Bug 1744352 - Part 1: Ensure we set InitialSandboxFlags when opening …

…or replacing toplevel BrowsingContexts, r=smaug Differential Revision: https://phabricator.services.mozilla.com/D138209
dothq · Feb 9, 2022 · 5e17bc5 · 5e17bc5
1 parent 020bd4e
commit 5e17bc5
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/docshell/base/BrowsingContext.h b/docshell/base/BrowsingContext.h
@@ -127,6 +127,8 @@ enum class ExplicitActiveStatus : uint8_t {
   FIELD(ShouldDelayMediaFromStart, bool)                                      \
   /* See nsSandboxFlags.h for the possible flags. */                          \
   FIELD(SandboxFlags, uint32_t)                                               \
+  /* The value of SandboxFlags when the BrowsingContext is first created.     \
+   * Used for sandboxing the initial about:blank document. */                 \
   FIELD(InitialSandboxFlags, uint32_t)                                        \
   /* A non-zero unique identifier for the browser element that is hosting     \
    * this                                                                     \

diff --git a/docshell/base/CanonicalBrowsingContext.cpp b/docshell/base/CanonicalBrowsingContext.cpp
@@ -308,6 +308,11 @@ void CanonicalBrowsingContext::ReplacedBy(
   txn.SetExplicitActive(GetExplicitActive());
   txn.SetHasRestoreData(GetHasRestoreData());
   txn.SetShouldDelayMediaFromStart(GetShouldDelayMediaFromStart());
+  // As this is a different BrowsingContext, set InitialSandboxFlags to the
+  // current flags in the new context so that they also apply to any initial
+  // about:blank documents created in it.
+  txn.SetSandboxFlags(GetSandboxFlags());
+  txn.SetInitialSandboxFlags(GetSandboxFlags());
   if (aNewContext->EverAttached()) {
     MOZ_ALWAYS_SUCCEEDS(txn.Commit(aNewContext));
   } else {

diff --git a/toolkit/components/windowwatcher/nsWindowWatcher.cpp b/toolkit/components/windowwatcher/nsWindowWatcher.cpp
@@ -1034,6 +1034,8 @@ nsresult nsWindowWatcher::OpenWindowInternal(
       SANDBOX_PROPAGATES_TO_AUXILIARY_BROWSING_CONTEXTS) {
     MOZ_ASSERT(windowIsNew, "Should only get here for new windows");
     MOZ_ALWAYS_SUCCEEDS(newBC->SetSandboxFlags(activeDocsSandboxFlags));
+    MOZ_ALWAYS_SUCCEEDS(
+        newBC->SetInitialSandboxFlags(newBC->GetSandboxFlags()));
   }
 
   RefPtr<nsGlobalWindowOuter> win(