From 46891fef687ed92496ffcb1aeb1a611adb176a6f Mon Sep 17 00:00:00 2001 From: "asqueella%gmail.com" Date: Sun, 25 Mar 2007 05:35:39 +0000 Subject: [PATCH] Bug 371123 - XMLHttpRequest should trigger content policies p=Wladimir Palant r=jst, sr=sicking --- content/base/src/nsXMLHttpRequest.cpp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp index 82a32d92f55..13680a3d0fc 100644 --- a/content/base/src/nsXMLHttpRequest.cpp +++ b/content/base/src/nsXMLHttpRequest.cpp @@ -79,6 +79,9 @@ #include "nsDOMClassInfo.h" #include "nsIScriptableUConv.h" #include "nsCycleCollectionParticipant.h" +#include "nsIContentPolicy.h" +#include "nsContentPolicyUtils.h" +#include "nsContentErrors.h" #define LOAD_STR "load" #define ERROR_STR "error" @@ -1036,6 +1039,23 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method, rv = NS_NewURI(getter_AddRefs(uri), url, nsnull, GetBaseURI()); if (NS_FAILED(rv)) return rv; + // mScriptContext should be initialized because of GetBaseURI() above. + // Still need to consider the case that doc is nsnull however. + nsCOMPtr doc = GetDocumentFromScriptContext(mScriptContext); + PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; + rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_OTHER, + uri, + (doc ? doc->GetDocumentURI() : nsnull), + doc, + EmptyCString(), //mime guess + nsnull, //extra + &shouldLoad); + if (NS_FAILED(rv)) return rv; + if (NS_CP_REJECTED(shouldLoad)) { + // Disallowed by content policy + return NS_ERROR_CONTENT_BLOCKED; + } + if (!user.IsEmpty()) { nsCAutoString userpass; CopyUTF16toUTF8(user, userpass);