wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 477979 - Add CheckLoadURI checks for more script loads. r+sr=jst

Browse Source
This commit is contained in:
Wladimir Palant 2009-02-11 15:51:37 +01:00
parent 8202fdf868
commit 982be663a1
3 changed files with 47 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
content/base/src/nsScriptLoader.cpp
View File

@ -199,14 +199,15 @@ IsScriptEventHandler(nsIScriptElement *aScriptElement)
} }
nsresult nsresult
nsScriptLoader::CheckContentPolicy(nsScriptLoadRequest *aRequest, nsScriptLoader::CheckContentPolicy(nsIDocument* aDocument,
nsISupports *aContext, nsISupports *aContext,
nsIURI *aURI,
const nsAString &aType) const nsAString &aType)
{ {
PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; PRInt16 shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT, nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT,
aRequest->mURI, aURI,
mDocument->NodePrincipal(), aDocument->NodePrincipal(),
aContext, aContext,
NS_LossyConvertUTF16toASCII(aType), NS_LossyConvertUTF16toASCII(aType),
nsnull, //extra nsnull, //extra
@ -224,20 +225,34 @@ nsScriptLoader::CheckContentPolicy(nsScriptLoadRequest *aRequest,
} }
nsresult nsresult
nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType) nsScriptLoader::ShouldLoadScript(nsIDocument* aDocument,
nsISupports* aContext,
nsIURI* aURI,
const nsAString &aType)
{ {
// Check that the containing page is allowed to load this URI. // Check that the containing page is allowed to load this URI.
nsresult rv = nsContentUtils::GetSecurityManager()-> nsresult rv = nsContentUtils::GetSecurityManager()->
CheckLoadURIWithPrincipal(mDocument->NodePrincipal(), aRequest->mURI, CheckLoadURIWithPrincipal(aDocument->NodePrincipal(), aURI,
nsIScriptSecurityManager::ALLOW_CHROME); nsIScriptSecurityManager::ALLOW_CHROME);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
// After the security manager, the content-policy stuff gets a veto // After the security manager, the content-policy stuff gets a veto
rv = CheckContentPolicy(aDocument, aContext, aURI, aType);
if (NS_FAILED(rv)) {
return rv;
}
return NS_OK;
}
nsresult
nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType)
{
nsISupports *context = aRequest->mElement.get() nsISupports *context = aRequest->mElement.get()
? static_cast<nsISupports *>(aRequest->mElement.get()) ? static_cast<nsISupports *>(aRequest->mElement.get())
: static_cast<nsISupports *>(mDocument); : static_cast<nsISupports *>(mDocument);
rv = CheckContentPolicy(aRequest, context, aType); nsresult rv = ShouldLoadScript(mDocument, context, aRequest->mURI, aType);
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
return rv; return rv;
} }
@ -485,7 +500,7 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
request->mDefer = mDeferEnabled && aElement->GetScriptDeferred(); request->mDefer = mDeferEnabled && aElement->GetScriptDeferred();
mPreloads.RemoveElementAt(i); mPreloads.RemoveElementAt(i);
rv = CheckContentPolicy(request, aElement, type); rv = CheckContentPolicy(mDocument, aElement, request->mURI, type);
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
// Note, we're dropping our last ref to request here. // Note, we're dropping our last ref to request here.
return rv; return rv;

16
content/base/src/nsScriptLoader.h
View File

@ -180,6 +180,15 @@ public:
*/ */
void ProcessPendingRequests(); void ProcessPendingRequests();
/**
* Check whether it's OK to load a script from aURI in
* aDocument.
*/
static nsresult ShouldLoadScript(nsIDocument* aDocument,
nsISupports* aContext,
nsIURI* aURI,
const nsAString &aType);
/** /**
* Check whether it's OK to execute a script loaded via aChannel in * Check whether it's OK to execute a script loaded via aChannel in
* aDocument. * aDocument.
@ -233,9 +242,10 @@ protected:
/** /**
* Helper function to check the content policy for a given request. * Helper function to check the content policy for a given request.
*/ */
nsresult CheckContentPolicy(nsScriptLoadRequest *aRequest, static nsresult CheckContentPolicy(nsIDocument* aDocument,
nsISupports *aContext, nsISupports *aContext,
const nsAString &aType); nsIURI *aURI,
const nsAString &aType);
/** /**
* Start a load for aRequest's URI. * Start a load for aRequest's URI.

12
content/xul/document/src/nsXULDocument.cpp
View File

@ -3427,6 +3427,18 @@ nsXULDocument::LoadScript(nsXULPrototypeScript* aScriptProto, PRBool* aBlock)
} }
} }
// Allow security manager and content policies to veto the load. Note that
// at this point we already lost context information of the script.
rv = nsScriptLoader::ShouldLoadScript(
this,
static_cast<nsIDocument*>(this),
aScriptProto->mSrcURI,
NS_LITERAL_STRING("application/x-javascript"));
if (NS_FAILED(rv)) {
*aBlock = PR_FALSE;
return rv;
}
// Set the current script prototype so that OnStreamComplete can report // Set the current script prototype so that OnStreamComplete can report
// the right file if there are errors in the script. // the right file if there are errors in the script.
NS_ASSERTION(!mCurrentScriptProto, NS_ASSERTION(!mCurrentScriptProto,