Bug 432919 - "Help viewer content pane should not allow scripts, plugins, meta redirects, or subframes" [p=reed/dveditz r=Waldo (NPOTB)]
authorreed@reedloden.com
Fri, 09 May 2008 20:35:19 -0700
changeset 15100 677a47fbef14410f8f7025b8d4297a89051e0196
parent 15099 7c49d2ac0beb8135e7e0837e6f32ccb56c87e869
child 15101 71647e8059279711d4ac69540667d1034fca1b9e
push idunknown
push userunknown
push dateunknown
reviewersWaldo
bugs432919
milestone1.9pre
Bug 432919 - "Help viewer content pane should not allow scripts, plugins, meta redirects, or subframes" [p=reed/dveditz r=Waldo (NPOTB)]
toolkit/components/help/content/help.js
--- a/toolkit/components/help/content/help.js
+++ b/toolkit/components/help/content/help.js
@@ -132,16 +132,22 @@ function displayTopic(topic) {
 function init() {
   // Cache panel references.
   helpSearchPanel = document.getElementById("help-search-panel");
   helpTocPanel = document.getElementById("help-toc-panel");
   helpIndexPanel = document.getElementById("help-index-panel");
   helpGlossaryPanel = document.getElementById("help-glossary-panel");
   helpBrowser = document.getElementById("help-content");
 
+  // Turn off unnecessary features for security
+  helpBrowser.docShell.allowJavascript = false;
+  helpBrowser.docShell.allowPlugins = false;
+  helpBrowser.docShell.allowSubframes = false;
+  helpBrowser.docShell.allowMetaRedirects = false;
+
   strBundle = document.getElementById("bundle_help");
   emptySearchText = strBundle.getString("emptySearchText");
 
   // Get the content pack, base URL, and help topic
   var helpTopic = defaultTopic;
   if ("arguments" in window && 
        window.arguments[0] instanceof Components.interfaces.nsIDialogParamBlock) {
     helpFileURI = window.arguments[0].GetString(0);