Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-15 22:35:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 829872 - Return null for cross-origin contentDocument. r=bz

Browse Source
This commit is contained in:
Bobby Holley 2013-05-03 14:47:09 -07:00
parent 9b971f4a50
commit 06f27cde2c
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
content/base/src/nsObjectLoadingContent.cpp
View File

@ -2838,6 +2838,11 @@ nsObjectLoadingContent::GetContentDocument()
return nullptr;
}
// Return null for cross-origin contentDocument.
if (!nsContentUtils::GetSubjectPrincipal()->Subsumes(sub_doc->NodePrincipal())) {
return nullptr;
}
return sub_doc;
}

8
content/html/content/src/nsGenericHTMLFrameElement.cpp
View File

@ -64,7 +64,13 @@ nsGenericHTMLFrameElement::GetContentDocument()
return nullptr;
}
return win->GetDoc();
nsIDocument *doc = win->GetDoc();
// Return null for cross-origin contentDocument.
if (!nsContentUtils::GetSubjectPrincipal()->Subsumes(doc->NodePrincipal())) {
return nullptr;
}
return doc;
}
nsresult