mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 11:55:49 +00:00
Bug 32571 - add disabling pref and JS console message to window.close security check. r=heikki, sr=jst.
This commit is contained in:
parent
3fe1e83681
commit
b37c501c58
@ -1 +1,2 @@
|
||||
JSURLLoadBlockedWarning=Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.
|
||||
WindowCloseBlockedWarning=Scripts may not close windows that were not opened by script.
|
||||
|
@ -174,7 +174,7 @@ static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
|
||||
static const char *sJSStackContractID = "@mozilla.org/js/xpc/ContextStack;1";
|
||||
|
||||
static const char *kDOMBundleURL = "chrome://global/locale/commonDialogs.properties";
|
||||
|
||||
static const char *kDOMSecurityWarningsBundleURL = "chrome://communicator/locale/dom/dom.properties";
|
||||
|
||||
static const char * const kCryptoContractID = NS_CRYPTO_CONTRACTID;
|
||||
static const char * const kPkcs11ContractID = NS_PKCS11_CONTRACTID;
|
||||
@ -3041,14 +3041,42 @@ GlobalWindowImpl::Close()
|
||||
// that were not opened by script
|
||||
nsresult rv;
|
||||
if (!mOpener) {
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan(
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
PRBool inChrome = PR_TRUE;
|
||||
rv = secMan->SubjectPrincipalIsSystem(&inChrome);
|
||||
if (NS_SUCCEEDED(rv) && !inChrome)
|
||||
return NS_OK;
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan(
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
PRBool inChrome = PR_TRUE;
|
||||
rv = secMan->SubjectPrincipalIsSystem(&inChrome);
|
||||
if (NS_SUCCEEDED(rv) && !inChrome) {
|
||||
PRBool allowClose = PR_TRUE;
|
||||
gPrefBranch->GetBoolPref("dom.allow_scripts_to_close_windows",
|
||||
&allowClose);
|
||||
if (!allowClose) {
|
||||
// We're blocking the close operation
|
||||
// report localized error msg in JS console
|
||||
nsCOMPtr<nsIStringBundleService> stringBundleService(
|
||||
do_GetService(kCStringBundleServiceCID));
|
||||
if (stringBundleService) {
|
||||
nsCOMPtr<nsIStringBundle> stringBundle;
|
||||
rv = stringBundleService->CreateBundle(
|
||||
kDOMSecurityWarningsBundleURL,
|
||||
getter_AddRefs(stringBundle));
|
||||
if (NS_SUCCEEDED(rv) && stringBundle) {
|
||||
nsXPIDLString errorMsg;
|
||||
rv = stringBundle->GetStringFromName(
|
||||
NS_LITERAL_STRING("WindowCloseBlockedWarning").get(),
|
||||
getter_Copies(errorMsg));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
nsCOMPtr<nsIConsoleService> console(
|
||||
do_GetService("@mozilla.org/consoleservice;1"));
|
||||
if (console)
|
||||
console->LogStringMessage(errorMsg.get());
|
||||
}
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Fire a DOM event notifying listeners that this window is about to
|
||||
|
@ -445,6 +445,8 @@ pref("dom.disable_window_open_feature.scrollbars", false);
|
||||
pref("dom.disable_window_open_feature.resizable", false);
|
||||
pref("dom.disable_window_open_feature.minimizable", false);
|
||||
pref("dom.disable_window_open_feature.status", false);
|
||||
|
||||
pref("dom.allow_scripts_to_close_windows", false);
|
||||
|
||||
pref("javascript.enabled", true);
|
||||
pref("javascript.allow.mailnews", false);
|
||||
|
Loading…
Reference in New Issue
Block a user