Bug 467035 - Avoid leaking browser language via DTD r=Gijs,bzbarsky

    {}

  );

  let domParser = new DOMParser();

  domParser.forceEnableDTD();

  for (let uri of uris) {

    let rawContents = await fetchFile(uri.spec);

    let resource = FluentResource.fromString(rawContents);

   ../../../../../../browser/extensions/formautofill/content/editCreditCard.xhtml

   ../../../../../../browser/extensions/formautofill/content/editAddress.xhtml

skip-if = true # Bug 1446164

[test_editCreditCard.html]

      mPrincipal(aDocPrincipal),

      mDocumentURI(aDocumentURI),

      mBaseURI(aBaseURI),

      mForceEnableXULXBL(false) {

      mForceEnableXULXBL(false),

      mForceEnableDTD(false) {

  MOZ_ASSERT(aDocPrincipal);

  MOZ_ASSERT(aDocumentURI);

}

      document->ForceEnableXULXBL();

    }

    if (mForceEnableDTD) {

      document->ForceSkipDTDSecurityChecks();

    }

    nsresult rv = nsContentUtils::ParseDocumentHTML(aStr, document, false);

    if (NS_WARN_IF(NS_FAILED(rv))) {

      aRv.Throw(rv);

    document->ForceEnableXULXBL();

  }

  if (mForceEnableDTD) {

    document->ForceSkipDTDSecurityChecks();

  }

  // Have to pass false for reset here, else the reset will remove

  // our event listener.  Should that listener addition move to later

  // than this call?

                                             SupportedType aType,

                                             ErrorResult& aRv);

  void ForceEnableXULXBL() { mForceEnableXULXBL = true; }

  void ForceEnableXULXBL() {

    mForceEnableXULXBL = true;

    ForceEnableDTD();

  }

  void ForceEnableDTD() { mForceEnableDTD = true; }

  nsIGlobalObject* GetParentObject() const { return mOwner; }

  nsCOMPtr<nsIURI> mBaseURI;

  bool mForceEnableXULXBL;

  bool mForceEnableDTD;

};

}  // namespace dom

      mType(eUnknown),

      mDefaultElementType(0),

      mAllowXULXBL(eTriUnset),

      mSkipDTDSecurityChecks(false),

      mBidiOptions(IBMBIDI_DEFAULT_BIDI_OPTIONS),

      mSandboxFlags(0),

      mPartID(0),

  mChannel = aChannel;

}

/**

 * Determine whether the principal is allowed access to the localization system.

 * We don't want the web to ever see this but all our UI including in content

 * pages should pass this test.

 */

bool PrincipalAllowsL10n(nsIPrincipal* principal) {

  // The system principal is always allowed.

  if (nsContentUtils::IsSystemPrincipal(principal)) {

    return true;

  }

  nsCOMPtr<nsIURI> uri;

  nsresult rv = principal->GetURI(getter_AddRefs(uri));

  NS_ENSURE_SUCCESS(rv, false);

  bool hasFlags;

  // Allow access to uris that cannot be loaded by web content.

  rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_DANGEROUS_TO_LOAD,

                           &hasFlags);

  NS_ENSURE_SUCCESS(rv, false);

  if (hasFlags) {

    return true;

  }

  // UI resources also get access.

  rv = NS_URIChainHasFlags(uri, nsIProtocolHandler::URI_IS_UI_RESOURCE,

                           &hasFlags);

  NS_ENSURE_SUCCESS(rv, false);

  return hasFlags;

}

void Document::DisconnectNodeTree() {

  // Delete references to sub-documents and kill the subdocument map,

  // if any. This is not strictly needed, but makes the node tree

bool Document::DocumentSupportsL10n(JSContext* aCx, JSObject* aObject) {

  nsCOMPtr<nsIPrincipal> callerPrincipal =

      nsContentUtils::SubjectPrincipal(aCx);

  return PrincipalAllowsL10n(callerPrincipal);

  return nsContentUtils::PrincipalAllowsL10n(callerPrincipal);

}

void Document::LocalizationLinkAdded(Element* aLinkElement) {

  if (!PrincipalAllowsL10n(NodePrincipal())) {

  if (!nsContentUtils::PrincipalAllowsL10n(NodePrincipal())) {

    return;

  }

}

void Document::LocalizationLinkRemoved(Element* aLinkElement) {

  if (!PrincipalAllowsL10n(NodePrincipal())) {

  if (!nsContentUtils::PrincipalAllowsL10n(NodePrincipal())) {

    return;

  }