Граф коммитов

655 Коммитов

Автор SHA1 Сообщение Дата
timeless%mozdev.org 9560fb68fc Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu 0392b3384b Comment-only fixes I forgot to make. Bug 240661. 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu 10d1c576d9 Expose the subject name for the cert and an nsISupports pointer to the cert on
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
timeless%mozdev.org 831f32feaa Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
bsmedberg%covad.net c70e951ba6 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 2005-07-14 17:46:55 +00:00
brendan%mozilla.org deb9f0c764 Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 2005-07-08 23:26:36 +00:00
timeless%mozdev.org 2ad41d5c36 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com 6127d03f79 bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 2005-06-16 08:28:50 +00:00
jst%mozilla.jstenback.com 97d3abd829 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 2005-06-09 01:11:21 +00:00
timeless%mozdev.org 9c0955251d Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
dougt%meer.net 4c7f9052d3 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org f636ebe0de Fix bug 293671. r=caillon sr=dveditz a=asa 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org 8ca0c03467 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 2005-05-12 18:20:07 +00:00
brendan%mozilla.org eb7002903b Fix comment from last night to match today's code. 2005-05-04 18:58:24 +00:00
brendan%mozilla.org 371b8140d2 Undo gist of last change for now, it breaks too much even though it's safer. 2005-05-04 16:19:31 +00:00
brendan%mozilla.org ea9fd4132c Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu 7b45a8e4ba Fix crashes when privilegeManager methods are called by setting our our param
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu 6d36e81b66 Do less addrefing of principals in the script security manager. Bug 289643,
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
brendan%mozilla.org bb7b3cd85f Revert kludge, want a general fix. 2005-04-07 19:48:57 +00:00
brendan%mozilla.org b02c276f35 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 2005-04-07 02:22:24 +00:00
timeless%mozdev.org 4efd7a5f8a Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong
r=dveditz sr=dveditz
2005-03-29 03:12:12 +00:00
bryner%brianryner.com e171eaba9b Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl 06f479dff9 bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net 361daac936 Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu 3a4edb10d6 Remove special-casing so non-chrome-principal pages, even with chrome: uris,
can have script disabled as needed.  Bug 280120, r=peterv, sr=neil
2005-02-22 21:18:31 +00:00
cbiesinger%web.de 92c940aa45 Bug 269661 make libpref not depend on caps
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
jshin%mailaps.org d30a1bda05 bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu d9f747cca2 Add about:license and about:licence and make about: link to them. Bug 256945,
r=gerv, sr=darin
2005-01-23 21:02:36 +00:00
bsmedberg%covad.net 79241940e8 Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees. 2004-12-09 19:28:35 +00:00
timeless%mozdev.org ffa869708f Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla
r=caillon sr=dveditz
2004-11-05 16:54:09 +00:00
timeless%mozdev.org b405b527b8 Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator]
r=dveditz sr=jst
2004-11-05 15:25:04 +00:00
bzbarsky%mit.edu 1f629aef08 Make it possible to disable checkloaduri on a per-site basis instead of
disabling it globally.  Bug 233108, r=caillon, sr=jst
2004-11-03 15:45:52 +00:00
jst%mozilla.jstenback.com f97343e1ac Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:53:35 +00:00
jst%mozilla.jstenback.com 08b3a16535 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:34:58 +00:00
dveditz%cruzio.com e67c6e5dcf Improve enablePrivilege confirmation dialog text and presentation, sanity-check
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00
cbiesinger%web.de 765d4043a5 removing myself from DEBUG_CAPS_HACKER list 2004-07-10 19:38:28 +00:00
roc+%cs.cmu.edu 0f4150a4e5 Bug 226439. Convert codebase to use AppendLiteral/AssignLiteral/LowerCaseEqualsLiteral. r+sr=darin 2004-06-17 00:13:25 +00:00
cbiesinger%web.de 914def148f fix DEBUG_CAPS_HACKER bustage due to bug 240106
r=caillon sr=darin
2004-06-16 15:58:22 +00:00
dveditz%cruzio.com e66742e59c bug 162020 option to delay enabling confirmation buttons r=mkaply,sr=sspitzer 2004-06-05 09:26:01 +00:00
mkaply%us.ibm.com 348998da9e #239580
r=danm, sr=dveditz
Extend ConfirmEx to allow setting the default button - change default button for script security to no
2004-05-24 13:33:51 +00:00
roc+%cs.cmu.edu 0e3ff503fb Bug 226439. Convert Seamonkey to EqualsLiteral. rs=darin 2004-05-22 22:15:22 +00:00
bzbarsky%mit.edu 4ede76717e Add a version of CheckLoadURI that takes a source principal instead of a source
URI.  Update a bunch of callers to use it.  Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
bryner%brianryner.com 642f7ede36 deCOMtaminate nsIScriptObjectPrincipal (bug 240745). This also fixes some code in nsCrypto.cpp that sems to have been mis-braced (I don't think it was working as intended). r+sr=jst. 2004-04-18 00:28:47 +00:00
gerv%gerv.net 9d2ee4928c Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
cbiesinger%web.de 6ad20397bf Bug 235504 Remove nsCString::EqualsWithConversion(const char*)
r=darin sr=dbaron
2004-04-14 20:09:30 +00:00
jst%mozilla.jstenback.com 2ee27045ba Backing out the fix for bug 235457 since it made typing URLs, and autocomplete in the the URL bar not work. 2004-03-16 19:06:10 +00:00
jst%mozilla.jstenback.com e1913b1f1e Fixing bug 235457. Make new windows opened through window.open be opened on the context of the opener, and make caps not lie about when capabilities are enabled. r=danm-moz@comcast.net, r=caillon@aillon.org, sr=brendan@mozilla.org, a=dbaron@dbaron.org 2004-03-16 06:57:54 +00:00
cbiesinger%web.de 2081246472 one more tweak, r=caillon 2004-03-06 20:54:47 +00:00
cbiesinger%web.de 344f084a76 making this sound less like it's PSM, rs=caillon 2004-03-06 20:47:21 +00:00
darin%meer.net c380c59f65 landing dbaron's patch for bug 235735 "fix callers that cast away const on result of ns[C]String::get" r+sr=darin 2004-02-28 22:34:07 +00:00
darin%meer.net f6875e2d3c fixes bug 234916 "Remove global/static NS_NAMED_LITERAL_C?STRING usage [was: Firefox crashes on startup on Mac OS X]" r=jst sr=dbaron 2004-02-25 02:08:34 +00:00
jst%mozilla.jstenback.com 505c634885 Fixing bug 233307. deCOMtaminating nsIScript* and related interfaces. r+sr=bryner@brianryner.com. 2004-02-09 22:48:53 +00:00
bsmedberg%covad.net d0f309943a Continuing to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet. 2004-01-07 13:37:00 +00:00
bsmedberg%covad.net 274ef7cd49 Beginning to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet. 2004-01-07 01:22:31 +00:00
neil%parkwaycc.co.uk 6394a7f9f8 Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 2003-12-19 21:51:37 +00:00
pkw%us.ibm.com 56dbd77c06 Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp
r=caillon@aillon.org, sr=brendan@mozilla.org, a=brendan@mozilla.org
2003-12-15 18:16:09 +00:00
caillon%returnzero.com c8e5f51fe0 227079 - Mozilla asks for security privileges where it shouldn't
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron
2003-12-04 02:14:07 +00:00
brendan%mozilla.org 7809adca33 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 2003-11-03 04:26:55 +00:00
dbaron%dbaron.org 6139d85dae Work around bustage. Temporary fix. b=223041 2003-11-02 02:31:53 +00:00
caillon%returnzero.com 6ea484e8b7 Permit content to link to about:logo
Bug 223293; r=timeless sr=jst
2003-10-30 01:35:09 +00:00
caillon%returnzero.com 66caced69a Re-land patch for bug 83536, merging principal objects.
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
brendan%mozilla.org 4878fd7a5e Better version of last change, thanks to caillon for reminding me. 2003-09-28 04:55:50 +00:00
brendan%mozilla.org 3915f74063 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 2003-09-28 04:44:33 +00:00
brendan%mozilla.org 4038563cd9 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon%returnzero.com a7aa61013a about:about
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net
2003-09-13 19:35:59 +00:00
bryner%brianryner.com 06fe994577 Fix build on gcc 3.4 by removing extra semicolons (bug 218551). r/sr=dbaron, a=brendan. 2003-09-07 21:37:51 +00:00
caillon%returnzero.com f8e8aed8a7 Backing out the patch to bug 83536.
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com ae4593bec0 Bug 216234
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org
2003-08-20 00:40:13 +00:00
cls%seawood.org 1b51ba858c Set MODULE in makefiles at the top of a heirarchy so that module-deps lists are more precise and builds will have the proper order if some subdirs contain other modules. 2003-08-16 00:42:35 +00:00
caillon%returnzero.com c2d2462e51 Bug 214949
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com
2003-08-10 02:26:11 +00:00
brendan%mozilla.org b7cdb7debb Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 2003-08-05 20:09:21 +00:00
caillon%returnzero.com 4572ef1a55 Adding comments, per bzbarsky. bug 214050. 2003-07-29 19:03:00 +00:00
caillon%returnzero.com dac741004a Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050. 2003-07-29 09:07:43 +00:00
caillon%returnzero.com b6f6ad74ba Bug 214050
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
2003-07-29 05:28:00 +00:00
caillon%returnzero.com 25a56a0d4b Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536.
r=timeless,sr=bzbarsky on IRC.
2003-07-27 07:00:25 +00:00
caillon%returnzero.com 007e7d68ad 213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue]
r+sr+caillonIsStupid=bzbarsky@mit.edu
2003-07-27 04:08:48 +00:00
caillon%returnzero.com 728cd6526c Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability.
r+sr=bzbarsky@mit.edu
2003-07-25 19:23:17 +00:00
mkaply%us.ibm.com b7fd1c6840 Ports bustage - remove NS_COM per bsmedberg 2003-07-24 18:58:30 +00:00
caillon%returnzero.com 91b7c60bee Bug 83536.
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
seawood%netscape.com beb45866ed Removing extra ^M. Fixing Irix cc bustage 2003-06-28 05:15:41 +00:00
jst%netscape.com 524a20845d Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com 2003-06-27 03:10:49 +00:00
timeless%mozdev.org 66730e2ca7 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).
bustage (const char*)
sr=jst
2003-06-26 03:27:01 +00:00
mstoltz%netscape.com ddc015e3b7 Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 2003-06-26 00:18:43 +00:00
jst%netscape.com abefba9053 Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com 2003-06-24 21:43:01 +00:00
caillon%returnzero.com b2badfa9f7 Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded.
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
2003-06-18 23:48:57 +00:00
harishd%netscape.com 85570db892 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 2003-06-12 20:18:34 +00:00
seawood%netscape.com 97649bab86 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 21:18:27 +00:00
seawood%netscape.com b28ce0a530 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 20:12:33 +00:00
dougt%meer.net a069087dd4 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:56:38 +00:00
dougt%meer.net e3a6a4edfc Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:51:34 +00:00
timeless%mozdev.org fc043d1270 Bug 207328 @mozilla.org/scriptsecuritymanager;1 isn't registering itself correctly as an app-startup observer service
r=mstoltz sr=alecf
2003-05-29 04:27:03 +00:00
mstoltz%netscape.com 11919bb299 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 2003-05-28 23:22:36 +00:00
dwitte%stanford.edu 270d3909ca bug 100649: Length() being used where IsEmpty() is meant
treewide changes to convert incorrect usages of string.Length() to string.IsEmpty().

thanks to afatecha@idea.com.py (Ariel Fatecha) for the patch. r=dwitte, sr=jst.

got the ok from Asa to land into a closed tree.
2003-05-23 21:34:47 +00:00
dbradley%netscape.com 5761ad14e3 bug 205538 - Use hyphens instead of underscores in caps prefs for CID's. r=adamlock, sr=alecf, a=asa 2003-05-20 14:19:05 +00:00
jst%netscape.com 72ec343461 Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org 2003-05-12 22:23:52 +00:00
brendan%mozilla.org 710c694ac3 Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa). 2003-05-09 00:40:50 +00:00
dbradley%netscape.com fd606d2dcd Another dummy change to cause beast to rebuild caps 2003-04-30 09:19:50 +00:00
mkaply%us.ibm.com 4c6419aa49 IRIX bustage 2003-04-23 04:28:41 +00:00
mstoltz%netscape.com 4edb1f430d Bug 180749 - when remembering granted privileges for file://pages, grant privilege for that page only, not the whole local file system. r=jst, sr=heikki. 2003-04-23 00:21:02 +00:00
jst%netscape.com 690a8cef27 Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org 2003-04-17 20:21:00 +00:00
bzbarsky%mit.edu cbf70f5c05 Removing stray windows newline that causes build warning... No reviews, sorry. 2003-04-08 20:26:41 +00:00
locka%iol.ie 461f6c3964 Define XPC_IDISPATCH_SUPPORT when building caps if necessary. b=198117 r=dbradley@netscape.com sr=alec@netscape.com 2003-03-20 12:10:04 +00:00
rginda%netscape.com 2b3526ff2e bug 170585, Scriptable streams are broken; r=darinf, sr=dougt
update to readdata caller
2003-03-13 21:24:37 +00:00
mstoltz%netscape.com 44d264d6b0 Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 2003-03-12 02:17:37 +00:00
timeless%mozdev.org b092996d3f Bug 196340 Change NS_REINTERPRET_CAST(nsIScriptContext*, JS_GetContextPrivate(cx)) to use Static Cast
r=mstoltz sr=heikki
2003-03-07 21:54:28 +00:00
brendan%mozilla.org 3c0c23b860 Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 2003-03-06 19:40:14 +00:00
rginda%netscape.com c1745c244e bug 191773, r=mstoltz, a=dbaron@dbaron.org
only allow x-jsd: urls from chrome: and resource:
2003-02-05 01:27:56 +00:00
seawood%netscape.com 5c6983cb86 Whitespace change to trigger rebuild of libs that depend upon zlib. 2003-01-30 05:53:29 +00:00
bryner%netscape.com da1893e985 fixing IRIX bustage (^M's from mstoltz's checkin) 2003-01-25 03:58:38 +00:00
mstoltz%netscape.com 366a456693 Bug 189799 - Ignore username:password portion of URL when making URL comparisons for security. r=heikki, sr=jst, a=asa 2003-01-25 01:43:37 +00:00
sfraser%netscape.com ba78e7bec4 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 2003-01-17 02:00:01 +00:00
sfraser%netscape.com 1c574be034 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. 2003-01-17 01:00:15 +00:00
dbaron%dbaron.org 48544669f3 Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it's no longer needed. r=timeless sr=jag 2003-01-08 19:24:38 +00:00
caillon%returnzero.com 6d92f9bd32 184257 - Updating pref callers. r=timeless sr=bzbarsky 2003-01-08 08:40:41 +00:00
seawood%netscape.com d5efcdfb6d Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
alecf%netscape.com df10f648b8 take two at fixing bug 177401 - convert nsIBinaryStream over to using nsAString/nsACString for string values, to speed up fastload
sr=darin, r=dougt
(the previous checkin had a typo which disabled fastload entirely!)
2002-11-14 18:16:31 +00:00
alecf%netscape.com 0a48c10053 argh, back out my last checkin because Ts went UP not down! 2002-11-09 01:31:32 +00:00
alecf%netscape.com 4721428275 fix for bug 177401 - use nsAString& classes instead of wstring in nsIBinaryInputStream, to speed up fastload startup
sr=darin, r=dougt
2002-11-08 23:30:53 +00:00
mstoltz%netscape.com d0f045a722 Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
sspitzer%netscape.com b7337fe62b fix for #168136. r=mstoltz, sr=dveditz.
for pref controlled schemes, allow access if source scheme is chrome or res.
needed for the new "view filter log UI".
2002-09-12 20:27:07 +00:00
dougt%netscape.com 68faeb5241 166917. Clean up xpcom SDK includes. r=rpotts@netscape.com, sr=alecf@netscape.com, a=rjesup@wgate.com 2002-09-07 17:13:19 +00:00
jkeiser%netscape.com 32844f7719 Make anonymous content inaccessible to web content (bug 164086), r=sicking@bigfoot.com, sr=jst@netscape.com 2002-08-29 04:05:39 +00:00
bbaetz%student.usyd.edu.au e1742b6500 Backing out jkeiser's checkin for bug 164086 (not bug 96537) because he
left a file out, and the tree turned red....
2002-08-28 10:13:28 +00:00
jkeiser%netscape.com 8aa6968431 Make anonymous content inaccessible to web content (bug 96537), r=sicking@bigfoot.com, sr=jst@netscape.com 2002-08-28 08:19:43 +00:00
henry.jia%sun.com 227be5af9c Fix bug 159889: replace the hardcode of "@mozilla.org/preferences;1" with NS_PREF_CONTRACTID
Patch by leon.zhang@sun.com
r=Henry, sr=alecf
2002-08-19 04:29:58 +00:00
seawood%netscape.com 322da773fb Removing old nmake build makefiles. Bug #158528 r=pavlov 2002-08-10 07:55:43 +00:00
henry.jia%sun.com bb349938fc 5th patch for bug 158080
Description: replace the hardcode of @mozilla.org/embedcomp/window-watcher;1 with NS_WINDOWWATCHER_CONTRACTID
Patch by Henry.Jia@sun.com
r=anto, sr=alecf
2002-08-06 06:32:02 +00:00
sicking%bigfoot.com 39c966dd38 Use principals instead of URIs for same-origin checks.
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00
mstoltz%netscape.com d0eab90dbb Bug 154930 - If one page has explicitly set document.domain and another has not,
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
harishd%netscape.com 23d9c4988e Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst 2002-07-02 23:26:08 +00:00
mstoltz%netscape.com 6e12a5ca9f Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
harishd%netscape.com 0031d01a28 Backing out my checkin to see if it fixes the Txul breakage 2002-06-27 23:32:51 +00:00
harishd%netscape.com 5ce8f55dd0 ** checking in for mstoltz **
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst
2002-06-27 20:58:42 +00:00
mstoltz%netscape.com 6f5d99be4c 133170 - Need to re-check host for security on a redirect after a call to
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
dougt%netscape.com c683a217ab Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 2002-05-15 18:55:21 +00:00
darin%netscape.com 6fd5862e6e fixes bug 142870 "nsIFile should use UCS-2 instead of UTF-8"
r=dougt sr=alecf
2002-05-07 23:07:19 +00:00
ben%netscape.com 7d003ba281 [Chrome FastLoad]
Ensure that principals are written as Compound Objects using |WriteCompoundObject|, not using |WriteObject|
r=mstoltz, sr=brendan
2002-05-03 03:00:46 +00:00
darin%netscape.com e554d83626 fixes bug 129279 "nsIFile unicode/utf8/ascii task"
r=dougt sr=alecf
2002-04-27 05:33:09 +00:00
mstoltz%netscape.com 8b4ac18c14 Bug 136993 - Put the "trusted codebase principals" feature back in.
r=harishd, sr=jst, a=valeski
2002-04-13 01:53:46 +00:00
darin%netscape.com e73746ce67 fixes bug 134546 "Memory leak in nsScriptSecurityManager::GetBaseURIScheme()"
patch=pj@ludd.luth.se, r=mstoltz, sr=darin, a=rjesup@wgate.com
2002-04-03 20:23:57 +00:00
mstoltz%netscape.com 03fe97372a A bunch of fixes in caps:
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
timeless%mac.com dec943eb10 Bug 106386 rid source of misspellings
r=db48x sr=blake a=asa
2002-03-19 04:30:17 +00:00
alecf%netscape.com e5d4028f9d fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed
(and not leaked!)
r=mstoltz, sr=vidur, a=asa
2002-03-10 00:41:08 +00:00
rginda%netscape.com 35fde24f6c Bug 129503, "IsCapabilityEnabled should return PR_TRUE if no script on stack"
sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
.  Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native.  If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)
2002-03-08 02:20:55 +00:00
darin%netscape.com f1a6738b6c fixes bug 124042 "support internationalized URIs" r=dougt, sr=alecf, a=asa 2002-03-06 07:48:55 +00:00
jband%netscape.com 3ac1b33f9c remove stale DEBUG_jband block. rs=jband a=dbaron 2002-03-05 08:02:05 +00:00
mstoltz%netscape.com 18c8067fae Bug 127938 - chrome scripts should be exempt from the security check put in for
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
2002-02-28 00:22:59 +00:00
mstoltz%netscape.com 75f6bd3583 partially backing out my last change - weird dependency problem 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com 82659b14ca 32571, present confirmation dialog before allowing scripts to close windows.
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
2002-02-26 04:50:21 +00:00
jst%netscape.com beae4f7953 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 2002-02-20 05:51:05 +00:00