Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
142,553 Commits 3,986 Branches 0 Tags
Commit Graph

249 Commits

Author SHA1 Message Date
jst%netscape.com
394e9fef7e Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@142350 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-12 22:23:52 +00:00
brendan%mozilla.org
409a6a96a8 Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa). 
git-svn-id: svn://10.0.0.236/trunk@142248 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-09 00:40:50 +00:00
jst%netscape.com
6f39df51bc Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@141333 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-17 20:21:00 +00:00
mstoltz%netscape.com
00529830be Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 
git-svn-id: svn://10.0.0.236/trunk@139306 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 02:17:37 +00:00
timeless%mozdev.org
7f19212039 Bug 196340 Change NS_REINTERPRET_CAST(nsIScriptContext*, JS_GetContextPrivate(cx)) to use Static Cast 
r=mstoltz sr=heikki


git-svn-id: svn://10.0.0.236/trunk@139117 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-07 21:54:28 +00:00
brendan%mozilla.org
a5ad42fb1b Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 
git-svn-id: svn://10.0.0.236/trunk@139037 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-06 19:40:14 +00:00
rginda%netscape.com
ce1ca0b4c1 bug 191773, r=mstoltz, a=dbaron@dbaron.org 
only allow x-jsd: urls from chrome: and resource:


git-svn-id: svn://10.0.0.236/trunk@137399 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-05 01:27:56 +00:00
sfraser%netscape.com
b3ed7e7caf Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@136464 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-17 01:00:15 +00:00
dbaron%dbaron.org
30879d2c9e Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it's no longer needed. r=timeless sr=jag 
git-svn-id: svn://10.0.0.236/trunk@135991 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-08 19:24:38 +00:00
mstoltz%netscape.com
51f2a63b0c Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.


git-svn-id: svn://10.0.0.236/trunk@132679 18797224-902f-48f8-a5cc-f745e15eee43
 2002-10-30 03:15:59 +00:00
sspitzer%netscape.com
05fe9776e8 fix for #168136. r=mstoltz, sr=dveditz. 
for pref controlled schemes, allow access if source scheme is chrome or res.
needed for the new "view filter log UI".


git-svn-id: svn://10.0.0.236/trunk@129410 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-12 20:27:07 +00:00
dougt%netscape.com
e289284076 166917. Clean up xpcom SDK includes. r=rpotts@netscape.com, sr=alecf@netscape.com, a=rjesup@wgate.com 
git-svn-id: svn://10.0.0.236/trunk@129050 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 17:13:19 +00:00
jkeiser%netscape.com
00f9a12d62 Make anonymous content inaccessible to web content (bug 164086), r=sicking@bigfoot.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@128436 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-29 04:05:39 +00:00
bbaetz%student.usyd.edu.au
4e8a1e0dc7 Backing out jkeiser's checkin for bug 164086 (not bug 96537) because he 
left a file out, and the tree turned red....


git-svn-id: svn://10.0.0.236/trunk@128332 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-28 10:13:28 +00:00
jkeiser%netscape.com
958a25b600 Make anonymous content inaccessible to web content (bug 96537), r=sicking@bigfoot.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@128330 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-28 08:19:43 +00:00
henry.jia%sun.com
3f9b0291d9 5th patch for bug 158080 
Description: replace the hardcode of @mozilla.org/embedcomp/window-watcher;1 with NS_WINDOWWATCHER_CONTRACTID
Patch by Henry.Jia@sun.com
r=anto, sr=alecf


git-svn-id: svn://10.0.0.236/trunk@126458 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-06 06:32:02 +00:00
sicking%bigfoot.com
9f524ba3a3 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa


git-svn-id: svn://10.0.0.236/trunk@126081 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
58a849eae5 Bug 154930 - If one page has explicitly set document.domain and another has not, 
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124781 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-09 00:10:02 +00:00
harishd%netscape.com
eec4e16e84 Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@124550 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-02 23:26:08 +00:00
harishd%netscape.com
6a17a8cbac Backing out my checkin to see if it fixes the Txul breakage 
git-svn-id: svn://10.0.0.236/trunk@124236 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-27 23:32:51 +00:00
harishd%netscape.com
270da5e314 ** checking in for mstoltz ** 
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124210 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-27 20:58:42 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
dougt%netscape.com
d6cc711878 Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 
git-svn-id: svn://10.0.0.236/trunk@121534 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-15 18:55:21 +00:00
darin%netscape.com
24feadaaed fixes bug 142870 "nsIFile should use UCS-2 instead of UTF-8" 
r=dougt sr=alecf


git-svn-id: svn://10.0.0.236/trunk@121010 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-07 23:07:19 +00:00
darin%netscape.com
824def02af fixes bug 129279 "nsIFile unicode/utf8/ascii task" 
r=dougt sr=alecf


git-svn-id: svn://10.0.0.236/trunk@120092 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-27 05:33:09 +00:00
mstoltz%netscape.com
50e08140ae Bug 136993 - Put the "trusted codebase principals" feature back in. 
r=harishd, sr=jst, a=valeski


git-svn-id: svn://10.0.0.236/trunk@118900 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-13 01:53:46 +00:00
darin%netscape.com
18cd799d96 fixes bug 134546 "Memory leak in nsScriptSecurityManager::GetBaseURIScheme()" 
patch=pj@ludd.luth.se, r=mstoltz, sr=darin, a=rjesup@wgate.com


git-svn-id: svn://10.0.0.236/trunk@118029 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-03 20:23:57 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
rginda%netscape.com
f15bd8f764 Bug 129503, "IsCapabilityEnabled should return PR_TRUE if no script on stack" 
sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
.  Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native.  If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)


git-svn-id: svn://10.0.0.236/trunk@116124 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-08 02:20:55 +00:00
darin%netscape.com
04849998e1 fixes bug 124042 "support internationalized URIs" r=dougt, sr=alecf, a=asa 
git-svn-id: svn://10.0.0.236/trunk@115936 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-06 07:48:55 +00:00
jband%netscape.com
69252ef472 remove stale DEBUG_jband block. rs=jband a=dbaron 
git-svn-id: svn://10.0.0.236/trunk@115802 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-05 08:02:05 +00:00
mstoltz%netscape.com
c4499c97cc Bug 127938 - chrome scripts should be exempt from the security check put in for 
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.


git-svn-id: svn://10.0.0.236/trunk@115457 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
7eb98a9eb6 partially backing out my last change - weird dependency problem 
git-svn-id: svn://10.0.0.236/trunk@115357 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
66acb67330 32571, present confirmation dialog before allowing scripts to close windows. 
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.


git-svn-id: svn://10.0.0.236/trunk@115356 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 04:50:21 +00:00
jst%netscape.com
4d29697e83 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@115054 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-20 05:51:05 +00:00
cathleen%netscape.com
c93312040a eliminate nsCRT::strlen for char* strings (part 1), bug 124536 r=dp sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@114904 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 07:36:56 +00:00
mcafee%netscape.com
60dc31b4b8 Backing out mstoltz. r=dbaron,jrgm 
git-svn-id: svn://10.0.0.236/trunk@114882 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
ebb6dc6f70 Bug 105050 - return null window.opener to scripts if opener is a mail window. 
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@114853 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 01:09:45 +00:00
mstoltz%netscape.com
904896ca95 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@114377 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 04:20:46 +00:00
alecf%netscape.com
f7ee18f044 one more part of fix for bug 107575, including the much coveted whitespace 
remove aIgnoreCase parameter from all nsString and nsCString consumers
sr=jag, r=shaver


git-svn-id: svn://10.0.0.236/trunk@113390 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-01 01:53:09 +00:00
jaggernaut%netscape.com
436d43f211 Bug 104158: Use NS_LITERAL_STRING instead of XXXWithConversion("..."). r=bryner, rs=alecf 
git-svn-id: svn://10.0.0.236/trunk@110579 18797224-902f-48f8-a5cc-f745e15eee43
 2001-12-16 11:58:03 +00:00
mstoltz%netscape.com
5730624c01 Bug 107387 - rename security.properties to caps.properties. r=nhotta, rs=jst. 
git-svn-id: svn://10.0.0.236/trunk@110361 18797224-902f-48f8-a5cc-f745e15eee43
 2001-12-12 04:43:35 +00:00
mstoltz%netscape.com
51eea64691 Bug 109113 - misplaced #ifdef DEBUG caused fix not to work in opt builds. 
Moved #endif to exclude important call. r/sr=jst.


git-svn-id: svn://10.0.0.236/trunk@108945 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-27 00:29:20 +00:00
jband%netscape.com
2f06cb4e7d trivial patch to make what is supposed to be a warning really a warning instead of an assert. rs=jband 
git-svn-id: svn://10.0.0.236/trunk@108827 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-22 23:26:34 +00:00
peterv%netscape.com
efb0947a3c Fixing mac debug bustage. Patch suggested by jst, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@108292 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-16 10:50:33 +00:00
mstoltz%netscape.com
f5760e7eb3 Bug 109113, second half of fix. r=jst, sr=brendan. Adding new CheckObjectAccess 
callback to enforce the same-origin policy on function.caller.


git-svn-id: svn://10.0.0.236/trunk@108275 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-16 06:17:24 +00:00
dbaron%fas.harvard.edu
13b5500ba3 Ensure that string literals are used as |const char*| rather than |char*|. r=jag sr=brendan b=107052 
git-svn-id: svn://10.0.0.236/trunk@107583 18797224-902f-48f8-a5cc-f745e15eee43
 2001-11-07 06:24:10 +00:00
mstoltz%netscape.com
2eb513fdbc bug 106535, adding the ability to enable codebase principals for a single host 
instead of for all hosts. r=vidur, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@106425 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-26 23:00:48 +00:00
jaggernaut%netscape.com
9dba49d0db Bug 53057: Fixing up users of implicit |CharT*| conversion operators for nsCString to use |.get()| instead, rr=dbaron, rs=scc 
git-svn-id: svn://10.0.0.236/trunk@106250 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-25 06:13:52 +00:00
bnesse%netscape.com
7f9fa9521d Fix for bug 103883. Add weak ref support for prefs observers to help reduce MLK cycles with preferences. r=ccarlen, darin, gordon, hewitt, mstoltz, srilatha, sspitzer. sr=alecf. 
git-svn-id: svn://10.0.0.236/trunk@105960 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-22 20:54:48 +00:00