summaryrefslogtreecommitdiffstats
path: root/browser/components/extensions/ext-browserAction.js
diff options
context:
space:
mode:
Diffstat (limited to 'browser/components/extensions/ext-browserAction.js')
-rw-r--r--browser/components/extensions/ext-browserAction.js3
1 files changed, 3 insertions, 0 deletions
diff --git a/browser/components/extensions/ext-browserAction.js b/browser/components/extensions/ext-browserAction.js
index 407366e2c..2c82ac701 100644
--- a/browser/components/extensions/ext-browserAction.js
+++ b/browser/components/extensions/ext-browserAction.js
@@ -497,6 +497,9 @@ extensions.registerSchemaAPI("browserAction", "addon_parent", context => {
// For internal consistency, we currently resolve both relative to the
// calling context.
let url = details.popup && context.uri.resolve(details.popup);
+ if (url && !context.checkLoadURL(url)) {
+ return Promise.reject({message: `Access denied for URL ${url}`});
+ }
BrowserAction.for(extension).setProperty(tab, "popup", url);
},
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 13:56:48 +0000