diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index 7e7262680ca..48a03fb9616 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -629,7 +629,8 @@ nsScriptSecurityManager::CanExecuteScripts(nsIPrincipal *principal, if (NS_FAILED(uri->GetScheme(getter_Copies(scheme)))) return NS_ERROR_FAILURE; if (nsCRT::strcmp(scheme, "imap") == 0 || - nsCRT::strcmp(scheme, "mailbox") == 0) + nsCRT::strcmp(scheme, "mailbox") == 0 || + nsCRT::strcmp(scheme, "news") == 0) { *result = mIsMailJavaScriptEnabled; return NS_OK; @@ -1075,9 +1076,7 @@ nsScriptSecurityManager::GetScriptSecurityManager() if (NS_SUCCEEDED(rv) && xpc) { rv = xpc->SetDefaultSecurityManager( NS_STATIC_CAST(nsIXPCSecurityManager*, ssecMan), - nsIXPCSecurityManager::HOOK_CREATE_WRAPPER | - nsIXPCSecurityManager::HOOK_CREATE_INSTANCE | - nsIXPCSecurityManager::HOOK_GET_SERVICE); + nsIXPCSecurityManager::HOOK_ALL); if (NS_FAILED(rv)) { NS_WARNING("failed to install xpconnect security manager!"); } @@ -1356,15 +1355,21 @@ findDomProp(const char *propName, int n) do { int mid = (hi + lo) / 2; int cmp = PL_strncmp(propName, domPropNames[mid], n); - if (cmp == 0) - return (nsDOMProp) mid; + if (cmp == 0) { + if (domPropNames[mid][n] == '\0') + return (nsDOMProp) mid; + cmp = -1; + } if (cmp < 0) hi = mid - 1; else lo = mid + 1; } while (hi > lo); - if (PL_strncmp(propName, domPropNames[lo], n) == 0) + if (PL_strncmp(propName, domPropNames[lo], n) == 0 && + domPropNames[lo][n] == '\0') + { return (nsDOMProp) lo; + } return NS_DOM_PROP_MAX; } diff --git a/mozilla/dom/public/nsDOMPropEnums.h b/mozilla/dom/public/nsDOMPropEnums.h index cd049c589f9..812c46dec63 100644 --- a/mozilla/dom/public/nsDOMPropEnums.h +++ b/mozilla/dom/public/nsDOMPropEnums.h @@ -613,6 +613,7 @@ enum nsDOMProp { NS_DOM_PROP_LOCATION_HASH, NS_DOM_PROP_LOCATION_HOST, NS_DOM_PROP_LOCATION_HOSTNAME, + NS_DOM_PROP_LOCATION_HREF, NS_DOM_PROP_LOCATION_PATHNAME, NS_DOM_PROP_LOCATION_PORT, NS_DOM_PROP_LOCATION_PROTOCOL, diff --git a/mozilla/dom/public/nsDOMPropNames.h b/mozilla/dom/public/nsDOMPropNames.h index df3377b9e22..30edc817dba 100644 --- a/mozilla/dom/public/nsDOMPropNames.h +++ b/mozilla/dom/public/nsDOMPropNames.h @@ -612,6 +612,7 @@ "location.hash", \ "location.host", \ "location.hostname", \ + "location.href", \ "location.pathname", \ "location.port", \ "location.protocol", \ diff --git a/mozilla/dom/src/base/nsLocation.cpp b/mozilla/dom/src/base/nsLocation.cpp index 079e38a94e7..5e588af7058 100644 --- a/mozilla/dom/src/base/nsLocation.cpp +++ b/mozilla/dom/src/base/nsLocation.cpp @@ -41,6 +41,8 @@ #include "nsIDocument.h" #include "nsIJSContextStack.h" #include "nsXPIDLString.h" +#include "nsDOMPropEnums.h" +#include "nsDOMError.h" static NS_DEFINE_IID(kIScriptObjectOwnerIID, NS_ISCRIPTOBJECTOWNER_IID); static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID); @@ -738,18 +740,35 @@ LocationImpl::DeleteProperty(JSContext *aContext, JSObject *aObj, jsval aID, jsv return JS_TRUE; } +static nsresult +CheckHrefAccess(JSContext *aContext, JSObject *aObj, PRBool isWrite) +{ + nsresult rv; + NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, + NS_SCRIPTSECURITYMANAGER_PROGID, &rv); + if (NS_FAILED(rv)) + rv = NS_ERROR_DOM_SECMAN_ERR; + else + rv = secMan->CheckScriptAccess(aContext, aObj, NS_DOM_PROP_LOCATION_HREF, + isWrite); + if (NS_FAILED(rv)) + return nsJSUtils::nsReportError(aContext, aObj, rv); + return NS_OK; +} + PRBool LocationImpl::GetProperty(JSContext *aContext, JSObject *aObj, jsval aID, jsval *aVp) { PRBool result = PR_TRUE; - // XXX Security manager needs to be called if (JSVAL_IS_STRING(aID)) { char* cString = JS_GetStringBytes(JS_ValueToString(aContext, aID)); if (PL_strcmp("href", cString) == 0) { nsAutoString href; - if (NS_SUCCEEDED(GetHref(href))) { + if (NS_SUCCEEDED(CheckHrefAccess(aContext, aObj, PR_FALSE)) && + NS_SUCCEEDED(GetHref(href))) + { const PRUnichar* bytes = href.GetUnicode(); JSString* str = JS_NewUCStringCopyZ(aContext, (const jschar*)bytes); if (str) { @@ -772,7 +791,6 @@ LocationImpl::SetProperty(JSContext *aContext, JSObject *aObj, jsval aID, jsval { nsresult result = NS_OK; - // XXX Security manager needs to be called if (JSVAL_IS_STRING(aID)) { char* cString = JS_GetStringBytes(JS_ValueToString(aContext, aID)); @@ -780,6 +798,9 @@ LocationImpl::SetProperty(JSContext *aContext, JSObject *aObj, jsval aID, jsval nsIURI* base; nsAutoString href; + if (NS_FAILED(CheckHrefAccess(aContext, aObj, PR_TRUE))) + return PR_FALSE; + // Get the parameter passed in nsJSUtils::nsConvertJSValToString(href, aContext, *aVp); diff --git a/mozilla/modules/libpref/src/init/all.js b/mozilla/modules/libpref/src/init/all.js index 8bcdbd34dcd..00d09da82d4 100644 --- a/mozilla/modules/libpref/src/init/all.js +++ b/mozilla/modules/libpref/src/init/all.js @@ -368,6 +368,7 @@ pref("security.policy.default.htmlimageelement.lowsrc", "sameOrigin"); pref("security.policy.default.location.hash.read", "sameOrigin"); pref("security.policy.default.location.host.read", "sameOrigin"); pref("security.policy.default.location.hostname.read", "sameOrigin"); +pref("security.policy.default.location.href.read", "sameOrigin"); pref("security.policy.default.location.pathname.read", "sameOrigin"); pref("security.policy.default.location.port.read", "sameOrigin"); pref("security.policy.default.location.protocol.read", "sameOrigin");