Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
218,583 Commits 3,986 Branches 0 Tags
Commit Graph

59 Commits

Author SHA1 Message Date
jonas%sicking.cc
f8cd3459d9 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 
git-svn-id: svn://10.0.0.236/trunk@250472 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-18 17:35:57 +00:00
jonas%sicking.cc
9fce957868 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@249871 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-09 00:38:13 +00:00
jst%mozilla.org
848e5e4245 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@248431 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-22 16:50:49 +00:00
jonas%sicking.cc
fc747a50f2 Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@248160 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-19 00:27:57 +00:00
bzbarsky%mit.edu
e0b620b5fe Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the 
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@248133 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-18 21:14:50 +00:00
jonas%sicking.cc
35f305467d Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246616 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:45:32 +00:00
myk%mozilla.org
425e84676b backing out fix for bug 416534 as potential cause of mochitest failure 
git-svn-id: svn://10.0.0.236/trunk@246615 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:23:38 +00:00
jonas%sicking.cc
05e58d7ee2 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246608 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 02:17:52 +00:00
bzbarsky%mit.edu
643799fa05 Somewhat reduce the amount of memory an nsPrincipal allocates in the common 
case.  Bug 397733, r+sr+a=jst


git-svn-id: svn://10.0.0.236/trunk@236840 18797224-902f-48f8-a5cc-f745e15eee43
 2007-09-28 14:31:04 +00:00
bzbarsky%mit.edu
884df8f821 Make the nsISerializable implementation of nsPrincipal actually work. This 
makes it possible to save principal objects to a stream and read them back.
Bug 369566, r=dveditz+brendan, sr=jst, a=jst


git-svn-id: svn://10.0.0.236/trunk@236161 18797224-902f-48f8-a5cc-f745e15eee43
 2007-09-17 22:18:28 +00:00
sdwilsh%shawnwilsher.com
075b7713cb Bustage fix 
git-svn-id: svn://10.0.0.236/trunk@229748 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-11 21:20:11 +00:00
jwalden%mit.edu
dda6ff3c99 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 
git-svn-id: svn://10.0.0.236/trunk@229504 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-08 07:08:56 +00:00
bzbarsky%mit.edu
ce268ae2a9 Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 
git-svn-id: svn://10.0.0.236/trunk@228233 18797224-902f-48f8-a5cc-f745e15eee43
 2007-06-18 15:07:02 +00:00
bzbarsky%mit.edu
393b09b776 Make nsPrincipal::Equals compare codebases, not just certs, for certificate 
principals.  Bug 369201, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@228232 18797224-902f-48f8-a5cc-f745e15eee43
 2007-06-18 15:01:53 +00:00
bzbarsky%mit.edu
f5956a5fd5 When getting codebase principals, install the passed-in codebase on them even 
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@219846 18797224-902f-48f8-a5cc-f745e15eee43
 2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
0583386559 Remove special-casing of about:blank for security purposes; give about:blank 
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst


git-svn-id: svn://10.0.0.236/trunk@207471 18797224-902f-48f8-a5cc-f745e15eee43
 2006-08-15 17:31:16 +00:00
bzbarsky%mit.edu
faa9044fad Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@200404 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu
d81cffda8c Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@196360 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-12 00:05:40 +00:00
darin%meer.net
70deb5f58d fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron 
git-svn-id: svn://10.0.0.236/trunk@193272 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-30 18:40:56 +00:00
bryner%brianryner.com
7ec5e10667 Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin. 
git-svn-id: svn://10.0.0.236/trunk@192401 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-15 04:59:42 +00:00
timeless%mozdev.org
af51e73d0e Bug 106386 Correct misspellings in source code 
r=bernd rs=brendan


git-svn-id: svn://10.0.0.236/trunk@191013 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-23 09:36:43 +00:00
mrbkap%gmail.com
1ce421fc5b bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@182260 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu
55a6daf516 Comment-only fixes I forgot to make. Bug 240661. 
git-svn-id: svn://10.0.0.236/trunk@176464 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
brendan%mozilla.org
15ddfa152d Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 
git-svn-id: svn://10.0.0.236/trunk@175859 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-08 23:26:36 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00
caillon%returnzero.com
660523df15 227079 - Mozilla asks for security privileges where it shouldn't 
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron


git-svn-id: svn://10.0.0.236/trunk@150007 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-04 02:14:07 +00:00
brendan%mozilla.org
57f2064642 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@148748 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-03 04:26:55 +00:00
dbaron%dbaron.org
e86cbc3f65 Work around bustage. Temporary fix. b=223041 
git-svn-id: svn://10.0.0.236/trunk@148710 18797224-902f-48f8-a5cc-f745e15eee43
 2003-11-02 02:31:53 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
da7fa465a7 Better version of last change, thanks to caillon for reminding me. 
git-svn-id: svn://10.0.0.236/trunk@147384 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:55:50 +00:00
brendan%mozilla.org
4981e3ba49 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 
git-svn-id: svn://10.0.0.236/trunk@147383 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:44:33 +00:00
caillon%returnzero.com
8bd93e8b6d Bug 216234 
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@146208 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-20 00:40:13 +00:00
caillon%returnzero.com
916e757114 Bug 214949 
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com


git-svn-id: svn://10.0.0.236/trunk@145830 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-10 02:26:11 +00:00
caillon%returnzero.com
eb5d77e5d2 Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536. 
r=timeless,sr=bzbarsky on IRC.


git-svn-id: svn://10.0.0.236/trunk@145242 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-27 07:00:25 +00:00
caillon%returnzero.com
ee8fbe535c 213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue] 
r+sr+caillonIsStupid=bzbarsky@mit.edu


git-svn-id: svn://10.0.0.236/trunk@145241 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-27 04:08:48 +00:00
caillon%returnzero.com
aa18e68f01 Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability. 
r+sr=bzbarsky@mit.edu


git-svn-id: svn://10.0.0.236/trunk@145206 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-25 19:23:17 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
arielb%netscape.com
35dc473dd3 Fix to the caps security module. I removed the nsPrincipal struct, from now 
on you can access principals by their xpcomed interface nsIPrincipal.


git-svn-id: svn://10.0.0.236/trunk@40961 18797224-902f-48f8-a5cc-f745e15eee43
 1999-07-24 03:58:23 +00:00
brade%netscape.com
0abc84f688 move local variables into #if block where they are needed (reduces warnings on Macintosh compiler) 
git-svn-id: svn://10.0.0.236/trunk@21309 18797224-902f-48f8-a5cc-f745e15eee43
 1999-02-19 16:12:58 +00:00
raman%netscape.com
b40d7ccdf1 Checking in changes from Bob Glickstein 
git-svn-id: svn://10.0.0.236/trunk@16420 18797224-902f-48f8-a5cc-f745e15eee43
 1998-12-15 05:53:19 +00:00
raman%netscape.com
f100d4f1c2 Changes to make caps into a DLL. Defined all strings in this file until there is a replacement for allxpstr.h 
git-svn-id: svn://10.0.0.236/trunk@14933 18797224-902f-48f8-a5cc-f745e15eee43
 1998-11-19 05:22:28 +00:00
raman%netscape.com
c88302e2b7 Bug fixes from MozillaClassic branch, plus changes to build caps without rdf 
git-svn-id: svn://10.0.0.236/trunk@14756 18797224-902f-48f8-a5cc-f745e15eee43
 1998-11-16 21:57:13 +00:00
raman%netscape.com
05cb2627de Minor bug fix to my last check-in 
git-svn-id: svn://10.0.0.236/trunk@13597 18797224-902f-48f8-a5cc-f745e15eee43
 1998-10-28 04:53:47 +00:00
raman%netscape.com
c070f4d115 Bug fixes to make caps stuff work with jvm's codesource principals 
git-svn-id: svn://10.0.0.236/trunk@13589 18797224-902f-48f8-a5cc-f745e15eee43
 1998-10-28 03:31:17 +00:00
raman%netscape.com
206148343b Minor tweak to my last fix. Pass PR_Now for verfication. 
git-svn-id: svn://10.0.0.236/trunk@12951 18797224-902f-48f8-a5cc-f745e15eee43
 1998-10-15 23:47:51 +00:00
raman%netscape.com
508cf175e1 Fixed the Mac bustage 
git-svn-id: svn://10.0.0.236/trunk@12939 18797224-902f-48f8-a5cc-f745e15eee43
 1998-10-15 23:21:22 +00:00
cyeh%netscape.com
2ef860f895 flip NO_SECURITY/MOZ_SECURITY logic around so that crypto stuff only 
gets enabled when MOZ_SECURITY is defined.


git-svn-id: svn://10.0.0.236/trunk@12935 18797224-902f-48f8-a5cc-f745e15eee43
 1998-10-15 22:40:32 +00:00
raman%netscape.com
cd0724bace Added verification certifcates that are created via nsICapsManager. This could be used by JVM plugins. 
git-svn-id: svn://10.0.0.236/trunk@12918 18797224-902f-48f8-a5cc-f745e15eee43
 1998-10-15 20:56:34 +00:00