diff --git a/content/html/document/src/Makefile.in b/content/html/document/src/Makefile.in
index a92efcec3d3..29e75eb7735 100644
--- a/content/html/document/src/Makefile.in
+++ b/content/html/document/src/Makefile.in
@@ -76,6 +76,7 @@ INCLUDES += \
-I$(srcdir)/../../../../layout/style \
-I$(srcdir)/../../../../dom/base \
-I$(srcdir)/../../../../xpcom/io \
+ -I$(srcdir)/../../../../caps/include \
$(NULL)
DEFINES += -D_IMPL_NS_LAYOUT
diff --git a/content/html/document/src/nsHTMLFragmentContentSink.cpp b/content/html/document/src/nsHTMLFragmentContentSink.cpp
index 1053227cd7c..a847d6ed710 100644
--- a/content/html/document/src/nsHTMLFragmentContentSink.cpp
+++ b/content/html/document/src/nsHTMLFragmentContentSink.cpp
@@ -60,6 +60,7 @@
#include "nsContentUtils.h"
#include "nsEscape.h"
#include "nsNodeInfoManager.h"
+#include "nsNullPrincipal.h"
#include "nsContentCreatorFunctions.h"
#include "nsNetUtil.h"
#include "nsIScriptSecurityManager.h"
@@ -821,6 +822,8 @@ protected:
PRPackedBool mInStyle; // whether we're inside a style element
PRPackedBool mProcessComments; // used when comments are allowed
+ nsCOMPtr mNullPrincipal;
+
// Use nsTHashTable as a hash set for our whitelists
static nsTHashtable* sAllowedTags;
static nsTHashtable* sAllowedAttributes;
@@ -989,7 +992,12 @@ nsHTMLParanoidFragmentSink::AddAttributes(const nsIParserNode& aNode,
nsresult rv;
// use this to check for safe URIs in the few attributes that allow them
nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
+ PRUint32 flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;
nsCOMPtr baseURI;
+ if (!mNullPrincipal) {
+ mNullPrincipal = do_CreateInstance(NS_NULLPRINCIPAL_CONTRACTID, &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
for (PRInt32 i = ac - 1; i >= 0; i--) {
rv = NS_OK;
@@ -1023,9 +1031,7 @@ nsHTMLParanoidFragmentSink::AddAttributes(const nsIParserNode& aNode,
rv = NS_NewURI(getter_AddRefs(attrURI), v, nsnull, baseURI);
if (NS_SUCCEEDED(rv)) {
rv = secMan->
- CheckLoadURIWithPrincipal(mTargetDocument->NodePrincipal(),
- attrURI,
- nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL);
+ CheckLoadURIWithPrincipal(mNullPrincipal, attrURI, flags);
}
}
diff --git a/content/xml/document/src/Makefile.in b/content/xml/document/src/Makefile.in
index 0f5f4f895d8..64ea73e2f6f 100644
--- a/content/xml/document/src/Makefile.in
+++ b/content/xml/document/src/Makefile.in
@@ -68,6 +68,7 @@ LOCAL_INCLUDES = \
-I$(srcdir)/../../../xul/content/src \
-I$(srcdir)/../../../events/src \
-I$(srcdir)/../../../../dom/base \
+ -I$(srcdir)/../../../../caps/include \
$(NULL)
DEFINES += -D_IMPL_NS_LAYOUT
diff --git a/content/xml/document/src/nsXMLFragmentContentSink.cpp b/content/xml/document/src/nsXMLFragmentContentSink.cpp
index 99d6675ada9..5c566d76dd5 100644
--- a/content/xml/document/src/nsXMLFragmentContentSink.cpp
+++ b/content/xml/document/src/nsXMLFragmentContentSink.cpp
@@ -50,6 +50,7 @@
#include "nsGkAtoms.h"
#include "nsINodeInfo.h"
#include "nsNodeInfoManager.h"
+#include "nsNullPrincipal.h"
#include "nsContentCreatorFunctions.h"
#include "nsDOMError.h"
#include "nsIConsoleService.h"
@@ -519,6 +520,9 @@ public:
PRUint32 aLength);
protected:
PRUint32 mSkipLevel; // used when we descend into