Sid Stamm
f2278605c1
Bug 515437 CSP connection code, r=jst,dveditz sr=jst
2010-01-22 13:38:21 -08:00
Daniel Veditz
0e538279e0
Backed out changeset a6ce37b09cf5 because of possible Tp4 perf hit
2010-01-14 17:19:11 -08:00
Sid Stamm ext:(%2C%20Brandon%20Sterne%20%3Cbsterne%40mozilla.com%3E)
56ceec2c4c
bug 515433, bug 515437: Content Security Policy (CSP) core
2010-01-13 14:18:24 -08:00
Peter Van der Beken
0398910587
Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
...
--HG--
extra : rebase_source : 4f7978e3ed1335fc4f58478afc038fb63576581b
2009-09-18 12:43:48 +02:00
Taras Glek
45c73c60d8
Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz
...
--HG--
extra : rebase_source : c6ba6e900ceed210620d47f70c9b962a808a29fe
2009-10-12 12:31:50 -07:00
Taras Glek
6da4861bfc
bug 521191: backed out e22bef491d84
2009-10-08 16:44:44 -07:00
Taras Glek
c7f069ab70
Backed out changeset e22bef491d84
2009-10-08 16:43:55 -07:00
Peter Van der Beken
a966d60c00
Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange.
2009-10-08 13:42:07 -07:00
Peter Van der Beken
886612c189
Backed out changeset 542fa9413bd0, fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative), to try to fix orange.
2009-10-08 13:41:44 -07:00
Taras Glek
4c56f842c8
Bug 515777 - move css files, hiddenWindow.html to jar r=bsmedberg sr=bz
2009-10-08 11:22:50 -07:00
Peter Van der Beken
e2e773f880
Fix for bug 517196 (The JSClass of wrappers shouldn't change when morphing from slim to XPCWrappedNative). r=mrbkap.
...
--HG--
extra : rebase_source : 95898b5ab53d60200058374c52cdb8161aabf78b
2009-09-18 12:43:48 +02:00
Blake Kaplan
79a79a0e55
Bug 504021 - Add an API to the script security manager to clamp principals for a given context. r=jst/bzbarsky sr=dveditz
2009-08-21 18:20:20 -07:00
Igor Bukanov
6bfe4771cc
bug 513190 - avoiding jsint tagging of the private slot data. r=jorendorff
2009-09-05 19:59:11 +04:00
Benjamin Smedberg
2e9438fd2f
Followup to bug 398573 - remove REQUIRES from the tree since it is no longer used... automatically generated patch, rs=ted
2009-08-25 08:59:31 -07:00
Taras Glek
17420ddd67
Bug 468011 - Combine all chrome into browser+toolkit jars. r=bsmedberg
2009-08-14 09:32:40 -07:00
Blake Kaplan
3f98edd6fe
Bug 502959 - Restore code to make caps allow wrapping same-origin wrappedjs objects. r=jst sr=bzbarsky
2009-08-06 20:26:33 -07:00
Boris Zbarsky
1486bf6f66
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 21:27:33 -04:00
David Zbarsky
aca9dc4bae
Bug 392526. Some callers of nsID::ToString use a mismatched allocator to free the string. r=bsmedberg
2009-07-29 13:54:44 -04:00
Boris Zbarsky
b63722a57d
Backed out changeset b55e7e3c0bfb to see whether bug 495176 might be causing the WinXP Txul regression
...
--HG--
extra : rebase_source : c854c6a8afad67c583ff08e23bbac27cbf99c0cd
2009-07-28 14:34:01 -04:00
Boris Zbarsky
0dc99e9f40
Backed out changeset 9d5e247b5052 to see whether bug 495176 might be causing
...
the WinXP Txul regression.
--HG--
extra : rebase_source : 41a0fe73ec43dff97ada391db29dc121fb677403
2009-07-28 14:32:45 -04:00
Boris Zbarsky
a920f6147b
Fixing crashes during tests by null-checking the principal URI as appropriate. Bug 495176
2009-07-26 23:21:01 -04:00
Boris Zbarsky
13672ba2e1
Bug 495176. Improve security error reporting when document.domain is involved. r=jst,pike sr=jst
2009-07-26 21:27:33 -04:00
Peter Van der Beken
ca8ccf47e0
Fix for bug 482788 (Lightweight DOM wrappers). r=jst, sr=mrbkap.
2009-05-12 22:20:42 +02:00
Johnny Stenback
a511964116
Fixing bug 442399. Remove LiveConnect from the tree. r=joshmoz@gmail.com, bclary@bclary.com, sr=brendan@mozilla.org
2009-06-30 15:55:16 -07:00
Arpad Borsos
497b2e227d
Back out b8e531a6c961 (Bug 474369), it really did cause the windows dhtml regression
...
--HG--
extra : rebase_source : 568114bcfc5a7710d9e2c2fe5e234fa190bebba1
2009-06-16 14:38:51 +02:00
Olli Pettay
cc228b8e8a
Bug 489561 - nsPrincipal should cache nsIPrefBranch and codebase_principal_support pref, r+sr=dveditz, +comments from bz
2009-06-16 14:00:06 +03:00
Arpad Borsos
ef105af6ce
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Phil Ringnalda
737a6446f9
Bug 495021 - CAPS unconditionally builds tests, r=shaver
2009-06-13 11:53:38 -07:00
Blake Kaplan
0e65edf009
Bug 441714 - Protect caps against SJOWs. r+sr=dveditz
2009-06-12 14:38:05 -07:00
Arpad Borsos
cd1887abfd
Back out bug 474369, suspected of causing dhtml and tp3 regression
2009-06-12 23:20:55 +02:00
Arpad Borsos
3773b464cf
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
...
--HG--
extra : rebase_source : 2f40cba97555521222512c7cd793c2a2adcca333
2009-05-07 17:15:26 +02:00
Boris Zbarsky
74f23ff279
Bug 493495 followup. Just cut off the recursion if it gets too deep. r+sr=mrbkap
2009-05-21 15:46:05 -04:00
Boris Zbarsky
9159839164
Bug 493495. Protect against recursive attempts to report a security exception in cases when the URI objects involved can't be accessed due to being implemented as a JS component. r+sr=mrbkap
2009-05-20 21:49:42 -04:00
Boris Zbarsky
f45f0ba98e
Bug 410486. Fix test failures due to the exception message getting truncated.
2009-05-20 00:57:37 -04:00
timeless@mozdev.org
eb1e7164ee
Bug 410486. Make sure to be in a request when reporting a pending exception. r=dveditz, sr=mrbkap.
2009-05-19 22:11:01 -04:00
Dave Townsend
99034adf24
Backed out changeset 461d728271d1
2009-05-19 13:51:18 +01:00
Arpad Borsos
584155ddb7
Bug 474369 - get rid of nsVoidArray, remaining parts; r=bz, sr=dbaron
2009-05-07 17:15:26 +02:00
Blake Kaplan
4f88c00c6c
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
2009-05-14 15:17:56 -07:00
Blake Kaplan
3bab9bf56c
Bug 483672 - Give regular JS objects that have been reflected into C++ a security policy that follows the same-origin model. Also teach caps about "same origin" for these cases. r=jst sr=bzbarsky
2009-05-13 15:01:01 -07:00
L. David Baron
8c38aba811
Switch HTML mochitests from using MochiKit.js to packed.js. (Bug 490955) r=sayrer
2009-05-06 13:46:04 -07:00
Blake Kaplan
54734b9d0b
Bug 475864 - Move native anonymous content checks into a wrapper so that quickstubs don't sidestep them. r=jst sr=bzbarsky
2009-04-23 00:21:22 -07:00
Mook
9ad88404f5
Bug 472032 - [win64] sizeof(long) != sizeof(void*) assertion in nsScriptSecurityManager.cpp; changed SecurityLevel to use PRWord, clarified assertion on the protected code; r+sr=dveditz
2009-02-26 18:31:17 +01:00
Dan Mosedale
56f33790dd
Remove MailNews special casing from nsScriptSecurityManager (bug 374577), r+sr=bzbarsky
2009-02-17 20:32:57 -08:00
Daniel Holbert
2a7d88e05a
Bug 473236 - Remove executable bit from files that don't need it. (Only changes file mode -- no code changes.) r=bsmedberg
2009-01-21 22:55:08 -08:00
timeless@mozdev.org
caf7b1d646
Bug 412743 nsScriptSecurityManager::Init shouldn't treat failure of InitPrefs as fatal
...
r=mrbkap sr=dveditz
2009-01-07 20:42:15 -08:00
timeless@mozdev.org
9d1932e7d2
Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz, sr=dveditz
2009-01-01 15:45:23 -08:00
Phil Ringnalda
dd512bcb35
Crashtest for Bug 470804 crash [@ NS_GetInnermostURI - nsScriptSecurityManager::CheckLoadURIWithPrincipal], r=bz
2009-01-01 15:45:23 -08:00
Tyler Downer
c64b359146
Bug 471146 - remove old CAPS readme (already on devmo); r=brendan
2009-01-01 14:56:44 +01:00
Boris Zbarsky
e801383a04
Bug 460425. Do better security checks during redirection. r=sicking,biesi, sr=sicking
2008-11-25 20:50:04 -05:00
Phil Ringnalda
bbe7e1d08a
Bug 461888 - Remove unused PACKAGE_FILE and PACKAGE_VARS and .pkg files, mozilla-central part, r=bsmedberg
2008-11-03 19:46:28 -08:00
Blake Kaplan
5adf556d30
Bug 396851 - Check to see if we're UniversalXPConnect-enabled to allow privileged web pages to unwrap XOWs. r+sr=bzbarsky
2008-10-22 13:15:22 -07:00
Ben Newman
17eeddcb85
Bug 460124. Remove no-longer-needed code, since now we calculate hash values for nsPrincipals in a sane way. r+sr=bzbarsky
2008-10-16 10:56:51 -04:00
Igor Bukanov
59702db0da
Bug 459656 - Implementing nsIThreadJSContextStack in nsXPConnect. r+sr=mrbkap
2008-10-14 16:16:25 +02:00
Arpad Borsos
8b11d938d2
Bug 456388 - Remove PR_STATIC_CALLBACK and PR_CALLBACK(_DECL) from the tree; r+sr=brendan
2008-10-10 17:04:34 +02:00
Blake Kaplan
64c490b3ef
Bug 457299 - nsScriptSecurityManager doesn't suspend the request on the current context when it starts using the safe context. r+sr=bzbarsky
2008-10-08 15:05:25 -07:00
Ben Newman
fdede899e6
Bug 454850. Make sure that whenever nsPrincipal::Equals would return true for a pair of principals their nsPrincipal::GetHashValue returns are also equal. r+sr=bzbarsky
2008-10-08 09:16:27 -04:00
David Bienvenu
aff330072d
bug 453943, always disable js for mailnews for 3.0 b1, don't load pref, r=bz, sr=dmose
2008-09-21 15:21:07 -07:00
David Bienvenu
4df8ee2c63
temporarily disable js in mailnews for 3.0 b1, r=bz, sr=dmose 453943
2008-09-20 08:14:14 -07:00
Arpad Borsos
9b6f558fee
Bug 398946 - Remove JS_STATIC_DLL_CALLBACK and JS_DLL_CALLBACK from the tree; r=(benjamin + bent.mozilla)
2008-09-07 00:21:43 +02:00
Ben Turner
cb1f4f55af
Bug 451731 - "Update caps, dom, xpconnect for Bug 451729 (checkObjectAccess moving to the JSContext)". r+sr=jst.
2008-09-05 16:26:04 -07:00
Ben Turner
b83ece5423
Bug 453720 - "Caps should assert when scripts do not contain principals". r+sr=mrbkap.
2008-09-04 15:52:20 -07:00
Jason Orendorff
b94820fbeb
Bug 451571 - Delete SetExceptionWasThrown (r=dbradley, sr=jst)
2008-08-30 18:58:36 -05:00
Shawn Wilsher
837500c108
Bug 452486 - Create components when we actually have a profile
...
This changeset allows components to register for the profile-after-change
category in the category manager such that they will be initialized when this
topic would normally be dispatched.
r=bsmedberg
2008-08-29 16:40:05 -04:00
Honza Bambas
ec80dcba93
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-27 18:15:32 -07:00
Shawn Wilsher
ef49cb7eca
Bug 450914 - Proxy nsSimpleURI for nsNullPrincipal to the main thread (was "ASSERTION: nsSimpleURI not thread-safe" during principal destruction)
...
This changeset creates a threadsafe uri object for the null principal to use.
2008-08-27 18:11:02 -04:00
Dave Camp
71de9a78fb
Backed out changeset 1e3d4775197a (bug 442812)
2008-08-19 22:52:05 -07:00
Honza Bambas
6b04323552
Bug 442812: Implement the application cache selection algorithm. r+sr=bz
2008-08-19 19:31:08 -07:00
Boris Zbarsky
9ec967babe
Bug 434522 follow-up bustage fix.
2008-07-28 23:37:58 -07:00
Boris Zbarsky
82e19a7db4
Bug 437723. Make sure to look at the nested innermost URI when looking for the origin. r+sr=sicking
2008-07-28 23:10:05 -07:00
Boris Zbarsky
563efe0fc5
Bug 434522. Make the "Permission denied to access Class.property" mesage more useful. r+sr=jst
2008-07-28 23:03:19 -07:00
jonas@sicking.cc
2558cdb12f
Followup patch to bug 425201. Make sure to throw if xhr.open is called with an illegal uri. Also restore the nsIScriptSecurityManager.CheckConnect API as soap still uses it
2008-04-18 10:35:55 -07:00
gavin@gavinsharp.com
64695153a3
Rework test for bug 292789 to try and fix the timeout on qm-centos5-01
2008-04-14 01:50:51 -07:00
dveditz@cruzio.com
17cf11825a
tests for bug 292789 -- forgot during checkin
2008-04-12 17:55:45 -07:00
dveditz@cruzio.com
8689328ff5
bug 292789 prevent use of chrome: URIs from <script>, <img> stylesheets, etc except for chrome packages explicitly marked contentaccessible. r=bzbarsky, sr=jst, a=beltzner
2008-04-12 14:26:19 -07:00
jonas@sicking.cc
9b874a6992
Allow XMLHttpRequest and document.load load files from subdirectories. r/sr=dveditz
2008-04-08 17:38:12 -07:00
igor@mir2.org
c0d5c51190
[bug 423874] backing out as a simpler patch would do the job with less code.
2008-03-29 03:34:29 -07:00
igor@mir2.org
7598733582
[bug 424376] backing out - too much compatibility problems.
2008-03-28 15:27:36 -07:00
bzbarsky@mit.edu
2db2275e45
Fix bug 421228. r+sr=sicking
2008-03-27 20:46:15 -07:00
igor@mir2.org
51dcc8a464
bug=424376 r=brendan a1.9b5=beltzner Compile-time function objects are no longer exposed through SpiderMonkey API.
2008-03-23 03:16:40 -07:00
jst@mozilla.org
14b80d26bc
Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu
2008-03-22 09:50:47 -07:00
igor@mir2.org
eaa513c2f5
bug=423874 r=brendan a1.9b5=dsicore Allocating native functions together with JSObject
2008-03-21 01:19:23 -07:00
jst@mozilla.org
8b8c02a394
Fixing orange from bug 402983. Make file:///foo and file:////foo#bar compare as equal URLs. r+sr=bzbarsky@mit.edu
2008-03-20 23:01:55 -07:00
jst@mozilla.org
89acfcbf1a
Landing fix for bug 402983. Make security checks on file:// URIs symmetric. Patch by dveditz@cruzio.com, r=jonas@sicking.cc,bzbarsky@mit.edu. jst@mozilla.org
2008-03-20 21:39:08 -07:00
shaver@mozilla.org
dfe9ba8c69
Bug 246699: report better errors (with stacks) for security denials. r+sr=jst, a=mconnor.
2008-03-20 01:19:15 -07:00
shaver@mozilla.org
ec9eab3d12
Test for bug 423379 (content can load chrome and/or resource), r/sr=jst.
2008-03-19 15:14:51 -07:00
shaver@mozilla.org
aedf8d5eb3
(NPOTB, r=mrbkap, a=lumpy) Remove ancient caps test cruft in preparation for incoming mochitests. Also so that the tests listed in securetest.list will not mock me from beyond the NSCP grave.
2008-03-19 14:26:09 -07:00
jonas@sicking.cc
21fb00611b
Bug 413161: Make nsIPrincipal::Origin ignore changes to document.domain. r/sr=dveditz
2008-03-18 17:27:56 -07:00
bzbarsky@mit.edu
5383803699
Finally kill off CheckSameOriginPrincipal, fix remaining callers to do the checks they really want to be doing. Fix screw-up in nsPrincipal::Equals if one principal has a cert and the other does not. Bug 418996, r=mrbkap,dveditz, sr=jst
2008-03-18 14:14:49 -07:00
gavin@gavinsharp.com
b468aa6f00
Back out bug 246699 to fix bug 423375, per shaver
2008-03-17 07:10:48 -07:00
timeless@mozdev.org
7b35ecf9cb
Bug 246699 CAPS security exceptions should throw richer exception info (not just raw string) r=shaver a=shaver
2008-03-11 10:30:23 -07:00
reed@reedloden.com
ccc33c98c5
Bug 420081 - "Case mismatch between nsIURI and nsIUri in nsIPrincipal.idl" [p=mschroeder@mozilla.x-home.org (Martin Schröder [mschroeder]) r+sr=jst a1.9=beltzner]
2008-03-08 03:20:21 -08:00
jonas@sicking.cc
65f4571f58
Bug 416534: Clean up cross-site xmlhttprequest security checks. With fixes to tests this time. r/sr=peterv
2008-02-26 19:45:29 -08:00
myk@mozilla.org
b5e898ddd7
backing out fix for bug 416534 as potential cause of mochitest failure
2008-02-26 19:23:36 -08:00
jonas@sicking.cc
84548acb75
Bug 416534: Clean up cross-site xmlhttprequest security checks. r/sr=peterv
2008-02-26 18:17:49 -08:00
Olli.Pettay@helsinki.fi
67622f2077
Bug 411054, Audit IsNativeAnonymous()/GetBindingParent() uses, r+sr=sicking
2008-02-26 04:40:18 -08:00
reed@reedloden.com
7b58057fad
Bug 417710 - "Use JS_GET_CLASS, not JS_GetClass" [p=gyuyoung.kim@samsung.com (gyu-young kim) r=jorendorff r=jst sr+a1.9=brendan]
2008-02-25 00:59:20 -08:00
jonas@sicking.cc
ba446696ec
Bug 397878: Send Referer-Root header when doing cross-site access requests. Also update domain pattern matching to spec. Patch by <suryaismail@gmail.com>. r=bent sr=sicking b3a=beltzner
2008-01-31 00:16:54 -08:00
jst@mozilla.org
85f3006178
Fixing bustage.
2008-01-29 13:11:24 -08:00
jst@mozilla.org
6ecbc04940
Fixing bug 413767. Make caps use faster JS class/parent/private/proto accessors. r=mrbkap@gmail.com, sr=brendan@mozilla.org
2008-01-29 12:51:01 -08:00
jst@mozilla.org
a2481a1918
Fixing bug 317240. Re-enabling caps optimization now that a documents principal never changes. r+sr=bzbarsky@mit.edu
2008-01-28 09:51:38 -08:00