91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
git-svn-id: svn://10.0.0.236/trunk@100964 18797224-902f-48f8-a5cc-f745e15eee43
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
git-svn-id: svn://10.0.0.236/trunk@100226 18797224-902f-48f8-a5cc-f745e15eee43
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com
Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com
git-svn-id: svn://10.0.0.236/trunk@95378 18797224-902f-48f8-a5cc-f745e15eee43
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
git-svn-id: svn://10.0.0.236/trunk@65290 18797224-902f-48f8-a5cc-f745e15eee43
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
git-svn-id: svn://10.0.0.236/trunk@60281 18797224-902f-48f8-a5cc-f745e15eee43
858 [Feature] JavaScript auto-disable per-domain RFE
13023 Users must be able to disable Java and JavaScript (for JS in mail)
21923 Executing functions in "chrome:" protocol - #2.
r=mstoltz
(Checked in with red on Mac; Wan-Teh says his changes are localized so
it shouldn't interfere with his fixing bustage.)
git-svn-id: svn://10.0.0.236/trunk@57214 18797224-902f-48f8-a5cc-f745e15eee43
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.
I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.
Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.
r=joki
There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.
r=jband
git-svn-id: svn://10.0.0.236/trunk@54477 18797224-902f-48f8-a5cc-f745e15eee43
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
git-svn-id: svn://10.0.0.236/trunk@53631 18797224-902f-48f8-a5cc-f745e15eee43
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com
* Modify nsIPref to support security policy work.
r=neeti@netscape.com
git-svn-id: svn://10.0.0.236/trunk@53254 18797224-902f-48f8-a5cc-f745e15eee43
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
git-svn-id: svn://10.0.0.236/trunk@45080 18797224-902f-48f8-a5cc-f745e15eee43
but in place. redefined the script security manager in caps and it is
now generating codebase principals.
git-svn-id: svn://10.0.0.236/trunk@43798 18797224-902f-48f8-a5cc-f745e15eee43
