Граф коммитов

77 Коммитов

Автор SHA1 Сообщение Дата
norris%netscape.com 80d944693e Fix 25062 Reload vulnerability
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
norris%netscape.com 131271ae68 Fix bug #25864 watch() vulnerability
r=vidur,rogerl
2000-02-02 00:22:58 +00:00
norris%netscape.com e753eaa792 Files:
caps/include/nsScriptSecurityManager.h
	caps/src/nsScriptSecurityManager.cpp
	modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson

Files:
	dom/src/base/nsGlobalWindow.cpp
	layout/base/src/nsDocument.cpp
	layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.


Files:
	dom/src/jsurl/nsJSProtocolHandler.cpp
	webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth

Files:
	layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
2000-01-23 04:23:14 +00:00
waterson%netscape.com 05e45b0f16 Fix build bustage. 2000-01-18 22:35:27 +00:00
mstoltz%netscape.com 184058eaaf Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 2000-01-18 21:54:01 +00:00
jdunn%netscape.com 157f231d1d Fix base class specifiers, since be default if they aren't specified it is Private
# 23237
r= warren@netscape.com, ftang@netscape.com, jband@netscape.com
2000-01-11 01:45:34 +00:00
norris%netscape.com 18d9ee89da Fix
858  [Feature] JavaScript auto-disable per-domain RFE
    13023 Users must be able to disable Java and JavaScript (for JS in mail)
    21923 Executing functions in "chrome:" protocol - #2.
    r=mstoltz

    (Checked in with red on Mac; Wan-Teh says his changes are localized so
     it shouldn't interfere with his fixing bustage.)
2000-01-08 16:51:54 +00:00
norris%netscape.com 8343c4ead7 Fix 22909 previousSibling vulnerability
r=mstoltz
2000-01-06 00:59:18 +00:00
warren%netscape.com 26c830d785 Fix for leak/bloat stats going negative. a=jar 1999-12-10 04:27:52 +00:00
norris%netscape.com b62c04253e Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.

I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.

Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.

r=joki

There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.

r=jband
1999-11-25 05:28:18 +00:00
norris%netscape.com 1c4dac85f3 Modify generated dom code to use a enum rather than a string for codesize
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
norris%netscape.com 411aade911 * Fix 12124 [DOGFOOD] Reading user's preferences
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
norris%netscape.com 6ba76593b3 * Fix the following bugs by tightening the default security policy.
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org 8535dda53e updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
norris%netscape.com f665b3c482 work on bug 7270.
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
norris%netscape.com d1e37156bd Add ability to disable JS. Fix 13978 shopping at webvan.com crashes 1999-09-17 20:13:52 +00:00
norris%netscape.com bf28666910 Remove nsPrincipalManager.h 1999-09-15 21:30:10 +00:00
norris%netscape.com ae296a06da Add security support for javascript: uris. 1999-09-15 20:58:41 +00:00
norris%netscape.com 1dec7e80f7 Create preferences for security checks.
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
1999-09-15 04:05:43 +00:00
norris%netscape.com 003099e93a Remove unused files. 1999-09-13 20:10:24 +00:00
norris%netscape.com 72e3153d3a * Add checks on urls formed from web scripts
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
1999-09-07 02:54:19 +00:00
briano%netscape.com 85a18579d5 Cleaned it up and eliminated the pointless #!gmake. 1999-09-01 23:27:16 +00:00
norris%netscape.com bff57397e0 Add all-powerful system principals. Remove some dead code from the build. 1999-09-01 00:54:35 +00:00
cyeh%netscape.com cc2825cbe0 Remove IGNORE_MANIFEST=1. It doesn't do anything and it confuses people. 1999-09-01 00:54:34 +00:00
norris%netscape.com 59b4dc8374 * clean up nsScriptSecurityManager
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
1999-08-29 21:58:42 +00:00
mccabe%netscape.com 9e85f164be Spam caps subtree to replace declarations of IDL-defined interface methods in implementation classes with xpidl-generated NS_DECL_NSIFOO macro. 1999-08-21 20:22:27 +00:00
arielb%netscape.com bb8560101c includes updates to codbase matching security checks currently turned off
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.
1999-08-20 09:51:02 +00:00
arielb%netscape.com 01b28e843b removed zip support from caps module. from now on all that stuff will
be used by libjar.  should also remove a lot of memory leaks reported on
nsZip
1999-08-07 21:40:33 +00:00
arielb%netscape.com e2e5785276 Fix to bug 11330 and some changes to reduce warnings in linux builds 1999-08-07 19:59:31 +00:00
arielb%netscape.com 9b8f77f338 added a new and improved factory to caps module. fixed some bugs and
cleared some warnings.  also move some methods of privilege manager to
principal manager.
1999-08-06 22:44:35 +00:00
sspitzer%netscape.com cbcb2ce098 fix warnings 1999-08-05 19:47:10 +00:00
briano%netscape.com 3286f173f3 Added a newline to the EOF to fix the Unix native compiler builds. 1999-08-02 06:33:08 +00:00
arielb%netscape.com 89e7fef930 add a principal manager to caps api. everything is now xpidled so
i removed the public directory from the module.
1999-08-01 21:26:02 +00:00
arielb%netscape.com 944fa42b7b xpidling and updating nsTarget object. should resolve build errors on
SeaMonkey Ports
1999-07-28 05:43:26 +00:00
arielb%netscape.com 561d1d2996 removed some enums and migrated them into nsPrivilege, nsIPrivilege and
nsPrivilegemanager. cleaning up some old code from the security module
and refining their api's and such like.
1999-07-27 00:50:59 +00:00
briano%netscape.com 2fec9de4ed Some compilers also object to #endif's with any non-comment tokens after them. Fixed. 1999-07-26 21:08:51 +00:00
briano%netscape.com 361587c4e9 Added a newline to the end of the file to fix the native-compiler Unix builds (HP-UX, Solaris, etc.). 1999-07-26 21:06:59 +00:00
arielb%netscape.com 81a2551c31 i think i may have broken linux build with a tab at the end of a line in
the makefile, hope this was all for the bustage.
1999-07-24 04:18:22 +00:00
arielb%netscape.com 76ffc06aa5 Fix to the caps security module. I removed the nsPrincipal struct, from now
on you can access principals by their xpcomed interface nsIPrincipal.
1999-07-24 03:58:23 +00:00
arielb%netscape.com 640c0ce3e6 idled principals interfaces and some fixes to caps manager... 1999-07-16 20:31:18 +00:00
norris%netscape.com 7562aefe4a Move several security files into idl. (Create idl directory in caps module.)
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
1999-07-15 23:23:16 +00:00
norris%netscape.com fc9729ccd2 Tom Pixley's code for the beginnings of DOM security, with a fix for the previous Mac link failure. 1999-07-07 07:50:03 +00:00
joki%netscape.com cc8b77b488 Backing out js security changes. 1999-07-01 13:03:35 +00:00
joki%netscape.com 5056a89212 New JavaScript/DOM security stuff. 1999-07-01 10:38:26 +00:00
raman%netscape.com c7011c1b2f Checking in changes from Bob Glickstein 1998-12-15 05:53:19 +00:00
ramiro%netscape.com 2009b728de Add cvsignore entries for makefiles generated bu autoconf. 1998-12-05 09:07:33 +00:00
ramiro%netscape.com 8bd5dd0541 Remove extraneous Makefile files. 1998-12-05 08:19:05 +00:00
raman%netscape.com ab444bb83e Deleted unnecessary nsCCapsManager:: from the prototype 1998-12-01 03:00:42 +00:00
raman%netscape.com 80d1745e65 XP_COM interfaces for JS calls into CAPS 1998-11-23 00:27:00 +00:00
raman%netscape.com fde72259c5 Changes to make caps into a DLL. Defined all strings in this file until there is a replacement for allxpstr.h 1998-11-19 05:22:28 +00:00