mirror of
https://github.com/zen-browser/desktop.git
synced 2026-06-30 22:36:36 +00:00
Merge commit from fork
This commit is contained in:
@@ -85,8 +85,7 @@ class nsZenGlanceManager extends nsZenDOMOperatedFeature {
|
||||
menuitem.addEventListener("command", () =>
|
||||
this.openGlance({
|
||||
url: gContextMenu.linkURL,
|
||||
triggeringPrincipal:
|
||||
Services.scriptSecurityManager.getSystemPrincipal(),
|
||||
triggeringPrincipal: gContextMenu.principal,
|
||||
})
|
||||
);
|
||||
|
||||
@@ -354,6 +353,28 @@ class nsZenGlanceManager extends nsZenDOMOperatedFeature {
|
||||
return this.#lastLinkClickData;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether a glance load is permitted for its triggering principal.
|
||||
*
|
||||
* @param {object} data - Glance data including URL and triggeringPrincipal
|
||||
* @returns {boolean} Whether the load is allowed
|
||||
*/
|
||||
#isGlanceLoadAllowed(data) {
|
||||
const { url, triggeringPrincipal } = data ?? {};
|
||||
if (typeof url !== "string" || !url.length || !triggeringPrincipal) {
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
Services.scriptSecurityManager.checkLoadURIStrWithPrincipal(
|
||||
triggeringPrincipal,
|
||||
url
|
||||
);
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Open a glance overlay with the specified data
|
||||
*
|
||||
@@ -371,6 +392,13 @@ class nsZenGlanceManager extends nsZenDOMOperatedFeature {
|
||||
return Promise.resolve(this.#currentTab);
|
||||
}
|
||||
|
||||
// Existing-tab glances perform no navigation and are exempt; for fresh
|
||||
// loads, refuse any URL the triggering principal isn't allowed to load
|
||||
// (e.g. a web page linking to file://).
|
||||
if (!existingTab && !this.#isGlanceLoadAllowed(data)) {
|
||||
return Promise.resolve(null);
|
||||
}
|
||||
|
||||
if (!data.height || !data.width) {
|
||||
data = {
|
||||
...data,
|
||||
|
||||
@@ -1229,7 +1229,11 @@ class nsZenViewSplitter extends nsZenDOMOperatedFeature {
|
||||
const newTab = this.openAndSwitchToTab(url, {
|
||||
skipRoute: true,
|
||||
inBackground: false,
|
||||
triggeringPrincipal: window.gContextMenu.principal,
|
||||
});
|
||||
if (!newTab) {
|
||||
return;
|
||||
}
|
||||
this.splitTabs([currentTab, newTab], undefined, 1);
|
||||
}
|
||||
|
||||
@@ -1979,9 +1983,24 @@ class nsZenViewSplitter extends nsZenDOMOperatedFeature {
|
||||
* @returns {tab} The tab that was opened
|
||||
*/
|
||||
openAndSwitchToTab(url, options) {
|
||||
const triggeringPrincipal = options?.triggeringPrincipal;
|
||||
if (!triggeringPrincipal) {
|
||||
return null;
|
||||
}
|
||||
try {
|
||||
Services.scriptSecurityManager.checkLoadURIStrWithPrincipal(
|
||||
triggeringPrincipal,
|
||||
url
|
||||
);
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
const parentWindow = window.parent;
|
||||
const targetWindow = parentWindow || window;
|
||||
const tab = targetWindow.gBrowser.addTrustedTab(url, options);
|
||||
const tab = targetWindow.gBrowser.addTab(url, {
|
||||
...options,
|
||||
triggeringPrincipal,
|
||||
});
|
||||
targetWindow.gBrowser.selectedTab = tab;
|
||||
return tab;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user