Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-08 12:37:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
300,769 Commits 615 Branches 98 Tags 5.9 GiB
2ea3681082
Commit Graph

281 Commits

Author SHA1 Message Date
Brian Hackett
66d81d0a7e Backed out changeset 5fc7462dd394 for android orange. 2012-05-19 11:52:55 -07:00
Brian Hackett
7235558c07 Use handles in API object hooks where possible, bug 750733. r=billm 2012-05-19 09:48:09 -07:00
Bobby Holley
e6e34db54d Bug 750859 - Remove (most of) SetCanEnableCapability. r=bz 2012-05-02 23:57:34 +02:00
Bobby Holley
c532e2d4c3 Bug 750859 - Kill the CAPS confirm dialog. r=bz 
This will break addons using enablePrivilege, but that's going away too. We've been warning for many releases now, so it's time to bite the bullet.
 2012-05-02 23:57:34 +02:00
Mark Capella
bb0cb90d39 Bug 740688 - Use uintptr_t instead of PRUword, and intptr_t instead of PRWord. r=jwalden 
--HG--
extra : rebase_source : 648a581323d2c2893df780f71fe34dadcc4bbaab
 2012-04-11 17:17:44 -07:00
Igor Bukanov
c8154dcd0e bug 730221 - delegating serialization of script principals to the embedding. r=:luke,:bz 
Currently to serialize principals stored in JSScript we have a rather complex
schema. First there is the transcode callback that the embedding must provide
to transcode principals using XDR API. Second we use rather complex glue code
to implement that callback in terms of writing/reading nsIObjectOutputStream/
nsIObjectInputStream. This glue code is duplicated in 3 places. All this can
be avoided if we simply delegate transcoding of principals to the caller. In
addition, at least in the case of the cached startup scripts we do not even
need to transcode the principals as the the cached scripts always have the
system principal so we can skip all the transcode complexity there.

The patch implemnts this idea. In particular, the code in JS engine
responsible for transcoding of principals is replaced by the single API
function JS_XDRSetPrincipals that the embedding can use to set principals for
decoded scripts and functions. Then the startup cache uses this to set the
principals for the decoded script to the system principals. The other two
places in nsJSContext::Serialize and  XBL_SerializeFunction that need to
serialize principals together with a function or script now uses common
utilities in nsXPConnect so the serialization complexity resides in the single
 place.
 2012-02-13 14:10:04 +01:00
Igor Bukanov
524dbd7e47 bug 728250 - remove JSPrincipals::codebase. r=:luke,:bz 
In just 2 cases where JSPrincipals::codebase is used it can be reconstructed from the values stored in the associated nsJSPrincipal. In addition the patch makes nsJSprincipals to inherit both from nsIPrincipal and JSPrincipals allowing to use static_cast to convert between nsIPrincipal and JSPrincipals pointers and to drop many cases of manual JSPrincipal reference counting.
 2012-03-09 10:48:50 +01:00
Ehsan Akhgari
92064e6d3f Bug 690892 - Replace PR_TRUE/PR_FALSE with true/false on mozilla-central; rs=dbaron 
Landing on a CLOSED TREE
 2011-10-17 10:59:28 -04:00
Michael Wu
d2b70213ac Bug 675553 - Switch from PRBool to bool on a CLOSED TREE , r=bsmedberg,khuey,bz,cjones 
--HG--
rename : tools/trace-malloc/bloatblame.c => tools/trace-malloc/bloatblame.cpp
 2011-09-28 23:19:26 -07:00
Luke Wagner
dd8cec0710 Bug 667915 - Don't let content JS consume all the stack and cause chrome JS to OOM (r=waldo,mrbkap) 2011-06-30 09:26:56 -07:00
Matheus Kerschbaum
27331333ef Bug 662000 part 2: Remove XPC_IDISPATCH_SUPPORT from the build-system and XPConnect. r=mrbkap 
--HG--
extra : rebase_source : c456802fe36eef1e49381be996dbbdf820781206
 2011-06-22 11:56:47 -04:00
Masayuki Nakano
eafdcc3af5 Bug 660770 caps should use mozilla::Preferences r=roc+jst 2011-06-20 12:00:16 +09:00
Blake Kaplan
e73d3d7ecd Fix bug 657267. r=bz 2011-05-19 13:31:54 +02:00
Luke Wagner
7371ad00ed Bug 549143 - fatvals 2010-07-14 23:19:36 -07:00
Dan Witte
7c610ca8ac Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst 2010-06-08 16:43:54 -07:00
Peter Van der Beken
df91a46a76 Fix for bug 560199 (Link XPConnect and caps into layout). r=jst. 
--HG--
extra : rebase_source : 5141822e9d560019ffc1e0cb0264782aa8aa7a99
 2010-04-11 15:55:24 +02:00
Sid Stamm
1090529f8c bug 515443 CSP no-eval support. r=mrbkap,brendan 2010-03-08 00:24:50 -08:00
Jonas Sicking
893023f46a Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap 2010-02-02 02:29:15 -08:00
Sid Stamm
7252ce7760 Bug 515437 CSP connection code, r=jst,dveditz sr=jst 2010-01-22 13:38:21 -08:00
Daniel Veditz
153553d9b6 Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit 2010-01-14 17:19:11 -08:00
Sid Stamm ext:(%2C%20Brandon%20Sterne%20%3Cbsterne%40mozilla.com%3E)
f2cab6a506 bug 515433, bug 515437: Content Security Policy (CSP) core 2010-01-13 14:18:24 -08:00
Blake Kaplan
7050590b13 Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz 2009-08-21 18:20:20 -07:00
Blake Kaplan
27e754d4d0 Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky 2009-08-06 20:26:33 -07:00
Blake Kaplan
79905bec13 Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst 2009-05-14 15:17:56 -07:00
Blake Kaplan
1942f8e50b Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky 2009-05-13 15:01:01 -07:00
Mook
fa1eb8e272 Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz 2009-02-26 18:31:17 +01:00
Dan Mosedale
e4aa8b0d67 Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky 2009-02-17 20:32:57 -08:00
Daniel Holbert
4301671b45 Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg 2009-01-21 22:55:08 -08:00
Igor Bukanov
4ecbd37ca7 Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap 2008-10-14 16:16:25 +02:00
Arpad Borsos
c72ef7d248 Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan 2008-10-10 17:04:34 +02:00
Ben Newman
97433a48ab Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky 2008-10-08 09:16:27 -04:00
Arpad Borsos
5a19e3346c Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla) 2008-09-07 00:21:43 +02:00
jonas@sicking.cc
ab63fc8524 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
jonas@sicking.cc
ec7a19c8b9 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
jst@mozilla.org
a4d3a2e2e3 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 09:50:47 -07:00
jst@mozilla.org
29a96a03b8 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-20 21:39:08 -07:00
jonas@sicking.cc
9552bd91fc Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
94a044f0b1 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
jonas@sicking.cc
28ea51311b Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org
7aff03fc46 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc
42bbc8327e Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
jst@mozilla.org
892f0acecf Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
benjamin@smedbergs.us
b3e87aa63b Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
jst@mozilla.org
b30b544b5f Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
bzbarsky@mit.edu
e252fc2b15 Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst 2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu
5983f838e4 Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst 2007-09-17 15:18:28 -07:00
dveditz@cruzio.com
2940b2f998 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
jwalden@mit.edu
6d7584839a Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu
434b4cf8db Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 08:07:02 -07:00
benjamin@smedbergs.us
baab01ada6 Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 07:21:53 -07:00
dbaron@dbaron.org
e7bb1b1c38 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
dbaron@dbaron.org
d98d9fdec5 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
hg@mozilla.com
05e5d33a57 Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu
730516b0a1 Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
0a3a624149 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
 2006-11-10 23:49:08 +00:00
bzbarsky%mit.edu
f78182b042 Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu
3aaa1fe7df Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst
 2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
25ab5fffef Create a powerless non-principal and start using it. Bug 326506, r=mrbkap, 
sr=dveditz
 2006-04-02 20:58:26 +00:00
bzbarsky%mit.edu
7e4ec9da94 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan
 2006-02-24 04:38:46 +00:00
bzbarsky%mit.edu
f8625ded52 Remove dead code. Bug 327171, r=mrbkap, sr=shaver 2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu
f02076fb6f Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst
 2005-11-16 02:12:21 +00:00
cbiesinger%web.de
9efd50d7d5 Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz
 2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu
b29c3a80b9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst
 2005-10-20 23:49:59 +00:00
bzbarsky%mit.edu
0392b3384b Comment-only fixes I forgot to make. Bug 240661. 2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu
10d1c576d9 Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
 2005-07-22 19:05:42 +00:00
timeless%mozdev.org
831f32feaa Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
 2005-07-19 21:55:36 +00:00
timeless%mozdev.org
2ad41d5c36 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
 2005-06-29 16:29:49 +00:00
timeless%mozdev.org
9c0955251d Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
 2005-06-07 21:57:56 +00:00
brendan%mozilla.org
ea9fd4132c Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu
6d36e81b66 Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa
 2005-04-10 23:27:07 +00:00
brendan%mozilla.org
bb7b3cd85f Revert kludge, want a general fix. 2005-04-07 19:48:57 +00:00
brendan%mozilla.org
b02c276f35 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 2005-04-07 02:22:24 +00:00
cbiesinger%web.de
92c940aa45 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz
 2005-02-06 12:39:31 +00:00
jst%mozilla.jstenback.com
f97343e1ac Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:53:35 +00:00
dveditz%cruzio.com
e67c6e5dcf Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
 2004-09-01 07:53:32 +00:00
cbiesinger%web.de
765d4043a5 removing myself from DEBUG_CAPS_HACKER list 2004-07-10 19:38:28 +00:00
cbiesinger%web.de
914def148f fix DEBUG_CAPS_HACKER bustage due to bug 240106 
r=caillon sr=darin
 2004-06-16 15:58:22 +00:00
gerv%gerv.net
9d2ee4928c Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
caillon%returnzero.com
66caced69a Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
 2003-10-21 22:11:49 +00:00
brendan%mozilla.org
4878fd7a5e Better version of last change, thanks to caillon for reminding me. 2003-09-28 04:55:50 +00:00
brendan%mozilla.org
3915f74063 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 2003-09-28 04:44:33 +00:00
brendan%mozilla.org
4038563cd9 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
f8e8aed8a7 Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
 2003-08-22 03:06:53 +00:00
brendan%mozilla.org
b7cdb7debb Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 2003-08-05 20:09:21 +00:00
caillon%returnzero.com
b6f6ad74ba Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
 2003-07-29 05:28:00 +00:00
mkaply%us.ibm.com
b7fd1c6840 Ports bustage - remove NS_COM per bsmedberg 2003-07-24 18:58:30 +00:00
caillon%returnzero.com
91b7c60bee Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
 2003-07-24 05:15:20 +00:00
seawood%netscape.com
beb45866ed Removing extra ^M. Fixing Irix cc bustage 2003-06-28 05:15:41 +00:00
timeless%mozdev.org
66730e2ca7 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst
 2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
ddc015e3b7 Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 2003-06-26 00:18:43 +00:00
caillon%returnzero.com
b2badfa9f7 Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
 2003-06-18 23:48:57 +00:00
harishd%netscape.com
85570db892 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 2003-06-12 20:18:34 +00:00
seawood%netscape.com
97649bab86 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 21:18:27 +00:00
mstoltz%netscape.com
11919bb299 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 2003-05-28 23:22:36 +00:00
bzbarsky%mit.edu
cbf70f5c05 Removing stray windows newline that causes build warning... No reviews, sorry. 2003-04-08 20:26:41 +00:00
mstoltz%netscape.com
44d264d6b0 Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 2003-03-12 02:17:37 +00:00
brendan%mozilla.org
3c0c23b860 Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 2003-03-06 19:40:14 +00:00
sfraser%netscape.com
ba78e7bec4 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 2003-01-17 02:00:01 +00:00
alecf%netscape.com
df10f648b8 take two at fixing bug 177401 - convert nsIBinaryStream over to using nsAString/nsACString for string values, to speed up fastload 
sr=darin, r=dougt
(the previous checkin had a typo which disabled fastload entirely!)
 2002-11-14 18:16:31 +00:00
alecf%netscape.com
0a48c10053 argh, back out my last checkin because Ts went UP not down! 2002-11-09 01:31:32 +00:00