CheckLoadURI should use document uri, not base uri. Bug 177237,

r=mstoltz, sr=jst, a=blizzard
2024-12-01 17:23:59 +00:00 · 2002-11-05 03:45:28 +00:00 · 2002-11-05 03:45:28 +00:00 · f83e342a15
commit f83e342a15
parent 7dc47b626d
4 changed files with 20 additions and 13 deletions
--- a/content/base/src/nsScriptLoader.cpp
+++ b/content/base/src/nsScriptLoader.cpp
@ -341,7 +341,12 @@ nsScriptLoader::ProcessScriptElement(nsIDOMHTMLScriptElement *aElement,
    if (NS_FAILED(rv)) {
      return FireErrorNotification(rv, aElement, aObserver);
    }
-    rv = securityManager->CheckLoadURI(baseURI, scriptURI, 
+    nsCOMPtr<nsIURI> docURI;
+    mDocument->GetDocumentURL(getter_AddRefs(docURI));
+    if (!docURI) {
+      return FireErrorNotification(NS_ERROR_UNEXPECTED, aElement, aObserver);
+    }
+    rv = securityManager->CheckLoadURI(docURI, scriptURI, 
                                       nsIScriptSecurityManager::ALLOW_CHROME);
    if (NS_FAILED(rv)) {
      return FireErrorNotification(rv, aElement, aObserver);
--- a/content/html/content/src/nsHTMLFormElement.cpp
+++ b/content/html/content/src/nsHTMLFormElement.cpp
@ -1054,10 +1054,10 @@ nsHTMLFormElement::GetActionURL(nsIURI** aActionURL)
  }

  // Get base URL
-  nsCOMPtr<nsIURI> docURL;
-  GetBaseURL(*getter_AddRefs(docURL));
-  NS_ASSERTION(docURL, "No Base URL found in Form Submit!\n");
-  if (!docURL) {
+  nsCOMPtr<nsIURI> baseURL;
+  GetBaseURL(*getter_AddRefs(baseURL));
+  NS_ASSERTION(baseURL, "No Base URL found in Form Submit!\n");
+  if (!baseURL) {
    return NS_OK; // No base URL -> exit early, see Bug 30721
  }

@ -1077,10 +1077,10 @@ nsHTMLFormElement::GetActionURL(nsIURI** aActionURL)
      return NS_OK;
    }

-    rv = docURL->Clone(getter_AddRefs(actionURL));
+    rv = baseURL->Clone(getter_AddRefs(actionURL));
    NS_ENSURE_SUCCESS(rv, rv);
  } else {
-    rv = NS_NewURI(getter_AddRefs(actionURL), action, nsnull, docURL);
+    rv = NS_NewURI(getter_AddRefs(actionURL), action, nsnull, baseURL);
    NS_ENSURE_SUCCESS(rv, rv);
  }

@ -1095,6 +1095,10 @@ nsHTMLFormElement::GetActionURL(nsIURI** aActionURL)
    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
  NS_ENSURE_SUCCESS(rv, rv);

+  nsCOMPtr<nsIURI> docURL;
+  mDocument->GetDocumentURL(getter_AddRefs(docURL));
+  NS_ENSURE_TRUE(docURL, NS_ERROR_UNEXPECTED);
+  
  rv = securityManager->CheckLoadURI(docURL, actionURL,
                                     nsIScriptSecurityManager::STANDARD);
  NS_ENSURE_SUCCESS(rv, rv);
--- a/content/html/style/src/nsCSSLoader.cpp
+++ b/content/html/style/src/nsCSSLoader.cpp
@ -1707,11 +1707,10 @@ CSSLoaderImpl::LoadStyleLink(nsIContent* aElement,
  nsCOMPtr<nsIScriptSecurityManager> secMan = 
           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
  if (NS_FAILED(rv)) return rv;
-  nsIURI* docURI;
-  rv = mDocument->GetBaseURL(docURI);
+  nsCOMPtr<nsIURI> docURI;
+  rv = mDocument->GetDocumentURL(getter_AddRefs(docURI));
  if (NS_FAILED(rv) || !docURI) return NS_ERROR_FAILURE;
  rv = secMan->CheckLoadURI(docURI, aURL, nsIScriptSecurityManager::ALLOW_CHROME);
-  NS_IF_RELEASE(docURI);
  if (NS_FAILED(rv)) return rv;

  // XXX need to add code to cancel any pending sheets for element
--- a/layout/style/nsCSSLoader.cpp
+++ b/layout/style/nsCSSLoader.cpp
@ -1707,11 +1707,10 @@ CSSLoaderImpl::LoadStyleLink(nsIContent* aElement,
  nsCOMPtr<nsIScriptSecurityManager> secMan = 
           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
  if (NS_FAILED(rv)) return rv;
-  nsIURI* docURI;
-  rv = mDocument->GetBaseURL(docURI);
+  nsCOMPtr<nsIURI> docURI;
+  rv = mDocument->GetDocumentURL(getter_AddRefs(docURI));
  if (NS_FAILED(rv) || !docURI) return NS_ERROR_FAILURE;
  rv = secMan->CheckLoadURI(docURI, aURL, nsIScriptSecurityManager::ALLOW_CHROME);
-  NS_IF_RELEASE(docURI);
  if (NS_FAILED(rv)) return rv;

  // XXX need to add code to cancel any pending sheets for element