summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-04-23 11:46:21 +0200
committerGitHub <noreply@github.com>2018-04-23 11:46:21 +0200
commit8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch)
tree5c6953fd44fddb74891ddd96613f1ef949c85fd7 /application
parent8ffac11aa6eb32be75ff049787191e12476586d3 (diff)
parentccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff)
downloadUXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.lz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.xz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.zip
Merge pull request #231 from janekptacijarabaci/security_blocking_data_1
moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs
Diffstat (limited to 'application')
-rw-r--r--application/palemoon/base/content/nsContextMenu.js3
-rw-r--r--application/palemoon/base/content/utilityOverlay.js5
2 files changed, 7 insertions, 1 deletions
diff --git a/application/palemoon/base/content/nsContextMenu.js b/application/palemoon/base/content/nsContextMenu.js
index 3d5d40e4c..830c20998 100644
--- a/application/palemoon/base/content/nsContextMenu.js
+++ b/application/palemoon/base/content/nsContextMenu.js
@@ -909,7 +909,8 @@ nsContextMenu.prototype = {
Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
let doc = this.target.ownerDocument;
openUILink(viewURL, e, { disallowInheritPrincipal: true,
- referrerURI: doc.documentURIObject });
+ referrerURI: doc.documentURIObject,
+ forceAllowDataURI: true });
}
},
diff --git a/application/palemoon/base/content/utilityOverlay.js b/application/palemoon/base/content/utilityOverlay.js
index b1e78d6a9..86cc5cea5 100644
--- a/application/palemoon/base/content/utilityOverlay.js
+++ b/application/palemoon/base/content/utilityOverlay.js
@@ -205,6 +205,7 @@ function openUILinkIn(url, where, aAllowThirdPartyFixup, aPostData, aReferrerURI
openLinkIn(url, where, params);
}
+/* eslint-disable complexity */
function openLinkIn(url, where, params) {
if (!where || !url)
return;
@@ -215,6 +216,7 @@ function openLinkIn(url, where, params) {
var aCharset = params.charset;
var aReferrerURI = params.referrerURI;
var aRelatedToCurrent = params.relatedToCurrent;
+ var aForceAllowDataURI = params.forceAllowDataURI;
var aInBackground = params.inBackground;
var aDisallowInheritPrincipal = params.disallowInheritPrincipal;
var aInitiatingDoc = params.initiatingDoc;
@@ -315,6 +317,9 @@ function openLinkIn(url, where, params) {
}
if (aDisallowInheritPrincipal)
flags |= Ci.nsIWebNavigation.LOAD_FLAGS_DISALLOW_INHERIT_OWNER;
+ if (aForceAllowDataURI) {
+ flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FORCE_ALLOW_DATA_URI;
+ }
w.gBrowser.loadURIWithFlags(url, flags, aReferrerURI, null, aPostData);
break;
case "tabshifted":