Mercurial > mozilla-central / changeset / 6d8456a77e57d91a4a246ed2b5ffad77f6a2cea7
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 770429, do uri load check earlier to avoid running code unnecessarily, r=mrbkap
authorOlli Pettay <Olli.Pettay@helsinki.fi>
Thu, 19 Jul 2012 10:43:33 +0300
changeset 99646 6d8456a77e57d91a4a246ed2b5ffad77f6a2cea7
parent 99645 768eb7111521672de28ccfc2de60c50a4bf1d88e
child 99647 4d5060c3cc623b1d75160eba6a51d6bd6d09332a
push id23144
push useropettay@mozilla.com
push dateThu, 19 Jul 2012 08:19:00 +0000
treeherdermozilla-central@6d8456a77e57 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs770429
milestone17.0a1
first release with
nightly linux32
6d8456a77e57 / 17.0a1 / 20120719030543 / files
nightly linux64
6d8456a77e57 / 17.0a1 / 20120719030543 / files
nightly mac
6d8456a77e57 / 17.0a1 / 20120719030543 / files
nightly win32
6d8456a77e57 / 17.0a1 / 20120719030543 / files
nightly win64
6d8456a77e57 / 17.0a1 / 20120719030543 / files
last release without
nightly linux32
ae22909cef5a / 17.0a1 / 20120718030544 / files
nightly linux64
ae22909cef5a / 17.0a1 / 20120718030544 / files
nightly mac
ae22909cef5a / 17.0a1 / 20120718030544 / files
nightly win32
ae22909cef5a / 17.0a1 / 20120718030544 / files
nightly win64
ae22909cef5a / 17.0a1 / 20120718030544 / files
releases
nightly linux32
17.0a1 / 20120719030543 / pushlog to previous
nightly linux64
17.0a1 / 20120719030543 / pushlog to previous
nightly mac
17.0a1 / 20120719030543 / pushlog to previous
nightly win32
17.0a1 / 20120719030543 / pushlog to previous
nightly win64
17.0a1 / 20120719030543 / pushlog to previous
Bug 770429, do uri load check earlier to avoid running code unnecessarily, r=mrbkap
dom/base/nsLocation.cpp file | annotate | diff | comparison | revisions 
--- a/dom/base/nsLocation.cpp
+++ b/dom/base/nsLocation.cpp
@@ -32,16 +32,17 @@
 #include "nsDOMError.h"
 #include "nsDOMClassInfoID.h"
 #include "nsCRT.h"
 #include "nsIProtocolHandler.h"
 #include "nsReadableUtils.h"
 #include "nsITextToSubURI.h"
 #include "nsJSUtils.h"
 #include "jsfriendapi.h"
+#include "nsContentUtils.h"
 
 static nsresult
 GetContextFromStack(nsIJSContextStack *aStack, JSContext **aContext)
 {
   nsCOMPtr<nsIJSContextStackIterator>
     iterator(do_CreateInstance("@mozilla.org/js/xpc/ContextStackIterator;1"));
   NS_ENSURE_TRUE(iterator, NS_ERROR_FAILURE);
 
@@ -163,28 +164,34 @@ GetFrameDocument(JSContext *cx, JSStackF
   nsCOMPtr<nsIDocument> doc = do_QueryInterface(domDoc);
   return doc.forget();
 }
 
 nsresult
 nsLocation::CheckURL(nsIURI* aURI, nsIDocShellLoadInfo** aLoadInfo)
 {
   *aLoadInfo = nsnull;
+  JSContext* cx;
+  if ((cx = nsContentUtils::GetCurrentJSContext())) {
+    nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
+    NS_ENSURE_STATE(ssm);
+    // Check to see if URI is allowed.
+    nsresult rv = ssm->CheckLoadURIFromScript(cx, aURI);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
 
   nsCOMPtr<nsIDocShell> docShell(do_QueryReferent(mDocShell));
   NS_ENSURE_TRUE(docShell, NS_ERROR_NOT_AVAILABLE);
 
   nsresult rv;
   // Get JSContext from stack.
   nsCOMPtr<nsIJSContextStack>
     stack(do_GetService("@mozilla.org/js/xpc/ContextStack;1", &rv));
   NS_ENSURE_SUCCESS(rv, rv);
 
-  JSContext *cx;
-
   NS_ENSURE_SUCCESS(GetContextFromStack(stack, &cx), NS_ERROR_FAILURE);
 
   nsCOMPtr<nsISupports> owner;
   nsCOMPtr<nsIURI> sourceURI;
 
   if (cx) {
     // No cx means that there's no JS running, or at least no JS that
     // was run through code that properly pushed a context onto the
mozilla-central
Deployed from 561f2b6ba128 at 2020-02-24T16:43:58Z.