Bug 397828: Make window.document and document.open no longer be allAccess

This commit is contained in:
jonas%sicking.cc 2007-12-01 18:24:27 +00:00
Родитель 6124ff7b1a
Коммит b6bae1bd22
3 изменённых файлов: 2 добавлений и 19 удалений

Просмотреть файл

@ -2060,18 +2060,8 @@ nsHTMLDocument::OpenCommon(const nsACString& aContentType, PRBool aReplace)
return NS_OK; return NS_OK;
} }
if (!nsContentUtils::CanCallerAccess(static_cast<nsIDOMHTMLDocument*>(this))) { NS_ASSERTION(nsContentUtils::CanCallerAccess(static_cast<nsIDOMHTMLDocument*>(this)),
nsPIDOMWindow *win = GetWindow(); "XOWs should have caught this!");
if (win) {
nsCOMPtr<nsIDOMElement> frameElement;
rv = win->GetFrameElement(getter_AddRefs(frameElement));
NS_ENSURE_SUCCESS(rv, rv);
if (frameElement && !nsContentUtils::CanCallerAccess(frameElement)) {
return NS_ERROR_DOM_SECURITY_ERR;
}
}
}
if (!aContentType.EqualsLiteral("text/html") && if (!aContentType.EqualsLiteral("text/html") &&
!aContentType.EqualsLiteral("text/plain")) { !aContentType.EqualsLiteral("text/plain")) {

Просмотреть файл

@ -113,9 +113,6 @@ pref("capability.policy.default.History.next", "UniversalBrowserRead");
pref("capability.policy.default.History.previous", "UniversalBrowserRead"); pref("capability.policy.default.History.previous", "UniversalBrowserRead");
pref("capability.policy.default.History.toString", "UniversalBrowserRead"); pref("capability.policy.default.History.toString", "UniversalBrowserRead");
pref("capability.policy.default.HTMLDocument.close.get", "allAccess");
pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
pref("capability.policy.default.Location.hash.set", "allAccess"); pref("capability.policy.default.Location.hash.set", "allAccess");
pref("capability.policy.default.Location.href.set", "allAccess"); pref("capability.policy.default.Location.href.set", "allAccess");
pref("capability.policy.default.Location.reload.get", "allAccess"); pref("capability.policy.default.Location.reload.get", "allAccess");
@ -129,7 +126,6 @@ pref("capability.policy.default.Window.blur.get", "allAccess");
pref("capability.policy.default.Window.close.get", "allAccess"); pref("capability.policy.default.Window.close.get", "allAccess");
pref("capability.policy.default.Window.closed.get", "allAccess"); pref("capability.policy.default.Window.closed.get", "allAccess");
pref("capability.policy.default.Window.Components", "allAccess"); pref("capability.policy.default.Window.Components", "allAccess");
pref("capability.policy.default.Window.document.get", "allAccess");
pref("capability.policy.default.Window.focus.get", "allAccess"); pref("capability.policy.default.Window.focus.get", "allAccess");
pref("capability.policy.default.Window.frames.get", "allAccess"); pref("capability.policy.default.Window.frames.get", "allAccess");
pref("capability.policy.default.Window.history.get", "allAccess"); pref("capability.policy.default.Window.history.get", "allAccess");

Просмотреть файл

@ -302,8 +302,6 @@ pref("capability.policy.default.History.next", "UniversalBrowserRead");
pref("capability.policy.default.History.previous", "UniversalBrowserRead"); pref("capability.policy.default.History.previous", "UniversalBrowserRead");
pref("capability.policy.default.History.toString", "UniversalBrowserRead"); pref("capability.policy.default.History.toString", "UniversalBrowserRead");
pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
pref("capability.policy.default.Location.hash.set", "allAccess"); pref("capability.policy.default.Location.hash.set", "allAccess");
pref("capability.policy.default.Location.href.set", "allAccess"); pref("capability.policy.default.Location.href.set", "allAccess");
pref("capability.policy.default.Location.replace.get", "allAccess"); pref("capability.policy.default.Location.replace.get", "allAccess");
@ -315,7 +313,6 @@ pref("capability.policy.default.Navigator.preferenceinternal.set", "UniversalPre
pref("capability.policy.default.Window.blur.get", "allAccess"); pref("capability.policy.default.Window.blur.get", "allAccess");
pref("capability.policy.default.Window.close.get", "allAccess"); pref("capability.policy.default.Window.close.get", "allAccess");
pref("capability.policy.default.Window.closed.get", "allAccess"); pref("capability.policy.default.Window.closed.get", "allAccess");
pref("capability.policy.default.Window.document.get", "allAccess");
pref("capability.policy.default.Window.focus.get", "allAccess"); pref("capability.policy.default.Window.focus.get", "allAccess");
pref("capability.policy.default.Window.frames.get", "allAccess"); pref("capability.policy.default.Window.frames.get", "allAccess");
pref("capability.policy.default.Window.history.get", "allAccess"); pref("capability.policy.default.Window.history.get", "allAccess");