bzbarsky%mit.edu
d44ad313ae
Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
...
changes, sr=jst
2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com
44614095f4
Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu
b29c3a80b9
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
mrbkap%gmail.com
ca23c546c9
bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan
2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu
376ca84976
Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz
2005-09-30 03:30:40 +00:00
dbaron%dbaron.org
b7065e027d
Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky
2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu
c48f061d3c
Remove the security.checkloaduri preference. Please to be using the
...
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.
Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
dougt%meer.net
7c0ee6b9d3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
peterv%propagandism.org
72fafa8d29
Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan.
2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com
da7005ed5c
bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver
2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com
743b627878
Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz
2005-08-17 16:55:00 +00:00
timeless%mozdev.org
bc9ebac033
Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
...
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
timeless%mozdev.org
29ac1ad7b9
Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
...
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
timeless%mozdev.org
9560fb68fc
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
0392b3384b
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
timeless%mozdev.org
831f32feaa
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
c70e951ba6
Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa
2005-07-14 17:46:55 +00:00
brendan%mozilla.org
deb9f0c764
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
timeless%mozdev.org
2ad41d5c36
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com
6127d03f79
bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay
2005-06-16 08:28:50 +00:00
jst%mozilla.jstenback.com
97d3abd829
Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org
2005-06-09 01:11:21 +00:00
timeless%mozdev.org
9c0955251d
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
dougt%meer.net
4c7f9052d3
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
f636ebe0de
Fix bug 293671. r=caillon sr=dveditz a=asa
2005-05-12 18:26:41 +00:00
dbaron%dbaron.org
8ca0c03467
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
brendan%mozilla.org
eb7002903b
Fix comment from last night to match today's code.
2005-05-04 18:58:24 +00:00
brendan%mozilla.org
371b8140d2
Undo gist of last change for now, it breaks too much even though it's safer.
2005-05-04 16:19:31 +00:00
brendan%mozilla.org
ea9fd4132c
Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).
2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
7b45a8e4ba
Fix crashes when privilegeManager methods are called by setting our our param
...
on success return. Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu
6d36e81b66
Do less addrefing of principals in the script security manager. Bug 289643,
...
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
brendan%mozilla.org
bb7b3cd85f
Revert kludge, want a general fix.
2005-04-07 19:48:57 +00:00
brendan%mozilla.org
b02c276f35
Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).
2005-04-07 02:22:24 +00:00
timeless%mozdev.org
4efd7a5f8a
Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong
...
r=dveditz sr=dveditz
2005-03-29 03:12:12 +00:00
bryner%brianryner.com
e171eaba9b
Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin.
2005-03-10 00:39:28 +00:00
gandalf%firefox.pl
06f479dff9
bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move
2005-03-08 17:21:36 +00:00
bsmedberg%covad.net
361daac936
Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector)
2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu
3a4edb10d6
Remove special-casing so non-chrome-principal pages, even with chrome: uris,
...
can have script disabled as needed. Bug 280120, r=peterv, sr=neil
2005-02-22 21:18:31 +00:00
cbiesinger%web.de
92c940aa45
Bug 269661 make libpref not depend on caps
...
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
jshin%mailaps.org
d30a1bda05
bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin
2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
d9f747cca2
Add about:license and about:licence and make about: link to them. Bug 256945,
...
r=gerv, sr=darin
2005-01-23 21:02:36 +00:00
bsmedberg%covad.net
79241940e8
Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees.
2004-12-09 19:28:35 +00:00
timeless%mozdev.org
ffa869708f
Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla
...
r=caillon sr=dveditz
2004-11-05 16:54:09 +00:00
timeless%mozdev.org
b405b527b8
Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator]
...
r=dveditz sr=jst
2004-11-05 15:25:04 +00:00
bzbarsky%mit.edu
1f629aef08
Make it possible to disable checkloaduri on a per-site basis instead of
...
disabling it globally. Bug 233108, r=caillon, sr=jst
2004-11-03 15:45:52 +00:00
jst%mozilla.jstenback.com
f97343e1ac
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:53:35 +00:00
jst%mozilla.jstenback.com
08b3a16535
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:34:58 +00:00
dveditz%cruzio.com
e67c6e5dcf
Improve enablePrivilege confirmation dialog text and presentation, sanity-check
...
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00
cbiesinger%web.de
765d4043a5
removing myself from DEBUG_CAPS_HACKER list
2004-07-10 19:38:28 +00:00
roc+%cs.cmu.edu
0f4150a4e5
Bug 226439. Convert codebase to use AppendLiteral/AssignLiteral/LowerCaseEqualsLiteral. r+sr=darin
2004-06-17 00:13:25 +00:00
cbiesinger%web.de
914def148f
fix DEBUG_CAPS_HACKER bustage due to bug 240106
...
r=caillon sr=darin
2004-06-16 15:58:22 +00:00
dveditz%cruzio.com
e66742e59c
bug 162020 option to delay enabling confirmation buttons r=mkaply,sr=sspitzer
2004-06-05 09:26:01 +00:00
mkaply%us.ibm.com
348998da9e
#239580
...
r=danm, sr=dveditz
Extend ConfirmEx to allow setting the default button - change default button for script security to no
2004-05-24 13:33:51 +00:00
roc+%cs.cmu.edu
0e3ff503fb
Bug 226439. Convert Seamonkey to EqualsLiteral. rs=darin
2004-05-22 22:15:22 +00:00
bzbarsky%mit.edu
4ede76717e
Add a version of CheckLoadURI that takes a source principal instead of a source
...
URI. Update a bunch of callers to use it. Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
bryner%brianryner.com
642f7ede36
deCOMtaminate nsIScriptObjectPrincipal (bug 240745). This also fixes some code in nsCrypto.cpp that sems to have been mis-braced (I don't think it was working as intended). r+sr=jst.
2004-04-18 00:28:47 +00:00
gerv%gerv.net
9d2ee4928c
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
cbiesinger%web.de
6ad20397bf
Bug 235504 Remove nsCString::EqualsWithConversion(const char*)
...
r=darin sr=dbaron
2004-04-14 20:09:30 +00:00
jst%mozilla.jstenback.com
2ee27045ba
Backing out the fix for bug 235457 since it made typing URLs, and autocomplete in the the URL bar not work.
2004-03-16 19:06:10 +00:00
jst%mozilla.jstenback.com
e1913b1f1e
Fixing bug 235457. Make new windows opened through window.open be opened on the context of the opener, and make caps not lie about when capabilities are enabled. r=danm-moz@comcast.net, r=caillon@aillon.org, sr=brendan@mozilla.org, a=dbaron@dbaron.org
2004-03-16 06:57:54 +00:00
cbiesinger%web.de
2081246472
one more tweak, r=caillon
2004-03-06 20:54:47 +00:00
cbiesinger%web.de
344f084a76
making this sound less like it's PSM, rs=caillon
2004-03-06 20:47:21 +00:00
darin%meer.net
c380c59f65
landing dbaron's patch for bug 235735 "fix callers that cast away const on result of ns[C]String::get" r+sr=darin
2004-02-28 22:34:07 +00:00
darin%meer.net
f6875e2d3c
fixes bug 234916 "Remove global/static NS_NAMED_LITERAL_C?STRING usage [was: Firefox crashes on startup on Mac OS X]" r=jst sr=dbaron
2004-02-25 02:08:34 +00:00
jst%mozilla.jstenback.com
505c634885
Fixing bug 233307. deCOMtaminating nsIScript* and related interfaces. r+sr=bryner@brianryner.com.
2004-02-09 22:48:53 +00:00
bsmedberg%covad.net
d0f309943a
Continuing to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 13:37:00 +00:00
bsmedberg%covad.net
274ef7cd49
Beginning to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 01:22:31 +00:00
neil%parkwaycc.co.uk
6394a7f9f8
Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz
2003-12-19 21:51:37 +00:00
pkw%us.ibm.com
56dbd77c06
Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp
...
r=caillon@aillon.org , sr=brendan@mozilla.org , a=brendan@mozilla.org
2003-12-15 18:16:09 +00:00
caillon%returnzero.com
c8e5f51fe0
227079 - Mozilla asks for security privileges where it shouldn't
...
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron
2003-12-04 02:14:07 +00:00
brendan%mozilla.org
7809adca33
Fix missing cx param problem (223041, r=caillon, sr=dbaron).
2003-11-03 04:26:55 +00:00
dbaron%dbaron.org
6139d85dae
Work around bustage. Temporary fix. b=223041
2003-11-02 02:31:53 +00:00
caillon%returnzero.com
6ea484e8b7
Permit content to link to about:logo
...
Bug 223293; r=timeless sr=jst
2003-10-30 01:35:09 +00:00
caillon%returnzero.com
66caced69a
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
brendan%mozilla.org
4878fd7a5e
Better version of last change, thanks to caillon for reminding me.
2003-09-28 04:55:50 +00:00
brendan%mozilla.org
3915f74063
Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz).
2003-09-28 04:44:33 +00:00
brendan%mozilla.org
4038563cd9
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
caillon%returnzero.com
a7aa61013a
about:about
...
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net
2003-09-13 19:35:59 +00:00
bryner%brianryner.com
06fe994577
Fix build on gcc 3.4 by removing extra semicolons (bug 218551). r/sr=dbaron, a=brendan.
2003-09-07 21:37:51 +00:00
caillon%returnzero.com
f8e8aed8a7
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com
ae4593bec0
Bug 216234
...
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org
2003-08-20 00:40:13 +00:00
cls%seawood.org
1b51ba858c
Set MODULE in makefiles at the top of a heirarchy so that module-deps lists are more precise and builds will have the proper order if some subdirs contain other modules.
2003-08-16 00:42:35 +00:00
caillon%returnzero.com
c2d2462e51
Bug 214949
...
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com
2003-08-10 02:26:11 +00:00
brendan%mozilla.org
b7cdb7debb
Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron).
2003-08-05 20:09:21 +00:00
caillon%returnzero.com
4572ef1a55
Adding comments, per bzbarsky. bug 214050.
2003-07-29 19:03:00 +00:00
caillon%returnzero.com
dac741004a
Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050.
2003-07-29 09:07:43 +00:00
caillon%returnzero.com
b6f6ad74ba
Bug 214050
...
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
2003-07-29 05:28:00 +00:00
caillon%returnzero.com
25a56a0d4b
Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536.
...
r=timeless,sr=bzbarsky on IRC.
2003-07-27 07:00:25 +00:00
caillon%returnzero.com
007e7d68ad
213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue]
...
r+sr+caillonIsStupid=bzbarsky@mit.edu
2003-07-27 04:08:48 +00:00
caillon%returnzero.com
728cd6526c
Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability.
...
r+sr=bzbarsky@mit.edu
2003-07-25 19:23:17 +00:00
mkaply%us.ibm.com
b7fd1c6840
Ports bustage - remove NS_COM per bsmedberg
2003-07-24 18:58:30 +00:00
caillon%returnzero.com
91b7c60bee
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
seawood%netscape.com
beb45866ed
Removing extra ^M. Fixing Irix cc bustage
2003-06-28 05:15:41 +00:00
jst%netscape.com
524a20845d
Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com
2003-06-27 03:10:49 +00:00
timeless%mozdev.org
66730e2ca7
Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).
...
bustage (const char*)
sr=jst
2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
ddc015e3b7
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
jst%netscape.com
abefba9053
Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com
2003-06-24 21:43:01 +00:00
caillon%returnzero.com
b2badfa9f7
Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded.
...
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
2003-06-18 23:48:57 +00:00
harishd%netscape.com
85570db892
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
seawood%netscape.com
97649bab86
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00