Commit Graph

49 Commits

Author SHA1 Message Date
vidur%netscape.com
79c210a6b9 Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 2000-06-23 14:32:38 +00:00
joki%netscape.com
786f234766 Part of fix for 38117, prevent scripts from running event handlers on windows from other domains. r:mstoltz 2000-06-21 00:21:50 +00:00
warren%netscape.com
512c8bf433 Renaming nsIAllocator to nsIMemory (and nsAllocator to nsMemory). API cleanup/freeze. Bug #18433 2000-06-03 09:46:12 +00:00
mstoltz%netscape.com
11718e9f56 Removing archive attribute from nsCertificatePrincipal. This will not be used. 2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
e0fc50a6d4 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
74488c46a3 Removed dependency of libjar on psm-glue, bug 36853. Fixed out parameter type problem in PSMComponent::HashEnd 2000-05-10 01:49:33 +00:00
mstoltz%netscape.com
ad755522c3 Added archive attribute to nsICertificatePrincipal...part of fix for 37481. 2000-05-01 23:39:51 +00:00
mstoltz%netscape.com
9bb975256e Fixes for 27010, 32878, and 32948. 2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
57feeae5ec Backing out changes until I can figure out why it's crashing on startup. 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
62bffdd26e Fixes for bugs 27010, 32878, 32948. 2000-04-23 20:30:29 +00:00
norris%netscape.com
e356de6476 Fix
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
2000-04-14 03:14:53 +00:00
mstoltz%netscape.com
efa5624e14 Fixed bug 30915 using nsAggregatePrincipal. r=norris 2000-03-31 00:31:18 +00:00
norris%netscape.com
7d053b70b0 Adding nsAggregatePrincipal support. r=norris 2000-03-21 04:05:35 +00:00
norris%netscape.com
060e388a6b Files:
caps/idl/nsICertificatePrincipal.idl
	caps/idl/nsIPrincipal.idl
	caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com

Files:
	caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com

Files:
	caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com

Files:
	dom/public/nsDOMPropEnums.h
	dom/public/nsDOMPropNames.h
	dom/src/base/nsGlobalWindow.cpp
	modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com

Files:
	dom/src/base/nsJSUtils.cpp
	dom/src/base/nsJSUtils.h
	dom/src/base/nsJSEnvironment.cpp
	dom/tools/JSStubGen.cpp
	layout/base/src/nsDocument.cpp
	layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com

Files:
	layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
2000-03-11 06:32:42 +00:00
norris%netscape.com
d64387736b Fix 28612 META Refresh allowed in Mail/News
r=mstoltz,a=jar
Fix 28658 File upload vulnerability
r=vidur,a=jar
2000-02-23 22:34:40 +00:00
norris%netscape.com
2b4b436f5f Fix 25062 Reload vulnerability
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
norris%netscape.com
c04c4d51f9 Fix bug #25864 watch() vulnerability
r=vidur,rogerl
2000-02-02 00:22:58 +00:00
mstoltz%netscape.com
5014545a00 Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 2000-01-18 21:54:01 +00:00
jband%netscape.com
ef9c82db1e Landing big set of DOM and XPConnect changes:
DOM: getting rid of JS_GetContextPrivate wherever possible. Use static parent
links where we can. When we do need to find this info about the caller
we call a function that knows how to get that info rather than inline calls
to JS_GetContextPrivate. This is all required for calling DOM objects on
non-DOM JSContexts as we do via xpconnect.

XPConnect: basic refactoring work to disassociate wrappers from the JSContext
that was active when the wrapper was constructed. This allows for calling into
wrapped JS objects on the right JSContext and for proper grouping of wrapped
native objects so that they can share proto objects. This also allows for
better sharing of objects and lays the foundations for threadsafety and
interface flattening.

Also, xpconnect tests are reorganized and improved.

fixes bugs: 13419, 17736, 17746, 17952, 22086

r=vidur r=mccabe r=norris r=cbegle
a=chofmann
1999-12-18 20:29:29 +00:00
norris%netscape.com
d89d87531c Fix
20257 unable to edit existing images in editor due to JS error
	19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
1999-12-01 22:23:22 +00:00
norris%netscape.com
51842ef45e Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.

I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.

Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.

r=joki

There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.

r=jband
1999-11-25 05:28:18 +00:00
norris%netscape.com
24778bda71 Modify generated dom code to use a enum rather than a string for codesize
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
norris%netscape.com
5b4b0169aa * Fix 12124 [DOGFOOD] Reading user's preferences
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
norris%netscape.com
7cd400a26f * Fix the following bugs by tightening the default security policy.
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org
142ac52eaf updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
norris%netscape.com
e5c170a049 work on bug 7270.
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
warren%netscape.com
f50d3df7c0 Added nsIChannel::GetOriginalURI so that we can get back to the original chrome file (bug#17144). r=rpotts,mscott 1999-10-26 09:16:24 +00:00
norris%netscape.com
c99b609910 Add ability to disable JS. Fix 13978 shopping at webvan.com crashes 1999-09-17 20:13:52 +00:00
norris%netscape.com
9acf604770 Add security support for javascript: uris. 1999-09-15 20:58:41 +00:00
norris%netscape.com
0865f1cdaa Create preferences for security checks.
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
1999-09-15 04:05:43 +00:00
norris%netscape.com
6ce2283719 Remove unused files. 1999-09-13 20:10:24 +00:00
norris%netscape.com
dcf88dfe3b Fix build breakage: full #include needed. 1999-09-07 21:26:56 +00:00
norris%netscape.com
eb23e76298 Fix bug 13253.
Enable restrictions on use of Components array from web JavaScript.
1999-09-07 20:40:20 +00:00
briano%netscape.com
51d59f6f69 Cleaned it up and eliminated the pointless #!gmake. 1999-09-01 23:27:16 +00:00
norris%netscape.com
91d105de8f nsIPrincipalManager.idl removed. 1999-09-01 01:34:11 +00:00
norris%netscape.com
ec9d253f50 Add all-powerful system principals. Remove some dead code from the build. 1999-09-01 00:54:35 +00:00
joki%netscape.com
155255be20 Adding new flag to the security check calls out of the DOM generated JS files. 1999-08-31 14:23:55 +00:00
norris%netscape.com
d8507f844e * clean up nsScriptSecurityManager
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
1999-08-29 21:58:42 +00:00
arielb%netscape.com
1b252b2e3b includes updates to codbase matching security checks currently turned off
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.
1999-08-20 09:51:02 +00:00
arielb%netscape.com
1125dac5c8 removing public directory for good. fixed up nsPrivilegeManager.cpp 1999-08-08 21:04:16 +00:00
arielb%netscape.com
a1d83223f4 added a new and improved factory to caps module. fixed some bugs and
cleared some warnings.  also move some methods of privilege manager to
principal manager.
1999-08-06 22:44:35 +00:00
arielb%netscape.com
0d16b83058 add a principal manager to caps api. everything is now xpidled so
i removed the public directory from the module.
1999-08-01 21:26:02 +00:00
arielb%netscape.com
387cbc374e xpidling and updating nsTarget object. should resolve build errors on
SeaMonkey Ports
1999-07-28 05:43:26 +00:00
briano%netscape.com
007ea62765 Cleaned it up and changed the name of libreg.{a,so} to libmozreg.{a,so} to fix the conflict reported in bug 8568. 1999-07-27 23:27:44 +00:00
arielb%netscape.com
d00edf950d removed some enums and migrated them into nsPrivilege, nsIPrivilege and
nsPrivilegemanager. cleaning up some old code from the security module
and refining their api's and such like.
1999-07-27 00:50:59 +00:00
arielb%netscape.com
8dad60d09d Fix to the caps security module. I removed the nsPrincipal struct, from now
on you can access principals by their xpcomed interface nsIPrincipal.
1999-07-24 03:58:23 +00:00
sspitzer%netscape.com
0fe0bc29cd ignore the generated Makefile 1999-07-18 00:26:01 +00:00
arielb%netscape.com
587d04c222 idled principals interfaces and some fixes to caps manager... 1999-07-16 20:31:18 +00:00
norris%netscape.com
f64740e501 Move several security files into idl. (Create idl directory in caps module.)
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
1999-07-15 23:23:16 +00:00