Bug 1512311 - Disable implicit rel=noopener in anchor and area elements if the triggering principal is system, r=nika a=RyanVM
authorAndrea Marchesini <amarchesini@mozilla.com>
Wed, 12 Dec 2018 17:55:13 +0100
changeset 506253 6a33ef5732bd71dca1810f8e97df02920d220a49
parent 506252 942a9f9f19a358a40f015be1d90257028baf89aa
child 506254 3735c6ea013c3fd85ae3db6372c002b05d33929e
push id10348
push userebalazs@mozilla.com
push dateMon, 17 Dec 2018 10:13:16 +0000
treeherdermozilla-beta@04d44d6052d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnika, RyanVM
bugs1512311
milestone65.0
Bug 1512311 - Disable implicit rel=noopener in anchor and area elements if the triggering principal is system, r=nika a=RyanVM
docshell/base/nsDocShell.cpp
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -12669,16 +12669,21 @@ nsDocShell::OnLinkClickSync(nsIContent* 
             extProtService->IsExposedProtocol(scheme.get(), &isExposed);
         if (NS_SUCCEEDED(rv) && !isExposed) {
           return extProtService->LoadURI(aURI, this);
         }
       }
     }
   }
 
+  // if the triggeringPrincipal is not passed explicitly, then we
+  // fall back to using doc->NodePrincipal() as the triggeringPrincipal.
+  nsCOMPtr<nsIPrincipal> triggeringPrincipal =
+      aTriggeringPrincipal ? aTriggeringPrincipal : aContent->NodePrincipal();
+
   uint32_t flags = INTERNAL_LOAD_FLAGS_NONE;
   if (IsElementAnchorOrArea(aContent)) {
     MOZ_ASSERT(aContent->IsHTMLElement());
     nsAutoString referrer;
     aContent->AsElement()->GetAttr(kNameSpaceID_None, nsGkAtoms::rel, referrer);
     nsWhitespaceTokenizerTemplate<nsContentUtils::IsHTMLWhitespace> tok(
         referrer);
 
@@ -12706,17 +12711,18 @@ nsDocShell::OnLinkClickSync(nsIContent* 
 
       if (targetBlank && StaticPrefs::dom_targetBlankNoOpener_enabled() &&
           token.LowerCaseEqualsLiteral("opener") && !explicitOpenerSet) {
         explicitOpenerSet = true;
       }
     }
 
     if (targetBlank && StaticPrefs::dom_targetBlankNoOpener_enabled() &&
-        !explicitOpenerSet) {
+        !explicitOpenerSet &&
+        !nsContentUtils::IsSystemPrincipal(triggeringPrincipal)) {
       flags |= INTERNAL_LOAD_FLAGS_NO_OPENER;
     }
 
     if (aNoOpenerImplied) {
       flags |= INTERNAL_LOAD_FLAGS_NO_OPENER;
     }
   }
 
@@ -12762,21 +12768,16 @@ nsDocShell::OnLinkClickSync(nsIContent* 
   if (anchor) {
     anchor->GetType(typeHint);
     NS_ConvertUTF16toUTF8 utf8Hint(typeHint);
     nsAutoCString type, dummy;
     NS_ParseRequestContentType(utf8Hint, type, dummy);
     CopyUTF8toUTF16(type, typeHint);
   }
 
-  // if the triggeringPrincipal is not passed explicitly, then we
-  // fall back to using doc->NodePrincipal() as the triggeringPrincipal.
-  nsCOMPtr<nsIPrincipal> triggeringPrincipal =
-      aTriggeringPrincipal ? aTriggeringPrincipal : aContent->NodePrincipal();
-
   // Link click (or form submission) can be triggered inside an onload handler,
   // and we don't want to add history entry in this case.
   bool inOnLoadHandler = false;
   GetIsExecutingOnLoadHandler(&inOnLoadHandler);
   uint32_t loadType = inOnLoadHandler ? LOAD_NORMAL_REPLACE : LOAD_LINK;
 
   if (aIsUserTriggered) {
     flags |= INTERNAL_LOAD_FLAGS_IS_USER_TRIGGERED;