mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 335334: simplify checkLoadURI callers, r=mconnor, sr=bzbarsky

This commit is contained in:
gavin%gavinsharp.com 2006-08-21 18:41:08 +00:00
Родитель b8dd171841
Коммит 6f2cd3360d
2 изменённых файлов: 27 добавлений и 44 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

55
browser/base/content/browser.js
Просмотреть файл

@ -2466,11 +2466,9 @@ var urlbarObserver = {
try {
gURLBar.value = url;
var uri = makeURI(gURLBar.value);
const secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(Components.interfaces.nsIScriptSecurityManager);
const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
secMan.checkLoadURI(gBrowser.currentURI, uri, nsIScriptSecMan.DISALLOW_SCRIPT_OR_DATA);
urlSecurityCheck(gURLBar.value, gBrowser.currentURI.spec,
nsIScriptSecMan.DISALLOW_SCRIPT_OR_DATA);
handleURLBarCommand();
} catch (ex) {}
}
@ -2904,12 +2902,11 @@ var goButtonObserver = {
var url = getShortcutOrURI(draggedText, postData);
try {
getBrowser().dragDropSecurityCheck(aEvent, aDragSession, url);
var uri = makeURI(url);
const secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(Components.interfaces.nsIScriptSecurityManager);
const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
secMan.checkLoadURI(gBrowser.currentURI, uri, nsIScriptSecMan.DISALLOW_SCRIPT_OR_DATA);
loadURI(uri.spec, null, postData.value, true);
urlSecurityCheck(url, gBrowser.currentURI.spec,
nsIScriptSecMan.DISALLOW_SCRIPT_OR_DATA);
loadURI(url, null, postData.value, true);
} catch (ex) {}
},
getSupportedFlavours: function ()
@ -4814,12 +4811,10 @@ nsContextMenu.prototype = {
// Open clicked-in frame in the same window.
showOnlyThisFrame : function () {
try {
const secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(Components.interfaces.nsIScriptSecurityManager);
const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
secMan.checkLoadURI(gBrowser.currentURI, makeURI(this.target.ownerDocument.location.href),
nsIScriptSecMan.DISALLOW_SCRIPT);
window.loadURI(this.target.ownerDocument.location.href, null, null, false);
var frameURL = this.target.ownerDocument.location.href;
urlSecurityCheck(frameURL, gBrowser.currentURI.spec,
nsIScriptSecMan.DISALLOW_SCRIPT);
window.loadURI(frameURL, null, null, false);
} catch(e) {}
},
// View Partial Source
@ -4859,31 +4854,17 @@ nsContextMenu.prototype = {
},
// Change current window to the URL of the image.
viewImage : function (e) {
urlSecurityCheck( this.imageURL, this.docURL );
try {
if (this.docURL != gBrowser.currentURI) {
const secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(Components.interfaces.nsIScriptSecurityManager);
const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
secMan.checkLoadURI(gBrowser.currentURI, makeURI(this.imageURL),
nsIScriptSecMan.DISALLOW_SCRIPT);
}
openUILink( this.imageURL, e );
} catch(e) {}
const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
urlSecurityCheck( this.imageURL, gBrowser.currentURI.spec,
nsIScriptSecMan.DISALLOW_SCRIPT );
openUILink( this.imageURL, e );
},
// Change current window to the URL of the background image.
viewBGImage : function (e) {
urlSecurityCheck( this.bgImageURL, this.docURL );
try {
if (this.docURL != gBrowser.currentURI) {
const secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(Components.interfaces.nsIScriptSecurityManager);
const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
secMan.checkLoadURI(gBrowser.currentURI, makeURI(this.bgImageURL),
nsIScriptSecMan.DISALLOW_SCRIPT);
}
openUILink( this.bgImageURL, e );
} catch(e) {}
const nsIScriptSecMan = Components.interfaces.nsIScriptSecurityManager;
urlSecurityCheck( this.bgImageURL, gBrowser.currentURI.spec,
nsIScriptSecMan.DISALLOW_SCRIPT );
openUILink( this.bgImageURL, e );
},
disableSetDesktopBackground: function() {
// Disable the Set as Desktop Background menu item if we're still trying

16
toolkit/content/contentAreaUtils.js
Просмотреть файл

@ -109,33 +109,35 @@ function openNewWindowWith(href, sourceURL, postData, allowThirdPartyFixup)
}
/**
* urlSecurityCheck: JavaScript wrapper for CheckLoadURI.
* urlSecurityCheck: JavaScript wrapper for CheckLoadURIStr.
* If |sourceURL| is not allowed to link to |url|, this function throws with an error message.
*
* @param url The URL a page has linked to.
* @param sourceURL The URL of the document from which the URL came.
* @param flags Flags to be passed to checkLoadURIStr. If undefined,
* nsIScriptSecurityManager.STANDARD will be passed to checkLoadURIStr.
*/
function urlSecurityCheck(url, sourceURL)
function urlSecurityCheck(url, sourceURL, flags)
{
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(nsIScriptSecurityManager);
if (flags === undefined)
flags = nsIScriptSecurityManager.STANDARD;
try {
secMan.checkLoadURIStr(sourceURL, url, nsIScriptSecurityManager.STANDARD);
secMan.checkLoadURIStr(sourceURL, url, flags);
} catch (e) {
throw "Load of " + url + " from " + sourceURL + " denied.";
}
}
function webPanelSecurityCheck(aSourceURL, aDestURL) {
var sourceURI = makeURI(aSourceURL);
var destURI = makeURI(aDestURL);
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(nsIScriptSecurityManager);
try {
secMan.checkLoadURI(sourceURI, destURI, nsIScriptSecurityManager.STANDARD);
secMan.checkLoadURIStr(aSourceURL, aDestURL, nsIScriptSecurityManager.STANDARD);
} catch (e) {
return false;
}