summaryrefslogtreecommitdiffstats
path: root/docshell/base
diff options
context:
space:
mode:
Diffstat (limited to 'docshell/base')
-rw-r--r--docshell/base/nsDSURIContentListener.cpp9
-rw-r--r--docshell/base/nsDocShell.cpp10
2 files changed, 10 insertions, 9 deletions
diff --git a/docshell/base/nsDSURIContentListener.cpp b/docshell/base/nsDSURIContentListener.cpp
index 93ce3cb26..ee6a4dd62 100644
--- a/docshell/base/nsDSURIContentListener.cpp
+++ b/docshell/base/nsDSURIContentListener.cpp
@@ -17,6 +17,7 @@
#include "nsIHttpChannel.h"
#include "nsIScriptSecurityManager.h"
#include "nsError.h"
+#include "nsContentSecurityManager.h"
#include "nsCharSeparatedTokenizer.h"
#include "nsIConsoleService.h"
#include "nsIScriptError.h"
@@ -93,6 +94,14 @@ nsDSURIContentListener::DoContent(const nsACString& aContentType,
if (aOpenedChannel) {
aOpenedChannel->GetLoadFlags(&loadFlags);
+
+ // block top-level data URI navigations if triggered by the web
+ if (!nsContentSecurityManager::AllowTopLevelNavigationToDataURI(aOpenedChannel)) {
+ // logging to console happens within AllowTopLevelNavigationToDataURI
+ aRequest->Cancel(NS_ERROR_DOM_BAD_URI);
+ *aAbortProcess = true;
+ return NS_OK;
+ }
}
if (loadFlags & nsIChannel::LOAD_RETARGETED_DOCUMENT_URI) {
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index ae97a7c9e..596bd5d84 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -9885,15 +9885,6 @@ nsDocShell::InternalLoad(nsIURI* aURI,
contentType = nsIContentPolicy::TYPE_DOCUMENT;
}
- if (!nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
- aURI,
- contentType,
- aTriggeringPrincipal,
- (aLoadType == LOAD_NORMAL_EXTERNAL))) {
- // logging to console happens within AllowTopLevelNavigationToDataURI
- return NS_OK;
- }
-
// If there's no targetDocShell, that means we are about to create a new window,
// perform a content policy check before creating the window.
if (!targetDocShell) {
@@ -10962,6 +10953,7 @@ nsDocShell::DoURILoad(nsIURI* aURI,
if (aPrincipalToInherit) {
loadInfo->SetPrincipalToInherit(aPrincipalToInherit);
}
+ loadInfo->SetLoadTriggeredFromExternal(aLoadFromExternal);
// We have to do this in case our OriginAttributes are different from the
// OriginAttributes of the parent document. Or in case there isn't a