 84fe55bbc1 Fix crash seen by waterson.
r=waterson
1999-12-02 05:41:17 +00:00
norris%netscape.com d89d87531c Fix
20257 unable to edit existing images in editor due to JS error
	19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
1999-12-01 22:23:22 +00:00
buster%netscape.com fd31de07ac bug 2253. added controller to html text input
r = kmcclusk, norris
1999-12-01 15:11:33 +00:00
norris%netscape.com 51842ef45e Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.

I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.

Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.

r=joki

There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.

r=jband
1999-11-25 05:28:18 +00:00
norris%netscape.com 24778bda71 Modify generated dom code to use a enum rather than a string for codesize
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
norris%netscape.com 5b4b0169aa * Fix 12124 [DOGFOOD] Reading user's preferences
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
norris%netscape.com a2de456d1b Fix 18634 [CRASH] mozilla -installer crashes
r=sspitzer@netscape.com, a=sspitzer@netscape.com
1999-11-12 18:59:03 +00:00
norris%netscape.com 0f5432934f Fix bug 18640.
r=akhil.arora@sun.com
1999-11-12 04:33:17 +00:00
norris%netscape.com cd9166c573 Restore original changes with bustage fixes. 1999-11-12 03:07:37 +00:00
norris%netscape.com 13907371db Remove call that the compilers can't figure out.
Appears that perhaps the IDL compiler isn't getting called on nsIPref.idl in time.
1999-11-11 23:25:59 +00:00
norris%netscape.com 1fc11905d8 Fix build bustage.
My build on Linux worked; don't understand why the Tinderbox build is different.
1999-11-11 23:07:14 +00:00
norris%netscape.com 8f41929776 added files: mozilla/caps/src/nsBasePrincipal.cpp 1999-11-11 22:11:03 +00:00
norris%netscape.com 7cd400a26f * Fix the following bugs by tightening the default security policy.
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org 142ac52eaf updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
tbogard%aol.net 10ded258a5 Changed NS_ENSURE_NOT to NS_ENSURE_FALSE to reflect API change. r=hyatt 1999-11-01 21:43:56 +00:00
norris%netscape.com e5c170a049 work on bug 7270.
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
warren%netscape.com f50d3df7c0 Added nsIChannel::GetOriginalURI so that we can get back to the original chrome file (bug#17144). r=rpotts,mscott 1999-10-26 09:16:24 +00:00
norris%netscape.com 4ad2862afa Use NS_GET_IID, remove dead code, clean up error conditions for XPConnect security calls.
r=jband
1999-10-25 22:22:16 +00:00
law%netscape.com bc2cea9398 Fixes for bug #16789; permit OpenDialog to work on hidden window even if document load has not completed yet; r=norris@netscape.com, r=danm@netscape.com 1999-10-20 01:25:41 +00:00
norris%netscape.com 24633793d5 Remove references to unsupported JVM_ calls. Needed for bug 16577.
r=shaver
1999-10-19 21:45:29 +00:00
norris%netscape.com 283946a4e4 Fix a Unix warning by removing an unused local variable 1999-10-14 23:49:36 +00:00
norris%netscape.com 822d5724d3 Work on 15824 bad refcounting in nsCodebasePrincipal
Attempt to discover problem with additional assertions
reviewed by mstoltz@netscape.com
1999-10-12 22:52:49 +00:00
norris%netscape.com 46bb0d4e8a Fix part of 5403 Services improperly released: Use NS_WITH_SERVICE
reviewed by mstoltz@netscape.com
1999-10-12 22:51:54 +00:00