From 496da7acfda024ebae1f2f164bf649885ff5d12e Mon Sep 17 00:00:00 2001
From: "peterv%netscape.com"
 <peterv%netscape.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Tue, 3 Dec 2002 09:20:43 +0000
Subject: [PATCH] Fix for bug 165532 (Disable cross-site loading of XSLT
 stylesheets by default). r=sicking, sr=bz.

git-svn-id: svn://10.0.0.236/trunk@134676 18797224-902f-48f8-a5cc-f745e15eee43
---
 .../xml/document/src/nsXMLContentSink.cpp        | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/mozilla/content/xml/document/src/nsXMLContentSink.cpp b/mozilla/content/xml/document/src/nsXMLContentSink.cpp
index 92f951f1951..cb758adc5aa 100644
--- a/mozilla/content/xml/document/src/nsXMLContentSink.cpp
+++ b/mozilla/content/xml/document/src/nsXMLContentSink.cpp
@@ -818,13 +818,19 @@ nsXMLContentSink::ProcessStyleLink(nsIContent* aElement,
 
     nsCOMPtr<nsIScriptSecurityManager> secMan = 
       do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
+    NS_ENSURE_SUCCESS(rv, NS_OK);
+
     rv = secMan->CheckLoadURI(mDocumentURL, url,
                               nsIScriptSecurityManager::ALLOW_CHROME);
-    if (NS_FAILED(rv))
-      return NS_OK;
-    rv = LoadXSLStyleSheet(url);
-  } else if (aType.Equals(NS_LITERAL_STRING("text/css"))) {
+    NS_ENSURE_SUCCESS(rv, NS_OK);
+
+    rv = secMan->CheckSameOriginURI(mDocumentURL, url);
+    NS_ENSURE_SUCCESS(rv, NS_OK);
+
+    return LoadXSLStyleSheet(url);
+  }
+
+  if (aType.Equals(NS_LITERAL_STRING("text/css"))) {
     nsCOMPtr<nsIURI> url;
     rv = NS_NewURI(getter_AddRefs(url), aHref, nsnull, mDocumentBaseURL);
     if (NS_FAILED(rv)) {