Commit Graph

393 Commits

Author SHA1 Message Date
mstoltz%netscape.com
3c9f658ac2 Bug 109113 - misplaced #ifdef DEBUG caused fix not to work in opt builds.
Moved #endif to exclude important call. r/sr=jst.
2001-11-27 00:29:20 +00:00
jband%netscape.com
ee23501c42 trivial patch to make what is supposed to be a warning really a warning instead of an assert. rs=jband 2001-11-22 23:26:34 +00:00
peterv%netscape.com
99fc30ce49 Fixing mac debug bustage. Patch suggested by jst, sr=jst. 2001-11-16 10:50:33 +00:00
mstoltz%netscape.com
25276e6b94 Bug 109113, second half of fix. r=jst, sr=brendan. Adding new CheckObjectAccess
callback to enforce the same-origin policy on function.caller.
2001-11-16 06:17:24 +00:00
dbaron%fas.harvard.edu
8cd8d91750 Ensure that string literals are used as |const char*| rather than |char*|. r=jag sr=brendan b=107052 2001-11-07 06:24:10 +00:00
seawood%netscape.com
be10c3b1a8 Backing out fix for remote mach-o builds as it left mach-o builds fragile.
Add TK_CFLAGS back to default CFLAGS/CXXFLAGS.
Bug #107696
2001-11-03 03:29:05 +00:00
seawood%netscape.com
8a2a775382 Since '-framework Carbon' causes binaries to require console access to run, do not link using that flag by default. Otherwise, remote builds & non-console tinderboxes will break. Mac OSX Mach-O only.
Bug #107696 r=mozbot
2001-11-01 00:54:48 +00:00
mstoltz%netscape.com
f634fa73d2 bug 106535, adding the ability to enable codebase principals for a single host
instead of for all hosts. r=vidur, sr=jst.
2001-10-26 23:00:48 +00:00
jaggernaut%netscape.com
45107c0d97 Bug 53057: Fixing up users of implicit |CharT*| conversion operators for nsCString to use |.get()| instead, rr=dbaron, rs=scc 2001-10-25 06:13:52 +00:00
bnesse%netscape.com
73c9a1111f Fix for bug 103883. Add weak ref support for prefs observers to help reduce MLK cycles with preferences. r=ccarlen, darin, gordon, hewitt, mstoltz, srilatha, sspitzer. sr=alecf. 2001-10-22 20:54:48 +00:00
dougt%netscape.com
d18d7e2b17 nsIObserver and nsIObserverService API freeze. r=rpotts@netscape.com, alecf@netscape.com. bug 99163 2001-10-19 20:52:59 +00:00
bzbarsky%mit.edu
8986a0ad12 Make CAPS correctly observe changes to capability.policy prefs. Needed
for having UI for these suckers.  Bug 101150, r=mstoltz,sr=jst
2001-10-02 21:56:51 +00:00
jaggernaut%netscape.com
ca6197295f Bug 100476: Convert uses of member functions ToNewUnicode, ToNewCString and ToNewUTF8String to their global versions and remove support from nsCString and nsString. r=dbaron, rs=scc 2001-09-29 08:28:41 +00:00
gerv%gerv.net
11248436dd License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 2001-09-25 01:03:58 +00:00
gerv%gerv.net
1856815ff1 Oops. 2001-09-20 00:02:59 +00:00
scc%mozilla.org
102170b2a0 bug #98089: ripped new license 2001-09-19 20:09:47 +00:00
jaggernaut%netscape.com
d1a7bfa843 One module per line for REQUIRES. r=/sr=alecf 2001-09-18 22:01:13 +00:00
jaggernaut%netscape.com
dc40187223 Bug 73353: splitting the modules on the REQUIRES lines in Makefile.in across multiple lines to more clearly show the changes made. sr=alecf 2001-09-18 13:41:47 +00:00
alecf%netscape.com
1e0e7dd033 Add REQUIRES to many modules for win32 support, bug 98372 r=cls 2001-09-12 20:32:40 +00:00
jband%netscape.com
14bd719214 attempt to fix HP-UX and and some other Unix bustages. r=cls 2001-08-29 07:24:39 +00:00
mstoltz%netscape.com
3f22e806ad bug 86799, adding support for wildcard security policies of the form
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.
2001-08-29 02:05:48 +00:00
dbaron%fas.harvard.edu
113ad642ae Replace uses of deprecated NS_IMPL_ISUPPORTS and NS_IMPL_QUERYINTERFACE macros with NS_IMPL_{ISUPPORTS,QUERYINTERFACE}{1,0}. r=jag rs=brendan b=45797 2001-08-21 01:48:11 +00:00
sfraser%netscape.com
529028c336 Project cleanup, rs=scc. Don't link with OJI, which is a component. 2001-08-15 23:09:21 +00:00
cls%seawood.org
a3c1dd1b09 Use NS_PTR_TO_INT32 macros to do 64-bit safe pointer conversions.
Bug #20860 r=Roland.Mainz@informatik.med.uni-giessen.de sr=brendan@mozilla.org
2001-08-14 07:59:59 +00:00
mstoltz%netscape.com
880f5907bc 86984 - make history.length sameOrigin-accessible. Security prefs change.
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
2001-08-14 00:18:58 +00:00
brendan%mozilla.org
9e5cfdfda2 Shrink principals struct back to where it was last week -- but it could go further (93043, r=shaver, sr=jst). 2001-08-09 01:15:57 +00:00
brendan%mozilla.org
01d4c02b07 I'm such a C luddite. 2001-08-07 04:45:27 +00:00
brendan%mozilla.org
49c0102cdf Restore scriptable nsIClassInfo.classID but add fast/C++-only classIDNoAlloc; define and use nsIClassInfo::EAGER_CLASSINFO in caps (93792, sr=waterson&jst). 2001-08-07 03:59:29 +00:00
mstoltz%netscape.com
1b5e7659c9 82495 - Support for the view-source protocol in CheckLoadURI
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
2001-08-02 20:32:48 +00:00
brendan%mozilla.org
dbd7fed5b1 FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver. 2001-07-31 19:05:34 +00:00
jaggernaut%netscape.com
e91f8a147e Bug 86734: Remove NS_WITH_SERVICE. r=dbaron, rs=scc, a=asa 2001-07-25 07:54:28 +00:00
jaggernaut%netscape.com
cb0faab070 Bug 73353: clean up the REQUIRES lines in Makefiles. 2001-07-23 22:36:12 +00:00
dbaron%fas.harvard.edu
aa4fec2b67 Header include dependency cleanup. b=64023 r=jag rs=brendan 2001-07-16 02:40:48 +00:00
mstoltz%netscape.com
f3d9b0caa1 Bug 77485 - defining a function in another window using a targeted javascript:
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
2001-07-13 07:08:26 +00:00
jaggernaut%netscape.com
5a6317b8a5 Bug 88413: Remove |GetUnicode()| from nsString (and replace it with |get()|). r=dbaron, rs=scc.
This removes all call-sites I can currently fix. Tomorrow I'll try to get someone to checkin my changes to security/ and I'll get some help with the Netscape side of things.

nsString::GetUnicode()'s final death-blow will be dealt soon. Please keep this in mind as you add new code :-)
2001-06-30 11:02:25 +00:00
mstoltz%netscape.com
f4de90c798 86019 - Change stack-walking code in caps to keep functions from inheriting privileges
from their caller. r=jesse@netscape.com, sr=jst@netscape.com, a=asa@mozilla.org, PDT+

86982 - Add same-origin security check to XMLDocument::Load(). r,a=blizzard@mozilla.org,
sr=jst@netscape.com

84191 - Fixing regression in Open URL dialog by not calling CheckLoadURI when it isn't
needed. r=cmanske@netscape.com, sr=sfraser@netscape.com, a=asa@mozilla.org
2001-06-22 02:08:10 +00:00
waterson%netscape.com
b74d6e1c8b Land STATIC_BUILD_20010612_BRANCH, which supports building mozilla with components statically linked into the executable, as well as 'meta modules' that combine components into uber-DLLs. 2001-06-20 20:21:49 +00:00
dbaron%fas.harvard.edu
9d35ed31a4 Fix bad getters on nsIDocument and nsIScriptContext to use out params rather than return |AddRef|ed pointers. b=81289 r=jaggernaut sr=jst a=asa 2001-06-20 03:27:48 +00:00
scc%mozilla.org
a8fb409c6e bug #85271: sr=waterson, r={beard, jag, dbaron}, a=asa. Eliminate features of |nsXPIDLC?String| that keep it out of the string hierarchy (i.e., using assigment to rebind ownership, static |Copy| members, and |getter_Shares|), fixing some leaks in the process. 2001-06-17 05:23:38 +00:00
mstoltz%netscape.com
d6e2839371 bug 77485 - exploit inserting a function into another window using targeted
javascript URL links. Two-part fix: moving the call to GetCurrentDocumentOwner
in nsDocShell::LoadInternal to before the target docshell is called, and
changing nsScriptSecurityManager::GetFunctionObjectPrincipal to only get
the principal from the function object's scope chain if the function object's
principal is the system principal. r=jst, sr=vidur, a=asa.
2001-05-30 02:22:22 +00:00
ddrinan%netscape.com
24e6ca57c8 PCKS7 implementation for signed JS. Bug# 82227 r=mstoltz@netscape.com,sr=blizzard@mozilla.org,a=blizzard@mozilla.org 2001-05-23 22:06:43 +00:00
mstoltz%netscape.com
8c0cd58b30 Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
678b80f10b Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
11f7b8f900 Bug 47905 - adding security check for XMLHttpRequest.open.
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com
2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
f9c13993e0 Fixing bug 78831 - treat chrome and resource URLs the same in the
URL loading check and give them access to each other. r=pavlov,
 sr=brendan. This allows us to turn on the fix (already reviewed)
for 69070.
2001-05-15 22:47:21 +00:00
mstoltz%netscape.com
6758786117 *** empty log message *** 2001-05-15 06:43:12 +00:00
mstoltz%netscape.com
475bbed189 bug 79445, fixing crash with some event handlers (null pointer dereference)
r/sr=brendan@mozilla.org. Also fixed a typo in prefs that would have reopened
bug 56009.
2001-05-15 04:44:54 +00:00
mstoltz%netscape.com
4e73efe1f2 bug 79916 - was using | instead of &, causing a security hole. r=jband, sr=brendan. 2001-05-11 00:53:21 +00:00
mstoltz%netscape.com
59c995612e Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com,
sr=brendan@mozilla.org
2001-05-11 00:43:27 +00:00
dmose%netscape.com
ac5e8e044c more REQUIRES bustage fixing for senna; unicharutil dependency has been introduced because caps wants nsIDocShell which wants nsIPresContext 2001-05-10 18:48:46 +00:00