From b1eefe63c953bb704b148ccb68d07955348ba9d7 Mon Sep 17 00:00:00 2001
From: "reed%reedloden.com"
 <reed%reedloden.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Sat, 10 May 2008 03:35:19 +0000
Subject: [PATCH] Bug 432919 - "Help viewer content pane should not allow
 scripts, plugins, meta redirects, or subframes" [p=reed/dveditz r=Waldo
 (NPOTB)]

git-svn-id: svn://10.0.0.236/trunk@251497 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/toolkit/components/help/content/help.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mozilla/toolkit/components/help/content/help.js b/mozilla/toolkit/components/help/content/help.js
index d145ce303ce..dfaac1bd568 100644
--- a/mozilla/toolkit/components/help/content/help.js
+++ b/mozilla/toolkit/components/help/content/help.js
@@ -137,6 +137,12 @@ function init() {
   helpGlossaryPanel = document.getElementById("help-glossary-panel");
   helpBrowser = document.getElementById("help-content");
 
+  // Turn off unnecessary features for security
+  helpBrowser.docShell.allowJavascript = false;
+  helpBrowser.docShell.allowPlugins = false;
+  helpBrowser.docShell.allowSubframes = false;
+  helpBrowser.docShell.allowMetaRedirects = false;
+
   strBundle = document.getElementById("bundle_help");
   emptySearchText = strBundle.getString("emptySearchText");