b62c04253e
Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes
...
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.
I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.
Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.
r=joki
There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.
r=jband
1999-11-25 05:28:18 +00:00
1c4dac85f3
Modify generated dom code to use a enum rather than a string for codesize
...
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
411aade911
* Fix 12124 [DOGFOOD] Reading user's preferences
...
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
762bf296d0
Fix 18634 [CRASH] mozilla -installer crashes
...
r=sspitzer@netscape.com , a=sspitzer@netscape.com
1999-11-12 18:59:03 +00:00
432a97d5d2
Fix bug 18640.
...
r=akhil.arora@sun.com
1999-11-12 04:33:17 +00:00
dcbe376c1a
Restore original changes with bustage fixes.
1999-11-12 03:07:37 +00:00
c5cefe5037
Remove call that the compilers can't figure out.
...
Appears that perhaps the IDL compiler isn't getting called on nsIPref.idl in time.
1999-11-11 23:25:59 +00:00
a0c91af28c
Fix build bustage.
...
My build on Linux worked; don't understand why the Tinderbox build is different.
1999-11-11 23:07:14 +00:00
12c81d1cc9
added files: mozilla/caps/src/nsBasePrincipal.cpp
1999-11-11 22:11:03 +00:00
6ba76593b3
* Fix the following bugs by tightening the default security policy.
...
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com
* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
8535dda53e
updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org
1999-11-06 03:43:54 +00:00
c9198a207c
Changed NS_ENSURE_NOT to NS_ENSURE_FALSE to reflect API change. r=hyatt
1999-11-01 21:43:56 +00:00
f665b3c482
work on bug 7270.
...
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
00dfd9d907
Added nsIChannel::GetOriginalURI so that we can get back to the original chrome file (bug#17144). r=rpotts,mscott
1999-10-26 09:16:24 +00:00
14e0615db7
Use NS_GET_IID, remove dead code, clean up error conditions for XPConnect security calls.
...
r=jband
1999-10-25 22:22:16 +00:00
ce4a270d99
Fixes for bug #16789 ; permit OpenDialog to work on hidden window even if document load has not completed yet; r=norris@netscape.com, r=danm@netscape.com
1999-10-20 01:25:41 +00:00
dbdfd70767
Remove references to unsupported JVM_ calls. Needed for bug 16577.
...
r=shaver
1999-10-19 21:45:29 +00:00
04f396f3d6
Fix a Unix warning by removing an unused local variable
1999-10-14 23:49:36 +00:00
34fd57f168
Work on 15824 bad refcounting in nsCodebasePrincipal
...
Attempt to discover problem with additional assertions
reviewed by mstoltz@netscape.com
1999-10-12 22:52:49 +00:00
edbf131410
Fix part of 5403 Services improperly released: Use NS_WITH_SERVICE
...
reviewed by mstoltz@netscape.com
1999-10-12 22:51:54 +00:00
b0dcc883f8
Cleanup moz-decl-counter usage and fix NS_LOG_ADDREF usage
1999-10-08 20:41:19 +00:00
7a6ad2b541
Fix 15618 [CRASH] JS assertion on table regression test
...
Reviewed by rogerl@netscape.com .
1999-10-06 21:12:21 +00:00
9c950a3a20
Fix 15458 "onLoadHandler does not work"
...
Reviewed by mstoltz.
1999-10-05 04:08:14 +00:00
ce673a63e9
Bug 15367. Dump 'class' instead of 'file/line' for NS_LOG_REFCNT. r=shaver,dp
1999-10-05 00:07:54 +00:00
b547c2ffb0
changed from directly using "MSL DropInRuntime.Lib" to using "NSComponentStartup.o" to enable GC leak detector. r=smfr
1999-10-03 20:46:23 +00:00
0019d9304b
Fix problem with nsSecurityManagerFactory conversion to be a nsIModule. Patch from peterl@netscape.com. Review: me.
1999-10-02 20:19:23 +00:00
4716f71efd
Temporarily turning off the changes to nsSecurityManagerFactory to make it a nsIModule due to problem at startup.
1999-10-02 19:24:05 +00:00
3c14af2f14
Fix the following bugs:
...
14443 "Same origin" security policy may be circumvented using docu
14820 Fixing up the relationship between nsCodeBasePrincipal and n
14919 Crash in JS MM code
Reviewed by mstoltz, approved by scc.
1999-10-02 03:41:37 +00:00
dc46519283
Bug # 14034: Convert to nsIModule to prepare for memory leak fixing. Review: dp@netscape.com
1999-10-02 00:48:02 +00:00
41e3079295
Bug 14877 -- lib/xp removal; removed unneeded files. r sdagley, a chofmann.
1999-09-26 00:41:31 +00:00
b29a765f15
Bug #14815 --> fix some ref counting problems between nsJSPrincipal and nsCodebasePrincipal. nsCodeBasePrinciapl
...
was always getting leaked. And since it held onto the document's nsIURI, our uri's were getting leaked to.
r=brendan,a=chofmann.
1999-09-24 06:18:55 +00:00
d1e37156bd
Add ability to disable JS. Fix 13978 shopping at webvan.com crashes
1999-09-17 20:13:52 +00:00
bf28666910
Remove nsPrincipalManager.h
1999-09-15 21:30:10 +00:00
ae296a06da
Add security support for javascript: uris.
1999-09-15 20:58:41 +00:00
1dec7e80f7
Create preferences for security checks.
...
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
1999-09-15 04:05:43 +00:00
e6ff44e253
Fix arielb warnings.
1999-09-13 23:23:54 +00:00
003099e93a
Remove unused files.
1999-09-13 20:10:24 +00:00
1d0cf70fcc
General cleanup.
1999-09-10 08:53:30 +00:00
405714abb2
Makefile.in: remove unused file
...
nsScriptSecurityManager.cpp: Fix CheckURI problems (but still disabled)
nsSecurityManagerFactory.cpp: Make registration string match convention
1999-09-09 13:47:16 +00:00
b59a9de48a
caps doesn't need libxp anymore
1999-09-09 06:29:32 +00:00
606b7205e2
Temporarily disabled CheckURI so the Manage Bookmarks dialog and other windows work again. Norris will fix the window.open problem later.
1999-09-08 04:25:14 +00:00
523b1f94b1
disable XPConnect security check, perhaps related to test failure. Getting reports of failures on Mac at least.
1999-09-07 22:29:56 +00:00
328b2bad86
Fix build breakage: full #include needed.
1999-09-07 21:26:56 +00:00
d5c6824781
Fix bug 13253.
...
Enable restrictions on use of Components array from web JavaScript.
1999-09-07 20:40:20 +00:00
72e3153d3a
* Add checks on urls formed from web scripts
...
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
1999-09-07 02:54:19 +00:00
155cff4164
quell assignment-as-boolean warning
1999-09-05 05:28:28 +00:00
b0fd5297f5
Use nsAllocator not new[] for char* data.
1999-09-03 14:15:03 +00:00
85a18579d5
Cleaned it up and eliminated the pointless #!gmake.
1999-09-01 23:27:16 +00:00
fc9f5c90d0
added files: mozilla/caps/idl/nsICodebasePrincipal.idl, mozilla/caps/idl/nsICertificatePrincipal.idl, removed files: mozilla/caps/idl/nsIPrivilege.idl, mozilla/caps/idl/nsICapsSecurityCallbacks.idl, mozilla/caps/idl/nsITarget.idl, mozilla/caps/idl/nsICapsManager.idl, mozilla/caps/idl/nsIPrincipalArray.idl, mozilla/caps/idl/nsIPrincipalManager.idl, mozilla/caps/idl/nsIPrivilegeManager.idl
1999-09-01 02:03:02 +00:00
55f8f2713b
Make it build on unix
1999-09-01 01:50:01 +00:00
norris%netscape.com
dmose%mozilla.org
tbogard%aol.net
warren%netscape.com
law%netscape.com
kipp%netscape.com
waterson%netscape.com
beard%netscape.com
rjc%netscape.com
sfraser%netscape.com
mscott%netscape.com
briano%netscape.com
alecf%netscape.com
don%netscape.com
shaver%netscape.com
bruce%cybersight.com