Macintosh-SW/tenfourfox
1
0
Fork 0
mirror of https://github.com/classilla/tenfourfox.git synced 2024-06-06 06:29:31 +00:00
Code Issues Projects Releases Wiki Activity

#512: modified M1222924

Browse Source
This commit is contained in:
Cameron Kaiser 2018-07-14 21:16:14 -07:00
parent e8ee244caa
commit c59480e6bb
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
caps/nsScriptSecurityManager.cpp
View File

@ -1205,6 +1205,12 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
} }
} }
return NS_OK; return NS_OK;
} else if ((!sourceScheme.LowerCaseEqualsLiteral("http") &&
!sourceScheme.LowerCaseEqualsLiteral("https")) &&
targetScheme.LowerCaseEqualsLiteral("moz-icon")) {
// Don't expose moz-icon:// to the web, but it's okay for things
// like file:// and ftp://.
return NS_OK;
} }
// If the schemes don't match, the policy is specified by the protocol // If the schemes don't match, the policy is specified by the protocol
@ -1233,9 +1239,11 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
if (hasFlags) { if (hasFlags) {
if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) { if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
// For now, don't change behavior for resource:// or moz-icon:// and // For now, don't change behavior for resource:// and
// just allow them. // just allow it. This is required for extensions that inject
if (!targetScheme.EqualsLiteral("chrome")) { // internal resources into pages such as custom controls.
if (!targetScheme.EqualsLiteral("chrome") &&
!targetScheme.EqualsLiteral("moz-icon")) {
return NS_OK; return NS_OK;
} }