diff options
Diffstat (limited to 'dom/html/HTMLSharedElement.cpp')
-rw-r--r-- | dom/html/HTMLSharedElement.cpp | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/dom/html/HTMLSharedElement.cpp b/dom/html/HTMLSharedElement.cpp index 85849f9f79..0dd151f473 100644 --- a/dom/html/HTMLSharedElement.cpp +++ b/dom/html/HTMLSharedElement.cpp @@ -85,15 +85,22 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument, getter_AddRefs(newBaseURI), href, aDocument, aDocument->GetFallbackBaseURI()); + // Vaguely based on + // <https://html.spec.whatwg.org/multipage/semantics.html#set-the-frozen-base-url> + + if (newBaseURI && (newBaseURI->SchemeIs("data") || + newBaseURI->SchemeIs("javascript"))) { + newBaseURI = nullptr; + } + // Check if CSP allows this base-uri - nsresult rv = NS_OK; nsCOMPtr<nsIContentSecurityPolicy> csp = aDocument->GetCsp(); if (csp && newBaseURI) { // base-uri is only enforced if explicitly defined in the // policy - do *not* consult default-src, see: // http://www.w3.org/TR/CSP2/#directive-default-src bool cspPermitsBaseURI = true; - rv = csp->Permits( + nsresult rv = csp->Permits( child->AsElement(), nullptr /* nsICSPEventListener */, newBaseURI, nsIContentSecurityPolicy::BASE_URI_DIRECTIVE, true /* aSpecific */, true /* aSendViolationReports */, &cspPermitsBaseURI); @@ -101,6 +108,7 @@ static void SetBaseURIUsingFirstBaseWithHref(Document* aDocument, newBaseURI = nullptr; } } + aDocument->SetBaseURI(newBaseURI); aDocument->SetChromeXHRDocBaseURI(nullptr); return; |