Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

86019 - Change stack-walking code in caps to keep functions from inheriting privileges

Browse Source 
from their caller. r=jesse@netscape.com, sr=jst@netscape.com, a=asa@mozilla.org, PDT+

86982 - Add same-origin security check to XMLDocument::Load(). r,a=blizzard@mozilla.org,
sr=jst@netscape.com

84191 - Fixing regression in Open URL dialog by not calling CheckLoadURI when it isn't
needed. r=cmanske@netscape.com, sr=sfraser@netscape.com, a=asa@mozilla.org


git-svn-id: svn://10.0.0.236/trunk@205433 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
mstoltz%netscape.com 2006-07-29 05:37:09 +00:00
parent 41c107dfe0
commit be5c954798
3 changed files with 13 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
mozilla/suite/common/contentAreaUtils.js
View File

@ -37,23 +37,26 @@
return false;
}
function openNewWindowWith(url) {
function urlSecurityCheck(url, doc) {
// URL Loading Security Check
var focusedWindow = document.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : window._content.location.href;
var focusedWindow = doc.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
QueryInterface(nsIScriptSecurityManager);
try {
QueryInterface(nsIScriptSecurityManager);
try {
secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
} catch (e) {
throw "Load of " + url + " denied.";
throw "Load of " + url + " denied.";
}
}
function openNewWindowWith(url) {
urlSecurityCheck(url, document);
var newWin;
var wintype = document.firstChild.getAttribute('windowtype');
// if and only if the current window is a browser window and it has a document with a character
// set, then extract the current charset menu setting from the current document and use it to
// initialize the new browser window...

1
mozilla/suite/common/nsContextMenu.js
View File

@ -427,6 +427,7 @@ nsContextMenu.prototype = {
},
// Edit linked-to URL in a new window.
editLink : function () {
urlSecurityCheck( this.linkURL(), window.document );
editPage( this.linkURL(), window, false );
},
// Reload clicked-in frame.

14
mozilla/suite/common/utilityOverlay.js
View File

@ -332,20 +332,6 @@ function editPage(url, launchWindow, delay)
}
}
// URL Loading Security Check
var focusedWindow = launchWindow.document.commandDispatcher.focusedWindow;
var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
QueryInterface(nsIScriptSecurityManager);
try {
secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
} catch (e) {
throw "Edit of " + url + " denied.";
}
var windowManager = Components.classes['@mozilla.org/rdf/datasource;1?name=window-mediator'].getService();
if (!windowManager) return;
var windowManagerInterface = windowManager.QueryInterface( Components.interfaces.nsIWindowMediator);