moebius#230: Consider blocking top level window data: URIs (part 3/3 without tests)

https://github.com/MoonchildProductions/moebius/pull/230
author: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-22 20:28:18 +0200
committer: janekptacijarabaci <janekptacijarabaci@seznam.cz> 2018-04-22 20:28:18 +0200
commit: edd6c63a43115567851d17f5b8236aebe9bada9b (patch)
tree: eb5aa299dfa4db3fee25031dcf523559df6a4baf /browser/base
parent: 6789a4bb58c613a951f089d739f7921403802106 (diff)
download: uxp-edd6c63a43115567851d17f5b8236aebe9bada9b.tar.gz
2 files changed, 7 insertions, 1 deletions
diff --git a/browser/base/content/nsContextMenu.js b/browser/base/content/nsContextMenu.js
index 8eb9b034f6..ddf6952026 100644
--- a/browser/base/content/nsContextMenu.js
+++ b/browser/base/content/nsContextMenu.js
@@ -1158,7 +1158,8 @@ nsContextMenu.prototype = {
                        this.browser.contentPrincipal,
                        Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
       openUILink(this.mediaURL, e, { disallowInheritPrincipal: true,
-                                     referrerURI: referrerURI });
+                                     referrerURI: referrerURI,
+                                     forceAllowDataURI: true });
     }
   },
 
diff --git a/browser/base/content/utilityOverlay.js b/browser/base/content/utilityOverlay.js
index 0b703b6f84..6ceaf773ea 100644
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -197,6 +197,7 @@ function openUILinkIn(url, where, aAllowThirdPartyFixup, aPostData, aReferrerURI
   openLinkIn(url, where, params);
 }
 
+/* eslint-disable complexity */
 function openLinkIn(url, where, params) {
   if (!where || !url)
     return;
@@ -212,6 +213,7 @@ function openLinkIn(url, where, params) {
       params.referrerPolicy : Ci.nsIHttpChannel.REFERRER_POLICY_DEFAULT);
   var aRelatedToCurrent     = params.relatedToCurrent;
   var aAllowMixedContent    = params.allowMixedContent;
+  var aForceAllowDataURI    = params.forceAllowDataURI;
   var aInBackground         = params.inBackground;
   var aDisallowInheritPrincipal = params.disallowInheritPrincipal;
   var aInitiatingDoc        = params.initiatingDoc;
@@ -378,6 +380,9 @@ function openLinkIn(url, where, params) {
     if (aIndicateErrorPageLoad) {
       flags |= Ci.nsIWebNavigation.LOAD_FLAGS_ERROR_LOAD_CHANGES_RV;
     }
+    if (aForceAllowDataURI) {
+      flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FORCE_ALLOW_DATA_URI;
+    }
 
     let {URI_INHERITS_SECURITY_CONTEXT} = Ci.nsIProtocolHandler;
     if (aForceAboutBlankViewerInCurrent &&
author	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-22 20:28:18 +0200
committer	janekptacijarabaci <janekptacijarabaci@seznam.cz>	2018-04-22 20:28:18 +0200
commit	edd6c63a43115567851d17f5b8236aebe9bada9b (patch)
tree	eb5aa299dfa4db3fee25031dcf523559df6a4baf /browser/base
parent	6789a4bb58c613a951f089d739f7921403802106 (diff)
download	uxp-edd6c63a43115567851d17f5b8236aebe9bada9b.tar.gz