corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
202,656 Commits 1 Branch 0 Tags
e272a33dff4cb15dfb51ef6dc74252d1da9ac2b9
Commit Graph

89 Commits

Author SHA1 Message Date
334cb067ae Bug 584977 mark deprecated caps interfaces and methods with [deprecated] 
r=dveditz
 2011-03-27 23:59:17 -04:00
Boris Zbarsky
a857c2d4c3 Bug 593026. Make it possible to get the system principal from script. r=jst a=jst 2010-09-07 15:10:41 -04:00
Luke Wagner
32541f500f Bug 549143 - fatvals 2010-07-14 23:19:36 -07:00
Robert Sayre
b0ff2088ea Merge mozilla-central to tracemonkey 2010-05-17 13:55:37 -04:00
Jason Orendorff
94a1e24caa Bug 560643 - Add a special jsval type to XPIDL. Part 1, rename JSVal -> jsval in existing IDL. r+sr=jst. 2010-05-12 08:18:51 -05:00
Michael Kohler
61fec64afe Bug 506041 Part 2: Correct misspellings in source code 
r=timeless
 2010-05-13 14:19:50 +02:00
Jonas Sicking
0304916ce4 Bug 543696: Remove unused nsIScriptSecurityManager::CheckConnect. r/sr=mrbkap 2010-02-02 02:29:15 -08:00
Blake Kaplan
f3b6671930 Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz 2009-08-21 18:20:20 -07:00
Johnny Stenback
9b284c29c7 Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org 2009-06-30 15:55:16 -07:00
Blake Kaplan
b31ed1c8f8 Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky 2008-10-22 13:15:22 -07:00
43974bedd7 Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it 2008-04-18 10:35:55 -07:00
f6edaf0e34 Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz 2008-04-08 17:38:12 -07:00
d8f62e65bf Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst 2008-03-18 14:14:49 -07:00
1f50a9da1c Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com 2008-01-04 15:59:12 -08:00
41b9dd851e bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking 2007-10-26 18:46:09 -07:00
d5455995df Make security manager API more useful from script. Make more things 
scriptable, and add a scriptable method for testing whether a given principal
is the system principal.  Bug 383783, r=dveditz, sr=jst
 2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu
0d8e296fb6 Make the redirect check get principals the same way we get them elsewhere. 
Clean up some code to use the new security manager method.  Bug 354693,
r=dveditz, sr=sicking
 2006-11-22 18:27:54 +00:00
bzbarsky@mit.edu
ce1dcb41ac Remove securityCompareURIs() from nsIScriptSecurityManager. Bug 327243, r+sr=jst 2006-11-14 22:46:45 +00:00
bzbarsky@mit.edu
bd12b1b015 Make it possible for protocol handlers to configure how CheckLoadURI should 
treat them via their protocol flags.  Remove the protocol list we used before.
Bug 120373, r=dveditz, sr=darin
 2006-11-10 23:49:08 +00:00
bzbarsky@mit.edu
090edcdb9a Introduce CheckLoadURIStrWithPrincipal(). Bug 348559, r=dveditz, sr=jst 2006-08-21 22:15:20 +00:00
bzbarsky@mit.edu
174eac388a Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz
 2006-02-17 16:12:17 +00:00
bzbarsky@mit.edu
578c9bbc40 Backing out since tree is closed. 2006-02-17 03:33:03 +00:00
bzbarsky@mit.edu
108de207ac Make nsIPrincipal and some methods that use it scriptable. Bug 327242, r=jst, 
sr=dveditz
 2006-02-17 03:26:03 +00:00
bzbarsky@mit.edu
e8bb5f9e92 Expose the subject name for the cert and an nsISupports pointer to the cert on 
nsIPrincipal that represents a certificate principal.  Change preference
storage to ensure matches in not only the fingerprint but also the subjectName
before applying privileges from preferences to a certificate principal.  Remove
possibility for creating certificate principals without a useful identifying
name and make sure that names don't get munged by being forced to ASCII.  Bug
240661, r=caillon, sr=dveditz, a=bsmedberg
 2005-07-22 19:05:42 +00:00
dbaron@dbaron.org
92d0025560 Cleaner fix for bug 290036. b=290949 r=dveditz sr=darin a=asa 2005-05-12 18:20:07 +00:00
jshin@mailaps.org
7dfb2b2ceb bug 280613 : checkLoadURIStr of nsIScriptSecurityManager should accept AUTF8String istead of string (for IDN), r=dveditz, sr=darin 2005-02-02 07:17:53 +00:00
bzbarsky@mit.edu
d6a2a440ea Add a version of CheckLoadURI that takes a source principal instead of a source 
URI.  Update a bunch of callers to use it.  Bug 233108, r=caillon, sr=dveditz
 2004-04-25 16:55:27 +00:00
gerv@gerv.net
cf0b0c064a Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
neil@parkwaycc.co.uk
a71f359dbc Bug 227758 make subjectPrincipalIsSystem unscriptable and checkSameOriginURI scriptable r=caillon sr=dveditz 2003-12-19 21:51:37 +00:00
caillon@returnzero.com
36e47e1b16 Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
 2003-10-21 22:11:49 +00:00
brendan@mozilla.org
604b90f8a3 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon@returnzero.com
cb97361fb3 Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
 2003-08-22 03:06:53 +00:00
caillon@returnzero.com
3c2c01c6d0 Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
 2003-07-24 05:15:20 +00:00
dougt@meer.net
fd5cd3c3a6 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:56:38 +00:00
dougt@meer.net
51fee6de92 Disallowing javascript or data schemes in a redirect. r=mstoltz, sr=brendan, a=rjesup, b=195201 2003-05-29 21:51:34 +00:00
mstoltz@netscape.com
786fdce035 Bug 168316 - When calling from Java into JS, add a "dummy" JS stack frame with 
principal information for the security manager. r=dveditz, sr=jst, a=chofmann.
 2002-10-30 03:15:59 +00:00
sicking@bigfoot.com
d914d747e9 Use principals instead of URIs for same-origin checks. 
b=159348, r=bz, sr=jst, a=asa
 2002-07-30 21:26:32 +00:00
mstoltz@netscape.com
13b0356ff9 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
 2002-06-14 23:54:18 +00:00
mstoltz@netscape.com
5b1d68475a A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.
 2002-03-20 05:53:46 +00:00
mstoltz@netscape.com
e73a385592 Bug 127938 - chrome scripts should be exempt from the security check put in for 
bug 105050, on access to the opener property when the opener is a mail window.
r=pavlov, sr=jst, a=leaf.
 2002-02-28 00:22:59 +00:00
mstoltz@netscape.com
a28db9f8c4 partially backing out my last change - weird dependency problem 2002-02-26 05:28:26 +00:00
mstoltz@netscape.com
0b2cbd31e8 32571, present confirmation dialog before allowing scripts to close windows. 
105050, pass null window.opener when opener is a mail window.
both r=heikki, sr=jst, a=asa.
Backed out previously because of tinderbox problem, which should be fixed now.
 2002-02-26 04:50:21 +00:00
mcafee@netscape.com
0a172a4368 Backing out mstoltz. r=dbaron,jrgm 2002-02-19 04:06:53 +00:00
mstoltz@netscape.com
7d183d2cde Bug 105050 - return null window.opener to scripts if opener is a mail window. 
Bug 32571 - Prompt user before allowing scripts to close windows if opener is null.
both r=heikki, sr=jst.
 2002-02-19 01:09:45 +00:00
mstoltz@netscape.com
0aef651827 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.
 2002-02-13 04:20:46 +00:00
gerv@gerv.net
2d4d90d3ce License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 2001-09-25 01:03:58 +00:00
gerv@gerv.net
30a09f1d88 Oops. 2001-09-20 00:02:59 +00:00
scc@mozilla.org
3c364a083d bug #98089: ripped new license 2001-09-19 20:09:47 +00:00
mstoltz@netscape.com
c0c28e274e Bug 77485 - defining a function in another window using a targeted javascript: 
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
 2001-07-13 07:08:26 +00:00
mstoltz@netscape.com
bff6208f1c Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 2001-05-19 00:33:51 +00:00