Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 323924, Call CheckLoadURIWithPrincipal before issuing pings. r/sr=jst

Browse Source 
git-svn-id: svn://10.0.0.236/trunk@215999 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
cvshook%sicking.cc
2006-11-28 20:47:10 +00:00
parent f24dc3b759
commit 0f2957680d
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
mozilla/docshell/base/nsWebShell.cpp
View File

@@ -121,6 +121,7 @@
#include "nsIPrefBranch.h"
#include "nsIPrefService.h"
#include "nsITimer.h"
#include "nsIScriptSecurityManager.h"
#ifdef NS_DEBUG
/**
@@ -228,6 +229,12 @@ ForEachPing(nsIContent *content, ForEachPingCallback callback, void *closure)
if (!doc)
return;
nsCOMPtr<nsIScriptSecurityManager> ssmgr =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
if (!ssmgr) {
return;
}
// value contains relative URIs split on spaces (U+0020)
const PRUnichar *start = value.BeginReading();
const PRUnichar *end = value.EndReading();
@@ -243,7 +250,9 @@ ForEachPing(nsIContent *content, ForEachPingCallback callback, void *closure)
ios->NewURI(NS_ConvertUTF16toUTF8(Substring(start, iter)),
doc->GetDocumentCharacterSet().get(),
baseURI, getter_AddRefs(uri));
if (uri) {
if (uri && NS_SUCCEEDED(ssmgr->CheckLoadURIWithPrincipal(
content->NodePrincipal(), uri,
nsIScriptSecurityManager::STANDARD))) {
// Ignore non-HTTP(S) pings:
PRBool match;
if ((NS_SUCCEEDED(uri->SchemeIs("http", &match)) && match) ||