Bug 1318664 - fix about pages linking to themselves with query parameters, r?bholley
MozReview-Commit-ID: Dsqj0L4aIlv
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -745,26 +745,37 @@ nsScriptSecurityManager::CheckLoadURIWit
&denySameSchemeLinks);
if (NS_FAILED(rv)) return rv;
while (currentURI && currentOtherURI) {
nsAutoCString scheme, otherScheme;
currentURI->GetScheme(scheme);
currentOtherURI->GetScheme(otherScheme);
+ bool schemesMatch = scheme.Equals(otherScheme, stringComparator);
+ bool isSamePage;
+ // about: URIs are special snowflakes.
+ if (scheme.EqualsLiteral("about")) {
+ nsAutoCString module, otherModule;
+ isSamePage = schemesMatch &&
+ NS_SUCCEEDED(NS_GetAboutModuleName(currentURI, module)) &&
+ NS_SUCCEEDED(NS_GetAboutModuleName(currentOtherURI, otherModule)) &&
+ module.Equals(otherModule);
+ } else {
+ bool equalExceptRef = false;
+ rv = currentURI->EqualsExceptRef(currentOtherURI, &equalExceptRef);
+ isSamePage = NS_SUCCEEDED(rv) && equalExceptRef;
+ }
+
// If schemes are not equal, or they're equal but the target URI
// is different from the source URI and doesn't always allow linking
// from the same scheme, check if the URI flags of the current target
// URI allow the current source URI to link to it.
// The policy is specified by the protocol flags on both URIs.
- bool equalExceptRef = false;
- if (!scheme.Equals(otherScheme, stringComparator) ||
- (denySameSchemeLinks &&
- (!NS_SUCCEEDED(currentURI->EqualsExceptRef(currentOtherURI, &equalExceptRef)) ||
- !equalExceptRef))) {
+ if (!schemesMatch || (denySameSchemeLinks && !isSamePage)) {
return CheckLoadURIFlags(currentURI, currentOtherURI,
sourceBaseURI, targetBaseURI, aFlags);
}
// Otherwise... check if we can nest another level:
nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(currentURI);
nsCOMPtr<nsINestedURI> nestedOtherURI = do_QueryInterface(currentOtherURI);
// If schemes match and neither URI is nested further, we're OK.--- a/caps/tests/mochitest/browser_checkloaduri.js
+++ b/caps/tests/mochitest/browser_checkloaduri.js
@@ -47,16 +47,22 @@ const URLs = new Map([
["view-source:http://www.example2.com", true, true, true],
["view-source:https://www.example2.com", true, true, true],
["view-source:feed:http://www.example2.com", false, false, true],
["feed:view-source:http://www.example2.com", false, false, false],
["data:text/html,Hi", true, false, true],
["view-source:data:text/html,Hi", true, false, true],
["javascript:alert('hi')", true, false, true],
]],
+ ["about:foo", [
+ ["about:foo?bar", true, true, true],
+ ["about:foo#bar", true, true, true],
+ ["about:foo?bar#baz", true, true, true],
+ ["http://www.example.com/", true, true, true],
+ ]],
]);
function testURL(source, target, canLoad, canLoadWithoutInherit, canCreate, flags) {
let threw = false;
let targetURI;
try {
targetURI = makeURI(target);
} catch (ex) {