Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
153,855 Commits 3,986 Branches 0 Tags
Commit Graph

570 Commits

Author SHA1 Message Date
jst%mozilla.jstenback.com
2a67af918b Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@185368 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com
895df6e6ca Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org 
git-svn-id: svn://10.0.0.236/trunk@185351 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-28 23:56:44 +00:00
timeless%mozdev.org
f9bdb44b34 Bug 106386 Correct misspellings in source code 
patch by unknown@simplemachines.org r=timeless rs=brendan


git-svn-id: svn://10.0.0.236/trunk@185269 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-25 08:16:51 +00:00
brettw%gmail.com
0420e64f2f Bug 316077, r=annie.sullivan, sr=darin 
Protocol handler allowing access to binary annotations.


git-svn-id: svn://10.0.0.236/trunk@184829 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu
90c17667d8 Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst


git-svn-id: svn://10.0.0.236/trunk@184744 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de
eaf06b8983 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz


git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
d14d1f2475 Remove nsIStyledContent. Bug 313968, r=sicking, r=dbaron on nsCSSStyleSheet 
changes, sr=jst


git-svn-id: svn://10.0.0.236/trunk@183371 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-02 00:41:51 +00:00
jst%mozilla.jstenback.com
07d2395134 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@182933 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu
a06f72a2d9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@182663 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-20 23:49:59 +00:00
mrbkap%gmail.com
1ce421fc5b bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@182260 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-14 18:57:26 +00:00
bzbarsky%mit.edu
b4a5294710 Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@181269 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-30 03:30:40 +00:00
dbaron%dbaron.org
c1699761ee Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@180174 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu
151ce36b21 Remove the security.checkloaduri preference. Please to be using the 
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.

Bug 307382, r=caillon, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@179918 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 18:43:45 +00:00
dougt%meer.net
94085e172f Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 
git-svn-id: svn://10.0.0.236/trunk@179031 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-26 06:46:21 +00:00
peterv%propagandism.org
2b66b3502d Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan. 
git-svn-id: svn://10.0.0.236/trunk@178930 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com
bc56b295fd bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@178594 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com
d54b52ab08 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@177957 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-17 16:55:00 +00:00
timeless%mozdev.org
ae4ec1442e Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177932 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-17 07:40:39 +00:00
timeless%mozdev.org
7eec49b5ff Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG 
r=dveditz sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177669 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-12 23:13:46 +00:00
timeless%mozdev.org
bb2751407b Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177665 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
55a6daf516 Comment-only fixes I forgot to make. Bug 240661. 
git-svn-id: svn://10.0.0.236/trunk@176464 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
2d3b479c81 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@176101 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-14 17:46:55 +00:00
brendan%mozilla.org
15ddfa152d Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 
git-svn-id: svn://10.0.0.236/trunk@175859 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-08 23:26:36 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com
a1c7b393fd bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 
git-svn-id: svn://10.0.0.236/trunk@174689 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-16 08:30:11 +00:00
jst%mozilla.jstenback.com
eb78ffdb84 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@174335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-09 01:11:21 +00:00
timeless%mozdev.org
9d96e20c00 Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa


git-svn-id: svn://10.0.0.236/trunk@174245 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-07 21:57:56 +00:00
dougt%meer.net
c3e3eda0f8 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 
git-svn-id: svn://10.0.0.236/trunk@173927 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
e2f3b63eb9 Fix bug 293671. r=caillon sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@173335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org
87a51ef2c0 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 
git-svn-id: svn://10.0.0.236/trunk@173334 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:20:07 +00:00
brendan%mozilla.org
8a855528ea Fix comment from last night to match today's code. 
git-svn-id: svn://10.0.0.236/trunk@173040 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 18:58:24 +00:00
brendan%mozilla.org
36aee01960 Undo gist of last change for now, it breaks too much even though it's safer. 
git-svn-id: svn://10.0.0.236/trunk@173037 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 16:19:31 +00:00
brendan%mozilla.org
8695afc4e4 Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@173030 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
3ef1503a5f Fix crashes when privilegeManager methods are called by setting our our param 
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron


git-svn-id: svn://10.0.0.236/trunk@172019 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu
527175c5da Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa


git-svn-id: svn://10.0.0.236/trunk@171945 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
01efe388a9 Revert kludge, want a general fix. 
git-svn-id: svn://10.0.0.236/trunk@171865 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
41903388e1 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@171838 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 02:22:24 +00:00
timeless%mozdev.org
43edd35b64 Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong 
r=dveditz sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@171311 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-29 03:12:12 +00:00
bryner%brianryner.com
d73c7fa274 Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 
git-svn-id: svn://10.0.0.236/trunk@170483 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl
614ee4af8e bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 
git-svn-id: svn://10.0.0.236/trunk@170385 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net
fc4099e666 Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 
git-svn-id: svn://10.0.0.236/trunk@169868 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu
f661fbfa84 Remove special-casing so non-chrome-principal pages, even with chrome: uris, 
can have script disabled as needed.  Bug 280120, r=peterv, sr=neil


git-svn-id: svn://10.0.0.236/trunk@169613 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-22 21:18:31 +00:00
cbiesinger%web.de
36df735fb8 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@168870 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-06 12:39:31 +00:00
jshin%mailaps.org
3ad995326c bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@168696 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
ceee542316 Add about:license and about:licence and make about: link to them. Bug 256945, 
r=gerv, sr=darin


git-svn-id: svn://10.0.0.236/trunk@168206 18797224-902f-48f8-a5cc-f745e15eee43
 2005-01-23 21:02:36 +00:00
bsmedberg%covad.net
4c08900f0e Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees. 
git-svn-id: svn://10.0.0.236/trunk@166497 18797224-902f-48f8-a5cc-f745e15eee43
 2004-12-09 19:28:35 +00:00
timeless%mozdev.org
8eef869750 Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@165018 18797224-902f-48f8-a5cc-f745e15eee43
 2004-11-05 16:54:09 +00:00
timeless%mozdev.org
f437907894 Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator] 
r=dveditz sr=jst


git-svn-id: svn://10.0.0.236/trunk@165009 18797224-902f-48f8-a5cc-f745e15eee43
 2004-11-05 15:25:04 +00:00