mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 11:25:00 +00:00
Fix
28387 nBookmarking javascript: URLs is dangerous 32343 Components object appears to be accessible via javascript: u 31707 Crash when logging into hotoffice.com r=mstoltz
This commit is contained in:
parent
b469634b56
commit
b4309b139a
@ -227,14 +227,14 @@ nsJSProtocolHandler::NewChannel(const char* verb,
|
||||
nsCOMPtr<nsIPrincipal> principal;
|
||||
nsCOMPtr<nsIURI> referringUri;
|
||||
if (originalURI) {
|
||||
// XXX this is wrong: see bugs 31818 and 29831. warren is looking at it.
|
||||
referringUri = originalURI;
|
||||
} else {
|
||||
nsCOMPtr<nsIDocShell> docShell;
|
||||
docShell = do_QueryInterface(globalOwner);
|
||||
if (!docShell)
|
||||
return NS_ERROR_FAILURE;
|
||||
if (NS_FAILED(docShell->GetCurrentURI(getter_AddRefs(referringUri))))
|
||||
return NS_ERROR_FAILURE;
|
||||
// No referrer available. Use the current javascript: URI, which will mean
|
||||
// that this script will be in another trust domain than any other script
|
||||
// since SameOrigin should be false for anything other than the same
|
||||
// javascript: URI.
|
||||
referringUri = uri;
|
||||
}
|
||||
if (NS_FAILED(securityManager->GetCodebasePrincipal(referringUri,
|
||||
getter_AddRefs(principal))))
|
||||
|
Loading…
Reference in New Issue
Block a user