Граф коммитов

903 Коммитов

Автор SHA1 Сообщение Дата
Peter Van der Beken 7e4509caf0 Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange. 2009-10-08 13:41:44 -07:00
Taras Glek 9ec79636b9 Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz 2009-10-08 11:22:50 -07:00
Peter Van der Beken 352b573e65 Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
--HG--
extra : rebase_source : 95898b5ab53d60200058374c52cdb8161aabf78b
2009-09-18 12:43:48 +02:00
Blake Kaplan d4fee93d17 Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz 2009-08-21 18:20:20 -07:00
Igor Bukanov 33dbce57f4 bug 513190 - avoiding jsint tagging of the private slot data. r=jorendorff 2009-09-05 19:59:11 +04:00
Benjamin Smedberg 28fb767bd1 Followup to bug 398573 - remove REQUIRES from the tree since it is no longer used... automatically generated patch, rs=ted 2009-08-25 08:59:31 -07:00
Taras Glek ca66146094 Bug 468011 - Combine all chrome into browser+toolkit jars. r=bsmedberg 2009-08-14 09:32:40 -07:00
Blake Kaplan e743fef6ce Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky 2009-08-06 20:26:33 -07:00
Boris Zbarsky 6df0ded0a0 Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst 2009-07-26 21:27:33 -04:00
David Zbarsky 78b1e53099 Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg 2009-07-29 13:54:44 -04:00
Boris Zbarsky 6b45f824b8 Backed out changeset b55e7e3c0bfb to see whether bug 495176 might be causing the WinXP Txul regression
--HG--
extra : rebase_source : c854c6a8afad67c583ff08e23bbac27cbf99c0cd
2009-07-28 14:34:01 -04:00
Boris Zbarsky a3eb1b8f00 Backed out changeset 9d5e247b5052 to see whether bug 495176 might be causing
the WinXP Txul regression.

--HG--
extra : rebase_source : 41a0fe73ec43dff97ada391db29dc121fb677403
2009-07-28 14:32:45 -04:00
Boris Zbarsky c2678217a6 Fixing crashes during tests by null-checking the principal URI as appropriate. Bug 495176 2009-07-26 23:21:01 -04:00
Boris Zbarsky a781668371 Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst 2009-07-26 21:27:33 -04:00
Peter Van der Beken a4b3ca413c Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap. 2009-05-12 22:20:42 +02:00
Johnny Stenback fae33caf0b Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org 2009-06-30 15:55:16 -07:00
Arpad Borsos 77b21ab250 Back out b8e531a6c961 (Bug 474369), it really did cause the windows dhtml regression
--HG--
extra : rebase_source : 568114bcfc5a7710d9e2c2fe5e234fa190bebba1
2009-06-16 14:38:51 +02:00
Olli Pettay 9da6f0843d Bug 489561 - nsPrincipal should cache nsIPrefBranch and codebase_principal_support pref, r+sr=dveditz, +comments from bz 2009-06-16 14:00:06 +03:00
Arpad Borsos a19520a847 Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 2009-05-07 17:15:26 +02:00
Phil Ringnalda d8bb463da6 Bug 495021 - CAPS unconditionally builds tests, r=shaver 2009-06-13 11:53:38 -07:00
Blake Kaplan 57001fe1d3 Bug 441714 - Protect caps against SJOWs. r+sr=dveditz 2009-06-12 14:38:05 -07:00
Arpad Borsos f935ad0919 Back out bug 474369, suspected of causing dhtml and tp3 regression 2009-06-12 23:20:55 +02:00
Arpad Borsos 2c38117932 Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
--HG--
extra : rebase_source : 2f40cba97555521222512c7cd793c2a2adcca333
2009-05-07 17:15:26 +02:00
Boris Zbarsky 31374e7985 Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap 2009-05-21 15:46:05 -04:00
Boris Zbarsky 32f8ab9ba2 Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap 2009-05-20 21:49:42 -04:00
Boris Zbarsky cdb23d519f Bug 410486. Fix test failures due to the exception message getting truncated. 2009-05-20 00:57:37 -04:00
timeless@mozdev.org 0b0aa1df9f Bug 410486. Make sure to be in a request when reporting a pending exception. r=dveditz, sr=mrbkap. 2009-05-19 22:11:01 -04:00
Dave Townsend ca9fcef56b Backed out changeset 461d728271d1 2009-05-19 13:51:18 +01:00
Arpad Borsos 996e06a4de Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 2009-05-07 17:15:26 +02:00
Blake Kaplan 8434b97074 Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst 2009-05-14 15:17:56 -07:00
Blake Kaplan ea991f3d87 Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky 2009-05-13 15:01:01 -07:00
L. David Baron bd3965a189 Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer 2009-05-06 13:46:04 -07:00
Blake Kaplan 4cf6c7e06d Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky 2009-04-23 00:21:22 -07:00
Mook 41a2954729 Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz 2009-02-26 18:31:17 +01:00
Dan Mosedale 4455c2f606 Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky 2009-02-17 20:32:57 -08:00
Daniel Holbert c755eee8e7 Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg 2009-01-21 22:55:08 -08:00
timeless@mozdev.org 3945a87217 Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal
r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
timeless@mozdev.org 52befe11f9 Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz 2009-01-01 15:45:23 -08:00
Phil Ringnalda 064f4c312e Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz 2009-01-01 15:45:23 -08:00
Tyler Downer 5e37f4a34d Bug 471146 - remove old CAPS readme (already on devmo); r=brendan 2009-01-01 14:56:44 +01:00
Boris Zbarsky a1423a6cb2 Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking 2008-11-25 20:50:04 -05:00
Phil Ringnalda 5ac69655c0 Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg 2008-11-03 19:46:28 -08:00
Blake Kaplan 2a70d25292 Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky 2008-10-22 13:15:22 -07:00
Ben Newman 51166f0670 Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky 2008-10-16 10:56:51 -04:00
Igor Bukanov 03e5a590d8 Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap 2008-10-14 16:16:25 +02:00
Arpad Borsos 4460c617be Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan 2008-10-10 17:04:34 +02:00
Blake Kaplan c7b33da903 Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky 2008-10-08 15:05:25 -07:00
Ben Newman 57bfef064c Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky 2008-10-08 09:16:27 -04:00
David Bienvenu 45b2f90a31 bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose 2008-09-21 15:21:07 -07:00
David Bienvenu 7d671703d7 temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943 2008-09-20 08:14:14 -07:00
Arpad Borsos 2cc3af109a Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla) 2008-09-07 00:21:43 +02:00
Ben Turner 7ce8e92dd3 Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst. 2008-09-05 16:26:04 -07:00
Ben Turner 1769bcd5cb Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap. 2008-09-04 15:52:20 -07:00
Jason Orendorff 1d1eeba8b2 Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst) 2008-08-30 18:58:36 -05:00
Shawn Wilsher 89e7a45e7a Bug 452486 - Create components when we actually have a profile
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas bfba5f3a4f Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-27 18:15:32 -07:00
Shawn Wilsher da4a22bc6f Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp a66645593d Backed out changeset 1e3d4775197a (bug 442812) 2008-08-19 22:52:05 -07:00
Honza Bambas 8bcb74a0dc Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-19 19:31:08 -07:00
Boris Zbarsky 29358ba272 Bug 434522 follow-up bustage fix. 2008-07-28 23:37:58 -07:00
Boris Zbarsky e4b0ef9232 Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking 2008-07-28 23:10:05 -07:00
Boris Zbarsky f240a67b8b Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst 2008-07-28 23:03:19 -07:00
jonas@sicking.cc bb2529b51f Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com 248bcdd278 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 01:50:51 -07:00
dveditz@cruzio.com 447fc8ce13 tests for bug 292789 -- forgot during checkin 2008-04-12 17:55:45 -07:00
dveditz@cruzio.com 36727be489 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 14:26:19 -07:00
jonas@sicking.cc b245f0fae8 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
igor@mir2.org e52789403a [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 03:34:29 -07:00
igor@mir2.org a76bfc82c0 [bug 424376] backing out - too much compatibility problems. 2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu 65811eb5e4 Fix bug 421228. r+sr=sicking 2008-03-27 20:46:15 -07:00
igor@mir2.org 07f1893244 bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API. 2008-03-23 03:16:40 -07:00
jst@mozilla.org f70c22ca8a Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 09:50:47 -07:00
igor@mir2.org 01d0387418 bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject 2008-03-21 01:19:23 -07:00
jst@mozilla.org 6d3a0d05b3 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-20 23:01:55 -07:00
jst@mozilla.org 739205fc4a Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-20 21:39:08 -07:00
shaver@mozilla.org 4a1af49d46 Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor. 2008-03-20 01:19:15 -07:00
shaver@mozilla.org 1c8789bdbf Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 15:14:51 -07:00
shaver@mozilla.org 16f84858f6 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave. 2008-03-19 14:26:09 -07:00
jonas@sicking.cc 585b681349 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu df31fc12aa Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com 43c5ec54b7 Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 07:10:48 -07:00
timeless@mozdev.org 696c60aeae Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver 2008-03-11 10:30:23 -07:00
reed@reedloden.com 03bd4aa789 Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc 498741eb4c Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org ce1fde4562 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc f3eb926449 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi ef5fceaa12 Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 04:40:18 -08:00
reed@reedloden.com de0fd36632 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 00:59:20 -08:00
jonas@sicking.cc 641b42bbcf Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 00:16:54 -08:00
jst@mozilla.org 73b6de93fa Fixing bustage. 2008-01-29 13:11:24 -08:00
jst@mozilla.org b8a6474030 Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
jst@mozilla.org 0a1e95b8b6 Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 09:51:38 -08:00
jst@mozilla.org dd9c7f529c Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us a31eb73709 Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
dwitte@stanford.edu ae0034832c thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 20:30:42 -08:00
dwitte@stanford.edu 6ba4acd13f partial backout in an attempt to fix orange. 2008-01-11 02:08:58 -08:00
dwitte@stanford.edu 18cd35ef9d relanding bug 410250. 2008-01-11 01:13:04 -08:00
dwitte@stanford.edu d1d1599403 backing out to fix orange. 2008-01-10 20:59:44 -08:00
dwitte@stanford.edu 3aff67fa2b thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-10 19:56:00 -08:00
timeless@mozdev.org 6558516560 Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep 2008-01-06 06:53:24 -08:00
mrbkap@gmail.com b46234fd91 Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-04 17:32:23 -08:00
jst@mozilla.org 6d7a04555f Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
mrbkap@gmail.com cb4075c49b XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 11:06:29 -08:00
jst@mozilla.org 69192344bd Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
philringnalda@gmail.com 59d7e63624 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-12 19:23:17 -08:00
tglek@mozilla.com 8a32454ea9 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 13:47:11 -08:00
jonas@sicking.cc ebee2dc0d9 bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu a892964caa Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore 2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu 926abc513f Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst 2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu 1512235b94 Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst 2007-09-17 15:18:28 -07:00
dveditz@cruzio.com 482ae113d1 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com c454f7fbdc Bug 304048 - Backing out patch due to TXUL regression. 2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com 6388381ea1 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu 6159525ebc Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com 74c867f860 Bustage fix 2007-07-11 14:20:11 -07:00
jwalden@mit.edu 12e960c504 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu 2bbf042698 Make security manager API more useful from script. Make more things
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu 7c3bde0a77 Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu 0466d5d890 Make nsPrincipal::Equals compare codebases, not just certs, for certificate
principals.  Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us 0ab7558e7b Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 07:21:53 -07:00
dbaron@dbaron.org cb52af13a3 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
dbaron@dbaron.org 4d961c5c49 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
roc+@cs.cmu.edu 0054412272 Bug 374866. Reftests for text-transform. r=dbaron 2007-03-22 16:01:14 -07:00
jonas%sicking.cc d7ad434701 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 17:35:57 +00:00
gavin%gavinsharp.com b5be6c4f09 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 08:50:51 +00:00
dveditz%cruzio.com afee2a207a tests for bug 292789 -- forgot during checkin 2008-04-13 00:55:45 +00:00
dveditz%cruzio.com c7990fae19 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 21:26:19 +00:00
jonas%sicking.cc 2ec9134081 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-09 00:38:13 +00:00
igor%mir2.org acca7a06be [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 10:34:31 +00:00
igor%mir2.org b7c7e118a6 [bug 424376] backing out - too much compatibility problems. 2008-03-28 22:27:37 +00:00
bzbarsky%mit.edu 8f0b2235c2 Fix bug 421228. r+sr=sicking 2008-03-28 03:46:15 +00:00
igor%mir2.org c819df158f bug=424376 r=brendan a1.9b5=beltzner
Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 10:16:40 +00:00
jst%mozilla.org 8b559ed068 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 16:50:49 +00:00
igor%mir2.org 5ab7e29428 bug=423874 r=brendan a1.9b5=dsicore
Allocating native functions together with JSObject
2008-03-21 08:19:27 +00:00
jst%mozilla.org f2a32b3bb6 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-21 06:01:55 +00:00
jst%mozilla.org 7e76d85044 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-21 04:39:10 +00:00
shaver%mozilla.org 286f2705e5 Bug 246699: report better errors (with stacks) for security denials.
r+sr=jst, a=mconnor.
2008-03-20 08:19:15 +00:00
shaver%mozilla.org 6a50922c3f Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 22:14:52 +00:00
shaver%mozilla.org 8268261420 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for
incoming mochitests.  Also so that the tests listed in securetest.list will
not mock me from beyond the NSCP grave.
2008-03-19 21:26:09 +00:00
jonas%sicking.cc 1d6dc158f9 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu e5ba2cdf44 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 21:14:50 +00:00
gavin%gavinsharp.com f0a5a9b99c Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 14:10:48 +00:00
timeless%mozdev.org 59f4bc43b1 Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string)
r=shaver a=shaver
2008-03-11 17:30:23 +00:00
reed%reedloden.com 20f1ca3d1d Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schr��der [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 11:20:21 +00:00
jonas%sicking.cc 06f693a2bb Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-27 03:45:32 +00:00
myk%mozilla.org dd8660867d backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-27 03:23:38 +00:00
jonas%sicking.cc 44be249fb2 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-27 02:17:52 +00:00
Olli.Pettay%helsinki.fi c1e558bc24 Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 12:40:21 +00:00
reed%reedloden.com 094bb39a01 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 08:59:21 +00:00
jonas%sicking.cc 98d1136fea Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 08:17:47 +00:00