Bug 1110614 - Align the base URI window determinations in nsWindowWatcher::URIfromURL, nsGlobalWindow::FireAbuseEvents, and nsGlobalWindow::SecurityCheckURL. r=bholley, a=abillings
authorBoris Zbarsky <bzbarsky@mit.edu>
Wed, 21 Jan 2015 14:54:09 -0500
changeset 200529 fbe02a90af22c3ccf7f0d6838163779976dde6c6
parent 200528 95e4252b6d7477c80757fe5ef5a97e4bf3ea6af2
child 200530 50cad2d9985b287d9217b8cad5d715a43b848721
push id177
push userryanvm@gmail.com
push dateMon, 26 Jan 2015 21:07:03 +0000
treeherdermozilla-esr31@5ee3807b4bb2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley, abillings
bugs1110614
milestone31.4.0
Bug 1110614 - Align the base URI window determinations in nsWindowWatcher::URIfromURL, nsGlobalWindow::FireAbuseEvents, and nsGlobalWindow::SecurityCheckURL. r=bholley, a=abillings
dom/base/nsGlobalWindow.cpp
embedding/components/windowwatcher/src/nsWindowWatcher.cpp
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -7389,19 +7389,24 @@ nsGlobalWindow::FireAbuseEvents(bool aBl
   // first, fetch the opener's base URI
 
   nsIURI *baseURL = nullptr;
 
   JSContext *cx = nsContentUtils::GetCurrentJSContext();
   nsCOMPtr<nsPIDOMWindow> contextWindow;
 
   if (cx) {
-    nsIScriptContext *currentCX = nsJSUtils::GetDynamicScriptContext(cx);
-    if (currentCX) {
-      contextWindow = do_QueryInterface(currentCX->GetGlobalObject());
+    contextWindow = do_QueryInterface(nsJSUtils::GetDynamicScriptGlobal(cx));
+    if (contextWindow) {
+      nsIPrincipal* entryPrin =
+        static_cast<nsGlobalWindow*>(contextWindow.get())->GetPrincipal();
+      nsIPrincipal* subjectPrin = nsContentUtils::GetSubjectPrincipal();
+      if (!subjectPrin->SubsumesConsideringDomain(entryPrin)) {
+        contextWindow = nullptr;
+      }
     }
   }
   if (!contextWindow) {
     contextWindow = this;
   }
 
   nsCOMPtr<nsIDocument> doc = contextWindow->GetDoc();
   if (doc)
--- a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
+++ b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
@@ -38,16 +38,17 @@
 #include "nsIWebBrowser.h"
 #include "nsIWebBrowserChrome.h"
 #include "nsIWebNavigation.h"
 #include "nsIWindowCreator.h"
 #include "nsIWindowCreator2.h"
 #include "nsIXPConnect.h"
 #include "nsIXULRuntime.h"
 #include "nsPIDOMWindow.h"
+#include "nsGlobalWindow.h"
 #include "nsIMarkupDocumentViewer.h"
 #include "nsIContentViewer.h"
 #include "nsIWindowProvider.h"
 #include "nsIMutableArray.h"
 #include "nsISupportsArray.h"
 #include "nsIDOMStorage.h"
 #include "nsIDOMStorageManager.h"
 #include "nsIWidget.h"
@@ -1340,19 +1341,24 @@ nsWindowWatcher::URIfromURL(const char *
 {
   nsCOMPtr<nsIDOMWindow> baseWindow;
 
   /* build the URI relative to the calling JS Context, if any.
      (note this is the same context used to make the security check
      in nsGlobalWindow.cpp.) */
   JSContext *cx = nsContentUtils::GetCurrentJSContext();
   if (cx) {
-    nsIScriptContext *scriptcx = nsJSUtils::GetDynamicScriptContext(cx);
-    if (scriptcx) {
-      baseWindow = do_QueryInterface(scriptcx->GetGlobalObject());
+    baseWindow = do_QueryInterface(nsJSUtils::GetDynamicScriptGlobal(cx));
+    if (baseWindow) {
+      nsIPrincipal* entryPrin =
+        static_cast<nsGlobalWindow*>(baseWindow.get())->GetPrincipal();
+      nsIPrincipal* subjectPrin = nsContentUtils::GetSubjectPrincipal();
+      if (!subjectPrin->SubsumesConsideringDomain(entryPrin)) {
+        baseWindow = nullptr;
+      }
     }
   }
 
   // failing that, build it relative to the parent window, if possible
   if (!baseWindow)
     baseWindow = aParent;
 
   // failing that, use the given URL unmodified. It had better not be relative.