This is an automated email from the git hooks/post-receive script.
richard pushed a commit to branch tor-browser-91.9esr-11.0-1 in repository tor-browser.
commit 2f5340c78f0a0d34a367ac4c20239b374ac48559 Author: Nika Layzell nika@thelayzells.com AuthorDate: Wed Apr 6 15:00:57 2022 +0000
Bug 1761981, r=smaug,a=dsmith
Differential Revision: https://phabricator.services.mozilla.com/D142596 --- dom/jsurl/nsJSProtocolHandler.cpp | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/dom/jsurl/nsJSProtocolHandler.cpp b/dom/jsurl/nsJSProtocolHandler.cpp index 06ec5027d5120..09b729442ed57 100644 --- a/dom/jsurl/nsJSProtocolHandler.cpp +++ b/dom/jsurl/nsJSProtocolHandler.cpp @@ -232,18 +232,19 @@ nsresult nsJSThunk::EvaluateScript(
mozilla::dom::Document* targetDoc = innerWin->GetExtantDoc();
- if (targetDoc) { - // Sandboxed document check: javascript: URI execution is disabled - // in a sandboxed document unless 'allow-scripts' was specified. - if (targetDoc->HasScriptsBlockedBySandbox()) { - if (nsCOMPtr<nsIObserverService> obs = - mozilla::services::GetObserverService()) { - obs->NotifyWhenScriptSafe(ToSupports(innerWin), - "javascript-uri-blocked-by-sandbox"); - } - return NS_ERROR_DOM_RETVAL_UNDEFINED; + // Sandboxed document check: javascript: URI execution is disabled in a + // sandboxed document unless 'allow-scripts' was specified. + if ((targetDoc && !targetDoc->IsScriptEnabled()) || + (loadInfo->GetTriggeringSandboxFlags() & SANDBOXED_SCRIPTS)) { + if (nsCOMPtr<nsIObserverService> obs = + mozilla::services::GetObserverService()) { + obs->NotifyWhenScriptSafe(ToSupports(innerWin), + "javascript-uri-blocked-by-sandbox"); } + return NS_ERROR_DOM_RETVAL_UNDEFINED; + }
+ if (targetDoc) { // Perform a Security check against the CSP of the document we are // running against. javascript: URIs are disabled unless "inline" // scripts are allowed. We only do that if targetDoc->NodePrincipal()