Bug 1318664 - fix about pages linking to themselves with query parameters, r=bz

MozReview-Commit-ID: Dsqj0L4aIlv --HG-- extra : rebase_source : 5fde285885cfa4a14200aefc70d1f2395d67d92f
2024-11-24 21:31:04 +00:00 · 2016-11-23 18:26:44 +00:00 · 2016-11-23 18:26:44 +00:00 · d1260ddfab
commit d1260ddfab
parent 2fff66aaac
2 changed files with 28 additions and 5 deletions
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@ -753,16 +753,27 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
        currentURI->GetScheme(scheme);
        currentOtherURI->GetScheme(otherScheme);

+        bool schemesMatch = scheme.Equals(otherScheme, stringComparator);
+        bool isSamePage;
+        // about: URIs are special snowflakes.
+        if (scheme.EqualsLiteral("about")) {
+            nsAutoCString module, otherModule;
+            isSamePage = schemesMatch &&
+                NS_SUCCEEDED(NS_GetAboutModuleName(currentURI, module)) &&
+                NS_SUCCEEDED(NS_GetAboutModuleName(currentOtherURI, otherModule)) &&
+                module.Equals(otherModule);
+        } else {
+            bool equalExceptRef = false;
+            rv = currentURI->EqualsExceptRef(currentOtherURI, &equalExceptRef);
+            isSamePage = NS_SUCCEEDED(rv) && equalExceptRef;
+        }
+
        // If schemes are not equal, or they're equal but the target URI
        // is different from the source URI and doesn't always allow linking
        // from the same scheme, check if the URI flags of the current target
        // URI allow the current source URI to link to it.
        // The policy is specified by the protocol flags on both URIs.
-        bool equalExceptRef = false;
-        if (!scheme.Equals(otherScheme, stringComparator) ||
-            (denySameSchemeLinks &&
-             (!NS_SUCCEEDED(currentURI->EqualsExceptRef(currentOtherURI, &equalExceptRef)) ||
-              !equalExceptRef))) {
+        if (!schemesMatch || (denySameSchemeLinks && !isSamePage)) {
            return CheckLoadURIFlags(currentURI, currentOtherURI,
                                     sourceBaseURI, targetBaseURI, aFlags);
        }
--- a/caps/tests/mochitest/browser_checkloaduri.js
+++ b/caps/tests/mochitest/browser_checkloaduri.js
@ -52,6 +52,18 @@ const URLs = new Map([
    ["view-source:data:text/html,Hi", true, false, true],
    ["javascript:alert('hi')", true, false, true],
  ]],
+  ["about:foo", [
+    ["about:foo?", true, true, true],
+    ["about:foo?bar", true, true, true],
+    ["about:foo#", true, true, true],
+    ["about:foo#bar", true, true, true],
+    ["about:foo?#", true, true, true],
+    ["about:foo?bar#baz", true, true, true],
+    ["about:bar", false, false, true],
+    ["about:bar?foo#baz", false, false, true],
+    ["about:bar?foo", false, false, true],
+    ["http://www.example.com/", true, true, true],
+  ]],
 ]);

 function testURL(source, target, canLoad, canLoadWithoutInherit, canCreate, flags) {