0248aa4dbf
bug 730221 - delegating serialization of script principals to the embedding. r=:luke,:bz
...
Currently to serialize principals stored in JSScript we have a rather complex
schema. First there is the transcode callback that the embedding must provide
to transcode principals using XDR API. Second we use rather complex glue code
to implement that callback in terms of writing/reading nsIObjectOutputStream/
nsIObjectInputStream. This glue code is duplicated in 3 places. All this can
be avoided if we simply delegate transcoding of principals to the caller. In
addition, at least in the case of the cached startup scripts we do not even
need to transcode the principals as the the cached scripts always have the
system principal so we can skip all the transcode complexity there.
The patch implemnts this idea. In particular, the code in JS engine
responsible for transcoding of principals is replaced by the single API
function JS_XDRSetPrincipals that the embedding can use to set principals for
decoded scripts and functions. Then the startup cache uses this to set the
principals for the decoded script to the system principals. The other two
places in nsJSContext::Serialize and XBL_SerializeFunction that need to
serialize principals together with a function or script now uses common
utilities in nsXPConnect so the serialization complexity resides in the single
place.
2012-02-13 14:10:04 +01:00
9ec52439ab
bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz
...
In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
2012-03-09 10:48:50 +01:00
1deb9f1504
Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron
...
Landing on a CLOSED TREE
2011-10-17 10:59:28 -04:00
ac54b41b01
Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones
...
--HG--
rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
2011-09-28 23:19:26 -07:00
5a5ed0ab29
Bug 667915 - Don't let content JS consume all the stack and cause chrome JS to OOM (r=waldo,mrbkap)
2011-06-30 09:26:56 -07:00
de35c222dd
Bug 662000 part 2: Remove XPC_IDISPATCH_SUPPORT from the build-system and XPConnect. r=mrbkap
...
--HG--
extra : rebase_source : c456802fe36eef1e49381be996dbbdf820781206
2011-06-22 11:56:47 -04:00
3546f49e30
Bug 660770 caps should use mozilla::Preferences r=roc+jst
2011-06-20 12:00:16 +09:00
faf3cc5ff1
Fix bug 657267. r=bz
2011-05-19 13:31:54 +02:00
ad475468cd
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
c51e316854
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
2010-06-08 16:43:54 -07:00
6f886e44f9
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst.
...
--HG--
extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 15:55:24 +02:00
3234be224c
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
53bc328e65
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
5ff3e86878
Bug 515437 CSP connection code, r=jst,dveditz sr=jst
2010-01-22 13:38:21 -08:00
7487990809
Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit
2010-01-14 17:19:11 -08:00
76bb0347c3
bug 515433, bug 515437: Content Security Policy (CSP) core
2010-01-13 14:18:24 -08:00
d4fee93d17
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
e743fef6ce
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
8434b97074
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
2009-05-14 15:17:56 -07:00
ea991f3d87
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
41a2954729
Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz
2009-02-26 18:31:17 +01:00
4455c2f606
Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky
2009-02-17 20:32:57 -08:00
c755eee8e7
Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg
2009-01-21 22:55:08 -08:00
03e5a590d8
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 16:16:25 +02:00
4460c617be
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 17:04:34 +02:00
57bfef064c
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 09:16:27 -04:00
2cc3af109a
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-07 00:21:43 +02:00
bb2529b51f
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
b245f0fae8
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
f70c22ca8a
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
739205fc4a
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
585b681349
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
df31fc12aa
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
498741eb4c
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
ce1fde4562
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
f3eb926449
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
b8a6474030
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
a31eb73709
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
69192344bd
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
926abc513f
Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst
2007-09-28 07:31:04 -07:00
1512235b94
Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 15:18:28 -07:00
482ae113d1
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
12e960c504
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
7c3bde0a77
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
0ab7558e7b
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
cb52af13a3
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
4d961c5c49
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
0054412272
Bug 374866. Reftests for text-transform. r=dbaron
2007-03-22 16:01:14 -07:00
d7ad434701
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 17:35:57 +00:00
2ec9134081
Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-09 00:38:13 +00:00
Igor Bukanov
Ehsan Akhgari
Michael Wu
Luke Wagner
Matheus Kerschbaum
Masayuki Nakano
Blake Kaplan
Luke Wagner
Dan Witte
Peter Van der Beken
Sid Stamm
Jonas Sicking
Daniel Veditz
Mook
Dan Mosedale
Daniel Holbert
Arpad Borsos
Ben Newman
jst@mozilla.org
bzbarsky@mit.edu
myk@mozilla.org
benjamin@smedbergs.us
jwalden@mit.edu
dbaron@dbaron.org
roc+@cs.cmu.edu
jonas%sicking.cc