mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-28 23:31:56 +00:00
Fixing bug 78831 - treat chrome and resource URLs the same in the
URL loading check and give them access to each other. r=pavlov, sr=brendan. This allows us to turn on the fix (already reviewed) for 69070.
This commit is contained in:
parent
1a5a83dc13
commit
f9c13993e0
@ -686,7 +686,7 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aSourceURI, nsIURI *aTargetURI,
|
||||
{ "aim", AllowProtocol },
|
||||
{ "data", AllowProtocol },
|
||||
{ "keyword", DenyProtocol },
|
||||
{ "resource", DenyProtocol },
|
||||
{ "resource", ChromeProtocol },
|
||||
{ "gopher", AllowProtocol },
|
||||
{ "datetime", DenyProtocol },
|
||||
{ "finger", AllowProtocol },
|
||||
@ -707,8 +707,13 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aSourceURI, nsIURI *aTargetURI,
|
||||
mPrefs->GetBoolPref("security.checkloaduri", &doCheck);
|
||||
return doCheck ? ReportErrorToConsole(aTargetURI) : NS_OK;
|
||||
case ChromeProtocol:
|
||||
return (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) ?
|
||||
NS_OK : ReportErrorToConsole(aTargetURI);
|
||||
if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME)
|
||||
return NS_OK;
|
||||
// resource: and chrome: are equivalent, securitywise
|
||||
if ((PL_strcmp(sourceScheme, "chrome") == 0) ||
|
||||
(PL_strcmp(sourceScheme, "resource") == 0))
|
||||
return NS_OK;
|
||||
return ReportErrorToConsole(aTargetURI);
|
||||
case AboutProtocol:
|
||||
// Allow loading about:blank, otherwise deny
|
||||
if(NS_FAILED(targetUri->GetSpec(getter_Copies(targetSpec))))
|
||||
|
@ -1461,7 +1461,6 @@ nsImageFrame::CanLoadImage(nsIURI *aURI)
|
||||
{
|
||||
PRBool shouldLoad = PR_TRUE; // default permit
|
||||
|
||||
#if 0
|
||||
nsCOMPtr<nsIScriptSecurityManager> securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
|
||||
|
||||
if (securityManager) {
|
||||
@ -1472,7 +1471,6 @@ nsImageFrame::CanLoadImage(nsIURI *aURI)
|
||||
if (NS_FAILED(proceed))
|
||||
return PR_FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
// XXX leave this if 0'd until there is a good way to test it.
|
||||
#if 0
|
||||
|
@ -1461,7 +1461,6 @@ nsImageFrame::CanLoadImage(nsIURI *aURI)
|
||||
{
|
||||
PRBool shouldLoad = PR_TRUE; // default permit
|
||||
|
||||
#if 0
|
||||
nsCOMPtr<nsIScriptSecurityManager> securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
|
||||
|
||||
if (securityManager) {
|
||||
@ -1472,7 +1471,6 @@ nsImageFrame::CanLoadImage(nsIURI *aURI)
|
||||
if (NS_FAILED(proceed))
|
||||
return PR_FALSE;
|
||||
}
|
||||
#endif
|
||||
|
||||
// XXX leave this if 0'd until there is a good way to test it.
|
||||
#if 0
|
||||
|
Loading…
Reference in New Issue
Block a user