Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
211,852 Commits 3,986 Branches 0 Tags
Commit Graph

116 Commits

Author SHA1 Message Date
mrbkap%gmail.com
a3d3acbb16 Bug 460882. r+sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@257562 18797224-902f-48f8-a5cc-f745e15eee43
 2009-06-24 02:30:25 +00:00
jonas%sicking.cc
f8cd3459d9 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 
git-svn-id: svn://10.0.0.236/trunk@250472 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-18 17:35:57 +00:00
jonas%sicking.cc
9fce957868 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@249871 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-09 00:38:13 +00:00
jst%mozilla.org
848e5e4245 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@248431 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-22 16:50:49 +00:00
jst%mozilla.org
981793b5f4 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@248340 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-21 04:39:10 +00:00
bzbarsky%mit.edu
e0b620b5fe Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the 
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@248133 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-18 21:14:50 +00:00
jonas%sicking.cc
35f305467d Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246616 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:45:32 +00:00
myk%mozilla.org
425e84676b backing out fix for bug 416534 as potential cause of mochitest failure 
git-svn-id: svn://10.0.0.236/trunk@246615 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 03:23:38 +00:00
jonas%sicking.cc
05e58d7ee2 Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 
git-svn-id: svn://10.0.0.236/trunk@246608 18797224-902f-48f8-a5cc-f745e15eee43
 2008-02-27 02:17:52 +00:00
jst%mozilla.org
f9cb3c8650 Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@244380 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-29 20:51:01 +00:00
benjamin%smedbergs.us
0a44d0e3e2 Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 
git-svn-id: svn://10.0.0.236/trunk@243117 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-15 15:51:02 +00:00
jst%mozilla.org
1fe4314b66 Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@240954 18797224-902f-48f8-a5cc-f745e15eee43
 2007-12-12 23:02:26 +00:00
dveditz%cruzio.com
8f410f02d5 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 
git-svn-id: svn://10.0.0.236/trunk@234031 18797224-902f-48f8-a5cc-f745e15eee43
 2007-09-06 07:02:57 +00:00
jwalden%mit.edu
dda6ff3c99 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 
git-svn-id: svn://10.0.0.236/trunk@229504 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-08 07:08:56 +00:00
dbaron%dbaron.org
8043a5c9c7 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 
git-svn-id: svn://10.0.0.236/trunk@222464 18797224-902f-48f8-a5cc-f745e15eee43
 2007-03-27 15:35:02 +00:00
dbaron%dbaron.org
30f83072c5 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 
git-svn-id: svn://10.0.0.236/trunk@222462 18797224-902f-48f8-a5cc-f745e15eee43
 2007-03-27 15:33:45 +00:00
bzbarsky%mit.edu
d9cf9faf6c Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 
git-svn-id: svn://10.0.0.236/trunk@215290 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
3f520eaa49 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@215130 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-10 23:49:08 +00:00
bzbarsky%mit.edu
a553da6bbb Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst


git-svn-id: svn://10.0.0.236/trunk@195964 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
d1faccd8b4 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan


git-svn-id: svn://10.0.0.236/trunk@191131 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-24 04:38:46 +00:00
bzbarsky%mit.edu
9f067136f3 Remove dead code. Bug 327171, r=mrbkap, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@189996 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
90c17667d8 Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst


git-svn-id: svn://10.0.0.236/trunk@184744 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de
eaf06b8983 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz


git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
a06f72a2d9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@182663 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-20 23:49:59 +00:00
bzbarsky%mit.edu
55a6daf516 Comment-only fixes I forgot to make. Bug 240661. 
git-svn-id: svn://10.0.0.236/trunk@176464 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00
timeless%mozdev.org
9d96e20c00 Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa


git-svn-id: svn://10.0.0.236/trunk@174245 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-07 21:57:56 +00:00
brendan%mozilla.org
8695afc4e4 Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@173030 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
527175c5da Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa


git-svn-id: svn://10.0.0.236/trunk@171945 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
01efe388a9 Revert kludge, want a general fix. 
git-svn-id: svn://10.0.0.236/trunk@171865 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
41903388e1 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@171838 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 02:22:24 +00:00
cbiesinger%web.de
36df735fb8 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@168870 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-06 12:39:31 +00:00
jst%mozilla.jstenback.com
c45391a630 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@163827 18797224-902f-48f8-a5cc-f745e15eee43
 2004-10-15 16:53:35 +00:00
dveditz%cruzio.com
48060e3409 Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply


git-svn-id: svn://10.0.0.236/trunk@161570 18797224-902f-48f8-a5cc-f745e15eee43
 2004-09-01 07:53:32 +00:00
cbiesinger%web.de
1962617772 removing myself from DEBUG_CAPS_HACKER list 
git-svn-id: svn://10.0.0.236/trunk@159010 18797224-902f-48f8-a5cc-f745e15eee43
 2004-07-10 19:38:28 +00:00
cbiesinger%web.de
19f2df33b3 fix DEBUG_CAPS_HACKER bustage due to bug 240106 
r=caillon sr=darin


git-svn-id: svn://10.0.0.236/trunk@157968 18797224-902f-48f8-a5cc-f745e15eee43
 2004-06-16 15:58:22 +00:00
gerv%gerv.net
98831918fc Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155044 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-17 21:52:36 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
da7fa465a7 Better version of last change, thanks to caillon for reminding me. 
git-svn-id: svn://10.0.0.236/trunk@147384 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:55:50 +00:00
brendan%mozilla.org
4981e3ba49 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 
git-svn-id: svn://10.0.0.236/trunk@147383 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:44:33 +00:00
brendan%mozilla.org
53924f1a53 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 
git-svn-id: svn://10.0.0.236/trunk@147382 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
d55b44719f Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann


git-svn-id: svn://10.0.0.236/trunk@146256 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-22 03:06:53 +00:00
brendan%mozilla.org
95220b5330 Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@145624 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-05 20:09:21 +00:00
caillon%returnzero.com
742898a589 Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu


git-svn-id: svn://10.0.0.236/trunk@145319 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 05:28:00 +00:00
mkaply%us.ibm.com
4f792ecf69 Ports bustage - remove NS_COM per bsmedberg 
git-svn-id: svn://10.0.0.236/trunk@145161 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 18:58:30 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
timeless%mozdev.org
543383a0e6 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst


git-svn-id: svn://10.0.0.236/trunk@144181 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00