mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
181 178 коммитов 613 Ветки 98 Теги 5,8 GiB
Граф коммитов

184 Коммитов

Автор SHA1 Сообщение Дата
mstoltz%netscape.com 57feeae5ec Backing out changes until I can figure out why it's crashing on startup. 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com 62bffdd26e Fixes for bugs 27010, 32878, 32948. 2000-04-23 20:30:29 +00:00
norris%netscape.com e356de6476 Fix 
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
 2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com 16e912ab31 # 34082 
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
 2000-04-05 02:32:07 +00:00
mstoltz%netscape.com efa5624e14 Fixed bug 30915 using nsAggregatePrincipal. r=norris 2000-03-31 00:31:18 +00:00
norris%netscape.com ea9d7682c1 Fix 31998 nsScriptSecurityManager not thread safe breaks table regress 2000-03-21 23:12:16 +00:00
norris%netscape.com 7d053b70b0 Adding nsAggregatePrincipal support. r=norris 2000-03-21 04:05:35 +00:00
norris%netscape.com 2b4b436f5f Fix 25062 Reload vulnerability 
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
 2000-02-10 04:56:56 +00:00
norris%netscape.com c04c4d51f9 Fix bug #25864 watch() vulnerability 
r=vidur,rogerl
 2000-02-02 00:22:58 +00:00
norris%netscape.com 8507a58ec3 Files: 
caps/include/nsScriptSecurityManager.h
	caps/src/nsScriptSecurityManager.cpp
	modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson

Files:
	dom/src/base/nsGlobalWindow.cpp
	layout/base/src/nsDocument.cpp
	layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.


Files:
	dom/src/jsurl/nsJSProtocolHandler.cpp
	webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth

Files:
	layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
 2000-01-23 04:23:14 +00:00
waterson%netscape.com d0cbc99c85 Fix build bustage. 2000-01-18 22:35:27 +00:00
mstoltz%netscape.com 5014545a00 Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 2000-01-18 21:54:01 +00:00
jdunn%netscape.com cb0c532e85 Fix base class specifiers, since be default if they aren't specified it is Private 
# 23237
r= warren@netscape.com, ftang@netscape.com, jband@netscape.com
 2000-01-11 01:45:34 +00:00
norris%netscape.com ddb2282b6c Fix 
858  [Feature] JavaScript auto-disable per-domain RFE
    13023 Users must be able to disable Java and JavaScript (for JS in mail)
    21923 Executing functions in "chrome:" protocol - #2.
    r=mstoltz

    (Checked in with red on Mac; Wan-Teh says his changes are localized so
     it shouldn't interfere with his fixing bustage.)
 2000-01-08 16:51:54 +00:00
norris%netscape.com 4f128298d2 Fix 22909 previousSibling vulnerability 
r=mstoltz
 2000-01-06 00:59:18 +00:00
warren%netscape.com 7d4fa072a5 Fix for leak/bloat stats going negative. a=jar 1999-12-10 04:27:52 +00:00
norris%netscape.com 51842ef45e Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes 
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.

I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.

Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.

r=joki

There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.

r=jband
 1999-11-25 05:28:18 +00:00
norris%netscape.com 24778bda71 Modify generated dom code to use a enum rather than a string for codesize 
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
 1999-11-20 07:28:34 +00:00
norris%netscape.com 5b4b0169aa * Fix 12124 [DOGFOOD] Reading user's preferences 
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
 1999-11-16 05:07:31 +00:00
norris%netscape.com 7cd400a26f * Fix the following bugs by tightening the default security policy. 
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com
 1999-11-11 22:10:36 +00:00
dmose%mozilla.org 142ac52eaf updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
norris%netscape.com e5c170a049 work on bug 7270. 
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
 1999-10-28 22:09:03 +00:00
norris%netscape.com c99b609910 Add ability to disable JS. Fix 13978 shopping at webvan.com crashes 1999-09-17 20:13:52 +00:00
norris%netscape.com 2b35be101c Remove nsPrincipalManager.h 1999-09-15 21:30:10 +00:00
norris%netscape.com 9acf604770 Add security support for javascript: uris. 1999-09-15 20:58:41 +00:00
norris%netscape.com 0865f1cdaa Create preferences for security checks. 
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
 1999-09-15 04:05:43 +00:00
norris%netscape.com 6ce2283719 Remove unused files. 1999-09-13 20:10:24 +00:00
norris%netscape.com 2d8e12375f * Add checks on urls formed from web scripts 
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
 1999-09-07 02:54:19 +00:00
briano%netscape.com 51d59f6f69 Cleaned it up and eliminated the pointless #!gmake. 1999-09-01 23:27:16 +00:00
norris%netscape.com ec9d253f50 Add all-powerful system principals. Remove some dead code from the build. 1999-09-01 00:54:35 +00:00
cyeh%netscape.com 9577b5cefa Remove IGNORE_MANIFEST=1. It doesn't do anything and it confuses people. 1999-09-01 00:54:34 +00:00
norris%netscape.com d8507f844e * clean up nsScriptSecurityManager 
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
 1999-08-29 21:58:42 +00:00
mccabe%netscape.com 84982717ce Spam caps subtree to replace declarations of IDL-defined interface methods in implementation classes with xpidl-generated NS_DECL_NSIFOO macro. 1999-08-21 20:22:27 +00:00
arielb%netscape.com 1b252b2e3b includes updates to codbase matching security checks currently turned off 
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.
 1999-08-20 09:51:02 +00:00
arielb%netscape.com 4b06750b30 removed zip support from caps module. from now on all that stuff will 
be used by libjar.  should also remove a lot of memory leaks reported on
nsZip
 1999-08-07 21:40:33 +00:00
arielb%netscape.com 9655521b0f Fix to bug 11330 and some changes to reduce warnings in linux builds 1999-08-07 19:59:31 +00:00
arielb%netscape.com a1d83223f4 added a new and improved factory to caps module. fixed some bugs and 
cleared some warnings.  also move some methods of privilege manager to
principal manager.
 1999-08-06 22:44:35 +00:00
sspitzer%netscape.com 0fc6c99e2d fix warnings 1999-08-05 19:47:10 +00:00
briano%netscape.com 7047e55c1e Added a newline to the EOF to fix the Unix native compiler builds. 1999-08-02 06:33:08 +00:00
arielb%netscape.com 0d16b83058 add a principal manager to caps api. everything is now xpidled so 
i removed the public directory from the module.
 1999-08-01 21:26:02 +00:00
arielb%netscape.com 387cbc374e xpidling and updating nsTarget object. should resolve build errors on 
SeaMonkey Ports
 1999-07-28 05:43:26 +00:00
arielb%netscape.com d00edf950d removed some enums and migrated them into nsPrivilege, nsIPrivilege and 
nsPrivilegemanager. cleaning up some old code from the security module
and refining their api's and such like.
 1999-07-27 00:50:59 +00:00
briano%netscape.com 5923fce74f Some compilers also object to #endif's with any non-comment tokens after them. Fixed. 1999-07-26 21:08:51 +00:00
briano%netscape.com 076494e4cb Added a newline to the end of the file to fix the native-compiler Unix builds (HP-UX, Solaris, etc.). 1999-07-26 21:06:59 +00:00
arielb%netscape.com 3cc6d68ad6 i think i may have broken linux build with a tab at the end of a line in 
the makefile, hope this was all for the bustage.
 1999-07-24 04:18:22 +00:00
arielb%netscape.com 8dad60d09d Fix to the caps security module. I removed the nsPrincipal struct, from now 
on you can access principals by their xpcomed interface nsIPrincipal.
 1999-07-24 03:58:23 +00:00
arielb%netscape.com 587d04c222 idled principals interfaces and some fixes to caps manager... 1999-07-16 20:31:18 +00:00
norris%netscape.com f64740e501 Move several security files into idl. (Create idl directory in caps module.) 
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
 1999-07-15 23:23:16 +00:00
norris%netscape.com 06317a54b3 Tom Pixley's code for the beginnings of DOM security, with a fix for the previous Mac link failure. 1999-07-07 07:50:03 +00:00
joki%netscape.com 37a6739ec1 Backing out js security changes. 1999-07-01 13:03:35 +00:00
joki%netscape.com ccd5375141 New JavaScript/DOM security stuff. 1999-07-01 10:38:26 +00:00
raman%netscape.com ba1f9dee86 Checking in changes from Bob Glickstein 1998-12-15 05:53:19 +00:00
ramiro%netscape.com e2b921bf3c Add cvsignore entries for makefiles generated bu autoconf. 1998-12-05 09:07:33 +00:00
ramiro%netscape.com bc992a7bb0 Remove extraneous Makefile files. 1998-12-05 08:19:05 +00:00
raman%netscape.com ce4f25a746 Deleted unnecessary nsCCapsManager:: from the prototype 1998-12-01 03:00:42 +00:00
raman%netscape.com 5b7786e40c XP_COM interfaces for JS calls into CAPS 1998-11-23 00:27:00 +00:00
raman%netscape.com 231ff43d7a Changes to make caps into a DLL. Defined all strings in this file until there is a replacement for allxpstr.h 1998-11-19 05:22:28 +00:00
raman%netscape.com eb1dd00c2c Bug fixes from MozillaClassic branch, plus changes to build caps without rdf 1998-11-16 21:57:13 +00:00
raman%netscape.com 23466e2008 Bug fixes to make caps stuff work with jvm's codesource principals 1998-10-28 03:31:17 +00:00
raman%netscape.com eb854d55b9 Fix to make it compile on HP-UX. Define an else clause in the if statement of an inline function. Thanks briano 1998-10-19 18:25:01 +00:00
raman%netscape.com ccee89d6a8 Added verification certifcates that are created via nsICapsManager. This could be used by JVM plugins. 1998-10-15 20:56:34 +00:00
raman%netscape.com 191dfa4366 Backing out my previous check-in. I was told my changes built ok on Mac, But I wasn't given complete information. Sorry for trouble. 1998-10-14 05:01:12 +00:00
raman%netscape.com 5f82c88ba4 Support for nsICertPrincipal. We do the certificate verification of certificates passed by JavaSoft 1998-10-14 02:52:40 +00:00
racham%netscape.com 3e5359a28f Adding -reg_mode flag related APIs 1998-10-06 21:00:36 +00:00
racham%netscape.com b87ef13ca0 Adding filecode base check routine 1998-10-06 20:59:47 +00:00
raman%netscape.com 34d9668524 Reenabled the code that fixes the memory leaks during startup. I have compiled these changes on windows, solaris, linux. Lasttime I checked in, Mac compiled ok. 1998-09-30 18:06:19 +00:00
raman%netscape.com be4cd9ab8e Backing my last checkin 1998-09-27 03:15:11 +00:00
raman%netscape.com ba17d5bef8 Fixed the memory leaks during startup 1998-09-27 01:22:41 +00:00
sudu%netscape.com 7563a7dd9d Bring autoconf build up to date with non-autoconf build 1998-09-21 19:25:58 +00:00
blizzard%appliedtheory.com e0444fcc03 Bring autoconf build up to date with non-autoconf build 1998-09-19 22:28:51 +00:00
raman%netscape.com 10d9766023 Added CertChain Principal support for Javasoft. Added calls for AskPermission and SetPermission 1998-09-19 00:06:44 +00:00
beard%netscape.com 3b0249a287 09171998 LiveConnect Carpool 1998-09-17 19:20:20 +00:00
sudu%netscape.com 9e48871a6a Added nsCCodeSourcePrinicipal.h to export line 1998-09-17 18:49:51 +00:00
sudu%netscape.com 1e86d67968 New xpcom caps manager apis 1998-09-17 18:12:32 +00:00
raman%netscape.com 9b5baab042 Added AskPermission and SetPermission API calls for OJI. Added the CertChain Principal support for JavaSoft. 1998-09-16 18:39:48 +00:00
raman%netscape.com 5f24c79522 Added getSigners API for SmartUpate 1998-09-02 19:10:57 +00:00
cls%seawood.org 9020b80c52 Updates to autoconf files. 1998-08-26 04:04:57 +00:00
cls%seawood.org 84f1cedcbb AUTOCONF_1_0 landing. 1998-08-19 20:42:14 +00:00
norris%netscape.com 3ba8fa1b75 Add routine to initialize capabilities code. 
Code was actually written by raman.
 1998-08-06 19:41:12 +00:00
raman%netscape.com bb30d1cf9b Adde context as argument to all caps public methods that could be used by JS 1998-08-04 23:54:29 +00:00
warren%netscape.com c9bd5d8074 Landing changes in the OJI_19980727_BRANCH since the OJI_19980727_TIP_MERGE tag. 1998-07-31 20:19:50 +00:00
warren%netscape.com 13b18ece68 Committed from OJI_19980618_TIP_MERGE1. 1998-07-28 02:07:25 +00:00
raman b00270bebb This is not part of any build system. caps is part of OJI effort. It will be used by JavaScript in future. Approved by warren/jar/jsw. 1998-07-10 21:12:19 +00:00
raman c2336343ab This is not part of any build system. caps is part of OJI effort. It will be used by JavaScript in future 1998-07-10 03:19:59 +00:00