summaryrefslogtreecommitdiffstats
path: root/toolkit/modules
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-04-23 11:46:21 +0200
committerGitHub <noreply@github.com>2018-04-23 11:46:21 +0200
commit8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch)
tree5c6953fd44fddb74891ddd96613f1ef949c85fd7 /toolkit/modules
parent8ffac11aa6eb32be75ff049787191e12476586d3 (diff)
parentccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff)
downloadUXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.lz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.xz
UXP-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.zip
Merge pull request #231 from janekptacijarabaci/security_blocking_data_1
moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs
Diffstat (limited to 'toolkit/modules')
-rw-r--r--toolkit/modules/addons/WebRequestContent.js10
1 files changed, 10 insertions, 0 deletions
diff --git a/toolkit/modules/addons/WebRequestContent.js b/toolkit/modules/addons/WebRequestContent.js
index 219675e5b..f044a1cd4 100644
--- a/toolkit/modules/addons/WebRequestContent.js
+++ b/toolkit/modules/addons/WebRequestContent.js
@@ -80,6 +80,16 @@ var ContentPolicy = {
shouldLoad(policyType, contentLocation, requestOrigin,
node, mimeTypeGuess, extra, requestPrincipal) {
+
+ // Loads of TYPE_DOCUMENT and TYPE_SUBDOCUMENT perform a ConPol check
+ // within docshell as well as within the ContentSecurityManager. To avoid
+ // duplicate evaluations we ignore ConPol checks performed within docShell.
+ if (extra instanceof Ci.nsISupportsString) {
+ if (extra.data === "conPolCheckFromDocShell") {
+ return Ci.nsIContentPolicy.ACCEPT;
+ }
+ }
+
if (requestPrincipal &&
Services.scriptSecurityManager.isSystemPrincipal(requestPrincipal)) {
return Ci.nsIContentPolicy.ACCEPT;