corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When doing window access security checks, make sure to treat wyciwyg URIs as

Browse Source 
equivalent to their creators.  Bug 270414, r+sr=jst
This commit is contained in:
bzbarsky@mit.edu
2005-01-21 16:58:45 +00:00
parent 90cb8345a4
commit 20bac0af28
2 changed files with 33 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
docshell/base/nsDocShell.cpp
View File

@@ -961,9 +961,10 @@ SameOrSubdomainOfTarget(nsIURI* aOriginURI, nsIURI* aTargetURI,
// set). This puts control of loading in the hands of the target,
// which is more secure. (per Nav 4.x)
//
static PRBool
ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem,
nsIDocShellTreeItem* aTargetTreeItem)
/* static */
PRBool
nsDocShell::ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem,
nsIDocShellTreeItem* aTargetTreeItem)
{
nsCOMPtr<nsIScriptSecurityManager> securityManager =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
@@ -996,6 +997,19 @@ ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem,
rv = originWebNav->GetCurrentURI(getter_AddRefs(originDocumentURI));
NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && originDocumentURI, PR_TRUE);
// This may be wyciwyg URI... if so, we need to extract the actual
// URI from it.
if (sURIFixup) {
PRBool isWyciwyg = PR_FALSE;
rv = originDocumentURI->SchemeIs("wyciwyg", &isWyciwyg);
if (isWyciwyg && NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIURI> temp;
sURIFixup->CreateExposableURI(originDocumentURI,
getter_AddRefs(temp));
originDocumentURI = temp;
}
}
// Get target principal uri (including document.domain)
nsCOMPtr<nsIDOMDocument> targetDOMDocument =
do_GetInterface(aTargetTreeItem);
@@ -1832,10 +1846,11 @@ nsDocShell::GetSameTypeRootTreeItem(nsIDocShellTreeItem ** aRootTreeItem)
return NS_OK;
}
static PRBool
CanAccessItem(nsIDocShellTreeItem* aTargetItem,
nsIDocShellTreeItem* aAccessingItem,
PRBool aConsiderOpener = PR_TRUE)
/* static */
PRBool
nsDocShell::CanAccessItem(nsIDocShellTreeItem* aTargetItem,
nsIDocShellTreeItem* aAccessingItem,
PRBool aConsiderOpener)
{
NS_PRECONDITION(aTargetItem, "Must have target item!");