Use a Subsumes() check, not a same-origin one. r+sr=jst

2007-07-09 21:14:00 -07:00 · 2007-07-09 21:14:00 -07:00 · ced8f1a4b0
--- a/embedding/components/find/src/nsWebBrowserFind.cpp
+++ b/embedding/components/find/src/nsWebBrowserFind.cpp
@ -74,6 +74,7 @@
 #include "nsISupportsPrimitives.h"
 #include "nsITimelineService.h"
 #include "nsFind.h"
+#include "nsDOMError.h"

 #if DEBUG
 #include "nsIWebNavigation.h"
@ -723,9 +724,8 @@ nsresult nsWebBrowserFind::SearchInFrame(nsIDOMWindow* aWindow,
    NS_ENSURE_SUCCESS(rv, rv);
    if (!domDoc) return NS_ERROR_FAILURE;

-    // Do security check, to ensure that the frame we're searching
-    // is from the same origin as the frame from which the Find is
-    // being run.
+    // Do security check, to ensure that the frame we're searching is
+    // acccessible from the frame where the Find is being run.

    // get a uri for the window
    nsCOMPtr<nsIDocument> theDoc = do_QueryInterface(domDoc);
@ -735,20 +735,24 @@ nsresult nsWebBrowserFind::SearchInFrame(nsIDOMWindow* aWindow,
      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
    NS_ENSURE_SUCCESS(rv, rv);
  
-    PRBool hasCap = PR_FALSE;
-    secMan->IsCapabilityEnabled("UniversalBrowserWrite", &hasCap);
-    if (!hasCap)
-      secMan->IsCapabilityEnabled("UniversalXPConnect", &hasCap);
+    nsCOMPtr<nsIPrincipal> subject;
+    rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
+    NS_ENSURE_SUCCESS(rv, rv);

-    if (!hasCap) {
-      nsCOMPtr<nsIPrincipal> subject;
-      rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
-      NS_ENSURE_SUCCESS(rv, rv);
-      if (subject) {
-        rv = secMan->CheckSameOriginPrincipal(subject,
-                                              theDoc->NodePrincipal());
+    if (subject) {
+        PRBool subsumes;
+        rv = subject->Subsumes(theDoc->NodePrincipal(), &subsumes);
        NS_ENSURE_SUCCESS(rv, rv);
-      }
+        if (!subsumes) {
+            PRBool hasCap = PR_FALSE;
+            secMan->IsCapabilityEnabled("UniversalBrowserWrite", &hasCap);
+            if (!hasCap) {
+                secMan->IsCapabilityEnabled("UniversalXPConnect", &hasCap);
+            }
+            if (!hasCap) {
+                return NS_ERROR_DOM_PROP_ACCESS_DENIED;
+            }
+        }
    }

    if (!mFind) {