Fixing bug 83332. Event listeners registerd with the DOM method addEventListener were being executed on the wrong context, often on the safe context (i.e. the hidden window context), this causes potential security problems and problems in cases where we use the context for figuring out the base URI when resolving relative URL's n' such... r=joki@netscape.com, sr=hyatt@netscape.com, a=drivers@mozilla.org.

content/events/src/nsEventListenerManager.cpp

@@ -1113,6 +1113,48 @@ nsEventListenerManager::HandleEventSubType(nsListenerStruct* aListenerStruct,
     }
   }
 
+  nsCOMPtr<nsIScriptGlobalObject> sgo;
+  nsCOMPtr<nsIContent> content(do_QueryInterface(aCurrentTarget));
+  nsCOMPtr<nsIDocument> document;
+
+  if (content) {
+    content->GetDocument(*getter_AddRefs(document));
+  }
+
+  if (!document) {
+    document = do_QueryInterface(aCurrentTarget);
+  }
+
+  if (document) {
+    document->GetScriptGlobalObject(getter_AddRefs(sgo));
+  }
+
+  if (!sgo) {
+    sgo = do_QueryInterface(aCurrentTarget);
+  }
+
+  JSContext *cx = nsnull;
+
+  if (sgo) {
+    nsCOMPtr<nsIScriptContext> scx;
+
+    sgo->GetContext(getter_AddRefs(scx));
+
+    if (scx) {
+      cx = (JSContext *)scx->GetNativeContext();
+    }
+  }
+
+  nsCOMPtr<nsIJSContextStack> stack;
+
+  if (cx) {
+    stack = do_GetService("@mozilla.org/js/xpc/ContextStack;1");
+
+    if (stack) {
+      stack->Push(cx);
+    }
+  }
+
   if (NS_SUCCEEDED(result)) {
     nsCOMPtr<nsIPrivateDOMEvent> aPrivDOMEvent(do_QueryInterface(aDOMEvent));
     aPrivDOMEvent->SetCurrentTarget(aCurrentTarget);
@@ -1120,6 +1162,10 @@ nsEventListenerManager::HandleEventSubType(nsListenerStruct* aListenerStruct,
     aPrivDOMEvent->SetCurrentTarget(nsnull);
   }
 
+  if (cx && stack) {
+    stack->Pop(&cx);
+  }
+
   return result;
 }