diff options
author | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-22 19:03:22 +0200 |
---|---|---|
committer | janekptacijarabaci <janekptacijarabaci@seznam.cz> | 2018-04-22 19:03:22 +0200 |
commit | f1e5578718ea8883438cfea06d3c55d25f5c0278 (patch) | |
tree | 5afce22662aad4e58a894d061ed65ac3ce68cee7 /docshell/base/nsDSURIContentListener.cpp | |
parent | 1b4c4256ee7705724b02919b4d432b2a391bcd04 (diff) | |
download | UXP-f1e5578718ea8883438cfea06d3c55d25f5c0278.tar UXP-f1e5578718ea8883438cfea06d3c55d25f5c0278.tar.gz UXP-f1e5578718ea8883438cfea06d3c55d25f5c0278.tar.lz UXP-f1e5578718ea8883438cfea06d3c55d25f5c0278.tar.xz UXP-f1e5578718ea8883438cfea06d3c55d25f5c0278.zip |
moebius#226: Consider blocking top level window data: URIs (part 2/2 without tests)
https://github.com/MoonchildProductions/moebius/pull/226
Diffstat (limited to 'docshell/base/nsDSURIContentListener.cpp')
-rw-r--r-- | docshell/base/nsDSURIContentListener.cpp | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docshell/base/nsDSURIContentListener.cpp b/docshell/base/nsDSURIContentListener.cpp index 93ce3cb26..ee6a4dd62 100644 --- a/docshell/base/nsDSURIContentListener.cpp +++ b/docshell/base/nsDSURIContentListener.cpp @@ -17,6 +17,7 @@ #include "nsIHttpChannel.h" #include "nsIScriptSecurityManager.h" #include "nsError.h" +#include "nsContentSecurityManager.h" #include "nsCharSeparatedTokenizer.h" #include "nsIConsoleService.h" #include "nsIScriptError.h" @@ -93,6 +94,14 @@ nsDSURIContentListener::DoContent(const nsACString& aContentType, if (aOpenedChannel) { aOpenedChannel->GetLoadFlags(&loadFlags); + + // block top-level data URI navigations if triggered by the web + if (!nsContentSecurityManager::AllowTopLevelNavigationToDataURI(aOpenedChannel)) { + // logging to console happens within AllowTopLevelNavigationToDataURI + aRequest->Cancel(NS_ERROR_DOM_BAD_URI); + *aAbortProcess = true; + return NS_OK; + } } if (loadFlags & nsIChannel::LOAD_RETARGETED_DOCUMENT_URI) { |