diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-05-01 00:22:01 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-05-01 00:22:01 +0200 |
commit | cc4036a9cd56d504667c07fe215e61b22ab0e1f4 (patch) | |
tree | 5c7dea17ce684c1cce57011ef487370c22d0e677 /browser/base/content/utilityOverlay.js | |
parent | 855f11d8f6789bcf10442f8e426bfc1f66bf834d (diff) | |
download | UXP-cc4036a9cd56d504667c07fe215e61b22ab0e1f4.tar UXP-cc4036a9cd56d504667c07fe215e61b22ab0e1f4.tar.gz UXP-cc4036a9cd56d504667c07fe215e61b22ab0e1f4.tar.lz UXP-cc4036a9cd56d504667c07fe215e61b22ab0e1f4.tar.xz UXP-cc4036a9cd56d504667c07fe215e61b22ab0e1f4.zip |
Bug 1344706 - Do not reuse originPrincipal as triggeringPrincipal within utilityOverlay.js
Diffstat (limited to 'browser/base/content/utilityOverlay.js')
-rw-r--r-- | browser/base/content/utilityOverlay.js | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js index 4b6f78bf3..b041915a7 100644 --- a/browser/base/content/utilityOverlay.js +++ b/browser/base/content/utilityOverlay.js @@ -225,6 +225,7 @@ function openLinkIn(url, where, params) { var aUserContextId = params.userContextId; var aIndicateErrorPageLoad = params.indicateErrorPageLoad; var aPrincipal = params.originPrincipal; + var aTriggeringPrincipal = params.triggeringPrincipal; var aForceAboutBlankViewerInCurrent = params.forceAboutBlankViewerInCurrent; @@ -264,13 +265,18 @@ function openLinkIn(url, where, params) { // Please note we do not have to do that for SystemPrincipals and we // can not do it for NullPrincipals since NullPrincipals are only // identical if they actually are the same object (See Bug: 1346759) - if (aPrincipal && aPrincipal.isCodebasePrincipal) { - let attrs = { - userContextId: aUserContextId, - privateBrowsingId: aIsPrivate || (w && PrivateBrowsingUtils.isWindowPrivate(w)), - }; - aPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(aPrincipal.URI, attrs); + function useOAForPrincipal(principal) { + if (principal && principal.isCodebasePrincipal) { + let attrs = { + userContextId: aUserContextId, + privateBrowsingId: aIsPrivate || (w && PrivateBrowsingUtils.isWindowPrivate(w)), + }; + return Services.scriptSecurityManager.createCodebasePrincipal(principal.URI, attrs); + } + return principal; } + aPrincipal = useOAForPrincipal(aPrincipal); + aTriggeringPrincipal = useOAForPrincipal(aTriggeringPrincipal); if (!w || where == "window") { // Strip referrer data when opening a new private window, to prevent @@ -321,6 +327,7 @@ function openLinkIn(url, where, params) { sa.appendElement(referrerPolicySupports, /* weak =*/ false); sa.appendElement(userContextIdSupports, /* weak =*/ false); sa.appendElement(aPrincipal, /* weak =*/ false); + sa.appendElement(aTriggeringPrincipal, /* weak =*/ false); let features = "chrome,dialog=no,all"; if (aIsPrivate) { @@ -407,7 +414,7 @@ function openLinkIn(url, where, params) { } aCurrentBrowser.loadURIWithFlags(url, { - triggeringPrincipal: aPrincipal, + triggeringPrincipal: aTriggeringPrincipal, flags: flags, referrerURI: aNoReferrer ? null : aReferrerURI, referrerPolicy: aReferrerPolicy, @@ -433,7 +440,7 @@ function openLinkIn(url, where, params) { noReferrer: aNoReferrer, userContextId: aUserContextId, originPrincipal: aPrincipal, - triggeringPrincipal: aPrincipal, + triggeringPrincipal: aTriggeringPrincipal, }); browserUsedForLoad = tabUsedForLoad.linkedBrowser; break; |