зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1522181 - multiple external protocol URL blocker behind pref, r=smaug
This commit is contained in:
Родитель
e2b193a67c
Коммит
0ae3238ccd
|
@ -9640,6 +9640,7 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
|||
aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME,
|
||||
"DoURILoad thinks this is a frame and InternalLoad does not");
|
||||
|
||||
if (StaticPrefs::dom_block_external_protocol_in_iframes()) {
|
||||
// Only allow URLs able to return data in iframes.
|
||||
bool doesNotReturnData = false;
|
||||
NS_URIChainHasFlags(aLoadState->URI(),
|
||||
|
@ -9648,8 +9649,9 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
|||
if (doesNotReturnData) {
|
||||
bool popupBlocked = true;
|
||||
|
||||
// Let's consider external protocols as popups and let's check if the page
|
||||
// is allowed to open them without abuse regardless of allowed events
|
||||
// Let's consider external protocols as popups and let's check if the
|
||||
// page is allowed to open them without abuse regardless of allowed
|
||||
// events
|
||||
if (PopupBlocker::GetPopupControlState() <= PopupBlocker::openBlocked) {
|
||||
popupBlocked = !PopupBlocker::TryUsePopupOpeningToken();
|
||||
} else {
|
||||
|
@ -9665,6 +9667,7 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
|
|||
return NS_ERROR_UNKNOWN_PROTOCOL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Only allow view-source scheme in top-level docshells. view-source is
|
||||
// the only scheme to which this applies at the moment due to potential
|
||||
|
|
|
@ -10,8 +10,7 @@
|
|||
<div id='foo'><a href='#'>Click here to test this issue</a></div>
|
||||
<script>
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
function next() {
|
||||
let foo = document.getElementById('foo');
|
||||
foo.addEventListener('click', _ => {
|
||||
is(ChromeUtils.getPopupControlState(), "openAllowed", "Click events allow popups");
|
||||
|
@ -33,7 +32,13 @@ foo.addEventListener('click', _ => {
|
|||
setTimeout(_ => {
|
||||
sendMouseEvent({type:'click'}, 'foo');
|
||||
}, 0);
|
||||
}
|
||||
|
||||
SpecialPowers.pushPrefEnv({'set': [
|
||||
['dom.block_external_protocol_in_iframes', true],
|
||||
]}, next);
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -456,6 +456,19 @@ VARCACHE_PREF(
|
|||
RelaxedAtomicBool, false
|
||||
)
|
||||
|
||||
// Block multiple external protocol URLs in iframes per single event.
|
||||
#ifdef NIGHTLY_BUILD
|
||||
#define PREF_VALUE true
|
||||
#else
|
||||
#define PREF_VALUE false
|
||||
#endif
|
||||
VARCACHE_PREF(
|
||||
"dom.block_external_protocol_in_iframes",
|
||||
dom_block_external_protocol_in_iframes,
|
||||
bool, PREF_VALUE
|
||||
)
|
||||
#undef PREF_VALUE
|
||||
|
||||
// Block multiple window.open() per single event.
|
||||
VARCACHE_PREF(
|
||||
"dom.block_multiple_popups",
|
||||
|
|
Загрузка…
Ссылка в новой задаче