summaryrefslogtreecommitdiff
path: root/dom
diff options
context:
space:
mode:
authorNew Tobin Paradigm <email@mattatobin.com>2018-04-12 10:49:23 -0400
committerGitHub <noreply@github.com>2018-04-12 10:49:23 -0400
commitc2373c4efd2b0cbce7bf214400e2310ba5ab4e83 (patch)
treed7161a645a98f38dd18797cc80581446929f99c7 /dom
parent47587fe9e2dc5c5e8c37600a4cd27174fc9f05c7 (diff)
parent6d1a75e0d652e3f79645effdade8e0f23e7d3a6f (diff)
downloaduxp-c2373c4efd2b0cbce7bf214400e2310ba5ab4e83.tar.gz
Merge pull request #126 from janekptacijarabaci/js_X-Content-Type-Options_nosniff_json_1
Align XCTO: nosniff allowed script MIME types with the spec
Diffstat (limited to 'dom')
-rw-r--r--dom/base/nsContentUtils.cpp20
-rw-r--r--dom/base/nsContentUtils.h7
-rwxr-xr-xdom/events/Event.cpp15
-rwxr-xr-xdom/events/Event.h4
-rw-r--r--dom/security/test/csp/file_child-src_worker-redirect.html7
-rw-r--r--dom/security/test/general/test_block_script_wrong_mime.html6
-rw-r--r--dom/workers/WorkerPrivate.cpp133
-rw-r--r--dom/workers/WorkerPrivate.h3
-rw-r--r--dom/workers/test/test_404.html1
-rw-r--r--dom/workers/test/test_bug1036484.html1
-rw-r--r--dom/workers/test/test_loadError.html8
11 files changed, 143 insertions, 62 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 02c6bf1deb..ef87a250ec 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -3717,11 +3717,15 @@ nsContentUtils::IsChildOfSameType(nsIDocument* aDoc)
}
bool
-nsContentUtils::IsScriptType(const nsACString& aContentType)
+nsContentUtils::IsPlainTextType(const nsACString& aContentType)
{
// NOTE: if you add a type here, add it to the CONTENTDLF_CATEGORIES
// define in nsContentDLF.h as well.
- return aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) ||
+ return aContentType.EqualsLiteral(TEXT_PLAIN) ||
+ aContentType.EqualsLiteral(TEXT_CSS) ||
+ aContentType.EqualsLiteral(TEXT_CACHE_MANIFEST) ||
+ aContentType.EqualsLiteral(TEXT_VTT) ||
+ aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) ||
aContentType.EqualsLiteral(APPLICATION_XJAVASCRIPT) ||
aContentType.EqualsLiteral(TEXT_ECMASCRIPT) ||
aContentType.EqualsLiteral(APPLICATION_ECMASCRIPT) ||
@@ -3731,18 +3735,6 @@ nsContentUtils::IsScriptType(const nsACString& aContentType)
}
bool
-nsContentUtils::IsPlainTextType(const nsACString& aContentType)
-{
- // NOTE: if you add a type here, add it to the CONTENTDLF_CATEGORIES
- // define in nsContentDLF.h as well.
- return aContentType.EqualsLiteral(TEXT_PLAIN) ||
- aContentType.EqualsLiteral(TEXT_CSS) ||
- aContentType.EqualsLiteral(TEXT_CACHE_MANIFEST) ||
- aContentType.EqualsLiteral(TEXT_VTT) ||
- IsScriptType(aContentType);
-}
-
-bool
nsContentUtils::GetWrapperSafeScriptFilename(nsIDocument* aDocument,
nsIURI* aURI,
nsACString& aScriptURI,
diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h
index 0a293d73ea..0932f451e5 100644
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -1018,12 +1018,7 @@ public:
static bool IsChildOfSameType(nsIDocument* aDoc);
/**
- '* Returns true if the content-type is any of the supported script types.
- */
- static bool IsScriptType(const nsACString& aContentType);
-
- /**
- '* Returns true if the content-type will be rendered as plain-text.
+ * Returns true if the content-type will be rendered as plain-text.
*/
static bool IsPlainTextType(const nsACString& aContentType);
diff --git a/dom/events/Event.cpp b/dom/events/Event.cpp
index 2af34136ea..2546a81adc 100755
--- a/dom/events/Event.cpp
+++ b/dom/events/Event.cpp
@@ -412,8 +412,17 @@ Event::Constructor(const GlobalObject& aGlobal,
ErrorResult& aRv)
{
nsCOMPtr<mozilla::dom::EventTarget> t = do_QueryInterface(aGlobal.GetAsSupports());
- RefPtr<Event> e = new Event(t, nullptr, nullptr);
- bool trusted = e->Init(t);
+ return Constructor(t, aType, aParam);
+}
+
+// static
+already_AddRefed<Event>
+Event::Constructor(EventTarget* aEventTarget,
+ const nsAString& aType,
+ const EventInit& aParam)
+{
+ RefPtr<Event> e = new Event(aEventTarget, nullptr, nullptr);
+ bool trusted = e->Init(aEventTarget);
e->InitEvent(aType, aParam.mBubbles, aParam.mCancelable);
e->SetTrusted(trusted);
e->SetComposed(aParam.mComposed);
@@ -1209,7 +1218,7 @@ Event::Deserialize(const IPC::Message* aMsg, PickleIterator* aIter)
}
NS_IMETHODIMP_(void)
-Event::SetOwner(mozilla::dom::EventTarget* aOwner)
+Event::SetOwner(EventTarget* aOwner)
{
mOwner = nullptr;
diff --git a/dom/events/Event.h b/dom/events/Event.h
index c28226e8af..0817aa809e 100755
--- a/dom/events/Event.h
+++ b/dom/events/Event.h
@@ -142,6 +142,10 @@ public:
LayoutDeviceIntPoint aPoint,
CSSIntPoint aDefaultPoint);
+ static already_AddRefed<Event> Constructor(EventTarget* aEventTarget,
+ const nsAString& aType,
+ const EventInit& aParam);
+
static already_AddRefed<Event> Constructor(const GlobalObject& aGlobal,
const nsAString& aType,
const EventInit& aParam,
diff --git a/dom/security/test/csp/file_child-src_worker-redirect.html b/dom/security/test/csp/file_child-src_worker-redirect.html
index 188f173b86..b0029935c2 100644
--- a/dom/security/test/csp/file_child-src_worker-redirect.html
+++ b/dom/security/test/csp/file_child-src_worker-redirect.html
@@ -23,11 +23,8 @@
);
worker.onerror = function(error) {
- var msg = error.message;
- if (msg.match(/^NetworkError/) || msg.match(/Failed to load worker script/)) {
- // this means CSP blocked it
- msg = "blocked";
- }
+ // this means CSP blocked it
+ var msg = !("message" in error) ? "blocked" : e.message;
window.parent.postMessage({id:page_id, message:msg}, 'http://mochi.test:8888');
error.preventDefault();
};
diff --git a/dom/security/test/general/test_block_script_wrong_mime.html b/dom/security/test/general/test_block_script_wrong_mime.html
index f4da9c577d..34d4b621bc 100644
--- a/dom/security/test/general/test_block_script_wrong_mime.html
+++ b/dom/security/test/general/test_block_script_wrong_mime.html
@@ -53,9 +53,6 @@ function testWorker([mime, shouldLoad]) {
};
worker.onerror = (error) => {
ok(!shouldLoad, `worker with wrong mime '${mime}' should be blocked`);
- let msg = error.message;
- ok(msg.match(/^NetworkError/) || msg.match(/Failed to load worker script/),
- "should gets correct error message");
error.preventDefault();
resolve();
}
@@ -74,9 +71,6 @@ function testWorkerImportScripts([mime, shouldLoad]) {
};
worker.onerror = (error) => {
ok(!shouldLoad, `worker/importScripts with wrong mime '${mime}' should be blocked`);
- let msg = error.message;
- ok(msg.match(/^NetworkError/) || msg.match(/Failed to load worker script/),
- "should gets correct error message");
error.preventDefault();
resolve();
}
diff --git a/dom/workers/WorkerPrivate.cpp b/dom/workers/WorkerPrivate.cpp
index c2ab4aca38..bd8a33032e 100644
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -495,6 +495,82 @@ private:
}
};
+class ReportCompileErrorRunnable final : public WorkerRunnable
+{
+public:
+ static void
+ CreateAndDispatch(JSContext* aCx, WorkerPrivate* aWorkerPrivate)
+ {
+ MOZ_ASSERT(aWorkerPrivate);
+ aWorkerPrivate->AssertIsOnWorkerThread();
+
+ RefPtr<ReportCompileErrorRunnable> runnable =
+ new ReportCompileErrorRunnable(aCx, aWorkerPrivate);
+ runnable->Dispatch();
+ }
+
+private:
+ ReportCompileErrorRunnable(JSContext* aCx, WorkerPrivate* aWorkerPrivate)
+ : WorkerRunnable(aWorkerPrivate, ParentThreadUnchangedBusyCount)
+ {
+ aWorkerPrivate->AssertIsOnWorkerThread();
+ }
+
+ void
+ PostDispatch(WorkerPrivate* aWorkerPrivate, bool aDispatchResult) override
+ {
+ aWorkerPrivate->AssertIsOnWorkerThread();
+
+ // Dispatch may fail if the worker was canceled, no need to report that as
+ // an error, so don't call base class PostDispatch.
+ }
+
+ bool
+ WorkerRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate) override
+ {
+ if (aWorkerPrivate->IsFrozen() ||
+ aWorkerPrivate->IsParentWindowPaused()) {
+ MOZ_ASSERT(!IsDebuggerRunnable());
+ aWorkerPrivate->QueueRunnable(this);
+ return true;
+ }
+
+ if (aWorkerPrivate->IsSharedWorker()) {
+ aWorkerPrivate->BroadcastErrorToSharedWorkers(aCx, EmptyString(),
+ EmptyString(),
+ EmptyString(), 0, 0,
+ JSREPORT_ERROR,
+ /* isErrorEvent */ false);
+ return true;
+ }
+
+ if (aWorkerPrivate->IsServiceWorker()) {
+ RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
+ if (swm) {
+ swm->HandleError(aCx, aWorkerPrivate->GetPrincipal(),
+ aWorkerPrivate->WorkerName(),
+ aWorkerPrivate->ScriptURL(),
+ EmptyString(), EmptyString(), EmptyString(),
+ 0, 0, JSREPORT_ERROR, JSEXN_ERR);
+ }
+ return true;
+ }
+
+ if (!aWorkerPrivate->IsAcceptingEvents()) {
+ return true;
+ }
+
+ RefPtr<Event> event =
+ Event::Constructor(aWorkerPrivate, NS_LITERAL_STRING("error"),
+ EventInit());
+ event->SetTrusted(true);
+
+ nsEventStatus status = nsEventStatus_eIgnore;
+ aWorkerPrivate->DispatchDOMEvent(nullptr, event, nullptr, &status);
+ return true;
+ }
+};
+
class CompileScriptRunnable final : public WorkerRunnable
{
nsString mScriptURL;
@@ -538,9 +614,15 @@ private:
}
// Make sure to propagate exceptions from rv onto aCx, so that they will get
- // reported after we return. We do this for all failures on rv, because now
- // we're using rv to track all the state we care about.
- //
+ // reported after we return. We want to propagate just JS exceptions,
+ // because all the other errors are handled when the script is loaded.
+ // See: https://dom.spec.whatwg.org/#concept-event-fire
+ if (rv.Failed() && !rv.IsJSException()) {
+ ReportCompileErrorRunnable::CreateAndDispatch(aCx, aWorkerPrivate);
+ rv.SuppressException();
+ return false;
+ }
+
// This is a little dumb, but aCx is in the null compartment here because we
// set it up that way in our Run(), since we had not created the global at
// that point yet. So we need to enter the compartment of our global,
@@ -1171,7 +1253,8 @@ private:
if (aWorkerPrivate->IsSharedWorker()) {
aWorkerPrivate->BroadcastErrorToSharedWorkers(aCx, mMessage, mFilename,
mLine, mLineNumber,
- mColumnNumber, mFlags);
+ mColumnNumber, mFlags,
+ /* isErrorEvent */ true);
return true;
}
@@ -3250,7 +3333,8 @@ WorkerPrivateParent<Derived>::BroadcastErrorToSharedWorkers(
const nsAString& aLine,
uint32_t aLineNumber,
uint32_t aColumnNumber,
- uint32_t aFlags)
+ uint32_t aFlags,
+ bool aIsErrorEvent)
{
AssertIsOnMainThread();
@@ -3281,31 +3365,42 @@ WorkerPrivateParent<Derived>::BroadcastErrorToSharedWorkers(
// May be null.
nsPIDOMWindowInner* window = sharedWorker->GetOwner();
- RootedDictionary<ErrorEventInit> errorInit(aCx);
- errorInit.mBubbles = false;
- errorInit.mCancelable = true;
- errorInit.mMessage = aMessage;
- errorInit.mFilename = aFilename;
- errorInit.mLineno = aLineNumber;
- errorInit.mColno = aColumnNumber;
-
- RefPtr<ErrorEvent> errorEvent =
- ErrorEvent::Constructor(sharedWorker, NS_LITERAL_STRING("error"),
- errorInit);
- if (!errorEvent) {
+ RefPtr<Event> event;
+
+ if (aIsErrorEvent) {
+ RootedDictionary<ErrorEventInit> errorInit(aCx);
+ errorInit.mBubbles = false;
+ errorInit.mCancelable = true;
+ errorInit.mMessage = aMessage;
+ errorInit.mFilename = aFilename;
+ errorInit.mLineno = aLineNumber;
+ errorInit.mColno = aColumnNumber;
+
+ event = ErrorEvent::Constructor(sharedWorker, NS_LITERAL_STRING("error"),
+ errorInit);
+ } else {
+ event = Event::Constructor(sharedWorker, NS_LITERAL_STRING("error"),
+ EventInit());
+ }
+
+ if (!event) {
ThrowAndReport(window, NS_ERROR_UNEXPECTED);
continue;
}
- errorEvent->SetTrusted(true);
+ event->SetTrusted(true);
bool defaultActionEnabled;
- nsresult rv = sharedWorker->DispatchEvent(errorEvent, &defaultActionEnabled);
+ nsresult rv = sharedWorker->DispatchEvent(event, &defaultActionEnabled);
if (NS_FAILED(rv)) {
ThrowAndReport(window, rv);
continue;
}
+ if (!aIsErrorEvent) {
+ continue;
+ }
+
if (defaultActionEnabled) {
// Add the owning window to our list so that we will fire an error event
// at it later.
diff --git a/dom/workers/WorkerPrivate.h b/dom/workers/WorkerPrivate.h
index 8008f30e54..465c0f9a33 100644
--- a/dom/workers/WorkerPrivate.h
+++ b/dom/workers/WorkerPrivate.h
@@ -408,7 +408,8 @@ public:
const nsAString& aLine,
uint32_t aLineNumber,
uint32_t aColumnNumber,
- uint32_t aFlags);
+ uint32_t aFlags,
+ bool aIsErrorEvent);
void
WorkerScriptLoaded();
diff --git a/dom/workers/test/test_404.html b/dom/workers/test/test_404.html
index e2e83a35e3..15e5ded684 100644
--- a/dom/workers/test/test_404.html
+++ b/dom/workers/test/test_404.html
@@ -25,7 +25,6 @@ Tests of DOM Worker Threads
worker.onerror = function(event) {
is(event.target, worker);
- is(event.message, 'NetworkError: Failed to load worker script at "nonexistent_worker.js"');
event.preventDefault();
SimpleTest.finish();
};
diff --git a/dom/workers/test/test_bug1036484.html b/dom/workers/test/test_bug1036484.html
index 17b9d490fe..49c31bbc9e 100644
--- a/dom/workers/test/test_bug1036484.html
+++ b/dom/workers/test/test_bug1036484.html
@@ -25,7 +25,6 @@ function test(script) {
worker.onerror = function(event) {
is(event.target, worker);
- ok(event.message.startsWith("NetworkError: Failed to load worker script"))
event.preventDefault();
runTests();
};
diff --git a/dom/workers/test/test_loadError.html b/dom/workers/test/test_loadError.html
index dc109b796b..b9a215d11e 100644
--- a/dom/workers/test/test_loadError.html
+++ b/dom/workers/test/test_loadError.html
@@ -13,15 +13,13 @@
<script class="testbody" type="text/javascript">
"use strict";
-var loadErrorMessage = 'SecurityError: Failed to load worker script at "about:blank"';
-
function nextTest() {
(function(){
function workerfunc() {
var subworker = new Worker("about:blank");
subworker.onerror = function(e) {
e.preventDefault();
- postMessage(e.message);
+ postMessage("ERROR");
}
}
var b = new Blob([workerfunc+'workerfunc();']);
@@ -37,7 +35,7 @@ function nextTest() {
return;
}
w.onmessage = function(e) {
- is(e.data, loadErrorMessage,
+ is(e.data, "ERROR",
"Should catch the error when loading inner script");
if (++i < 2) callworker(i);
else SimpleTest.finish();
@@ -54,8 +52,6 @@ try {
var worker = new Worker("about:blank");
worker.onerror = function(e) {
e.preventDefault();
- is(e.message, loadErrorMessage,
- "Should get the right error from the toplevel script");
nextTest();
}