Commit Graph

43 Commits

Author SHA1 Message Date
jonas@sicking.cc
ab63fc8524 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
jonas@sicking.cc
9552bd91fc Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz 2008-03-18 17:27:56 -07:00
reed@reedloden.com
57ac4a582f Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner] 2008-03-08 03:20:21 -08:00
jonas@sicking.cc
28ea51311b Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
myk@mozilla.org
7aff03fc46 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
jonas@sicking.cc
42bbc8327e Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
bzbarsky%mit.edu
d9f9d475bb When getting codebase principals, install the passed-in codebase on them even
if they come from the hashtable.  Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
c44462a922 Followup to bug 326506 -- this comment got lost somehow. 2006-04-02 22:00:08 +00:00
bzbarsky%mit.edu
52c46b8f53 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
sr=dveditz
2006-02-17 16:12:17 +00:00
bzbarsky%mit.edu
18fc300f0b Backing out since tree is closed. 2006-02-17 03:33:03 +00:00
bzbarsky%mit.edu
97bb5a58a9 Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst,
sr=dveditz
2006-02-17 03:26:03 +00:00
bzbarsky%mit.edu
10d1c576d9 Expose the subject name for the cert and an nsISupports pointer to the cert on
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
2005-07-22 19:05:42 +00:00
brendan%mozilla.org
deb9f0c764 Add a subsumes relation to principals so JS can handle all cases when checking indirect eval (and the like) calls (300008, r=caillon/dveditz, sr/a=shaver). 2005-07-08 23:26:36 +00:00
gerv%gerv.net
9d2ee4928c Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
brendan%mozilla.org
7809adca33 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 2003-11-03 04:26:55 +00:00
caillon%returnzero.com
66caced69a Re-land patch for bug 83536, merging principal objects.
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
caillon%returnzero.com
f8e8aed8a7 Backing out the patch to bug 83536.
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com
91b7c60bee Bug 83536.
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
caillon%returnzero.com
6d92f9bd32 184257 - Updating pref callers. r=timeless sr=bzbarsky 2003-01-08 08:40:41 +00:00
gerv%gerv.net
11248436dd License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 2001-09-25 01:03:58 +00:00
gerv%gerv.net
1856815ff1 Oops. 2001-09-20 00:02:59 +00:00
scc%mozilla.org
102170b2a0 bug #98089: ripped new license 2001-09-19 20:09:47 +00:00
brendan%mozilla.org
dbd7fed5b1 FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver. 2001-07-31 19:05:34 +00:00
warren%netscape.com
512c8bf433 Renaming nsIAllocator to nsIMemory (and nsAllocator to nsMemory). API cleanup/freeze. Bug #18433 2000-06-03 09:46:12 +00:00
mstoltz%netscape.com
e0fc50a6d4 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
9bb975256e Fixes for 27010, 32878, and 32948. 2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
57feeae5ec Backing out changes until I can figure out why it's crashing on startup. 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
62bffdd26e Fixes for bugs 27010, 32878, 32948. 2000-04-23 20:30:29 +00:00
norris%netscape.com
7d053b70b0 Adding nsAggregatePrincipal support. r=norris 2000-03-21 04:05:35 +00:00
norris%netscape.com
060e388a6b Files:
caps/idl/nsICertificatePrincipal.idl
	caps/idl/nsIPrincipal.idl
	caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com

Files:
	caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com

Files:
	caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com

Files:
	dom/public/nsDOMPropEnums.h
	dom/public/nsDOMPropNames.h
	dom/src/base/nsGlobalWindow.cpp
	modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com

Files:
	dom/src/base/nsJSUtils.cpp
	dom/src/base/nsJSUtils.h
	dom/src/base/nsJSEnvironment.cpp
	dom/tools/JSStubGen.cpp
	layout/base/src/nsDocument.cpp
	layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com

Files:
	layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
2000-03-11 06:32:42 +00:00
norris%netscape.com
2b4b436f5f Fix 25062 Reload vulnerability
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
mstoltz%netscape.com
5014545a00 Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 2000-01-18 21:54:01 +00:00
norris%netscape.com
7cd400a26f * Fix the following bugs by tightening the default security policy.
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org
142ac52eaf updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
norris%netscape.com
ec9d253f50 Add all-powerful system principals. Remove some dead code from the build. 1999-09-01 00:54:35 +00:00
norris%netscape.com
d8507f844e * clean up nsScriptSecurityManager
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
1999-08-29 21:58:42 +00:00
arielb%netscape.com
1b252b2e3b includes updates to codbase matching security checks currently turned off
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.
1999-08-20 09:51:02 +00:00
arielb%netscape.com
a1d83223f4 added a new and improved factory to caps module. fixed some bugs and
cleared some warnings.  also move some methods of privilege manager to
principal manager.
1999-08-06 22:44:35 +00:00
arielb%netscape.com
0d16b83058 add a principal manager to caps api. everything is now xpidled so
i removed the public directory from the module.
1999-08-01 21:26:02 +00:00
briano%netscape.com
007ea62765 Cleaned it up and changed the name of libreg.{a,so} to libmozreg.{a,so} to fix the conflict reported in bug 8568. 1999-07-27 23:27:44 +00:00
arielb%netscape.com
8dad60d09d Fix to the caps security module. I removed the nsPrincipal struct, from now
on you can access principals by their xpcomed interface nsIPrincipal.
1999-07-24 03:58:23 +00:00
arielb%netscape.com
587d04c222 idled principals interfaces and some fixes to caps manager... 1999-07-16 20:31:18 +00:00
norris%netscape.com
f64740e501 Move several security files into idl. (Create idl directory in caps module.)
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
1999-07-15 23:23:16 +00:00