mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Fix for bug 838692 - Navigating named targets from sandboxed iframes (r=smaug)
This commit is contained in:
Bob Owen
parent
c030b1e599
commit
1f4d023302
@ -3087,14 +3087,18 @@ nsDocShell::FindItemWithName(const PRUnichar * aName,
|
||||
if (!*aName)
|
||||
return NS_OK;
|
||||
|
||||
if (!aRequestor)
|
||||
{
|
||||
nsCOMPtr<nsIDocShellTreeItem> foundItem;
|
||||
if (aRequestor) {
|
||||
// If aRequestor is not null we don't need to check special names, so
|
||||
// just hand straight off to the search by actual name function.
|
||||
return DoFindItemWithName(aName, aRequestor, aOriginalRequestor,
|
||||
_retval);
|
||||
} else {
|
||||
|
||||
// This is the entry point into the target-finding algorithm. Check
|
||||
// for special names. This should only be done once, hence the check
|
||||
// for a null aRequestor.
|
||||
|
||||
nsCOMPtr<nsIDocShellTreeItem> foundItem;
|
||||
nsDependentString name(aName);
|
||||
if (name.LowerCaseEqualsLiteral("_self")) {
|
||||
foundItem = this;
|
||||
@ -3143,16 +3147,19 @@ nsDocShell::FindItemWithName(const PRUnichar * aName,
|
||||
// a new window?
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
// Do the search for item by an actual name.
|
||||
DoFindItemWithName(aName, aRequestor, aOriginalRequestor,
|
||||
getter_AddRefs(foundItem));
|
||||
}
|
||||
|
||||
if (foundItem && !CanAccessItem(foundItem, aOriginalRequestor)) {
|
||||
foundItem = nullptr;
|
||||
}
|
||||
|
||||
// DoFindItemWithName only returns active items and we don't check if
|
||||
// the item is active for the special cases.
|
||||
if (foundItem) {
|
||||
// We return foundItem here even if it's not an active
|
||||
// item since all the names we've dealt with so far are
|
||||
// special cases that we won't bother looking for further.
|
||||
|
||||
// If our document is sandboxed, we need to do some extra checks.
|
||||
uint32_t sandboxFlags = 0;
|
||||
@ -3174,17 +3181,14 @@ nsDocShell::FindItemWithName(const PRUnichar * aName,
|
||||
bool isAncestor = false;
|
||||
|
||||
nsCOMPtr<nsIDocShellTreeItem> parentAsItem;
|
||||
GetSameTypeParent(getter_AddRefs(parentAsItem));
|
||||
|
||||
foundItem->GetSameTypeParent(getter_AddRefs(parentAsItem));
|
||||
while (parentAsItem) {
|
||||
nsCOMPtr<nsIDocShellTreeItem> tmp;
|
||||
parentAsItem->GetParent(getter_AddRefs(tmp));
|
||||
|
||||
if (tmp && tmp == selfAsItem) {
|
||||
if (parentAsItem == selfAsItem) {
|
||||
isAncestor = true;
|
||||
break;
|
||||
}
|
||||
parentAsItem = tmp;
|
||||
nsCOMPtr<nsIDocShellTreeItem> tmp = parentAsItem;
|
||||
tmp->GetSameTypeParent(getter_AddRefs(parentAsItem));
|
||||
}
|
||||
|
||||
if (!isAncestor) {
|
||||
@ -3212,12 +3216,17 @@ nsDocShell::FindItemWithName(const PRUnichar * aName,
|
||||
}
|
||||
|
||||
foundItem.swap(*_retval);
|
||||
return NS_OK;
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
|
||||
// Keep looking
|
||||
|
||||
nsresult
|
||||
nsDocShell::DoFindItemWithName(const PRUnichar* aName,
|
||||
nsISupports* aRequestor,
|
||||
nsIDocShellTreeItem* aOriginalRequestor,
|
||||
nsIDocShellTreeItem** _retval)
|
||||
{
|
||||
// First we check our name.
|
||||
if (mName.Equals(aName) && ItemIsActive(this) &&
|
||||
CanAccessItem(this, aOriginalRequestor)) {
|
||||
|
||||
@ -874,6 +874,13 @@ private:
|
||||
int32_t mParentCharsetSource;
|
||||
nsCString mOriginalUriString;
|
||||
|
||||
// Separate function to do the actual name (i.e. not _top, _self etc.)
|
||||
// searching for FindItemWithName.
|
||||
nsresult DoFindItemWithName(const PRUnichar* aName,
|
||||
nsISupports* aRequestor,
|
||||
nsIDocShellTreeItem* aOriginalRequestor,
|
||||
nsIDocShellTreeItem** _retval);
|
||||
|
||||
#ifdef DEBUG
|
||||
// We're counting the number of |nsDocShells| to help find leaks
|
||||
static unsigned long gNumberOfDocShells;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user