Olli Pettay
cc228b8e8a
Bug 489561 - nsPrincipal should cache nsIPrefBranch and codebase_principal_support pref, r+sr=dveditz, +comments from bz
2009-06-16 14:00:06 +03:00
Arpad Borsos
ef105af6ce
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Phil Ringnalda
737a6446f9
Bug 495021 - CAPS unconditionally builds tests, r=shaver
2009-06-13 11:53:38 -07:00
Blake Kaplan
0e65edf009
Bug 441714 - Protect caps against SJOWs. r+sr=dveditz
2009-06-12 14:38:05 -07:00
Arpad Borsos
cd1887abfd
Back out bug 474369, suspected of causing dhtml and tp3 regression
2009-06-12 23:20:55 +02:00
Arpad Borsos
3773b464cf
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
...
--HG--
extra : rebase_source : 2f40cba97555521222512c7cd793c2a2adcca333
2009-05-07 17:15:26 +02:00
Boris Zbarsky
74f23ff279
Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap
2009-05-21 15:46:05 -04:00
Boris Zbarsky
9159839164
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 21:49:42 -04:00
Boris Zbarsky
f45f0ba98e
Bug 410486. Fix test failures due to the exception message getting truncated.
2009-05-20 00:57:37 -04:00
timeless@mozdev.org
eb1e7164ee
Bug 410486. Make sure to be in a request when reporting a pending exception. r=dveditz, sr=mrbkap.
2009-05-19 22:11:01 -04:00
Dave Townsend
99034adf24
Backed out changeset 461d728271d1
2009-05-19 13:51:18 +01:00
Arpad Borsos
584155ddb7
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Blake Kaplan
4f88c00c6c
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
2009-05-14 15:17:56 -07:00
Blake Kaplan
3bab9bf56c
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
L. David Baron
8c38aba811
Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer
2009-05-06 13:46:04 -07:00
Blake Kaplan
54734b9d0b
Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky
2009-04-23 00:21:22 -07:00
Mook
9ad88404f5
Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz
2009-02-26 18:31:17 +01:00
Dan Mosedale
56f33790dd
Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky
2009-02-17 20:32:57 -08:00
Daniel Holbert
2a7d88e05a
Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg
2009-01-21 22:55:08 -08:00
timeless@mozdev.org
caf7b1d646
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal
...
r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
timeless@mozdev.org
9d1932e7d2
Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz
2009-01-01 15:45:23 -08:00
Phil Ringnalda
dd512bcb35
Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz
2009-01-01 15:45:23 -08:00
Tyler Downer
c64b359146
Bug 471146 - remove old CAPS readme (already on devmo); r=brendan
2009-01-01 14:56:44 +01:00
Boris Zbarsky
e801383a04
Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking
2008-11-25 20:50:04 -05:00
Phil Ringnalda
bbe7e1d08a
Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg
2008-11-03 19:46:28 -08:00
Blake Kaplan
5adf556d30
Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky
2008-10-22 13:15:22 -07:00
Ben Newman
17eeddcb85
Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky
2008-10-16 10:56:51 -04:00
Igor Bukanov
59702db0da
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 16:16:25 +02:00
Arpad Borsos
8b11d938d2
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 17:04:34 +02:00
Blake Kaplan
64c490b3ef
Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky
2008-10-08 15:05:25 -07:00
Ben Newman
fdede899e6
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 09:16:27 -04:00
David Bienvenu
aff330072d
bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose
2008-09-21 15:21:07 -07:00
David Bienvenu
4df8ee2c63
temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943
2008-09-20 08:14:14 -07:00
Arpad Borsos
9b6f558fee
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-07 00:21:43 +02:00
Ben Turner
cb1f4f55af
Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst.
2008-09-05 16:26:04 -07:00
Ben Turner
b83ece5423
Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap.
2008-09-04 15:52:20 -07:00
Jason Orendorff
b94820fbeb
Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst)
2008-08-30 18:58:36 -05:00
Shawn Wilsher
837500c108
Bug 452486 - Create components when we actually have a profile
...
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas
ec80dcba93
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-27 18:15:32 -07:00
Shawn Wilsher
ef49cb7eca
Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
...
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp
71de9a78fb
Backed out changeset 1e3d4775197a (bug 442812)
2008-08-19 22:52:05 -07:00
Honza Bambas
6b04323552
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-19 19:31:08 -07:00
Boris Zbarsky
9ec967babe
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
Boris Zbarsky
82e19a7db4
Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking
2008-07-28 23:10:05 -07:00
Boris Zbarsky
563efe0fc5
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
jonas@sicking.cc
2558cdb12f
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com
64695153a3
Rework test for bug 292789 to try and fix the timeout on qm-centos5-01
2008-04-14 01:50:51 -07:00
dveditz@cruzio.com
17cf11825a
tests for bug 292789 -- forgot during checkin
2008-04-12 17:55:45 -07:00
dveditz@cruzio.com
8689328ff5
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
jonas@sicking.cc
9b874a6992
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
igor@mir2.org
c0d5c51190
[bug 423874] backing out as a simpler patch would do the job with less code.
2008-03-29 03:34:29 -07:00
igor@mir2.org
7598733582
[bug 424376] backing out - too much compatibility problems.
2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu
2db2275e45
Fix bug 421228. r+sr=sicking
2008-03-27 20:46:15 -07:00
igor@mir2.org
51dcc8a464
bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 03:16:40 -07:00
jst@mozilla.org
14b80d26bc
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
igor@mir2.org
eaa513c2f5
bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject
2008-03-21 01:19:23 -07:00
jst@mozilla.org
8b8c02a394
Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu
2008-03-20 23:01:55 -07:00
jst@mozilla.org
89acfcbf1a
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
shaver@mozilla.org
dfe9ba8c69
Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor.
2008-03-20 01:19:15 -07:00
shaver@mozilla.org
ec9eab3d12
Test for bug 423379 (content can load chrome and/or resource), r/sr=jst.
2008-03-19 15:14:51 -07:00
shaver@mozilla.org
aedf8d5eb3
(NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave.
2008-03-19 14:26:09 -07:00
jonas@sicking.cc
21fb00611b
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
5383803699
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com
b468aa6f00
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 07:10:48 -07:00
timeless@mozdev.org
7b35ecf9cb
Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver
2008-03-11 10:30:23 -07:00
reed@reedloden.com
ccc33c98c5
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 03:20:21 -08:00
jonas@sicking.cc
65f4571f58
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
myk@mozilla.org
b5e898ddd7
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
jonas@sicking.cc
84548acb75
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi
67622f2077
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 04:40:18 -08:00
reed@reedloden.com
7b58057fad
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 00:59:20 -08:00
jonas@sicking.cc
ba446696ec
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 00:16:54 -08:00
jst@mozilla.org
85f3006178
Fixing bustage.
2008-01-29 13:11:24 -08:00
jst@mozilla.org
6ecbc04940
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
jst@mozilla.org
a2481a1918
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 09:51:38 -08:00
jst@mozilla.org
0b7afd6193
Fixing bug 412691. Remove unnecessary nsCOMPtr's from performance critical code paths. r+sr=jonas@sicking.cc
2008-01-16 16:32:26 -08:00
benjamin@smedbergs.us
dfc4cee45d
Bug 411327 - nsIXPCNativeCallContext should not inherit from nsISupports, r=mrbkap, a=schrep
2008-01-15 07:50:57 -08:00
dwitte@stanford.edu
97a45f037f
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-11 20:30:42 -08:00
dwitte@stanford.edu
9d626da131
partial backout in an attempt to fix orange.
2008-01-11 02:08:58 -08:00
dwitte@stanford.edu
8a6c4d235f
relanding bug 410250.
2008-01-11 01:13:04 -08:00
dwitte@stanford.edu
d2b6f4f5ed
backing out to fix orange.
2008-01-10 20:59:44 -08:00
dwitte@stanford.edu
1798542e9f
thoroughly whack mallocfest in nsID/nsJSID and friends. b=410250, r+sr=jst, a=blocking1.9+
2008-01-10 19:56:00 -08:00
timeless@mozdev.org
c96d0561e1
Bug 334306 useless null check in nsDestroyJSPrincipals r=dbaron sr=dveditz a=mtschrep
2008-01-06 06:53:24 -08:00
mrbkap@gmail.com
32601361e2
Always throw an exception, even if we cannot reach a principal. bug 409514, r+sr+a=jst
2008-01-04 17:32:23 -08:00
jst@mozilla.org
41ea116da8
Fixing bug 410851. Expose a faster way of getting the subject principal, and use that from performance critical code. r+sr=mrbkap@gmail.com
2008-01-04 15:59:12 -08:00
mrbkap@gmail.com
ca0549b22f
XPCNativeWrappers can confuse the short-circuiting code. bug 409291, r+sr=jst a=beltzner
2007-12-21 11:06:29 -08:00
jst@mozilla.org
17c85fe694
Fixing bug 408009. Make doGetObjectPrincipal() faster. r+sr=bzbarsky@mit.edu, r+a=brendan@mozilla.org
2007-12-12 15:02:25 -08:00
philringnalda@gmail.com
2970c7f3be
Bug 400247 - remove XP_MAC deadcode in nsScriptSecurityManager.cpp, r+sr=bz, a=dsicore
2007-11-12 19:23:17 -08:00
tglek@mozilla.com
9c6d7f11a1
Bug 398574:Prbool fixes r=bz a=release drivers
2007-11-12 13:47:11 -08:00
jonas@sicking.cc
903acf3ee6
bug 394390: Don't report bogus warnings to the error console when using cross-site xmlhttprequest. Patch by Surya Ismail <suryaismail@gmail.com>, r/sr=sicking
2007-10-26 18:46:09 -07:00
bzbarsky@mit.edu
06f6b88b65
Make the "href" property of stylesheets reflect the original URI that was reflected to load the sheet. Bug 397427, r=dbaron,biesi, sr=dbaron, a=dsicore
2007-10-23 14:56:41 -07:00
bzbarsky@mit.edu
f213fb7ef5
Somewhat reduce the amount of memory an nsPrincipal allocates in the common case. Bug 397733, r+sr+a=jst
2007-09-28 07:31:04 -07:00
bzbarsky@mit.edu
8ff844ab55
Make the nsISerializable implementation of nsPrincipal actually work. This makes it possible to save principal objects to a stream and read them back. Bug 369566, r=dveditz+brendan, sr=jst, a=jst
2007-09-17 15:18:28 -07:00
dveditz@cruzio.com
8877000696
bugs 230606 and 209234: add options to restrict file: URI same-origin policies, r+sr=jst, blocking+=pavlov
2007-09-06 00:02:57 -07:00
bent.mozilla@gmail.com
fd28607fdf
Bug 304048 - Backing out patch due to TXUL regression.
2007-08-30 17:52:58 -07:00
bent.mozilla@gmail.com
dea35a2d77
Bug 304048 - "xpconnect getters/setters don't have principals until after they pass or fail their security check." Patch by jst, sr=bzbarsky, a=jst.
2007-08-28 17:16:21 -07:00
bzbarsky@mit.edu
3aad27711a
Add some sanity null-checks. Bug 387446, r=dveditz, sr+a=jst
2007-08-06 19:09:16 -07:00
sdwilsh@shawnwilsher.com
d8e0b2e9bf
Bustage fix
2007-07-11 14:20:11 -07:00
jwalden@mit.edu
e3c4baccae
Bug 348748 - Replace all instances of NS_STATIC_CAST and friends with C++ casts (and simultaneously bitrot nearly every patch in existence). r=bsmedberg on the script that did this. Tune in next time for Macro Wars: Episode II: Attack on the LL_* Macros.
2007-07-08 00:08:04 -07:00
bzbarsky@mit.edu
5eafaa49e5
Make security manager API more useful from script. Make more things
...
scriptable, and add a scriptable method for testing whether a given principal
is the system principal. Bug 383783, r=dveditz, sr=jst
2007-06-18 08:12:09 -07:00
bzbarsky@mit.edu
5289e91a54
Optimize immutability of codebase/domain a little bit. Bug 380475, r=dveditz, sr=biesi
2007-06-18 08:07:02 -07:00
bzbarsky@mit.edu
e9c47c9a9e
Make nsPrincipal::Equals compare codebases, not just certs, for certificate
...
principals. Bug 369201, r=dveditz, sr=jst
2007-06-18 08:01:53 -07:00
benjamin@smedbergs.us
2e25a321f8
Bug 376636 - Building with gcc 4.3 and -pendatic fails due to extra semicolons, patch by Art Haas <ahaas@airmail.net>, rs=me
2007-04-23 07:21:53 -07:00
dbaron@dbaron.org
a7d9802f77
Remove GetKeyPointer method from nsTHashtable key types. b=374906 r=bsmedberg
2007-03-27 08:34:59 -07:00
dbaron@dbaron.org
85eb65ced4
Remove unused getKey callback from PLDHashTableOps/JSDHashTableOps. b=374906 r=bsmedberg
2007-03-27 08:33:38 -07:00
hg@mozilla.com
465265d0d4
Free the (distributed) Lizard! Automatic merge from CVS: Module mozilla: tag HG_REPO_INITIAL_IMPORT at 22 Mar 2007 10:30 PDT,
2007-03-22 10:30:00 -07:00