Граф коммитов

620 Коммитов

Автор SHA1 Сообщение Дата
bzbarsky%mit.edu 4ebb372bf8 When getting codebase principals, install the passed-in codebase on them even
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu ec7b93b809 Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz 2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu 81cfa9db1e Make the redirect check get principals the same way we get them elsewhere.
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com 6599170933 Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz 2006-11-22 17:22:40 +00:00
sayrer%gmail.com abe0665f38 Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz 2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu 5abb54c90b Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu 142a417a31 Make it possible for protocol handlers to configure how CheckLoadURI should
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de c7c2f947bb Bug 351876 Move nsICryptoHash into necko
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu e2524af589 Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
pkasting%google.com 943d93f1e8 Bug 337223: Don't expose moz-anno protocol to web pages.
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu e4c80b6420 Remove special-casing of about:blank for security purposes; give about:blank
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
dveditz%cruzio.com 2c27f29b83 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking 2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu 714b309562 Fiox the special-casing for about:blank to deal with it now being
moz-safe-about:blank as far as the security manager is concerned.  Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu 6c8d302694 Allow about: modules to just set a flag to force script execution to be allowed
for particular about: URIs, instead of hardcoding checks in the security
manager.  Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu d5968aa228 Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin 2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu 66d9ce92e5 Save the principal in the session history entry so that reloading a data: URL
will do the right thing.  Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs).  Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu 64681af28a Move the safe vs unsafe about: distinction out of the security manager and into
nsIAboutModule implementations.  Bug 337746, r=dveditz, sr=darin
2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au d5ad1dc2b9 Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan. 2006-06-13 03:07:47 +00:00
mrbkap%gmail.com 43895f48e7 Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan 2006-06-12 22:39:55 +00:00
igor%mir2.org 271c305869 Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan 2006-05-22 22:58:31 +00:00
bzbarsky%mit.edu 25f194de58 Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu 422320e643 Create our URIs by hand (since we have our own scheme), instead of going
through the ioService.  Also fixes some threadsafety stuff.  Bug 337513,
r=dveditz, sr=darin.
2006-05-11 16:06:35 +00:00
cbiesinger%web.de 1fe4516c9f bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and
associated code. These options do not really work anymore.

r=bsmedberg
2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu c85e631ff2 Disable optimization that relies on invariants we don't maintain. Bug 317240
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu 90953ff01a Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst 2006-05-04 02:29:46 +00:00
darin%meer.net e7a84f6ea9 fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin 2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu fca88cd9e1 Add an interface for nested URIs (like jar:, view-source:, etc) to implement
and use it in various places.  Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:).  Bug 334407, r=biesi,dveditz, sr=darin
2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu 0488da364f Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz 2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu 1a4e0664f9 Check rv before looking at port. Bug 334210, r+sr+branch181=jst 2006-04-17 23:19:44 +00:00
bzbarsky%mit.edu c129f55b78 Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin 2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu c4ba2c6a58 Fix refcounting bug. Followup to bug 327176; reviews pending. 2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu a8129ca50f Followup to bug 326506 -- this comment got lost somehow. 2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu 3f58349fa0 Init the system principal singleton when we init the security manager -- no
need for lazy init here.  Bug 327176, r=mrbkap, sr=dveditz
2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu 59f912e4ad Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
sr=dveditz
2006-04-02 20:58:26 +00:00
darin%meer.net 5521781301 fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron 2006-03-30 18:40:56 +00:00
martijn.martijn%gmail.com 99bb8c1c9e Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky 2006-03-15 11:03:25 +00:00
bryner%brianryner.com 41e6c02b2f Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin. 2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu 3ebe726715 Followup fix for bug 307867 -- make sure to update our pointers to hashtable
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
timeless%mozdev.org a279d689e5 Bug 106386 Correct misspellings in source code
r=bernd rs=brendan
2006-02-23 09:36:43 +00:00
bzbarsky%mit.edu 2c5f1c1bd7 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu f29ba2b9fb Backing out since tree is closed. 2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu 2eeb07467d Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
sr=dveditz
2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu 54eb4ccaac Remove dead code. Bug 327171, r=mrbkap, sr=shaver 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu f9eb6120f3 Fix debug code to assert the right thing. r=timeless 2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu 38041b1d43 Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver 2006-02-07 22:24:47 +00:00
cbiesinger%web.de a898e666b8 bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones
r+sr=darin
2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com af27bd0d3c Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu 2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com 7a5af690c6 Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org 2005-11-28 23:56:44 +00:00
timeless%mozdev.org b78d0c2416 Bug 106386 Correct misspellings in source code
patch by unknown@simplemachines.org r=timeless rs=brendan
2005-11-25 08:16:51 +00:00
brettw%gmail.com ce7fc555c4 Bug 316077, r=annie.sullivan, sr=darin
Protocol handler allowing access to binary annotations.
2005-11-17 18:39:00 +00:00