Closed Bug 82032 Opened 24 years ago Closed 24 years ago

XMLHttpRequest.open() does not work with relative URL

Categories

(Core :: XML, defect)

defect
Not set
normal

Tracking

()

VERIFIED FIXED
mozilla0.9.1

People

(Reporter: hjtoi-bugzilla, Assigned: hjtoi-bugzilla)

Details

Mitch, when you added the security check you are using the raw URL passed into Open() when you check if it is legal to load that url. The problem is that the URL can be relative, in which case NS_NewURI() fails and we bail out of the function. I think this would fix this, don't you think? @@ -923,8 +919,17 @@ NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; + nsCOMPtr<nsIPrincipal> principal; + rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal)); + if (NS_SUCCEEDED(rv)) { + nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal); + if (codebase) { + codebase->GetURI(getter_AddRefs(mBaseURI)); + } + } + nsCOMPtr<nsIURI> targetURI; - rv = NS_NewURI(getter_AddRefs(targetURI), url, nsnull); + rv = NS_NewURI(getter_AddRefs(targetURI), url, mBaseURI); if (NS_FAILED(rv)) return NS_ERROR_FAILURE; rv = secMan->CheckConnect(cx, targetURI, "XMLHttpRequest","open"); @@ -942,15 +947,6 @@ return NS_OK; } - nsCOMPtr<nsIPrincipal> principal; - rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal)); - if (NS_SUCCEEDED(rv)) { - nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(principal); - if (codebase) { - codebase->GetURI(getter_AddRefs(mBaseURI)); - } - } - if (argc > 2) { JSBool asyncBool; JS_ValueToBoolean(cx, argv[2], &asyncBool);
You're right, that's the way we should do it. r=mstoltz on your fix.
Fixed on trunk and 0.9.1 branch (the fix went in with bug 73958).
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla0.9.1
No longer depends on: 82050
Marking verified in the June 04 trunk and branch build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.