More fixes for 55237, cleaned up CheckLoadURI and added a check on "Edit This Link." Also added error reporting (bug 40538).

r=beard, sr=hyatt
2006-07-29 05:36:37 +00:00 · 2006-07-29 05:36:37 +00:00 · 7e06c069e2
--- a/suite/common/contentAreaUtils.js
+++ b/suite/common/contentAreaUtils.js
@ -39,24 +39,18 @@

  function openNewWindowWith(url) {

- // URL Loading Security Check
-    const nsIStandardURL = Components.interfaces.nsIStandardURL;
-    const nsIURI = Components.interfaces.nsIURI;
-    const stdURL = Components.classes["@mozilla.org/network/standard-url;1"];
-
-    var sourceURL = stdURL.createInstance(nsIStandardURL);
-    var focusedWindow = document.commandDispatcher.focusedWindow;
+    // URL Loading Security Check
+	var focusedWindow = document.commandDispatcher.focusedWindow;
    var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : window._content.location.href;
-    sourceURL.init(nsIStandardURL.URLTYPE_STANDARD, 80, sourceWin, null);
-
-    var targetURL = stdURL.createInstance(nsIStandardURL);
-    targetURL.init(nsIStandardURL.URLTYPE_STANDARD, 80, url, null);

    const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
    var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
                 QueryInterface(nsIScriptSecurityManager);
-    secMan.checkLoadURI(sourceURL, targetURL, nsIScriptSecurityManager.STANDARD);
-
+	try {
+      secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
+    } catch (e) {
+	  throw "Load of " + url + " denied.";
+    }
    var newWin;
    var wintype = document.firstChild.getAttribute('windowtype');
     
--- a/suite/common/utilityOverlay.js
+++ b/suite/common/utilityOverlay.js
@ -281,6 +281,20 @@ function editPage(url, launchWindow, delay)
    }
  }

+  // URL Loading Security Check
+  var focusedWindow = launchWindow.document.commandDispatcher.focusedWindow;
+  var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
+
+  const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
+  var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
+               QueryInterface(nsIScriptSecurityManager);
+  try {
+    secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
+  } catch (e) {
+  	  throw "Edit of " + url + " denied.";
+  }
+
+
  var windowManager = Components.classes['@mozilla.org/rdf/datasource;1?name=window-mediator'].getService();
  if (!windowManager) return;
  var windowManagerInterface = windowManager.QueryInterface( Components.interfaces.nsIWindowMediator);