their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
git-svn-id: svn://10.0.0.236/trunk@184744 18797224-902f-48f8-a5cc-f745e15eee43
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
git-svn-id: svn://10.0.0.236/trunk@174245 18797224-902f-48f8-a5cc-f745e15eee43
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
git-svn-id: svn://10.0.0.236/trunk@145319 18797224-902f-48f8-a5cc-f745e15eee43
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.comsr=bzbarsky@mit.edumoa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
git-svn-id: svn://10.0.0.236/trunk@143900 18797224-902f-48f8-a5cc-f745e15eee43
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.
git-svn-id: svn://10.0.0.236/trunk@101929 18797224-902f-48f8-a5cc-f745e15eee43
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
git-svn-id: svn://10.0.0.236/trunk@100964 18797224-902f-48f8-a5cc-f745e15eee43
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
git-svn-id: svn://10.0.0.236/trunk@100226 18797224-902f-48f8-a5cc-f745e15eee43
