Changeset 651

Show
Ignore:
Timestamp:
01/23/08 16:36:12 (10 months ago)
Author:
atr..@atrus.org
Message:

We should still prevent detection even if GM is disabled (c.f. 'flat' extension vulnerability). Also, get rid of the useless decode (packages are decoded for us).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/src/components/greasemonkey.js

    r645 r651  
    163163    var ret = Ci.nsIContentPolicy.ACCEPT; 
    164164 
     165    // block content detection of greasemonkey by denying GM 
     166    // chrome content, unless loaded from chrome 
     167    if (org && org.scheme != "chrome" && cl.scheme == "chrome" && 
     168        cl.host == "greasemonkey") { 
     169      return Ci.nsIContentPolicy.REJECT_SERVER; 
     170    } 
     171 
    165172    // don't intercept anything when GM is not enabled 
    166173    if (!GM_getEnabled()) { 
    167174      return ret; 
    168     } 
    169  
    170     // block content detection of greasemonkey by denying GM 
    171     // chrome content, unless loaded from chrome 
    172     if (org && org.scheme != "chrome" && cl.scheme == "chrome" && 
    173         decodeURI(cl.host) == "greasemonkey") { 
    174       return Ci.nsIContentPolicy.REJECT_SERVER; 
    175175    } 
    176176