Bug 1121857 - CSP: document.baseURI should not get blocked if baseURI is null. r=sstamm, a=sledru
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Thu, 15 Jan 2015 10:05:06 -0800
changeset 249346 1bbeed92ac700c374665f9adbbbfee8c68a55aa8
parent 249345 a1efd65b29cd5fd94c04450b543175a964de7a3c
child 249347 024b2dc1720f8777dca89fd570d16db7dad0c37f
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm, sledru
bugs1121857
milestone37.0a2
Bug 1121857 - CSP: document.baseURI should not get blocked if baseURI is null. r=sstamm, a=sledru
dom/base/nsDocument.cpp
--- a/dom/base/nsDocument.cpp
+++ b/dom/base/nsDocument.cpp
@@ -3612,17 +3612,17 @@ nsDocument::SetBaseURI(nsIURI* aURI)
       return NS_OK;
     }
   }
 
   // Check if CSP allows this base-uri
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   nsresult rv = NodePrincipal()->GetCsp(getter_AddRefs(csp));
   NS_ENSURE_SUCCESS(rv, rv);
-  if (csp) {
+  if (csp && aURI) {
     bool permitsBaseURI = false;
 
     // base-uri is only enforced if explicitly defined in the
     // policy - do *not* consult default-src, see:
     // http://www.w3.org/TR/CSP2/#directive-default-src
     rv = csp->Permits(aURI, nsIContentSecurityPolicy::BASE_URI_DIRECTIVE,
                       true, &permitsBaseURI);
     NS_ENSURE_SUCCESS(rv, rv);