Fixed bug in DOM security checks, fixes bug 37907, 23516. Added security check for htmlelement.innerhtml, fixes 39083. Added location check to BASE HREF=, fixes 35859. r=vidur. Added check to style= tag, fixes 16858, r=pierre.

git-svn-id: svn://10.0.0.236/trunk@70965 18797224-902f-48f8-a5cc-f745e15eee43
2000-05-26 23:28:40 +00:00
parent d5432800ca
commit 21edbcf9bf
7 changed files with 62 additions and 1 deletions
--- a/mozilla/caps/src/nsScriptSecurityManager.cpp
+++ b/mozilla/caps/src/nsScriptSecurityManager.cpp
@@ -1392,11 +1392,11 @@ nsScriptSecurityManager::GetSecurityLevel(nsIPrincipal *principal,
 	nsresult rv;
    mIsAccessingPrefs = PR_TRUE;
    rv = mPrefs->CopyCharPref(prefName, &secLevelString);
-    mIsAccessingPrefs = PR_FALSE;
    if (NS_FAILED(rv)) {
        prefName += (isWrite ? ".write" : ".read");
        rv = mPrefs->CopyCharPref(prefName, &secLevelString);
    }
+    mIsAccessingPrefs = PR_FALSE;
    if (NS_SUCCEEDED(rv) && secLevelString) {
        if (PL_strcmp(secLevelString, "sameOrigin") == 0)
            secLevel = SCRIPT_SECURITY_SAME_DOMAIN_ACCESS;
@@ -1637,6 +1637,7 @@ nsScriptSecurityManager::EnumeratePolicyCallback(const char *prefName,
 {
    if (!prefName || !*prefName)
        return;
+
    nsScriptSecurityManager *mgr = (nsScriptSecurityManager *) data;
    unsigned count = 0;
    const char *dots[5];