From 82a7014dbce73b580a3c690f12fc7c6fab5cecf0 Mon Sep 17 00:00:00 2001 From: "mstoltz%netscape.com" Date: Thu, 14 Dec 2000 23:39:51 +0000 Subject: [PATCH] Bug 55237 - adding CheckLoadURI to "Open In New Window." r=jband, sr=brendan. --- .../resources/content/contentAreaUtils.js | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/xpfe/communicator/resources/content/contentAreaUtils.js b/xpfe/communicator/resources/content/contentAreaUtils.js index 8cf030e1f9a..3712918dfdb 100644 --- a/xpfe/communicator/resources/content/contentAreaUtils.js +++ b/xpfe/communicator/resources/content/contentAreaUtils.js @@ -22,6 +22,25 @@ */ function openNewWindowWith( url ) { + + // URL Loading Security Check + const nsIStandardURL = Components.interfaces.nsIStandardURL; + const nsIURI = Components.interfaces.nsIURI; + const stdURL = Components.classes["@mozilla.org/network/standard-url;1"]; + + var sourceURL = stdURL.createInstance(nsIStandardURL); + var focusedWindow = document.commandDispatcher.focusedWindow; + var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : window._content.location.href; + sourceURL.init(nsIStandardURL.URLTYPE_STANDARD, 80, sourceWin, null); + + var targetURL = stdURL.createInstance(nsIStandardURL); + targetURL.init(nsIStandardURL.URLTYPE_STANDARD, 80, url, null); + + const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager; + var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService(). + QueryInterface(nsIScriptSecurityManager); + secMan.CheckLoadURI(sourceURL, targetURL, nsIScriptSecurityManager.STANDARD); + var newWin; var wintype = document.firstChild.getAttribute('windowtype');