858 [Feature] JavaScript auto-disable per-domain RFE
13023 Users must be able to disable Java and JavaScript (for JS in mail)
21923 Executing functions in "chrome:" protocol - #2.
r=mstoltz
(Checked in with red on Mac; Wan-Teh says his changes are localized so
it shouldn't interfere with his fixing bustage.)
- Add "aShared" flag to nsIScriptContext::CompileEventHandler, telling it to clear the compiled event handler's scope chain if true, in order to
(a) avoid entraining garbage
(i.e., a shared compile-time-only parent object); and
(b) cause later BindCompiledEventHandler calls to ensure that the event handler has the particular scope chain needed for the binding
(to the target object that's receiving the event).
- Use :: consistently (and all over the place) before calls to JS_ functions in nsJSEnvironment.cpp.
- Eliminate tabs and barbarians-at-the-gate-of-Rome style, in favor of when-in-Rome style (hail Waterson Maximus!)
also expose a method to get the visible row for a tree - I needed it anyway, figured I might as well expose it from JS.
other half of fix for #12895
r=bryner
DOM: getting rid of JS_GetContextPrivate wherever possible. Use static parent
links where we can. When we do need to find this info about the caller
we call a function that knows how to get that info rather than inline calls
to JS_GetContextPrivate. This is all required for calling DOM objects on
non-DOM JSContexts as we do via xpconnect.
XPConnect: basic refactoring work to disassociate wrappers from the JSContext
that was active when the wrapper was constructed. This allows for calling into
wrapped JS objects on the right JSContext and for proper grouping of wrapped
native objects so that they can share proto objects. This also allows for
better sharing of objects and lays the foundations for threadsafety and
interface flattening.
Also, xpconnect tests are reorganized and improved.
fixes bugs: 13419, 17736, 17746, 17952, 22086
r=vidur r=mccabe r=norris r=cbegle
a=chofmann
r=sdagley a=chofmann. Add support for GetAttention API to nsIDOMWindow.
r=vidur, a=chofmann. To do, make call to WebShell from nsIDOMWindow,
this will come once travis lands some webshell code.
bindings are now fully hierarchical. In addition, DOM windows, input fields
and textareas can pull their key bindings from a separate XUL file. This
allows configurable key bindings.
Massive rewrite of the command dispatcher system. The command dispatcher now
deals with DOM windows in addition to DOM elements. It now tracks both
successfully and works in conjunction with the new focus/blur architecture.
r=saari
- Allow nsIScriptContext::BindEventHandler to take a null void* handler argument, to remove the binding by nullifying it (for hyatt's XML-driven-key-mapping work).
- Try to GetCompiledEventHandler (and if we don't, and compile it, Put too) for the load event and other non-deferred (XUL window-level) event listeners.
- Improve doc comments and whitespace.
2.) WebShell now implements the new nsIScriptGlobalObjectOwner.
3.) WebShell supports GetInterface to nsIScriptGlobalObject.
4.) Documents no longer carry around a reference to nsIScriptContextOwner. Instead they hold on to a nsIScriptGlobalObject. nsIDocument::GetScriptContextOwner has now become nsIDocument::GetScriptGlobalObject(). Same change to the set methods.
- Rename nsIScriptContext::CompileFunction to CompileEventHandler, and add BindCompiledEventHandler, to reflect function name restrictions and help brutal sharing.
- Add adjunct-interface nsIScriptEventHandlerOwner to nsIScriptObjectOwner.h; this interface is queried for by nsEventListenerManger.cpp to test and fill the XUL prototype event handler "cache".
- PR_LOG JS warnings, and look in javascript.options.{strict,werror} for those options.
- Implement nsIScriptEventHandlerOwner in nsXULElement, keeping pointers to pre-compiled event handlers in nsXULPrototypeAttribute.
(bug 13218, r=waterson@netscape.com,vidur@netscape.com)
Build'). Modified files that conditionally compiled in support for
OJI, replacing with code that looks for OJI as an XPCOM service, and
failing gracefully if the OJI XPCOM service is not found. The four
files modified by this fix are the only active ones; other modules
that conditionally compile in support for OJI appear to be dead code.
r=drapeau@eng.sun.com. Fix contributed by Jayashri Visvanathan
(visvan@eng.sun.com).
20257 unable to edit existing images in editor due to JS error
19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.
I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.
Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.
r=joki
There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.
r=jband
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
- Fix most of bug 13163 (see TODO for rest). This entails adding a version-string argument to nsIScriptContext::EvaluateString and passing it around lots of places in content sinks.
- Fix leaks and confusion about mSecurityManager and mNameSpaceManager in nsJSEnvironment.cpp. These still need to move from nsJSContext to nsGlobalWindow or thereabouts, jband and vidur are looking at that.
- Added comments and expanded tabs in nsJSEnvironment.cpp, esp. to EvaluateString. Also changed various nsresult vars to be named rv. Also restored brace/style conformity to nsJSProtocolHandler.cpp.
- Factored CompileFunction from AddScriptEventListener to pave the way for brutal sharing of compiled JS event handlers via JS_CloneFunctionObject.
- Lots of nsCOMPtr uses added. I'm using one for mNameSpaceManager. Hold mSecurityManager as a service explicitly, on the other hand (awaiting scc's fix to allow comptrs for services), and release in nsJSContext's dtor (fixing a leak). These two managers should be moved to the window object -- TODO item below.
- Hold JSRuntimeService along with JSRuntime for live of nsJSEnvironment, fix for shaver.
- Fix window.setTimeout etc. so the filename and line number of the timeout expr is propagated. This meant factoring nsJSUtils.cpp code.
- Fix all content sinks to use the same, and up-to-date JavaScript version parsing (whether for script type or for old language attribute); also fix SplitMimeType clones to strip whitespace.
- With waterson, fix bug in brutal-sharing version of XUL content sink: script src= should not evaluate the inline content of its tag.
avoid a deadlock between the UI/JS thread and the FileTransport thread.
2) Isolating the proxy of the eval to a single interface
3) Change makefiles for windows and unix.
Brendan asked me to look at this. I am not sure if there is a bug number.
reviewer=brendan@meer.net
pollmann%netscape.com
alecf%netscape.com
danm%netscape.com
pp%ludusdesign.com
hyatt%netscape.com
norris%netscape.com
brendan%mozilla.org
vidur%netscape.com
jband%netscape.com
tbogard%aol.net
syd%netscape.com
mscott%netscape.com
waterson%netscape.com
mjudge%netscape.com
akkana%netscape.com
davidm%netscape.com
jdunn%netscape.com
ftang%netscape.com
warren%netscape.com
drapeau%eng.sun.com
rods%netscape.com
buster%netscape.com
dougt%netscape.com
shaver%netscape.com
joki%netscape.com
sspitzer%netscape.com
saari%netscape.com
dmose%mozilla.org
nisheeth%netscape.com
cls%seawood.org
dp%netscape.com
braddr%puremagic.com
law%netscape.com
pepper%netscape.com