Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
175,382 Commits 3,986 Branches 0 Tags
Commit Graph

311 Commits

Author SHA1 Message Date
bzbarsky%mit.edu
d9cf9faf6c Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 
git-svn-id: svn://10.0.0.236/trunk@215290 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
3f520eaa49 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@215130 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-10 23:49:08 +00:00
bzbarsky%mit.edu
bf296918cd Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@208054 18797224-902f-48f8-a5cc-f745e15eee43
 2006-08-21 22:15:20 +00:00
pkasting%google.com
fe4d307f5c Bug 337223: Don't expose moz-anno protocol to web pages. 
Patch by brettw
r=jst
sr=bzbarsky


git-svn-id: svn://10.0.0.236/trunk@207869 18797224-902f-48f8-a5cc-f745e15eee43
 2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu
0583386559 Remove special-casing of about:blank for security purposes; give about:blank 
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst


git-svn-id: svn://10.0.0.236/trunk@207471 18797224-902f-48f8-a5cc-f745e15eee43
 2006-08-15 17:31:16 +00:00
dveditz%cruzio.com
0cc75e8cec bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking 
git-svn-id: svn://10.0.0.236/trunk@200986 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu
bcc60a49cd Fiox the special-casing for about:blank to deal with it now being 
moz-safe-about:blank as far as the security manager is concerned.  Bug 342108,
r=darin, sr=jst


git-svn-id: svn://10.0.0.236/trunk@200563 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu
cc155c0109 Allow about: modules to just set a flag to force script execution to be allowed 
for particular about: URIs, instead of hardcoding checks in the security
manager.  Bug 341313, r=darin, sr=jst


git-svn-id: svn://10.0.0.236/trunk@200562 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu
6aa4a59940 Save the principal in the session history entry so that reloading a data: URL 
will do the right thing.  Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs).  Bug
337260, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@200350 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu
dcd8a3a053 Move the safe vs unsafe about: distinction out of the security manager and into 
nsIAboutModule implementations.  Bug 337746, r=dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@200348 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au
e96b5e495a Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan. 
git-svn-id: svn://10.0.0.236/trunk@199778 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-13 03:07:47 +00:00
mrbkap%gmail.com
0b7523274b Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan 
git-svn-id: svn://10.0.0.236/trunk@199768 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-12 22:39:55 +00:00
bzbarsky%mit.edu
d81cffda8c Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@196360 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu
a553da6bbb Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst


git-svn-id: svn://10.0.0.236/trunk@195964 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
c0ef817e7c Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@195949 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-04 02:29:46 +00:00
darin%meer.net
78b4d016b3 fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@195829 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu
c4f7acfe09 Add an interface for nested URIs (like jar:, view-source:, etc) to implement 
and use it in various places.  Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:).  Bug 334407, r=biesi,dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@195823 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu
f736a7bab0 Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@195330 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu
b5178addb1 Check rv before looking at port. Bug 334210, r+sr+branch181=jst 
git-svn-id: svn://10.0.0.236/trunk@194554 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-17 23:19:54 +00:00
bzbarsky%mit.edu
07f561af8d Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin 
git-svn-id: svn://10.0.0.236/trunk@194551 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu
7a842b50b9 Fix refcounting bug. Followup to bug 327176; reviews pending. 
git-svn-id: svn://10.0.0.236/trunk@193604 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu
9ff3edeea6 Init the system principal singleton when we init the security manager -- no 
need for lazy init here.  Bug 327176, r=mrbkap, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@193400 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu
e1ba63aa5f Create a powerless non-principal and start using it. Bug 326506, r=mrbkap, 
sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@193399 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-02 20:58:26 +00:00
martijn.martijn%gmail.com
8243740c9d Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@192414 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-15 11:03:25 +00:00
bryner%brianryner.com
7ec5e10667 Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin. 
git-svn-id: svn://10.0.0.236/trunk@192401 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu
d1faccd8b4 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan


git-svn-id: svn://10.0.0.236/trunk@191131 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-24 04:38:46 +00:00
bzbarsky%mit.edu
9f067136f3 Remove dead code. Bug 327171, r=mrbkap, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@189996 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
588387679c Fix debug code to assert the right thing. r=timeless 
git-svn-id: svn://10.0.0.236/trunk@189987 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu
7db1feab23 Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@189362 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-07 22:24:47 +00:00
cbiesinger%web.de
6322c04952 bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones 
r+sr=darin


git-svn-id: svn://10.0.0.236/trunk@188844 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com
2a67af918b Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@185368 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com
895df6e6ca Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org 
git-svn-id: svn://10.0.0.236/trunk@185351 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-28 23:56:44 +00:00
brettw%gmail.com
0420e64f2f Bug 316077, r=annie.sullivan, sr=darin 
Protocol handler allowing access to binary annotations.


git-svn-id: svn://10.0.0.236/trunk@184829 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu
90c17667d8 Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst


git-svn-id: svn://10.0.0.236/trunk@184744 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de
eaf06b8983 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz


git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-08 20:47:16 +00:00
jst%mozilla.jstenback.com
07d2395134 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@182933 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu
a06f72a2d9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@182663 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-20 23:49:59 +00:00
bzbarsky%mit.edu
b4a5294710 Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@181269 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-30 03:30:40 +00:00
dbaron%dbaron.org
c1699761ee Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@180174 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu
151ce36b21 Remove the security.checkloaduri preference. Please to be using the 
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.

Bug 307382, r=caillon, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@179918 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 18:43:45 +00:00
peterv%propagandism.org
2b66b3502d Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan. 
git-svn-id: svn://10.0.0.236/trunk@178930 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com
bc56b295fd bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@178594 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com
d54b52ab08 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@177957 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-17 16:55:00 +00:00
timeless%mozdev.org
ae4ec1442e Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177932 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-17 07:40:39 +00:00
timeless%mozdev.org
7eec49b5ff Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG 
r=dveditz sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177669 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-12 23:13:46 +00:00
timeless%mozdev.org
bb2751407b Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177665 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
2d3b479c81 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@176101 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-14 17:46:55 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00