Граф коммитов

941 Коммитов

Автор SHA1 Сообщение Дата
Robert Sayre 2b6095f93d Merge mozilla-central to tracemonkey. 2010-09-10 11:47:11 -04:00
Luke Wagner 719f726121 Bug 581263 - remove slow natives (r=waldo,mrbkap) 2010-08-16 12:35:04 -07:00
Michael Wu 6937d281d7 Bug 556644 - 4. Fix tests, r=bsmedberg a=blocking2.0
--HG--
rename : caps/tests/mochitest/test_bug292789.html => caps/tests/mochitest/test_bug292789.html.in
2010-08-10 15:18:40 -07:00
Boris Zbarsky 7e4b4c8184 Bug 593026. Make it possible to get the system principal from script. r=jst a=jst 2010-09-07 15:10:41 -04:00
Bjarne ed732b9f7f Bug 546606 - Make redirect API async - part 2; r=honzab.moz,cbiesinger,bjarne,jst sr=jst 2010-08-04 22:15:55 -04:00
Igor Bukanov 7ae0ecc9d3 bug 571789 - merging JSObjectOps and JSExtendedClass into JSClass. r=jorendorff 2010-06-12 18:29:04 +02:00
Igor Bukanov 9842e59608 Backed out changeset 7b2b90efe57d -- the patch was landed against a tree with a lot of orange. This will hinder the orange resolution. 2010-07-28 14:36:06 +02:00
Igor Bukanov 781e5c46d7 bug 571789 - merging JSObjectOps and JSExtendedClass into JSClass. r=jorendorff 2010-06-12 18:29:04 +02:00
Luke Wagner 7371ad00ed Bug 549143 - fatvals 2010-07-14 23:19:36 -07:00
Saint Wesonga 4bd9280674 Bug 562387 - Convert NS_NEWXPCOM/NS_DELETEXPCOM to new/delete. r=bsmedberg 2010-07-05 11:42:18 +02:00
Dão Gottwald b2124655df Backed out changeset 59ace8d80ce8 2010-07-04 22:01:13 +02:00
Saint Wesonga 8952503f91 Bug 562387 - Convert NS_NEWXPCOM/NS_DELETEXPCOM to new/delete. r=bsmedberg 2010-07-04 21:39:17 +02:00
Benjamin Smedberg e17740e1ab Merge mozilla-central to the bug 568691 branch.
--HG--
rename : gfx/public/nsITheme.h => gfx/src/nsITheme.h
2010-06-30 14:23:23 -04:00
Benjamin Smedberg a73308ef4b Bug 568691 - Add CID data back to classinfo because it's required for fastload to work correctly. 2010-06-22 12:59:57 -04:00
Benjamin Smedberg a7e67d32ad Bug 568691 part B - mechanical changes to in-tree binary modules needed to get them building and registering correctly. After this patch, xpcshell appears to work. 2010-06-10 14:11:40 -04:00
Ehsan Akhgari 3e874ca35e Bug 519928 - IFRAME inside designMode disables JavaScript, breaking current clickjacking defenses; r=Olli.Pettay
--HG--
extra : rebase_source : 7d01d90f59e60b63e64b96bb655937fe0d0c879a
2010-06-04 17:03:50 -04:00
Dão Gottwald 0978149cf3 Backed out changeset db6f8068e9a5 2010-06-29 17:49:21 +02:00
Saint Wesonga c81affe35c Bug 562387 - Convert NS_NEWXPCOM/NS_DELETEXPCOM to new/delete. r=bsmedgerg 2010-06-29 17:14:36 +02:00
Ehsan Akhgari c06468921a Backed out changeset d1cbe16de6bf to fix oranges 2010-06-28 15:29:30 -04:00
Ehsan Akhgari 741c672888 Bug 519928 - IFRAME inside designMode disables JavaScript, breaking current clickjacking defenses; r=Olli.Pettay 2010-06-04 17:03:50 -04:00
Dan Witte 7c610ca8ac Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst 2010-06-08 16:43:54 -07:00
Robert Sayre 2a3fb0fb81 Merge mozilla-central to tracemonkey. 2010-05-24 09:05:39 -07:00
Robert Sayre 5da1b58f01 Merge mozilla-central to tracemonkey 2010-05-17 13:55:37 -04:00
Olli Pettay 927111fb28 Bug 549682 - Port the message-manager API to mozilla-central, r=jst 2010-05-18 15:28:37 +03:00
Olli Pettay 1c104f5606 Backout Bug 549682 2010-05-18 13:10:47 +03:00
Olli Pettay c719bc6e84 Bug 549682 - Port the message-manager API to mozilla-central, r=jst
--HG--
extra : rebase_source : 45b28a7762428193873a636fa7d5108607f9e4a3
2010-05-18 11:52:24 +03:00
Jason Orendorff 1e779602f9 Bug 560643 - Add a special jsval type to XPIDL. Part 1, rename JSVal -> jsval in existing IDL. r+sr=jst.
--HG--
extra : rebase_source : 3d50f7468277883a26790df13a639ce37757a257
2010-05-12 08:18:51 -05:00
Taras Glek 49db2378ea Bug 516085 - replace the most frequent IOService getter with an efficient one r=biesi 2010-04-12 08:44:28 -07:00
Mitchell Field 0fd15d94da Bug 564950 - Make more use of mozilla::services, r=surkov, jst, neil, smontagu, roc, joshmoz, gavin, shaver 2010-05-14 18:24:41 +09:00
Michael Kohler 6c0f59f4a6 Bug 506041 Part 2: Correct misspellings in source code
r=timeless
2010-05-13 14:19:50 +02:00
Peter Van der Beken df91a46a76 Fix for bug 560199 (Link XPConnect and caps into layout). r=jst.
--HG--
extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 15:55:24 +02:00
Robert Sayre 66f3f0f7a3 Merge tracemonkey to mozilla-central. 2010-03-26 15:53:14 -07:00
Igor Bukanov 382035ba66 bug 549010 - folowup to replace PROTO access macros with the inlne function 2010-03-04 23:52:52 -08:00
Jonas Sicking 893023f46a Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap 2010-02-02 02:29:15 -08:00
Blake Kaplan 9c71e872ce Bug 371694 - Protect ourselves against null values. r=dveditz 2010-03-22 15:50:04 -07:00
Ben Newman 81a89a0871 Bug 553448 - nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction should return JS_TRUE when no subjectPrincipal exists. r=mrbkap sr=dveditz
--HG--
extra : rebase_source : c47d6d55063c115921ee89114c4439444883c37d
2010-03-18 17:27:39 -07:00
timeless@mozdev.org 7923ac31c7 Bug 504423 ReadAnnotationEntry leaks key if nsCStringKey sets rv to failure
r=dveditz

--HG--
extra : rebase_source : 07b5d1d19d7533f1a620ab8a83f19b20f33ec6fc
2010-03-12 07:50:11 +01:00
Sid Stamm 1090529f8c bug 515443 CSP no-eval support. r=mrbkap,brendan 2010-03-08 00:24:50 -08:00
Makoto Kato 340544f021 Bug 346010 - Decom nsIJAR by merging it into nsIZipReader. r=tglek, sr=bsmedberg 2010-03-07 22:56:45 +09:00
Jonas Sicking 6f0a0d424e Bug 543870: Implement File.url. r=bz sr=jst 2010-03-02 23:51:09 -08:00
Sid Stamm 7252ce7760 Bug 515437 CSP connection code, r=jst,dveditz sr=jst 2010-01-22 13:38:21 -08:00
Daniel Veditz 153553d9b6 Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit 2010-01-14 17:19:11 -08:00
Sid Stamm ext:(%2C%20Brandon%20Sterne%20%3Cbsterne%40mozilla.com%3E) f2cab6a506 bug 515433, bug 515437: Content Security Policy (CSP) core 2010-01-13 14:18:24 -08:00
Peter Van der Beken f93aeceb40 Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
--HG--
extra : rebase_source : 4f7978e3ed1335fc4f58478afc038fb63576581b
2009-09-18 12:43:48 +02:00
Taras Glek 1d126be6cd Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz
--HG--
extra : rebase_source : c6ba6e900ceed210620d47f70c9b962a808a29fe
2009-10-12 12:31:50 -07:00
Taras Glek d33c6f1c4a bug 521191: backed out e22bef491d84 2009-10-08 16:44:44 -07:00
Taras Glek 387de8cf2e Backed out changeset e22bef491d84 2009-10-08 16:43:55 -07:00
Peter Van der Beken 056df67f8f Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange. 2009-10-08 13:42:07 -07:00
Peter Van der Beken 5da982514b Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange. 2009-10-08 13:41:44 -07:00
Taras Glek d07c55d805 Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz 2009-10-08 11:22:50 -07:00
Peter Van der Beken 61f49bf3ac Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
--HG--
extra : rebase_source : 95898b5ab53d60200058374c52cdb8161aabf78b
2009-09-18 12:43:48 +02:00
Blake Kaplan 7050590b13 Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz 2009-08-21 18:20:20 -07:00
Igor Bukanov 8c03c81096 bug 513190 - avoiding jsint tagging of the private slot data. r=jorendorff 2009-09-05 19:59:11 +04:00
Benjamin Smedberg ba372f3a4c Followup to bug 398573 - remove REQUIRES from the tree since it is no longer used... automatically generated patch, rs=ted 2009-08-25 08:59:31 -07:00
Taras Glek d331cb9b8d Bug 468011 - Combine all chrome into browser+toolkit jars. r=bsmedberg 2009-08-14 09:32:40 -07:00
Blake Kaplan 27e754d4d0 Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky 2009-08-06 20:26:33 -07:00
Boris Zbarsky ba4bfdba03 Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst 2009-07-26 21:27:33 -04:00
David Zbarsky e5c3359049 Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg 2009-07-29 13:54:44 -04:00
Boris Zbarsky 79debaf781 Backed out changeset b55e7e3c0bfb to see whether bug 495176 might be causing the WinXP Txul regression
--HG--
extra : rebase_source : c854c6a8afad67c583ff08e23bbac27cbf99c0cd
2009-07-28 14:34:01 -04:00
Boris Zbarsky 1785137905 Backed out changeset 9d5e247b5052 to see whether bug 495176 might be causing
the WinXP Txul regression.

--HG--
extra : rebase_source : 41a0fe73ec43dff97ada391db29dc121fb677403
2009-07-28 14:32:45 -04:00
Boris Zbarsky 123cf2cf60 Fixing crashes during tests by null-checking the principal URI as appropriate. Bug 495176 2009-07-26 23:21:01 -04:00
Boris Zbarsky 57fdf8c806 Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst 2009-07-26 21:27:33 -04:00
Peter Van der Beken 88bc7e0eed Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap. 2009-05-12 22:20:42 +02:00
Johnny Stenback ac0964e5c0 Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org 2009-06-30 15:55:16 -07:00
Arpad Borsos 9c8455122d Back out b8e531a6c961 (Bug 474369), it really did cause the windows dhtml regression
--HG--
extra : rebase_source : 568114bcfc5a7710d9e2c2fe5e234fa190bebba1
2009-06-16 14:38:51 +02:00
Olli Pettay 9a08c869f6 Bug 489561 - nsPrincipal should cache nsIPrefBranch and codebase_principal_support pref, r+sr=dveditz, +comments from bz 2009-06-16 14:00:06 +03:00
Arpad Borsos 21896afffc Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 2009-05-07 17:15:26 +02:00
Phil Ringnalda 50afa4b02b Bug 495021 - CAPS unconditionally builds tests, r=shaver 2009-06-13 11:53:38 -07:00
Blake Kaplan eccda2d175 Bug 441714 - Protect caps against SJOWs. r+sr=dveditz 2009-06-12 14:38:05 -07:00
Arpad Borsos 118ee75268 Back out bug 474369, suspected of causing dhtml and tp3 regression 2009-06-12 23:20:55 +02:00
Arpad Borsos 990fceee6e Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
--HG--
extra : rebase_source : 2f40cba97555521222512c7cd793c2a2adcca333
2009-05-07 17:15:26 +02:00
Boris Zbarsky 0cccd6dadc Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap 2009-05-21 15:46:05 -04:00
Boris Zbarsky 9f358b989d Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap 2009-05-20 21:49:42 -04:00
Boris Zbarsky a45c2d01f1 Bug 410486. Fix test failures due to the exception message getting truncated. 2009-05-20 00:57:37 -04:00
timeless@mozdev.org b0af4b46b6 Bug 410486. Make sure to be in a request when reporting a pending exception. r=dveditz, sr=mrbkap. 2009-05-19 22:11:01 -04:00
Dave Townsend dd2848c629 Backed out changeset 461d728271d1 2009-05-19 13:51:18 +01:00
Arpad Borsos 6a70c37113 Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 2009-05-07 17:15:26 +02:00
Blake Kaplan 79905bec13 Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst 2009-05-14 15:17:56 -07:00
Blake Kaplan 1942f8e50b Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky 2009-05-13 15:01:01 -07:00
L. David Baron f0c43ecb3d Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer 2009-05-06 13:46:04 -07:00
Blake Kaplan 737c9a5565 Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky 2009-04-23 00:21:22 -07:00
Mook fa1eb8e272 Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz 2009-02-26 18:31:17 +01:00
Dan Mosedale e4aa8b0d67 Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky 2009-02-17 20:32:57 -08:00
Daniel Holbert 4301671b45 Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg 2009-01-21 22:55:08 -08:00
timeless@mozdev.org a09492561f Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal
r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
timeless@mozdev.org 95f9cbd69c Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz 2009-01-01 15:45:23 -08:00
Phil Ringnalda 37206afaf5 Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz 2009-01-01 15:45:23 -08:00
Tyler Downer b768fb620d Bug 471146 - remove old CAPS readme (already on devmo); r=brendan 2009-01-01 14:56:44 +01:00
Boris Zbarsky 402f7a9c31 Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking 2008-11-25 20:50:04 -05:00
Phil Ringnalda 538c9fb42a Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg 2008-11-03 19:46:28 -08:00
Blake Kaplan d897bc426d Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky 2008-10-22 13:15:22 -07:00
Ben Newman d98d55982b Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky 2008-10-16 10:56:51 -04:00
Igor Bukanov 4ecbd37ca7 Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap 2008-10-14 16:16:25 +02:00
Arpad Borsos c72ef7d248 Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan 2008-10-10 17:04:34 +02:00
Blake Kaplan 77100affc1 Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky 2008-10-08 15:05:25 -07:00
Ben Newman 97433a48ab Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky 2008-10-08 09:16:27 -04:00
David Bienvenu 1438cc375a bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose 2008-09-21 15:21:07 -07:00
David Bienvenu 112c5625ca temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943 2008-09-20 08:14:14 -07:00
Arpad Borsos 5a19e3346c Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla) 2008-09-07 00:21:43 +02:00
Ben Turner 8afd9f92cd Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst. 2008-09-05 16:26:04 -07:00
Ben Turner 83f49405ee Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap. 2008-09-04 15:52:20 -07:00
Jason Orendorff 25cba5d7a3 Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst) 2008-08-30 18:58:36 -05:00
Shawn Wilsher eef2b5a677 Bug 452486 - Create components when we actually have a profile
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas bec376906f Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-27 18:15:32 -07:00
Shawn Wilsher 8d4a24aab4 Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp 92adf93276 Backed out changeset 1e3d4775197a (bug 442812) 2008-08-19 22:52:05 -07:00
Honza Bambas 8b179c6230 Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-19 19:31:08 -07:00
Boris Zbarsky 5eedf39759 Bug 434522 follow-up bustage fix. 2008-07-28 23:37:58 -07:00
Boris Zbarsky f61641d25e Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking 2008-07-28 23:10:05 -07:00
Boris Zbarsky c941674d4d Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst 2008-07-28 23:03:19 -07:00
jonas@sicking.cc ab63fc8524 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com 7caae794f1 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 01:50:51 -07:00
dveditz@cruzio.com e9a165f03a tests for bug 292789 -- forgot during checkin 2008-04-12 17:55:45 -07:00
dveditz@cruzio.com 8a2c640ed4 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 14:26:19 -07:00
jonas@sicking.cc ec7a19c8b9 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
igor@mir2.org e05006a6f0 [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 03:34:29 -07:00
igor@mir2.org ec6b483779 [bug 424376] backing out - too much compatibility problems. 2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu d7fc979918 Fix bug 421228. r+sr=sicking 2008-03-27 20:46:15 -07:00
igor@mir2.org 8edd862903 bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API. 2008-03-23 03:16:40 -07:00
jst@mozilla.org a4d3a2e2e3 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 09:50:47 -07:00
igor@mir2.org 8c88d304f4 bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject 2008-03-21 01:19:23 -07:00
jst@mozilla.org c7eb261ec3 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-20 23:01:55 -07:00
jst@mozilla.org 29a96a03b8 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-20 21:39:08 -07:00
shaver@mozilla.org ba5430c6e5 Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor. 2008-03-20 01:19:15 -07:00
shaver@mozilla.org f23b424aa7 Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 15:14:51 -07:00
shaver@mozilla.org 4d79009864 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave. 2008-03-19 14:26:09 -07:00
jonas@sicking.cc 9552bd91fc Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu 94a044f0b1 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com 0fa7ce606a Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 07:10:48 -07:00
timeless@mozdev.org 620272feeb Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver 2008-03-11 10:30:23 -07:00
reed@reedloden.com 57ac4a582f Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc 28ea51311b Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org 7aff03fc46 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc 42bbc8327e Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi 652c1e007c Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 04:40:18 -08:00
reed@reedloden.com 5d4ef49dd4 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 00:59:20 -08:00
jonas@sicking.cc 2c0141fcd9 Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 00:16:54 -08:00
jst@mozilla.org 31b04a892e Fixing bustage. 2008-01-29 13:11:24 -08:00
jst@mozilla.org 892f0acecf Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
jst@mozilla.org 6fd0410f62 Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 09:51:38 -08:00
jst@mozilla.org 08983f83e3 Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us b3e87aa63b Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
dwitte@stanford.edu 3f33f45d2a thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 20:30:42 -08:00
dwitte@stanford.edu 8d74b831d4 partial backout in an attempt to fix orange. 2008-01-11 02:08:58 -08:00
dwitte@stanford.edu cc924d2d23 relanding bug 410250. 2008-01-11 01:13:04 -08:00
dwitte@stanford.edu f300515e36 backing out to fix orange. 2008-01-10 20:59:44 -08:00
dwitte@stanford.edu 09217db711 thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-10 19:56:00 -08:00
timeless@mozdev.org 1bd2741649 Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep 2008-01-06 06:53:24 -08:00
mrbkap@gmail.com 68ee3e9f08 Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-04 17:32:23 -08:00
jst@mozilla.org f0f4a78cce Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
mrbkap@gmail.com 2605476d7c XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 11:06:29 -08:00
jst@mozilla.org b30b544b5f Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
philringnalda@gmail.com 57e4af9c93 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-12 19:23:17 -08:00
tglek@mozilla.com 21a6a8dc26 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 13:47:11 -08:00
jonas@sicking.cc 4c1a3910ac bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu 26d7ccd742 Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore 2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu e252fc2b15 Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst 2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu 5983f838e4 Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst 2007-09-17 15:18:28 -07:00
dveditz@cruzio.com 2940b2f998 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com c0215549f6 Bug 304048 - Backing out patch due to TXUL regression. 2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com 5f9effcd34 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu 3c0f9ef02f Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com 681c6747e8 Bustage fix 2007-07-11 14:20:11 -07:00
jwalden@mit.edu 6d7584839a Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu 647cbff151 Make security manager API more useful from script. Make more things
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu 434b4cf8db Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu ec536a72cf Make nsPrincipal::Equals compare codebases, not just certs, for certificate
principals.  Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us baab01ada6 Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 07:21:53 -07:00
dbaron@dbaron.org e7bb1b1c38 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
dbaron@dbaron.org d98d9fdec5 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
hg@mozilla.com 05e5d33a57 Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu d9f9d475bb When getting codebase principals, install the passed-in codebase on them even
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu 382b095c94 Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz 2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu 8a1b6c5e34 Make the redirect check get principals the same way we get them elsewhere.
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com ad22de3c0c Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz 2006-11-22 17:22:40 +00:00
sayrer%gmail.com 6aa99d403b Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz 2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu 730516b0a1 Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu 0a3a624149 Make it possible for protocol handlers to configure how CheckLoadURI should
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de 74a2a1d30c Bug 351876 Move nsICryptoHash into necko
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu 50e969de0c Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
pkasting%google.com dafdf0b1eb Bug 337223: Don't expose moz-anno protocol to web pages.
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu e9379f3679 Remove special-casing of about:blank for security purposes; give about:blank
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
dveditz%cruzio.com d3379f18b5 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking 2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu 282ad6509b Fiox the special-casing for about:blank to deal with it now being
moz-safe-about:blank as far as the security manager is concerned.  Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu 8cd320ad22 Allow about: modules to just set a flag to force script execution to be allowed
for particular about: URIs, instead of hardcoding checks in the security
manager.  Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu 4b3cf6e788 Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin 2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu 9a60679a4c Save the principal in the session history entry so that reloading a data: URL
will do the right thing.  Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs).  Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu 9509962b32 Move the safe vs unsafe about: distinction out of the security manager and into
nsIAboutModule implementations.  Bug 337746, r=dveditz, sr=darin
2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au 0f241835df Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan. 2006-06-13 03:07:47 +00:00
mrbkap%gmail.com 98997f8669 Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan 2006-06-12 22:39:55 +00:00
igor%mir2.org 65028a8035 Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan 2006-05-22 22:58:31 +00:00
bzbarsky%mit.edu f78182b042 Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu 6e7e8da8e6 Create our URIs by hand (since we have our own scheme), instead of going
through the ioService.  Also fixes some threadsafety stuff.  Bug 337513,
r=dveditz, sr=darin.
2006-05-11 16:06:35 +00:00
cbiesinger%web.de 51a89a8b1e bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and
associated code. These options do not really work anymore.

r=bsmedberg
2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu 3aaa1fe7df Disable optimization that relies on invariants we don't maintain. Bug 317240
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu a40420a6d3 Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst 2006-05-04 02:29:46 +00:00
darin%meer.net 4a94571cee fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin 2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu 722b5218b2 Add an interface for nested URIs (like jar:, view-source:, etc) to implement
and use it in various places.  Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:).  Bug 334407, r=biesi,dveditz, sr=darin
2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu 000f1cb779 Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz 2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu dffe9c89ad Check rv before looking at port. Bug 334210, r+sr+branch181=jst 2006-04-17 23:19:44 +00:00