Bug 359471 - Disable auth, plugins and subframes in the phishing provider EULA iframe's docshell, patch by Ryan Flint <ryan@ryanflint.com>, r=mano

git-svn-id: svn://10.0.0.236/trunk@224846 18797224-902f-48f8-a5cc-f745e15eee43
2007-04-22 01:55:13 +00:00 · 2007-04-22 01:55:13 +00:00 · 7e717f89ef
commit 7e717f89ef
parent 0a84a92c86
1 changed files with 9 additions and 3 deletions
--- a/mozilla/browser/components/preferences/phishEULA.js
+++ b/mozilla/browser/components/preferences/phishEULA.js
@ -92,9 +92,15 @@ var gPhishDialog = {

    // add progress listener to enable OK, radios when page loads
    var frame = document.getElementById("phishPolicyFrame");
-    var webProgress = frame.docShell
-                           .QueryInterface(Ci.nsIInterfaceRequestor)
-                           .getInterface(Ci.nsIWebProgress);
+    var docShell = frame.docShell;
+
+    // disable unnecessary features
+    docShell.allowAuth = false;
+    docShell.allowPlugins = false;
+    docShell.allowSubframes = false;
+
+    var webProgress = docShell.QueryInterface(Ci.nsIInterfaceRequestor)
+                              .getInterface(Ci.nsIWebProgress);
    webProgress.addProgressListener(this._progressListener,
                                    Ci.nsIWebProgress.NOTIFY_STATE_WINDOW);