Bug 1279285 - Set the SANDBOXED_AUXILARY_NAVIGATION flag when rendering thumbnails in the background, r=bz
authorMichael Layzell <michael@thelayzells.com>
Tue, 30 Aug 2016 10:18:07 -0400
changeset 312342 247a05cd82408233e48898c7d1fecd08c6ae897d
parent 312341 4e2ee40eaefc9a1e31196ac3fec28f62601e8050
child 312343 1e7eb0625d3e5e7073b3978dcf900cbc83e7ce71
push id20447
push userkwierso@gmail.com
push dateFri, 02 Sep 2016 20:36:44 +0000
treeherderfx-team@969397f22187 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs1279285
milestone51.0a1
Bug 1279285 - Set the SANDBOXED_AUXILARY_NAVIGATION flag when rendering thumbnails in the background, r=bz MozReview-Commit-ID: 4grdy6evhrb
toolkit/components/thumbnails/content/backgroundPageThumbsContent.js
--- a/toolkit/components/thumbnails/content/backgroundPageThumbsContent.js
+++ b/toolkit/components/thumbnails/content/backgroundPageThumbsContent.js
@@ -9,16 +9,24 @@ Cu.importGlobalProperties(['Blob', 'File
 Cu.import("resource://gre/modules/PageThumbUtils.jsm");
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource://gre/modules/Services.jsm");
 
 const STATE_LOADING = 1;
 const STATE_CAPTURING = 2;
 const STATE_CANCELED = 3;
 
+// NOTE: Copied from nsSandboxFlags.h
+/**
+ * This flag prevents content from creating new auxiliary browsing contexts,
+ * e.g. using the target attribute, the window.open() method, or the
+ * showModalDialog() method.
+ */
+const SANDBOXED_AUXILIARY_NAVIGATION = 0x2;
+
 const backgroundPageThumbsContent = {
 
   init: function () {
     Services.obs.addObserver(this, "document-element-inserted", true);
 
     // We want a low network priority for this service - lower than b/g tabs
     // etc - so set it to the lowest priority available.
     this._webNav.QueryInterface(Ci.nsIDocumentLoader).
@@ -28,16 +36,17 @@ const backgroundPageThumbsContent = {
     docShell.allowMedia = false;
     docShell.allowPlugins = false;
     docShell.allowContentRetargeting = false;
     let defaultFlags = Ci.nsIRequest.LOAD_ANONYMOUS |
                        Ci.nsIRequest.LOAD_BYPASS_CACHE |
                        Ci.nsIRequest.INHIBIT_CACHING |
                        Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_HISTORY;
     docShell.defaultLoadFlags = defaultFlags;
+    docShell.sandboxFlags |= SANDBOXED_AUXILIARY_NAVIGATION;
 
     addMessageListener("BackgroundPageThumbs:capture",
                        this._onCapture.bind(this));
     docShell.
       QueryInterface(Ci.nsIInterfaceRequestor).
       getInterface(Ci.nsIWebProgress).
       addProgressListener(this, Ci.nsIWebProgress.NOTIFY_STATE_WINDOW);
   },