Bug #48403 --> don't allow JS running in a mailnews sand box to change the name of it's containing iframe.

this code was contributed by mstoltz.
r=beard, sr=mscott
This commit is contained in:
mscott%netscape.com 2000-10-24 00:52:02 +00:00
Родитель f834f30fb4
Коммит 4b5a54deb0
2 изменённых файлов: 20 добавлений и 0 удалений

Просмотреть файл

@ -1678,6 +1678,11 @@ struct nsDomainEntry {
int thisLen = mOrigin.Length();
if (len < thisLen)
return PR_FALSE;
if (mOrigin.RFindChar(':', PR_FALSE, thisLen-1, 1) != -1)
//-- Policy applies to all URLs of this scheme, compare scheme only
return mOrigin.EqualsWithConversion(anOrigin, PR_TRUE, thisLen);
//-- Policy applies to a particular host; compare scheme://host.domain
if (!mOrigin.Equals(anOrigin + (len - thisLen)))
return PR_FALSE;
if (len == thisLen)
@ -1717,16 +1722,25 @@ nsScriptSecurityManager::GetPrefName(nsIPrincipal *principal,
const char *s = origin;
const char *nextToLastDot = nsnull;
const char *lastDot = nsnull;
const char *colon = nsnull;
const char *p = s;
while (*p) {
if (*p == '.') {
nextToLastDot = lastDot;
lastDot = p;
}
if (!colon && *p == ':')
colon = p;
p++;
}
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : s);
nsDomainEntry *de = (nsDomainEntry *) mOriginToPolicyMap->Get(&key);
if (!de)
{
nsCAutoString scheme(s, colon-s+1);
nsCStringKey schemeKey(scheme);
de = (nsDomainEntry *) mOriginToPolicyMap->Get(&schemeKey);
}
while (de) {
if (de->Matches(s)) {
policy = &de->mPolicy;

Просмотреть файл

@ -182,6 +182,8 @@ localDefPref("browser.navcenter.docked.selector.visible", true);
localDefPref("browser.navcenter.docked.tree.width", 250); // Percent of parent window consumed by docked nav center
localDefPref("browser.navcenter.floating.rect", "20, 20, 400, 600"); // Window dimensions when floating
// Default Capability Preferences: Security-Critical!
// Editing these may create a security risk - be sure you know what you're doing
pref("capability.policy.default.barprop.visible.write", "UniversalBrowserWrite");
pref("capability.policy.default.history.current.read", "UniversalBrowserRead");
@ -201,8 +203,12 @@ pref("capability.policy.default.location.search.write", "allAccess");
pref("capability.policy.default.navigator.preference.read", "UniversalPreferencesRead");
pref("capability.policy.default.navigator.preference.write", "UniversalPreferencesWrite");
pref("capability.policy.default.windowinternal.location.write", "allAccess");
// window.openDialog is insecure and must be made inaccessible from web scripts - see bug 56009
pref("capability.policy.default.windowinternal.opendialog", "noAccess");
pref("capability.policy.mailnews.sites", "mailbox: imap: news: pop: pop3:");
pref("capability.policy.mailnews.window.name", "noAccess");
localDefPref("ghist.expires.pos", 4);
localDefPref("ghist.expires.width", 1400);