[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/firefox/FC-6 mozilla-178993.patch, NONE, 1.1 mozilla-358594.patch, NONE, 1.1 mozilla-379245.patch, NONE, 1.1 mozilla-381300.patch, NONE, 1.1 mozilla-382532.patch, NONE, 1.1 mozilla-384925.patch, NONE, 1.1 .cvsignore, 1.30, 1.31 firefox.spec, 1.170, 1.171 sources, 1.37, 1.38



Author: kengert

Update of /cvs/dist/rpms/firefox/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv29849

Modified Files:
	.cvsignore firefox.spec sources 
Added Files:
	mozilla-178993.patch mozilla-358594.patch mozilla-379245.patch 
	mozilla-381300.patch mozilla-382532.patch mozilla-384925.patch 
Log Message:
* Tue Jul 17 2007 Kai Engert <kengert redhat com> - 1.5.0.12-2
- Update to latest snapshot of Mozilla 1.8.0 branch
- Include patches for Mozilla bugs 379245, 384925, 178993,
  381300 (+382686), 358594 (+380933), 382532 (+382503)


mozilla-178993.patch:
 public/nsICookie2.idl   |    9 +++
 src/nsCookie.cpp        |    7 ++-
 src/nsCookie.h          |    8 +++
 src/nsCookieService.cpp |  111 +++++++++++++++++++++++++++++++++++++-----------
 src/nsCookieService.h   |    6 ++
 5 files changed, 113 insertions(+), 28 deletions(-)

--- NEW FILE mozilla-178993.patch ---
 netwerk/cookie/public/nsICookie2.idl   |    9 ++
 netwerk/cookie/src/nsCookie.cpp        |    7 +-
 netwerk/cookie/src/nsCookie.h          |    8 ++
 netwerk/cookie/src/nsCookieService.cpp |  111 +++++++++++++++++++++++++--------
 netwerk/cookie/src/nsCookieService.h   |    6 +
 5 files changed, 113 insertions(+), 28 deletions(-)

Index: mozilla/netwerk/cookie/public/nsICookie2.idl
===================================================================
--- mozilla.orig/netwerk/cookie/public/nsICookie2.idl	2007-07-16 10:53:19.000000000 +0000
+++ mozilla/netwerk/cookie/public/nsICookie2.idl	2007-07-16 10:53:23.000000000 +0000
@@ -67,8 +67,17 @@
      * (where 0 does not represent a session cookie).
      *
      * not to be confused with |expires|, an
      * attribute on nsICookie.
      */
     readonly attribute PRInt64 expiry;
 
 };
+
+[scriptable, uuid(40712890-6c9e-45fc-b77c-c8ea344f690e)]
+interface nsICookie2_MOZILLA_1_8_BRANCH : nsICookie2
+{
+    /**
+     * true if the cookie is an http only cookie
+     */
+    readonly attribute boolean httpOnly;
+};
Index: mozilla/netwerk/cookie/src/nsCookie.cpp
===================================================================
--- mozilla.orig/netwerk/cookie/src/nsCookie.cpp	2007-07-16 10:53:19.000000000 +0000
+++ mozilla/netwerk/cookie/src/nsCookie.cpp	2007-07-16 10:53:23.000000000 +0000
@@ -84,16 +84,17 @@
 nsCookie::Create(const nsACString &aName,
                  const nsACString &aValue,
                  const nsACString &aHost,
                  const nsACString &aPath,
                  nsInt64          aExpiry,
                  nsInt64          aLastAccessed,
                  PRBool           aIsSession,
                  PRBool           aIsSecure,
+                 PRBool           aIsHttpOnly,
                  nsCookieStatus   aStatus,
                  nsCookiePolicy   aPolicy)
 {
   // find the required string buffer size, adding 4 for the terminating nulls
   const PRUint32 stringLength = aName.Length() + aValue.Length() +
                                 aHost.Length() + aPath.Length() + 4;
 
   // allocate contiguous space for the nsCookie and its strings -
@@ -106,17 +107,18 @@
   char *name, *value, *host, *path, *end;
   name = NS_STATIC_CAST(char *, place) + sizeof(nsCookie);
   StrBlockCopy(aName, aValue, aHost, aPath,
                name, value, host, path, end);
 
   // construct the cookie. placement new, oh yeah!
   return new (place) nsCookie(name, value, host, path, end,
                               aExpiry, aLastAccessed, ++gLastCreationTime,
-                              aIsSession, aIsSecure, aStatus, aPolicy);
+                              aIsSession, aIsSecure, aIsHttpOnly,
+                              aStatus, aPolicy);
 }
 
 /******************************************************************************
  * nsCookie:
  * xpcom impl
  ******************************************************************************/
 
 // xpcom getters
@@ -124,25 +126,26 @@
 NS_IMETHODIMP nsCookie::GetValue(nsACString &aValue)       { aValue = Value();          return NS_OK; }
 NS_IMETHODIMP nsCookie::GetHost(nsACString &aHost)         { aHost = Host();            return NS_OK; }
 NS_IMETHODIMP nsCookie::GetRawHost(nsACString &aHost)      { aHost = RawHost();         return NS_OK; }
 NS_IMETHODIMP nsCookie::GetPath(nsACString &aPath)         { aPath = Path();            return NS_OK; }
 NS_IMETHODIMP nsCookie::GetExpiry(PRInt64 *aExpiry)        { *aExpiry = Expiry();       return NS_OK; }
 NS_IMETHODIMP nsCookie::GetIsSession(PRBool *aIsSession)   { *aIsSession = IsSession(); return NS_OK; }
 NS_IMETHODIMP nsCookie::GetIsDomain(PRBool *aIsDomain)     { *aIsDomain = IsDomain();   return NS_OK; }
 NS_IMETHODIMP nsCookie::GetIsSecure(PRBool *aIsSecure)     { *aIsSecure = IsSecure();   return NS_OK; }
+NS_IMETHODIMP nsCookie::GetHttpOnly(PRBool *aHttpOnly)     { *aHttpOnly = IsHttpOnly(); return NS_OK; }
 NS_IMETHODIMP nsCookie::GetStatus(nsCookieStatus *aStatus) { *aStatus = Status();       return NS_OK; }
 NS_IMETHODIMP nsCookie::GetPolicy(nsCookiePolicy *aPolicy) { *aPolicy = Policy();       return NS_OK; }
 
 // compatibility method, for use with the legacy nsICookie interface.
 // here, expires == 0 denotes a session cookie.
 NS_IMETHODIMP
 nsCookie::GetExpires(PRUint64 *aExpires)
 {
   if (IsSession()) {
     *aExpires = 0;
   } else {
     *aExpires = Expiry() > nsInt64(0) ? PRInt64(Expiry()) : 1;
   }
   return NS_OK;
 }
 
-NS_IMPL_ISUPPORTS2(nsCookie, nsICookie2, nsICookie)
+NS_IMPL_ISUPPORTS3(nsCookie, nsICookie2, nsICookie, nsICookie2_MOZILLA_1_8_BRANCH)
Index: mozilla/netwerk/cookie/src/nsCookie.h
===================================================================
--- mozilla.orig/netwerk/cookie/src/nsCookie.h	2007-07-16 10:53:19.000000000 +0000
+++ mozilla/netwerk/cookie/src/nsCookie.h	2007-07-16 10:53:23.000000000 +0000
@@ -50,71 +50,75 @@
  * for xpcom access of cookie objects.
  */
 
 /******************************************************************************
  * nsCookie:
  * implementation
  ******************************************************************************/
 
-class nsCookie : public nsICookie2
+class nsCookie : public nsICookie2_MOZILLA_1_8_BRANCH
 {
   // break up the NS_DECL_ISUPPORTS macro, since we use a bitfield refcount member
   public:
     NS_DECL_ISUPPORTS_INHERITED
   protected:
     NS_DECL_OWNINGTHREAD
 
   public:
     // nsISupports
     NS_DECL_NSICOOKIE
     NS_DECL_NSICOOKIE2
+    NS_DECL_NSICOOKIE2_MOZILLA_1_8_BRANCH
 
   private:
     // for internal use only. see nsCookie::Create().
     nsCookie(const char     *aName,
              const char     *aValue,
              const char     *aHost,
              const char     *aPath,
              const char     *aEnd,
              nsInt64         aExpiry,
              nsInt64         aLastAccessed,
              PRUint32        aCreationTime,
              PRBool          aIsSession,
              PRBool          aIsSecure,
+             PRBool          aIsHttpOnly,
              nsCookieStatus  aStatus,
              nsCookiePolicy  aPolicy)
      : mNext(nsnull)
      , mName(aName)
      , mValue(aValue)
      , mHost(aHost)
      , mPath(aPath)
      , mEnd(aEnd)
      , mExpiry(aExpiry)
      , mLastAccessed(aLastAccessed)
      , mCreationTime(aCreationTime)
      , mRefCnt(0)
      , mIsSession(aIsSession != PR_FALSE)
      , mIsSecure(aIsSecure != PR_FALSE)
+     , mIsHttpOnly(aIsHttpOnly != PR_FALSE)
      , mStatus(aStatus)
      , mPolicy(aPolicy)
     {
     }
 
   public:
     // public helper to create an nsCookie object. use |operator delete|
     // to destroy an object created by this method.
     static nsCookie * Create(const nsACString &aName,
                              const nsACString &aValue,
                              const nsACString &aHost,
                              const nsACString &aPath,
                              nsInt64           aExpiry,
                              nsInt64           aLastAccessed,
                              PRBool            aIsSession,
                              PRBool            aIsSecure,
+                             PRBool            aIsHttpOnly,
                              nsCookieStatus    aStatus,
                              nsCookiePolicy    aPolicy);
 
     virtual ~nsCookie() {};
 
     // fast (inline, non-xpcom) getters
     inline const nsDependentCString Name()  const { return nsDependentCString(mName, mValue - 1); }
     inline const nsDependentCString Value() const { return nsDependentCString(mValue, mHost - 1); }
@@ -122,16 +126,17 @@
     inline const nsDependentCString RawHost() const { return nsDependentCString(IsDomain() ? mHost + 1 : mHost, mPath - 1); }
     inline const nsDependentCString Path()  const { return nsDependentCString(mPath, mEnd); }
     inline nsInt64 Expiry()                 const { return mExpiry; }
     inline nsInt64 LastAccessed()           const { return mLastAccessed; }
     inline PRUint32 CreationTime()          const { return mCreationTime; }
     inline PRBool IsSession()               const { return mIsSession; }
     inline PRBool IsDomain()                const { return *mHost == '.'; }
     inline PRBool IsSecure()                const { return mIsSecure; }
+    inline PRBool IsHttpOnly()              const { return mIsHttpOnly; }
     inline nsCookieStatus Status()          const { return mStatus; }
     inline nsCookiePolicy Policy()          const { return mPolicy; }
 
     // setters
     inline void SetLastAccessed(nsInt64 aLastAccessed) { mLastAccessed = aLastAccessed; }
     inline void SetExpiry(PRInt64 aExpiry)             { mExpiry = aExpiry; }
     inline void SetIsSession(PRBool aIsSession)        { mIsSession = aIsSession; }
     inline void SetCreationTime(PRUint32 aCT)          { mCreationTime = aCT; }
@@ -153,13 +158,14 @@
     const char *mPath;
     const char *mEnd;
     nsInt64     mExpiry;
     nsInt64     mLastAccessed;
     PRUint32    mCreationTime;
     PRUint32    mRefCnt    : 16;
     PRUint32    mIsSession : 1;
     PRUint32    mIsSecure  : 1;
+    PRUint32    mIsHttpOnly: 1;
     PRUint32    mStatus    : 3;
     PRUint32    mPolicy    : 3;
 };
 
 #endif // nsCookie_h__
Index: mozilla/netwerk/cookie/src/nsCookieService.cpp
===================================================================
--- mozilla.orig/netwerk/cookie/src/nsCookieService.cpp	2007-07-16 10:53:19.000000000 +0000
+++ mozilla/netwerk/cookie/src/nsCookieService.cpp	2007-07-16 10:53:23.000000000 +0000
@@ -70,16 +70,22 @@
 #include "nsNetCID.h"
 #include "nsAppDirectoryServiceDefs.h"
 
 /******************************************************************************
  * nsCookieService impl:
  * useful types & constants
  ******************************************************************************/
 
+// XXX_hack. See bug 178993.
+// This is a hack to hide HttpOnly cookies from older browsers
+//
+
+static const char kHttpOnlyPrefix[] = "#HttpOnly_";
+
 static const char kCookieFileName[] = "cookies.txt";
 
 static const PRUint32 kLazyWriteTimeout = 5000; //msec
 
 #undef  LIMIT
 #define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default))
 
 // default limits for the cookie list. these can be tuned by the
@@ -119,16 +125,17 @@
   nsCAutoString value;
   nsCAutoString host;
   nsCAutoString path;
   nsCAutoString expires;
   nsCAutoString maxage;
   nsInt64 expiryTime;
   PRBool isSession;
   PRBool isSecure;
+  PRBool isHttpOnly;
 };
 
 // stores linked list iteration state, and provides a rudimentary
 // list traversal method
 struct nsListIter
 {
   nsListIter() {}
 
@@ -477,40 +484,24 @@
     nsCOMPtr<nsIPrefBranch> prefBranch = do_QueryInterface(aSubject);
     if (prefBranch)
       PrefChanged(prefBranch);
   }
 
   return NS_OK;
 }
 
-NS_IMETHODIMP
-nsCookieService::GetCookieString(nsIURI     *aHostURI,
-                                 nsIChannel *aChannel,
-                                 char       **aCookie)
-{
-  // try to determine first party URI
-  nsCOMPtr<nsIURI> firstURI;
-  if (aChannel) {
-    nsCOMPtr<nsIHttpChannelInternal> httpInternal = do_QueryInterface(aChannel);
-    if (httpInternal)
-      httpInternal->GetDocumentURI(getter_AddRefs(firstURI));
-  }
-
-  return GetCookieStringFromHttp(aHostURI, firstURI, aChannel, aCookie);
-}
-
 // helper function for GetCookieStringFromHttp
 static inline PRBool ispathdelimiter(char c) { return c == '/' || c == '?' || c == '#' || c == ';'; }
 
-NS_IMETHODIMP
-nsCookieService::GetCookieStringFromHttp(nsIURI     *aHostURI,
-                                         nsIURI     *aFirstURI,
-                                         nsIChannel *aChannel,
-                                         char       **aCookie)
+nsresult nsCookieService::GetCookieStringFromHttpInternal(nsIURI     *aHostURI,
+                                                          nsIURI     *aFirstURI,
+                                                          nsIChannel *aChannel,
+                                                          char       **aCookie,
+                                                          PRBool     aHttpBound)
 {
   *aCookie = nsnull;
 
   if (!aHostURI) {
     COOKIE_LOGFAILURE(GET_COOKIE, nsnull, nsnull, "host URI is null");
     return NS_OK;
   }
 
@@ -560,16 +551,22 @@
     nsCookieEntry *entry = mHostTable.GetEntry(currentDot);
     cookie = entry ? entry->Head() : nsnull;
     for (; cookie; cookie = cookie->Next()) {
       // if the cookie is secure and the host scheme isn't, we can't send it
       if (cookie->IsSecure() && !isSecure) {
         continue;
       }
 
+      // if the cookie is httpOnly and it's not going directly to the HTTP
+      // connection, don't send it
+      if (cookie->IsHttpOnly() && !aHttpBound) {
+        continue;
+      }
+
       // calculate cookie path length, excluding trailing '/'
       PRUint32 cookiePathLen = cookie->Path().Length();
       if (cookiePathLen > 0 && cookie->Path().Last() == '/') {
         --cookiePathLen;
       }
 
       // if the nsIURI path is shorter than the cookie path, don't send it back
       if (!StringBeginsWith(pathFromURI, Substring(cookie->Path(), 0, cookiePathLen))) {
@@ -639,16 +636,41 @@
     COOKIE_LOGSUCCESS(GET_COOKIE, aHostURI, cookieData, nsnull);
     *aCookie = ToNewCString(cookieData);
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
+nsCookieService::GetCookieString(nsIURI     *aHostURI,
+                                 nsIChannel *aChannel,
+                                 char       **aCookie)
+{
+  // try to determine first party URI
+  nsCOMPtr<nsIURI> firstURI;
+  if (aChannel) {
+    nsCOMPtr<nsIHttpChannelInternal> httpInternal = do_QueryInterface(aChannel);
+    if (httpInternal)
+      httpInternal->GetDocumentURI(getter_AddRefs(firstURI));
+  }
+
+  return GetCookieStringFromHttpInternal(aHostURI, firstURI, aChannel, aCookie, PR_FALSE);
+}
+
+NS_IMETHODIMP
+nsCookieService::GetCookieStringFromHttp(nsIURI     *aHostURI,
+                                         nsIURI     *aFirstURI,
+                                         nsIChannel *aChannel,
+                                         char       **aCookie)
+{
+  return GetCookieStringFromHttpInternal(aHostURI, aFirstURI, aChannel, aCookie, PR_TRUE);
+}
+
+NS_IMETHODIMP
 nsCookieService::SetCookieString(nsIURI     *aHostURI,
                                  nsIPrompt  *aPrompt,
                                  const char *aCookieHeader,
                                  nsIChannel *aChannel)
 {
   // try to determine first party URI
   nsCOMPtr<nsIURI> firstURI;
 
@@ -847,16 +869,17 @@
   nsInt64 currentTime = NOW_IN_SECONDS;
 
   nsRefPtr<nsCookie> cookie =
     nsCookie::Create(aName, aValue, aDomain, aPath,
                      nsInt64(aExpiry),
                      currentTime,
                      aIsSession,
                      aIsSecure,
+                     PR_FALSE,
                      nsICookie::STATUS_UNKNOWN,
                      nsICookie::POLICY_UNKNOWN);
   if (!cookie) {
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   AddInternal(cookie, currentTime, nsnull, nsnull);
   return NS_OK;
@@ -911,21 +934,21 @@
   if (NS_FAILED(rv)) {
     return rv;
   }
 
   static const char kTrue[] = "TRUE";
 
   nsCAutoString buffer;
   PRBool isMore = PR_TRUE;
-  PRInt32 hostIndex = 0, isDomainIndex, pathIndex, secureIndex, expiresIndex, nameIndex, cookieIndex;
+  PRInt32 hostIndex, isDomainIndex, pathIndex, secureIndex, expiresIndex, nameIndex, cookieIndex;
   nsASingleFragmentCString::char_iterator iter;
   PRInt32 numInts;
   PRInt64 expires;
-  PRBool isDomain;
+  PRBool isDomain, isHttpOnly = PR_FALSE;
   nsInt64 currentTime = NOW_IN_SECONDS;
   // we use lastAccessedCounter to keep cookies in recently-used order,
   // so we start by initializing to currentTime (somewhat arbitrary)
   nsInt64 lastAccessedCounter = currentTime;
   nsCookie *newCookie;
 
   /* file format is:
    *
@@ -935,21 +958,36 @@
    * isDomain is "TRUE" or "FALSE" (default to "FALSE")
    * isSecure is "TRUE" or "FALSE" (default to "TRUE")
    * expires is a PRInt64 integer
    * note 1: cookie can contain tabs.
    * note 2: cookies are written in order of lastAccessed time:
    *         most-recently used come first; least-recently-used come last.
    */
 
+  /*
+   * ...but due to bug 178933, we hide HttpOnly cookies from older code
+   * in a comment, so they don't expose HttpOnly cookies to JS.
+   *
+   * The format for HttpOnly cookies is
+   *
+   * #HttpOnly_host \t isDomain \t path \t secure \t expires \t name \t cookie
+   *
+   */
+
   while (isMore && NS_SUCCEEDED(lineInputStream->ReadLine(buffer, &isMore))) {
-    if (buffer.IsEmpty() || buffer.First() == '#') {
+    if (StringBeginsWith(buffer, NS_LITERAL_CSTRING(kHttpOnlyPrefix))) {
+      isHttpOnly = PR_TRUE;
+      hostIndex = sizeof(kHttpOnlyPrefix) - 1;
+    } else if (buffer.IsEmpty() || buffer.First() == '#') {
       continue;
+    } else {
+      isHttpOnly = PR_FALSE;
+      hostIndex = 0;
     }
-
     // this is a cheap, cheesy way of parsing a tab-delimited line into
     // string indexes, which can be lopped off into substrings. just for
     // purposes of obfuscation, it also checks that each token was found.
     // todo: use iterators?
     if ((isDomainIndex = buffer.FindChar('\t', hostIndex)     + 1) == 0 ||
         (pathIndex     = buffer.FindChar('\t', isDomainIndex) + 1) == 0 ||
         (secureIndex   = buffer.FindChar('\t', pathIndex)     + 1) == 0 ||
         (expiresIndex  = buffer.FindChar('\t', secureIndex)   + 1) == 0 ||
@@ -982,16 +1020,17 @@
       nsCookie::Create(Substring(buffer, nameIndex, cookieIndex - nameIndex - 1),
                        Substring(buffer, cookieIndex, buffer.Length() - cookieIndex),
                        host,
                        Substring(buffer, pathIndex, secureIndex - pathIndex - 1),
                        nsInt64(expires),
                        lastAccessedCounter,
                        PR_FALSE,
                        Substring(buffer, secureIndex, expiresIndex - secureIndex - 1).EqualsLiteral(kTrue),
+                       isHttpOnly,
                        nsICookie::STATUS_UNKNOWN,
                        nsICookie::POLICY_UNKNOWN);
     if (!newCookie) {
       return NS_ERROR_OUT_OF_MEMORY;
     }
 
     // trick: keep the cookies in most-recently-used order,
     // by successively decrementing the lastAccessed time
@@ -1077,28 +1116,37 @@
    *
    * isDomain is "TRUE" or "FALSE"
    * isSecure is "TRUE" or "FALSE"
    * expires is a PRInt64 integer
    * note 1: cookie can contain tabs.
    * note 2: cookies are written in order of lastAccessed time:
    *         most-recently used come first; least-recently-used come last.
    */
+
+  /*
+   * XXX but see above in ::Read for the HttpOnly hack
+   */
+   
   nsCookie *cookie;
   nsInt64 currentTime = NOW_IN_SECONDS;
   char dateString[22];
   PRUint32 dateLen;
   for (PRUint32 i = 0; i < mCookieCount; ++i) {
     cookie = NS_STATIC_CAST(nsCookie*, sortedCookieList.ElementAt(i));
 
     // don't write entry if cookie has expired, or is a session cookie
     if (cookie->IsSession() || cookie->Expiry() <= currentTime) {
       continue;
     }
 
+    // XXX hack for HttpOnly. see bug 178993.
+    if (cookie->IsHttpOnly()) {
+      bufferedOutputStream->Write(kHttpOnlyPrefix, sizeof(kHttpOnlyPrefix) - 1, &rv);
+    }
     bufferedOutputStream->Write(cookie->Host().get(), cookie->Host().Length(), &rv);
     if (cookie->IsDomain()) {
       bufferedOutputStream->Write(kTrue, sizeof(kTrue) - 1, &rv);
     } else {
       bufferedOutputStream->Write(kFalse, sizeof(kFalse) - 1, &rv);
     }
     bufferedOutputStream->Write(cookie->Path().get(), cookie->Path().Length(), &rv);
     if (cookie->IsSecure()) {
@@ -1194,16 +1242,17 @@
     nsCookie::Create(cookieAttributes.name,
                      cookieAttributes.value,
                      cookieAttributes.host,
                      cookieAttributes.path,
                      cookieAttributes.expiryTime,
                      currentTime,
                      cookieAttributes.isSession,
                      cookieAttributes.isSecure,
+                     cookieAttributes.isHttpOnly,
                      aStatus,
                      aPolicy);
   if (!cookie) {
     return newCookie;
   }
 
   // check permissions from site permission list, or ask the user,
   // to determine if we can set the cookie
@@ -1338,16 +1387,19 @@
     4. where appropriate, full <OCTET>s are allowed, where the spec dictates to
        reject control chars or non-ASCII chars. This is erring on the loose
        side, since there's probably no good reason to enforce this strictness.
 
     5. cookie <NAME> is optional, where spec requires it. This is a fairly
        trivial case, but allows the flexibility of setting only a cookie <VALUE>
        with a blank <NAME> and is required by some sites (see bug 169091).
 
+    6. Attribute "HttpOnly", not covered in the RFCs, is supported
+       (see bug 178993).
+
  ** Begin BNF:
     token         = 1*<any allowed-chars except separators>
     value         = token-value | quoted-string
     token-value   = 1*<any allowed-chars except value-sep>
     quoted-string = ( <"> *( qdtext | quoted-pair ) <"> )
     qdtext        = <any allowed-chars except <">>             ; CR | LF removed by necko
     quoted-pair   = "\" <any OCTET except NUL or cookie-sep>   ; CR | LF removed by necko
     separators    = ";" | "="
@@ -1372,16 +1424,17 @@
     valid values for cookie-av (checked post-parsing) are:
     cookie-av     = "Path"    "=" value
                   | "Domain"  "=" value
                   | "Expires" "=" value
                   | "Max-Age" "=" value
                   | "Comment" "=" value
                   | "Version" "=" value
                   | "Secure"
+                  | "HttpOnly"
 
 ******************************************************************************/
 
 // helper functions for GetTokenValue
 static inline PRBool iswhitespace     (char c) { return c == ' '  || c == '\t'; }
 static inline PRBool isterminator     (char c) { return c == '\n' || c == '\r'; }
 static inline PRBool isquoteterminator(char c) { return isterminator(c) || c == '"'; }
 static inline PRBool isvalueseparator (char c) { return isterminator(c) || c == ';'; }
@@ -1478,24 +1531,27 @@
 nsCookieService::ParseAttributes(nsDependentCString &aCookieHeader,
                                  nsCookieAttributes &aCookieAttributes)
 {
   static const char kPath[]    = "path";
   static const char kDomain[]  = "domain";
   static const char kExpires[] = "expires";
   static const char kMaxage[]  = "max-age";
   static const char kSecure[]  = "secure";
+  static const char kHttpOnly[]  = "httponly";
 
   nsASingleFragmentCString::const_char_iterator tempBegin, tempEnd;
   nsASingleFragmentCString::const_char_iterator cookieStart, cookieEnd;
   aCookieHeader.BeginReading(cookieStart);
   aCookieHeader.EndReading(cookieEnd);
 
   aCookieAttributes.isSecure = PR_FALSE;
 
+  aCookieAttributes.isHttpOnly = PR_FALSE;
+
   nsDependentCSubstring tokenString(cookieStart, cookieStart);
   nsDependentCSubstring tokenValue (cookieStart, cookieStart);
   PRBool newCookie, equalsFound;
 
   // extract cookie <NAME> & <VALUE> (first attribute), and copy the strings.
   // if we find multiple cookies, return for processing
   // note: if there's no '=', we assume token is <VALUE>. this is required by
   //       some sites (see bug 169091).
@@ -1532,16 +1588,21 @@
       aCookieAttributes.expires = tokenValue;
 
     else if (tokenString.LowerCaseEqualsLiteral(kMaxage))
       aCookieAttributes.maxage = tokenValue;
 
     // ignore any tokenValue for isSecure; just set the boolean
     else if (tokenString.LowerCaseEqualsLiteral(kSecure))
       aCookieAttributes.isSecure = PR_TRUE;
+
+    // ignore any tokenValue for isHttpOnly (see bug 178993);
+    // just set the boolean
+    else if (tokenString.LowerCaseEqualsLiteral(kHttpOnly))
+      aCookieAttributes.isHttpOnly = PR_TRUE;
   }
 
   // rebind aCookieHeader, in case we need to process another cookie
   aCookieHeader.Rebind(cookieStart, cookieEnd);
   return newCookie;
 }
 
 /******************************************************************************
Index: mozilla/netwerk/cookie/src/nsCookieService.h
===================================================================
--- mozilla.orig/netwerk/cookie/src/nsCookieService.h	2007-07-16 10:53:19.000000000 +0000
+++ mozilla/netwerk/cookie/src/nsCookieService.h	2007-07-16 11:32:29.000000000 +0000
@@ -217,11 +217,17 @@
     PRUint16                      mMaxCookiesPerHost;
 
     // private static member, used to cache a ptr to nsCookieService,
     // so we can make nsCookieService a singleton xpcom object.
     static nsCookieService        *gCookieService;
 
     // this callback needs access to member functions
     friend PLDHashOperator PR_CALLBACK removeExpiredCallback(nsCookieEntry *aEntry, void *aArg);
+
+    nsresult GetCookieStringFromHttpInternal(nsIURI     *aHostURI,
+                                                              nsIURI     *aFirstURI,
+                                                              nsIChannel *aChannel,
+                                                              char       **aCookie,
+                                                              PRBool     aHttpBound);
 };
 
 #endif // nsCookieService_h__

mozilla-358594.patch:
 jsobj.c    |  136 ++++++++++++++++++++++++++++++++++++++++---------------------
 jsopcode.c |   32 ++++++++++----
 2 files changed, 114 insertions(+), 54 deletions(-)

--- NEW FILE mozilla-358594.patch ---
Index: mozilla/js/src/jsopcode.c
===================================================================
RCS file: /cvsroot/mozilla/js/src/jsopcode.c,v
retrieving revision 3.89.2.8.2.11
diff -u -8 -p -r3.89.2.8.2.11 jsopcode.c
--- mozilla/js/src/jsopcode.c	3 Apr 2007 04:59:17 -0000	3.89.2.8.2.11
+++ mozilla/js/src/jsopcode.c	17 Jul 2007 17:15:52 -0000
@@ -61,16 +61,17 @@
 #include "jsconfig.h"
 #include "jsdbgapi.h"
 #include "jsemit.h"
 #include "jsfun.h"
 #include "jslock.h"
 #include "jsobj.h"
 #include "jsopcode.h"
 #include "jsregexp.h"
+#include "jsscan.h"
 #include "jsscope.h"
 #include "jsscript.h"
 #include "jsstr.h"
 
 const char js_const_str[]       = "const";
 const char js_var_str[]         = "var";
 const char js_function_str[]    = "function";
 const char js_in_str[]          = "in";
@@ -2526,41 +2527,54 @@ Decompile(SprintStack *ss, jsbytecode *p
                               ? " " : "",
                               (lastop == JSOP_GETTER) ? js_getter_str :
                               (lastop == JSOP_SETTER) ? js_setter_str :
                               "",
                               rval);
 #else
                 if (lastop == JSOP_GETTER || lastop == JSOP_SETTER) {
                     rval += strlen(js_function_str) + 1;
-                    todo = Sprint(&ss->sprinter, "%s%s%s %s%.*s",
-                                  lval,
-                                  (lval[1] != '\0') ? ", " : "",
-                                  (lastop == JSOP_GETTER)
-                                  ? js_get_str : js_set_str,
-                                  xval,
-                                  strlen(rval) - 1,
-                                  rval);
+                    if (!atom || !ATOM_IS_STRING(atom) ||
+                        !ATOM_IS_IDENTIFIER(atom) ||
+                        !!ATOM_KEYWORD(js_AtomizeChars(cx,
+                                                     ATOM_TO_STRING(atom),
+                                                     sizeof(ATOM_TO_STRING(atom)),
+                                                     0))||
+                        ((ss->opcodes[ss->top+1] != JSOP_ANONFUNOBJ ||
+                          strncmp(rval, js_function_str, 8) != 0) &&
+                         ss->opcodes[ss->top+1] != JSOP_NAMEDFUNOBJ)) {
+
+                        todo = Sprint(&ss->sprinter, "%s%s%s %s%.*s",
+                                      lval,
+                                      (lval[1] != '\0') ? ", " : "",
+                                      (lastop == JSOP_GETTER)
+                                      ? js_get_str : js_set_str,
+                                      xval,
+                                      strlen(rval) - 1,
+                                      rval);
+                    }
                 } else {
                     todo = Sprint(&ss->sprinter, "%s%s%s:%s",
                                   lval,
                                   (lval[1] != '\0') ? ", " : "",
                                   xval,
                                   rval);
                 }
 #endif
                 break;
 
               case JSOP_INITELEM:
                 rval = POP_STR();
                 xval = POP_STR();
                 lval = POP_STR();
                 sn = js_GetSrcNote(jp->script, pc);
-                if (sn && SN_TYPE(sn) == SRC_LABEL)
+                if (sn && SN_TYPE(sn) == SRC_LABEL) {
+                    atom = NULL;
                     goto do_initprop;
+                }
                 todo = Sprint(&ss->sprinter, "%s%s%s",
                               lval,
                               (lval[1] != '\0' || *xval != '0') ? ", " : "",
                               rval);
                 break;
 
 #if JS_HAS_SHARP_VARS
               case JSOP_DEFSHARP:
Index: mozilla/js/src/jsobj.c
===================================================================
RCS file: /cvsroot/mozilla/js/src/jsobj.c,v
retrieving revision 3.208.2.12.2.26
diff -u -8 -p -r3.208.2.12.2.26 jsobj.c
--- mozilla/js/src/jsobj.c	11 Jul 2007 01:28:31 -0000	3.208.2.12.2.26
+++ mozilla/js/src/jsobj.c	17 Jul 2007 17:15:53 -0000
@@ -57,16 +57,17 @@
 #include "jscntxt.h"
 #include "jsconfig.h"
 #include "jsfun.h"
 #include "jsgc.h"
 #include "jsinterp.h"
 #include "jslock.h"
 #include "jsnum.h"
 #include "jsobj.h"
+#include "jsscan.h"
 #include "jsscope.h"
 #include "jsscript.h"
 #include "jsstr.h"
 #include "jsopcode.h"
 
 #include "jsdbgapi.h"   /* whether or not JS_HAS_OBJ_WATCHPOINT */
 
 #if JS_HAS_XML_SUPPORT
@@ -689,20 +690,22 @@ js_obj_toSource(JSContext *cx, JSObject 
     jsint i, j, length, valcnt;
     jsid id;
 #if JS_HAS_GETTER_SETTER
     JSObject *obj2;
     JSProperty *prop;
     uintN attrs;
 #endif
     jsval *val;
+    JSString *gsopold[2];
     JSString *gsop[2];
     JSAtom *atom;
     JSString *idstr, *valstr, *str;
     int stackDummy;
+    char *atomstrchars;
 
     if (!JS_CHECK_STACK_SIZE(cx, stackDummy)) {
         JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_OVER_RECURSED);
         return JS_FALSE;
     }
 
     /*
      * obj_toString for 1.2 calls toSource, and doesn't want the extra parens
@@ -806,91 +809,110 @@ js_obj_toSource(JSContext *cx, JSObject 
     /*
      * We have four local roots for cooked and raw value GC safety.  Hoist the
      * "argv + 2" out of the loop using the val local, which refers to the raw
      * (unconverted, "uncooked") values.
      */
     val = argv + 2;
 
     for (i = 0, length = ida->length; i < length; i++) {
+        JSBool idIsLexicalIdentifier, needOldStyleGetterSetter;
+
         /* Get strings for id and value and GC-root them via argv. */
         id = ida->vector[i];
 
 #if JS_HAS_GETTER_SETTER
-
         ok = OBJ_LOOKUP_PROPERTY(cx, obj, id, &obj2, &prop);
         if (!ok)
             goto error;
+#endif
+
+        /*
+         * Convert id to a jsval and then to a string.  Decide early whether we
+         * prefer get/set or old getter/setter syntax.
+         */
+        atom = JSID_IS_ATOM(id) ? JSID_TO_ATOM(id) : NULL;
+        idstr = js_ValueToString(cx, ID_TO_VALUE(id));
+        if (!idstr) {
+            ok = JS_FALSE;
+            OBJ_DROP_PROPERTY(cx, obj2, prop);
+            goto error;
+        }
+        *rval = STRING_TO_JSVAL(idstr);         /* local root */
+        idIsLexicalIdentifier = js_IsIdentifier(idstr);
+
+        atomstrchars = ATOM_TO_STRING(atom);
+        needOldStyleGetterSetter = 
+            !idIsLexicalIdentifier ||
+            ATOM_KEYWORD(js_AtomizeChars(cx,
+                                     atomstrchars,
+                                     sizeof(atomstrchars),
+                                     0)) != TOK_EOF;
+
+#if JS_HAS_GETTER_SETTER
+
         valcnt = 0;
         if (prop) {
             ok = OBJ_GET_ATTRIBUTES(cx, obj2, id, prop, &attrs);
             if (!ok) {
                 OBJ_DROP_PROPERTY(cx, obj2, prop);
                 goto error;
             }
             if (OBJ_IS_NATIVE(obj2) &&
                 (attrs & (JSPROP_GETTER | JSPROP_SETTER))) {
                 if (attrs & JSPROP_GETTER) {
                     val[valcnt] = (jsval) ((JSScopeProperty *)prop)->getter;
-#ifdef OLD_GETTER_SETTER
-                    gsop[valcnt] =
+                    gsopold[valcnt] =
                         ATOM_TO_STRING(cx->runtime->atomState.getterAtom);
-#else
                     gsop[valcnt] =
                         ATOM_TO_STRING(cx->runtime->atomState.getAtom);
-#endif
                     valcnt++;
                 }
                 if (attrs & JSPROP_SETTER) {
                     val[valcnt] = (jsval) ((JSScopeProperty *)prop)->setter;
-#ifdef OLD_GETTER_SETTER
-                    gsop[valcnt] =
+                    gsopold[valcnt] =
                         ATOM_TO_STRING(cx->runtime->atomState.setterAtom);
-#else
                     gsop[valcnt] =
                         ATOM_TO_STRING(cx->runtime->atomState.setAtom);
-#endif
                     valcnt++;
                 }
             } else {
                 valcnt = 1;
                 gsop[0] = NULL;
+                gsopold[0] = NULL;
                 ok = OBJ_GET_PROPERTY(cx, obj, id, &val[0]);
             }
             OBJ_DROP_PROPERTY(cx, obj2, prop);
         }
 
 #else  /* !JS_HAS_GETTER_SETTER */
 
+        /*
+         * We simplify the source code at the price of minor dead code bloat in
+         * the ECMA version (for testing only, see jsconfig.h).  The null
+         * default values in gsop[j] suffice to disable non-ECMA getter and
+         * setter code.
+         */
         valcnt = 1;
         gsop[0] = NULL;
+        gsopold[0] = NULL;
         ok = OBJ_GET_PROPERTY(cx, obj, id, &val[0]);
 
 #endif /* !JS_HAS_GETTER_SETTER */
 
         if (!ok)
             goto error;
 
-        /* Convert id to a jsval and then to a string. */
-        atom = JSID_IS_ATOM(id) ? JSID_TO_ATOM(id) : NULL;
-        id = ID_TO_VALUE(id);
-        idstr = js_ValueToString(cx, id);
-        if (!idstr) {
-            ok = JS_FALSE;
-            goto error;
-        }
-        *rval = STRING_TO_JSVAL(idstr);         /* local root */
-
         /*
          * If id is a string that's a reserved identifier, or else id is not
          * an identifier at all, then it needs to be quoted.  Also, negative
          * integer ids must be quoted.
          */
         if (atom
-            ? (ATOM_KEYWORD(atom) || !js_IsIdentifier(idstr))
+            ? (ATOM_KEYWORD(atom) || !idIsLexicalIdentifier)
             : (JSID_IS_OBJECT(id) || JSID_TO_INT(id) < 0)) {
             idstr = js_QuoteString(cx, idstr, (jschar)'\'');
             if (!idstr) {
                 ok = JS_FALSE;
                 goto error;
             }
             *rval = STRING_TO_JSVAL(idstr);     /* local root */
         }
@@ -903,46 +925,67 @@ js_obj_toSource(JSContext *cx, JSObject 
             if (!valstr) {
                 ok = JS_FALSE;
                 goto error;
             }
             argv[j] = STRING_TO_JSVAL(valstr);  /* local root */
             vchars = JSSTRING_CHARS(valstr);
             vlength = JSSTRING_LENGTH(valstr);
 
+            if (vchars[0] == '#')
+                needOldStyleGetterSetter = JS_TRUE;
+
+            if (needOldStyleGetterSetter)
+                gsop[j] = gsopold[j];
+
 #ifndef OLD_GETTER_SETTER
             /*
              * Remove '(function ' from the beginning of valstr and ')' from the
              * end so that we can put "get" in front of the function definition.
              */
-            if (gsop[j]) {
-                int n = strlen(js_function_str) + 2;
-                vchars += n;
-                vlength -= n + 1;
+            if (gsop[j] && (JS_TypeOfValue(cx, val[j]) == JSTYPE_FUNCTION) &&
+                !needOldStyleGetterSetter) {
+                const jschar *start = vchars;
+                if (vchars[0] == '(')
+                    vchars++;
+                vchars = js_strchr_limit(vchars, '(', vchars + vlength);
+                if (vchars) {
+                    vlength -= vchars - start + 1;
+                } else {
+                    gsop[j] = NULL;
+                    vchars = start;
+                }
             }
+#else
+            needOldStyleGetterSetter = JS_TRUE;
+            gsop[j] = gsopold[j];
 #endif
 
             /* If val[j] is a non-sharp object, consider sharpening it. */
             vsharp = NULL;
             vsharplength = 0;
 #if JS_HAS_SHARP_VARS
             if (!JSVAL_IS_PRIMITIVE(val[j]) && vchars[0] != '#') {
                 he = js_EnterSharpObject(cx, JSVAL_TO_OBJECT(val[j]), NULL,
                                          &vsharp);
                 if (!he) {
                     ok = JS_FALSE;
                     goto error;
                 }
                 if (IS_SHARP(he)) {
                     vchars = vsharp;
                     vlength = js_strlen(vchars);
+                    needOldStyleGetterSetter = JS_TRUE;
+                    gsop[j] = gsopold[j];
                 } else {
                     if (vsharp) {
                         vsharplength = js_strlen(vsharp);
                         MAKE_SHARP(he);
+                        needOldStyleGetterSetter = JS_TRUE;
+                        gsop[j] = gsopold[j];
                     }
                     js_LeaveSharpObject(cx, NULL);
                 }
             }
 #endif
 
 #define SAFE_ADD(n)                                                          \
     JS_BEGIN_MACRO                                                           \
@@ -977,38 +1020,41 @@ js_obj_toSource(JSContext *cx, JSObject 
             }
 
             if (comma) {
                 chars[nchars++] = comma[0];
                 chars[nchars++] = comma[1];
             }
             comma = ", ";
 
-#ifdef OLD_GETTER_SETTER
-            js_strncpy(&chars[nchars], idstrchars, idstrlength);
-            nchars += idstrlength;
-            if (gsop[j]) {
-                chars[nchars++] = ' ';
-                gsoplength = JSSTRING_LENGTH(gsop[j]);
-                js_strncpy(&chars[nchars], JSSTRING_CHARS(gsop[j]), gsoplength);
-                nchars += gsoplength;
-            }
-            chars[nchars++] = ':';
-#else
-            if (gsop[j]) {
-                gsoplength = JSSTRING_LENGTH(gsop[j]);
-                js_strncpy(&chars[nchars], JSSTRING_CHARS(gsop[j]), gsoplength);
-                nchars += gsoplength;
-                chars[nchars++] = ' ';
-            }
-            js_strncpy(&chars[nchars], idstrchars, idstrlength);
-            nchars += idstrlength;
-            if (!gsop[j])
+            if (needOldStyleGetterSetter) {
+                js_strncpy(&chars[nchars], idstrchars, idstrlength);
+                nchars += idstrlength;
+                if (gsop[j]) {
+                    chars[nchars++] = ' ';
+                    gsoplength = JSSTRING_LENGTH(gsop[j]);
+                    js_strncpy(&chars[nchars], JSSTRING_CHARS(gsop[j]),
+                               gsoplength);
+                    nchars += gsoplength;
+                }
                 chars[nchars++] = ':';
-#endif
+            } else {  /* New style "decompilation" */
+                if (gsop[j]) {
+                    gsoplength = JSSTRING_LENGTH(gsop[j]);
+                    js_strncpy(&chars[nchars], JSSTRING_CHARS(gsop[j]),
+                               gsoplength);
+                    nchars += gsoplength;
+                    chars[nchars++] = ' ';
+                }
+                js_strncpy(&chars[nchars], idstrchars, idstrlength);
+                nchars += idstrlength;
+                /* Extraneous space after id here will be extracted later */
+                chars[nchars++] = gsop[j] ? ' ' : ':';
+            }
+
             if (vsharplength) {
                 js_strncpy(&chars[nchars], vsharp, vsharplength);
                 nchars += vsharplength;
             }
             js_strncpy(&chars[nchars], vchars, vlength);
             nchars += vlength;
 
             if (vsharp)

mozilla-379245.patch:
 jsinterp.c |    2 ++
 1 files changed, 2 insertions(+)

--- NEW FILE mozilla-379245.patch ---
---
 js/src/jsinterp.c |    2 ++
 1 file changed, 2 insertions(+)

Index: mozilla/js/src/jsinterp.c
===================================================================
--- mozilla.orig/js/src/jsinterp.c	2007-07-16 11:06:07.000000000 +0200
+++ mozilla/js/src/jsinterp.c	2007-07-16 11:06:17.000000000 +0200
@@ -2025,16 +2025,17 @@
                 cx->fp = fp = fp->down;
                 JS_ARENA_RELEASE(&cx->stackPool, ifp->mark);
 
                 /* Restore sp to point just above the return value. */
                 fp->sp = vp + 1;
                 RESTORE_SP(fp);
 
                 /* Restore the calling script's interpreter registers. */
+                obj = NULL;
                 script = fp->script;
                 depth = (jsint) script->depth;
                 pc = fp->pc;
                 endpc = script->code + script->length;
 
                 /* Store the generating pc for the return value. */
                 vp[-depth] = (jsval)pc;
 
@@ -3579,16 +3580,17 @@
                     if (currentVersion != cx->version)
                         js_SetVersion(cx, currentVersion);
                 }
 
                 /* Push the frame and set interpreter registers. */
                 cx->fp = fp = &newifp->frame;
                 pc = script->code;
                 endpc = pc + script->length;
+                obj = NULL;
                 inlineCallCount++;
                 JS_RUNTIME_METER(rt, inlineCalls);
                 continue;
 
               bad_inline_call:
                 script = fp->script;
                 depth = (jsint) script->depth;
                 goto out;

mozilla-381300.patch:
 caps/src/nsPrincipal.cpp                                   |   39 ---
 caps/src/nsScriptSecurityManager.cpp                       |   33 +-
 content/base/public/nsIDocument.h                          |   42 +++
 content/base/src/nsDocument.cpp                            |    2 
 content/base/src/nsDocument.h                              |    1 
 content/base/src/nsFrameLoader.cpp                         |    7 
 content/html/document/src/nsHTMLDocument.cpp               |   44 +--
 docshell/base/nsDocShell.cpp                               |  154 +++++++++---
 docshell/base/nsDocShell.h                                 |   16 +
 dom/public/base/nsPIDOMWindow.h                            |   29 ++
 dom/src/base/nsGlobalWindow.cpp                            |  161 +++++++------
 dom/src/base/nsGlobalWindow.h                              |   10 
 dom/src/jsurl/nsJSProtocolHandler.cpp                      |    6 
 embedding/components/windowwatcher/src/Makefile.in         |    1 
 embedding/components/windowwatcher/src/nsWindowWatcher.cpp |   61 ++++
 embedding/components/windowwatcher/src/nsWindowWatcher.h   |    1 
 16 files changed, 395 insertions(+), 212 deletions(-)

--- NEW FILE mozilla-381300.patch ---
 caps/src/nsPrincipal.cpp                                   |   39 ---
 caps/src/nsScriptSecurityManager.cpp                       |   33 +-
 content/base/public/nsIDocument.h                          |   42 +++
 content/base/src/nsDocument.cpp                            |    2 
 content/base/src/nsDocument.h                              |    1 
 content/base/src/nsFrameLoader.cpp                         |    7 
 content/html/document/src/nsHTMLDocument.cpp               |   44 +--
 docshell/base/nsDocShell.cpp                               |  154 +++++++++---
 docshell/base/nsDocShell.h                                 |   16 +
 dom/public/base/nsPIDOMWindow.h                            |   29 ++
 dom/src/base/nsGlobalWindow.cpp                            |  161 +++++++------
 dom/src/base/nsGlobalWindow.h                              |   10 
 dom/src/jsurl/nsJSProtocolHandler.cpp                      |    6 
 embedding/components/windowwatcher/src/Makefile.in         |    1 
 embedding/components/windowwatcher/src/nsWindowWatcher.cpp |   61 ++++
 embedding/components/windowwatcher/src/nsWindowWatcher.h   |    1 
 16 files changed, 395 insertions(+), 212 deletions(-)

Index: mozilla/caps/src/nsPrincipal.cpp
===================================================================
--- mozilla.orig/caps/src/nsPrincipal.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/caps/src/nsPrincipal.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -260,15 +260,10 @@
     }
 
     // Codebases are equal if they have the same origin.
-    nsIURI *origin = mDomain ? mDomain : mCodebase;
-    nsCOMPtr<nsIURI> otherOrigin;
-    aOther->GetDomain(getter_AddRefs(otherOrigin));
-    if (!otherOrigin) {
-      aOther->GetURI(getter_AddRefs(otherOrigin));
-    }
-
-    return nsScriptSecurityManager::GetScriptSecurityManager()
-           ->SecurityCompareURIs(origin, otherOrigin, aResult);
+    *aResult =
+      NS_SUCCEEDED(nsScriptSecurityManager::GetScriptSecurityManager()
+                   ->CheckSameOriginPrincipal(this, aOther));
+    return NS_OK;
   }
 
   *aResult = PR_TRUE;
@@ -278,32 +273,6 @@
 NS_IMETHODIMP
 nsPrincipal::Subsumes(nsIPrincipal *aOther, PRBool *aResult)
 {
-  // First, check if aOther is an about:blank principal. If it is, then we can
-  // subsume it.
-
-  nsCOMPtr<nsIURI> otherOrigin;
-  aOther->GetURI(getter_AddRefs(otherOrigin));
-
-  if (otherOrigin) {
-    PRBool isAbout = PR_FALSE;
-    if (NS_SUCCEEDED(otherOrigin->SchemeIs("about", &isAbout)) && isAbout) {
-      nsCAutoString str;
-      otherOrigin->GetSpec(str);
-
-      // Note: about:blank principals do not necessarily subsume about:blank
-      // principals (unless aOther == this, which is checked in the Equals call
-      // below).
-
-      if (str.Equals("about:blank")) {
-        PRBool isEqual = PR_FALSE;
-        if (NS_SUCCEEDED(otherOrigin->Equals(mCodebase, &isEqual)) && !isEqual) {
-          *aResult = PR_TRUE;
-          return NS_OK;
-        }
-      }
-    }
-  }
-
   return Equals(aOther, aResult);
 }
 
Index: mozilla/caps/src/nsScriptSecurityManager.cpp
===================================================================
--- mozilla.orig/caps/src/nsScriptSecurityManager.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/caps/src/nsScriptSecurityManager.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -273,7 +273,7 @@
         return NS_OK;
     }
 
-    if (!aTargetURI) 
+    if (!aTargetURI || !aSourceURI) 
     {
         // return false
         return NS_OK;
@@ -863,8 +863,14 @@
     if (aSubject == aObject)
         return NS_OK;
 
+    // These booleans are only used when !aIsCheckConnect.  Default
+    // them to false, and change if that turns out wrong.
+    PRBool subjectSetDomain = PR_FALSE;
+    PRBool objectSetDomain = PR_FALSE;
+    
     nsCOMPtr<nsIURI> subjectURI;
     nsCOMPtr<nsIURI> objectURI;
+
     if (aIsCheckConnect)
     {
         // Don't use domain for CheckConnect calls, since that's called for
@@ -875,12 +881,18 @@
     else
     {
         aSubject->GetDomain(getter_AddRefs(subjectURI));
-        if (!subjectURI)
+        if (!subjectURI) {
             aSubject->GetURI(getter_AddRefs(subjectURI));
+        } else {
+            subjectSetDomain = PR_TRUE;
+        }
 
         aObject->GetDomain(getter_AddRefs(objectURI));
-        if (!objectURI)
+        if (!objectURI) {
             aObject->GetURI(getter_AddRefs(objectURI));
+        } else {
+            objectSetDomain = PR_TRUE;
+        }
     }
 
     PRBool isSameOrigin = PR_FALSE;
@@ -899,24 +911,11 @@
         if (aIsCheckConnect)
             return NS_OK;
 
-        nsCOMPtr<nsIURI> subjectDomain;
-        aSubject->GetDomain(getter_AddRefs(subjectDomain));
-
-        nsCOMPtr<nsIURI> objectDomain;
-        aObject->GetDomain(getter_AddRefs(objectDomain));
-
         // If both or neither explicitly set their domain, allow the access
-        if (!subjectDomain == !objectDomain)
+        if (subjectSetDomain == objectSetDomain)
             return NS_OK;
     }
 
-    // Allow access to about:blank
-    nsXPIDLCString origin;
-    rv = aObject->GetOrigin(getter_Copies(origin));
-    NS_ENSURE_SUCCESS(rv, rv);
-    if (nsCRT::strcasecmp(origin, "about:blank") == 0)
-        return NS_OK;
-
     /*
     ** Access tests failed, so now report error.
     */
Index: mozilla/content/base/public/nsIDocument.h
===================================================================
--- mozilla.orig/content/base/public/nsIDocument.h	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/content/base/public/nsIDocument.h	2007-07-16 11:53:05.000000000 +0200
@@ -841,7 +841,7 @@
   PRUint32 mPartID;
 };
 
-// IID for the nsIDocument interface
+// IID for the nsIDocument_MOZILLA_1_8_0_BRANCH interface
 #define NS_IDOCUMENT_MOZILLA_1_8_0_BRANCH_IID      \
 { 0x7d001ad2, 0x01ac, 0x4bf2, \
   { 0xb8, 0x3a, 0x50, 0xaa, 0xed, 0xc6, 0x1d, 0xfa } }
@@ -870,6 +870,46 @@
   virtual nsresult RemoveChildAt(PRUint32 aIndex, PRBool aNotify) = 0;
 };
 
+// IID for the nsIDocument_MOZILLA_1_8_BRANCH2 interface
+#define NS_IDOCUMENT_MOZILLA_1_8_BRANCH2_IID      \
+{ 0x095024b5, 0x57d1, 0x4117, \
+ { 0xb6, 0x02, 0x5c, 0x6d, 0xf2, 0x81, 0xe0, 0xba } }
+
+class nsIDocument_MOZILLA_1_8_BRANCH2 : public nsISupports
+{
+public:
+  NS_DEFINE_STATIC_IID_ACCESSOR(NS_IDOCUMENT_MOZILLA_1_8_BRANCH2_IID)
+
+  nsIDocument_MOZILLA_1_8_BRANCH2() :
+    mIsInitialDocumentInWindow(PR_FALSE)
+  {
+  }
+
+  /**
+   * Ask this document whether it's the initial document in its window.
+   */
+  PRBool IsInitialDocument() const
+  {
+    return mIsInitialDocumentInWindow;
+  }
+  
+  /**
+   * Tell this document that it's the initial document in its window.  See
+   * comments on mIsInitialDocumentInWindow for when this should be called.
+   */
+  void SetIsInitialDocument(PRBool aIsInitialDocument)
+  {
+    mIsInitialDocumentInWindow = aIsInitialDocument;
+  }
+
+protected:   
+  // True if this document is the initial document for a window.  This should
+  // basically be true only for documents that exist in newly-opened windows or
+  // documents created to satisfy a GetDocument() on a window when there's no
+  // document in it.
+  PRBool mIsInitialDocumentInWindow;
+};
+
 /**
  * Helper class to automatically handle batching of document updates.  This
  * class will call BeginUpdate on construction and EndUpdate on destruction on
Index: mozilla/content/base/src/nsDocument.cpp
===================================================================
--- mozilla.orig/content/base/src/nsDocument.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/content/base/src/nsDocument.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -783,6 +783,7 @@
 
 nsDocument::nsDocument()
   : nsIDocument(),
+    nsIDocument_MOZILLA_1_8_BRANCH2(),
     mVisible(PR_TRUE)
 {
 #ifdef PR_LOGGING
@@ -916,6 +917,7 @@
 NS_INTERFACE_MAP_BEGIN(nsDocument)
   NS_INTERFACE_MAP_ENTRY(nsIDocument)
   NS_INTERFACE_MAP_ENTRY(nsIDocument_MOZILLA_1_8_0_BRANCH)
+  NS_INTERFACE_MAP_ENTRY(nsIDocument_MOZILLA_1_8_BRANCH2)
   NS_INTERFACE_MAP_ENTRY(nsIDOMDocument)
   NS_INTERFACE_MAP_ENTRY(nsIDOMNSDocument)
   NS_INTERFACE_MAP_ENTRY(nsIDOMDocumentEvent)
Index: mozilla/content/base/src/nsDocument.h
===================================================================
--- mozilla.orig/content/base/src/nsDocument.h	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/content/base/src/nsDocument.h	2007-07-16 11:53:05.000000000 +0200
@@ -365,6 +365,7 @@
 // the interface.
 class nsDocument : public nsIDocument,
                    public nsIDocument_MOZILLA_1_8_0_BRANCH,
+                   public nsIDocument_MOZILLA_1_8_BRANCH2,
                    public nsIDOMXMLDocument, // inherits nsIDOMDocument
                    public nsIDOMNSDocument,
                    public nsIDOMDocumentEvent,
Index: mozilla/content/base/src/nsFrameLoader.cpp
===================================================================
--- mozilla.orig/content/base/src/nsFrameLoader.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/content/base/src/nsFrameLoader.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -165,6 +165,13 @@
     // load instead of just forcing the system principal.  That way if we have
     // something loaded already the principal used will be that of what we
     // already have loaded.
+
+    // XXX bz I'd love to nix this, but the problem is chrome calling
+    // setAttribute() on an iframe or browser and passing in a javascript: URI.
+    // We probably don't want to run that with chrome privileges... Though in
+    // similar circumstances, if one sets window.location.href from chrome we
+    // _do_ run that with chrome privileges, so maybe we should do the same
+    // here?
     loadInfo->SetInheritOwner(PR_TRUE);
 
     // Also, in this case we don't set a referrer, just in case.
Index: mozilla/content/html/document/src/nsHTMLDocument.cpp
===================================================================
--- mozilla.orig/content/html/document/src/nsHTMLDocument.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/content/html/document/src/nsHTMLDocument.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -2020,10 +2020,24 @@
     // Rememer the old scope in case the call to SetNewDocument changes it.
     nsCOMPtr<nsIScriptGlobalObject> oldScope(do_QueryReferent(mScopeObject));
 
+    // If callerPrincipal doesn't match our principal. make sure that
+    // SetNewDocument gives us a new inner window and clears our scope.
+    NS_ENSURE_TRUE(GetPrincipal(), NS_ERROR_OUT_OF_MEMORY);
+    if (!callerPrincipal ||
+        NS_FAILED(nsContentUtils::GetSecurityManager()->
+          CheckSameOriginPrincipal(callerPrincipal, GetPrincipal()))) {
+      SetIsInitialDocument(PR_FALSE);
+    }      
+
     rv = mScriptGlobalObject->SetNewDocument((nsDocument *)this, nsnull,
                                              PR_FALSE, PR_FALSE);
     NS_ENSURE_SUCCESS(rv, rv);
 
+    // Now make sure we're not flagged as the initial document anymore, now
+    // that we've had stuff done to us.  From now on, if anyone tries to
+    // document.open() us, they get a new inner window.
+    SetIsInitialDocument(PR_FALSE);
+
     nsCOMPtr<nsIScriptGlobalObject> newScope(do_QueryReferent(mScopeObject));
     if (oldScope && newScope != oldScope) {
       nsContentUtils::ReparentContentWrappersInScope(oldScope, newScope);
@@ -2359,36 +2373,6 @@
     GetCurrentNativeCallContext(getter_AddRefs(ncc));
   NS_ENSURE_SUCCESS(rv, rv);
 
-  nsCAutoString spec;
-
-  if (mDocumentURI) {
-    rv = mDocumentURI->GetSpec(spec);
-    NS_ENSURE_SUCCESS(rv, rv);
-  }
-
-  if (!mDocumentURI || spec.EqualsLiteral("about:blank")) {
-    // The current document's URI and principal are empty or "about:blank".
-    // By writing to this document, the script acquires responsibility for the
-    // document for security purposes. Thus a document.write of a script tag
-    // ends up producing a script with the same principals as the script
-    // that performed the write.
-    nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
-
-    nsCOMPtr<nsIPrincipal> subject;
-    rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (subject) {
-      nsCOMPtr<nsIURI> subjectURI;
-      subject->GetURI(getter_AddRefs(subjectURI));
-
-      if (subjectURI) {
-        mDocumentURI = subjectURI;
-        mPrincipal = subject;
-      }
-    }
-  }
-
   if (ncc) {
     // We're called from JS, concatenate the extra arguments into
     // string_buffer
Index: mozilla/docshell/base/nsDocShell.cpp
===================================================================
--- mozilla.orig/docshell/base/nsDocShell.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/docshell/base/nsDocShell.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -3226,21 +3226,20 @@
         rv = LoadHistoryEntry(mLSHE, type);
     }
     else {
+        nsCOMPtr<nsIDOMDocument> domDoc(do_GetInterface(GetAsSupports(this)));
+        nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
+
+        nsIPrincipal* principal = nsnull;
         nsAutoString contentTypeHint;
-        nsCOMPtr<nsIDOMWindow> window(do_GetInterface((nsIDocShell*)this));
-        if (window) {
-            nsCOMPtr<nsIDOMDocument> document;
-            window->GetDocument(getter_AddRefs(document));
-            nsCOMPtr<nsIDOMNSDocument> doc(do_QueryInterface(document));
-            if (doc) {
-                doc->GetContentType(contentTypeHint);
-            }
+        if (doc) {
+            principal = doc->GetPrincipal();
+            doc->GetContentType(contentTypeHint);
         }
 
         rv = InternalLoad(mCurrentURI,
                           mReferrerURI,
-                          nsnull,         // No owner
-                          INTERNAL_LOAD_FLAGS_INHERIT_OWNER, // Inherit owner from document
+                          principal,
+                          INTERNAL_LOAD_FLAGS_NONE, // Do not inherit owner from document
                           nsnull,         // No window target
                           NS_LossyConvertUCS2toASCII(contentTypeHint).get(),
                           nsnull,         // No post data
@@ -4859,7 +4858,38 @@
     if (mIsBeingDestroyed)
         return NS_ERROR_FAILURE;
 
-    return CreateAboutBlankContentViewer();
+    nsIPrincipal* principal = nsnull;
+
+    nsCOMPtr<nsPIDOMWindow_MOZILLA_1_8_BRANCH2> piDOMWindow =
+      do_QueryInterface(mScriptGlobal);
+    if (piDOMWindow) {
+        principal = piDOMWindow->GetOpenerScriptPrincipal();
+    }
+
+    if (!principal) {
+        principal = GetInheritedPrincipal(PR_FALSE);
+    }
+
+    nsresult rv = CreateAboutBlankContentViewer();
+
+    if (NS_SUCCEEDED(rv)) {
+        nsCOMPtr<nsIDOMDocument> domDoc;
+        mContentViewer->GetDOMDocument(getter_AddRefs(domDoc));
+        nsCOMPtr<nsIDocument> doc(do_QueryInterface(domDoc));
+        nsCOMPtr<nsIDocument_MOZILLA_1_8_BRANCH2> doc_MOZILLA_1_8_BRANCH2 =
+            do_QueryInterface(domDoc);
+        NS_ASSERTION(doc && doc_MOZILLA_1_8_BRANCH2,
+                     "Should have doc if CreateAboutBlankContentViewer "
+                     "succeeded!");
+
+        doc_MOZILLA_1_8_BRANCH2->SetIsInitialDocument(PR_TRUE);
+
+        if (principal) {
+            doc->SetPrincipal(principal);
+        }
+    }
+
+    return rv;
 }
 
 NS_IMETHODIMP
@@ -6300,12 +6330,28 @@
 
     nsCOMPtr<nsISupports> owner(aOwner);
     //
-    // Get an owner from the current document if necessary, but only
-    // if this is not an external load.
+    // Get an owner from the current document if necessary.  Note that we only
+    // do this for URIs that inherit a security context; in particular we do
+    // NOT do this for about:blank.  This way, random about:blank loads that
+    // have no owner (which basically means they were done by someone from
+    // chrome manually messing with our nsIWebNavigation or by C++ setting
+    // document.location) don't get a funky principal.  If callers want
+    // something interesting to happen with the about:blank principal in this
+    // case, they should pass an owner in.
     //
     if (aLoadType != LOAD_NORMAL_EXTERNAL && !owner &&
-        (aFlags & INTERNAL_LOAD_FLAGS_INHERIT_OWNER))
-        GetCurrentDocumentOwner(getter_AddRefs(owner));
+        (aFlags & INTERNAL_LOAD_FLAGS_INHERIT_OWNER)) {
+        PRBool inherits;
+        PRBool isScheme;
+        inherits =
+            (NS_SUCCEEDED(aURI->SchemeIs("javascript", &isScheme)) &&
+             isScheme) ||
+            (NS_SUCCEEDED(aURI->SchemeIs("data", &isScheme)) &&
+             isScheme);
+        if (inherits) {
+            owner = GetInheritedPrincipal(PR_TRUE);
+        }
+    }
 
     //
     // Resolve the window target before going any further...
@@ -6684,42 +6730,51 @@
     return rv;
 }
 
-void
-nsDocShell::GetCurrentDocumentOwner(nsISupports ** aOwner)
+nsIPrincipal*
+nsDocShell::GetInheritedPrincipal(PRBool aConsiderCurrentDocument)
 {
-    *aOwner = nsnull;
     nsCOMPtr<nsIDocument> document;
-    //-- Get the current document
-    if (mContentViewer) {
+
+    if (aConsiderCurrentDocument && mContentViewer) {
         nsCOMPtr<nsIDocumentViewer>
             docViewer(do_QueryInterface(mContentViewer));
         if (!docViewer)
-            return;
+            return nsnull;
         docViewer->GetDocument(getter_AddRefs(document));
     }
-    else //-- If there's no document loaded yet, look at the parent (frameset)
-    {
+
+    if (!document) {
         nsCOMPtr<nsIDocShellTreeItem> parentItem;
         GetSameTypeParent(getter_AddRefs(parentItem));
-        if (!parentItem)
-            return;
-        nsCOMPtr<nsIDOMWindowInternal>
-            parentWindow(do_GetInterface(parentItem));
-        if (!parentWindow)
-            return;
-        nsCOMPtr<nsIDOMDocument> parentDomDoc;
-        parentWindow->GetDocument(getter_AddRefs(parentDomDoc));
-        if (!parentDomDoc)
-            return;
-        document = do_QueryInterface(parentDomDoc);
+        if (parentItem) {
+            nsCOMPtr<nsIDOMDocument> parentDomDoc(do_GetInterface(parentItem));
+            document = do_QueryInterface(parentDomDoc);
+        }
+    }
+
+    if (!document) {
+        if (!aConsiderCurrentDocument) {
+            return nsnull;
+        }
+
+        // Make sure we end up with _something_ as the principal no matter
+        // what.
+        EnsureContentViewer();  // If this fails, we'll just get a null
+                                // docViewer and bail.
+
+        nsCOMPtr<nsIDocumentViewer>
+            docViewer(do_QueryInterface(mContentViewer));
+        if (!docViewer)
+            return nsnull;
+        docViewer->GetDocument(getter_AddRefs(document));
     }
 
     //-- Get the document's principal
     if (document) {
-        *aOwner = document->GetPrincipal();
+        return document->GetPrincipal();
     }
 
-    NS_IF_ADDREF(*aOwner);
+    return nsnull;
 }
 
 nsresult
@@ -6885,7 +6940,12 @@
     // Set the owner of the channel - only for javascript and data channels.
     //
     // XXX: Is seems wrong that the owner is ignored - even if one is
-    //      supplied) unless the URI is javascript or data.
+    //      supplied) unless the URI is javascript or data or about:blank.
+    // XXX: If this is ever changed, check all callers for what owners they're
+    //      passing in.  In particular, see the code and comments in LoadURI
+    //      where we fall back on inheriting the owner if called
+    //      from chrome.  That would be very wrong if this code changed
+    //      anything but channels that can't provide their own security context!
     //
     //      (Currently chrome URIs set the owner when they are created!
     //      So setting a NULL owner would be bad!)
@@ -6895,7 +6955,7 @@
     if (!isJSOrData) {
       aURI->SchemeIs("data", &isJSOrData);
     }
-    if (isJSOrData) {
+    if (isJSOrData || IsAboutBlank(aURI)) {
         channel->SetOwner(aOwner);
     }
 
@@ -8730,3 +8790,21 @@
 
     return wwatch->GetNewAuthPrompter(window, aResult);
 }
+
+/* static */
+PRBool
+nsDocShell::IsAboutBlank(nsIURI* aURI)
+{
+    NS_PRECONDITION(aURI, "Must have URI");
+    
+    // GetSpec can be expensive for some URIs, so check the scheme first.
+    PRBool isAbout = PR_FALSE;
+    if (NS_FAILED(aURI->SchemeIs("about", &isAbout)) || !isAbout) {
+        return PR_FALSE;
+    }
+    
+    nsCAutoString str;
+    aURI->GetSpec(str);
+    return str.EqualsLiteral("about:blank");
+}
+                                     
Index: mozilla/docshell/base/nsDocShell.h
===================================================================
--- mozilla.orig/docshell/base/nsDocShell.h	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/docshell/base/nsDocShell.h	2007-07-16 11:53:05.000000000 +0200
@@ -287,7 +287,18 @@
     void SetupReferrerFromChannel(nsIChannel * aChannel);
     
     NS_IMETHOD GetEldestPresContext(nsPresContext** aPresContext);
-    void GetCurrentDocumentOwner(nsISupports ** aOwner);
+
+    // Get the principal that we'll set on the channel if we're inheriting.  If
+    // aConsiderCurrentDocument is true, we try to use the current document if
+    // at all possible.  If that fails, we fall back on the parent document.
+    // If that fails too, we force creation of a content viewer and use the
+    // resulting principal.  If aConsiderCurrentDocument is false, we just look
+    // at the parent.
+    nsIPrincipal* GetInheritedPrincipal(PRBool aConsiderCurrentDocument);
+
+    // Actually open a channel and perform a URI load.  Note: whatever owner is
+    // passed to this function will be set on the channel.  Callers who wish to
+    // not have an owner on the channel should just pass null.
     virtual nsresult DoURILoad(nsIURI * aURI,
                                nsIURI * aReferrer,
                                PRBool aSendReferrer,
@@ -511,6 +522,9 @@
     // Call BeginRestore(nsnull, PR_FALSE) for each child of this shell.
     nsresult BeginRestoreChildren();
 
+    // Check whether aURI is about:blank
+    static PRBool IsAboutBlank(nsIURI* aURI);
+
 protected:
     // Override the parent setter from nsDocLoader
     virtual nsresult SetDocLoaderParent(nsDocLoader * aLoader);
Index: mozilla/dom/public/base/nsPIDOMWindow.h
===================================================================
--- mozilla.orig/dom/public/base/nsPIDOMWindow.h	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/dom/public/base/nsPIDOMWindow.h	2007-07-16 11:53:05.000000000 +0200
@@ -50,6 +50,8 @@
 #include "nsIURI.h"
 #include "nsCOMPtr.h"
 
+class nsIPrincipal;
+
 // Popup control state enum. The values in this enum must go from most
 // permissive to least permissive so that it's safe to push state in
 // all situations. Pushing popup state onto the stack never makes the
@@ -252,6 +254,8 @@
     return win->mIsHandlingResizeEvent;
   }
 
+  // DO NOT USE THIS FUNCTION.  IT DOES NOTHING.  USE
+  // SetOpenerScriptPrincipal INSTEAD.
   virtual void SetOpenerScriptURL(nsIURI* aURI) = 0;
 
   virtual PopupControlState PushPopupControlState(PopupControlState aState,
@@ -313,7 +317,6 @@
 
   // These members are only used on outer windows.
   nsIDOMElement *mFrameElement; // weak
-  nsCOMPtr<nsIURI> mOpenerScriptURL; // strong; used to determine whether to clear scope
 
   // These variables are only used on inner windows.
   nsTimeout             *mRunningTimeout;
@@ -329,6 +332,30 @@
   nsPIDOMWindow         *mOuterWindow;
 };
 
+#define NS_PIDOMWINDOW_MOZILLA_1_8_BRANCH2_IID \
+{ 0xddd4affd, 0x6ad4, 0x44b4, \
+ { 0xa8, 0xfc, 0x78, 0x1d, 0xbd, 0xf1, 0x87, 0x1d } }
+
+class nsPIDOMWindow_MOZILLA_1_8_BRANCH2 : public nsPIDOMWindow
+{
+public:
+  NS_DEFINE_STATIC_IID_ACCESSOR(NS_PIDOMWINDOW_MOZILLA_1_8_BRANCH2_IID)
+
+  // Tell this window who opened it.  This only has an effect if there is
+  // either no document currently in the window or if the document is the
+  // original document this window came with (an about:blank document either
+  // preloaded into it when it was created, or created by
+  // CreateAboutBlankContentViewer()).
+  virtual void SetOpenerScriptPrincipal(nsIPrincipal* aPrincipal) = 0;
+  // Ask this window who opened it.
+  virtual nsIPrincipal* GetOpenerScriptPrincipal() = 0;
+
+protected:
+  nsPIDOMWindow_MOZILLA_1_8_BRANCH2(nsPIDOMWindow *aOuterWindow)
+    : nsPIDOMWindow(aOuterWindow)
+  {
+  }                                     
+};
 
 #ifdef _IMPL_NS_LAYOUT
 PopupControlState
Index: mozilla/dom/src/base/nsGlobalWindow.cpp
===================================================================
--- mozilla.orig/dom/src/base/nsGlobalWindow.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/dom/src/base/nsGlobalWindow.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -296,13 +296,28 @@
 static const char kCryptoContractID[] = NS_CRYPTO_CONTRACTID;
 static const char kPkcs11ContractID[] = NS_PKCS11_CONTRACTID;
 
+static PRBool
+IsAboutBlank(nsIURI* aURI)
+{
+  NS_PRECONDITION(aURI, "Must have URI");
+    
+  // GetSpec can be expensive for some URIs, so check the scheme first.
+  PRBool isAbout = PR_FALSE;
+  if (NS_FAILED(aURI->SchemeIs("about", &isAbout)) || !isAbout) {
+    return PR_FALSE;
+  }
+    
+  nsCAutoString str;
+  aURI->GetSpec(str);
+  return str.EqualsLiteral("about:blank");  
+}
 
 //*****************************************************************************
 //***    nsGlobalWindow: Object Management
 //*****************************************************************************
 
 nsGlobalWindow::nsGlobalWindow(nsGlobalWindow *aOuterWindow)
-  : nsPIDOMWindow(aOuterWindow),
+  : nsPIDOMWindow_MOZILLA_1_8_BRANCH2(aOuterWindow),
     mIsFrozen(PR_FALSE),
     mFullScreen(PR_FALSE),
     mIsClosed(PR_FALSE), 
@@ -521,6 +536,7 @@
   NS_INTERFACE_MAP_ENTRY(nsIDOM3EventTarget)
   NS_INTERFACE_MAP_ENTRY(nsIDOMNSEventTarget)
   NS_INTERFACE_MAP_ENTRY(nsPIDOMWindow)
+  NS_INTERFACE_MAP_ENTRY(nsPIDOMWindow_MOZILLA_1_8_BRANCH2)
   NS_INTERFACE_MAP_ENTRY(nsIDOMViewCSS)
   NS_INTERFACE_MAP_ENTRY(nsIDOMAbstractView)
   NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
@@ -581,70 +597,52 @@
 PRBool
 nsGlobalWindow::WouldReuseInnerWindow(nsIDocument *aNewDocument)
 {
-  return WouldReuseInnerWindow(aNewDocument, PR_TRUE);
-}
-
-PRBool
-nsGlobalWindow::WouldReuseInnerWindow(nsIDocument *aNewDocument, PRBool useDocURI)
-{
   // We reuse the inner window when:
-  // a. We are currently at about:blank
+  // a. We are currently at our original document.
   // b. At least one of the following conditions are true:
   // -- We are not currently a content window (i.e., we're currently a chrome
   //    window).
   // -- The new document is the same as the old document. This means that we're
   //    getting called from document.open().
-  // -- The new URI has the same origin as the script opener uri for our current
-  //    window.
+  // -- The new document has the same origin as what we have loaded right now.
 
   nsCOMPtr<nsIDocument> curDoc(do_QueryInterface(mDocument));
-  if (!curDoc || !aNewDocument) {
+  nsCOMPtr<nsIDocument_MOZILLA_1_8_BRANCH2> curDoc_MOZILLA_1_8_BRANCH2 =
+    do_QueryInterface(mDocument);
+  if (!curDoc || !curDoc_MOZILLA_1_8_BRANCH2 || !aNewDocument) {
     return PR_FALSE;
   }
 
-  nsCOMPtr<nsIURI> newURI;
-  if (useDocURI) {
-    newURI = aNewDocument->GetDocumentURI();
-  } else {
-    nsCOMPtr<nsIWebNavigation> webNav(do_QueryInterface(mDocShell));
-
-    if (webNav) {
-      webNav->GetCurrentURI(getter_AddRefs(newURI));
-    }
-  }
-
-  nsIURI* curURI = curDoc->GetDocumentURI();
-  if (!curURI || !newURI) {
+  nsIPrincipal* newPrincipal = aNewDocument->GetPrincipal();
+  if (!newPrincipal) {
+    // Play it safe
     return PR_FALSE;
   }
-
-  PRBool isAbout;
-  if (NS_FAILED(curURI->SchemeIs("about", &isAbout)) || !isAbout) {
-    return PR_FALSE;
-  }
-
-  nsCAutoString uri;
-  curURI->GetSpec(uri);
-  if (!uri.EqualsLiteral("about:blank")) {
+    
+  if (!curDoc_MOZILLA_1_8_BRANCH2->IsInitialDocument()) {
     return PR_FALSE;
   }
   
-  // Great, we're an about:blank document, check for one of the other
-  // conditions.
+  NS_ASSERTION(IsAboutBlank(curDoc->GetDocumentURI()),
+               "How'd this happen?");
+  
+  // Great, we're the original document, check for one of the other
   if (curDoc == aNewDocument) {
     // aClearScopeHint is false.
     return PR_TRUE;
   }
 
-  if (mOpenerScriptURL) {
-    if (sSecMan) {
-      PRBool isSameOrigin = PR_FALSE;
-      sSecMan->SecurityCompareURIs(mOpenerScriptURL, newURI, &isSameOrigin);
-      if (isSameOrigin) {
-        // The origin is the same.
-        return PR_TRUE;
-      }
-    }
+  nsIPrincipal* curPrincipal = curDoc->GetPrincipal();
+  if (!curPrincipal) {
+    // Play it safe
+    return PR_FALSE;
+  }
+ 
+  if (nsContentUtils::GetSecurityManager() &&
+      NS_SUCCEEDED(nsContentUtils::GetSecurityManager()->
+        CheckSameOriginPrincipal(curPrincipal, newPrincipal))) {
+    // The origin is the same.
+    return PR_TRUE;
   }
 
   nsCOMPtr<nsIDocShellTreeItem> treeItem(do_QueryInterface(mDocShell));
@@ -664,9 +662,49 @@
 void
 nsGlobalWindow::SetOpenerScriptURL(nsIURI* aURI)
 {
-  FORWARD_TO_OUTER_VOID(SetOpenerScriptURL, (aURI));
+}
+
+void
+nsGlobalWindow::SetOpenerScriptPrincipal(nsIPrincipal* aPrincipal)
+{
+  FORWARD_TO_OUTER_VOID(SetOpenerScriptPrincipal, (aPrincipal));
+
+  nsCOMPtr<nsIDocument> curDoc(do_QueryInterface(mDocument));
+  nsCOMPtr<nsIDocument_MOZILLA_1_8_BRANCH2> curDoc_MOZILLA_1_8_BRANCH2 =
+    do_QueryInterface(mDocument);
+  if (curDoc && curDoc_MOZILLA_1_8_BRANCH2) {
+    if (!curDoc_MOZILLA_1_8_BRANCH2->IsInitialDocument()) {
+      // We have a document already, and it's not the original one.  Bail out.
+      // Do NOT set mOpenerScriptPrincipal in this case, just to be safe.
+      return;
+    }
+    
+#ifdef DEBUG
+    // We better have an about:blank document loaded at this point.  Otherwise,
+    // something is really weird.
+    if (curDoc->GetPrincipal()) {
+      nsCOMPtr<nsIURI> uri;
+      curDoc->GetPrincipal()->GetURI(getter_AddRefs(uri));
+      NS_ASSERTION(uri && IsAboutBlank(uri) &&
+                   IsAboutBlank(curDoc->GetDocumentURI()),
+                   "Unexpected original document");
+    }
+#endif
+    
+    // Set the opener principal on our document; given the above check, this
+    // is safe.
+    curDoc->SetPrincipal(aPrincipal);
+  }
+
+  mOpenerScriptPrincipal = aPrincipal;
+}
+
+nsIPrincipal*
+nsGlobalWindow::GetOpenerScriptPrincipal()
+{
+  FORWARD_TO_OUTER(GetOpenerScriptPrincipal, (), nsnull);
 
-  mOpenerScriptURL = aURI;
+  return mOpenerScriptPrincipal;
 }
 
 PopupControlState
@@ -944,7 +982,7 @@
   // check xpc here.
   nsIXPConnect *xpc = nsContentUtils::XPConnect();
 
-  PRBool reUseInnerWindow = WouldReuseInnerWindow(newDoc, PR_FALSE);
+  PRBool reUseInnerWindow = WouldReuseInnerWindow(newDoc);
 
   // XXX We used to share event listeners between inner windows in special
   // circumstances (that were remarkably close to the conditions that we set
@@ -3530,6 +3568,7 @@
   if (mDocShell) {
     // Don't look for a presshell if we're a root chrome window that's got
     // about:blank loaded.  We don't want to focus our widget in that case.
+    // XXXbz should we really be checking for IsInitialDocument() instead?
     PRBool lookForPresShell = PR_TRUE;
     PRInt32 itemType = nsIDocShellTreeItem::typeContent;
     nsCOMPtr<nsIDocShellTreeItem> treeItem(do_QueryInterface(mDocShell));
@@ -3541,12 +3580,8 @@
       nsCOMPtr<nsIDocument> doc(do_QueryInterface(mDocument));
       NS_ASSERTION(doc, "Bogus doc?");
       nsIURI* ourURI = doc->GetDocumentURI();
-      PRBool isAbout;
-      if (ourURI && NS_SUCCEEDED(ourURI->SchemeIs("about", &isAbout)) &&
-          isAbout) {
-        nsCAutoString spec;
-        ourURI->GetSpec(spec);
-        lookForPresShell = !spec.EqualsLiteral("about:blank");
+      if (ourURI) {
+        lookForPresShell = !IsAboutBlank(ourURI);
       }
     }
       
@@ -5978,25 +6013,7 @@
 
   // success!
 
-  if (domReturn) {
-    CallQueryInterface(domReturn, aReturn);
-
-    // Save the principal of the calling script
-    // We need it to decide whether to clear the scope in SetNewDocument
-    NS_ASSERTION(sSecMan, "No Security Manager Found!");
-    if (sSecMan) {
-      nsCOMPtr<nsIPrincipal> principal;
-      sSecMan->GetSubjectPrincipal(getter_AddRefs(principal));
-      if (principal) {
-        nsCOMPtr<nsIURI> subjectURI;
-        principal->GetURI(getter_AddRefs(subjectURI));
-        if (subjectURI) {
-          nsCOMPtr<nsPIDOMWindow> domReturnPrivate(do_QueryInterface(domReturn));
-          domReturnPrivate->SetOpenerScriptURL(subjectURI);
-        }
-      }
-    }
-  }
+  domReturn.swap(*aReturn);
 
   return rv;
 }
Index: mozilla/dom/src/base/nsGlobalWindow.h
===================================================================
--- mozilla.orig/dom/src/base/nsGlobalWindow.h	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/dom/src/base/nsGlobalWindow.h	2007-07-16 11:53:05.000000000 +0200
@@ -129,7 +129,7 @@
 // belonging to the same outer window, but that's an unimportant
 // side effect of inheriting PRCList).
 
-class nsGlobalWindow : public nsPIDOMWindow,
+class nsGlobalWindow : public nsPIDOMWindow_MOZILLA_1_8_BRANCH2,
                        public nsIScriptGlobalObject,
                        public nsIDOMJSWindow,
                        public nsIScriptObjectPrincipal,
@@ -224,6 +224,10 @@
 
   virtual NS_HIDDEN_(PRBool) WouldReuseInnerWindow(nsIDocument *aNewDocument);
 
+  // nsPIDOMWindow_MOZILLA_1_8_BRANCH2
+  virtual NS_HIDDEN_(void) SetOpenerScriptPrincipal(nsIPrincipal* aPrincipal);
+  virtual NS_HIDDEN_(nsIPrincipal*) GetOpenerScriptPrincipal();
+  
   // nsIDOMViewCSS
   NS_DECL_NSIDOMVIEWCSS
 
@@ -294,8 +298,6 @@
                           PRBool aClearScopeHint,
                           PRBool aIsInternalCall);
 
-  PRBool WouldReuseInnerWindow(nsIDocument *aNewDocument, PRBool useDocURI);
-
   // Get the parent, returns null if this is a toplevel window
   nsIDOMWindowInternal *GetParentInternal();
 
@@ -461,6 +463,8 @@
   nsCOMPtr<nsIDOMPkcs11>        mPkcs11;
 
   nsCOMPtr<nsIXPConnectJSObjectHolder> mInnerWindowHolder;
+  nsCOMPtr<nsIPrincipal> mOpenerScriptPrincipal; // strong; used to determine
+                                                 // whether to clear scope
 
   // These member variable are used only on inner windows.
   nsCOMPtr<nsIEventListenerManager> mListenerManager;
Index: mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp
===================================================================
--- mozilla.orig/dom/src/jsurl/nsJSProtocolHandler.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -222,10 +222,8 @@
         if (!principal)
             return NS_ERROR_FAILURE;
 
-        //-- Don't run if the script principal is different from the
-        //   principal of the context, with two exceptions: we allow
-        //   the script to run if the script has the system principal
-        //   or the context is about:blank.
+        //-- Don't run if the script principal is different from the principal
+        //   of the context, unless the script has the system principal.
         nsCOMPtr<nsIPrincipal> objectPrincipal;
         rv = securityManager->GetObjectPrincipal(
                                 (JSContext*)scriptContext->GetNativeContext(),
Index: mozilla/embedding/components/windowwatcher/src/Makefile.in
===================================================================
--- mozilla.orig/embedding/components/windowwatcher/src/Makefile.in	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/embedding/components/windowwatcher/src/Makefile.in	2007-07-16 11:53:05.000000000 +0200
@@ -63,6 +63,7 @@
 		  embed_base \
 		  intl \
 		  layout \
+		  uriloader \
 		  $(NULL)
 
 CPPSRCS		= nsPrompt.cpp \
Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
===================================================================
--- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.cpp	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.cpp	2007-07-16 11:53:05.000000000 +0200
@@ -58,6 +58,7 @@
 #include "nsIDOMWindow.h"
 #include "nsIDOMChromeWindow.h"
 #include "nsIDOMWindowInternal.h"
+#include "nsIScriptObjectPrincipal.h"
 #include "nsIScreen.h"
 #include "nsIScreenManager.h"
 #include "nsIScriptContext.h"
@@ -684,7 +685,7 @@
   if (!newDocShellItem)
     return rv;
 
-  rv = ReadyOpenedDocShellItem(newDocShellItem, aParent, _retval);
+  rv = ReadyOpenedDocShellItem(newDocShellItem, aParent, windowIsNew, _retval);
   if (NS_FAILED(rv))
     return rv;
 
@@ -750,6 +751,43 @@
     }
   }
 
+  // Now we have to set the right opener principal on the new window.  Note
+  // that we have to do this _before_ starting any URI loads, thanks to the
+  // sync nature of javascript: loads.  Since this is the only place where we
+  // set said opener principal, we need to do it for all URIs, including
+  // chrome ones.  So to deal with the mess that is bug 79775, just press on in
+  // a reasonable way even if GetSubjectPrincipal fails.  In that case, just
+  // use a null subjectPrincipal.
+  nsCOMPtr<nsIPrincipal> subjectPrincipal;
+  if (NS_FAILED(sm->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal)))) {
+    subjectPrincipal = nsnull;
+  }
+
+  if (windowIsNew) {
+    // Now set the opener principal on the new window.  Note that we need to do
+    // this no matter whether we were opened from JS; if there is nothing on
+    // the JS stack, just use the principal of our parent window.  In those
+    // cases we do _not_ set the parent window principal as the owner of the
+    // load--since we really don't know who the owner is, just leave it null.
+    nsIPrincipal* newWindowPrincipal = subjectPrincipal;
+    if (!newWindowPrincipal && aParent) {
+      nsCOMPtr<nsIScriptObjectPrincipal> sop(do_QueryInterface(aParent));
+      if (sop) {
+        newWindowPrincipal = sop->GetPrincipal();
+      }
+    }
+
+    nsCOMPtr<nsPIDOMWindow_MOZILLA_1_8_BRANCH2> newWindow =
+      do_QueryInterface(*_retval);
+#ifdef DEBUG
+    nsCOMPtr<nsPIDOMWindow> newDebugWindow = do_GetInterface(newDocShell);
+    NS_ASSERTION(newWindow == newDebugWindow, "Different windows??");
+#endif
+    if (newWindow) {
+      newWindow->SetOpenerScriptPrincipal(newWindowPrincipal);
+    }
+  }
+
   if (uriToLoad) { // get the script principal and pass it to docshell
     JSContextAutoPopper contextGuard;
 
@@ -769,15 +807,8 @@
     newDocShell->CreateLoadInfo(getter_AddRefs(loadInfo));
     NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);
 
-    if (!uriToLoadIsChrome) {
-      nsCOMPtr<nsIPrincipal> principal;
-      if (NS_FAILED(sm->GetSubjectPrincipal(getter_AddRefs(principal))))
-        return NS_ERROR_FAILURE;
-
-      if (principal) {
-        nsCOMPtr<nsISupports> owner(do_QueryInterface(principal));
-        loadInfo->SetOwner(owner);
-      }
+    if (subjectPrincipal) {
+      loadInfo->SetOwner(subjectPrincipal);
     }
 
     // Set the new window's referrer from the calling context's document:
@@ -1523,6 +1554,7 @@
 nsresult
 nsWindowWatcher::ReadyOpenedDocShellItem(nsIDocShellTreeItem *aOpenedItem,
                                          nsIDOMWindow        *aParent,
+                                         PRBool              aWindowIsNew,
                                          nsIDOMWindow        **aOpenedWindow)
 {
   nsresult rv = NS_ERROR_FAILURE;
@@ -1533,6 +1565,15 @@
     if (aParent) {
       nsCOMPtr<nsIDOMWindowInternal> internalParent(do_QueryInterface(aParent));
       globalObject->SetOpenerWindow(internalParent); // damnit
+
+      if (aWindowIsNew) {
+        nsCOMPtr<nsPIDOMWindow> win = do_QueryInterface(globalObject);
+        nsCOMPtr<nsIDocument_MOZILLA_1_8_BRANCH2> doc =
+          do_QueryInterface(win->GetExtantDocument());
+        if (doc) {
+          doc->SetIsInitialDocument(PR_TRUE);
+        }
+      }
     }
     rv = CallQueryInterface(globalObject, aOpenedWindow);
   }
Index: mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h
===================================================================
--- mozilla.orig/embedding/components/windowwatcher/src/nsWindowWatcher.h	2007-07-16 11:51:44.000000000 +0200
+++ mozilla/embedding/components/windowwatcher/src/nsWindowWatcher.h	2007-07-16 11:53:05.000000000 +0200
@@ -100,6 +100,7 @@
                                  PRInt32 aDefault, PRBool *aPresenceFlag);
   static nsresult   ReadyOpenedDocShellItem(nsIDocShellTreeItem *aOpenedItem,
                                             nsIDOMWindow *aParent,
+                                            PRBool aWindowIsNew,
                                             nsIDOMWindow **aOpenedWindow);
   static void       SizeOpenedDocShellItem(nsIDocShellTreeItem *aDocShellItem,
                                            nsIDOMWindow *aParent,

mozilla-382532.patch:
 jsfun.c |   13 +++++++++----
 jsobj.c |    3 ++-
 jsobj.h |    4 ++++
 3 files changed, 15 insertions(+), 5 deletions(-)

--- NEW FILE mozilla-382532.patch ---
 js/src/jsfun.c |   13 +++++++++----
 js/src/jsobj.c |    3 ++-
 js/src/jsobj.h |    4 ++++
 3 files changed, 15 insertions(+), 5 deletions(-)

Index: mozilla/js/src/jsfun.c
===================================================================
--- mozilla.orig/js/src/jsfun.c	2007-07-16 10:49:46.000000000 +0000
+++ mozilla/js/src/jsfun.c	2007-07-16 10:53:05.000000000 +0000
@@ -1051,28 +1051,33 @@
 static JSBool
 fun_resolve(JSContext *cx, JSObject *obj, jsval id, uintN flags,
             JSObject **objp)
 {
     JSFunction *fun;
     JSString *str;
     JSAtom *prototypeAtom;
 
+    /*
+     * No need to reflect fun.prototype in 'fun.prototype = ...' or in an
+     * unqualified reference to prototype, which the emitter looks up as a
+     * hidden atom when attempting to bind to a formal parameter or local
+     * variable slot.
+     */
+    if (flags & (JSRESOLVE_ASSIGNING | JSRESOLVE_HIDDEN))
+        return JS_TRUE;
+
     if (!JSVAL_IS_STRING(id))
         return JS_TRUE;
 
     /* No valid function object should lack private data, but check anyway. */
     fun = (JSFunction *)JS_GetInstancePrivate(cx, obj, &js_FunctionClass, NULL);
     if (!fun || !fun->object)
         return JS_TRUE;
 
-    /* No need to reflect fun.prototype in 'fun.prototype = ...'. */
-    if (flags & JSRESOLVE_ASSIGNING)
-        return JS_TRUE;
-
     /*
      * Ok, check whether id is 'prototype' and bootstrap the function object's
      * prototype property.
      */
     str = JSVAL_TO_STRING(id);
     prototypeAtom = cx->runtime->atomState.classPrototypeAtom;
     if (str == ATOM_TO_STRING(prototypeAtom)) {
         JSObject *proto, *parentProto;
Index: mozilla/js/src/jsobj.c
===================================================================
--- mozilla.orig/js/src/jsobj.c	2007-07-16 10:52:44.000000000 +0000
+++ mozilla/js/src/jsobj.c	2007-07-16 10:53:05.000000000 +0000
@@ -2568,17 +2568,18 @@
                                 flags, shortid);
 }
 
 JSBool
 js_LookupHiddenProperty(JSContext *cx, JSObject *obj, jsid id, JSObject **objp,
                         JSProperty **propp)
 {
     return HidePropertyName(cx, &id) &&
-           js_LookupProperty(cx, obj, id, objp, propp);
+           js_LookupPropertyWithFlags(cx, obj, id, JSRESOLVE_HIDDEN,
+                                      objp, propp);
 }
 
 JSScopeProperty *
 js_AddNativeProperty(JSContext *cx, JSObject *obj, jsid id,
                      JSPropertyOp getter, JSPropertyOp setter, uint32 slot,
                      uintN attrs, uintN flags, intN shortid)
 {
     JSScope *scope;
Index: mozilla/js/src/jsobj.h
===================================================================
--- mozilla.orig/js/src/jsobj.h	2007-07-16 10:49:47.000000000 +0000
+++ mozilla/js/src/jsobj.h	2007-07-16 10:53:05.000000000 +0000
@@ -405,21 +405,25 @@
  * must later call OBJ_DROP_PROPERTY(cx, *objp, *propp).
  */
 extern JS_FRIEND_API(JSBool)
 js_LookupProperty(JSContext *cx, JSObject *obj, jsid id, JSObject **objp,
                   JSProperty **propp);
 
 /*
  * Specialized subroutine that allows caller to preset JSRESOLVE_* flags.
+ * JSRESOLVE_HIDDEN flags hidden function param/local name lookups, just for
+ * internal use by fun_resolve and similar built-ins.
  */
 extern JSBool
 js_LookupPropertyWithFlags(JSContext *cx, JSObject *obj, jsid id, uintN flags,
                            JSObject **objp, JSProperty **propp);
 
+#define JSRESOLVE_HIDDEN        0x8000
+
 extern JS_FRIEND_API(JSBool)
 js_FindProperty(JSContext *cx, jsid id, JSObject **objp, JSObject **pobjp,
                 JSProperty **propp);
 
 extern JSObject *
 js_FindIdentifierBase(JSContext *cx, jsid id);
 
 extern JSObject *

mozilla-384925.patch:
 pluginInstallerDatasource.js |   30 +++++++++++++++++-------------
 pluginInstallerService.js    |    7 +++++--
 pluginInstallerWizard.js     |    7 ++++++-
 3 files changed, 28 insertions(+), 16 deletions(-)

--- NEW FILE mozilla-384925.patch ---
---
 toolkit/mozapps/plugins/content/pluginInstallerDatasource.js |   30 ++++++-----
 toolkit/mozapps/plugins/content/pluginInstallerService.js    |    7 +-
 toolkit/mozapps/plugins/content/pluginInstallerWizard.js     |    7 ++
 3 files changed, 28 insertions(+), 16 deletions(-)

Index: mozilla/toolkit/mozapps/plugins/content/pluginInstallerDatasource.js
===================================================================
--- mozilla.orig/toolkit/mozapps/plugins/content/pluginInstallerDatasource.js	2007-07-16 11:06:06.000000000 +0200
+++ mozilla/toolkit/mozapps/plugins/content/pluginInstallerDatasource.js	2007-07-16 11:06:26.000000000 +0200
@@ -104,37 +104,41 @@
         target = null;
         children = container.GetElements();
 
         var child = children.getNext();
         if (child instanceof Components.interfaces.nsIRDFResource){
           target = child;
         }
 
-        function getPFSValueFromRDF(aValue, aDatasource, aRDFService){
+        var rdfs = this._rdfService;
+
+        function getPFSValueFromRDF(aValue){
           var rv = null;
 
-          var myTarget = aDatasource.GetTarget(target, aRDFService.GetResource(PFS_NS + aValue), true);
+          var myTarget = aDatasource.GetTarget(target, rdfs.GetResource(PFS_NS + aValue), true);
           if (myTarget)
             rv = myTarget.QueryInterface(Components.interfaces.nsIRDFLiteral).Value;
 
           return rv;
         }
 
-        pluginInfo = new Object();
-        pluginInfo.name = getPFSValueFromRDF("name", aDatasource, this._rdfService);
-        pluginInfo.pid = getPFSValueFromRDF("guid", aDatasource, this._rdfService);
-        pluginInfo.version = getPFSValueFromRDF("version", aDatasource, this._rdfService);
-        pluginInfo.IconUrl = getPFSValueFromRDF("IconUrl", aDatasource, this._rdfService);
-        pluginInfo.XPILocation = getPFSValueFromRDF("XPILocation", aDatasource, this._rdfService);
-        pluginInfo.InstallerShowsUI = getPFSValueFromRDF("InstallerShowsUI", aDatasource, this._rdfService);
-        pluginInfo.manualInstallationURL = getPFSValueFromRDF("manualInstallationURL", aDatasource, this._rdfService);
-        pluginInfo.requestedMimetype = getPFSValueFromRDF("requestedMimetype", aDatasource, this._rdfService);
-        pluginInfo.licenseURL = getPFSValueFromRDF("licenseURL", aDatasource, this._rdfService);
-        pluginInfo.needsRestart = getPFSValueFromRDF("needsRestart", aDatasource, this._rdfService);
+        pluginInfo = {
+          name: getPFSValueFromRDF("name"),
+          pid: getPFSValueFromRDF("guid"),
+          version: getPFSValueFromRDF("version"),
+          IconUrl: getPFSValueFromRDF("IconUrl"),
+          XPILocation: getPFSValueFromRDF("XPILocation"),
+          XPIHash: getPFSValueFromRDF("XPIHash"),
+          InstallerShowsUI: getPFSValueFromRDF("InstallerShowsUI"),
+          manualInstallationURL: getPFSValueFromRDF("manualInstallationURL"),
+          requestedMimetype: getPFSValueFromRDF("requestedMimetype"),
+          licenseURL: getPFSValueFromRDF("licenseURL"),
+          needsRestart: getPFSValueFromRDF("needsRestart")
+        };
       }
       catch (ex){}
     }
     catch (ex){}
     
     gPluginInstaller.pluginInfoReceived(pluginInfo);
   },
 
Index: mozilla/toolkit/mozapps/plugins/content/pluginInstallerService.js
===================================================================
--- mozilla.orig/toolkit/mozapps/plugins/content/pluginInstallerService.js	2007-07-16 11:06:06.000000000 +0200
+++ mozilla/toolkit/mozapps/plugins/content/pluginInstallerService.js	2007-07-16 11:06:26.000000000 +0200
@@ -38,22 +38,25 @@
 var PluginInstallService = {
   
   init: function () 
   {
   },
 
   pluginPidArray: null,
 
-  startPluginInsallation: function (aPluginXPIUrlsArray, aPluginPidArray) {
+  startPluginInsallation: function (aPluginXPIUrlsArray,
+                                    aPluginHashes,
+                                    aPluginPidArray) {
      this.pluginPidArray = aPluginPidArray;
 
      var xpiManager = Components.classes["@mozilla.org/xpinstall/install-manager;1"]
                                 .createInstance(Components.interfaces.nsIXPInstallManager);
-     xpiManager.initManagerFromChrome(aPluginXPIUrlsArray, aPluginXPIUrlsArray.length, this);
+     xpiManager.initManagerWithHashes(aPluginXPIUrlsArray, aPluginHashes,
+                                      aPluginXPIUrlsArray.length, this);
   },
 
   // XPI progress listener stuff
   onStateChange: function (aIndex, aState, aValue)
   {
     // get the pid to return to the wizard
     var pid = this.pluginPidArray[aIndex];
     var errorMsg;
Index: mozilla/toolkit/mozapps/plugins/content/pluginInstallerWizard.js
===================================================================
--- mozilla.orig/toolkit/mozapps/plugins/content/pluginInstallerWizard.js	2007-07-16 11:06:06.000000000 +0200
+++ mozilla/toolkit/mozapps/plugins/content/pluginInstallerWizard.js	2007-07-16 11:06:26.000000000 +0200
@@ -319,31 +319,35 @@
   this.canAdvance(false);
   this.canRewind(false);
 
   // since the user can choose what plugins to install, we need to store
   // which ones were choosen, as nsIXPInstallManager returns an index and not the
   // mimetype.  So store the pids.
 
   var pluginURLArray = new Array();
+  var pluginHashArray = new Array();
   var pluginPidArray = new Array();
 
   for (pluginInfoItem in this.mPluginInfoArray){
     var pluginItem = this.mPluginInfoArray[pluginInfoItem];
 
     // only push to the array if it has an XPILocation, else nsIXPInstallManager
     // will complain.
     if (pluginItem.toBeInstalled && pluginItem.XPILocation && pluginItem.licenseAccepted) {
       pluginURLArray.push(pluginItem.XPILocation);
+      pluginHashArray.push(pluginItem.XPIHash);
       pluginPidArray.push(pluginItem.pid);
     }
   }
 
   if (pluginURLArray.length > 0)
-    PluginInstallService.startPluginInsallation(pluginURLArray, pluginPidArray);
+    PluginInstallService.startPluginInsallation(pluginURLArray,
+                                                pluginHashArray,
+                                                pluginPidArray);
   else
     this.advancePage(null, true, false, false);
 }
 
 /*
   0    starting download
   1    download finished
   2    starting installation
@@ -594,16 +598,17 @@
 }
 
 function PluginInfo(aResult) {
   this.name = aResult.name;
   this.pid = aResult.pid;
   this.version = aResult.version;
   this.IconUrl = aResult.IconUrl;
   this.XPILocation = aResult.XPILocation;
+  this.XPIHash = aResult.XPIHash;
   this.InstallerShowsUI = aResult.InstallerShowsUI;
   this.manualInstallationURL = aResult.manualInstallationURL;
   this.requestedMimetype = aResult.requestedMimetype;
   this.licenseURL = aResult.licenseURL;
   this.needsRestart = (aResult.needsRestart == "true");
 
   this.error = null;
   this.toBeInstalled = true;


Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/firefox/FC-6/.cvsignore,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- .cvsignore	11 Oct 2006 20:54:47 -0000	1.30
+++ .cvsignore	18 Jul 2007 04:45:35 -0000	1.31
@@ -1,3 +1,3 @@
-firefox-1.5.0.6-source.tar.bz2
-firefox-langpacks-1.5.0.6-20060803.tar.bz2
+mozilla-180-20070717.tar.bz2
+firefox-langpacks-1.5.0.12-20070529.tar.bz2
 add-gecko-provides


Index: firefox.spec
===================================================================
RCS file: /cvs/dist/rpms/firefox/FC-6/firefox.spec,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- firefox.spec	30 May 2007 20:40:46 -0000	1.170
+++ firefox.spec	18 Jul 2007 04:45:35 -0000	1.171
@@ -11,12 +11,13 @@
 Summary:        Mozilla Firefox Web browser.
 Name:           firefox
 Version:        1.5.0.12
-Release:        1%{?dist}
+Release:        2%{?dist}
 URL:            http://www.mozilla.org/projects/firefox/
 License:        MPL/LGPL
 Group:          Applications/Internet
 %if %{official_branding}
-%define tarball firefox-%{version}-source.tar.bz2
+#%define tarball firefox-%{version}-source.tar.bz2
+%define tarball mozilla-180-20070717.tar.bz2
 %else
 %define tarball firefox-1.5rc3-source.tar.bz2
 %endif
@@ -52,6 +53,12 @@
 # local bugfixes
 Patch40:        firefox-1.5-bullet-bill.patch
 Patch42:        firefox-1.1-uriloader.patch
+Patch50:        mozilla-358594.patch
+Patch51:        mozilla-379245.patch
+Patch52:        mozilla-382532.patch
+Patch53:        mozilla-178993.patch
+Patch55:        mozilla-384925.patch
+Patch56:        mozilla-381300.patch
 
 # font system fixes
 Patch81:        firefox-1.5-nopangoxft.patch
@@ -66,7 +73,6 @@
 # Other
 Patch102:       firefox-1.5-theme-change.patch
 Patch103:	firefox-1.5-ppc64.patch
-Patch104:       firefox-1.5-thread-cleanup.patch
 
 %if %{official_branding}
 # Required by Mozilla Corporation
@@ -153,6 +159,12 @@
 #%patch27 -p1
 %patch40 -p1
 %patch42 -p0
+%patch50 -p1
+%patch51 -p1
+%patch52 -p1
+%patch53 -p1
+%patch55 -p1
+%patch56 -p1
 
 # font system fixes
 %patch81 -p1 -b .nopangoxft
@@ -173,7 +185,6 @@
 
 %patch102 -p0 -b .theme-change
 %patch103 -p1 -b .ppc64
-%patch104 -p1 -b .clean
 
 # For branding specific patches.
 
@@ -456,6 +467,11 @@
 #---------------------------------------------------------------------
 
 %changelog
+* Tue Jul 17 2007 Kai Engert <kengert redhat com> - 1.5.0.12-2
+- Update to latest snapshot of Mozilla 1.8.0 branch
+- Include patches for Mozilla bugs 379245, 384925, 178993,
+  381300 (+382686), 358594 (+380933), 382532 (+382503)
+
 * Wed May 30 2007 Christopher Aillon <caillon redhat com> 1.5.0.12-1
 - Update to 1.5.0.12
 


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/firefox/FC-6/sources,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- sources	30 May 2007 20:40:46 -0000	1.37
+++ sources	18 Jul 2007 04:45:35 -0000	1.38
@@ -1,2 +1,2 @@
-dd5add97bd75287817c820ef856a30ed  firefox-1.5.0.12-source.tar.bz2
 04b6e4b4a38f50a3546a483d876e2fa1  firefox-langpacks-1.5.0.12-20070529.tar.bz2
+a4e46e60012ac52aa166f291f5ea3007  mozilla-180-20070717.tar.bz2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]