Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
212,812 Commits 3,986 Branches 0 Tags
Commit Graph

125 Commits

Author SHA1 Message Date
mrbkap%gmail.com
a3d3acbb16 Bug 460882. r+sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@257562 18797224-902f-48f8-a5cc-f745e15eee43
 2009-06-24 02:30:25 +00:00
jonas%sicking.cc
f8cd3459d9 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 
git-svn-id: svn://10.0.0.236/trunk@250472 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-18 17:35:57 +00:00
jonas%sicking.cc
9fce957868 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@249871 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-09 00:38:13 +00:00
jonas%sicking.cc
fc747a50f2 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@248160 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu
e0b620b5fe Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the 
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@248133 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-18 21:14:50 +00:00
reed%reedloden.com
dae4402340 Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 
git-svn-id: svn://10.0.0.236/trunk@247381 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-08 11:20:21 +00:00
jonas%sicking.cc
35f305467d Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246616 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:45:32 +00:00
myk%mozilla.org
425e84676b backing out fix for bug 416534 as potential cause of mochitest failure 
git-svn-id: svn://10.0.0.236/trunk@246615 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:23:38 +00:00
jonas%sicking.cc
05e58d7ee2 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246608 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 02:17:52 +00:00
jst%mozilla.org
6bcb42d7c6 Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 
git-svn-id: svn://10.0.0.236/trunk@242383 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-04 23:59:12 +00:00
jonas%sicking.cc
5233d883cd bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 
git-svn-id: svn://10.0.0.236/trunk@238237 18797224-902f-48f8-a5cc-f745e15eee43
 2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu
e369c02a93 Make security manager API more useful from script. Make more things 
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@228234 18797224-902f-48f8-a5cc-f745e15eee43
 2007-06-18 15:12:09 +00:00
bzbarsky%mit.edu
f5956a5fd5 When getting codebase principals, install the passed-in codebase on them even 
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@219846 18797224-902f-48f8-a5cc-f745e15eee43
 2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
43d470b66b Make the redirect check get principals the same way we get them elsewhere. 
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking


git-svn-id: svn://10.0.0.236/trunk@215685 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-22 18:27:54 +00:00
bzbarsky%mit.edu
d9cf9faf6c Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 
git-svn-id: svn://10.0.0.236/trunk@215290 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
3f520eaa49 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@215130 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-10 23:49:08 +00:00
cbiesinger%web.de
a09ce7942d Bug 351876 Move nsICryptoHash into necko 
r=darin


git-svn-id: svn://10.0.0.236/trunk@211837 18797224-902f-48f8-a5cc-f745e15eee43
 2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
bf296918cd Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@208054 18797224-902f-48f8-a5cc-f745e15eee43
 2006-08-21 22:15:20 +00:00
bzbarsky%mit.edu
f8006936fc Followup to bug 326506 -- this comment got lost somehow. 
git-svn-id: svn://10.0.0.236/trunk@193402 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
f1e9911556 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@190358 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
71dde5ebcd Backing out since tree is closed. 
git-svn-id: svn://10.0.0.236/trunk@190330 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
c8f8cb26e0 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@190329 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-17 03:26:03 +00:00
dougt%meer.net
94085e172f Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 
git-svn-id: svn://10.0.0.236/trunk@179031 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-26 06:46:21 +00:00
timeless%mozdev.org
bb2751407b Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177665 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
brendan%mozilla.org
15ddfa152d Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 
git-svn-id: svn://10.0.0.236/trunk@175859 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-08 23:26:36 +00:00
dougt%meer.net
c3e3eda0f8 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 
git-svn-id: svn://10.0.0.236/trunk@173927 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
87a51ef2c0 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 
git-svn-id: svn://10.0.0.236/trunk@173334 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:20:07 +00:00
jshin%mailaps.org
3ad995326c bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@168696 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
dce306232a Add a version of CheckLoadURI that takes a source principal instead of a source 
URI.  Update a bunch of callers to use it.  Bug 233108, r=caillon, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@155487 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 16:55:27 +00:00
gerv%gerv.net
98831918fc Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155044 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-17 21:52:36 +00:00
neil%parkwaycc.co.uk
8619f5bc53 Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@150538 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-19 21:51:37 +00:00
brendan%mozilla.org
57f2064642 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@148748 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-03 04:26:55 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
53924f1a53 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 
git-svn-id: svn://10.0.0.236/trunk@147382 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
d55b44719f Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann


git-svn-id: svn://10.0.0.236/trunk@146256 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-22 03:06:53 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00
harishd%netscape.com
893e8e41f1 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@143644 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-12 20:18:34 +00:00
seawood%netscape.com
06e1507b0c Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 
git-svn-id: svn://10.0.0.236/trunk@143527 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-10 21:18:27 +00:00
dougt%meer.net
e70ad5a847 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143054 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:56:38 +00:00
dougt%meer.net
43e230ebe2 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143053 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:51:34 +00:00
caillon%returnzero.com
360f61e8a1 184257 - Updating pref callers. r=timeless sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@135983 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-08 08:40:41 +00:00
seawood%netscape.com
f8f86e7f05 Start installing GRE libraries & components into a separate dist/gre directory as part of the default build. 
Bug #186241 r=dougt


git-svn-id: svn://10.0.0.236/trunk@135661 18797224-902f-48f8-a5cc-f745e15eee43
 2002-12-28 01:15:07 +00:00
mstoltz%netscape.com
51f2a63b0c Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.


git-svn-id: svn://10.0.0.236/trunk@132679 18797224-902f-48f8-a5cc-f745e15eee43
 2002-10-30 03:15:59 +00:00
seawood%netscape.com
0b3ff474f3 Removing old nmake build makefiles. Bug #158528 r=pavlov 
git-svn-id: svn://10.0.0.236/trunk@126975 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-10 07:55:43 +00:00
sicking%bigfoot.com
9f524ba3a3 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa


git-svn-id: svn://10.0.0.236/trunk@126081 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
58a849eae5 Bug 154930 - If one page has explicitly set document.domain and another has not, 
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124781 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-09 00:10:02 +00:00
mstoltz%netscape.com
8946598190 Bug 152725 - Get URL passed to cookie module from document principal, not document URL. 
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.


git-svn-id: svn://10.0.0.236/trunk@124514 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-02 17:58:24 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00