Bug 1037271. When loading sandboxed without a loading principal, just create a NullPrincipal instead of asserting and misbehaving. r=smaug

content/base/src/nsContentUtils.cpp

@@ -6498,10 +6498,20 @@ nsContentUtils::SetUpChannelOwner(nsIPrincipal* aLoadingPrincipal,
                                   bool aIsSandboxed,
                                   bool aForceInherit)
 {
-  if (!aLoadingPrincipal) {
-    // Nothing to do here
-    MOZ_ASSERT(!aIsSandboxed);
-    return false;
+  nsCOMPtr<nsIPrincipal> loadingPrincipal = aLoadingPrincipal;
+  if (!loadingPrincipal) {
+    if (!aIsSandboxed) {
+      // Nothing to do here
+      return false;
+    }
+
+    // Go ahead and create a nullprincipal to use as our loading principal,
+    // since we need to make sure to sandbox the load but we have no clue who's
+    // loading us.
+    loadingPrincipal = do_CreateInstance(NS_NULLPRINCIPAL_CONTRACTID);
+    if (!loadingPrincipal) {
+      NS_RUNTIMEABORT("Failed to create a principal?");
+    }
   }
 
   // If we're sandboxed, make sure to clear any owner the channel
@@ -6541,14 +6551,14 @@ nsContentUtils::SetUpChannelOwner(nsIPrincipal* aLoadingPrincipal,
       // based on its own codebase later.
       //
       (URIIsLocalFile(aURI) &&
-       NS_SUCCEEDED(aLoadingPrincipal->CheckMayLoad(aURI, false, false)) &&
+       NS_SUCCEEDED(loadingPrincipal->CheckMayLoad(aURI, false, false)) &&
        // One more check here.  CheckMayLoad will always return true for the
        // system principal, but we do NOT want to inherit in that case.
-       !IsSystemPrincipal(aLoadingPrincipal));
+       !IsSystemPrincipal(loadingPrincipal));
   }
 
   nsCOMPtr<nsILoadInfo> loadInfo =
-    new LoadInfo(aLoadingPrincipal,
+    new LoadInfo(loadingPrincipal,
                  inherit ?
                    LoadInfo::eInheritPrincipal : LoadInfo::eDontInheritPrincipal,
                  aIsSandboxed ? LoadInfo::eSandboxed : LoadInfo::eNotSandboxed);