Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
85,956 Commits 3,986 Branches 0 Tags
Commit Graph

133 Commits

Author SHA1 Message Date
jaggernaut%netscape.com
51b17b5bf0 Bug 88413: Remove |GetUnicode()| from nsString (and replace it with |get()|). r=dbaron, rs=scc. 
This removes all call-sites I can currently fix. Tomorrow I'll try to get someone to checkin my changes to security/ and I'll get some help with the Netscape side of things.

nsString::GetUnicode()'s final death-blow will be dealt soon. Please keep this in mind as you add new code :-)


git-svn-id: svn://10.0.0.236/trunk@98363 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-30 11:02:25 +00:00
mstoltz%netscape.com
300c02cfa2 86019 - Change stack-walking code in caps to keep functions from inheriting privileges 
from their caller. r=jesse@netscape.com, sr=jst@netscape.com, a=asa@mozilla.org, PDT+

86982 - Add same-origin security check to XMLDocument::Load(). r,a=blizzard@mozilla.org,
sr=jst@netscape.com

84191 - Fixing regression in Open URL dialog by not calling CheckLoadURI when it isn't
needed. r=cmanske@netscape.com, sr=sfraser@netscape.com, a=asa@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@97722 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-22 02:08:10 +00:00
dbaron%fas.harvard.edu
88810ef1eb Fix bad getters on nsIDocument and nsIScriptContext to use out params rather than return |AddRef|ed pointers. b=81289 r=jaggernaut sr=jst a=asa 
git-svn-id: svn://10.0.0.236/trunk@97540 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-20 03:27:48 +00:00
scc%mozilla.org
90f810b66a bug #85271: sr=waterson, r={beard, jag, dbaron}, a=asa. Eliminate features of |nsXPIDLC?String| that keep it out of the string hierarchy (i.e., using assigment to rebind ownership, static |Copy| members, and |getter_Shares|), fixing some leaks in the process. 
git-svn-id: svn://10.0.0.236/trunk@97289 18797224-902f-48f8-a5cc-f745e15eee43
 2001-06-17 05:23:38 +00:00
mstoltz%netscape.com
b51a5f7784 bug 77485 - exploit inserting a function into another window using targeted 
javascript URL links. Two-part fix: moving the call to GetCurrentDocumentOwner
in nsDocShell::LoadInternal to before the target docshell is called, and
changing nsScriptSecurityManager::GetFunctionObjectPrincipal to only get
the principal from the function object's scope chain if the function object's
principal is the system principal. r=jst, sr=vidur, a=asa.


git-svn-id: svn://10.0.0.236/trunk@96045 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-30 02:22:22 +00:00
mstoltz%netscape.com
a8b60368de Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@95481 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
b684f8fcbc Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 
git-svn-id: svn://10.0.0.236/trunk@95401 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
55577f536b Bug 47905 - adding security check for XMLHttpRequest.open. 
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
a617f63914 Fixing bug 78831 - treat chrome and resource URLs the same in the 
URL loading check and give them access to each other. r=pavlov,
 sr=brendan. This allows us to turn on the fix (already reviewed)
for 69070.


git-svn-id: svn://10.0.0.236/trunk@95063 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-15 22:47:21 +00:00
mstoltz%netscape.com
624a206a26 *** empty log message *** 
git-svn-id: svn://10.0.0.236/trunk@94964 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-15 06:43:12 +00:00
mstoltz%netscape.com
d356cb5c43 bug 79445, fixing crash with some event handlers (null pointer dereference) 
r/sr=brendan@mozilla.org. Also fixed a typo in prefs that would have reopened
bug 56009.


git-svn-id: svn://10.0.0.236/trunk@94939 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-15 04:44:54 +00:00
mstoltz%netscape.com
fa58142939 bug 79916 - was using | instead of &, causing a security hole. r=jband, sr=brendan. 
git-svn-id: svn://10.0.0.236/trunk@94548 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-11 00:53:21 +00:00
mstoltz%netscape.com
28f5530d9c Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com, 
sr=brendan@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@94546 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-11 00:43:27 +00:00
jst%netscape.com
9868e754bf Temporary workaround for the composer and other related problems caused by security manager problems, change by mstoltz@netscape.com, r=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@94315 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-09 02:53:46 +00:00
jst%netscape.com
9d299d36ce Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 
git-svn-id: svn://10.0.0.236/trunk@94238 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-08 16:46:42 +00:00
ccarlen%netscape.com
f720e88745 Bug 78745 - nsIPromptService::ConfirmEx needs to be more flexible. r=valeski, sr=sfraser 
git-svn-id: svn://10.0.0.236/trunk@94087 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-06 15:03:55 +00:00
mkaply%us.ibm.com
234eb0fbf2 #76913 
r=mstoltz, sr=brendan
Fix some calling convention - PR_ to JS_


git-svn-id: svn://10.0.0.236/trunk@93585 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-02 00:02:59 +00:00
valeski%netscape.com
8deb3b45a4 mozilla diffs r=tao, sr=alecf, commercial diffs r=syd, sr=syd/shaver. lower-casing JS calls to createBundle. removing un-used nsILocale param from nsIStringBundle::CreateBundle(). 76332 
git-svn-id: svn://10.0.0.236/trunk@93306 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-27 21:30:24 +00:00
sfraser%netscape.com
c696d9a508 Backing out valeski 
git-svn-id: svn://10.0.0.236/trunk@93248 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-27 05:53:22 +00:00
valeski%netscape.com
4aea038db2 mozilla tree r=tao, sr=alecf. commercial tree r=syd, sr=syd/shaver. lowercasing the first char in JS method calls to createBundle. removing the dead locale parameter in the CreateBundle() method call. 76332 
git-svn-id: svn://10.0.0.236/trunk@93239 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-27 04:16:22 +00:00
bnesse%netscape.com
ee257ebfab Prefs API refactoring. Bug #46863. r=valeski, sr=alecf. 
git-svn-id: svn://10.0.0.236/trunk@93158 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-26 18:41:11 +00:00
ccarlen%netscape.com
4ee95c6310 Bug 46859 - Remove UniversalDialog. r=valeski/sr=rpotts,sfraser/a=blizzard 
git-svn-id: svn://10.0.0.236/trunk@92856 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-21 00:26:18 +00:00
bryner%uiuc.edu
607c3ab676 Backing out bnesse's fix for bug 46863 due to numerous types of runtime bustage on linux and windows. a=brendan. 
git-svn-id: svn://10.0.0.236/trunk@92818 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-20 06:45:56 +00:00
bnesse%netscape.com
e8c7f4a0a7 Landing PrefAPI refactoring bug 46863. r=valeski, sr=alecf, a=blizzard. 
git-svn-id: svn://10.0.0.236/trunk@92761 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-19 22:21:39 +00:00
mstoltz%netscape.com
452a43cfc9 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538). 
r=beard, sr=hyatt


git-svn-id: svn://10.0.0.236/trunk@92480 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-17 01:21:44 +00:00
dbaron%fas.harvard.edu
d7a51c2dfb Fix leaks of global objects. b=76091 r=mstoltz@netscape.com sr=hyatt@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@92471 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-17 00:12:28 +00:00
danm%netscape.com
4d7d5bacd9 removing use of nsNetSupportDialog. bug 72112 continued. r=hyatt,morse,mstoltz,various 
git-svn-id: svn://10.0.0.236/trunk@91621 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-07 03:33:56 +00:00
mstoltz%netscape.com
6079a31c93 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi. 
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@90195 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-23 04:22:56 +00:00
blakeross%telocity.com
d03df0d6a4 Fix 49334: gopher support, minor restructuring of directory viewer. necko: r=darin,dougt sr=rpotts other: r=waterson,mstoltz,jag sr=alecf 
Fix 70404: assertions or datetime and finger. r=dougt, sr=rpotts

Both patches by Bradley Baetz (bbaetz@cs.mcgill.ca)


git-svn-id: svn://10.0.0.236/trunk@89579 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-14 02:42:39 +00:00
valeski%netscape.com
65ad2bc732 sr=rpotts, r=gagan. 70743. switching over to new extensible URI::SchemeIs() api 
git-svn-id: svn://10.0.0.236/trunk@89422 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-13 02:02:05 +00:00
suresh%netscape.com
4e7fb741a2 Adding aim protocol to the list. No Specific bug number. r=syd. sr=mstoltz 
git-svn-id: svn://10.0.0.236/trunk@88797 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-07 05:58:45 +00:00
beard%netscape.com
43f7d4e089 Switch from NS_STATIC_CAST to NS_REINTERPRET_CAST to fix bustage on Mac. r=mstoltz 
git-svn-id: svn://10.0.0.236/trunk@88357 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-02 01:13:35 +00:00
mstoltz%netscape.com
0932f41358 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@88336 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
68e9bdd8c0 bug 63451 - moved signature verification functions from nsIZipReader to nsIJAR. r=sgehani, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@87730 18797224-902f-48f8-a5cc-f745e15eee43
 2001-02-23 00:15:04 +00:00
gagan%netscape.com
f3f5b36700 Optimization for scheme comparison of URIs. See bug 66577 for details. r=darin, sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@85797 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-31 01:33:03 +00:00
mstoltz%netscape.com
579b002a49 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 
git-svn-id: svn://10.0.0.236/trunk@85606 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-27 01:42:20 +00:00
jband%netscape.com
1920eba705 fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 
git-svn-id: svn://10.0.0.236/trunk@83113 18797224-902f-48f8-a5cc-f745e15eee43
 2000-11-30 05:32:08 +00:00
mstoltz%netscape.com
5b27bdf415 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan. 
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan


git-svn-id: svn://10.0.0.236/trunk@82368 18797224-902f-48f8-a5cc-f745e15eee43
 2000-11-07 01:14:08 +00:00
warren%netscape.com
a8b9664a8c Bug 47207. Backing out logging/PRINTF changes until we can fix stopwatch.h, introduce double parens, etc. 
git-svn-id: svn://10.0.0.236/trunk@81967 18797224-902f-48f8-a5cc-f745e15eee43
 2000-10-28 22:17:53 +00:00
warren%netscape.com
c6b67eceeb Bug 47207. Changing printf to PRINTF to use new logging facility. r=valeski,sr=waterson 
git-svn-id: svn://10.0.0.236/trunk@81885 18797224-902f-48f8-a5cc-f745e15eee43
 2000-10-27 22:43:51 +00:00
mscott%netscape.com
0c698ba87a Bug #48403 --> don't allow JS running in a mailnews sand box to change the name of it's containing iframe. 
this code was contributed by mstoltz.
r=beard, sr=mscott


git-svn-id: svn://10.0.0.236/trunk@81632 18797224-902f-48f8-a5cc-f745e15eee43
 2000-10-24 00:52:02 +00:00
mstoltz%netscape.com
9351f77d32 Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc 
git-svn-id: svn://10.0.0.236/trunk@81158 18797224-902f-48f8-a5cc-f745e15eee43
 2000-10-13 22:59:47 +00:00
mstoltz%netscape.com
676f6215b3 Fixing 52497, security problem in document.implementation, r=jst a=brendan 
git-svn-id: svn://10.0.0.236/trunk@79671 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-20 23:38:28 +00:00
rayw%netscape.com
d9228441a4 Bug 37275, Changing value of all progids, and changing everywhere a progid 
is mentioned to mention a contractid, including in identifiers.

r=warren


git-svn-id: svn://10.0.0.236/trunk@79036 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-13 23:57:52 +00:00
mstoltz%netscape.com
70914e878d bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 
git-svn-id: svn://10.0.0.236/trunk@78560 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-09 00:53:21 +00:00
mstoltz%netscape.com
891766eb9e bug 50304, adding "static" to security policy struct, should save some memory and time. r=rogerl 
git-svn-id: svn://10.0.0.236/trunk@78408 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-07 19:03:23 +00:00
scc%mozilla.org
c03fb594e2 more GCC fixes 
git-svn-id: svn://10.0.0.236/trunk@78068 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-03 06:41:18 +00:00
dp%netscape.com
88d94c12d2 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 
git-svn-id: svn://10.0.0.236/trunk@76865 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com
02eaec4711 Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 
git-svn-id: svn://10.0.0.236/trunk@76849 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-22 02:06:52 +00:00
shaver%mozilla.org
84ea4561c3 Fix 47354 and 39975 by providing a system-privileged scope backstop for 
JS Components, and teaching the ScriptSecurityManager to check for
XPC-wrapped native objects in the scope chain when looking for an
object's principal. r=jband/a=brendan


git-svn-id: svn://10.0.0.236/trunk@76407 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-16 04:01:02 +00:00