Bug 572129, restrict data transfer data handling, r=enn,bz, a=hardblocker

--HG--
extra : rebase_source : 40c47b84fe99850c218bb8d5803fd2219ff9362e
This commit is contained in:
Olli Pettay 2011-02-24 19:58:20 +02:00
Родитель 4bca484e63
Коммит 69363d10e5
1 изменённых файлов: 22 добавлений и 1 удалений

Просмотреть файл

@ -51,6 +51,7 @@
#include "nsContentUtils.h"
#include "nsIContent.h"
#include "nsCRT.h"
#include "nsIScriptObjectPrincipal.h"
NS_IMPL_CYCLE_COLLECTION_2(nsDOMDataTransfer, mDragTarget, mDragImage)
@ -459,8 +460,28 @@ nsDOMDataTransfer::MozGetDataAt(const nsAString& aFormat,
(NS_FAILED(principal->Subsumes(formatitem.mPrincipal, &subsumes)) || !subsumes))
return NS_ERROR_DOM_SECURITY_ERR;
if (!formatitem.mData)
if (!formatitem.mData) {
FillInExternalDragData(formatitem, aIndex);
} else {
nsCOMPtr<nsISupports> data;
formatitem.mData->GetAsISupports(getter_AddRefs(data));
// Make sure the code that is calling us is same-origin with the data.
nsCOMPtr<nsPIDOMEventTarget> pt = do_QueryInterface(data);
if (pt) {
nsresult rv = NS_OK;
nsIScriptContext* c = pt->GetContextForEventHandlers(&rv);
NS_ENSURE_TRUE(c && NS_SUCCEEDED(rv), NS_ERROR_DOM_SECURITY_ERR);
nsIScriptObjectPrincipal* sp = c->GetObjectPrincipal();
NS_ENSURE_TRUE(sp, NS_ERROR_DOM_SECURITY_ERR);
nsIPrincipal* dataPrincipal = sp->GetPrincipal();
NS_ENSURE_TRUE(dataPrincipal, NS_ERROR_DOM_SECURITY_ERR);
NS_ENSURE_TRUE(principal || (principal = GetCurrentPrincipal()),
NS_ERROR_DOM_SECURITY_ERR);
PRBool equals = PR_FALSE;
NS_ENSURE_TRUE(NS_SUCCEEDED(principal->Equals(dataPrincipal, &equals)) && equals,
NS_ERROR_DOM_SECURITY_ERR);
}
}
*aData = formatitem.mData;
NS_IF_ADDREF(*aData);
return NS_OK;