corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1639195 - Part 1: Make BrowserChild::RecvLoadURL() to use the correct triggering princpal. r=ckerschb,mattwoodrow

Browse Source 
This patch makes the triggering princpal to be propagated to the
BrowserChild when calling LoadURL in nsFrameLoader. And use it as the
triggering principal for loading instead of the system principal.

Differential Revision: https://phabricator.services.mozilla.com/D75965
This commit is contained in:
Tim Huang
2020-05-19 20:22:34 +00:00
parent 03b8c6acb3
commit 58f3d1a3ae
14 changed files with 44 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
dom/base/nsFrameLoader.cpp
View File

@@ -576,7 +576,15 @@ nsresult nsFrameLoader::ReallyStartLoadingInternal() {
mRemoteBrowser->ResumeLoad(mPendingSwitchID);
mPendingSwitchID = 0;
} else {
mRemoteBrowser->LoadURL(mURIToLoad);
// The triggering principal could be null if the frame is loaded other
// than the src attribute, for example, the frame is sandboxed. In the
// case we use the principal of the owner content, which is needed to
// prevent XSS attaches on documents loaded in subframes.
if (mTriggeringPrincipal) {
mRemoteBrowser->LoadURL(mURIToLoad, mTriggeringPrincipal);
} else {
mRemoteBrowser->LoadURL(mURIToLoad, mOwnerContent->NodePrincipal());
}
}
if (!mRemoteBrowserShown) {