зеркало из https://github.com/mozilla/gecko-dev.git
back out 10814cd743e3 (from bug 693940) since it breaks moz-filedata URIs in SVG-as-an-image
This commit is contained in:
Родитель
0622f85e58
Коммит
6aebac4aad
|
@ -87,14 +87,12 @@ nsDataDocumentContentPolicy::ShouldLoad(PRUint32 aContentType,
|
|||
}
|
||||
|
||||
if (doc->IsBeingUsedAsImage()) {
|
||||
// Only allow SVG-as-an-image to load local resources that inherit security
|
||||
// context (basically just data: URIs), to prevent data leakage.
|
||||
// Allow local resources for SVG-as-an-image documents, but disallow
|
||||
// everything else, to prevent data leakage
|
||||
bool hasFlags;
|
||||
nsresult rv =
|
||||
NS_URIChainHasFlags(aContentLocation,
|
||||
nsIProtocolHandler::URI_IS_LOCAL_RESOURCE |
|
||||
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
|
||||
&hasFlags);
|
||||
nsresult rv = NS_URIChainHasFlags(aContentLocation,
|
||||
nsIProtocolHandler::URI_IS_LOCAL_RESOURCE,
|
||||
&hasFlags);
|
||||
if (NS_FAILED(rv) || !hasFlags) {
|
||||
// resource is not local (or we couldn't tell) - reject!
|
||||
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
||||
|
|
|
@ -109,11 +109,11 @@ random == img-and-image-1.html img-and-image-1-ref.svg # bug 645267
|
|||
# tests for external resources vs. data URIs in SVG as an image
|
||||
== svg-image-datauri-1.html lime100x100.svg
|
||||
HTTP == svg-image-datauri-1.html lime100x100.svg
|
||||
== svg-image-external-1.html blue100x100.svg
|
||||
fails-if(Android) == svg-image-external-1.html lime100x100.svg
|
||||
HTTP == svg-image-external-1.html blue100x100.svg
|
||||
== svg-stylesheet-datauri-1.html lime100x100.svg
|
||||
HTTP == svg-stylesheet-datauri-1.html lime100x100.svg
|
||||
== svg-stylesheet-external-1.html blue100x100.svg
|
||||
random == svg-stylesheet-external-1.html lime100x100.svg # see bug 629885 comment 9
|
||||
HTTP == svg-stylesheet-external-1.html blue100x100.svg
|
||||
|
||||
# test that :visited status is ignored in image documents
|
||||
|
|
Загрузка…
Ссылка в новой задаче