Commit Graph

67 Commits

Author SHA1 Message Date
norris%netscape.com
24778bda71 Modify generated dom code to use a enum rather than a string for codesize
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
1999-11-20 07:28:34 +00:00
norris%netscape.com
5b4b0169aa * Fix 12124 [DOGFOOD] Reading user's preferences
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
1999-11-16 05:07:31 +00:00
norris%netscape.com
7cd400a26f * Fix the following bugs by tightening the default security policy.
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com
1999-11-11 22:10:36 +00:00
dmose%mozilla.org
142ac52eaf updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
norris%netscape.com
e5c170a049 work on bug 7270.
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
1999-10-28 22:09:03 +00:00
norris%netscape.com
c99b609910 Add ability to disable JS. Fix 13978 shopping at webvan.com crashes 1999-09-17 20:13:52 +00:00
norris%netscape.com
2b35be101c Remove nsPrincipalManager.h 1999-09-15 21:30:10 +00:00
norris%netscape.com
9acf604770 Add security support for javascript: uris. 1999-09-15 20:58:41 +00:00
norris%netscape.com
0865f1cdaa Create preferences for security checks.
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
1999-09-15 04:05:43 +00:00
norris%netscape.com
6ce2283719 Remove unused files. 1999-09-13 20:10:24 +00:00
norris%netscape.com
2d8e12375f * Add checks on urls formed from web scripts
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
1999-09-07 02:54:19 +00:00
briano%netscape.com
51d59f6f69 Cleaned it up and eliminated the pointless #!gmake. 1999-09-01 23:27:16 +00:00
norris%netscape.com
ec9d253f50 Add all-powerful system principals. Remove some dead code from the build. 1999-09-01 00:54:35 +00:00
cyeh%netscape.com
9577b5cefa Remove IGNORE_MANIFEST=1. It doesn't do anything and it confuses people. 1999-09-01 00:54:34 +00:00
norris%netscape.com
d8507f844e * clean up nsScriptSecurityManager
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
1999-08-29 21:58:42 +00:00
mccabe%netscape.com
84982717ce Spam caps subtree to replace declarations of IDL-defined interface methods in implementation classes with xpidl-generated NS_DECL_NSIFOO macro. 1999-08-21 20:22:27 +00:00
arielb%netscape.com
1b252b2e3b includes updates to codbase matching security checks currently turned off
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.
1999-08-20 09:51:02 +00:00
arielb%netscape.com
4b06750b30 removed zip support from caps module. from now on all that stuff will
be used by libjar.  should also remove a lot of memory leaks reported on
nsZip
1999-08-07 21:40:33 +00:00
arielb%netscape.com
9655521b0f Fix to bug 11330 and some changes to reduce warnings in linux builds 1999-08-07 19:59:31 +00:00
arielb%netscape.com
a1d83223f4 added a new and improved factory to caps module. fixed some bugs and
cleared some warnings.  also move some methods of privilege manager to
principal manager.
1999-08-06 22:44:35 +00:00
sspitzer%netscape.com
0fc6c99e2d fix warnings 1999-08-05 19:47:10 +00:00
briano%netscape.com
7047e55c1e Added a newline to the EOF to fix the Unix native compiler builds. 1999-08-02 06:33:08 +00:00
arielb%netscape.com
0d16b83058 add a principal manager to caps api. everything is now xpidled so
i removed the public directory from the module.
1999-08-01 21:26:02 +00:00
arielb%netscape.com
387cbc374e xpidling and updating nsTarget object. should resolve build errors on
SeaMonkey Ports
1999-07-28 05:43:26 +00:00
arielb%netscape.com
d00edf950d removed some enums and migrated them into nsPrivilege, nsIPrivilege and
nsPrivilegemanager. cleaning up some old code from the security module
and refining their api's and such like.
1999-07-27 00:50:59 +00:00
briano%netscape.com
5923fce74f Some compilers also object to #endif's with any non-comment tokens after them. Fixed. 1999-07-26 21:08:51 +00:00
briano%netscape.com
076494e4cb Added a newline to the end of the file to fix the native-compiler Unix builds (HP-UX, Solaris, etc.). 1999-07-26 21:06:59 +00:00
arielb%netscape.com
3cc6d68ad6 i think i may have broken linux build with a tab at the end of a line in
the makefile, hope this was all for the bustage.
1999-07-24 04:18:22 +00:00
arielb%netscape.com
8dad60d09d Fix to the caps security module. I removed the nsPrincipal struct, from now
on you can access principals by their xpcomed interface nsIPrincipal.
1999-07-24 03:58:23 +00:00
arielb%netscape.com
587d04c222 idled principals interfaces and some fixes to caps manager... 1999-07-16 20:31:18 +00:00
norris%netscape.com
f64740e501 Move several security files into idl. (Create idl directory in caps module.)
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
1999-07-15 23:23:16 +00:00
norris%netscape.com
06317a54b3 Tom Pixley's code for the beginnings of DOM security, with a fix for the previous Mac link failure. 1999-07-07 07:50:03 +00:00
joki%netscape.com
37a6739ec1 Backing out js security changes. 1999-07-01 13:03:35 +00:00
joki%netscape.com
ccd5375141 New JavaScript/DOM security stuff. 1999-07-01 10:38:26 +00:00
raman%netscape.com
ba1f9dee86 Checking in changes from Bob Glickstein 1998-12-15 05:53:19 +00:00
ramiro%netscape.com
e2b921bf3c Add cvsignore entries for makefiles generated bu autoconf. 1998-12-05 09:07:33 +00:00
ramiro%netscape.com
bc992a7bb0 Remove extraneous Makefile files. 1998-12-05 08:19:05 +00:00
raman%netscape.com
ce4f25a746 Deleted unnecessary nsCCapsManager:: from the prototype 1998-12-01 03:00:42 +00:00
raman%netscape.com
5b7786e40c XP_COM interfaces for JS calls into CAPS 1998-11-23 00:27:00 +00:00
raman%netscape.com
231ff43d7a Changes to make caps into a DLL. Defined all strings in this file until there is a replacement for allxpstr.h 1998-11-19 05:22:28 +00:00
raman%netscape.com
eb1dd00c2c Bug fixes from MozillaClassic branch, plus changes to build caps without rdf 1998-11-16 21:57:13 +00:00
raman%netscape.com
23466e2008 Bug fixes to make caps stuff work with jvm's codesource principals 1998-10-28 03:31:17 +00:00
raman%netscape.com
eb854d55b9 Fix to make it compile on HP-UX. Define an else clause in the if statement of an inline function. Thanks briano 1998-10-19 18:25:01 +00:00
raman%netscape.com
ccee89d6a8 Added verification certifcates that are created via nsICapsManager. This could be used by JVM plugins. 1998-10-15 20:56:34 +00:00
raman%netscape.com
191dfa4366 Backing out my previous check-in. I was told my changes built ok on Mac, But I wasn't given complete information. Sorry for trouble. 1998-10-14 05:01:12 +00:00
raman%netscape.com
5f82c88ba4 Support for nsICertPrincipal. We do the certificate verification of certificates passed by JavaSoft 1998-10-14 02:52:40 +00:00
racham%netscape.com
3e5359a28f Adding -reg_mode flag related APIs 1998-10-06 21:00:36 +00:00
racham%netscape.com
b87ef13ca0 Adding filecode base check routine 1998-10-06 20:59:47 +00:00
raman%netscape.com
34d9668524 Reenabled the code that fixes the memory leaks during startup. I have compiled these changes on windows, solaris, linux. Lasttime I checked in, Mac compiled ok. 1998-09-30 18:06:19 +00:00
raman%netscape.com
be4cd9ab8e Backing my last checkin 1998-09-27 03:15:11 +00:00