Fix for bug # 159659. urlbar spoofing with wyciwyg://. r=adamlock, mstolz, sr=darin. Make sure normal loads of wyciwyg url don't go through nsDocShell::InternalLoad().

2002-09-20 19:10:23 +00:00
parent 5bb3d5f2da
commit 3cccae452c
1 changed files with 10 additions and 1 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -4726,7 +4726,7 @@ nsDocShell::InternalLoad(nsIURI * aURI,
                         nsIRequest** aRequest)
 {
    nsresult rv = NS_OK;
-
+    
    // Initialize aDocShell/aRequest
    if (aDocShell) {
        *aDocShell = nsnull;
@@ -4735,6 +4735,15 @@ nsDocShell::InternalLoad(nsIURI * aURI,
        *aRequest = nsnull;
    }

+    // wyciwyg urls can only be loaded through history. Any normal load of
+    // wyciwyg through docshell is  illegal. Disallow such loads.
+    if (aURI && (aLoadType & LOAD_CMD_NORMAL)) {
+        PRBool isWyciwyg = PR_FALSE;
+        rv = aURI->SchemeIs("wyciwyg", &isWyciwyg);   
+        if ((isWyciwyg && NS_SUCCEEDED(rv)) || NS_FAILED(rv)) 
+            return NS_ERROR_FAILURE;
+    }
+
    //
    // First, notify any nsIContentPolicy listeners about the document load.
    // Only abort the load if a content policy listener explicitly vetos it!