mstoltz%netscape.com d6e2839371 bug 77485 - exploit inserting a function into another window using targeted
javascript URL links. Two-part fix: moving the call to GetCurrentDocumentOwner
in nsDocShell::LoadInternal to before the target docshell is called, and
changing nsScriptSecurityManager::GetFunctionObjectPrincipal to only get
the principal from the function object's scope chain if the function object's
principal is the system principal. r=jst, sr=vidur, a=asa.
2001-05-30 02:22:22 +00:00
..

<html>
<!-- 
   - The contents of this file are subject to the Netscape Public
   - License Version 1.1 (the "License"); you may not use this file
   - except in compliance with the License. You may obtain a copy of
   - the License at http://www.mozilla.org/NPL/
   - 
   - Software distributed under the License is distributed on an "AS
   - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
   - implied. See the License for the specific language governing
   - rights and limitations under the License.
   - 
   - The Original Code is mozilla.org code.
   - 
   - The Initial Developer of the Original Code is Netscape
   - Communications Corporation. Portions created by Netscape are
   - Copyright (C) 1998-1999 Netscape Communications Corporation. All
   - Rights Reserved.
   - 
   - Contributor(s):
   - Daniel Howard
   - 
   - Alternatively, the contents of this file may be used under the
   - terms of the GNU Public License (the "GPL"), in which case the
   - provisions of the GPL are applicable instead of those above.
   - If you wish to allow use of your version of this file only
   - under the terms of the GPL and not to allow others to use your
   - version of this file under the NPL, indicate your decision by
   - deleting the provisions above and replace them with the notice
   - and other provisions required by the GPL.  If you do not delete
   - the provisions above, a recipient may use your version of this
   - file under either the NPL or the GPL.
  -->
<body>
<h1>
<span CLASS=LXRSHORTDESC>
certificate and security management<p>
</span>
</h1>
<span CLASS=LXRLONGDESC>
caps contains C++ interfaces and code for determining the capabilities
of content based on the security settings and certificates (e.g. Verisign).
</span>
</body>
</html>