mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 20:25:44 +00:00
Fix possible referrer spoofing b=363179 r=IanN sr=jag
This commit is contained in:
parent
3390a3b656
commit
26000a28a6
@ -178,7 +178,7 @@
|
||||
if (ceParams) {
|
||||
var href = ceParams.href;
|
||||
if (isKeyCommand) {
|
||||
openNewTabWith(href, true, event.shiftKey);
|
||||
openNewTabWith(href, event.target.ownerDocument, event.shiftKey);
|
||||
event.stopPropagation();
|
||||
}
|
||||
else {
|
||||
@ -236,18 +236,18 @@
|
||||
return false;
|
||||
}
|
||||
|
||||
function openNewTabOrWindow(event, href, sendReferrer)
|
||||
function openNewTabOrWindow(event, href, doc)
|
||||
{
|
||||
// should we open it in a new tab?
|
||||
if (pref && pref.getBoolPref("browser.tabs.opentabfor.middleclick")) {
|
||||
openNewTabWith(href, sendReferrer, event.shiftKey);
|
||||
openNewTabWith(href, doc, event.shiftKey);
|
||||
event.stopPropagation();
|
||||
return true;
|
||||
}
|
||||
|
||||
// should we open it in a new window?
|
||||
if (pref && pref.getBoolPref("middlemouse.openNewWindow")) {
|
||||
openNewWindowWith(href, sendReferrer);
|
||||
openNewWindowWith(href, doc);
|
||||
event.stopPropagation();
|
||||
return true;
|
||||
}
|
||||
@ -258,13 +258,13 @@
|
||||
|
||||
function handleLinkClick(event, href, linkNode)
|
||||
{
|
||||
// Make sure we are allowed to open this URL
|
||||
urlSecurityCheck(href, document);
|
||||
// Checking to make sure we are allowed to open this URL
|
||||
// (call to urlSecurityCheck) is now done within openNew... functions
|
||||
|
||||
switch (event.button) {
|
||||
case 0: // if left button clicked
|
||||
if (event.metaKey || event.ctrlKey) { // and meta or ctrl are down
|
||||
if (openNewTabOrWindow(event, href, true))
|
||||
if (openNewTabOrWindow(event, href, linkNode.ownerDocument))
|
||||
return true;
|
||||
}
|
||||
var saveModifier = true;
|
||||
@ -278,15 +278,15 @@
|
||||
saveModifier = saveModifier ? event.shiftKey : event.altKey;
|
||||
|
||||
if (saveModifier) { // if saveModifier is down
|
||||
saveURL(href, linkNode ? gatherTextUnder(linkNode) : "",
|
||||
"SaveLinkTitle", false, getReferrer(document));
|
||||
saveURL(href, gatherTextUnder(linkNode), "SaveLinkTitle",
|
||||
false, getReferrer(linkNode.ownerDocument));
|
||||
return true;
|
||||
}
|
||||
if (event.altKey) // if alt is down
|
||||
return true; // do nothing
|
||||
return false;
|
||||
case 1: // if middle button clicked
|
||||
if (openNewTabOrWindow(event, href, true))
|
||||
if (openNewTabOrWindow(event, href, linkNode.ownerDocument))
|
||||
return true;
|
||||
break;
|
||||
}
|
||||
@ -311,7 +311,7 @@
|
||||
|
||||
url = gURIFixup.createFixupURI(url, nsIURIFixup.FIXUP_FLAGS_MAKE_ALTERNATE_URI).spec;
|
||||
|
||||
return openNewTabOrWindow(event, url, false);
|
||||
return openNewTabOrWindow(event, url, null);
|
||||
}
|
||||
|
||||
// If ctrl wasn't down, then just load the url in the targeted win/tab.
|
||||
|
@ -82,11 +82,14 @@ function getContentFrameDocument(aFocusedWindow)
|
||||
|
||||
function getReferrer(doc)
|
||||
{
|
||||
var focusedWindow = doc.commandDispatcher.focusedWindow;
|
||||
var sourceDocument = getContentFrameDocument(focusedWindow);
|
||||
if (!doc)
|
||||
return null;
|
||||
|
||||
if (doc == document) // compatibility
|
||||
doc = getContentFrameDocument(document.commandDispatcher.focusedWindow);
|
||||
|
||||
try {
|
||||
return makeURI(sourceDocument.location.href, sourceDocument.characterSet);
|
||||
return makeURI(doc.location.href, doc.characterSet);
|
||||
} catch (e) {
|
||||
return null;
|
||||
}
|
||||
@ -95,30 +98,28 @@ function getReferrer(doc)
|
||||
function openAsExternal(aURL)
|
||||
{
|
||||
openNewTabWindowOrExistingWith(pref.getIntPref("browser.link.open_external"),
|
||||
aURL, false, false);
|
||||
aURL, null, false);
|
||||
}
|
||||
|
||||
function openNewWindowWith(aURL, aSendReferrer)
|
||||
function openNewWindowWith(aURL, aDoc)
|
||||
{
|
||||
openNewTabWindowOrExistingWith(kNewWindow, aURL, aSendReferrer, false);
|
||||
openNewTabWindowOrExistingWith(kNewWindow, aURL, aDoc, false);
|
||||
}
|
||||
|
||||
function openNewTabWith(aURL, aSendReferrer, aReverseBackgroundPref)
|
||||
function openNewTabWith(aURL, aDoc, aReverseBackgroundPref)
|
||||
{
|
||||
openNewTabWindowOrExistingWith(kNewTab, aURL, aSendReferrer, aReverseBackgroundPref);
|
||||
openNewTabWindowOrExistingWith(kNewTab, aURL, aDoc, aReverseBackgroundPref);
|
||||
}
|
||||
|
||||
function openNewTabWindowOrExistingWith(aType, aURL, aSendReferrer, aReverseBackgroundPref)
|
||||
function openNewTabWindowOrExistingWith(aType, aURL, aDoc, aReverseBackgroundPref)
|
||||
{
|
||||
// Make sure we are allowed to open this url
|
||||
urlSecurityCheck(aURL, document);
|
||||
|
||||
// get referrer, if as external should be null
|
||||
var referrer = aSendReferrer ? getReferrer(document) : null;
|
||||
var referrer = getReferrer(aDoc);
|
||||
|
||||
var browser;
|
||||
var browserWin;
|
||||
|
||||
// if we're not opening a new window, try and find existing window
|
||||
if (aType != kNewWindow)
|
||||
browserWin = getTopWin();
|
||||
@ -143,7 +144,7 @@ function openNewTabWindowOrExistingWith(aType, aURL, aSendReferrer, aReverseBack
|
||||
}
|
||||
|
||||
// Get the existing browser object
|
||||
browser = browserWin.getBrowser();
|
||||
var browser = browserWin.getBrowser();
|
||||
|
||||
// Open link in an existing window.
|
||||
if (aType == kExistingWindow) {
|
||||
|
@ -600,17 +600,17 @@ nsContextMenu.prototype = {
|
||||
// Open linked-to URL in a new window.
|
||||
openLink : function () {
|
||||
// Determine linked-to URL.
|
||||
openNewWindowWith( this.linkURL(), true );
|
||||
openNewWindowWith( this.linkURL(), this.target.ownerDocument );
|
||||
},
|
||||
// Open linked-to URL in a new tab.
|
||||
openLinkInTab : function ( reverseBackgroundPref ) {
|
||||
// Determine linked-to URL.
|
||||
openNewTabWith( this.linkURL(), true, reverseBackgroundPref );
|
||||
openNewTabWith( this.linkURL(), this.target.ownerDocument, reverseBackgroundPref );
|
||||
},
|
||||
// Open frame in a new tab.
|
||||
openFrameInTab : function ( reverseBackgroundPref ) {
|
||||
// Determine linked-to URL.
|
||||
openNewTabWith( this.target.ownerDocument.location.href, true, reverseBackgroundPref );
|
||||
openNewTabWith( this.target.ownerDocument.location.href, this.target.ownerDocument, reverseBackgroundPref );
|
||||
},
|
||||
// Reload clicked-in frame.
|
||||
reloadFrame : function () {
|
||||
@ -706,14 +706,12 @@ nsContextMenu.prototype = {
|
||||
// Save URL of clicked-on link.
|
||||
saveLink : function () {
|
||||
saveURL( this.linkURL(), this.linkText(), null, true,
|
||||
getReferrer(document) );
|
||||
getReferrer(this.target.ownerDocument) );
|
||||
},
|
||||
// Save URL of clicked-on image.
|
||||
saveImage : function () {
|
||||
// Note: getReferrer wants our chrome document, not the actual
|
||||
// target document; it handles getting that itself.
|
||||
saveImageURL( this.imageURL, null, "SaveImageTitle", false,
|
||||
getReferrer(document) );
|
||||
getReferrer(this.target.ownerDocument) );
|
||||
},
|
||||
// Generate email address.
|
||||
getEmail : function () {
|
||||
|
Loading…
Reference in New Issue
Block a user