Fix

23643 Reading email messages using <META REFRESH> 23729 Executing functions in "chrome:" protocol - #3 - META REFRES 23730 Executing functions in "chrome:" protocol - #4 - HTTP redire 24217 Access to functions in chrome: protocol using IFRAME 24865 Parsing local non-HTML files #2 using META REFRESH r=gagan
2024-12-14 10:43:24 +00:00 · 2000-01-25 04:42:01 +00:00 · 2000-01-25 04:42:01 +00:00 · 8c000f9285
commit 8c000f9285
parent 71903370cb
3 changed files with 21 additions and 2 deletions
--- a/content/html/document/src/nsHTMLContentSink.cpp
+++ b/content/html/document/src/nsHTMLContentSink.cpp
@ -3663,7 +3663,7 @@ HTMLContentSink::ProcessMETATag(const nsIParserNode& aNode)
                  // go past the '=' sign
                  loc = result.Find("=", PR_TRUE, loc);
                  if (loc > -1) {
-                      loc++; // leading/trailign spaces get trimmed in url creating code.
+                      loc++; // leading/trailing spaces get trimmed in url creating code.
                      result.Mid(uriAttribStr, loc, result.Length() - loc);
                      uriCStr = uriAttribStr.GetUnicode();
                  }
@ -3671,6 +3671,12 @@ HTMLContentSink::ProcessMETATag(const nsIParserNode& aNode)

              nsIURI *uri = nsnull;
              rv = NS_NewURI(&uri, uriCStr, baseURI);
+              if (loc > -1 && NS_SUCCEEDED(rv)) {
+                  NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+                                  NS_SCRIPTSECURITYMANAGER_PROGID, &rv);
+                  if (NS_SUCCEEDED(rv))
+                      rv = securityManager->CheckLoadURI(baseURI, uri);
+              }
              NS_RELEASE(baseURI);
              if (NS_FAILED(rv)) return rv;

--- a/layout/html/document/src/nsHTMLContentSink.cpp
+++ b/layout/html/document/src/nsHTMLContentSink.cpp
@ -3663,7 +3663,7 @@ HTMLContentSink::ProcessMETATag(const nsIParserNode& aNode)
                  // go past the '=' sign
                  loc = result.Find("=", PR_TRUE, loc);
                  if (loc > -1) {
-                      loc++; // leading/trailign spaces get trimmed in url creating code.
+                      loc++; // leading/trailing spaces get trimmed in url creating code.
                      result.Mid(uriAttribStr, loc, result.Length() - loc);
                      uriCStr = uriAttribStr.GetUnicode();
                  }
@ -3671,6 +3671,12 @@ HTMLContentSink::ProcessMETATag(const nsIParserNode& aNode)

              nsIURI *uri = nsnull;
              rv = NS_NewURI(&uri, uriCStr, baseURI);
+              if (loc > -1 && NS_SUCCEEDED(rv)) {
+                  NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+                                  NS_SCRIPTSECURITYMANAGER_PROGID, &rv);
+                  if (NS_SUCCEEDED(rv))
+                      rv = securityManager->CheckLoadURI(baseURI, uri);
+              }
              NS_RELEASE(baseURI);
              if (NS_FAILED(rv)) return rv;

--- a/netwerk/protocol/http/src/nsHTTPChannel.cpp
+++ b/netwerk/protocol/http/src/nsHTTPChannel.cpp
@ -49,6 +49,7 @@
 #include "nsAuthEngine.h"
 #include "nsINetDataCacheManager.h"
 #include "nsINetDataCache.h"
+#include "nsIScriptSecurityManager.h"

 #ifdef DEBUG_gagan
 #include "nsUnixColorPrintf.h"
@ -1255,6 +1256,12 @@ nsresult nsHTTPChannel::Redirect(const char *aNewLocation,
  nsAllocator::Free(newURLSpec);
 #endif /* PR_LOGGING */

+  NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+                  NS_SCRIPTSECURITYMANAGER_PROGID, &rv);
+  if (NS_FAILED(rv)) return rv;
+  rv = securityManager->CheckLoadURI(mOriginalURI, newURI);
+  if (NS_FAILED(rv)) return rv;
+
  rv = serv->NewChannelFromURI(mVerb.GetBuffer(), newURI, mLoadGroup, mCallbacks,
                               mLoadAttributes, mOriginalURI, 
                               mBufferSegmentSize, mBufferMaxSize, getter_AddRefs(channel));