Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-04 02:57:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Protect document.open and document.close against some potential problems. bug 343168, r+sr=bzbarsky

Browse Source
This commit is contained in:
mrbkap%gmail.com 2006-08-01 21:48:03 +00:00
parent 67dac32d21
commit a4bc274aec
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
content/html/document/src/nsHTMLDocument.cpp
View File

@ -1915,6 +1915,19 @@ nsHTMLDocument::OpenCommon(const nsACString& aContentType, PRBool aReplace)
return NS_ERROR_DOM_NOT_SUPPORTED_ERR; return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
} }
nsresult rv = NS_OK;
nsPIDOMWindow *win = GetWindow();
if (win) {
nsCOMPtr<nsIDOMElement> frameElement;
rv = win->GetFrameElement(getter_AddRefs(frameElement));
NS_ENSURE_SUCCESS(rv, rv);
if (frameElement && !nsContentUtils::CanCallerAccess(frameElement)) {
return NS_ERROR_DOM_SECURITY_ERR;
}
}
// If we already have a parser we ignore the document.open call. // If we already have a parser we ignore the document.open call.
if (mParser) { if (mParser) {
@ -1927,8 +1940,6 @@ nsHTMLDocument::OpenCommon(const nsACString& aContentType, PRBool aReplace)
return NS_ERROR_DOM_NOT_SUPPORTED_ERR; return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
} }
nsresult rv = NS_OK;
// Note: We want to use GetDocumentFromContext here because this document // Note: We want to use GetDocumentFromContext here because this document
// should inherit the security information of the document that's opening us, // should inherit the security information of the document that's opening us,
// (since if it's secure, then it's presumeably trusted). // (since if it's secure, then it's presumeably trusted).
@ -2008,7 +2019,7 @@ nsHTMLDocument::OpenCommon(const nsACString& aContentType, PRBool aReplace)
nsPIDOMWindow *window = GetInnerWindow(); nsPIDOMWindow *window = GetInnerWindow();
if (window) { if (window) {
// Rememer the old scope in case the call to SetNewDocument changes it. // Remember the old scope in case the call to SetNewDocument changes it.
nsCOMPtr<nsIScriptGlobalObject> oldScope(do_QueryReferent(mScopeObject)); nsCOMPtr<nsIScriptGlobalObject> oldScope(do_QueryReferent(mScopeObject));
rv = window->SetNewDocument(this, nsnull, PR_FALSE); rv = window->SetNewDocument(this, nsnull, PR_FALSE);

1
modules/libpref/src/init/all.js
View File

@ -279,7 +279,6 @@ pref("capability.policy.default.History.next", "UniversalBrowserRead");
pref("capability.policy.default.History.previous", "UniversalBrowserRead"); pref("capability.policy.default.History.previous", "UniversalBrowserRead");
pref("capability.policy.default.History.toString", "UniversalBrowserRead"); pref("capability.policy.default.History.toString", "UniversalBrowserRead");
pref("capability.policy.default.HTMLDocument.close.get", "allAccess");
pref("capability.policy.default.HTMLDocument.open.get", "allAccess"); pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
pref("capability.policy.default.Location.hash.set", "allAccess"); pref("capability.policy.default.Location.hash.set", "allAccess");