From 1367551f574f531729384bd791bbf56c5ceec33c Mon Sep 17 00:00:00 2001 From: "cbiesinger%web.de" Date: Mon, 8 Aug 2005 16:25:11 +0000 Subject: [PATCH] 301119 allow error pages to load favicons xpfe: dveditz: second-review+ benjamin: first-review+ asa: approval1.8b4+ toolkit: benjamin: first-review+ benjamin: approval1.8b4+ patch by me, ported to toolkit by Henrik Skupin --- toolkit/content/widgets/tabbrowser.xml | 9 +++++++-- xpfe/global/resources/content/bindings/tabbrowser.xml | 9 +++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/toolkit/content/widgets/tabbrowser.xml b/toolkit/content/widgets/tabbrowser.xml index 11f4908ff349..6b0dc35e524a 100644 --- a/toolkit/content/widgets/tabbrowser.xml +++ b/toolkit/content/widgets/tabbrowser.xml @@ -783,8 +783,13 @@ Components.interfaces.nsIScriptSecurityManager; try { - secMan.checkLoadURI(origURI, uri, - nsIScriptSecMan.DISALLOW_SCRIPT); + // error pages can load their favicon + // to be on the safe side, only allow chrome:// favicons + const aboutNeterr = "about:neterror?"; + if (origURI.spec.substr(0, aboutNeterr.length) != aboutNeterr || + !uri.schemeIs("chrome")) + secMan.checkLoadURI(origURI, uri, + nsIScriptSecMan.DISALLOW_SCRIPT); } catch(e) { return; } diff --git a/xpfe/global/resources/content/bindings/tabbrowser.xml b/xpfe/global/resources/content/bindings/tabbrowser.xml index e40c92a6e6ca..addd2dd7af4b 100644 --- a/xpfe/global/resources/content/bindings/tabbrowser.xml +++ b/xpfe/global/resources/content/bindings/tabbrowser.xml @@ -705,8 +705,13 @@ Components.interfaces.nsIScriptSecurityManager; try { - secMan.checkLoadURI(origURI, uri, - nsIScriptSecMan.DISALLOW_SCRIPT); + // error pages can load their favicon + // to be on the safe side, only allow chrome:// favicons + const aboutNeterr = "about:neterror?"; + if (origURI.spec.substr(0, aboutNeterr.length) != aboutNeterr || + !uri.schemeIs("chrome")) + secMan.checkLoadURI(origURI, uri, + nsIScriptSecMan.DISALLOW_SCRIPT); } catch(e) { return; }