corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
202,656 Commits 1 Branch 0 Tags
e272a33dff4cb15dfb51ef6dc74252d1da9ac2b9
Commit Graph

134 Commits

Author SHA1 Message Date
brendan@mozilla.org
0f1e5d7394 Stop evals and Script object calls/execs that cross trust domains (289074, r=shaver, sr=jst, a=drivers). 2005-04-07 02:22:24 +00:00
cbiesinger@web.de
4ede1e82e7 Bug 269661 make libpref not depend on caps 
r=caillon sr=dveditz
 2005-02-06 12:39:31 +00:00
jst@mozilla.jstenback.com
30319cb490 Re-enabling the fix for bug 69070 and optimizing some string code in caps that was for sure part of the reason for the Tp regression, and use CheckLoadURIWithPrincipal() to be more correct. r+sr=bzbarsky@mit.edu 2004-10-15 16:53:35 +00:00
dveditz@cruzio.com
eefe7f0ac6 Improve enablePrivilege confirmation dialog text and presentation, sanity-check 
privilege names (bug 253942, bug 253944) r=caillon,sr=brendan,a=chofmann,mkaply
 2004-09-01 07:53:32 +00:00
cbiesinger@web.de
380dd4b401 removing myself from DEBUG_CAPS_HACKER list 2004-07-10 19:38:28 +00:00
cbiesinger@web.de
8159c35f7d fix DEBUG_CAPS_HACKER bustage due to bug 240106 
r=caillon sr=darin
 2004-06-16 15:58:22 +00:00
gerv@gerv.net
cf0b0c064a Bug 236613: change to MPL/LGPL/GPL tri-license. 2004-04-17 21:52:36 +00:00
caillon@returnzero.com
36e47e1b16 Re-land patch for bug 83536, merging principal objects. 
Also includes fixes from bug 216041.
r=bzbarsky
sr=jst
 2003-10-21 22:11:49 +00:00
brendan@mozilla.org
d8628428ac Better version of last change, thanks to caillon for reminding me. 2003-09-28 04:55:50 +00:00
brendan@mozilla.org
5a97e80d4e Forgot to update calls to formerly-static SecurityCompareURI (r+sr=bz). 2003-09-28 04:44:33 +00:00
brendan@mozilla.org
604b90f8a3 Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky). 2003-09-28 04:22:01 +00:00
caillon@returnzero.com
cb97361fb3 Backing out the patch to bug 83536. 
I will reland this when 1.6a re-opens.
r+sr=jst@netscape.com
a=chofmann
 2003-08-22 03:06:53 +00:00
brendan@mozilla.org
365c98466c Add shared DHashTableOps for [const] char *key use-cases, clean up dhash API abusages (214839, r=dougt, sr=dbaron). 2003-08-05 20:09:21 +00:00
caillon@returnzero.com
74046f4652 Bug 214050 
Start to localize some of the more common user-visible error messages in caps.
r+sr=bzbarsky@mit.edu
 2003-07-29 05:28:00 +00:00
mkaply@us.ibm.com
aa9071ac41 Ports bustage - remove NS_COM per bsmedberg 2003-07-24 18:58:30 +00:00
caillon@returnzero.com
3c2c01c6d0 Bug 83536. 
Merge script principal implementations into one class.
Should reduce footprint, speed up calls to caps a little bit, and fixes several memory leaks.
Also fixes bugs 211174 and 211263
r=jst@netscape.com
sr=bzbarsky@mit.edu
moa=mstoltz@netscape.com (he looked at an earlier patch and said it looked fine, and will do a retroactive review when he returns from vacation as well)
 2003-07-24 05:15:20 +00:00
timeless@mozdev.org
8b78741240 Bug 194872 CAPS vulnerability when doing cross-site-scripting with frames from different origins and different CAPS settings (allAccess, noAccess). 
bustage (const char*)
sr=jst
 2003-06-26 03:27:01 +00:00
mstoltz@netscape.com
efa7bd7440 Bug 194872 - Cache zone-policy data on the subject principal instead of the callee. r=nisheeth, sr=jst. 2003-06-26 00:18:43 +00:00
caillon@returnzero.com
86fcd8dff4 Bug 163645 - User defined properties of window.navigator are not remembered when a new page is loaded. 
Enable this for websites within the same domain only.
Also, fixes CheckSameOriginPrincipal to just check the principals, and not care whether we have anything on the JS stack.
r=mstoltz, sr=jst
 2003-06-18 23:48:57 +00:00
mstoltz@netscape.com
3b08782204 Bug 163950 - allow opening connections for XML data transfer services when document.domain has been set. r=jst, sr=heikki. 2003-05-28 23:22:36 +00:00
bzbarsky@mit.edu
bcde483319 Removing stray windows newline that causes build warning... No reviews, sorry. 2003-04-08 20:26:41 +00:00
mstoltz@netscape.com
99102880b1 Bug 188229 - adding new security check function that allows component instantiation by CID. r=dveditz, sr=heikki. *not part of build yet* 2003-03-12 02:17:37 +00:00
brendan@mozilla.org
4380790dcc Generalize the JS_SetCheckObjectAccessCallback hook implemented here to deal with user-defined getters and setters (92773, r=mstoltz, sr=jst). 2003-03-06 19:40:14 +00:00
sfraser@netscape.com
f79952cca3 Fix bug 127185: don't crash with a null JS context if running without XPT files. Fixes nsScriptSecurityManager to do more thorough error checking on initialization. r=mstoltz, sr=jst. Fixes bustage. 2003-01-17 02:00:01 +00:00
mstoltz@netscape.com
13b0356ff9 133170 - Need to re-check host for security on a redirect after a call to 
XMLHttpRequest.open(). For xmlextras, r=heikki, sr=jband. For caps,
r=bzbarsky, sr=jst
147754 - Add same-origin check to XMLSerializer. Patch by jst. r=mstoltz,
sr=jband
113351 - Add same-origin check to XSL Include. Patch by peterv and jst,
r=mstoltz, sr=rpotts
135267 - Add same-origin check to stylesheets included via LINK tags.
r=dveditz, sr=scc
 2002-06-14 23:54:18 +00:00
dougt@netscape.com
00d8c29c64 Fixes mozilla/strings requiring unfrozen nsCRT class. patch by scc, r=dougt, sr=jag, b=136756 2002-05-15 18:55:21 +00:00
mstoltz@netscape.com
5b1d68475a A bunch of fixes in caps: 
128697 - Added a pref listener for changes to capability.policy prefs,
removed profile-change listener
131025 - Removed insecure "trusted codebase principals" feature
131340 - Make nsCodebasePrincipal::Equals handle jar URLs correctly
131342 - Clean up privilege-grant dialog code
128861 - class policy hashtables allocated only when needed; avoids
PLDHash memory-use warning
Fixed comparison of -1 and 80 ports (Can't find the bug # right now)

All r=harishd, sr=jst, a=asa.
 2002-03-20 05:53:46 +00:00
alecf@netscape.com
870f83ae0d fix bug 129635 - write a destructor for DomainPolicy so that the hashtable is destroyed 
(and not leaked!)
r=mstoltz, sr=vidur, a=asa
 2002-03-10 00:41:08 +00:00
jst@netscape.com
71807c8bf5 Fixing bug 111529. Optimizing out unnecessary QI calls from nsScriptSecurityManager::GetObjectPrincipal() and doing some other minor cleanups and speedups. r=nisheeth@netscape.com, sr=jband@netscape.com 2002-02-20 05:51:05 +00:00
mkaply@us.ibm.com
4d428ceb98 OS/2 bustage - callback needs to be in header 2002-02-13 13:30:06 +00:00
mstoltz@netscape.com
0aef651827 Bug 119646 - Rewrite of the security manager policy database for improved 
performance. r=jst, sr=jband.
 2002-02-13 04:20:46 +00:00
bzbarsky@mit.edu
62c59c5c69 Make CAPS correctly observe changes to capability.policy prefs. Needed 
for having UI for these suckers.  Bug 101150, r=mstoltz,sr=jst
 2001-10-02 21:56:51 +00:00
gerv@gerv.net
2d4d90d3ce License changes, take 2. Bug 98089. mozilla/config/, mozilla/caps/, mozilla/build/. 2001-09-25 01:03:58 +00:00
gerv@gerv.net
30a09f1d88 Oops. 2001-09-20 00:02:59 +00:00
scc@mozilla.org
3c364a083d bug #98089: ripped new license 2001-09-19 20:09:47 +00:00
mstoltz@netscape.com
84cc1c70c0 bug 86799, adding support for wildcard security policies of the form 
"capability.policy.group.*.property". Also added additional optimizations
and changed copy-initialization of NSCOMPtrs to direct initialization
throughout the file. r=harishd, sr=jst, a=asa.
 2001-08-29 02:05:48 +00:00
mstoltz@netscape.com
7c07606fff 86984 - make history.length sameOrigin-accessible. Security prefs change. 
91714 - CheckLoadURI should trest 'safe' and 'unsafe' about: URLs as different protocols
56260 - 'Remember This Decision' in signed script grant dialog should default to unchecked
83131 - More descriptive security error messages
93951 - Added null check in GetBaseURIScheme to prevent crash.
All bugs r=jtaylor, sr=jst
 2001-08-14 00:18:58 +00:00
brendan@mozilla.org
43925308ab Restore scriptable nsIClassInfo.classID but add fast/C++-only classIDNoAlloc; define and use nsIClassInfo::EAGER_CLASSINFO in caps (93792, sr=waterson&jst). 2001-08-07 03:59:29 +00:00
mstoltz@netscape.com
f67f93ffbe 82495 - Support for the view-source protocol in CheckLoadURI 
87887 - don't call InitPolicies or InitPrincipals if there are no prefs to process
83902 - Use weak reference to pref branch to avoid reference cycle
91619 - was leaking a char* - use nsXPIDLCString instead
86932 - Add support for per-site JS disabling to CanExecuteScripts
all bugs r=jesse, sr=dougt
 2001-08-02 20:32:48 +00:00
mstoltz@netscape.com
c0c28e274e Bug 77485 - defining a function in another window using a targeted javascript: 
link. Prevent running javascript: urls cross-domain and add a security check for adding
and removing properties. r=harishd, sr=jst.
 2001-07-13 07:08:26 +00:00
mstoltz@netscape.com
bff6208f1c Re-checking-in my fix for 47905, which was backed out last night because of a bug in some other code that was checked in along with it. This checkin was not causing the crasher and is unchanged. See earlier checkin comment - in short, this adds same-origin to XMLHttpRequest and cleans up some function calls in caps, removes some unnecessary parameters. r=vidur, sr=jst. 2001-05-19 00:33:51 +00:00
blizzard@redhat.com
73464b4d88 Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775. 2001-05-18 17:41:23 +00:00
mstoltz@netscape.com
7563016fac Bug 47905 - adding security check for XMLHttpRequest.open. 
Added nsIScriptSecurityManager::CheckConnect for this purpose.
Also cleaned up the security check API by removing some unnecessary
parameters. r=vidur@netscape.com, sr=jst@netscape.com

Bug 79775 - Forward button broken in main mail window. Making
WindowWatcher not call GetSubjectPrincipal if the URL to be loaded is
chrome, since the calling principal is superfluous in this case.
No one has been able to find the root cause of this problem, but
this checkin works around it, which is the best we can do for now.
r=ducarroz@netscape.com, sr=jst@netscape.com
 2001-05-18 06:56:29 +00:00
mstoltz@netscape.com
f25ae8ef54 Fixes for bugs 79796, 77203, and 54060. r=jband@netscape.com, 
sr=brendan@mozilla.org
 2001-05-11 00:43:27 +00:00
jst@netscape.com
650643b391 Landing the XPCDOM_20010329_BRANCH branch, changes mostly done by jband@netscape.com and jst@netscape.com, also some changes done by shaver@mozilla.org, peterv@netscape.com and markh@activestate.com. r= and sr= by vidur@netscape.com, jband@netscape.com, jst@netscpae.com, danm@netscape.com, hyatt@netscape.com, shaver@mozilla.org, dbradley@netscape.com, rpotts@netscape.com. 2001-05-08 16:46:42 +00:00
mstoltz@netscape.com
0a2445e5cc More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538). 
r=beard, sr=hyatt
 2001-04-17 01:21:44 +00:00
mstoltz@netscape.com
fa6783f615 Bugs 55069, 70951 - JS-blocking APIs for mailnews and embedding. r=mscott, sr=attinasi. 
Bug 54237 - fix for event-capture bug, r=heikki, sr=jband.
 2001-03-23 04:22:56 +00:00
mstoltz@netscape.com
e16ffc4176 bug 47905, adding security check to XMLHttpRequest.open(). r=heikki, sr=brendan 2001-03-02 00:09:20 +00:00
mstoltz@netscape.com
72e3ea1fa8 Bug 66369, adding support for per-file permissions granting to caps. r=jst, sr=jband. 2001-01-27 01:42:20 +00:00
jband@netscape.com
71d137bc0f fix bug 55506. If seman was initialized too early then it was failing to register its nameset. This happened on first run when JS Component Loader would use the secman. The result was that all calls to the security manager via JavaScript would fail for that session. This fixes that by continuing to try to register the nameset until it actually succeeds. r=mstoltz a=brendan 2000-11-30 05:32:08 +00:00