caillon%returnzero.com
b443430dc8
184257 - Updating pref callers. r=timeless sr=bzbarsky
2003-01-08 08:40:41 +00:00
seawood%netscape.com
4588fb970a
Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
...
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
mstoltz%netscape.com
291b95491f
Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
...
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
seawood%netscape.com
8ae6c40f5d
Removing old nmake build makefiles. Bug #158528 r=pavlov
2002-08-10 07:55:43 +00:00
sicking%bigfoot.com
b2160d158c
Use principals instead of URIs for same-origin checks.
...
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
5bd0d2e2f1
Bug 154930 - If one page has explicitly set document.domain and another has not,
...
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
mstoltz%netscape.com
c55abc30d5
Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
...
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
mstoltz%netscape.com
76d3ee501f
133170 - Need to re-check host for security on a redirect after a call to
...
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
mstoltz%netscape.com
310147212f
A bunch of fixes in caps:
...
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)
All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
mstoltz%netscape.com
5db3c92b53
Bug 127938 - chrome scripts should be exempt from the security check put in for
...
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
c9cc21b1f1
partially backing out my last change - weird dependency problem
2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
7b15894b8c
32571, present confirmation dialog before allowing scripts to close windows.
...
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
2002-02-26 04:50:21 +00:00
mcafee%netscape.com
dbe661a6ae
Backing out mstoltz. r=dbaron,jrgm
2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
7446e86422
Bug 105050 - return null window.opener to scripts if opener is a mail window.
...
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
2002-02-19 01:09:45 +00:00
mstoltz%netscape.com
13c8dad931
Bug 119646 - Rewrite of the security manager policy database for improved
...
performance. r=jst, sr=jband.
2002-02-13 04:20:46 +00:00
gerv%gerv.net
2cab766559
License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/.
2001-09-25 01:03:58 +00:00
gerv%gerv.net
2a80f3fea9
Oops.
2001-09-20 00:02:59 +00:00
scc%mozilla.org
63e86dc84f
bug #98089 : ripped new license
2001-09-19 20:09:47 +00:00
brendan%mozilla.org
8c7c819206
FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver.
2001-07-31 19:05:34 +00:00
mstoltz%netscape.com
50f00fbc78
Bug 77485 - defining a function in another window using a targeted javascript:
...
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
2001-07-13 07:08:26 +00:00
ddrinan%netscape.com
a86397a93a
PCKS7 implementation for signed JS. Bug# 82227 r=mstoltz@netscape.com,sr=blizzard@mozilla.org,a=blizzard@mozilla.org
2001-05-23 22:06:43 +00:00
mstoltz%netscape.com
edf3f8a6e9
Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst.
2001-05-19 00:33:51 +00:00
blizzard%redhat.com
e1e5c32a99
Back out mstoltz because of blocker bug #81629 . Original bugs were 47905 79775.
2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
201736a175
Bug 47905 - adding security check for XMLHttpRequest.open.
...
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com , sr=jst@netscape.com
Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com , sr=jst@netscape.com
2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
d0f2b845b9
Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com,
...
sr=brendan@mozilla.org
2001-05-11 00:43:27 +00:00
jst%netscape.com
adf1d8320a
Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com.
2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
c302defdcd
More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).
...
r=beard, sr=hyatt
2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
b26a1f0451
Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi.
...
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.
2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
6672d1a27a
bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan
2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
d1ff4c4a38
Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband.
2001-01-27 01:42:20 +00:00
mstoltz%netscape.com
3161a54c16
Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan.
...
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan
2000-11-07 01:14:08 +00:00
mstoltz%netscape.com
99a2b79580
Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc
2000-10-13 22:59:47 +00:00
rayw%netscape.com
6cc70ebd6c
Bug 37275, Changing value of all progids, and changing everywhere a progid
...
is mentioned to mention a contractid, including in identifiers.
r=warren
2000-09-13 23:57:52 +00:00
mstoltz%netscape.com
88846ce93b
Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor
2000-08-22 02:06:52 +00:00
jband%netscape.com
02b25f73f7
fix bug 47410. Allow JS components to implement nsISecurityCheckedComponent and have sidebar componnet implement it to allow access from untrusted scripts. a=brendan@mozilla.org a=johng@netscape.com
2000-08-08 23:59:32 +00:00
vidur%netscape.com
b22731f07d
Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur
2000-06-23 14:32:38 +00:00
joki%netscape.com
ac67aba0ee
Part of fix for 38117, prevent scripts from running event handlers on windows from other domains. r:mstoltz
2000-06-21 00:21:50 +00:00
warren%netscape.com
958ed96edd
Renaming nsIAllocator to nsIMemory (and nsAllocator to nsMemory). API cleanup/freeze. Bug #18433
2000-06-03 09:46:12 +00:00
mstoltz%netscape.com
3ec39eeed8
Removing archive attribute from nsCertificatePrincipal. This will not be used.
2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
ecc9b44676
Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack.
2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
0f88b44d07
Removed dependency of libjar on psm-glue, bug 36853. Fixed out parameter type problem in PSMComponent::HashEnd
2000-05-10 01:49:33 +00:00
mstoltz%netscape.com
2483630a16
Added archive attribute to nsICertificatePrincipal...part of fix for 37481.
2000-05-01 23:39:51 +00:00
mstoltz%netscape.com
4794c651b5
Fixes for 27010, 32878, and 32948.
2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
200b920525
Backing out changes until I can figure out why it's crashing on startup.
2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
9ac7780368
Fixes for bugs 27010, 32878, 32948.
2000-04-23 20:30:29 +00:00
norris%netscape.com
a3caa18f07
Fix
...
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
2000-04-14 03:14:53 +00:00
mstoltz%netscape.com
72ad6e26bf
Fixed bug 30915 using nsAggregatePrincipal. r=norris
2000-03-31 00:31:18 +00:00
norris%netscape.com
c19429e137
Adding nsAggregatePrincipal support. r=norris
2000-03-21 04:05:35 +00:00
norris%netscape.com
b06e55722c
Files:
...
caps/idl/nsICertificatePrincipal.idl
caps/idl/nsIPrincipal.idl
caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com
Files:
caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com
Files:
caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com
Files:
dom/public/nsDOMPropEnums.h
dom/public/nsDOMPropNames.h
dom/src/base/nsGlobalWindow.cpp
modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com
Files:
dom/src/base/nsJSUtils.cpp
dom/src/base/nsJSUtils.h
dom/src/base/nsJSEnvironment.cpp
dom/tools/JSStubGen.cpp
layout/base/src/nsDocument.cpp
layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com
Files:
layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
2000-03-11 06:32:42 +00:00
norris%netscape.com
3d5f67908e
Fix 28612 META Refresh allowed in Mail/News
...
r=mstoltz,a=jar
Fix 28658 File upload vulnerability
r=vidur,a=jar
2000-02-23 22:34:40 +00:00