05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
d9f9d475bb
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
8a1b6c5e34
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
730516b0a1
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
0a3a624149
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
74a2a1d30c
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
50e969de0c
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
c44462a922
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
52c46b8f53
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
18fc300f0b
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
97bb5a58a9
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
7c0ee6b9d3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
9560fb68fc
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
deb9f0c764
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
4c7f9052d3
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
8ca0c03467
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
d30a1bda05
bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin
2005-02-02 07:17:53 +00:00
4ede76717e
Add a version of CheckLoadURI that takes a source principal instead of a source
...
URI. Update a bunch of callers to use it. Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
9d2ee4928c
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
6394a7f9f8
Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz
2003-12-19 21:51:37 +00:00
7809adca33
Fix missing cx param problem (223041, r=caillon, sr=dbaron).
2003-11-03 04:26:55 +00:00
66caced69a
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
4038563cd9
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
f8e8aed8a7
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
91b7c60bee
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
ddc015e3b7
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
85570db892
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
97649bab86
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00
a069087dd4
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:56:38 +00:00
e3a6a4edfc
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:51:34 +00:00
6d92f9bd32
184257 - Updating pref callers. r=timeless sr=bzbarsky
2003-01-08 08:40:41 +00:00
d5efcdfb6d
Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
...
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
d0f045a722
Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
...
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
322da773fb
Removing old nmake build makefiles. Bug #158528 r=pavlov
2002-08-10 07:55:43 +00:00
39c966dd38
Use principals instead of URIs for same-origin checks.
...
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00
d0eab90dbb
Bug 154930 - If one page has explicitly set document.domain and another has not,
...
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
6e12a5ca9f
Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
...
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
6f5d99be4c
133170 - Need to re-check host for security on a redirect after a call to
...
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
03fe97372a
A bunch of fixes in caps:
...
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)
All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
18c8067fae
Bug 127938 - chrome scripts should be exempt from the security check put in for
...
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
2002-02-28 00:22:59 +00:00
75f6bd3583
partially backing out my last change - weird dependency problem
2002-02-26 05:28:26 +00:00
82659b14ca
32571, present confirmation dialog before allowing scripts to close windows.
...
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
2002-02-26 04:50:21 +00:00
1a3a52cce7
Backing out mstoltz. r=dbaron,jrgm
2002-02-19 04:06:53 +00:00
cc94447571
Bug 105050 - return null window.opener to scripts if opener is a mail window.
...
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
2002-02-19 01:09:45 +00:00
4756b7169c
Bug 119646 - Rewrite of the security manager policy database for improved
...
performance. r=jst, sr=jband.
2002-02-13 04:20:46 +00:00
11248436dd
License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/.
2001-09-25 01:03:58 +00:00
1856815ff1
Oops.
2001-09-20 00:02:59 +00:00
102170b2a0
bug #98089 : ripped new license
2001-09-19 20:09:47 +00:00
dbd7fed5b1
FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver.
2001-07-31 19:05:34 +00:00
hg@mozilla.com
bzbarsky%mit.edu
cbiesinger%web.de
dougt%meer.net
timeless%mozdev.org
brendan%mozilla.org
dbaron%dbaron.org
jshin%mailaps.org
gerv%gerv.net
neil%parkwaycc.co.uk
caillon%returnzero.com
mstoltz%netscape.com
harishd%netscape.com
seawood%netscape.com
sicking%bigfoot.com
mcafee%netscape.com
scc%mozilla.org