mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 22:01:30 +00:00
Bug 127938 - chrome scripts should be exempt from the security check put in for
bug 105050, on access to the opener property when the opener is a mail window. r=pavlov, sr=jst, a=leaf.
This commit is contained in:
parent
3b2cd6327b
commit
18c8067fae
@ -198,6 +198,12 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
|
||||
[noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx,
|
||||
in JSObjectPtr obj);
|
||||
|
||||
/**
|
||||
* Returns true if the principal of the currently running script is the
|
||||
* system principal, false otherwise.
|
||||
*/
|
||||
boolean subjectPrincipalIsSystem();
|
||||
|
||||
/**
|
||||
* Forget all currently stored security policies and reread from prefs.
|
||||
* This must be called after any capability.policy prefs have changed.
|
||||
|
@ -1248,6 +1248,31 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsScriptSecurityManager::SubjectPrincipalIsSystem(PRBool* aIsSystem)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(aIsSystem);
|
||||
*aIsSystem = PR_FALSE;
|
||||
|
||||
if (!mSystemPrincipal)
|
||||
return NS_OK;
|
||||
|
||||
nsCOMPtr<nsIPrincipal> subject;
|
||||
nsresult rv = GetSubjectPrincipal(getter_AddRefs(subject));
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
if(!subject)
|
||||
{
|
||||
// No subject principal means no JS is running;
|
||||
// this is the equivalent of system principal code
|
||||
*aIsSystem = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
return mSystemPrincipal->Equals(subject, aIsSystem);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID,
|
||||
nsIPrincipal **result)
|
||||
@ -2708,7 +2733,6 @@ nsScriptSecurityManager::InitPrefs()
|
||||
PRUint32 prefCount;
|
||||
char** prefNames;
|
||||
|
||||
//-- Set a callback for policy changes
|
||||
// Registering the security manager as an observer to the
|
||||
// profile-after-change topic. We will build up the policy table
|
||||
// after the initial profile loads and after profile switches.
|
||||
|
@ -1194,6 +1194,18 @@ NS_IMETHODIMP
|
||||
GlobalWindowImpl::GetOpener(nsIDOMWindowInternal** aOpener)
|
||||
{
|
||||
*aOpener = nsnull;
|
||||
// First, check if we were called from a privileged chrome script
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan(
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
|
||||
NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
|
||||
PRBool inChrome;
|
||||
nsresult rv = secMan->SubjectPrincipalIsSystem(&inChrome);
|
||||
if (NS_SUCCEEDED(rv) && inChrome) {
|
||||
*aOpener = mOpener;
|
||||
NS_IF_ADDREF(*aOpener);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// We don't want to reveal the opener if the opener is a mail window,
|
||||
// because opener can be used to spoof the contents of a message (bug 105050).
|
||||
// So, we look in the opener's root docshell to see if it's a mail window.
|
||||
|
Loading…
Reference in New Issue
Block a user