Bug 1406278: Part 3 - Use subject principal as triggering principal in <script> "src" attribute. r=bz

MozReview-Commit-ID: KwGIE4t7KUx
2017-10-04 22:16:32 -07:00
parent ce86c492cd
commit afc961cdba
8 changed files with 56 additions and 15 deletions
--- a/dom/html/HTMLScriptElement.cpp
+++ b/dom/html/HTMLScriptElement.cpp
@@ -169,9 +169,9 @@ HTMLScriptElement::Defer()
 }

 void
-HTMLScriptElement::SetSrc(const nsAString& aSrc, ErrorResult& rv)
+HTMLScriptElement::SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, ErrorResult& rv)
 {
-  rv = SetAttrHelper(nsGkAtoms::src, aSrc);
+  SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, rv);
 }

 void
@@ -242,6 +242,11 @@ HTMLScriptElement::AfterSetAttr(int32_t aNamespaceID, nsAtom* aName,
  if (nsGkAtoms::async == aName && kNameSpaceID_None == aNamespaceID) {
    mForceAsync = false;
  }
+  if (nsGkAtoms::src == aName && kNameSpaceID_None == aNamespaceID) {
+    mSrcTriggeringPrincipal = nsContentUtils::GetAttrTriggeringPrincipal(
+        this, aValue ? aValue->GetStringValue() : EmptyString(),
+        aMaybeScriptedPrincipal);
+  }
  return nsGenericHTMLElement::AfterSetAttr(aNamespaceID, aName,
                                            aValue, aOldValue,
                                            aMaybeScriptedPrincipal,