Luke Wagner
7371ad00ed
Bug 549143 - fatvals
2010-07-14 23:19:36 -07:00
Dan Witte
7c610ca8ac
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
2010-06-08 16:43:54 -07:00
Peter Van der Beken
df91a46a76
Fix for bug 560199 (Link XPConnect and caps into layout). r=jst.
...
--HG--
extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
2010-04-11 15:55:24 +02:00
Sid Stamm
1090529f8c
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
Jonas Sicking
893023f46a
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
Blake Kaplan
7050590b13
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
Blake Kaplan
27e754d4d0
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
Blake Kaplan
79905bec13
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
2009-05-14 15:17:56 -07:00
Blake Kaplan
1942f8e50b
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
Mook
fa1eb8e272
Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz
2009-02-26 18:31:17 +01:00
Dan Mosedale
e4aa8b0d67
Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky
2009-02-17 20:32:57 -08:00
Igor Bukanov
4ecbd37ca7
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 16:16:25 +02:00
Arpad Borsos
c72ef7d248
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 17:04:34 +02:00
Ben Newman
97433a48ab
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 09:16:27 -04:00
Arpad Borsos
5a19e3346c
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-07 00:21:43 +02:00
jonas@sicking.cc
ab63fc8524
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
jonas@sicking.cc
ec7a19c8b9
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
jst@mozilla.org
a4d3a2e2e3
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
jst@mozilla.org
29a96a03b8
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
bzbarsky@mit.edu
94a044f0b1
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
jonas@sicking.cc
28ea51311b
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
myk@mozilla.org
7aff03fc46
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
jonas@sicking.cc
42bbc8327e
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
jst@mozilla.org
892f0acecf
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
benjamin@smedbergs.us
b3e87aa63b
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
jst@mozilla.org
b30b544b5f
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
dveditz@cruzio.com
2940b2f998
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
jwalden@mit.edu
6d7584839a
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
dbaron@dbaron.org
e7bb1b1c38
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
dbaron@dbaron.org
d98d9fdec5
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
bzbarsky%mit.edu
730516b0a1
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
0a3a624149
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
bzbarsky%mit.edu
3aaa1fe7df
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
7e4ec9da94
Followup fix for bug 307867 -- make sure to update our pointers to hashtable
...
entries when the entries move. r=dveditz, sr=brendan
2006-02-24 04:38:46 +00:00
bzbarsky%mit.edu
f8625ded52
Remove dead code. Bug 327171, r=mrbkap, sr=shaver
2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
f02076fb6f
Get principals for XPConnect wrapped natives off their scope instead of walking
...
their parent chain. Add some asserts to check that this actually does give the
same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst
2005-11-16 02:12:21 +00:00
cbiesinger%web.de
9efd50d7d5
Bug 248052 Add a contract ID for a global channeleventsink. Make the
...
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.
This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.
r=darin sr=bz
2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
b29c3a80b9
Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug
...
313157, r=dveditz, sr=jst
2005-10-20 23:49:59 +00:00
bzbarsky%mit.edu
0392b3384b
Comment-only fixes I forgot to make. Bug 240661.
2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
10d1c576d9
Expose the subject name for the cert and an nsISupports pointer to the cert on
...
nsIPrincipal that represents a certificate principal. Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal. Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII. Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
timeless%mozdev.org
831f32feaa
Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop]
...
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
2005-07-19 21:55:36 +00:00
timeless%mozdev.org
2ad41d5c36
Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs
...
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
2005-06-29 16:29:49 +00:00
timeless%mozdev.org
9c0955251d
Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess]
...
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
2005-06-07 21:57:56 +00:00
brendan%mozilla.org
ea9fd4132c
Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).
2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
6d36e81b66
Do less addrefing of principals in the script security manager. Bug 289643,
...
r=caillon, sr=brendan, a=asa
2005-04-10 23:27:07 +00:00
brendan%mozilla.org
bb7b3cd85f
Revert kludge, want a general fix.
2005-04-07 19:48:57 +00:00
brendan%mozilla.org
b02c276f35
Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).
2005-04-07 02:22:24 +00:00
cbiesinger%web.de
92c940aa45
Bug 269661 make libpref not depend on caps
...
r=caillon sr=dveditz
2005-02-06 12:39:31 +00:00
jst%mozilla.jstenback.com
f97343e1ac
Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu
2004-10-15 16:53:35 +00:00
dveditz%cruzio.com
e67c6e5dcf
Improve enablePrivilege confirmation dialog text and presentation, sanity-check
...
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
2004-09-01 07:53:32 +00:00