corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Propagate the node's principal as the owner to <object> loads as needed, and allow <object data="javascript:"> to work. Bug 353334 and bug 300263, r=biesi, sr=jst, a=dsicore

Browse Source
This commit is contained in:
2007-12-03 13:57:17 -08:00
parent 1d8500510e
commit f74bec6f95
5 changed files with 136 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
docshell/base/nsDocShell.cpp
View File

@@ -7267,19 +7267,21 @@ nsDocShell::DoURILoad(nsIURI * aURI,
// (Currently chrome URIs set the owner when they are created!
// So setting a NULL owner would be bad!)
//
// If this code ever changes, change nsObjectLoadingContent::LoadObject
// accordingly.
PRBool inherit;
// We expect URIInheritsSecurityContext to return success for an
// about:blank URI, so don't call IsAboutBlank() if this call fails.
rv = URIInheritsSecurityContext(aURI, &inherit);
if (NS_SUCCEEDED(rv) && (inherit || IsAboutBlank(aURI))) {
channel->SetOwner(aOwner);
nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
if (scriptChannel) {
// Allow execution against our context if the principals match
scriptChannel->
SetExecutionPolicy(nsIScriptChannel::EXECUTE_NORMAL);
}
}
nsCOMPtr<nsIScriptChannel> scriptChannel = do_QueryInterface(channel);
if (scriptChannel) {
// Allow execution against our context if the principals match
scriptChannel->
SetExecutionPolicy(nsIScriptChannel::EXECUTE_NORMAL);
}
if (aIsNewWindowTarget) {