From d8f92ebda67780e9016d3bca958ec02ead03c007 Mon Sep 17 00:00:00 2001 From: Ryan VanderMeulen Date: Wed, 5 Aug 2015 14:39:28 -0400 Subject: [PATCH] Backed out changesets f4fa8c49ebc6 and 78e2ba8842d4 (bug 1184387) for browser_parsable_css.js failures. CLOSED TREE --- .../test/general/browser_parsable_css.js | 27 ++++--------------- caps/nsScriptSecurityManager.cpp | 12 ++++++--- 2 files changed, 14 insertions(+), 25 deletions(-) diff --git a/browser/base/content/test/general/browser_parsable_css.js b/browser/base/content/test/general/browser_parsable_css.js index d642a14378c..36269fa6c57 100644 --- a/browser/base/content/test/general/browser_parsable_css.js +++ b/browser/base/content/test/general/browser_parsable_css.js @@ -55,15 +55,6 @@ function ignoredError(aErrorObject) { return false; } -function once(target, name) { - return new Promise((resolve, reject) => { - target.addEventListener(name, function() { - target.removeEventListener(name, f); - resolve(); - }); - }); -} - add_task(function checkAllTheCSS() { let appDir = Services.dirsvc.get("XCurProcD", Ci.nsIFile); // This asynchronously produces a list of URLs (sadly, mostly sync on our @@ -71,21 +62,13 @@ add_task(function checkAllTheCSS() { // our zipreader APIs are all sync) let uris = yield generateURIsFromDirTree(appDir, ".css"); - // Create a clean iframe to load all the files into. This needs to live at a - // file or jar URI (depending on whether we're using a packaged build or not) - // so that it's allowed to load other same-scheme URIs (i.e. the browser css). - let resHandler = Services.io.getProtocolHandler("resource") - .QueryInterface(Ci.nsISubstitutingProtocolHandler); - let resURI = Services.io.newURI('resource://testing-common/resource_test_file.html', null, null); - let testFile = resHandler.resolveURI(resURI); - let windowless = Services.appShell.createWindowlessBrowser(); - let iframe = windowless.document.createElementNS("http://www.w3.org/1999/xhtml", "html:iframe"); - windowless.document.documentElement.appendChild(iframe); - let iframeLoaded = once(iframe, 'load'); - iframe.contentWindow.location = testFile; - yield iframeLoaded; + // Create a clean iframe to load all the files into: + let hiddenWin = Services.appShell.hiddenDOMWindow; + let iframe = hiddenWin.document.createElementNS("http://www.w3.org/1999/xhtml", "html:iframe"); + hiddenWin.document.documentElement.appendChild(iframe); let doc = iframe.contentWindow.document; + // Listen for errors caused by the CSS: let errorListener = { observe: function(aMessage) { diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp index b9d414b3b2f..39e322357a3 100644 --- a/caps/nsScriptSecurityManager.cpp +++ b/caps/nsScriptSecurityManager.cpp @@ -843,12 +843,18 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal, } } - // Allow chrome:// - if (sourceScheme.EqualsLiteral("chrome")) { + // resource: and chrome: are equivalent, securitywise + // That's bogus!! Fix this. But watch out for + // the view-source stylesheet? + bool sourceIsChrome; + rv = NS_URIChainHasFlags(sourceURI, + nsIProtocolHandler::URI_IS_UI_RESOURCE, + &sourceIsChrome); + NS_ENSURE_SUCCESS(rv, rv); + if (sourceIsChrome) { return NS_OK; } - // Nothing else. if (reportErrors) { ReportError(nullptr, errorTag, sourceURI, aTargetURI); }