diff options
-rw-r--r-- | docshell/base/nsDocShell.cpp | 23 | ||||
-rw-r--r-- | dom/jsurl/nsJSProtocolHandler.cpp | 49 | ||||
-rw-r--r-- | uriloader/base/nsURILoader.cpp | 2 |
3 files changed, 53 insertions, 21 deletions
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index 6810d01792..b1fcc5c23a 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -69,6 +69,7 @@ #include "nsIScriptSecurityManager.h" #include "nsIScriptObjectPrincipal.h" #include "nsIScrollableFrame.h" +#include "nsContentPolicyUtils.h" // NS_CheckContentLoadPolicy(...) #include "nsISeekableStream.h" #include "nsAutoPtr.h" #include "nsQueryObject.h" @@ -1643,7 +1644,7 @@ nsDocShell::LoadStream(nsIInputStream* aStream, nsIURI* aURI, uri, aStream, triggeringPrincipal, - nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, + nsILoadInfo::SEC_NORMAL, nsIContentPolicy::TYPE_OTHER, aContentType, aContentCharset); @@ -9942,6 +9943,23 @@ nsDocShell::InternalLoad(nsIURI* aURI, rv = extraStr->SetData(msg); NS_ENSURE_SUCCESS(rv, rv); + int16_t shouldLoad = nsIContentPolicy::ACCEPT; + rv = NS_CheckContentLoadPolicy(contentType, + aURI, + aTriggeringPrincipal, + requestingContext, + EmptyCString(), // mime guess + extraStr, // extra + &shouldLoad); + + if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) { + if (NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) { + return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT; + } + + return NS_ERROR_CONTENT_BLOCKED; + } + // If HSTS priming was set by nsMixedContentBlocker::ShouldLoad, and we // would block due to mixed content, go ahead and block here. If we try to // proceed with priming, we will error out later on. @@ -10931,8 +10949,7 @@ nsDocShell::DoURILoad(nsIURI* aURI, } nsLoadFlags loadFlags = mDefaultLoadFlags; - nsSecurityFlags securityFlags = - nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL; + nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL; if (aFirstParty) { // tag first party URL loads diff --git a/dom/jsurl/nsJSProtocolHandler.cpp b/dom/jsurl/nsJSProtocolHandler.cpp index 90171db102..cdb63f890a 100644 --- a/dom/jsurl/nsJSProtocolHandler.cpp +++ b/dom/jsurl/nsJSProtocolHandler.cpp @@ -36,6 +36,7 @@ #include "nsIContentViewer.h" #include "nsIXPConnect.h" #include "nsContentUtils.h" +#include "nsNullPrincipal.h" #include "nsJSUtils.h" #include "nsThreadUtils.h" #include "nsIScriptChannel.h" @@ -335,7 +336,7 @@ public: NS_FORWARD_SAFE_NSIPROPERTYBAG(mPropertyBag) NS_FORWARD_SAFE_NSIPROPERTYBAG2(mPropertyBag) - nsresult Init(nsIURI *aURI, nsILoadInfo* aLoadInfo); + nsresult Init(nsIURI *aURI); // Actually evaluate the script. void EvaluateScript(); @@ -353,16 +354,17 @@ protected: nsCOMPtr<nsIChannel> mStreamChannel; nsCOMPtr<nsIPropertyBag2> mPropertyBag; nsCOMPtr<nsIStreamListener> mListener; // Our final listener + nsCOMPtr<nsISupports> mContext; // The context passed to AsyncOpen nsCOMPtr<nsPIDOMWindowInner> mOriginalInnerWindow; // The inner window our load // started against. - // If we blocked onload on a document in AsyncOpen2, this is the document we + // If we blocked onload on a document in AsyncOpen, this is the document we // did it on. nsCOMPtr<nsIDocument> mDocumentOnloadBlockedOn; nsresult mStatus; // Our status nsLoadFlags mLoadFlags; - nsLoadFlags mActualLoadFlags; // See AsyncOpen2 + nsLoadFlags mActualLoadFlags; // See AsyncOpen RefPtr<nsJSThunk> mIOThunk; PopupControlState mPopupState; @@ -402,7 +404,7 @@ nsresult nsJSChannel::StopAll() return rv; } -nsresult nsJSChannel::Init(nsIURI* aURI, nsILoadInfo* aLoadInfo) +nsresult nsJSChannel::Init(nsIURI *aURI) { RefPtr<nsJSURI> jsURI; nsresult rv = aURI->QueryInterface(kJSURICID, @@ -416,13 +418,21 @@ nsresult nsJSChannel::Init(nsIURI* aURI, nsILoadInfo* aLoadInfo) // Remember, until AsyncOpen is called, the script will not be evaluated // and the underlying Input Stream will not be created... nsCOMPtr<nsIChannel> channel; - rv = NS_NewInputStreamChannelInternal(getter_AddRefs(channel), - aURI, - mIOThunk, - NS_LITERAL_CSTRING("text/html"), - EmptyCString(), - aLoadInfo); - NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsIPrincipal> nullPrincipal = nsNullPrincipal::Create(); + + // If the resultant script evaluation actually does return a value, we + // treat it as html. + // The following channel is never openend, so it does not matter what + // securityFlags we pass; let's follow the principle of least privilege. + rv = NS_NewInputStreamChannel(getter_AddRefs(channel), + aURI, + mIOThunk, + nullPrincipal, + nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED, + nsIContentPolicy::TYPE_OTHER, + NS_LITERAL_CSTRING("text/html")); + if (NS_FAILED(rv)) return rv; rv = mIOThunk->Init(aURI); if (NS_SUCCEEDED(rv)) { @@ -553,7 +563,6 @@ nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext) "security flags in loadInfo but asyncOpen2() not called"); } #endif - MOZ_RELEASE_ASSERT(!aContext, "please call AsyncOpen2()"); NS_ENSURE_ARG(aListener); @@ -575,6 +584,7 @@ nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext) } mListener = aListener; + mContext = aContext; mIsActive = true; @@ -645,7 +655,7 @@ nsJSChannel::AsyncOpen(nsIStreamListener *aListener, nsISupports *aContext) return mStatus; } - // We're returning success from asyncOpen2(), but we didn't open a + // We're returning success from asyncOpen(), but we didn't open a // stream channel. We'll have to notify ourselves, but make sure to do // it asynchronously. method = &nsJSChannel::NotifyListener; @@ -762,7 +772,7 @@ nsJSChannel::EvaluateScript() return; } - mStatus = mStreamChannel->AsyncOpen2(this); + mStatus = mStreamChannel->AsyncOpen(this, mContext); if (NS_SUCCEEDED(mStatus)) { // mStreamChannel will call OnStartRequest and OnStopRequest on // us, so we'll be sure to call them on our listener. @@ -790,8 +800,8 @@ nsJSChannel::EvaluateScript() void nsJSChannel::NotifyListener() { - mListener->OnStartRequest(this, nullptr); - mListener->OnStopRequest(this, nullptr, mStatus); + mListener->OnStartRequest(this, mContext); + mListener->OnStopRequest(this, mContext, mStatus); CleanupStrongRefs(); } @@ -800,6 +810,7 @@ void nsJSChannel::CleanupStrongRefs() { mListener = nullptr; + mContext = nullptr; mOriginalInnerWindow = nullptr; if (mDocumentOnloadBlockedOn) { mDocumentOnloadBlockedOn->UnblockOnload(false); @@ -1229,7 +1240,11 @@ nsJSProtocolHandler::NewChannel2(nsIURI* uri, return NS_ERROR_OUT_OF_MEMORY; } - rv = channel->Init(uri, aLoadInfo); + rv = channel->Init(uri); + NS_ENSURE_SUCCESS(rv, rv); + + // set the loadInfo on the new channel + rv = channel->SetLoadInfo(aLoadInfo); NS_ENSURE_SUCCESS(rv, rv); if (NS_SUCCEEDED(rv)) { diff --git a/uriloader/base/nsURILoader.cpp b/uriloader/base/nsURILoader.cpp index ea370aa37c..69475d68fd 100644 --- a/uriloader/base/nsURILoader.cpp +++ b/uriloader/base/nsURILoader.cpp @@ -834,7 +834,7 @@ NS_IMETHODIMP nsURILoader::OpenURI(nsIChannel *channel, // the preferred protocol handler. // But for now, I'm going to let necko do the work for us.... - rv = channel->AsyncOpen2(loader); + rv = channel->AsyncOpen(loader, nullptr); // no content from this load - that's OK. if (rv == NS_ERROR_NO_CONTENT) { |