Propagate the principal responsible an image load all the way to

CanLoadImage/LoadImage in nsContentUtils, and use it for security checks
there.  Bug 310165, r=sicking, sr=dbaron


git-svn-id: svn://10.0.0.236/trunk@229261 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/content/base/src/nsImageLoadingContent.cpp

@@ -533,6 +533,15 @@ nsImageLoadingContent::LoadImage(nsIURI* aNewURI,
   // sure to notify if it does.
   AutoStateChanger changer(this, aNotify);
 
+  // Use the principal of aDocument to avoid having to QI |this| an extra time.
+  // It should be the same as the principal of this node in any case.
+#ifdef DEBUG
+  nsCOMPtr<nsIContent> thisContent = do_QueryInterface(this);
+  NS_ASSERTION(thisContent &&
+               thisContent->NodePrincipal() == aDocument->NodePrincipal(),
+               "Principal mismatch?");
+#endif
+  
   // If we'll be loading a new image, we want to cancel our existing
   // requests; the question is what reason to pass in.  If everything
   // is going smoothly, that reason should be
@@ -543,6 +552,7 @@ nsImageLoadingContent::LoadImage(nsIURI* aNewURI,
 
   PRInt16 newImageStatus;
   PRBool loadImage = nsContentUtils::CanLoadImage(aNewURI, this, aDocument,
+                                                  aDocument->NodePrincipal(),
                                                   &newImageStatus);
   NS_ASSERTION(loadImage || !NS_CP_ACCEPTED(newImageStatus),
                "CanLoadImage lied");
@@ -569,6 +579,7 @@ nsImageLoadingContent::LoadImage(nsIURI* aNewURI,
   nsCOMPtr<imgIRequest> & req = mCurrentRequest ? mPendingRequest : mCurrentRequest;
 
   rv = nsContentUtils::LoadImage(aNewURI, aDocument,
+                                 aDocument->NodePrincipal(),
                                  aDocument->GetDocumentURI(),
                                  this, aLoadFlags,
                                  getter_AddRefs(req));