roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:18:48 +00:00
Code Issues Projects Releases Wiki Activity
Files
2a40ef2903888b479852b9d71d66e2425e1ed0e2
palemoon27/dom/base/nsDataDocumentContentPolicy.cpp
T
roytam1 3d36fa43e7 import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1173641 - Hoist shutdown promise resolution into a helper. r=jww (1a02bd90a)
- Bug 1173641 - Null out the thread pool when resolving shutdown. r=jww (ab3f723d5)
- Bug 1173641 - Remove now-unnecessary null-out in MediaDecoderReader::BreakCycles. r=jww (3330778c6)
- Bug 1173656 - Disallow TrackID reuse in TrackUnionStream. r=roc (7f4da1ea2)
- Bug 1175768 - Implement SilentReadAt. r=jya (ece3c2ffa)
- Bug 1178437 - Assert OnTaskQueue for most of the remaining MDSM methods. r=jww (da13ec549)
- Bug 1178437 - Remove ReadOnWrongThread. r=jww (f9cf8946d)
- Bug 1178437 - Dispatch SetFragmentEndTime. r=jww (740ce9882)
- Bug 1178437 - Make mRealTime const and allow it to be accessed on any thread. r=jww (a65c22f1f)
- Bug 1139964 part 1. Factor out the guts of BackstagePass::Resolve and BackstagePass::Enumerate to allow reuse for other globals that want to opt in to Exposed=System WebIDL annotations. r=smaug (d5eb8c704)
- Bug 1139964 part 2. Add classinfo helpers for the various message manager stuff to install WebIDL Exposed=System things on those globals. r=smaug (47085f2a6)
- Bug 1139964 part 3. Add a test. r=bzbarsky (d87e0907b)
- Bug 1130028 - Custom elements, set registered prototype in compartment of caller of registerElement. r=mrbkap (5bd643614)
- Bug 1130028 - Send inputmethod-contextchange to systemapp to hide keyboard when frame crash. r=yxl (1e100121f)
- Bug 1156629 - OpenGL core context deprecated default VAO. r=jgilbert (5ecabb650)
-  Bug 1110120 - Remove use of UniquePtr for XFB and UB tracking.; r=smaug (92ebc132a)
- Bug 1167504 - Part 11: Clean up buffer binding constraints. r=jgilbert (4f3005203)
- Bug 1167504 - Part 13: Unbind buffers from cached state on buffer deletion. r=jgilbert (bb9e3f53d)
- Bug 1180523 - Part 1: Store the audio mute/volume information on the outer window; r=baku (3b686c6b9)
- line endings dos->unix (d7491a87c)
- Bug 1153258 - directly instantiate nsStandardURL in nsChromeProtocolHandler.cpp; r=bsmedberg (01150c663)
- Bug 1175344 - Include nsContentUtils.h explicitly to avoid compile error on unified building. r=ehsan (10a3d42ac)
- Bug 959752 - Make the network predictor work under e10s. r=mcmanus (3b46a6b65)
- Bug 1159747 - delete h2 static compression table in such a way to avoid crashes after network changes. r=mcmanus (ed34f8d80)
- Bug 1173016 - Cache the basic waveform PeriodicWaves. r=karlt (d64c962f0)
- part of Bug 1165816 - Cancel remote application reputation requests after a certain timeout. r=gcp (4cdc98d99)
- Bug 1082837 - Call content policies on cached image redirects in imgLoader::ValidateSecurityInfo. Content policies check the last hop (final uri) of the cached image. For Mixed Content Blocker, we do an additional check to see if any of the intermediary hops went through an insecure redirect. r=smaug, feedback=seth (ffaf3debe)
- Bug 1082837 - Use nsresult for static ShouldLoad and use NS_IMETHODIMP for nsIContentPolicy::ShouldLoad(). CLOSED TREE (acde35e25)
2021-04-13 09:40:42 +08:00

156 lines
6.1 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* Content policy implementation that prevents all loads of images,
* subframes, etc from documents loaded as data (eg documents loaded
* via XMLHttpRequest).
*/
#include "nsContentUtils.h"
#include "nsDataDocumentContentPolicy.h"
#include "nsNetUtil.h"
#include "nsScriptSecurityManager.h"
#include "nsIDocument.h"
#include "nsINode.h"
#include "nsIDOMWindow.h"
NS_IMPL_ISUPPORTS(nsDataDocumentContentPolicy, nsIContentPolicy)
// Helper method for ShouldLoad()
// Checks a URI for the given flags. Returns true if the URI has the flags,
// and false if not (or if we weren't able to tell).
static bool
HasFlags(nsIURI* aURI, uint32_t aURIFlags)
{
bool hasFlags;
nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
return NS_SUCCEEDED(rv) && hasFlags;
}
// If you change DataDocumentContentPolicy, make sure to check that
// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
// nsContentPolicyUtils may not pass all the parameters to ShouldLoad.
NS_IMETHODIMP
nsDataDocumentContentPolicy::ShouldLoad(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
"We should only see external content policy types here.");
*aDecision = nsIContentPolicy::ACCEPT;
// Look for the document. In most cases, aRequestingContext is a node.
nsCOMPtr<nsIDocument> doc;
nsCOMPtr<nsINode> node = do_QueryInterface(aRequestingContext);
if (node) {
doc = node->OwnerDoc();
} else {
nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(aRequestingContext);
if (window) {
doc = window->GetDoc();
}
}
// DTDs are always OK to load
if (!doc || aContentType == nsIContentPolicy::TYPE_DTD) {
return NS_OK;
}
// Nothing else is OK to load for data documents
if (doc->IsLoadedAsData()) {
// ...but let static (print/print preview) documents to load fonts.
if (!doc->IsStaticDocument() || aContentType != nsIContentPolicy::TYPE_FONT) {
*aDecision = nsIContentPolicy::REJECT_TYPE;
return NS_OK;
}
}
if (doc->IsBeingUsedAsImage()) {
// We only allow SVG images to load content from URIs that are local and
// also satisfy one of the following conditions:
// - URI inherits security context, e.g. data URIs
// OR
// - URI loadable by subsumers, e.g. blob URIs
// Any URI that doesn't meet these requirements will be rejected below.
if (!HasFlags(aContentLocation,
nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) ||
(!HasFlags(aContentLocation,
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) &&
!HasFlags(aContentLocation,
nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS))) {
*aDecision = nsIContentPolicy::REJECT_TYPE;
// Report error, if we can.
if (node) {
nsIPrincipal* requestingPrincipal = node->NodePrincipal();
nsRefPtr<nsIURI> principalURI;
nsresult rv =
requestingPrincipal->GetURI(getter_AddRefs(principalURI));
if (NS_SUCCEEDED(rv) && principalURI) {
nsScriptSecurityManager::ReportError(
nullptr, NS_LITERAL_STRING("CheckSameOriginError"), principalURI,
aContentLocation);
}
}
} else if ((aContentType == nsIContentPolicy::TYPE_IMAGE ||
aContentType == nsIContentPolicy::TYPE_IMAGESET) &&
doc->GetDocumentURI()) {
// Check for (& disallow) recursive image-loads
bool isRecursiveLoad;
nsresult rv = aContentLocation->EqualsExceptRef(doc->GetDocumentURI(),
&isRecursiveLoad);
if (NS_FAILED(rv) || isRecursiveLoad) {
NS_WARNING("Refusing to recursively load image");
*aDecision = nsIContentPolicy::REJECT_TYPE;
}
}
return NS_OK;
}
// Allow all loads for non-resource documents
if (!doc->IsResourceDoc()) {
return NS_OK;
}
// For resource documents, blacklist some load types
if (aContentType == nsIContentPolicy::TYPE_OBJECT ||
aContentType == nsIContentPolicy::TYPE_DOCUMENT ||
aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT ||
aContentType == nsIContentPolicy::TYPE_SCRIPT ||
aContentType == nsIContentPolicy::TYPE_XSLT ||
aContentType == nsIContentPolicy::TYPE_FETCH ||
aContentType == nsIContentPolicy::TYPE_WEB_MANIFEST) {
*aDecision = nsIContentPolicy::REJECT_TYPE;
}
// If you add more restrictions here, make sure to check that
// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
// nsContentPolicyUtils may not pass all the parameters to ShouldLoad
return NS_OK;
}
NS_IMETHODIMP
nsDataDocumentContentPolicy::ShouldProcess(uint32_t aContentType,
nsIURI *aContentLocation,
nsIURI *aRequestingLocation,
nsISupports *aRequestingContext,
const nsACString &aMimeGuess,
nsISupports *aExtra,
nsIPrincipal *aRequestPrincipal,
int16_t *aDecision)
{
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
aDecision);
}
Reference in New Issue View Git Blame Copy Permalink