mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 477979 - Add CheckLoadURI checks for more script loads. r+sr=jst
This commit is contained in:
parent
8202fdf868
commit
982be663a1
@ -199,14 +199,15 @@ IsScriptEventHandler(nsIScriptElement *aScriptElement)
|
|||||||
}
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
nsScriptLoader::CheckContentPolicy(nsScriptLoadRequest *aRequest,
|
nsScriptLoader::CheckContentPolicy(nsIDocument* aDocument,
|
||||||
nsISupports *aContext,
|
nsISupports *aContext,
|
||||||
|
nsIURI *aURI,
|
||||||
const nsAString &aType)
|
const nsAString &aType)
|
||||||
{
|
{
|
||||||
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
|
||||||
nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT,
|
nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT,
|
||||||
aRequest->mURI,
|
aURI,
|
||||||
mDocument->NodePrincipal(),
|
aDocument->NodePrincipal(),
|
||||||
aContext,
|
aContext,
|
||||||
NS_LossyConvertUTF16toASCII(aType),
|
NS_LossyConvertUTF16toASCII(aType),
|
||||||
nsnull, //extra
|
nsnull, //extra
|
||||||
@ -224,20 +225,34 @@ nsScriptLoader::CheckContentPolicy(nsScriptLoadRequest *aRequest,
|
|||||||
}
|
}
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType)
|
nsScriptLoader::ShouldLoadScript(nsIDocument* aDocument,
|
||||||
|
nsISupports* aContext,
|
||||||
|
nsIURI* aURI,
|
||||||
|
const nsAString &aType)
|
||||||
{
|
{
|
||||||
// Check that the containing page is allowed to load this URI.
|
// Check that the containing page is allowed to load this URI.
|
||||||
nsresult rv = nsContentUtils::GetSecurityManager()->
|
nsresult rv = nsContentUtils::GetSecurityManager()->
|
||||||
CheckLoadURIWithPrincipal(mDocument->NodePrincipal(), aRequest->mURI,
|
CheckLoadURIWithPrincipal(aDocument->NodePrincipal(), aURI,
|
||||||
nsIScriptSecurityManager::ALLOW_CHROME);
|
nsIScriptSecurityManager::ALLOW_CHROME);
|
||||||
|
|
||||||
NS_ENSURE_SUCCESS(rv, rv);
|
NS_ENSURE_SUCCESS(rv, rv);
|
||||||
|
|
||||||
// After the security manager, the content-policy stuff gets a veto
|
// After the security manager, the content-policy stuff gets a veto
|
||||||
|
rv = CheckContentPolicy(aDocument, aContext, aURI, aType);
|
||||||
|
if (NS_FAILED(rv)) {
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
return NS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
nsresult
|
||||||
|
nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType)
|
||||||
|
{
|
||||||
nsISupports *context = aRequest->mElement.get()
|
nsISupports *context = aRequest->mElement.get()
|
||||||
? static_cast<nsISupports *>(aRequest->mElement.get())
|
? static_cast<nsISupports *>(aRequest->mElement.get())
|
||||||
: static_cast<nsISupports *>(mDocument);
|
: static_cast<nsISupports *>(mDocument);
|
||||||
rv = CheckContentPolicy(aRequest, context, aType);
|
nsresult rv = ShouldLoadScript(mDocument, context, aRequest->mURI, aType);
|
||||||
if (NS_FAILED(rv)) {
|
if (NS_FAILED(rv)) {
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
@ -485,7 +500,7 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
|
|||||||
request->mDefer = mDeferEnabled && aElement->GetScriptDeferred();
|
request->mDefer = mDeferEnabled && aElement->GetScriptDeferred();
|
||||||
mPreloads.RemoveElementAt(i);
|
mPreloads.RemoveElementAt(i);
|
||||||
|
|
||||||
rv = CheckContentPolicy(request, aElement, type);
|
rv = CheckContentPolicy(mDocument, aElement, request->mURI, type);
|
||||||
if (NS_FAILED(rv)) {
|
if (NS_FAILED(rv)) {
|
||||||
// Note, we're dropping our last ref to request here.
|
// Note, we're dropping our last ref to request here.
|
||||||
return rv;
|
return rv;
|
||||||
|
@ -180,6 +180,15 @@ public:
|
|||||||
*/
|
*/
|
||||||
void ProcessPendingRequests();
|
void ProcessPendingRequests();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether it's OK to load a script from aURI in
|
||||||
|
* aDocument.
|
||||||
|
*/
|
||||||
|
static nsresult ShouldLoadScript(nsIDocument* aDocument,
|
||||||
|
nsISupports* aContext,
|
||||||
|
nsIURI* aURI,
|
||||||
|
const nsAString &aType);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check whether it's OK to execute a script loaded via aChannel in
|
* Check whether it's OK to execute a script loaded via aChannel in
|
||||||
* aDocument.
|
* aDocument.
|
||||||
@ -233,9 +242,10 @@ protected:
|
|||||||
/**
|
/**
|
||||||
* Helper function to check the content policy for a given request.
|
* Helper function to check the content policy for a given request.
|
||||||
*/
|
*/
|
||||||
nsresult CheckContentPolicy(nsScriptLoadRequest *aRequest,
|
static nsresult CheckContentPolicy(nsIDocument* aDocument,
|
||||||
nsISupports *aContext,
|
nsISupports *aContext,
|
||||||
const nsAString &aType);
|
nsIURI *aURI,
|
||||||
|
const nsAString &aType);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Start a load for aRequest's URI.
|
* Start a load for aRequest's URI.
|
||||||
|
@ -3427,6 +3427,18 @@ nsXULDocument::LoadScript(nsXULPrototypeScript* aScriptProto, PRBool* aBlock)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Allow security manager and content policies to veto the load. Note that
|
||||||
|
// at this point we already lost context information of the script.
|
||||||
|
rv = nsScriptLoader::ShouldLoadScript(
|
||||||
|
this,
|
||||||
|
static_cast<nsIDocument*>(this),
|
||||||
|
aScriptProto->mSrcURI,
|
||||||
|
NS_LITERAL_STRING("application/x-javascript"));
|
||||||
|
if (NS_FAILED(rv)) {
|
||||||
|
*aBlock = PR_FALSE;
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
// Set the current script prototype so that OnStreamComplete can report
|
// Set the current script prototype so that OnStreamComplete can report
|
||||||
// the right file if there are errors in the script.
|
// the right file if there are errors in the script.
|
||||||
NS_ASSERTION(!mCurrentScriptProto,
|
NS_ASSERTION(!mCurrentScriptProto,
|
||||||
|
Loading…
Reference in New Issue
Block a user