From 5e39c1b25b74f99c85ab4ec7a63997ee85aa1c59 Mon Sep 17 00:00:00 2001
From: Infocatcher <infocatcher19@gmail.com>
Date: Wed, 29 Aug 2012 14:23:05 +0400
Subject: [PATCH] Use checkLoadURIStrWithPrincipal() instead of
 checkLoadURIStr()

Because checkLoadURIStr() are missing in Nightly
---
 modules/tabbarDNDObserver.js | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/modules/tabbarDNDObserver.js b/modules/tabbarDNDObserver.js
index 21e66b77..75bc343b 100644
--- a/modules/tabbarDNDObserver.js
+++ b/modules/tabbarDNDObserver.js
@@ -1035,17 +1035,18 @@ catch(e) {
 	securityCheck : function TabbarDND_securityCheck(aURI, aEvent)
 	{
 		let session = this.treeStyleTab.currentDragSession;
-		let (sourceDoc = session ? session.sourceDocument : null) {
-			let sourceURI = sourceDoc ? sourceDoc.documentURI : 'file:///' ;
-			let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI);
-			if (normalizedURI && sourceURI.indexOf('chrome://') < 0) {
-				try {
-					SecMan.checkLoadURIStr(sourceURI, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD);
-				}
-				catch(e) {
-					aEvent.stopPropagation();
-					throw 'Drop of ' + aURI + ' denied.';
-				}
+		if (!session) //TODO: use some fake nodePrincipal?
+			throw 'Drop of ' + aURI + ' denied: no drag session.';
+		let sourceDoc = session.sourceDocument;
+		let sourceURI = sourceDoc.documentURI;
+		let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI);
+		if (normalizedURI && sourceURI.substr(0, 9) != 'chrome://') {
+			try {
+				SecMan.checkLoadURIStrWithPrincipal(sourceDoc.nodePrincipal, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD);
+			}
+			catch(e) {
+				aEvent.stopPropagation();
+				throw 'Drop of ' + aURI + ' denied.';
 			}
 		}
 	},