Commit Graph

501 Commits

Author SHA1 Message Date
neil%parkwaycc.co.uk
6394a7f9f8 Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 2003-12-19 21:51:37 +00:00
pkw%us.ibm.com
56dbd77c06 Bug 228095 - AIX: 64-bit build error in nsScriptSecurityManager.cpp
r=caillon@aillon.org, sr=brendan@mozilla.org, a=brendan@mozilla.org
2003-12-15 18:16:09 +00:00
caillon%returnzero.com
c8e5f51fe0 227079 - Mozilla asks for security privileges where it shouldn't
Make sure we check signed.applets.codebase_principal_support and special urls before going further.
r=jst sr=bzbarsky a=dbaron
2003-12-04 02:14:07 +00:00
brendan%mozilla.org
7809adca33 Fix missing cx param problem (223041, r=caillon, sr=dbaron). 2003-11-03 04:26:55 +00:00
dbaron%dbaron.org
6139d85dae Work around bustage. Temporary fix. b=223041 2003-11-02 02:31:53 +00:00
caillon%returnzero.com
6ea484e8b7 Permit content to link to about:logo
Bug 223293; r=timeless sr=jst
2003-10-30 01:35:09 +00:00
caillon%returnzero.com
66caced69a Re-land patch for bug 83536, merging principal objects.
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
2003-10-21 22:11:49 +00:00
brendan%mozilla.org
4878fd7a5e Better version of last change, thanks to caillon for reminding me. 2003-09-28 04:55:50 +00:00
brendan%mozilla.org
3915f74063 Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 2003-09-28 04:44:33 +00:00
brendan%mozilla.org
4038563cd9 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon%returnzero.com
a7aa61013a about:about
Bug 56061
r=bryner@brianryner.com
sr=darin@meer.net
2003-09-13 19:35:59 +00:00
bryner%brianryner.com
06fe994577 Fix build on gcc 3.4 by removing extra semicolons (bug 218551). r/sr=dbaron, a=brendan. 2003-09-07 21:37:51 +00:00
caillon%returnzero.com
f8e8aed8a7 Backing out the patch to bug 83536.
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
2003-08-22 03:06:53 +00:00
caillon%returnzero.com
ae4593bec0 Bug 216234
Calling operator delete on an nsAutoPtr isn't good.
r+sr=dbaron@dbaron.org
a=asa@mozilla.org
2003-08-20 00:40:13 +00:00
cls%seawood.org
1b51ba858c Set MODULE in makefiles at the top of a heirarchy so that module-deps lists are more precise and builds will have the proper order if some subdirs contain other modules. 2003-08-16 00:42:35 +00:00
caillon%returnzero.com
c2d2462e51 Bug 214949
Make XUL error pages work again by making GetOrigin() return the full spec for chrome: URIs and preventing principal lookups when the principals hash is empty.
r+sr=jst@netscape.com
a=rjesup@wgate.com
2003-08-10 02:26:11 +00:00
brendan%mozilla.org
b7cdb7debb Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 2003-08-05 20:09:21 +00:00
caillon%returnzero.com
4572ef1a55 Adding comments, per bzbarsky. bug 214050. 2003-07-29 19:03:00 +00:00
caillon%returnzero.com
dac741004a Don't let success of string bundle calls dictate the return value, continue to return errors. Still bug 214050. 2003-07-29 09:07:43 +00:00
caillon%returnzero.com
b6f6ad74ba Bug 214050
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
2003-07-29 05:28:00 +00:00
caillon%returnzero.com
25a56a0d4b Init mSecurityPolicy. This somehow got lost in between the last two revisions of my patch to bug 83536.
r=timeless,sr=bzbarsky on IRC.
2003-07-27 07:00:25 +00:00
caillon%returnzero.com
007e7d68ad 213796 - Crash In CAPS.DLL On Startup [@ nsPrincipal::GetHashValue]
r+sr+caillonIsStupid=bzbarsky@mit.edu
2003-07-27 04:08:48 +00:00
caillon%returnzero.com
728cd6526c Bug 213847. Prompt the user for what to do if we don't know whether we can grant a capability.
r+sr=bzbarsky@mit.edu
2003-07-25 19:23:17 +00:00
mkaply%us.ibm.com
b7fd1c6840 Ports bustage - remove NS_COM per bsmedberg 2003-07-24 18:58:30 +00:00
caillon%returnzero.com
91b7c60bee Bug 83536.
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
2003-07-24 05:15:20 +00:00
seawood%netscape.com
beb45866ed Removing extra ^M. Fixing Irix cc bustage 2003-06-28 05:15:41 +00:00
jst%netscape.com
524a20845d Fixing bug 210730. ClassInfoData optimizations. r+sr=jaggernaut@netscape.com 2003-06-27 03:10:49 +00:00
timeless%mozdev.org
66730e2ca7 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess).
bustage (const char*)
sr=jst
2003-06-26 03:27:01 +00:00
mstoltz%netscape.com
ddc015e3b7 Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 2003-06-26 00:18:43 +00:00
jst%netscape.com
abefba9053 Fixing bug 209884. Writing an inline helper to safely get an nsIScriptContext from a JSContext and making direct callers of JS_GetContextPrivate() use the helper. r=caillon@aillon.org, sr=peterv@netscape.com 2003-06-24 21:43:01 +00:00
caillon%returnzero.com
b2badfa9f7 Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded.
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
2003-06-18 23:48:57 +00:00
harishd%netscape.com
85570db892 Grant access to SOAP response document's properties and also allow the document to be serializable. b=193953, r=heikki@netscape.com, sr=jst@netscape.com 2003-06-12 20:18:34 +00:00
seawood%netscape.com
97649bab86 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 21:18:27 +00:00
seawood%netscape.com
b28ce0a530 Removing old cfm build files. Use the CFM_LAST_RITES tag to resurrect. r=macdev 2003-06-10 20:12:33 +00:00
dougt%meer.net
a069087dd4 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:56:38 +00:00
dougt%meer.net
e3a6a4edfc Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:51:34 +00:00
timeless%mozdev.org
fc043d1270 Bug 207328 @mozilla.org/scriptsecuritymanager;1 isn't registering itself correctly as an app-startup observer service
r=mstoltz sr=alecf
2003-05-29 04:27:03 +00:00
mstoltz%netscape.com
11919bb299 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 2003-05-28 23:22:36 +00:00
dwitte%stanford.edu
270d3909ca bug 100649: Length() being used where IsEmpty() is meant
treewide changes to convert incorrect usages of string.Length() to string.IsEmpty().

thanks to afatecha@idea.com.py (Ariel Fatecha) for the patch. r=dwitte, sr=jst.

got the ok from Asa to land into a closed tree.
2003-05-23 21:34:47 +00:00
dbradley%netscape.com
5761ad14e3 bug 205538 - Use hyphens instead of underscores in caps prefs for CID's. r=adamlock, sr=alecf, a=asa 2003-05-20 14:19:05 +00:00
jst%netscape.com
72ec343461 Fixing bug 202994. Make sure the proper security check is done when converting the result of a JS expression in a javascript: URL to a string. r=mstoltz@netscape.com, sr=brendan@mozilla.org, a=asa@mozilla.org 2003-05-12 22:23:52 +00:00
brendan%mozilla.org
710c694ac3 Fix overbroad getter/setter access check to apply only to scripted getters/setters; fix wrong object class name in error messages (198660, r=mstoltz, sr=jst, a=asa). 2003-05-09 00:40:50 +00:00
dbradley%netscape.com
fd606d2dcd Another dummy change to cause beast to rebuild caps 2003-04-30 09:19:50 +00:00
mkaply%us.ibm.com
4c6419aa49 IRIX bustage 2003-04-23 04:28:41 +00:00
mstoltz%netscape.com
4edb1f430d Bug 180749 - when remembering granted privileges for file://pages, grant privilege for that page only, not the whole local file system. r=jst, sr=heikki. 2003-04-23 00:21:02 +00:00
jst%netscape.com
690a8cef27 Fixing bug 201132. Always use the JSPrincipals from the target object when compiling event handlers, never use the principals of the global object in which the event handler is compiled. Also make sure we never use the principals that are precompiled into cloned Functions, always get the principal from the Function's scope in such cases. r=mstoltz@netscape.com (and heikki@netscape.com), sr=brendan@mozilla.org 2003-04-17 20:21:00 +00:00
bzbarsky%mit.edu
cbf70f5c05 Removing stray windows newline that causes build warning... No reviews, sorry. 2003-04-08 20:26:41 +00:00
locka%iol.ie
461f6c3964 Define XPC_IDISPATCH_SUPPORT when building caps if necessary. b=198117 r=dbradley@netscape.com sr=alec@netscape.com 2003-03-20 12:10:04 +00:00
rginda%netscape.com
2b3526ff2e bug 170585, Scriptable streams are broken; r=darinf, sr=dougt
update to readdata caller
2003-03-13 21:24:37 +00:00
mstoltz%netscape.com
44d264d6b0 Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 2003-03-12 02:17:37 +00:00