diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-04-23 11:46:21 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-23 11:46:21 +0200 |
commit | 8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch) | |
tree | 5c6953fd44fddb74891ddd96613f1ef949c85fd7 /application | |
parent | 8ffac11aa6eb32be75ff049787191e12476586d3 (diff) | |
parent | ccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff) | |
download | UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.lz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.xz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.zip |
Merge pull request #231 from janekptacijarabaci/security_blocking_data_1
moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs
Diffstat (limited to 'application')
-rw-r--r-- | application/palemoon/base/content/nsContextMenu.js | 3 | ||||
-rw-r--r-- | application/palemoon/base/content/utilityOverlay.js | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/application/palemoon/base/content/nsContextMenu.js b/application/palemoon/base/content/nsContextMenu.js index 3d5d40e4c..830c20998 100644 --- a/application/palemoon/base/content/nsContextMenu.js +++ b/application/palemoon/base/content/nsContextMenu.js @@ -909,7 +909,8 @@ nsContextMenu.prototype = { Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT); let doc = this.target.ownerDocument; openUILink(viewURL, e, { disallowInheritPrincipal: true, - referrerURI: doc.documentURIObject }); + referrerURI: doc.documentURIObject, + forceAllowDataURI: true }); } }, diff --git a/application/palemoon/base/content/utilityOverlay.js b/application/palemoon/base/content/utilityOverlay.js index b1e78d6a9..86cc5cea5 100644 --- a/application/palemoon/base/content/utilityOverlay.js +++ b/application/palemoon/base/content/utilityOverlay.js @@ -205,6 +205,7 @@ function openUILinkIn(url, where, aAllowThirdPartyFixup, aPostData, aReferrerURI openLinkIn(url, where, params); } +/* eslint-disable complexity */ function openLinkIn(url, where, params) { if (!where || !url) return; @@ -215,6 +216,7 @@ function openLinkIn(url, where, params) { var aCharset = params.charset; var aReferrerURI = params.referrerURI; var aRelatedToCurrent = params.relatedToCurrent; + var aForceAllowDataURI = params.forceAllowDataURI; var aInBackground = params.inBackground; var aDisallowInheritPrincipal = params.disallowInheritPrincipal; var aInitiatingDoc = params.initiatingDoc; @@ -315,6 +317,9 @@ function openLinkIn(url, where, params) { } if (aDisallowInheritPrincipal) flags |= Ci.nsIWebNavigation.LOAD_FLAGS_DISALLOW_INHERIT_OWNER; + if (aForceAllowDataURI) { + flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FORCE_ALLOW_DATA_URI; + } w.gBrowser.loadURIWithFlags(url, flags, aReferrerURI, null, aPostData); break; case "tabshifted": |