Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
180,693 Commits 3,986 Branches 0 Tags
Commit Graph

101 Commits

Author SHA1 Message Date
dbaron%dbaron.org
30f83072c5 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 
git-svn-id: svn://10.0.0.236/trunk@222462 18797224-902f-48f8-a5cc-f745e15eee43
 2007-03-27 15:33:45 +00:00
bzbarsky%mit.edu
d9cf9faf6c Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 
git-svn-id: svn://10.0.0.236/trunk@215290 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
3f520eaa49 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@215130 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-10 23:49:08 +00:00
bzbarsky%mit.edu
a553da6bbb Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst


git-svn-id: svn://10.0.0.236/trunk@195964 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
d1faccd8b4 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan


git-svn-id: svn://10.0.0.236/trunk@191131 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-24 04:38:46 +00:00
bzbarsky%mit.edu
9f067136f3 Remove dead code. Bug 327171, r=mrbkap, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@189996 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
90c17667d8 Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst


git-svn-id: svn://10.0.0.236/trunk@184744 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de
eaf06b8983 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz


git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
a06f72a2d9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@182663 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-20 23:49:59 +00:00
bzbarsky%mit.edu
55a6daf516 Comment-only fixes I forgot to make. Bug 240661. 
git-svn-id: svn://10.0.0.236/trunk@176464 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00
timeless%mozdev.org
9d96e20c00 Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa


git-svn-id: svn://10.0.0.236/trunk@174245 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-07 21:57:56 +00:00
brendan%mozilla.org
8695afc4e4 Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@173030 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
527175c5da Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa


git-svn-id: svn://10.0.0.236/trunk@171945 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
01efe388a9 Revert kludge, want a general fix. 
git-svn-id: svn://10.0.0.236/trunk@171865 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
41903388e1 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@171838 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 02:22:24 +00:00
cbiesinger%web.de
36df735fb8 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@168870 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-06 12:39:31 +00:00
jst%mozilla.jstenback.com
c45391a630 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@163827 18797224-902f-48f8-a5cc-f745e15eee43
 2004-10-15 16:53:35 +00:00
dveditz%cruzio.com
48060e3409 Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply


git-svn-id: svn://10.0.0.236/trunk@161570 18797224-902f-48f8-a5cc-f745e15eee43
 2004-09-01 07:53:32 +00:00
cbiesinger%web.de
1962617772 removing myself from DEBUG_CAPS_HACKER list 
git-svn-id: svn://10.0.0.236/trunk@159010 18797224-902f-48f8-a5cc-f745e15eee43
 2004-07-10 19:38:28 +00:00
cbiesinger%web.de
19f2df33b3 fix DEBUG_CAPS_HACKER bustage due to bug 240106 
r=caillon sr=darin


git-svn-id: svn://10.0.0.236/trunk@157968 18797224-902f-48f8-a5cc-f745e15eee43
 2004-06-16 15:58:22 +00:00
gerv%gerv.net
98831918fc Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155044 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-17 21:52:36 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
da7fa465a7 Better version of last change, thanks to caillon for reminding me. 
git-svn-id: svn://10.0.0.236/trunk@147384 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:55:50 +00:00
brendan%mozilla.org
4981e3ba49 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 
git-svn-id: svn://10.0.0.236/trunk@147383 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:44:33 +00:00
brendan%mozilla.org
53924f1a53 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 
git-svn-id: svn://10.0.0.236/trunk@147382 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
d55b44719f Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann


git-svn-id: svn://10.0.0.236/trunk@146256 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-22 03:06:53 +00:00
brendan%mozilla.org
95220b5330 Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@145624 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-05 20:09:21 +00:00
caillon%returnzero.com
742898a589 Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu


git-svn-id: svn://10.0.0.236/trunk@145319 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 05:28:00 +00:00
mkaply%us.ibm.com
4f792ecf69 Ports bustage - remove NS_COM per bsmedberg 
git-svn-id: svn://10.0.0.236/trunk@145161 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 18:58:30 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
timeless%mozdev.org
543383a0e6 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst


git-svn-id: svn://10.0.0.236/trunk@144181 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00
caillon%returnzero.com
588acb1f7c Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@143900 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-18 23:48:57 +00:00
mstoltz%netscape.com
d55cb10a60 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 
git-svn-id: svn://10.0.0.236/trunk@143008 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-28 23:22:36 +00:00
bzbarsky%mit.edu
880779ab82 Removing stray windows newline that causes build warning... No reviews, sorry. 
git-svn-id: svn://10.0.0.236/trunk@140850 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-08 20:26:41 +00:00
mstoltz%netscape.com
00529830be Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 
git-svn-id: svn://10.0.0.236/trunk@139306 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 02:17:37 +00:00
brendan%mozilla.org
a5ad42fb1b Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 
git-svn-id: svn://10.0.0.236/trunk@139037 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-06 19:40:14 +00:00
sfraser%netscape.com
fa2a919889 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 
git-svn-id: svn://10.0.0.236/trunk@136470 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-17 02:00:01 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
dougt%netscape.com
d6cc711878 Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 
git-svn-id: svn://10.0.0.236/trunk@121534 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-15 18:55:21 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
alecf%netscape.com
19c823f0b1 fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed 
(and not leaked!)
r=mstoltz, sr=vidur, a=asa


git-svn-id: svn://10.0.0.236/trunk@116282 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-10 00:41:08 +00:00
jst%netscape.com
4d29697e83 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@115054 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-20 05:51:05 +00:00
mkaply%us.ibm.com
98e393ae55 OS/2 bustage - callback needs to be in header 
git-svn-id: svn://10.0.0.236/trunk@114387 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 13:30:06 +00:00
mstoltz%netscape.com
904896ca95 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@114377 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 04:20:46 +00:00
bzbarsky%mit.edu
8c09a3a42d Make CAPS correctly observe changes to capability.policy prefs. Needed 
for having UI for these suckers.  Bug 101150, r=mstoltz,sr=jst


git-svn-id: svn://10.0.0.236/trunk@104440 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-02 21:56:51 +00:00
gerv%gerv.net
4c7ac5dfa4 License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 
git-svn-id: svn://10.0.0.236/trunk@103674 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-25 01:03:58 +00:00