Bug 1319122: Adjust SVG image-document check to happen on display document. r=bz a=ritu
authorDaniel Holbert <dholbert@cs.stanford.edu>
Tue, 29 Nov 2016 16:41:00 -0800
changeset 352732 48d3a6fbc8823d3ebb194890f368ad1947967f7f
parent 352731 bbdf2771fc05481d45509d631c1ebf8b589dca49
child 352733 939bb4af0df7262bab42247cd92fec68ec6477f9
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz, ritu
bugs1319122
milestone52.0a2
Bug 1319122: Adjust SVG image-document check to happen on display document. r=bz a=ritu MozReview-Commit-ID: 8Mg4HlNF14p
dom/base/nsDataDocumentContentPolicy.cpp
--- a/dom/base/nsDataDocumentContentPolicy.cpp
+++ b/dom/base/nsDataDocumentContentPolicy.cpp
@@ -70,17 +70,22 @@ nsDataDocumentContentPolicy::ShouldLoad(
   if (doc->IsLoadedAsData()) {
     // ...but let static (print/print preview) documents to load fonts.
     if (!doc->IsStaticDocument() || aContentType != nsIContentPolicy::TYPE_FONT) {
       *aDecision = nsIContentPolicy::REJECT_TYPE;
       return NS_OK;
     }
   }
 
-  if (doc->IsBeingUsedAsImage()) {
+  nsIDocument* docToCheckForImage = doc->GetDisplayDocument();
+  if (!docToCheckForImage) {
+    docToCheckForImage = doc;
+  }
+
+  if (docToCheckForImage->IsBeingUsedAsImage()) {
     // We only allow SVG images to load content from URIs that are local and
     // also satisfy one of the following conditions:
     //  - URI inherits security context, e.g. data URIs
     //   OR
     //  - URI loadable by subsumers, e.g. blob URIs
     // Any URI that doesn't meet these requirements will be rejected below.
     if (!(HasFlags(aContentLocation,
                    nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) &&