diff options
Diffstat (limited to 'docshell/base')
| -rw-r--r-- | docshell/base/nsAboutRedirector.cpp | 32 | ||||
| -rw-r--r-- | docshell/base/nsDSURIContentListener.cpp | 9 | ||||
| -rw-r--r-- | docshell/base/nsDocShell.cpp | 139 | ||||
| -rw-r--r-- | docshell/base/nsDocShell.h | 2 | ||||
| -rw-r--r-- | docshell/base/nsDocShellLoadInfo.cpp | 15 | ||||
| -rw-r--r-- | docshell/base/nsDocShellLoadInfo.h | 1 | ||||
| -rw-r--r-- | docshell/base/nsIDocShell.idl | 3 | ||||
| -rw-r--r-- | docshell/base/nsIDocShellLoadInfo.idl | 6 | ||||
| -rw-r--r-- | docshell/base/nsIRefreshURI.idl | 15 | ||||
| -rw-r--r-- | docshell/base/nsIWebNavigation.idl | 6 |
10 files changed, 155 insertions, 73 deletions
diff --git a/docshell/base/nsAboutRedirector.cpp b/docshell/base/nsAboutRedirector.cpp index e7d362864..e56447296 100644 --- a/docshell/base/nsAboutRedirector.cpp +++ b/docshell/base/nsAboutRedirector.cpp @@ -42,17 +42,14 @@ static RedirEntry kRedirMap[] = { { "buildconfig", "chrome://global/content/buildconfig.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | - nsIAboutModule::MAKE_LINKABLE + nsIAboutModule::MAKE_LINKABLE }, { "checkerboard", "chrome://global/content/aboutCheckerboard.xhtml", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | - nsIAboutModule::ALLOW_SCRIPT + nsIAboutModule::ALLOW_SCRIPT }, { "config", "chrome://global/content/config.xul", 0 }, -#ifdef MOZ_CRASHREPORTER - { "crashes", "chrome://global/content/crashes.xhtml", 0 }, -#endif { "credits", "http://www.palemoon.org/Contributors.shtml", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | @@ -67,7 +64,7 @@ static RedirEntry kRedirMap[] = { { "license", "chrome://global/content/license.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | - nsIAboutModule::MAKE_LINKABLE + nsIAboutModule::MAKE_LINKABLE }, { "logo", "chrome://branding/content/about.png", @@ -75,6 +72,13 @@ static RedirEntry kRedirMap[] = { // Linkable for testing reasons. nsIAboutModule::MAKE_LINKABLE }, +#ifdef MOZ_PHOENIX + { + "logopage", "chrome://global/content/logopage.xhtml", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + nsIAboutModule::HIDE_FROM_ABOUTABOUT + }, +#endif { "memory", "chrome://global/content/aboutMemory.xhtml", nsIAboutModule::ALLOW_SCRIPT @@ -86,9 +90,9 @@ static RedirEntry kRedirMap[] = { { "neterror", "chrome://global/content/netError.xhtml", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | - nsIAboutModule::URI_CAN_LOAD_IN_CHILD | - nsIAboutModule::ALLOW_SCRIPT | - nsIAboutModule::HIDE_FROM_ABOUTABOUT + nsIAboutModule::URI_CAN_LOAD_IN_CHILD | + nsIAboutModule::ALLOW_SCRIPT | + nsIAboutModule::HIDE_FROM_ABOUTABOUT }, { "networking", "chrome://global/content/aboutNetworking.xhtml", @@ -97,7 +101,7 @@ static RedirEntry kRedirMap[] = { { "newaddon", "chrome://mozapps/content/extensions/newaddon.xul", nsIAboutModule::ALLOW_SCRIPT | - nsIAboutModule::HIDE_FROM_ABOUTABOUT + nsIAboutModule::HIDE_FROM_ABOUTABOUT }, { "performance", "chrome://global/content/aboutPerformance.xhtml", @@ -124,10 +128,10 @@ static RedirEntry kRedirMap[] = { { "srcdoc", "about:blank", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | - nsIAboutModule::HIDE_FROM_ABOUTABOUT | - // Needs to be linkable so content can touch its own srcdoc frames - nsIAboutModule::MAKE_LINKABLE | - nsIAboutModule::URI_CAN_LOAD_IN_CHILD + nsIAboutModule::HIDE_FROM_ABOUTABOUT | + // Needs to be linkable so content can touch its own srcdoc frames + nsIAboutModule::MAKE_LINKABLE | + nsIAboutModule::URI_CAN_LOAD_IN_CHILD }, { "support", "chrome://global/content/aboutSupport.xhtml", diff --git a/docshell/base/nsDSURIContentListener.cpp b/docshell/base/nsDSURIContentListener.cpp index 93ce3cb26..ee6a4dd62 100644 --- a/docshell/base/nsDSURIContentListener.cpp +++ b/docshell/base/nsDSURIContentListener.cpp @@ -17,6 +17,7 @@ #include "nsIHttpChannel.h" #include "nsIScriptSecurityManager.h" #include "nsError.h" +#include "nsContentSecurityManager.h" #include "nsCharSeparatedTokenizer.h" #include "nsIConsoleService.h" #include "nsIScriptError.h" @@ -93,6 +94,14 @@ nsDSURIContentListener::DoContent(const nsACString& aContentType, if (aOpenedChannel) { aOpenedChannel->GetLoadFlags(&loadFlags); + + // block top-level data URI navigations if triggered by the web + if (!nsContentSecurityManager::AllowTopLevelNavigationToDataURI(aOpenedChannel)) { + // logging to console happens within AllowTopLevelNavigationToDataURI + aRequest->Cancel(NS_ERROR_DOM_BAD_URI); + *aAbortProcess = true; + return NS_OK; + } } if (loadFlags & nsIChannel::LOAD_RETARGETED_DOCUMENT_URI) { diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 2e08e6720..bd2a8a433 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -42,6 +42,7 @@ #include "nsArray.h" #include "nsArrayUtils.h" +#include "nsContentSecurityManager.h" #include "nsICaptivePortalService.h" #include "nsIDOMStorage.h" #include "nsIContentViewer.h" @@ -138,6 +139,7 @@ #include "nsISiteSecurityService.h" #include "nsStructuredCloneContainer.h" #include "nsIStructuredCloneContainer.h" +#include "nsISupportsPrimitives.h" #ifdef MOZ_PLACES #include "nsIFaviconService.h" #include "mozIPlacesPendingOperation.h" @@ -1272,6 +1274,7 @@ nsDocShell::LoadURI(nsIURI* aURI, nsCOMPtr<nsISHEntry> shEntry; nsXPIDLString target; nsAutoString srcdoc; + bool forceAllowDataURI = false; nsCOMPtr<nsIDocShell> sourceDocShell; nsCOMPtr<nsIURI> baseURI; @@ -1307,6 +1310,7 @@ nsDocShell::LoadURI(nsIURI* aURI, aLoadInfo->GetSrcdocData(srcdoc); aLoadInfo->GetSourceDocShell(getter_AddRefs(sourceDocShell)); aLoadInfo->GetBaseURI(getter_AddRefs(baseURI)); + aLoadInfo->GetForceAllowDataURI(&forceAllowDataURI); } #if defined(DEBUG) @@ -1560,6 +1564,10 @@ nsDocShell::LoadURI(nsIURI* aURI, flags |= INTERNAL_LOAD_FLAGS_IS_SRCDOC; } + if (forceAllowDataURI) { + flags |= INTERNAL_LOAD_FLAGS_FORCE_ALLOW_DATA_URI; + } + return InternalLoad(aURI, originalURI, loadReplace, @@ -2289,13 +2297,6 @@ nsDocShell::GetUseRemoteTabs(bool* aUseRemoteTabs) NS_IMETHODIMP nsDocShell::SetRemoteTabs(bool aUseRemoteTabs) { -#ifdef MOZ_CRASHREPORTER - if (aUseRemoteTabs) { - CrashReporter::AnnotateCrashReport(NS_LITERAL_CSTRING("DOMIPCEnabled"), - NS_LITERAL_CSTRING("1")); - } -#endif - mUseRemoteTabs = aUseRemoteTabs; return NS_OK; } @@ -4828,6 +4829,9 @@ nsDocShell::LoadURIWithOptions(const char16_t* aURI, } nsAutoPopupStatePusher statePusher(popupState); + bool forceAllowDataURI = + aLoadFlags & LOAD_FLAGS_FORCE_ALLOW_DATA_URI; + // Don't pass certain flags that aren't needed and end up confusing // ConvertLoadTypeToDocShellLoadInfo. We do need to ensure that they are // passed to LoadURI though, since it uses them. @@ -4857,6 +4861,7 @@ nsDocShell::LoadURIWithOptions(const char16_t* aURI, loadInfo->SetReferrerPolicy(aReferrerPolicy); loadInfo->SetHeadersStream(aHeaderStream); loadInfo->SetBaseURI(aBaseURI); + loadInfo->SetForceAllowDataURI(forceAllowDataURI); if (fixupInfo) { nsAutoString searchProvider, keyword; @@ -6806,9 +6811,17 @@ nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh, nsI */ loadInfo->SetReferrer(mCurrentURI); - /* Don't ever "guess" on which principal to use to avoid picking - * the current principal. - */ + // Set the triggering pricipal to aPrincipal if available, or current + // document's principal otherwise. + nsCOMPtr<nsIPrincipal> principal = aPrincipal; + if (!principal) { + nsCOMPtr<nsIDocument> doc = GetDocument(); + if (!doc) { + return NS_ERROR_FAILURE; + } + principal = doc->NodePrincipal(); + } + loadInfo->SetTriggeringPrincipal(principal); loadInfo->SetPrincipalIsExplicit(true); /* Check if this META refresh causes a redirection @@ -6836,13 +6849,6 @@ nsDocShell::ForceRefreshURI(nsIURI* aURI, int32_t aDelay, bool aMetaRefresh, nsI loadInfo->SetLoadType(nsIDocShellLoadInfo::loadRefresh); } - // If the principal is null, the refresh will have a triggeringPrincipal - // derived from the referrer URI, or will be set to the system principal - // if there is no refererrer. See LoadURI() - if (aPrincipal) { - loadInfo->SetTriggeringPrincipal(aPrincipal); - } - /* * LoadURI(...) will cancel all refresh timers... This causes the * Timer and its refreshData instance to be released... @@ -9890,49 +9896,49 @@ nsDocShell::InternalLoad(nsIURI* aURI, contentType = nsIContentPolicy::TYPE_DOCUMENT; } - // If there's no targetDocShell, that means we are about to create a new window, - // perform a content policy check before creating the window. - if (!targetDocShell) { - nsCOMPtr<Element> requestingElement; + // If there's no targetDocShell, that means we are about to create a new + // window (or aWindowTarget is empty). Perform a content policy check before + // creating the window. Please note for all other docshell loads + // content policy checks are performed within the contentSecurityManager + // when the channel is about to be openend. + if (!targetDocShell && !aWindowTarget.IsEmpty()) { + MOZ_ASSERT(contentType == nsIContentPolicy::TYPE_DOCUMENT, + "opening a new window requires type to be TYPE_DOCUMENT"); + nsISupports* requestingContext = nullptr; - if (contentType == nsIContentPolicy::TYPE_DOCUMENT) { - if (XRE_IsContentProcess()) { - // In e10s the child process doesn't have access to the element that - // contains the browsing context (because that element is in the chrome - // process). So we just pass mScriptGlobal. - requestingContext = ToSupports(mScriptGlobal); - } else { - // This is for loading non-e10s tabs and toplevel windows of various - // sorts. - // For the toplevel window cases, requestingElement will be null. - requestingElement = mScriptGlobal->AsOuter()->GetFrameElementInternal(); - requestingContext = requestingElement; - } + if (XRE_IsContentProcess()) { + // In e10s the child process doesn't have access to the element that + // contains the browsing context (because that element is in the chrome + // process). So we just pass mScriptGlobal. + requestingContext = ToSupports(mScriptGlobal); } else { - requestingElement = mScriptGlobal->AsOuter()->GetFrameElementInternal(); + // This is for loading non-e10s tabs and toplevel windows of various + // sorts. + // For the toplevel window cases, requestingElement will be null. + nsCOMPtr<Element> requestingElement = + mScriptGlobal->AsOuter()->GetFrameElementInternal(); requestingContext = requestingElement; - -#ifdef DEBUG - if (requestingElement) { - // Get the docshell type for requestingElement. - nsCOMPtr<nsIDocument> requestingDoc = requestingElement->OwnerDoc(); - nsCOMPtr<nsIDocShell> elementDocShell = requestingDoc->GetDocShell(); - - // requestingElement docshell type = current docshell type. - MOZ_ASSERT(mItemType == elementDocShell->ItemType(), - "subframes should have the same docshell type as their parent"); - } -#endif } + // Since Content Policy checks are performed within docShell as well as + // the ContentSecurityManager we need a reliable way to let certain + // nsIContentPolicy consumers ignore duplicate calls. Let's use the 'extra' + // argument to pass a specific identifier. + nsCOMPtr<nsISupportsString> extraStr = + do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + NS_NAMED_LITERAL_STRING(msg, "conPolCheckFromDocShell"); + rv = extraStr->SetData(msg); + NS_ENSURE_SUCCESS(rv, rv); + int16_t shouldLoad = nsIContentPolicy::ACCEPT; rv = NS_CheckContentLoadPolicy(contentType, aURI, aTriggeringPrincipal, requestingContext, EmptyCString(), // mime guess - nullptr, // extra + extraStr, // extra &shouldLoad); if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) { @@ -10088,6 +10094,7 @@ nsDocShell::InternalLoad(nsIURI* aURI, // principal to inherit is: it should be aTriggeringPrincipal. loadInfo->SetPrincipalIsExplicit(true); loadInfo->SetLoadType(ConvertLoadTypeToDocShellLoadInfo(LOAD_LINK)); + loadInfo->SetForceAllowDataURI(aFlags & INTERNAL_LOAD_FLAGS_FORCE_ALLOW_DATA_URI); rv = win->Open(NS_ConvertUTF8toUTF16(spec), aWindowTarget, // window name @@ -10238,8 +10245,11 @@ nsDocShell::InternalLoad(nsIURI* aURI, } } + bool loadFromExternal = false; + // Before going any further vet loads initiated by external programs. if (aLoadType == LOAD_NORMAL_EXTERNAL) { + loadFromExternal = true; // Disallow external chrome: loads targetted at content windows bool isChrome = false; if (NS_SUCCEEDED(aURI->SchemeIs("chrome", &isChrome)) && isChrome) { @@ -10730,7 +10740,9 @@ nsDocShell::InternalLoad(nsIURI* aURI, nsINetworkPredictor::PREDICT_LOAD, this, nullptr); nsCOMPtr<nsIRequest> req; - rv = DoURILoad(aURI, aOriginalURI, aLoadReplace, aReferrer, + rv = DoURILoad(aURI, aOriginalURI, aLoadReplace, loadFromExternal, + (aFlags & INTERNAL_LOAD_FLAGS_FORCE_ALLOW_DATA_URI), + aReferrer, !(aFlags & INTERNAL_LOAD_FLAGS_DONT_SEND_REFERRER), aReferrerPolicy, aTriggeringPrincipal, principalToInherit, aTypeHint, @@ -10810,6 +10822,8 @@ nsresult nsDocShell::DoURILoad(nsIURI* aURI, nsIURI* aOriginalURI, bool aLoadReplace, + bool aLoadFromExternal, + bool aForceAllowDataURI, nsIURI* aReferrerURI, bool aSendReferrer, uint32_t aReferrerPolicy, @@ -10886,17 +10900,40 @@ nsDocShell::DoURILoad(nsIURI* aURI, nsCOMPtr<nsINode> loadingNode; nsCOMPtr<nsPIDOMWindowOuter> loadingWindow; nsCOMPtr<nsIPrincipal> loadingPrincipal; + nsCOMPtr<nsISupports> topLevelLoadingContext; if (aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) { loadingNode = nullptr; loadingPrincipal = nullptr; loadingWindow = mScriptGlobal->AsOuter(); + if (XRE_IsContentProcess()) { + // In e10s the child process doesn't have access to the element that + // contains the browsing context (because that element is in the chrome + // process). + nsCOMPtr<nsITabChild> tabChild = GetTabChild(); + topLevelLoadingContext = ToSupports(tabChild); + } else { + // This is for loading non-e10s tabs and toplevel windows of various + // sorts. + // For the toplevel window cases, requestingElement will be null. + nsCOMPtr<Element> requestingElement = + loadingWindow->GetFrameElementInternal(); + topLevelLoadingContext = requestingElement; + } } else { loadingWindow = nullptr; loadingNode = mScriptGlobal->AsOuter()->GetFrameElementInternal(); if (loadingNode) { // If we have a loading node, then use that as our loadingPrincipal. loadingPrincipal = loadingNode->NodePrincipal(); +#ifdef DEBUG + // Get the docshell type for requestingElement. + nsCOMPtr<nsIDocument> requestingDoc = loadingNode->OwnerDoc(); + nsCOMPtr<nsIDocShell> elementDocShell = requestingDoc->GetDocShell(); + // requestingElement docshell type = current docshell type. + MOZ_ASSERT(mItemType == elementDocShell->ItemType(), + "subframes should have the same docshell type as their parent"); +#endif } else { // If this isn't a top-level load and mScriptGlobal's frame element is // null, then the element got removed from the DOM while we were trying @@ -10946,7 +10983,7 @@ nsDocShell::DoURILoad(nsIURI* aURI, nsCOMPtr<nsILoadInfo> loadInfo = (aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) ? - new LoadInfo(loadingWindow, aTriggeringPrincipal, + new LoadInfo(loadingWindow, aTriggeringPrincipal, topLevelLoadingContext, securityFlags) : new LoadInfo(loadingPrincipal, aTriggeringPrincipal, loadingNode, securityFlags, aContentPolicyType); @@ -10954,6 +10991,8 @@ nsDocShell::DoURILoad(nsIURI* aURI, if (aPrincipalToInherit) { loadInfo->SetPrincipalToInherit(aPrincipalToInherit); } + loadInfo->SetLoadTriggeredFromExternal(aLoadFromExternal); + loadInfo->SetForceAllowDataURI(aForceAllowDataURI); // We have to do this in case our OriginAttributes are different from the // OriginAttributes of the parent document. Or in case there isn't a diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h index 3ca9e0b34..63a4e3358 100644 --- a/docshell/base/nsDocShell.h +++ b/docshell/base/nsDocShell.h @@ -369,6 +369,8 @@ protected: nsresult DoURILoad(nsIURI* aURI, nsIURI* aOriginalURI, bool aLoadReplace, + bool aLoadFromExternal, + bool aForceAllowDataURI, nsIURI* aReferrer, bool aSendReferrer, uint32_t aReferrerPolicy, diff --git a/docshell/base/nsDocShellLoadInfo.cpp b/docshell/base/nsDocShellLoadInfo.cpp index 7d0034b04..b00e8e360 100644 --- a/docshell/base/nsDocShellLoadInfo.cpp +++ b/docshell/base/nsDocShellLoadInfo.cpp @@ -15,6 +15,7 @@ nsDocShellLoadInfo::nsDocShellLoadInfo() : mLoadReplace(false) , mInheritPrincipal(false) , mPrincipalIsExplicit(false) + , mForceAllowDataURI(false) , mSendReferrer(true) , mReferrerPolicy(mozilla::net::RP_Default) , mLoadType(nsIDocShellLoadInfo::loadNormal) @@ -127,6 +128,20 @@ nsDocShellLoadInfo::SetPrincipalIsExplicit(bool aPrincipalIsExplicit) } NS_IMETHODIMP +nsDocShellLoadInfo::GetForceAllowDataURI(bool* aForceAllowDataURI) +{ + *aForceAllowDataURI = mForceAllowDataURI; + return NS_OK; +} + +NS_IMETHODIMP +nsDocShellLoadInfo::SetForceAllowDataURI(bool aForceAllowDataURI) +{ + mForceAllowDataURI = aForceAllowDataURI; + return NS_OK; +} + +NS_IMETHODIMP nsDocShellLoadInfo::GetLoadType(nsDocShellInfoLoadType* aLoadType) { NS_ENSURE_ARG_POINTER(aLoadType); diff --git a/docshell/base/nsDocShellLoadInfo.h b/docshell/base/nsDocShellLoadInfo.h index b7eaed832..f3ddcca1e 100644 --- a/docshell/base/nsDocShellLoadInfo.h +++ b/docshell/base/nsDocShellLoadInfo.h @@ -37,6 +37,7 @@ protected: bool mLoadReplace; bool mInheritPrincipal; bool mPrincipalIsExplicit; + bool mForceAllowDataURI; bool mSendReferrer; nsDocShellInfoReferrerPolicy mReferrerPolicy; nsDocShellInfoLoadType mLoadType; diff --git a/docshell/base/nsIDocShell.idl b/docshell/base/nsIDocShell.idl index 8261c45dc..e34e6adfd 100644 --- a/docshell/base/nsIDocShell.idl +++ b/docshell/base/nsIDocShell.idl @@ -116,6 +116,9 @@ interface nsIDocShell : nsIDocShellTreeItem const long INTERNAL_LOAD_FLAGS_NO_OPENER = 0x100; + // Whether a top-level data URI navigation is allowed for that load + const long INTERNAL_LOAD_FLAGS_FORCE_ALLOW_DATA_URI = 0x200; + // NB: 0x80 is available. /** diff --git a/docshell/base/nsIDocShellLoadInfo.idl b/docshell/base/nsIDocShellLoadInfo.idl index 113c0a4c1..8804f63a3 100644 --- a/docshell/base/nsIDocShellLoadInfo.idl +++ b/docshell/base/nsIDocShellLoadInfo.idl @@ -55,6 +55,12 @@ interface nsIDocShellLoadInfo : nsISupports */ attribute boolean principalIsExplicit; + /** + * If this attribute is true, then a top-level navigation + * to a data URI will be allowed. + */ + attribute boolean forceAllowDataURI; + /* these are load type enums... */ const long loadNormal = 0; // Normal Load const long loadNormalReplace = 1; // Normal Load but replaces current history slot diff --git a/docshell/base/nsIRefreshURI.idl b/docshell/base/nsIRefreshURI.idl index 5abd829da..04f18eee0 100644 --- a/docshell/base/nsIRefreshURI.idl +++ b/docshell/base/nsIRefreshURI.idl @@ -19,9 +19,8 @@ interface nsIRefreshURI : nsISupports { * * @param aUri The uri to refresh. * @param aPrincipal The triggeringPrincipal for the refresh load - * May be null, in which case a principal will be built based on the - * referrer URI of the previous docshell load, or will use the system - * principal when there is no referrer. + * May be null, in which case the principal of current document will be + * applied. * @param aMillis The number of milliseconds to wait. * @param aRepeat Flag to indicate if the uri is to be * repeatedly refreshed every aMillis milliseconds. @@ -37,9 +36,8 @@ interface nsIRefreshURI : nsISupports { * * @param aURI The URI to refresh. * @param aPrincipal The triggeringPrincipal for the refresh load - * May be null, in which case a principal will be built based on the - * referrer URI of the previous docshell load, or will use the system - * principal when there is no referrer. + * May be null, in which case the principal of current document will be + * applied. * @param aMillis The number of milliseconds by which this refresh would * be delayed if it were not being forced. * @param aMetaRefresh Flag to indicate if this is a meta refresh. @@ -70,9 +68,8 @@ interface nsIRefreshURI : nsISupports { * * @param aBaseURI base URI to resolve refresh uri with. * @param aPrincipal The triggeringPrincipal for the refresh load - * May be null, in which case a principal will be built based on the - * referrer URI of the previous docshell load, or will use the system - * principal when there is no referrer. + * May be null, in which case the principal of current document will be + * applied. * @param aHeader The meta refresh header string. */ void setupRefreshURIFromHeader(in nsIURI aBaseURI, diff --git a/docshell/base/nsIWebNavigation.idl b/docshell/base/nsIWebNavigation.idl index 042b1c547..241d0731c 100644 --- a/docshell/base/nsIWebNavigation.idl +++ b/docshell/base/nsIWebNavigation.idl @@ -206,6 +206,12 @@ interface nsIWebNavigation : nsISupports const unsigned long LOAD_FLAGS_FIXUP_SCHEME_TYPOS = 0x200000; /** + * Allows a top-level data: navigation to occur. E.g. view-image + * is an explicit user action which should be allowed. + */ + const unsigned long LOAD_FLAGS_FORCE_ALLOW_DATA_URI = 0x400000; + + /** * Loads a given URI. This will give priority to loading the requested URI * in the object implementing this interface. If it can't be loaded here * however, the URI dispatcher will go through its normal process of content |