Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
115,285 Commits 3,986 Branches 0 Tags
Commit Graph

83 Commits

Author SHA1 Message Date
caillon%returnzero.com
360f61e8a1 184257 - Updating pref callers. r=timeless sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@135983 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-08 08:40:41 +00:00
seawood%netscape.com
f8f86e7f05 Start installing GRE libraries & components into a separate dist/gre directory as part of the default build. 
Bug #186241 r=dougt


git-svn-id: svn://10.0.0.236/trunk@135661 18797224-902f-48f8-a5cc-f745e15eee43
 2002-12-28 01:15:07 +00:00
mstoltz%netscape.com
51f2a63b0c Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.


git-svn-id: svn://10.0.0.236/trunk@132679 18797224-902f-48f8-a5cc-f745e15eee43
 2002-10-30 03:15:59 +00:00
seawood%netscape.com
0b3ff474f3 Removing old nmake build makefiles. Bug #158528 r=pavlov 
git-svn-id: svn://10.0.0.236/trunk@126975 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-10 07:55:43 +00:00
sicking%bigfoot.com
9f524ba3a3 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa


git-svn-id: svn://10.0.0.236/trunk@126081 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
58a849eae5 Bug 154930 - If one page has explicitly set document.domain and another has not, 
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124781 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-09 00:10:02 +00:00
mstoltz%netscape.com
8946598190 Bug 152725 - Get URL passed to cookie module from document principal, not document URL. 
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.


git-svn-id: svn://10.0.0.236/trunk@124514 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-02 17:58:24 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
mstoltz%netscape.com
c4499c97cc Bug 127938 - chrome scripts should be exempt from the security check put in for 
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.


git-svn-id: svn://10.0.0.236/trunk@115457 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
7eb98a9eb6 partially backing out my last change - weird dependency problem 
git-svn-id: svn://10.0.0.236/trunk@115357 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
66acb67330 32571, present confirmation dialog before allowing scripts to close windows. 
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.


git-svn-id: svn://10.0.0.236/trunk@115356 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 04:50:21 +00:00
mcafee%netscape.com
60dc31b4b8 Backing out mstoltz. r=dbaron,jrgm 
git-svn-id: svn://10.0.0.236/trunk@114882 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
ebb6dc6f70 Bug 105050 - return null window.opener to scripts if opener is a mail window. 
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@114853 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 01:09:45 +00:00
mstoltz%netscape.com
904896ca95 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@114377 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 04:20:46 +00:00
gerv%gerv.net
4c7ac5dfa4 License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 
git-svn-id: svn://10.0.0.236/trunk@103674 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-25 01:03:58 +00:00
gerv%gerv.net
ae1d5501a1 Oops. 
git-svn-id: svn://10.0.0.236/trunk@103236 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-20 00:02:59 +00:00
scc%mozilla.org
52c8d09e03 bug #98089: ripped new license 
git-svn-id: svn://10.0.0.236/trunk@103219 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-19 20:09:47 +00:00
brendan%mozilla.org
f5bc62edea FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver. 
git-svn-id: svn://10.0.0.236/trunk@100030 18797224-902f-48f8-a5cc-f745e15eee43
 2001-07-31 19:05:34 +00:00
mstoltz%netscape.com
fd211023d2 Bug 77485 - defining a function in another window using a targeted javascript: 
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@99171 18797224-902f-48f8-a5cc-f745e15eee43
 2001-07-13 07:08:26 +00:00
ddrinan%netscape.com
a2084f364a PCKS7 implementation for signed JS. Bug# 82227 r=mstoltz@netscape.com,sr=blizzard@mozilla.org,a=blizzard@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@95833 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-23 22:06:43 +00:00
mstoltz%netscape.com
a8b60368de Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@95481 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
b684f8fcbc Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 
git-svn-id: svn://10.0.0.236/trunk@95401 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
55577f536b Bug 47905 - adding security check for XMLHttpRequest.open. 
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
28f5530d9c Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com, 
sr=brendan@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@94546 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-11 00:43:27 +00:00
jst%netscape.com
9d299d36ce Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 
git-svn-id: svn://10.0.0.236/trunk@94238 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
452a43cfc9 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538). 
r=beard, sr=hyatt


git-svn-id: svn://10.0.0.236/trunk@92480 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
6079a31c93 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi. 
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@90195 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
0932f41358 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@88336 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
579b002a49 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 
git-svn-id: svn://10.0.0.236/trunk@85606 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-27 01:42:20 +00:00
mstoltz%netscape.com
5b27bdf415 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan. 
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan


git-svn-id: svn://10.0.0.236/trunk@82368 18797224-902f-48f8-a5cc-f745e15eee43
 2000-11-07 01:14:08 +00:00
mstoltz%netscape.com
9351f77d32 Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc 
git-svn-id: svn://10.0.0.236/trunk@81158 18797224-902f-48f8-a5cc-f745e15eee43
 2000-10-13 22:59:47 +00:00
rayw%netscape.com
d9228441a4 Bug 37275, Changing value of all progids, and changing everywhere a progid 
is mentioned to mention a contractid, including in identifiers.

r=warren


git-svn-id: svn://10.0.0.236/trunk@79036 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-13 23:57:52 +00:00
mstoltz%netscape.com
02eaec4711 Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 
git-svn-id: svn://10.0.0.236/trunk@76849 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-22 02:06:52 +00:00
jband%netscape.com
278cbd4584 fix bug 47410. Allow JS components to implement nsISecurityCheckedComponent and have sidebar componnet implement it to allow access from untrusted scripts. a=brendan@mozilla.org a=johng@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@75834 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-08 23:59:32 +00:00
vidur%netscape.com
0ff74154af Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 
git-svn-id: svn://10.0.0.236/trunk@73066 18797224-902f-48f8-a5cc-f745e15eee43
 2000-06-23 14:32:38 +00:00
joki%netscape.com
948602adcc Part of fix for 38117, prevent scripts from running event handlers on windows from other domains. r:mstoltz 
git-svn-id: svn://10.0.0.236/trunk@72698 18797224-902f-48f8-a5cc-f745e15eee43
 2000-06-21 00:21:50 +00:00
warren%netscape.com
cc5d426fbe Renaming nsIAllocator to nsIMemory (and nsAllocator to nsMemory). API cleanup/freeze. Bug #18433 
git-svn-id: svn://10.0.0.236/trunk@71450 18797224-902f-48f8-a5cc-f745e15eee43
 2000-06-03 09:46:12 +00:00
mstoltz%netscape.com
65b118d587 Removing archive attribute from nsCertificatePrincipal. This will not be used. 
git-svn-id: svn://10.0.0.236/trunk@70127 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
a24d345d24 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 
git-svn-id: svn://10.0.0.236/trunk@69963 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
763db43f91 Removed dependency of libjar on psm-glue, bug 36853. Fixed out parameter type problem in PSMComponent::HashEnd 
git-svn-id: svn://10.0.0.236/trunk@68958 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-10 01:49:33 +00:00
mstoltz%netscape.com
e5ac600ff0 Added archive attribute to nsICertificatePrincipal...part of fix for 37481. 
git-svn-id: svn://10.0.0.236/trunk@67793 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-01 23:39:51 +00:00
mstoltz%netscape.com
1aebd93c62 Fixes for 27010, 32878, and 32948. 
git-svn-id: svn://10.0.0.236/trunk@67181 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
a8b220b370 Backing out changes until I can figure out why it's crashing on startup. 
git-svn-id: svn://10.0.0.236/trunk@66937 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
85e8a5b8e2 Fixes for bugs 27010, 32878, 32948. 
git-svn-id: svn://10.0.0.236/trunk@66935 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-23 20:30:29 +00:00
norris%netscape.com
f70a94e258 Fix 
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@65940 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-14 03:14:53 +00:00
mstoltz%netscape.com
e23c3f29bf Fixed bug 30915 using nsAggregatePrincipal. r=norris 
git-svn-id: svn://10.0.0.236/trunk@64652 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-31 00:31:18 +00:00
norris%netscape.com
fd6ba38987 Adding nsAggregatePrincipal support. r=norris 
git-svn-id: svn://10.0.0.236/trunk@63535 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-21 04:05:35 +00:00
norris%netscape.com
fab29b0e70 Files: 
caps/idl/nsICertificatePrincipal.idl
	caps/idl/nsIPrincipal.idl
	caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com

Files:
	caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com

Files:
	caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com

Files:
	dom/public/nsDOMPropEnums.h
	dom/public/nsDOMPropNames.h
	dom/src/base/nsGlobalWindow.cpp
	modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com

Files:
	dom/src/base/nsJSUtils.cpp
	dom/src/base/nsJSUtils.h
	dom/src/base/nsJSEnvironment.cpp
	dom/tools/JSStubGen.cpp
	layout/base/src/nsDocument.cpp
	layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com

Files:
	layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com


git-svn-id: svn://10.0.0.236/trunk@62633 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-11 06:32:42 +00:00
norris%netscape.com
bf96355ad4 Fix 28612 META Refresh allowed in Mail/News 
r=mstoltz,a=jar
Fix 28658 File upload vulnerability
r=vidur,a=jar


git-svn-id: svn://10.0.0.236/trunk@61523 18797224-902f-48f8-a5cc-f745e15eee43
 2000-02-23 22:34:40 +00:00