gecko-dev/caps/include
norris%netscape.com 51842ef45e Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes
Add checks to nsScriptSecurityManager::CheckCanListenTo that take
a principal and ensure that the currently executing script code
either is from the same origin as that principal or has the
UniversalBrowserRead privilege enabled. (chrome code has all
privileges enabled by default.) It's okay for the principal passed in
to be null. That just signifies a privileged window/document that only
can be listened to with privileges.

I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager.
nsDocument::GetNewListenerManager sets a principal on the listener
manager when it creates one. Obviously there are other places that
create listener managers, but scripts seem to go through this one.

Another change is to save some memory usage. Currently I allocate an
array of PolicyType that is NS_DOM_PROP_MAX elements long.
Unfortunately, compilers appear to allocate four bytes for each
PolicyType, so the array takes around 2400 bytes. I've added changes
to use two bit vectors that should consume about 1/16 that space.

r=joki

There are also changes that push nsnull onto the JSContext stack when
entering a nested event loop.

r=jband
1999-11-25 05:28:18 +00:00
..
.cvsignore Add cvsignore entries for makefiles generated bu autoconf. 1998-12-05 09:07:33 +00:00
Makefile.in * Fix the following bugs by tightening the default security policy. 1999-11-11 22:10:36 +00:00
makefile.win * Fix the following bugs by tightening the default security policy. 1999-11-11 22:10:36 +00:00
MANIFEST * Fix the following bugs by tightening the default security policy. 1999-11-11 22:10:36 +00:00
nsBasePrincipal.h * Fix the following bugs by tightening the default security policy. 1999-11-11 22:10:36 +00:00
nsCertificatePrincipal.h * Fix the following bugs by tightening the default security policy. 1999-11-11 22:10:36 +00:00
nsCodebasePrincipal.h * Fix the following bugs by tightening the default security policy. 1999-11-11 22:10:36 +00:00
nsJSPrincipals.h updated xPL license boilerplate to v1.1, a=chofmann@netscape.com,r=endico@mozilla.org 1999-11-06 03:43:54 +00:00
nsScriptSecurityManager.h Fix 18553 [DOGFOOD] addEventListener allows sniffing keystrokes 1999-11-25 05:28:18 +00:00
nsSystemPrincipal.h * Fix the following bugs by tightening the default security policy. 1999-11-11 22:10:36 +00:00