Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
47,625 Commits 3,986 Branches 0 Tags
Commit Graph

11 Commits

Author SHA1 Message Date
norris%netscape.com
f77a65d9d4 Modify generated dom code to use a enum rather than a string for codesize 
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz


git-svn-id: svn://10.0.0.236/trunk@54051 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-20 07:28:34 +00:00
norris%netscape.com
331cf153db * Fix 12124 [DOGFOOD] Reading user's preferences 
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law


git-svn-id: svn://10.0.0.236/trunk@53631 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-16 05:07:31 +00:00
norris%netscape.com
d83622d4ac * Fix the following bugs by tightening the default security policy. 
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com


git-svn-id: svn://10.0.0.236/trunk@53254 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-11 22:10:36 +00:00
dmose%mozilla.org
0efb7c174c updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 
git-svn-id: svn://10.0.0.236/trunk@52910 18797224-902f-48f8-a5cc-f745e15eee43
 1999-11-06 03:43:54 +00:00
norris%netscape.com
a825f1738a work on bug 7270. 
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.


git-svn-id: svn://10.0.0.236/trunk@52128 18797224-902f-48f8-a5cc-f745e15eee43
 1999-10-28 22:09:03 +00:00
norris%netscape.com
761b5f5706 Add ability to disable JS. Fix 13978 shopping at webvan.com crashes 
git-svn-id: svn://10.0.0.236/trunk@47995 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-17 20:13:52 +00:00
norris%netscape.com
4e8768c593 * Add checks on urls formed from web scripts 
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings


git-svn-id: svn://10.0.0.236/trunk@46152 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-07 02:54:19 +00:00
norris%netscape.com
34b474302b Add all-powerful system principals. Remove some dead code from the build. 
git-svn-id: svn://10.0.0.236/trunk@45380 18797224-902f-48f8-a5cc-f745e15eee43
 1999-09-01 00:54:35 +00:00
norris%netscape.com
3a6d863c13 * clean up nsScriptSecurityManager 
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments


git-svn-id: svn://10.0.0.236/trunk@45080 18797224-902f-48f8-a5cc-f745e15eee43
 1999-08-29 21:58:42 +00:00
mccabe%netscape.com
0d087a7447 Spam caps subtree to replace declarations of IDL-defined interface methods in implementation classes with xpidl-generated NS_DECL_NSIFOO macro. 
git-svn-id: svn://10.0.0.236/trunk@44018 18797224-902f-48f8-a5cc-f745e15eee43
 1999-08-21 20:22:27 +00:00
arielb%netscape.com
ad40dbfcd5 includes updates to codbase matching security checks currently turned off 
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.


git-svn-id: svn://10.0.0.236/trunk@43798 18797224-902f-48f8-a5cc-f745e15eee43
 1999-08-20 09:51:02 +00:00