From c49e8401c512704ef44af0b6708e5c5a3c0143a0 Mon Sep 17 00:00:00 2001
From: girst <girst@users.noreply.github.com>
Date: Sun, 25 Feb 2024 16:14:49 +0100
Subject: [PATCH] populate more data in contentAreaClick

Bug 1800149 introduced ClickHandlerParent.fillInClickEvent() which we
just inline. Previously, mozilla passed these params from the content
process, which could be a problem if the content process was compromised

Note that this code does not work with mozilla68 because
window.browsingContext was only introduced afterwards.

Further, for documentation:
* until mozilla110, isContentWindowPrivate was calculated differently:
  https://hg.mozilla.org/mozilla-central/rev/a868f954be08#l1.51
* frameID used to use the same code as frameOuterWindowID in <=fx110:
  WebNavigationFrames.getFrameId(window.document.defaultView)
---
 extension/lib/utils.coffee | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/extension/lib/utils.coffee b/extension/lib/utils.coffee
index 2c19847..ba332f5 100644
--- a/extension/lib/utils.coffee
+++ b/extension/lib/utils.coffee
@@ -4,6 +4,8 @@
   .importESModule('resource:///modules/PlacesUIUtils.sys.mjs')
 {PrivateBrowsingUtils} = ChromeUtils
   .importESModule('resource://gre/modules/PrivateBrowsingUtils.sys.mjs')
+{WebNavigationFrames} = ChromeUtils
+  .importESModule('resource://gre/modules/WebNavigationFrames.sys.mjs')
 
 nsIClipboardHelper = Cc['@mozilla.org/widget/clipboardhelper;1']
   .getService(Ci.nsIClipboardHelper)
@@ -313,16 +315,17 @@ contentAreaClick = (data, browser) ->
   # our version is only invoked from the parent process, so we can pass
   # data.csp and data.referrerInfo without calling the E10SUtils helpers.
   window = browser.ownerGlobal
+  wgp = window.browsingContext.currentWindowGlobal
 
   params = {
     charset: browser.characterSet,
     referrerInfo: data.referrerInfo # passed unserialized
-    isContentWindowPrivate: data.isContentWindowPrivate,
-    originPrincipal: data.originPrincipal,
-    originStoragePrincipal: data.originStoragePrincipal,
+    isContentWindowPrivate: wgp.browsingContext.usePrivateBrowsing,
+    originPrincipal: wgp.documentPrincipal,
+    originStoragePrincipal: wgp.documentStoragePrincipal,
     triggeringPrincipal: data.triggeringPrincipal,
     csp: data.csp # passed unserialized
-    frameID: data.frameID,
+    frameID: WebNavigationFrames.getFrameId(wgp.browsingContext),
     allowInheritPrincipal: true,
     openerBrowser: browser,
     hasValidUserGestureActivation: true,
-- 
2.39.3