Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
85,302 Commits 3,986 Branches 0 Tags
Commit Graph

106 Commits

Author SHA1 Message Date
mstoltz%netscape.com
a8b60368de Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@95481 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
b684f8fcbc Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 
git-svn-id: svn://10.0.0.236/trunk@95401 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
55577f536b Bug 47905 - adding security check for XMLHttpRequest.open. 
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
28f5530d9c Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com, 
sr=brendan@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@94546 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-11 00:43:27 +00:00
jst%netscape.com
9d299d36ce Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 
git-svn-id: svn://10.0.0.236/trunk@94238 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
452a43cfc9 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538). 
r=beard, sr=hyatt


git-svn-id: svn://10.0.0.236/trunk@92480 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
6079a31c93 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi. 
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@90195 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
0932f41358 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@88336 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
579b002a49 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 
git-svn-id: svn://10.0.0.236/trunk@85606 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-27 01:42:20 +00:00
jband%netscape.com
1920eba705 fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 
git-svn-id: svn://10.0.0.236/trunk@83113 18797224-902f-48f8-a5cc-f745e15eee43
 2000-11-30 05:32:08 +00:00
mstoltz%netscape.com
70914e878d bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 
git-svn-id: svn://10.0.0.236/trunk@78560 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-09 00:53:21 +00:00
dp%netscape.com
88d94c12d2 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 
git-svn-id: svn://10.0.0.236/trunk@76865 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com
02eaec4711 Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 
git-svn-id: svn://10.0.0.236/trunk@76849 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-22 02:06:52 +00:00
warren%netscape.com
e5706a7236 Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson 
git-svn-id: svn://10.0.0.236/trunk@75975 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-10 06:19:37 +00:00
mstoltz%netscape.com
6bfe9c11ce Fixing 40159, nasty infinite recursion on startup. r&a=beard 
git-svn-id: svn://10.0.0.236/trunk@74797 18797224-902f-48f8-a5cc-f745e15eee43
 2000-07-26 04:53:01 +00:00
mstoltz%netscape.com
0d04dfcd48 fix for 42387, r=dveditz 
git-svn-id: svn://10.0.0.236/trunk@74510 18797224-902f-48f8-a5cc-f745e15eee43
 2000-07-20 01:16:15 +00:00
mstoltz%netscape.com
2566397fdc DOM properties default to same origin access only. Bug 28443. r=rginda 
git-svn-id: svn://10.0.0.236/trunk@73681 18797224-902f-48f8-a5cc-f745e15eee43
 2000-07-05 19:08:20 +00:00
vidur%netscape.com
0ff74154af Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 
git-svn-id: svn://10.0.0.236/trunk@73066 18797224-902f-48f8-a5cc-f745e15eee43
 2000-06-23 14:32:38 +00:00
mstoltz%netscape.com
0fdc57f6f2 Allow scripting of plugins by untrusted web scripts. Bug 36375. 
git-svn-id: svn://10.0.0.236/trunk@70246 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-17 02:38:22 +00:00
mstoltz%netscape.com
65b118d587 Removing archive attribute from nsCertificatePrincipal. This will not be used. 
git-svn-id: svn://10.0.0.236/trunk@70127 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
a24d345d24 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 
git-svn-id: svn://10.0.0.236/trunk@69963 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
e5ac600ff0 Added archive attribute to nsICertificatePrincipal...part of fix for 37481. 
git-svn-id: svn://10.0.0.236/trunk@67793 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-01 23:39:51 +00:00
mstoltz%netscape.com
1aebd93c62 Fixes for 27010, 32878, and 32948. 
git-svn-id: svn://10.0.0.236/trunk@67181 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
a8b220b370 Backing out changes until I can figure out why it's crashing on startup. 
git-svn-id: svn://10.0.0.236/trunk@66937 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
85e8a5b8e2 Fixes for bugs 27010, 32878, 32948. 
git-svn-id: svn://10.0.0.236/trunk@66935 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-23 20:30:29 +00:00
norris%netscape.com
f70a94e258 Fix 
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@65940 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com
30e533ca3d # 34082 
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage


git-svn-id: svn://10.0.0.236/trunk@65290 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-05 02:32:07 +00:00
mstoltz%netscape.com
e23c3f29bf Fixed bug 30915 using nsAggregatePrincipal. r=norris 
git-svn-id: svn://10.0.0.236/trunk@64652 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-31 00:31:18 +00:00
norris%netscape.com
938b04adf8 Fix 31998 nsScriptSecurityManager not thread safe breaks table regress 
git-svn-id: svn://10.0.0.236/trunk@63648 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-21 23:12:16 +00:00
norris%netscape.com
fd6ba38987 Adding nsAggregatePrincipal support. r=norris 
git-svn-id: svn://10.0.0.236/trunk@63535 18797224-902f-48f8-a5cc-f745e15eee43
 2000-03-21 04:05:35 +00:00
norris%netscape.com
36450a3f42 Fix 25062 Reload vulnerability 
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris


git-svn-id: svn://10.0.0.236/trunk@60281 18797224-902f-48f8-a5cc-f745e15eee43
 2000-02-10 04:56:56 +00:00
norris%netscape.com
6fc5a6608b Fix bug #25864 watch() vulnerability 
r=vidur,rogerl


git-svn-id: svn://10.0.0.236/trunk@59445 18797224-902f-48f8-a5cc-f745e15eee43
 2000-02-02 00:22:58 +00:00
norris%netscape.com
e4653042f2 Files: 
caps/include/nsScriptSecurityManager.h
	caps/src/nsScriptSecurityManager.cpp
	modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson

Files:
	dom/src/base/nsGlobalWindow.cpp
	layout/base/src/nsDocument.cpp
	layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.


Files:
	dom/src/jsurl/nsJSProtocolHandler.cpp
	webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth

Files:
	layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki


git-svn-id: svn://10.0.0.236/trunk@58429 18797224-902f-48f8-a5cc-f745e15eee43
 2000-01-23 04:23:14 +00:00
waterson%netscape.com
95142c6124 Fix build bustage. 
git-svn-id: svn://10.0.0.236/trunk@58134 18797224-902f-48f8-a5cc-f745e15eee43
 2000-01-18 22:35:27 +00:00
mstoltz%netscape.com
55356cc71b Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 
git-svn-id: svn://10.0.0.236/trunk@58125 18797224-902f-48f8-a5cc-f745e15eee43
 2000-01-18 21:54:01 +00:00
jdunn%netscape.com
9b6c271893 Fix base class specifiers, since be default if they aren't specified it is Private 
# 23237
r= warren@netscape.com, ftang@netscape.com, jband@netscape.com


git-svn-id: svn://10.0.0.236/trunk@57329 18797224-902f-48f8-a5cc-f745e15eee43
 2000-01-11 01:45:34 +00:00
norris%netscape.com
02d0724222 Fix 
858  [Feature] JavaScript auto-disable per-domain RFE
    13023 Users must be able to disable Java and JavaScript (for JS in mail)
    21923 Executing functions in "chrome:" protocol - #2.
    r=mstoltz

    (Checked in with red on Mac; Wan-Teh says his changes are localized so
     it shouldn't interfere with his fixing bustage.)


git-svn-id: svn://10.0.0.236/trunk@57214 18797224-902f-48f8-a5cc-f745e15eee43
 2000-01-08 16:51:54 +00:00
norris%netscape.com
82970f315d Fix 22909 previousSibling vulnerability 
r=mstoltz


git-svn-id: svn://10.0.0.236/trunk@56914 18797224-902f-48f8-a5cc-f745e15eee43
 2000-01-06 00:59:18 +00:00
warren%netscape.com
e9f618e116 Fix for leak/bloat stats going negative. a=jar 
git-svn-id: svn://10.0.0.236/trunk@55840 18797224-902f-48f8-a5cc-f745e15eee43
 1999-12-10 04:27:52 +00:00
norris%netscape.com
2429ef124a Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes 
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.

I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.

Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.

r=joki

There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.

r=jband


git-svn-id: svn://10.0.0.236/trunk@54477 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-25 05:28:18 +00:00
norris%netscape.com
f77a65d9d4 Modify generated dom code to use a enum rather than a string for codesize 
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz


git-svn-id: svn://10.0.0.236/trunk@54051 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-20 07:28:34 +00:00
norris%netscape.com
331cf153db * Fix 12124 [DOGFOOD] Reading user's preferences 
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law


git-svn-id: svn://10.0.0.236/trunk@53631 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-16 05:07:31 +00:00
norris%netscape.com
d83622d4ac * Fix the following bugs by tightening the default security policy. 
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com


git-svn-id: svn://10.0.0.236/trunk@53254 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-11 22:10:36 +00:00
dmose%mozilla.org
0efb7c174c updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@52910 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-06 03:43:54 +00:00
norris%netscape.com
a825f1738a work on bug 7270. 
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.


git-svn-id: svn://10.0.0.236/trunk@52128 18797224-902f-48f8-a5cc-f745e15eee43
 1999-10-28 22:09:03 +00:00
norris%netscape.com
761b5f5706 Add ability to disable JS. Fix 13978 shopping at webvan.com crashes 
git-svn-id: svn://10.0.0.236/trunk@47995 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-17 20:13:52 +00:00
norris%netscape.com
63c0017d86 Remove nsPrincipalManager.h 
git-svn-id: svn://10.0.0.236/trunk@47658 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-15 21:30:10 +00:00
norris%netscape.com
3036cb7a8a Add security support for javascript: uris. 
git-svn-id: svn://10.0.0.236/trunk@47649 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-15 20:58:41 +00:00
norris%netscape.com
47554a1bf7 Create preferences for security checks. 
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)


git-svn-id: svn://10.0.0.236/trunk@47517 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-15 04:05:43 +00:00
norris%netscape.com
82330711f4 Remove unused files. 
git-svn-id: svn://10.0.0.236/trunk@47148 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-13 20:10:24 +00:00