summaryrefslogtreecommitdiffstats
path: root/dom/html/HTMLSharedElement.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'dom/html/HTMLSharedElement.cpp')
-rw-r--r--dom/html/HTMLSharedElement.cpp12
1 files changed, 10 insertions, 2 deletions
diff --git a/dom/html/HTMLSharedElement.cpp b/dom/html/HTMLSharedElement.cpp
index 85849f9f79..0dd151f473 100644
--- a/dom/html/HTMLSharedElement.cpp
+++ b/dom/html/HTMLSharedElement.cpp
@@ -85,15 +85,22 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument,
getter_AddRefs(newBaseURI), href, aDocument,
aDocument->GetFallbackBaseURI());
+ // Vaguely based on
+ // <https://html.spec.whatwg.org/multipage/semantics.html#set-the-frozen-base-url>
+
+ if (newBaseURI && (newBaseURI->SchemeIs("data") ||
+ newBaseURI->SchemeIs("javascript"))) {
+ newBaseURI = nullptr;
+ }
+
// Check if CSP allows this base-uri
- nsresult rv = NS_OK;
nsCOMPtr<nsIContentSecurityPolicy> csp = aDocument->GetCsp();
if (csp && newBaseURI) {
// base-uri is only enforced if explicitly defined in the
// policy - do *not* consult default-src, see:
// http://www.w3.org/TR/CSP2/#directive-default-src
bool cspPermitsBaseURI = true;
- rv = csp->Permits(
+ nsresult rv = csp->Permits(
child->AsElement(), nullptr /* nsICSPEventListener */, newBaseURI,
nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */,
true /* aSendViolationReports */, &cspPermitsBaseURI);
@@ -101,6 +108,7 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument,
newBaseURI = nullptr;
}
}
+
aDocument->SetBaseURI(newBaseURI);
aDocument->SetChromeXHRDocBaseURI(nullptr);
return;