roytam1/UXP
1
0
Fork 0
mirror of https://github.com/roytam1/UXP.git synced 2026-05-26 13:58:49 +00:00
Code Issues Projects Releases Wiki Activity

Treat all file: URIs as having a unique origin.

Browse Source 
This prevents cross-file access from files loaded into the browser from
the local file system, further restricting the origin policy of file:
URIs.

Added a pref to control this behavior for local file access if required
for certain applications, since this change might break using the
browser to run applications on the local file system that require
access to local files.
This commit is contained in:
wolfbeast
2019-07-20 14:56:26 +02:00
committed by Roy Tam
parent 4e15e1fec0
commit 64191e15cb
2 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
netwerk/base/nsNetUtil.cpp
+32 -24
View File
@@ -10,6 +10,7 @@
#include "mozilla/LoadContext.h"
#include "mozilla/LoadInfo.h"
#include "mozilla/BasePrincipal.h"
#include "mozilla/Preferences.h"
#include "mozilla/Telemetry.h"
#include "nsNetUtil.h"
#include "nsNetUtilInlines.h"
@@ -1821,33 +1822,40 @@ NS_RelaxStrictFileOriginPolicy(nsIURI *aTargetURI,
return false;
}
//
// If the file to be loaded is in a subdirectory of the source
// (or same-dir if source is not a directory) then it will
// inherit its source principal and be scriptable by that source.
//
bool sourceIsDir;
bool allowed = false;
nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
if (NS_SUCCEEDED(rv) && sourceIsDir) {
rv = sourceFile->Contains(targetFile, &allowed);
} else {
nsCOMPtr<nsIFile> sourceParent;
rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
if (NS_SUCCEEDED(rv) && sourceParent) {
rv = sourceParent->Equals(targetFile, &allowed);
if (NS_FAILED(rv) || !allowed) {
rv = sourceParent->Contains(targetFile, &allowed);
} else {
MOZ_ASSERT(aAllowDirectoryTarget,
"sourceFile->Parent == targetFile, but targetFile "
"should've been disallowed if it is a directory");
bool uniqueOrigin = true;
uniqueOrigin = Preferences::GetBool("security.fileuri.unique_origin");
// If treating all files as unique origins, we can skip this because
// it should always be refused.
if (!uniqueOrigin) {
//
// If the file to be loaded is in a subdirectory of the source
// (or same-dir if source is not a directory) then it will
// inherit its source principal and be scriptable by that source.
//
bool sourceIsDir;
bool allowed = false;
nsresult rv = sourceFile->IsDirectory(&sourceIsDir);
if (NS_SUCCEEDED(rv) && sourceIsDir) {
rv = sourceFile->Contains(targetFile, &allowed);
} else {
nsCOMPtr<nsIFile> sourceParent;
rv = sourceFile->GetParent(getter_AddRefs(sourceParent));
if (NS_SUCCEEDED(rv) && sourceParent) {
rv = sourceParent->Equals(targetFile, &allowed);
if (NS_FAILED(rv) || !allowed) {
rv = sourceParent->Contains(targetFile, &allowed);
} else {
MOZ_ASSERT(aAllowDirectoryTarget,
"sourceFile->Parent == targetFile, but targetFile "
"should've been disallowed if it is a directory");
}
}
}
}
if (NS_SUCCEEDED(rv) && allowed) {
return true;
if (NS_SUCCEEDED(rv) && allowed) {
return true;
}
}
return false;