зеркало из https://github.com/mozilla/pjs.git
Bug 572129, restrict data transfer data handling, r=enn,bz, a=hardblocker
--HG-- extra : rebase_source : 40c47b84fe99850c218bb8d5803fd2219ff9362e
This commit is contained in:
Родитель
4bca484e63
Коммит
69363d10e5
|
@ -51,6 +51,7 @@
|
|||
#include "nsContentUtils.h"
|
||||
#include "nsIContent.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsIScriptObjectPrincipal.h"
|
||||
|
||||
NS_IMPL_CYCLE_COLLECTION_2(nsDOMDataTransfer, mDragTarget, mDragImage)
|
||||
|
||||
|
@ -459,8 +460,28 @@ nsDOMDataTransfer::MozGetDataAt(const nsAString& aFormat,
|
|||
(NS_FAILED(principal->Subsumes(formatitem.mPrincipal, &subsumes)) || !subsumes))
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
|
||||
if (!formatitem.mData)
|
||||
if (!formatitem.mData) {
|
||||
FillInExternalDragData(formatitem, aIndex);
|
||||
} else {
|
||||
nsCOMPtr<nsISupports> data;
|
||||
formatitem.mData->GetAsISupports(getter_AddRefs(data));
|
||||
// Make sure the code that is calling us is same-origin with the data.
|
||||
nsCOMPtr<nsPIDOMEventTarget> pt = do_QueryInterface(data);
|
||||
if (pt) {
|
||||
nsresult rv = NS_OK;
|
||||
nsIScriptContext* c = pt->GetContextForEventHandlers(&rv);
|
||||
NS_ENSURE_TRUE(c && NS_SUCCEEDED(rv), NS_ERROR_DOM_SECURITY_ERR);
|
||||
nsIScriptObjectPrincipal* sp = c->GetObjectPrincipal();
|
||||
NS_ENSURE_TRUE(sp, NS_ERROR_DOM_SECURITY_ERR);
|
||||
nsIPrincipal* dataPrincipal = sp->GetPrincipal();
|
||||
NS_ENSURE_TRUE(dataPrincipal, NS_ERROR_DOM_SECURITY_ERR);
|
||||
NS_ENSURE_TRUE(principal || (principal = GetCurrentPrincipal()),
|
||||
NS_ERROR_DOM_SECURITY_ERR);
|
||||
PRBool equals = PR_FALSE;
|
||||
NS_ENSURE_TRUE(NS_SUCCEEDED(principal->Equals(dataPrincipal, &equals)) && equals,
|
||||
NS_ERROR_DOM_SECURITY_ERR);
|
||||
}
|
||||
}
|
||||
*aData = formatitem.mData;
|
||||
NS_IF_ADDREF(*aData);
|
||||
return NS_OK;
|
||||
|
|
Загрузка…
Ссылка в новой задаче