Landing followup fix for bug 402983 and re-enabling the new stricter file URI security policies. r+sr=bzbarsky@mit.edu

git-svn-id: svn://10.0.0.236/trunk@248431 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/content/base/src/nsObjectLoadingContent.cpp

@@ -1245,7 +1245,10 @@ nsObjectLoadingContent::LoadObject(nsIURI* aURI,
                            nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
                            &inheritPrincipal);
   NS_ENSURE_SUCCESS(rv, rv);
-  if (inheritPrincipal || IsAboutBlank(aURI)) {
+  if (inheritPrincipal || IsAboutBlank(aURI) ||
+      (nsContentUtils::URIIsLocalFile(aURI) &&
+       NS_SUCCEEDED(thisContent->NodePrincipal()->CheckMayLoad(aURI,
+                                                               PR_FALSE)))) {
     chan->SetOwner(thisContent->NodePrincipal());
   }