summaryrefslogtreecommitdiffstats
path: root/application/palemoon/base/content/utilityOverlay.js
diff options
context:
space:
mode:
Diffstat (limited to 'application/palemoon/base/content/utilityOverlay.js')
-rw-r--r--application/palemoon/base/content/utilityOverlay.js56
1 files changed, 46 insertions, 10 deletions
diff --git a/application/palemoon/base/content/utilityOverlay.js b/application/palemoon/base/content/utilityOverlay.js
index 63488e209..2c1a95f83 100644
--- a/application/palemoon/base/content/utilityOverlay.js
+++ b/application/palemoon/base/content/utilityOverlay.js
@@ -230,6 +230,10 @@ function openLinkIn(url, where, params) {
var aDisallowInheritPrincipal = params.disallowInheritPrincipal;
var aInitiatingDoc = params.initiatingDoc;
var aIsPrivate = params.private;
+ var aPrincipal = params.originPrincipal;
+ var aTriggeringPrincipal = params.triggeringPrincipal;
+ var aForceAboutBlankViewerInCurrent =
+ params.forceAboutBlankViewerInCurrent;
var sendReferrerURI = true;
if (where == "save") {
@@ -254,6 +258,23 @@ function openLinkIn(url, where, params) {
// Note that if |w| is null we might have no current browser (we'll open a new window).
var aCurrentBrowser = params.currentBrowser || (w && w.gBrowser.selectedBrowser);
+ // Teach the principal about the right OA to use, e.g. in case when
+ // opening a link in a new private window.
+ // Please note we do not have to do that for SystemPrincipals and we
+ // can not do it for NullPrincipals since NullPrincipals are only
+ // identical if they actually are the same object (See Bug: 1346759)
+ function useOAForPrincipal(principal) {
+ if (principal && principal.isCodebasePrincipal) {
+ let attrs = {
+ privateBrowsingId: aIsPrivate || (w && PrivateBrowsingUtils.isWindowPrivate(w)),
+ };
+ return Services.scriptSecurityManager.createCodebasePrincipal(principal.URI, attrs);
+ }
+ return principal;
+ }
+ aPrincipal = useOAForPrincipal(aPrincipal);
+ aTriggeringPrincipal = useOAForPrincipal(aTriggeringPrincipal);
+
if (!w || where == "window") {
// This propagates to window.arguments.
// Strip referrer data when opening a new private window, to prevent
@@ -297,6 +318,8 @@ function openLinkIn(url, where, params) {
sa.AppendElement(aPostData);
sa.AppendElement(allowThirdPartyFixupSupports);
sa.AppendElement(referrerPolicySupports);
+ sa.AppendElement(aPrincipal);
+ sa.AppendElement(aTriggeringPrincipal);
let features = "chrome,dialog=no,all";
if (aIsPrivate) {
@@ -314,10 +337,17 @@ function openLinkIn(url, where, params) {
getBoolPref("browser.tabs.loadInBackground");
}
+ let uriObj;
+ if (where == "current") {
+ try {
+ uriObj = Services.io.newURI(url, null, null);
+ } catch (e) {}
+ }
+
if (where == "current" && w.gBrowser.selectedTab.pinned) {
try {
- let uriObj = Services.io.newURI(url, null, null);
- if (!uriObj.schemeIs("javascript") &&
+ // nsIURI.host can throw for non-nsStandardURL nsIURIs.
+ if (!uriObj || !uriObj.schemeIs("javascript") &&
w.gBrowser.currentURI.host != uriObj.host) {
where = "tab";
loadInBackground = false;
@@ -345,11 +375,22 @@ function openLinkIn(url, where, params) {
if (aForceAllowDataURI) {
flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FORCE_ALLOW_DATA_URI;
}
+ let {URI_INHERITS_SECURITY_CONTEXT} = Ci.nsIProtocolHandler;
+ if (aForceAboutBlankViewerInCurrent &&
+ (!uriObj ||
+ (Services.io.getProtocolFlags(uriObj.scheme) & URI_INHERITS_SECURITY_CONTEXT))) {
+ // Unless we know for sure we're not inheriting principals,
+ // force the about:blank viewer to have the right principal:
+ w.gBrowser.selectedBrowser.createAboutBlankContentViewer(aPrincipal);
+ }
+
w.gBrowser.loadURIWithFlags(url, {
flags: flags,
+ triggeringPrincipal: aTriggeringPrincipal,
referrerURI: aReferrerURI,
referrerPolicy: aReferrerPolicy,
postData: aPostData,
+ originPrincipal: aPrincipal,
});
browserUsedForLoad = aCurrentBrowser;
break;
@@ -365,7 +406,9 @@ function openLinkIn(url, where, params) {
postData: aPostData,
inBackground: loadInBackground,
allowThirdPartyFixup: aAllowThirdPartyFixup,
- relatedToCurrent: aRelatedToCurrent});
+ relatedToCurrent: aRelatedToCurrent,
+ originPrincipal: aPrincipal,
+ triggeringPrincipal: aTriggeringPrincipal });
browserUsedForLoad = tabUsedForLoad.linkedBrowser;
break;
}
@@ -564,13 +607,6 @@ function openFeedbackPage()
openUILinkIn(Services.prefs.getCharPref("browser.feedback.url"), "tab");
}
-function buildHelpMenu()
-{
- // Enable/disable the "Report Web Forgery" menu item.
- if (typeof gSafeBrowsing != "undefined")
- gSafeBrowsing.setReportPhishingMenu();
-}
-
function isElementVisible(aElement)
{
if (!aElement)