Bug 1256472 - Make sure checkEmptyPageOrigin checks the browser documentURI for about:blank along with the currentURI. r?Gijs
checkEmptyPageOrigin was only checking the currentURI on the passed browser for about:blank, but
sometimes the currentURI isn't the whole picture. For example, SessionStore, after restoring a
window, can cause a number of blank tabs to start to load, be cancelled, and have their history
replaced. This results in a bunch of unrestored background tabs that appear to have currentURI
set to the URI that the tab will be sent to once restored, but a null content principal, since
the original about:blank load was stopped before it could complete.
We side-step this issue by checking both the currentURI and the documentURI for about:blank
when comparing against the null principal for checkEmptyPageOrigin.
MozReview-Commit-ID: Kzm0MthLqVM
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -6651,25 +6651,31 @@ function checkEmptyPageOrigin(browser =
// If another page opened this page with e.g. window.open, this page might
// be controlled by its opener - return false.
if (browser.hasContentOpener) {
return false;
}
let contentPrincipal = browser.contentPrincipal;
// Not all principals have URIs...
if (contentPrincipal.URI) {
- // There are two specialcases involving about:blank. One is where
+ // There are two special-cases involving about:blank. One is where
// the user has manually loaded it and it got created with a null
// principal. The other involves the case where we load
// some other empty page in a browser and the current page is the
// initial about:blank page (which has that as its principal, not
// just URI in which case it could be web-based). Especially in
// e10s, we need to tackle that case specifically to avoid race
// conditions when updating the URL bar.
- if ((uri.spec == "about:blank" && contentPrincipal.isNullPrincipal) ||
+ //
+ // Note that we check the documentURI here, since the currentURI on
+ // the browser might have been set by SessionStore in order to
+ // support switch-to-tab without having actually loaded the content
+ // yet.
+ let uriToCheck = browser.documentURI || uri;
+ if ((uriToCheck.spec == "about:blank" && contentPrincipal.isNullPrincipal) ||
contentPrincipal.URI.spec == "about:blank") {
return true;
}
return contentPrincipal.URI.equals(uri);
}
// ... so for those that don't have them, enforce that the page has the
// system principal (this matches e.g. on about:newtab).
let ssm = Services.scriptSecurityManager;