e2524af589
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
943d93f1e8
Bug 337223: Don't expose moz-anno protocol to web pages.
...
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
e4c80b6420
Remove special-casing of about:blank for security purposes; give about:blank
...
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
2c27f29b83
bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking
2006-06-27 00:56:41 +00:00
714b309562
Fiox the special-casing for about:blank to deal with it now being
...
moz-safe-about:blank as far as the security manager is concerned. Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
6c8d302694
Allow about: modules to just set a flag to force script execution to be allowed
...
for particular about: URIs, instead of hardcoding checks in the security
manager. Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
d5968aa228
Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin
2006-06-20 03:17:41 +00:00
66d9ce92e5
Save the principal in the session history entry so that reloading a data: URL
...
will do the right thing. Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs). Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00
64681af28a
Move the safe vs unsafe about: distinction out of the security manager and into
...
nsIAboutModule implementations. Bug 337746, r=dveditz, sr=darin
2006-06-19 21:02:12 +00:00
d5ad1dc2b9
Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan.
2006-06-13 03:07:47 +00:00
43895f48e7
Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan
2006-06-12 22:39:55 +00:00
271c305869
Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan
2006-05-22 22:58:31 +00:00
25f194de58
Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst
2006-05-12 00:05:40 +00:00
422320e643
Create our URIs by hand (since we have our own scheme), instead of going
...
through the ioService. Also fixes some threadsafety stuff. Bug 337513,
r=dveditz, sr=darin.
2006-05-11 16:06:35 +00:00
1fe4516c9f
bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and
...
associated code. These options do not really work anymore.
r=bsmedberg
2006-05-06 17:53:51 +00:00
c85e631ff2
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
90953ff01a
Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst
2006-05-04 02:29:46 +00:00
e7a84f6ea9
fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin
2006-05-02 19:33:09 +00:00
fca88cd9e1
Add an interface for nested URIs (like jar:, view-source:, etc) to implement
...
and use it in various places. Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:). Bug 334407, r=biesi,dveditz, sr=darin
2006-05-02 18:54:19 +00:00
0488da364f
Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz
2006-04-25 03:24:43 +00:00
1a4e0664f9
Check rv before looking at port. Bug 334210, r+sr+branch181=jst
2006-04-17 23:19:44 +00:00
c129f55b78
Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin
2006-04-17 23:13:33 +00:00
c4ba2c6a58
Fix refcounting bug. Followup to bug 327176; reviews pending.
2006-04-05 16:48:51 +00:00
a8129ca50f
Followup to bug 326506 -- this comment got lost somehow.
2006-04-02 22:00:08 +00:00
3f58349fa0
Init the system principal singleton when we init the security manager -- no
...
need for lazy init here. Bug 327176, r=mrbkap, sr=dveditz
2006-04-02 21:10:23 +00:00
59f912e4ad
Create a powerless non-principal and start using it. Bug 326506, r=mrbkap,
...
sr=dveditz
2006-04-02 20:58:26 +00:00
5521781301
fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron
2006-03-30 18:40:56 +00:00
99bb8c1c9e
Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky
2006-03-15 11:03:25 +00:00
41e6c02b2f
Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin.
2006-03-15 04:59:42 +00:00
3ebe726715
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
a279d689e5
Bug 106386 Correct misspellings in source code
...
r=bernd rs=brendan
2006-02-23 09:36:43 +00:00
2c5f1c1bd7
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 16:12:17 +00:00
f29ba2b9fb
Backing out since tree is closed.
2006-02-17 03:33:03 +00:00
2eeb07467d
Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
...
sr=dveditz
2006-02-17 03:26:03 +00:00
54eb4ccaac
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
f9eb6120f3
Fix debug code to assert the right thing. r=timeless
2006-02-14 20:20:49 +00:00
38041b1d43
Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver
2006-02-07 22:24:47 +00:00
a898e666b8
bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones
...
r+sr=darin
2006-02-03 14:18:39 +00:00
af27bd0d3c
Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu
2005-11-29 06:00:36 +00:00
7a5af690c6
Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org
2005-11-28 23:56:44 +00:00
b78d0c2416
Bug 106386 Correct misspellings in source code
...
patch by unknown@simplemachines.org r=timeless rs=brendan
2005-11-25 08:16:51 +00:00
ce7fc555c4
Bug 316077, r=annie.sullivan, sr=darin
...
Protocol handler allowing access to binary annotations.
2005-11-17 18:39:00 +00:00
d295c6f94f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
d73e12f724
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
1e91350bb2
Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
...
changes, sr=jst
2005-11-02 00:41:51 +00:00
4a47acf0d7
Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2005-10-25 00:29:28 +00:00
1a0d80f303
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
c42f37d29f
bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan
2005-10-14 18:57:26 +00:00
c740f18df2
Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz
2005-09-30 03:30:40 +00:00
820af0c053
Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky
2005-09-14 04:16:27 +00:00
b4e2732aae
Remove the security.checkloaduri preference. Please to be using the
...
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.
Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
32258b61c3
Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa
2005-08-26 06:46:21 +00:00
3acef9f8a4
Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan.
2005-08-25 11:51:42 +00:00
218fea648d
bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver
2005-08-22 05:09:11 +00:00
602cc10bb6
Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz
2005-08-17 16:55:00 +00:00
e8b3a71658
Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
...
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
8b7146f6a5
Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
...
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
f1615dd0f0
Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
...
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
113a48816f
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
dc27182f65
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
741e9f0d95
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
6115ede7b5
Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa
2005-07-14 17:46:55 +00:00
ce97f202bd
Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver).
2005-07-08 23:26:36 +00:00
52a3cd7b1d
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
5b1fc5f58e
bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay
2005-06-16 08:28:50 +00:00
48772b9d27
Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org
2005-06-09 01:11:21 +00:00
3ce206754c
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
05339dd922
Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver
2005-06-01 16:06:53 +00:00
4e57a19e15
Fix bug 293671. r=caillon sr=dveditz a=asa
2005-05-12 18:26:41 +00:00
879c58672c
Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa
2005-05-12 18:20:07 +00:00
77b38278e4
Fix comment from last night to match today's code.
2005-05-04 18:58:24 +00:00
ed1074859d
Undo gist of last change for now, it breaks too much even though it's safer.
2005-05-04 16:19:31 +00:00
403f448dbc
Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).
2005-05-04 06:28:36 +00:00
e975ac1396
Fix crashes when privilegeManager methods are called by setting our our param
...
on success return. Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
2005-04-12 05:13:26 +00:00
60512d7421
Do less addrefing of principals in the script security manager. Bug 289643,
...
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
dbac83a323
Revert kludge, want a general fix.
2005-04-07 19:48:57 +00:00
57b68eabe5
Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).
2005-04-07 02:22:24 +00:00
7d90dca46d
Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong
...
r=dveditz sr=dveditz
2005-03-29 03:12:12 +00:00
a821ecc6cf
Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin.
2005-03-10 00:39:28 +00:00
c2d3232365
bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move
2005-03-08 17:21:36 +00:00
4b68fa447a
Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector)
2005-02-25 20:46:35 +00:00
610d170988
Remove special-casing so non-chrome-principal pages, even with chrome: uris,
...
can have script disabled as needed. Bug 280120, r=peterv, sr=neil
2005-02-22 21:18:31 +00:00
d630a9a4c1
Bug 269661 make libpref not depend on caps
...
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
8b6abc1d30
bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin
2005-02-02 07:17:53 +00:00
a62cb9f6fd
Add about:license and about:licence and make about: link to them. Bug 256945,
...
r=gerv, sr=darin
2005-01-23 21:02:36 +00:00
7ccf6e4965
Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees.
2004-12-09 19:28:35 +00:00
fa557e3163
Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla
...
r=caillon sr=dveditz
2004-11-05 16:54:09 +00:00
99c0e2558a
Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator]
...
r=dveditz sr=jst
2004-11-05 15:25:04 +00:00
d004534edd
Make it possible to disable checkloaduri on a per-site basis instead of
...
disabling it globally. Bug 233108, r=caillon, sr=jst
2004-11-03 15:45:52 +00:00
7b88bf8fee
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:53:35 +00:00
760bc66b0b
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:34:58 +00:00
f48be131d2
Improve enablePrivilege confirmation dialog text and presentation, sanity-check
...
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00
7dac6939fd
removing myself from DEBUG_CAPS_HACKER list
2004-07-10 19:38:28 +00:00
52092297fe
Bug 226439. Convert codebase to use AppendLiteral/AssignLiteral/LowerCaseEqualsLiteral. r+sr=darin
2004-06-17 00:13:25 +00:00
5fef88f764
fix DEBUG_CAPS_HACKER bustage due to bug 240106
...
r=caillon sr=darin
2004-06-16 15:58:22 +00:00
1f3e1038f3
bug 162020 option to delay enabling confirmation buttons r=mkaply,sr=sspitzer
2004-06-05 09:26:01 +00:00
18d9c2feaa
#239580
...
r=danm, sr=dveditz
Extend ConfirmEx to allow setting the default button - change default button for script security to no
2004-05-24 13:33:51 +00:00
b8ecbc84da
Bug 226439. Convert Seamonkey to EqualsLiteral. rs=darin
2004-05-22 22:15:22 +00:00
8d004584b6
Add a version of CheckLoadURI that takes a source principal instead of a source
...
URI. Update a bunch of callers to use it. Bug 233108, r=caillon, sr=dveditz
2004-04-25 16:55:27 +00:00
4f8b5bf9d4
deCOMtaminate nsIScriptObjectPrincipal (bug 240745). This also fixes some code in nsCrypto.cpp that sems to have been mis-braced (I don't think it was working as intended). r+sr=jst.
2004-04-18 00:28:47 +00:00
692411203a
Bug 236613: change to MPL/LGPL/GPL tri-license.
2004-04-17 21:52:36 +00:00
6330e24449
Bug 235504 Remove nsCString::EqualsWithConversion(const char*)
...
r=darin sr=dbaron
2004-04-14 20:09:30 +00:00
2e147004eb
Backing out the fix for bug 235457 since it made typing URLs, and autocomplete in the the URL bar not work.
2004-03-16 19:06:10 +00:00
9216581021
Fixing bug 235457. Make new windows opened through window.open be opened on the context of the opener, and make caps not lie about when capabilities are enabled. r=danm-moz@comcast.net, r=caillon@aillon.org, sr=brendan@mozilla.org, a=dbaron@dbaron.org
2004-03-16 06:57:54 +00:00
9ea99a468f
one more tweak, r=caillon
2004-03-06 20:54:47 +00:00
7083875ebb
making this sound less like it's PSM, rs=caillon
2004-03-06 20:47:21 +00:00
1d2d419885
landing dbaron's patch for bug 235735 "fix callers that cast away const on result of ns[C]String::get" r+sr=darin
2004-02-28 22:34:07 +00:00
0616fb43c2
fixes bug 234916 "Remove global/static NS_NAMED_LITERAL_C?STRING usage [was: Firefox crashes on startup on Mac OS X]" r=jst sr=dbaron
2004-02-25 02:08:34 +00:00
8b6dc1c3ca
Fixing bug 233307. deCOMtaminating nsIScript* and related interfaces. r+sr=bryner@brianryner.com.
2004-02-09 22:48:53 +00:00
1f4ab81acd
Continuing to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 13:37:00 +00:00
f0bfff2628
Beginning to land the PACKAGING_20030906_BRANCH for bug 20640. Not part of the build, yet.
2004-01-07 01:22:31 +00:00
fc16739ba6
Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz
2003-12-19 21:51:37 +00:00
05f05aab8b
Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp
...
r=caillon@aillon.org , sr=brendan@mozilla.org , a=brendan@mozilla.org
2003-12-15 18:16:09 +00:00
6a60ef1444
227079 - Mozilla asks for security privileges where it shouldn't
...
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron
2003-12-04 02:14:07 +00:00
4be366b3cf
Fix missing cx param problem (223041, r=caillon, sr=dbaron).
2003-11-03 04:26:55 +00:00
d4816af9c5
Work around bustage. Temporary fix. b=223041
2003-11-02 02:31:53 +00:00
ea10d2257a
Permit content to link to about:logo
...
Bug 223293; r=timeless sr=jst
2003-10-30 01:35:09 +00:00
de3d3fbf61
Re-land patch for bug 83536, merging principal objects.
...
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
ecb57316da
Better version of last change, thanks to caillon for reminding me.
2003-09-28 04:55:50 +00:00
4ff074c02b
Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz).
2003-09-28 04:44:33 +00:00
08f08cbf57
Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).
2003-09-28 04:22:01 +00:00
ced129793a
about:about
...
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net
2003-09-13 19:35:59 +00:00
9a8592b10f
Fix build on gcc 3.4 by removing extra semicolons (bug 218551). r/sr=dbaron, a=brendan.
2003-09-07 21:37:51 +00:00
c11c6acb17
Backing out the patch to bug 83536.
...
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
acf063492f
Bug 216234
...
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org
2003-08-20 00:40:13 +00:00
c08e99a287
Set MODULE in makefiles at the top of a heirarchy so that module-deps lists are more precise and builds will have the proper order if some subdirs contain other modules.
2003-08-16 00:42:35 +00:00
e1a8e55d17
Bug 214949
...
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com
2003-08-10 02:26:11 +00:00
f6be8fe74f
Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron).
2003-08-05 20:09:21 +00:00
9bd3d843a8
Adding comments, per bzbarsky. bug 214050.
2003-07-29 19:03:00 +00:00
fb75e2bf14
Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050.
2003-07-29 09:07:43 +00:00
8d0409de47
Bug 214050
...
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
2003-07-29 05:28:00 +00:00
0080f7ac51
Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536.
...
r=timeless,sr=bzbarsky on IRC.
2003-07-27 07:00:25 +00:00
4f29a47803
213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue]
...
r+sr+caillonIsStupid=bzbarsky@mit.edu
2003-07-27 04:08:48 +00:00
a519b5abbd
Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability.
...
r+sr=bzbarsky@mit.edu
2003-07-25 19:23:17 +00:00
1ac925aeee
Ports bustage - remove NS_COM per bsmedberg
2003-07-24 18:58:30 +00:00
9c22160a4b
Bug 83536.
...
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
f542eb1b3e
Removing extra ^M. Fixing Irix cc bustage
2003-06-28 05:15:41 +00:00
48968be6c1
Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com
2003-06-27 03:10:49 +00:00
f14981a7f1
Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).
...
bustage (const char*)
sr=jst
2003-06-26 03:27:01 +00:00
13f4af7d21
Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.
2003-06-26 00:18:43 +00:00
2e8edec781
Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com
2003-06-24 21:43:01 +00:00
fe0731d91e
Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded.
...
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
2003-06-18 23:48:57 +00:00
5d5585b629
Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com
2003-06-12 20:18:34 +00:00
8f112a4226
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 21:18:27 +00:00
6934dc37a9
Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev
2003-06-10 20:12:33 +00:00
f438318e22
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:56:38 +00:00
0b32036f70
Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201
2003-05-29 21:51:34 +00:00
7fa1ade332
Bug 207328 @mozilla.org/scriptsecuritymanager;1 isn't registering itself correctly as an app-startup observer service
...
r=mstoltz sr=alecf
2003-05-29 04:27:03 +00:00
db8cb8d68f
Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki.
2003-05-28 23:22:36 +00:00
149f719c00
bug 100649: Length() being used where IsEmpty() is meant
...
treewide changes to convert incorrect usages of string.Length() to string.IsEmpty().
thanks to afatecha@idea.com.py (Ariel Fatecha) for the patch. r=dwitte, sr=jst.
got the ok from Asa to land into a closed tree.
2003-05-23 21:34:47 +00:00
bzbarsky%mit.edu
pkasting%google.com
dveditz%cruzio.com
mhammond%skippinet.com.au
mrbkap%gmail.com
igor%mir2.org
cbiesinger%web.de
darin%meer.net
martijn.martijn%gmail.com
bryner%brianryner.com
timeless%mozdev.org
jst%mozilla.jstenback.com
brettw%gmail.com
dbaron%dbaron.org
dougt%meer.net
peterv%propagandism.org
mconnor%steelgryphon.com
gavin%gavinsharp.com
bsmedberg%covad.net
brendan%mozilla.org
gandalf%firefox.pl
jshin%mailaps.org
roc+%cs.cmu.edu
mkaply%us.ibm.com
gerv%gerv.net
neil%parkwaycc.co.uk
pkw%us.ibm.com
caillon%returnzero.com
cls%seawood.org
seawood%netscape.com
jst%netscape.com
mstoltz%netscape.com
harishd%netscape.com
dwitte%stanford.edu