diff --git a/mozilla/caps/idl/nsIScriptSecurityManager.idl b/mozilla/caps/idl/nsIScriptSecurityManager.idl index 521281c3095..a102b40eee8 100644 --- a/mozilla/caps/idl/nsIScriptSecurityManager.idl +++ b/mozilla/caps/idl/nsIScriptSecurityManager.idl @@ -198,6 +198,12 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager [noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx, in JSObjectPtr obj); + /** + * Returns true if the principal of the currently running script is the + * system principal, false otherwise. + */ + boolean subjectPrincipalIsSystem(); + /** * Forget all currently stored security policies and reread from prefs. * This must be called after any capability.policy prefs have changed. diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp index df27be9b0a5..ac4d940ff46 100644 --- a/mozilla/caps/src/nsScriptSecurityManager.cpp +++ b/mozilla/caps/src/nsScriptSecurityManager.cpp @@ -1248,6 +1248,31 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result) return NS_OK; } +NS_IMETHODIMP +nsScriptSecurityManager::SubjectPrincipalIsSystem(PRBool* aIsSystem) +{ + NS_ENSURE_ARG_POINTER(aIsSystem); + *aIsSystem = PR_FALSE; + + if (!mSystemPrincipal) + return NS_OK; + + nsCOMPtr subject; + nsresult rv = GetSubjectPrincipal(getter_AddRefs(subject)); + if (NS_FAILED(rv)) + return rv; + + if(!subject) + { + // No subject principal means no JS is running; + // this is the equivalent of system principal code + *aIsSystem = PR_TRUE; + return NS_OK; + } + + return mSystemPrincipal->Equals(subject, aIsSystem); +} + NS_IMETHODIMP nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID, nsIPrincipal **result) @@ -2708,7 +2733,6 @@ nsScriptSecurityManager::InitPrefs() PRUint32 prefCount; char** prefNames; - //-- Set a callback for policy changes // Registering the security manager as an observer to the // profile-after-change topic. We will build up the policy table // after the initial profile loads and after profile switches. diff --git a/mozilla/dom/src/base/nsGlobalWindow.cpp b/mozilla/dom/src/base/nsGlobalWindow.cpp index 27de3ef1e27..1a74a58ce0d 100644 --- a/mozilla/dom/src/base/nsGlobalWindow.cpp +++ b/mozilla/dom/src/base/nsGlobalWindow.cpp @@ -1194,6 +1194,18 @@ NS_IMETHODIMP GlobalWindowImpl::GetOpener(nsIDOMWindowInternal** aOpener) { *aOpener = nsnull; + // First, check if we were called from a privileged chrome script + nsCOMPtr secMan( + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID)); + NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE); + PRBool inChrome; + nsresult rv = secMan->SubjectPrincipalIsSystem(&inChrome); + if (NS_SUCCEEDED(rv) && inChrome) { + *aOpener = mOpener; + NS_IF_ADDREF(*aOpener); + return NS_OK; + } + // We don't want to reveal the opener if the opener is a mail window, // because opener can be used to spoof the contents of a message (bug 105050). // So, we look in the opener's root docshell to see if it's a mail window.