mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 12:15:33 +00:00
Bug 522430 - Don't hand out unexpected objects. r=jst sr=sicking
This commit is contained in:
parent
8b0f5d76cf
commit
a03c404963
@ -2959,7 +2959,7 @@ nsGlobalWindow::GetOpener(nsIDOMWindowInternal** aOpener)
|
||||
|
||||
*aOpener = nsnull;
|
||||
|
||||
nsCOMPtr<nsIDOMWindowInternal> opener = do_QueryReferent(mOpener);
|
||||
nsCOMPtr<nsPIDOMWindow> opener = do_QueryReferent(mOpener);
|
||||
if (!opener) {
|
||||
return NS_OK;
|
||||
}
|
||||
@ -2970,27 +2970,36 @@ nsGlobalWindow::GetOpener(nsIDOMWindowInternal** aOpener)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsPIDOMWindow> openerPwin(do_QueryInterface(opener));
|
||||
if (!openerPwin) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// First, ensure that we're not handing back a chrome window.
|
||||
nsGlobalWindow *win = static_cast<nsGlobalWindow *>(openerPwin.get());
|
||||
if (win->IsChromeWindow()) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// We don't want to reveal the opener if the opener is a mail window,
|
||||
// because opener can be used to spoof the contents of a message (bug 105050).
|
||||
// So, we look in the opener's root docshell to see if it's a mail window.
|
||||
nsCOMPtr<nsPIDOMWindow> openerPwin(do_QueryInterface(opener));
|
||||
if (openerPwin) {
|
||||
nsCOMPtr<nsIDocShellTreeItem> docShellAsItem =
|
||||
do_QueryInterface(openerPwin->GetDocShell());
|
||||
nsCOMPtr<nsIDocShellTreeItem> docShellAsItem =
|
||||
do_QueryInterface(openerPwin->GetDocShell());
|
||||
|
||||
if (docShellAsItem) {
|
||||
nsCOMPtr<nsIDocShellTreeItem> openerRootItem;
|
||||
docShellAsItem->GetRootTreeItem(getter_AddRefs(openerRootItem));
|
||||
nsCOMPtr<nsIDocShell> openerRootDocShell(do_QueryInterface(openerRootItem));
|
||||
if (openerRootDocShell) {
|
||||
PRUint32 appType;
|
||||
nsresult rv = openerRootDocShell->GetAppType(&appType);
|
||||
if (NS_SUCCEEDED(rv) && appType != nsIDocShell::APP_TYPE_MAIL) {
|
||||
*aOpener = opener;
|
||||
}
|
||||
if (docShellAsItem) {
|
||||
nsCOMPtr<nsIDocShellTreeItem> openerRootItem;
|
||||
docShellAsItem->GetRootTreeItem(getter_AddRefs(openerRootItem));
|
||||
nsCOMPtr<nsIDocShell> openerRootDocShell(do_QueryInterface(openerRootItem));
|
||||
if (openerRootDocShell) {
|
||||
PRUint32 appType;
|
||||
nsresult rv = openerRootDocShell->GetAppType(&appType);
|
||||
if (NS_SUCCEEDED(rv) && appType != nsIDocShell::APP_TYPE_MAIL) {
|
||||
*aOpener = opener;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
NS_IF_ADDREF(*aOpener);
|
||||
return NS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user