Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
159,922 Commits 3,986 Branches 0 Tags
d94de5c0213bf802d0584c727304a6937768eade
Commit Graph

573 Commits

Author SHA1 Message Date
dveditz%cruzio.com
0c7429bc06 bug 336303 GetOrigin should dig into nested URIs; trunk patch by bz, r=dveditz, sr=jst; backport by dveditz, r/sr=bz, a=ss 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@247464 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-10 05:42:31 +00:00
bzbarsky%mit.edu
1b35855455 Teach CheckLoadURI about gnome-vfs protocols. Bug 381146, r=dveditz, sr=jst, a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@235948 18797224-902f-48f8-a5cc-f745e15eee43
 2007-09-13 19:06:46 +00:00
gijskruitbosch%gmail.com
7c98ae4bee Bug 325761 - set DenyProtocol on x-jsd, r+sr=bzbarsky@mit.edu, a1.8.1.7=dveditz@cruzio.com 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@233874 18797224-902f-48f8-a5cc-f745e15eee43
 2007-09-04 20:22:02 +00:00
bzbarsky%mit.edu
0559ae19e5 Remove special-casing of about:blank for security purposes; give about:blank 
pages the principal of whoever is responsible for loading them, when possible.
Branch port of bug 332182, patch is in bug 381300.  r=mrbkap, sr=jst, a=dveditz


git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@229726 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-11 17:45:53 +00:00
bzbarsky%mit.edu
afa802d7d4 wyciwyg is not publig. Bug 387333, r=dveditz, sr=jst, a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@229578 18797224-902f-48f8-a5cc-f745e15eee43
 2007-07-09 23:35:39 +00:00
bzbarsky%mit.edu
4a5fe5fefb Make wyciwyg URIs be treated same-origin with their originating page. Bug 172261, r=dveditz, sr=jst, a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@224803 18797224-902f-48f8-a5cc-f745e15eee43
 2007-04-20 20:41:31 +00:00
bzbarsky%mit.edu
b42375e871 about: should really be DenyProtocol. Bug 371375, r+sr+a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@222551 18797224-902f-48f8-a5cc-f745e15eee43
 2007-03-28 20:23:05 +00:00
dveditz%cruzio.com
1fa35041d9 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking, a=mtschrep 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@201709 18797224-902f-48f8-a5cc-f745e15eee43
 2006-07-06 21:07:15 +00:00
beng%bengoodger.com
34b28ed98f 336903 - make sure that feed pages load as about:feeds, making sure that that page can always execute script regardless of preferences and does not have chrome privs. r=dveditz a=darin 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@201166 18797224-902f-48f8-a5cc-f745e15eee43
 2006-06-28 23:46:36 +00:00
bzbarsky%mit.edu
ec28d0d916 Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr+branch181+a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@195331 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-25 03:28:29 +00:00
bzbarsky%mit.edu
1997e5d8c4 Check rv before looking at port. Bug 334210, r+sr+branch181=jst 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@194554 18797224-902f-48f8-a5cc-f745e15eee43
 2006-04-17 23:19:54 +00:00
gavin%gavinsharp.com
1f93ea1255 Bug 330037: First check if script/data urls are allowed, patch by Martijn Wargers <martijn.martijn@gmail.com>, r+a181=dveditz, sr=bzbarsky 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@192894 18797224-902f-48f8-a5cc-f745e15eee43
 2006-03-24 01:26:44 +00:00
bzbarsky%mit.edu
d2e3151abb Followup fix for bug 307867 -- make sure to update our pointers to hashtable entries when the entries move. r=dveditz, sr=brendan, a=dveditz, branch181=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@191140 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-24 05:13:51 +00:00
bzbarsky%mit.edu
115c5b6fae Fix bug 325991 -- spinning event queues requires more care. r=jst, sr=shaver, a=dveditz 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@190312 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-16 23:49:29 +00:00
jst%mozilla.jstenback.com
2b42496a86 Fixing bug 313373. Pass *vp through untouched to the checkAccess hook when checking for write access. r=mrbkap@gmail.com, sr=brendan@mozilla.org, a=mtschrep@gmail.com 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@182939 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-25 00:40:48 +00:00
mrbkap%gmail.com
fde0343fbc bug 312124: Make Subsume treat about:blank principals as being weaker than other, non-about:blank principals, since that's how other code treats them. r=caillon sr=brendan a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@182416 18797224-902f-48f8-a5cc-f745e15eee43
 2005-10-17 21:40:50 +00:00
bzbarsky%mit.edu
080f8ab910 Make wildcards work for the default policy too. Bug 307867, r=caillon, 
sr=dveditz, a=asa


git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@181320 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-30 20:45:22 +00:00
dbaron%dbaron.org
2976bcffbe Improve consistency of conversion from about URI to about module. b=306261 r=darin sr=bzbarsky a=me 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@180175 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-14 04:18:36 +00:00
bzbarsky%mit.edu
77e3a90e2c Remove the security.checkloaduri preference. Please to be using the 
checkloaduri CAPS policy instead, since that's less likely to let you shoot
yourself in the foot. Bug 307382, r=caillon, sr=dveditz, a=asa


git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@180085 18797224-902f-48f8-a5cc-f745e15eee43
 2005-09-13 01:34:10 +00:00
dougt%meer.net
9a92420ef6 Bug 302284. add xpi hash support to InstallTrigger.install(). r=dveditz, sr=shaver, a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@179031 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-26 06:46:21 +00:00
peterv%propagandism.org
140397106e Fix for bug 290100 (XMLHttpRequest affected by document.domain setting). r=caillon, sr=brendan, a=brendan. 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@178938 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-25 12:44:59 +00:00
gavin%gavinsharp.com
3213d22568 Bug 298823: JAR URIs (and other types missing the host part) are not properly handled by nsScriptSecurityManager::LookupPolicy(), patch by Giorgio Maone <g.maone@informaction.com>, r=caillon, sr=dveditz, a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@178828 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-24 19:30:42 +00:00
mconnor%steelgryphon.com
9a83c622a5 bug 300830 - new error page (about:neterror) can load privileged about: urls, patch by dveditz, r=bsmedberg, sr=shaver, a=asa 
git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@178593 18797224-902f-48f8-a5cc-f745e15eee43
 2005-08-22 05:06:15 +00:00
bzbarsky%mit.edu
55a6daf516 Comment-only fixes I forgot to make. Bug 240661. 
git-svn-id: svn://10.0.0.236/trunk@176464 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
310bcc516c Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176283 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-19 21:55:36 +00:00
bsmedberg%covad.net
2d3b479c81 Bug 292624 - XUL error pages should not have chrome privileges, r=darin sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@176101 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-14 17:46:55 +00:00
brendan%mozilla.org
15ddfa152d Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 
git-svn-id: svn://10.0.0.236/trunk@175859 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-08 23:26:36 +00:00
timeless%mozdev.org
fa1982b341 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@175300 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-29 16:29:49 +00:00
mconnor%steelgryphon.com
a1c7b393fd bug 293424 - block about: from content to remove a potential attack vector, r+sr=brendan, a=brendan/jay 
git-svn-id: svn://10.0.0.236/trunk@174689 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-16 08:30:11 +00:00
jst%mozilla.jstenback.com
eb78ffdb84 Fixing part of bug 296397. Removing bogus assertion. r=shaver@mozilla.org, sr+a=brendan@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@174335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-09 01:11:21 +00:00
timeless%mozdev.org
9d96e20c00 Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa


git-svn-id: svn://10.0.0.236/trunk@174245 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-07 21:57:56 +00:00
dougt%meer.net
c3e3eda0f8 Add a scriptable hash function API. basically what this does is moves the hashing function out of the nsISignatureVerifier.idl and creates a new interface nsICryptoHash which is scriptable. Because of this change, we needed to fix up all of the call sites. r=darin, sr=dveditz, a=shaver 
git-svn-id: svn://10.0.0.236/trunk@173927 18797224-902f-48f8-a5cc-f745e15eee43
 2005-06-01 16:06:53 +00:00
dbaron%dbaron.org
e2f3b63eb9 Fix bug 293671. r=caillon sr=dveditz a=asa 
git-svn-id: svn://10.0.0.236/trunk@173335 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:26:41 +00:00
dbaron%dbaron.org
87a51ef2c0 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 
git-svn-id: svn://10.0.0.236/trunk@173334 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:20:07 +00:00
brendan%mozilla.org
8a855528ea Fix comment from last night to match today's code. 
git-svn-id: svn://10.0.0.236/trunk@173040 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 18:58:24 +00:00
brendan%mozilla.org
36aee01960 Undo gist of last change for now, it breaks too much even though it's safer. 
git-svn-id: svn://10.0.0.236/trunk@173037 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 16:19:31 +00:00
brendan%mozilla.org
8695afc4e4 Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@173030 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
3ef1503a5f Fix crashes when privilegeManager methods are called by setting our our param 
on success return.  Bug 289991 and bug 289925, r=caillon, sr=dbaron, a=dbaron


git-svn-id: svn://10.0.0.236/trunk@172019 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-12 05:13:26 +00:00
bzbarsky%mit.edu
527175c5da Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa


git-svn-id: svn://10.0.0.236/trunk@171945 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
01efe388a9 Revert kludge, want a general fix. 
git-svn-id: svn://10.0.0.236/trunk@171865 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
41903388e1 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 
git-svn-id: svn://10.0.0.236/trunk@171838 18797224-902f-48f8-a5cc-f745e15eee43
 2005-04-07 02:22:24 +00:00
timeless%mozdev.org
43edd35b64 Bug 239967 prototype for nsScriptSecurityManager::GetPrincipalFromContext is wrong 
r=dveditz sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@171311 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-29 03:12:12 +00:00
bryner%brianryner.com
d73c7fa274 Inline access to XPCWrappedNative's nsISupports pointer, with do_QueryWrappedNative nsCOMPtr helper (bug 285404). r=jst, sr=darin. 
git-svn-id: svn://10.0.0.236/trunk@170483 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-10 00:39:28 +00:00
gandalf%firefox.pl
614ee4af8e bug 279768: Bring build system to work with --enable-ui-locale; r=bsmedberg; a=doron on webservices move 
git-svn-id: svn://10.0.0.236/trunk@170385 18797224-902f-48f8-a5cc-f745e15eee43
 2005-03-08 17:21:36 +00:00
bsmedberg%covad.net
fc4099e666 Bug 281414 - global s/nsIPrefBranchInternal/nsIPrefBranch2/ rs=darin (did not change backwards-compatible code in extensions/irc extensions/venkman or extensions/inspector) 
git-svn-id: svn://10.0.0.236/trunk@169868 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-25 20:46:35 +00:00
bzbarsky%mit.edu
f661fbfa84 Remove special-casing so non-chrome-principal pages, even with chrome: uris, 
can have script disabled as needed.  Bug 280120, r=peterv, sr=neil


git-svn-id: svn://10.0.0.236/trunk@169613 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-22 21:18:31 +00:00
cbiesinger%web.de
36df735fb8 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@168870 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-06 12:39:31 +00:00
jshin%mailaps.org
3ad995326c bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@168696 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
ceee542316 Add about:license and about:licence and make about: link to them. Bug 256945, 
r=gerv, sr=darin


git-svn-id: svn://10.0.0.236/trunk@168206 18797224-902f-48f8-a5cc-f745e15eee43
 2005-01-23 21:02:36 +00:00