Commit 5a1996c7 authored by Mike Perry's avatar Mike Perry
Browse files

Fix bug 1014: allow sourcing of local file urls by policy. 

This is basically just to allow sourcing of the XML dtds
needed to render XHTML and MATHML. The same origin policy
should prevent actual html pages from sourcing file urls
still.
parent 258f1b85

src/components/cssblocker.js

+10 −1
Original line number Diff line number Diff line
@@ -262,6 +262,15 @@ ContentPolicy.prototype = { 
                                          requestOrigin.spec + " for: " +

                                          contentLocation.spec);

                        return ok;

                    } else if ("file" == targetScheme) {

                        // This fix is for bug 1014. XHTML documents need to source

                        // a special dtd as a file url. The same origin policy should

                        // prevent other access to file urls, so this should be ok

                        // to just allow.

                        this.logger.eclog(3, "Allowing browser file request from: " +

                                          requestOrigin.spec + " for: " +

                                          contentLocation.spec);

                        //return ok;

                    } else {

                        if (this.tor_enabling || (targetHost in protectedChromeHosts)) {

                            this.logger.safe_log(4,