summaryrefslogtreecommitdiffstats
path: root/browser
diff options
context:
space:
mode:
Diffstat (limited to 'browser')
-rw-r--r--browser/components/downloads/DownloadsCommon.jsm8
-rw-r--r--browser/components/extensions/ext-browserAction.js3
-rw-r--r--browser/components/extensions/ext-pageAction.js3
-rw-r--r--browser/components/extensions/schemas/page_action.json1
4 files changed, 14 insertions, 1 deletions
diff --git a/browser/components/downloads/DownloadsCommon.jsm b/browser/components/downloads/DownloadsCommon.jsm
index b6684817d..90f14f2d8 100644
--- a/browser/components/downloads/DownloadsCommon.jsm
+++ b/browser/components/downloads/DownloadsCommon.jsm
@@ -42,6 +42,8 @@ XPCOMUtils.defineLazyModuleGetter(this, "NetUtil",
"resource://gre/modules/NetUtil.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "PluralForm",
"resource://gre/modules/PluralForm.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "AppConstants",
+ "resource://gre/modules/AppConstants.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "Downloads",
"resource://gre/modules/Downloads.jsm");
XPCOMUtils.defineLazyModuleGetter(this, "DownloadUIHelper",
@@ -460,8 +462,12 @@ this.DownloadsCommon = {
throw new Error("aOwnerWindow must be a dom-window object");
}
+ let isWindowsExe = AppConstants.platform == "win" &&
+ aFile.leafName.toLowerCase().endsWith(".exe");
+
let promiseShouldLaunch;
- if (aFile.isExecutable()) {
+ // Don't prompt on Windows for .exe since there will be a native prompt.
+ if (aFile.isExecutable() && !isWindowsExe) {
// We get a prompter for the provided window here, even though anchoring
// to the most recently active window should work as well.
promiseShouldLaunch =
diff --git a/browser/components/extensions/ext-browserAction.js b/browser/components/extensions/ext-browserAction.js
index 407366e2c..2c82ac701 100644
--- a/browser/components/extensions/ext-browserAction.js
+++ b/browser/components/extensions/ext-browserAction.js
@@ -497,6 +497,9 @@ extensions.registerSchemaAPI("browserAction", "addon_parent", context => {
// For internal consistency, we currently resolve both relative to the
// calling context.
let url = details.popup && context.uri.resolve(details.popup);
+ if (url && !context.checkLoadURL(url)) {
+ return Promise.reject({message: `Access denied for URL ${url}`});
+ }
BrowserAction.for(extension).setProperty(tab, "popup", url);
},
diff --git a/browser/components/extensions/ext-pageAction.js b/browser/components/extensions/ext-pageAction.js
index 153f05d7a..5bf3a9c70 100644
--- a/browser/components/extensions/ext-pageAction.js
+++ b/browser/components/extensions/ext-pageAction.js
@@ -273,6 +273,9 @@ extensions.registerSchemaAPI("pageAction", "addon_parent", context => {
// For internal consistency, we currently resolve both relative to the
// calling context.
let url = details.popup && context.uri.resolve(details.popup);
+ if (url && !context.checkLoadURL(url)) {
+ return Promise.reject({message: `Access denied for URL ${url}`});
+ }
PageAction.for(extension).setProperty(tab, "popup", url);
},
diff --git a/browser/components/extensions/schemas/page_action.json b/browser/components/extensions/schemas/page_action.json
index f4f9ee8db..126378ca5 100644
--- a/browser/components/extensions/schemas/page_action.json
+++ b/browser/components/extensions/schemas/page_action.json
@@ -173,6 +173,7 @@
{
"name": "setPopup",
"type": "function",
+ "async": true,
"description": "Sets the html document to be opened as a popup when the user clicks on the page action's icon.",
"parameters": [
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-11 08:13:39 +0000