summaryrefslogtreecommitdiffstats
path: root/dom
diff options
context:
space:
mode:
authorjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-22 22:16:58 +0200
committerjanekptacijarabaci <janekptacijarabaci@seznam.cz>2018-04-22 22:16:58 +0200
commit13f3978a14cb90eb01fc7f185f62b2ee2ac9f466 (patch)
tree1f59b2ec96124bb182f34bd6d8222e012656a1c0 /dom
parentee4f7c4aa17068cfda347fb6ce51ca0b1958fbb6 (diff)
downloadUXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.gz
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.lz
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.tar.xz
UXP-13f3978a14cb90eb01fc7f185f62b2ee2ac9f466.zip
Revert "Bug 1182569 - Skip security check for plugins using newstream attribute"
This reverts commit 5b0f4649b3fee771379af60ec04d43b8a525cf80.
Diffstat (limited to 'dom')
-rw-r--r--dom/base/nsContentUtils.cpp2
-rw-r--r--dom/plugins/base/nsPluginInstanceOwner.cpp25
2 files changed, 12 insertions, 15 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index c3ff2b4d8..ef87a250e 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -5100,7 +5100,7 @@ nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext,
handler->OnLinkClick(aContent, aLinkURI,
fileName.IsVoid() ? aTargetSpec.get() : EmptyString().get(),
- fileName, nullptr, nullptr, aIsTrusted, aContent->NodePrincipal());
+ fileName, nullptr, nullptr, aIsTrusted);
}
}
diff --git a/dom/plugins/base/nsPluginInstanceOwner.cpp b/dom/plugins/base/nsPluginInstanceOwner.cpp
index 7de6c2b73..b7651be1a 100644
--- a/dom/plugins/base/nsPluginInstanceOwner.cpp
+++ b/dom/plugins/base/nsPluginInstanceOwner.cpp
@@ -535,6 +535,16 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL,
nsresult rv = NS_NewURI(getter_AddRefs(uri), aURL, baseURI);
NS_ENSURE_SUCCESS(rv, NS_ERROR_FAILURE);
+ if (aDoCheckLoadURIChecks) {
+ nsCOMPtr<nsIScriptSecurityManager> secMan(
+ do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv));
+ NS_ENSURE_TRUE(secMan, NS_ERROR_FAILURE);
+
+ rv = secMan->CheckLoadURIWithPrincipal(content->NodePrincipal(), uri,
+ nsIScriptSecurityManager::STANDARD);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+
nsCOMPtr<nsIInputStream> headersDataStream;
if (aPostStream && aHeadersData) {
if (!aHeadersDataLen)
@@ -553,21 +563,8 @@ NS_IMETHODIMP nsPluginInstanceOwner::GetURL(const char *aURL,
Preferences::GetInt("privacy.popups.disable_from_plugins");
nsAutoPopupStatePusher popupStatePusher((PopupControlState)blockPopups);
-
- // if security checks (in particular CheckLoadURIWithPrincipal) needs
- // to be skipped we are creating a codebasePrincipal to make sure
- // that security check succeeds. Please note that we do not want to
- // fall back to using the systemPrincipal, because that would also
- // bypass ContentPolicy checks which should still be enforced.
- nsCOMPtr<nsIPrincipal> triggeringPrincipal;
- if (!aDoCheckLoadURIChecks) {
- mozilla::PrincipalOriginAttributes attrs =
- BasePrincipal::Cast(content->NodePrincipal())->OriginAttributesRef();
- triggeringPrincipal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
- }
-
rv = lh->OnLinkClick(content, uri, unitarget.get(), NullString(),
- aPostStream, headersDataStream, true, triggeringPrincipal);
+ aPostStream, headersDataStream, true);
return rv;
}