diff --git a/dom/plugins/base/nsPluginInstanceOwner.cpp b/dom/plugins/base/nsPluginInstanceOwner.cpp index 1998d9f25db9..ca07ebbc12c3 100644 --- a/dom/plugins/base/nsPluginInstanceOwner.cpp +++ b/dom/plugins/base/nsPluginInstanceOwner.cpp @@ -50,6 +50,7 @@ using mozilla::DefaultXDisplay; #include "nsIContentInlines.h" #include "mozilla/MiscEvents.h" #include "mozilla/MouseEvents.h" +#include "mozilla/NullPrincipal.h" #include "mozilla/TextEvents.h" #include "mozilla/dom/DragEvent.h" #include "mozilla/dom/Element.h" @@ -482,6 +483,8 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL, mozilla::OriginAttributes attrs = BasePrincipal::Cast(content->NodePrincipal())->OriginAttributesRef(); triggeringPrincipal = BasePrincipal::CreateCodebasePrincipal(uri, attrs); + } else { + triggeringPrincipal = NullPrincipal::CreateWithInheritedAttributes(content->NodePrincipal()); } rv = lh->OnLinkClick(content, uri, unitarget.get(), VoidString(), diff --git a/toolkit/components/windowwatcher/nsWindowWatcher.cpp b/toolkit/components/windowwatcher/nsWindowWatcher.cpp index e1cb71610f57..33984bf1d07a 100644 --- a/toolkit/components/windowwatcher/nsWindowWatcher.cpp +++ b/toolkit/components/windowwatcher/nsWindowWatcher.cpp @@ -60,6 +60,7 @@ #include "nsSandboxFlags.h" #include "nsSimpleEnumerator.h" #include "mozilla/CheckedInt.h" +#include "mozilla/NullPrincipal.h" #include "mozilla/Preferences.h" #include "mozilla/dom/Element.h" #include "mozilla/dom/Storage.h" @@ -1033,9 +1034,10 @@ nsWindowWatcher::OpenWindowInternal(mozIDOMWindowProxy* aParent, // Note: The check for the current JSContext isn't necessarily sensical. // It's just designed to preserve old semantics during a mass-conversion // patch. + // Bug 1498605 verify usages of systemPrincipal here nsCOMPtr subjectPrincipal = nsContentUtils::GetCurrentJSContext() ? nsContentUtils::SubjectPrincipal() : - nullptr; + nsContentUtils::GetSystemPrincipal(); bool isPrivateBrowsingWindow = false;