diff options
author | Moonchild <mcwerewolf@gmail.com> | 2018-04-23 11:46:21 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-23 11:46:21 +0200 |
commit | 8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch) | |
tree | 5c6953fd44fddb74891ddd96613f1ef949c85fd7 /toolkit/modules | |
parent | 8ffac11aa6eb32be75ff049787191e12476586d3 (diff) | |
parent | ccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff) | |
download | UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.lz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.xz UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.zip |
Merge pull request #231 from janekptacijarabaci/security_blocking_data_1
moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs
Diffstat (limited to 'toolkit/modules')
-rw-r--r-- | toolkit/modules/addons/WebRequestContent.js | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/toolkit/modules/addons/WebRequestContent.js b/toolkit/modules/addons/WebRequestContent.js index 219675e5b..f044a1cd4 100644 --- a/toolkit/modules/addons/WebRequestContent.js +++ b/toolkit/modules/addons/WebRequestContent.js @@ -80,6 +80,16 @@ var ContentPolicy = { shouldLoad(policyType, contentLocation, requestOrigin, node, mimeTypeGuess, extra, requestPrincipal) { + + // Loads of TYPE_DOCUMENT and TYPE_SUBDOCUMENT perform a ConPol check + // within docshell as well as within the ContentSecurityManager. To avoid + // duplicate evaluations we ignore ConPol checks performed within docShell. + if (extra instanceof Ci.nsISupportsString) { + if (extra.data === "conPolCheckFromDocShell") { + return Ci.nsIContentPolicy.ACCEPT; + } + } + if (requestPrincipal && Services.scriptSecurityManager.isSystemPrincipal(requestPrincipal)) { return Ci.nsIContentPolicy.ACCEPT; |