Jonas Sicking
893023f46a
Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap
2010-02-02 02:29:15 -08:00
Blake Kaplan
9c71e872ce
Bug 371694 - Protect ourselves against null values. r=dveditz
2010-03-22 15:50:04 -07:00
Ben Newman
81a89a0871
Bug 553448 - nsScriptSecurityManager::ContentSecurityPolicyPermitsJSAction should return JS_TRUE when no subjectPrincipal exists. r=mrbkap sr=dveditz
...
--HG--
extra : rebase_source : c47d6d55063c115921ee89114c4439444883c37d
2010-03-18 17:27:39 -07:00
timeless@mozdev.org
7923ac31c7
Bug 504423 ReadAnnotationEntry leaks key if nsCStringKey sets rv to failure
...
r=dveditz
--HG--
extra : rebase_source : 07b5d1d19d7533f1a620ab8a83f19b20f33ec6fc
2010-03-12 07:50:11 +01:00
Sid Stamm
1090529f8c
bug 515443 CSP no-eval support. r=mrbkap,brendan
2010-03-08 00:24:50 -08:00
Makoto Kato
340544f021
Bug 346010 - Decom nsIJAR by merging it into nsIZipReader. r=tglek, sr=bsmedberg
2010-03-07 22:56:45 +09:00
Jonas Sicking
6f0a0d424e
Bug 543870: Implement File.url. r=bz sr=jst
2010-03-02 23:51:09 -08:00
Sid Stamm
7252ce7760
Bug 515437 CSP connection code, r=jst,dveditz sr=jst
2010-01-22 13:38:21 -08:00
Daniel Veditz
153553d9b6
Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit
2010-01-14 17:19:11 -08:00
Sid Stamm ext:(%2C%20Brandon%20Sterne%20%3Cbsterne%40mozilla.com%3E)
f2cab6a506
bug 515433, bug 515437: Content Security Policy (CSP) core
2010-01-13 14:18:24 -08:00
Peter Van der Beken
f93aeceb40
Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
...
--HG--
extra : rebase_source : 4f7978e3ed1335fc4f58478afc038fb63576581b
2009-09-18 12:43:48 +02:00
Taras Glek
1d126be6cd
Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz
...
--HG--
extra : rebase_source : c6ba6e900ceed210620d47f70c9b962a808a29fe
2009-10-12 12:31:50 -07:00
Taras Glek
d33c6f1c4a
bug 521191: backed out e22bef491d84
2009-10-08 16:44:44 -07:00
Taras Glek
387de8cf2e
Backed out changeset e22bef491d84
2009-10-08 16:43:55 -07:00
Peter Van der Beken
056df67f8f
Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange.
2009-10-08 13:42:07 -07:00
Peter Van der Beken
5da982514b
Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange.
2009-10-08 13:41:44 -07:00
Taras Glek
d07c55d805
Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz
2009-10-08 11:22:50 -07:00
Peter Van der Beken
61f49bf3ac
Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
...
--HG--
extra : rebase_source : 95898b5ab53d60200058374c52cdb8161aabf78b
2009-09-18 12:43:48 +02:00
Blake Kaplan
7050590b13
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
Igor Bukanov
8c03c81096
bug 513190 - avoiding jsint tagging of the private slot data. r=jorendorff
2009-09-05 19:59:11 +04:00
Benjamin Smedberg
ba372f3a4c
Followup to bug 398573 - remove REQUIRES from the tree since it is no longer used... automatically generated patch, rs=ted
2009-08-25 08:59:31 -07:00
Taras Glek
d331cb9b8d
Bug 468011 - Combine all chrome into browser+toolkit jars. r=bsmedberg
2009-08-14 09:32:40 -07:00
Blake Kaplan
27e754d4d0
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
Boris Zbarsky
ba4bfdba03
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 21:27:33 -04:00
David Zbarsky
e5c3359049
Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg
2009-07-29 13:54:44 -04:00
Boris Zbarsky
79debaf781
Backed out changeset b55e7e3c0bfb to see whether bug 495176 might be causing the WinXP Txul regression
...
--HG--
extra : rebase_source : c854c6a8afad67c583ff08e23bbac27cbf99c0cd
2009-07-28 14:34:01 -04:00
Boris Zbarsky
1785137905
Backed out changeset 9d5e247b5052 to see whether bug 495176 might be causing
...
the WinXP Txul regression.
--HG--
extra : rebase_source : 41a0fe73ec43dff97ada391db29dc121fb677403
2009-07-28 14:32:45 -04:00
Boris Zbarsky
123cf2cf60
Fixing crashes during tests by null-checking the principal URI as appropriate. Bug 495176
2009-07-26 23:21:01 -04:00
Boris Zbarsky
57fdf8c806
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 21:27:33 -04:00
Peter Van der Beken
88bc7e0eed
Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap.
2009-05-12 22:20:42 +02:00
Johnny Stenback
ac0964e5c0
Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org
2009-06-30 15:55:16 -07:00
Arpad Borsos
9c8455122d
Back out b8e531a6c961 (Bug 474369), it really did cause the windows dhtml regression
...
--HG--
extra : rebase_source : 568114bcfc5a7710d9e2c2fe5e234fa190bebba1
2009-06-16 14:38:51 +02:00
Olli Pettay
9a08c869f6
Bug 489561 - nsPrincipal should cache nsIPrefBranch and codebase_principal_support pref, r+sr=dveditz, +comments from bz
2009-06-16 14:00:06 +03:00
Arpad Borsos
21896afffc
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Phil Ringnalda
50afa4b02b
Bug 495021 - CAPS unconditionally builds tests, r=shaver
2009-06-13 11:53:38 -07:00
Blake Kaplan
eccda2d175
Bug 441714 - Protect caps against SJOWs. r+sr=dveditz
2009-06-12 14:38:05 -07:00
Arpad Borsos
118ee75268
Back out bug 474369, suspected of causing dhtml and tp3 regression
2009-06-12 23:20:55 +02:00
Arpad Borsos
990fceee6e
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
...
--HG--
extra : rebase_source : 2f40cba97555521222512c7cd793c2a2adcca333
2009-05-07 17:15:26 +02:00
Boris Zbarsky
0cccd6dadc
Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap
2009-05-21 15:46:05 -04:00
Boris Zbarsky
9f358b989d
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 21:49:42 -04:00
Boris Zbarsky
a45c2d01f1
Bug 410486. Fix test failures due to the exception message getting truncated.
2009-05-20 00:57:37 -04:00
timeless@mozdev.org
b0af4b46b6
Bug 410486. Make sure to be in a request when reporting a pending exception. r=dveditz, sr=mrbkap.
2009-05-19 22:11:01 -04:00
Dave Townsend
dd2848c629
Backed out changeset 461d728271d1
2009-05-19 13:51:18 +01:00
Arpad Borsos
6a70c37113
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Blake Kaplan
79905bec13
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
2009-05-14 15:17:56 -07:00
Blake Kaplan
1942f8e50b
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
L. David Baron
f0c43ecb3d
Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer
2009-05-06 13:46:04 -07:00
Blake Kaplan
737c9a5565
Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky
2009-04-23 00:21:22 -07:00
Mook
fa1eb8e272
Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz
2009-02-26 18:31:17 +01:00
Dan Mosedale
e4aa8b0d67
Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky
2009-02-17 20:32:57 -08:00
Daniel Holbert
4301671b45
Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg
2009-01-21 22:55:08 -08:00
timeless@mozdev.org
a09492561f
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal
...
r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
timeless@mozdev.org
95f9cbd69c
Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz
2009-01-01 15:45:23 -08:00
Phil Ringnalda
37206afaf5
Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz
2009-01-01 15:45:23 -08:00
Tyler Downer
b768fb620d
Bug 471146 - remove old CAPS readme (already on devmo); r=brendan
2009-01-01 14:56:44 +01:00
Boris Zbarsky
402f7a9c31
Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking
2008-11-25 20:50:04 -05:00
Phil Ringnalda
538c9fb42a
Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg
2008-11-03 19:46:28 -08:00
Blake Kaplan
d897bc426d
Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky
2008-10-22 13:15:22 -07:00
Ben Newman
d98d55982b
Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky
2008-10-16 10:56:51 -04:00
Igor Bukanov
4ecbd37ca7
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 16:16:25 +02:00
Arpad Borsos
c72ef7d248
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 17:04:34 +02:00
Blake Kaplan
77100affc1
Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky
2008-10-08 15:05:25 -07:00
Ben Newman
97433a48ab
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 09:16:27 -04:00
David Bienvenu
1438cc375a
bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose
2008-09-21 15:21:07 -07:00
David Bienvenu
112c5625ca
temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943
2008-09-20 08:14:14 -07:00
Arpad Borsos
5a19e3346c
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-07 00:21:43 +02:00
Ben Turner
8afd9f92cd
Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst.
2008-09-05 16:26:04 -07:00
Ben Turner
83f49405ee
Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap.
2008-09-04 15:52:20 -07:00
Jason Orendorff
25cba5d7a3
Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst)
2008-08-30 18:58:36 -05:00
Shawn Wilsher
eef2b5a677
Bug 452486 - Create components when we actually have a profile
...
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas
bec376906f
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-27 18:15:32 -07:00
Shawn Wilsher
8d4a24aab4
Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
...
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp
92adf93276
Backed out changeset 1e3d4775197a (bug 442812)
2008-08-19 22:52:05 -07:00
Honza Bambas
8b179c6230
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-19 19:31:08 -07:00
Boris Zbarsky
5eedf39759
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
Boris Zbarsky
f61641d25e
Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking
2008-07-28 23:10:05 -07:00
Boris Zbarsky
c941674d4d
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
jonas@sicking.cc
ab63fc8524
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com
7caae794f1
Rework test for bug 292789 to try and fix the timeout on qm-centos5-01
2008-04-14 01:50:51 -07:00
dveditz@cruzio.com
e9a165f03a
tests for bug 292789 -- forgot during checkin
2008-04-12 17:55:45 -07:00
dveditz@cruzio.com
8a2c640ed4
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
jonas@sicking.cc
ec7a19c8b9
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
igor@mir2.org
e05006a6f0
[bug 423874] backing out as a simpler patch would do the job with less code.
2008-03-29 03:34:29 -07:00
igor@mir2.org
ec6b483779
[bug 424376] backing out - too much compatibility problems.
2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu
d7fc979918
Fix bug 421228. r+sr=sicking
2008-03-27 20:46:15 -07:00
igor@mir2.org
8edd862903
bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 03:16:40 -07:00
jst@mozilla.org
a4d3a2e2e3
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
igor@mir2.org
8c88d304f4
bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject
2008-03-21 01:19:23 -07:00
jst@mozilla.org
c7eb261ec3
Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu
2008-03-20 23:01:55 -07:00
jst@mozilla.org
29a96a03b8
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
shaver@mozilla.org
ba5430c6e5
Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor.
2008-03-20 01:19:15 -07:00
shaver@mozilla.org
f23b424aa7
Test for bug 423379 (content can load chrome and/or resource), r/sr=jst.
2008-03-19 15:14:51 -07:00
shaver@mozilla.org
4d79009864
(NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave.
2008-03-19 14:26:09 -07:00
jonas@sicking.cc
9552bd91fc
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
94a044f0b1
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com
0fa7ce606a
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 07:10:48 -07:00
timeless@mozdev.org
620272feeb
Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver
2008-03-11 10:30:23 -07:00
reed@reedloden.com
57ac4a582f
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 03:20:21 -08:00
jonas@sicking.cc
28ea51311b
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
myk@mozilla.org
7aff03fc46
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
jonas@sicking.cc
42bbc8327e
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi
652c1e007c
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 04:40:18 -08:00
reed@reedloden.com
5d4ef49dd4
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 00:59:20 -08:00
jonas@sicking.cc
2c0141fcd9
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 00:16:54 -08:00
jst@mozilla.org
31b04a892e
Fixing bustage.
2008-01-29 13:11:24 -08:00
jst@mozilla.org
892f0acecf
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
jst@mozilla.org
6fd0410f62
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 09:51:38 -08:00
jst@mozilla.org
08983f83e3
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us
b3e87aa63b
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
dwitte@stanford.edu
3f33f45d2a
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 20:30:42 -08:00
dwitte@stanford.edu
8d74b831d4
partial backout in an attempt to fix orange.
2008-01-11 02:08:58 -08:00
dwitte@stanford.edu
cc924d2d23
relanding bug 410250.
2008-01-11 01:13:04 -08:00
dwitte@stanford.edu
f300515e36
backing out to fix orange.
2008-01-10 20:59:44 -08:00
dwitte@stanford.edu
09217db711
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-10 19:56:00 -08:00
timeless@mozdev.org
1bd2741649
Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep
2008-01-06 06:53:24 -08:00
mrbkap@gmail.com
68ee3e9f08
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-04 17:32:23 -08:00
jst@mozilla.org
f0f4a78cce
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 15:59:12 -08:00
mrbkap@gmail.com
2605476d7c
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 11:06:29 -08:00
jst@mozilla.org
b30b544b5f
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
philringnalda@gmail.com
57e4af9c93
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-12 19:23:17 -08:00
tglek@mozilla.com
21a6a8dc26
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 13:47:11 -08:00
jonas@sicking.cc
4c1a3910ac
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu
26d7ccd742
Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu
e252fc2b15
Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst
2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu
5983f838e4
Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 15:18:28 -07:00
dveditz@cruzio.com
2940b2f998
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com
c0215549f6
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com
5f9effcd34
Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst.
2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu
3c0f9ef02f
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com
681c6747e8
Bustage fix
2007-07-11 14:20:11 -07:00
jwalden@mit.edu
6d7584839a
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu
647cbff151
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu
434b4cf8db
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu
ec536a72cf
Make nsPrincipal::Equals compare codebases, not just certs, for certificate
...
principals. Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us
baab01ada6
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
dbaron@dbaron.org
e7bb1b1c38
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
dbaron@dbaron.org
d98d9fdec5
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
hg@mozilla.com
05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu
d9f9d475bb
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
382b095c94
Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz
2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu
8a1b6c5e34
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com
ad22de3c0c
Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz
2006-11-22 17:22:40 +00:00
sayrer%gmail.com
6aa99d403b
Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz
2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu
730516b0a1
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
0a3a624149
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de
74a2a1d30c
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
50e969de0c
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
pkasting%google.com
dafdf0b1eb
Bug 337223: Don't expose moz-anno protocol to web pages.
...
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu
e9379f3679
Remove special-casing of about:blank for security purposes; give about:blank
...
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
dveditz%cruzio.com
d3379f18b5
bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking
2006-06-27 00:56:41 +00:00