From e8f0b53250b04d196719b188936ad34b79a5a7f8 Mon Sep 17 00:00:00 2001 From: "norris%netscape.com" Date: Tue, 12 Oct 1999 22:47:36 +0000 Subject: [PATCH] Needed for 7254: Implement DOM security reviewed by Ben Goodger and Seth Spitzer Scripts running from chrome are considered super privileged and can perform operations that scripts from the web cannot. I differentiate chrome scripts from web scripts by considering all scripts loaded from chrome: URIs to be privileged. The problem I'm running into is that the loading of relative urls in this code ends up going to the file: protocol (which is what the chrome protocol is converted to internally). This change makes sure we load from the chrome protocol so that the scripts are privileged and don't get access errors. It's probably a good idea to load from the chrome protocol anyway since it may one day be resolved to extracting from a JAR file rather than accessing a discrete file. --- profile/resources/content/createProfileWizard.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/profile/resources/content/createProfileWizard.js b/profile/resources/content/createProfileWizard.js index 987c645a343c..9de386e2e554 100644 --- a/profile/resources/content/createProfileWizard.js +++ b/profile/resources/content/createProfileWizard.js @@ -67,7 +67,7 @@ var testMap = { newProfile1_1: { previous: null, next: "newProfile1_2" }, newProfile1_2: { previous: "newProfile1_1", next: null}, } - +var pagePrefix = "chrome://profile/content/"; var pagePostfix=".xul"; var currentPageTag; @@ -200,7 +200,7 @@ function onCancel() // utility functions function getUrlFromTag(title) { - return title + pagePostfix; + return pagePrefix + title + pagePostfix; } function Startup()