mstoltz%netscape.com
184058eaaf
Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda
2000-01-18 21:54:01 +00:00
norris%netscape.com
1fb1fa891f
Fix 18592 Fix example: XPCom components cannot be used under
...
r=mstoltz
2000-01-14 00:03:46 +00:00
norris%netscape.com
9a28438d51
Fix bug 16536.
...
r=mstoltz
2000-01-12 01:42:37 +00:00
norris%netscape.com
416a981c72
Get IRCChat working without compromising security.
...
Fix bugs 20261, 23518
r=rginda,mstoltz
2000-01-11 22:02:06 +00:00
jdunn%netscape.com
157f231d1d
Fix base class specifiers, since be default if they aren't specified it is Private
...
# 23237
r= warren@netscape.com , ftang@netscape.com , jband@netscape.com
2000-01-11 01:45:34 +00:00
norris%netscape.com
18d9ee89da
Fix
...
858 [Feature] JavaScript auto-disable per-domain RFE
13023 Users must be able to disable Java and JavaScript (for JS in mail)
21923 Executing functions in "chrome:" protocol - #2 .
r=mstoltz
(Checked in with red on Mac; Wan-Teh says his changes are localized so
it shouldn't interfere with his fixing bustage.)
2000-01-08 16:51:54 +00:00
norris%netscape.com
8343c4ead7
Fix 22909 previousSibling vulnerability
...
r=mstoltz
2000-01-06 00:59:18 +00:00
dougt%netscape.com
6f1083f877
Converting to use nsIModule macro. r=dp.
2000-01-03 22:59:05 +00:00
jband%netscape.com
7d0cb0f4bb
Landing big set of DOM and XPConnect changes:
...
DOM: getting rid of JS_GetContextPrivate wherever possible. Use static parent
links where we can. When we do need to find this info about the caller
we call a function that knows how to get that info rather than inline calls
to JS_GetContextPrivate. This is all required for calling DOM objects on
non-DOM JSContexts as we do via xpconnect.
XPConnect: basic refactoring work to disassociate wrappers from the JSContext
that was active when the wrapper was constructed. This allows for calling into
wrapped JS objects on the right JSContext and for proper grouping of wrapped
native objects so that they can share proto objects. This also allows for
better sharing of objects and lays the foundations for threadsafety and
interface flattening.
Also, xpconnect tests are reorganized and improved.
fixes bugs: 13419, 17736, 17746, 17952, 22086
r=vidur r=mccabe r=norris r=cbegle
a=chofmann
1999-12-18 20:29:29 +00:00
warren%netscape.com
26c830d785
Fix for leak/bloat stats going negative. a=jar
1999-12-10 04:27:52 +00:00
norris%netscape.com
2a948fa6c1
Fix crash seen by waterson.
...
r=waterson
1999-12-02 05:41:17 +00:00
norris%netscape.com
afb1f1e1e3
Fix
...
20257 unable to edit existing images in editor due to JS error
19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
1999-12-01 22:23:22 +00:00
buster%netscape.com
aa753bbcf7
bug 2253. added controller to html text input
...
r = kmcclusk, norris
1999-12-01 15:11:33 +00:00
norris%netscape.com
b62c04253e
Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes
...
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.
I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.
Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.
r=joki
There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.
r=jband
1999-11-25 05:28:18 +00:00
norris%netscape.com
1c4dac85f3
Modify generated dom code to use a enum rather than a string for codesize
...
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
norris%netscape.com
411aade911
* Fix 12124 [DOGFOOD] Reading user's preferences
...
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
norris%netscape.com
762bf296d0
Fix 18634 [CRASH] mozilla -installer crashes
...
r=sspitzer@netscape.com , a=sspitzer@netscape.com
1999-11-12 18:59:03 +00:00
norris%netscape.com
432a97d5d2
Fix bug 18640.
...
r=akhil.arora@sun.com
1999-11-12 04:33:17 +00:00
norris%netscape.com
dcbe376c1a
Restore original changes with bustage fixes.
1999-11-12 03:07:37 +00:00
norris%netscape.com
c5cefe5037
Remove call that the compilers can't figure out.
...
Appears that perhaps the IDL compiler isn't getting called on nsIPref.idl in time.
1999-11-11 23:25:59 +00:00
norris%netscape.com
a0c91af28c
Fix build bustage.
...
My build on Linux worked; don't understand why the Tinderbox build is different.
1999-11-11 23:07:14 +00:00
norris%netscape.com
12c81d1cc9
added files: mozilla/caps/src/nsBasePrincipal.cpp
1999-11-11 22:11:03 +00:00
norris%netscape.com
6ba76593b3
* Fix the following bugs by tightening the default security policy.
...
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com
* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org
8535dda53e
updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org
1999-11-06 03:43:54 +00:00
tbogard%aol.net
c9198a207c
Changed NS_ENSURE_NOT to NS_ENSURE_FALSE to reflect API change. r=hyatt
1999-11-01 21:43:56 +00:00
norris%netscape.com
f665b3c482
work on bug 7270.
...
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
warren%netscape.com
00dfd9d907
Added nsIChannel::GetOriginalURI so that we can get back to the original chrome file (bug#17144). r=rpotts,mscott
1999-10-26 09:16:24 +00:00
norris%netscape.com
14e0615db7
Use NS_GET_IID, remove dead code, clean up error conditions for XPConnect security calls.
...
r=jband
1999-10-25 22:22:16 +00:00
law%netscape.com
ce4a270d99
Fixes for bug #16789 ; permit OpenDialog to work on hidden window even if document load has not completed yet; r=norris@netscape.com, r=danm@netscape.com
1999-10-20 01:25:41 +00:00
norris%netscape.com
dbdfd70767
Remove references to unsupported JVM_ calls. Needed for bug 16577.
...
r=shaver
1999-10-19 21:45:29 +00:00
norris%netscape.com
04f396f3d6
Fix a Unix warning by removing an unused local variable
1999-10-14 23:49:36 +00:00
norris%netscape.com
34fd57f168
Work on 15824 bad refcounting in nsCodebasePrincipal
...
Attempt to discover problem with additional assertions
reviewed by mstoltz@netscape.com
1999-10-12 22:52:49 +00:00
norris%netscape.com
edbf131410
Fix part of 5403 Services improperly released: Use NS_WITH_SERVICE
...
reviewed by mstoltz@netscape.com
1999-10-12 22:51:54 +00:00
kipp%netscape.com
b0dcc883f8
Cleanup moz-decl-counter usage and fix NS_LOG_ADDREF usage
1999-10-08 20:41:19 +00:00
norris%netscape.com
7a6ad2b541
Fix 15618 [CRASH] JS assertion on table regression test
...
Reviewed by rogerl@netscape.com .
1999-10-06 21:12:21 +00:00
norris%netscape.com
9c950a3a20
Fix 15458 "onLoadHandler does not work"
...
Reviewed by mstoltz.
1999-10-05 04:08:14 +00:00
waterson%netscape.com
ce673a63e9
Bug 15367. Dump 'class' instead of 'file/line' for NS_LOG_REFCNT. r=shaver,dp
1999-10-05 00:07:54 +00:00
beard%netscape.com
b547c2ffb0
changed from directly using "MSL DropInRuntime.Lib" to using "NSComponentStartup.o" to enable GC leak detector. r=smfr
1999-10-03 20:46:23 +00:00
rjc%netscape.com
0019d9304b
Fix problem with nsSecurityManagerFactory conversion to be a nsIModule. Patch from peterl@netscape.com. Review: me.
1999-10-02 20:19:23 +00:00
rjc%netscape.com
4716f71efd
Temporarily turning off the changes to nsSecurityManagerFactory to make it a nsIModule due to problem at startup.
1999-10-02 19:24:05 +00:00
norris%netscape.com
3c14af2f14
Fix the following bugs:
...
14443 "Same origin" security policy may be circumvented using docu
14820 Fixing up the relationship between nsCodeBasePrincipal and n
14919 Crash in JS MM code
Reviewed by mstoltz, approved by scc.
1999-10-02 03:41:37 +00:00
rjc%netscape.com
dc46519283
Bug # 14034: Convert to nsIModule to prepare for memory leak fixing. Review: dp@netscape.com
1999-10-02 00:48:02 +00:00
sfraser%netscape.com
41e3079295
Bug 14877 -- lib/xp removal; removed unneeded files. r sdagley, a chofmann.
1999-09-26 00:41:31 +00:00
mscott%netscape.com
b29a765f15
Bug #14815 --> fix some ref counting problems between nsJSPrincipal and nsCodebasePrincipal. nsCodeBasePrinciapl
...
was always getting leaked. And since it held onto the document's nsIURI, our uri's were getting leaked to.
r=brendan,a=chofmann.
1999-09-24 06:18:55 +00:00
norris%netscape.com
d1e37156bd
Add ability to disable JS. Fix 13978 shopping at webvan.com crashes
1999-09-17 20:13:52 +00:00
norris%netscape.com
bf28666910
Remove nsPrincipalManager.h
1999-09-15 21:30:10 +00:00
norris%netscape.com
ae296a06da
Add security support for javascript: uris.
1999-09-15 20:58:41 +00:00
norris%netscape.com
1dec7e80f7
Create preferences for security checks.
...
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
1999-09-15 04:05:43 +00:00
norris%netscape.com
e6ff44e253
Fix arielb warnings.
1999-09-13 23:23:54 +00:00
norris%netscape.com
003099e93a
Remove unused files.
1999-09-13 20:10:24 +00:00
briano%netscape.com
1d0cf70fcc
General cleanup.
1999-09-10 08:53:30 +00:00
norris%netscape.com
405714abb2
Makefile.in: remove unused file
...
nsScriptSecurityManager.cpp: Fix CheckURI problems (but still disabled)
nsSecurityManagerFactory.cpp: Make registration string match convention
1999-09-09 13:47:16 +00:00
alecf%netscape.com
b59a9de48a
caps doesn't need libxp anymore
1999-09-09 06:29:32 +00:00
don%netscape.com
606b7205e2
Temporarily disabled CheckURI so the Manage Bookmarks dialog and other windows work again. Norris will fix the window.open problem later.
1999-09-08 04:25:14 +00:00
norris%netscape.com
523b1f94b1
disable XPConnect security check, perhaps related to test failure. Getting reports of failures on Mac at least.
1999-09-07 22:29:56 +00:00
norris%netscape.com
328b2bad86
Fix build breakage: full #include needed.
1999-09-07 21:26:56 +00:00
norris%netscape.com
d5c6824781
Fix bug 13253.
...
Enable restrictions on use of Components array from web JavaScript.
1999-09-07 20:40:20 +00:00
norris%netscape.com
72e3153d3a
* Add checks on urls formed from web scripts
...
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
1999-09-07 02:54:19 +00:00
shaver%netscape.com
155cff4164
quell assignment-as-boolean warning
1999-09-05 05:28:28 +00:00
bruce%cybersight.com
b0fd5297f5
Use nsAllocator not new[] for char* data.
1999-09-03 14:15:03 +00:00
briano%netscape.com
85a18579d5
Cleaned it up and eliminated the pointless #!gmake.
1999-09-01 23:27:16 +00:00
norris%netscape.com
fc9f5c90d0
added files: mozilla/caps/idl/nsICodebasePrincipal.idl, mozilla/caps/idl/nsICertificatePrincipal.idl, removed files: mozilla/caps/idl/nsIPrivilege.idl, mozilla/caps/idl/nsICapsSecurityCallbacks.idl, mozilla/caps/idl/nsITarget.idl, mozilla/caps/idl/nsICapsManager.idl, mozilla/caps/idl/nsIPrincipalArray.idl, mozilla/caps/idl/nsIPrincipalManager.idl, mozilla/caps/idl/nsIPrivilegeManager.idl
1999-09-01 02:03:02 +00:00
kipp%netscape.com
55f8f2713b
Make it build on unix
1999-09-01 01:50:01 +00:00
norris%netscape.com
fa389e8dfb
nsIPrincipalManager.idl removed.
1999-09-01 01:34:11 +00:00
norris%netscape.com
ca572b0f93
added files: mozilla/caps/src/nsSystemPrincipal.cpp
1999-09-01 00:58:46 +00:00
norris%netscape.com
5b191b2094
removed files: mozilla/caps/src/jpermission.c, mozilla/caps/src/nsPrivilege.cpp, mozilla/caps/src/nsPrivilegeManager.cpp, mozilla/caps/src/nsPrivilegeTable.cpp, mozilla/caps/src/nsSystemPrivilegeTable.cpp, mozilla/caps/src/nsTarget.cpp, mozilla/caps/src/nsUserDialogHelper.cpp, mozilla/caps/src/nsUserTarget.cpp, mozilla/caps/src/nsCaps.cpp, mozilla/caps/src/admin.cpp, mozilla/caps/src/nsCCapsManager.cpp, mozilla/caps/src/nsPrincipalArray.cpp, mozilla/caps/src/nsPrincipalManager.cpp
1999-09-01 00:56:22 +00:00
norris%netscape.com
bff57397e0
Add all-powerful system principals. Remove some dead code from the build.
1999-09-01 00:54:35 +00:00
cyeh%netscape.com
cc2825cbe0
Remove IGNORE_MANIFEST=1. It doesn't do anything and it confuses people.
1999-09-01 00:54:34 +00:00
joki%netscape.com
6397eaf9f8
Adding new flag to the security check calls out of the DOM generated JS files.
1999-08-31 14:23:54 +00:00
norris%netscape.com
59b4dc8374
* clean up nsScriptSecurityManager
...
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
1999-08-29 21:58:42 +00:00
beard%netscape.com
b6fd062715
Removed a potentially dangerous cast.
1999-08-28 03:00:19 +00:00
beard%netscape.com
28bcad085f
wasn't calling __intialize/__terminate.
1999-08-28 02:58:35 +00:00
gagan%netscape.com
fea227b04e
Fixed some memory leaks showing up on bruce's log-
...
http://www.cybersight.com/~bruce/apprunner.mongo.19990827.log .
1999-08-27 08:36:49 +00:00
alecf%netscape.com
9b27246d09
remove libcaps dependancy on libxp by using PL/PR routines instead of XP_*
1999-08-27 04:09:41 +00:00
mccabe%netscape.com
9e85f164be
Spam caps subtree to replace declarations of IDL-defined interface methods in implementation classes with xpidl-generated NS_DECL_NSIFOO macro.
1999-08-21 20:22:27 +00:00
ramiro%netscape.com
b8c008dcae
Ignore generated files.
1999-08-21 12:14:23 +00:00
arielb%netscape.com
544724b98c
this should be it, sorry, again
1999-08-20 11:44:52 +00:00
arielb%netscape.com
70cbb3e0ac
this should be it, sorry
1999-08-20 10:59:55 +00:00
arielb%netscape.com
334df70664
this may do it, reset the project paths, if anyone has any other ideas why this is breaking, please let me know
1999-08-20 10:39:12 +00:00
arielb%netscape.com
e407bfc13f
i may have screwed up adding the files through camelot, this should be more thorough
1999-08-20 09:57:40 +00:00
arielb%netscape.com
f74bb334dc
added files: mozilla/caps/src/nsJSPrincipals.cpp, mozilla/caps/src/nsScriptSecurityManager.cpp
1999-08-20 09:53:15 +00:00
arielb%netscape.com
bb8560101c
includes updates to codbase matching security checks currently turned off
...
but in place. redefined the script security manager in caps and it is
now generating codebase principals.
1999-08-20 09:51:02 +00:00
arielb%netscape.com
cd820a476d
added JavaScript shlbs to target paths
1999-08-20 09:44:41 +00:00
sspitzer%netscape.com
5c7482549a
ignore generated Makefile
1999-08-10 05:16:39 +00:00
arielb%netscape.com
3ab0ae3afa
adding functionality to security
1999-08-08 22:29:02 +00:00
arielb%netscape.com
96773aef1f
removing public directory for good. fixed up nsPrivilegeManager.cpp
1999-08-08 21:04:16 +00:00
arielb%netscape.com
0d5e5e4339
removed files: mozilla/caps/src/nsZip.c, mozilla/caps/src/nsZig.cpp, mozilla/caps/src/nsLoadZig.c
1999-08-07 21:42:47 +00:00
arielb%netscape.com
01b28e843b
removed zip support from caps module. from now on all that stuff will
...
be used by libjar. should also remove a lot of memory leaks reported on
nsZip
1999-08-07 21:40:33 +00:00
arielb%netscape.com
e2e5785276
Fix to bug 11330 and some changes to reduce warnings in linux builds
1999-08-07 19:59:31 +00:00
briano%netscape.com
e132c75d55
Fixed the missing EOF newline problem.
1999-08-07 03:01:30 +00:00
sspitzer%netscape.com
0365167f0c
fix the port bustages. use ZLIB_LIBS and not -lz. r=briano.
1999-08-07 02:15:37 +00:00
sspitzer%netscape.com
9130daafe7
fix for run time bustage. r=briano
1999-08-07 00:10:14 +00:00
arielb%netscape.com
24c8dc0062
added files: mozilla/caps/src/nsSecurityManagerFactory.cpp
1999-08-06 22:56:57 +00:00
norris%netscape.com
6920a585cc
didn't go through on windows, this is arielb's checkin
1999-08-06 22:50:11 +00:00
arielb%netscape.com
9b8f77f338
added a new and improved factory to caps module. fixed some bugs and
...
cleared some warnings. also move some methods of privilege manager to
principal manager.
1999-08-06 22:44:35 +00:00
sspitzer%netscape.com
cbcb2ce098
fix warnings
1999-08-05 19:47:10 +00:00
briano%netscape.com
7ab9b39f6c
Added a newline to the EOF to fix the Unix native compiler builds.
1999-08-02 06:40:28 +00:00
briano%netscape.com
08c7c3d576
Cleaned it up.
1999-08-02 06:40:06 +00:00
briano%netscape.com
3286f173f3
Added a newline to the EOF to fix the Unix native compiler builds.
1999-08-02 06:33:08 +00:00
jband%netscape.com
be789f7ed0
fixing runtime crash for arielb - was shadowing a member with a local in the ctor
1999-08-02 01:44:18 +00:00