7aff03fc46
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
42bbc8327e
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
652c1e007c
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 04:40:18 -08:00
5d4ef49dd4
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 00:59:20 -08:00
2c0141fcd9
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 00:16:54 -08:00
31b04a892e
Fixing bustage.
2008-01-29 13:11:24 -08:00
892f0acecf
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
6fd0410f62
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 09:51:38 -08:00
08983f83e3
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-16 16:32:26 -08:00
b3e87aa63b
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
3f33f45d2a
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 20:30:42 -08:00
8d74b831d4
partial backout in an attempt to fix orange.
2008-01-11 02:08:58 -08:00
cc924d2d23
relanding bug 410250.
2008-01-11 01:13:04 -08:00
f300515e36
backing out to fix orange.
2008-01-10 20:59:44 -08:00
09217db711
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-10 19:56:00 -08:00
1bd2741649
Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep
2008-01-06 06:53:24 -08:00
68ee3e9f08
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-04 17:32:23 -08:00
f0f4a78cce
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 15:59:12 -08:00
2605476d7c
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 11:06:29 -08:00
b30b544b5f
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
57e4af9c93
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-12 19:23:17 -08:00
21a6a8dc26
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 13:47:11 -08:00
4c1a3910ac
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
26d7ccd742
Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 14:56:41 -07:00
e252fc2b15
Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst
2007-09-28 07:31:04 -07:00
5983f838e4
Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 15:18:28 -07:00
2940b2f998
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
c0215549f6
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
5f9effcd34
Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst.
2007-08-28 17:16:21 -07:00
3c0f9ef02f
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
681c6747e8
Bustage fix
2007-07-11 14:20:11 -07:00
6d7584839a
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
647cbff151
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
434b4cf8db
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
ec536a72cf
Make nsPrincipal::Equals compare codebases, not just certs, for certificate
...
principals. Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
baab01ada6
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
e7bb1b1c38
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
d98d9fdec5
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
d9f9d475bb
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
382b095c94
Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz
2007-01-26 04:33:02 +00:00
8a1b6c5e34
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
ad22de3c0c
Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz
2006-11-22 17:22:40 +00:00
6aa99d403b
Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz
2006-11-16 18:25:52 +00:00
730516b0a1
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
0a3a624149
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
74a2a1d30c
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
50e969de0c
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
dafdf0b1eb
Bug 337223: Don't expose moz-anno protocol to web pages.
...
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
e9379f3679
Remove special-casing of about:blank for security purposes; give about:blank
...
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
d3379f18b5
bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking
2006-06-27 00:56:41 +00:00
282ad6509b
Fiox the special-casing for about:blank to deal with it now being
...
moz-safe-about:blank as far as the security manager is concerned. Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
8cd320ad22
Allow about: modules to just set a flag to force script execution to be allowed
...
for particular about: URIs, instead of hardcoding checks in the security
manager. Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
4b3cf6e788
Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin
2006-06-20 03:17:41 +00:00
9a60679a4c
Save the principal in the session history entry so that reloading a data: URL
...
will do the right thing. Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs). Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00
9509962b32
Move the safe vs unsafe about: distinction out of the security manager and into
...
nsIAboutModule implementations. Bug 337746, r=dveditz, sr=darin
2006-06-19 21:02:12 +00:00
0f241835df
Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan.
2006-06-13 03:07:47 +00:00
98997f8669
Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan
2006-06-12 22:39:55 +00:00
65028a8035
Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan
2006-05-22 22:58:31 +00:00
f78182b042
Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst
2006-05-12 00:05:40 +00:00
6e7e8da8e6
Create our URIs by hand (since we have our own scheme), instead of going
...
through the ioService. Also fixes some threadsafety stuff. Bug 337513,
r=dveditz, sr=darin.
2006-05-11 16:06:35 +00:00
51a89a8b1e
bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and
...
associated code. These options do not really work anymore.
r=bsmedberg
2006-05-06 17:53:51 +00:00
3aaa1fe7df
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
a40420a6d3
Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst
2006-05-04 02:29:46 +00:00
4a94571cee
fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin
2006-05-02 19:33:09 +00:00
722b5218b2
Add an interface for nested URIs (like jar:, view-source:, etc) to implement
...
and use it in various places. Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:). Bug 334407, r=biesi,dveditz, sr=darin
2006-05-02 18:54:19 +00:00
000f1cb779
Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz
2006-04-25 03:24:43 +00:00
dffe9c89ad
Check rv before looking at port. Bug 334210, r+sr+branch181=jst
2006-04-17 23:19:44 +00:00
f15a96ed13
Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin
2006-04-17 23:13:33 +00:00
af73fbf542
Fix refcounting bug. Followup to bug 327176; reviews pending.
2006-04-05 16:48:51 +00:00
c44462a922
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
40f15bd48c
Init the system principal singleton when we init the security manager -- no
...
need for lazy init here. Bug 327176, r=mrbkap, sr=dveditz
2006-04-02 21:10:23 +00:00
25ab5fffef
Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
...
sr=dveditz
2006-04-02 20:58:26 +00:00
20837f71e1
fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron
2006-03-30 18:40:56 +00:00
9f0ff7ef3c
Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky
2006-03-15 11:03:25 +00:00
4cd1e2b280
Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin.
2006-03-15 04:59:42 +00:00
7e4ec9da94
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
1ce5986f6b
Bug 106386 Correct misspellings in source code
...
r=bernd rs=brendan
2006-02-23 09:36:43 +00:00
52c46b8f53
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
18fc300f0b
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
97bb5a58a9
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
f8625ded52
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
36b98a62ac
Fix debug code to assert the right thing. r=timeless
2006-02-14 20:20:49 +00:00
3b307aca09
Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver
2006-02-07 22:24:47 +00:00
c2d981f764
bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones
...
r+sr=darin
2006-02-03 14:18:39 +00:00
ded8422135
Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu
2005-11-29 06:00:36 +00:00
8f1863159b
Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org
2005-11-28 23:56:44 +00:00
db820cf720
Bug 106386 Correct misspellings in source code
...
patch by unknown@simplemachines.org r=timeless rs=brendan
2005-11-25 08:16:51 +00:00
9b7c8dae03
Bug 316077, r=annie.sullivan, sr=darin
...
Protocol handler allowing access to binary annotations.
2005-11-17 18:39:00 +00:00
f02076fb6f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
9efd50d7d5
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
d44ad313ae
Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
...
changes, sr=jst
2005-11-02 00:41:51 +00:00
44614095f4
Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2005-10-25 00:29:28 +00:00
b29c3a80b9
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
ca23c546c9
bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan
2005-10-14 18:57:26 +00:00
376ca84976
Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz
2005-09-30 03:30:40 +00:00
b7065e027d
Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky
2005-09-14 04:16:27 +00:00
c48f061d3c
Remove the security.checkloaduri preference. Please to be using the
...
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.
Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
7c0ee6b9d3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
72fafa8d29
Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan.
2005-08-25 11:51:42 +00:00
da7005ed5c
bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver
2005-08-22 05:09:11 +00:00
743b627878
Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz
2005-08-17 16:55:00 +00:00
bc9ebac033
Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
...
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
29ac1ad7b9
Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
...
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
9560fb68fc
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
0392b3384b
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
831f32feaa
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
c70e951ba6
Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa
2005-07-14 17:46:55 +00:00
deb9f0c764
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
2ad41d5c36
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
6127d03f79
bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay
2005-06-16 08:28:50 +00:00
97d3abd829
Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org
2005-06-09 01:11:21 +00:00
9c0955251d
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
4c7f9052d3
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
f636ebe0de
Fix bug 293671. r=caillon sr=dveditz a=asa
2005-05-12 18:26:41 +00:00
8ca0c03467
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
eb7002903b
Fix comment from last night to match today's code.
2005-05-04 18:58:24 +00:00
371b8140d2
Undo gist of last change for now, it breaks too much even though it's safer.
2005-05-04 16:19:31 +00:00
ea9fd4132c
Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).
2005-05-04 06:28:36 +00:00
7b45a8e4ba
Fix crashes when privilegeManager methods are called by setting our our param
...
on success return. Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
2005-04-12 05:13:26 +00:00
6d36e81b66
Do less addrefing of principals in the script security manager. Bug 289643,
...
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
bb7b3cd85f
Revert kludge, want a general fix.
2005-04-07 19:48:57 +00:00
b02c276f35
Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).
2005-04-07 02:22:24 +00:00
4efd7a5f8a
Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong
...
r=dveditz sr=dveditz
2005-03-29 03:12:12 +00:00
e171eaba9b
Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin.
2005-03-10 00:39:28 +00:00
06f479dff9
bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move
2005-03-08 17:21:36 +00:00
361daac936
Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector)
2005-02-25 20:46:35 +00:00
3a4edb10d6
Remove special-casing so non-chrome-principal pages, even with chrome: uris,
...
can have script disabled as needed. Bug 280120, r=peterv, sr=neil
2005-02-22 21:18:31 +00:00
92c940aa45
Bug 269661 make libpref not depend on caps
...
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
d30a1bda05
bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin
2005-02-02 07:17:53 +00:00
d9f747cca2
Add about:license and about:licence and make about: link to them. Bug 256945,
...
r=gerv, sr=darin
2005-01-23 21:02:36 +00:00
79241940e8
Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees.
2004-12-09 19:28:35 +00:00
ffa869708f
Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla
...
r=caillon sr=dveditz
2004-11-05 16:54:09 +00:00
b405b527b8
Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator]
...
r=dveditz sr=jst
2004-11-05 15:25:04 +00:00
1f629aef08
Make it possible to disable checkloaduri on a per-site basis instead of
...
disabling it globally. Bug 233108, r=caillon, sr=jst
2004-11-03 15:45:52 +00:00
f97343e1ac
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:53:35 +00:00
08b3a16535
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:34:58 +00:00
e67c6e5dcf
Improve enablePrivilege confirmation dialog text and presentation, sanity-check
...
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00
765d4043a5
removing myself from DEBUG_CAPS_HACKER list
2004-07-10 19:38:28 +00:00
0f4150a4e5
Bug 226439. Convert codebase to use AppendLiteral/AssignLiteral/LowerCaseEqualsLiteral. r+sr=darin
2004-06-17 00:13:25 +00:00
914def148f
fix DEBUG_CAPS_HACKER bustage due to bug 240106
...
r=caillon sr=darin
2004-06-16 15:58:22 +00:00
e66742e59c
bug 162020 option to delay enabling confirmation buttons r=mkaply,sr=sspitzer
2004-06-05 09:26:01 +00:00
348998da9e
#239580
...
r=danm, sr=dveditz
Extend ConfirmEx to allow setting the default button - change default button for script security to no
2004-05-24 13:33:51 +00:00
0e3ff503fb
Bug 226439. Convert Seamonkey to EqualsLiteral. rs=darin
2004-05-22 22:15:22 +00:00
4ede76717e
Add a version of CheckLoadURI that takes a source principal instead of a source
...
URI. Update a bunch of callers to use it. Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
642f7ede36
deCOMtaminate nsIScriptObjectPrincipal (bug 240745). This also fixes some code in nsCrypto.cpp that sems to have been mis-braced (I don't think it was working as intended). r+sr=jst.
2004-04-18 00:28:47 +00:00
9d2ee4928c
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
6ad20397bf
Bug 235504 Remove nsCString::EqualsWithConversion(const char*)
...
r=darin sr=dbaron
2004-04-14 20:09:30 +00:00
2ee27045ba
Backing out the fix for bug 235457 since it made typing URLs, and autocomplete in the the URL bar not work.
2004-03-16 19:06:10 +00:00
e1913b1f1e
Fixing bug 235457. Make new windows opened through window.open be opened on the context of the opener, and make caps not lie about when capabilities are enabled. r=danm-moz@comcast.net, r=caillon@aillon.org, sr=brendan@mozilla.org, a=dbaron@dbaron.org
2004-03-16 06:57:54 +00:00
2081246472
one more tweak, r=caillon
2004-03-06 20:54:47 +00:00
344f084a76
making this sound less like it's PSM, rs=caillon
2004-03-06 20:47:21 +00:00
c380c59f65
landing dbaron's patch for bug 235735 "fix callers that cast away const on result of ns[C]String::get" r+sr=darin
2004-02-28 22:34:07 +00:00
f6875e2d3c
fixes bug 234916 "Remove global/static NS_NAMED_LITERAL_C?STRING usage [was: Firefox crashes on startup on Mac OS X]" r=jst sr=dbaron
2004-02-25 02:08:34 +00:00
505c634885
Fixing bug 233307. deCOMtaminating nsIScript* and related interfaces. r+sr=bryner@brianryner.com.
2004-02-09 22:48:53 +00:00
d0f309943a
Continuing to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 13:37:00 +00:00
274ef7cd49
Beginning to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 01:22:31 +00:00
6394a7f9f8
Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz
2003-12-19 21:51:37 +00:00
56dbd77c06
Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp
...
r=caillon@aillon.org , sr=brendan@mozilla.org , a=brendan@mozilla.org
2003-12-15 18:16:09 +00:00
c8e5f51fe0
227079 - Mozilla asks for security privileges where it shouldn't
...
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron
2003-12-04 02:14:07 +00:00
7809adca33
Fix missing cx param problem (223041, r=caillon, sr=dbaron).
2003-11-03 04:26:55 +00:00
6139d85dae
Work around bustage. Temporary fix. b=223041
2003-11-02 02:31:53 +00:00
6ea484e8b7
Permit content to link to about:logo
...
Bug 223293; r=timeless sr=jst
2003-10-30 01:35:09 +00:00
66caced69a
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
4878fd7a5e
Better version of last change, thanks to caillon for reminding me.
2003-09-28 04:55:50 +00:00
3915f74063
Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz).
2003-09-28 04:44:33 +00:00
4038563cd9
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
a7aa61013a
about:about
...
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net
2003-09-13 19:35:59 +00:00
06fe994577
Fix build on gcc 3.4 by removing extra semicolons (bug 218551). r/sr=dbaron, a=brendan.
2003-09-07 21:37:51 +00:00
f8e8aed8a7
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
ae4593bec0
Bug 216234
...
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org
2003-08-20 00:40:13 +00:00
1b51ba858c
Set MODULE in makefiles at the top of a heirarchy so that module-deps lists are more precise and builds will have the proper order if some subdirs contain other modules.
2003-08-16 00:42:35 +00:00
c2d2462e51
Bug 214949
...
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com
2003-08-10 02:26:11 +00:00
b7cdb7debb
Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron).
2003-08-05 20:09:21 +00:00
4572ef1a55
Adding comments, per bzbarsky. bug 214050.
2003-07-29 19:03:00 +00:00
dac741004a
Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050.
2003-07-29 09:07:43 +00:00
b6f6ad74ba
Bug 214050
...
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
2003-07-29 05:28:00 +00:00
25a56a0d4b
Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536.
...
r=timeless,sr=bzbarsky on IRC.
2003-07-27 07:00:25 +00:00
007e7d68ad
213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue]
...
r+sr+caillonIsStupid=bzbarsky@mit.edu
2003-07-27 04:08:48 +00:00
728cd6526c
Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability.
...
r+sr=bzbarsky@mit.edu
2003-07-25 19:23:17 +00:00
b7fd1c6840
Ports bustage - remove NS_COM per bsmedberg
2003-07-24 18:58:30 +00:00
91b7c60bee
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
beb45866ed
Removing extra ^M. Fixing Irix cc bustage
2003-06-28 05:15:41 +00:00
524a20845d
Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com
2003-06-27 03:10:49 +00:00
66730e2ca7
Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).
...
bustage (const char*)
sr=jst
2003-06-26 03:27:01 +00:00
ddc015e3b7
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
abefba9053
Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com
2003-06-24 21:43:01 +00:00
b2badfa9f7
Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded.
...
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
2003-06-18 23:48:57 +00:00
85570db892
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
97649bab86
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00
b28ce0a530
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 20:12:33 +00:00
a069087dd4
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:56:38 +00:00
e3a6a4edfc
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:51:34 +00:00
fc043d1270
Bug 207328 @mozilla.org/scriptsecuritymanager;1 isn't registering itself correctly as an app-startup observer service
...
r=mstoltz sr=alecf
2003-05-29 04:27:03 +00:00
11919bb299
Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki.
2003-05-28 23:22:36 +00:00
270d3909ca
bug 100649: Length() being used where IsEmpty() is meant
...
treewide changes to convert incorrect usages of string.Length() to string.IsEmpty().
thanks to afatecha@idea.com.py (Ariel Fatecha) for the patch. r=dwitte, sr=jst.
got the ok from Asa to land into a closed tree.
2003-05-23 21:34:47 +00:00
5761ad14e3
bug 205538 - Use hyphens instead of underscores in caps prefs for CID's. r=adamlock, sr=alecf, a=asa
2003-05-20 14:19:05 +00:00
72ec343461
Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org
2003-05-12 22:23:52 +00:00
710c694ac3
Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa).
2003-05-09 00:40:50 +00:00
myk@mozilla.org
jonas@sicking.cc
Olli.Pettay@helsinki.fi
reed@reedloden.com
jst@mozilla.org
benjamin@smedbergs.us
dwitte@stanford.edu
timeless@mozdev.org
mrbkap@gmail.com
philringnalda@gmail.com
tglek@mozilla.com
bzbarsky@mit.edu
dveditz@cruzio.com
bent.mozilla@gmail.com
sdwilsh@shawnwilsher.com
jwalden@mit.edu
dbaron@dbaron.org
hg@mozilla.com
bzbarsky%mit.edu
gavin%gavinsharp.com
sayrer%gmail.com
cbiesinger%web.de
pkasting%google.com
dveditz%cruzio.com
mhammond%skippinet.com.au
mrbkap%gmail.com
igor%mir2.org
darin%meer.net
martijn.martijn%gmail.com
bryner%brianryner.com
timeless%mozdev.org
jst%mozilla.jstenback.com
brettw%gmail.com
dbaron%dbaron.org
dougt%meer.net
peterv%propagandism.org
mconnor%steelgryphon.com
bsmedberg%covad.net
brendan%mozilla.org
gandalf%firefox.pl
jshin%mailaps.org
roc+%cs.cmu.edu
mkaply%us.ibm.com
gerv%gerv.net
neil%parkwaycc.co.uk
pkw%us.ibm.com
caillon%returnzero.com
cls%seawood.org
seawood%netscape.com
jst%netscape.com
mstoltz%netscape.com
harishd%netscape.com
dwitte%stanford.edu
dbradley%netscape.com