80d944693e
Fix 25062 Reload vulnerability
...
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
184058eaaf
Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda
2000-01-18 21:54:01 +00:00
6ba76593b3
* Fix the following bugs by tightening the default security policy.
...
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com
* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
8535dda53e
updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org
1999-11-06 03:43:54 +00:00
bff57397e0
Add all-powerful system principals. Remove some dead code from the build.
1999-09-01 00:54:35 +00:00
59b4dc8374
* clean up nsScriptSecurityManager
...
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
1999-08-29 21:58:42 +00:00
bb8560101c
includes updates to codbase matching security checks currently turned off
...
but in place. redefined the script security manager in caps and it is
now generating codebase principals.
1999-08-20 09:51:02 +00:00
9b8f77f338
added a new and improved factory to caps module. fixed some bugs and
...
cleared some warnings. also move some methods of privilege manager to
principal manager.
1999-08-06 22:44:35 +00:00
89e7fef930
add a principal manager to caps api. everything is now xpidled so
...
i removed the public directory from the module.
1999-08-01 21:26:02 +00:00
d99daeea9b
Cleaned it up and changed the name of libreg.{a,so} to libmozreg.{a,so} to fix the conflict reported in bug 8568.
1999-07-27 23:27:44 +00:00
76ffc06aa5
Fix to the caps security module. I removed the nsPrincipal struct, from now
...
on you can access principals by their xpcomed interface nsIPrincipal.
1999-07-24 03:58:23 +00:00
640c0ce3e6
idled principals interfaces and some fixes to caps manager...
1999-07-16 20:31:18 +00:00
7562aefe4a
Move several security files into idl. (Create idl directory in caps module.)
...
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
1999-07-15 23:23:16 +00:00
norris%netscape.com
mstoltz%netscape.com
dmose%mozilla.org
arielb%netscape.com
briano%netscape.com