Commit Graph

129 Commits

Author SHA1 Message Date
mstoltz%netscape.com
d0eab90dbb Bug 154930 - If one page has explicitly set document.domain and another has not,
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
mstoltz%netscape.com
6e12a5ca9f Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
mstoltz%netscape.com
6f5d99be4c 133170 - Need to re-check host for security on a redirect after a call to
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
dougt%netscape.com
c683a217ab Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 2002-05-15 18:55:21 +00:00
mstoltz%netscape.com
8b4ac18c14 Bug 136993 - Put the "trusted codebase principals" feature back in.
r=harishd, sr=jst, a=valeski
2002-04-13 01:53:46 +00:00
mstoltz%netscape.com
03fe97372a A bunch of fixes in caps:
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.
2002-03-20 05:53:46 +00:00
alecf%netscape.com
e5d4028f9d fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed
(and not leaked!)
r=mstoltz, sr=vidur, a=asa
2002-03-10 00:41:08 +00:00
jst%netscape.com
beae4f7953 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 2002-02-20 05:51:05 +00:00
mkaply%us.ibm.com
cbcd4c677a OS/2 bustage - callback needs to be in header 2002-02-13 13:30:06 +00:00
mstoltz%netscape.com
4756b7169c Bug 119646 - Rewrite of the security manager policy database for improved
performance. r=jst, sr=jband.
2002-02-13 04:20:46 +00:00
seawood%netscape.com
45bfbf0658 Landing the rest of the win32 gmake changes:
* Adds Makefile.ins to win32 specific dirs
* Adds WINNT ifdefs to Makefile.ins
* Causes NSPR to be compiled with --with-mozilla
* Misc general Makefile.in cleanup

Bug #58981 r=mcafee
2001-12-18 09:14:29 +00:00
mstoltz%netscape.com
f634fa73d2 bug 106535, adding the ability to enable codebase principals for a single host
instead of for all hosts. r=vidur, sr=jst.
2001-10-26 23:00:48 +00:00
bzbarsky%mit.edu
8986a0ad12 Make CAPS correctly observe changes to capability.policy prefs. Needed
for having UI for these suckers.  Bug 101150, r=mstoltz,sr=jst
2001-10-02 21:56:51 +00:00
gerv%gerv.net
11248436dd License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 2001-09-25 01:03:58 +00:00
gerv%gerv.net
1856815ff1 Oops. 2001-09-20 00:02:59 +00:00
scc%mozilla.org
102170b2a0 bug #98089: ripped new license 2001-09-19 20:09:47 +00:00
mstoltz%netscape.com
3f22e806ad bug 86799, adding support for wildcard security policies of the form
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.
2001-08-29 02:05:48 +00:00
mstoltz%netscape.com
880f5907bc 86984 - make history.length sameOrigin-accessible. Security prefs change.
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
2001-08-14 00:18:58 +00:00
brendan%mozilla.org
49c0102cdf Restore scriptable nsIClassInfo.classID but add fast/C++-only classIDNoAlloc; define and use nsIClassInfo::EAGER_CLASSINFO in caps (93792, sr=waterson&jst). 2001-08-07 03:59:29 +00:00
mstoltz%netscape.com
1b5e7659c9 82495 - Support for the view-source protocol in CheckLoadURI
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
2001-08-02 20:32:48 +00:00
brendan%mozilla.org
dbd7fed5b1 FASTLOAD_20010703_BRANCH landing, r=dbaron, sr=shaver. 2001-07-31 19:05:34 +00:00
mstoltz%netscape.com
f3d9b0caa1 Bug 77485 - defining a function in another window using a targeted javascript:
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
2001-07-13 07:08:26 +00:00
mstoltz%netscape.com
8c0cd58b30 Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 2001-05-19 00:33:51 +00:00
blizzard%redhat.com
678b80f10b Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 2001-05-18 17:41:23 +00:00
mstoltz%netscape.com
11f7b8f900 Bug 47905 - adding security check for XMLHttpRequest.open.
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com
2001-05-18 06:56:29 +00:00
mstoltz%netscape.com
59c995612e Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com,
sr=brendan@mozilla.org
2001-05-11 00:43:27 +00:00
jst%netscape.com
f7460d0269 Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 2001-05-08 16:46:42 +00:00
mstoltz%netscape.com
2b6e6516d2 More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).
r=beard, sr=hyatt
2001-04-17 01:21:44 +00:00
mstoltz%netscape.com
519500116e Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi.
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.
2001-03-23 04:22:56 +00:00
mstoltz%netscape.com
33c8110175 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 2001-03-02 00:09:20 +00:00
mstoltz%netscape.com
41054417f6 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 2001-01-27 01:42:20 +00:00
jband%netscape.com
b3d21fb8f4 fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 2000-11-30 05:32:08 +00:00
mstoltz%netscape.com
c063d33489 bug 44147, caps grant dialog now being created from DOMWindow->GetPrompter instead of nsIPrompt service. r=dbragg 2000-09-09 00:53:21 +00:00
dp%netscape.com
e5e279fe36 bug#49786 Caching frequently used progid: nsThreadJSContextStack r=waterson 2000-08-22 06:02:14 +00:00
mstoltz%netscape.com
ea5d41851a Fixing 41876 r=hyatt, also 48724, 49768, and crasher in nsBasePrincipal.cpp, r=jtaylor 2000-08-22 02:06:52 +00:00
warren%netscape.com
84b5fd67e3 Bug 46711. Removed nsAutoString travisty from nsStringKey. Introduced nsCStringKey. Made them both share the underlying string when possible. r=waterson 2000-08-10 06:19:37 +00:00
mstoltz%netscape.com
b65db40d35 Fixing 40159, nasty infinite recursion on startup. r&a=beard 2000-07-26 04:53:01 +00:00
mstoltz%netscape.com
3910fcba0b fix for 42387, r=dveditz 2000-07-20 01:16:15 +00:00
mstoltz%netscape.com
d1da06c856 DOM properties default to same origin access only. Bug 28443. r=rginda 2000-07-05 19:08:20 +00:00
vidur%netscape.com
79c210a6b9 Checking in for mccabe, since he had to leave town. Partial fix for bug 41429. Adding a new interface that components can implement to control the capabilities needed for XPConnect access to them - default is UniversalXPConnect. r=vidur 2000-06-23 14:32:38 +00:00
mstoltz%netscape.com
ead929a4a4 Allow scripting of plugins by untrusted web scripts. Bug 36375. 2000-05-17 02:38:22 +00:00
mstoltz%netscape.com
11718e9f56 Removing archive attribute from nsCertificatePrincipal. This will not be used. 2000-05-16 22:37:38 +00:00
mstoltz%netscape.com
e0fc50a6d4 Fixes for 32878, 37739. Added PR_CALLBACK macros. Changed security.principal pref syntax to a nicer syntax. Removed "security.checkxpconnect" hack. 2000-05-16 03:40:51 +00:00
mstoltz%netscape.com
ad755522c3 Added archive attribute to nsICertificatePrincipal...part of fix for 37481. 2000-05-01 23:39:51 +00:00
mstoltz%netscape.com
9bb975256e Fixes for 27010, 32878, and 32948. 2000-04-26 03:50:07 +00:00
mstoltz%netscape.com
57feeae5ec Backing out changes until I can figure out why it's crashing on startup. 2000-04-23 21:25:39 +00:00
mstoltz%netscape.com
62bffdd26e Fixes for bugs 27010, 32878, 32948. 2000-04-23 20:30:29 +00:00
norris%netscape.com
e356de6476 Fix
28390, 28866, 34364
r=brendan@mozilla.org
35701
r=jst@netscape.com
2000-04-14 03:14:53 +00:00
mkaply%us.ibm.com
16e912ab31 # 34082
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
2000-04-05 02:32:07 +00:00
mstoltz%netscape.com
efa5624e14 Fixed bug 30915 using nsAggregatePrincipal. r=norris 2000-03-31 00:31:18 +00:00