mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-28 23:31:56 +00:00
Bug 1312091 - Allow third-party subframes to access navigator.plugins[plugin] if the top-level document has allowed it. r=bsmedberg
MozReview-Commit-ID: 5Ei77KD6qZC --HG-- extra : rebase_source : d37a15a73135e7dcb7e40d2de8d83342451cc5fb
This commit is contained in:
parent
5f0a2f9de1
commit
899e9b7747
@ -366,9 +366,21 @@ nsPluginArray::EnsurePlugins()
|
||||
nsCString permString;
|
||||
nsresult rv = pluginHost->GetPermissionStringForTag(pluginTag, 0, permString);
|
||||
if (rv == NS_OK) {
|
||||
nsIPrincipal* principal = mWindow->GetExtantDoc()->NodePrincipal();
|
||||
nsCOMPtr<nsIPermissionManager> permMgr = services::GetPermissionManager();
|
||||
permMgr->TestPermissionFromPrincipal(principal, permString.get(), &permission);
|
||||
nsCOMPtr<nsIDocument> currentDoc = mWindow->GetExtantDoc();
|
||||
|
||||
// The top-level content document gets the final say on whether or not
|
||||
// a plugin is going to be hidden or not, regardless of the origin
|
||||
// that a subframe is hosted at. This is to avoid spamming the user
|
||||
// with the hidden plugin notification bar when third-party iframes
|
||||
// attempt to access navigator.plugins after the user has already
|
||||
// expressed that the top-level document has this permission.
|
||||
nsCOMPtr<nsIDocument> topDoc = currentDoc->GetTopLevelContentDocument();
|
||||
|
||||
if (topDoc) {
|
||||
nsIPrincipal* principal = topDoc->NodePrincipal();
|
||||
nsCOMPtr<nsIPermissionManager> permMgr = services::GetPermissionManager();
|
||||
permMgr->TestPermissionFromPrincipal(principal, permString.get(), &permission);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user