mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 849791 - Frame DocShells do not inherit sandbox flags from their parents (r=bz)
This commit is contained in:
parent
c483aa0d5b
commit
a300c98e06
@ -448,30 +448,27 @@ nsFrameLoader::ReallyStartLoadingInternal()
|
||||
mDocShell->CreateLoadInfo(getter_AddRefs(loadInfo));
|
||||
NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);
|
||||
|
||||
// Is this an <iframe> with a sandbox attribute or a parent which is
|
||||
// sandboxed ?
|
||||
HTMLIFrameElement* iframe =
|
||||
HTMLIFrameElement::FromContent(mOwnerContent);
|
||||
|
||||
// Does this frame have a parent which is already sandboxed or is this
|
||||
// an <iframe> with a sandbox attribute?
|
||||
uint32_t sandboxFlags = 0;
|
||||
uint32_t parentSandboxFlags = mOwnerContent->OwnerDoc()->GetSandboxFlags();
|
||||
|
||||
HTMLIFrameElement* iframe = HTMLIFrameElement::FromContent(mOwnerContent);
|
||||
|
||||
if (iframe) {
|
||||
sandboxFlags = iframe->GetSandboxFlags();
|
||||
|
||||
uint32_t parentSandboxFlags = iframe->OwnerDoc()->GetSandboxFlags();
|
||||
}
|
||||
|
||||
if (sandboxFlags || parentSandboxFlags) {
|
||||
// The child can only add restrictions, not remove them.
|
||||
// The child can only add restrictions, never remove them.
|
||||
sandboxFlags |= parentSandboxFlags;
|
||||
|
||||
mDocShell->SetSandboxFlags(sandboxFlags);
|
||||
}
|
||||
}
|
||||
|
||||
// If this is an <iframe> and it's sandboxed with respect to origin
|
||||
// we will set it up with a null principal later in nsDocShell::DoURILoad.
|
||||
// If this frame is sandboxed with respect to origin we will set it up with
|
||||
// a null principal later in nsDocShell::DoURILoad.
|
||||
// We do it there to correctly sandbox content that was loaded into
|
||||
// the iframe via other methods than the src attribute.
|
||||
// the frame via other methods than the src attribute.
|
||||
// We'll use our principal, not that of the document loaded inside us. This
|
||||
// is very important; needed to prevent XSS attacks on documents loaded in
|
||||
// subframes!
|
||||
|
Loading…
Reference in New Issue
Block a user