6d7584839a
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
434b4cf8db
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
baab01ada6
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
e7bb1b1c38
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
d98d9fdec5
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
730516b0a1
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
0a3a624149
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
f78182b042
Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst
2006-05-12 00:05:40 +00:00
3aaa1fe7df
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
25ab5fffef
Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
...
sr=dveditz
2006-04-02 20:58:26 +00:00
7e4ec9da94
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
f8625ded52
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
f02076fb6f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
9efd50d7d5
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
b29c3a80b9
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
0392b3384b
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
831f32feaa
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
2ad41d5c36
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
9c0955251d
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
ea9fd4132c
Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).
2005-05-04 06:28:36 +00:00
6d36e81b66
Do less addrefing of principals in the script security manager. Bug 289643,
...
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
bb7b3cd85f
Revert kludge, want a general fix.
2005-04-07 19:48:57 +00:00
b02c276f35
Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).
2005-04-07 02:22:24 +00:00
92c940aa45
Bug 269661 make libpref not depend on caps
...
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
f97343e1ac
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:53:35 +00:00
e67c6e5dcf
Improve enablePrivilege confirmation dialog text and presentation, sanity-check
...
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00
765d4043a5
removing myself from DEBUG_CAPS_HACKER list
2004-07-10 19:38:28 +00:00
914def148f
fix DEBUG_CAPS_HACKER bustage due to bug 240106
...
r=caillon sr=darin
2004-06-16 15:58:22 +00:00
9d2ee4928c
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
66caced69a
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
4878fd7a5e
Better version of last change, thanks to caillon for reminding me.
2003-09-28 04:55:50 +00:00
3915f74063
Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz).
2003-09-28 04:44:33 +00:00
4038563cd9
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
f8e8aed8a7
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
b7cdb7debb
Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron).
2003-08-05 20:09:21 +00:00
b6f6ad74ba
Bug 214050
...
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
2003-07-29 05:28:00 +00:00
b7fd1c6840
Ports bustage - remove NS_COM per bsmedberg
2003-07-24 18:58:30 +00:00
91b7c60bee
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
beb45866ed
Removing extra ^M. Fixing Irix cc bustage
2003-06-28 05:15:41 +00:00
66730e2ca7
Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).
...
bustage (const char*)
sr=jst
2003-06-26 03:27:01 +00:00
ddc015e3b7
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
b2badfa9f7
Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded.
...
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
2003-06-18 23:48:57 +00:00
85570db892
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
97649bab86
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00
11919bb299
Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki.
2003-05-28 23:22:36 +00:00
cbf70f5c05
Removing stray windows newline that causes build warning... No reviews, sorry.
2003-04-08 20:26:41 +00:00
44d264d6b0
Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet*
2003-03-12 02:17:37 +00:00
3c0c23b860
Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst).
2003-03-06 19:40:14 +00:00
jwalden@mit.edu
bzbarsky@mit.edu
benjamin@smedbergs.us
dbaron@dbaron.org
hg@mozilla.com
bzbarsky%mit.edu
cbiesinger%web.de
timeless%mozdev.org
brendan%mozilla.org
jst%mozilla.jstenback.com
dveditz%cruzio.com
gerv%gerv.net
caillon%returnzero.com
mkaply%us.ibm.com
seawood%netscape.com
mstoltz%netscape.com
harishd%netscape.com