From 85cb13c471ec0e53c07b5a30e910eccafc2e3720 Mon Sep 17 00:00:00 2001
From: "mstoltz%netscape.com"
 <mstoltz%netscape.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Mon, 2 Jul 2001 06:39:29 +0000
Subject: [PATCH] Bug 88167 - javascript URLs should never inherit the system
 principal or a signed/privileged principal. r=bbaetz, sr=jst.

git-svn-id: svn://10.0.0.236/trunk@98443 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/docshell/base/nsDocShell.cpp | 43 +++++++++++++++++++---------
 1 file changed, 29 insertions(+), 14 deletions(-)

diff --git a/mozilla/docshell/base/nsDocShell.cpp b/mozilla/docshell/base/nsDocShell.cpp
index 892a5a60cd9..e3e4797a3b6 100644
--- a/mozilla/docshell/base/nsDocShell.cpp
+++ b/mozilla/docshell/base/nsDocShell.cpp
@@ -75,6 +75,7 @@
 #include "nsIFileStream.h"
 #include "nsISHistoryInternal.h"
 #include "nsIPrincipal.h"
+#include "nsIAggregatePrincipal.h"
 
 #include "nsPIDOMWindow.h"
 #include "nsIDOMDocument.h"
@@ -4129,29 +4130,43 @@ nsDocShell::InternalLoad(nsIURI * aURI,
         // Otherwise, if the caller has allowed inheriting from the current document,
         // or if we're being called from chrome (which has the system principal),
         // then use the current document principal
-        if (!aInheritOwner) {
-            // See if there's system or chrome JS code running
-            nsCOMPtr<nsIScriptSecurityManager> secMan;
- 
-            secMan = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-            if (NS_SUCCEEDED(rv)) {
-                nsCOMPtr<nsIPrincipal> sysPrin;
+
+        nsCOMPtr<nsIScriptSecurityManager> secMan;
+        secMan = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+        nsCOMPtr<nsIPrincipal> sysPrin;
+        if (NS_SUCCEEDED(rv))
+            // Just to compare, not to use!
+            rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin));
+
+        if (NS_SUCCEEDED(rv)) {
+            if (!aInheritOwner) {
+                // See if there's system or chrome JS code running
                 nsCOMPtr<nsIPrincipal> subjectPrin;
-    
-                // Just to compare, not to use!
-                rv = secMan->GetSystemPrincipal(getter_AddRefs(sysPrin));
+
                 if (NS_SUCCEEDED(rv)) {
                     rv = secMan->GetSubjectPrincipal(getter_AddRefs(subjectPrin));
                 }
-                // XXX: Why can the subject principal be nsnull??
+                // Null subject principal means there's no script running == system code
                 if (NS_SUCCEEDED(rv) &&
                     (!subjectPrin || sysPrin.get() == subjectPrin.get())) {
                     aInheritOwner = PR_TRUE;
                 }
             }
-        }
-        if (aInheritOwner) {
-            GetCurrentDocumentOwner(getter_AddRefs(owner));
+            if (aInheritOwner) {
+                GetCurrentDocumentOwner(getter_AddRefs(owner));
+                nsCOMPtr<nsIPrincipal> ownerPrin(do_QueryInterface(owner));
+                if (ownerPrin.get() == sysPrin.get())
+                    owner = null_nsCOMPtr();
+                else {
+                    nsCOMPtr<nsIAggregatePrincipal> agg(do_QueryInterface(ownerPrin, &rv));
+                    if (NS_SUCCEEDED(rv)) {
+                        nsCOMPtr<nsIPrincipal> certificate;
+                        rv = agg->GetCertificate(getter_AddRefs(certificate));
+                        if (NS_SUCCEEDED(rv) && certificate)
+                            owner = null_nsCOMPtr();
+                    }
+                }
+            }
         }
     }