bzbarsky%mit.edu
c4ba2c6a58
Fix refcounting bug. Followup to bug 327176; reviews pending.
2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu
a8129ca50f
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
3f58349fa0
Init the system principal singleton when we init the security manager -- no
...
need for lazy init here. Bug 327176, r=mrbkap, sr=dveditz
2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu
59f912e4ad
Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
...
sr=dveditz
2006-04-02 20:58:26 +00:00
darin%meer.net
5521781301
fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron
2006-03-30 18:40:56 +00:00
martijn.martijn%gmail.com
99bb8c1c9e
Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky
2006-03-15 11:03:25 +00:00
bryner%brianryner.com
41e6c02b2f
Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin.
2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu
3ebe726715
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
timeless%mozdev.org
a279d689e5
Bug 106386 Correct misspellings in source code
...
r=bernd rs=brendan
2006-02-23 09:36:43 +00:00
bzbarsky%mit.edu
2c5f1c1bd7
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
f29ba2b9fb
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
2eeb07467d
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu
54eb4ccaac
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
f9eb6120f3
Fix debug code to assert the right thing. r=timeless
2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu
38041b1d43
Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver
2006-02-07 22:24:47 +00:00
cbiesinger%web.de
a898e666b8
bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones
...
r+sr=darin
2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com
af27bd0d3c
Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu
2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com
7a5af690c6
Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org
2005-11-28 23:56:44 +00:00
timeless%mozdev.org
b78d0c2416
Bug 106386 Correct misspellings in source code
...
patch by unknown@simplemachines.org r=timeless rs=brendan
2005-11-25 08:16:51 +00:00
brettw%gmail.com
ce7fc555c4
Bug 316077, r=annie.sullivan, sr=darin
...
Protocol handler allowing access to binary annotations.
2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu
d295c6f94f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
cbiesinger%web.de
d73e12f724
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
1e91350bb2
Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
...
changes, sr=jst
2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com
4a47acf0d7
Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu
1a0d80f303
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
mrbkap%gmail.com
c42f37d29f
bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan
2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu
c740f18df2
Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz
2005-09-30 03:30:40 +00:00
dbaron%dbaron.org
820af0c053
Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky
2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu
b4e2732aae
Remove the security.checkloaduri preference. Please to be using the
...
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.
Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
dougt%meer.net
32258b61c3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
peterv%propagandism.org
3acef9f8a4
Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan.
2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com
218fea648d
bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver
2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com
602cc10bb6
Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz
2005-08-17 16:55:00 +00:00
timeless%mozdev.org
e8b3a71658
Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
...
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
timeless%mozdev.org
8b7146f6a5
Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
...
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
timeless%mozdev.org
f1615dd0f0
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
113a48816f
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
dc27182f65
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
timeless%mozdev.org
741e9f0d95
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
6115ede7b5
Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa
2005-07-14 17:46:55 +00:00
brendan%mozilla.org
ce97f202bd
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
timeless%mozdev.org
52a3cd7b1d
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com
5b1fc5f58e
bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay
2005-06-16 08:28:50 +00:00
jst%mozilla.jstenback.com
48772b9d27
Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org
2005-06-09 01:11:21 +00:00
timeless%mozdev.org
3ce206754c
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
dougt%meer.net
05339dd922
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
4e57a19e15
Fix bug 293671. r=caillon sr=dveditz a=asa
2005-05-12 18:26:41 +00:00
dbaron%dbaron.org
879c58672c
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
brendan%mozilla.org
77b38278e4
Fix comment from last night to match today's code.
2005-05-04 18:58:24 +00:00
brendan%mozilla.org
ed1074859d
Undo gist of last change for now, it breaks too much even though it's safer.
2005-05-04 16:19:31 +00:00