Граф коммитов

527 Коммитов

Автор SHA1 Сообщение Дата
mstoltz%netscape.com d0eab90dbb Bug 154930 - If one page has explicitly set document.domain and another has not,
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
harishd%netscape.com 23d9c4988e Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst 2002-07-02 23:26:08 +00:00
mstoltz%netscape.com 6e12a5ca9f Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
harishd%netscape.com 0031d01a28 Backing out my checkin to see if it fixes the Txul breakage 2002-06-27 23:32:51 +00:00
harishd%netscape.com 5ce8f55dd0 ** checking in for mstoltz **
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst
2002-06-27 20:58:42 +00:00
mstoltz%netscape.com 6f5d99be4c 133170 - Need to re-check host for security on a redirect after a call to
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
dougt%netscape.com c683a217ab Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 2002-05-15 18:55:21 +00:00
darin%netscape.com 6fd5862e6e fixes bug 142870 "nsIFile should use UCS-2 instead of UTF-8"
r=dougt sr=alecf
2002-05-07 23:07:19 +00:00
ben%netscape.com 7d003ba281 [Chrome FastLoad]
Ensure that principals are written as Compound Objects using |WriteCompoundObject|, not using |WriteObject|
r=mstoltz, sr=brendan
2002-05-03 03:00:46 +00:00
darin%netscape.com e554d83626 fixes bug 129279 "nsIFile unicode/utf8/ascii task"
r=dougt sr=alecf
2002-04-27 05:33:09 +00:00
mstoltz%netscape.com 8b4ac18c14 Bug 136993 - Put the "trusted codebase principals" feature back in.
r=harishd, sr=jst, a=valeski
2002-04-13 01:53:46 +00:00
darin%netscape.com e73746ce67 fixes bug 134546 "Memory leak in nsScriptSecurityManager::GetBaseURIScheme()"
patch=pj@ludd.luth.se, r=mstoltz, sr=darin, a=rjesup@wgate.com
2002-04-03 20:23:57 +00:00
mstoltz%netscape.com 03fe97372a A bunch of fixes in caps:
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
timeless%mac.com dec943eb10 Bug 106386 rid source of misspellings
r=db48x sr=blake a=asa
2002-03-19 04:30:17 +00:00
alecf%netscape.com e5d4028f9d fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed
(and not leaked!)
r=mstoltz, sr=vidur, a=asa
2002-03-10 00:41:08 +00:00
rginda%netscape.com 35fde24f6c Bug 129503, "IsCapabilityEnabled should return PR_TRUE if no script on stack"
sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
.  Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native.  If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)
2002-03-08 02:20:55 +00:00
darin%netscape.com f1a6738b6c fixes bug 124042 "support internationalized URIs" r=dougt, sr=alecf, a=asa 2002-03-06 07:48:55 +00:00
jband%netscape.com 3ac1b33f9c remove stale DEBUG_jband block. rs=jband a=dbaron 2002-03-05 08:02:05 +00:00
mstoltz%netscape.com 18c8067fae Bug 127938 - chrome scripts should be exempt from the security check put in for
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
2002-02-28 00:22:59 +00:00
mstoltz%netscape.com 75f6bd3583 partially backing out my last change - weird dependency problem 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com 82659b14ca 32571, present confirmation dialog before allowing scripts to close windows.
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
2002-02-26 04:50:21 +00:00
jst%netscape.com beae4f7953 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 2002-02-20 05:51:05 +00:00
cathleen%netscape.com 124339899e eliminate nsCRT::strlen for char* strings (part 1), bug 124536 r=dp sr=brendan 2002-02-19 07:36:56 +00:00
mcafee%netscape.com 1a3a52cce7 Backing out mstoltz. r=dbaron,jrgm 2002-02-19 04:06:53 +00:00
mstoltz%netscape.com cc94447571 Bug 105050 - return null window.opener to scripts if opener is a mail window.
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
2002-02-19 01:09:45 +00:00
mkaply%us.ibm.com cbcd4c677a OS/2 bustage - callback needs to be in header 2002-02-13 13:30:06 +00:00
mstoltz%netscape.com 4756b7169c Bug 119646 - Rewrite of the security manager policy database for improved
performance. r=jst, sr=jband.
2002-02-13 04:20:46 +00:00
alecf%netscape.com 5483b6f627 one more part of fix for bug 107575, including the much coveted whitespace
remove aIgnoreCase parameter from all nsString and nsCString consumers
sr=jag, r=shaver
2002-02-01 01:53:09 +00:00
sfraser%netscape.com d133d4956f Making the nsModuleComponentInfo data const; bug 74803. r=dp, sr=waterson 2002-01-30 21:14:20 +00:00
seawood%netscape.com 45bfbf0658 Landing the rest of the win32 gmake changes:
* Adds Makefile.ins to win32 specific dirs
* Adds WINNT ifdefs to Makefile.ins
* Causes NSPR to be compiled with --with-mozilla
* Misc general Makefile.in cleanup

Bug #58981 r=mcafee
2001-12-18 09:14:29 +00:00
jaggernaut%netscape.com 97b0530073 Bug 104158: Use NS_LITERAL_STRING instead of XXXWithConversion("..."). r=bryner, rs=alecf 2001-12-16 11:58:03 +00:00
mstoltz%netscape.com cb9ae92896 Bug 107387 - rename security.properties to caps.properties. r=nhotta, rs=jst. 2001-12-12 04:43:35 +00:00
ccarlen%netscape.com 993cd4c06f Bug 98349 - Convert Mac build to CW7 and XML projects. Removing obsolete .mcp files. r=pink/sr=sfraser 2001-12-11 04:54:47 +00:00
ccarlen%netscape.com 6d8ea78b52 Adding new files for conversion to CW7 and XML project files. Bug 98349 r=pink/sr=sfraser. 2001-12-10 20:25:12 +00:00
mstoltz%netscape.com 3c9f658ac2 Bug 109113 - misplaced #ifdef DEBUG caused fix not to work in opt builds.
Moved #endif to exclude important call. r/sr=jst.
2001-11-27 00:29:20 +00:00
jband%netscape.com ee23501c42 trivial patch to make what is supposed to be a warning really a warning instead of an assert. rs=jband 2001-11-22 23:26:34 +00:00
peterv%netscape.com 99fc30ce49 Fixing mac debug bustage. Patch suggested by jst, sr=jst. 2001-11-16 10:50:33 +00:00
mstoltz%netscape.com 25276e6b94 Bug 109113, second half of fix. r=jst, sr=brendan. Adding new CheckObjectAccess
callback to enforce the same-origin policy on function.caller.
2001-11-16 06:17:24 +00:00
dbaron%fas.harvard.edu 8cd8d91750 Ensure that string literals are used as |const char*| rather than |char*|. r=jag sr=brendan b=107052 2001-11-07 06:24:10 +00:00
seawood%netscape.com be10c3b1a8 Backing out fix for remote mach-o builds as it left mach-o builds fragile.
Add TK_CFLAGS back to default CFLAGS/CXXFLAGS.
Bug #107696
2001-11-03 03:29:05 +00:00
seawood%netscape.com 8a2a775382 Since '-framework Carbon' causes binaries to require console access to run, do not link using that flag by default. Otherwise, remote builds & non-console tinderboxes will break. Mac OSX Mach-O only.
Bug #107696 r=mozbot
2001-11-01 00:54:48 +00:00
mstoltz%netscape.com f634fa73d2 bug 106535, adding the ability to enable codebase principals for a single host
instead of for all hosts. r=vidur, sr=jst.
2001-10-26 23:00:48 +00:00
jaggernaut%netscape.com 45107c0d97 Bug 53057: Fixing up users of implicit |CharT*| conversion operators for nsCString to use |.get()| instead, rr=dbaron, rs=scc 2001-10-25 06:13:52 +00:00
bnesse%netscape.com 73c9a1111f Fix for bug 103883. Add weak ref support for prefs observers to help reduce MLK cycles with preferences. r=ccarlen, darin, gordon, hewitt, mstoltz, srilatha, sspitzer. sr=alecf. 2001-10-22 20:54:48 +00:00
dougt%netscape.com d18d7e2b17 nsIObserver and nsIObserverService API freeze. r=rpotts@netscape.com, alecf@netscape.com. bug 99163 2001-10-19 20:52:59 +00:00
bzbarsky%mit.edu 8986a0ad12 Make CAPS correctly observe changes to capability.policy prefs. Needed
for having UI for these suckers.  Bug 101150, r=mstoltz,sr=jst
2001-10-02 21:56:51 +00:00
jaggernaut%netscape.com ca6197295f Bug 100476: Convert uses of member functions ToNewUnicode, ToNewCString and ToNewUTF8String to their global versions and remove support from nsCString and nsString. r=dbaron, rs=scc 2001-09-29 08:28:41 +00:00
gerv%gerv.net 11248436dd License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 2001-09-25 01:03:58 +00:00
gerv%gerv.net 1856815ff1 Oops. 2001-09-20 00:02:59 +00:00
scc%mozilla.org 102170b2a0 bug #98089: ripped new license 2001-09-19 20:09:47 +00:00
jaggernaut%netscape.com d1a7bfa843 One module per line for REQUIRES. r=/sr=alecf 2001-09-18 22:01:13 +00:00
jaggernaut%netscape.com dc40187223 Bug 73353: splitting the modules on the REQUIRES lines in Makefile.in across multiple lines to more clearly show the changes made. sr=alecf 2001-09-18 13:41:47 +00:00
alecf%netscape.com 1e0e7dd033 Add REQUIRES to many modules for win32 support, bug 98372 r=cls 2001-09-12 20:32:40 +00:00
jband%netscape.com 14bd719214 attempt to fix HP-UX and and some other Unix bustages. r=cls 2001-08-29 07:24:39 +00:00
mstoltz%netscape.com 3f22e806ad bug 86799, adding support for wildcard security policies of the form
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.
2001-08-29 02:05:48 +00:00
dbaron%fas.harvard.edu 113ad642ae Replace uses of deprecated NS_IMPL_ISUPPORTS and NS_IMPL_QUERYINTERFACE macros with NS_IMPL_{ISUPPORTS,QUERYINTERFACE}{1,0}. r=jag rs=brendan b=45797 2001-08-21 01:48:11 +00:00
sfraser%netscape.com 529028c336 Project cleanup, rs=scc. Don't link with OJI, which is a component. 2001-08-15 23:09:21 +00:00
cls%seawood.org a3c1dd1b09 Use NS_PTR_TO_INT32 macros to do 64-bit safe pointer conversions.
Bug #20860 r=Roland.Mainz@informatik.med.uni-giessen.de sr=brendan@mozilla.org
2001-08-14 07:59:59 +00:00
mstoltz%netscape.com 880f5907bc 86984 - make history.length sameOrigin-accessible. Security prefs change.
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
2001-08-14 00:18:58 +00:00
brendan%mozilla.org 9e5cfdfda2 Shrink principals struct back to where it was last week -- but it could go further (93043, r=shaver, sr=jst). 2001-08-09 01:15:57 +00:00
brendan%mozilla.org 01d4c02b07 I'm such a C luddite. 2001-08-07 04:45:27 +00:00
brendan%mozilla.org 49c0102cdf Restore scriptable nsIClassInfo.classID but add fast/C++-only classIDNoAlloc; define and use nsIClassInfo::EAGER_CLASSINFO in caps (93792, sr=waterson&jst). 2001-08-07 03:59:29 +00:00
mstoltz%netscape.com 1b5e7659c9 82495 - Support for the view-source protocol in CheckLoadURI
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
2001-08-02 20:32:48 +00:00
brendan%mozilla.org dbd7fed5b1 FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver. 2001-07-31 19:05:34 +00:00
jaggernaut%netscape.com e91f8a147e Bug 86734: Remove NS_WITH_SERVICE. r=dbaron, rs=scc, a=asa 2001-07-25 07:54:28 +00:00
jaggernaut%netscape.com cb0faab070 Bug 73353: clean up the REQUIRES lines in Makefiles. 2001-07-23 22:36:12 +00:00
dbaron%fas.harvard.edu aa4fec2b67 Header include dependency cleanup. b=64023 r=jag rs=brendan 2001-07-16 02:40:48 +00:00
mstoltz%netscape.com f3d9b0caa1 Bug 77485 - defining a function in another window using a targeted javascript:
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
2001-07-13 07:08:26 +00:00
jaggernaut%netscape.com 5a6317b8a5 Bug 88413: Remove |GetUnicode()| from nsString (and replace it with |get()|). r=dbaron, rs=scc.
This removes all call-sites I can currently fix. Tomorrow I'll try to get someone to checkin my changes to security/ and I'll get some help with the Netscape side of things.

nsString::GetUnicode()'s final death-blow will be dealt soon. Please keep this in mind as you add new code :-)
2001-06-30 11:02:25 +00:00
mstoltz%netscape.com f4de90c798 86019 - Change stack-walking code in caps to keep functions from inheriting privileges
from their caller. r=jesse@netscape.com, sr=jst@netscape.com, a=asa@mozilla.org, PDT+

86982 - Add same-origin security check to XMLDocument::Load(). r,a=blizzard@mozilla.org,
sr=jst@netscape.com

84191 - Fixing regression in Open URL dialog by not calling CheckLoadURI when it isn't
needed. r=cmanske@netscape.com, sr=sfraser@netscape.com, a=asa@mozilla.org
2001-06-22 02:08:10 +00:00
waterson%netscape.com b74d6e1c8b Land STATIC_BUILD_20010612_BRANCH, which supports building mozilla with components statically linked into the executable, as well as 'meta modules' that combine components into uber-DLLs. 2001-06-20 20:21:49 +00:00
dbaron%fas.harvard.edu 9d35ed31a4 Fix bad getters on nsIDocument and nsIScriptContext to use out params rather than return |AddRef|ed pointers. b=81289 r=jaggernaut sr=jst a=asa 2001-06-20 03:27:48 +00:00
scc%mozilla.org a8fb409c6e bug #85271: sr=waterson, r={beard, jag, dbaron}, a=asa. Eliminate features of |nsXPIDLC?String| that keep it out of the string hierarchy (i.e., using assigment to rebind ownership, static |Copy| members, and |getter_Shares|), fixing some leaks in the process. 2001-06-17 05:23:38 +00:00
mstoltz%netscape.com d6e2839371 bug 77485 - exploit inserting a function into another window using targeted
javascript URL links. Two-part fix: moving the call to GetCurrentDocumentOwner
in nsDocShell::LoadInternal to before the target docshell is called, and
changing nsScriptSecurityManager::GetFunctionObjectPrincipal to only get
the principal from the function object's scope chain if the function object's
principal is the system principal. r=jst, sr=vidur, a=asa.
2001-05-30 02:22:22 +00:00
ddrinan%netscape.com 24e6ca57c8 PCKS7 implementation for signed JS. Bug# 82227 r=mstoltz@netscape.com,sr=blizzard@mozilla.org,a=blizzard@mozilla.org 2001-05-23 22:06:43 +00:00
mstoltz%netscape.com 8c0cd58b30 Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 2001-05-19 00:33:51 +00:00
blizzard%redhat.com 678b80f10b Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com 11f7b8f900 Bug 47905 - adding security check for XMLHttpRequest.open.
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com
2001-05-18 06:56:29 +00:00
mstoltz%netscape.com f9c13993e0 Fixing bug 78831 - treat chrome and resource URLs the same in the
URL loading check and give them access to each other. r=pavlov,
 sr=brendan. This allows us to turn on the fix (already reviewed)
for 69070.
2001-05-15 22:47:21 +00:00
mstoltz%netscape.com 6758786117 *** empty log message *** 2001-05-15 06:43:12 +00:00
mstoltz%netscape.com 475bbed189 bug 79445, fixing crash with some event handlers (null pointer dereference)
r/sr=brendan@mozilla.org. Also fixed a typo in prefs that would have reopened
bug 56009.
2001-05-15 04:44:54 +00:00
mstoltz%netscape.com 4e73efe1f2 bug 79916 - was using | instead of &, causing a security hole. r=jband, sr=brendan. 2001-05-11 00:53:21 +00:00
mstoltz%netscape.com 59c995612e Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com,
sr=brendan@mozilla.org
2001-05-11 00:43:27 +00:00
dmose%netscape.com ac5e8e044c more REQUIRES bustage fixing for senna; unicharutil dependency has been introduced because caps wants nsIDocShell which wants nsIPresContext 2001-05-10 18:48:46 +00:00
jst%netscape.com 9cc635ad1c Temporary workaround for the composer and other related problems caused by security manager problems, change by mstoltz@netscape.com, r=jst@netscape.com 2001-05-09 02:53:46 +00:00
jst%netscape.com f7460d0269 Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 2001-05-08 16:46:42 +00:00
ccarlen%netscape.com ac8ff4c8ea Bug 78745 - nsIPromptService::ConfirmEx needs to be more flexible. r=valeski, sr=sfraser 2001-05-06 15:03:55 +00:00
kandrot%netscape.com afdac97c93 Check in for Ron Guilmette. r=shaver, sr=waterson. For intl r=nhotta. Changes for NS_IMPL_NSGETMODULE. bug #46775. 2001-05-05 05:33:37 +00:00
mkaply%us.ibm.com 4a13c64481 #76913
r=mstoltz, sr=brendan
Fix some calling convention - PR_ to JS_
2001-05-02 00:02:59 +00:00
cls%seawood.org 00f28396a9 Set EXPORT_LIBRARY=1 in all pertinent Makefile.ins. Allows us to build the final link list as we traverse the tree. Bug #46775 2001-04-28 19:48:12 +00:00
valeski%netscape.com 00bca056ef mozilla diffs r=tao, sr=alecf, commercial diffs r=syd, sr=syd/shaver. lower-casing JS calls to createBundle. removing un-used nsILocale param from nsIStringBundle::CreateBundle(). 76332 2001-04-27 21:30:24 +00:00
sfraser%netscape.com 245d4eb76f Backing out valeski 2001-04-27 05:53:22 +00:00
valeski%netscape.com 54db7dffa3 mozilla tree r=tao, sr=alecf. commercial tree r=syd, sr=syd/shaver. lowercasing the first char in JS method calls to createBundle. removing the dead locale parameter in the CreateBundle() method call. 76332 2001-04-27 04:16:22 +00:00
bnesse%netscape.com 000d1011d5 Prefs API refactoring. Bug #46863. r=valeski, sr=alecf. 2001-04-26 18:41:11 +00:00
ccarlen%netscape.com c8128a5765 Bug 46859 - Remove UniversalDialog. r=valeski/sr=rpotts,sfraser/a=blizzard 2001-04-21 00:26:18 +00:00
bryner%uiuc.edu 97e89fd687 Backing out bnesse's fix for bug 46863 due to numerous types of runtime bustage on linux and windows. a=brendan. 2001-04-20 06:45:56 +00:00
bnesse%netscape.com b0baaeabc3 Landing PrefAPI refactoring bug 46863. r=valeski, sr=alecf, a=blizzard. 2001-04-19 22:21:39 +00:00
mstoltz%netscape.com 2b6e6516d2 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).
r=beard, sr=hyatt
2001-04-17 01:21:44 +00:00
dbaron%fas.harvard.edu 36a5d4dd8d Fix leaks of global objects. b=76091 r=mstoltz@netscape.com sr=hyatt@netscape.com 2001-04-17 00:12:28 +00:00
shaver%mozilla.org a0daa1645d 75152: Remove GetVersionNumber stub in favour of upcoming, less-invasive
preloader strategy. r=jag, sr=attinasi.
2001-04-11 14:23:13 +00:00
disttsc%bart.nl 72cea9bb38 Clean up MODULE/REQUIRES, bug=73353, r=cls 2001-04-08 08:33:11 +00:00
dbaron%fas.harvard.edu f332609125 Fix MOZ_TRACK_MODULE_DEPS (senna tinderbox) bustage by adding new header file dependencies to REQUIRES. 2001-04-07 04:29:01 +00:00
danm%netscape.com 33594c68ff removing use of nsNetSupportDialog. bug 72112 continued. r=hyatt,morse,mstoltz,various 2001-04-07 03:33:56 +00:00
dprice%netscape.com 8c0b9eaf97 65845 - new order files 2001-04-05 06:02:32 +00:00
rickg%netscape.com 169a621d42 preloader update. r=peterl, sr=attinasi 2001-04-03 22:58:59 +00:00
disttsc%bart.nl dacbb4faa9 Add "gfx2" and "imglib2" to REQUIRES lines in Makefile.in for MOZ_TRACK_MODULE_DEPS builds (e.g. senna) 2001-03-30 10:39:06 +00:00
disttsc%bart.nl 10f34c2758 Fix MOZ_TRACK_MODULE_DEPS bustage 2001-03-23 08:44:39 +00:00
disttsc%bart.nl 04dec4f28a Fix MOZ_TRACK_MODULE_DEPS bustage. 2001-03-23 08:16:59 +00:00
mstoltz%netscape.com 519500116e Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi.
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.
2001-03-23 04:22:56 +00:00
blakeross%telocity.com dbb8a13378 Fix 49334: gopher support, minor restructuring of directory viewer. necko: r=darin,dougt sr=rpotts other: r=waterson,mstoltz,jag sr=alecf
Fix 70404: assertions or datetime and finger. r=dougt, sr=rpotts

Both patches by Bradley Baetz (bbaetz@cs.mcgill.ca)
2001-03-14 02:42:39 +00:00
dprice%netscape.com edb387e49c 71057 sr=waterson new order files. NOT PART OF THE REGULAR BUILD 2001-03-13 10:47:37 +00:00
valeski%netscape.com 68017cb9e2 sr=rpotts, r=gagan. 70743. switching over to new extensible URI::SchemeIs() api 2001-03-13 02:02:05 +00:00
suresh%netscape.com 2b0091da37 Adding aim protocol to the list. No Specific bug number. r=syd. sr=mstoltz 2001-03-07 05:58:45 +00:00
beard%netscape.com 3d142549b8 Switch from NS_STATIC_CAST to NS_REINTERPRET_CAST to fix bustage on Mac. r=mstoltz 2001-03-02 01:13:35 +00:00
mstoltz%netscape.com 33c8110175 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 2001-03-02 00:09:20 +00:00
dprice%netscape.com 199c935b04 # 65845 sr=waterson, new order files will greatly reduce the number of link warnings. 2001-02-27 04:38:19 +00:00
mstoltz%netscape.com 6ddb173736 bug 63451 - moved signature verification functions from nsIZipReader to nsIJAR. r=sgehani, sr=shaver 2001-02-23 00:15:04 +00:00
disttsc%bart.nl a6f2f5861a Mass REQUIRES update to synch up with string lib and xul changes in an attempt to fix senna bustage. r=jst, sr=cls 2001-02-22 09:35:51 +00:00
mstoltz%netscape.com 5dbb3f0b61 Bug 66331, nsCodebasePrincipal::GetOrigin needs to specify the port
if nonstnandard. Fixes a bug in LiveConnect. r=dougt, sr=jband.
2001-02-14 00:27:34 +00:00
dprice%netscape.com 10d25d3581 65845 First cut of the order files 2001-02-13 02:34:59 +00:00
beard%netscape.com 7f321c0039 fix for bug #63466, r=mstoltz, sr=brendan, a=leaf 2001-02-12 07:47:28 +00:00
gagan%netscape.com 79713bc4c2 Optimization for scheme comparison of URIs. See bug 66577 for details. r=darin, sr=brendan@mozilla.org 2001-01-31 01:33:03 +00:00
mstoltz%netscape.com 41054417f6 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 2001-01-27 01:42:20 +00:00
bryner%uiuc.edu e0ba7c504e Removing .cvsignore file so this directory will go away. Not part of build. 2000-12-28 21:08:29 +00:00
jband%netscape.com b3d21fb8f4 fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 2000-11-30 05:32:08 +00:00
cls%seawood.org 66a18fcbbf Resurrect REQUIRES so that we have some sort of means to track intermodule dependencies. Bug #59454 r=blizzard@mozilla.org 2000-11-20 07:16:06 +00:00
dbaron%fas.harvard.edu 5dd72c255e Make nsDestroyJSPrincipals stop confusing the leak stats by calling AddRef, but not when the refcount is 0. r=mstoltz@netscape.com sr=brendan@mozilla.org b=59135 2000-11-08 03:06:57 +00:00
mstoltz%netscape.com e875395364 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan.
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan
2000-11-07 01:14:08 +00:00
mstoltz%netscape.com 886042fb63 Bug 57937, signed frames denied access to unsigned frames. r=mccabe, sr=brendan 2000-10-30 20:05:07 +00:00
warren%netscape.com cd56c0575b Bug 47207. Backing out logging/PRINTF changes until we can fix stopwatch.h, introduce double parens, etc. 2000-10-28 22:17:53 +00:00
warren%netscape.com 9a6d92a433 Bug 47207. Changing printf to PRINTF to use new logging facility. r=valeski,sr=waterson 2000-10-27 22:43:51 +00:00
mscott%netscape.com 729c07b2f0 Bug #48403 --> don't allow JS running in a mailnews sand box to change the name of it's containing iframe.
this code was contributed by mstoltz.
r=beard, sr=mscott
2000-10-24 00:52:02 +00:00
pollmann%netscape.com 3da7c0c668 Bug 13871: Prevent frameset spoofing r=mstoltz, sr=mscott, a=rpotts 2000-10-19 10:25:49 +00:00
mstoltz%netscape.com f1137e89ec Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc 2000-10-13 22:59:47 +00:00
mstoltz%netscape.com b3f1af8772 Fixing 52497, security problem in document.implementation, r=jst a=brendan 2000-09-20 23:38:28 +00:00
warren%netscape.com 181bb2dcb2 Landing jar packaging from jar_restructuring_branch. r=hyatt,dprice,sfraser,dveditz,vishy,sgehani 2000-09-20 19:35:24 +00:00
jband%netscape.com 267dc6688d fix memory corruption bug 52382. r=mstoltz 2000-09-14 08:48:53 +00:00
rayw%netscape.com 0257791053 Bug 37275, Changing value of all progids, and changing everywhere a progid
is mentioned to mention a contractid, including in identifiers.

r=warren
2000-09-13 23:57:52 +00:00
jdunn%netscape.com fbf1607c62 Fix warning which requires a return value from functions
r= brendan@mozilla.org scc@mozilla.org
#= 52254
2000-09-13 11:29:18 +00:00
mstoltz%netscape.com c063d33489 bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 2000-09-09 00:53:21 +00:00
mstoltz%netscape.com 63ce73fabf bug 50304, adding "static" to security policy struct, should save some memory and time. r=rogerl 2000-09-07 19:03:23 +00:00
scc%mozilla.org 084f48c90f more GCC fixes 2000-09-03 06:41:18 +00:00
jtaylor%netscape.com 85b41b9623 Not part of build. Adding security regression test suite driver (mozDriver). 2000-08-29 21:50:56 +00:00
dp%netscape.com e5e279fe36 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com ea5d41851a Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 2000-08-22 02:06:52 +00:00
warren%netscape.com a94aa1aa52 Fix for hash code performance problem discovered by bienvenu. 'Sampling' hash code was statistically evil. 2000-08-20 21:29:10 +00:00
shaver%mozilla.org f66cde2438 Fix 47354 and 39975 by providing a system-privileged scope backstop for
JS Components, and teaching the ScriptSecurityManager to check for
XPC-wrapped native objects in the scope chain when looking for an
object's principal. r=jband/a=brendan
2000-08-16 04:01:02 +00:00
dougt%netscape.com c3182f98ef Changing the nsDirectoryService define. This should have been done with the rest of the nsDirectorySerivce changes. r=conrad. 2000-08-14 22:38:27 +00:00
jtaylor%netscape.com e2560fe87a Fixes bug #45877. r=mstoltz. 2000-08-11 03:11:24 +00:00
warren%netscape.com 84b5fd67e3 Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson 2000-08-10 06:19:37 +00:00