Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 11:25:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix

Browse Source 
28387 nBookmarking javascript: URLs is dangerous
32343 Components object appears to be accessible via javascript: u
31707 Crash when logging into hotoffice.com
r=mstoltz
This commit is contained in:
norris%netscape.com 2000-03-21 23:16:55 +00:00
parent b469634b56
commit b4309b139a
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dom/src/jsurl/nsJSProtocolHandler.cpp
View File

@ -227,14 +227,14 @@ nsJSProtocolHandler::NewChannel(const char* verb,
nsCOMPtr<nsIPrincipal> principal;
nsCOMPtr<nsIURI> referringUri;
if (originalURI) {
// XXX this is wrong: see bugs 31818 and 29831. warren is looking at it.
referringUri = originalURI;
} else {
nsCOMPtr<nsIDocShell> docShell;
docShell = do_QueryInterface(globalOwner);
if (!docShell)
return NS_ERROR_FAILURE;
if (NS_FAILED(docShell->GetCurrentURI(getter_AddRefs(referringUri))))
return NS_ERROR_FAILURE;
// No referrer available. Use the current javascript: URI, which will mean
// that this script will be in another trust domain than any other script
// since SameOrigin should be false for anything other than the same
// javascript: URI.
referringUri = uri;
}
if (NS_FAILED(securityManager->GetCodebasePrincipal(referringUri,
getter_AddRefs(principal))))