Bug 1319122: Adjust SVG image-document check to happen on display document. r=bz a=ritu FIREFOX_51_0b5_BUILD1 FIREFOX_51_0b5_RELEASE
authorDaniel Holbert <dholbert@cs.stanford.edu>
Tue, 29 Nov 2016 16:40:37 -0800
changeset 446686 9afe68360fa82c16b760b448b2156230a90caf11
parent 446685 c736f46410bfef32acf9f38adaa930a9684b28c1
child 446687 f9b0fe2f0de275308152a79906629fb0064c9560
push id37857
push userbmo:avikalpakundu@gmail.com
push dateThu, 01 Dec 2016 18:56:03 +0000
reviewersbz, ritu
bugs1319122
milestone51.0
Bug 1319122: Adjust SVG image-document check to happen on display document. r=bz a=ritu MozReview-Commit-ID: 8Mg4HlNF14p
dom/base/nsDataDocumentContentPolicy.cpp
--- a/dom/base/nsDataDocumentContentPolicy.cpp
+++ b/dom/base/nsDataDocumentContentPolicy.cpp
@@ -70,17 +70,22 @@ nsDataDocumentContentPolicy::ShouldLoad(
   if (doc->IsLoadedAsData()) {
     // ...but let static (print/print preview) documents to load fonts.
     if (!doc->IsStaticDocument() || aContentType != nsIContentPolicy::TYPE_FONT) {
       *aDecision = nsIContentPolicy::REJECT_TYPE;
       return NS_OK;
     }
   }
 
-  if (doc->IsBeingUsedAsImage()) {
+  nsIDocument* docToCheckForImage = doc->GetDisplayDocument();
+  if (!docToCheckForImage) {
+    docToCheckForImage = doc;
+  }
+
+  if (docToCheckForImage->IsBeingUsedAsImage()) {
     // We only allow SVG images to load content from URIs that are local and
     // also satisfy one of the following conditions:
     //  - URI inherits security context, e.g. data URIs
     //   OR
     //  - URI loadable by subsumers, e.g. blob URIs
     // Any URI that doesn't meet these requirements will be rejected below.
     if (!(HasFlags(aContentLocation,
                    nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) &&