mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 944407 - Allow scripts for an XBL binding if and only if the XBL document comes from a scriptable domain. r=bz
This commit is contained in:
parent
2320f5f132
commit
3b4dfe688e
@ -1082,28 +1082,7 @@ nsXBLBinding::DoInitJSClass(JSContext *cx, JS::Handle<JSObject*> global,
|
||||
bool
|
||||
nsXBLBinding::AllowScripts()
|
||||
{
|
||||
if (!mPrototypeBinding->GetAllowScripts())
|
||||
return false;
|
||||
|
||||
// Nasty hack. Use the JSContext of the bound node, since the
|
||||
// security manager API expects to get the docshell type from
|
||||
// that. But use the nsIPrincipal of our document.
|
||||
nsIScriptSecurityManager* mgr = nsContentUtils::GetSecurityManager();
|
||||
if (!mgr) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsIDocument* doc = mBoundElement ? mBoundElement->OwnerDoc() : nullptr;
|
||||
if (!doc) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIScriptGlobalObject> global = do_QueryInterface(doc->GetInnerWindow());
|
||||
if (!global || !global->GetGlobalJSObject()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return mgr->ScriptAllowed(global->GetGlobalJSObject());
|
||||
return mPrototypeBinding->GetAllowScripts();
|
||||
}
|
||||
|
||||
nsXBLBinding*
|
||||
|
@ -141,7 +141,7 @@ public:
|
||||
JS::MutableHandle<JSObject*> aClassObject,
|
||||
bool* aNew);
|
||||
|
||||
bool AllowScripts(); // XXX make const
|
||||
bool AllowScripts();
|
||||
|
||||
mozilla::dom::XBLChildrenElement* FindInsertionPointFor(nsIContent* aChild);
|
||||
|
||||
|
@ -403,6 +403,24 @@ nsXBLDocumentInfo::nsXBLDocumentInfo(nsIDocument* aDocument)
|
||||
mScriptAccess = allow;
|
||||
}
|
||||
mIsChrome = true;
|
||||
} else {
|
||||
// If this binding isn't running with system principal, then it's running
|
||||
// from a remote-XUL whitelisted domain. This is already a not-really-
|
||||
// supported configuration (among other things, we don't use XBL scopes in
|
||||
// that configuration for compatibility reasons). But we should still at
|
||||
// least make an effort to prevent binding code from running if content
|
||||
// script is disabled or if the source domain is blacklisted (since the
|
||||
// source domain for remote XBL must always be the same as the source domain
|
||||
// of the bound content).
|
||||
//
|
||||
// If we just ask the binding document if script is enabled, it will
|
||||
// discover that it has no inner window, and return false. So instead, we
|
||||
// short-circuit the normal compartment-managed script-disabling machinery,
|
||||
// and query the policy for the URI directly.
|
||||
bool allow;
|
||||
nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
|
||||
nsresult rv = ssm->PolicyAllowsScript(uri, &allow);
|
||||
mScriptAccess = NS_SUCCEEDED(rv) && allow;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -27,7 +27,7 @@ public:
|
||||
already_AddRefed<nsIDocument> GetDocument()
|
||||
{ nsCOMPtr<nsIDocument> copy = mDocument; return copy.forget(); }
|
||||
|
||||
bool GetScriptAccess() { return mScriptAccess; }
|
||||
bool GetScriptAccess() const { return mScriptAccess; }
|
||||
|
||||
nsIURI* DocumentURI() { return mDocument->GetDocumentURI(); }
|
||||
|
||||
|
@ -214,7 +214,7 @@ nsXBLPrototypeBinding::SetBindingElement(nsIContent* aElement)
|
||||
}
|
||||
|
||||
bool
|
||||
nsXBLPrototypeBinding::GetAllowScripts()
|
||||
nsXBLPrototypeBinding::GetAllowScripts() const
|
||||
{
|
||||
return mXBLDocInfoWeak->GetScriptAccess();
|
||||
}
|
||||
|
@ -48,7 +48,7 @@ public:
|
||||
// binding URIs.
|
||||
bool CompareBindingURI(nsIURI* aURI) const;
|
||||
|
||||
bool GetAllowScripts();
|
||||
bool GetAllowScripts() const;
|
||||
|
||||
nsresult BindingAttached(nsIContent* aBoundElement);
|
||||
nsresult BindingDetached(nsIContent* aBoundElement);
|
||||
|
Loading…
Reference in New Issue
Block a user