Fixing bug 235457. Make new windows opened through window.open be opened on the context of the opener, and make caps not lie about when capabilities are enabled. r=danm-moz@comcast.net, r=caillon@aillon.org, sr=brendan@mozilla.org, a=dbaron@dbaron.org

2024-10-10 20:05:49 +00:00 · 2004-03-16 06:57:54 +00:00 · 2004-03-16 06:57:54 +00:00 · e1913b1f1e
commit e1913b1f1e
parent 1f82adcf25
3 changed files with 31 additions and 6 deletions
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -1990,16 +1990,15 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
    nsresult rv;
    JSStackFrame *fp = nsnull;
    JSContext *cx = GetCurrentJSContext();
-    fp = cx ? JS_FrameIterator(cx, &fp) : nsnull;
-    if (!fp)
+    if (!cx)
    {
-        // No script code on stack. Allow execution.
+        // No context reachable. Allow execution.
        *result = PR_TRUE;
        return NS_OK;
    }
    *result = PR_FALSE;
    nsCOMPtr<nsIPrincipal> previousPrincipal;
-    do
+    while ((fp = JS_FrameIterator(cx, &fp)) != nsnull)
    {
        nsCOMPtr<nsIPrincipal> principal;
        if (NS_FAILED(GetFramePrincipal(cx, fp, getter_AddRefs(principal))))
@ -2031,7 +2030,7 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
        if (NS_FAILED(rv)) return rv;
        if (*result)
            return NS_OK;
-    } while ((fp = JS_FrameIterator(cx, &fp)) != nsnull);
+    }

    if (!previousPrincipal)
    {
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -3356,8 +3356,31 @@ GlobalWindowImpl::Open(nsIDOMWindow **_retval)
    return NS_OK; // don't open the window, but also don't throw a JS exception
  }

+  // If we're called from chrome, push our context onto the context
+  // stack. This is so that opening a window from chrome by calling
+  // open() on a non-chrome window doesn't allow chrome-only features
+  // on the new window (opened through this non-chrome window).
+  nsCOMPtr<nsIJSContextStack> stack;
+
+  if (IsCallerChrome() && mContext) {
+    stack = do_GetService(sJSStackContractID);
+
+    JSContext *my_cx = NS_REINTERPRET_CAST(JSContext *,
+                                           mContext->GetNativeContext());
+
+    if (stack && my_cx) {
+      stack->Push(my_cx);
+    } else {
+      stack = nsnull;
+    }
+  }
+
  rv = OpenInternal(url, name, options, PR_FALSE, nsnull, 0, nsnull, _retval);

+  if (stack) {
+    stack->Pop(nsnull);
+  }
+
  nsCOMPtr<nsIDOMChromeWindow> chrome_win(do_QueryInterface(*_retval));

  if (NS_SUCCEEDED(rv)) {
--- a/xpfe/browser/resources/content/navigator.js
+++ b/xpfe/browser/resources/content/navigator.js
@ -2239,7 +2239,10 @@ function createShowPopupsMenu(parent) {
 function popupBlockerMenuCommand(target) {
  var uri = target.getAttribute("uri");
  if (uri) {
-    window.open(uri, "", target.getAttribute("features"));
+    // Make sure we use the content window to open the popup to
+    // prevent it from being able to set flags it shoudn't be able to
+    // set.
+    window.content.open(uri, "", target.getAttribute("features"));
  }
 }