#611: M1277475

dom/base/nsDocument.cpp

@@ -8293,7 +8293,7 @@ nsDocument::IsScriptEnabled()
 {
   // If this document is sandboxed without 'allow-scripts'
   // script is not enabled
-  if (mSandboxFlags & SANDBOXED_SCRIPTS) {
+  if (HasScriptsBlockedBySandbox()) {
     return false;
   }
 
@@ -13044,6 +13044,12 @@ nsIDocument::InlineScriptAllowedByCSP()
   return allowsInlineScript;
 }
 
+bool
+nsIDocument::HasScriptsBlockedBySandbox()
+{
+  return mSandboxFlags & SANDBOXED_SCRIPTS;
+}
+
 static bool
 MightBeAboutOrChromeScheme(nsIURI* aURI)
 {

dom/base/nsIDocument.h

@@ -2678,6 +2678,8 @@ public:
     return mUserHasInteracted;
   }
 
+  bool HasScriptsBlockedBySandbox();
+
   bool InlineScriptAllowedByCSP();
 
   void SetLinkHandlingEnabled(bool aValue) { mLinksEnabled = aValue; }

dom/base/nsScriptLoader.cpp

@@ -272,7 +272,7 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType,
                           bool aScriptFromHead)
 {
   // If this document is sandboxed without 'allow-scripts', abort.
-  if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
+  if (mDocument->HasScriptsBlockedBySandbox()) {
     return NS_OK;
   }
 
@@ -704,7 +704,7 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
 
   // inline script
   // Is this document sandboxed without 'allow-scripts'?
-  if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
+  if (mDocument->HasScriptsBlockedBySandbox()) {
     return false;
   }
 

dom/events/EventListenerManager.cpp

@@ -735,7 +735,7 @@ EventListenerManager::SetEventHandler(nsIAtom* aName,
   if (doc) {
     // Don't allow adding an event listener if the document is sandboxed
     // without 'allow-scripts'.
-    if (doc->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
+    if (doc->HasScriptsBlockedBySandbox()) {
       return NS_ERROR_DOM_SECURITY_ERR;
     }
 

dom/jsurl/nsJSProtocolHandler.cpp

@@ -201,7 +201,7 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel,
     // Sandboxed document check: javascript: URI's are disabled
     // in a sandboxed document unless 'allow-scripts' was specified.
     nsIDocument* doc = aOriginalInnerWindow->GetExtantDoc();
-    if (doc && (doc->GetSandboxFlags() & SANDBOXED_SCRIPTS)) {
+    if (doc && doc->HasScriptsBlockedBySandbox()) {
         return NS_ERROR_DOM_RETVAL_UNDEFINED;
     }
 

dom/webidl/Document.webidl

@@ -403,6 +403,12 @@ partial interface Document {
   [ChromeOnly] readonly attribute boolean userHasInteracted;
 };
 
+// Extension to give chrome and XBL JS the ability to determine whether
+// the document is sandboxed without permission to run scripts.
+partial interface Document {
+  [Func="IsChromeOrXBL"] readonly attribute boolean hasScriptsBlockedBySandbox;
+};
+
 // Extension to give chrome and XBL JS the ability to determine whether
 // inline scripts are blocked by the document's CSP.
 partial interface Document {

layout/style/xbl-marquee/xbl-marquee.xml

@@ -240,6 +240,13 @@
         <parameter name="aIgnoreNextCall"/>
         <body>
           <![CDATA[
+          // _setEventListener is only used for setting the attribute event
+          // handlers, which we want to ignore if our document is sandboxed
+          // without the allow-scripts keyword.
+          if (document.hasScriptsBlockedBySandbox) {
+            return true;
+          }
+
           // attribute event handlers should only be added if the
           // document's CSP allows it.
           if (!document.inlineScriptAllowedByCSP) {