Expose nsIScriptSecurityManager::SecurityCompareURIs for use by nsGlobalWindow::SetNewDocument, to avoid spurious window.open same-origin violation errors (220421, r=caillon, sr=bzbarsky).

2003-09-28 04:22:01 +00:00 · 2003-09-28 04:22:01 +00:00 · 08f08cbf57
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@ -234,6 +234,14 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
     */
    [noscript] nsIPrincipal getPrincipalFromContext(in JSContextPtr cx);

+    /**
+     * Utility method for comparing two URIs.  For security purposes, two URIs
+     * are equivalent if their schemes, hosts, and ports (if any) match.  This
+     * method returns true if aSubjectURI and aObjectURI have the same origin,
+     * false otherwise.
+     */
+    [noscript] boolean securityCompareURIs(in nsIURI aSubjectURI,
+                                           in nsIURI aObjectURI);
 };

 %{C++
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@ -285,11 +285,6 @@ public:

    JSContext* GetSafeJSContext();

-    static nsresult
-    SecurityCompareURIs(nsIURI* aSourceURI,
-                        nsIURI* aTargetURI,
-                        PRBool* result);
-
 private:

    // GetScriptSecurityManager is the only call that can make one
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -214,10 +214,7 @@ nsScriptSecurityManager::GetSafeJSContext()
    return cx;
 }

-/* Static function for comparing two URIs - for security purposes,
- * two URIs are equivalent if their scheme, host, and port are equal.
- */
-/*static*/ nsresult
+NS_IMETHODIMP
 nsScriptSecurityManager::SecurityCompareURIs(nsIURI* aSourceURI,
                                             nsIURI* aTargetURI,
                                             PRBool* result)
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -528,10 +528,9 @@ GlobalWindowImpl::SetNewDocument(nsIDOMDocument* aDocument,
        isContentWindow = itemType != nsIDocShellTreeItem::typeChrome;
      }

-      PRBool isAboutBlank = PR_FALSE;
      nsCAutoString url;
      docURL->GetSpec(url);
-      isAboutBlank = url.Equals(NS_LITERAL_CSTRING("about:blank"));
+      PRBool isAboutBlank = url.Equals(NS_LITERAL_CSTRING("about:blank"));

      PRBool isSameOrigin = PR_FALSE;
      if (isAboutBlank && mOpenerScriptURL) {
@ -540,9 +539,9 @@ GlobalWindowImpl::SetNewDocument(nsIDOMDocument* aDocument,
          nsCOMPtr<nsIURI> newDocURL;
          webNav->GetCurrentURI(getter_AddRefs(newDocURL));
          if (newDocURL && sSecMan) {
-            isSameOrigin =
-              NS_SUCCEEDED(sSecMan->CheckSameOriginURI(mOpenerScriptURL,
-                                                       newDocURL));
+            sSecMan->SecurityCompareURIs(mOpenerScriptURL,
+                                         newDocURL,
+                                         &isSameOrigin);
          }
        }
      }