gecko-dev

mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-05 08:35:26 +00:00

Author	SHA1	Message	Date
bzbarsky%mit.edu	f78182b042	Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst	2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu	3aaa1fe7df	Disable optimization that relies on invariants we don't maintain. Bug 317240 wallpaper, r+sr=jst	2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu	25ab5fffef	Create a powerless non-principal and start using it. Bug 326506, r=mrbkap, sr=dveditz	2006-04-02 20:58:26 +00:00
bzbarsky%mit.edu	7e4ec9da94	Followup fix for bug 307867 -- make sure to update our pointers to hashtable entries when the entries move. r=dveditz, sr=brendan	2006-02-24 04:38:46 +00:00
bzbarsky%mit.edu	f8625ded52	Remove dead code. Bug 327171, r=mrbkap, sr=shaver	2006-02-14 21:08:15 +00:00
bzbarsky%mit.edu	f02076fb6f	Get principals for XPConnect wrapped natives off their scope instead of walking their parent chain. Add some asserts to check that this actually does give the same result, which it should with splitwindow. Bug 289655, r=dbradley, sr=jst	2005-11-16 02:12:21 +00:00
cbiesinger%web.de	9efd50d7d5	Bug 248052 Add a contract ID for a global channeleventsink. Make the scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto redirects if CheckLoadURI fails. Remove the explicit usage of nsIScriptSecurityManager from nsHttpChannel.cpp. This eliminates js and xpconnect from REQUIRES, and brings us closer to remove caps. r=darin sr=bz	2005-11-08 20:47:16 +00:00
bzbarsky%mit.edu	b29c3a80b9	Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 313157, r=dveditz, sr=jst	2005-10-20 23:49:59 +00:00
bzbarsky%mit.edu	0392b3384b	Comment-only fixes I forgot to make. Bug 240661.	2005-07-22 20:49:12 +00:00
bzbarsky%mit.edu	10d1c576d9	Expose the subject name for the cert and an nsISupports pointer to the cert on nsIPrincipal that represents a certificate principal. Change preference storage to ensure matches in not only the fingerprint but also the subjectName before applying privileges from preferences to a certificate principal. Remove possibility for creating certificate principals without a useful identifying name and make sure that names don't get munged by being forced to ASCII. Bug 240661, r=caillon, sr=dveditz, a=bsmedberg	2005-07-22 19:05:42 +00:00
timeless%mozdev.org	831f32feaa	Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg	2005-07-19 21:55:36 +00:00
timeless%mozdev.org	2ad41d5c36	Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg	2005-06-29 16:29:49 +00:00
timeless%mozdev.org	9c0955251d	Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] store the runtime, unset the callback at shutdown r=dveditz sr=jst a=asa	2005-06-07 21:57:56 +00:00
brendan%mozilla.org	ea9fd4132c	Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers).	2005-05-04 06:28:36 +00:00
bzbarsky%mit.edu	6d36e81b66	Do less addrefing of principals in the script security manager. Bug 289643, r=caillon, sr=brendan, a=asa	2005-04-10 23:27:07 +00:00
brendan%mozilla.org	bb7b3cd85f	Revert kludge, want a general fix.	2005-04-07 19:48:57 +00:00
brendan%mozilla.org	b02c276f35	Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers).	2005-04-07 02:22:24 +00:00
cbiesinger%web.de	92c940aa45	Bug 269661 make libpref not depend on caps r=caillon sr=dveditz	2005-02-06 12:39:31 +00:00
jst%mozilla.jstenback.com	f97343e1ac	Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu	2004-10-15 16:53:35 +00:00
dveditz%cruzio.com	e67c6e5dcf	Improve enablePrivilege confirmation dialog text and presentation, sanity-check privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply	2004-09-01 07:53:32 +00:00
cbiesinger%web.de	765d4043a5	removing myself from DEBUG_CAPS_HACKER list	2004-07-10 19:38:28 +00:00
cbiesinger%web.de	914def148f	fix DEBUG_CAPS_HACKER bustage due to bug 240106 r=caillon sr=darin	2004-06-16 15:58:22 +00:00
gerv%gerv.net	9d2ee4928c	Bug 236613: change to MPL/LGPL/GPL tri-license.	2004-04-17 21:52:36 +00:00
caillon%returnzero.com	66caced69a	Re-land patch for bug 83536, merging principal objects. Also includes fixes from bug 216041. r=bzbarsky sr=jst	2003-10-21 22:11:49 +00:00
brendan%mozilla.org	4878fd7a5e	Better version of last change, thanks to caillon for reminding me.	2003-09-28 04:55:50 +00:00
brendan%mozilla.org	3915f74063	Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz).	2003-09-28 04:44:33 +00:00
brendan%mozilla.org	4038563cd9	Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).	2003-09-28 04:22:01 +00:00
caillon%returnzero.com	f8e8aed8a7	Backing out the patch to bug 83536. I will reland this when 1.6a re-opens. r+sr=jst@netscape.com a=chofmann	2003-08-22 03:06:53 +00:00
brendan%mozilla.org	b7cdb7debb	Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron).	2003-08-05 20:09:21 +00:00
caillon%returnzero.com	b6f6ad74ba	Bug 214050 Start to localize some of the more common user-visible error messages in caps. r+sr=bzbarsky@mit.edu	2003-07-29 05:28:00 +00:00
mkaply%us.ibm.com	b7fd1c6840	Ports bustage - remove NS_COM per bsmedberg	2003-07-24 18:58:30 +00:00
caillon%returnzero.com	91b7c60bee	Bug 83536. Merge script principal implementations into one class. Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks. Also fixes bugs 211174 and 211263 r=jst@netscape.com sr=bzbarsky@mit.edu moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)	2003-07-24 05:15:20 +00:00
seawood%netscape.com	beb45866ed	Removing extra ^M. Fixing Irix cc bustage	2003-06-28 05:15:41 +00:00
timeless%mozdev.org	66730e2ca7	Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). bustage (const char*) sr=jst	2003-06-26 03:27:01 +00:00
mstoltz%netscape.com	ddc015e3b7	Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst.	2003-06-26 00:18:43 +00:00
caillon%returnzero.com	b2badfa9f7	Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. Enable this for websites within the same domain only. Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack. r=mstoltz, sr=jst	2003-06-18 23:48:57 +00:00
harishd%netscape.com	85570db892	Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com	2003-06-12 20:18:34 +00:00
seawood%netscape.com	97649bab86	Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev	2003-06-10 21:18:27 +00:00
mstoltz%netscape.com	11919bb299	Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki.	2003-05-28 23:22:36 +00:00
bzbarsky%mit.edu	cbf70f5c05	Removing stray windows newline that causes build warning... No reviews, sorry.	2003-04-08 20:26:41 +00:00
mstoltz%netscape.com	44d264d6b0	Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. not part of build yet	2003-03-12 02:17:37 +00:00
brendan%mozilla.org	3c0c23b860	Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst).	2003-03-06 19:40:14 +00:00
sfraser%netscape.com	ba78e7bec4	Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage.	2003-01-17 02:00:01 +00:00
alecf%netscape.com	df10f648b8	take two at fixing bug 177401 - convert nsIBinaryStream over to using nsAString/nsACString for string values, to speed up fastload sr=darin, r=dougt (the previous checkin had a typo which disabled fastload entirely!)	2002-11-14 18:16:31 +00:00
alecf%netscape.com	0a48c10053	argh, back out my last checkin because Ts went UP not down!	2002-11-09 01:31:32 +00:00
alecf%netscape.com	4721428275	fix for bug 177401 - use nsAString& classes instead of wstring in nsIBinaryInputStream, to speed up fastload startup sr=darin, r=dougt	2002-11-08 23:30:53 +00:00
seawood%netscape.com	322da773fb	Removing old nmake build makefiles. Bug #158528 r=pavlov	2002-08-10 07:55:43 +00:00
mstoltz%netscape.com	d0eab90dbb	Bug 154930 - If one page has explicitly set document.domain and another has not, do not consider them to be of the same origin for security checks. r=dveditz, sr=jst	2002-07-09 00:10:02 +00:00
mstoltz%netscape.com	6e12a5ca9f	Bug 152725 - Get URL passed to cookie module from document principal, not document URL. THis ensures that cookies set by javascript URL pages are set in the correct domain. r=morse, sr=dveditz.	2002-07-02 17:58:24 +00:00
mstoltz%netscape.com	6f5d99be4c	133170 - Need to re-check host for security on a redirect after a call to XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps, r=bzbarsky, sr=jst 147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz, sr=jband 113351 - Add same-origin check to XSL Include. Patch by peterv and jst, r=mstoltz, sr=rpotts 135267 - Add same-origin check to stylesheets included via LINK tags. r=dveditz, sr=scc	2002-06-14 23:54:18 +00:00

1 2 3 4

176 Commits