Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
143,229 Commits 3,986 Branches 0 Tags
Commit Graph

161 Commits

Author SHA1 Message Date
bzbarsky%mit.edu
527175c5da Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa


git-svn-id: svn://10.0.0.236/trunk@171945 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
01efe388a9 Revert kludge, want a general fix. 
git-svn-id: svn://10.0.0.236/trunk@171865 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
41903388e1 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@171838 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 02:22:24 +00:00
cbiesinger%web.de
36df735fb8 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@168870 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-06 12:39:31 +00:00
jst%mozilla.jstenback.com
c45391a630 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@163827 18797224-902f-48f8-a5cc-f745e15eee43
 2004-10-15 16:53:35 +00:00
dveditz%cruzio.com
48060e3409 Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply


git-svn-id: svn://10.0.0.236/trunk@161570 18797224-902f-48f8-a5cc-f745e15eee43
 2004-09-01 07:53:32 +00:00
cbiesinger%web.de
1962617772 removing myself from DEBUG_CAPS_HACKER list 
git-svn-id: svn://10.0.0.236/trunk@159010 18797224-902f-48f8-a5cc-f745e15eee43
 2004-07-10 19:38:28 +00:00
cbiesinger%web.de
19f2df33b3 fix DEBUG_CAPS_HACKER bustage due to bug 240106 
r=caillon sr=darin


git-svn-id: svn://10.0.0.236/trunk@157968 18797224-902f-48f8-a5cc-f745e15eee43
 2004-06-16 15:58:22 +00:00
gerv%gerv.net
98831918fc Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155044 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-17 21:52:36 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
da7fa465a7 Better version of last change, thanks to caillon for reminding me. 
git-svn-id: svn://10.0.0.236/trunk@147384 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:55:50 +00:00
brendan%mozilla.org
4981e3ba49 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 
git-svn-id: svn://10.0.0.236/trunk@147383 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:44:33 +00:00
brendan%mozilla.org
53924f1a53 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 
git-svn-id: svn://10.0.0.236/trunk@147382 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
d55b44719f Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann


git-svn-id: svn://10.0.0.236/trunk@146256 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-22 03:06:53 +00:00
brendan%mozilla.org
95220b5330 Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@145624 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-05 20:09:21 +00:00
caillon%returnzero.com
742898a589 Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu


git-svn-id: svn://10.0.0.236/trunk@145319 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 05:28:00 +00:00
mkaply%us.ibm.com
4f792ecf69 Ports bustage - remove NS_COM per bsmedberg 
git-svn-id: svn://10.0.0.236/trunk@145161 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 18:58:30 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
seawood%netscape.com
82f61e52c5 Removing extra ^M. Fixing Irix cc bustage 
git-svn-id: svn://10.0.0.236/trunk@144243 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-28 05:15:41 +00:00
timeless%mozdev.org
543383a0e6 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst


git-svn-id: svn://10.0.0.236/trunk@144181 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00
caillon%returnzero.com
588acb1f7c Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@143900 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-18 23:48:57 +00:00
harishd%netscape.com
893e8e41f1 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@143644 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-12 20:18:34 +00:00
seawood%netscape.com
06e1507b0c Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 
git-svn-id: svn://10.0.0.236/trunk@143527 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-10 21:18:27 +00:00
mstoltz%netscape.com
d55cb10a60 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 
git-svn-id: svn://10.0.0.236/trunk@143008 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-28 23:22:36 +00:00
bzbarsky%mit.edu
880779ab82 Removing stray windows newline that causes build warning... No reviews, sorry. 
git-svn-id: svn://10.0.0.236/trunk@140850 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-08 20:26:41 +00:00
mstoltz%netscape.com
00529830be Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 
git-svn-id: svn://10.0.0.236/trunk@139306 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 02:17:37 +00:00
brendan%mozilla.org
a5ad42fb1b Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 
git-svn-id: svn://10.0.0.236/trunk@139037 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-06 19:40:14 +00:00
sfraser%netscape.com
fa2a919889 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 
git-svn-id: svn://10.0.0.236/trunk@136470 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-17 02:00:01 +00:00
alecf%netscape.com
e38457c675 take two at fixing bug 177401 - convert nsIBinaryStream over to using nsAString/nsACString for string values, to speed up fastload 
sr=darin, r=dougt
(the previous checkin had a typo which disabled fastload entirely!)


git-svn-id: svn://10.0.0.236/trunk@133832 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-14 18:16:31 +00:00
alecf%netscape.com
1c16ef7f73 argh, back out my last checkin because Ts went UP not down! 
git-svn-id: svn://10.0.0.236/trunk@133447 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-09 01:31:32 +00:00
alecf%netscape.com
aac40e7aa5 fix for bug 177401 - use nsAString& classes instead of wstring in nsIBinaryInputStream, to speed up fastload startup 
sr=darin, r=dougt


git-svn-id: svn://10.0.0.236/trunk@133429 18797224-902f-48f8-a5cc-f745e15eee43
 2002-11-08 23:30:53 +00:00
seawood%netscape.com
0b3ff474f3 Removing old nmake build makefiles. Bug #158528 r=pavlov 
git-svn-id: svn://10.0.0.236/trunk@126975 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-10 07:55:43 +00:00
mstoltz%netscape.com
58a849eae5 Bug 154930 - If one page has explicitly set document.domain and another has not, 
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124781 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-09 00:10:02 +00:00
mstoltz%netscape.com
8946598190 Bug 152725 - Get URL passed to cookie module from document principal, not document URL. 
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.


git-svn-id: svn://10.0.0.236/trunk@124514 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-02 17:58:24 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
dougt%netscape.com
d6cc711878 Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 
git-svn-id: svn://10.0.0.236/trunk@121534 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-15 18:55:21 +00:00
mstoltz%netscape.com
50e08140ae Bug 136993 - Put the "trusted codebase principals" feature back in. 
r=harishd, sr=jst, a=valeski


git-svn-id: svn://10.0.0.236/trunk@118900 18797224-902f-48f8-a5cc-f745e15eee43
 2002-04-13 01:53:46 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
alecf%netscape.com
19c823f0b1 fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed 
(and not leaked!)
r=mstoltz, sr=vidur, a=asa


git-svn-id: svn://10.0.0.236/trunk@116282 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-10 00:41:08 +00:00
jst%netscape.com
4d29697e83 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@115054 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-20 05:51:05 +00:00
mkaply%us.ibm.com
98e393ae55 OS/2 bustage - callback needs to be in header 
git-svn-id: svn://10.0.0.236/trunk@114387 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 13:30:06 +00:00
mstoltz%netscape.com
904896ca95 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@114377 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 04:20:46 +00:00
seawood%netscape.com
0bd62df729 Landing the rest of the win32 gmake changes: 
* Adds Makefile.ins to win32 specific dirs
* Adds WINNT ifdefs to Makefile.ins
* Causes NSPR to be compiled with --with-mozilla
* Misc general Makefile.in cleanup

Bug #58981 r=mcafee


git-svn-id: svn://10.0.0.236/trunk@110703 18797224-902f-48f8-a5cc-f745e15eee43
 2001-12-18 09:14:29 +00:00
mstoltz%netscape.com
2eb513fdbc bug 106535, adding the ability to enable codebase principals for a single host 
instead of for all hosts. r=vidur, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@106425 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-26 23:00:48 +00:00
bzbarsky%mit.edu
8c09a3a42d Make CAPS correctly observe changes to capability.policy prefs. Needed 
for having UI for these suckers.  Bug 101150, r=mstoltz,sr=jst


git-svn-id: svn://10.0.0.236/trunk@104440 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-02 21:56:51 +00:00
gerv%gerv.net
4c7ac5dfa4 License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 
git-svn-id: svn://10.0.0.236/trunk@103674 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-25 01:03:58 +00:00
gerv%gerv.net
ae1d5501a1 Oops. 
git-svn-id: svn://10.0.0.236/trunk@103236 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-20 00:02:59 +00:00
scc%mozilla.org
52c8d09e03 bug #98089: ripped new license 
git-svn-id: svn://10.0.0.236/trunk@103219 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-19 20:09:47 +00:00
mstoltz%netscape.com
83cf54c4fb bug 86799, adding support for wildcard security policies of the form 
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@101929 18797224-902f-48f8-a5cc-f745e15eee43
 2001-08-29 02:05:48 +00:00