mstoltz%netscape.com
0b9feb28b2
DOM properties default to same origin access only. Bug 28443. r=rginda
2000-07-05 19:08:20 +00:00
vidur%netscape.com
b22731f07d
Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur
2000-06-23 14:32:38 +00:00
mstoltz%netscape.com
5e94ace8c8
Allow scripting of plugins by untrusted web scripts. Bug 36375.
2000-05-17 02:38:22 +00:00
mstoltz%netscape.com
3ec39eeed8
Removing archive attribute from nsCertificatePrincipal. This will not be used.
2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
ecc9b44676
Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack.
2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
2483630a16
Added archive attribute to nsICertificatePrincipal...part of fix for 37481.
2000-05-01 23:39:51 +00:00
mstoltz%netscape.com
4794c651b5
Fixes for 27010, 32878, and 32948.
2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
200b920525
Backing out changes until I can figure out why it's crashing on startup.
2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
9ac7780368
Fixes for bugs 27010, 32878, 32948.
2000-04-23 20:30:29 +00:00
norris%netscape.com
a3caa18f07
Fix
...
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com
9ec188bd3a
# 34082
...
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
2000-04-05 02:32:07 +00:00
mstoltz%netscape.com
72ad6e26bf
Fixed bug 30915 using nsAggregatePrincipal. r=norris
2000-03-31 00:31:18 +00:00
norris%netscape.com
1d3c4cb5e3
Fix 31998 nsScriptSecurityManager not thread safe breaks table regress
2000-03-21 23:12:16 +00:00
norris%netscape.com
c19429e137
Adding nsAggregatePrincipal support. r=norris
2000-03-21 04:05:35 +00:00
norris%netscape.com
80d944693e
Fix 25062 Reload vulnerability
...
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
norris%netscape.com
131271ae68
Fix bug #25864 watch() vulnerability
...
r=vidur,rogerl
2000-02-02 00:22:58 +00:00
norris%netscape.com
e753eaa792
Files:
...
caps/include/nsScriptSecurityManager.h
caps/src/nsScriptSecurityManager.cpp
modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson
Files:
dom/src/base/nsGlobalWindow.cpp
layout/base/src/nsDocument.cpp
layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.
Files:
dom/src/jsurl/nsJSProtocolHandler.cpp
webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth
Files:
layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
2000-01-23 04:23:14 +00:00
waterson%netscape.com
05e45b0f16
Fix build bustage.
2000-01-18 22:35:27 +00:00
mstoltz%netscape.com
184058eaaf
Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda
2000-01-18 21:54:01 +00:00
jdunn%netscape.com
157f231d1d
Fix base class specifiers, since be default if they aren't specified it is Private
...
# 23237
r= warren@netscape.com , ftang@netscape.com , jband@netscape.com
2000-01-11 01:45:34 +00:00
norris%netscape.com
18d9ee89da
Fix
...
858 [Feature] JavaScript auto-disable per-domain RFE
13023 Users must be able to disable Java and JavaScript (for JS in mail)
21923 Executing functions in "chrome:" protocol - #2 .
r=mstoltz
(Checked in with red on Mac; Wan-Teh says his changes are localized so
it shouldn't interfere with his fixing bustage.)
2000-01-08 16:51:54 +00:00
norris%netscape.com
8343c4ead7
Fix 22909 previousSibling vulnerability
...
r=mstoltz
2000-01-06 00:59:18 +00:00
warren%netscape.com
26c830d785
Fix for leak/bloat stats going negative. a=jar
1999-12-10 04:27:52 +00:00
norris%netscape.com
b62c04253e
Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes
...
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.
I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.
Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.
r=joki
There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.
r=jband
1999-11-25 05:28:18 +00:00
norris%netscape.com
1c4dac85f3
Modify generated dom code to use a enum rather than a string for codesize
...
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
norris%netscape.com
411aade911
* Fix 12124 [DOGFOOD] Reading user's preferences
...
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
norris%netscape.com
6ba76593b3
* Fix the following bugs by tightening the default security policy.
...
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com
* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org
8535dda53e
updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org
1999-11-06 03:43:54 +00:00
norris%netscape.com
f665b3c482
work on bug 7270.
...
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
norris%netscape.com
d1e37156bd
Add ability to disable JS. Fix 13978 shopping at webvan.com crashes
1999-09-17 20:13:52 +00:00
norris%netscape.com
bf28666910
Remove nsPrincipalManager.h
1999-09-15 21:30:10 +00:00
norris%netscape.com
ae296a06da
Add security support for javascript: uris.
1999-09-15 20:58:41 +00:00
norris%netscape.com
1dec7e80f7
Create preferences for security checks.
...
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
1999-09-15 04:05:43 +00:00
norris%netscape.com
003099e93a
Remove unused files.
1999-09-13 20:10:24 +00:00
norris%netscape.com
72e3153d3a
* Add checks on urls formed from web scripts
...
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
1999-09-07 02:54:19 +00:00
briano%netscape.com
85a18579d5
Cleaned it up and eliminated the pointless #!gmake.
1999-09-01 23:27:16 +00:00
norris%netscape.com
bff57397e0
Add all-powerful system principals. Remove some dead code from the build.
1999-09-01 00:54:35 +00:00
cyeh%netscape.com
cc2825cbe0
Remove IGNORE_MANIFEST=1. It doesn't do anything and it confuses people.
1999-09-01 00:54:34 +00:00
norris%netscape.com
59b4dc8374
* clean up nsScriptSecurityManager
...
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
1999-08-29 21:58:42 +00:00
mccabe%netscape.com
9e85f164be
Spam caps subtree to replace declarations of IDL-defined interface methods in implementation classes with xpidl-generated NS_DECL_NSIFOO macro.
1999-08-21 20:22:27 +00:00
arielb%netscape.com
bb8560101c
includes updates to codbase matching security checks currently turned off
...
but in place. redefined the script security manager in caps and it is
now generating codebase principals.
1999-08-20 09:51:02 +00:00
arielb%netscape.com
01b28e843b
removed zip support from caps module. from now on all that stuff will
...
be used by libjar. should also remove a lot of memory leaks reported on
nsZip
1999-08-07 21:40:33 +00:00
arielb%netscape.com
e2e5785276
Fix to bug 11330 and some changes to reduce warnings in linux builds
1999-08-07 19:59:31 +00:00
arielb%netscape.com
9b8f77f338
added a new and improved factory to caps module. fixed some bugs and
...
cleared some warnings. also move some methods of privilege manager to
principal manager.
1999-08-06 22:44:35 +00:00
sspitzer%netscape.com
cbcb2ce098
fix warnings
1999-08-05 19:47:10 +00:00
briano%netscape.com
3286f173f3
Added a newline to the EOF to fix the Unix native compiler builds.
1999-08-02 06:33:08 +00:00
arielb%netscape.com
89e7fef930
add a principal manager to caps api. everything is now xpidled so
...
i removed the public directory from the module.
1999-08-01 21:26:02 +00:00
arielb%netscape.com
944fa42b7b
xpidling and updating nsTarget object. should resolve build errors on
...
SeaMonkey Ports
1999-07-28 05:43:26 +00:00
arielb%netscape.com
561d1d2996
removed some enums and migrated them into nsPrivilege, nsIPrivilege and
...
nsPrivilegemanager. cleaning up some old code from the security module
and refining their api's and such like.
1999-07-27 00:50:59 +00:00
briano%netscape.com
2fec9de4ed
Some compilers also object to #endif's with any non-comment tokens after them. Fixed.
1999-07-26 21:08:51 +00:00
briano%netscape.com
361587c4e9
Added a newline to the end of the file to fix the native-compiler Unix builds (HP-UX, Solaris, etc.).
1999-07-26 21:06:59 +00:00
arielb%netscape.com
81a2551c31
i think i may have broken linux build with a tab at the end of a line in
...
the makefile, hope this was all for the bustage.
1999-07-24 04:18:22 +00:00
arielb%netscape.com
76ffc06aa5
Fix to the caps security module. I removed the nsPrincipal struct, from now
...
on you can access principals by their xpcomed interface nsIPrincipal.
1999-07-24 03:58:23 +00:00
arielb%netscape.com
640c0ce3e6
idled principals interfaces and some fixes to caps manager...
1999-07-16 20:31:18 +00:00
norris%netscape.com
7562aefe4a
Move several security files into idl. (Create idl directory in caps module.)
...
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
1999-07-15 23:23:16 +00:00
norris%netscape.com
fc9729ccd2
Tom Pixley's code for the beginnings of DOM security, with a fix for the previous Mac link failure.
1999-07-07 07:50:03 +00:00
joki%netscape.com
cc8b77b488
Backing out js security changes.
1999-07-01 13:03:35 +00:00
joki%netscape.com
5056a89212
New JavaScript/DOM security stuff.
1999-07-01 10:38:26 +00:00
raman%netscape.com
c7011c1b2f
Checking in changes from Bob Glickstein
1998-12-15 05:53:19 +00:00
ramiro%netscape.com
2009b728de
Add cvsignore entries for makefiles generated bu autoconf.
1998-12-05 09:07:33 +00:00
ramiro%netscape.com
8bd5dd0541
Remove extraneous Makefile files.
1998-12-05 08:19:05 +00:00
raman%netscape.com
ab444bb83e
Deleted unnecessary nsCCapsManager:: from the prototype
1998-12-01 03:00:42 +00:00
raman%netscape.com
80d1745e65
XP_COM interfaces for JS calls into CAPS
1998-11-23 00:27:00 +00:00
raman%netscape.com
fde72259c5
Changes to make caps into a DLL. Defined all strings in this file until there is a replacement for allxpstr.h
1998-11-19 05:22:28 +00:00
raman%netscape.com
69d8e9a511
Bug fixes from MozillaClassic branch, plus changes to build caps without rdf
1998-11-16 21:57:13 +00:00
raman%netscape.com
5d9a597cf9
Bug fixes to make caps stuff work with jvm's codesource principals
1998-10-28 03:31:17 +00:00
raman%netscape.com
0cf948734b
Fix to make it compile on HP-UX. Define an else clause in the if statement of an inline function. Thanks briano
1998-10-19 18:25:01 +00:00
raman%netscape.com
cc529ee5bb
Added verification certifcates that are created via nsICapsManager. This could be used by JVM plugins.
1998-10-15 20:56:34 +00:00
raman%netscape.com
dcfbea280e
Backing out my previous check-in. I was told my changes built ok on Mac, But I wasn't given complete information. Sorry for trouble.
1998-10-14 05:01:12 +00:00
raman%netscape.com
d5c003d64c
Support for nsICertPrincipal. We do the certificate verification of certificates passed by JavaSoft
1998-10-14 02:52:40 +00:00
racham%netscape.com
9a805415fe
Adding -reg_mode flag related APIs
1998-10-06 21:00:36 +00:00
racham%netscape.com
d5efab82ca
Adding filecode base check routine
1998-10-06 20:59:47 +00:00
raman%netscape.com
756b39af09
Reenabled the code that fixes the memory leaks during startup. I have compiled these changes on windows, solaris, linux. Lasttime I checked in, Mac compiled ok.
1998-09-30 18:06:19 +00:00
raman%netscape.com
e7586b9206
Backing my last checkin
1998-09-27 03:15:11 +00:00
raman%netscape.com
4f6382ec1d
Fixed the memory leaks during startup
1998-09-27 01:22:41 +00:00
sudu%netscape.com
81fdba8f73
Bring autoconf build up to date with non-autoconf build
1998-09-21 19:25:58 +00:00
blizzard%appliedtheory.com
e746712aa5
Bring autoconf build up to date with non-autoconf build
1998-09-19 22:28:51 +00:00
raman%netscape.com
becfe3ea1b
Added CertChain Principal support for Javasoft. Added calls for AskPermission and SetPermission
1998-09-19 00:06:44 +00:00
beard%netscape.com
9222ac3da4
09171998 LiveConnect Carpool
1998-09-17 19:20:20 +00:00
sudu%netscape.com
f763362f61
Added nsCCodeSourcePrinicipal.h to export line
1998-09-17 18:49:51 +00:00
sudu%netscape.com
698927b672
New xpcom caps manager apis
1998-09-17 18:12:32 +00:00
raman%netscape.com
6ad633d515
Added AskPermission and SetPermission API calls for OJI. Added the CertChain Principal support for JavaSoft.
1998-09-16 18:39:48 +00:00
raman%netscape.com
8a741a872b
Added getSigners API for SmartUpate
1998-09-02 19:10:57 +00:00
cls%seawood.org
9c74df02ff
Updates to autoconf files.
1998-08-26 04:04:57 +00:00
cls%seawood.org
90d0af1408
AUTOCONF_1_0 landing.
1998-08-19 20:42:14 +00:00
norris%netscape.com
1f109cdc86
Add routine to initialize capabilities code.
...
Code was actually written by raman.
1998-08-06 19:41:12 +00:00
raman%netscape.com
cc3e629384
Adde context as argument to all caps public methods that could be used by JS
1998-08-04 23:54:29 +00:00
warren%netscape.com
207bbebb65
Landing changes in the OJI_19980727_BRANCH since the OJI_19980727_TIP_MERGE tag.
1998-07-31 20:19:50 +00:00
warren%netscape.com
a0c375aaa0
Committed from OJI_19980618_TIP_MERGE1.
1998-07-28 02:07:25 +00:00
raman
94e684ce65
This is not part of any build system. caps is part of OJI effort. It will be used by JavaScript in future. Approved by warren/jar/jsw.
1998-07-10 21:12:19 +00:00
raman
df979b957a
This is not part of any build system. caps is part of OJI effort. It will be used by JavaScript in future
1998-07-10 03:19:59 +00:00