Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
122,637 Commits 3,986 Branches 0 Tags
Commit Graph

69 Commits

Author SHA1 Message Date
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
timeless%mozdev.org
543383a0e6 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst


git-svn-id: svn://10.0.0.236/trunk@144181 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
df95af7f9f Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@144169 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-26 00:18:43 +00:00
caillon%returnzero.com
588acb1f7c Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@143900 18797224-902f-48f8-a5cc-f745e15eee43
 2003-06-18 23:48:57 +00:00
mstoltz%netscape.com
d55cb10a60 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 
git-svn-id: svn://10.0.0.236/trunk@143008 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-28 23:22:36 +00:00
bzbarsky%mit.edu
880779ab82 Removing stray windows newline that causes build warning... No reviews, sorry. 
git-svn-id: svn://10.0.0.236/trunk@140850 18797224-902f-48f8-a5cc-f745e15eee43
 2003-04-08 20:26:41 +00:00
mstoltz%netscape.com
00529830be Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 
git-svn-id: svn://10.0.0.236/trunk@139306 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-12 02:17:37 +00:00
brendan%mozilla.org
a5ad42fb1b Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 
git-svn-id: svn://10.0.0.236/trunk@139037 18797224-902f-48f8-a5cc-f745e15eee43
 2003-03-06 19:40:14 +00:00
sfraser%netscape.com
fa2a919889 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 
git-svn-id: svn://10.0.0.236/trunk@136470 18797224-902f-48f8-a5cc-f745e15eee43
 2003-01-17 02:00:01 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
dougt%netscape.com
d6cc711878 Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 
git-svn-id: svn://10.0.0.236/trunk@121534 18797224-902f-48f8-a5cc-f745e15eee43
 2002-05-15 18:55:21 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
alecf%netscape.com
19c823f0b1 fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed 
(and not leaked!)
r=mstoltz, sr=vidur, a=asa


git-svn-id: svn://10.0.0.236/trunk@116282 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-10 00:41:08 +00:00
jst%netscape.com
4d29697e83 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 
git-svn-id: svn://10.0.0.236/trunk@115054 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-20 05:51:05 +00:00
mkaply%us.ibm.com
98e393ae55 OS/2 bustage - callback needs to be in header 
git-svn-id: svn://10.0.0.236/trunk@114387 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 13:30:06 +00:00
mstoltz%netscape.com
904896ca95 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@114377 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 04:20:46 +00:00
bzbarsky%mit.edu
8c09a3a42d Make CAPS correctly observe changes to capability.policy prefs. Needed 
for having UI for these suckers.  Bug 101150, r=mstoltz,sr=jst


git-svn-id: svn://10.0.0.236/trunk@104440 18797224-902f-48f8-a5cc-f745e15eee43
 2001-10-02 21:56:51 +00:00
gerv%gerv.net
4c7ac5dfa4 License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 
git-svn-id: svn://10.0.0.236/trunk@103674 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-25 01:03:58 +00:00
gerv%gerv.net
ae1d5501a1 Oops. 
git-svn-id: svn://10.0.0.236/trunk@103236 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-20 00:02:59 +00:00
scc%mozilla.org
52c8d09e03 bug #98089: ripped new license 
git-svn-id: svn://10.0.0.236/trunk@103219 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-19 20:09:47 +00:00
mstoltz%netscape.com
83cf54c4fb bug 86799, adding support for wildcard security policies of the form 
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@101929 18797224-902f-48f8-a5cc-f745e15eee43
 2001-08-29 02:05:48 +00:00
mstoltz%netscape.com
fd6c388ade 86984 - make history.length sameOrigin-accessible. Security prefs change. 
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst


git-svn-id: svn://10.0.0.236/trunk@100964 18797224-902f-48f8-a5cc-f745e15eee43
 2001-08-14 00:18:58 +00:00
brendan%mozilla.org
50f90d9eeb Restore scriptable nsIClassInfo.classID but add fast/C++-only classIDNoAlloc; define and use nsIClassInfo::EAGER_CLASSINFO in caps (93792, sr=waterson&jst). 
git-svn-id: svn://10.0.0.236/trunk@100464 18797224-902f-48f8-a5cc-f745e15eee43
 2001-08-07 03:59:29 +00:00
mstoltz%netscape.com
cc136b16cc 82495 - Support for the view-source protocol in CheckLoadURI 
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt


git-svn-id: svn://10.0.0.236/trunk@100226 18797224-902f-48f8-a5cc-f745e15eee43
 2001-08-02 20:32:48 +00:00
mstoltz%netscape.com
fd211023d2 Bug 77485 - defining a function in another window using a targeted javascript: 
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@99171 18797224-902f-48f8-a5cc-f745e15eee43
 2001-07-13 07:08:26 +00:00
mstoltz%netscape.com
a8b60368de Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@95481 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
b684f8fcbc Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 
git-svn-id: svn://10.0.0.236/trunk@95401 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
55577f536b Bug 47905 - adding security check for XMLHttpRequest.open. 
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
28f5530d9c Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com, 
sr=brendan@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@94546 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-11 00:43:27 +00:00
jst%netscape.com
9d299d36ce Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 
git-svn-id: svn://10.0.0.236/trunk@94238 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
452a43cfc9 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538). 
r=beard, sr=hyatt


git-svn-id: svn://10.0.0.236/trunk@92480 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
6079a31c93 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi. 
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@90195 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
0932f41358 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@88336 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
579b002a49 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 
git-svn-id: svn://10.0.0.236/trunk@85606 18797224-902f-48f8-a5cc-f745e15eee43
 2001-01-27 01:42:20 +00:00
jband%netscape.com
1920eba705 fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 
git-svn-id: svn://10.0.0.236/trunk@83113 18797224-902f-48f8-a5cc-f745e15eee43
 2000-11-30 05:32:08 +00:00
mstoltz%netscape.com
70914e878d bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 
git-svn-id: svn://10.0.0.236/trunk@78560 18797224-902f-48f8-a5cc-f745e15eee43
 2000-09-09 00:53:21 +00:00
dp%netscape.com
88d94c12d2 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 
git-svn-id: svn://10.0.0.236/trunk@76865 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com
02eaec4711 Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 
git-svn-id: svn://10.0.0.236/trunk@76849 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-22 02:06:52 +00:00
warren%netscape.com
e5706a7236 Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson 
git-svn-id: svn://10.0.0.236/trunk@75975 18797224-902f-48f8-a5cc-f745e15eee43
 2000-08-10 06:19:37 +00:00
mstoltz%netscape.com
6bfe9c11ce Fixing 40159, nasty infinite recursion on startup. r&a=beard 
git-svn-id: svn://10.0.0.236/trunk@74797 18797224-902f-48f8-a5cc-f745e15eee43
 2000-07-26 04:53:01 +00:00
mstoltz%netscape.com
0d04dfcd48 fix for 42387, r=dveditz 
git-svn-id: svn://10.0.0.236/trunk@74510 18797224-902f-48f8-a5cc-f745e15eee43
 2000-07-20 01:16:15 +00:00
mstoltz%netscape.com
2566397fdc DOM properties default to same origin access only. Bug 28443. r=rginda 
git-svn-id: svn://10.0.0.236/trunk@73681 18797224-902f-48f8-a5cc-f745e15eee43
 2000-07-05 19:08:20 +00:00
vidur%netscape.com
0ff74154af Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 
git-svn-id: svn://10.0.0.236/trunk@73066 18797224-902f-48f8-a5cc-f745e15eee43
 2000-06-23 14:32:38 +00:00
mstoltz%netscape.com
0fdc57f6f2 Allow scripting of plugins by untrusted web scripts. Bug 36375. 
git-svn-id: svn://10.0.0.236/trunk@70246 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-17 02:38:22 +00:00
mstoltz%netscape.com
a24d345d24 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 
git-svn-id: svn://10.0.0.236/trunk@69963 18797224-902f-48f8-a5cc-f745e15eee43
 2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
1aebd93c62 Fixes for 27010, 32878, and 32948. 
git-svn-id: svn://10.0.0.236/trunk@67181 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
a8b220b370 Backing out changes until I can figure out why it's crashing on startup. 
git-svn-id: svn://10.0.0.236/trunk@66937 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
85e8a5b8e2 Fixes for bugs 27010, 32878, 32948. 
git-svn-id: svn://10.0.0.236/trunk@66935 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-23 20:30:29 +00:00
norris%netscape.com
f70a94e258 Fix 
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@65940 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com
30e533ca3d # 34082 
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage


git-svn-id: svn://10.0.0.236/trunk@65290 18797224-902f-48f8-a5cc-f745e15eee43
 2000-04-05 02:32:07 +00:00