From 0cccd6dadc0873016c24d9d8057c4c1a907fc2ec Mon Sep 17 00:00:00 2001
From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Thu, 21 May 2009 15:46:05 -0400
Subject: [PATCH] Bug 493495 followup.  Just cut off the recursion if it gets
 too deep.  r+sr=mrbkap

---
 caps/src/nsScriptSecurityManager.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp
index f71666c09e8b..86e59b75f310 100644
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -143,6 +143,14 @@ nsresult
 GetPrincipalDomainOrigin(nsIPrincipal* aPrincipal,
                          nsACString& aOrigin)
 {
+  if (nsAutoInPrincipalDomainOriginSetter::sInPrincipalDomainOrigin > 1) {
+      // Allow a single recursive call to GetPrincipalDomainOrigin, since that
+      // might be happening on a different principal from the first call.  But
+      // after that, cut off the recursion; it just indicates that something
+      // we're doing in this method causes us to reenter a security check here.
+      return NS_ERROR_NOT_AVAILABLE;
+  }
+
   nsAutoInPrincipalDomainOriginSetter autoSetter;
   aOrigin.Truncate();