Issue #2736 - Part 8: Re-work <video> and <audio> src attribute.

Use subject principal as triggering principal in <video>/<audio> "src" attribute. We deviate from Mozilla here because we do not worry about content isolation principals in Page Info.
2026-05-26 14:54:25 +00:00 · 2025-04-29 21:28:50 +02:00
parent 2416e71cd3
commit b6bdce6f98
3 changed files with 13 additions and 4 deletions
@@ -3734,6 +3734,9 @@ HTMLMediaElement::AfterSetAttr(int32_t aNameSpaceID, nsIAtom* aName,
  if (aNameSpaceID == kNameSpaceID_None) {
    if (aName == nsGkAtoms::src) {
      mSrcMediaSource = nullptr;
+      mSrcAttrTriggeringPrincipal = nsContentUtils::GetAttrTriggeringPrincipal(
+          this, aValue ? aValue->GetStringValue() : EmptyString(),
+          aMaybeScriptedPrincipal);
      if (aValue) {
        nsString srcStr = aValue->GetStringValue();
        nsCOMPtr<nsIURI> uri;
@@ -410,10 +410,13 @@ public:

  MediaError* GetError() const;

-  // XPCOM GetSrc() is OK
-  void SetSrc(const nsAString& aSrc, ErrorResult& aRv)
+  void GetSrc(nsString& aSrc, nsIPrincipal&)
  {
-    SetHTMLAttr(nsGkAtoms::src, aSrc, aRv);
+    GetSrc(aSrc); // XPCOM
+  }
+  void SetSrc(const nsAString& aSrc, nsIPrincipal& aTriggeringPrincipal, ErrorResult& aRv)
+  {
+    SetHTMLAttr(nsGkAtoms::src, aSrc, aTriggeringPrincipal, aRv);
  }

  // XPCOM GetCurrentSrc() is OK
@@ -1326,6 +1329,9 @@ protected:
  // set in the src attribute.
  RefPtr<DOMMediaStream> mSrcAttrStream;

+  // Holds the triggering principal for the src attribute.
+  nsCOMPtr<nsIPrincipal> mSrcAttrTriggeringPrincipal;
+
  // Holds a reference to the DOM wrapper for the MediaStream that we're
  // actually playing.
  // At most one of mDecoder and mSrcStream can be non-null.
@@ -17,7 +17,7 @@ interface HTMLMediaElement : HTMLElement {
  readonly attribute MediaError? error;

  // network state
-  [CEReactions, SetterThrows]
+  [CEReactions, NeedsSubjectPrincipal, SetterThrows]
           attribute DOMString src;
  readonly attribute DOMString currentSrc;