Bug 383252: Cannot drag / drop URL or link onto tabbar, r=mconnor When SeaMonkey switched to toolkit's nsDragAndDrop.js, it lost the dragDropSecurityCheck method, which for SM was on nsDragAndDrop, but for FF was on tabbrowser. Moving that method from tabbrowser to toolkit's nsDragAndDrop.js, and cleaning it up a little.

2024-09-13 09:24:08 -07:00 · 2007-08-21 22:02:42 -07:00 · 2007-08-21 22:02:42 -07:00 · 9c673e0431
commit 9c673e0431
parent 20a41d4e92
1 changed files with 2 additions and 46 deletions
--- a/browser/base/content/tabbrowser.xml
+++ b/browser/base/content/tabbrowser.xml
@ -1912,7 +1912,7 @@
                  /^\s*(javascript|data):/.test(url))
                return;

-              this.dragDropSecurityCheck(aEvent, aDragSession, url);
+              nsDragAndDrop.dragDropSecurityCheck(aEvent, aDragSession, url);

              var bgLoad = true;
              try {
@ -2310,51 +2310,7 @@
        <parameter name="aUri"/>
        <body>
          <![CDATA[
-            // Do a security check for drag n' drop. Make sure the
-            // source document can load the dragged link.
-            var sourceDoc = aDragSession.sourceDocument;
-
-            if (sourceDoc) {
-              // Strip leading and trailing whitespace, then try to
-              // create a URI from the dropped string. If that
-              // succeeds, we're dropping a URI and we need to do a
-              // security check to make sure the source document can
-              // load the dropped URI. We don't so much care about
-              // creating the real URI here (i.e. encoding differences
-              // etc don't matter), we just want to know if aUri
-              // really is a URI.
-
-              var uriStr = aUri.replace(/^\s*|\s*$/g, '');
-              var uri = null;
-
-              try {
-                uri = Components.classes["@mozilla.org/network/io-service;1"]
-                  .getService(Components.interfaces.nsIIOService)
-                  .newURI(uriStr, null, null);
-              } catch (e) {
-              }
-
-              if (uri) {
-                // aUri is a URI, do the security check.
-                var sourceURI = sourceDoc.documentURI;
-
-                const nsIScriptSecurityManager =
-                  Components.interfaces.nsIScriptSecurityManager;
-                var secMan =
-                  Components.classes["@mozilla.org/scriptsecuritymanager;1"]
-                  .getService(nsIScriptSecurityManager);
-
-                try {
-                  secMan.checkLoadURIStr(sourceURI, uriStr,
-                                         nsIScriptSecurityManager.STANDARD);
-                } catch (e) {
-                  // Stop event propagation right here.
-                  aEvent.stopPropagation();
-
-                  throw "Drop of " + aUri + " denied.";
-                }
-              }
-            }
+            nsDragAndDrop.dragDropSecurityCheck(aEvent, aDragSession, aUri);
          ]]>
        </body>
      </method>