[tbb-commits] [tor-browser] 14/34: Bug 1761981, r=smaug,a=dsmith

gitolite role git at cupani.torproject.org
Wed Apr 27 16:04:55 UTC 2022


This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-91.9esr-11.0-1
in repository tor-browser.

commit 2f5340c78f0a0d34a367ac4c20239b374ac48559
Author: Nika Layzell <nika at thelayzells.com>
AuthorDate: Wed Apr 6 15:00:57 2022 +0000

    Bug 1761981, r=smaug,a=dsmith
    
    Differential Revision: https://phabricator.services.mozilla.com/D142596
---
 dom/jsurl/nsJSProtocolHandler.cpp | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/dom/jsurl/nsJSProtocolHandler.cpp b/dom/jsurl/nsJSProtocolHandler.cpp
index 06ec5027d5120..09b729442ed57 100644
--- a/dom/jsurl/nsJSProtocolHandler.cpp
+++ b/dom/jsurl/nsJSProtocolHandler.cpp
@@ -232,18 +232,19 @@ nsresult nsJSThunk::EvaluateScript(
 
   mozilla::dom::Document* targetDoc = innerWin->GetExtantDoc();
 
-  if (targetDoc) {
-    // Sandboxed document check: javascript: URI execution is disabled
-    // in a sandboxed document unless 'allow-scripts' was specified.
-    if (targetDoc->HasScriptsBlockedBySandbox()) {
-      if (nsCOMPtr<nsIObserverService> obs =
-              mozilla::services::GetObserverService()) {
-        obs->NotifyWhenScriptSafe(ToSupports(innerWin),
-                                  "javascript-uri-blocked-by-sandbox");
-      }
-      return NS_ERROR_DOM_RETVAL_UNDEFINED;
+  // Sandboxed document check: javascript: URI execution is disabled in a
+  // sandboxed document unless 'allow-scripts' was specified.
+  if ((targetDoc && !targetDoc->IsScriptEnabled()) ||
+      (loadInfo->GetTriggeringSandboxFlags() & SANDBOXED_SCRIPTS)) {
+    if (nsCOMPtr<nsIObserverService> obs =
+            mozilla::services::GetObserverService()) {
+      obs->NotifyWhenScriptSafe(ToSupports(innerWin),
+                                "javascript-uri-blocked-by-sandbox");
     }
+    return NS_ERROR_DOM_RETVAL_UNDEFINED;
+  }
 
+  if (targetDoc) {
     // Perform a Security check against the CSP of the document we are
     // running against. javascript: URIs are disabled unless "inline"
     // scripts are allowed. We only do that if targetDoc->NodePrincipal()

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tbb-commits mailing list