Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
129,254 Commits 3,986 Branches 0 Tags
Commit Graph

226 Commits

Author SHA1 Message Date
darin%meer.net
af98e4f306 landing dbaron's patch for bug 235735 "fix callers that cast away const on result of ns[C]String::get" r+sr=darin 
git-svn-id: svn://10.0.0.236/trunk@153357 18797224-902f-48f8-a5cc-f745e15eee43
 2004-02-28 22:34:07 +00:00
darin%meer.net
9770631282 fixes bug 234916 "Remove global/static NS_NAMED_LITERAL_C?STRING usage [was: Firefox crashes on startup on Mac OS X]" r=jst sr=dbaron 
git-svn-id: svn://10.0.0.236/trunk@153191 18797224-902f-48f8-a5cc-f745e15eee43
 2004-02-25 02:08:34 +00:00
jst%mozilla.jstenback.com
854468a176 Fixing bug 233307. deCOMtaminating nsIScript* and related interfaces. r+sr=bryner@brianryner.com. 
git-svn-id: svn://10.0.0.236/trunk@152565 18797224-902f-48f8-a5cc-f745e15eee43
 2004-02-09 22:48:53 +00:00
pkw%us.ibm.com
bae37edcfd Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp 
r=caillon@aillon.org, sr=brendan@mozilla.org, a=brendan@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@150326 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-15 18:16:09 +00:00
caillon%returnzero.com
f401257c19 Permit content to link to about:logo 
Bug 223293; r=timeless sr=jst


git-svn-id: svn://10.0.0.236/trunk@148490 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-30 01:35:09 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
da7fa465a7 Better version of last change, thanks to caillon for reminding me. 
git-svn-id: svn://10.0.0.236/trunk@147384 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:55:50 +00:00
brendan%mozilla.org
4981e3ba49 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 
git-svn-id: svn://10.0.0.236/trunk@147383 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:44:33 +00:00
brendan%mozilla.org
53924f1a53 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 
git-svn-id: svn://10.0.0.236/trunk@147382 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
38f33a981a about:about 
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net


git-svn-id: svn://10.0.0.236/trunk@146846 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-13 19:35:59 +00:00
caillon%returnzero.com
d55b44719f Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann


git-svn-id: svn://10.0.0.236/trunk@146256 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-22 03:06:53 +00:00
caillon%returnzero.com
916e757114 Bug 214949 
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com


git-svn-id: svn://10.0.0.236/trunk@145830 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-10 02:26:11 +00:00
brendan%mozilla.org
95220b5330 Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 
git-svn-id: svn://10.0.0.236/trunk@145624 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-05 20:09:21 +00:00
caillon%returnzero.com
7fe85266fd Adding comments, per bzbarsky. bug 214050. 
git-svn-id: svn://10.0.0.236/trunk@145342 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 19:03:00 +00:00
caillon%returnzero.com
c9af458d0a Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050. 
git-svn-id: svn://10.0.0.236/trunk@145325 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 09:07:43 +00:00
caillon%returnzero.com
742898a589 Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu


git-svn-id: svn://10.0.0.236/trunk@145319 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-29 05:28:00 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
jst%netscape.com
155632c501 Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@144207 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-27 03:10:49 +00:00
timeless%mozdev.org
543383a0e6 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst


git-svn-id: svn://10.0.0.236/trunk@144181 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00
jst%netscape.com
ecae24eff4 Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@144108 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-24 21:43:01 +00:00
caillon%returnzero.com
588acb1f7c Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@143900 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-18 23:48:57 +00:00
harishd%netscape.com
893e8e41f1 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@143644 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-12 20:18:34 +00:00
dougt%meer.net
e70ad5a847 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143054 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:56:38 +00:00
dougt%meer.net
43e230ebe2 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143053 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:51:34 +00:00
mstoltz%netscape.com
d55cb10a60 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 
git-svn-id: svn://10.0.0.236/trunk@143008 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-28 23:22:36 +00:00
dbradley%netscape.com
5878dbec4a bug 205538 - Use hyphens instead of underscores in caps prefs for CID's. r=adamlock, sr=alecf, a=asa 
git-svn-id: svn://10.0.0.236/trunk@142650 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-20 14:19:05 +00:00
jst%netscape.com
394e9fef7e Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@142350 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-12 22:23:52 +00:00
brendan%mozilla.org
409a6a96a8 Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa). 
git-svn-id: svn://10.0.0.236/trunk@142248 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-09 00:40:50 +00:00
jst%netscape.com
6f39df51bc Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@141333 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-17 20:21:00 +00:00
mstoltz%netscape.com
00529830be Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 
git-svn-id: svn://10.0.0.236/trunk@139306 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 02:17:37 +00:00
timeless%mozdev.org
7f19212039 Bug 196340 Change NS_REINTERPRET_CAST(nsIScriptContext*, JS_GetContextPrivate(cx)) to use Static Cast 
r=mstoltz sr=heikki


git-svn-id: svn://10.0.0.236/trunk@139117 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-07 21:54:28 +00:00
brendan%mozilla.org
a5ad42fb1b Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 
git-svn-id: svn://10.0.0.236/trunk@139037 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-06 19:40:14 +00:00
rginda%netscape.com
ce1ca0b4c1 bug 191773, r=mstoltz, a=dbaron@dbaron.org 
only allow x-jsd: urls from chrome: and resource:


git-svn-id: svn://10.0.0.236/trunk@137399 18797224-902f-48f8-a5cc-f745e15eee43
 2003-02-05 01:27:56 +00:00
sfraser%netscape.com
b3ed7e7caf Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@136464 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-17 01:00:15 +00:00
dbaron%dbaron.org
30879d2c9e Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it's no longer needed. r=timeless sr=jag 
git-svn-id: svn://10.0.0.236/trunk@135991 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-08 19:24:38 +00:00
mstoltz%netscape.com
51f2a63b0c Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.


git-svn-id: svn://10.0.0.236/trunk@132679 18797224-902f-48f8-a5cc-f745e15eee43
 2002-10-30 03:15:59 +00:00
sspitzer%netscape.com
05fe9776e8 fix for #168136. r=mstoltz, sr=dveditz. 
for pref controlled schemes, allow access if source scheme is chrome or res.
needed for the new "view filter log UI".


git-svn-id: svn://10.0.0.236/trunk@129410 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-12 20:27:07 +00:00
dougt%netscape.com
e289284076 166917. Clean up xpcom SDK includes. r=rpotts@netscape.com, sr=alecf@netscape.com, a=rjesup@wgate.com 
git-svn-id: svn://10.0.0.236/trunk@129050 18797224-902f-48f8-a5cc-f745e15eee43
 2002-09-07 17:13:19 +00:00
jkeiser%netscape.com
00f9a12d62 Make anonymous content inaccessible to web content (bug 164086), r=sicking@bigfoot.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@128436 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-29 04:05:39 +00:00
bbaetz%student.usyd.edu.au
4e8a1e0dc7 Backing out jkeiser's checkin for bug 164086 (not bug 96537) because he 
left a file out, and the tree turned red....


git-svn-id: svn://10.0.0.236/trunk@128332 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-28 10:13:28 +00:00
jkeiser%netscape.com
958a25b600 Make anonymous content inaccessible to web content (bug 96537), r=sicking@bigfoot.com, sr=jst@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@128330 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-28 08:19:43 +00:00
henry.jia%sun.com
3f9b0291d9 5th patch for bug 158080 
Description: replace the hardcode of @mozilla.org/embedcomp/window-watcher;1 with NS_WINDOWWATCHER_CONTRACTID
Patch by Henry.Jia@sun.com
r=anto, sr=alecf


git-svn-id: svn://10.0.0.236/trunk@126458 18797224-902f-48f8-a5cc-f745e15eee43
 2002-08-06 06:32:02 +00:00
sicking%bigfoot.com
9f524ba3a3 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa


git-svn-id: svn://10.0.0.236/trunk@126081 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
58a849eae5 Bug 154930 - If one page has explicitly set document.domain and another has not, 
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124781 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-09 00:10:02 +00:00
harishd%netscape.com
eec4e16e84 Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@124550 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-02 23:26:08 +00:00
harishd%netscape.com
6a17a8cbac Backing out my checkin to see if it fixes the Txul breakage 
git-svn-id: svn://10.0.0.236/trunk@124236 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-27 23:32:51 +00:00
harishd%netscape.com
270da5e314 ** checking in for mstoltz ** 
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst


git-svn-id: svn://10.0.0.236/trunk@124210 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-27 20:58:42 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
dougt%netscape.com
d6cc711878 Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 
git-svn-id: svn://10.0.0.236/trunk@121534 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-15 18:55:21 +00:00