mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-08 20:47:44 +00:00
51842ef45e
Add checks to nsScriptSecurityManager::CheckCanListenTo that take a principal and ensure that the currently executing script code either is from the same origin as that principal or has the UniversalBrowserRead privilege enabled. (chrome code has all privileges enabled by default.) It's okay for the principal passed in to be null. That just signifies a privileged window/document that only can be listened to with privileges. I added GetPrincipal/SetPrincipal methods to nsIEventListenerManager. nsDocument::GetNewListenerManager sets a principal on the listener manager when it creates one. Obviously there are other places that create listener managers, but scripts seem to go through this one. Another change is to save some memory usage. Currently I allocate an array of PolicyType that is NS_DOM_PROP_MAX elements long. Unfortunately, compilers appear to allocate four bytes for each PolicyType, so the array takes around 2400 bytes. I've added changes to use two bit vectors that should consume about 1/16 that space. r=joki There are also changes that push nsnull onto the JSContext stack when entering a nested event loop. r=jband |
||
---|---|---|
.. | ||
idl | ||
include | ||
macbuild | ||
public | ||
src | ||
.cvsignore | ||
Makefile.in | ||
makefile.win | ||
README.html |
<html> <!-- - The contents of this file are subject to the Netscape Public - License Version 1.1 (the "License"); you may not use this file - except in compliance with the License. You may obtain a copy of - the License at http://www.mozilla.org/NPL/ - - Software distributed under the License is distributed on an "AS - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - implied. See the License for the specific language governing - rights and limitations under the License. - - The Original Code is mozilla.org code. - - The Initial Developer of the Original Code is Netscape - Communications Corporation. Portions created by Netscape are - Copyright (C) 1998-1999 Netscape Communications Corporation. All - Rights Reserved. - - Contributor(s): - Daniel Howard - - Alternatively, the contents of this file may be used under the - terms of the GNU Public License (the "GPL"), in which case the - provisions of the GPL are applicable instead of those above. - If you wish to allow use of your version of this file only - under the terms of the GPL and not to allow others to use your - version of this file under the NPL, indicate your decision by - deleting the provisions above and replace them with the notice - and other provisions required by the GPL. If you do not delete - the provisions above, a recipient may use your version of this - file under either the NPL or the GPL. --> <body> <h1> <span CLASS=LXRSHORTDESC> certificate and security management<p> </span> </h1> <span CLASS=LXRLONGDESC> caps contains C++ interfaces and code for determining the capabilities of content based on the security settings and certificates (e.g. Verisign). </span> </body> </html>