Bug 1406278: Part 1 - Pass subject principal to SetAttribute and friends. r=bz

In order to tailor certain security checks to the caller that is attempting to load a particular piece of content, we need to be able to attach an appropriate triggering principal to the corresponding requests. Since most HTML content is loaded based on attribute values, that means capturing the subject principal of the caller who sets those attributes, which means making it available to AfterSetAttr hooks. MozReview-Commit-ID: BMDL2Uepg0X
2017-10-09 14:33:38 -07:00
parent 91f7e7ef3f
commit 5f00cf0c65
92 changed files with 317 additions and 128 deletions
--- a/dom/html/HTMLSelectElement.cpp
+++ b/dom/html/HTMLSelectElement.cpp
@@ -1316,7 +1316,9 @@ HTMLSelectElement::BeforeSetAttr(int32_t aNameSpaceID, nsAtom* aName,
 nsresult
 HTMLSelectElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,
                                const nsAttrValue* aValue,
-                                const nsAttrValue* aOldValue, bool aNotify)
+                                const nsAttrValue* aOldValue,
+                                nsIPrincipal* aSubjectPrincipal,
+                                bool aNotify)
 {
  if (aNameSpaceID == kNameSpaceID_None) {
    if (aName == nsGkAtoms::disabled) {
@@ -1349,6 +1351,7 @@ HTMLSelectElement::AfterSetAttr(int32_t aNameSpaceID, nsAtom* aName,

  return nsGenericHTMLFormElementWithState::AfterSetAttr(aNameSpaceID, aName,
                                                         aValue, aOldValue,
+                                                         aSubjectPrincipal,
                                                         aNotify);
 }