From dfab0d56038b3afe61857061c3dbf8d00ab7a361 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Wed, 10 Aug 2016 16:18:57 +0200 Subject: [PATCH] Tighten sandboxed scripts Part 1 Add a chrome and XBL accessor for the sandboxed scripts flag to Document WEBIDL. This also includes changes to use the new function instead of getting and checking the sandbox flags in most places. --- dom/base/nsDocument.cpp | 8 +++++++- dom/base/nsIDocument.h | 2 ++ dom/base/nsScriptLoader.cpp | 4 ++-- dom/events/EventListenerManager.cpp | 2 +- dom/jsurl/nsJSProtocolHandler.cpp | 2 +- dom/webidl/Document.webidl | 6 ++++++ 6 files changed, 19 insertions(+), 5 deletions(-) diff --git a/dom/base/nsDocument.cpp b/dom/base/nsDocument.cpp index b1f0267e6b..07fbd8822f 100644 --- a/dom/base/nsDocument.cpp +++ b/dom/base/nsDocument.cpp @@ -8328,7 +8328,7 @@ nsDocument::IsScriptEnabled() { // If this document is sandboxed without 'allow-scripts' // script is not enabled - if (mSandboxFlags & SANDBOXED_SCRIPTS) { + if (HasScriptsBlockedBySandbox()) { return false; } @@ -12770,6 +12770,12 @@ nsDocument::Evaluate(const nsAString& aExpression, nsIDOMNode* aContextNode, aInResult, aResult); } +bool +nsIDocument::HasScriptsBlockedBySandbox() +{ + return mSandboxFlags & SANDBOXED_SCRIPTS; +} + XPathEvaluator* nsIDocument::XPathEvaluator() { diff --git a/dom/base/nsIDocument.h b/dom/base/nsIDocument.h index 793b8a038a..bceab74c52 100644 --- a/dom/base/nsIDocument.h +++ b/dom/base/nsIDocument.h @@ -2522,6 +2522,8 @@ public: mozilla::dom::FontFaceSet* GetFonts(mozilla::ErrorResult& aRv); bool DidFireDOMContentLoaded() const { return mDidFireDOMContentLoaded; } + + bool HasScriptsBlockedBySandbox(); private: uint64_t mDeprecationWarnedAbout; diff --git a/dom/base/nsScriptLoader.cpp b/dom/base/nsScriptLoader.cpp index a418251152..7fd66a5ee0 100644 --- a/dom/base/nsScriptLoader.cpp +++ b/dom/base/nsScriptLoader.cpp @@ -304,7 +304,7 @@ nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType, nsCOMPtr prompter(do_QueryInterface(docshell)); // If this document is sandboxed without 'allow-scripts', abort. - if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) { + if (mDocument->HasScriptsBlockedBySandbox()) { return NS_OK; } @@ -729,7 +729,7 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement) // inline script // Is this document sandboxed without 'allow-scripts'? - if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) { + if (mDocument->HasScriptsBlockedBySandbox()) { return false; } diff --git a/dom/events/EventListenerManager.cpp b/dom/events/EventListenerManager.cpp index 864e20a27e..f84aa13522 100644 --- a/dom/events/EventListenerManager.cpp +++ b/dom/events/EventListenerManager.cpp @@ -681,7 +681,7 @@ EventListenerManager::SetEventHandler(nsIAtom* aName, if (doc) { // Don't allow adding an event listener if the document is sandboxed // without 'allow-scripts'. - if (doc->GetSandboxFlags() & SANDBOXED_SCRIPTS) { + if (doc->HasScriptsBlockedBySandbox()) { return NS_ERROR_DOM_SECURITY_ERR; } diff --git a/dom/jsurl/nsJSProtocolHandler.cpp b/dom/jsurl/nsJSProtocolHandler.cpp index fcb2a66a9e..83a32a05bb 100644 --- a/dom/jsurl/nsJSProtocolHandler.cpp +++ b/dom/jsurl/nsJSProtocolHandler.cpp @@ -208,7 +208,7 @@ nsresult nsJSThunk::EvaluateScript(nsIChannel *aChannel, // Sandboxed document check: javascript: URI's are disabled // in a sandboxed document unless 'allow-scripts' was specified. nsIDocument* doc = aOriginalInnerWindow->GetExtantDoc(); - if (doc && (doc->GetSandboxFlags() & SANDBOXED_SCRIPTS)) { + if (doc && doc->HasScriptsBlockedBySandbox()) { return NS_ERROR_DOM_RETVAL_UNDEFINED; } diff --git a/dom/webidl/Document.webidl b/dom/webidl/Document.webidl index 8a529a60aa..dff58c6b16 100644 --- a/dom/webidl/Document.webidl +++ b/dom/webidl/Document.webidl @@ -386,6 +386,12 @@ partial interface Document { void removeAnonymousContent(AnonymousContent aContent); }; +// Extension to give chrome and XBL JS the ability to determine whether +// the document is sandboxed without permission to run scripts. +partial interface Document { + [Func="IsChromeOrXBL"] readonly attribute boolean hasScriptsBlockedBySandbox; +}; + Document implements XPathEvaluator; Document implements GlobalEventHandlers; Document implements TouchEventHandlers;