corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
134,807 Commits 1 Branch 0 Tags
d8f62e65bf5aca79b931aadf6792ca93c702901b
Commit Graph

111 Commits

Author SHA1 Message Date
d8f62e65bf Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
51622f4f19 Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv 2008-02-26 19:45:29 -08:00
0e09da2e16 backing out fix for bug 416534 as potential cause of mochitest failure 2008-02-26 19:23:36 -08:00
5a418fd29c Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv 2008-02-26 18:17:49 -08:00
2137617bee Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org 2008-01-29 12:51:01 -08:00
fd502496c5 Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep 2008-01-15 07:50:57 -08:00
eecfc98144 Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org 2007-12-12 15:02:25 -08:00
27506864a9 bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov 2007-09-06 00:02:57 -07:00
98de634631 Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros. 2007-07-08 00:08:04 -07:00
7be1c54ee4 Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg 2007-03-27 08:34:59 -07:00
0f08b75950 Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg 2007-03-27 08:33:38 -07:00
bzbarsky@mit.edu
ce1dcb41ac Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky@mit.edu
bd12b1b015 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
 2006-11-10 23:49:08 +00:00
bzbarsky@mit.edu
5a2d1d8d62 Disable optimization that relies on invariants we don't maintain. Bug 317240 
wallpaper, r+sr=jst
 2006-05-04 15:23:43 +00:00
bzbarsky@mit.edu
7856969463 Followup fix for bug 307867 -- make sure to update our pointers to hashtable 
entries when the entries move. r=dveditz, sr=brendan
 2006-02-24 04:38:46 +00:00
bzbarsky@mit.edu
862b87ebdd Remove dead code. Bug 327171, r=mrbkap, sr=shaver 2006-02-14 21:08:15 +00:00
bzbarsky@mit.edu
e41f8baacf Get principals for XPConnect wrapped natives off their scope instead of walking 
their parent chain.  Add some asserts to check that this actually does give the
same result, which it should with splitwindow.  Bug 289655, r=dbradley, sr=jst
 2005-11-16 02:12:21 +00:00
cbiesinger@web.de
3b08033c0d Bug 248052 Add a contract ID for a global channeleventsink. Make the 
scriptsecuritymanager register for that and implement nsIChannelEventSink. Veto
redirects if CheckLoadURI fails. Remove the explicit usage of
nsIScriptSecurityManager from nsHttpChannel.cpp.

This eliminates js and xpconnect from REQUIRES, and brings us closer to remove
caps.

r=darin sr=bz
 2005-11-08 20:47:16 +00:00
bzbarsky@mit.edu
7d8ee006a9 Don't call nsIClassInfo::GetClassDescription unless we really have to. Bug 
313157, r=dveditz, sr=jst
 2005-10-20 23:49:59 +00:00
bzbarsky@mit.edu
d5e643aec5 Comment-only fixes I forgot to make. Bug 240661. 2005-07-22 20:49:12 +00:00
bzbarsky@mit.edu
e8bb5f9e92 Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
 2005-07-22 19:05:42 +00:00
timeless@mozdev.org
712986fe88 Bug 300853 Caps crash on cleanup [@ DomainPolicy::Drop] 
patch by g.maone@informaction.com r=caillon sr=dveditz a=bsmedberg
 2005-07-19 21:55:36 +00:00
timeless@mozdev.org
c2b5639ec1 Bug 217967 FF104 crash [@ PL_DHashTableOperate ] changing caps access control prefs 
More consistent DomainPolicy lifecycle management avoids use of corrupted hashtable data
patch by g.maone@informaction.com r=dveditz sr=shaver a=bsmedberg
 2005-06-29 16:29:49 +00:00
timeless@mozdev.org
51befe1992 Bug 292588 shutdown crash !sXPConnect [@ nsScriptSecurityManager::CheckObjectAccess] 
store the runtime, unset the callback at shutdown
r=dveditz sr=jst a=asa
 2005-06-07 21:57:56 +00:00
brendan@mozilla.org
e7378c1180 Find active native function principals when walking the JS stack, and beef up eval-ish native safeguards (281988, r=shaver/caillon, sr=jst, a=drivers). 2005-05-04 06:28:36 +00:00
bzbarsky@mit.edu
8dcfa0c518 Do less addrefing of principals in the script security manager. Bug 289643, 
r=caillon, sr=brendan, a=asa
 2005-04-10 23:27:07 +00:00
brendan@mozilla.org
e6a80a7ea8 Revert kludge, want a general fix. 2005-04-07 19:48:57 +00:00
brendan@mozilla.org
0f1e5d7394 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 2005-04-07 02:22:24 +00:00
cbiesinger@web.de
4ede1e82e7 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz
 2005-02-06 12:39:31 +00:00
jst@mozilla.jstenback.com
30319cb490 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:53:35 +00:00
dveditz@cruzio.com
eefe7f0ac6 Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
 2004-09-01 07:53:32 +00:00
cbiesinger@web.de
380dd4b401 removing myself from DEBUG_CAPS_HACKER list 2004-07-10 19:38:28 +00:00
cbiesinger@web.de
8159c35f7d fix DEBUG_CAPS_HACKER bustage due to bug 240106 
r=caillon sr=darin
 2004-06-16 15:58:22 +00:00
gerv@gerv.net
cf0b0c064a Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
caillon@returnzero.com
36e47e1b16 Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
 2003-10-21 22:11:49 +00:00
brendan@mozilla.org
d8628428ac Better version of last change, thanks to caillon for reminding me. 2003-09-28 04:55:50 +00:00
brendan@mozilla.org
5a97e80d4e Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 2003-09-28 04:44:33 +00:00
brendan@mozilla.org
604b90f8a3 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon@returnzero.com
cb97361fb3 Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
 2003-08-22 03:06:53 +00:00
brendan@mozilla.org
365c98466c Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 2003-08-05 20:09:21 +00:00
caillon@returnzero.com
74046f4652 Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
 2003-07-29 05:28:00 +00:00
mkaply@us.ibm.com
aa9071ac41 Ports bustage - remove NS_COM per bsmedberg 2003-07-24 18:58:30 +00:00
caillon@returnzero.com
3c2c01c6d0 Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
 2003-07-24 05:15:20 +00:00
timeless@mozdev.org
8b78741240 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst
 2003-06-26 03:27:01 +00:00
mstoltz@netscape.com
efa7bd7440 Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 2003-06-26 00:18:43 +00:00
caillon@returnzero.com
86fcd8dff4 Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
 2003-06-18 23:48:57 +00:00
mstoltz@netscape.com
3b08782204 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 2003-05-28 23:22:36 +00:00
bzbarsky@mit.edu
bcde483319 Removing stray windows newline that causes build warning... No reviews, sorry. 2003-04-08 20:26:41 +00:00
mstoltz@netscape.com
99102880b1 Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 2003-03-12 02:17:37 +00:00
brendan@mozilla.org
4380790dcc Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 2003-03-06 19:40:14 +00:00