mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:18:48 +00:00
roytam1
520d6b7062
- Don't upgrade gfx features after device resets. (bug 1183910 part 5, r=mattwoodrow) (e53d0f91f) - Use the same graphics device parameters across processes. (bug 1183910 part 7, r=mattwoodrow) (083ae4f15) - Rename DriverInitCrashDetection to DriverCrashGuard. (bug 1190281 part 2, r=mattwoodrow) (9bd189d09) - Make DriverCrashGuard initialization lazy. (bug 1190281 part 3, r=mattwoodrow) (6821dc386) - Pull D3D11 logic out of DriverCrashGuard. (bug 1190281 part 4, r=mattwoodrow) (e499a0079) - Move telemetry recording into D3D11LayersCrashGuard. (bug 1190281 part 5, r=mattwoodrow) (b50a4c2b4) - Factor prefs out of DriverCrashGuard. (bug 1190281 part 6, r=mattwoodrow) (a3a1166ab) - Bug 1170939 - Close PBontentBridge when receving shut dwon message, r=khuey (5473d07f0) - Allow DriverCrashGuard to be used in content processes. (bug 1190281 part 7, r=mattwoodrow) (c9eaf8315) - Add a crash guard for DXVA2D3D9. (bug 1190281 part 8, r=mattwoodrow) (eceff5212) - Add driver crash guards to WebGL (bug 1190281 part 9, r=jgilbert,mattwoodrow) (c362b60c6) - Fix bogus assert in DriverCrashGuard. (bug 1190281 followup, r=mattwoodrow) (d4a7145bd) - Bug 968923 - part 5b - add nsIDOMWindowUtils::forceUseCounterFlush; r=bz (138d30251) - Bug 968923 - part 5c - add tests for use counters; r=bz (0c4b745e0) - Bug 554186 - Part 1: Unimplement NPN_Status API. r=josh (8759dad40) - Bug 554186 - Part 2: Remove unused nsPluginInstanceOwner::ShowNativeContextMenu(). r=josh (ad2ac0c4d) - Bug 1174913 - anchor and area mochitests. r=bz (ab2c58a34) - Bug 959992. Go back to not treating properties that the named properties object exposes as enumerable. r=peterv (0adeeb910) - Bug 1154974 (Part 1) - Give blobs serial numbers. r=bent (4602ca2cd) - Bug 1154974 (Part 2) - Merge image cache entries for blobs URIs with the same underlying blob. r=baku (3b64b409e) - Bug 1173314 - Make GetMozFullPath and GetMozFullPathInternal const. r=sicking (f8eaabb1e) - Bug 1167389 - Make FileList::mParent a smart pointer, and declare it to the cycle collector. r=ehsan (d1217e547) - Bug 1173390 - Remove the majority of the old directory picker implementation to prepare for the new implementation under bug 1164310. r=baku (750049972) - Bug 1164310, part 1 - Make the code for bypassing mobile security checks more general so that it can be used on non-mobile. r=baku (0486fb5ff) - Bug 1164310, part 2 - Implement an abstraction for a rooted filesystem for non-mobile devices. r=baku (f1d906bd6) - Bug 1164310, part 3 - Allow the DirState of blobs to be set explicitly. r=baku (13d832700) - Bug 1164310, part 4 - Implement the new HTMLInputElement API including the new Promise returning GetFilesAndDirectories. r=baku (d0f93ec19) - Bug 1164310, part 5 - Implement new anonymous content and layout pieces for directory picking via input elements. r=tnikkel (ac5a00781) - Bug 1164310, part 6 - Implement the new Promise returning DataTransfer.getFilesAndDirectories() API. r=baku (375fba953) - Bug 1164310 - Follow-up: Fix build bustage with --disable-accessibility. r=me (da0e6745b) - Bug 1164310, part 7 - Touch CLOBBER since bug 1177844 isn't fixed yet. r=me (5fa829742) - Bug 1185381 - Make FileList clonable - patch 1 - move code into FileList.h/.cpp, r=smaug (b85483178) - Bug 1185381 - Make FileList clonable - patch 2 - rename FILEIMPL_IID to BLOBIMPL_IID, r=smaug (0f920cd05) - Bug 1185360 - PostMessageEvent should not have a different behavior if the main principal subsumes the destination one., r=smaug (070ab034b) - Bug 1185381 - Make FileList clonable - patch 3 - FileListClonedData implementation, r=smaug (f4f082d18) - Bug 1185381 - Make FileList clonable - patch 4 - tests, r=smaug (fb3637313)
158 lines
6.2 KiB
C++
158 lines
6.2 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/*
|
|
* Content policy implementation that prevents all loads of images,
|
|
* subframes, etc from documents loaded as data (eg documents loaded
|
|
* via XMLHttpRequest).
|
|
*/
|
|
|
|
#include "nsContentUtils.h"
|
|
#include "nsDataDocumentContentPolicy.h"
|
|
#include "nsNetUtil.h"
|
|
#include "nsIProtocolHandler.h"
|
|
#include "nsScriptSecurityManager.h"
|
|
#include "nsIDocument.h"
|
|
#include "nsINode.h"
|
|
#include "nsIDOMWindow.h"
|
|
#include "nsIURI.h"
|
|
|
|
NS_IMPL_ISUPPORTS(nsDataDocumentContentPolicy, nsIContentPolicy)
|
|
|
|
// Helper method for ShouldLoad()
|
|
// Checks a URI for the given flags. Returns true if the URI has the flags,
|
|
// and false if not (or if we weren't able to tell).
|
|
static bool
|
|
HasFlags(nsIURI* aURI, uint32_t aURIFlags)
|
|
{
|
|
bool hasFlags;
|
|
nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
|
|
return NS_SUCCEEDED(rv) && hasFlags;
|
|
}
|
|
|
|
// If you change DataDocumentContentPolicy, make sure to check that
|
|
// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
|
|
// nsContentPolicyUtils may not pass all the parameters to ShouldLoad.
|
|
NS_IMETHODIMP
|
|
nsDataDocumentContentPolicy::ShouldLoad(uint32_t aContentType,
|
|
nsIURI *aContentLocation,
|
|
nsIURI *aRequestingLocation,
|
|
nsISupports *aRequestingContext,
|
|
const nsACString &aMimeGuess,
|
|
nsISupports *aExtra,
|
|
nsIPrincipal *aRequestPrincipal,
|
|
int16_t *aDecision)
|
|
{
|
|
MOZ_ASSERT(aContentType == nsContentUtils::InternalContentPolicyTypeToExternal(aContentType),
|
|
"We should only see external content policy types here.");
|
|
|
|
*aDecision = nsIContentPolicy::ACCEPT;
|
|
// Look for the document. In most cases, aRequestingContext is a node.
|
|
nsCOMPtr<nsIDocument> doc;
|
|
nsCOMPtr<nsINode> node = do_QueryInterface(aRequestingContext);
|
|
if (node) {
|
|
doc = node->OwnerDoc();
|
|
} else {
|
|
nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(aRequestingContext);
|
|
if (window) {
|
|
doc = window->GetDoc();
|
|
}
|
|
}
|
|
|
|
// DTDs are always OK to load
|
|
if (!doc || aContentType == nsIContentPolicy::TYPE_DTD) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// Nothing else is OK to load for data documents
|
|
if (doc->IsLoadedAsData()) {
|
|
// ...but let static (print/print preview) documents to load fonts.
|
|
if (!doc->IsStaticDocument() || aContentType != nsIContentPolicy::TYPE_FONT) {
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
return NS_OK;
|
|
}
|
|
}
|
|
|
|
if (doc->IsBeingUsedAsImage()) {
|
|
// We only allow SVG images to load content from URIs that are local and
|
|
// also satisfy one of the following conditions:
|
|
// - URI inherits security context, e.g. data URIs
|
|
// OR
|
|
// - URI loadable by subsumers, e.g. blob URIs
|
|
// Any URI that doesn't meet these requirements will be rejected below.
|
|
if (!HasFlags(aContentLocation,
|
|
nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) ||
|
|
(!HasFlags(aContentLocation,
|
|
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) &&
|
|
!HasFlags(aContentLocation,
|
|
nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS))) {
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
|
|
// Report error, if we can.
|
|
if (node) {
|
|
nsIPrincipal* requestingPrincipal = node->NodePrincipal();
|
|
nsRefPtr<nsIURI> principalURI;
|
|
nsresult rv =
|
|
requestingPrincipal->GetURI(getter_AddRefs(principalURI));
|
|
if (NS_SUCCEEDED(rv) && principalURI) {
|
|
nsScriptSecurityManager::ReportError(
|
|
nullptr, NS_LITERAL_STRING("CheckSameOriginError"), principalURI,
|
|
aContentLocation);
|
|
}
|
|
}
|
|
} else if ((aContentType == nsIContentPolicy::TYPE_IMAGE ||
|
|
aContentType == nsIContentPolicy::TYPE_IMAGESET) &&
|
|
doc->GetDocumentURI()) {
|
|
// Check for (& disallow) recursive image-loads
|
|
bool isRecursiveLoad;
|
|
nsresult rv = aContentLocation->EqualsExceptRef(doc->GetDocumentURI(),
|
|
&isRecursiveLoad);
|
|
if (NS_FAILED(rv) || isRecursiveLoad) {
|
|
NS_WARNING("Refusing to recursively load image");
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
}
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
// Allow all loads for non-resource documents
|
|
if (!doc->IsResourceDoc()) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// For resource documents, blacklist some load types
|
|
if (aContentType == nsIContentPolicy::TYPE_OBJECT ||
|
|
aContentType == nsIContentPolicy::TYPE_DOCUMENT ||
|
|
aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT ||
|
|
aContentType == nsIContentPolicy::TYPE_SCRIPT ||
|
|
aContentType == nsIContentPolicy::TYPE_XSLT ||
|
|
aContentType == nsIContentPolicy::TYPE_FETCH ||
|
|
aContentType == nsIContentPolicy::TYPE_WEB_MANIFEST) {
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
}
|
|
|
|
// If you add more restrictions here, make sure to check that
|
|
// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
|
|
// nsContentPolicyUtils may not pass all the parameters to ShouldLoad
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsDataDocumentContentPolicy::ShouldProcess(uint32_t aContentType,
|
|
nsIURI *aContentLocation,
|
|
nsIURI *aRequestingLocation,
|
|
nsISupports *aRequestingContext,
|
|
const nsACString &aMimeGuess,
|
|
nsISupports *aExtra,
|
|
nsIPrincipal *aRequestPrincipal,
|
|
int16_t *aDecision)
|
|
{
|
|
return ShouldLoad(aContentType, aContentLocation, aRequestingLocation,
|
|
aRequestingContext, aMimeGuess, aExtra, aRequestPrincipal,
|
|
aDecision);
|
|
}
|