jst@mozilla.org
b30b544b5f
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
philringnalda@gmail.com
57e4af9c93
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-12 19:23:17 -08:00
tglek@mozilla.com
21a6a8dc26
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 13:47:11 -08:00
jonas@sicking.cc
4c1a3910ac
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu
26d7ccd742
Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu
e252fc2b15
Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst
2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu
5983f838e4
Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 15:18:28 -07:00
dveditz@cruzio.com
2940b2f998
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com
c0215549f6
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com
5f9effcd34
Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst.
2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu
3c0f9ef02f
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com
681c6747e8
Bustage fix
2007-07-11 14:20:11 -07:00
jwalden@mit.edu
6d7584839a
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu
647cbff151
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu
434b4cf8db
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu
ec536a72cf
Make nsPrincipal::Equals compare codebases, not just certs, for certificate
...
principals. Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us
baab01ada6
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
dbaron@dbaron.org
e7bb1b1c38
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
dbaron@dbaron.org
d98d9fdec5
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
hg@mozilla.com
05e5d33a57
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00
bzbarsky%mit.edu
d9f9d475bb
When getting codebase principals, install the passed-in codebase on them even
...
if they come from the hashtable. Bug 269270, r=dveditz, sr=jst.
2007-02-09 04:52:44 +00:00
bzbarsky%mit.edu
382b095c94
Get the source scheme from the right URI object. Bug 368160, r+sr=dveditz
2007-01-26 04:33:02 +00:00
bzbarsky%mit.edu
8a1b6c5e34
Make the redirect check get principals the same way we get them elsewhere.
...
Clean up some code to use the new security manager method. Bug 354693,
r=dveditz, sr=sicking
2006-11-22 18:27:54 +00:00
gavin%gavinsharp.com
ad22de3c0c
Bug 202198: fix possible leak in nsScriptSecurityManager::InitPrefs(), patch by Ryan Jones <sciguyryan+bugzilla@gmail.com>, r+sr=dveditz
2006-11-22 17:22:40 +00:00
sayrer%gmail.com
6aa99d403b
Bug 360840. allocator mismatch in nsIScriptSecurityManager. r=timeless, sr=bz
2006-11-16 18:25:52 +00:00
bzbarsky%mit.edu
730516b0a1
Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst
2006-11-14 22:46:45 +00:00
bzbarsky%mit.edu
0a3a624149
Make it possible for protocol handlers to configure how CheckLoadURI should
...
treat them via their protocol flags. Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
2006-11-10 23:49:08 +00:00
cbiesinger%web.de
74a2a1d30c
Bug 351876 Move nsICryptoHash into necko
...
r=darin
2006-09-15 22:06:31 +00:00
bzbarsky%mit.edu
50e969de0c
Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst
2006-08-21 22:15:20 +00:00
pkasting%google.com
dafdf0b1eb
Bug 337223: Don't expose moz-anno protocol to web pages.
...
Patch by brettw
r=jst
sr=bzbarsky
2006-08-18 21:35:16 +00:00
bzbarsky%mit.edu
e9379f3679
Remove special-casing of about:blank for security purposes; give about:blank
...
pages the principal of whoever is responsible for loading them, when possible.
Bug 332182, r=mrbkap, sr=jst
2006-08-15 17:31:16 +00:00
dveditz%cruzio.com
d3379f18b5
bug 340107 save wasted cycles checking permissions if we're just going to deny access anyway. r=mrbkap, sr=sicking
2006-06-27 00:56:41 +00:00
bzbarsky%mit.edu
282ad6509b
Fiox the special-casing for about:blank to deal with it now being
...
moz-safe-about:blank as far as the security manager is concerned. Bug 342108,
r=darin, sr=jst
2006-06-22 02:21:06 +00:00
bzbarsky%mit.edu
8cd320ad22
Allow about: modules to just set a flag to force script execution to be allowed
...
for particular about: URIs, instead of hardcoding checks in the security
manager. Bug 341313, r=darin, sr=jst
2006-06-22 02:19:49 +00:00
bzbarsky%mit.edu
4b3cf6e788
Make the URIs of principals immutable. Bug 339822, r=dveditz, sr=darin
2006-06-20 03:17:41 +00:00
bzbarsky%mit.edu
9a60679a4c
Save the principal in the session history entry so that reloading a data: URL
...
will do the right thing. Also, change CheckLoadURI to allow null
principals to load things that anyone can load (e.g. http:// URIs). Bug
337260, r=dveditz, sr=jst
2006-06-19 21:08:45 +00:00
bzbarsky%mit.edu
9509962b32
Move the safe vs unsafe about: distinction out of the security manager and into
...
nsIAboutModule implementations. Bug 337746, r=dveditz, sr=darin
2006-06-19 21:02:12 +00:00
mhammond%skippinet.com.au
0f241835df
Land DOM_AGNOSTIC3_BRANCH, bug 255942. r=a few people, sr=brendan.
2006-06-13 03:07:47 +00:00
mrbkap%gmail.com
98997f8669
Checking in Ben Turner <bent.mozilla@gmail.com> and timeless's patch to make Gecko use the JS engine's request model to help multithreaded embedders avoid GC races and crashes. bug 176182, r=mrbkap assumed-rs=brendan
2006-06-12 22:39:55 +00:00
igor%mir2.org
65028a8035
Bug 338678: For source compatibility fields "uint16 extra,spare" in JSFunctionSpec are replaced by singe "uint32 extra". In this way we do need to update the current sources that list just 5 fields to include the additional ",0" corresponding to "spare" field. To quell GCC warnings all sources that list less then 5 fields of JSFunctionSpec are updated to explicitly list all 5 fields. r=mrbkap, s=brendan
2006-05-22 22:58:31 +00:00
bzbarsky%mit.edu
f78182b042
Make GetOrigin dig into nested URIs. Bug 336303, r=dveditz, sr=jst
2006-05-12 00:05:40 +00:00
bzbarsky%mit.edu
6e7e8da8e6
Create our URIs by hand (since we have our own scheme), instead of going
...
through the ioService. Also fixes some threadsafety stuff. Bug 337513,
r=dveditz, sr=darin.
2006-05-11 16:06:35 +00:00
cbiesinger%web.de
51a89a8b1e
bug 335180 Remove win32.order, mozilla-bin.order, --enable-reorder, and
...
associated code. These options do not really work anymore.
r=bsmedberg
2006-05-06 17:53:51 +00:00
bzbarsky%mit.edu
3aaa1fe7df
Disable optimization that relies on invariants we don't maintain. Bug 317240
...
wallpaper, r+sr=jst
2006-05-04 15:23:43 +00:00
bzbarsky%mit.edu
a40420a6d3
Deal with null subject URIs in SecurityCompareURIs. Bug 336432, r=dveditz, sr=jst
2006-05-04 02:29:46 +00:00
darin%meer.net
4a94571cee
fixes bug 214672 "Further optimization and correctness improvements of libjar: streamlining nsJarInputStream" patch by Alfred Kayser <alfredkayser@nl.ibm.com>, r=jwalden, sr=darin
2006-05-02 19:33:09 +00:00
bzbarsky%mit.edu
722b5218b2
Add an interface for nested URIs (like jar:, view-source:, etc) to implement
...
and use it in various places. Create null principals if asked for a codebase
principal for a codebase that doesn't have an inherent security context (eg
data: or javascript:). Bug 334407, r=biesi,dveditz, sr=darin
2006-05-02 18:54:19 +00:00
bzbarsky%mit.edu
000f1cb779
Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz
2006-04-25 03:24:43 +00:00
bzbarsky%mit.edu
dffe9c89ad
Check rv before looking at port. Bug 334210, r+sr+branch181=jst
2006-04-17 23:19:44 +00:00
bzbarsky%mit.edu
f15a96ed13
Allow redirects to data: URIs. Bug 211999, r=dveditz, jruderman; sr=darin
2006-04-17 23:13:33 +00:00