diff --git a/mozilla/caps/include/nsScriptSecurityManager.h b/mozilla/caps/include/nsScriptSecurityManager.h index 397651f4dea..32d1f344f87 100644 --- a/mozilla/caps/include/nsScriptSecurityManager.h +++ b/mozilla/caps/include/nsScriptSecurityManager.h @@ -170,7 +170,6 @@ private: PRBool mIsJavaScriptEnabled; PRBool mIsMailJavaScriptEnabled; PRBool mIsAccessingPrefs; - unsigned char hasPolicyVector[(NS_DOM_PROP_MAX >> 3) + 1]; unsigned char hasDomainPolicyVector[(NS_DOM_PROP_MAX >> 3) + 1]; }; diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index a57b3f5e495..2f69e156f1d 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -383,11 +383,7 @@ nsScriptSecurityManager::CheckScriptAccess(JSContext *cx, void *aObj, PRInt32 domPropInt, PRBool isWrite) { - nsDOMProp domProp = (nsDOMProp) domPropInt; - if (!GetBit(hasPolicyVector, domPropInt)) { - // No policy for this DOM property, so just allow access. - return NS_OK; - } + nsCOMPtr principal; if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal)))) { return NS_ERROR_FAILURE; @@ -400,16 +396,13 @@ nsScriptSecurityManager::CheckScriptAccess(JSContext *cx, return NS_OK; } nsCAutoString capability; + nsDOMProp domProp = (nsDOMProp) domPropInt; PRInt32 secLevel = GetSecurityLevel(principal, domProp, isWrite, capability); switch (secLevel) { - case SCRIPT_SECURITY_UNDEFINED_ACCESS: - // If no preference is defined for this property, allow access. - // This violates the rule of a safe default, but means we don't have - // to specify the large majority of unchecked properties, only the - // minority of checked ones. case SCRIPT_SECURITY_ALL_ACCESS: return NS_OK; + case SCRIPT_SECURITY_UNDEFINED_ACCESS: case SCRIPT_SECURITY_SAME_DOMAIN_ACCESS: { const char *cap = isWrite ? "UniversalBrowserWrite" @@ -1417,7 +1410,6 @@ nsScriptSecurityManager::nsScriptSecurityManager(void) mIsAccessingPrefs(PR_FALSE) { NS_INIT_REFCNT(); - memset(hasPolicyVector, 0, sizeof(hasPolicyVector)); memset(hasDomainPolicyVector, 0, sizeof(hasDomainPolicyVector)); InitFromPrefs(); } @@ -1903,8 +1895,7 @@ nsScriptSecurityManager::EnumeratePolicyCallback(const char *prefName, int domPropLength = dots[4] - domPropName; nsDOMProp domProp = findDomProp(domPropName, domPropLength); if (domProp < NS_DOM_PROP_MAX) { - SetBit(mgr->hasPolicyVector, domProp); - if (!isDefault) + if (!isDefault) SetBit(mgr->hasDomainPolicyVector, domProp); return; } diff --git a/mozilla/modules/libpref/src/init/all.js b/mozilla/modules/libpref/src/init/all.js index b0e34a356a0..35bf921b93d 100644 --- a/mozilla/modules/libpref/src/init/all.js +++ b/mozilla/modules/libpref/src/init/all.js @@ -389,115 +389,13 @@ pref("security.xpconnect.plugin.unrestricted", true); pref("security.policy.default.barprop.visible.write", "UniversalBrowserWrite"); -pref("security.policy.default.document.createattribute", "sameOrigin"); -pref("security.policy.default.document.createattributens", "sameOrigin"); -pref("security.policy.default.document.createcdatasection", "sameOrigin"); -pref("security.policy.default.document.createcomment", "sameOrigin"); -pref("security.policy.default.document.createdocumentfragment", "sameOrigin"); -pref("security.policy.default.document.createelement", "sameOrigin"); -pref("security.policy.default.document.createelementns", "sameOrigin"); -pref("security.policy.default.document.createentityreference", "sameOrigin"); -pref("security.policy.default.document.createprocessinginstruction", "sameOrigin"); -pref("security.policy.default.document.createtextnode", "sameOrigin"); -pref("security.policy.default.document.doctype", "sameOrigin"); -pref("security.policy.default.document.documentelement", "sameOrigin"); -pref("security.policy.default.document.getelementbyid", "sameOrigin"); -pref("security.policy.default.document.getelementsbytagname", "sameOrigin"); -pref("security.policy.default.document.getelementsbytagnamens", "sameOrigin"); -pref("security.policy.default.document.implementation", "sameOrigin"); -pref("security.policy.default.document.importnode", "sameOrigin"); -pref("security.policy.default.htmldocument.anchors", "sameOrigin"); -pref("security.policy.default.htmldocument.applets", "sameOrigin"); -pref("security.policy.default.htmldocument.body", "sameOrigin"); -pref("security.policy.default.htmldocument.cookie", "sameOrigin"); -pref("security.policy.default.htmldocument.domain", "sameOrigin"); -pref("security.policy.default.htmldocument.forms", "sameOrigin"); -pref("security.policy.default.htmldocument.getelementsbyname", "sameOrigin"); -pref("security.policy.default.htmldocument.links", "sameOrigin"); -pref("security.policy.default.htmldocument.referrer", "sameOrigin"); -pref("security.policy.default.htmldocument.title", "sameOrigin"); -pref("security.policy.default.htmldocument.url", "sameOrigin"); -pref("security.policy.default.nshtmldocument.alinkcolor.write", "sameOrigin"); -pref("security.policy.default.nshtmldocument.bgcolor.write", "sameOrigin"); -pref("security.policy.default.nshtmldocument.captureevents", "sameOrigin"); -pref("security.policy.default.nshtmldocument.embeds", "sameOrigin"); -pref("security.policy.default.nshtmldocument.fgcolor.write", "sameOrigin"); -pref("security.policy.default.nshtmldocument.getselection", "sameOrigin"); -pref("security.policy.default.nshtmldocument.lastmodified", "sameOrigin"); -pref("security.policy.default.nshtmldocument.layers.write", "sameOrigin"); -pref("security.policy.default.nshtmldocument.linkcolor.write", "sameOrigin"); -pref("security.policy.default.nshtmldocument.nameditem", "sameOrigin"); -pref("security.policy.default.nshtmldocument.open", "sameOrigin"); -pref("security.policy.default.nshtmldocument.plugins", "sameOrigin"); -pref("security.policy.default.nshtmldocument.releaseevents", "sameOrigin"); -pref("security.policy.default.nshtmldocument.routeevent", "sameOrigin"); -pref("security.policy.default.nshtmldocument.vlinkcolor.write", "sameOrigin"); -pref("security.policy.default.nshtmldocument.write", "sameOrigin"); -pref("security.policy.default.nshtmldocument.writeln", "sameOrigin"); - -pref("security.policy.default.eventtarget.addeventlistener", "sameOrigin"); - -pref("security.policy.default.element.getattribute", "sameOrigin"); -pref("security.policy.default.element.getattributenode", "sameOrigin"); -pref("security.policy.default.element.getelementsbytagname", "sameOrigin"); -pref("security.policy.default.element.removeattribute", "sameOrigin"); -pref("security.policy.default.element.removeattributenode", "sameOrigin"); -pref("security.policy.default.element.setattribute", "sameOrigin"); -pref("security.policy.default.element.setattributenode", "sameOrigin"); -pref("security.policy.default.element.tagname", "sameOrigin"); - -pref("security.policy.default.htmlelement.innerhtml", "sameOrigin"); - -pref("security.policy.default.nshtmlformelement.nameditem", "sameOrigin"); - pref("security.policy.default.history.current.read", "UniversalBrowserRead"); pref("security.policy.default.history.next.read", "UniversalBrowserRead"); pref("security.policy.default.history.previous.read", "UniversalBrowserRead"); -pref("security.policy.default.htmlinputelement.value", "sameOrigin"); - -pref("security.policy.default.htmlimageelement.src", "sameOrigin"); -pref("security.policy.default.htmlimageelement.lowsrc", "sameOrigin"); - -pref("security.policy.default.location.hash.read", "sameOrigin"); -pref("security.policy.default.location.host.read", "sameOrigin"); -pref("security.policy.default.location.hostname.read", "sameOrigin"); -pref("security.policy.default.location.href.read", "sameOrigin"); -pref("security.policy.default.location.pathname.read", "sameOrigin"); -pref("security.policy.default.location.port.read", "sameOrigin"); -pref("security.policy.default.location.protocol.read", "sameOrigin"); -pref("security.policy.default.location.search.read", "sameOrigin"); -pref("security.policy.default.location.tostring.read", "sameOrigin"); - pref("security.policy.default.navigator.preference.read", "UniversalPreferencesRead"); pref("security.policy.default.navigator.preference.write", "UniversalPreferencesWrite"); -pref("security.policy.default.node.appendchild", "sameOrigin"); -pref("security.policy.default.node.attributes", "sameOrigin"); -pref("security.policy.default.node.childnodes", "sameOrigin"); -pref("security.policy.default.node.clonenode", "sameOrigin"); -pref("security.policy.default.node.firstchild", "sameOrigin"); -pref("security.policy.default.node.haschildnodes", "sameOrigin"); -pref("security.policy.default.node.insertbefore", "sameOrigin"); -pref("security.policy.default.node.lastchild", "sameOrigin"); -pref("security.policy.default.node.localname", "sameOrigin"); -pref("security.policy.default.node.namespaceuri", "sameOrigin"); -pref("security.policy.default.node.nextsibling", "sameOrigin"); -pref("security.policy.default.node.nodename", "sameOrigin"); -pref("security.policy.default.node.nodetype", "sameOrigin"); -pref("security.policy.default.node.nodevalue", "sameOrigin"); -pref("security.policy.default.node.normalize", "sameOrigin"); -pref("security.policy.default.node.ownerdocument", "sameOrigin"); -pref("security.policy.default.node.parentnode", "sameOrigin"); -pref("security.policy.default.node.prefix", "sameOrigin"); -pref("security.policy.default.node.previoussibling", "sameOrigin"); -pref("security.policy.default.node.removechild", "sameOrigin"); -pref("security.policy.default.node.replacechild", "sameOrigin"); -pref("security.policy.default.node.supports", "sameOrigin"); - -pref("security.policy.default.window.status", "sameOrigin"); -pref("security.policy.default.window.scriptglobals", "sameOrigin"); - // Middle-mouse handling pref("middlemouse.paste", false); pref("middlemouse.openNewWindow", false);