diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:37 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 05:35:37 +0000 |
commit | a90a5cba08fdf6c0ceb95101c275108a152a3aed (patch) | |
tree | 532507288f3defd7f4dcf1af49698bcb76034855 /dom/html/HTMLSharedElement.cpp | |
parent | Adding debian version 126.0.1-1. (diff) | |
download | firefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.tar.xz firefox-a90a5cba08fdf6c0ceb95101c275108a152a3aed.zip |
Merging upstream version 127.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/html/HTMLSharedElement.cpp')
-rw-r--r-- | dom/html/HTMLSharedElement.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/dom/html/HTMLSharedElement.cpp b/dom/html/HTMLSharedElement.cpp index 85849f9f79..0dd151f473 100644 --- a/dom/html/HTMLSharedElement.cpp +++ b/dom/html/HTMLSharedElement.cpp @@ -85,15 +85,22 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument, getter_AddRefs(newBaseURI), href, aDocument, aDocument->GetFallbackBaseURI()); + // Vaguely based on + // <https://html.spec.whatwg.org/multipage/semantics.html#set-the-frozen-base-url> + + if (newBaseURI && (newBaseURI->SchemeIs("data") || + newBaseURI->SchemeIs("javascript"))) { + newBaseURI = nullptr; + } + // Check if CSP allows this base-uri - nsresult rv = NS_OK; nsCOMPtr<nsIContentSecurityPolicy> csp = aDocument->GetCsp(); if (csp && newBaseURI) { // base-uri is only enforced if explicitly defined in the // policy - do *not* consult default-src, see: // http://www.w3.org/TR/CSP2/#directive-default-src bool cspPermitsBaseURI = true; - rv = csp->Permits( + nsresult rv = csp->Permits( child->AsElement(), nullptr /* nsICSPEventListener */, newBaseURI, nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */, true /* aSendViolationReports */, &cspPermitsBaseURI); @@ -101,6 +108,7 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument, newBaseURI = nullptr; } } + aDocument->SetBaseURI(newBaseURI); aDocument->SetChromeXHRDocBaseURI(nullptr); return; |