Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-06 17:16:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).

Browse Source 
r=beard, sr=hyatt
This commit is contained in:
mstoltz%netscape.com 2006-07-29 05:36:37 +00:00
parent f26ea3721c
commit 7e06c069e2
2 changed files with 21 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
suite/common/contentAreaUtils.js
View File

@ -39,24 +39,18 @@
function openNewWindowWith(url) {
// URL Loading Security Check
const nsIStandardURL = Components.interfaces.nsIStandardURL;
const nsIURI = Components.interfaces.nsIURI;
const stdURL = Components.classes["@mozilla.org/network/standard-url;1"];
var sourceURL = stdURL.createInstance(nsIStandardURL);
var focusedWindow = document.commandDispatcher.focusedWindow;
// URL Loading Security Check
var focusedWindow = document.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : window._content.location.href;
sourceURL.init(nsIStandardURL.URLTYPE_STANDARD, 80, sourceWin, null);
var targetURL = stdURL.createInstance(nsIStandardURL);
targetURL.init(nsIStandardURL.URLTYPE_STANDARD, 80, url, null);
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
QueryInterface(nsIScriptSecurityManager);
secMan.checkLoadURI(sourceURL, targetURL, nsIScriptSecurityManager.STANDARD);
try {
secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
} catch (e) {
throw "Load of " + url + " denied.";
}
var newWin;
var wintype = document.firstChild.getAttribute('windowtype');

14
suite/common/utilityOverlay.js
View File

@ -281,6 +281,20 @@ function editPage(url, launchWindow, delay)
}
}
// URL Loading Security Check
var focusedWindow = launchWindow.document.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
QueryInterface(nsIScriptSecurityManager);
try {
secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
} catch (e) {
throw "Edit of " + url + " denied.";
}
var windowManager = Components.classes['@mozilla.org/rdf/datasource;1?name=window-mediator'].getService();
if (!windowManager) return;
var windowManagerInterface = windowManager.QueryInterface( Components.interfaces.nsIWindowMediator);