From 7ebac0960fa34c111184484941f30b1539a3d8a0 Mon Sep 17 00:00:00 2001
From: Boris Zbarsky <bzbarsky@mit.edu>
Date: Thu, 21 Dec 2017 10:54:43 -0500
Subject: [PATCH] Bug 1424474 part 1.  Make sure we don't call into the chrome
 registry's AllowContentToAccess with non-chrome URLs.  r=gijs

MozReview-Commit-ID: I3DyrYGpGC2
---
 caps/nsScriptSecurityManager.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp
index e557f4f1a0b7..db7cb8f29c82 100644
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -897,7 +897,7 @@ nsScriptSecurityManager::CheckLoadURIFlags(nsIURI *aSourceURI,
                 if (accessAllowed) {
                     return NS_OK;
                 }
-            } else {
+            } else if (targetScheme.EqualsLiteral("chrome")) {
                 // Allow the load only if the chrome package is whitelisted.
                 nsCOMPtr<nsIXULChromeRegistry> reg(
                         do_GetService(NS_CHROMEREGISTRY_CONTRACTID));