diff --git a/dom/src/base/nsGlobalWindow.cpp b/dom/src/base/nsGlobalWindow.cpp index bc857ef1103..801de2733ab 100644 --- a/dom/src/base/nsGlobalWindow.cpp +++ b/dom/src/base/nsGlobalWindow.cpp @@ -498,7 +498,7 @@ nsGlobalWindow::SetNewDocument(nsIDOMDocument* aDocument, // clear smartcard events, our document has gone away. if (mCrypto) { - mCrypto->SetEnableSmartCardEvents(PR_FALSE); + mCrypto->SetEnableSmartCardEvents(PR_FALSE); } } @@ -4722,8 +4722,9 @@ nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName, tabURI->SchemeIs("chrome", &chromeTab); if (!thisChrome && !chromeTab) { - containerPref=nsContentUtils::GetIntPref("browser.link.open_newwindow", - nsIBrowserDOMWindow::OPEN_NEWWINDOW); + containerPref = + nsContentUtils::GetIntPref("browser.link.open_newwindow", + nsIBrowserDOMWindow::OPEN_NEWWINDOW); PRInt32 restrictionPref = nsContentUtils::GetIntPref( "browser.link.open_newwindow.restriction"); /* The restriction pref is a power-user's fine-tuning pref. values: @@ -4733,7 +4734,6 @@ nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName, if (containerPref == nsIBrowserDOMWindow::OPEN_NEWTAB || containerPref == nsIBrowserDOMWindow::OPEN_CURRENTWINDOW) { - divertOpen = restrictionPref != 1; if (divertOpen && !aOptions.IsEmpty() && restrictionPref == 2) divertOpen = PR_FALSE; @@ -4812,26 +4812,6 @@ nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName, // dialog is open. nsAutoPopupStatePusher popupStatePusher(openAbused, PR_TRUE); - nsCOMPtr chrome_win = - do_QueryInterface(NS_STATIC_CAST(nsIDOMWindow *, this)); - - nsCOMPtr stack; - JSContext *cx = nsnull; - - if (IsCallerChrome() && !chrome_win) { - // open() is called from chrome on a non-chrome window, push - // the context of the callee onto the context stack to - // prevent the caller's priveleges from leaking into code - // that runs while opening the new window. - - cx = (JSContext *)mContext->GetNativeContext(); - - stack = do_GetService(sJSStackContractID); - if (stack && cx) { - stack->Push(cx); - } - } - if (argc) { nsCOMPtr pwwatch(do_QueryInterface(wwatch)); if (pwwatch) { @@ -4848,10 +4828,6 @@ nsGlobalWindow::OpenInternal(const nsAString& aUrl, const nsAString& aName, rv = wwatch->OpenWindow(this, url.get(), name_ptr, options_ptr, aExtraArgument, getter_AddRefs(domReturn)); } - - if (stack && cx) { - stack->Pop(nsnull); - } } } } diff --git a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp index 459abd9eeb7..d5989760337 100644 --- a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp +++ b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp @@ -352,7 +352,7 @@ public: JSContextAutoPopper(); ~JSContextAutoPopper(); - nsresult Push(); + nsresult Push(JSContext *cx = nsnull); JSContext *get() { return mContext; } protected: @@ -375,16 +375,21 @@ JSContextAutoPopper::~JSContextAutoPopper() } } -nsresult JSContextAutoPopper::Push() +nsresult JSContextAutoPopper::Push(JSContext *cx) { - nsresult rv; + nsresult rv = NS_OK; if (mContext) // only once return NS_ERROR_FAILURE; mService = do_GetService(sJSStackContractID); if(mService) { - rv = mService->GetSafeJSContext(&mContext); + if (cx) { + mContext = cx; + } else { + rv = mService->GetSafeJSContext(&mContext); + } + if (NS_SUCCEEDED(rv) && mContext) { rv = mService->Push(mContext); if (NS_FAILED(rv)) @@ -499,7 +504,7 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, nsCOMPtr parentTreeOwner; // from the parent window, if any nsCOMPtr newDocShellItem; // from the new window EventQueueAutoPopper queueGuard; - JSContextAutoPopper contextGuard; + JSContextAutoPopper callerContextGuard; NS_ENSURE_ARG_POINTER(_retval); *_retval = 0; @@ -528,12 +533,6 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, features.StripWhitespace(); } - nsCOMPtr chromeParent(do_QueryInterface(aParent)); - - chromeFlags = CalculateChromeFlags(features.get(), featuresSpecified, - aDialog, uriToLoadIsChrome, - !aParent || chromeParent); - // try to find an extant window with the given name if (nameSpecified) { nsCOMPtr stack = @@ -570,6 +569,30 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, } // no extant window? make a new one. + + nsCOMPtr chromeParent(do_QueryInterface(aParent)); + + PRBool isCallerChrome = PR_FALSE; + nsCOMPtr + sm(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID)); + if (sm) + sm->SubjectPrincipalIsSystem(&isCallerChrome); + + JSContext *cx = GetJSContextFromWindow(aParent); + + if (isCallerChrome && !chromeParent && cx) { + // open() is called from chrome on a non-chrome window, push + // the context of the callee onto the context stack to + // prevent the caller's priveleges from leaking into code + // that runs while opening the new window. + + callerContextGuard.Push(cx); + } + + chromeFlags = CalculateChromeFlags(features.get(), featuresSpecified, + aDialog, uriToLoadIsChrome, + !aParent || chromeParent); + if (!newDocShellItem) { windowIsNew = PR_TRUE; @@ -585,11 +608,13 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, if (NS_SUCCEEDED(rv)) { windowIsModal = PR_TRUE; // in case we added this because weAreModal - chromeFlags |= nsIWebBrowserChrome::CHROME_MODAL | nsIWebBrowserChrome::CHROME_DEPENDENT; + chromeFlags |= nsIWebBrowserChrome::CHROME_MODAL | + nsIWebBrowserChrome::CHROME_DEPENDENT; } } - NS_ASSERTION(mWindowCreator, "attempted to open a new window with no WindowCreator"); + NS_ASSERTION(mWindowCreator, + "attempted to open a new window with no WindowCreator"); rv = NS_ERROR_FAILURE; if (mWindowCreator) { nsCOMPtr newChrome; @@ -614,8 +639,6 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, // chrome is always allowed, so clear the flag if the opener is chrome if (popupConditions) { PRBool isChrome = PR_FALSE; - nsCOMPtr - sm(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID)); if (sm) sm->SubjectPrincipalIsSystem(&isChrome); popupConditions = !isChrome; @@ -722,7 +745,9 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, } if (uriToLoad) { // get the script principal and pass it to docshell - JSContext *cx = GetJSContextFromCallStack(); + JSContextAutoPopper contextGuard; + + cx = GetJSContextFromCallStack(); // get the security manager if (!cx) @@ -739,11 +764,8 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE); if (!uriToLoadIsChrome) { - nsCOMPtr secMan = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); - nsCOMPtr principal; - if (NS_FAILED(secMan->GetSubjectPrincipal(getter_AddRefs(principal)))) + if (NS_FAILED(sm->GetSubjectPrincipal(getter_AddRefs(principal)))) return NS_ERROR_FAILURE; if (principal) { @@ -785,7 +807,8 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent, } if (windowIsNew) - SizeOpenedDocShellItem(newDocShellItem, aParent, features.get(), chromeFlags); + SizeOpenedDocShellItem(newDocShellItem, aParent, features.get(), + chromeFlags); if (windowIsModal) { nsCOMPtr newTreeOwner;