KotJohansson/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:30:27 +00:00
Code Issues Projects Releases Wiki Activity
Files
b372a2634f1ca3193159c41faa496b023caa1bc2
palemoon27/caps/nsScriptSecurityManager.h
T
roytam1 b372a2634f import change from rmottola/Arctic-Fox: 
- Bug 1087646 - Properly serialize nullprincipal URIs across IPC. (1fcc5a63e)
- bug 1137538 - remove nsIIdentityInfo and nsNSSSocketInfo::GetPreviousCert Bug 1136471 - Remove unused nsIIdentityInfo.getValidEVPolicyOid(). (f23ed7a6f)
- Bug 1049476 - 0001. webidl change - Support user certificate parameter (ba92ac3c6)
- Bug 1049476 - 0002. Support user certificate parameter in API. (30ec1a9c8)
- Bug 1049476 - 0003. Add EAP-TLS to wifi capabilities. (69920f968)
- Bug 1130400. Part 1. Pass the passed in anchor frame to SetPopupPosition in nsMenuPopupFrame::LayoutPopup if we have one. r=enndeakin (2de244c51)
- Bug 1130400. Part 2. Use a reflow callback to set the position of xul popups. r=enndeakin (aa2117085)
- Bug 1130400. Add test. (9047c9013)
- Bug 1043143: Step 2a: Add a class like nsDownloader but using memory instead of a file. (fad673f10)
- Bug 1034143: Step 2b: Add the ability to read jar files from arbitrary memory. (e1dc9faa6)
- Bug 1034143: Step 1: Fix tests for bug 945152 and bug 1008126. r=smaug (e6b6cc408)
- Bug 1043143: Step 3: Convert nsJARChannel from temporary files to temporary memory. r=honzab (79e381e50)
- Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj (f21f630cb)
- Bug 1148527 - Indentation fix after bug 1145631 (a8153b9c5)
2019-06-25 10:33:09 +08:00

168 lines
4.8 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=4 et sw=4 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__
#include "nsIScriptSecurityManager.h"
#include "nsIPrincipal.h"
#include "nsCOMPtr.h"
#include "nsIChannelEventSink.h"
#include "nsIObserver.h"
#include "plstr.h"
#include "js/TypeDecls.h"
#include <stdint.h>
class nsIDocShell;
class nsCString;
class nsIClassInfo;
class nsIIOService;
class nsIStringBundle;
class nsSystemPrincipal;
class ClassInfoData;
/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
#define NS_SCRIPTSECURITYMANAGER_CID \
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsScriptSecurityManager final : public nsIScriptSecurityManager,
public nsIChannelEventSink,
public nsIObserver
{
public:
static void Shutdown();
NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISCRIPTSECURITYMANAGER
NS_DECL_NSICHANNELEVENTSINK
NS_DECL_NSIOBSERVER
static nsScriptSecurityManager*
GetScriptSecurityManager();
// Invoked exactly once, by XPConnect.
static void InitStatics();
static nsSystemPrincipal*
SystemPrincipalSingletonConstructor();
JSContext* GetCurrentJSContext();
JSContext* GetSafeJSContext();
/**
* Utility method for comparing two URIs. For security purposes, two URIs
* are equivalent if their schemes, hosts, and ports (if any) match. This
* method returns true if aSubjectURI and aObjectURI have the same origin,
* false otherwise.
*/
static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
static uint32_t SecurityHashURI(nsIURI* aURI);
static uint16_t AppStatusForPrincipal(nsIPrincipal *aPrin);
static nsresult
ReportError(JSContext* cx, const nsAString& messageTag,
nsIURI* aSource, nsIURI* aTarget);
static uint32_t
HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
static bool
GetStrictFileOriginPolicy()
{
return sStrictFileOriginPolicy;
}
/**
* Returns true if the two principals share the same app attributes.
*
* App attributes are appId and the inBrowserElement flag.
* Two principals have the same app attributes if those information are
* equals.
* This method helps keeping principals from different apps isolated from
* each other. Also, it helps making sure mozbrowser (web views) and their
* parent are isolated from each other. All those entities do not share the
* same data (cookies, IndexedDB, localStorage, etc.) so we shouldn't allow
* violating that principle.
*/
static bool
AppAttributesEqual(nsIPrincipal* aFirst,
nsIPrincipal* aSecond);
void DeactivateDomainPolicy();
private:
// GetScriptSecurityManager is the only call that can make one
nsScriptSecurityManager();
virtual ~nsScriptSecurityManager();
// Decides, based on CSP, whether or not eval() and stuff can be executed.
static bool
ContentSecurityPolicyPermitsJSAction(JSContext *cx);
static bool
JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);
// Returns null if a principal cannot be found; generally callers
// should error out at that point.
static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);
nsresult
GetCodebasePrincipalInternal(nsIURI* aURI, uint32_t aAppId,
bool aInMozBrowser,
nsIPrincipal** result);
nsresult
CreateCodebasePrincipal(nsIURI* aURI, uint32_t aAppId, bool aInMozBrowser,
nsIPrincipal** result);
nsresult
Init();
nsresult
InitPrefs();
inline void
ScriptSecurityPrefChanged();
inline void
AddSitesToFileURIWhitelist(const nsCString& aSiteList);
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
bool mPrefInitialized;
bool mIsJavaScriptEnabled;
nsTArray<nsCOMPtr<nsIURI>> mFileURIWhitelist;
// This machinery controls new-style domain policies. The old-style
// policy machinery will be removed soon.
nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
static bool sStrictFileOriginPolicy;
static nsIIOService *sIOService;
static nsIStringBundle *sStrBundle;
static JSRuntime *sRuntime;
};
namespace mozilla {
void
GetJarPrefix(uint32_t aAppid,
bool aInMozBrowser,
nsACString& aJarPrefix);
} // namespace mozilla
#endif // nsScriptSecurityManager_h__
Reference in New Issue View Git Blame Copy Permalink