Граф коммитов

852 Коммитов

Автор SHA1 Сообщение Дата
Ben Turner 7ce8e92dd3 Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst. 2008-09-05 16:26:04 -07:00
Ben Turner 1769bcd5cb Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap. 2008-09-04 15:52:20 -07:00
Jason Orendorff 1d1eeba8b2 Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst) 2008-08-30 18:58:36 -05:00
Shawn Wilsher 89e7a45e7a Bug 452486 - Create components when we actually have a profile
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas bfba5f3a4f Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-27 18:15:32 -07:00
Shawn Wilsher da4a22bc6f Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp a66645593d Backed out changeset 1e3d4775197a (bug 442812) 2008-08-19 22:52:05 -07:00
Honza Bambas 8bcb74a0dc Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-19 19:31:08 -07:00
Boris Zbarsky 29358ba272 Bug 434522 follow-up bustage fix. 2008-07-28 23:37:58 -07:00
Boris Zbarsky e4b0ef9232 Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking 2008-07-28 23:10:05 -07:00
Boris Zbarsky f240a67b8b Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst 2008-07-28 23:03:19 -07:00
jonas@sicking.cc bb2529b51f Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com 248bcdd278 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 01:50:51 -07:00
dveditz@cruzio.com 447fc8ce13 tests for bug 292789 -- forgot during checkin 2008-04-12 17:55:45 -07:00
dveditz@cruzio.com 36727be489 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 14:26:19 -07:00
jonas@sicking.cc b245f0fae8 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
igor@mir2.org e52789403a [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 03:34:29 -07:00
igor@mir2.org a76bfc82c0 [bug 424376] backing out - too much compatibility problems. 2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu 65811eb5e4 Fix bug 421228. r+sr=sicking 2008-03-27 20:46:15 -07:00
igor@mir2.org 07f1893244 bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API. 2008-03-23 03:16:40 -07:00
jst@mozilla.org f70c22ca8a Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 09:50:47 -07:00
igor@mir2.org 01d0387418 bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject 2008-03-21 01:19:23 -07:00
jst@mozilla.org 6d3a0d05b3 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-20 23:01:55 -07:00
jst@mozilla.org 739205fc4a Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-20 21:39:08 -07:00
shaver@mozilla.org 4a1af49d46 Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor. 2008-03-20 01:19:15 -07:00
shaver@mozilla.org 1c8789bdbf Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 15:14:51 -07:00
shaver@mozilla.org 16f84858f6 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave. 2008-03-19 14:26:09 -07:00
jonas@sicking.cc 585b681349 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu df31fc12aa Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com 43c5ec54b7 Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 07:10:48 -07:00
timeless@mozdev.org 696c60aeae Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver 2008-03-11 10:30:23 -07:00
reed@reedloden.com 03bd4aa789 Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc 498741eb4c Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org ce1fde4562 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc f3eb926449 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi ef5fceaa12 Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 04:40:18 -08:00
reed@reedloden.com de0fd36632 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 00:59:20 -08:00
jonas@sicking.cc 641b42bbcf Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 00:16:54 -08:00
jst@mozilla.org 73b6de93fa Fixing bustage. 2008-01-29 13:11:24 -08:00
jst@mozilla.org b8a6474030 Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
jst@mozilla.org 0a1e95b8b6 Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 09:51:38 -08:00
jst@mozilla.org dd9c7f529c Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us a31eb73709 Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
dwitte@stanford.edu ae0034832c thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 20:30:42 -08:00
dwitte@stanford.edu 6ba4acd13f partial backout in an attempt to fix orange. 2008-01-11 02:08:58 -08:00
dwitte@stanford.edu 18cd35ef9d relanding bug 410250. 2008-01-11 01:13:04 -08:00
dwitte@stanford.edu d1d1599403 backing out to fix orange. 2008-01-10 20:59:44 -08:00
dwitte@stanford.edu 3aff67fa2b thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-10 19:56:00 -08:00
timeless@mozdev.org 6558516560 Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep 2008-01-06 06:53:24 -08:00
mrbkap@gmail.com b46234fd91 Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-04 17:32:23 -08:00
jst@mozilla.org 6d7a04555f Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
mrbkap@gmail.com cb4075c49b XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 11:06:29 -08:00
jst@mozilla.org 69192344bd Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
philringnalda@gmail.com 59d7e63624 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-12 19:23:17 -08:00
tglek@mozilla.com 8a32454ea9 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 13:47:11 -08:00
jonas@sicking.cc ebee2dc0d9 bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu a892964caa Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore 2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu 926abc513f Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst 2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu 1512235b94 Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst 2007-09-17 15:18:28 -07:00
dveditz@cruzio.com 482ae113d1 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com c454f7fbdc Bug 304048 - Backing out patch due to TXUL regression. 2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com 6388381ea1 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu 6159525ebc Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com 74c867f860 Bustage fix 2007-07-11 14:20:11 -07:00
jwalden@mit.edu 12e960c504 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu 2bbf042698 Make security manager API more useful from script. Make more things
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu 7c3bde0a77 Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu 0466d5d890 Make nsPrincipal::Equals compare codebases, not just certs, for certificate
principals.  Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us 0ab7558e7b Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 07:21:53 -07:00
dbaron@dbaron.org cb52af13a3 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
dbaron@dbaron.org 4d961c5c49 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
roc+@cs.cmu.edu 0054412272 Bug 374866. Reftests for text-transform. r=dbaron 2007-03-22 16:01:14 -07:00
jonas%sicking.cc d7ad434701 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 17:35:57 +00:00
gavin%gavinsharp.com b5be6c4f09 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 08:50:51 +00:00
dveditz%cruzio.com afee2a207a tests for bug 292789 -- forgot during checkin 2008-04-13 00:55:45 +00:00
dveditz%cruzio.com c7990fae19 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 21:26:19 +00:00
jonas%sicking.cc 2ec9134081 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-09 00:38:13 +00:00
igor%mir2.org acca7a06be [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 10:34:31 +00:00
igor%mir2.org b7c7e118a6 [bug 424376] backing out - too much compatibility problems. 2008-03-28 22:27:37 +00:00
bzbarsky%mit.edu 8f0b2235c2 Fix bug 421228. r+sr=sicking 2008-03-28 03:46:15 +00:00
igor%mir2.org c819df158f bug=424376 r=brendan a1.9b5=beltzner
Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 10:16:40 +00:00
jst%mozilla.org 8b559ed068 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 16:50:49 +00:00
igor%mir2.org 5ab7e29428 bug=423874 r=brendan a1.9b5=dsicore
Allocating native functions together with JSObject
2008-03-21 08:19:27 +00:00
jst%mozilla.org f2a32b3bb6 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-21 06:01:55 +00:00
jst%mozilla.org 7e76d85044 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-21 04:39:10 +00:00
shaver%mozilla.org 286f2705e5 Bug 246699: report better errors (with stacks) for security denials.
r+sr=jst, a=mconnor.
2008-03-20 08:19:15 +00:00
shaver%mozilla.org 6a50922c3f Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 22:14:52 +00:00
shaver%mozilla.org 8268261420 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for
incoming mochitests.  Also so that the tests listed in securetest.list will
not mock me from beyond the NSCP grave.
2008-03-19 21:26:09 +00:00
jonas%sicking.cc 1d6dc158f9 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu e5ba2cdf44 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 21:14:50 +00:00
gavin%gavinsharp.com f0a5a9b99c Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 14:10:48 +00:00
timeless%mozdev.org 59f4bc43b1 Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string)
r=shaver a=shaver
2008-03-11 17:30:23 +00:00
reed%reedloden.com 20f1ca3d1d Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schr��der [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 11:20:21 +00:00
jonas%sicking.cc 06f693a2bb Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-27 03:45:32 +00:00
myk%mozilla.org dd8660867d backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-27 03:23:38 +00:00
jonas%sicking.cc 44be249fb2 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-27 02:17:52 +00:00
Olli.Pettay%helsinki.fi c1e558bc24 Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 12:40:21 +00:00
reed%reedloden.com 094bb39a01 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 08:59:21 +00:00
jonas%sicking.cc 98d1136fea Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 08:17:47 +00:00
jst%mozilla.org aa1e2da76a Fixing bustage. 2008-01-29 21:11:24 +00:00
jst%mozilla.org 87ad6994c9 Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 20:51:01 +00:00
jst%mozilla.org 8e6543da9a Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 17:51:38 +00:00
jst%mozilla.org 660fe310b9 Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-17 00:32:26 +00:00
benjamin%smedbergs.us c6b0868a4c Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 15:51:02 +00:00
dwitte%stanford.edu 2706db7178 thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-12 04:30:44 +00:00
dwitte%stanford.edu b5bc025224 partial backout in an attempt to fix orange. 2008-01-11 10:09:00 +00:00
dwitte%stanford.edu bec597575a relanding bug 410250. 2008-01-11 09:13:06 +00:00
dwitte%stanford.edu 7da61a1630 backing out to fix orange. 2008-01-11 04:59:46 +00:00
dwitte%stanford.edu 3ed045961f thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 03:56:02 +00:00
timeless%mozdev.org bf7ff19b8e Bug 334306 useless null check in nsDestroyJSPrincipals
r=dbaron sr=dveditz a=mtschrep
2008-01-06 14:53:24 +00:00
mrbkap%gmail.com 6ad5c57e2d Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-05 01:32:23 +00:00
jst%mozilla.org 7b4a352e60 Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 23:59:12 +00:00
mrbkap%gmail.com 64fe3e4fbc XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 19:06:29 +00:00
jst%mozilla.org d05eccb938 Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 23:02:26 +00:00
philringnalda%gmail.com 603e902e26 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-13 03:23:17 +00:00
tglek%mozilla.com 1962a93e82 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 21:47:11 +00:00
jonas%sicking.cc fbb4b149f7 bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu 71b276e4b9 Make the "href" property of stylesheets reflect the original URI that was
reflected to load the sheet.  Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 21:56:43 +00:00
bzbarsky%mit.edu 14cbe66990 Somewhat reduce the amount of memory an nsPrincipal allocates in the common
case.  Bug 397733, r+sr+a=jst
2007-09-28 14:31:04 +00:00
bzbarsky%mit.edu db86f814d9 Make the nsISerializable implementation of nsPrincipal actually work. This
makes it possible to save principal objects to a stream and read them back.
Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 22:18:28 +00:00
dveditz%cruzio.com ded345250e bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 07:02:57 +00:00
bent.mozilla%gmail.com 26316ec800 Bug 304048 - Backing out patch due to TXUL regression. 2007-08-31 00:52:59 +00:00
bent.mozilla%gmail.com a913a959d2 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-29 00:16:21 +00:00
bzbarsky%mit.edu 8b5be0ee10 Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-07 02:09:16 +00:00
sdwilsh%shawnwilsher.com e3db1cf1a7 Bustage fix 2007-07-11 21:20:11 +00:00
jwalden%mit.edu ef68fcf595 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 07:08:56 +00:00
bzbarsky%mit.edu 00f9002d32 Make security manager API more useful from script. Make more things
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
2007-06-18 15:12:09 +00:00
bzbarsky%mit.edu 31b141921a Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 15:07:02 +00:00
bzbarsky%mit.edu 0cbe0fa718 Make nsPrincipal::Equals compare codebases, not just certs, for certificate
principals.  Bug 369201, r=dveditz, sr=jst
2007-06-18 15:01:53 +00:00
benjamin%smedbergs.us 3fb4912f5d Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 14:22:04 +00:00
dbaron%dbaron.org d2a7c1e86a Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 15:35:02 +00:00
dbaron%dbaron.org a32fb9b241 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 15:33:45 +00:00
bzbarsky%mit.edu 4ebb372bf8 When getting codebase principals, install the passed-in codebase on them even
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu ec7b93b809 Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz 2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu 81cfa9db1e Make the redirect check get principals the same way we get them elsewhere.
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com 6599170933 Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz 2006-11-22 17:22:40 +00:00
sayrer%gmail.com abe0665f38 Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz 2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu 5abb54c90b Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu 142a417a31 Make it possible for protocol handlers to configure how CheckLoadURI should
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de c7c2f947bb Bug 351876 Move nsICryptoHash into necko
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu e2524af589 Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
pkasting%google.com 943d93f1e8 Bug 337223: Don't expose moz-anno protocol to web pages.
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu e4c80b6420 Remove special-casing of about:blank for security purposes; give about:blank
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
dveditz%cruzio.com 2c27f29b83 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking 2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu 714b309562 Fiox the special-casing for about:blank to deal with it now being
moz-safe-about:blank as far as the security manager is concerned.  Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu 6c8d302694 Allow about: modules to just set a flag to force script execution to be allowed
for particular about: URIs, instead of hardcoding checks in the security
manager.  Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu d5968aa228 Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin 2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu 66d9ce92e5 Save the principal in the session history entry so that reloading a data: URL
will do the right thing.  Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs).  Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu 64681af28a Move the safe vs unsafe about: distinction out of the security manager and into
nsIAboutModule implementations.  Bug 337746, r=dveditz, sr=darin
2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au d5ad1dc2b9 Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan. 2006-06-13 03:07:47 +00:00