Bug 707836 - Handle URI navigation outside app domain for native apps [r=myk]

Add a content policy to detect off-origin navigation to redirect to the default browser.
2024-09-13 09:24:08 -07:00 · 2012-04-26 16:55:27 -07:00 · 2012-04-26 16:55:27 -07:00 · fbdf5128bc
commit fbdf5128bc
parent 78584a19aa
3 changed files with 60 additions and 0 deletions
--- a/webapprt/ContentPolicy.js
+++ b/webapprt/ContentPolicy.js
@ -0,0 +1,54 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+const Cu = Components.utils;
+
+Cu.import("resource://webapprt/modules/WebappRT.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+
+// Allow certain origins to load as top-level documents
+const allowedOrigins = [
+  WebappRT.config.app.origin,
+];
+
+function ContentPolicy() {}
+
+ContentPolicy.prototype = {
+  classID: Components.ID("{75acd178-3d5a-48a7-bd92-fba383520ae6}"),
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIContentPolicy]),
+
+  shouldLoad: function(contentType, contentLocation, requestOrigin, context, mimeTypeGuess, extra) {
+    // Redirect top-level document loads that aren't special schemes to the
+    // default browser when trying to load pages outside of allowed origins
+    let {prePath, scheme} = contentLocation;
+    if (contentType == Ci.nsIContentPolicy.TYPE_DOCUMENT &&
+        !/^(about|chrome|resource)$/.test(scheme) &&
+        allowedOrigins.indexOf(prePath) == -1) {
+
+      // Send the url to the default browser
+      Cc["@mozilla.org/uriloader/external-protocol-service;1"].
+        getService(Ci.nsIExternalProtocolService).
+        getProtocolHandlerInfo(scheme).
+        launchWithURI(contentLocation);
+
+      // Using window.open will first open then navigate, so explicitly close
+      if (context.currentURI.spec == "about:blank") {
+        context.ownerDocument.defaultView.close();
+      };
+
+      return Ci.nsIContentPolicy.REJECT_SERVER;
+    }
+
+    return Ci.nsIContentPolicy.ACCEPT;
+  },
+
+  shouldProcess: function(contentType, contentLocation, requestOrigin, context, mimeType, extra) {
+    return Ci.nsIContentPolicy.ACCEPT;
+  },
+};
+
+const NSGetFactory = XPCOMUtils.generateNSGetFactory([ContentPolicy]);
--- a/webapprt/Makefile.in
+++ b/webapprt/Makefile.in
@ -26,6 +26,7 @@ endif # windows
 EXTRA_PP_COMPONENTS = \
  components.manifest \
  CommandLineHandler.js \
+  ContentPolicy.js \
  DirectoryProvider.js \
  $(NULL)

--- a/webapprt/components.manifest
+++ b/webapprt/components.manifest
@ -3,6 +3,11 @@ component {6d69c782-40a3-469b-8bfd-3ee366105a4a} CommandLineHandler.js applicati
 contract @mozilla.org/webapprt/clh;1 {6d69c782-40a3-469b-8bfd-3ee366105a4a} application=webapprt@mozilla.org
 category command-line-handler x-default @mozilla.org/webapprt/clh;1 application=webapprt@mozilla.org

+# ContentPolicy.js
+component {75acd178-3d5a-48a7-bd92-fba383520ae6} ContentPolicy.js application=webapprt@mozilla.org
+contract @mozilla.org/webapprt/content-policy;1 {75acd178-3d5a-48a7-bd92-fba383520ae6} application=webapprt@mozilla.org
+category content-policy webapprt-content-policy @mozilla.org/webapprt/content-policy;1 application=webapprt@mozilla.org
+
 # DirectoryProvider.js
 component {e1799fda-4b2f-4457-b671-e0641d95698d} DirectoryProvider.js application=webapprt@mozilla.org
 contract @mozilla.org/webapprt/directory-provider;1 {e1799fda-4b2f-4457-b671-e0641d95698d} application=webapprt@mozilla.org