Bug 1511903 - r=johannh a=jcristau FIREFOX_64_0_BUILD2
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Wed, 05 Dec 2018 10:24:56 +0000
changeset 501457 319052b37637
parent 501456 0d9074318f9c
child 501458 f95d41399777
child 501460 923a3316fad4
push id1870
push userjcristau@mozilla.com
push dateWed, 05 Dec 2018 21:35:46 +0000
treeherdermozilla-release@319052b37637 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjohannh, jcristau
bugs1511903
milestone64.0
Bug 1511903 - r=johannh a=jcristau Differential Revision: https://phabricator.services.mozilla.com/D13714
browser/base/content/browser.js
browser/modules/FaviconLoader.jsm
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -3809,31 +3809,49 @@ const DOMEventHandler = {
   clearPendingIcon(aBrowser) {
     let tab = gBrowser.getTabForBrowser(aBrowser);
     tab.removeAttribute("pendingicon");
   },
 
   setIconFromLink(aBrowser, aPageURL, aOriginalURL, aCanUseForTab, aExpiration, aIconURL) {
     let tab = gBrowser.getTabForBrowser(aBrowser);
     if (!tab) {
-      return false;
+      return;
+    }
+
+    if (aCanUseForTab) {
+      this.clearPendingIcon(aBrowser);
+    }
+
+    let iconURI;
+    try {
+      iconURI = Services.io.newURI(aIconURL);
+    } catch (ex) {
+      Cu.reportError(ex);
+      return;
+    }
+    if (iconURI.scheme != "data") {
+      try {
+        Services.scriptSecurityManager.checkLoadURIWithPrincipal(
+          aBrowser.contentPrincipal, iconURI, Services.scriptSecurityManager.ALLOW_CHROME);
+      } catch (ex) {
+        return;
+      }
     }
     try {
       PlacesUIUtils.loadFavicon(aBrowser, Services.scriptSecurityManager.getSystemPrincipal(),
                                 makeURI(aPageURL), makeURI(aOriginalURL),
-                                aExpiration, makeURI(aIconURL));
+                                aExpiration, iconURI);
     } catch (ex) {
       Cu.reportError(ex);
     }
 
     if (aCanUseForTab) {
-      this.clearPendingIcon(aBrowser);
       gBrowser.setIcon(tab, aIconURL, aOriginalURL);
     }
-    return true;
   },
 
   addSearch(aBrowser, aEngine, aURL) {
     let tab = gBrowser.getTabForBrowser(aBrowser);
     if (!tab)
       return;
 
     BrowserSearch.addEngine(aBrowser, aEngine, makeURI(aURL));
--- a/browser/modules/FaviconLoader.jsm
+++ b/browser/modules/FaviconLoader.jsm
@@ -373,16 +373,22 @@ class IconLoader {
   }
 
   async load(iconInfo) {
     if (this._loader) {
       this._loader.cancel();
     }
 
     if (LOCAL_FAVICON_SCHEMES.includes(iconInfo.iconUri.scheme)) {
+      // We need to do a manual security check because the channel won't do
+      // it for us.
+      try {
+        Services.scriptSecurityManager.checkLoadURIWithPrincipal(
+          iconInfo.node.nodePrincipal, iconInfo.iconUri, Services.scriptSecurityManager.ALLOW_CHROME);
+      } catch (ex) { return; }
       this.mm.sendAsyncMessage("Link:SetIcon", {
         pageURL: iconInfo.pageUri.spec,
         originalURL: iconInfo.iconUri.spec,
         canUseForTab: !iconInfo.isRichIcon,
         expiration: undefined,
         iconURL: iconInfo.iconUri.spec,
       });
       return;