Bug 337344: Disable location bar hiding by default, to make chrome spoofing harder. p=Johnathan Nightingale <johnath@mozilla.com>, r=mconnor

This commit is contained in:
dtownsend@oxymoronical.com 2007-08-23 11:49:02 -07:00
parent a23985c0a8
commit e879d0303c
2 changed files with 7 additions and 6 deletions

View File

@ -305,9 +305,10 @@ pref("javascript.options.showInConsole", false);
pref("dom.disable_window_open_feature.status", true);
// This is the pref to control the location bar, change this to true to
// force this instead of or in addition to the status bar - this makes
// the origin of popup windows more obvious to avoid spoofing but we
// cannot do it by default because it affects UE for web applications.
pref("dom.disable_window_open_feature.location", false);
// the origin of popup windows more obvious to avoid spoofing. We would
// rather not do it by default because it affects UE for web applications, but
// without it there isn't a really good way to prevent chrome spoofing, see bug 337344
pref("dom.disable_window_open_feature.location", true);
pref("dom.disable_window_status_change", true);
// allow JS to move and resize existing windows
pref("dom.disable_window_move_resize", false);

View File

@ -221,12 +221,12 @@ function getMostRecentBrowserWindow() {
var win = wm.getMostRecentWindow("navigator:browser", true);
// if we're lucky, this isn't a popup, and we can just return this
if (win && !win.toolbar.visible) {
if (win && win.document.documentElement.getAttribute("chromehidden")) {
var windowList = wm.getEnumerator("navigator:browser", true);
// this is oldest to newest, so this gets a bit ugly
while (windowList.hasMoreElements()) {
var nextWin = windowList.getNext();
if (nextWin.toolbar.visible)
if (!nextWin.document.documentElement.getAttribute("chromehidden"))
win = nextWin;
}
}
@ -236,7 +236,7 @@ function getMostRecentBrowserWindow() {
return null;
var win = windowList.getNext();
while (!win.toolbar.visible) {
while (win.document.documentElement.getAttribute("chromehidden")) {
if (!windowList.hasMoreElements())
return null;