[tbb-commits] [tor-browser/esr24] Bug 987003 - Be more careful sandboxing javascript: URLs. r=bholley, a=sledru
mikeperry at torproject.org
mikeperry at torproject.org
Fri Aug 29 05:26:38 UTC 2014
commit 3f9092acb0075896fa3178c95601ffaa7f985779
Author: Boris Zbarsky <bzbarsky at mit.edu>
Date: Wed Mar 26 21:44:25 2014 -0400
Bug 987003 - Be more careful sandboxing javascript: URLs. r=bholley, a=sledru
---
dom/src/jsurl/nsJSProtocolHandler.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dom/src/jsurl/nsJSProtocolHandler.cpp b/dom/src/jsurl/nsJSProtocolHandler.cpp
index de5ff3b..27b8ddb 100644
--- a/dom/src/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/src/jsurl/nsJSProtocolHandler.cpp
@@ -282,7 +282,8 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel,
nsIXPConnect *xpc = nsContentUtils::XPConnect();
nsCOMPtr<nsIXPConnectJSObjectHolder> sandbox;
- rv = xpc->CreateSandbox(cx, principal, getter_AddRefs(sandbox));
+ // Important: Use a null principal here
+ rv = xpc->CreateSandbox(cx, nullptr, getter_AddRefs(sandbox));
NS_ENSURE_SUCCESS(rv, rv);
// The nsXPConnect sandbox API gives us a wrapper to the sandbox for
More information about the tbb-commits
mailing list