sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
. Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native. If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)
git-svn-id: svn://10.0.0.236/trunk@116124 18797224-902f-48f8-a5cc-f745e15eee43
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
git-svn-id: svn://10.0.0.236/trunk@115457 18797224-902f-48f8-a5cc-f745e15eee43
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
git-svn-id: svn://10.0.0.236/trunk@115356 18797224-902f-48f8-a5cc-f745e15eee43
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
git-svn-id: svn://10.0.0.236/trunk@114853 18797224-902f-48f8-a5cc-f745e15eee43
remove aIgnoreCase parameter from all nsString and nsCString consumers
sr=jag, r=shaver
git-svn-id: svn://10.0.0.236/trunk@113390 18797224-902f-48f8-a5cc-f745e15eee43
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.
git-svn-id: svn://10.0.0.236/trunk@101929 18797224-902f-48f8-a5cc-f745e15eee43
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
git-svn-id: svn://10.0.0.236/trunk@100964 18797224-902f-48f8-a5cc-f745e15eee43
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
git-svn-id: svn://10.0.0.236/trunk@100226 18797224-902f-48f8-a5cc-f745e15eee43
This removes all call-sites I can currently fix. Tomorrow I'll try to get someone to checkin my changes to security/ and I'll get some help with the Netscape side of things.
nsString::GetUnicode()'s final death-blow will be dealt soon. Please keep this in mind as you add new code :-)
git-svn-id: svn://10.0.0.236/trunk@98363 18797224-902f-48f8-a5cc-f745e15eee43
javascript URL links. Two-part fix: moving the call to GetCurrentDocumentOwner
in nsDocShell::LoadInternal to before the target docshell is called, and
changing nsScriptSecurityManager::GetFunctionObjectPrincipal to only get
the principal from the function object's scope chain if the function object's
principal is the system principal. r=jst, sr=vidur, a=asa.
git-svn-id: svn://10.0.0.236/trunk@96045 18797224-902f-48f8-a5cc-f745e15eee43
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com
Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com
git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
URL loading check and give them access to each other. r=pavlov,
sr=brendan. This allows us to turn on the fix (already reviewed)
for 69070.
git-svn-id: svn://10.0.0.236/trunk@95063 18797224-902f-48f8-a5cc-f745e15eee43
r/sr=brendan@mozilla.org. Also fixed a typo in prefs that would have reopened
bug 56009.
git-svn-id: svn://10.0.0.236/trunk@94939 18797224-902f-48f8-a5cc-f745e15eee43
