mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 789224 - Remove signed script security checks. r=mrbkap
This commit is contained in:
parent
8727eb2985
commit
0c1ca835dd
@ -1182,10 +1182,6 @@ nsScriptLoader::PrepareLoadedRequest(nsScriptLoadRequest* aRequest,
|
||||
aRequest->mScriptText);
|
||||
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!ShouldExecuteScript(mDocument, channel)) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
}
|
||||
|
||||
// This assertion could fire errorously if we ran out of memory when
|
||||
@ -1206,36 +1202,6 @@ nsScriptLoader::PrepareLoadedRequest(nsScriptLoadRequest* aRequest,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/* static */
|
||||
bool
|
||||
nsScriptLoader::ShouldExecuteScript(nsIDocument* aDocument,
|
||||
nsIChannel* aChannel)
|
||||
{
|
||||
if (!aChannel) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bool hasCert;
|
||||
nsIPrincipal* docPrincipal = aDocument->NodePrincipal();
|
||||
docPrincipal->GetHasCertificate(&hasCert);
|
||||
if (!hasCert) {
|
||||
return true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIPrincipal> channelPrincipal;
|
||||
nsresult rv = nsContentUtils::GetSecurityManager()->
|
||||
GetChannelPrincipal(aChannel, getter_AddRefs(channelPrincipal));
|
||||
NS_ENSURE_SUCCESS(rv, false);
|
||||
|
||||
NS_ASSERTION(channelPrincipal, "Gotta have a principal here!");
|
||||
|
||||
// If the channel principal isn't at least as powerful as the
|
||||
// document principal, then we don't execute the script.
|
||||
bool subsumes;
|
||||
rv = channelPrincipal->Subsumes(docPrincipal, &subsumes);
|
||||
return NS_SUCCEEDED(rv) && subsumes;
|
||||
}
|
||||
|
||||
void
|
||||
nsScriptLoader::ParsingComplete(bool aTerminated)
|
||||
{
|
||||
|
@ -161,13 +161,6 @@ public:
|
||||
nsIURI* aURI,
|
||||
const nsAString &aType);
|
||||
|
||||
/**
|
||||
* Check whether it's OK to execute a script loaded via aChannel in
|
||||
* aDocument.
|
||||
*/
|
||||
static bool ShouldExecuteScript(nsIDocument* aDocument,
|
||||
nsIChannel* aChannel);
|
||||
|
||||
/**
|
||||
* Starts deferring deferred scripts and puts them in the mDeferredRequests
|
||||
* queue instead.
|
||||
|
@ -1519,21 +1519,7 @@ nsXBLBinding::AllowScripts()
|
||||
bool canExecute;
|
||||
nsresult rv =
|
||||
mgr->CanExecuteScripts(cx, ourDocument->NodePrincipal(), &canExecute);
|
||||
if (NS_FAILED(rv) || !canExecute) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Now one last check: make sure that we're not allowing a privilege
|
||||
// escalation here.
|
||||
bool haveCert;
|
||||
doc->NodePrincipal()->GetHasCertificate(&haveCert);
|
||||
if (!haveCert) {
|
||||
return true;
|
||||
}
|
||||
|
||||
bool subsumes;
|
||||
rv = ourDocument->NodePrincipal()->Subsumes(doc->NodePrincipal(), &subsumes);
|
||||
return NS_SUCCEEDED(rv) && subsumes;
|
||||
return NS_SUCCEEDED(rv) && canExecute;
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -3463,9 +3463,7 @@ nsXULDocument::OnStreamComplete(nsIStreamLoader* aLoader,
|
||||
|
||||
aStatus = rv;
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
if (nsScriptLoader::ShouldExecuteScript(this, channel)) {
|
||||
rv = ExecuteScript(scriptProto);
|
||||
}
|
||||
|
||||
// If the XUL cache is enabled, save the script object there in
|
||||
// case different XUL documents source the same script.
|
||||
@ -3544,8 +3542,7 @@ nsXULDocument::OnStreamComplete(nsIStreamLoader* aLoader,
|
||||
doc->mNextSrcLoadWaiter = nullptr;
|
||||
|
||||
// Execute only if we loaded and compiled successfully, then resume
|
||||
if (NS_SUCCEEDED(aStatus) && scriptProto->mScriptObject.mObject &&
|
||||
nsScriptLoader::ShouldExecuteScript(doc, channel)) {
|
||||
if (NS_SUCCEEDED(aStatus) && scriptProto->mScriptObject.mObject) {
|
||||
doc->ExecuteScript(scriptProto);
|
||||
}
|
||||
doc->ResumeWalk();
|
||||
|
Loading…
Reference in New Issue
Block a user