mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
299 720 коммитов 40 Ветки 136 Теги 1,1 GiB
Граф коммитов

976 Коммитов

Автор SHA1 Сообщение Дата
Dave Townsend ca9fcef56b Backed out changeset 461d728271d1 2009-05-19 13:51:18 +01:00
Arpad Borsos 996e06a4de Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron 2009-05-07 17:15:26 +02:00
Blake Kaplan 8434b97074 Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst 2009-05-14 15:17:56 -07:00
Blake Kaplan ea991f3d87 Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky 2009-05-13 15:01:01 -07:00
L. David Baron bd3965a189 Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer 2009-05-06 13:46:04 -07:00
Blake Kaplan 4cf6c7e06d Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky 2009-04-23 00:21:22 -07:00
Mook 41a2954729 Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz 2009-02-26 18:31:17 +01:00
Dan Mosedale 4455c2f606 Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky 2009-02-17 20:32:57 -08:00
Daniel Holbert c755eee8e7 Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg 2009-01-21 22:55:08 -08:00
timeless@mozdev.org 3945a87217 Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal 
r=mrbkap sr=dveditz
 2009-01-07 20:42:15 -08:00
timeless@mozdev.org 52befe11f9 Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz 2009-01-01 15:45:23 -08:00
Phil Ringnalda 064f4c312e Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz 2009-01-01 15:45:23 -08:00
Tyler Downer 5e37f4a34d Bug 471146 - remove old CAPS readme (already on devmo); r=brendan 2009-01-01 14:56:44 +01:00
Boris Zbarsky a1423a6cb2 Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking 2008-11-25 20:50:04 -05:00
Phil Ringnalda 5ac69655c0 Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg 2008-11-03 19:46:28 -08:00
Blake Kaplan 2a70d25292 Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky 2008-10-22 13:15:22 -07:00
Ben Newman 51166f0670 Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky 2008-10-16 10:56:51 -04:00
Igor Bukanov 03e5a590d8 Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap 2008-10-14 16:16:25 +02:00
Arpad Borsos 4460c617be Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan 2008-10-10 17:04:34 +02:00
Blake Kaplan c7b33da903 Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky 2008-10-08 15:05:25 -07:00
Ben Newman 57bfef064c Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky 2008-10-08 09:16:27 -04:00
David Bienvenu 45b2f90a31 bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose 2008-09-21 15:21:07 -07:00
David Bienvenu 7d671703d7 temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943 2008-09-20 08:14:14 -07:00
Arpad Borsos 2cc3af109a Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla) 2008-09-07 00:21:43 +02:00
Ben Turner 7ce8e92dd3 Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst. 2008-09-05 16:26:04 -07:00
Ben Turner 1769bcd5cb Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap. 2008-09-04 15:52:20 -07:00
Jason Orendorff 1d1eeba8b2 Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst) 2008-08-30 18:58:36 -05:00
Shawn Wilsher 89e7a45e7a Bug 452486 - Create components when we actually have a profile 
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
 2008-08-29 16:40:05 -04:00
Honza Bambas bfba5f3a4f Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-27 18:15:32 -07:00
Shawn Wilsher da4a22bc6f Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction) 
This changeset creates a threadsafe uri object for the null principal to use.
 2008-08-27 18:11:02 -04:00
Dave Camp a66645593d Backed out changeset 1e3d4775197a (bug 442812) 2008-08-19 22:52:05 -07:00
Honza Bambas 8bcb74a0dc Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-19 19:31:08 -07:00
Boris Zbarsky 29358ba272 Bug 434522 follow-up bustage fix. 2008-07-28 23:37:58 -07:00
Boris Zbarsky e4b0ef9232 Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking 2008-07-28 23:10:05 -07:00
Boris Zbarsky f240a67b8b Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst 2008-07-28 23:03:19 -07:00
jonas@sicking.cc bb2529b51f Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com 248bcdd278 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 01:50:51 -07:00
dveditz@cruzio.com 447fc8ce13 tests for bug 292789 -- forgot during checkin 2008-04-12 17:55:45 -07:00
dveditz@cruzio.com 36727be489 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 14:26:19 -07:00
jonas@sicking.cc b245f0fae8 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
igor@mir2.org e52789403a [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 03:34:29 -07:00
igor@mir2.org a76bfc82c0 [bug 424376] backing out - too much compatibility problems. 2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu 65811eb5e4 Fix bug 421228. r+sr=sicking 2008-03-27 20:46:15 -07:00
igor@mir2.org 07f1893244 bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API. 2008-03-23 03:16:40 -07:00
jst@mozilla.org f70c22ca8a Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 09:50:47 -07:00
igor@mir2.org 01d0387418 bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject 2008-03-21 01:19:23 -07:00
jst@mozilla.org 6d3a0d05b3 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-20 23:01:55 -07:00
jst@mozilla.org 739205fc4a Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-20 21:39:08 -07:00
shaver@mozilla.org 4a1af49d46 Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor. 2008-03-20 01:19:15 -07:00
shaver@mozilla.org 1c8789bdbf Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 15:14:51 -07:00
shaver@mozilla.org 16f84858f6 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave. 2008-03-19 14:26:09 -07:00
jonas@sicking.cc 585b681349 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu df31fc12aa Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com 43c5ec54b7 Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 07:10:48 -07:00
timeless@mozdev.org 696c60aeae Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver 2008-03-11 10:30:23 -07:00
reed@reedloden.com 03bd4aa789 Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc 498741eb4c Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org ce1fde4562 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc f3eb926449 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi ef5fceaa12 Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 04:40:18 -08:00
reed@reedloden.com de0fd36632 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 00:59:20 -08:00
jonas@sicking.cc 641b42bbcf Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 00:16:54 -08:00
jst@mozilla.org 73b6de93fa Fixing bustage. 2008-01-29 13:11:24 -08:00
jst@mozilla.org b8a6474030 Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
jst@mozilla.org 0a1e95b8b6 Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 09:51:38 -08:00
jst@mozilla.org dd9c7f529c Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us a31eb73709 Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
dwitte@stanford.edu ae0034832c thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 20:30:42 -08:00
dwitte@stanford.edu 6ba4acd13f partial backout in an attempt to fix orange. 2008-01-11 02:08:58 -08:00
dwitte@stanford.edu 18cd35ef9d relanding bug 410250. 2008-01-11 01:13:04 -08:00
dwitte@stanford.edu d1d1599403 backing out to fix orange. 2008-01-10 20:59:44 -08:00
dwitte@stanford.edu 3aff67fa2b thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-10 19:56:00 -08:00
timeless@mozdev.org 6558516560 Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep 2008-01-06 06:53:24 -08:00
mrbkap@gmail.com b46234fd91 Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-04 17:32:23 -08:00
jst@mozilla.org 6d7a04555f Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
mrbkap@gmail.com cb4075c49b XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 11:06:29 -08:00
jst@mozilla.org 69192344bd Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
philringnalda@gmail.com 59d7e63624 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-12 19:23:17 -08:00
tglek@mozilla.com 8a32454ea9 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 13:47:11 -08:00
jonas@sicking.cc ebee2dc0d9 bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu a892964caa Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore 2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu 926abc513f Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst 2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu 1512235b94 Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst 2007-09-17 15:18:28 -07:00
dveditz@cruzio.com 482ae113d1 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com c454f7fbdc Bug 304048 - Backing out patch due to TXUL regression. 2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com 6388381ea1 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu 6159525ebc Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com 74c867f860 Bustage fix 2007-07-11 14:20:11 -07:00
jwalden@mit.edu 12e960c504 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu 2bbf042698 Make security manager API more useful from script. Make more things 
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
 2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu 7c3bde0a77 Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu 0466d5d890 Make nsPrincipal::Equals compare codebases, not just certs, for certificate 
principals.  Bug 369201, r=dveditz, sr=jst
 2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us 0ab7558e7b Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 07:21:53 -07:00
dbaron@dbaron.org cb52af13a3 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
dbaron@dbaron.org 4d961c5c49 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
roc+@cs.cmu.edu 0054412272 Bug 374866. Reftests for text-transform. r=dbaron 2007-03-22 16:01:14 -07:00
jonas%sicking.cc d7ad434701 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 17:35:57 +00:00
gavin%gavinsharp.com b5be6c4f09 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 08:50:51 +00:00
dveditz%cruzio.com afee2a207a tests for bug 292789 -- forgot during checkin 2008-04-13 00:55:45 +00:00
dveditz%cruzio.com c7990fae19 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 21:26:19 +00:00
jonas%sicking.cc 2ec9134081 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-09 00:38:13 +00:00
igor%mir2.org acca7a06be [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 10:34:31 +00:00
igor%mir2.org b7c7e118a6 [bug 424376] backing out - too much compatibility problems. 2008-03-28 22:27:37 +00:00
bzbarsky%mit.edu 8f0b2235c2 Fix bug 421228. r+sr=sicking 2008-03-28 03:46:15 +00:00
igor%mir2.org c819df158f bug=424376 r=brendan a1.9b5=beltzner 
Compile-time function objects are no longer exposed through SpiderMonkey API.
 2008-03-23 10:16:40 +00:00
jst%mozilla.org 8b559ed068 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 16:50:49 +00:00
igor%mir2.org 5ab7e29428 bug=423874 r=brendan a1.9b5=dsicore 
Allocating native functions together with JSObject
 2008-03-21 08:19:27 +00:00
jst%mozilla.org f2a32b3bb6 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-21 06:01:55 +00:00
jst%mozilla.org 7e76d85044 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-21 04:39:10 +00:00
shaver%mozilla.org 286f2705e5 Bug 246699: report better errors (with stacks) for security denials. 
r+sr=jst, a=mconnor.
 2008-03-20 08:19:15 +00:00
shaver%mozilla.org 6a50922c3f Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 22:14:52 +00:00
shaver%mozilla.org 8268261420 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for 
incoming mochitests.  Also so that the tests listed in securetest.list will
not mock me from beyond the NSCP grave.
 2008-03-19 21:26:09 +00:00
jonas%sicking.cc 1d6dc158f9 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu e5ba2cdf44 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the 
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst
 2008-03-18 21:14:50 +00:00
gavin%gavinsharp.com f0a5a9b99c Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 14:10:48 +00:00
timeless%mozdev.org 59f4bc43b1 Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) 
r=shaver a=shaver
 2008-03-11 17:30:23 +00:00
reed%reedloden.com 20f1ca3d1d Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schr��der [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 11:20:21 +00:00
jonas%sicking.cc 06f693a2bb Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-27 03:45:32 +00:00
myk%mozilla.org dd8660867d backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-27 03:23:38 +00:00
jonas%sicking.cc 44be249fb2 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-27 02:17:52 +00:00
Olli.Pettay%helsinki.fi c1e558bc24 Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 12:40:21 +00:00
reed%reedloden.com 094bb39a01 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 08:59:21 +00:00
jonas%sicking.cc 98d1136fea Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 08:17:47 +00:00
jst%mozilla.org aa1e2da76a Fixing bustage. 2008-01-29 21:11:24 +00:00
jst%mozilla.org 87ad6994c9 Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 20:51:01 +00:00
jst%mozilla.org 8e6543da9a Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 17:51:38 +00:00
jst%mozilla.org 660fe310b9 Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-17 00:32:26 +00:00
benjamin%smedbergs.us c6b0868a4c Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 15:51:02 +00:00
dwitte%stanford.edu 2706db7178 thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-12 04:30:44 +00:00
dwitte%stanford.edu b5bc025224 partial backout in an attempt to fix orange. 2008-01-11 10:09:00 +00:00
dwitte%stanford.edu bec597575a relanding bug 410250. 2008-01-11 09:13:06 +00:00
dwitte%stanford.edu 7da61a1630 backing out to fix orange. 2008-01-11 04:59:46 +00:00
dwitte%stanford.edu 3ed045961f thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 03:56:02 +00:00
timeless%mozdev.org bf7ff19b8e Bug 334306 useless null check in nsDestroyJSPrincipals 
r=dbaron sr=dveditz a=mtschrep
 2008-01-06 14:53:24 +00:00
mrbkap%gmail.com 6ad5c57e2d Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-05 01:32:23 +00:00
jst%mozilla.org 7b4a352e60 Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 23:59:12 +00:00
mrbkap%gmail.com 64fe3e4fbc XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 19:06:29 +00:00
jst%mozilla.org d05eccb938 Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 23:02:26 +00:00
philringnalda%gmail.com 603e902e26 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-13 03:23:17 +00:00
tglek%mozilla.com 1962a93e82 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 21:47:11 +00:00
jonas%sicking.cc fbb4b149f7 bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu 71b276e4b9 Make the "href" property of stylesheets reflect the original URI that was 
reflected to load the sheet.  Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
 2007-10-23 21:56:43 +00:00
bzbarsky%mit.edu 14cbe66990 Somewhat reduce the amount of memory an nsPrincipal allocates in the common 
case.  Bug 397733, r+sr+a=jst
 2007-09-28 14:31:04 +00:00
bzbarsky%mit.edu db86f814d9 Make the nsISerializable implementation of nsPrincipal actually work. This 
makes it possible to save principal objects to a stream and read them back.
Bug 369566, r=dveditz+brendan, sr=jst, a=jst
 2007-09-17 22:18:28 +00:00
dveditz%cruzio.com ded345250e bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 07:02:57 +00:00
bent.mozilla%gmail.com 26316ec800 Bug 304048 - Backing out patch due to TXUL regression. 2007-08-31 00:52:59 +00:00
bent.mozilla%gmail.com a913a959d2 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-29 00:16:21 +00:00
bzbarsky%mit.edu 8b5be0ee10 Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-07 02:09:16 +00:00
sdwilsh%shawnwilsher.com e3db1cf1a7 Bustage fix 2007-07-11 21:20:11 +00:00
jwalden%mit.edu ef68fcf595 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 07:08:56 +00:00
bzbarsky%mit.edu 00f9002d32 Make security manager API more useful from script. Make more things 
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
 2007-06-18 15:12:09 +00:00
bzbarsky%mit.edu 31b141921a Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 15:07:02 +00:00
bzbarsky%mit.edu 0cbe0fa718 Make nsPrincipal::Equals compare codebases, not just certs, for certificate 
principals.  Bug 369201, r=dveditz, sr=jst
 2007-06-18 15:01:53 +00:00
benjamin%smedbergs.us 3fb4912f5d Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 14:22:04 +00:00
dbaron%dbaron.org d2a7c1e86a Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 15:35:02 +00:00
dbaron%dbaron.org a32fb9b241 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 15:33:45 +00:00
bzbarsky%mit.edu 4ebb372bf8 When getting codebase principals, install the passed-in codebase on them even 
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
 2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu ec7b93b809 Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz 2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu 81cfa9db1e Make the redirect check get principals the same way we get them elsewhere. 
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
 2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com 6599170933 Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz 2006-11-22 17:22:40 +00:00
sayrer%gmail.com abe0665f38 Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz 2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu 5abb54c90b Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu 142a417a31 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
 2006-11-10 23:49:08 +00:00
cbiesinger%web.de c7c2f947bb Bug 351876 Move nsICryptoHash into necko 
r=darin
 2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu e2524af589 Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
pkasting%google.com 943d93f1e8 Bug 337223: Don't expose moz-anno protocol to web pages. 
Patch by brettw
r=jst
sr=bzbarsky
 2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu e4c80b6420 Remove special-casing of about:blank for security purposes; give about:blank 
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
 2006-08-15 17:31:16 +00:00
dveditz%cruzio.com 2c27f29b83 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking 2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu 714b309562 Fiox the special-casing for about:blank to deal with it now being 
moz-safe-about:blank as far as the security manager is concerned.  Bug 342108,
r=darin, sr=jst
 2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu 6c8d302694 Allow about: modules to just set a flag to force script execution to be allowed 
for particular about: URIs, instead of hardcoding checks in the security
manager.  Bug 341313, r=darin, sr=jst
 2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu d5968aa228 Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin 2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu 66d9ce92e5 Save the principal in the session history entry so that reloading a data: URL 
will do the right thing.  Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs).  Bug
337260, r=dveditz, sr=jst
 2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu 64681af28a Move the safe vs unsafe about: distinction out of the security manager and into 
nsIAboutModule implementations.  Bug 337746, r=dveditz, sr=darin
 2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au d5ad1dc2b9 Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan. 2006-06-13 03:07:47 +00:00
mrbkap%gmail.com 43895f48e7 Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan 2006-06-12 22:39:55 +00:00
igor%mir2.org 271c305869 Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan 2006-05-22 22:58:31 +00:00
bzbarsky%mit.edu 25f194de58 Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu 422320e643 Create our URIs by hand (since we have our own scheme), instead of going 
through the ioService.  Also fixes some threadsafety stuff.  Bug 337513,
r=dveditz, sr=darin.
 2006-05-11 16:06:35 +00:00
cbiesinger%web.de 1fe4516c9f bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and 
associated code. These options do not really work anymore.

r=bsmedberg
 2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu c85e631ff2 Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst
 2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu 90953ff01a Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst 2006-05-04 02:29:46 +00:00
darin%meer.net e7a84f6ea9 fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin 2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu fca88cd9e1 Add an interface for nested URIs (like jar:, view-source:, etc) to implement 
and use it in various places.  Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:).  Bug 334407, r=biesi,dveditz, sr=darin
 2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu 0488da364f Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz 2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu 1a4e0664f9 Check rv before looking at port. Bug 334210, r+sr+branch181=jst 2006-04-17 23:19:44 +00:00
bzbarsky%mit.edu c129f55b78 Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin 2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu c4ba2c6a58 Fix refcounting bug. Followup to bug 327176; reviews pending. 2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu a8129ca50f Followup to bug 326506 -- this comment got lost somehow. 2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu 3f58349fa0 Init the system principal singleton when we init the security manager -- no 
need for lazy init here.  Bug 327176, r=mrbkap, sr=dveditz
 2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu 59f912e4ad Create a powerless non-principal and start using it. Bug 326506, r=mrbkap, 
sr=dveditz
 2006-04-02 20:58:26 +00:00
darin%meer.net 5521781301 fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron 2006-03-30 18:40:56 +00:00
martijn.martijn%gmail.com 99bb8c1c9e Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky 2006-03-15 11:03:25 +00:00
bryner%brianryner.com 41e6c02b2f Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin. 2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu 3ebe726715 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan
 2006-02-24 04:38:46 +00:00
timeless%mozdev.org a279d689e5 Bug 106386 Correct misspellings in source code 
r=bernd rs=brendan
 2006-02-23 09:36:43 +00:00
bzbarsky%mit.edu 2c5f1c1bd7 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz
 2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu f29ba2b9fb Backing out since tree is closed. 2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu 2eeb07467d Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz
 2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu 54eb4ccaac Remove dead code. Bug 327171, r=mrbkap, sr=shaver 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu f9eb6120f3 Fix debug code to assert the right thing. r=timeless 2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu 38041b1d43 Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver 2006-02-07 22:24:47 +00:00
cbiesinger%web.de a898e666b8 bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones 
r+sr=darin
 2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com af27bd0d3c Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu 2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com 7a5af690c6 Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org 2005-11-28 23:56:44 +00:00
timeless%mozdev.org b78d0c2416 Bug 106386 Correct misspellings in source code 
patch by unknown@simplemachines.org r=timeless rs=brendan
 2005-11-25 08:16:51 +00:00
brettw%gmail.com ce7fc555c4 Bug 316077, r=annie.sullivan, sr=darin 
Protocol handler allowing access to binary annotations.
 2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu d295c6f94f Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de d73e12f724 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz
 2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu 1e91350bb2 Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet 
changes, sr=jst
 2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com 4a47acf0d7 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu 1a0d80f303 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst
 2005-10-20 23:49:59 +00:00
mrbkap%gmail.com c42f37d29f bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan 2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu c740f18df2 Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz 2005-09-30 03:30:40 +00:00
dbaron%dbaron.org 820af0c053 Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky 2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu b4e2732aae Remove the security.checkloaduri preference. Please to be using the 
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.

Bug 307382, r=caillon, sr=dveditz
 2005-09-09 18:43:45 +00:00
dougt%meer.net 32258b61c3 Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 2005-08-26 06:46:21 +00:00
peterv%propagandism.org 3acef9f8a4 Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan. 2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com 218fea648d bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver 2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com 602cc10bb6 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz 2005-08-17 16:55:00 +00:00
timeless%mozdev.org e8b3a71658 Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER 
r=caillon sr=dveditz
 2005-08-17 07:40:39 +00:00
timeless%mozdev.org 8b7146f6a5 Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG 
r=dveditz sr=dveditz
 2005-08-12 23:13:46 +00:00
timeless%mozdev.org f1615dd0f0 Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree 
r=caillon sr=dveditz
 2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu 113a48816f Comment-only fixes I forgot to make. Bug 240661. 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu dc27182f65 Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org 741e9f0d95 Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
 2005-07-19 21:55:36 +00:00
bsmedberg%covad.net 6115ede7b5 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 2005-07-14 17:46:55 +00:00
brendan%mozilla.org ce97f202bd Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 2005-07-08 23:26:36 +00:00
timeless%mozdev.org 52a3cd7b1d Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
 2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com 5b1fc5f58e bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 2005-06-16 08:28:50 +00:00
jst%mozilla.jstenback.com 48772b9d27 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 2005-06-09 01:11:21 +00:00
timeless%mozdev.org 3ce206754c Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
 2005-06-07 21:57:56 +00:00
dougt%meer.net 05339dd922 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org 4e57a19e15 Fix bug 293671. r=caillon sr=dveditz a=asa 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org 879c58672c Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 2005-05-12 18:20:07 +00:00
brendan%mozilla.org 77b38278e4 Fix comment from last night to match today's code. 2005-05-04 18:58:24 +00:00
brendan%mozilla.org ed1074859d Undo gist of last change for now, it breaks too much even though it's safer. 2005-05-04 16:19:31 +00:00
brendan%mozilla.org 403f448dbc Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu e975ac1396 Fix crashes when privilegeManager methods are called by setting our our param 
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
 2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu 60512d7421 Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org dbac83a323 Revert kludge, want a general fix. 2005-04-07 19:48:57 +00:00
brendan%mozilla.org 57b68eabe5 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 2005-04-07 02:22:24 +00:00
timeless%mozdev.org 7d90dca46d Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong 
r=dveditz sr=dveditz
 2005-03-29 03:12:12 +00:00
bryner%brianryner.com a821ecc6cf Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl c2d3232365 bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net 4b68fa447a Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu 610d170988 Remove special-casing so non-chrome-principal pages, even with chrome: uris, 
can have script disabled as needed.  Bug 280120, r=peterv, sr=neil
 2005-02-22 21:18:31 +00:00
cbiesinger%web.de d630a9a4c1 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz
 2005-02-06 12:39:31 +00:00
jshin%mailaps.org 8b6abc1d30 bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu a62cb9f6fd Add about:license and about:licence and make about: link to them. Bug 256945, 
r=gerv, sr=darin
 2005-01-23 21:02:36 +00:00
bsmedberg%covad.net 7ccf6e4965 Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees. 2004-12-09 19:28:35 +00:00