jonas%sicking.cc
98d1136fea
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 08:17:47 +00:00
jst%mozilla.org
aa1e2da76a
Fixing bustage.
2008-01-29 21:11:24 +00:00
jst%mozilla.org
87ad6994c9
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 20:51:01 +00:00
jst%mozilla.org
8e6543da9a
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 17:51:38 +00:00
jst%mozilla.org
660fe310b9
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-17 00:32:26 +00:00
benjamin%smedbergs.us
c6b0868a4c
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 15:51:02 +00:00
dwitte%stanford.edu
2706db7178
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-12 04:30:44 +00:00
dwitte%stanford.edu
b5bc025224
partial backout in an attempt to fix orange.
2008-01-11 10:09:00 +00:00
dwitte%stanford.edu
bec597575a
relanding bug 410250.
2008-01-11 09:13:06 +00:00
dwitte%stanford.edu
7da61a1630
backing out to fix orange.
2008-01-11 04:59:46 +00:00
dwitte%stanford.edu
3ed045961f
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 03:56:02 +00:00
timeless%mozdev.org
bf7ff19b8e
Bug 334306 useless null check in nsDestroyJSPrincipals
...
r=dbaron sr=dveditz a=mtschrep
2008-01-06 14:53:24 +00:00
mrbkap%gmail.com
6ad5c57e2d
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-05 01:32:23 +00:00
jst%mozilla.org
7b4a352e60
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 23:59:12 +00:00
mrbkap%gmail.com
64fe3e4fbc
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 19:06:29 +00:00
jst%mozilla.org
d05eccb938
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 23:02:26 +00:00
philringnalda%gmail.com
603e902e26
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-13 03:23:17 +00:00
tglek%mozilla.com
1962a93e82
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 21:47:11 +00:00
jonas%sicking.cc
fbb4b149f7
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu
71b276e4b9
Make the "href" property of stylesheets reflect the original URI that was
...
reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 21:56:43 +00:00
bzbarsky%mit.edu
14cbe66990
Somewhat reduce the amount of memory an nsPrincipal allocates in the common
...
case. Bug 397733, r+sr+a=jst
2007-09-28 14:31:04 +00:00
bzbarsky%mit.edu
db86f814d9
Make the nsISerializable implementation of nsPrincipal actually work. This
...
makes it possible to save principal objects to a stream and read them back.
Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 22:18:28 +00:00
dveditz%cruzio.com
ded345250e
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 07:02:57 +00:00
bent.mozilla%gmail.com
26316ec800
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-31 00:52:59 +00:00
bent.mozilla%gmail.com
a913a959d2
Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst.
2007-08-29 00:16:21 +00:00
bzbarsky%mit.edu
8b5be0ee10
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-07 02:09:16 +00:00
sdwilsh%shawnwilsher.com
e3db1cf1a7
Bustage fix
2007-07-11 21:20:11 +00:00
jwalden%mit.edu
ef68fcf595
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 07:08:56 +00:00
bzbarsky%mit.edu
00f9002d32
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 15:12:09 +00:00
bzbarsky%mit.edu
31b141921a
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 15:07:02 +00:00
bzbarsky%mit.edu
0cbe0fa718
Make nsPrincipal::Equals compare codebases, not just certs, for certificate
...
principals. Bug 369201, r=dveditz, sr=jst
2007-06-18 15:01:53 +00:00
benjamin%smedbergs.us
3fb4912f5d
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 14:22:04 +00:00
dbaron%dbaron.org
d2a7c1e86a
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 15:35:02 +00:00
dbaron%dbaron.org
a32fb9b241
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 15:33:45 +00:00
bzbarsky%mit.edu
4ebb372bf8
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
ec7b93b809
Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz
2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu
81cfa9db1e
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com
6599170933
Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz
2006-11-22 17:22:40 +00:00
sayrer%gmail.com
abe0665f38
Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz
2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu
5abb54c90b
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
142a417a31
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de
c7c2f947bb
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
e2524af589
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
pkasting%google.com
943d93f1e8
Bug 337223: Don't expose moz-anno protocol to web pages.
...
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu
e4c80b6420
Remove special-casing of about:blank for security purposes; give about:blank
...
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
dveditz%cruzio.com
2c27f29b83
bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking
2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu
714b309562
Fiox the special-casing for about:blank to deal with it now being
...
moz-safe-about:blank as far as the security manager is concerned. Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu
6c8d302694
Allow about: modules to just set a flag to force script execution to be allowed
...
for particular about: URIs, instead of hardcoding checks in the security
manager. Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu
d5968aa228
Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin
2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu
66d9ce92e5
Save the principal in the session history entry so that reloading a data: URL
...
will do the right thing. Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs). Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00