Bug 1144991 followup. Allow the hidden window to link to chrome things even though most resource:// URIs can't. r=bholley and I sneer upon the CLOSED TREE.
authorBoris Zbarsky <bzbarsky@mit.edu>
Thu, 19 Mar 2015 21:04:25 -0400
changeset 234493 8428dce9dde06458546c542040f6df4a0944a823
parent 234492 ec28e56febf1efdd8406be1e5c93887befeb87a4
child 234494 ae2217c25ceee746befcc7a1abeb0acb94bbd089
push id57164
push userbzbarsky@mozilla.com
push dateFri, 20 Mar 2015 01:04:38 +0000
treeherdermozilla-inbound@8428dce9dde0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1144991
milestone39.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1144991 followup. Allow the hidden window to link to chrome things even though most resource:// URIs can't. r=bholley and I sneer upon the CLOSED TREE.
caps/nsScriptSecurityManager.cpp
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -780,16 +780,24 @@ nsScriptSecurityManager::CheckLoadURIWit
                 bool accessAllowed = false;
                 reg->AllowContentToAccess(targetBaseURI, &accessAllowed);
                 if (accessAllowed) {
                     return NS_OK;
                 }
             }
         }
 
+        // Special-case the hidden window: it's allowed to load
+        // URI_IS_UI_RESOURCE no matter what.  Bug 1145470 tracks removing this.
+        nsCAutoString sourceSpec;
+        if (NS_SUCCEEDED(sourceBaseURI->GetSpec(sourceSpec)) &&
+            sourceSpec.EqualsLiteral("resource://gre-resources/hiddenWindow.html")) {
+            return NS_OK;
+        }
+
         if (reportErrors) {
             ReportError(nullptr, errorTag, sourceURI, aTargetURI);
         }
         return NS_ERROR_DOM_BAD_URI;
     }
 
     // Check for target URI pointing to a file
     rv = NS_URIChainHasFlags(targetBaseURI,