Bug 1335311. Remove the file:/resource: special case in CheckLoadURIFromScript. r=bholley
authorBoris Zbarsky <bzbarsky@mit.edu>
Wed, 01 Feb 2017 15:29:45 -0500
changeset 332011 3fab18cd066d22fe687bbdca3772de1a2001f624
parent 332010 40871b109d727c933507756818b20e133ed45a03
child 332012 bd0c4afeb0e30dfb2e93b15fe591266326acdb2e
push id86431
push userbzbarsky@mozilla.com
push dateWed, 01 Feb 2017 20:29:57 +0000
treeherdermozilla-inbound@bd0c4afeb0e3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1335311
milestone54.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1335311. Remove the file:/resource: special case in CheckLoadURIFromScript. r=bholley
caps/nsScriptSecurityManager.cpp
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -517,29 +517,16 @@ nsScriptSecurityManager::CheckLoadURIFro
     nsIPrincipal* principal = nsContentUtils::SubjectPrincipal();
     nsresult rv = CheckLoadURIWithPrincipal(principal, aURI,
                                             nsIScriptSecurityManager::STANDARD);
     if (NS_SUCCEEDED(rv)) {
         // OK to load
         return NS_OK;
     }
 
-    // See if we're attempting to load a file: URI. If so, let a
-    // UniversalXPConnect capability trump the above check.
-    bool isFile = false;
-    bool isRes = false;
-    if (NS_FAILED(aURI->SchemeIs("file", &isFile)) ||
-        NS_FAILED(aURI->SchemeIs("resource", &isRes)))
-        return NS_ERROR_FAILURE;
-    if (isFile || isRes)
-    {
-        if (nsContentUtils::IsCallerChrome())
-            return NS_OK;
-    }
-
     // Report error.
     nsAutoCString spec;
     if (NS_FAILED(aURI->GetAsciiSpec(spec)))
         return NS_ERROR_FAILURE;
     nsAutoCString msg("Access to '");
     msg.Append(spec);
     msg.AppendLiteral("' from script denied");
     SetPendingExceptionASCII(cx, msg.get());