Commit Graph

470 Commits

Author SHA1 Message Date
harishd%netscape.com
85570db892 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 2003-06-12 20:18:34 +00:00
seawood%netscape.com
97649bab86 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 21:18:27 +00:00
seawood%netscape.com
b28ce0a530 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 20:12:33 +00:00
dougt%meer.net
a069087dd4 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:56:38 +00:00
dougt%meer.net
e3a6a4edfc Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:51:34 +00:00
timeless%mozdev.org
fc043d1270 Bug 207328 @mozilla.org/scriptsecuritymanager;1 isn't registering itself correctly as an app-startup observer service
r=mstoltz sr=alecf
2003-05-29 04:27:03 +00:00
mstoltz%netscape.com
11919bb299 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 2003-05-28 23:22:36 +00:00
dwitte%stanford.edu
270d3909ca bug 100649: Length() being used where IsEmpty() is meant
treewide changes to convert incorrect usages of string.Length() to string.IsEmpty().

thanks to afatecha@idea.com.py (Ariel Fatecha) for the patch. r=dwitte, sr=jst.

got the ok from Asa to land into a closed tree.
2003-05-23 21:34:47 +00:00
dbradley%netscape.com
5761ad14e3 bug 205538 - Use hyphens instead of underscores in caps prefs for CID's. r=adamlock, sr=alecf, a=asa 2003-05-20 14:19:05 +00:00
jst%netscape.com
72ec343461 Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org 2003-05-12 22:23:52 +00:00
brendan%mozilla.org
710c694ac3 Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa). 2003-05-09 00:40:50 +00:00
dbradley%netscape.com
fd606d2dcd Another dummy change to cause beast to rebuild caps 2003-04-30 09:19:50 +00:00
mkaply%us.ibm.com
4c6419aa49 IRIX bustage 2003-04-23 04:28:41 +00:00
mstoltz%netscape.com
4edb1f430d Bug 180749 - when remembering granted privileges for file://pages, grant privilege for that page only, not the whole local file system. r=jst, sr=heikki. 2003-04-23 00:21:02 +00:00
jst%netscape.com
690a8cef27 Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org 2003-04-17 20:21:00 +00:00
bzbarsky%mit.edu
cbf70f5c05 Removing stray windows newline that causes build warning... No reviews, sorry. 2003-04-08 20:26:41 +00:00
locka%iol.ie
461f6c3964 Define XPC_IDISPATCH_SUPPORT when building caps if necessary. b=198117 r=dbradley@netscape.com sr=alec@netscape.com 2003-03-20 12:10:04 +00:00
rginda%netscape.com
2b3526ff2e bug 170585, Scriptable streams are broken; r=darinf, sr=dougt
update to readdata caller
2003-03-13 21:24:37 +00:00
mstoltz%netscape.com
44d264d6b0 Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 2003-03-12 02:17:37 +00:00
timeless%mozdev.org
b092996d3f Bug 196340 Change NS_REINTERPRET_CAST(nsIScriptContext*, JS_GetContextPrivate(cx)) to use Static Cast
r=mstoltz sr=heikki
2003-03-07 21:54:28 +00:00
brendan%mozilla.org
3c0c23b860 Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 2003-03-06 19:40:14 +00:00
rginda%netscape.com
c1745c244e bug 191773, r=mstoltz, a=dbaron@dbaron.org
only allow x-jsd: urls from chrome: and resource:
2003-02-05 01:27:56 +00:00
seawood%netscape.com
5c6983cb86 Whitespace change to trigger rebuild of libs that depend upon zlib. 2003-01-30 05:53:29 +00:00
bryner%netscape.com
da1893e985 fixing IRIX bustage (^M's from mstoltz's checkin) 2003-01-25 03:58:38 +00:00
mstoltz%netscape.com
366a456693 Bug 189799 - Ignore username:password portion of URL when making URL comparisons for security. r=heikki, sr=jst, a=asa 2003-01-25 01:43:37 +00:00
sfraser%netscape.com
ba78e7bec4 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 2003-01-17 02:00:01 +00:00
sfraser%netscape.com
1c574be034 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. 2003-01-17 01:00:15 +00:00
dbaron%dbaron.org
48544669f3 Bug 178643: Remove uses of NS_INIT_ISUPPORTS, since it's no longer needed. r=timeless sr=jag 2003-01-08 19:24:38 +00:00
caillon%returnzero.com
6d92f9bd32 184257 - Updating pref callers. r=timeless sr=bzbarsky 2003-01-08 08:40:41 +00:00
seawood%netscape.com
d5efcdfb6d Start installing GRE libraries & components into a separate dist/gre directory as part of the default build.
Bug #186241 r=dougt
2002-12-28 01:15:07 +00:00
alecf%netscape.com
df10f648b8 take two at fixing bug 177401 - convert nsIBinaryStream over to using nsAString/nsACString for string values, to speed up fastload
sr=darin, r=dougt
(the previous checkin had a typo which disabled fastload entirely!)
2002-11-14 18:16:31 +00:00
alecf%netscape.com
0a48c10053 argh, back out my last checkin because Ts went UP not down! 2002-11-09 01:31:32 +00:00
alecf%netscape.com
4721428275 fix for bug 177401 - use nsAString& classes instead of wstring in nsIBinaryInputStream, to speed up fastload startup
sr=darin, r=dougt
2002-11-08 23:30:53 +00:00
mstoltz%netscape.com
d0f045a722 Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
2002-10-30 03:15:59 +00:00
sspitzer%netscape.com
b7337fe62b fix for #168136. r=mstoltz, sr=dveditz.
for pref controlled schemes, allow access if source scheme is chrome or res.
needed for the new "view filter log UI".
2002-09-12 20:27:07 +00:00
dougt%netscape.com
68faeb5241 166917. Clean up xpcom SDK includes. r=rpotts@netscape.com, sr=alecf@netscape.com, a=rjesup@wgate.com 2002-09-07 17:13:19 +00:00
jkeiser%netscape.com
32844f7719 Make anonymous content inaccessible to web content (bug 164086), r=sicking@bigfoot.com, sr=jst@netscape.com 2002-08-29 04:05:39 +00:00
bbaetz%student.usyd.edu.au
e1742b6500 Backing out jkeiser's checkin for bug 164086 (not bug 96537) because he
left a file out, and the tree turned red....
2002-08-28 10:13:28 +00:00
jkeiser%netscape.com
8aa6968431 Make anonymous content inaccessible to web content (bug 96537), r=sicking@bigfoot.com, sr=jst@netscape.com 2002-08-28 08:19:43 +00:00
henry.jia%sun.com
227be5af9c Fix bug 159889: replace the hardcode of "@mozilla.org/preferences;1" with NS_PREF_CONTRACTID
Patch by leon.zhang@sun.com
r=Henry, sr=alecf
2002-08-19 04:29:58 +00:00
seawood%netscape.com
322da773fb Removing old nmake build makefiles. Bug #158528 r=pavlov 2002-08-10 07:55:43 +00:00
henry.jia%sun.com
bb349938fc 5th patch for bug 158080
Description: replace the hardcode of @mozilla.org/embedcomp/window-watcher;1 with NS_WINDOWWATCHER_CONTRACTID
Patch by Henry.Jia@sun.com
r=anto, sr=alecf
2002-08-06 06:32:02 +00:00
sicking%bigfoot.com
39c966dd38 Use principals instead of URIs for same-origin checks.
b=159348, r=bz, sr=jst, a=asa
2002-07-30 21:26:32 +00:00
mstoltz%netscape.com
d0eab90dbb Bug 154930 - If one page has explicitly set document.domain and another has not,
do not consider them to be of the same origin for security checks. r=dveditz, sr=jst
2002-07-09 00:10:02 +00:00
harishd%netscape.com
23d9c4988e Disable script on the requested docshell and the containing docshells. b=154647, r=mstoltz, sr=jst 2002-07-02 23:26:08 +00:00
mstoltz%netscape.com
6e12a5ca9f Bug 152725 - Get URL passed to cookie module from document principal, not document URL.
THis ensures that cookies set by javascript URL pages are set in the correct domain.
r=morse, sr=dveditz.
2002-07-02 17:58:24 +00:00
harishd%netscape.com
0031d01a28 Backing out my checkin to see if it fixes the Txul breakage 2002-06-27 23:32:51 +00:00
harishd%netscape.com
5ce8f55dd0 ** checking in for mstoltz **
Disable scripts on the requested docshell and containing docshells. Also, made setCurrentURI() scriptable ( approved by Adam Lock ). b=154647, r=harishd, sr=jst
2002-06-27 20:58:42 +00:00
mstoltz%netscape.com
6f5d99be4c 133170 - Need to re-check host for security on a redirect after a call to
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
2002-06-14 23:54:18 +00:00
dougt%netscape.com
c683a217ab Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 2002-05-15 18:55:21 +00:00