Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-05 08:35:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
132,617 Commits 615 Branches 98 Tags 5.9 GiB
dfefe5119f
Commit Graph

432 Commits

Author SHA1 Message Date
mstoltz%netscape.com
e875395364 Fixing bugscape 3109, LiveConnect exploit. sr=jband, brendan. 
Fixing 58021, exploit in "open in new window," bug 55237. sr=brendan
 2000-11-07 01:14:08 +00:00
mstoltz%netscape.com
886042fb63 Bug 57937, signed frames denied access to unsigned frames. r=mccabe, sr=brendan 2000-10-30 20:05:07 +00:00
warren%netscape.com
cd56c0575b Bug 47207. Backing out logging/PRINTF changes until we can fix stopwatch.h, introduce double parens, etc. 2000-10-28 22:17:53 +00:00
warren%netscape.com
9a6d92a433 Bug 47207. Changing printf to PRINTF to use new logging facility. r=valeski,sr=waterson 2000-10-27 22:43:51 +00:00
mscott%netscape.com
729c07b2f0 Bug #48403 --> don't allow JS running in a mailnews sand box to change the name of it's containing iframe. 
this code was contributed by mstoltz.
r=beard, sr=mscott
 2000-10-24 00:52:02 +00:00
pollmann%netscape.com
3da7c0c668 Bug 13871: Prevent frameset spoofing r=mstoltz, sr=mscott, a=rpotts 2000-10-19 10:25:49 +00:00
mstoltz%netscape.com
f1137e89ec Fixing 56009, exploit allowing XPConnect access. r,a=hyatt, sr=scc 2000-10-13 22:59:47 +00:00
mstoltz%netscape.com
b3f1af8772 Fixing 52497, security problem in document.implementation, r=jst a=brendan 2000-09-20 23:38:28 +00:00
warren%netscape.com
181bb2dcb2 Landing jar packaging from jar_restructuring_branch. r=hyatt,dprice,sfraser,dveditz,vishy,sgehani 2000-09-20 19:35:24 +00:00
jband%netscape.com
267dc6688d fix memory corruption bug 52382. r=mstoltz 2000-09-14 08:48:53 +00:00
rayw%netscape.com
0257791053 Bug 37275, Changing value of all progids, and changing everywhere a progid 
is mentioned to mention a contractid, including in identifiers.

r=warren
 2000-09-13 23:57:52 +00:00
jdunn%netscape.com
fbf1607c62 Fix warning which requires a return value from functions 
r= brendan@mozilla.org scc@mozilla.org
#= 52254
 2000-09-13 11:29:18 +00:00
mstoltz%netscape.com
c063d33489 bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 2000-09-09 00:53:21 +00:00
mstoltz%netscape.com
63ce73fabf bug 50304, adding "static" to security policy struct, should save some memory and time. r=rogerl 2000-09-07 19:03:23 +00:00
scc%mozilla.org
084f48c90f more GCC fixes 2000-09-03 06:41:18 +00:00
dp%netscape.com
e5e279fe36 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com
ea5d41851a Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 2000-08-22 02:06:52 +00:00
warren%netscape.com
a94aa1aa52 Fix for hash code performance problem discovered by bienvenu. 'Sampling' hash code was statistically evil. 2000-08-20 21:29:10 +00:00
shaver%mozilla.org
f66cde2438 Fix 47354 and 39975 by providing a system-privileged scope backstop for 
JS Components, and teaching the ScriptSecurityManager to check for
XPC-wrapped native objects in the scope chain when looking for an
object's principal. r=jband/a=brendan
 2000-08-16 04:01:02 +00:00
dougt%netscape.com
c3182f98ef Changing the nsDirectoryService define. This should have been done with the rest of the nsDirectorySerivce changes. r=conrad. 2000-08-14 22:38:27 +00:00
jtaylor%netscape.com
e2560fe87a Fixes bug #45877. r=mstoltz. 2000-08-11 03:11:24 +00:00
warren%netscape.com
84b5fd67e3 Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson 2000-08-10 06:19:37 +00:00
warren%netscape.com
da15eda254 Getting jar files in shape. Mostly works on unix, status bar missing (not in build yet). 2000-08-02 06:48:45 +00:00
mstoltz%netscape.com
b65db40d35 Fixing 40159, nasty infinite recursion on startup. r&a=beard 2000-07-26 04:53:01 +00:00
mstoltz%netscape.com
3910fcba0b fix for 42387, r=dveditz 2000-07-20 01:16:15 +00:00
mstoltz%netscape.com
a8545c4aed Fixing 40159 and 44822, both [nsbeta2+] regressions on signed scripts. r=sgehani 2000-07-12 03:10:33 +00:00
cls%seawood.org
e87a1b7b11 Start tedious process of removing obsolete mozilla/include files from build. This patch should take us down to 19 of 101. Bug #38061 2000-07-10 07:13:31 +00:00
mstoltz%netscape.com
d1da06c856 DOM properties default to same origin access only. Bug 28443. r=rginda 2000-07-05 19:08:20 +00:00
vidur%netscape.com
79c210a6b9 Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 2000-06-23 14:32:38 +00:00
joki%netscape.com
786f234766 Part of fix for 38117, prevent scripts from running event handlers on windows from other domains. r:mstoltz 2000-06-21 00:21:50 +00:00
mstoltz%netscape.com
f458590f07 Dogfood bug 42076 - allowing file:// urls to load chrome:// URLs. r=evaughan. 2000-06-16 22:22:38 +00:00
mstoltz%netscape.com
8256c128d9 On Mac, we should look for systemSignature.jar in Essential FIles, not the bin directory. Bug 40468, r=sgehani, a=clayton. 2000-06-02 22:22:11 +00:00
mstoltz%netscape.com
e0c61ab51a Fix for 16858 w/o breaking directory browser. r=waterson a=beard 2000-06-01 23:57:48 +00:00
mstoltz%netscape.com
40dc18d415 Fixed bug in DOM security checks, fixes bug 37907, 23516. Added security check for htmlelement.innerhtml, fixes 39083. Added location check to BASE HREF=, fixes 35859. r=vidur. Added check to style= tag, fixes 16858, r=pierre. 2000-05-26 23:28:40 +00:00
cls%seawood.org
a8000b8bb5 Mass replace of -lmozjs with $(MOZ_JS_LIBS) needed for OS/2 and consistency. 2000-05-17 06:45:45 +00:00
mstoltz%netscape.com
ead929a4a4 Allow scripting of plugins by untrusted web scripts. Bug 36375. 2000-05-17 02:38:22 +00:00
mstoltz%netscape.com
11718e9f56 Removing archive attribute from nsCertificatePrincipal. This will not be used. 2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
e260596697 Fixing bustage in nsCertificatePrincipal.cpp 2000-05-16 04:15:56 +00:00
mstoltz%netscape.com
e0fc50a6d4 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 2000-05-16 03:40:51 +00:00
danm%netscape.com
0d46d1e3f2 correct typo in last checkin 2000-05-14 10:38:48 +00:00
danm%netscape.com
67209592fb new chrome hierarchy 2000-05-14 10:37:30 +00:00
danm%netscape.com
c0ae0cbbf6 top-level chrome dirs are now packages,locales,skins 2000-05-13 21:29:08 +00:00
scc%netscape.com
383fdc142e string backsliding. r=mjudge 2000-05-12 07:53:02 +00:00
thayes%netscape.com
e4c6cab6d9 Replace implementation of nsISupports with thread-safe version. This allows 
SSL/HTTPS operations to complete on debug builds with thread-safety checking.
r=bryner
 2000-05-03 00:04:48 +00:00
mstoltz%netscape.com
ad755522c3 Added archive attribute to nsICertificatePrincipal...part of fix for 37481. 2000-05-01 23:39:51 +00:00
nisheeth%netscape.com
7e37fb4356 1) Added support for loading an XML document "out of band" from script and manipulating it via dom interfaces. 
2) Fixed compile errors in XSL glue code that happened after the recent nsString landing by scc.
3) Added a check for a null URI before de-referencing it in nsCodeBasePrincipal.cpp.
 2000-05-01 06:58:53 +00:00
mstoltz%netscape.com
0274ea8235 Fix bustage on Sun and HP compilers...was casting void* to PRInt16. Added intermediate cast. 2000-04-26 20:54:02 +00:00
mstoltz%netscape.com
9bb975256e Fixes for 27010, 32878, and 32948. 2000-04-26 03:50:07 +00:00
jband%netscape.com
84c0a0901a Do something safe if this call fails 2000-04-25 04:50:49 +00:00
jefft%netscape.com
da50b52420 fixed bug 17100 - [FEATURE] enabled partial message download for pop3 2000-04-25 01:48:00 +00:00
mstoltz%netscape.com
57feeae5ec Backing out changes until I can figure out why it's crashing on startup. 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
62bffdd26e Fixes for bugs 27010, 32878, 32948. 2000-04-23 20:30:29 +00:00
danm%netscape.com
d0d8c4d5c3 dist...chrome restructuring 2000-04-19 21:42:30 +00:00
scc%netscape.com
e84a7d5347 making string conversions explicit 2000-04-15 05:29:33 +00:00
norris%netscape.com
e356de6476 Fix 
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
 2000-04-14 03:14:53 +00:00
cls%seawood.org
f6740baa20 Moved static MOZ_COMPONENT_NSPR_LIBS, MOZ_COMPONENT_XPCOM_LIBS, MOZ_COMPONENT_LIBS definitions from configure.in to config.mk. Replaced -lxpcom in Makefiles to $(XPCOM_LIBS) so that we can optionally link against -lboehm when needed. Bug #31287 2000-04-04 04:46:38 +00:00
scc%netscape.com
c05019b2a8 making string conversions explicit 2000-04-01 00:39:02 +00:00
scc%netscape.com
4ea707a4ba make string conversions explicit 2000-04-01 00:36:50 +00:00
mstoltz%netscape.com
efa5624e14 Fixed bug 30915 using nsAggregatePrincipal. r=norris 2000-03-31 00:31:18 +00:00
warren%netscape.com
727f312b32 Necko API changes: primarily nsIChannel, changing initialization parameters to accessors. Got javascript: evaluation to happen at the right time (when AsyncRead is called) as well as on the right thread. 2000-03-29 03:58:50 +00:00
scc%netscape.com
11c6f51246 small changes to clients of string conversion APIs 2000-03-26 01:19:41 +00:00
norris%netscape.com
4eb52aa84b Fix 
32088 Circumventing Same Origin security policy using javascript: URLs
        32040 about: can't be link
Also remove deprecated method
r=mstoltz
 2000-03-24 22:15:37 +00:00
norris%netscape.com
593a12b912 Fix bug 32904 Asserts at startup in nsScriptSecurityManager.cpp 
r=mstoltz
 2000-03-23 23:42:46 +00:00
mstoltz%netscape.com
e5f86d1226 heckLoadURI now handles jar: URL's correctly. r=norris 2000-03-23 04:37:37 +00:00
norris%netscape.com
7d053b70b0 Adding nsAggregatePrincipal support. r=norris 2000-03-21 04:05:35 +00:00
norris%netscape.com
060e388a6b Files: 
caps/idl/nsICertificatePrincipal.idl
	caps/idl/nsIPrincipal.idl
	caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com

Files:
	caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com

Files:
	caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com

Files:
	dom/public/nsDOMPropEnums.h
	dom/public/nsDOMPropNames.h
	dom/src/base/nsGlobalWindow.cpp
	modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com

Files:
	dom/src/base/nsJSUtils.cpp
	dom/src/base/nsJSUtils.h
	dom/src/base/nsJSEnvironment.cpp
	dom/tools/JSStubGen.cpp
	layout/base/src/nsDocument.cpp
	layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com

Files:
	layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
 2000-03-11 06:32:42 +00:00
norris%netscape.com
e81e4f8fa6 Fix 29419 nsScriptSecurityManager should do casinsensitive compaires 
Patch submitted by andreas.otte@primus-online.de
r=norris,a=jar
 2000-03-08 04:57:05 +00:00
bryner%uiuc.edu
f28f63a5d7 This allows clicked "finger:" links to work. r=norris@netscape.com. 2000-02-26 23:37:08 +00:00
norris%netscape.com
bdef85f8cd Fix meta refresh problems with etrade, etc. 
r=mstoltz
a='do the right thing'
 2000-02-24 19:17:59 +00:00
norris%netscape.com
d64387736b Fix 28612 META Refresh allowed in Mail/News 
r=mstoltz,a=jar
Fix 28658 File upload vulnerability
r=vidur,a=jar
 2000-02-23 22:34:40 +00:00
norris%netscape.com
5a9d717919 Work around bug where dialog message is truncated. 
a=chofmann,r=mstoltz
 2000-02-19 00:37:02 +00:00
norris%netscape.com
5567200a75 Fix 18439 windows.status allows reading links 
r=mstoltz
 2000-02-11 04:18:39 +00:00
norris%netscape.com
96add55c93 For some reason the sun compiler doesn't like the ?: assignment. 2000-02-10 06:24:38 +00:00
norris%netscape.com
72152baded Fix bad separator in Makefile problem. 2000-02-10 05:33:49 +00:00
norris%netscape.com
2b4b436f5f Fix 25062 Reload vulnerability 
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
 2000-02-10 04:56:56 +00:00
norris%netscape.com
b5850888fc Fix crash in nsCodebasePrincipal::Equals when browser.registration.enable is set to true. 
r=racham
 2000-02-03 23:47:00 +00:00
norris%netscape.com
c68664297c Fix domain generalization for site-specific security policy. 
also fix bug with enablePrivilege.
r=mstoltz
 2000-02-03 23:28:36 +00:00
norris%netscape.com
c04c4d51f9 Fix bug #25864 watch() vulnerability 
r=vidur,rogerl
 2000-02-02 00:22:58 +00:00
norris%netscape.com
6d132fae66 Fix warning. 2000-01-27 15:59:34 +00:00
norris%netscape.com
7ec9655d07 Fix 23227 Document object vulnerability 
r=mstoltz
 2000-01-26 15:33:57 +00:00
jband%netscape.com
eef6de8432 Lots of xpconnect bug fixes... 
- fix bug 12954 "should throw when setting non-settable props".

- fix bug 13418 "xpconnect needs to be threadsafe".
I think I filled in the cracks. Tests would be nice :)

- fix bug 22802 "[MLK] XPConnect Leaks".

- fix bug 24119 "[MLK] Reminder about cleaning up maps".

- fix bug 24453 "xpconnect needs default security manager".
I also changed the code in DOM and caps to just install a default secman and
not install a secman for each JSContext.

- fix bug 24687 "xpconect should avoid resolve performance suckage".
Added (modified) patch from shaver to create my JSObjects with the
global object as the temporary proto to avoid losing lookup.

- hack for bug 24688 "runtime errors in wrapped JS are not made obvious"
Added a debug only printf. We still need a JSErrorConsole service for this.

- fix bug 16130 "createInstanace and getService can create wrappers around wrappers"
Fixing this one really entailed changing the semantics of nsIXPConnect::wrapNative
and nsIXPConnect::wrapJS to use common code in xpcconvert that deals with existing
wrappers and DOM objects (with their own schemes for wrapping and unwrapping).
So, I changed the callers because the params changed slightly and some callers
were doing more work than necessary given the new semantics.

- Continued in the crusade to replace manaual refcounting with nsCOMPtrs whenever
touching old code.

- Added myself as first contributor to xpconnect files (vanity prevails!)

- Added new copyright header on some files that were missing it.

- Added some API comments.

- Converted nsXPCWrappedJS to implement nsIXPConnectWrappedJS via MI rather than
the old loser scheme of the nsIXPConnectWrappedJSMethods tearoff object.

- added DumpJSStack as globals to xpconnect and DOM dlls to be callable from
debuggers. I have ideas on how to improve and expand this support soon.

r=mccabe
 2000-01-26 08:38:10 +00:00
norris%netscape.com
8507a58ec3 Files: 
caps/include/nsScriptSecurityManager.h
	caps/src/nsScriptSecurityManager.cpp
	modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson

Files:
	dom/src/base/nsGlobalWindow.cpp
	layout/base/src/nsDocument.cpp
	layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.


Files:
	dom/src/jsurl/nsJSProtocolHandler.cpp
	webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth

Files:
	layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
 2000-01-23 04:23:14 +00:00
mstoltz%netscape.com
69ef846a00 Fixed build blocker on HPUX, AIX, and Solaris by adding a cast. r=norris a=jar bug=24322 2000-01-20 00:19:30 +00:00
norris%netscape.com
c5ed5dbd3d Fix bug 24378 All DOM security checks inadvertently disabled 
r=mstoltz,rogerl;a=jar
 2000-01-19 23:39:07 +00:00
norris%netscape.com
d4cf23a2bf Fix build bustage caused by mismatch of NS_IMETHOD usage. 2000-01-18 22:45:05 +00:00
mstoltz%netscape.com
5014545a00 Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 2000-01-18 21:54:01 +00:00
norris%netscape.com
b0ba1f5b70 Fix 18592 Fix example: XPCom components cannot be used under 
r=mstoltz
 2000-01-14 00:03:46 +00:00
norris%netscape.com
a488d900ba Fix bug 16536. 
r=mstoltz
 2000-01-12 01:42:37 +00:00
norris%netscape.com
ab39816cf4 Get IRCChat working without compromising security. 
Fix bugs 20261, 23518
r=rginda,mstoltz
 2000-01-11 22:02:06 +00:00
norris%netscape.com
ddb2282b6c Fix 
858  [Feature] JavaScript auto-disable per-domain RFE
    13023 Users must be able to disable Java and JavaScript (for JS in mail)
    21923 Executing functions in "chrome:" protocol - #2.
    r=mstoltz

    (Checked in with red on Mac; Wan-Teh says his changes are localized so
     it shouldn't interfere with his fixing bustage.)
 2000-01-08 16:51:54 +00:00
norris%netscape.com
4f128298d2 Fix 22909 previousSibling vulnerability 
r=mstoltz
 2000-01-06 00:59:18 +00:00
dougt%netscape.com
2e995c5f17 Converting to use nsIModule macro. r=dp. 2000-01-03 22:59:05 +00:00
jband%netscape.com
ef9c82db1e Landing big set of DOM and XPConnect changes: 
DOM: getting rid of JS_GetContextPrivate wherever possible. Use static parent
links where we can. When we do need to find this info about the caller
we call a function that knows how to get that info rather than inline calls
to JS_GetContextPrivate. This is all required for calling DOM objects on
non-DOM JSContexts as we do via xpconnect.

XPConnect: basic refactoring work to disassociate wrappers from the JSContext
that was active when the wrapper was constructed. This allows for calling into
wrapped JS objects on the right JSContext and for proper grouping of wrapped
native objects so that they can share proto objects. This also allows for
better sharing of objects and lays the foundations for threadsafety and
interface flattening.

Also, xpconnect tests are reorganized and improved.

fixes bugs: 13419, 17736, 17746, 17952, 22086

r=vidur r=mccabe r=norris r=cbegle
a=chofmann
 1999-12-18 20:29:29 +00:00
norris%netscape.com
84fe55bbc1 Fix crash seen by waterson. 
r=waterson
 1999-12-02 05:41:17 +00:00
norris%netscape.com
d89d87531c Fix 
20257 unable to edit existing images in editor due to JS error
	19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
 1999-12-01 22:23:22 +00:00
buster%netscape.com
fd31de07ac bug 2253. added controller to html text input 
r = kmcclusk, norris
 1999-12-01 15:11:33 +00:00
norris%netscape.com
51842ef45e Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes 
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.

I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.

Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.

r=joki

There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.

r=jband
 1999-11-25 05:28:18 +00:00
norris%netscape.com
24778bda71 Modify generated dom code to use a enum rather than a string for codesize 
and efficiency.
Tighten checks on document properties and node properties. Should resolve
several bugs:
18965 document.firstChild vulnerability
19043 document.childNodes vulnerability
19044 document.lastChild vulnerability
r=mstoltz
 1999-11-20 07:28:34 +00:00
norris%netscape.com
5b4b0169aa * Fix 12124 [DOGFOOD] Reading user's preferences 
* Implement site-specific security policies (bug 858)
r=mstoltz
* Use Recycle rather than delete[] to clean up Purify logs
r=law
 1999-11-16 05:07:31 +00:00
norris%netscape.com
a2de456d1b Fix 18634 [CRASH] mozilla -installer crashes 
r=sspitzer@netscape.com, a=sspitzer@netscape.com
 1999-11-12 18:59:03 +00:00
norris%netscape.com
0f5432934f Fix bug 18640. 
r=akhil.arora@sun.com
 1999-11-12 04:33:17 +00:00
norris%netscape.com
cd9166c573 Restore original changes with bustage fixes. 1999-11-12 03:07:37 +00:00
norris%netscape.com
13907371db Remove call that the compilers can't figure out. 
Appears that perhaps the IDL compiler isn't getting called on nsIPref.idl in time.
 1999-11-11 23:25:59 +00:00
norris%netscape.com
1fc11905d8 Fix build bustage. 
My build on Linux worked; don't understand why the Tinderbox build is different.
 1999-11-11 23:07:14 +00:00
norris%netscape.com
7cd400a26f * Fix the following bugs by tightening the default security policy. 
17977 [DOGFOOD] Reading documents using document.body
17538 document.lastModified is exposed
17537 document.images vulnerabilities
16036 [DOGFOOD] document.Element exposes the DOM of documents from
15757 [DOGFOOD] Injecting JS code using setAttribute and getElemen
15550 Injecting text in documents from any domain using createText
15067 [DOGFOOD] getElementsByTagName() allows reading of arbitrary
* Create an array of dom property policy types and initialize it when the script security manager is created.
* Move some implementation code to a new shared implementation base class.
* Implement privilege enabling, disabling and reverting
* Implement stack walking for checking privileges.
r=mstoltz@netscape.com

* Modify nsIPref to support security policy work.
r=neeti@netscape.com
 1999-11-11 22:10:36 +00:00
dmose%mozilla.org
142ac52eaf updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
tbogard%aol.net
10ded258a5 Changed NS_ENSURE_NOT to NS_ENSURE_FALSE to reflect API change. r=hyatt 1999-11-01 21:43:56 +00:00
norris%netscape.com
e5c170a049 work on bug 7270. 
r=mstoltz.
Implement netscape.security.PrivilegeManager callbacks.
 1999-10-28 22:09:03 +00:00
norris%netscape.com
4ad2862afa Use NS_GET_IID, remove dead code, clean up error conditions for XPConnect security calls. 
r=jband
 1999-10-25 22:22:16 +00:00
law%netscape.com
bc2cea9398 Fixes for bug #16789; permit OpenDialog to work on hidden window even if document load has not completed yet; r=norris@netscape.com, r=danm@netscape.com 1999-10-20 01:25:41 +00:00
norris%netscape.com
24633793d5 Remove references to unsupported JVM_ calls. Needed for bug 16577. 
r=shaver
 1999-10-19 21:45:29 +00:00
norris%netscape.com
283946a4e4 Fix a Unix warning by removing an unused local variable 1999-10-14 23:49:36 +00:00
norris%netscape.com
822d5724d3 Work on 15824 bad refcounting in nsCodebasePrincipal 
Attempt to discover problem with additional assertions
reviewed by mstoltz@netscape.com
 1999-10-12 22:52:49 +00:00
norris%netscape.com
46bb0d4e8a Fix part of 5403 Services improperly released: Use NS_WITH_SERVICE 
reviewed by mstoltz@netscape.com
 1999-10-12 22:51:54 +00:00
kipp%netscape.com
65f6ba5343 Cleanup moz-decl-counter usage and fix NS_LOG_ADDREF usage 1999-10-08 20:41:19 +00:00
norris%netscape.com
ef04da8809 Fix 15618 [CRASH] JS assertion on table regression test 
Reviewed by rogerl@netscape.com.
 1999-10-06 21:12:21 +00:00
norris%netscape.com
716e97dd9c Fix 15458 "onLoadHandler does not work" 
Reviewed by mstoltz.
 1999-10-05 04:08:14 +00:00
waterson%netscape.com
2efd076b82 Bug 15367. Dump 'class' instead of 'file/line' for NS_LOG_REFCNT. r=shaver,dp 1999-10-05 00:07:54 +00:00
rjc%netscape.com
5f3ca2b087 Fix problem with nsSecurityManagerFactory conversion to be a nsIModule. Patch from peterl@netscape.com. Review: me. 1999-10-02 20:19:23 +00:00
rjc%netscape.com
f477d85f4b Temporarily turning off the changes to nsSecurityManagerFactory to make it a nsIModule due to problem at startup. 1999-10-02 19:24:05 +00:00
norris%netscape.com
d21c5596fd Fix the following bugs: 
14443 "Same origin" security policy may be circumvented using docu
14820 Fixing up the relationship between nsCodeBasePrincipal and n
14919 Crash in JS MM code
Reviewed by mstoltz, approved by scc.
 1999-10-02 03:41:37 +00:00
rjc%netscape.com
38e1d06d8d Bug # 14034: Convert to nsIModule to prepare for memory leak fixing. Review: dp@netscape.com 1999-10-02 00:48:02 +00:00
mscott%netscape.com
54e572a820 Bug #14815 --> fix some ref counting problems between nsJSPrincipal and nsCodebasePrincipal. nsCodeBasePrinciapl 
was always getting leaked. And since it held onto the document's nsIURI, our uri's were getting leaked to.
r=brendan,a=chofmann.
 1999-09-24 06:18:55 +00:00
norris%netscape.com
c99b609910 Add ability to disable JS. Fix 13978 shopping at webvan.com crashes 1999-09-17 20:13:52 +00:00
norris%netscape.com
9acf604770 Add security support for javascript: uris. 1999-09-15 20:58:41 +00:00
norris%netscape.com
0865f1cdaa Create preferences for security checks. 
Add new methods on nsIScriptSecurityManager for capabilities.
Fix 13739 MLK: nsScriptSecurityManager::CreateCodebasePrincipal
Fix 11666 Eliminate plvector (was: [infinite loop] bugs - plvector.c)
 1999-09-15 04:05:43 +00:00
norris%netscape.com
350b2d64a7 Fix arielb warnings. 1999-09-13 23:23:54 +00:00
norris%netscape.com
6ce2283719 Remove unused files. 1999-09-13 20:10:24 +00:00
briano%netscape.com
4f8c7d2d53 General cleanup. 1999-09-10 08:53:30 +00:00
norris%netscape.com
88708be24d Makefile.in: remove unused file 
nsScriptSecurityManager.cpp: Fix CheckURI problems (but still disabled)
nsSecurityManagerFactory.cpp: Make registration string match convention
 1999-09-09 13:47:16 +00:00
alecf%netscape.com
ec49081f52 caps doesn't need libxp anymore 1999-09-09 06:29:32 +00:00
don%netscape.com
fe371d4b25 Temporarily disabled CheckURI so the Manage Bookmarks dialog and other windows work again. Norris will fix the window.open problem later. 1999-09-08 04:25:14 +00:00
norris%netscape.com
20a52a4fa4 disable XPConnect security check, perhaps related to test failure. Getting reports of failures on Mac at least. 1999-09-07 22:29:56 +00:00
norris%netscape.com
eb23e76298 Fix bug 13253. 
Enable restrictions on use of Components array from web JavaScript.
 1999-09-07 20:40:20 +00:00
norris%netscape.com
2d8e12375f * Add checks on urls formed from web scripts 
* Make nsScriptSecurityManager implement nsXPCSecurityManager
* Fix unix warnings
 1999-09-07 02:54:19 +00:00
shaver%netscape.com
65115e55ff quell assignment-as-boolean warning 1999-09-05 05:28:28 +00:00
bruce%cybersight.com
0ae97d3196 Use nsAllocator not new[] for char* data. 1999-09-03 14:15:03 +00:00
kipp%netscape.com
b92bd76cbb Make it build on unix 1999-09-01 01:50:01 +00:00
norris%netscape.com
ec9d253f50 Add all-powerful system principals. Remove some dead code from the build. 1999-09-01 00:54:35 +00:00
joki%netscape.com
155255be20 Adding new flag to the security check calls out of the DOM generated JS files. 1999-08-31 14:23:55 +00:00
norris%netscape.com
d8507f844e * clean up nsScriptSecurityManager 
* remove nsJSSecurityManager
* save principals in nsIChannels and nsIDocuments
 1999-08-29 21:58:42 +00:00
beard%netscape.com
eb5fd8e5f0 Removed a potentially dangerous cast. 1999-08-28 03:00:19 +00:00
gagan%netscape.com
b82db954ce Fixed some memory leaks showing up on bruce's log- 
http://www.cybersight.com/~bruce/apprunner.mongo.19990827.log.
 1999-08-27 08:36:49 +00:00
alecf%netscape.com
6c2881ae30 remove libcaps dependancy on libxp by using PL/PR routines instead of XP_* 1999-08-27 04:09:41 +00:00
arielb%netscape.com
1b252b2e3b includes updates to codbase matching security checks currently turned off 
but in place.  redefined the script security manager in caps and it is
now generating codebase principals.
 1999-08-20 09:51:02 +00:00
arielb%netscape.com
4e0fc6ab1e adding functionality to security 1999-08-08 22:29:02 +00:00
arielb%netscape.com
1125dac5c8 removing public directory for good. fixed up nsPrivilegeManager.cpp 1999-08-08 21:04:16 +00:00
arielb%netscape.com
4b06750b30 removed zip support from caps module. from now on all that stuff will 
be used by libjar.  should also remove a lot of memory leaks reported on
nsZip
 1999-08-07 21:40:33 +00:00
arielb%netscape.com
9655521b0f Fix to bug 11330 and some changes to reduce warnings in linux builds 1999-08-07 19:59:31 +00:00
briano%netscape.com
a47d75cc4c Fixed the missing EOF newline problem. 1999-08-07 03:01:30 +00:00
sspitzer%netscape.com
18ee1a3dd5 fix the port bustages. use ZLIB_LIBS and not -lz. r=briano. 1999-08-07 02:15:37 +00:00
sspitzer%netscape.com
e6cfae8c46 fix for run time bustage. r=briano 1999-08-07 00:10:14 +00:00
arielb%netscape.com
a1d83223f4 added a new and improved factory to caps module. fixed some bugs and 
cleared some warnings.  also move some methods of privilege manager to
principal manager.
 1999-08-06 22:44:35 +00:00
briano%netscape.com
e9e0a60caa Added a newline to the EOF to fix the Unix native compiler builds. 1999-08-02 06:40:28 +00:00
briano%netscape.com
39e329f8ae Cleaned it up. 1999-08-02 06:40:06 +00:00
jband%netscape.com
9b59237936 fixing runtime crash for arielb - was shadowing a member with a local in the ctor 1999-08-02 01:44:18 +00:00
arielb%netscape.com
0d16b83058 add a principal manager to caps api. everything is now xpidled so 
i removed the public directory from the module.
 1999-08-01 21:26:02 +00:00
briano%netscape.com
25ce386224 Added a newline the the end of file to make the native Unix compilers happy. 1999-07-28 21:55:50 +00:00
arielb%netscape.com
387cbc374e xpidling and updating nsTarget object. should resolve build errors on 
SeaMonkey Ports
 1999-07-28 05:43:26 +00:00
bruce%cybersight.com
49f92f70e7 Add newlines for unix compilers. 1999-07-27 20:31:21 +00:00
arielb%netscape.com
d00edf950d removed some enums and migrated them into nsPrivilege, nsIPrivilege and 
nsPrivilegemanager. cleaning up some old code from the security module
and refining their api's and such like.
 1999-07-27 00:50:59 +00:00
arielb%netscape.com
8dad60d09d Fix to the caps security module. I removed the nsPrincipal struct, from now 
on you can access principals by their xpcomed interface nsIPrincipal.
 1999-07-24 03:58:23 +00:00
briano%netscape.com
c38045d303 Added a newline at the EOF to make the Unix native compilers happy. 1999-07-19 21:05:56 +00:00
sspitzer%netscape.com
9ba33ac20b add new line to end of file 1999-07-18 01:13:25 +00:00
arielb%netscape.com
587d04c222 idled principals interfaces and some fixes to caps manager... 1999-07-16 20:31:18 +00:00
norris%netscape.com
f64740e501 Move several security files into idl. (Create idl directory in caps module.) 
Implement methods of nsIXPCSecurityManager.
Fix random errors in DOM JS security.
 1999-07-15 23:23:16 +00:00
norris%netscape.com
06317a54b3 Tom Pixley's code for the beginnings of DOM security, with a fix for the previous Mac link failure. 1999-07-07 07:50:03 +00:00
sspitzer%netscape.com
59413cec7e fix warnings 1999-07-03 00:39:28 +00:00
dveditz%netscape.com
9bc612bf52 makeile cleanups 1999-07-02 13:38:47 +00:00
joki%netscape.com
37a6739ec1 Backing out js security changes. 1999-07-01 13:03:35 +00:00
joki%netscape.com
ccd5375141 New JavaScript/DOM security stuff. 1999-07-01 10:38:26 +00:00
sspitzer%netscape.com
e053cfd43e fix warnings for sudu. 1999-07-01 08:30:51 +00:00
mcmullen%netscape.com
4b0ff2c414 Patches for OpenVMS and conversions to nsQuickSort(). Thanks to Colin Blake and James Lewis Nance (resp) 1999-06-03 18:15:53 +00:00
ramiro%netscape.com
3a1a4a1d14 Make sure nsTarget.h is complied as C++ source. 
nsTarget.h is a c++ header, which includes other c++ headers.  It needs to
be complied as c++ source.

If everything in this page needs to be compiled as C code, then why
isnt this file a .c file ?
 1999-05-31 16:29:28 +00:00
dp%netscape.com
94344009c8 Landing xpcom20/21 branch. 1999-05-26 01:38:36 +00:00
dveditz%netscape.com
11f88fb5a4 fix zlib name on windows 1999-04-28 00:48:44 +00:00
amusil%netscape.com
5802959950 Bug fix - made static array lengths match up 1999-04-23 21:53:43 +00:00
briano%netscape.com
b6e7599e83 Fix for SunOS4. 1999-04-10 01:06:40 +00:00
leaf%mozilla.org
4ad9f70d5d Landing nspr library name change, and plevent function call change. 1999-03-17 21:32:03 +00:00
warren%netscape.com
4b2d56fbaa nsRepository -> nsIComponentManager changes. 1999-03-09 09:44:27 +00:00
cyeh%netscape.com
b27fdb082f fix pdb file generation so that the go into $(OBJDIR) and also 
have more useful names other than "none.pdb". some cleanup remains.
 1999-03-05 23:24:48 +00:00
alecf%netscape.com
c8c7fd5fd1 fix AIX bustage - we were dereferencing the function before checking if it was NULL 1999-02-27 06:22:43 +00:00
alecf%netscape.com
46d0bfce71 nspr.h was causing problems on HPUX 1999-02-27 01:37:44 +00:00
warren%netscape.com
44cae3cd3f Changes for RDF component registration using nsRepository. Also changed args to NSGetFactory and friends. 1999-02-26 10:17:14 +00:00
warren%netscape.com
01dd4f0ed6 Cleaned up nsICollection and nsIEnumerator. Broke out nsIBidirectionalEnumerator. Added ISupportsArray enumerator. Cleaned nsISupportsArray. 1999-02-23 08:10:24 +00:00
brade%netscape.com
54a9fb4a3e move local variables into #if block where they are needed (reduces warnings on Macintosh compiler) 1999-02-19 16:12:58 +00:00
warren%netscape.com
af4892e337 Fixed unsigned problems. 1999-02-06 04:02:02 +00:00
sudu%netscape.com
c94385ee94 OJI MozClassic to raptor merge 1999-01-25 08:05:00 +00:00
raman%netscape.com
ba1f9dee86 Checking in changes from Bob Glickstein 1998-12-15 05:53:19 +00:00
ramiro%netscape.com
e2b921bf3c Add cvsignore entries for makefiles generated bu autoconf. 1998-12-05 09:07:33 +00:00
ramiro%netscape.com
bc992a7bb0 Remove extraneous Makefile files. 1998-12-05 08:19:05 +00:00
raman%netscape.com
5b7786e40c XP_COM interfaces for JS calls into CAPS 1998-11-23 00:27:00 +00:00
raman%netscape.com
231ff43d7a Changes to make caps into a DLL. Defined all strings in this file until there is a replacement for allxpstr.h 1998-11-19 05:22:28 +00:00
raman%netscape.com
eb1dd00c2c Bug fixes from MozillaClassic branch, plus changes to build caps without rdf 1998-11-16 21:57:13 +00:00
raman%netscape.com
5bfc22ac4a Minor bug fix to my last check-in 1998-10-28 04:53:47 +00:00
raman%netscape.com
23466e2008 Bug fixes to make caps stuff work with jvm's codesource principals 1998-10-28 03:31:17 +00:00
cls%seawood.org
5db72cde51 Moved zlib from REQUIRES to a ifndef MOZ_NATIVE_ZLIB endif block. 1998-10-22 03:59:53 +00:00
cls%seawood.org
ed2a7f5f65 Sync'd various Makefile.ins to their Makefile counterparts. 
Removed nspr & nspr20 from REQUIRES.  Removed NSPR_LDFLAGS.
Changed LIBNSPR refs to NSPR_LIBS.
Removed leftover NSPR20 ifdefs.
 1998-10-21 02:13:56 +00:00
raman%netscape.com
8a4ed31775 Fixes for compiler errors on AIX. Thanks wtc 1998-10-20 20:50:09 +00:00
raman%netscape.com
de7c273669 Minor tweak to my last fix. Pass PR_Now for verfication. 1998-10-15 23:47:51 +00:00
raman%netscape.com
0f2db8cccf Fixed the Mac bustage 1998-10-15 23:21:22 +00:00
cyeh%netscape.com
e8f6d28da2 flip NO_SECURITY/MOZ_SECURITY logic around so that crypto stuff only 
gets enabled when MOZ_SECURITY is defined.
 1998-10-15 22:40:32 +00:00
raman%netscape.com
ccee89d6a8 Added verification certifcates that are created via nsICapsManager. This could be used by JVM plugins. 1998-10-15 20:56:34 +00:00
raman%netscape.com
191dfa4366 Backing out my previous check-in. I was told my changes built ok on Mac, But I wasn't given complete information. Sorry for trouble. 1998-10-14 05:01:12 +00:00
raman%netscape.com
5f82c88ba4 Support for nsICertPrincipal. We do the certificate verification of certificates passed by JavaSoft 1998-10-14 02:52:40 +00:00
racham%netscape.com
9bc4454971 Adding -reg_mode flag related changes 1998-10-06 21:04:19 +00:00
racham%netscape.com
dd8cbf5e27 Adding filecode base check routine for -reg_mode flag 1998-10-06 21:02:03 +00:00
racham%netscape.com
3e5359a28f Adding -reg_mode flag related APIs 1998-10-06 21:00:36 +00:00
raman%netscape.com
34d9668524 Reenabled the code that fixes the memory leaks during startup. I have compiled these changes on windows, solaris, linux. Lasttime I checked in, Mac compiled ok. 1998-09-30 18:06:19 +00:00
cyeh%netscape.com
d1e85c57c3 Remove old NSPR20 #ifdef 1998-09-29 21:55:00 +00:00
raman%netscape.com
be4cd9ab8e Backing my last checkin 1998-09-27 03:15:11 +00:00
raman%netscape.com
ba17d5bef8 Fixed the memory leaks during startup 1998-09-27 01:22:41 +00:00
raman%netscape.com
8bbca90d14 Added AllJavaScript target to represent a target that defines all JavaScript privileges. JavaSoft's JVM will use this target to perform privileged operations from Java in JS 1998-09-24 00:16:14 +00:00
wtc%netscape.com
96a6a02078 NO_NSPR_PRIVATE_HEADER_BRANCH landing. Removed the inclusions of 
private NSPR headers (prosdep.h and primpl.h) from the Mozilla source.
The part of prosdep.h that is actually needed by Mozilla was extracted
and put in the new file mozilla/include/xp_path.h.
 1998-09-22 16:59:57 +00:00
sudu%netscape.com
7563a7dd9d Bring autoconf build up to date with non-autoconf build 1998-09-21 19:25:58 +00:00
raman%netscape.com
a82ec3ee9a Added AllJavaPermission target to give complete access to all permissions in Javasoft's JVM 1998-09-19 01:25:32 +00:00
raman%netscape.com
10d9766023 Added CertChain Principal support for Javasoft. Added calls for AskPermission and SetPermission 1998-09-19 00:06:44 +00:00
sudu%netscape.com
1e86d67968 New xpcom caps manager apis 1998-09-17 18:12:32 +00:00
raman%netscape.com
9b5baab042 Added AskPermission and SetPermission API calls for OJI. Added the CertChain Principal support for JavaSoft. 1998-09-16 18:39:48 +00:00
raman%netscape.com
a298828e34 Bug fixes to isSecurePrincipal. We weren't checking codebase_principal preference correctly. 1998-09-13 18:07:59 +00:00
raman%netscape.com
0b469efbf5 Added CPPSRCS 1998-09-02 19:11:06 +00:00
raman%netscape.com
5f24c79522 Added getSigners API for SmartUpate 1998-09-02 19:10:57 +00:00
warren%netscape.com
4f1b718b4e Added closure argument to nsHashtable::Enumerate. 1998-09-01 00:16:47 +00:00
cls%seawood.org
9020b80c52 Updates to autoconf files. 1998-08-26 04:04:57 +00:00
cls%seawood.org
84f1cedcbb AUTOCONF_1_0 landing. 1998-08-19 20:42:14 +00:00
norris%netscape.com
3ba8fa1b75 Add routine to initialize capabilities code. 
Code was actually written by raman.
 1998-08-06 19:41:12 +00:00
raman%netscape.com
bb30d1cf9b Adde context as argument to all caps public methods that could be used by JS 1998-08-04 23:54:29 +00:00
warren%netscape.com
50d67bd178 Stubbed out nsZig.c 1998-07-31 23:58:02 +00:00
warren%netscape.com
c569bb5575 Fixed mysterious c++ name mangling problem. 1998-07-31 23:19:02 +00:00
warren%netscape.com
c9bd5d8074 Landing changes in the OJI_19980727_BRANCH since the OJI_19980727_TIP_MERGE tag. 1998-07-31 20:19:50 +00:00
warren%netscape.com
13b18ece68 Committed from OJI_19980618_TIP_MERGE1. 1998-07-28 02:07:25 +00:00
raman
b00270bebb This is not part of any build system. caps is part of OJI effort. It will be used by JavaScript in future. Approved by warren/jar/jsw. 1998-07-10 21:12:19 +00:00