Bug 1412961 - Make extension principals bypass canvas permission checks. r=johannh, ckerschb
MozReview-Commit-ID: 5vSW4zR3f36
--- a/dom/canvas/CanvasUtils.cpp
+++ b/dom/canvas/CanvasUtils.cpp
@@ -50,21 +50,34 @@ bool IsImageExtractionAllowed(nsIDocumen
return true;
}
// Don't proceed if we don't have a document or JavaScript context.
if (!aDocument || !aCx) {
return false;
}
- // Documents with system principal can always extract canvas data.
nsPIDOMWindowOuter *win = aDocument->GetWindow();
nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(win));
- if (sop && nsContentUtils::IsSystemPrincipal(sop->GetPrincipal())) {
- return true;
+
+ if (sop) {
+ // Documents with system principal can always extract canvas data.
+ nsIPrincipal *principal = sop->GetPrincipal();
+ if (nsContentUtils::IsSystemPrincipal(principal)) {
+ return true;
+ }
+
+ if (principal) {
+ // Allow extension principals
+ nsAutoString addonId;
+ Unused << NS_WARN_IF(NS_FAILED(principal->GetAddonId(addonId)));
+ if (!addonId.IsEmpty()) {
+ return true;
+ }
+ }
}
// Always give permission to chrome scripts (e.g. Page Inspector).
if (nsContentUtils::ThreadsafeIsCallerChrome()) {
return true;
}
// Get the document URI and its spec.