From 9f0ff7ef3c38d019b85e44c6657a8032e17df8e5 Mon Sep 17 00:00:00 2001
From: "martijn.martijn%gmail.com" <martijn.martijn%gmail.com>
Date: Wed, 15 Mar 2006 11:03:25 +0000
Subject: [PATCH] Bug 330037 - First check if script/data url's are allowed,
 r=dveditz, sr=bzbarsky

---
 caps/src/nsScriptSecurityManager.cpp | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp
index a3f44d41467c..13029b049c4a 100644
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -1276,12 +1276,6 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
     rv = GetBaseURIScheme(aTargetURI, targetScheme);
     if (NS_FAILED(rv)) return rv;
 
-    if (nsCRT::strcasecmp(targetScheme.get(), sourceScheme.get()) == 0)
-    {
-        // every scheme can access another URI from the same scheme
-        return NS_OK;
-    }
-
     //-- Some callers do not allow loading javascript: or data: URLs
     if (((aFlags & (nsIScriptSecurityManager::DISALLOW_SCRIPT |
                     nsIScriptSecurityManager::DISALLOW_SCRIPT_OR_DATA)) &&
@@ -1292,6 +1286,12 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
        return NS_ERROR_DOM_BAD_URI;
     }
 
+    if (nsCRT::strcasecmp(targetScheme.get(), sourceScheme.get()) == 0)
+    {
+        // every scheme can access another URI from the same scheme
+        return NS_OK;
+    }
+
     //-- If the schemes don't match, the policy is specified in this table.
     enum Action { AllowProtocol, DenyProtocol, PrefControlled, ChromeProtocol};
     static const struct