Taras Glek
49adbe1f68
bug 521191: backed out e22bef491d84
2009-10-08 16:44:44 -07:00
Taras Glek
223502e19f
Backed out changeset e22bef491d84
2009-10-08 16:43:55 -07:00
Peter Van der Beken
b87d3a9c86
Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange.
2009-10-08 13:42:07 -07:00
Peter Van der Beken
7e4509caf0
Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange.
2009-10-08 13:41:44 -07:00
Taras Glek
9ec79636b9
Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz
2009-10-08 11:22:50 -07:00
Peter Van der Beken
352b573e65
Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
...
--HG--
extra : rebase_source : 95898b5ab53d60200058374c52cdb8161aabf78b
2009-09-18 12:43:48 +02:00
Blake Kaplan
d4fee93d17
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
Igor Bukanov
33dbce57f4
bug 513190 - avoiding jsint tagging of the private slot data. r=jorendorff
2009-09-05 19:59:11 +04:00
Benjamin Smedberg
28fb767bd1
Followup to bug 398573 - remove REQUIRES from the tree since it is no longer used... automatically generated patch, rs=ted
2009-08-25 08:59:31 -07:00
Taras Glek
ca66146094
Bug 468011 - Combine all chrome into browser+toolkit jars. r=bsmedberg
2009-08-14 09:32:40 -07:00
Blake Kaplan
e743fef6ce
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
Boris Zbarsky
6df0ded0a0
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 21:27:33 -04:00
David Zbarsky
78b1e53099
Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg
2009-07-29 13:54:44 -04:00
Boris Zbarsky
6b45f824b8
Backed out changeset b55e7e3c0bfb to see whether bug 495176 might be causing the WinXP Txul regression
...
--HG--
extra : rebase_source : c854c6a8afad67c583ff08e23bbac27cbf99c0cd
2009-07-28 14:34:01 -04:00
Boris Zbarsky
a3eb1b8f00
Backed out changeset 9d5e247b5052 to see whether bug 495176 might be causing
...
the WinXP Txul regression.
--HG--
extra : rebase_source : 41a0fe73ec43dff97ada391db29dc121fb677403
2009-07-28 14:32:45 -04:00
Boris Zbarsky
c2678217a6
Fixing crashes during tests by null-checking the principal URI as appropriate. Bug 495176
2009-07-26 23:21:01 -04:00
Boris Zbarsky
a781668371
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 21:27:33 -04:00
Peter Van der Beken
a4b3ca413c
Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap.
2009-05-12 22:20:42 +02:00
Johnny Stenback
fae33caf0b
Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org
2009-06-30 15:55:16 -07:00
Arpad Borsos
77b21ab250
Back out b8e531a6c961 (Bug 474369), it really did cause the windows dhtml regression
...
--HG--
extra : rebase_source : 568114bcfc5a7710d9e2c2fe5e234fa190bebba1
2009-06-16 14:38:51 +02:00
Olli Pettay
9da6f0843d
Bug 489561 - nsPrincipal should cache nsIPrefBranch and codebase_principal_support pref, r+sr=dveditz, +comments from bz
2009-06-16 14:00:06 +03:00
Arpad Borsos
a19520a847
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Phil Ringnalda
d8bb463da6
Bug 495021 - CAPS unconditionally builds tests, r=shaver
2009-06-13 11:53:38 -07:00
Blake Kaplan
57001fe1d3
Bug 441714 - Protect caps against SJOWs. r+sr=dveditz
2009-06-12 14:38:05 -07:00
Arpad Borsos
f935ad0919
Back out bug 474369, suspected of causing dhtml and tp3 regression
2009-06-12 23:20:55 +02:00
Arpad Borsos
2c38117932
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
...
--HG--
extra : rebase_source : 2f40cba97555521222512c7cd793c2a2adcca333
2009-05-07 17:15:26 +02:00
Boris Zbarsky
31374e7985
Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap
2009-05-21 15:46:05 -04:00
Boris Zbarsky
32f8ab9ba2
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 21:49:42 -04:00
Boris Zbarsky
cdb23d519f
Bug 410486. Fix test failures due to the exception message getting truncated.
2009-05-20 00:57:37 -04:00
timeless@mozdev.org
0b0aa1df9f
Bug 410486. Make sure to be in a request when reporting a pending exception. r=dveditz, sr=mrbkap.
2009-05-19 22:11:01 -04:00
Dave Townsend
ca9fcef56b
Backed out changeset 461d728271d1
2009-05-19 13:51:18 +01:00
Arpad Borsos
996e06a4de
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Blake Kaplan
8434b97074
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
2009-05-14 15:17:56 -07:00
Blake Kaplan
ea991f3d87
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
L. David Baron
bd3965a189
Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer
2009-05-06 13:46:04 -07:00
Blake Kaplan
4cf6c7e06d
Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky
2009-04-23 00:21:22 -07:00
Mook
41a2954729
Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz
2009-02-26 18:31:17 +01:00
Dan Mosedale
4455c2f606
Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky
2009-02-17 20:32:57 -08:00
Daniel Holbert
c755eee8e7
Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg
2009-01-21 22:55:08 -08:00
timeless@mozdev.org
3945a87217
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal
...
r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
timeless@mozdev.org
52befe11f9
Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz
2009-01-01 15:45:23 -08:00
Phil Ringnalda
064f4c312e
Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz
2009-01-01 15:45:23 -08:00
Tyler Downer
5e37f4a34d
Bug 471146 - remove old CAPS readme (already on devmo); r=brendan
2009-01-01 14:56:44 +01:00
Boris Zbarsky
a1423a6cb2
Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking
2008-11-25 20:50:04 -05:00
Phil Ringnalda
5ac69655c0
Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg
2008-11-03 19:46:28 -08:00
Blake Kaplan
2a70d25292
Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky
2008-10-22 13:15:22 -07:00
Ben Newman
51166f0670
Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky
2008-10-16 10:56:51 -04:00
Igor Bukanov
03e5a590d8
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 16:16:25 +02:00
Arpad Borsos
4460c617be
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 17:04:34 +02:00
Blake Kaplan
c7b33da903
Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky
2008-10-08 15:05:25 -07:00
Ben Newman
57bfef064c
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 09:16:27 -04:00
David Bienvenu
45b2f90a31
bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose
2008-09-21 15:21:07 -07:00
David Bienvenu
7d671703d7
temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943
2008-09-20 08:14:14 -07:00
Arpad Borsos
2cc3af109a
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-07 00:21:43 +02:00
Ben Turner
7ce8e92dd3
Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst.
2008-09-05 16:26:04 -07:00
Ben Turner
1769bcd5cb
Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap.
2008-09-04 15:52:20 -07:00
Jason Orendorff
1d1eeba8b2
Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst)
2008-08-30 18:58:36 -05:00
Shawn Wilsher
89e7a45e7a
Bug 452486 - Create components when we actually have a profile
...
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas
bfba5f3a4f
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-27 18:15:32 -07:00
Shawn Wilsher
da4a22bc6f
Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
...
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp
a66645593d
Backed out changeset 1e3d4775197a (bug 442812)
2008-08-19 22:52:05 -07:00
Honza Bambas
8bcb74a0dc
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-19 19:31:08 -07:00
Boris Zbarsky
29358ba272
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
Boris Zbarsky
e4b0ef9232
Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking
2008-07-28 23:10:05 -07:00
Boris Zbarsky
f240a67b8b
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
jonas@sicking.cc
bb2529b51f
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com
248bcdd278
Rework test for bug 292789 to try and fix the timeout on qm-centos5-01
2008-04-14 01:50:51 -07:00
dveditz@cruzio.com
447fc8ce13
tests for bug 292789 -- forgot during checkin
2008-04-12 17:55:45 -07:00
dveditz@cruzio.com
36727be489
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
jonas@sicking.cc
b245f0fae8
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
igor@mir2.org
e52789403a
[bug 423874] backing out as a simpler patch would do the job with less code.
2008-03-29 03:34:29 -07:00
igor@mir2.org
a76bfc82c0
[bug 424376] backing out - too much compatibility problems.
2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu
65811eb5e4
Fix bug 421228. r+sr=sicking
2008-03-27 20:46:15 -07:00
igor@mir2.org
07f1893244
bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 03:16:40 -07:00
jst@mozilla.org
f70c22ca8a
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
igor@mir2.org
01d0387418
bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject
2008-03-21 01:19:23 -07:00
jst@mozilla.org
6d3a0d05b3
Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu
2008-03-20 23:01:55 -07:00
jst@mozilla.org
739205fc4a
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
shaver@mozilla.org
4a1af49d46
Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor.
2008-03-20 01:19:15 -07:00
shaver@mozilla.org
1c8789bdbf
Test for bug 423379 (content can load chrome and/or resource), r/sr=jst.
2008-03-19 15:14:51 -07:00
shaver@mozilla.org
16f84858f6
(NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave.
2008-03-19 14:26:09 -07:00
jonas@sicking.cc
585b681349
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
df31fc12aa
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com
43c5ec54b7
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 07:10:48 -07:00
timeless@mozdev.org
696c60aeae
Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver
2008-03-11 10:30:23 -07:00
reed@reedloden.com
03bd4aa789
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 03:20:21 -08:00
jonas@sicking.cc
498741eb4c
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
myk@mozilla.org
ce1fde4562
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
jonas@sicking.cc
f3eb926449
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi
ef5fceaa12
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 04:40:18 -08:00
reed@reedloden.com
de0fd36632
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 00:59:20 -08:00
jonas@sicking.cc
641b42bbcf
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 00:16:54 -08:00
jst@mozilla.org
73b6de93fa
Fixing bustage.
2008-01-29 13:11:24 -08:00
jst@mozilla.org
b8a6474030
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
jst@mozilla.org
0a1e95b8b6
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 09:51:38 -08:00
jst@mozilla.org
dd9c7f529c
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us
a31eb73709
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
dwitte@stanford.edu
ae0034832c
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 20:30:42 -08:00
dwitte@stanford.edu
6ba4acd13f
partial backout in an attempt to fix orange.
2008-01-11 02:08:58 -08:00
dwitte@stanford.edu
18cd35ef9d
relanding bug 410250.
2008-01-11 01:13:04 -08:00