stonewareslord/treestyletab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Inherit built-in dragDropSecurityCheck() behavior

Browse Source 
See chrome://global/content/nsDragAndDrop.js
This commit is contained in:
Infocatcher 2012-09-01 17:01:38 +04:00
parent 13eee1e594
commit bc6912fe03
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
modules/tabbarDNDObserver.js
View File

@ -1034,22 +1034,24 @@ catch(e) {
},
securityCheck : function TabbarDND_securityCheck(aURI, aEvent)
{
// See dragDropSecurityCheck() in chrome://global/content/nsDragAndDrop.js
let session = this.treeStyleTab.currentDragSession;
if (!session) //TODO: use some fake nodePrincipal?
if (!session) { //TODO: use some fake nodePrincipal?
aEvent.stopPropagation();
throw 'Drop of ' + aURI + ' denied: no drag session.';
let sourceDoc = session.sourceDocument;
if (!sourceDoc) // The drag originated outside the application
return;
let sourceURI = sourceDoc.documentURI;
}
let normalizedURI = this.treeStyleTab.makeURIFromSpec(aURI);
if (normalizedURI && sourceURI.substr(0, 9) != 'chrome://') {
try {
SecMan.checkLoadURIStrWithPrincipal(sourceDoc.nodePrincipal, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD);
}
catch(e) {
aEvent.stopPropagation();
throw 'Drop of ' + aURI + ' denied.';
}
if (!normalizedURI)
return;
let sourceDoc = session.sourceDocument;
let principal = sourceDoc ? sourceDoc.nodePrincipal
: SecMan.getSimpleCodebasePrincipal(this.treeStyleTab.IOService.newURI("file:///", null, null));
try {
SecMan.checkLoadURIStrWithPrincipal(principal, normalizedURI.spec, Ci.nsIScriptSecurityManager.STANDARD);
}
catch(e) {
aEvent.stopPropagation();
throw 'Drop of ' + aURI + ' denied.';
}
},