Bug 1424380 - Require triggering principal passed into openUILink(). r=Gijs
authorJonathan Kingston <jkt@mozilla.com>
Mon, 14 May 2018 11:35:08 +0100
changeset 418144 7938de1c782b27c008cff1fbca67b75e171e22ec
parent 418143 b18fc4703cbe9dd818419a0561d9a160c5ad6846
child 418145 dfb980494484911395fa2b03a83b791b7a4b5350
push id33994
push usernbeleuzu@mozilla.com
push dateMon, 14 May 2018 21:35:03 +0000
treeherdermozilla-central@237b7b5faa03 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersGijs
bugs1424380
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1424380 - Require triggering principal passed into openUILink(). r=Gijs MozReview-Commit-ID: BsQqZzfm2Ra
browser/base/content/browser-menubar.inc
browser/base/content/pageinfo/feeds.js
browser/base/content/test/general/browser_utilityOverlay.js
browser/base/content/utilityOverlay.js
--- a/browser/base/content/browser-menubar.inc
+++ b/browser/base/content/browser-menubar.inc
@@ -605,17 +605,17 @@
                           label="&helpSafeMode.label;"
                           stopaccesskey="&helpSafeMode.stop.accesskey;"
                           stoplabel="&helpSafeMode.stop.label;"
                           oncommand="safeModeRestart();"/>
                 <menuitem id="menu_HelpPopup_reportPhishingtoolmenu"
                           label="&reportDeceptiveSiteMenu.title;"
                           accesskey="&reportDeceptiveSiteMenu.accesskey;"
                           observes="reportPhishingBroadcaster"
-                          oncommand="openUILink(gSafeBrowsing.getReportURL('Phish'), event);"
+                          oncommand="openUILink(gSafeBrowsing.getReportURL('Phish'), event, {triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({})});"
                           onclick="checkForMiddleClick(this, event);"
                           hidden="true"/>
                 <menuitem id="menu_HelpPopup_reportPhishingErrortoolmenu"
                           label="&safeb.palm.notdeceptive.label;"
                           accesskey="&safeb.palm.notdeceptive.accesskey;"
                           observes="reportPhishingErrorBroadcaster"
                           oncommand="ReportFalseDeceptiveSite();"
                           onclick="checkForMiddleClick(this, event);"
--- a/browser/base/content/pageinfo/feeds.js
+++ b/browser/base/content/pageinfo/feeds.js
@@ -40,17 +40,17 @@ function addRow(name, type, url) {
   const urlContainer = document.createElement("hbox");
   urlContainer.setAttribute("flex", "1");
   bottom.appendChild(urlContainer);
 
   const urlLabel = document.createElement("label");
   urlLabel.className = "text-link";
   urlLabel.textContent = url;
   urlLabel.setAttribute("tooltiptext", url);
-  urlLabel.addEventListener("click", ev => openUILink(this.value, ev));
+  urlLabel.addEventListener("click", ev => openUILink(this.value, ev, {triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({})}));
   urlContainer.appendChild(urlLabel);
 
   const subscribeButton = document.createElement("button");
   subscribeButton.className = "feed-subscribe";
   subscribeButton.addEventListener("click",
     () => openWebLinkIn(url, "current", { ignoreAlt: true }));
   subscribeButton.setAttribute("label", gBundle.getString("feedSubscribe"));
   subscribeButton.setAttribute("accesskey", gBundle.getString("feedSubscribe.accesskey"));
--- a/browser/base/content/test/general/browser_utilityOverlay.js
+++ b/browser/base/content/test/general/browser_utilityOverlay.js
@@ -102,10 +102,10 @@ function test_openNewTabWith() {
 function test_openUILink() {
   let tab = gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, "about:blank");
   BrowserTestUtils.browserLoaded(tab.linkedBrowser).then(() => {
     is(tab.linkedBrowser.currentURI.spec, "http://example.org/", "example.org loaded");
     gBrowser.removeCurrentTab();
     runNextTest();
   });
 
-  openUILink("http://example.org/"); // defaults to "current"
+  openUILink("http://example.org/", null, {triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({})}); // defaults to "current"
 }
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -115,22 +115,17 @@ function openUILink(url, event, aIgnoreB
       postData: aPostData,
       referrerURI: aReferrerURI,
       referrerPolicy: Ci.nsIHttpChannel.REFERRER_POLICY_UNSET,
       initiatingDoc: event ? event.target.ownerDocument : null,
     };
   }
 
   if (!params.triggeringPrincipal) {
-    let dt = event ? event.dataTransfer : null;
-    if (!!dt && dt.mozSourceNode) {
-      params.triggeringPrincipal = dt.mozSourceNode.nodePrincipal;
-    } else {
-      params.triggeringPrincipal = Services.scriptSecurityManager.createNullPrincipal({});
-    }
+    throw new Error("Required argument triggeringPrincipal missing within openUILink");
   }
 
   let where = whereToOpenLink(event, aIgnoreButton, aIgnoreAlt);
   openUILinkIn(url, where, params);
 }
 
 
 /**