Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
147,320 Commits 3,986 Branches 0 Tags
Commit Graph

265 Commits

Author SHA1 Message Date
caillon%returnzero.com
916e757114 Bug 214949 
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com


git-svn-id: svn://10.0.0.236/trunk@145830 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-10 02:26:11 +00:00
brendan%mozilla.org
95220b5330 Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@145624 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-05 20:09:21 +00:00
caillon%returnzero.com
7fe85266fd Adding comments, per bzbarsky. bug 214050. 
git-svn-id: svn://10.0.0.236/trunk@145342 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 19:03:00 +00:00
caillon%returnzero.com
c9af458d0a Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050. 
git-svn-id: svn://10.0.0.236/trunk@145325 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 09:07:43 +00:00
caillon%returnzero.com
742898a589 Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu


git-svn-id: svn://10.0.0.236/trunk@145319 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 05:28:00 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
jst%netscape.com
155632c501 Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@144207 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-27 03:10:49 +00:00
timeless%mozdev.org
543383a0e6 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst


git-svn-id: svn://10.0.0.236/trunk@144181 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00
jst%netscape.com
ecae24eff4 Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@144108 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-24 21:43:01 +00:00
caillon%returnzero.com
588acb1f7c Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@143900 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-18 23:48:57 +00:00
harishd%netscape.com
893e8e41f1 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@143644 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-12 20:18:34 +00:00
dougt%meer.net
e70ad5a847 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143054 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:56:38 +00:00
dougt%meer.net
43e230ebe2 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143053 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:51:34 +00:00
mstoltz%netscape.com
d55cb10a60 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 
git-svn-id: svn://10.0.0.236/trunk@143008 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-28 23:22:36 +00:00
dbradley%netscape.com
5878dbec4a bug 205538 - Use hyphens instead of underscores in caps prefs for CID's. r=adamlock, sr=alecf, a=asa 
git-svn-id: svn://10.0.0.236/trunk@142650 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-20 14:19:05 +00:00
jst%netscape.com
394e9fef7e Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@142350 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-12 22:23:52 +00:00
brendan%mozilla.org
409a6a96a8 Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa). 
git-svn-id: svn://10.0.0.236/trunk@142248 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-09 00:40:50 +00:00
jst%netscape.com
6f39df51bc Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@141333 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-17 20:21:00 +00:00
mstoltz%netscape.com
00529830be Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 
git-svn-id: svn://10.0.0.236/trunk@139306 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 02:17:37 +00:00
timeless%mozdev.org
7f19212039 Bug 196340 Change NS_REINTERPRET_CAST(nsIScriptContext*, JS_GetContextPrivate(cx)) to use Static Cast 
r=mstoltz sr=heikki


git-svn-id: svn://10.0.0.236/trunk@139117 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-07 21:54:28 +00:00
brendan%mozilla.org
a5ad42fb1b Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 
git-svn-id: svn://10.0.0.236/trunk@139037 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-06 19:40:14 +00:00
rginda%netscape.com
ce1ca0b4c1 bug 191773, r=mstoltz, a=dbaron@dbaron.org 
only allow x-jsd: urls from chrome: and resource:


git-svn-id: svn://10.0.0.236/trunk@137399 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-05 01:27:56 +00:00
sfraser%netscape.com
b3ed7e7caf Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@136464 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-17 01:00:15 +00:00
dbaron%dbaron.org
30879d2c9e Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it's no longer needed. r=timeless sr=jag 
git-svn-id: svn://10.0.0.236/trunk@135991 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-08 19:24:38 +00:00
mstoltz%netscape.com
51f2a63b0c Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.


git-svn-id: svn://10.0.0.236/trunk@132679 18797224-902f-48f8-a5cc-f745e15eee43
 2002-10-30 03:15:59 +00:00
sspitzer%netscape.com
05fe9776e8 fix for #168136. r=mstoltz, sr=dveditz. 
for pref controlled schemes, allow access if source scheme is chrome or res.
needed for the new "view filter log UI".


git-svn-id: svn://10.0.0.236/trunk@129410 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-12 20:27:07 +00:00
dougt%netscape.com
e289284076 166917. Clean up xpcom SDK includes. r=rpotts@netscape.com, sr=alecf@netscape.com, a=rjesup@wgate.com 
git-svn-id: svn://10.0.0.236/trunk@129050 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 17:13:19 +00:00
jkeiser%netscape.com
00f9a12d62 Make anonymous content inaccessible to web content (bug 164086), r=sicking@bigfoot.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@128436 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-29 04:05:39 +00:00
bbaetz%student.usyd.edu.au
4e8a1e0dc7 Backing out jkeiser's checkin for bug 164086 (not bug 96537) because he 
left a file out, and the tree turned red....


git-svn-id: svn://10.0.0.236/trunk@128332 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-28 10:13:28 +00:00
jkeiser%netscape.com
958a25b600 Make anonymous content inaccessible to web content (bug 96537), r=sicking@bigfoot.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@128330 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-28 08:19:43 +00:00
henry.jia%sun.com
3f9b0291d9 5th patch for bug 158080 
Description: replace the hardcode of @mozilla.org/embedcomp/window-watcher;1 with NS_WINDOWWATCHER_CONTRACTID
Patch by Henry.Jia@sun.com
r=anto, sr=alecf


git-svn-id: svn://10.0.0.236/trunk@126458 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-06 06:32:02 +00:00
sicking%bigfoot.com
9f524ba3a3 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa


git-svn-id: svn://10.0.0.236/trunk@126081 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
58a849eae5 Bug 154930 - If one page has explicitly set document.domain and another has not, 
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124781 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-09 00:10:02 +00:00
harishd%netscape.com
eec4e16e84 Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@124550 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-02 23:26:08 +00:00
harishd%netscape.com
6a17a8cbac Backing out my checkin to see if it fixes the Txul breakage 
git-svn-id: svn://10.0.0.236/trunk@124236 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-27 23:32:51 +00:00
harishd%netscape.com
270da5e314 ** checking in for mstoltz ** 
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124210 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-27 20:58:42 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
dougt%netscape.com
d6cc711878 Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 
git-svn-id: svn://10.0.0.236/trunk@121534 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-15 18:55:21 +00:00
darin%netscape.com
24feadaaed fixes bug 142870 "nsIFile should use UCS-2 instead of UTF-8" 
r=dougt sr=alecf


git-svn-id: svn://10.0.0.236/trunk@121010 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-07 23:07:19 +00:00
darin%netscape.com
824def02af fixes bug 129279 "nsIFile unicode/utf8/ascii task" 
r=dougt sr=alecf


git-svn-id: svn://10.0.0.236/trunk@120092 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-27 05:33:09 +00:00
mstoltz%netscape.com
50e08140ae Bug 136993 - Put the "trusted codebase principals" feature back in. 
r=harishd, sr=jst, a=valeski


git-svn-id: svn://10.0.0.236/trunk@118900 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-13 01:53:46 +00:00
darin%netscape.com
18cd799d96 fixes bug 134546 "Memory leak in nsScriptSecurityManager::GetBaseURIScheme()" 
patch=pj@ludd.luth.se, r=mstoltz, sr=darin, a=rjesup@wgate.com


git-svn-id: svn://10.0.0.236/trunk@118029 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-03 20:23:57 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
rginda%netscape.com
f15bd8f764 Bug 129503, "IsCapabilityEnabled should return PR_TRUE if no script on stack" 
sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
.  Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native.  If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)


git-svn-id: svn://10.0.0.236/trunk@116124 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-08 02:20:55 +00:00
darin%netscape.com
04849998e1 fixes bug 124042 "support internationalized URIs" r=dougt, sr=alecf, a=asa 
git-svn-id: svn://10.0.0.236/trunk@115936 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-06 07:48:55 +00:00
jband%netscape.com
69252ef472 remove stale DEBUG_jband block. rs=jband a=dbaron 
git-svn-id: svn://10.0.0.236/trunk@115802 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-05 08:02:05 +00:00
mstoltz%netscape.com
c4499c97cc Bug 127938 - chrome scripts should be exempt from the security check put in for 
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.


git-svn-id: svn://10.0.0.236/trunk@115457 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
7eb98a9eb6 partially backing out my last change - weird dependency problem 
git-svn-id: svn://10.0.0.236/trunk@115357 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
66acb67330 32571, present confirmation dialog before allowing scripts to close windows. 
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.


git-svn-id: svn://10.0.0.236/trunk@115356 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 04:50:21 +00:00