Ben Turner
8afd9f92cd
Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst.
2008-09-05 16:26:04 -07:00
Ben Turner
83f49405ee
Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap.
2008-09-04 15:52:20 -07:00
Jason Orendorff
25cba5d7a3
Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst)
2008-08-30 18:58:36 -05:00
Shawn Wilsher
eef2b5a677
Bug 452486 - Create components when we actually have a profile
...
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas
bec376906f
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-27 18:15:32 -07:00
Shawn Wilsher
8d4a24aab4
Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
...
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp
92adf93276
Backed out changeset 1e3d4775197a (bug 442812)
2008-08-19 22:52:05 -07:00
Honza Bambas
8b179c6230
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-19 19:31:08 -07:00
Boris Zbarsky
5eedf39759
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
Boris Zbarsky
f61641d25e
Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking
2008-07-28 23:10:05 -07:00
Boris Zbarsky
c941674d4d
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
jonas@sicking.cc
ab63fc8524
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com
7caae794f1
Rework test for bug 292789 to try and fix the timeout on qm-centos5-01
2008-04-14 01:50:51 -07:00
dveditz@cruzio.com
e9a165f03a
tests for bug 292789 -- forgot during checkin
2008-04-12 17:55:45 -07:00
dveditz@cruzio.com
8a2c640ed4
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
jonas@sicking.cc
ec7a19c8b9
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
igor@mir2.org
e05006a6f0
[bug 423874] backing out as a simpler patch would do the job with less code.
2008-03-29 03:34:29 -07:00
igor@mir2.org
ec6b483779
[bug 424376] backing out - too much compatibility problems.
2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu
d7fc979918
Fix bug 421228. r+sr=sicking
2008-03-27 20:46:15 -07:00
igor@mir2.org
8edd862903
bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 03:16:40 -07:00
jst@mozilla.org
a4d3a2e2e3
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
igor@mir2.org
8c88d304f4
bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject
2008-03-21 01:19:23 -07:00
jst@mozilla.org
c7eb261ec3
Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu
2008-03-20 23:01:55 -07:00
jst@mozilla.org
29a96a03b8
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
shaver@mozilla.org
ba5430c6e5
Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor.
2008-03-20 01:19:15 -07:00
shaver@mozilla.org
f23b424aa7
Test for bug 423379 (content can load chrome and/or resource), r/sr=jst.
2008-03-19 15:14:51 -07:00
shaver@mozilla.org
4d79009864
(NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave.
2008-03-19 14:26:09 -07:00
jonas@sicking.cc
9552bd91fc
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
94a044f0b1
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com
0fa7ce606a
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 07:10:48 -07:00
timeless@mozdev.org
620272feeb
Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver
2008-03-11 10:30:23 -07:00
reed@reedloden.com
57ac4a582f
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 03:20:21 -08:00
jonas@sicking.cc
28ea51311b
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
myk@mozilla.org
7aff03fc46
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
jonas@sicking.cc
42bbc8327e
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi
652c1e007c
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 04:40:18 -08:00
reed@reedloden.com
5d4ef49dd4
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 00:59:20 -08:00
jonas@sicking.cc
2c0141fcd9
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 00:16:54 -08:00
jst@mozilla.org
31b04a892e
Fixing bustage.
2008-01-29 13:11:24 -08:00
jst@mozilla.org
892f0acecf
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
jst@mozilla.org
6fd0410f62
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 09:51:38 -08:00
jst@mozilla.org
08983f83e3
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us
b3e87aa63b
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
dwitte@stanford.edu
3f33f45d2a
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 20:30:42 -08:00
dwitte@stanford.edu
8d74b831d4
partial backout in an attempt to fix orange.
2008-01-11 02:08:58 -08:00
dwitte@stanford.edu
cc924d2d23
relanding bug 410250.
2008-01-11 01:13:04 -08:00
dwitte@stanford.edu
f300515e36
backing out to fix orange.
2008-01-10 20:59:44 -08:00
dwitte@stanford.edu
09217db711
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-10 19:56:00 -08:00
timeless@mozdev.org
1bd2741649
Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep
2008-01-06 06:53:24 -08:00
mrbkap@gmail.com
68ee3e9f08
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-04 17:32:23 -08:00