Bug 1016875 - part9: System should only import other system documents. r=mrbkap
authorGabor Krizsanits <gkrizsanits@mozilla.com>
Wed, 16 Jul 2014 14:32:00 +0200
changeset 216295 3b9951da1581fd6b7ef22b279364047087226ed8
parent 216294 506cbe3ed5e9af6e4c6cf539e75ae16a7e4407fa
child 216296 ffa4255ebaa776508973182fd972e50bbcc7b3a4
push id515
push userraliiev@mozilla.com
push dateMon, 06 Oct 2014 12:51:51 +0000
treeherdermozilla-release@267c7a481bef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmrbkap
bugs1016875
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1016875 - part9: System should only import other system documents. r=mrbkap
content/base/src/ImportManager.cpp
--- a/content/base/src/ImportManager.cpp
+++ b/content/base/src/ImportManager.cpp
@@ -329,16 +329,26 @@ ImportLoader::OnStartRequest(nsIRequest*
   if (!sop) {
     return NS_ERROR_DOM_ABORT_ERR;
   }
 
   nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
   if (!channel) {
     return NS_ERROR_DOM_ABORT_ERR;
   }
+
+  if (nsContentUtils::IsSystemPrincipal(principal)) {
+    // We should never import non-system documents and run their scripts with system principal!
+    nsCOMPtr<nsIPrincipal> channelPrincipal;
+    nsContentUtils::GetSecurityManager()->GetChannelPrincipal(channel,
+                                                              getter_AddRefs(channelPrincipal));
+    if (!nsContentUtils::IsSystemPrincipal(channelPrincipal)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
   channel->SetOwner(principal);
 
   nsAutoCString type;
   channel->GetContentType(type);
   if (!type.EqualsLiteral("text/html")) {
     NS_WARNING("ImportLoader wrong content type");
     return NS_ERROR_DOM_ABORT_ERR;
   }