summaryrefslogtreecommitdiffstats
path: root/application/palemoon/components
diff options
context:
space:
mode:
Diffstat (limited to 'application/palemoon/components')
-rw-r--r--application/palemoon/components/preferences/permissions.js15
1 files changed, 13 insertions, 2 deletions
diff --git a/application/palemoon/components/preferences/permissions.js b/application/palemoon/components/preferences/permissions.js
index 03e07a916..8f559b0e0 100644
--- a/application/palemoon/components/preferences/permissions.js
+++ b/application/palemoon/components/preferences/permissions.js
@@ -86,14 +86,25 @@ var gPermissionManager = {
var input_url = textbox.value.replace(/^\s*/, ""); // trim any leading space
let principal;
try {
- // If the uri doesn't successfully parse, try adding a http:// and parsing again
+ // The origin accessor on the principal object will throw if the
+ // principal doesn't have a canonical origin representation. This will
+ // help catch cases where the URI parser parsed something like
+ // `localhost:8080` as having the scheme `localhost`, rather than being
+ // an invalid URI. A canonical origin representation is required by the
+ // permission manager for storage, so this won't prevent any valid
+ // permissions from being entered by the user.
let uri;
try {
uri = Services.io.newURI(input_url, null, null);
+ principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri);
+ // If we have ended up with an unknown scheme, the following will throw.
+ principal.origin;
} catch(ex) {
uri = Services.io.newURI("http://" + input_url, null, null);
+ principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri);
+ // If we have ended up with an unknown scheme, the following will throw.
+ principal.origin;
}
- principal = Services.scriptSecurityManager.getNoAppCodebasePrincipal(uri);
} catch(ex) {
var message = this._bundle.getString("invalidURI");
var title = this._bundle.getString("invalidURITitle");