corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1934807 - Consider file: URIs as the same domain for the purpose of frame navigation; r=smaug

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D232451
This commit is contained in:
Edgar Chen
2025-01-13 00:19:00 +00:00
parent cee1c69990
commit b298946c00
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docshell/base/nsDocShell.cpp
View File

@@ -8050,6 +8050,7 @@ nsresult nsDocShell::CheckLoadingPermissions() {
// Check if the caller is from the same origin as this docshell, // Check if the caller is from the same origin as this docshell,
// or any of its ancestors. // or any of its ancestors.
nsIPrincipal* subjectPrincipal = nsContentUtils::SubjectPrincipal();
for (RefPtr<BrowsingContext> bc = mBrowsingContext; bc; for (RefPtr<BrowsingContext> bc = mBrowsingContext; bc;
bc = bc->GetParent()) { bc = bc->GetParent()) {
// If the BrowsingContext is not in process, then it // If the BrowsingContext is not in process, then it
@@ -8068,7 +8069,11 @@ nsresult nsDocShell::CheckLoadingPermissions() {
return NS_ERROR_UNEXPECTED; return NS_ERROR_UNEXPECTED;
} }
if (nsContentUtils::SubjectPrincipal()->Subsumes(p)) { // file: URIs are considered the same domain for the purpose of frame
// navigation by clicking a targeted link, regardless of script
// accessibility (bug 1934807).
if (subjectPrincipal->Subsumes(p) ||
(subjectPrincipal->SchemeIs("file") && p->SchemeIs("file"))) {
// Same origin, permit load // Same origin, permit load
return NS_OK; return NS_OK;
} }