Bug 1178058 - Improve native setter. r=bobbyholly, a=2.2+
authorBoris Zbarsky <bzbarsky@mit.edu>
Thu, 06 Aug 2015 18:29:56 +1200
changeset 238769 3a02cd6e6ef7d0d072e4cd9d72775049b6bd652a
parent 238768 ae9e368b87ec001999d937dfb715c28ae0a98349
child 238770 97c0de5d69220294c2cee60e46fa6bff4c872cdd
push id773
push userryanvm@gmail.com
push dateThu, 06 Aug 2015 12:47:45 +0000
treeherdermozilla-b2g37_v2_2@97c0de5d6922 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbobbyholly, 2.2
bugs1178058
milestone37.0
Bug 1178058 - Improve native setter. r=bobbyholly, a=2.2+
docshell/base/nsDocShell.cpp
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -1570,22 +1570,31 @@ nsDocShell::LoadURI(nsIURI * aURI,
     //     created later from the channel's internal data.
     //
     // NOTE: This all only works because the only thing the owner is used  
     //       for in InternalLoad is data:, javascript:, and about:blank
     //       URIs.  For other URIs this would all be dead wrong!
 
     if (owner && mItemType != typeChrome) {
         nsCOMPtr<nsIPrincipal> ownerPrincipal = do_QueryInterface(owner);
-        if (nsContentUtils::IsSystemOrExpandedPrincipal(ownerPrincipal)) {
+        if (nsContentUtils::IsSystemPrincipal(ownerPrincipal)) {
             if (ownerIsExplicit) {
                 return NS_ERROR_DOM_SECURITY_ERR;
             }
             owner = nullptr;
             inheritOwner = true;
+        } else if (nsContentUtils::IsExpandedPrincipal(ownerPrincipal)) {
+            if (ownerIsExplicit) {
+                return NS_ERROR_DOM_SECURITY_ERR;
+            }
+            // Don't inherit from the current page.  Just do the safe thing
+            // and pretend that we were loaded by a nullprincipal.
+            owner = do_CreateInstance("@mozilla.org/nullprincipal;1");
+            NS_ENSURE_TRUE(owner, NS_ERROR_FAILURE);
+            inheritOwner = false;
         }
     }
     if (!owner && !inheritOwner && !ownerIsExplicit) {
         // See if there's system or chrome JS code running
         inheritOwner = nsContentUtils::IsCallerChrome();
     }
 
     if (aLoadFlags & LOAD_FLAGS_DISALLOW_INHERIT_OWNER) {