Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
147,320 Commits 3,986 Branches 0 Tags
Commit Graph

101 Commits

Author SHA1 Message Date
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
brendan%mozilla.org
15ddfa152d Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 
git-svn-id: svn://10.0.0.236/trunk@175859 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-08 23:26:36 +00:00
dougt%meer.net
c3e3eda0f8 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 
git-svn-id: svn://10.0.0.236/trunk@173927 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
87a51ef2c0 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 
git-svn-id: svn://10.0.0.236/trunk@173334 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:20:07 +00:00
jshin%mailaps.org
3ad995326c bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@168696 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
dce306232a Add a version of CheckLoadURI that takes a source principal instead of a source 
URI.  Update a bunch of callers to use it.  Bug 233108, r=caillon, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@155487 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 16:55:27 +00:00
gerv%gerv.net
98831918fc Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155044 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-17 21:52:36 +00:00
neil%parkwaycc.co.uk
8619f5bc53 Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@150538 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-19 21:51:37 +00:00
brendan%mozilla.org
57f2064642 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@148748 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-03 04:26:55 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
53924f1a53 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 
git-svn-id: svn://10.0.0.236/trunk@147382 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
d55b44719f Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann


git-svn-id: svn://10.0.0.236/trunk@146256 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-22 03:06:53 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00
harishd%netscape.com
893e8e41f1 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@143644 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-12 20:18:34 +00:00
seawood%netscape.com
06e1507b0c Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 
git-svn-id: svn://10.0.0.236/trunk@143527 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-10 21:18:27 +00:00
dougt%meer.net
e70ad5a847 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143054 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:56:38 +00:00
dougt%meer.net
43e230ebe2 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143053 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:51:34 +00:00
caillon%returnzero.com
360f61e8a1 184257 - Updating pref callers. r=timeless sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@135983 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-08 08:40:41 +00:00
seawood%netscape.com
f8f86e7f05 Start installing GRE libraries & components into a separate dist/gre directory as part of the default build. 
Bug #186241 r=dougt


git-svn-id: svn://10.0.0.236/trunk@135661 18797224-902f-48f8-a5cc-f745e15eee43
 2002-12-28 01:15:07 +00:00
mstoltz%netscape.com
51f2a63b0c Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.


git-svn-id: svn://10.0.0.236/trunk@132679 18797224-902f-48f8-a5cc-f745e15eee43
 2002-10-30 03:15:59 +00:00
seawood%netscape.com
0b3ff474f3 Removing old nmake build makefiles. Bug #158528 r=pavlov 
git-svn-id: svn://10.0.0.236/trunk@126975 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-10 07:55:43 +00:00
sicking%bigfoot.com
9f524ba3a3 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa


git-svn-id: svn://10.0.0.236/trunk@126081 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
58a849eae5 Bug 154930 - If one page has explicitly set document.domain and another has not, 
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124781 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-09 00:10:02 +00:00
mstoltz%netscape.com
8946598190 Bug 152725 - Get URL passed to cookie module from document principal, not document URL. 
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.


git-svn-id: svn://10.0.0.236/trunk@124514 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-02 17:58:24 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
mstoltz%netscape.com
c4499c97cc Bug 127938 - chrome scripts should be exempt from the security check put in for 
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.


git-svn-id: svn://10.0.0.236/trunk@115457 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
7eb98a9eb6 partially backing out my last change - weird dependency problem 
git-svn-id: svn://10.0.0.236/trunk@115357 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
66acb67330 32571, present confirmation dialog before allowing scripts to close windows. 
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.


git-svn-id: svn://10.0.0.236/trunk@115356 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 04:50:21 +00:00
mcafee%netscape.com
60dc31b4b8 Backing out mstoltz. r=dbaron,jrgm 
git-svn-id: svn://10.0.0.236/trunk@114882 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
ebb6dc6f70 Bug 105050 - return null window.opener to scripts if opener is a mail window. 
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@114853 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 01:09:45 +00:00
mstoltz%netscape.com
904896ca95 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@114377 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 04:20:46 +00:00
gerv%gerv.net
4c7ac5dfa4 License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 
git-svn-id: svn://10.0.0.236/trunk@103674 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-25 01:03:58 +00:00
gerv%gerv.net
ae1d5501a1 Oops. 
git-svn-id: svn://10.0.0.236/trunk@103236 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-20 00:02:59 +00:00
scc%mozilla.org
52c8d09e03 bug #98089: ripped new license 
git-svn-id: svn://10.0.0.236/trunk@103219 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-19 20:09:47 +00:00
brendan%mozilla.org
f5bc62edea FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver. 
git-svn-id: svn://10.0.0.236/trunk@100030 18797224-902f-48f8-a5cc-f745e15eee43
 2001-07-31 19:05:34 +00:00
mstoltz%netscape.com
fd211023d2 Bug 77485 - defining a function in another window using a targeted javascript: 
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@99171 18797224-902f-48f8-a5cc-f745e15eee43
 2001-07-13 07:08:26 +00:00
ddrinan%netscape.com
a2084f364a PCKS7 implementation for signed JS. Bug# 82227 r=mstoltz@netscape.com,sr=blizzard@mozilla.org,a=blizzard@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@95833 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-23 22:06:43 +00:00
mstoltz%netscape.com
a8b60368de Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@95481 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
b684f8fcbc Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 
git-svn-id: svn://10.0.0.236/trunk@95401 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
55577f536b Bug 47905 - adding security check for XMLHttpRequest.open. 
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
28f5530d9c Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com, 
sr=brendan@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@94546 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-11 00:43:27 +00:00
jst%netscape.com
9d299d36ce Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 
git-svn-id: svn://10.0.0.236/trunk@94238 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
452a43cfc9 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538). 
r=beard, sr=hyatt


git-svn-id: svn://10.0.0.236/trunk@92480 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
6079a31c93 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi. 
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@90195 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
0932f41358 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@88336 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
579b002a49 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 
git-svn-id: svn://10.0.0.236/trunk@85606 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-27 01:42:20 +00:00
mstoltz%netscape.com
5b27bdf415 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan. 
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan


git-svn-id: svn://10.0.0.236/trunk@82368 18797224-902f-48f8-a5cc-f745e15eee43
 2000-11-07 01:14:08 +00:00
mstoltz%netscape.com
9351f77d32 Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc 
git-svn-id: svn://10.0.0.236/trunk@81158 18797224-902f-48f8-a5cc-f745e15eee43
 2000-10-13 22:59:47 +00:00