Commit Graph

449 Commits

Author SHA1 Message Date
rginda%netscape.com
c1745c244e bug 191773, r=mstoltz, a=dbaron@dbaron.org
only allow x-jsd: urls from chrome: and resource:
2003-02-05 01:27:56 +00:00
seawood%netscape.com
5c6983cb86 Whitespace change to trigger rebuild of libs that depend upon zlib. 2003-01-30 05:53:29 +00:00
bryner%netscape.com
da1893e985 fixing IRIX bustage (^M's from mstoltz's checkin) 2003-01-25 03:58:38 +00:00
mstoltz%netscape.com
366a456693 Bug 189799 - Ignore username:password portion of URL when making URL comparisons for security. r=heikki, sr=jst, a=asa 2003-01-25 01:43:37 +00:00
sfraser%netscape.com
ba78e7bec4 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 2003-01-17 02:00:01 +00:00
sfraser%netscape.com
1c574be034 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. 2003-01-17 01:00:15 +00:00
dbaron%dbaron.org
48544669f3 Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it's no longer needed. r=timeless sr=jag 2003-01-08 19:24:38 +00:00
caillon%returnzero.com
6d92f9bd32 184257 - Updating pref callers. r=timeless sr=bzbarsky 2003-01-08 08:40:41 +00:00
seawood%netscape.com
d5efcdfb6d Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
alecf%netscape.com
df10f648b8 take two at fixing bug 177401 - convert nsIBinaryStream over to using nsAString/nsACString for string values, to speed up fastload
sr=darin, r=dougt
(the previous checkin had a typo which disabled fastload entirely!)
2002-11-14 18:16:31 +00:00
alecf%netscape.com
0a48c10053 argh, back out my last checkin because Ts went UP not down! 2002-11-09 01:31:32 +00:00
alecf%netscape.com
4721428275 fix for bug 177401 - use nsAString& classes instead of wstring in nsIBinaryInputStream, to speed up fastload startup
sr=darin, r=dougt
2002-11-08 23:30:53 +00:00
mstoltz%netscape.com
d0f045a722 Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
sspitzer%netscape.com
b7337fe62b fix for #168136. r=mstoltz, sr=dveditz.
for pref controlled schemes, allow access if source scheme is chrome or res.
needed for the new "view filter log UI".
2002-09-12 20:27:07 +00:00
dougt%netscape.com
68faeb5241 166917. Clean up xpcom SDK includes. r=rpotts@netscape.com, sr=alecf@netscape.com, a=rjesup@wgate.com 2002-09-07 17:13:19 +00:00
jkeiser%netscape.com
32844f7719 Make anonymous content inaccessible to web content (bug 164086), r=sicking@bigfoot.com, sr=jst@netscape.com 2002-08-29 04:05:39 +00:00
bbaetz%student.usyd.edu.au
e1742b6500 Backing out jkeiser's checkin for bug 164086 (not bug 96537) because he
left a file out, and the tree turned red....
2002-08-28 10:13:28 +00:00
jkeiser%netscape.com
8aa6968431 Make anonymous content inaccessible to web content (bug 96537), r=sicking@bigfoot.com, sr=jst@netscape.com 2002-08-28 08:19:43 +00:00
henry.jia%sun.com
227be5af9c Fix bug 159889: replace the hardcode of "@mozilla.org/preferences;1" with NS_PREF_CONTRACTID
Patch by leon.zhang@sun.com
r=Henry, sr=alecf
2002-08-19 04:29:58 +00:00
seawood%netscape.com
322da773fb Removing old nmake build makefiles. Bug #158528 r=pavlov 2002-08-10 07:55:43 +00:00
henry.jia%sun.com
bb349938fc 5th patch for bug 158080
Description: replace the hardcode of @mozilla.org/embedcomp/window-watcher;1 with NS_WINDOWWATCHER_CONTRACTID
Patch by Henry.Jia@sun.com
r=anto, sr=alecf
2002-08-06 06:32:02 +00:00
sicking%bigfoot.com
39c966dd38 Use principals instead of URIs for same-origin checks.
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
d0eab90dbb Bug 154930 - If one page has explicitly set document.domain and another has not,
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
harishd%netscape.com
23d9c4988e Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst 2002-07-02 23:26:08 +00:00
mstoltz%netscape.com
6e12a5ca9f Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
harishd%netscape.com
0031d01a28 Backing out my checkin to see if it fixes the Txul breakage 2002-06-27 23:32:51 +00:00
harishd%netscape.com
5ce8f55dd0 ** checking in for mstoltz **
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst
2002-06-27 20:58:42 +00:00
mstoltz%netscape.com
6f5d99be4c 133170 - Need to re-check host for security on a redirect after a call to
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
dougt%netscape.com
c683a217ab Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 2002-05-15 18:55:21 +00:00
darin%netscape.com
6fd5862e6e fixes bug 142870 "nsIFile should use UCS-2 instead of UTF-8"
r=dougt sr=alecf
2002-05-07 23:07:19 +00:00
ben%netscape.com
7d003ba281 [Chrome FastLoad]
Ensure that principals are written as Compound Objects using |WriteCompoundObject|, not using |WriteObject|
r=mstoltz, sr=brendan
2002-05-03 03:00:46 +00:00
darin%netscape.com
e554d83626 fixes bug 129279 "nsIFile unicode/utf8/ascii task"
r=dougt sr=alecf
2002-04-27 05:33:09 +00:00
mstoltz%netscape.com
8b4ac18c14 Bug 136993 - Put the "trusted codebase principals" feature back in.
r=harishd, sr=jst, a=valeski
2002-04-13 01:53:46 +00:00
darin%netscape.com
e73746ce67 fixes bug 134546 "Memory leak in nsScriptSecurityManager::GetBaseURIScheme()"
patch=pj@ludd.luth.se, r=mstoltz, sr=darin, a=rjesup@wgate.com
2002-04-03 20:23:57 +00:00
mstoltz%netscape.com
03fe97372a A bunch of fixes in caps:
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
timeless%mac.com
dec943eb10 Bug 106386 rid source of misspellings
r=db48x sr=blake a=asa
2002-03-19 04:30:17 +00:00
alecf%netscape.com
e5d4028f9d fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed
(and not leaked!)
r=mstoltz, sr=vidur, a=asa
2002-03-10 00:41:08 +00:00
rginda%netscape.com
35fde24f6c Bug 129503, "IsCapabilityEnabled should return PR_TRUE if no script on stack"
sr=brendan, r=mstoltz, a=asa
If the js stack has no principals on it, return PR_TRUE from IsCapabilityEnabled
.  Currently, the only time we'd have a stack devoid of principals is when all f
unctions are native.  If this assumption changes, this may need to be revisited
(depending on what it would mean to be a compiled script without a principal.)
2002-03-08 02:20:55 +00:00
darin%netscape.com
f1a6738b6c fixes bug 124042 "support internationalized URIs" r=dougt, sr=alecf, a=asa 2002-03-06 07:48:55 +00:00
jband%netscape.com
3ac1b33f9c remove stale DEBUG_jband block. rs=jband a=dbaron 2002-03-05 08:02:05 +00:00
mstoltz%netscape.com
18c8067fae Bug 127938 - chrome scripts should be exempt from the security check put in for
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
2002-02-28 00:22:59 +00:00
mstoltz%netscape.com
75f6bd3583 partially backing out my last change - weird dependency problem 2002-02-26 05:28:26 +00:00
mstoltz%netscape.com
82659b14ca 32571, present confirmation dialog before allowing scripts to close windows.
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
2002-02-26 04:50:21 +00:00
jst%netscape.com
beae4f7953 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 2002-02-20 05:51:05 +00:00
cathleen%netscape.com
124339899e eliminate nsCRT::strlen for char* strings (part 1), bug 124536 r=dp sr=brendan 2002-02-19 07:36:56 +00:00
mcafee%netscape.com
1a3a52cce7 Backing out mstoltz. r=dbaron,jrgm 2002-02-19 04:06:53 +00:00
mstoltz%netscape.com
cc94447571 Bug 105050 - return null window.opener to scripts if opener is a mail window.
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
2002-02-19 01:09:45 +00:00
mkaply%us.ibm.com
cbcd4c677a OS/2 bustage - callback needs to be in header 2002-02-13 13:30:06 +00:00
mstoltz%netscape.com
4756b7169c Bug 119646 - Rewrite of the security manager policy database for improved
performance. r=jst, sr=jband.
2002-02-13 04:20:46 +00:00
alecf%netscape.com
5483b6f627 one more part of fix for bug 107575, including the much coveted whitespace
remove aIgnoreCase parameter from all nsString and nsCString consumers
sr=jag, r=shaver
2002-02-01 01:53:09 +00:00