Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
213,413 Commits 3,986 Branches 0 Tags
Commit Graph

81 Commits

Author SHA1 Message Date
mrbkap%gmail.com
dbea1036d8 Minimal fix for bug 504021. r=jst a=dveditz 
git-svn-id: svn://10.0.0.236/trunk@259482 18797224-902f-48f8-a5cc-f745e15eee43
 2010-01-27 01:21:43 +00:00
mrbkap%gmail.com
a3d3acbb16 Bug 460882. r+sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@257562 18797224-902f-48f8-a5cc-f745e15eee43
 2009-06-24 02:30:25 +00:00
jonas%sicking.cc
f8cd3459d9 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 
git-svn-id: svn://10.0.0.236/trunk@250472 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-18 17:35:57 +00:00
jonas%sicking.cc
9fce957868 Bug 425201: Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@249871 18797224-902f-48f8-a5cc-f745e15eee43
 2008-04-09 00:38:13 +00:00
bzbarsky%mit.edu
e0b620b5fe Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the 
checks they really want to be doing.  Fix screw-up in nsPrincipal::Equals if
one principal has a cert and the other does not.  Bug 418996, r=mrbkap,dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@248133 18797224-902f-48f8-a5cc-f745e15eee43
 2008-03-18 21:14:50 +00:00
jst%mozilla.org
6bcb42d7c6 Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 
git-svn-id: svn://10.0.0.236/trunk@242383 18797224-902f-48f8-a5cc-f745e15eee43
 2008-01-04 23:59:12 +00:00
jonas%sicking.cc
5233d883cd bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 
git-svn-id: svn://10.0.0.236/trunk@238237 18797224-902f-48f8-a5cc-f745e15eee43
 2007-10-27 01:46:11 +00:00
bzbarsky%mit.edu
e369c02a93 Make security manager API more useful from script. Make more things 
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst


git-svn-id: svn://10.0.0.236/trunk@228234 18797224-902f-48f8-a5cc-f745e15eee43
 2007-06-18 15:12:09 +00:00
bzbarsky%mit.edu
43d470b66b Make the redirect check get principals the same way we get them elsewhere. 
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking


git-svn-id: svn://10.0.0.236/trunk@215685 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-22 18:27:54 +00:00
bzbarsky%mit.edu
d9cf9faf6c Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 
git-svn-id: svn://10.0.0.236/trunk@215290 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
3f520eaa49 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin


git-svn-id: svn://10.0.0.236/trunk@215130 18797224-902f-48f8-a5cc-f745e15eee43
 2006-11-10 23:49:08 +00:00
bzbarsky%mit.edu
bf296918cd Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 
git-svn-id: svn://10.0.0.236/trunk@208054 18797224-902f-48f8-a5cc-f745e15eee43
 2006-08-21 22:15:20 +00:00
bzbarsky%mit.edu
f1e9911556 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@190358 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
71dde5ebcd Backing out since tree is closed. 
git-svn-id: svn://10.0.0.236/trunk@190330 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
c8f8cb26e0 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@190329 18797224-902f-48f8-a5cc-f745e15eee43
 2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu
354647c8df Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg


git-svn-id: svn://10.0.0.236/trunk@176458 18797224-902f-48f8-a5cc-f745e15eee43
 2005-07-22 19:05:42 +00:00
dbaron%dbaron.org
87a51ef2c0 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 
git-svn-id: svn://10.0.0.236/trunk@173334 18797224-902f-48f8-a5cc-f745e15eee43
 2005-05-12 18:20:07 +00:00
jshin%mailaps.org
3ad995326c bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 
git-svn-id: svn://10.0.0.236/trunk@168696 18797224-902f-48f8-a5cc-f745e15eee43
 2005-02-02 07:17:53 +00:00
bzbarsky%mit.edu
dce306232a Add a version of CheckLoadURI that takes a source principal instead of a source 
URI.  Update a bunch of callers to use it.  Bug 233108, r=caillon, sr=dveditz


git-svn-id: svn://10.0.0.236/trunk@155487 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-25 16:55:27 +00:00
gerv%gerv.net
98831918fc Bug 236613: change to MPL/LGPL/GPL tri-license. 
git-svn-id: svn://10.0.0.236/trunk@155044 18797224-902f-48f8-a5cc-f745e15eee43
 2004-04-17 21:52:36 +00:00
neil%parkwaycc.co.uk
8619f5bc53 Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 
git-svn-id: svn://10.0.0.236/trunk@150538 18797224-902f-48f8-a5cc-f745e15eee43
 2003-12-19 21:51:37 +00:00
caillon%returnzero.com
c1914505cb Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst


git-svn-id: svn://10.0.0.236/trunk@148229 18797224-902f-48f8-a5cc-f745e15eee43
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
53924f1a53 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 
git-svn-id: svn://10.0.0.236/trunk@147382 18797224-902f-48f8-a5cc-f745e15eee43
 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
d55b44719f Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann


git-svn-id: svn://10.0.0.236/trunk@146256 18797224-902f-48f8-a5cc-f745e15eee43
 2003-08-22 03:06:53 +00:00
caillon%returnzero.com
cd46cbbaad Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)


git-svn-id: svn://10.0.0.236/trunk@145137 18797224-902f-48f8-a5cc-f745e15eee43
 2003-07-24 05:15:20 +00:00
dougt%meer.net
e70ad5a847 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143054 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:56:38 +00:00
dougt%meer.net
43e230ebe2 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 
git-svn-id: svn://10.0.0.236/trunk@143053 18797224-902f-48f8-a5cc-f745e15eee43
 2003-05-29 21:51:34 +00:00
mstoltz%netscape.com
51f2a63b0c Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.


git-svn-id: svn://10.0.0.236/trunk@132679 18797224-902f-48f8-a5cc-f745e15eee43
 2002-10-30 03:15:59 +00:00
sicking%bigfoot.com
9f524ba3a3 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa


git-svn-id: svn://10.0.0.236/trunk@126081 18797224-902f-48f8-a5cc-f745e15eee43
 2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
3cba7a04ae 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc


git-svn-id: svn://10.0.0.236/trunk@123373 18797224-902f-48f8-a5cc-f745e15eee43
 2002-06-14 23:54:18 +00:00
mstoltz%netscape.com
083b598d3c A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.


git-svn-id: svn://10.0.0.236/trunk@116958 18797224-902f-48f8-a5cc-f745e15eee43
 2002-03-20 05:53:46 +00:00
mstoltz%netscape.com
c4499c97cc Bug 127938 - chrome scripts should be exempt from the security check put in for 
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.


git-svn-id: svn://10.0.0.236/trunk@115457 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
7eb98a9eb6 partially backing out my last change - weird dependency problem 
git-svn-id: svn://10.0.0.236/trunk@115357 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
66acb67330 32571, present confirmation dialog before allowing scripts to close windows. 
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.


git-svn-id: svn://10.0.0.236/trunk@115356 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-26 04:50:21 +00:00
mcafee%netscape.com
60dc31b4b8 Backing out mstoltz. r=dbaron,jrgm 
git-svn-id: svn://10.0.0.236/trunk@114882 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
ebb6dc6f70 Bug 105050 - return null window.opener to scripts if opener is a mail window. 
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@114853 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-19 01:09:45 +00:00
mstoltz%netscape.com
904896ca95 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@114377 18797224-902f-48f8-a5cc-f745e15eee43
 2002-02-13 04:20:46 +00:00
gerv%gerv.net
4c7ac5dfa4 License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 
git-svn-id: svn://10.0.0.236/trunk@103674 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-25 01:03:58 +00:00
gerv%gerv.net
ae1d5501a1 Oops. 
git-svn-id: svn://10.0.0.236/trunk@103236 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-20 00:02:59 +00:00
scc%mozilla.org
52c8d09e03 bug #98089: ripped new license 
git-svn-id: svn://10.0.0.236/trunk@103219 18797224-902f-48f8-a5cc-f745e15eee43
 2001-09-19 20:09:47 +00:00
mstoltz%netscape.com
fd211023d2 Bug 77485 - defining a function in another window using a targeted javascript: 
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.


git-svn-id: svn://10.0.0.236/trunk@99171 18797224-902f-48f8-a5cc-f745e15eee43
 2001-07-13 07:08:26 +00:00
mstoltz%netscape.com
a8b60368de Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 
git-svn-id: svn://10.0.0.236/trunk@95481 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
b684f8fcbc Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 
git-svn-id: svn://10.0.0.236/trunk@95401 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
55577f536b Bug 47905 - adding security check for XMLHttpRequest.open. 
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com


git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
28f5530d9c Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com, 
sr=brendan@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@94546 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-11 00:43:27 +00:00
jst%netscape.com
9d299d36ce Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 
git-svn-id: svn://10.0.0.236/trunk@94238 18797224-902f-48f8-a5cc-f745e15eee43
 2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
452a43cfc9 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538). 
r=beard, sr=hyatt


git-svn-id: svn://10.0.0.236/trunk@92480 18797224-902f-48f8-a5cc-f745e15eee43
 2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
6079a31c93 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi. 
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.


git-svn-id: svn://10.0.0.236/trunk@90195 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
0932f41358 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 
git-svn-id: svn://10.0.0.236/trunk@88336 18797224-902f-48f8-a5cc-f745e15eee43
 2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
5b27bdf415 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan. 
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan


git-svn-id: svn://10.0.0.236/trunk@82368 18797224-902f-48f8-a5cc-f745e15eee43
 2000-11-07 01:14:08 +00:00