Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-29 15:52:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
208,698 Commits 616 Branches 98 Tags 5.9 GiB
47019f7663
Commit Graph

735 Commits

Author SHA1 Message Date
Honza Bambas
8b179c6230 Bug 442812: Implement the application cache selection algorithm. r+sr=bz 2008-08-19 19:31:08 -07:00
Boris Zbarsky
5eedf39759 Bug 434522 follow-up bustage fix. 2008-07-28 23:37:58 -07:00
Boris Zbarsky
f61641d25e Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking 2008-07-28 23:10:05 -07:00
Boris Zbarsky
c941674d4d Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst 2008-07-28 23:03:19 -07:00
jonas@sicking.cc
ab63fc8524 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com
7caae794f1 Rework test for bug 292789 to try and fix the timeout on qm-centos5-01 2008-04-14 01:50:51 -07:00
dveditz@cruzio.com
e9a165f03a tests for bug 292789 -- forgot during checkin 2008-04-12 17:55:45 -07:00
dveditz@cruzio.com
8a2c640ed4 bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner 2008-04-12 14:26:19 -07:00
jonas@sicking.cc
ec7a19c8b9 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
igor@mir2.org
e05006a6f0 [bug 423874] backing out as a simpler patch would do the job with less code. 2008-03-29 03:34:29 -07:00
igor@mir2.org
ec6b483779 [bug 424376] backing out - too much compatibility problems. 2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu
d7fc979918 Fix bug 421228. r+sr=sicking 2008-03-27 20:46:15 -07:00
igor@mir2.org
8edd862903 bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API. 2008-03-23 03:16:40 -07:00
jst@mozilla.org
a4d3a2e2e3 Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu 2008-03-22 09:50:47 -07:00
igor@mir2.org
8c88d304f4 bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject 2008-03-21 01:19:23 -07:00
jst@mozilla.org
c7eb261ec3 Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu 2008-03-20 23:01:55 -07:00
jst@mozilla.org
29a96a03b8 Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org 2008-03-20 21:39:08 -07:00
shaver@mozilla.org
ba5430c6e5 Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor. 2008-03-20 01:19:15 -07:00
shaver@mozilla.org
f23b424aa7 Test for bug 423379 (content can load chrome and/or resource), r/sr=jst. 2008-03-19 15:14:51 -07:00
shaver@mozilla.org
4d79009864 (NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave. 2008-03-19 14:26:09 -07:00
jonas@sicking.cc
9552bd91fc Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
94a044f0b1 Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com
0fa7ce606a Back out bug 246699 to fix bug 423375, per shaver 2008-03-17 07:10:48 -07:00
timeless@mozdev.org
620272feeb Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver 2008-03-11 10:30:23 -07:00
reed@reedloden.com
57ac4a582f Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc
28ea51311b Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org
7aff03fc46 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc
42bbc8327e Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi
652c1e007c Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking 2008-02-26 04:40:18 -08:00
reed@reedloden.com
5d4ef49dd4 Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan] 2008-02-25 00:59:20 -08:00
jonas@sicking.cc
2c0141fcd9 Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner 2008-01-31 00:16:54 -08:00
jst@mozilla.org
31b04a892e Fixing bustage. 2008-01-29 13:11:24 -08:00
jst@mozilla.org
892f0acecf Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
jst@mozilla.org
6fd0410f62 Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu 2008-01-28 09:51:38 -08:00
jst@mozilla.org
08983f83e3 Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc 2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us
b3e87aa63b Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
dwitte@stanford.edu
3f33f45d2a thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-11 20:30:42 -08:00
dwitte@stanford.edu
8d74b831d4 partial backout in an attempt to fix orange. 2008-01-11 02:08:58 -08:00
dwitte@stanford.edu
cc924d2d23 relanding bug 410250. 2008-01-11 01:13:04 -08:00
dwitte@stanford.edu
f300515e36 backing out to fix orange. 2008-01-10 20:59:44 -08:00
dwitte@stanford.edu
09217db711 thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+ 2008-01-10 19:56:00 -08:00
timeless@mozdev.org
1bd2741649 Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep 2008-01-06 06:53:24 -08:00
mrbkap@gmail.com
68ee3e9f08 Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst 2008-01-04 17:32:23 -08:00
jst@mozilla.org
f0f4a78cce Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
mrbkap@gmail.com
2605476d7c XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner 2007-12-21 11:06:29 -08:00
jst@mozilla.org
b30b544b5f Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
philringnalda@gmail.com
57e4af9c93 Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore 2007-11-12 19:23:17 -08:00
tglek@mozilla.com
21a6a8dc26 Bug 398574:Prbool fixes r=bz a=release drivers 2007-11-12 13:47:11 -08:00
jonas@sicking.cc
4c1a3910ac bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu
26d7ccd742 Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore 2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu
e252fc2b15 Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst 2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu
5983f838e4 Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst 2007-09-17 15:18:28 -07:00
dveditz@cruzio.com
2940b2f998 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com
c0215549f6 Bug 304048 - Backing out patch due to TXUL regression. 2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com
5f9effcd34 Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst. 2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu
3c0f9ef02f Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst 2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com
681c6747e8 Bustage fix 2007-07-11 14:20:11 -07:00
jwalden@mit.edu
6d7584839a Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu
647cbff151 Make security manager API more useful from script. Make more things 
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
 2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu
434b4cf8db Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi 2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu
ec536a72cf Make nsPrincipal::Equals compare codebases, not just certs, for certificate 
principals.  Bug 369201, r=dveditz, sr=jst
 2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us
baab01ada6 Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me 2007-04-23 07:21:53 -07:00
dbaron@dbaron.org
e7bb1b1c38 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
dbaron@dbaron.org
d98d9fdec5 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
hg@mozilla.com
05e5d33a57 Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT, 2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu
d9f9d475bb When getting codebase principals, install the passed-in codebase on them even 
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
 2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
382b095c94 Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz 2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu
8a1b6c5e34 Make the redirect check get principals the same way we get them elsewhere. 
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
 2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com
ad22de3c0c Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz 2006-11-22 17:22:40 +00:00
sayrer%gmail.com
6aa99d403b Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz 2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu
730516b0a1 Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
0a3a624149 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
 2006-11-10 23:49:08 +00:00
cbiesinger%web.de
74a2a1d30c Bug 351876 Move nsICryptoHash into necko 
r=darin
 2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
50e969de0c Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
pkasting%google.com
dafdf0b1eb Bug 337223: Don't expose moz-anno protocol to web pages. 
Patch by brettw
r=jst
sr=bzbarsky
 2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu
e9379f3679 Remove special-casing of about:blank for security purposes; give about:blank 
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
 2006-08-15 17:31:16 +00:00
dveditz%cruzio.com
d3379f18b5 bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking 2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu
282ad6509b Fiox the special-casing for about:blank to deal with it now being 
moz-safe-about:blank as far as the security manager is concerned.  Bug 342108,
r=darin, sr=jst
 2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu
8cd320ad22 Allow about: modules to just set a flag to force script execution to be allowed 
for particular about: URIs, instead of hardcoding checks in the security
manager.  Bug 341313, r=darin, sr=jst
 2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu
4b3cf6e788 Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin 2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu
9a60679a4c Save the principal in the session history entry so that reloading a data: URL 
will do the right thing.  Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs).  Bug
337260, r=dveditz, sr=jst
 2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu
9509962b32 Move the safe vs unsafe about: distinction out of the security manager and into 
nsIAboutModule implementations.  Bug 337746, r=dveditz, sr=darin
 2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au
0f241835df Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan. 2006-06-13 03:07:47 +00:00
mrbkap%gmail.com
98997f8669 Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan 2006-06-12 22:39:55 +00:00
igor%mir2.org
65028a8035 Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan 2006-05-22 22:58:31 +00:00
bzbarsky%mit.edu
f78182b042 Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst 2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu
6e7e8da8e6 Create our URIs by hand (since we have our own scheme), instead of going 
through the ioService.  Also fixes some threadsafety stuff.  Bug 337513,
r=dveditz, sr=darin.
 2006-05-11 16:06:35 +00:00
cbiesinger%web.de
51a89a8b1e bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and 
associated code. These options do not really work anymore.

r=bsmedberg
 2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu
3aaa1fe7df Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst
 2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
a40420a6d3 Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst 2006-05-04 02:29:46 +00:00
darin%meer.net
4a94571cee fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin 2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu
722b5218b2 Add an interface for nested URIs (like jar:, view-source:, etc) to implement 
and use it in various places.  Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:).  Bug 334407, r=biesi,dveditz, sr=darin
 2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu
000f1cb779 Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz 2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu
dffe9c89ad Check rv before looking at port. Bug 334210, r+sr+branch181=jst 2006-04-17 23:19:44 +00:00
bzbarsky%mit.edu
f15a96ed13 Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin 2006-04-17 23:13:33 +00:00
bzbarsky%mit.edu
af73fbf542 Fix refcounting bug. Followup to bug 327176; reviews pending. 2006-04-05 16:48:51 +00:00
bzbarsky%mit.edu
c44462a922 Followup to bug 326506 -- this comment got lost somehow. 2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
40f15bd48c Init the system principal singleton when we init the security manager -- no 
need for lazy init here.  Bug 327176, r=mrbkap, sr=dveditz
 2006-04-02 21:10:23 +00:00
bzbarsky%mit.edu
25ab5fffef Create a powerless non-principal and start using it. Bug 326506, r=mrbkap, 
sr=dveditz
 2006-04-02 20:58:26 +00:00
darin%meer.net
20837f71e1 fixes bug 328925 "Replace NS_WARN_IF_FALSE with NS_ASSERTION (where appropriate)" r=dbaron 2006-03-30 18:40:56 +00:00