Bug 1412639 - remove 'type=application/x-message-display' before same origin check in image processing. r=aceman
--- a/mail/components/compose/content/MsgComposeCommands.js
+++ b/mail/components/compose/content/MsgComposeCommands.js
@@ -5470,16 +5470,42 @@ var gAttachmentNotifier =
}
}
},
timer: Components.classes["@mozilla.org/timer;1"]
.createInstance(Components.interfaces.nsITimer)
};
+/**
+ * Helper function to remove a query part from a URL, so for example:
+ * ...?remove=xx&other=yy becomes ...?other=yy.
+ *
+ * @param aURL the URL from which to remove the query part
+ * @param aQuery the query part to remove
+ * @return the URL with the query part removed
+ */
+function removeQueryPart(aURL, aQuery)
+{
+ // Quick pre-check.
+ if (aURL.indexOf(aQuery) < 0)
+ return aURL;
+
+ let indexQM = aURL.indexOf("?");
+ if (indexQM < 0)
+ return aURL;
+
+ let queryParts = aURL.substr(indexQM + 1).split("&");
+ let indexPart = queryParts.indexOf(aQuery);
+ if (indexPart < 0)
+ return aURL;
+ queryParts.splice(indexPart, 1);
+ return aURL.substr(0, indexQM + 1) + queryParts.join("&");
+}
+
function InitEditor()
{
var editor = GetCurrentEditor();
// Set eEditorMailMask flag to avoid using content prefs for spell checker,
// otherwise dictionary setting in preferences is ignored and dictionary is
// inconsistent in subject and message body.
let eEditorMailMask = Components.interfaces.nsIPlaintextEditor.eEditorMailMask;
@@ -5551,17 +5577,18 @@ function InitEditor()
return;
}
if (gOriginalMsgURI) {
let msgSvc = Components.classes["@mozilla.org/messenger;1"]
.createInstance(Components.interfaces.nsIMessenger)
.messageServiceFromURI(gOriginalMsgURI);
let originalMsgNeckoURI = {};
msgSvc.GetUrlForUri(gOriginalMsgURI, originalMsgNeckoURI, null);
- if (src.startsWith(originalMsgNeckoURI.value.spec)) {
+ if (src.startsWith(removeQueryPart(originalMsgNeckoURI.value.spec,
+ "type=application/x-message-display"))) {
// Reply/Forward/Edit Draft/Edit as New can contain references to
// images in the original message. Load those and make them data: URLs
// now.
event.target.classList.add("loading-internal");
try {
loadBlockedImage(src);
} catch (e) {
// Couldn't load the referenced image.
@@ -5584,17 +5611,19 @@ function InitEditor()
let background = editor.document.body.background;
if (background && gOriginalMsgURI) {
// Check that background has the same URL as the message itself.
let msgSvc = Components.classes["@mozilla.org/messenger;1"]
.createInstance(Components.interfaces.nsIMessenger)
.messageServiceFromURI(gOriginalMsgURI);
let originalMsgNeckoURI = {};
msgSvc.GetUrlForUri(gOriginalMsgURI, originalMsgNeckoURI, null);
- if (background.startsWith(originalMsgNeckoURI.value.spec)) {
+ if (background.startsWith(
+ removeQueryPart(originalMsgNeckoURI.value.spec,
+ "type=application/x-message-display"))) {
try {
editor.document.body.background = loadBlockedImage(background, true);
} catch (e) {
// Couldn't load the referenced image.
Components.utils.reportError(e);
}
}
}