Remove special-casing so non-chrome-principal pages, even with chrome: uris,

can have script disabled as needed. Bug 280120, r=peterv, sr=neil
2005-02-22 21:18:31 +00:00 · 2005-02-22 21:18:31 +00:00 · 610d170988
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -1514,25 +1514,6 @@ nsScriptSecurityManager::CanExecuteScripts(JSContext* cx,
        return NS_OK;
    }

-    //-- Always allow chrome pages to run scripts
-    //   This is for about: URLs, which are chrome but don't
-    //   have the system principal
-    if (!mIsJavaScriptEnabled)
-    {
-        nsCOMPtr<nsIURI> principalURI;
-        aPrincipal->GetURI(getter_AddRefs(principalURI));
-        if (principalURI)
-        {
-            PRBool isChrome = PR_FALSE;
-            principalURI->SchemeIs("chrome", &isChrome);
-            if (isChrome)
-            {
-                *result = PR_TRUE;
-                return NS_OK;              
-            }
-        }
-    }
-
    //-- See if the current window allows JS execution
    nsIScriptContext *scriptContext = GetScriptContext(cx);
    if (!scriptContext) return NS_ERROR_FAILURE;
@ -1565,6 +1546,22 @@ nsScriptSecurityManager::CanExecuteScripts(JSContext* cx,
        } while (treeItem && docshell);
    }

+    // OK, the docshell doesn't have script execution explicitly disabled.
+    // Check whether our URI is "about:".  If it is, we need to allow JS to
+    // run...  In this case, don't apply the JS enabled pref or policies.
+    nsCOMPtr<nsIURI> principalURI;
+    aPrincipal->GetURI(getter_AddRefs(principalURI));
+    if (principalURI)
+    {
+        nsCAutoString spec;
+        principalURI->GetSpec(spec);
+        if (spec.EqualsLiteral("about:"))
+        {
+            *result = PR_TRUE;
+            return NS_OK;              
+        }
+    }
+
    //-- See if JS is disabled globally (via prefs)
    *result = mIsJavaScriptEnabled;
    if (mIsJavaScriptEnabled != mIsMailJavaScriptEnabled && globalObjTreeItem)