norris%netscape.com
24778bda71
Modify generated dom code to use a enum rather than a string for codesize
...
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
norris%netscape.com
5b4b0169aa
* Fix 12124 [DOGFOOD] Reading user's preferences
...
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
norris%netscape.com
a2de456d1b
Fix 18634 [CRASH] mozilla -installer crashes
...
r=sspitzer@netscape.com , a=sspitzer@netscape.com
1999-11-12 18:59:03 +00:00
norris%netscape.com
0f5432934f
Fix bug 18640.
...
r=akhil.arora@sun.com
1999-11-12 04:33:17 +00:00
norris%netscape.com
cd9166c573
Restore original changes with bustage fixes.
1999-11-12 03:07:37 +00:00
norris%netscape.com
13907371db
Remove call that the compilers can't figure out.
...
Appears that perhaps the IDL compiler isn't getting called on nsIPref.idl in time.
1999-11-11 23:25:59 +00:00
norris%netscape.com
1fc11905d8
Fix build bustage.
...
My build on Linux worked; don't understand why the Tinderbox build is different.
1999-11-11 23:07:14 +00:00
norris%netscape.com
8f41929776
added files: mozilla/caps/src/nsBasePrincipal.cpp
1999-11-11 22:11:03 +00:00
norris%netscape.com
7cd400a26f
* Fix the following bugs by tightening the default security policy.
...
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com
* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org
142ac52eaf
updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org
1999-11-06 03:43:54 +00:00
tbogard%aol.net
10ded258a5
Changed NS_ENSURE_NOT to NS_ENSURE_FALSE to reflect API change. r=hyatt
1999-11-01 21:43:56 +00:00
norris%netscape.com
e5c170a049
work on bug 7270.
...
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
warren%netscape.com
f50d3df7c0
Added nsIChannel::GetOriginalURI so that we can get back to the original chrome file (bug#17144). r=rpotts,mscott
1999-10-26 09:16:24 +00:00
norris%netscape.com
4ad2862afa
Use NS_GET_IID, remove dead code, clean up error conditions for XPConnect security calls.
...
r=jband
1999-10-25 22:22:16 +00:00
law%netscape.com
bc2cea9398
Fixes for bug #16789 ; permit OpenDialog to work on hidden window even if document load has not completed yet; r=norris@netscape.com, r=danm@netscape.com
1999-10-20 01:25:41 +00:00
norris%netscape.com
24633793d5
Remove references to unsupported JVM_ calls. Needed for bug 16577.
...
r=shaver
1999-10-19 21:45:29 +00:00
norris%netscape.com
283946a4e4
Fix a Unix warning by removing an unused local variable
1999-10-14 23:49:36 +00:00
norris%netscape.com
822d5724d3
Work on 15824 bad refcounting in nsCodebasePrincipal
...
Attempt to discover problem with additional assertions
reviewed by mstoltz@netscape.com
1999-10-12 22:52:49 +00:00
norris%netscape.com
46bb0d4e8a
Fix part of 5403 Services improperly released: Use NS_WITH_SERVICE
...
reviewed by mstoltz@netscape.com
1999-10-12 22:51:54 +00:00
kipp%netscape.com
65f6ba5343
Cleanup moz-decl-counter usage and fix NS_LOG_ADDREF usage
1999-10-08 20:41:19 +00:00
norris%netscape.com
ef04da8809
Fix 15618 [CRASH] JS assertion on table regression test
...
Reviewed by rogerl@netscape.com .
1999-10-06 21:12:21 +00:00
norris%netscape.com
716e97dd9c
Fix 15458 "onLoadHandler does not work"
...
Reviewed by mstoltz.
1999-10-05 04:08:14 +00:00
waterson%netscape.com
2efd076b82
Bug 15367. Dump 'class' instead of 'file/line' for NS_LOG_REFCNT. r=shaver,dp
1999-10-05 00:07:54 +00:00
beard%netscape.com
9eae33066d
changed from directly using "MSL DropInRuntime.Lib" to using "NSComponentStartup.o" to enable GC leak detector. r=smfr
1999-10-03 20:46:23 +00:00
rjc%netscape.com
5f3ca2b087
Fix problem with nsSecurityManagerFactory conversion to be a nsIModule. Patch from peterl@netscape.com. Review: me.
1999-10-02 20:19:23 +00:00
rjc%netscape.com
f477d85f4b
Temporarily turning off the changes to nsSecurityManagerFactory to make it a nsIModule due to problem at startup.
1999-10-02 19:24:05 +00:00
norris%netscape.com
d21c5596fd
Fix the following bugs:
...
14443 "Same origin" security policy may be circumvented using docu
14820 Fixing up the relationship between nsCodeBasePrincipal and n
14919 Crash in JS MM code
Reviewed by mstoltz, approved by scc.
1999-10-02 03:41:37 +00:00
rjc%netscape.com
38e1d06d8d
Bug # 14034: Convert to nsIModule to prepare for memory leak fixing. Review: dp@netscape.com
1999-10-02 00:48:02 +00:00
sfraser%netscape.com
50971ff0c1
Bug 14877 -- lib/xp removal; removed unneeded files. r sdagley, a chofmann.
1999-09-26 00:41:31 +00:00
mscott%netscape.com
54e572a820
Bug #14815 --> fix some ref counting problems between nsJSPrincipal and nsCodebasePrincipal. nsCodeBasePrinciapl
...
was always getting leaked. And since it held onto the document's nsIURI, our uri's were getting leaked to.
r=brendan,a=chofmann.
1999-09-24 06:18:55 +00:00
norris%netscape.com
c99b609910
Add ability to disable JS. Fix 13978 shopping at webvan.com crashes
1999-09-17 20:13:52 +00:00
norris%netscape.com
2b35be101c
Remove nsPrincipalManager.h
1999-09-15 21:30:10 +00:00
norris%netscape.com
9acf604770
Add security support for javascript: uris.
1999-09-15 20:58:41 +00:00
norris%netscape.com
0865f1cdaa
Create preferences for security checks.
...
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
1999-09-15 04:05:43 +00:00
norris%netscape.com
350b2d64a7
Fix arielb warnings.
1999-09-13 23:23:54 +00:00
norris%netscape.com
6ce2283719
Remove unused files.
1999-09-13 20:10:24 +00:00
briano%netscape.com
4f8c7d2d53
General cleanup.
1999-09-10 08:53:30 +00:00
norris%netscape.com
88708be24d
Makefile.in: remove unused file
...
nsScriptSecurityManager.cpp: Fix CheckURI problems (but still disabled)
nsSecurityManagerFactory.cpp: Make registration string match convention
1999-09-09 13:47:16 +00:00
alecf%netscape.com
ec49081f52
caps doesn't need libxp anymore
1999-09-09 06:29:32 +00:00
don%netscape.com
fe371d4b25
Temporarily disabled CheckURI so the Manage Bookmarks dialog and other windows work again. Norris will fix the window.open problem later.
1999-09-08 04:25:14 +00:00
norris%netscape.com
20a52a4fa4
disable XPConnect security check, perhaps related to test failure. Getting reports of failures on Mac at least.
1999-09-07 22:29:56 +00:00
norris%netscape.com
dcf88dfe3b
Fix build breakage: full #include needed.
1999-09-07 21:26:56 +00:00
norris%netscape.com
eb23e76298
Fix bug 13253.
...
Enable restrictions on use of Components array from web JavaScript.
1999-09-07 20:40:20 +00:00
norris%netscape.com
2d8e12375f
* Add checks on urls formed from web scripts
...
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
1999-09-07 02:54:19 +00:00
shaver%netscape.com
65115e55ff
quell assignment-as-boolean warning
1999-09-05 05:28:28 +00:00
bruce%cybersight.com
0ae97d3196
Use nsAllocator not new[] for char* data.
1999-09-03 14:15:03 +00:00
briano%netscape.com
51d59f6f69
Cleaned it up and eliminated the pointless #!gmake.
1999-09-01 23:27:16 +00:00
norris%netscape.com
3c9549d8f6
added files: mozilla/caps/idl/nsICodebasePrincipal.idl, mozilla/caps/idl/nsICertificatePrincipal.idl, removed files: mozilla/caps/idl/nsIPrivilege.idl, mozilla/caps/idl/nsICapsSecurityCallbacks.idl, mozilla/caps/idl/nsITarget.idl, mozilla/caps/idl/nsICapsManager.idl, mozilla/caps/idl/nsIPrincipalArray.idl, mozilla/caps/idl/nsIPrincipalManager.idl, mozilla/caps/idl/nsIPrivilegeManager.idl
1999-09-01 02:03:02 +00:00
kipp%netscape.com
b92bd76cbb
Make it build on unix
1999-09-01 01:50:01 +00:00
norris%netscape.com
91d105de8f
nsIPrincipalManager.idl removed.
1999-09-01 01:34:11 +00:00