From 77e3a90e2c54432c8f71ecea08eadfe6bf80d36b Mon Sep 17 00:00:00 2001
From: "bzbarsky%mit.edu"
 <bzbarsky%mit.edu@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Tue, 13 Sep 2005 01:34:10 +0000
Subject: [PATCH] Remove the security.checkloaduri preference. Please to be
 using the checkloaduri CAPS policy instead, since that's less likely to let
 you shoot yourself in the foot. Bug 307382, r=caillon, sr=dveditz, a=asa

git-svn-id: svn://10.0.0.236/branches/MOZILLA_1_8_BRANCH@180085 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/caps/src/nsScriptSecurityManager.cpp | 48 ++++++++------------
 1 file changed, 20 insertions(+), 28 deletions(-)

diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp
index ebb931504e1..e53ddd7c05e 100644
--- a/mozilla/caps/src/nsScriptSecurityManager.cpp
+++ b/mozilla/caps/src/nsScriptSecurityManager.cpp
@@ -1311,43 +1311,35 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
     {
         if (targetScheme.LowerCaseEqualsASCII(protocolList[i].name))
         {
-            PRBool doCheck = PR_FALSE;
             switch (protocolList[i].action)
             {
             case AllowProtocol:
                 // everyone can access these schemes.
                 return NS_OK;
             case PrefControlled:
-                // Allow access if pref is false
                 {
-                    mSecurityPref->SecurityGetBoolPref("security.checkloaduri",
-                                                       &doCheck);
-                    if (doCheck)
+                    // resource: and chrome: are equivalent, securitywise
+                    if (sourceScheme.EqualsLiteral("chrome") ||
+                        sourceScheme.EqualsLiteral("resource"))
+                        return NS_OK;
+
+                    // Now check capability policies
+                    static const char loadURIPrefGroup[] = "checkloaduri";
+
+                    SecurityLevel secLevel;
+                    rv = LookupPolicy(aPrincipal,
+                                      (char*)loadURIPrefGroup,
+                                      sEnabledID,
+                                      nsIXPCSecurityManager::ACCESS_GET_PROPERTY, 
+                                      nsnull, &secLevel);
+                    if (NS_SUCCEEDED(rv) && secLevel.level == SCRIPT_SECURITY_ALL_ACCESS)
                     {
-                        // resource: and chrome: are equivalent, securitywise
-                        if (sourceScheme.EqualsLiteral("chrome") ||
-                            sourceScheme.EqualsLiteral("resource"))
-                            return NS_OK;
-
-                        // Now check capability policies
-                        static const char loadURIPrefGroup[] = "checkloaduri";
-
-                        SecurityLevel secLevel;
-                        rv = LookupPolicy(aPrincipal,
-                                          (char*)loadURIPrefGroup,
-                                          sEnabledID,
-                                          nsIXPCSecurityManager::ACCESS_GET_PROPERTY, 
-                                          nsnull, &secLevel);
-                        if (NS_SUCCEEDED(rv) && secLevel.level == SCRIPT_SECURITY_ALL_ACCESS)
-                        {
-                            // OK for this site!
-                            return NS_OK;
-                        }
-
-                        ReportError(nsnull, errorTag, sourceURI, aTargetURI);
-                        return NS_ERROR_DOM_BAD_URI;
+                        // OK for this site!
+                        return NS_OK;
                     }
-                    return NS_OK;
+
+                    ReportError(nsnull, errorTag, sourceURI, aTargetURI);
+                    return NS_ERROR_DOM_BAD_URI;
                 }
             case ChromeProtocol:
                 if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME)