зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1669453 - Get user passwords after validating same-origin. r=smaug
Differential Revision: https://phabricator.services.mozilla.com/D198084
This commit is contained in:
Родитель
3a54b24c9b
Коммит
096f34a11c
|
@ -11264,16 +11264,19 @@ nsDocShell::AddState(JS::Handle<JS::Value> aData, const nsAString& aTitle,
|
|||
// It's very important that we check that newURI is of the same
|
||||
// origin as currentURI, not docBaseURI, because a page can
|
||||
// set docBaseURI arbitrarily to any domain.
|
||||
nsAutoCString currentUserPass, newUserPass;
|
||||
NS_ENSURE_SUCCESS(currentURI->GetUserPass(currentUserPass),
|
||||
NS_ERROR_FAILURE);
|
||||
NS_ENSURE_SUCCESS(newURI->GetUserPass(newUserPass), NS_ERROR_FAILURE);
|
||||
bool isPrivateWin =
|
||||
document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId >
|
||||
0;
|
||||
if (NS_FAILED(secMan->CheckSameOriginURI(currentURI, newURI, true,
|
||||
isPrivateWin)) ||
|
||||
!currentUserPass.Equals(newUserPass)) {
|
||||
isPrivateWin))) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
nsAutoCString currentUserPass, newUserPass;
|
||||
NS_ENSURE_SUCCESS(currentURI->GetUserPass(currentUserPass),
|
||||
NS_ERROR_FAILURE);
|
||||
NS_ENSURE_SUCCESS(newURI->GetUserPass(newUserPass), NS_ERROR_FAILURE);
|
||||
if (!currentUserPass.Equals(newUserPass)) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
[001.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[pushState must not be allowed to create cross-origin URLs (about:blank)]
|
||||
expected: FAIL
|
||||
|
||||
[pushState must not be allowed to create cross-origin URLs (data:URI)]
|
||||
expected: FAIL
|
|
@ -1,8 +0,0 @@
|
|||
[002.html]
|
||||
expected:
|
||||
if (os == "android") and fission: [OK, TIMEOUT]
|
||||
[replaceState must not be allowed to create cross-origin URLs (about:blank)]
|
||||
expected: FAIL
|
||||
|
||||
[replaceState must not be allowed to create cross-origin URLs (data:URI)]
|
||||
expected: FAIL
|
Загрузка…
Ссылка в новой задаче