diff options
Diffstat (limited to 'browser')
| -rw-r--r-- | browser/components/extensions/ext-browserAction.js | 3 | ||||
| -rw-r--r-- | browser/components/extensions/ext-pageAction.js | 3 | ||||
| -rw-r--r-- | browser/components/extensions/schemas/page_action.json | 1 |
3 files changed, 7 insertions, 0 deletions
diff --git a/browser/components/extensions/ext-browserAction.js b/browser/components/extensions/ext-browserAction.js index 407366e2c..2c82ac701 100644 --- a/browser/components/extensions/ext-browserAction.js +++ b/browser/components/extensions/ext-browserAction.js @@ -497,6 +497,9 @@ extensions.registerSchemaAPI("browserAction", "addon_parent", context => { // For internal consistency, we currently resolve both relative to the // calling context. let url = details.popup && context.uri.resolve(details.popup); + if (url && !context.checkLoadURL(url)) { + return Promise.reject({message: `Access denied for URL ${url}`}); + } BrowserAction.for(extension).setProperty(tab, "popup", url); }, diff --git a/browser/components/extensions/ext-pageAction.js b/browser/components/extensions/ext-pageAction.js index 153f05d7a..5bf3a9c70 100644 --- a/browser/components/extensions/ext-pageAction.js +++ b/browser/components/extensions/ext-pageAction.js @@ -273,6 +273,9 @@ extensions.registerSchemaAPI("pageAction", "addon_parent", context => { // For internal consistency, we currently resolve both relative to the // calling context. let url = details.popup && context.uri.resolve(details.popup); + if (url && !context.checkLoadURL(url)) { + return Promise.reject({message: `Access denied for URL ${url}`}); + } PageAction.for(extension).setProperty(tab, "popup", url); }, diff --git a/browser/components/extensions/schemas/page_action.json b/browser/components/extensions/schemas/page_action.json index f4f9ee8db..126378ca5 100644 --- a/browser/components/extensions/schemas/page_action.json +++ b/browser/components/extensions/schemas/page_action.json @@ -173,6 +173,7 @@ { "name": "setPopup", "type": "function", + "async": true, "description": "Sets the html document to be opened as a popup when the user clicks on the page action's icon.", "parameters": [ { |