Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
212,812 Commits 3,986 Branches 0 Tags
Commit Graph

680 Commits

Author SHA1 Message Date
mrbkap%gmail.com
9f99912404 Bug 441714 - Protect caps against SJOWs. r+sr=dveditz a=dveditz 
git-svn-id: svn://10.0.0.236/trunk@258047 18797224-902f-48f8-a5cc-f745e15eee43
 2009-08-11 00:12:48 +00:00
mrbkap%gmail.com
a3d3acbb16 Bug 460882. r+sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@257562 18797224-902f-48f8-a5cc-f745e15eee43
 2009-06-24 02:30:25 +00:00
bzbarsky%mit.edu
acb05ef3d9 Bug 410486. Make sure to be in a request when reporting a pending 
exception. patch by timeless, r=dveditz, sr=mrbkap.


git-svn-id: svn://10.0.0.236/trunk@257330 18797224-902f-48f8-a5cc-f745e15eee43
 2009-06-01 16:18:53 +00:00
bzbarsky%mit.edu
7a1ecd860b Bug 460425. Do better security checks during redirection. r=sicking,biesi, 
sr=sicking, a=dveditz


git-svn-id: svn://10.0.0.236/trunk@255759 18797224-902f-48f8-a5cc-f745e15eee43
 2009-01-08 01:03:37 +00:00
jonas%sicking.cc
f8cd3459d9 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 
git-svn-id: svn://10.0.0.236/trunk@250472 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-18 17:35:57 +00:00
gavin%gavinsharp.com
79887f7415 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 
git-svn-id: svn://10.0.0.236/trunk@250192 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-14 08:50:51 +00:00
dveditz%cruzio.com
884d1f2f41 tests for bug 292789 -- forgot during checkin 
git-svn-id: svn://10.0.0.236/trunk@250147 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-13 00:55:45 +00:00
dveditz%cruzio.com
a5264ff5b3 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 
git-svn-id: svn://10.0.0.236/trunk@250136 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-12 21:26:19 +00:00
jonas%sicking.cc
9fce957868 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@249871 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-09 00:38:13 +00:00
igor%mir2.org
088bbf6cb0 [bug 423874] backing out as a simpler patch would do the job with less code. 
git-svn-id: svn://10.0.0.236/trunk@248816 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-29 10:34:31 +00:00
igor%mir2.org
0c1130d3fd [bug 424376] backing out - too much compatibility problems. 
git-svn-id: svn://10.0.0.236/trunk@248801 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-28 22:27:37 +00:00
bzbarsky%mit.edu
0fe9924c4d Fix bug 421228. r+sr=sicking 
git-svn-id: svn://10.0.0.236/trunk@248739 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-28 03:46:15 +00:00
igor%mir2.org
babc53fb34 bug=424376 r=brendan a1.9b5=beltzner 
Compile-time function objects are no longer exposed through SpiderMonkey API.


git-svn-id: svn://10.0.0.236/trunk@248446 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-23 10:16:40 +00:00
jst%mozilla.org
848e5e4245 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@248431 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-22 16:50:49 +00:00
igor%mir2.org
99df75fa8a bug=423874 r=brendan a1.9b5=dsicore 
Allocating native functions together with JSObject


git-svn-id: svn://10.0.0.236/trunk@248353 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-21 08:19:27 +00:00
jst%mozilla.org
85cb1171ff Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@248344 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-21 06:01:55 +00:00
jst%mozilla.org
981793b5f4 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@248340 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-21 04:39:10 +00:00
shaver%mozilla.org
2ca406ac15 Bug 246699: report better errors (with stacks) for security denials. 
r+sr=jst, a=mconnor.


git-svn-id: svn://10.0.0.236/trunk@248275 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-20 08:19:15 +00:00
shaver%mozilla.org
358a2cc7a5 Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@248213 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-19 22:14:52 +00:00
shaver%mozilla.org
ae42f2e221 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for 
incoming mochitests.  Also so that the tests listed in securetest.list will
not mock me from beyond the NSCP grave.


git-svn-id: svn://10.0.0.236/trunk@248203 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-19 21:26:09 +00:00
jonas%sicking.cc
fc747a50f2 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@248160 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu
e0b620b5fe Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the 
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@248133 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-18 21:14:50 +00:00
gavin%gavinsharp.com
37db93870b Back out bug 246699 to fix bug 423375, per shaver 
git-svn-id: svn://10.0.0.236/trunk@247980 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-17 14:10:48 +00:00
timeless%mozdev.org
268a4610d9 Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) 
r=shaver a=shaver


git-svn-id: svn://10.0.0.236/trunk@247553 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-11 17:30:23 +00:00
reed%reedloden.com
dae4402340 Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 
git-svn-id: svn://10.0.0.236/trunk@247381 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-08 11:20:21 +00:00
jonas%sicking.cc
35f305467d Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246616 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:45:32 +00:00
myk%mozilla.org
425e84676b backing out fix for bug 416534 as potential cause of mochitest failure 
git-svn-id: svn://10.0.0.236/trunk@246615 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:23:38 +00:00
jonas%sicking.cc
05e58d7ee2 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246608 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 02:17:52 +00:00
Olli.Pettay%helsinki.fi
0ab87464e4 Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 
git-svn-id: svn://10.0.0.236/trunk@246523 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-26 12:40:21 +00:00
reed%reedloden.com
ef160fa4e6 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 
git-svn-id: svn://10.0.0.236/trunk@246437 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-25 08:59:21 +00:00
jonas%sicking.cc
af43f83785 Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 
git-svn-id: svn://10.0.0.236/trunk@244581 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-31 08:17:47 +00:00
jst%mozilla.org
e47838f094 Fixing bustage. 
git-svn-id: svn://10.0.0.236/trunk@244383 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-29 21:11:24 +00:00
jst%mozilla.org
f9cb3c8650 Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@244380 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-29 20:51:01 +00:00
jst%mozilla.org
361854951e Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@244217 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-28 17:51:38 +00:00
jst%mozilla.org
823e3bcbeb Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 
git-svn-id: svn://10.0.0.236/trunk@243327 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-17 00:32:26 +00:00
benjamin%smedbergs.us
0a44d0e3e2 Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 
git-svn-id: svn://10.0.0.236/trunk@243117 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-15 15:51:02 +00:00
dwitte%stanford.edu
7c29041265 thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 
git-svn-id: svn://10.0.0.236/trunk@242941 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-12 04:30:44 +00:00
dwitte%stanford.edu
546ce140b5 partial backout in an attempt to fix orange. 
git-svn-id: svn://10.0.0.236/trunk@242891 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-11 10:09:00 +00:00
dwitte%stanford.edu
4c74c22a8d relanding bug 410250. 
git-svn-id: svn://10.0.0.236/trunk@242890 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-11 09:13:06 +00:00
dwitte%stanford.edu
1ae0ca29c9 backing out to fix orange. 
git-svn-id: svn://10.0.0.236/trunk@242883 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-11 04:59:46 +00:00
dwitte%stanford.edu
9b6279f3f7 thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 
git-svn-id: svn://10.0.0.236/trunk@242879 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-11 03:56:02 +00:00
timeless%mozdev.org
6115b7206e Bug 334306 useless null check in nsDestroyJSPrincipals 
r=dbaron sr=dveditz a=mtschrep


git-svn-id: svn://10.0.0.236/trunk@242506 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-06 14:53:24 +00:00
mrbkap%gmail.com
3d6fa4c653 Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 
git-svn-id: svn://10.0.0.236/trunk@242389 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-05 01:32:23 +00:00
jst%mozilla.org
6bcb42d7c6 Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 
git-svn-id: svn://10.0.0.236/trunk@242383 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-04 23:59:12 +00:00
mrbkap%gmail.com
2b0771659f XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 
git-svn-id: svn://10.0.0.236/trunk@241958 18797224-902f-48f8-a5cc-f745e15eee43
 2007-12-21 19:06:29 +00:00
jst%mozilla.org
1fe4314b66 Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@240954 18797224-902f-48f8-a5cc-f745e15eee43
 2007-12-12 23:02:26 +00:00
philringnalda%gmail.com
bfb970766c Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 
git-svn-id: svn://10.0.0.236/trunk@239257 18797224-902f-48f8-a5cc-f745e15eee43
 2007-11-13 03:23:17 +00:00
tglek%mozilla.com
2be4668616 Bug 398574:Prbool fixes r=bz a=release drivers 
git-svn-id: svn://10.0.0.236/trunk@239227 18797224-902f-48f8-a5cc-f745e15eee43
 2007-11-12 21:47:11 +00:00
jonas%sicking.cc
5233d883cd bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 
git-svn-id: svn://10.0.0.236/trunk@238237 18797224-902f-48f8-a5cc-f745e15eee43
 2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu
19f3323d77 Make the "href" property of stylesheets reflect the original URI that was 
reflected to load the sheet.  Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore


git-svn-id: svn://10.0.0.236/trunk@238046 18797224-902f-48f8-a5cc-f745e15eee43
 2007-10-23 21:56:43 +00:00