Merge pull request #231 from janekptacijarabaci/security_blocking_data_1

moebius#223, #224, #226, #230: DOM - consider blocking top level window data: URIs
author: Moonchild <mcwerewolf@gmail.com> 2018-04-23 11:46:21 +0200
committer: GitHub <noreply@github.com> 2018-04-23 11:46:21 +0200
commit: 8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch)
tree: 5c6953fd44fddb74891ddd96613f1ef949c85fd7 /toolkit/modules
parent: 8ffac11aa6eb32be75ff049787191e12476586d3 (diff)
parent: ccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff)
download: uxp-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/toolkit/modules/addons/WebRequestContent.js b/toolkit/modules/addons/WebRequestContent.js
index 219675e5b9..f044a1cd4e 100644
--- a/toolkit/modules/addons/WebRequestContent.js
+++ b/toolkit/modules/addons/WebRequestContent.js
@@ -80,6 +80,16 @@ var ContentPolicy = {
 
   shouldLoad(policyType, contentLocation, requestOrigin,
              node, mimeTypeGuess, extra, requestPrincipal) {
+
+    // Loads of TYPE_DOCUMENT and TYPE_SUBDOCUMENT perform a ConPol check
+    // within docshell as well as within the ContentSecurityManager. To avoid
+    // duplicate evaluations we ignore ConPol checks performed within docShell.
+    if (extra instanceof Ci.nsISupportsString) {
+      if (extra.data === "conPolCheckFromDocShell") {
+        return Ci.nsIContentPolicy.ACCEPT;
+      }
+    }
+
     if (requestPrincipal &&
         Services.scriptSecurityManager.isSystemPrincipal(requestPrincipal)) {
       return Ci.nsIContentPolicy.ACCEPT;
author	Moonchild <mcwerewolf@gmail.com>	2018-04-23 11:46:21 +0200
committer	GitHub <noreply@github.com>	2018-04-23 11:46:21 +0200
commit	8ed46f424e1a8a09bad7147882b83c9b2aad17c6 (patch)
tree	5c6953fd44fddb74891ddd96613f1ef949c85fd7 /toolkit/modules
parent	8ffac11aa6eb32be75ff049787191e12476586d3 (diff)
parent	ccbd5ecf57fcd53ac8b28ddf7466b6c930f764df (diff)
download	uxp-8ed46f424e1a8a09bad7147882b83c9b2aad17c6.tar.gz