bzbarsky%mit.edu
25f194de58
Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst
2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu
422320e643
Create our URIs by hand (since we have our own scheme), instead of going
...
through the ioService. Also fixes some threadsafety stuff. Bug 337513,
r=dveditz, sr=darin.
2006-05-11 16:06:35 +00:00
cbiesinger%web.de
1fe4516c9f
bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and
...
associated code. These options do not really work anymore.
r=bsmedberg
2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu
c85e631ff2
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
90953ff01a
Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst
2006-05-04 02:29:46 +00:00
darin%meer.net
e7a84f6ea9
fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin
2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu
fca88cd9e1
Add an interface for nested URIs (like jar:, view-source:, etc) to implement
...
and use it in various places. Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:). Bug 334407, r=biesi,dveditz, sr=darin
2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu
0488da364f
Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz
2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu
1a4e0664f9
Check rv before looking at port. Bug 334210, r+sr+branch181=jst
2006-04-17 23:19:44 +00:00
bzbarsky%mit.edu
c129f55b78
Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin
2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu
c4ba2c6a58
Fix refcounting bug. Followup to bug 327176; reviews pending.
2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu
a8129ca50f
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
3f58349fa0
Init the system principal singleton when we init the security manager -- no
...
need for lazy init here. Bug 327176, r=mrbkap, sr=dveditz
2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu
59f912e4ad
Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
...
sr=dveditz
2006-04-02 20:58:26 +00:00
darin%meer.net
5521781301
fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron
2006-03-30 18:40:56 +00:00
martijn.martijn%gmail.com
99bb8c1c9e
Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky
2006-03-15 11:03:25 +00:00
bryner%brianryner.com
41e6c02b2f
Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin.
2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu
3ebe726715
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
timeless%mozdev.org
a279d689e5
Bug 106386 Correct misspellings in source code
...
r=bernd rs=brendan
2006-02-23 09:36:43 +00:00
bzbarsky%mit.edu
2c5f1c1bd7
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
f29ba2b9fb
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
2eeb07467d
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu
54eb4ccaac
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
f9eb6120f3
Fix debug code to assert the right thing. r=timeless
2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu
38041b1d43
Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver
2006-02-07 22:24:47 +00:00
cbiesinger%web.de
a898e666b8
bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones
...
r+sr=darin
2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com
af27bd0d3c
Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu
2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com
7a5af690c6
Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org
2005-11-28 23:56:44 +00:00
timeless%mozdev.org
b78d0c2416
Bug 106386 Correct misspellings in source code
...
patch by unknown@simplemachines.org r=timeless rs=brendan
2005-11-25 08:16:51 +00:00
brettw%gmail.com
ce7fc555c4
Bug 316077, r=annie.sullivan, sr=darin
...
Protocol handler allowing access to binary annotations.
2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu
d295c6f94f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
cbiesinger%web.de
d73e12f724
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
1e91350bb2
Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
...
changes, sr=jst
2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com
4a47acf0d7
Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu
1a0d80f303
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
mrbkap%gmail.com
c42f37d29f
bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan
2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu
c740f18df2
Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz
2005-09-30 03:30:40 +00:00
dbaron%dbaron.org
820af0c053
Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky
2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu
b4e2732aae
Remove the security.checkloaduri preference. Please to be using the
...
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.
Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
dougt%meer.net
32258b61c3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
peterv%propagandism.org
3acef9f8a4
Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan.
2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com
218fea648d
bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver
2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com
602cc10bb6
Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz
2005-08-17 16:55:00 +00:00
timeless%mozdev.org
e8b3a71658
Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
...
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
timeless%mozdev.org
8b7146f6a5
Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
...
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
timeless%mozdev.org
f1615dd0f0
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
113a48816f
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
dc27182f65
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
timeless%mozdev.org
741e9f0d95
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
6115ede7b5
Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa
2005-07-14 17:46:55 +00:00