Bug 1465160 - Pass null principal to view image. r=ckerschb, r=Gijs

This commit is contained in:
Jonathan Kingston 2018-05-30 00:42:50 +01:00
Родитель 9d5b27393d
Коммит 7880d71c28
2 изменённых файлов: 25 добавлений и 2 удалений

Просмотреть файл

@ -863,6 +863,9 @@ nsContextMenu.prototype = {
// Open clicked-in frame in the same window.
showOnlyThisFrame() {
urlSecurityCheck(gContextMenuContentData.docLocation,
this.browser.contentPrincipal,
Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
let referrer = gContextMenuContentData.referrer;
openWebLinkIn(gContextMenuContentData.docLocation, "current", {
disallowInheritPrincipal: true,
@ -921,6 +924,9 @@ nsContextMenu.prototype = {
},
viewImageDesc(e) {
urlSecurityCheck(this.imageDescURL,
this.principal,
Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
openUILink(this.imageDescURL, e, { disallowInheritPrincipal: true,
referrerURI: gContextMenuContentData.documentURIObject,
triggeringPrincipal: this.principal,
@ -933,6 +939,10 @@ nsContextMenu.prototype = {
},
reloadImage() {
urlSecurityCheck(this.mediaURL,
this.principal,
Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
this.browser.messageManager.sendAsyncMessage("ContextMenu:ReloadImage",
null, { target: this.target });
},
@ -961,10 +971,13 @@ nsContextMenu.prototype = {
triggeringPrincipal: systemPrincipal});
}, Cu.reportError);
} else {
urlSecurityCheck(this.mediaURL,
this.principal,
Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
openUILink(this.mediaURL, e, { disallowInheritPrincipal: true,
referrerURI,
forceAllowDataURI: true,
triggeringPrincipal: this.browser.contentPrincipal
triggeringPrincipal: this.principal,
});
}
},
@ -1005,9 +1018,13 @@ nsContextMenu.prototype = {
// Change current window to the URL of the background image.
viewBGImage(e) {
urlSecurityCheck(this.bgImageURL,
this.principal,
Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
openUILink(this.bgImageURL, e, { disallowInheritPrincipal: true,
referrerURI: gContextMenuContentData.documentURIObject,
triggeringPrincipal: this.browser.contentPrincipal
triggeringPrincipal: this.principal,
});
},

Просмотреть файл

@ -394,6 +394,12 @@ var pktUI = (function() {
// Open a new tab with a given url
var _openTabWithUrlMessageId = "openTabWithUrl";
pktUIMessaging.addMessageListener(iframe, _openTabWithUrlMessageId, function(panelId, data, contentPrincipal) {
try {
urlSecurityCheck(data.url, contentPrincipal, Services.scriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
} catch (ex) {
return;
}
var url = data.url;
openTabWithUrl(url, contentPrincipal);
pktUIMessaging.sendResponseMessageToPanel(panelId, _openTabWithUrlMessageId, url);