diff --git a/mozilla/caps/idl/nsIScriptSecurityManager.idl b/mozilla/caps/idl/nsIScriptSecurityManager.idl index f5bffba5b65..ff2d1b8a071 100644 --- a/mozilla/caps/idl/nsIScriptSecurityManager.idl +++ b/mozilla/caps/idl/nsIScriptSecurityManager.idl @@ -85,6 +85,9 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager // Allow the loading of chrome URLs by non-chrome URLs const unsigned long ALLOW_CHROME = 1 << 1; + // Don't allow javascript: (and data:) URLs to load + const unsigned long DISALLOW_JAVASCRIPT = 1 << 2; + /** * Check that content from "from" can load "uri". * diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 7a8a0d2e0ca..34b9722ea5a 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -1216,6 +1216,13 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aSourceURI, nsIURI *aTargetURI, return NS_OK; } + //-- Some callers do not allow loading javascript: or data: URLs + if ((aFlags & nsIScriptSecurityManager::DISALLOW_JAVASCRIPT) && + (targetScheme.Equals("javascript") || targetScheme.Equals("data"))) + { + return NS_ERROR_DOM_BAD_URI; + } + //-- If the schemes don't match, the policy is specified in this table. enum Action { AllowProtocol, DenyProtocol, PrefControlled, ChromeProtocol}; static const struct diff --git a/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp b/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp index f48ca72a8a7..72f13e42069 100644 --- a/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp +++ b/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp @@ -1777,7 +1777,8 @@ nsHttpChannel::ProcessRedirection(PRUint32 redirectType) do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); if (securityManager) { rv = securityManager->CheckLoadURI(mURI, newURI, - nsIScriptSecurityManager::DISALLOW_FROM_MAIL); + nsIScriptSecurityManager::DISALLOW_FROM_MAIL | + nsIScriptSecurityManager::DISALLOW_JAVASCRIPT); if (NS_FAILED(rv)) return rv; }