roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-05-26 14:18:48 +00:00
Code Issues Projects Releases Wiki Activity
Files
e9ba40cf6bf22ea6ffc7bdb9d545acc296ca5b01
palemoon27/dom/base/ThirdPartyUtil.cpp
T
roytam1 1e24b22ef4 remove nsINetUtil_ESR_38, fixup and import changes from `dev' branch of rmottola/Arctic-Fox: 
- Bug 1150366 - Remove duplicate d3.js. r=jsantell (71f991da6)
- Bug 1175352 - Refactor LoadInfo arguments to be more self contained (r=bent) (3f7d08164)
- Bug 1181533 - Add nsCRTGlue.h and prtime.h includes to nsDownloadManager.cpp to fix --disable-safe-browsing build bustage. r=froydnj (af338edf1)
- Bug 905127 - Part 1 - Make some functions from nsNetUtil not inline. r=jduell Bug 905127 - Part 2 - remove unnecessary nsNetUtil.h includes r=jduell Bug 905127 - Make some functions from nsNetUtil not inline. r=jduell (bc47d5b3a)
- Bug 1117650 - Part 1: Move all CORS tests into dom/security/test. r=sicking (6f727387c)
- Bug 1117650 - Part 2: Move all MixedContent tests into dom/security/test. r=tanvi (73f273829)
- Bug 1004703 - ignore 'unsafe-inline' if nonce- or hash-source specifed - tests (r=sstamm) (ebf411159)
- Bug 921493 - CSP: test whitelisting of scheme-relative sources (r=dveditz) (f0618b189)
- Bug 1139569 - Optimize update function for element editors in markup view;r=mratcliffe (c60d38dca)
- Partil of Bug 1139644 - Make markupview use sdk timers instead of individual timers for each window;r=pbrosset (8bc1a4d66)
- Bug 1146568 - Avoid unsafe CPOW usage warnings in browser_markupview_tag_edit_08.js; r=bgrins Making use of the devtools test frame-script to set the test node's attributes instead of using a CPOW. (61d7eed64)
- Bug 1146568 - Avoid unsafe CPOW usage in markupview tests, in assertAttributes helper; r=bgrins (efc492d5d)
- Bug 858038 - Allow moving elements in the markupview by drag/drop; r=pbrosset (51d79c15c)
- Bug 1139644 - Flash only relevant attributes in markup view when changed;r=pbrosset (29807fa46)
- Bug 1147128 - Make sure attribute shows up in markup view after removing and setting to the previous value;r=mratcliffe (1947f7417)
- Bug 1147325 - Clear box model timer on markup view destroy. r=pbrosset Prevents 'this._inspector.toolbox is null' spam in mochitest-dt (1d6808b4a)
- Bug 921102 - 1 - Linkify URIs in the inspector; r=tromey, miker This first part adds a parser for node attributes which, given some node information and an attribute name, generates a small AST-like array of objects that tells which parts of the attribute (if any) are links, and what they link to. Using this, the markup-view generates the right HTML structure to display these parts as links. This part 1 doesn't yet allow users to follow these links. (c500e270e)
- Bug 1139667 - CSP tests for fetch(). r=ckirschb (df030457f)
- Bug 1086999 - CSP: Asterisk (*) wildcard should not allow blob:, data:, or filesystem: when matching source expressions - tests (r=sstamm) (dee0f2239)
- Bug 1117650 - Part 3: Move all CSP tests into dom/security/test. r=sstamm (29c95475c)
- Bug 1146566 - 1 - Use devtools common frame-script in markupview tests and add helper; r=bgrins (b10e42468)
- Bug 1146566 - 2 - Avoid using CPOWs in test browser_markupview_tag_edit_03.js; r=bgrins This change updates the browser_markupview_tag_edit_03.js test by making use of the getDomElementInfo message listener to retrieve information about the tested nodes without having to go through CPOWs. (07f0ee3ff)
- Bug 1036324 - Adds option to walker.parents() to not traverse DocShellTreeItems of different types (24123a5d2)
- Bug 921102 - 2 - Markup-view tests for attribute links; r=miker (f6da81799)
- Bug 901250 - Add scroll into view menu item for the inspector. r=bgrins (bfc7518b1)
- Bug 994055 - Part 1: Add a toggle sidebar panel button to the inspector. r=miker This adds a new icon, next to the searchbox (like in the debugger) to expand or collapse the sidebar panel in the inspector. The state is *not* persisted yet when the toolbox is closed. The button is hidden when the toolbox host switches to 'side'. (87730e20a)
- Bug 994055 - Part 2: Add tests for the inspector sidebar toggle button. r=miker (2872c3fbd)
- Bug 921102 - 3 - Open/copy markup-view attribute links; r=bgrins This part adds contextual menu items that become enabled when the user right clicks on an attribute that has a link. Depending on the nature of the link, a new tab will be opened or a node selected. The user can also choose to copy the link in the clipboard. (9b93485f6)
- Bug 921102 - 4 - Tests for the open/copy links on markup-view attributes; r=bgrins (861ba51f6)
2021-05-21 09:14:47 +08:00

375 lines
12 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "ThirdPartyUtil.h"
#include "nsNetCID.h"
#include "nsNetUtil.h"
#include "nsIChannel.h"
#include "nsIServiceManager.h"
#include "nsIHttpChannelInternal.h"
#include "nsIDOMWindow.h"
#include "nsPIDOMWindow.h" // rmottola - HACK - get build again, not needed in FF tree
#include "nsILoadContext.h"
#include "nsIPrincipal.h"
#include "nsIScriptObjectPrincipal.h"
#include "nsIURI.h"
#include "nsThreadUtils.h"
#include "mozilla/Logging.h"
NS_IMPL_ISUPPORTS(ThirdPartyUtil, mozIThirdPartyUtil)
//
// NSPR_LOG_MODULES=thirdPartyUtil:5
//
static PRLogModuleInfo *gThirdPartyLog;
#undef LOG
#define LOG(args) MOZ_LOG(gThirdPartyLog, mozilla::LogLevel::Debug, args)
nsresult
ThirdPartyUtil::Init()
{
NS_ENSURE_TRUE(NS_IsMainThread(), NS_ERROR_NOT_AVAILABLE);
nsresult rv;
mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID, &rv);
if (!gThirdPartyLog)
gThirdPartyLog = PR_NewLogModule("thirdPartyUtil");
return rv;
}
// Determine if aFirstDomain is a different base domain to aSecondURI; or, if
// the concept of base domain does not apply, determine if the two hosts are not
// string-identical.
nsresult
ThirdPartyUtil::IsThirdPartyInternal(const nsCString& aFirstDomain,
nsIURI* aSecondURI,
bool* aResult)
{
NS_ENSURE_ARG(aSecondURI);
// Get the base domain for aSecondURI.
nsCString secondDomain;
nsresult rv = GetBaseDomain(aSecondURI, secondDomain);
if (NS_FAILED(rv))
return rv;
// Check strict equality.
*aResult = aFirstDomain != secondDomain;
return NS_OK;
}
// Get the URI associated with a window.
NS_IMETHODIMP
ThirdPartyUtil::GetURIFromWindow(nsIDOMWindow* aWin, nsIURI** result)
{
nsresult rv;
nsCOMPtr<nsIScriptObjectPrincipal> scriptObjPrin = do_QueryInterface(aWin);
if (!scriptObjPrin) {
return NS_ERROR_INVALID_ARG;
}
nsIPrincipal* prin = scriptObjPrin->GetPrincipal();
if (!prin) {
return NS_ERROR_INVALID_ARG;
}
if (prin->GetIsNullPrincipal()) {
LOG(("ThirdPartyUtil::GetURIFromWindow can't use null principal\n"));
return NS_ERROR_INVALID_ARG;
}
rv = prin->GetURI(result);
return rv;
}
// Determine if aFirstURI is third party with respect to aSecondURI. See docs
// for mozIThirdPartyUtil.
NS_IMETHODIMP
ThirdPartyUtil::IsThirdPartyURI(nsIURI* aFirstURI,
nsIURI* aSecondURI,
bool* aResult)
{
NS_ENSURE_ARG(aFirstURI);
NS_ENSURE_ARG(aSecondURI);
NS_ASSERTION(aResult, "null outparam pointer");
nsCString firstHost;
nsresult rv = GetBaseDomain(aFirstURI, firstHost);
if (NS_FAILED(rv))
return rv;
return IsThirdPartyInternal(firstHost, aSecondURI, aResult);
}
// Determine if any URI of the window hierarchy of aWindow is foreign with
// respect to aSecondURI. See docs for mozIThirdPartyUtil.
NS_IMETHODIMP
ThirdPartyUtil::IsThirdPartyWindow(nsIDOMWindow* aWindow,
nsIURI* aURI,
bool* aResult)
{
NS_ENSURE_ARG(aWindow);
NS_ASSERTION(aResult, "null outparam pointer");
bool result;
// Get the URI of the window, and its base domain.
nsresult rv;
nsCOMPtr<nsIURI> currentURI;
rv = GetURIFromWindow(aWindow, getter_AddRefs(currentURI));
NS_ENSURE_SUCCESS(rv, rv);
nsCString bottomDomain;
rv = GetBaseDomain(currentURI, bottomDomain);
if (NS_FAILED(rv))
return rv;
if (aURI) {
// Determine whether aURI is foreign with respect to currentURI.
rv = IsThirdPartyInternal(bottomDomain, aURI, &result);
if (NS_FAILED(rv))
return rv;
if (result) {
*aResult = true;
return NS_OK;
}
}
nsCOMPtr<nsPIDOMWindow> current = do_QueryInterface(aWindow), parent;
nsCOMPtr<nsIURI> parentURI;
do {
// We use GetScriptableParent rather than GetParent because we consider
// <iframe mozbrowser/mozapp> to be a top-level frame.
parent = current->GetScriptableParent();
if (SameCOMIdentity(parent, current)) {
// We're at the topmost content window. We already know the answer.
*aResult = false;
return NS_OK;
}
rv = GetURIFromWindow(parent, getter_AddRefs(parentURI));
NS_ENSURE_SUCCESS(rv, rv);
rv = IsThirdPartyInternal(bottomDomain, parentURI, &result);
if (NS_FAILED(rv))
return rv;
if (result) {
*aResult = true;
return NS_OK;
}
current = parent;
currentURI = parentURI;
} while (1);
NS_NOTREACHED("should've returned");
return NS_ERROR_UNEXPECTED;
}
// Determine if the URI associated with aChannel or any URI of the window
// hierarchy associated with the channel is foreign with respect to aSecondURI.
// See docs for mozIThirdPartyUtil.
NS_IMETHODIMP
ThirdPartyUtil::IsThirdPartyChannel(nsIChannel* aChannel,
nsIURI* aURI,
bool* aResult)
{
NS_ENSURE_ARG(aChannel);
NS_ASSERTION(aResult, "null outparam pointer");
nsresult rv;
bool doForce = false;
bool checkWindowChain = true;
bool parentIsThird = false;
nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal =
do_QueryInterface(aChannel);
if (httpChannelInternal) {
uint32_t flags;
rv = httpChannelInternal->GetThirdPartyFlags(&flags);
NS_ENSURE_SUCCESS(rv, rv);
doForce = (flags & nsIHttpChannelInternal::THIRD_PARTY_FORCE_ALLOW);
// If aURI was not supplied, and we're forcing, then we're by definition
// not foreign. If aURI was supplied, we still want to check whether it's
// foreign with respect to the channel URI. (The forcing only applies to
// whatever window hierarchy exists above the channel.)
if (doForce && !aURI) {
*aResult = false;
return NS_OK;
}
if (flags & nsIHttpChannelInternal::THIRD_PARTY_PARENT_IS_THIRD_PARTY) {
// Check that the two PARENT_IS_{THIRD,SAME}_PARTY are mutually exclusive.
MOZ_ASSERT(!(flags & nsIHttpChannelInternal::THIRD_PARTY_PARENT_IS_SAME_PARTY));
// If we're not forcing and we know that the window chain of the channel
// is third party, then we know now that we're third party.
if (!doForce) {
*aResult = true;
return NS_OK;
}
checkWindowChain = false;
parentIsThird = true;
} else {
// In e10s, we can't check the parent chain in the parent, so we do so
// in the child and send the result to the parent.
// Note that we only check the window chain if neither
// THIRD_PARTY_PARENT_IS_* flag is set.
checkWindowChain = !(flags & nsIHttpChannelInternal::THIRD_PARTY_PARENT_IS_SAME_PARTY);
parentIsThird = false;
}
}
// Obtain the URI from the channel, and its base domain.
nsCOMPtr<nsIURI> channelURI;
aChannel->GetURI(getter_AddRefs(channelURI));
NS_ENSURE_TRUE(channelURI, NS_ERROR_INVALID_ARG);
nsCString channelDomain;
rv = GetBaseDomain(channelURI, channelDomain);
if (NS_FAILED(rv))
return rv;
if (aURI) {
// Determine whether aURI is foreign with respect to channelURI.
bool result;
rv = IsThirdPartyInternal(channelDomain, aURI, &result);
if (NS_FAILED(rv))
return rv;
// If it's foreign, or we're forcing, we're done.
if (result || doForce) {
*aResult = result;
return NS_OK;
}
}
// If we've already computed this in the child process, we're done.
if (!checkWindowChain) {
*aResult = parentIsThird;
return NS_OK;
}
// Find the associated window and its parent window.
nsCOMPtr<nsILoadContext> ctx;
NS_QueryNotificationCallbacks(aChannel, ctx);
if (!ctx) return NS_ERROR_INVALID_ARG;
// If there is no window, the consumer kicking off the load didn't provide one
// to the channel. This is limited to loads of certain types of resources. If
// those loads require cookies, the forceAllowThirdPartyCookie property should
// be set on the channel.
nsCOMPtr<nsIDOMWindow> ourWin;
ctx->GetAssociatedWindow(getter_AddRefs(ourWin));
if (!ourWin) return NS_ERROR_INVALID_ARG;
// We use GetScriptableParent rather than GetParent because we consider
// <iframe mozbrowser/mozapp> to be a top-level frame.
nsCOMPtr<nsPIDOMWindow> ourPWin = do_QueryInterface(ourWin);
nsCOMPtr<nsPIDOMWindow> parentWin = ourPWin->GetScriptableParent();
NS_ENSURE_TRUE(parentWin, NS_ERROR_INVALID_ARG);
// Check whether this is the document channel for this window (representing a
// load of a new page). In that situation we want to avoid comparing
// channelURI to ourWin, since what's in ourWin right now will be replaced as
// the channel loads. This covers the case of a freshly kicked-off load
// (e.g. the user typing something in the location bar, or clicking on a
// bookmark), where the window's URI hasn't yet been set, and will be bogus.
// It also covers situations where a subframe is navigated to someting that
// is same-origin with all its ancestors. This is a bit of a nasty hack, but
// we will hopefully flag these channels better later.
nsLoadFlags flags;
rv = aChannel->GetLoadFlags(&flags);
NS_ENSURE_SUCCESS(rv, rv);
if (flags & nsIChannel::LOAD_DOCUMENT_URI) {
if (SameCOMIdentity(ourWin, parentWin)) {
// We only need to compare aURI to the channel URI -- the window's will be
// bogus. We already know the answer.
*aResult = false;
return NS_OK;
}
// Make sure to still compare to ourWin's ancestors
ourWin = parentWin;
}
// Check the window hierarchy. This covers most cases for an ordinary page
// load from the location bar.
return IsThirdPartyWindow(ourWin, channelURI, aResult);
}
NS_IMETHODIMP
ThirdPartyUtil::GetTopWindowForChannel(nsIChannel* aChannel, nsIDOMWindow** aWin)
{
NS_ENSURE_ARG(aWin);
// Find the associated window and its parent window.
nsCOMPtr<nsILoadContext> ctx;
NS_QueryNotificationCallbacks(aChannel, ctx);
if (!ctx) {
return NS_ERROR_INVALID_ARG;
}
nsCOMPtr<nsIDOMWindow> window;
ctx->GetAssociatedWindow(getter_AddRefs(window));
nsCOMPtr<nsPIDOMWindow> top = do_QueryInterface(window);
if (!window) {
return NS_ERROR_INVALID_ARG;
}
top = top->GetTop();
top.forget(aWin);
return NS_OK;
}
// Get the base domain for aHostURI; e.g. for "www.bbc.co.uk", this would be
// "bbc.co.uk". Only properly-formed URI's are tolerated, though a trailing
// dot may be present. If aHostURI is an IP address, an alias such as
// 'localhost', an eTLD such as 'co.uk', or the empty string, aBaseDomain will
// be the exact host. The result of this function should only be used in exact
// string comparisons, since substring comparisons will not be valid for the
// special cases elided above.
NS_IMETHODIMP
ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
nsACString& aBaseDomain)
{
// Get the base domain. this will fail if the host contains a leading dot,
// more than one trailing dot, or is otherwise malformed.
nsresult rv = mTLDService->GetBaseDomain(aHostURI, 0, aBaseDomain);
if (rv == NS_ERROR_HOST_IS_IP_ADDRESS ||
rv == NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
// aHostURI is either an IP address, an alias such as 'localhost', an eTLD
// such as 'co.uk', or the empty string. Uses the normalized host in such
// cases.
rv = aHostURI->GetAsciiHost(aBaseDomain);
}
NS_ENSURE_SUCCESS(rv, rv);
// aHostURI (and thus aBaseDomain) may be the string '.'. If so, fail.
if (aBaseDomain.Length() == 1 && aBaseDomain.Last() == '.')
return NS_ERROR_INVALID_ARG;
// Reject any URIs without a host that aren't file:// URIs. This makes it the
// only way we can get a base domain consisting of the empty string, which
// means we can safely perform foreign tests on such URIs where "not foreign"
// means "the involved URIs are all file://".
if (aBaseDomain.IsEmpty()) {
bool isFileURI = false;
aHostURI->SchemeIs("file", &isFileURI);
NS_ENSURE_TRUE(isFileURI, NS_ERROR_INVALID_ARG);
}
return NS_OK;
}
Reference in New Issue View Git Blame Copy Permalink