mstoltz%netscape.com
fd8c486c4a
bug 106535, adding the ability to enable codebase principals for a single host
...
instead of for all hosts. r=vidur, sr=jst.
2001-10-26 23:00:48 +00:00
bzbarsky%mit.edu
c578c92399
Make CAPS correctly observe changes to capability.policy prefs. Needed
...
for having UI for these suckers. Bug 101150, r=mstoltz,sr=jst
2001-10-02 21:56:51 +00:00
gerv%gerv.net
2cab766559
License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/.
2001-09-25 01:03:58 +00:00
gerv%gerv.net
2a80f3fea9
Oops.
2001-09-20 00:02:59 +00:00
scc%mozilla.org
63e86dc84f
bug #98089 : ripped new license
2001-09-19 20:09:47 +00:00
mstoltz%netscape.com
cf70c6ad6d
bug 86799, adding support for wildcard security policies of the form
...
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.
2001-08-29 02:05:48 +00:00
mstoltz%netscape.com
70f0d46fbc
86984 - make history.length sameOrigin-accessible. Security prefs change.
...
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
2001-08-14 00:18:58 +00:00
brendan%mozilla.org
01289b3afb
Restore scriptable nsIClassInfo.classID but add fast/C++-only classIDNoAlloc; define and use nsIClassInfo::EAGER_CLASSINFO in caps (93792, sr=waterson&jst).
2001-08-07 03:59:29 +00:00
mstoltz%netscape.com
d3319276da
82495 - Support for the view-source protocol in CheckLoadURI
...
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
2001-08-02 20:32:48 +00:00
brendan%mozilla.org
8c7c819206
FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver.
2001-07-31 19:05:34 +00:00
mstoltz%netscape.com
50f00fbc78
Bug 77485 - defining a function in another window using a targeted javascript:
...
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
2001-07-13 07:08:26 +00:00
mstoltz%netscape.com
edf3f8a6e9
Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst.
2001-05-19 00:33:51 +00:00
blizzard%redhat.com
e1e5c32a99
Back out mstoltz because of blocker bug #81629 . Original bugs were 47905 79775.
2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
201736a175
Bug 47905 - adding security check for XMLHttpRequest.open.
...
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com , sr=jst@netscape.com
Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com , sr=jst@netscape.com
2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
d0f2b845b9
Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com,
...
sr=brendan@mozilla.org
2001-05-11 00:43:27 +00:00
jst%netscape.com
adf1d8320a
Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com.
2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
c302defdcd
More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).
...
r=beard, sr=hyatt
2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
b26a1f0451
Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi.
...
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.
2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
6672d1a27a
bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan
2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
d1ff4c4a38
Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband.
2001-01-27 01:42:20 +00:00
jband%netscape.com
e383c347e4
fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan
2000-11-30 05:32:08 +00:00
mstoltz%netscape.com
397dd0a60e
bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg
2000-09-09 00:53:21 +00:00
dp%netscape.com
6131f92863
bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson
2000-08-22 06:02:14 +00:00
mstoltz%netscape.com
88846ce93b
Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor
2000-08-22 02:06:52 +00:00
warren%netscape.com
4af572e4c1
Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson
2000-08-10 06:19:37 +00:00
mstoltz%netscape.com
86eadd802e
Fixing 40159, nasty infinite recursion on startup. r&a=beard
2000-07-26 04:53:01 +00:00
mstoltz%netscape.com
3706de2b9a
fix for 42387, r=dveditz
2000-07-20 01:16:15 +00:00
mstoltz%netscape.com
0b9feb28b2
DOM properties default to same origin access only. Bug 28443. r=rginda
2000-07-05 19:08:20 +00:00
vidur%netscape.com
b22731f07d
Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur
2000-06-23 14:32:38 +00:00
mstoltz%netscape.com
5e94ace8c8
Allow scripting of plugins by untrusted web scripts. Bug 36375.
2000-05-17 02:38:22 +00:00
mstoltz%netscape.com
3ec39eeed8
Removing archive attribute from nsCertificatePrincipal. This will not be used.
2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
ecc9b44676
Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack.
2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
2483630a16
Added archive attribute to nsICertificatePrincipal...part of fix for 37481.
2000-05-01 23:39:51 +00:00
mstoltz%netscape.com
4794c651b5
Fixes for 27010, 32878, and 32948.
2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
200b920525
Backing out changes until I can figure out why it's crashing on startup.
2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
9ac7780368
Fixes for bugs 27010, 32878, 32948.
2000-04-23 20:30:29 +00:00
norris%netscape.com
a3caa18f07
Fix
...
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com
9ec188bd3a
# 34082
...
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
2000-04-05 02:32:07 +00:00
mstoltz%netscape.com
72ad6e26bf
Fixed bug 30915 using nsAggregatePrincipal. r=norris
2000-03-31 00:31:18 +00:00
norris%netscape.com
1d3c4cb5e3
Fix 31998 nsScriptSecurityManager not thread safe breaks table regress
2000-03-21 23:12:16 +00:00
norris%netscape.com
c19429e137
Adding nsAggregatePrincipal support. r=norris
2000-03-21 04:05:35 +00:00
norris%netscape.com
80d944693e
Fix 25062 Reload vulnerability
...
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
norris%netscape.com
131271ae68
Fix bug #25864 watch() vulnerability
...
r=vidur,rogerl
2000-02-02 00:22:58 +00:00
norris%netscape.com
e753eaa792
Files:
...
caps/include/nsScriptSecurityManager.h
caps/src/nsScriptSecurityManager.cpp
modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson
Files:
dom/src/base/nsGlobalWindow.cpp
layout/base/src/nsDocument.cpp
layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.
Files:
dom/src/jsurl/nsJSProtocolHandler.cpp
webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth
Files:
layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
2000-01-23 04:23:14 +00:00
waterson%netscape.com
05e45b0f16
Fix build bustage.
2000-01-18 22:35:27 +00:00
mstoltz%netscape.com
184058eaaf
Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda
2000-01-18 21:54:01 +00:00
jdunn%netscape.com
157f231d1d
Fix base class specifiers, since be default if they aren't specified it is Private
...
# 23237
r= warren@netscape.com , ftang@netscape.com , jband@netscape.com
2000-01-11 01:45:34 +00:00
norris%netscape.com
18d9ee89da
Fix
...
858 [Feature] JavaScript auto-disable per-domain RFE
13023 Users must be able to disable Java and JavaScript (for JS in mail)
21923 Executing functions in "chrome:" protocol - #2 .
r=mstoltz
(Checked in with red on Mac; Wan-Teh says his changes are localized so
it shouldn't interfere with his fixing bustage.)
2000-01-08 16:51:54 +00:00
norris%netscape.com
8343c4ead7
Fix 22909 previousSibling vulnerability
...
r=mstoltz
2000-01-06 00:59:18 +00:00
warren%netscape.com
26c830d785
Fix for leak/bloat stats going negative. a=jar
1999-12-10 04:27:52 +00:00