jonas%sicking.cc
d7ad434701
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 17:35:57 +00:00
gavin%gavinsharp.com
b5be6c4f09
Rework test for bug 292789 to try and fix the timeout on qm-centos5-01
2008-04-14 08:50:51 +00:00
dveditz%cruzio.com
afee2a207a
tests for bug 292789 -- forgot during checkin
2008-04-13 00:55:45 +00:00
dveditz%cruzio.com
c7990fae19
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 21:26:19 +00:00
jonas%sicking.cc
2ec9134081
Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-09 00:38:13 +00:00
igor%mir2.org
acca7a06be
[bug 423874] backing out as a simpler patch would do the job with less code.
2008-03-29 10:34:31 +00:00
igor%mir2.org
b7c7e118a6
[bug 424376] backing out - too much compatibility problems.
2008-03-28 22:27:37 +00:00
bzbarsky%mit.edu
8f0b2235c2
Fix bug 421228. r+sr=sicking
2008-03-28 03:46:15 +00:00
igor%mir2.org
c819df158f
bug=424376 r=brendan a1.9b5=beltzner
...
Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 10:16:40 +00:00
jst%mozilla.org
8b559ed068
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 16:50:49 +00:00
igor%mir2.org
5ab7e29428
bug=423874 r=brendan a1.9b5=dsicore
...
Allocating native functions together with JSObject
2008-03-21 08:19:27 +00:00
jst%mozilla.org
f2a32b3bb6
Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu
2008-03-21 06:01:55 +00:00
jst%mozilla.org
7e76d85044
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-21 04:39:10 +00:00
shaver%mozilla.org
286f2705e5
Bug 246699: report better errors (with stacks) for security denials.
...
r+sr=jst, a=mconnor.
2008-03-20 08:19:15 +00:00
shaver%mozilla.org
6a50922c3f
Test for bug 423379 (content can load chrome and/or resource), r/sr=jst.
2008-03-19 22:14:52 +00:00
shaver%mozilla.org
8268261420
(NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for
...
incoming mochitests. Also so that the tests listed in securetest.list will
not mock me from beyond the NSCP grave.
2008-03-19 21:26:09 +00:00
jonas%sicking.cc
1d6dc158f9
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu
e5ba2cdf44
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the
...
checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 21:14:50 +00:00
gavin%gavinsharp.com
f0a5a9b99c
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 14:10:48 +00:00
timeless%mozdev.org
59f4bc43b1
Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string)
...
r=shaver a=shaver
2008-03-11 17:30:23 +00:00
reed%reedloden.com
20f1ca3d1d
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schr��der [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 11:20:21 +00:00
jonas%sicking.cc
06f693a2bb
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-27 03:45:32 +00:00
myk%mozilla.org
dd8660867d
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-27 03:23:38 +00:00
jonas%sicking.cc
44be249fb2
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-27 02:17:52 +00:00
Olli.Pettay%helsinki.fi
c1e558bc24
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 12:40:21 +00:00
reed%reedloden.com
094bb39a01
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 08:59:21 +00:00
jonas%sicking.cc
98d1136fea
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 08:17:47 +00:00
jst%mozilla.org
aa1e2da76a
Fixing bustage.
2008-01-29 21:11:24 +00:00
jst%mozilla.org
87ad6994c9
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 20:51:01 +00:00
jst%mozilla.org
8e6543da9a
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 17:51:38 +00:00
jst%mozilla.org
660fe310b9
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-17 00:32:26 +00:00
benjamin%smedbergs.us
c6b0868a4c
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 15:51:02 +00:00
dwitte%stanford.edu
2706db7178
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-12 04:30:44 +00:00
dwitte%stanford.edu
b5bc025224
partial backout in an attempt to fix orange.
2008-01-11 10:09:00 +00:00
dwitte%stanford.edu
bec597575a
relanding bug 410250.
2008-01-11 09:13:06 +00:00
dwitte%stanford.edu
7da61a1630
backing out to fix orange.
2008-01-11 04:59:46 +00:00
dwitte%stanford.edu
3ed045961f
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 03:56:02 +00:00
timeless%mozdev.org
bf7ff19b8e
Bug 334306 useless null check in nsDestroyJSPrincipals
...
r=dbaron sr=dveditz a=mtschrep
2008-01-06 14:53:24 +00:00
mrbkap%gmail.com
6ad5c57e2d
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-05 01:32:23 +00:00
jst%mozilla.org
7b4a352e60
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 23:59:12 +00:00
mrbkap%gmail.com
64fe3e4fbc
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 19:06:29 +00:00
jst%mozilla.org
d05eccb938
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 23:02:26 +00:00
philringnalda%gmail.com
603e902e26
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-13 03:23:17 +00:00
tglek%mozilla.com
1962a93e82
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 21:47:11 +00:00
jonas%sicking.cc
fbb4b149f7
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu
71b276e4b9
Make the "href" property of stylesheets reflect the original URI that was
...
reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 21:56:43 +00:00
bzbarsky%mit.edu
14cbe66990
Somewhat reduce the amount of memory an nsPrincipal allocates in the common
...
case. Bug 397733, r+sr+a=jst
2007-09-28 14:31:04 +00:00
bzbarsky%mit.edu
db86f814d9
Make the nsISerializable implementation of nsPrincipal actually work. This
...
makes it possible to save principal objects to a stream and read them back.
Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 22:18:28 +00:00
dveditz%cruzio.com
ded345250e
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 07:02:57 +00:00
bent.mozilla%gmail.com
26316ec800
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-31 00:52:59 +00:00