summaryrefslogtreecommitdiff
path: root/caps/nsScriptSecurityManager.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'caps/nsScriptSecurityManager.cpp')
-rw-r--r--caps/nsScriptSecurityManager.cpp16
1 files changed, 13 insertions, 3 deletions
diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp
index 5cef6cb6a..abd1d5abd 100644
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -723,6 +723,13 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
}
return NS_OK;
}
+ else if ((!sourceScheme.LowerCaseEqualsLiteral("http") &&
+ !sourceScheme.LowerCaseEqualsLiteral("https")) &&
+ targetScheme.LowerCaseEqualsLiteral("moz-icon"))
+ {
+ // Exception for linking to moz-icon://
+ return NS_OK;
+ }
// If the schemes don't match, the policy is specified by the protocol
// flags on the target URI. Note that the order of policy checks here is
@@ -750,9 +757,12 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
if (hasFlags) {
if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
- // For now, don't change behavior for resource:// or moz-icon:// and
- // just allow them.
- if (!targetScheme.EqualsLiteral("chrome")) {
+ // For now, don't change behavior for resource:// and
+ // just allow it. This is required for extensions injecting
+ // extension-internal resource URLs in snippets in pages, e.g.
+ // Adding custom controls in-page.
+ if (!targetScheme.EqualsLiteral("chrome") &&
+ !targetScheme.EqualsLiteral("moz-icon")) {
return NS_OK;
}