Bug 1182569 - Skip security check for plugins using newstream attribute. r=smaug

2017-01-03 20:59:54 +01:00
parent 65b9eed2df
commit a19187cb43
5 changed files with 46 additions and 24 deletions
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -13787,7 +13787,8 @@ public:
                   nsIInputStream* aPostDataStream,
                   nsIInputStream* aHeadersDataStream,
                   bool aNoOpenerImplied,
-                   bool aIsTrusted);
+                   bool aIsTrusted,
+                   nsIPrincipal* aTriggeringPrincipal);

  NS_IMETHOD Run() override
  {
@@ -13804,7 +13805,7 @@ public:
                                mTargetSpec.get(), mFileName,
                                mPostDataStream, mHeadersDataStream,
                                mNoOpenerImplied,
-                                nullptr, nullptr);
+                                nullptr, nullptr, mTriggeringPrincipal);
    }
    return NS_OK;
  }
@@ -13820,6 +13821,7 @@ private:
  PopupControlState mPopupState;
  bool mNoOpenerImplied;
  bool mIsTrusted;
+  nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
 };

 OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
@@ -13830,7 +13832,8 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
                                   nsIInputStream* aPostDataStream,
                                   nsIInputStream* aHeadersDataStream,
                                   bool aNoOpenerImplied,
-                                   bool aIsTrusted)
+                                   bool aIsTrusted,
+                                   nsIPrincipal* aTriggeringPrincipal)
  : mHandler(aHandler)
  , mURI(aURI)
  , mTargetSpec(aTargetSpec)
@@ -13841,6 +13844,7 @@ OnLinkClickEvent::OnLinkClickEvent(nsDocShell* aHandler,
  , mPopupState(mHandler->mScriptGlobal->GetPopupControlState())
  , mNoOpenerImplied(aNoOpenerImplied)
  , mIsTrusted(aIsTrusted)
+  , mTriggeringPrincipal(aTriggeringPrincipal)
 {
 }

@@ -13851,7 +13855,8 @@ nsDocShell::OnLinkClick(nsIContent* aContent,
                        const nsAString& aFileName,
                        nsIInputStream* aPostDataStream,
                        nsIInputStream* aHeadersDataStream,
-                        bool aIsTrusted)
+                        bool aIsTrusted,
+                        nsIPrincipal* aTriggeringPrincipal)
 {
  NS_ASSERTION(NS_IsMainThread(), "wrong thread");

@@ -13895,7 +13900,7 @@ nsDocShell::OnLinkClick(nsIContent* aContent,
  nsCOMPtr<nsIRunnable> ev =
    new OnLinkClickEvent(this, aContent, aURI, target.get(), aFileName,
                         aPostDataStream, aHeadersDataStream, noOpenerImplied,
-                         aIsTrusted);
+                         aIsTrusted, aTriggeringPrincipal);
  return NS_DispatchToCurrentThread(ev);
 }

@@ -13908,7 +13913,8 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
                            nsIInputStream* aHeadersDataStream,
                            bool aNoOpenerImplied,
                            nsIDocShell** aDocShell,
-                            nsIRequest** aRequest)
+                            nsIRequest** aRequest,
+                            nsIPrincipal* aTriggeringPrincipal)
 {
  // Initialize the DocShell / Request
  if (aDocShell) {
@@ -14034,13 +14040,18 @@ nsDocShell::OnLinkClickSync(nsIContent* aContent,
    return NS_ERROR_OUT_OF_MEMORY;
  }

+  // if the triggeringPrincipal is not passed explicitly, then we
+  // fall back to using doc->NodePrincipal() as the triggeringPrincipal.
+  nsCOMPtr<nsIPrincipal> triggeringPrincipal =
+    aTriggeringPrincipal ? aTriggeringPrincipal
+                         : aContent->NodePrincipal();
+
  nsresult rv = InternalLoad(clonedURI,                 // New URI
                             nullptr,                   // Original URI
                             false,                     // LoadReplace
                             referer,                   // Referer URI
                             refererPolicy,             // Referer policy
-                             aContent->NodePrincipal(), // Triggering is our node's
-                                                        // principal
+                             triggeringPrincipal,
                             aContent->NodePrincipal(),
                             flags,
                             target,                    // Window target