mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1344706 - Do not reuse originPrincipal as triggeringPrincipal within utilityOverlay.js. r=gijs

This commit is contained in:
Christoph Kerschbaumer 2017-04-03 09:58:17 +02:00
Родитель e0b947bce4
Коммит a40ae7abe5
5 изменённых файлов: 23 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

8
browser/base/content/browser.js
Просмотреть файл

@ -1340,6 +1340,7 @@ var gBrowserInit = {
// [5]: referrerPolicy (int) // [5]: referrerPolicy (int)
// [6]: userContextId (int) // [6]: userContextId (int)
// [7]: originPrincipal (nsIPrincipal) // [7]: originPrincipal (nsIPrincipal)
// [8]: triggeringPrincipal (nsIPrincipal)
let referrerURI = window.arguments[2]; let referrerURI = window.arguments[2];
if (typeof(referrerURI) == "string") { if (typeof(referrerURI) == "string") {
try { try {
@ -1356,7 +1357,7 @@ var gBrowserInit = {
window.arguments[4] || false, referrerPolicy, userContextId, window.arguments[4] || false, referrerPolicy, userContextId,
// pass the origin principal (if any) and force its use to create // pass the origin principal (if any) and force its use to create
// an initial about:blank viewer if present: // an initial about:blank viewer if present:
window.arguments[7], !!window.arguments[7]); window.arguments[7], !!window.arguments[7], window.arguments[8]);
window.focus(); window.focus();
} else { } else {
// Note: loadOneOrMoreURIs *must not* be called if window.arguments.length >= 3. // Note: loadOneOrMoreURIs *must not* be called if window.arguments.length >= 3.
@ -2248,7 +2249,8 @@ function BrowserTryToCloseWindow() {
} }
function loadURI(uri, referrer, postData, allowThirdPartyFixup, referrerPolicy, function loadURI(uri, referrer, postData, allowThirdPartyFixup, referrerPolicy,
userContextId, originPrincipal, forceAboutBlankViewerInCurrent) { userContextId, originPrincipal, forceAboutBlankViewerInCurrent,
triggeringPrincipal) {
try { try {
openLinkIn(uri, "current", openLinkIn(uri, "current",
{ referrerURI: referrer, { referrerURI: referrer,
@ -2257,6 +2259,7 @@ function loadURI(uri, referrer, postData, allowThirdPartyFixup, referrerPolicy,
allowThirdPartyFixup, allowThirdPartyFixup,
userContextId, userContextId,
originPrincipal, originPrincipal,
triggeringPrincipal,
forceAboutBlankViewerInCurrent, forceAboutBlankViewerInCurrent,
}); });
} catch (e) {} } catch (e) {}
@ -5782,6 +5785,7 @@ function handleLinkClick(event, href, linkNode) {
referrerPolicy, referrerPolicy,
noReferrer: BrowserUtils.linkHasNoReferrer(linkNode), noReferrer: BrowserUtils.linkHasNoReferrer(linkNode),
originPrincipal: doc.nodePrincipal, originPrincipal: doc.nodePrincipal,
triggeringPrincipal: doc.nodePrincipal,
frameOuterWindowID, frameOuterWindowID,
}; };

1
browser/base/content/content.js
Просмотреть файл

@ -578,6 +578,7 @@ var ClickEventHandler = {
} catch (e) {} } catch (e) {}
} }
json.originPrincipal = ownerDoc.nodePrincipal; json.originPrincipal = ownerDoc.nodePrincipal;
json.triggeringPrincipal = ownerDoc.nodePrincipal;
sendAsyncMessage("Content:Click", json); sendAsyncMessage("Content:Click", json);
return; return;

3
browser/base/content/nsContextMenu.js
Просмотреть файл

@ -985,6 +985,7 @@ nsContextMenu.prototype = {
_openLinkInParameters(extra) { _openLinkInParameters(extra) {
let params = { charset: gContextMenuContentData.charSet, let params = { charset: gContextMenuContentData.charSet,
originPrincipal: this.principal, originPrincipal: this.principal,
triggeringPrincipal: this.principal,
referrerURI: gContextMenuContentData.documentURIObject, referrerURI: gContextMenuContentData.documentURIObject,
referrerPolicy: gContextMenuContentData.referrerPolicy, referrerPolicy: gContextMenuContentData.referrerPolicy,
frameOuterWindowID: gContextMenuContentData.frameOuterWindowID, frameOuterWindowID: gContextMenuContentData.frameOuterWindowID,
@ -1174,7 +1175,7 @@ nsContextMenu.prototype = {
this._canvasToBlobURL(this.target).then(function(blobURL) { this._canvasToBlobURL(this.target).then(function(blobURL) {
openUILink(blobURL, e, { disallowInheritPrincipal: true, openUILink(blobURL, e, { disallowInheritPrincipal: true,
referrerURI, referrerURI,
originPrincipal: systemPrincipal}); triggeringPrincipal: systemPrincipal});
}, Cu.reportError); }, Cu.reportError);
} else { } else {
urlSecurityCheck(this.mediaURL, urlSecurityCheck(this.mediaURL,

15
browser/base/content/utilityOverlay.js
Просмотреть файл

@ -220,6 +220,7 @@ function openLinkIn(url, where, params) {
var aUserContextId = params.userContextId; var aUserContextId = params.userContextId;
var aIndicateErrorPageLoad = params.indicateErrorPageLoad; var aIndicateErrorPageLoad = params.indicateErrorPageLoad;
var aPrincipal = params.originPrincipal; var aPrincipal = params.originPrincipal;
var aTriggeringPrincipal = params.triggeringPrincipal;
var aForceAboutBlankViewerInCurrent = var aForceAboutBlankViewerInCurrent =
params.forceAboutBlankViewerInCurrent; params.forceAboutBlankViewerInCurrent;
@ -267,6 +268,15 @@ function openLinkIn(url, where, params) {
}; };
aPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(aPrincipal.URI, attrs); aPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(aPrincipal.URI, attrs);
} }
if (aTriggeringPrincipal && aTriggeringPrincipal.isCodebasePrincipal) {
let attrs = {
userContextId: aUserContextId,
privateBrowsingId: aIsPrivate || (w && PrivateBrowsingUtils.isWindowPrivate(w)),
};
aTriggeringPrincipal =
Services.scriptSecurityManager.createCodebasePrincipal(aTriggeringPrincipal.URI, attrs);
}
if (!w || where == "window") { if (!w || where == "window") {
// This propagates to window.arguments. // This propagates to window.arguments.
@ -311,6 +321,7 @@ function openLinkIn(url, where, params) {
sa.appendElement(referrerPolicySupports, /* weak =*/ false); sa.appendElement(referrerPolicySupports, /* weak =*/ false);
sa.appendElement(userContextIdSupports, /* weak =*/ false); sa.appendElement(userContextIdSupports, /* weak =*/ false);
sa.appendElement(aPrincipal, /* weak =*/ false); sa.appendElement(aPrincipal, /* weak =*/ false);
sa.appendElement(aTriggeringPrincipal, /* weak =*/ false);
let features = "chrome,dialog=no,all"; let features = "chrome,dialog=no,all";
if (aIsPrivate) { if (aIsPrivate) {
@ -414,7 +425,7 @@ function openLinkIn(url, where, params) {
} }
targetBrowser.loadURIWithFlags(url, { targetBrowser.loadURIWithFlags(url, {
triggeringPrincipal: aPrincipal, triggeringPrincipal: aTriggeringPrincipal,
flags, flags,
referrerURI: aNoReferrer ? null : aReferrerURI, referrerURI: aNoReferrer ? null : aReferrerURI,
referrerPolicy: aReferrerPolicy, referrerPolicy: aReferrerPolicy,
@ -439,7 +450,7 @@ function openLinkIn(url, where, params) {
noReferrer: aNoReferrer, noReferrer: aNoReferrer,
userContextId: aUserContextId, userContextId: aUserContextId,
originPrincipal: aPrincipal, originPrincipal: aPrincipal,
triggeringPrincipal: aPrincipal, triggeringPrincipal: aTriggeringPrincipal,
}); });
targetBrowser = tabUsedForLoad.linkedBrowser; targetBrowser = tabUsedForLoad.linkedBrowser;

1
browser/modules/ContentClick.jsm
Просмотреть файл

@ -85,6 +85,7 @@ var ContentClick = {
allowMixedContent: json.allowMixedContent, allowMixedContent: json.allowMixedContent,
isContentWindowPrivate: json.isContentWindowPrivate, isContentWindowPrivate: json.isContentWindowPrivate,
originPrincipal: json.originPrincipal, originPrincipal: json.originPrincipal,
triggeringPrincipal: json.triggeringPrincipal,
frameOuterWindowID: json.frameOuterWindowID, frameOuterWindowID: json.frameOuterWindowID,
}; };