Commit Graph

239 Commits

Author SHA1 Message Date
mkaply%us.ibm.com
16e912ab31 # 34082
r= warren@netscape.com
OS/2 Visual Age build - Adding PR_CALLBACK to some functoins for linkage
2000-04-05 02:32:07 +00:00
cls%seawood.org
f6740baa20 Moved static MOZ_COMPONENT_NSPR_LIBS, MOZ_COMPONENT_XPCOM_LIBS, MOZ_COMPONENT_LIBS definitions from configure.in to config.mk. Replaced -lxpcom in Makefiles to $(XPCOM_LIBS) so that we can optionally link against -lboehm when needed. Bug #31287 2000-04-04 04:46:38 +00:00
scc%netscape.com
c05019b2a8 making string conversions explicit 2000-04-01 00:39:02 +00:00
scc%netscape.com
4ea707a4ba make string conversions explicit 2000-04-01 00:36:50 +00:00
scc%netscape.com
89f8378252 turn on source browser in debug build; moved camelot added files into their right spots 2000-04-01 00:32:53 +00:00
mstoltz%netscape.com
efa5624e14 Fixed bug 30915 using nsAggregatePrincipal. r=norris 2000-03-31 00:31:18 +00:00
warren%netscape.com
727f312b32 Necko API changes: primarily nsIChannel, changing initialization parameters to accessors. Got javascript: evaluation to happen at the right time (when AsyncRead is called) as well as on the right thread. 2000-03-29 03:58:50 +00:00
scc%netscape.com
11c6f51246 small changes to clients of string conversion APIs 2000-03-26 01:19:41 +00:00
norris%netscape.com
4eb52aa84b Fix
32088 Circumventing Same Origin security policy using javascript: URLs
        32040 about: can't be link
Also remove deprecated method
r=mstoltz
2000-03-24 22:15:37 +00:00
norris%netscape.com
593a12b912 Fix bug 32904 Asserts at startup in nsScriptSecurityManager.cpp
r=mstoltz
2000-03-23 23:42:46 +00:00
mstoltz%netscape.com
e5f86d1226 heckLoadURI now handles jar: URL's correctly. r=norris 2000-03-23 04:37:37 +00:00
norris%netscape.com
ea9d7682c1 Fix 31998 nsScriptSecurityManager not thread safe breaks table regress 2000-03-21 23:12:16 +00:00
mstoltz%netscape.com
d655019842 added files: mozilla/caps/idl/nsIAggregatePrincipal.idl 2000-03-21 04:06:47 +00:00
mstoltz%netscape.com
672a1c6484 added files: mozilla/caps/src/nsAggregatePrincipal.cpp 2000-03-21 04:06:33 +00:00
norris%netscape.com
7d053b70b0 Adding nsAggregatePrincipal support. r=norris 2000-03-21 04:05:35 +00:00
norris%netscape.com
060e388a6b Files:
caps/idl/nsICertificatePrincipal.idl
	caps/idl/nsIPrincipal.idl
	caps/src/nsBasePrincipal.cpp
Implement the ability to manipulate multiple capabilties simultaneously.
r=mstoltz@netscape.com

Files:
	caps/src/nsCodebasePrincipal.cpp
Codebase equality should be based upon origin, not full path.
r=mstoltz@netscape.com

Files:
	caps/src/nsScriptSecurityManager.cpp
Change URI checking to deny based upon scheme rather than allow based upon
scheme for greater flexibility.
r=mstoltz@netscape.com

Files:
	dom/public/nsDOMPropEnums.h
	dom/public/nsDOMPropNames.h
	dom/src/base/nsGlobalWindow.cpp
	modules/libpref/src/init/all.js
Fix bug 20469 Seeing JS functions and global variables from arbitrary host
r=vidur@netscape.com

Files:
	dom/src/base/nsJSUtils.cpp
	dom/src/base/nsJSUtils.h
	dom/src/base/nsJSEnvironment.cpp
	dom/tools/JSStubGen.cpp
	layout/base/src/nsDocument.cpp
	layout/html/content/src/nsGenericHTMLElement.cpp
Improve performance by removing NS_WITH_SERVICE call for every DOM access.
Propagate XPCOM failure codes out properly.
r=vidur@netscape.com

Files:
	layout/html/document/src/nsFrameFrame.cpp
Fix 27387 Circumventing Same Origin security policy using setAttribute
r=vidur@netscape.com
2000-03-11 06:32:42 +00:00
norris%netscape.com
e81e4f8fa6 Fix 29419 nsScriptSecurityManager should do casinsensitive compaires
Patch submitted by andreas.otte@primus-online.de
r=norris,a=jar
2000-03-08 04:57:05 +00:00
bryner%uiuc.edu
f28f63a5d7 This allows clicked "finger:" links to work. r=norris@netscape.com. 2000-02-26 23:37:08 +00:00
norris%netscape.com
bdef85f8cd Fix meta refresh problems with etrade, etc.
r=mstoltz
a='do the right thing'
2000-02-24 19:17:59 +00:00
norris%netscape.com
d64387736b Fix 28612 META Refresh allowed in Mail/News
r=mstoltz,a=jar
Fix 28658 File upload vulnerability
r=vidur,a=jar
2000-02-23 22:34:40 +00:00
norris%netscape.com
5a9d717919 Work around bug where dialog message is truncated.
a=chofmann,r=mstoltz
2000-02-19 00:37:02 +00:00
norris%netscape.com
5567200a75 Fix 18439 windows.status allows reading links
r=mstoltz
2000-02-11 04:18:39 +00:00
norris%netscape.com
96add55c93 For some reason the sun compiler doesn't like the ?: assignment. 2000-02-10 06:24:38 +00:00
norris%netscape.com
72152baded Fix bad separator in Makefile problem. 2000-02-10 05:33:49 +00:00
norris%netscape.com
2b4b436f5f Fix 25062 Reload vulnerability
25206 Reload vulnerability #2
Implement grant dialogs and persistence for capabilities.
most r=mstoltz, some code from morse w/ r=norris
2000-02-10 04:56:56 +00:00
scc%netscape.com
73802d6f2e Pro5 update 2000-02-07 23:06:04 +00:00
norris%netscape.com
b5850888fc Fix crash in nsCodebasePrincipal::Equals when browser.registration.enable is set to true.
r=racham
2000-02-03 23:47:00 +00:00
norris%netscape.com
c68664297c Fix domain generalization for site-specific security policy.
also fix bug with enablePrivilege.
r=mstoltz
2000-02-03 23:28:36 +00:00
brade%netscape.com
49568eb54e fix paths for move to CW5 (bug #25779) 2000-02-02 15:27:53 +00:00
norris%netscape.com
c04c4d51f9 Fix bug #25864 watch() vulnerability
r=vidur,rogerl
2000-02-02 00:22:58 +00:00
norris%netscape.com
6d132fae66 Fix warning. 2000-01-27 15:59:34 +00:00
norris%netscape.com
7ec9655d07 Fix 23227 Document object vulnerability
r=mstoltz
2000-01-26 15:33:57 +00:00
jband%netscape.com
eef6de8432 Lots of xpconnect bug fixes...
- fix bug 12954 "should throw when setting non-settable props".

- fix bug 13418 "xpconnect needs to be threadsafe".
I think I filled in the cracks. Tests would be nice :)

- fix bug 22802 "[MLK] XPConnect Leaks".

- fix bug 24119 "[MLK] Reminder about cleaning up maps".

- fix bug 24453 "xpconnect needs default security manager".
I also changed the code in DOM and caps to just install a default secman and
not install a secman for each JSContext.

- fix bug 24687 "xpconect should avoid resolve performance suckage".
Added (modified) patch from shaver to create my JSObjects with the
global object as the temporary proto to avoid losing lookup.

- hack for bug 24688 "runtime errors in wrapped JS are not made obvious"
Added a debug only printf. We still need a JSErrorConsole service for this.

- fix bug 16130 "createInstanace and getService can create wrappers around wrappers"
Fixing this one really entailed changing the semantics of nsIXPConnect::wrapNative
and nsIXPConnect::wrapJS to use common code in xpcconvert that deals with existing
wrappers and DOM objects (with their own schemes for wrapping and unwrapping).
So, I changed the callers because the params changed slightly and some callers
were doing more work than necessary given the new semantics.

- Continued in the crusade to replace manaual refcounting with nsCOMPtrs whenever
touching old code.

- Added myself as first contributor to xpconnect files (vanity prevails!)

- Added new copyright header on some files that were missing it.

- Added some API comments.

- Converted nsXPCWrappedJS to implement nsIXPConnectWrappedJS via MI rather than
the old loser scheme of the nsIXPConnectWrappedJSMethods tearoff object.

- added DumpJSStack as globals to xpconnect and DOM dlls to be callable from
debuggers. I have ideas on how to improve and expand this support soon.

r=mccabe
2000-01-26 08:38:10 +00:00
norris%netscape.com
8507a58ec3 Files:
caps/include/nsScriptSecurityManager.h
	caps/src/nsScriptSecurityManager.cpp
	modules/libpref/src/init/all.js
Fix
24565 nsScriptSecurityManager::GetSecurityLevel() is a performance
24567 re-write DOM glue security checks to avoid NS_WITH_SERVICE()
r=waterson

Files:
	dom/src/base/nsGlobalWindow.cpp
	layout/base/src/nsDocument.cpp
	layout/base/src/nsGenericElement.cpp
Fix assertion failure for 1-character property names.


Files:
	dom/src/jsurl/nsJSProtocolHandler.cpp
	webshell/src/nsDocLoader.cpp
Fix 18653 "javascript:" URLs cross windows problems (probably regressi
r=nisheeth

Files:
	layout/events/src/nsEventListenerManager.cpp
Fix
23834 document.onkeypress allows sniffing keystrokes
24152 document.onclick shows links from other window
r=joki
2000-01-23 04:23:14 +00:00
mstoltz%netscape.com
69ef846a00 Fixed build blocker on HPUX, AIX, and Solaris by adding a cast. r=norris a=jar bug=24322 2000-01-20 00:19:30 +00:00
norris%netscape.com
c5ed5dbd3d Fix bug 24378 All DOM security checks inadvertently disabled
r=mstoltz,rogerl;a=jar
2000-01-19 23:39:07 +00:00
norris%netscape.com
d4cf23a2bf Fix build bustage caused by mismatch of NS_IMETHOD usage. 2000-01-18 22:45:05 +00:00
waterson%netscape.com
d0cbc99c85 Fix build bustage. 2000-01-18 22:35:27 +00:00
mstoltz%netscape.com
5014545a00 Implemented the reading of capabilities data from prefs. Reads codebase and certificate principal data and populates ScriptSecurityManager's principals table. bug= 18122 r=norris, rginda 2000-01-18 21:54:01 +00:00
norris%netscape.com
b0ba1f5b70 Fix 18592 Fix example: XPCom components cannot be used under
r=mstoltz
2000-01-14 00:03:46 +00:00
norris%netscape.com
a488d900ba Fix bug 16536.
r=mstoltz
2000-01-12 01:42:37 +00:00
norris%netscape.com
ab39816cf4 Get IRCChat working without compromising security.
Fix bugs 20261, 23518
r=rginda,mstoltz
2000-01-11 22:02:06 +00:00
jdunn%netscape.com
cb0c532e85 Fix base class specifiers, since be default if they aren't specified it is Private
# 23237
r= warren@netscape.com, ftang@netscape.com, jband@netscape.com
2000-01-11 01:45:34 +00:00
norris%netscape.com
ddb2282b6c Fix
858  [Feature] JavaScript auto-disable per-domain RFE
    13023 Users must be able to disable Java and JavaScript (for JS in mail)
    21923 Executing functions in "chrome:" protocol - #2.
    r=mstoltz

    (Checked in with red on Mac; Wan-Teh says his changes are localized so
     it shouldn't interfere with his fixing bustage.)
2000-01-08 16:51:54 +00:00
norris%netscape.com
4f128298d2 Fix 22909 previousSibling vulnerability
r=mstoltz
2000-01-06 00:59:18 +00:00
dougt%netscape.com
2e995c5f17 Converting to use nsIModule macro. r=dp. 2000-01-03 22:59:05 +00:00
jband%netscape.com
ef9c82db1e Landing big set of DOM and XPConnect changes:
DOM: getting rid of JS_GetContextPrivate wherever possible. Use static parent
links where we can. When we do need to find this info about the caller
we call a function that knows how to get that info rather than inline calls
to JS_GetContextPrivate. This is all required for calling DOM objects on
non-DOM JSContexts as we do via xpconnect.

XPConnect: basic refactoring work to disassociate wrappers from the JSContext
that was active when the wrapper was constructed. This allows for calling into
wrapped JS objects on the right JSContext and for proper grouping of wrapped
native objects so that they can share proto objects. This also allows for
better sharing of objects and lays the foundations for threadsafety and
interface flattening.

Also, xpconnect tests are reorganized and improved.

fixes bugs: 13419, 17736, 17746, 17952, 22086

r=vidur r=mccabe r=norris r=cbegle
a=chofmann
1999-12-18 20:29:29 +00:00
warren%netscape.com
7d4fa072a5 Fix for leak/bloat stats going negative. a=jar 1999-12-10 04:27:52 +00:00
norris%netscape.com
84fe55bbc1 Fix crash seen by waterson.
r=waterson
1999-12-02 05:41:17 +00:00
norris%netscape.com
d89d87531c Fix
20257 unable to edit existing images in editor due to JS error
	19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
1999-12-01 22:23:22 +00:00