Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
154,112 Commits 3,986 Branches 0 Tags
c60f69078387da170c4e14e57ac514ad13f1028b
Commit Graph

566 Commits

Author SHA1 Message Date
dveditz%cruzio.com
1fa35041d9 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking, a=mtschrep 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@201709 18797224-902f-48f8-a5cc-f745e15eee43
 2006-07-06 21:07:15 +00:00
beng%bengoodger.com
34b28ed98f 336903 - make sure that feed pages load as about:feeds, making sure that that page can always execute script regardless of preferences and does not have chrome privs. r=dveditz a=darin 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@201166 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-28 23:46:36 +00:00
bzbarsky%mit.edu
ec28d0d916 Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr+branch181+a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@195331 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-25 03:28:29 +00:00
bzbarsky%mit.edu
1997e5d8c4 Check rv before looking at port. Bug 334210, r+sr+branch181=jst 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@194554 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-17 23:19:54 +00:00
gavin%gavinsharp.com
1f93ea1255 Bug 330037: First check if script/data urls are allowed, patch by Martijn Wargers <martijn.martijn@gmail.com>, r+a181=dveditz, sr=bzbarsky 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@192894 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-24 01:26:44 +00:00
bzbarsky%mit.edu
d2e3151abb Followup fix for bug 307867 -- make sure to update our pointers to hashtable entries when the entries move. r=dveditz, sr=brendan, a=dveditz, branch181=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@191140 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-24 05:13:51 +00:00
bzbarsky%mit.edu
115c5b6fae Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver, a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@190312 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-16 23:49:29 +00:00
jst%mozilla.jstenback.com
2b42496a86 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org, a=mtschrep@gmail.com 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@182939 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-25 00:40:48 +00:00
mrbkap%gmail.com
fde0343fbc bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@182416 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-17 21:40:50 +00:00
bzbarsky%mit.edu
080f8ab910 Make wildcards work for the default policy too. Bug 307867, r=caillon, 
sr=dveditz, a=asa


git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@181320 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-30 20:45:22 +00:00
dbaron%dbaron.org
2976bcffbe Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky a=me 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@180175 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-14 04:18:36 +00:00
bzbarsky%mit.edu
77e3a90e2c Remove the security.checkloaduri preference. Please to be using the 
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot. Bug 307382, r=caillon, sr=dveditz, a=asa


git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@180085 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-13 01:34:10 +00:00
dougt%meer.net
9a92420ef6 Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@179031 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-26 06:46:21 +00:00
peterv%propagandism.org
140397106e Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan, a=brendan. 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@178938 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-25 12:44:59 +00:00
gavin%gavinsharp.com
3213d22568 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz, a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@178828 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-24 19:30:42 +00:00
mconnor%steelgryphon.com
9a83c622a5 bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver, a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@178593 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-22 05:06:15 +00:00
bzbarsky%mit.edu
55a6daf516 Comment-only fixes I forgot to make. Bug 240661. 
git-svn-id: svn://10.0.0.236/trunk@176464 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
2d3b479c81 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@176101 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-14 17:46:55 +00:00
brendan%mozilla.org
15ddfa152d Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 
git-svn-id: svn://10.0.0.236/trunk@175859 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-08 23:26:36 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com
a1c7b393fd bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 
git-svn-id: svn://10.0.0.236/trunk@174689 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-16 08:30:11 +00:00
jst%mozilla.jstenback.com
eb78ffdb84 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@174335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-09 01:11:21 +00:00
timeless%mozdev.org
9d96e20c00 Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa


git-svn-id: svn://10.0.0.236/trunk@174245 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-07 21:57:56 +00:00
dougt%meer.net
c3e3eda0f8 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 
git-svn-id: svn://10.0.0.236/trunk@173927 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
e2f3b63eb9 Fix bug 293671. r=caillon sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@173335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org
87a51ef2c0 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 
git-svn-id: svn://10.0.0.236/trunk@173334 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:20:07 +00:00
brendan%mozilla.org
8a855528ea Fix comment from last night to match today's code. 
git-svn-id: svn://10.0.0.236/trunk@173040 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 18:58:24 +00:00
brendan%mozilla.org
36aee01960 Undo gist of last change for now, it breaks too much even though it's safer. 
git-svn-id: svn://10.0.0.236/trunk@173037 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 16:19:31 +00:00
brendan%mozilla.org
8695afc4e4 Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@173030 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
3ef1503a5f Fix crashes when privilegeManager methods are called by setting our our param 
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron


git-svn-id: svn://10.0.0.236/trunk@172019 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu
527175c5da Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa


git-svn-id: svn://10.0.0.236/trunk@171945 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
01efe388a9 Revert kludge, want a general fix. 
git-svn-id: svn://10.0.0.236/trunk@171865 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
41903388e1 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@171838 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 02:22:24 +00:00
timeless%mozdev.org
43edd35b64 Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong 
r=dveditz sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@171311 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-29 03:12:12 +00:00
bryner%brianryner.com
d73c7fa274 Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 
git-svn-id: svn://10.0.0.236/trunk@170483 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl
614ee4af8e bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 
git-svn-id: svn://10.0.0.236/trunk@170385 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net
fc4099e666 Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 
git-svn-id: svn://10.0.0.236/trunk@169868 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu
f661fbfa84 Remove special-casing so non-chrome-principal pages, even with chrome: uris, 
can have script disabled as needed.  Bug 280120, r=peterv, sr=neil


git-svn-id: svn://10.0.0.236/trunk@169613 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-22 21:18:31 +00:00
cbiesinger%web.de
36df735fb8 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@168870 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-06 12:39:31 +00:00
jshin%mailaps.org
3ad995326c bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@168696 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
ceee542316 Add about:license and about:licence and make about: link to them. Bug 256945, 
r=gerv, sr=darin


git-svn-id: svn://10.0.0.236/trunk@168206 18797224-902f-48f8-a5cc-f745e15eee43
 2005-01-23 21:02:36 +00:00
bsmedberg%covad.net
4c08900f0e Bug 273876 - libxul step 2 (everything through widget, except spidermonkey) r=darin; again, this should not affect non-xulrunner trees. 
git-svn-id: svn://10.0.0.236/trunk@166497 18797224-902f-48f8-a5cc-f745e15eee43
 2004-12-09 19:28:35 +00:00
timeless%mozdev.org
8eef869750 Bug 261339 Setting capability.policy.default.Window.top to noAccess seems to crash mozilla 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@165018 18797224-902f-48f8-a5cc-f745e15eee43
 2004-11-05 16:54:09 +00:00
timeless%mozdev.org
f437907894 Bug 267311 netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect") in a XBL constructor make mozilla crash. [@ JS_FrameIterator] 
r=dveditz sr=jst


git-svn-id: svn://10.0.0.236/trunk@165009 18797224-902f-48f8-a5cc-f745e15eee43
 2004-11-05 15:25:04 +00:00
bzbarsky%mit.edu
52e1c648d9 Make it possible to disable checkloaduri on a per-site basis instead of 
disabling it globally.  Bug 233108, r=caillon, sr=jst


git-svn-id: svn://10.0.0.236/trunk@164854 18797224-902f-48f8-a5cc-f745e15eee43
 2004-11-03 15:45:52 +00:00
jst%mozilla.jstenback.com
c45391a630 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@163827 18797224-902f-48f8-a5cc-f745e15eee43
 2004-10-15 16:53:35 +00:00
jst%mozilla.jstenback.com
9a84339353 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 
git-svn-id: svn://10.0.0.236/trunk@163825 18797224-902f-48f8-a5cc-f745e15eee43
 2004-10-15 16:34:58 +00:00
dveditz%cruzio.com
48060e3409 Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply


git-svn-id: svn://10.0.0.236/trunk@161570 18797224-902f-48f8-a5cc-f745e15eee43
 2004-09-01 07:53:32 +00:00