Bug 677643 part 2. Clone the URI argument when loading external stylesheets from a <link> element to work around content policies mutating the URI. r=jlebar
authorBoris Zbarsky <bzbarsky@mit.edu>
Mon, 26 Sep 2011 18:03:16 -0400
changeset 78937 952017f5f62bbdcbece40f547208ecd8bb908a1b
parent 78936 cadb12b21740b04b662752d6c0b703713d387129
child 78938 6e359c7e80803cd6cc787ea21ed1daa6553d3d00
push id78
push userclegnitto@mozilla.com
push dateFri, 16 Dec 2011 17:32:24 +0000
treeherdermozilla-release@79d24e644fdd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjlebar
bugs677643
milestone9.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 677643 part 2. Clone the URI argument when loading external stylesheets from a <link> element to work around content policies mutating the URI. r=jlebar
content/base/src/nsStyleLinkElement.cpp
--- a/content/base/src/nsStyleLinkElement.cpp
+++ b/content/base/src/nsStyleLinkElement.cpp
@@ -282,18 +282,22 @@ nsStyleLinkElement::DoUpdateStyleSheet(n
     nsContentUtils::GetNodeTextContent(thisContent, PR_FALSE, text);
 
     // Parse the style sheet.
     rv = doc->CSSLoader()->
       LoadInlineStyle(thisContent, text, mLineNumber, title, media,
                       aObserver, &doneLoading, &isAlternate);
   }
   else {
+    // XXXbz clone the URI here to work around content policies modifying URIs.
+    nsCOMPtr<nsIURI> clonedURI;
+    uri->Clone(getter_AddRefs(clonedURI));
+    NS_ENSURE_TRUE(clonedURI, NS_ERROR_OUT_OF_MEMORY);
     rv = doc->CSSLoader()->
-      LoadStyleLink(thisContent, uri, title, media, isAlternate, aObserver,
+      LoadStyleLink(thisContent, clonedURI, title, media, isAlternate, aObserver,
                     &isAlternate);
     if (NS_FAILED(rv)) {
       // Don't propagate LoadStyleLink() errors further than this, since some
       // consumers (e.g. nsXMLContentSink) will completely abort on innocuous
       // things like a stylesheet load being blocked by the security system.
       doneLoading = PR_TRUE;
       isAlternate = PR_FALSE;
       rv = NS_OK;