Skip to content
This repository has been archived by the owner on Aug 4, 2022. It is now read-only.

Commit

Permalink
Bug 1033568 - add pref for customizeToolbars security check, r=dao
Browse files Browse the repository at this point in the history
  • Loading branch information
@gijsk
gijsk committed Jul 2, 2014
1 parent 18c5675 commit 7bd6d85
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions toolkit/content/customizeToolbar.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ var gToolboxChanged = false;
var gToolboxSheet = false;
var gPaletteBox = null;

Components.utils.import("resource://gre/modules/Services.jsm");

function onLoad()
{
if ("arguments" in window && window.arguments[0]) {
Expand Down Expand Up @@ -457,9 +459,7 @@ function setDragActive(aItem, aValue)

function addNewToolbar()
{
var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
.getService(Components.interfaces.nsIPromptService);

var promptService = Services.prompt;
var stringBundle = document.getElementById("stringBundle");
var message = stringBundle.getString("enterToolbarName");
var title = stringBundle.getString("enterToolbarTitle");
Expand Down Expand Up @@ -819,6 +819,12 @@ function onPaletteDrop(aEvent)


function isUnwantedDragEvent(aEvent) {
try {
if (Services.prefs.getBoolPref("toolkit.customization.unsafe_drag_events")) {
return false;
}
} catch (ex) {}

/* Discard drag events that originated from a separate window to
prevent content->chrome privilege escalations. */
let mozSourceNode = aEvent.dataTransfer.mozSourceNode;
Expand Down

0 comments on commit 7bd6d85

Please sign in to comment.