Bug 32571 - Don't allow scripts from content to close windows with a null opener.

r=heikki, sr=jst, a=dbaron.
2024-12-02 10:00:54 +00:00 · 2002-10-25 01:08:29 +00:00 · 2002-10-25 01:08:29 +00:00 · c66a28d655
commit c66a28d655
parent 127cbb19c8
1 changed files with 14 additions and 6 deletions
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -3104,6 +3104,20 @@ GlobalWindowImpl::Close()
    return NS_OK;
  }

+  // Don't allow scripts from content to close windows
+  // that were not opened by script
+  nsresult rv;
+  if (!mOpener) {
+      nsCOMPtr<nsIScriptSecurityManager> secMan(
+        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
+      if (NS_SUCCEEDED(rv)) {
+          PRBool inChrome = PR_TRUE;
+          rv = secMan->SubjectPrincipalIsSystem(&inChrome);
+          if (NS_SUCCEEDED(rv) && !inChrome)
+              return NS_OK;
+      }
+  }
+
  // Fire a DOM event notifying listeners that this window is about to
  // be closed. The tab UI code may choose to cancel the default
  // action for this event, if so, we won't actually close the window
@ -3132,12 +3146,6 @@ GlobalWindowImpl::Close()
    }
  }

-  // Note: the basic security check, rejecting windows not opened through JS,
-  // has been removed. This was approved long ago by ...you're going to call me
-  // on this, aren't you... well it was. And anyway, a better means is coming.
-  // In the new world of application-level interfaces being written in JS, this
-  // security check was causing problems.
-
  nsCOMPtr<nsIJSContextStack> stack =
    do_GetService(sJSStackContractID);