>+ // If this document is being loaded by a docshell, copy its sandbox flags
>+ // to the document. These are immutable after being set here.
>+ nsCOMPtr<nsIDocShell> docShell = do_QueryInterface(aContainer);
>+
>+ if (docShell) {
>+ nsresult rv = docShell->GetSandboxFlags(&mSandboxFlags);
>+ NS_ENSURE_SUCCESS(rv, rv);
>+
>+ // Additionally, if this docshell had its document's sandbox
>+ // attribute removed prior to this load, we need to re-enable
>+ // plugins for this docshell.
>+ bool sandboxCleared;
>+ if (NS_SUCCEEDED(docShell->GetSandboxCleared(&sandboxCleared)) &&
>+ sandboxCleared) {
>+ docShell->SetAllowPlugins(true);
>+ docShell->SetSandboxCleared(false);
>+ }
>+ }
This doesn't work if you remove sandbox attribute and add it then back and then load a new document.
>+ // Sandboxed document check: javascript: URI's are disabled
>+ // in a sandboxed document unless 'allow-scripts' was specified.
>+ nsCOMPtr<nsIDocument> doc = do_QueryInterface(aOriginalInnerWindow->GetExtantDocument());
No need for nsCOMPtr if you use aOriginalInnerWindow->GetExtantDoc()
Comment on attachment 638541
iframe sandbox v19
>+ // If this document is being loaded by a docshell, copy its sandbox flags nsIDocShell> docShell = do_QueryInterfa ce(aContainer) ; >GetSandboxFlag s(&mSandboxFlag s); SUCCESS( rv, rv); docShell- >GetSandboxClea red(&sandboxCle ared)) && >SetAllowPlugin s(true) ; >SetSandboxClea red(false) ;
>+ // to the document. These are immutable after being set here.
>+ nsCOMPtr<
>+
>+ if (docShell) {
>+ nsresult rv = docShell-
>+ NS_ENSURE_
>+
>+ // Additionally, if this docshell had its document's sandbox
>+ // attribute removed prior to this load, we need to re-enable
>+ // plugins for this docshell.
>+ bool sandboxCleared;
>+ if (NS_SUCCEEDED(
>+ sandboxCleared) {
>+ docShell-
>+ docShell-
>+ }
>+ }
This doesn't work if you remove sandbox attribute and add it then back and then load a new document.
>+ // Sandboxed document check: javascript: URI's are disabled nsIDocument> doc = do_QueryInterfa ce(aOriginalInn erWindow- >GetExtantDocum ent()); indow-> GetExtantDoc( )
>+ // in a sandboxed document unless 'allow-scripts' was specified.
>+ nsCOMPtr<
No need for nsCOMPtr if you use aOriginalInnerW