dwitte@stanford.edu
d1d1599403
backing out to fix orange.
2008-01-10 20:59:44 -08:00
dwitte@stanford.edu
3aff67fa2b
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-10 19:56:00 -08:00
timeless@mozdev.org
6558516560
Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep
2008-01-06 06:53:24 -08:00
mrbkap@gmail.com
b46234fd91
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-04 17:32:23 -08:00
jst@mozilla.org
6d7a04555f
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 15:59:12 -08:00
mrbkap@gmail.com
cb4075c49b
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 11:06:29 -08:00
jst@mozilla.org
69192344bd
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
philringnalda@gmail.com
59d7e63624
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-12 19:23:17 -08:00
tglek@mozilla.com
8a32454ea9
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 13:47:11 -08:00
jonas@sicking.cc
ebee2dc0d9
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu
a892964caa
Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu
926abc513f
Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst
2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu
1512235b94
Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 15:18:28 -07:00
dveditz@cruzio.com
482ae113d1
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com
c454f7fbdc
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com
6388381ea1
Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst.
2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu
6159525ebc
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com
74c867f860
Bustage fix
2007-07-11 14:20:11 -07:00
jwalden@mit.edu
12e960c504
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu
2bbf042698
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu
7c3bde0a77
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu
0466d5d890
Make nsPrincipal::Equals compare codebases, not just certs, for certificate
...
principals. Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us
0ab7558e7b
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
dbaron@dbaron.org
cb52af13a3
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
dbaron@dbaron.org
4d961c5c49
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
roc+@cs.cmu.edu
0054412272
Bug 374866. Reftests for text-transform. r=dbaron
2007-03-22 16:01:14 -07:00
jonas%sicking.cc
d7ad434701
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 17:35:57 +00:00
gavin%gavinsharp.com
b5be6c4f09
Rework test for bug 292789 to try and fix the timeout on qm-centos5-01
2008-04-14 08:50:51 +00:00
dveditz%cruzio.com
afee2a207a
tests for bug 292789 -- forgot during checkin
2008-04-13 00:55:45 +00:00
dveditz%cruzio.com
c7990fae19
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 21:26:19 +00:00
jonas%sicking.cc
2ec9134081
Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-09 00:38:13 +00:00
igor%mir2.org
acca7a06be
[bug 423874] backing out as a simpler patch would do the job with less code.
2008-03-29 10:34:31 +00:00
igor%mir2.org
b7c7e118a6
[bug 424376] backing out - too much compatibility problems.
2008-03-28 22:27:37 +00:00
bzbarsky%mit.edu
8f0b2235c2
Fix bug 421228. r+sr=sicking
2008-03-28 03:46:15 +00:00
igor%mir2.org
c819df158f
bug=424376 r=brendan a1.9b5=beltzner
...
Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 10:16:40 +00:00
jst%mozilla.org
8b559ed068
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 16:50:49 +00:00
igor%mir2.org
5ab7e29428
bug=423874 r=brendan a1.9b5=dsicore
...
Allocating native functions together with JSObject
2008-03-21 08:19:27 +00:00
jst%mozilla.org
f2a32b3bb6
Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu
2008-03-21 06:01:55 +00:00
jst%mozilla.org
7e76d85044
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-21 04:39:10 +00:00
shaver%mozilla.org
286f2705e5
Bug 246699: report better errors (with stacks) for security denials.
...
r+sr=jst, a=mconnor.
2008-03-20 08:19:15 +00:00
shaver%mozilla.org
6a50922c3f
Test for bug 423379 (content can load chrome and/or resource), r/sr=jst.
2008-03-19 22:14:52 +00:00
shaver%mozilla.org
8268261420
(NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for
...
incoming mochitests. Also so that the tests listed in securetest.list will
not mock me from beyond the NSCP grave.
2008-03-19 21:26:09 +00:00
jonas%sicking.cc
1d6dc158f9
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu
e5ba2cdf44
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the
...
checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 21:14:50 +00:00
gavin%gavinsharp.com
f0a5a9b99c
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 14:10:48 +00:00
timeless%mozdev.org
59f4bc43b1
Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string)
...
r=shaver a=shaver
2008-03-11 17:30:23 +00:00
reed%reedloden.com
20f1ca3d1d
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schr��der [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 11:20:21 +00:00
jonas%sicking.cc
06f693a2bb
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-27 03:45:32 +00:00
myk%mozilla.org
dd8660867d
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-27 03:23:38 +00:00
jonas%sicking.cc
44be249fb2
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-27 02:17:52 +00:00
Olli.Pettay%helsinki.fi
c1e558bc24
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 12:40:21 +00:00
reed%reedloden.com
094bb39a01
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 08:59:21 +00:00
jonas%sicking.cc
98d1136fea
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 08:17:47 +00:00
jst%mozilla.org
aa1e2da76a
Fixing bustage.
2008-01-29 21:11:24 +00:00
jst%mozilla.org
87ad6994c9
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 20:51:01 +00:00
jst%mozilla.org
8e6543da9a
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 17:51:38 +00:00
jst%mozilla.org
660fe310b9
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-17 00:32:26 +00:00
benjamin%smedbergs.us
c6b0868a4c
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 15:51:02 +00:00
dwitte%stanford.edu
2706db7178
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-12 04:30:44 +00:00
dwitte%stanford.edu
b5bc025224
partial backout in an attempt to fix orange.
2008-01-11 10:09:00 +00:00
dwitte%stanford.edu
bec597575a
relanding bug 410250.
2008-01-11 09:13:06 +00:00
dwitte%stanford.edu
7da61a1630
backing out to fix orange.
2008-01-11 04:59:46 +00:00
dwitte%stanford.edu
3ed045961f
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 03:56:02 +00:00
timeless%mozdev.org
bf7ff19b8e
Bug 334306 useless null check in nsDestroyJSPrincipals
...
r=dbaron sr=dveditz a=mtschrep
2008-01-06 14:53:24 +00:00
mrbkap%gmail.com
6ad5c57e2d
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-05 01:32:23 +00:00
jst%mozilla.org
7b4a352e60
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 23:59:12 +00:00
mrbkap%gmail.com
64fe3e4fbc
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 19:06:29 +00:00
jst%mozilla.org
d05eccb938
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 23:02:26 +00:00
philringnalda%gmail.com
603e902e26
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-13 03:23:17 +00:00
tglek%mozilla.com
1962a93e82
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 21:47:11 +00:00
jonas%sicking.cc
fbb4b149f7
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu
71b276e4b9
Make the "href" property of stylesheets reflect the original URI that was
...
reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 21:56:43 +00:00
bzbarsky%mit.edu
14cbe66990
Somewhat reduce the amount of memory an nsPrincipal allocates in the common
...
case. Bug 397733, r+sr+a=jst
2007-09-28 14:31:04 +00:00
bzbarsky%mit.edu
db86f814d9
Make the nsISerializable implementation of nsPrincipal actually work. This
...
makes it possible to save principal objects to a stream and read them back.
Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 22:18:28 +00:00
dveditz%cruzio.com
ded345250e
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 07:02:57 +00:00
bent.mozilla%gmail.com
26316ec800
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-31 00:52:59 +00:00
bent.mozilla%gmail.com
a913a959d2
Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst.
2007-08-29 00:16:21 +00:00
bzbarsky%mit.edu
8b5be0ee10
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-07 02:09:16 +00:00
sdwilsh%shawnwilsher.com
e3db1cf1a7
Bustage fix
2007-07-11 21:20:11 +00:00
jwalden%mit.edu
ef68fcf595
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 07:08:56 +00:00
bzbarsky%mit.edu
00f9002d32
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 15:12:09 +00:00
bzbarsky%mit.edu
31b141921a
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 15:07:02 +00:00
bzbarsky%mit.edu
0cbe0fa718
Make nsPrincipal::Equals compare codebases, not just certs, for certificate
...
principals. Bug 369201, r=dveditz, sr=jst
2007-06-18 15:01:53 +00:00
benjamin%smedbergs.us
3fb4912f5d
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 14:22:04 +00:00
dbaron%dbaron.org
d2a7c1e86a
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 15:35:02 +00:00
dbaron%dbaron.org
a32fb9b241
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 15:33:45 +00:00
bzbarsky%mit.edu
4ebb372bf8
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
ec7b93b809
Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz
2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu
81cfa9db1e
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com
6599170933
Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz
2006-11-22 17:22:40 +00:00
sayrer%gmail.com
abe0665f38
Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz
2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu
5abb54c90b
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
142a417a31
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de
c7c2f947bb
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
e2524af589
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
pkasting%google.com
943d93f1e8
Bug 337223: Don't expose moz-anno protocol to web pages.
...
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu
e4c80b6420
Remove special-casing of about:blank for security purposes; give about:blank
...
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
dveditz%cruzio.com
2c27f29b83
bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking
2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu
714b309562
Fiox the special-casing for about:blank to deal with it now being
...
moz-safe-about:blank as far as the security manager is concerned. Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu
6c8d302694
Allow about: modules to just set a flag to force script execution to be allowed
...
for particular about: URIs, instead of hardcoding checks in the security
manager. Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu
d5968aa228
Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin
2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu
66d9ce92e5
Save the principal in the session history entry so that reloading a data: URL
...
will do the right thing. Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs). Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu
64681af28a
Move the safe vs unsafe about: distinction out of the security manager and into
...
nsIAboutModule implementations. Bug 337746, r=dveditz, sr=darin
2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au
d5ad1dc2b9
Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan.
2006-06-13 03:07:47 +00:00
mrbkap%gmail.com
43895f48e7
Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan
2006-06-12 22:39:55 +00:00
igor%mir2.org
271c305869
Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan
2006-05-22 22:58:31 +00:00
bzbarsky%mit.edu
25f194de58
Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst
2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu
422320e643
Create our URIs by hand (since we have our own scheme), instead of going
...
through the ioService. Also fixes some threadsafety stuff. Bug 337513,
r=dveditz, sr=darin.
2006-05-11 16:06:35 +00:00
cbiesinger%web.de
1fe4516c9f
bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and
...
associated code. These options do not really work anymore.
r=bsmedberg
2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu
c85e631ff2
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
90953ff01a
Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst
2006-05-04 02:29:46 +00:00
darin%meer.net
e7a84f6ea9
fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin
2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu
fca88cd9e1
Add an interface for nested URIs (like jar:, view-source:, etc) to implement
...
and use it in various places. Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:). Bug 334407, r=biesi,dveditz, sr=darin
2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu
0488da364f
Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz
2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu
1a4e0664f9
Check rv before looking at port. Bug 334210, r+sr+branch181=jst
2006-04-17 23:19:44 +00:00
bzbarsky%mit.edu
c129f55b78
Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin
2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu
c4ba2c6a58
Fix refcounting bug. Followup to bug 327176; reviews pending.
2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu
a8129ca50f
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
3f58349fa0
Init the system principal singleton when we init the security manager -- no
...
need for lazy init here. Bug 327176, r=mrbkap, sr=dveditz
2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu
59f912e4ad
Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
...
sr=dveditz
2006-04-02 20:58:26 +00:00
darin%meer.net
5521781301
fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron
2006-03-30 18:40:56 +00:00
martijn.martijn%gmail.com
99bb8c1c9e
Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky
2006-03-15 11:03:25 +00:00
bryner%brianryner.com
41e6c02b2f
Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin.
2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu
3ebe726715
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
timeless%mozdev.org
a279d689e5
Bug 106386 Correct misspellings in source code
...
r=bernd rs=brendan
2006-02-23 09:36:43 +00:00
bzbarsky%mit.edu
2c5f1c1bd7
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
f29ba2b9fb
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
2eeb07467d
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu
54eb4ccaac
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
f9eb6120f3
Fix debug code to assert the right thing. r=timeless
2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu
38041b1d43
Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver
2006-02-07 22:24:47 +00:00
cbiesinger%web.de
a898e666b8
bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones
...
r+sr=darin
2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com
af27bd0d3c
Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu
2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com
7a5af690c6
Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org
2005-11-28 23:56:44 +00:00
timeless%mozdev.org
b78d0c2416
Bug 106386 Correct misspellings in source code
...
patch by unknown@simplemachines.org r=timeless rs=brendan
2005-11-25 08:16:51 +00:00
brettw%gmail.com
ce7fc555c4
Bug 316077, r=annie.sullivan, sr=darin
...
Protocol handler allowing access to binary annotations.
2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu
d295c6f94f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
cbiesinger%web.de
d73e12f724
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
1e91350bb2
Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
...
changes, sr=jst
2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com
4a47acf0d7
Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu
1a0d80f303
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
mrbkap%gmail.com
c42f37d29f
bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan
2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu
c740f18df2
Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz
2005-09-30 03:30:40 +00:00
dbaron%dbaron.org
820af0c053
Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky
2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu
b4e2732aae
Remove the security.checkloaduri preference. Please to be using the
...
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.
Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
dougt%meer.net
32258b61c3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
peterv%propagandism.org
3acef9f8a4
Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan.
2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com
218fea648d
bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver
2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com
602cc10bb6
Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz
2005-08-17 16:55:00 +00:00
timeless%mozdev.org
e8b3a71658
Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
...
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
timeless%mozdev.org
8b7146f6a5
Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
...
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
timeless%mozdev.org
f1615dd0f0
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
113a48816f
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
dc27182f65
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
timeless%mozdev.org
741e9f0d95
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
6115ede7b5
Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa
2005-07-14 17:46:55 +00:00
brendan%mozilla.org
ce97f202bd
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
timeless%mozdev.org
52a3cd7b1d
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com
5b1fc5f58e
bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay
2005-06-16 08:28:50 +00:00
jst%mozilla.jstenback.com
48772b9d27
Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org
2005-06-09 01:11:21 +00:00
timeless%mozdev.org
3ce206754c
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
dougt%meer.net
05339dd922
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
4e57a19e15
Fix bug 293671. r=caillon sr=dveditz a=asa
2005-05-12 18:26:41 +00:00
dbaron%dbaron.org
879c58672c
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
brendan%mozilla.org
77b38278e4
Fix comment from last night to match today's code.
2005-05-04 18:58:24 +00:00
brendan%mozilla.org
ed1074859d
Undo gist of last change for now, it breaks too much even though it's safer.
2005-05-04 16:19:31 +00:00
brendan%mozilla.org
403f448dbc
Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).
2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
e975ac1396
Fix crashes when privilegeManager methods are called by setting our our param
...
on success return. Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu
60512d7421
Do less addrefing of principals in the script security manager. Bug 289643,
...
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
brendan%mozilla.org
dbac83a323
Revert kludge, want a general fix.
2005-04-07 19:48:57 +00:00
brendan%mozilla.org
57b68eabe5
Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).
2005-04-07 02:22:24 +00:00
timeless%mozdev.org
7d90dca46d
Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong
...
r=dveditz sr=dveditz
2005-03-29 03:12:12 +00:00
bryner%brianryner.com
a821ecc6cf
Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin.
2005-03-10 00:39:28 +00:00
gandalf%firefox.pl
c2d3232365
bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move
2005-03-08 17:21:36 +00:00
bsmedberg%covad.net
4b68fa447a
Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector)
2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu
610d170988
Remove special-casing so non-chrome-principal pages, even with chrome: uris,
...
can have script disabled as needed. Bug 280120, r=peterv, sr=neil
2005-02-22 21:18:31 +00:00
cbiesinger%web.de
d630a9a4c1
Bug 269661 make libpref not depend on caps
...
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
jshin%mailaps.org
8b6abc1d30
bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin
2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
a62cb9f6fd
Add about:license and about:licence and make about: link to them. Bug 256945,
...
r=gerv, sr=darin
2005-01-23 21:02:36 +00:00
bsmedberg%covad.net
7ccf6e4965
Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees.
2004-12-09 19:28:35 +00:00
timeless%mozdev.org
fa557e3163
Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla
...
r=caillon sr=dveditz
2004-11-05 16:54:09 +00:00
timeless%mozdev.org
99c0e2558a
Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator]
...
r=dveditz sr=jst
2004-11-05 15:25:04 +00:00
bzbarsky%mit.edu
d004534edd
Make it possible to disable checkloaduri on a per-site basis instead of
...
disabling it globally. Bug 233108, r=caillon, sr=jst
2004-11-03 15:45:52 +00:00
jst%mozilla.jstenback.com
7b88bf8fee
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:53:35 +00:00
jst%mozilla.jstenback.com
760bc66b0b
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:34:58 +00:00
dveditz%cruzio.com
f48be131d2
Improve enablePrivilege confirmation dialog text and presentation, sanity-check
...
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00
cbiesinger%web.de
7dac6939fd
removing myself from DEBUG_CAPS_HACKER list
2004-07-10 19:38:28 +00:00
roc+%cs.cmu.edu
52092297fe
Bug 226439. Convert codebase to use AppendLiteral/AssignLiteral/LowerCaseEqualsLiteral. r+sr=darin
2004-06-17 00:13:25 +00:00
cbiesinger%web.de
5fef88f764
fix DEBUG_CAPS_HACKER bustage due to bug 240106
...
r=caillon sr=darin
2004-06-16 15:58:22 +00:00
dveditz%cruzio.com
1f3e1038f3
bug 162020 option to delay enabling confirmation buttons r=mkaply,sr=sspitzer
2004-06-05 09:26:01 +00:00
mkaply%us.ibm.com
18d9c2feaa
#239580
...
r=danm, sr=dveditz
Extend ConfirmEx to allow setting the default button - change default button for script security to no
2004-05-24 13:33:51 +00:00
roc+%cs.cmu.edu
b8ecbc84da
Bug 226439. Convert Seamonkey to EqualsLiteral. rs=darin
2004-05-22 22:15:22 +00:00
bzbarsky%mit.edu
8d004584b6
Add a version of CheckLoadURI that takes a source principal instead of a source
...
URI. Update a bunch of callers to use it. Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
bryner%brianryner.com
4f8b5bf9d4
deCOMtaminate nsIScriptObjectPrincipal (bug 240745). This also fixes some code in nsCrypto.cpp that sems to have been mis-braced (I don't think it was working as intended). r+sr=jst.
2004-04-18 00:28:47 +00:00
gerv%gerv.net
692411203a
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
cbiesinger%web.de
6330e24449
Bug 235504 Remove nsCString::EqualsWithConversion(const char*)
...
r=darin sr=dbaron
2004-04-14 20:09:30 +00:00
jst%mozilla.jstenback.com
2e147004eb
Backing out the fix for bug 235457 since it made typing URLs, and autocomplete in the the URL bar not work.
2004-03-16 19:06:10 +00:00
jst%mozilla.jstenback.com
9216581021
Fixing bug 235457. Make new windows opened through window.open be opened on the context of the opener, and make caps not lie about when capabilities are enabled. r=danm-moz@comcast.net, r=caillon@aillon.org, sr=brendan@mozilla.org, a=dbaron@dbaron.org
2004-03-16 06:57:54 +00:00
cbiesinger%web.de
9ea99a468f
one more tweak, r=caillon
2004-03-06 20:54:47 +00:00
cbiesinger%web.de
7083875ebb
making this sound less like it's PSM, rs=caillon
2004-03-06 20:47:21 +00:00