Branch version of patch for bug 305565 (r/sr=jst/bz).

2005-09-07 02:39:51 +00:00 · 2005-09-07 02:39:51 +00:00 · 52eeba63ea
--- a/layout/generic/nsObjectFrame.cpp
+++ b/layout/generic/nsObjectFrame.cpp
@ -1346,30 +1346,6 @@ nsObjectFrame::InstantiatePlugin(nsPresContext* aPresContext,
  window->clipRect.right = 0;
 #endif

-  // Check to see if content-policy wants to veto this
-  if (aURI) {
-    nsIDocument *document = aPresContext->PresShell()->GetDocument();
-    if (! document)
-      return NS_ERROR_FAILURE;
-
-    nsIURI *docURI = document->GetDocumentURI();
-    //don't care if we can't get the originating URL
-
-    PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; // default permit
-    nsresult rv =
-      NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_OBJECT,
-                                aURI,
-                                docURI,
-                                mContent,
-                                nsDependentCString(aMimeType ? aMimeType : ""),
-                                nsnull, //extra
-                                &shouldLoad,
-                                nsContentUtils::GetContentPolicy());
-    if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
-      return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
-    }
-  }
-
 #ifdef DEBUG
  mInstantiating = PR_TRUE;
 #endif
--- a/modules/plugin/base/src/nsPluginHostImpl.cpp
+++ b/modules/plugin/base/src/nsPluginHostImpl.cpp
@ -168,6 +168,8 @@
 #include "nsIDocShell.h"
 #include "nsPluginNativeWindow.h"
 #include "nsIScriptSecurityManager.h"
+#include "nsIContentPolicy.h"
+#include "nsContentPolicyUtils.h"

 #ifdef XP_UNIX
 #if defined(MOZ_WIDGET_GTK) || defined (MOZ_WIDGET_GTK2)
@ -3332,6 +3334,43 @@ NS_IMETHODIMP nsPluginHostImpl::InstantiateEmbeddedPlugin(const char *aMimeType,
    return rv;
  }

+  // Security checks
+  // Can't do security checks without a URI - hopefully the plugin will take
+  // care of that
+  if (aURL) {
+    nsCOMPtr<nsIScriptSecurityManager> secMan =
+                    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    if (NS_FAILED(rv))
+      return rv; // Better fail if we can't do security checks
+
+    nsCOMPtr<nsIDocument> doc;
+    if (aOwner)
+      aOwner->GetDocument(getter_AddRefs(doc));
+    if (!doc)
+      return NS_ERROR_NULL_POINTER;
+
+    rv = secMan->CheckLoadURIWithPrincipal(doc->GetPrincipal(), aURL, 0);
+    if (NS_FAILED(rv))
+      return rv;
+
+    nsCOMPtr<nsIDOMElement> elem;
+    pti2->GetDOMElement(getter_AddRefs(elem));
+
+    PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; // default permit
+    nsresult rv =
+      NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_OBJECT,
+                                aURL,
+                                doc->GetDocumentURI(),
+                                elem,
+                                nsDependentCString(aMimeType ? aMimeType : ""),
+                                nsnull, //extra
+                                &shouldLoad);
+    if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad))
+      return NS_ERROR_FAILURE;
+  }
+
+
+
  if (tagType == nsPluginTagType_Applet ||
      PL_strncasecmp(aMimeType, "application/x-java-vm", 21) == 0 ||
      PL_strncasecmp(aMimeType, "application/x-java-applet", 25) == 0) {