Граф коммитов

569 Коммитов

Автор SHA1 Сообщение Дата
cbiesinger%web.de d73e12f724 Bug 248052 Add a contract ID for a global channeleventsink. Make the
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz
2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu 1e91350bb2 Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet
changes, sr=jst
2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com 4a47acf0d7 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu 1a0d80f303 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
mrbkap%gmail.com c42f37d29f bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan 2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu c740f18df2 Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz 2005-09-30 03:30:40 +00:00
dbaron%dbaron.org 820af0c053 Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky 2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu b4e2732aae Remove the security.checkloaduri preference. Please to be using the
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.

Bug 307382, r=caillon, sr=dveditz
2005-09-09 18:43:45 +00:00
dougt%meer.net 32258b61c3 Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 2005-08-26 06:46:21 +00:00
peterv%propagandism.org 3acef9f8a4 Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan. 2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com 218fea648d bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver 2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com 602cc10bb6 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz 2005-08-17 16:55:00 +00:00
timeless%mozdev.org e8b3a71658 Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER
r=caillon sr=dveditz
2005-08-17 07:40:39 +00:00
timeless%mozdev.org 8b7146f6a5 Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG
r=dveditz sr=dveditz
2005-08-12 23:13:46 +00:00
timeless%mozdev.org f1615dd0f0 Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree
r=caillon sr=dveditz
2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu 113a48816f Comment-only fixes I forgot to make. Bug 240661. 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu dc27182f65 Expose the subject name for the cert and an nsISupports pointer to the cert on
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
timeless%mozdev.org 741e9f0d95 Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
bsmedberg%covad.net 6115ede7b5 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 2005-07-14 17:46:55 +00:00
brendan%mozilla.org ce97f202bd Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 2005-07-08 23:26:36 +00:00
timeless%mozdev.org 52a3cd7b1d Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com 5b1fc5f58e bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 2005-06-16 08:28:50 +00:00
jst%mozilla.jstenback.com 48772b9d27 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 2005-06-09 01:11:21 +00:00
timeless%mozdev.org 3ce206754c Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
dougt%meer.net 05339dd922 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org 4e57a19e15 Fix bug 293671. r=caillon sr=dveditz a=asa 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org 879c58672c Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 2005-05-12 18:20:07 +00:00
brendan%mozilla.org 77b38278e4 Fix comment from last night to match today's code. 2005-05-04 18:58:24 +00:00
brendan%mozilla.org ed1074859d Undo gist of last change for now, it breaks too much even though it's safer. 2005-05-04 16:19:31 +00:00
brendan%mozilla.org 403f448dbc Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu e975ac1396 Fix crashes when privilegeManager methods are called by setting our our param
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron
2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu 60512d7421 Do less addrefing of principals in the script security manager. Bug 289643,
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
brendan%mozilla.org dbac83a323 Revert kludge, want a general fix. 2005-04-07 19:48:57 +00:00
brendan%mozilla.org 57b68eabe5 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 2005-04-07 02:22:24 +00:00
timeless%mozdev.org 7d90dca46d Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong
r=dveditz sr=dveditz
2005-03-29 03:12:12 +00:00
bryner%brianryner.com a821ecc6cf Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl c2d3232365 bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net 4b68fa447a Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu 610d170988 Remove special-casing so non-chrome-principal pages, even with chrome: uris,
can have script disabled as needed.  Bug 280120, r=peterv, sr=neil
2005-02-22 21:18:31 +00:00
cbiesinger%web.de d630a9a4c1 Bug 269661 make libpref not depend on caps
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
jshin%mailaps.org 8b6abc1d30 bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu a62cb9f6fd Add about:license and about:licence and make about: link to them. Bug 256945,
r=gerv, sr=darin
2005-01-23 21:02:36 +00:00
bsmedberg%covad.net 7ccf6e4965 Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees. 2004-12-09 19:28:35 +00:00
timeless%mozdev.org fa557e3163 Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla
r=caillon sr=dveditz
2004-11-05 16:54:09 +00:00
timeless%mozdev.org 99c0e2558a Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator]
r=dveditz sr=jst
2004-11-05 15:25:04 +00:00
bzbarsky%mit.edu d004534edd Make it possible to disable checkloaduri on a per-site basis instead of
disabling it globally.  Bug 233108, r=caillon, sr=jst
2004-11-03 15:45:52 +00:00
jst%mozilla.jstenback.com 7b88bf8fee Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:53:35 +00:00
jst%mozilla.jstenback.com 760bc66b0b Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:34:58 +00:00
dveditz%cruzio.com f48be131d2 Improve enablePrivilege confirmation dialog text and presentation, sanity-check
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00
cbiesinger%web.de 7dac6939fd removing myself from DEBUG_CAPS_HACKER list 2004-07-10 19:38:28 +00:00