Fix for 568148 (a=dveditz).
authorBrendan Eich <brendan@mozilla.org>
Mon, 21 Jun 2010 12:43:58 -0700
changeset 34334 a705562554f852e2a9a95013bb80d99e03c0c213
parent 34333 6146630972dc07bde2737c16e323d3ab91f97913
child 34335 e9c2600a5d01f60094e0aa7d6a008d078dea5451
push id1402
push userbrendan@mozilla.com
push dateMon, 21 Jun 2010 19:44:42 +0000
reviewersdveditz
bugs568148
milestone1.9.2.6pre
Fix for 568148 (a=dveditz).
js/src/jsparse.cpp
--- a/js/src/jsparse.cpp
+++ b/js/src/jsparse.cpp
@@ -922,17 +922,17 @@ JSCompiler::compileScript(JSContext *cx,
 
 #if JS_HAS_XML_SUPPORT
     /*
      * Prevent XML data theft via <script src="http://victim.com/foo.xml">.
      * For background, see:
      *
      * https://bugzilla.mozilla.org/show_bug.cgi?id=336551
      */
-    if (pn && onlyXML && (tcflags & TCF_NO_SCRIPT_RVAL)) {
+    if (pn && onlyXML && !callerFrame) {
         js_ReportCompileErrorNumber(cx, &jsc.tokenStream, NULL, JSREPORT_ERROR,
                                     JSMSG_XML_WHOLE_PROGRAM);
         goto out;
     }
 #endif
 
     /*
      * Global variables and regexps share the index space with locals. Due to