Bug 1297156: Check favicon loads from the system principal against the content policy.
When a system principled xul:image element attempts to load anything we
currently bypass content policy checks. This change makes us continue to respect
the content policy when loading favicons.
MozReview-Commit-ID: B3CUXqtvsqG
--- a/dom/base/nsContentPolicyUtils.h
+++ b/dom/base/nsContentPolicyUtils.h
@@ -170,17 +170,18 @@ NS_CP_ContentTypeName(uint32_t contentTy
nsCOMPtr<nsIURI> requestOrigin; \
PR_BEGIN_MACRO \
if (loadingPrincipal) { \
/* We exempt most loads into any document with the system principal \
* from content policy checks, mostly as an optimization. Which means \
* that we need to apply this check to the loading principal, not the \
* principal that triggered the load. */ \
bool isSystem = loadingPrincipal->GetIsSystemPrincipal(); \
- if (isSystem && contentType != nsIContentPolicy::TYPE_DOCUMENT) { \
+ if (isSystem && contentType != nsIContentPolicy::TYPE_DOCUMENT && \
+ contentType != nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON) { \
*decision = nsIContentPolicy::ACCEPT; \
nsCOMPtr<nsINode> n = do_QueryInterface(context); \
if (!n) { \
nsCOMPtr<nsPIDOMWindowOuter> win = do_QueryInterface(context); \
n = win ? win->GetExtantDoc() : nullptr; \
} \
if (n) { \
nsIDocument* d = n->OwnerDoc(); \