Gabor Krizsanits
a4d0a2ae65
Bug 734891 - part 2: Adding ExpandedPrincipal support
2012-06-09 15:19:26 -07:00
Bobby Holley
3065c84571
Bug 754202 - Remove context pushing/popping API. r=mrbkap
...
Each one of these uses grabs the principal off of an object for pushing, but also enters the compartment of that object. So we shouldn't need this anymore.
Can I get a 'hell yeah'?
2012-06-07 14:28:21 +02:00
Gervase Markham
82ff7027aa
Bug 716478 - update licence to MPL 2.
2012-05-21 12:12:37 +01:00
Bobby Holley
710c5cfdb0
Bug 750859 - Remove {Disable,Revert}Capability. r=bz, PGO helper on CLOSED TREE
2012-05-02 23:57:43 +02:00
Bobby Holley
e6e34db54d
Bug 750859 - Remove (most of) SetCanEnableCapability. r=bz
2012-05-02 23:57:34 +02:00
Igor Bukanov
524dbd7e47
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz
...
In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 10:48:50 +01:00
Honza Bambas
199e57e8b9
Bug 495337 - Make sessionStorage use principals instead of string domains, r=bz+bclary
2012-02-23 18:41:25 +01:00
Blake Kaplan
e73d3d7ecd
Fix bug 657267. r=bz
2011-05-19 13:31:54 +02:00
timeless@mozdev.org
eb6bf14c5f
Bug 584977 mark deprecated caps interfaces and methods with [deprecated]
...
r=dveditz
2011-03-27 23:59:17 -04:00
Asaf Romano
a3601eb64c
Bug 619800 - Enable scriptability for nsIPrincipal methods. r+sr+a=bz.
2010-12-22 15:58:22 +02:00
Boris Zbarsky
7e4b4c8184
Bug 593026. Make it possible to get the system principal from script. r=jst a=jst
2010-09-07 15:10:41 -04:00
Luke Wagner
7371ad00ed
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
Robert Sayre
5da1b58f01
Merge mozilla-central to tracemonkey
2010-05-17 13:55:37 -04:00
Jason Orendorff
1e779602f9
Bug 560643 - Add a special jsval type to XPIDL. Part 1, rename JSVal -> jsval in existing IDL. r+sr=jst.
...
--HG--
extra : rebase_source : 3d50f7468277883a26790df13a639ce37757a257
2010-05-12 08:18:51 -05:00
Michael Kohler
6c0f59f4a6
Bug 506041 Part 2: Correct misspellings in source code
...
r=timeless
2010-05-13 14:19:50 +02:00
Jonas Sicking
893023f46a
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
Sid Stamm
7252ce7760
Bug 515437 CSP connection code, r=jst,dveditz sr=jst
2010-01-22 13:38:21 -08:00
Daniel Veditz
153553d9b6
Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit
2010-01-14 17:19:11 -08:00
Sid Stamm ext:(%2C%20Brandon%20Sterne%20%3Cbsterne%40mozilla.com%3E)
f2cab6a506
bug 515433, bug 515437: Content Security Policy (CSP) core
2010-01-13 14:18:24 -08:00
Blake Kaplan
7050590b13
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
Johnny Stenback
ac0964e5c0
Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org
2009-06-30 15:55:16 -07:00
Blake Kaplan
d897bc426d
Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky
2008-10-22 13:15:22 -07:00
jonas@sicking.cc
ab63fc8524
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
jonas@sicking.cc
ec7a19c8b9
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
jonas@sicking.cc
9552bd91fc
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
94a044f0b1
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
reed@reedloden.com
57ac4a582f
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 03:20:21 -08:00
jonas@sicking.cc
28ea51311b
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
myk@mozilla.org
7aff03fc46
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
jonas@sicking.cc
42bbc8327e
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
jst@mozilla.org
f0f4a78cce
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 15:59:12 -08:00
jonas@sicking.cc
4c1a3910ac
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu
647cbff151
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
hg@mozilla.com
05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu
d9f9d475bb
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
8a1b6c5e34
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
bzbarsky%mit.edu
730516b0a1
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
0a3a624149
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de
74a2a1d30c
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
50e969de0c
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
bzbarsky%mit.edu
c44462a922
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
52c46b8f53
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
18fc300f0b
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
97bb5a58a9
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
dougt%meer.net
7c0ee6b9d3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
timeless%mozdev.org
9560fb68fc
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
brendan%mozilla.org
deb9f0c764
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
dougt%meer.net
4c7f9052d3
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
8ca0c03467
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
jshin%mailaps.org
d30a1bda05
bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin
2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
4ede76717e
Add a version of CheckLoadURI that takes a source principal instead of a source
...
URI. Update a bunch of callers to use it. Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
gerv%gerv.net
9d2ee4928c
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
neil%parkwaycc.co.uk
6394a7f9f8
Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz
2003-12-19 21:51:37 +00:00
brendan%mozilla.org
7809adca33
Fix missing cx param problem (223041, r=caillon, sr=dbaron).
2003-11-03 04:26:55 +00:00
caillon%returnzero.com
66caced69a
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
brendan%mozilla.org
4038563cd9
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
caillon%returnzero.com
f8e8aed8a7
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com
91b7c60bee
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
mstoltz%netscape.com
ddc015e3b7
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
harishd%netscape.com
85570db892
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
seawood%netscape.com
97649bab86
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00
dougt%meer.net
a069087dd4
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:56:38 +00:00
dougt%meer.net
e3a6a4edfc
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:51:34 +00:00
caillon%returnzero.com
6d92f9bd32
184257 - Updating pref callers. r=timeless sr=bzbarsky
2003-01-08 08:40:41 +00:00
seawood%netscape.com
d5efcdfb6d
Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
...
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
mstoltz%netscape.com
d0f045a722
Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
...
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
seawood%netscape.com
322da773fb
Removing old nmake build makefiles. Bug #158528 r=pavlov
2002-08-10 07:55:43 +00:00
sicking%bigfoot.com
39c966dd38
Use principals instead of URIs for same-origin checks.
...
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
d0eab90dbb
Bug 154930 - If one page has explicitly set document.domain and another has not,
...
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
mstoltz%netscape.com
6e12a5ca9f
Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
...
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
mstoltz%netscape.com
6f5d99be4c
133170 - Need to re-check host for security on a redirect after a call to
...
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
mstoltz%netscape.com
03fe97372a
A bunch of fixes in caps:
...
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)
All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
mstoltz%netscape.com
18c8067fae
Bug 127938 - chrome scripts should be exempt from the security check put in for
...
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
75f6bd3583
partially backing out my last change - weird dependency problem
2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
82659b14ca
32571, present confirmation dialog before allowing scripts to close windows.
...
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
2002-02-26 04:50:21 +00:00
mcafee%netscape.com
1a3a52cce7
Backing out mstoltz. r=dbaron,jrgm
2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
cc94447571
Bug 105050 - return null window.opener to scripts if opener is a mail window.
...
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
2002-02-19 01:09:45 +00:00
mstoltz%netscape.com
4756b7169c
Bug 119646 - Rewrite of the security manager policy database for improved
...
performance. r=jst, sr=jband.
2002-02-13 04:20:46 +00:00
gerv%gerv.net
11248436dd
License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/.
2001-09-25 01:03:58 +00:00
gerv%gerv.net
1856815ff1
Oops.
2001-09-20 00:02:59 +00:00
scc%mozilla.org
102170b2a0
bug #98089 : ripped new license
2001-09-19 20:09:47 +00:00
brendan%mozilla.org
dbd7fed5b1
FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver.
2001-07-31 19:05:34 +00:00
mstoltz%netscape.com
f3d9b0caa1
Bug 77485 - defining a function in another window using a targeted javascript:
...
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
2001-07-13 07:08:26 +00:00
ddrinan%netscape.com
24e6ca57c8
PCKS7 implementation for signed JS. Bug# 82227 r=mstoltz@netscape.com,sr=blizzard@mozilla.org,a=blizzard@mozilla.org
2001-05-23 22:06:43 +00:00
mstoltz%netscape.com
8c0cd58b30
Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst.
2001-05-19 00:33:51 +00:00
blizzard%redhat.com
678b80f10b
Back out mstoltz because of blocker bug #81629 . Original bugs were 47905 79775.
2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
11f7b8f900
Bug 47905 - adding security check for XMLHttpRequest.open.
...
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com , sr=jst@netscape.com
Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com , sr=jst@netscape.com
2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
59c995612e
Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com,
...
sr=brendan@mozilla.org
2001-05-11 00:43:27 +00:00
jst%netscape.com
f7460d0269
Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com.
2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
2b6e6516d2
More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).
...
r=beard, sr=hyatt
2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
519500116e
Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi.
...
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.
2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
33c8110175
bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan
2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
41054417f6
Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband.
2001-01-27 01:42:20 +00:00
mstoltz%netscape.com
e875395364
Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan.
...
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan
2000-11-07 01:14:08 +00:00
mstoltz%netscape.com
f1137e89ec
Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc
2000-10-13 22:59:47 +00:00
rayw%netscape.com
0257791053
Bug 37275, Changing value of all progids, and changing everywhere a progid
...
is mentioned to mention a contractid, including in identifiers.
r=warren
2000-09-13 23:57:52 +00:00
mstoltz%netscape.com
ea5d41851a
Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor
2000-08-22 02:06:52 +00:00
jband%netscape.com
2c1dd9e9ec
fix bug 47410. Allow JS components to implement nsISecurityCheckedComponent and have sidebar componnet implement it to allow access from untrusted scripts. a=brendan@mozilla.org a=johng@netscape.com
2000-08-08 23:59:32 +00:00
vidur%netscape.com
79c210a6b9
Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur
2000-06-23 14:32:38 +00:00