Mercurial > mozilla-central / changeset / 4c763f86c46269e4ed00835cb3e083432b3abe13
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1300831 - Avoid creating about:blank windows with expanded principals; r=bholley
authorEhsan Akhgari <ehsan@mozilla.com>
Tue, 06 Sep 2016 16:05:16 -0400
changeset 313058 4c763f86c46269e4ed00835cb3e083432b3abe13
parent 313057 1aa180309dacc3f0f8fe622839b86ef405ef0d99
child 313059 da216b2fc7dc009f228f0cf078b74b3b59008da0
push id30669
push userkwierso@gmail.com
push dateThu, 08 Sep 2016 00:56:12 +0000
treeherdermozilla-central@77940cbf0c2a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1300831
milestone51.0a1
first release with
nightly linux32
938ce16be25f / 51.0a1 / 20160908030434 / files
nightly linux64
938ce16be25f / 51.0a1 / 20160908030434 / files
nightly mac
938ce16be25f / 51.0a1 / 20160908030434 / files
nightly win32
938ce16be25f / 51.0a1 / 20160908030434 / files
nightly win64
938ce16be25f / 51.0a1 / 20160908030434 / files
last release without
nightly linux32
91c2b9d5c135 / 51.0a1 / 20160907030427 / files
nightly linux64
91c2b9d5c135 / 51.0a1 / 20160907030427 / files
nightly mac
91c2b9d5c135 / 51.0a1 / 20160907030427 / files
nightly win32
91c2b9d5c135 / 51.0a1 / 20160907030427 / files
nightly win64
91c2b9d5c135 / 51.0a1 / 20160907030427 / files
Bug 1300831 - Avoid creating about:blank windows with expanded principals; r=bholley
dom/base/nsGlobalWindow.cpp file | annotate | diff | comparison | revisions 
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -2154,20 +2154,22 @@ nsGlobalWindow::WouldReuseInnerWindow(ns
 void
 nsGlobalWindow::SetInitialPrincipalToSubject()
 {
   MOZ_ASSERT(IsOuterWindow());
 
   // First, grab the subject principal.
   nsCOMPtr<nsIPrincipal> newWindowPrincipal = nsContentUtils::SubjectPrincipalOrSystemIfNativeCaller();
 
-  // Now, if we're about to use the system principal or an nsExpandedPrincipal,
-  // make sure we're not using it for a content docshell.
-  if (nsContentUtils::IsSystemOrExpandedPrincipal(newWindowPrincipal) &&
-      GetDocShell()->ItemType() != nsIDocShellTreeItem::typeChrome) {
+  // We should never create windows with an expanded principal.
+  // If we have a system principal, make sure we're not using it for a content
+  // docshell.
+  if (nsContentUtils::IsExpandedPrincipal(newWindowPrincipal) ||
+      (nsContentUtils::IsSystemPrincipal(newWindowPrincipal) &&
+       GetDocShell()->ItemType() != nsIDocShellTreeItem::typeChrome)) {
     newWindowPrincipal = nullptr;
   }
 
   // If there's an existing document, bail if it either:
   if (mDoc) {
     // (a) is not an initial about:blank document, or
     if (!mDoc->IsInitialDocument())
       return;
mozilla-central
Deployed from e404c980045c at 2021-03-01T18:43:47Z.