From 89a619e5c6df544a081b9ccbaae76e33b4143c24 Mon Sep 17 00:00:00 2001
From: teramako
Date: Thu, 18 Jun 2009 16:19:11 +0000
Subject: security fix: Components.util.Sandbox(window) can use xpconnect

git-svn-id: http://svn.coderepos.org/share/lang/javascript/vimperator-plugins/trunk@34032 d0d07461-0603-4401-acd4-de1884942a52
---
 commandBookmarklet.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'commandBookmarklet.js')

diff --git a/commandBookmarklet.js b/commandBookmarklet.js
index 829c9cd..18adf93 100644
--- a/commandBookmarklet.js
+++ b/commandBookmarklet.js
@@ -98,7 +98,7 @@ function toBoolean (value, def) {
 }
 
 function evalInSandbox (str) {
-  let sandbox = new Components.utils.Sandbox(buffer.URL);
+  let sandbox = new Components.utils.Sandbox("about:blank");
   sandbox.__proto__ = content.window.wrappedJSObject;
   return Components.utils.evalInSandbox(str, sandbox);
 }
-- 
cgit v1.2.3