Merge branch 'ported-upstream'

author: wolfbeast <mcwerewolf@gmail.com> 2018-02-08 12:06:30 +0100
committer: wolfbeast <mcwerewolf@gmail.com> 2018-02-08 12:06:30 +0100
commit: 44cd9f2a915a4879371c5e0b059acc3e5a2378b0 (patch)
tree: 8cb1a4758b16d9caae55f525b73f5fca3824b4f7 /browser/components/extensions
parent: f8d1830b530cd553d788b3579d41725d35c4da7f (diff)
parent: b62fce0dc0c77a5788c331db32b3996e4020e2a5 (diff)
download: UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar
UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar.gz
UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar.lz
UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar.xz
UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.zip
3 files changed, 7 insertions, 0 deletions
diff --git a/browser/components/extensions/ext-browserAction.js b/browser/components/extensions/ext-browserAction.js
index 407366e2c..2c82ac701 100644
--- a/browser/components/extensions/ext-browserAction.js
+++ b/browser/components/extensions/ext-browserAction.js
@@ -497,6 +497,9 @@ extensions.registerSchemaAPI("browserAction", "addon_parent", context => {
         // For internal consistency, we currently resolve both relative to the
         // calling context.
         let url = details.popup && context.uri.resolve(details.popup);
+        if (url && !context.checkLoadURL(url)) {
+          return Promise.reject({message: `Access denied for URL ${url}`});
+        }
         BrowserAction.for(extension).setProperty(tab, "popup", url);
       },
 
diff --git a/browser/components/extensions/ext-pageAction.js b/browser/components/extensions/ext-pageAction.js
index 153f05d7a..5bf3a9c70 100644
--- a/browser/components/extensions/ext-pageAction.js
+++ b/browser/components/extensions/ext-pageAction.js
@@ -273,6 +273,9 @@ extensions.registerSchemaAPI("pageAction", "addon_parent", context => {
         // For internal consistency, we currently resolve both relative to the
         // calling context.
         let url = details.popup && context.uri.resolve(details.popup);
+        if (url && !context.checkLoadURL(url)) {
+          return Promise.reject({message: `Access denied for URL ${url}`});
+        }
         PageAction.for(extension).setProperty(tab, "popup", url);
       },
 
diff --git a/browser/components/extensions/schemas/page_action.json b/browser/components/extensions/schemas/page_action.json
index f4f9ee8db..126378ca5 100644
--- a/browser/components/extensions/schemas/page_action.json
+++ b/browser/components/extensions/schemas/page_action.json
@@ -173,6 +173,7 @@
       {
         "name": "setPopup",
         "type": "function",
+        "async": true,
         "description": "Sets the html document to be opened as a popup when the user clicks on the page action's icon.",
         "parameters": [
           {
author	wolfbeast <mcwerewolf@gmail.com>	2018-02-08 12:06:30 +0100
committer	wolfbeast <mcwerewolf@gmail.com>	2018-02-08 12:06:30 +0100
commit	44cd9f2a915a4879371c5e0b059acc3e5a2378b0 (patch)
tree	8cb1a4758b16d9caae55f525b73f5fca3824b4f7 /browser/components/extensions
parent	f8d1830b530cd553d788b3579d41725d35c4da7f (diff)
parent	b62fce0dc0c77a5788c331db32b3996e4020e2a5 (diff)
download	UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar.gz UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar.lz UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.tar.xz UXP-44cd9f2a915a4879371c5e0b059acc3e5a2378b0.zip