Bug 1503735 - Port bug 1490257: Add system principal to loadURI() calls, JS part. rs=bustage-fix
authorJorg K <jorgk@jorgk.com>
Thu, 01 Nov 2018 09:42:35 +0100
changeset 33634 d5940f87ebd34bdd50c664682e06fcfda2f10bb1
parent 33633 8b4648e6ba485708e26ac3e7a23bb3b62220be13
child 33635 b0459a76e42075f3b2b861fb0121c4c0efa1bcb4
push id388
push userclokep@gmail.com
push dateMon, 28 Jan 2019 20:54:56 +0000
reviewersbustage-fix
bugs1503735, 1490257
Bug 1503735 - Port bug 1490257: Add system principal to loadURI() calls, JS part. rs=bustage-fix
chat/content/convbrowser.xml
editor/ui/composer/content/editor.js
mail/base/content/specialTabs.js
mail/components/compose/content/MsgComposeCommands.js
mail/components/preferences/preferencesTab.js
mailnews/base/prefs/content/AccountManager.js
mailnews/extensions/newsblog/content/newsblogOverlay.js
--- a/chat/content/convbrowser.xml
+++ b/chat/content/convbrowser.xml
@@ -59,17 +59,18 @@
 
             // _loadState is 0 while loading conv.html and 1 while
             // loading the real conversation HTML.
             this._loadState = 0;
 
             this.docShell.charset = "UTF-8";
             const URI = "chrome://chat/content/conv.html";
             const flag = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
-            this.webNavigation.loadURI(URI, flag, null, null, null);
+            const systemPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
+            this.webNavigation.loadURI(URI, flag, null, null, null, systemPrincipal);
             this.addProgressListener(this);
 
             if (this._scrollingView)
               this._autoScrollPopup.hidePopup();
           ]]>
         </body>
       </method>
 
--- a/editor/ui/composer/content/editor.js
+++ b/editor/ui/composer/content/editor.js
@@ -401,21 +401,22 @@ function SetFocusOnStartup()
 {
   gContentWindow.focus();
 }
 
 function EditorLoadUrl(url)
 {
   try {
     if (url)
-      GetCurrentEditorElement().webNavigation.loadURI(url,                // uri string
-         Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CACHE,  // load flags
-         null,                                                            // referrer
-         null,                                                            // post-data stream
-         null);
+      GetCurrentEditorElement().webNavigation.loadURI(url,  // uri string
+         Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CACHE,       // load flags
+         null,                                              // referrer
+         null,                                              // post-data stream
+         null,
+         Services.scriptSecurityManager.getSystemPrincipal());
   } catch (e) { dump(" EditorLoadUrl failed: "+e+"\n"); }
 }
 
 // This should be called by all Composer types
 function EditorSharedStartup()
 {
   // Just for convenience
   gContentWindow = window.content;
--- a/mail/base/content/specialTabs.js
+++ b/mail/base/content/specialTabs.js
@@ -811,17 +811,20 @@ var specialTabs = {
 
       // Initialize our unit testing variables.
       aTab.pageLoading = false;
       aTab.pageLoaded = false;
 
       // Now start loading the content.
       aTab.title = this.loadingTabString;
 
-      aTab.browser.loadURI(aArgs.contentPage);
+      let params = {
+        triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
+      }
+      aTab.browser.loadURI(aArgs.contentPage, params);
 
       this.lastBrowserId++;
     },
     tryCloseTab: function onTryCloseTab(aTab) {
       let docShell = aTab.browser.docShell;
       // If we have a docshell, a contentViewer, and it forbids us from closing
       // the tab, then we return false, which means, we can't close the tab. All
       // other cases return true.
@@ -1233,17 +1236,20 @@ var specialTabs = {
         aTab.browser.addEventListener("load", function _chromeTab_onLoad (event) {
           aArgs.onLoad(event, aTab.browser);
           aTab.browser.removeEventListener("load", _chromeTab_onLoad, true);
         }, true);
       }
 
       // Now start loading the content.
       aTab.title = this.loadingTabString;
-      aTab.browser.loadURI(aArgs.chromePage);
+      let params = {
+        triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
+      };
+      aTab.browser.loadURI(aArgs.chromePage, params);
 
       this.lastBrowserId++;
     },
     tryCloseTab: function onTryCloseTab(aTab) {
       let docShell = aTab.browser.docShell;
       // If we have a docshell, a contentViewer, and it forbids us from closing
       // the tab, then we return false, which means, we can't close the tab. All
       // other cases return true.
--- a/mail/components/compose/content/MsgComposeCommands.js
+++ b/mail/components/compose/content/MsgComposeCommands.js
@@ -2867,17 +2867,18 @@ function ComposeStartup(aParams) {
 
   // Add an observer to be called when document is done loading,
   // which creates the editor.
   try {
     GetCurrentCommandManager().
             addCommandObserver(gMsgEditorCreationObserver, "obs_documentCreated");
 
     // Load empty page to create the editor.
-    editorElement.webNavigation.loadURI("about:blank", 0, null, null, null);
+    editorElement.webNavigation.loadURI("about:blank", 0, null, null, null,
+      Services.scriptSecurityManager.getSystemPrincipal());
   } catch (e) {
     Cu.reportError(e);
   }
 
   gEditingDraft = gMsgCompose.compFields.draftId;
 
   // finally, see if we need to auto open the address sidebar.
   var sideBarBox = document.getElementById("sidebar-box");
--- a/mail/components/preferences/preferencesTab.js
+++ b/mail/components/preferences/preferencesTab.js
@@ -108,17 +108,21 @@ var preferencesTabType = {
 
     // Initialize our unit testing variables.
     aTab.pageLoading = true;
     aTab.pageLoaded = false;
 
     // Now start loading the content.
     aTab.title = this.loadingTabString;
 
-    aTab.browser.loadURI(aArgs.contentPage, { postData: aArgs.postData || null });
+    let params = {
+      triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
+      postData: aArgs.postData || null,
+    };
+    aTab.browser.loadURI(aArgs.contentPage, params);
 
     gPrefTab = aTab;
     this.lastBrowserId++;
   },
 
   persistTab: function onPersistTab(aTab) {
     if (aTab.browser.currentURI.spec == "about:blank")
       return null;
--- a/mailnews/base/prefs/content/AccountManager.js
+++ b/mailnews/base/prefs/content/AccountManager.js
@@ -1149,17 +1149,18 @@ function pageURL(pageId)
   }
   return "chrome://" + chromePackageName + "/content/" + pageId;
 }
 
 function loadPage(pageId)
 {
   const LOAD_FLAGS_NONE = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
   document.getElementById("contentFrame").webNavigation.loadURI(pageURL(pageId),
-    LOAD_FLAGS_NONE, null, null, null);
+    LOAD_FLAGS_NONE, null, null, null,
+    Services.scriptSecurityManager.getSystemPrincipal());
 }
 
 // save the values of the widgets to the given server
 function savePage(account)
 {
   if (!account)
     return;
 
--- a/mailnews/extensions/newsblog/content/newsblogOverlay.js
+++ b/mailnews/extensions/newsblog/content/newsblogOverlay.js
@@ -217,17 +217,18 @@ var FeedMessageHandler = {
           return;
         }
         if (aWhere.browser) {
           Cc["@mozilla.org/uriloader/external-protocol-service;1"]
             .getService(Ci.nsIExternalProtocolService)
             .loadURI(uri);
         } else if (aWhere.messagepane) {
           let loadFlag = getBrowser().webNavigation.LOAD_FLAGS_NONE;
-          getBrowser().webNavigation.loadURI(url, loadFlag, null, null, null);
+          getBrowser().webNavigation.loadURI(url, loadFlag, null, null, null,
+            Services.scriptSecurityManager.getSystemPrincipal());
         } else if (aWhere.tab) {
           openContentTab(url, "tab", "^");
         } else if (aWhere.window) {
           openContentTab(url, "window", "^");
         }
       } else {
         FeedUtils.log.info("FeedMessageHandler.loadWebPage: could not get " +
                            "Content-Base header url for this message");