Bug #48403 --> don't allow JS running in a mailnews sand box to change the name of it's containing iframe.
this code was contributed by mstoltz. r=beard, sr=mscott
This commit is contained in:
Родитель
f834f30fb4
Коммит
4b5a54deb0
|
@ -1678,6 +1678,11 @@ struct nsDomainEntry {
|
|||
int thisLen = mOrigin.Length();
|
||||
if (len < thisLen)
|
||||
return PR_FALSE;
|
||||
if (mOrigin.RFindChar(':', PR_FALSE, thisLen-1, 1) != -1)
|
||||
//-- Policy applies to all URLs of this scheme, compare scheme only
|
||||
return mOrigin.EqualsWithConversion(anOrigin, PR_TRUE, thisLen);
|
||||
|
||||
//-- Policy applies to a particular host; compare scheme://host.domain
|
||||
if (!mOrigin.Equals(anOrigin + (len - thisLen)))
|
||||
return PR_FALSE;
|
||||
if (len == thisLen)
|
||||
|
@ -1717,16 +1722,25 @@ nsScriptSecurityManager::GetPrefName(nsIPrincipal *principal,
|
|||
const char *s = origin;
|
||||
const char *nextToLastDot = nsnull;
|
||||
const char *lastDot = nsnull;
|
||||
const char *colon = nsnull;
|
||||
const char *p = s;
|
||||
while (*p) {
|
||||
if (*p == '.') {
|
||||
nextToLastDot = lastDot;
|
||||
lastDot = p;
|
||||
}
|
||||
if (!colon && *p == ':')
|
||||
colon = p;
|
||||
p++;
|
||||
}
|
||||
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : s);
|
||||
nsDomainEntry *de = (nsDomainEntry *) mOriginToPolicyMap->Get(&key);
|
||||
if (!de)
|
||||
{
|
||||
nsCAutoString scheme(s, colon-s+1);
|
||||
nsCStringKey schemeKey(scheme);
|
||||
de = (nsDomainEntry *) mOriginToPolicyMap->Get(&schemeKey);
|
||||
}
|
||||
while (de) {
|
||||
if (de->Matches(s)) {
|
||||
policy = &de->mPolicy;
|
||||
|
|
|
@ -182,6 +182,8 @@ localDefPref("browser.navcenter.docked.selector.visible", true);
|
|||
localDefPref("browser.navcenter.docked.tree.width", 250); // Percent of parent window consumed by docked nav center
|
||||
localDefPref("browser.navcenter.floating.rect", "20, 20, 400, 600"); // Window dimensions when floating
|
||||
|
||||
// Default Capability Preferences: Security-Critical!
|
||||
// Editing these may create a security risk - be sure you know what you're doing
|
||||
pref("capability.policy.default.barprop.visible.write", "UniversalBrowserWrite");
|
||||
|
||||
pref("capability.policy.default.history.current.read", "UniversalBrowserRead");
|
||||
|
@ -201,8 +203,12 @@ pref("capability.policy.default.location.search.write", "allAccess");
|
|||
pref("capability.policy.default.navigator.preference.read", "UniversalPreferencesRead");
|
||||
pref("capability.policy.default.navigator.preference.write", "UniversalPreferencesWrite");
|
||||
pref("capability.policy.default.windowinternal.location.write", "allAccess");
|
||||
|
||||
// window.openDialog is insecure and must be made inaccessible from web scripts - see bug 56009
|
||||
pref("capability.policy.default.windowinternal.opendialog", "noAccess");
|
||||
|
||||
pref("capability.policy.mailnews.sites", "mailbox: imap: news: pop: pop3:");
|
||||
pref("capability.policy.mailnews.window.name", "noAccess");
|
||||
|
||||
localDefPref("ghist.expires.pos", 4);
|
||||
localDefPref("ghist.expires.width", 1400);
|
||||
|
|
Загрузка…
Ссылка в новой задаче