Bug 1424380 - Require triggering principal passed into openUILink().
MozReview-Commit-ID: BsQqZzfm2Ra
--- a/browser/base/content/browser-menubar.inc
+++ b/browser/base/content/browser-menubar.inc
@@ -605,17 +605,17 @@
label="&helpSafeMode.label;"
stopaccesskey="&helpSafeMode.stop.accesskey;"
stoplabel="&helpSafeMode.stop.label;"
oncommand="safeModeRestart();"/>
<menuitem id="menu_HelpPopup_reportPhishingtoolmenu"
label="&reportDeceptiveSiteMenu.title;"
accesskey="&reportDeceptiveSiteMenu.accesskey;"
observes="reportPhishingBroadcaster"
- oncommand="openUILink(gSafeBrowsing.getReportURL('Phish'), event);"
+ oncommand="openUILink(gSafeBrowsing.getReportURL('Phish'), event, {triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({})});"
onclick="checkForMiddleClick(this, event);"
hidden="true"/>
<menuitem id="menu_HelpPopup_reportPhishingErrortoolmenu"
label="&safeb.palm.notdeceptive.label;"
accesskey="&safeb.palm.notdeceptive.accesskey;"
observes="reportPhishingErrorBroadcaster"
oncommand="ReportFalseDeceptiveSite();"
onclick="checkForMiddleClick(this, event);"--- a/browser/base/content/pageinfo/feeds.js
+++ b/browser/base/content/pageinfo/feeds.js
@@ -40,17 +40,17 @@ function addRow(name, type, url) {
const urlContainer = document.createElement("hbox");
urlContainer.setAttribute("flex", "1");
bottom.appendChild(urlContainer);
const urlLabel = document.createElement("label");
urlLabel.className = "text-link";
urlLabel.textContent = url;
urlLabel.setAttribute("tooltiptext", url);
- urlLabel.addEventListener("click", ev => openUILink(this.value, ev));
+ urlLabel.addEventListener("click", ev => openUILink(this.value, ev, {triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({})}));
urlContainer.appendChild(urlLabel);
const subscribeButton = document.createElement("button");
subscribeButton.className = "feed-subscribe";
subscribeButton.addEventListener("click",
() => openWebLinkIn(url, "current", { ignoreAlt: true }));
subscribeButton.setAttribute("label", gBundle.getString("feedSubscribe"));
subscribeButton.setAttribute("accesskey", gBundle.getString("feedSubscribe.accesskey"));--- a/browser/base/content/test/general/browser_utilityOverlay.js
+++ b/browser/base/content/test/general/browser_utilityOverlay.js
@@ -102,10 +102,10 @@ function test_openNewTabWith() {
function test_openUILink() {
let tab = gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, "about:blank");
BrowserTestUtils.browserLoaded(tab.linkedBrowser).then(() => {
is(tab.linkedBrowser.currentURI.spec, "http://example.org/", "example.org loaded");
gBrowser.removeCurrentTab();
runNextTest();
});
- openUILink("http://example.org/"); // defaults to "current"
+ openUILink("http://example.org/", null, {triggeringPrincipal: Services.scriptSecurityManager.createNullPrincipal({})}); // defaults to "current"
}--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -114,22 +114,17 @@ function openUILink(url, event, aIgnoreB
postData: aPostData,
referrerURI: aReferrerURI,
referrerPolicy: Ci.nsIHttpChannel.REFERRER_POLICY_UNSET,
initiatingDoc: event ? event.target.ownerDocument : null,
};
}
if (!params.triggeringPrincipal) {
- let dt = event ? event.dataTransfer : null;
- if (!!dt && dt.mozSourceNode) {
- params.triggeringPrincipal = dt.mozSourceNode.nodePrincipal;
- } else {
- params.triggeringPrincipal = Services.scriptSecurityManager.createNullPrincipal({});
- }
+ throw new Error("Required argument triggeringPrincipal missing within openUILink");
}
let where = whereToOpenLink(event, aIgnoreButton, aIgnoreAlt);
openUILinkIn(url, where, params);
}
/**