2e9e7217c2
Another dummy change to cause beast to rebuild caps
2003-04-30 09:19:50 +00:00
6a95217659
IRIX bustage
2003-04-23 04:28:41 +00:00
fcf841a105
Bug 180749 - when remembering granted privileges for file://pages, grant privilege for that page only, not the whole local file system. r=jst, sr=heikki.
2003-04-23 00:21:02 +00:00
981b45ec02
Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org
2003-04-17 20:21:00 +00:00
f94684efd7
Removing stray windows newline that causes build warning... No reviews, sorry.
2003-04-08 20:26:41 +00:00
ab8093092a
Define XPC_IDISPATCH_SUPPORT when building caps if necessary. b=198117 r=dbradley@netscape.com sr=alec@netscape.com
2003-03-20 12:10:04 +00:00
41d8df3c94
bug 170585, Scriptable streams are broken; r=darinf, sr=dougt
...
update to readdata caller
2003-03-13 21:24:37 +00:00
adad165e96
Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet*
2003-03-12 02:17:37 +00:00
39e4fcf204
Bug 196340 Change NS_REINTERPRET_CAST(nsIScriptContext*, JS_GetContextPrivate(cx)) to use Static Cast
...
r=mstoltz sr=heikki
2003-03-07 21:54:28 +00:00
d40c318032
Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst).
2003-03-06 19:40:14 +00:00
e93797d3ef
bug 191773, r=mstoltz, a=dbaron@dbaron.org
...
only allow x-jsd: urls from chrome: and resource:
2003-02-05 01:27:56 +00:00
4540357473
Whitespace change to trigger rebuild of libs that depend upon zlib.
2003-01-30 05:53:29 +00:00
75d0ab7d78
fixing IRIX bustage (^M's from mstoltz's checkin)
2003-01-25 03:58:38 +00:00
a0cc0ee7e5
Bug 189799 - Ignore username:password portion of URL when making URL comparisons for security. r=heikki, sr=jst, a=asa
2003-01-25 01:43:37 +00:00
5697890fdd
Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage.
2003-01-17 02:00:01 +00:00
f3c55ef954
Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst.
2003-01-17 01:00:15 +00:00
329252c847
Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it's no longer needed. r=timeless sr=jag
2003-01-08 19:24:38 +00:00
b443430dc8
184257 - Updating pref callers. r=timeless sr=bzbarsky
2003-01-08 08:40:41 +00:00
4588fb970a
Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
...
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
a7b81df6c6
take two at fixing bug 177401 - convert nsIBinaryStream over to using nsAString/nsACString for string values, to speed up fastload
...
sr=darin, r=dougt
(the previous checkin had a typo which disabled fastload entirely!)
2002-11-14 18:16:31 +00:00
50a35c0245
argh, back out my last checkin because Ts went UP not down!
2002-11-09 01:31:32 +00:00
e8fa3e1225
fix for bug 177401 - use nsAString& classes instead of wstring in nsIBinaryInputStream, to speed up fastload startup
...
sr=darin, r=dougt
2002-11-08 23:30:53 +00:00
291b95491f
Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
...
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
ea0876d123
fix for #168136 . r=mstoltz, sr=dveditz.
...
for pref controlled schemes, allow access if source scheme is chrome or res.
needed for the new "view filter log UI".
2002-09-12 20:27:07 +00:00
c5e8f896cd
166917. Clean up xpcom SDK includes. r=rpotts@netscape.com, sr=alecf@netscape.com, a=rjesup@wgate.com
2002-09-07 17:13:19 +00:00
1cc752dbaf
Make anonymous content inaccessible to web content (bug 164086), r=sicking@bigfoot.com, sr=jst@netscape.com
2002-08-29 04:05:39 +00:00
e6efe12743
Backing out jkeiser's checkin for bug 164086 (not bug 96537) because he
...
left a file out, and the tree turned red....
2002-08-28 10:13:28 +00:00
f9f5ddfac8
Make anonymous content inaccessible to web content (bug 96537), r=sicking@bigfoot.com, sr=jst@netscape.com
2002-08-28 08:19:43 +00:00
a65ab30704
Fix bug 159889: replace the hardcode of "@mozilla.org/preferences;1" with NS_PREF_CONTRACTID
...
Patch by leon.zhang@sun.com
r=Henry, sr=alecf
2002-08-19 04:29:58 +00:00
8ae6c40f5d
Removing old nmake build makefiles. Bug #158528 r=pavlov
2002-08-10 07:55:43 +00:00
d62393acda
5th patch for bug 158080
...
Description: replace the hardcode of @mozilla.org/embedcomp/window-watcher;1 with NS_WINDOWWATCHER_CONTRACTID
Patch by Henry.Jia@sun.com
r=anto, sr=alecf
2002-08-06 06:32:02 +00:00
b2160d158c
Use principals instead of URIs for same-origin checks.
...
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00
5bd0d2e2f1
Bug 154930 - If one page has explicitly set document.domain and another has not,
...
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
d3d63601cf
Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst
2002-07-02 23:26:08 +00:00
c55abc30d5
Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
...
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
7be79a0d54
Backing out my checkin to see if it fixes the Txul breakage
2002-06-27 23:32:51 +00:00
eff7c1ce17
** checking in for mstoltz **
...
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst
2002-06-27 20:58:42 +00:00
76d3ee501f
133170 - Need to re-check host for security on a redirect after a call to
...
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
e96df2ad1b
Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756
2002-05-15 18:55:21 +00:00
f43dfb75ba
fixes bug 142870 "nsIFile should use UCS-2 instead of UTF-8"
...
r=dougt sr=alecf
2002-05-07 23:07:19 +00:00
09cdc7f458
[Chrome FastLoad]
...
Ensure that principals are written as Compound Objects using |WriteCompoundObject|, not using |WriteObject|
r=mstoltz, sr=brendan
2002-05-03 03:00:46 +00:00
1b1677bbe9
fixes bug 129279 "nsIFile unicode/utf8/ascii task"
...
r=dougt sr=alecf
2002-04-27 05:33:09 +00:00
1163f76b50
Bug 136993 - Put the "trusted codebase principals" feature back in.
...
r=harishd, sr=jst, a=valeski
2002-04-13 01:53:46 +00:00
0de3da6d32
fixes bug 134546 "Memory leak in nsScriptSecurityManager::GetBaseURIScheme()"
...
patch=pj@ludd.luth.se , r=mstoltz, sr=darin, a=rjesup@wgate.com
2002-04-03 20:23:57 +00:00
310147212f
A bunch of fixes in caps:
...
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)
All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
fc883176bf
Bug 106386 rid source of misspellings
...
r=db48x sr=blake a=asa
2002-03-19 04:30:17 +00:00
f4fdfbb122
fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed
...
(and not leaked!)
r=mstoltz, sr=vidur, a=asa
2002-03-10 00:41:08 +00:00
6c79c65bef
Bug 129503, "IsCapabilityEnabled should return PR_TRUE if no script on stack"
...
sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
. Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native. If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)
2002-03-08 02:20:55 +00:00
026dda9f95
fixes bug 124042 "support internationalized URIs" r=dougt, sr=alecf, a=asa
2002-03-06 07:48:55 +00:00
b103d141c4
remove stale DEBUG_jband block. rs=jband a=dbaron
2002-03-05 08:02:05 +00:00
dbradley%netscape.com
mkaply%us.ibm.com
mstoltz%netscape.com
jst%netscape.com
bzbarsky%mit.edu
locka%iol.ie
rginda%netscape.com
timeless%mozdev.org
brendan%mozilla.org
seawood%netscape.com
bryner%netscape.com
sfraser%netscape.com
dbaron%dbaron.org
caillon%returnzero.com
alecf%netscape.com
sspitzer%netscape.com
dougt%netscape.com
jkeiser%netscape.com
bbaetz%student.usyd.edu.au
henry.jia%sun.com
sicking%bigfoot.com
harishd%netscape.com
darin%netscape.com
ben%netscape.com
timeless%mac.com
jband%netscape.com