jst%mozilla.jstenback.com
8b6dc1c3ca
Fixing bug 233307. deCOMtaminating nsIScript* and related interfaces. r+sr=bryner@brianryner.com.
2004-02-09 22:48:53 +00:00
bsmedberg%covad.net
1f4ab81acd
Continuing to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 13:37:00 +00:00
bsmedberg%covad.net
f0bfff2628
Beginning to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 01:22:31 +00:00
neil%parkwaycc.co.uk
fc16739ba6
Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz
2003-12-19 21:51:37 +00:00
pkw%us.ibm.com
05f05aab8b
Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp
...
r=caillon@aillon.org , sr=brendan@mozilla.org , a=brendan@mozilla.org
2003-12-15 18:16:09 +00:00
caillon%returnzero.com
6a60ef1444
227079 - Mozilla asks for security privileges where it shouldn't
...
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron
2003-12-04 02:14:07 +00:00
brendan%mozilla.org
4be366b3cf
Fix missing cx param problem (223041, r=caillon, sr=dbaron).
2003-11-03 04:26:55 +00:00
dbaron%dbaron.org
d4816af9c5
Work around bustage. Temporary fix. b=223041
2003-11-02 02:31:53 +00:00
caillon%returnzero.com
ea10d2257a
Permit content to link to about:logo
...
Bug 223293; r=timeless sr=jst
2003-10-30 01:35:09 +00:00
caillon%returnzero.com
de3d3fbf61
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
brendan%mozilla.org
ecb57316da
Better version of last change, thanks to caillon for reminding me.
2003-09-28 04:55:50 +00:00
brendan%mozilla.org
4ff074c02b
Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz).
2003-09-28 04:44:33 +00:00
brendan%mozilla.org
08f08cbf57
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
caillon%returnzero.com
ced129793a
about:about
...
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net
2003-09-13 19:35:59 +00:00
bryner%brianryner.com
9a8592b10f
Fix build on gcc 3.4 by removing extra semicolons (bug 218551). r/sr=dbaron, a=brendan.
2003-09-07 21:37:51 +00:00
caillon%returnzero.com
c11c6acb17
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com
acf063492f
Bug 216234
...
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org
2003-08-20 00:40:13 +00:00
cls%seawood.org
c08e99a287
Set MODULE in makefiles at the top of a heirarchy so that module-deps lists are more precise and builds will have the proper order if some subdirs contain other modules.
2003-08-16 00:42:35 +00:00
caillon%returnzero.com
e1a8e55d17
Bug 214949
...
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com
2003-08-10 02:26:11 +00:00
brendan%mozilla.org
f6be8fe74f
Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron).
2003-08-05 20:09:21 +00:00
caillon%returnzero.com
9bd3d843a8
Adding comments, per bzbarsky. bug 214050.
2003-07-29 19:03:00 +00:00
caillon%returnzero.com
fb75e2bf14
Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050.
2003-07-29 09:07:43 +00:00
caillon%returnzero.com
8d0409de47
Bug 214050
...
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
2003-07-29 05:28:00 +00:00
caillon%returnzero.com
0080f7ac51
Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536.
...
r=timeless,sr=bzbarsky on IRC.
2003-07-27 07:00:25 +00:00
caillon%returnzero.com
4f29a47803
213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue]
...
r+sr+caillonIsStupid=bzbarsky@mit.edu
2003-07-27 04:08:48 +00:00
caillon%returnzero.com
a519b5abbd
Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability.
...
r+sr=bzbarsky@mit.edu
2003-07-25 19:23:17 +00:00
mkaply%us.ibm.com
1ac925aeee
Ports bustage - remove NS_COM per bsmedberg
2003-07-24 18:58:30 +00:00
caillon%returnzero.com
9c22160a4b
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
seawood%netscape.com
f542eb1b3e
Removing extra ^M. Fixing Irix cc bustage
2003-06-28 05:15:41 +00:00
jst%netscape.com
48968be6c1
Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com
2003-06-27 03:10:49 +00:00
timeless%mozdev.org
f14981a7f1
Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).
...
bustage (const char*)
sr=jst
2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
13f4af7d21
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
jst%netscape.com
2e8edec781
Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com
2003-06-24 21:43:01 +00:00
caillon%returnzero.com
fe0731d91e
Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded.
...
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
2003-06-18 23:48:57 +00:00
harishd%netscape.com
5d5585b629
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
seawood%netscape.com
8f112a4226
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00
seawood%netscape.com
6934dc37a9
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 20:12:33 +00:00
dougt%meer.net
f438318e22
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:56:38 +00:00
dougt%meer.net
0b32036f70
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:51:34 +00:00
timeless%mozdev.org
7fa1ade332
Bug 207328 @mozilla.org/scriptsecuritymanager;1 isn't registering itself correctly as an app-startup observer service
...
r=mstoltz sr=alecf
2003-05-29 04:27:03 +00:00
mstoltz%netscape.com
db8cb8d68f
Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki.
2003-05-28 23:22:36 +00:00
dwitte%stanford.edu
149f719c00
bug 100649: Length() being used where IsEmpty() is meant
...
treewide changes to convert incorrect usages of string.Length() to string.IsEmpty().
thanks to afatecha@idea.com.py (Ariel Fatecha) for the patch. r=dwitte, sr=jst.
got the ok from Asa to land into a closed tree.
2003-05-23 21:34:47 +00:00
dbradley%netscape.com
187ba83ad9
bug 205538 - Use hyphens instead of underscores in caps prefs for CID's. r=adamlock, sr=alecf, a=asa
2003-05-20 14:19:05 +00:00
jst%netscape.com
fd39a78a78
Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org
2003-05-12 22:23:52 +00:00
brendan%mozilla.org
0e2973f59e
Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa).
2003-05-09 00:40:50 +00:00
dbradley%netscape.com
2e9e7217c2
Another dummy change to cause beast to rebuild caps
2003-04-30 09:19:50 +00:00
mkaply%us.ibm.com
6a95217659
IRIX bustage
2003-04-23 04:28:41 +00:00
mstoltz%netscape.com
fcf841a105
Bug 180749 - when remembering granted privileges for file://pages, grant privilege for that page only, not the whole local file system. r=jst, sr=heikki.
2003-04-23 00:21:02 +00:00
jst%netscape.com
981b45ec02
Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org
2003-04-17 20:21:00 +00:00
bzbarsky%mit.edu
f94684efd7
Removing stray windows newline that causes build warning... No reviews, sorry.
2003-04-08 20:26:41 +00:00