Commit Graph

316 Commits

Author SHA1 Message Date
Deian Stefan
3f9a418ee1 Bug 886164 - Enforce CSP in sandboxed iframe, r=grobinson 2013-11-22 15:12:00 -08:00
Mike Hommey
e80e877ab7 Bug 939044 - Remove most definitions of MODULE. r=mshal 2013-11-19 11:47:39 +09:00
Bobby Holley
93808be553 Bug 840488 - New domain policy API. r=bz
Note that this patch changes the semantics of javascript.enabled so that changes
to the pref do not apply to compartments that have already been created. This is
a significant change, but is necessary to support the new domain policy API.
After one cycle or so, we'll rip out the old API.
2013-11-12 16:43:35 -08:00
Bobby Holley
95ac2b3227 Bug 840488 - Compute immunity from caps checks exactly once, and kill nsScriptSecurityManager::CanExecuteScripts. r=bz 2013-11-12 16:43:35 -08:00
Bobby Holley
63af01c6e2 Bug 840488 - Get rid of aAllowIfNoScriptContext. r=bz
The old code seemed to feel that the lack of a script context was some sort of
showdown that required either unconditional allow or deny. Instead, let's just
make the scriptcontext-relevant checks conditional on there being a script
context, which lets us switch CheckFunctionAccess over to ScriptAllowed.
2013-11-12 16:43:32 -08:00
Ryan VanderMeulen
b7e0804666 Backout bug 886164 for B2G regressions. 2013-09-23 21:26:05 -04:00
Deian Stefan
c36df6710c Bug 886164 - Enforce CSP in sandboxed iframe. r=grobinson 2013-06-23 14:31:52 -07:00
Bobby Holley
c4c9f9e982 Bug 917009 - Remove old-style object principal calculation. r=bz 2013-09-17 15:29:11 -07:00
Terrence Cole
d4b22fae39 Bug 908750 - Fix a rooting hazard in nsScriptSecurityManger::LookupPolicy; r=bholley
--HG--
extra : rebase_source : 27bf6ef6bce3bed136921df15ea00ae86bd73f89
2013-08-23 08:51:40 -07:00
Jan Varga
e9492bcd36 Bug 785884 - Implement support for temporary storage (aka shared pool). r=ehsan, r=bent
--HG--
rename : caps/tests/mochitest/test_principal_extendedorigin_appid_appstatus.html => caps/tests/mochitest/test_principal_jarprefix_origin_appid_appstatus.html
rename : dom/quota/UsageRunnable.h => dom/quota/UsageInfo.h
2013-09-11 06:18:36 +02:00
Bobby Holley
30d81ff017 Bug 905364 - Stop using the SafeJSContext in nsScriptSecurityManager::Init. r=mrbkap
With this patch, I've confirmed that we instantiate the SafeJSContext much later
in startup, during nsAppStartupNotifier::Observe (which ends up invoking an
XPCWrappedJS). As such, this should solve a number of our startup ordering woes.
2013-09-06 11:35:12 -07:00
Nicholas Nethercote
01c70c8c97 Bug 911020 - Introduce js/TypeDecls.h, which holds very commonly used type declarations from the JS engine. r=luke.
--HG--
extra : rebase_source : 008ef689989f93b46627b8be8608bdbc544ca3a2
2013-08-27 19:59:14 -07:00
Nicholas Nethercote
2585de9a07 Bug 905017 (part 1) - Minimize inclusions of JS engine headers in .h and .idl files. r=billm.
--HG--
extra : rebase_source : 984c61ab12f46be0509b1ce0d458d9a6e5841c64
2013-08-17 15:50:18 -07:00
Phil Ringnalda
72c8f5969c Back out c39d60483813 (bug 905364) for xpcshell and b2g desktop bustage 2013-08-16 22:38:48 -07:00
Bobby Holley
363bb61e01 Bug 905364 - Stop using the SafeJSContext in nsScriptSecurityManager::Init. r=mrbkap
With this patch, I've confirmed that we instantiate the SafeJSContext much later
in startup, during nsAppStartupNotifier::Observe (which ends up invoking an
XPCWrappedJS). As such, this should solve a number of our startup ordering woes.
2013-08-16 20:28:17 -07:00
Nicholas Nethercote
d8f824e34e Bug 898914 (part 1) - Remove JSBool.
--HG--
extra : rebase_source : 2d202e0e5005a7f54724b1540481c15cde3ad52e
2013-08-08 15:53:04 -07:00
Ehsan Akhgari
ef4b479714 Bug 872127 - Part 2: Replace mozilla/StandardInteger.h with stdint.h; r=Waldo,ted 2013-07-30 10:25:31 -04:00
Bobby Holley
d5d84f0dff Bug 885668 - Removed specialized function object principal machinery from CAPS. r=bz 2013-07-15 11:22:10 -07:00
Jon Coppeard
ef8bb39711 Bug 885310 - 1 Rename JSHandleFoo in the browser r=bz 2013-06-21 14:12:46 +01:00
Bobby Holley
fe6dc08fc3 Bug 884362 - Use AutoJSContext in nsScriptSecurityManager::LoadPolicy. r=bz
This cx is just used for rooting etc. As such, we really just want whatever
cx is on the stack, but want a default if the stack-top cx is null (which it
sometimes is, here). And that's exactly what AutoJSContext gives us.
2013-06-20 11:05:32 -07:00
Jon Coppeard
b4a1d2128a Bug 884371 - Remove JSMutableHandleXXX from the browser r=bz 2013-06-19 11:32:27 +01:00
Trevor Saunders
7a603ed62c bug 873622 - remove nsScriptSecurityManager::sXPConnect r=bholley 2013-05-29 19:49:11 -04:00
Boris Zbarsky
e46734cb01 Bug 873735 part 1. Fix the more or less mechanical browser rooting hazards. r=terrence 2013-05-20 08:40:06 -04:00
Gregory Szorc
1b12175ba0 Bug 873629 - Remove 129 empty Makefile.in files; r=ted 2013-05-17 16:20:11 -07:00
Ehsan Akhgari
38dd0461b4 Bug 871262 - Fix rooting hazards in the CAPS code; r=till 2013-05-12 15:52:21 -04:00
David Zbarsky
05132788d9 Bug 867459 - Fix caps rooting hazards r=terrence 2013-05-02 22:02:40 -04:00
Bobby Holley
dde0ee15d3 Bug 865729 - Use sXPConnect directly in caps. r=gabor
It's tempting to go through nsContentUtils here, but I'm pretty sure caps is
initialized before nsContentUtils.
2013-04-29 11:16:21 -07:00
Mike Shal
df7deac25b Bug 846634 - Part 2: Move EXPORTS to moz.build; r=joey 2013-04-16 15:24:43 -04:00
matekm
b79eaf364c Bug 784739 - Switch from NULL to nullptr in caps/; r=ehsan 2013-04-02 20:16:25 -04:00
Kyle Machulis
72a717a860 Bug 855465 - Add emacs python mode comments to moz.build files; r=gps 2013-04-01 11:36:59 -07:00
Kyle Machulis
43628a7867 Backout for changeset 03452b187c14 (Bug 855465) due to bustage on a CLOSED TREE; r=qdot 2013-03-29 15:12:58 -07:00
Kyle Machulis
334c0800cf Bug 855465 - Add emacs python mode comments to moz.build files; r=gps
--HG--
extra : rebase_source : 004a756492323e1a049586e85b3be5037159df20
2013-03-29 13:56:18 -07:00
Mike Shal
7ecea60097 Bug 844654 - Part 2: Move MODULE to moz.build; rs=gps 2013-03-19 11:47:00 -07:00
Trevor Saunders
9c54e14d23 bug 852379 - remove unecessary nsHashtable.h includes r=Ms2ger 2013-03-18 21:18:26 -04:00
Daniel Holbert
aa087f4637 Bug 849086: Remove unused *_CLASSNAME defines. r=bsmedberg 2013-03-15 10:52:10 -07:00
Gregory Szorc
8c137ecae2 Bug 784841 - Bug 18f: Convert /caps; f=Ms2ger rs=ted 2013-02-25 12:47:18 -08:00
Jan de Mooij
d584c95452 Bug 833817 part 2 - Remove unused frame argument from GetFunctionObjectPrincipal. r=bholley
--HG--
extra : rebase_source : 1a7e2428c64d806960fa749095b7d0b9ec439c01
2013-01-24 20:39:27 +01:00
Ian Melven
37b948817c Bug 752529 - workers shouldn't use string origins as null principals don't have them. Part 2 - nsPrincipal GetBaseDomain (r=bz) 2013-01-08 13:53:32 -08:00
Nicholas Nethercote
4030d50d1b Bug 826154 - Remove unused field nsScriptSecurityManager::mIsWritingPrefs. r=bz.
--HG--
extra : rebase_source : f7235787393fd6b4212aff0bb13e507bb0fd6d94
2013-01-02 21:47:50 -08:00
Ehsan Akhgari
7deead5906 Merge mozilla-central into mozilla-inbound 2012-12-06 23:13:32 -05:00
Bobby Holley
1022b1f72e Bug 807102 - Rev the CID on nsPrincipal. r=bz 2012-12-06 14:51:37 -08:00
Boris Zbarsky
f12bcf04dd Bug 817284. When none of our code is associated with a window in an obvious way, assume that scripts should be allowed to execute for a WebIDL callback. r=bholley 2012-12-06 15:21:18 -05:00
Bobby Holley
b5471e12e1 Bug 797206 - Remove GetPrincipalAndFrame. r=bz 2012-10-29 15:55:35 +01:00
Mounir Lamouri
6ec6990ee3 Bug 777467 - Update the same-origin policy for principals to include appid/isinbrowserelement. r=bholley 2012-10-24 18:50:25 +01:00
Ben Turner
5e8d8d57f2 Bug 786295 - 'Delete IndexedDB related to an app when uninstalled'. r=bz+khuey+sicking. 2012-10-23 09:31:19 -07:00
Matt Brubeck
2b9a444397 Back out fb62d8b9800a (bug 777467) because of debug browser-chrome crashes on a CLOSED TREE 2012-10-22 09:52:35 -07:00
Mounir Lamouri
90d903b98e Bug 777467 - Update the same-origin policy for principals to include appid/isinbrowserelement. r=bholley 2012-10-22 16:20:38 +01:00
Bobby Holley
9e4e394b18 Bug 789224 - Remove CAPS_HACKER debugging instrumentation. r=mrbkap
This stuff is super ugly and confusing. I think we're better off without it.
2012-10-22 08:29:56 +02:00
Bobby Holley
10241f928c Bug 789224 - Separate certificate principals out from CAPS. r=dveditz
There's no longer any reason why "certificate principals" need to be principals at all.
I tried to rip them out entirely, but it looks like they're still used vestigially at XPI
install time to display author information. But there's no reason that they have to be
porkbarreled into the security-critical objects that we pass around all over the place.
So let's make them their own deal.

I was tempted to call them "certificate holders", but that would involve renaming methods and
cause more compat fuss than necessary.

--HG--
rename : caps/idl/nsISignatureVerifier.idl => security/manager/ssl/public/nsISignatureVerifier.idl
2012-10-22 08:29:56 +02:00
Bobby Holley
f2f61ba43b Bug 789224 - Remove principal capability and preference infrastructure. r=mrbkap 2012-10-22 08:29:55 +02:00