[or-cvs] [torbutton/maint-1.2] Fix bug 1014: allow sourcing of local file urls by policy.
mikeperry at seul.org
mikeperry at seul.org
Wed Dec 2 20:16:13 UTC 2009
Author: Mike Perry <mikeperry-git at fscked.org>
Date: Thu, 19 Nov 2009 16:30:42 -0800
Subject: Fix bug 1014: allow sourcing of local file urls by policy.
Commit: 5a1996c7280f1321e7e89e087f87a839b22fa67f
This is basically just to allow sourcing of the XML dtds
needed to render XHTML and MATHML. The same origin policy
should prevent actual html pages from sourcing file urls
still.
---
src/components/cssblocker.js | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/src/components/cssblocker.js b/src/components/cssblocker.js
index 6c483f8..9a08d3c 100644
--- a/src/components/cssblocker.js
+++ b/src/components/cssblocker.js
@@ -262,9 +262,18 @@ ContentPolicy.prototype = {
requestOrigin.spec + " for: " +
contentLocation.spec);
return ok;
+ } else if ("file" == targetScheme) {
+ // This fix is for bug 1014. XHTML documents need to source
+ // a special dtd as a file url. The same origin policy should
+ // prevent other access to file urls, so this should be ok
+ // to just allow.
+ this.logger.eclog(3, "Allowing browser file request from: " +
+ requestOrigin.spec + " for: " +
+ contentLocation.spec);
+ //return ok;
} else {
if (this.tor_enabling || (targetHost in protectedChromeHosts)) {
- this.logger.safe_log(4,
+ this.logger.safe_log(4,
"Blocking local request from: ",
requestOrigin.spec+" ("
+requestOrigin.scheme+") for: "+
--
1.5.6.5
More information about the tor-commits
mailing list