b245f0fae8
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
f70c22ca8a
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
739205fc4a
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
585b681349
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
df31fc12aa
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
498741eb4c
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
ce1fde4562
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
f3eb926449
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
b8a6474030
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
a31eb73709
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
69192344bd
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
926abc513f
Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst
2007-09-28 07:31:04 -07:00
1512235b94
Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 15:18:28 -07:00
482ae113d1
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
12e960c504
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
7c3bde0a77
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
0ab7558e7b
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
cb52af13a3
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
4d961c5c49
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
0054412272
Bug 374866. Reftests for text-transform. r=dbaron
2007-03-22 16:01:14 -07:00
d7ad434701
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 17:35:57 +00:00
2ec9134081
Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-09 00:38:13 +00:00
8b559ed068
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 16:50:49 +00:00
7e76d85044
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-21 04:39:10 +00:00
1d6dc158f9
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-19 00:27:57 +00:00
e5ba2cdf44
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the
...
checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 21:14:50 +00:00
06f693a2bb
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-27 03:45:32 +00:00
dd8660867d
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-27 03:23:38 +00:00
44be249fb2
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-27 02:17:52 +00:00
87ad6994c9
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 20:51:01 +00:00
c6b0868a4c
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 15:51:02 +00:00
d05eccb938
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 23:02:26 +00:00
14cbe66990
Somewhat reduce the amount of memory an nsPrincipal allocates in the common
...
case. Bug 397733, r+sr+a=jst
2007-09-28 14:31:04 +00:00
db86f814d9
Make the nsISerializable implementation of nsPrincipal actually work. This
...
makes it possible to save principal objects to a stream and read them back.
Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 22:18:28 +00:00
ded345250e
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 07:02:57 +00:00
ef68fcf595
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 07:08:56 +00:00
31b141921a
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 15:07:02 +00:00
3fb4912f5d
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 14:22:04 +00:00
d2a7c1e86a
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 15:35:02 +00:00
a32fb9b241
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 15:33:45 +00:00
5abb54c90b
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
142a417a31
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
25f194de58
Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst
2006-05-12 00:05:40 +00:00
c85e631ff2
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
59f912e4ad
Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
...
sr=dveditz
2006-04-02 20:58:26 +00:00
3ebe726715
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
54eb4ccaac
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
d295c6f94f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
d73e12f724
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
1a0d80f303
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
jonas@sicking.cc
jst@mozilla.org
bzbarsky@mit.edu
myk@mozilla.org
benjamin@smedbergs.us
dveditz@cruzio.com
jwalden@mit.edu
dbaron@dbaron.org
roc+@cs.cmu.edu
jonas%sicking.cc
jst%mozilla.org
bzbarsky%mit.edu
myk%mozilla.org
benjamin%smedbergs.us
dveditz%cruzio.com
jwalden%mit.edu
dbaron%dbaron.org
cbiesinger%web.de