Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
160,586 Commits 3,986 Branches 0 Tags
Commit Graph

295 Commits

Author SHA1 Message Date
bzbarsky%mit.edu
c4f7acfe09 Add an interface for nested URIs (like jar:, view-source:, etc) to implement 
and use it in various places.  Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:).  Bug 334407, r=biesi,dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@195823 18797224-902f-48f8-a5cc-f745e15eee43
 2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu
f736a7bab0 Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@195330 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu
b5178addb1 Check rv before looking at port. Bug 334210, r+sr+branch181=jst 
git-svn-id: svn://10.0.0.236/trunk@194554 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-17 23:19:54 +00:00
bzbarsky%mit.edu
07f561af8d Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin 
git-svn-id: svn://10.0.0.236/trunk@194551 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu
7a842b50b9 Fix refcounting bug. Followup to bug 327176; reviews pending. 
git-svn-id: svn://10.0.0.236/trunk@193604 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu
9ff3edeea6 Init the system principal singleton when we init the security manager -- no 
need for lazy init here.  Bug 327176, r=mrbkap, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@193400 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu
e1ba63aa5f Create a powerless non-principal and start using it. Bug 326506, r=mrbkap, 
sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@193399 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-02 20:58:26 +00:00
martijn.martijn%gmail.com
8243740c9d Bug 330037 - First check if script/data url's are allowed, r=dveditz, sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@192414 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-15 11:03:25 +00:00
bryner%brianryner.com
7ec5e10667 Remove dependency on nsIClassInfo.h from nsISupports.h (bug 330420). This adds a new nsIClassInfoImpl.h file which can be included to get the CI implementation macros. Also, removes unneeded inclusion of nsIProgrammingLanguage.h from nsIClassInfo.h. r=darin. 
git-svn-id: svn://10.0.0.236/trunk@192401 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-15 04:59:42 +00:00
bzbarsky%mit.edu
d1faccd8b4 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan


git-svn-id: svn://10.0.0.236/trunk@191131 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-24 04:38:46 +00:00
bzbarsky%mit.edu
9f067136f3 Remove dead code. Bug 327171, r=mrbkap, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@189996 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
588387679c Fix debug code to assert the right thing. r=timeless 
git-svn-id: svn://10.0.0.236/trunk@189987 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-14 20:20:49 +00:00
bzbarsky%mit.edu
7db1feab23 Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@189362 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-07 22:24:47 +00:00
cbiesinger%web.de
6322c04952 bug 183156 remove *UCS2* functions, replacing them with *UTF16* ones 
r+sr=darin


git-svn-id: svn://10.0.0.236/trunk@188844 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-03 14:18:39 +00:00
jst%mozilla.jstenback.com
2a67af918b Fixing tinderbox orange. Make caps work right again when dealing with a script global object that's not a window. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@185368 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-29 06:00:36 +00:00
jst%mozilla.jstenback.com
895df6e6ca Fixing bug 316794. Moving HandleDOMEvent() and Get/SetDocShell from nsIScriptGlobalObject to nsPIDOMWindow. r=mrbkap@gmail.com, sr=peterv@propagandism.org 
git-svn-id: svn://10.0.0.236/trunk@185351 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-28 23:56:44 +00:00
brettw%gmail.com
0420e64f2f Bug 316077, r=annie.sullivan, sr=darin 
Protocol handler allowing access to binary annotations.


git-svn-id: svn://10.0.0.236/trunk@184829 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-17 18:39:00 +00:00
bzbarsky%mit.edu
90c17667d8 Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst


git-svn-id: svn://10.0.0.236/trunk@184744 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de
eaf06b8983 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz


git-svn-id: svn://10.0.0.236/trunk@184313 18797224-902f-48f8-a5cc-f745e15eee43
 2005-11-08 20:47:16 +00:00
jst%mozilla.jstenback.com
07d2395134 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@182933 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-25 00:29:28 +00:00
bzbarsky%mit.edu
a06f72a2d9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@182663 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-20 23:49:59 +00:00
bzbarsky%mit.edu
b4a5294710 Make wildcards work for the default policy too. Bug 307867, r=caillon, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@181269 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-30 03:30:40 +00:00
dbaron%dbaron.org
c1699761ee Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky 
git-svn-id: svn://10.0.0.236/trunk@180174 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-14 04:16:27 +00:00
bzbarsky%mit.edu
151ce36b21 Remove the security.checkloaduri preference. Please to be using the 
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot.

Bug 307382, r=caillon, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@179918 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-09 18:43:45 +00:00
peterv%propagandism.org
2b66b3502d Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan. 
git-svn-id: svn://10.0.0.236/trunk@178930 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-25 11:51:42 +00:00
mconnor%steelgryphon.com
bc56b295fd bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver 
git-svn-id: svn://10.0.0.236/trunk@178594 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-22 05:09:11 +00:00
gavin%gavinsharp.com
d54b52ab08 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@177957 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-17 16:55:00 +00:00
timeless%mozdev.org
ae4ec1442e Bug 304085 crash [@ JS_ValueToString - JSValIDToString] with DEBUG_CAPS_HACKER 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177932 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-17 07:40:39 +00:00
timeless%mozdev.org
7eec49b5ff Bug 304054 nsScriptSecurityManager.cpp doesn't build ifdef DEBUG_CAPS_HACKER unless defined DEBUG 
r=dveditz sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177669 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-12 23:13:46 +00:00
timeless%mozdev.org
bb2751407b Bug 304240 Make noAccess/allAccess/sameOrigin consistently intercaps in the source tree 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@177665 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-12 23:11:32 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
2d3b479c81 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@176101 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-14 17:46:55 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com
a1c7b393fd bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 
git-svn-id: svn://10.0.0.236/trunk@174689 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-16 08:30:11 +00:00
jst%mozilla.jstenback.com
eb78ffdb84 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@174335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-09 01:11:21 +00:00
timeless%mozdev.org
9d96e20c00 Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa


git-svn-id: svn://10.0.0.236/trunk@174245 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-07 21:57:56 +00:00
dbaron%dbaron.org
e2f3b63eb9 Fix bug 293671. r=caillon sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@173335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org
87a51ef2c0 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 
git-svn-id: svn://10.0.0.236/trunk@173334 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:20:07 +00:00
brendan%mozilla.org
8a855528ea Fix comment from last night to match today's code. 
git-svn-id: svn://10.0.0.236/trunk@173040 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 18:58:24 +00:00
brendan%mozilla.org
36aee01960 Undo gist of last change for now, it breaks too much even though it's safer. 
git-svn-id: svn://10.0.0.236/trunk@173037 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 16:19:31 +00:00
brendan%mozilla.org
8695afc4e4 Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@173030 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
3ef1503a5f Fix crashes when privilegeManager methods are called by setting our our param 
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron


git-svn-id: svn://10.0.0.236/trunk@172019 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu
527175c5da Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa


git-svn-id: svn://10.0.0.236/trunk@171945 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
01efe388a9 Revert kludge, want a general fix. 
git-svn-id: svn://10.0.0.236/trunk@171865 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
41903388e1 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@171838 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 02:22:24 +00:00
timeless%mozdev.org
43edd35b64 Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong 
r=dveditz sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@171311 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-29 03:12:12 +00:00
bryner%brianryner.com
d73c7fa274 Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 
git-svn-id: svn://10.0.0.236/trunk@170483 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl
614ee4af8e bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 
git-svn-id: svn://10.0.0.236/trunk@170385 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net
fc4099e666 Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 
git-svn-id: svn://10.0.0.236/trunk@169868 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-25 20:46:35 +00:00