Bug 1412559 - Make the "confirm repost" prompt tab modal. r=bz
This is done to prevent malicious pages from abusing the feature
to lock up the browser.
MozReview-Commit-ID: 8Gf55nbMwCu
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -13539,16 +13539,22 @@ nsDocShell::ConfirmRepost(bool* aRepost)
return rv;
}
rv = appBundle->GetStringFromName("resendButton.label", button0Title);
if (NS_FAILED(rv)) {
return rv;
}
+ // Make the repost prompt tab modal to prevent malicious pages from locking
+ // up the browser, see bug 1412559 for an example.
+ if (nsCOMPtr<nsIWritablePropertyBag2> promptBag = do_QueryInterface(prompter)) {
+ promptBag->SetPropertyAsBool(NS_LITERAL_STRING("allowTabModal"), true);
+ }
+
int32_t buttonPressed;
// The actual value here is irrelevant, but we can't pass an invalid
// bool through XPConnect.
bool checkState = false;
rv = prompter->ConfirmEx(
nullptr, msgString.get(),
(nsIPrompt::BUTTON_POS_0 * nsIPrompt::BUTTON_TITLE_IS_STRING) +
(nsIPrompt::BUTTON_POS_1 * nsIPrompt::BUTTON_TITLE_CANCEL),