jst@mozilla.org
6d7a04555f
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 15:59:12 -08:00
jonas@sicking.cc
ebee2dc0d9
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu
2bbf042698
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
roc+@cs.cmu.edu
0054412272
Bug 374866. Reftests for text-transform. r=dbaron
2007-03-22 16:01:14 -07:00
jonas%sicking.cc
d7ad434701
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 17:35:57 +00:00
jonas%sicking.cc
2ec9134081
Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-09 00:38:13 +00:00
jonas%sicking.cc
1d6dc158f9
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu
e5ba2cdf44
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the
...
checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 21:14:50 +00:00
reed%reedloden.com
20f1ca3d1d
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schr��der [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 11:20:21 +00:00
jonas%sicking.cc
06f693a2bb
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-27 03:45:32 +00:00
myk%mozilla.org
dd8660867d
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-27 03:23:38 +00:00
jonas%sicking.cc
44be249fb2
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-27 02:17:52 +00:00
jst%mozilla.org
7b4a352e60
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 23:59:12 +00:00
jonas%sicking.cc
fbb4b149f7
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu
00f9002d32
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 15:12:09 +00:00
bzbarsky%mit.edu
4ebb372bf8
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
81cfa9db1e
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
bzbarsky%mit.edu
5abb54c90b
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
142a417a31
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de
c7c2f947bb
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
e2524af589
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
bzbarsky%mit.edu
a8129ca50f
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
2c5f1c1bd7
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
f29ba2b9fb
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
2eeb07467d
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
dougt%meer.net
32258b61c3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
timeless%mozdev.org
f1615dd0f0
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
dc27182f65
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
brendan%mozilla.org
ce97f202bd
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
dougt%meer.net
05339dd922
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
879c58672c
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
jshin%mailaps.org
8b6abc1d30
bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin
2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
8d004584b6
Add a version of CheckLoadURI that takes a source principal instead of a source
...
URI. Update a bunch of callers to use it. Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
gerv%gerv.net
692411203a
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
neil%parkwaycc.co.uk
fc16739ba6
Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz
2003-12-19 21:51:37 +00:00
brendan%mozilla.org
4be366b3cf
Fix missing cx param problem (223041, r=caillon, sr=dbaron).
2003-11-03 04:26:55 +00:00
caillon%returnzero.com
de3d3fbf61
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
brendan%mozilla.org
08f08cbf57
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
caillon%returnzero.com
c11c6acb17
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com
9c22160a4b
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
mstoltz%netscape.com
13f4af7d21
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
harishd%netscape.com
5d5585b629
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
seawood%netscape.com
8f112a4226
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00
dougt%meer.net
f438318e22
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:56:38 +00:00
dougt%meer.net
0b32036f70
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:51:34 +00:00
caillon%returnzero.com
b443430dc8
184257 - Updating pref callers. r=timeless sr=bzbarsky
2003-01-08 08:40:41 +00:00
seawood%netscape.com
4588fb970a
Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
...
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
mstoltz%netscape.com
291b95491f
Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
...
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
seawood%netscape.com
8ae6c40f5d
Removing old nmake build makefiles. Bug #158528 r=pavlov
2002-08-10 07:55:43 +00:00
sicking%bigfoot.com
b2160d158c
Use principals instead of URIs for same-origin checks.
...
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00