mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
1293 lines
42 KiB
C++
1293 lines
42 KiB
C++
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
// vim: ft=cpp tw=78 sw=2 et ts=2
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/*
|
|
* A class that handles loading and evaluation of <script> elements.
|
|
*/
|
|
|
|
#include "jsapi.h"
|
|
#include "jsfriendapi.h"
|
|
#include "nsScriptLoader.h"
|
|
#include "nsICharsetConverterManager.h"
|
|
#include "nsIUnicodeDecoder.h"
|
|
#include "nsIContent.h"
|
|
#include "mozilla/dom/Element.h"
|
|
#include "nsGkAtoms.h"
|
|
#include "nsNetUtil.h"
|
|
#include "nsIScriptGlobalObject.h"
|
|
#include "nsIScriptContext.h"
|
|
#include "nsIScriptRuntime.h"
|
|
#include "nsIScriptSecurityManager.h"
|
|
#include "nsIPrincipal.h"
|
|
#include "nsContentPolicyUtils.h"
|
|
#include "nsIHttpChannel.h"
|
|
#include "nsIScriptElement.h"
|
|
#include "nsIDOMHTMLScriptElement.h"
|
|
#include "nsIDocShell.h"
|
|
#include "nsContentUtils.h"
|
|
#include "nsUnicharUtils.h"
|
|
#include "nsAutoPtr.h"
|
|
#include "nsIXPConnect.h"
|
|
#include "nsError.h"
|
|
#include "nsThreadUtils.h"
|
|
#include "nsDocShellCID.h"
|
|
#include "nsIContentSecurityPolicy.h"
|
|
#include "prlog.h"
|
|
#include "nsIChannelPolicy.h"
|
|
#include "nsChannelPolicy.h"
|
|
#include "nsCRT.h"
|
|
#include "nsContentCreatorFunctions.h"
|
|
#include "nsGenericElement.h"
|
|
#include "nsCrossSiteListenerProxy.h"
|
|
#include "nsSandboxFlags.h"
|
|
|
|
#include "mozilla/CORSMode.h"
|
|
#include "mozilla/Attributes.h"
|
|
|
|
#ifdef PR_LOGGING
|
|
static PRLogModuleInfo* gCspPRLog;
|
|
#endif
|
|
|
|
using namespace mozilla;
|
|
using namespace mozilla::dom;
|
|
|
|
//////////////////////////////////////////////////////////////
|
|
// Per-request data structure
|
|
//////////////////////////////////////////////////////////////
|
|
|
|
class nsScriptLoadRequest MOZ_FINAL : public nsISupports {
|
|
public:
|
|
nsScriptLoadRequest(nsIScriptElement* aElement,
|
|
uint32_t aVersion,
|
|
CORSMode aCORSMode)
|
|
: mElement(aElement),
|
|
mLoading(true),
|
|
mIsInline(true),
|
|
mJSVersion(aVersion),
|
|
mLineNo(1),
|
|
mCORSMode(aCORSMode)
|
|
{
|
|
}
|
|
|
|
NS_DECL_ISUPPORTS
|
|
|
|
void FireScriptAvailable(nsresult aResult)
|
|
{
|
|
mElement->ScriptAvailable(aResult, mElement, mIsInline, mURI, mLineNo);
|
|
}
|
|
void FireScriptEvaluated(nsresult aResult)
|
|
{
|
|
mElement->ScriptEvaluated(aResult, mElement, mIsInline);
|
|
}
|
|
|
|
bool IsPreload()
|
|
{
|
|
return mElement == nullptr;
|
|
}
|
|
|
|
nsCOMPtr<nsIScriptElement> mElement;
|
|
bool mLoading; // Are we still waiting for a load to complete?
|
|
bool mIsInline; // Is the script inline or loaded?
|
|
nsString mScriptText; // Holds script for loaded scripts
|
|
uint32_t mJSVersion;
|
|
nsCOMPtr<nsIURI> mURI;
|
|
nsCOMPtr<nsIPrincipal> mOriginPrincipal;
|
|
int32_t mLineNo;
|
|
const CORSMode mCORSMode;
|
|
};
|
|
|
|
// The nsScriptLoadRequest is passed as the context to necko, and thus
|
|
// it needs to be threadsafe. Necko won't do anything with this
|
|
// context, but it will AddRef and Release it on other threads.
|
|
NS_IMPL_THREADSAFE_ISUPPORTS0(nsScriptLoadRequest)
|
|
|
|
//////////////////////////////////////////////////////////////
|
|
//
|
|
//////////////////////////////////////////////////////////////
|
|
|
|
nsScriptLoader::nsScriptLoader(nsIDocument *aDocument)
|
|
: mDocument(aDocument),
|
|
mBlockerCount(0),
|
|
mEnabled(true),
|
|
mDeferEnabled(false),
|
|
mDocumentParsingDone(false)
|
|
{
|
|
// enable logging for CSP
|
|
#ifdef PR_LOGGING
|
|
if (!gCspPRLog)
|
|
gCspPRLog = PR_NewLogModule("CSP");
|
|
#endif
|
|
}
|
|
|
|
nsScriptLoader::~nsScriptLoader()
|
|
{
|
|
mObservers.Clear();
|
|
|
|
if (mParserBlockingRequest) {
|
|
mParserBlockingRequest->FireScriptAvailable(NS_ERROR_ABORT);
|
|
}
|
|
|
|
for (uint32_t i = 0; i < mXSLTRequests.Length(); i++) {
|
|
mXSLTRequests[i]->FireScriptAvailable(NS_ERROR_ABORT);
|
|
}
|
|
|
|
for (uint32_t i = 0; i < mDeferRequests.Length(); i++) {
|
|
mDeferRequests[i]->FireScriptAvailable(NS_ERROR_ABORT);
|
|
}
|
|
|
|
for (uint32_t i = 0; i < mAsyncRequests.Length(); i++) {
|
|
mAsyncRequests[i]->FireScriptAvailable(NS_ERROR_ABORT);
|
|
}
|
|
|
|
for (uint32_t i = 0; i < mNonAsyncExternalScriptInsertedRequests.Length(); i++) {
|
|
mNonAsyncExternalScriptInsertedRequests[i]->FireScriptAvailable(NS_ERROR_ABORT);
|
|
}
|
|
|
|
// Unblock the kids, in case any of them moved to a different document
|
|
// subtree in the meantime and therefore aren't actually going away.
|
|
for (uint32_t j = 0; j < mPendingChildLoaders.Length(); ++j) {
|
|
mPendingChildLoaders[j]->RemoveExecuteBlocker();
|
|
}
|
|
}
|
|
|
|
NS_IMPL_ISUPPORTS1(nsScriptLoader, nsIStreamLoaderObserver)
|
|
|
|
// Helper method for checking if the script element is an event-handler
|
|
// This means that it has both a for-attribute and a event-attribute.
|
|
// Also, if the for-attribute has a value that matches "\s*window\s*",
|
|
// and the event-attribute matches "\s*onload([ \(].*)?" then it isn't an
|
|
// eventhandler. (both matches are case insensitive).
|
|
// This is how IE seems to filter out a window's onload handler from a
|
|
// <script for=... event=...> element.
|
|
|
|
static bool
|
|
IsScriptEventHandler(nsIContent* aScriptElement)
|
|
{
|
|
if (!aScriptElement->IsHTML()) {
|
|
return false;
|
|
}
|
|
|
|
nsAutoString forAttr, eventAttr;
|
|
if (!aScriptElement->GetAttr(kNameSpaceID_None, nsGkAtoms::_for, forAttr) ||
|
|
!aScriptElement->GetAttr(kNameSpaceID_None, nsGkAtoms::event, eventAttr)) {
|
|
return false;
|
|
}
|
|
|
|
const nsAString& for_str =
|
|
nsContentUtils::TrimWhitespace<nsCRT::IsAsciiSpace>(forAttr);
|
|
if (!for_str.LowerCaseEqualsLiteral("window")) {
|
|
return true;
|
|
}
|
|
|
|
// We found for="window", now check for event="onload".
|
|
const nsAString& event_str =
|
|
nsContentUtils::TrimWhitespace<nsCRT::IsAsciiSpace>(eventAttr, false);
|
|
if (!StringBeginsWith(event_str, NS_LITERAL_STRING("onload"),
|
|
nsCaseInsensitiveStringComparator())) {
|
|
// It ain't "onload.*".
|
|
|
|
return true;
|
|
}
|
|
|
|
nsAutoString::const_iterator start, end;
|
|
event_str.BeginReading(start);
|
|
event_str.EndReading(end);
|
|
|
|
start.advance(6); // advance past "onload"
|
|
|
|
if (start != end && *start != '(' && *start != ' ') {
|
|
// We got onload followed by something other than space or
|
|
// '('. Not good enough.
|
|
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
nsresult
|
|
nsScriptLoader::CheckContentPolicy(nsIDocument* aDocument,
|
|
nsISupports *aContext,
|
|
nsIURI *aURI,
|
|
const nsAString &aType)
|
|
{
|
|
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
|
|
nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_SCRIPT,
|
|
aURI,
|
|
aDocument->NodePrincipal(),
|
|
aContext,
|
|
NS_LossyConvertUTF16toASCII(aType),
|
|
nullptr, //extra
|
|
&shouldLoad,
|
|
nsContentUtils::GetContentPolicy(),
|
|
nsContentUtils::GetSecurityManager());
|
|
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
|
|
if (NS_FAILED(rv) || shouldLoad != nsIContentPolicy::REJECT_TYPE) {
|
|
return NS_ERROR_CONTENT_BLOCKED;
|
|
}
|
|
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult
|
|
nsScriptLoader::ShouldLoadScript(nsIDocument* aDocument,
|
|
nsISupports* aContext,
|
|
nsIURI* aURI,
|
|
const nsAString &aType)
|
|
{
|
|
// Check that the containing page is allowed to load this URI.
|
|
nsresult rv = nsContentUtils::GetSecurityManager()->
|
|
CheckLoadURIWithPrincipal(aDocument->NodePrincipal(), aURI,
|
|
nsIScriptSecurityManager::ALLOW_CHROME);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
// After the security manager, the content-policy stuff gets a veto
|
|
rv = CheckContentPolicy(aDocument, aContext, aURI, aType);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult
|
|
nsScriptLoader::StartLoad(nsScriptLoadRequest *aRequest, const nsAString &aType)
|
|
{
|
|
nsISupports *context = aRequest->mElement.get()
|
|
? static_cast<nsISupports *>(aRequest->mElement.get())
|
|
: static_cast<nsISupports *>(mDocument);
|
|
nsresult rv = ShouldLoadScript(mDocument, context, aRequest->mURI, aType);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
|
|
nsCOMPtr<nsILoadGroup> loadGroup = mDocument->GetDocumentLoadGroup();
|
|
|
|
nsCOMPtr<nsPIDOMWindow> window(do_QueryInterface(mDocument->GetScriptGlobalObject()));
|
|
if (!window) {
|
|
return NS_ERROR_NULL_POINTER;
|
|
}
|
|
|
|
nsIDocShell *docshell = window->GetDocShell();
|
|
|
|
nsCOMPtr<nsIInterfaceRequestor> prompter(do_QueryInterface(docshell));
|
|
|
|
// If this document is sandboxed without 'allow-scripts', abort.
|
|
if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
|
|
return NS_OK;
|
|
}
|
|
|
|
// check for a Content Security Policy to pass down to the channel
|
|
// that will be created to load the script
|
|
nsCOMPtr<nsIChannelPolicy> channelPolicy;
|
|
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
|
rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
if (csp) {
|
|
channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
|
|
channelPolicy->SetContentSecurityPolicy(csp);
|
|
channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT);
|
|
}
|
|
|
|
nsCOMPtr<nsIChannel> channel;
|
|
rv = NS_NewChannel(getter_AddRefs(channel),
|
|
aRequest->mURI, nullptr, loadGroup, prompter,
|
|
nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI,
|
|
channelPolicy);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(channel));
|
|
if (httpChannel) {
|
|
// HTTP content negotation has little value in this context.
|
|
httpChannel->SetRequestHeader(NS_LITERAL_CSTRING("Accept"),
|
|
NS_LITERAL_CSTRING("*/*"),
|
|
false);
|
|
httpChannel->SetReferrer(mDocument->GetDocumentURI());
|
|
}
|
|
|
|
nsCOMPtr<nsIStreamLoader> loader;
|
|
rv = NS_NewStreamLoader(getter_AddRefs(loader), this);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIStreamListener> listener = loader.get();
|
|
|
|
if (aRequest->mCORSMode != CORS_NONE) {
|
|
bool withCredentials = (aRequest->mCORSMode == CORS_USE_CREDENTIALS);
|
|
nsRefPtr<nsCORSListenerProxy> corsListener =
|
|
new nsCORSListenerProxy(listener, mDocument->NodePrincipal(),
|
|
withCredentials);
|
|
rv = corsListener->Init(channel);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
listener = corsListener;
|
|
}
|
|
|
|
rv = channel->AsyncOpen(listener, aRequest);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
bool
|
|
nsScriptLoader::PreloadURIComparator::Equals(const PreloadInfo &aPi,
|
|
nsIURI * const &aURI) const
|
|
{
|
|
bool same;
|
|
return NS_SUCCEEDED(aPi.mRequest->mURI->Equals(aURI, &same)) &&
|
|
same;
|
|
}
|
|
|
|
class nsScriptRequestProcessor : public nsRunnable
|
|
{
|
|
private:
|
|
nsRefPtr<nsScriptLoader> mLoader;
|
|
nsRefPtr<nsScriptLoadRequest> mRequest;
|
|
public:
|
|
nsScriptRequestProcessor(nsScriptLoader* aLoader,
|
|
nsScriptLoadRequest* aRequest)
|
|
: mLoader(aLoader)
|
|
, mRequest(aRequest)
|
|
{}
|
|
NS_IMETHODIMP Run()
|
|
{
|
|
return mLoader->ProcessRequest(mRequest);
|
|
}
|
|
};
|
|
|
|
static inline bool
|
|
ParseTypeAttribute(const nsAString& aType, JSVersion* aVersion)
|
|
{
|
|
MOZ_ASSERT(!aType.IsEmpty());
|
|
MOZ_ASSERT(aVersion);
|
|
MOZ_ASSERT(*aVersion == JSVERSION_DEFAULT);
|
|
|
|
nsContentTypeParser parser(aType);
|
|
|
|
nsAutoString mimeType;
|
|
nsresult rv = parser.GetType(mimeType);
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
if (!nsContentUtils::IsJavascriptMIMEType(mimeType)) {
|
|
return false;
|
|
}
|
|
|
|
// Get the version string, and ensure the language supports it.
|
|
nsAutoString versionName;
|
|
rv = parser.GetParameter("version", versionName);
|
|
|
|
if (NS_SUCCEEDED(rv)) {
|
|
*aVersion = nsContentUtils::ParseJavascriptVersion(versionName);
|
|
} else if (rv != NS_ERROR_INVALID_ARG) {
|
|
return false;
|
|
}
|
|
|
|
nsAutoString value;
|
|
rv = parser.GetParameter("e4x", value);
|
|
if (NS_SUCCEEDED(rv)) {
|
|
if (value.Length() == 1 && value[0] == '1') {
|
|
// This happens in about 2 web pages. Enable E4X no matter what JS
|
|
// version number was selected. We do this by turning on the "moar
|
|
// XML" version bit. This is OK even if version has
|
|
// JSVERSION_UNKNOWN (-1).
|
|
*aVersion = js::VersionSetMoarXML(*aVersion, true);
|
|
}
|
|
} else if (rv != NS_ERROR_INVALID_ARG) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
bool
|
|
nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
|
|
{
|
|
// We need a document to evaluate scripts.
|
|
NS_ENSURE_TRUE(mDocument, false);
|
|
|
|
// Check to see if scripts has been turned off.
|
|
if (!mEnabled || !mDocument->IsScriptEnabled()) {
|
|
return false;
|
|
}
|
|
|
|
NS_ASSERTION(!aElement->IsMalformed(), "Executing malformed script");
|
|
|
|
nsCOMPtr<nsIContent> scriptContent = do_QueryInterface(aElement);
|
|
|
|
// Step 12. Check that the script is not an eventhandler
|
|
if (IsScriptEventHandler(scriptContent)) {
|
|
return false;
|
|
}
|
|
|
|
// Script evaluation can also be disabled in the current script
|
|
// context even though it's enabled in the document.
|
|
// XXX - still hard-coded for JS here, even though another language
|
|
// may be specified. Should this check be made *after* we examine
|
|
// the attributes to locate the script-type?
|
|
// For now though, if JS is disabled we assume every language is
|
|
// disabled.
|
|
// XXX is this different from the mDocument->IsScriptEnabled() call?
|
|
nsIScriptGlobalObject *globalObject = mDocument->GetScriptGlobalObject();
|
|
if (!globalObject) {
|
|
return false;
|
|
}
|
|
|
|
nsIScriptContext *context = globalObject->GetScriptContext();
|
|
|
|
// If scripts aren't enabled in the current context, there's no
|
|
// point in going on.
|
|
if (!context || !context->GetScriptsEnabled()) {
|
|
return false;
|
|
}
|
|
|
|
JSVersion version = JSVERSION_DEFAULT;
|
|
|
|
// Check the type attribute to determine language and version.
|
|
// If type exists, it trumps the deprecated 'language='
|
|
nsAutoString type;
|
|
aElement->GetScriptType(type);
|
|
if (!type.IsEmpty()) {
|
|
NS_ENSURE_TRUE(ParseTypeAttribute(type, &version), false);
|
|
} else {
|
|
// no 'type=' element
|
|
// "language" is a deprecated attribute of HTML, so we check it only for
|
|
// HTML script elements.
|
|
if (scriptContent->IsHTML()) {
|
|
nsAutoString language;
|
|
scriptContent->GetAttr(kNameSpaceID_None, nsGkAtoms::language, language);
|
|
if (!language.IsEmpty()) {
|
|
// IE, Opera, etc. do not respect language version, so neither should
|
|
// we at this late date in the browser wars saga. Note that this change
|
|
// affects HTML but not XUL or SVG (but note also that XUL has its own
|
|
// code to check nsContentUtils::IsJavaScriptLanguage -- that's probably
|
|
// a separate bug, one we may not be able to fix short of XUL2). See
|
|
// bug 255895 (https://bugzilla.mozilla.org/show_bug.cgi?id=255895).
|
|
uint32_t dummy;
|
|
if (!nsContentUtils::IsJavaScriptLanguage(language, &dummy)) {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Step 14. in the HTML5 spec
|
|
nsresult rv = NS_OK;
|
|
nsRefPtr<nsScriptLoadRequest> request;
|
|
if (aElement->GetScriptExternal()) {
|
|
// external script
|
|
nsCOMPtr<nsIURI> scriptURI = aElement->GetScriptURI();
|
|
if (!scriptURI) {
|
|
// Asynchronously report the failure to create a URI object
|
|
NS_DispatchToCurrentThread(
|
|
NS_NewRunnableMethod(aElement,
|
|
&nsIScriptElement::FireErrorEvent));
|
|
return false;
|
|
}
|
|
CORSMode ourCORSMode = aElement->GetCORSMode();
|
|
nsTArray<PreloadInfo>::index_type i =
|
|
mPreloads.IndexOf(scriptURI.get(), 0, PreloadURIComparator());
|
|
if (i != nsTArray<PreloadInfo>::NoIndex) {
|
|
// preloaded
|
|
// note that a script-inserted script can steal a preload!
|
|
request = mPreloads[i].mRequest;
|
|
request->mElement = aElement;
|
|
nsString preloadCharset(mPreloads[i].mCharset);
|
|
mPreloads.RemoveElementAt(i);
|
|
|
|
// Double-check that the charset the preload used is the same as
|
|
// the charset we have now.
|
|
nsAutoString elementCharset;
|
|
aElement->GetScriptCharset(elementCharset);
|
|
if (elementCharset.Equals(preloadCharset) &&
|
|
ourCORSMode == request->mCORSMode) {
|
|
rv = CheckContentPolicy(mDocument, aElement, request->mURI, type);
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
} else {
|
|
// Drop the preload
|
|
request = nullptr;
|
|
}
|
|
}
|
|
|
|
if (!request) {
|
|
// no usable preload
|
|
request = new nsScriptLoadRequest(aElement, version, ourCORSMode);
|
|
request->mURI = scriptURI;
|
|
request->mIsInline = false;
|
|
request->mLoading = true;
|
|
rv = StartLoad(request, type);
|
|
if (NS_FAILED(rv)) {
|
|
// Asynchronously report the load failure
|
|
NS_DispatchToCurrentThread(
|
|
NS_NewRunnableMethod(aElement,
|
|
&nsIScriptElement::FireErrorEvent));
|
|
return false;
|
|
}
|
|
}
|
|
|
|
request->mJSVersion = version;
|
|
|
|
if (aElement->GetScriptAsync()) {
|
|
mAsyncRequests.AppendElement(request);
|
|
if (!request->mLoading) {
|
|
// The script is available already. Run it ASAP when the event
|
|
// loop gets a chance to spin.
|
|
ProcessPendingRequestsAsync();
|
|
}
|
|
return false;
|
|
}
|
|
if (!aElement->GetParserCreated()) {
|
|
// Violate the HTML5 spec in order to make LABjs and the "order" plug-in
|
|
// for RequireJS work with their Gecko-sniffed code path. See
|
|
// http://lists.w3.org/Archives/Public/public-html/2010Oct/0088.html
|
|
mNonAsyncExternalScriptInsertedRequests.AppendElement(request);
|
|
if (!request->mLoading) {
|
|
// The script is available already. Run it ASAP when the event
|
|
// loop gets a chance to spin.
|
|
ProcessPendingRequestsAsync();
|
|
}
|
|
return false;
|
|
}
|
|
// we now have a parser-inserted request that may or may not be still
|
|
// loading
|
|
if (aElement->GetScriptDeferred()) {
|
|
// We don't want to run this yet.
|
|
// If we come here, the script is a parser-created script and it has
|
|
// the defer attribute but not the async attribute. Since a
|
|
// a parser-inserted script is being run, we came here by the parser
|
|
// running the script, which means the parser is still alive and the
|
|
// parse is ongoing.
|
|
NS_ASSERTION(mDocument->GetCurrentContentSink() ||
|
|
aElement->GetParserCreated() == FROM_PARSER_XSLT,
|
|
"Non-XSLT Defer script on a document without an active parser; bug 592366.");
|
|
mDeferRequests.AppendElement(request);
|
|
return false;
|
|
}
|
|
|
|
if (aElement->GetParserCreated() == FROM_PARSER_XSLT) {
|
|
// Need to maintain order for XSLT-inserted scripts
|
|
NS_ASSERTION(!mParserBlockingRequest,
|
|
"Parser-blocking scripts and XSLT scripts in the same doc!");
|
|
mXSLTRequests.AppendElement(request);
|
|
if (!request->mLoading) {
|
|
// The script is available already. Run it ASAP when the event
|
|
// loop gets a chance to spin.
|
|
ProcessPendingRequestsAsync();
|
|
}
|
|
return true;
|
|
}
|
|
if (!request->mLoading && ReadyToExecuteScripts()) {
|
|
// The request has already been loaded and there are no pending style
|
|
// sheets. If the script comes from the network stream, cheat for
|
|
// performance reasons and avoid a trip through the event loop.
|
|
if (aElement->GetParserCreated() == FROM_PARSER_NETWORK) {
|
|
return ProcessRequest(request) == NS_ERROR_HTMLPARSER_BLOCK;
|
|
}
|
|
// Otherwise, we've got a document.written script, make a trip through
|
|
// the event loop to hide the preload effects from the scripts on the
|
|
// Web page.
|
|
NS_ASSERTION(!mParserBlockingRequest,
|
|
"There can be only one parser-blocking script at a time");
|
|
NS_ASSERTION(mXSLTRequests.IsEmpty(),
|
|
"Parser-blocking scripts and XSLT scripts in the same doc!");
|
|
mParserBlockingRequest = request;
|
|
ProcessPendingRequestsAsync();
|
|
return true;
|
|
}
|
|
// The script hasn't loaded yet or there's a style sheet blocking it.
|
|
// The script will be run when it loads or the style sheet loads.
|
|
NS_ASSERTION(!mParserBlockingRequest,
|
|
"There can be only one parser-blocking script at a time");
|
|
NS_ASSERTION(mXSLTRequests.IsEmpty(),
|
|
"Parser-blocking scripts and XSLT scripts in the same doc!");
|
|
mParserBlockingRequest = request;
|
|
return true;
|
|
}
|
|
|
|
// inline script
|
|
// Is this document sandboxed without 'allow-scripts'?
|
|
if (mDocument->GetSandboxFlags() & SANDBOXED_SCRIPTS) {
|
|
return false;
|
|
}
|
|
|
|
nsCOMPtr<nsIContentSecurityPolicy> csp;
|
|
rv = mDocument->NodePrincipal()->GetCsp(getter_AddRefs(csp));
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
if (csp) {
|
|
PR_LOG(gCspPRLog, PR_LOG_DEBUG, ("New ScriptLoader i ****with CSP****"));
|
|
bool inlineOK;
|
|
rv = csp->GetAllowsInlineScript(&inlineOK);
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
if (!inlineOK) {
|
|
PR_LOG(gCspPRLog, PR_LOG_DEBUG, ("CSP blocked inline scripts (2)"));
|
|
// gather information to log with violation report
|
|
nsIURI* uri = mDocument->GetDocumentURI();
|
|
nsAutoCString asciiSpec;
|
|
uri->GetAsciiSpec(asciiSpec);
|
|
nsAutoString scriptText;
|
|
aElement->GetScriptText(scriptText);
|
|
|
|
// cap the length of the script sample at 40 chars
|
|
if (scriptText.Length() > 40) {
|
|
scriptText.Truncate(40);
|
|
scriptText.Append(NS_LITERAL_STRING("..."));
|
|
}
|
|
|
|
csp->LogViolationDetails(nsIContentSecurityPolicy::VIOLATION_TYPE_INLINE_SCRIPT,
|
|
NS_ConvertUTF8toUTF16(asciiSpec),
|
|
scriptText,
|
|
aElement->GetScriptLineNumber());
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// Inline scripts ignore ther CORS mode and are always CORS_NONE
|
|
request = new nsScriptLoadRequest(aElement, version, CORS_NONE);
|
|
request->mJSVersion = version;
|
|
request->mLoading = false;
|
|
request->mIsInline = true;
|
|
request->mURI = mDocument->GetDocumentURI();
|
|
request->mLineNo = aElement->GetScriptLineNumber();
|
|
|
|
if (aElement->GetParserCreated() == FROM_PARSER_XSLT &&
|
|
(!ReadyToExecuteScripts() || !mXSLTRequests.IsEmpty())) {
|
|
// Need to maintain order for XSLT-inserted scripts
|
|
NS_ASSERTION(!mParserBlockingRequest,
|
|
"Parser-blocking scripts and XSLT scripts in the same doc!");
|
|
mXSLTRequests.AppendElement(request);
|
|
return true;
|
|
}
|
|
if (aElement->GetParserCreated() == NOT_FROM_PARSER) {
|
|
NS_ASSERTION(!nsContentUtils::IsSafeToRunScript(),
|
|
"A script-inserted script is inserted without an update batch?");
|
|
nsContentUtils::AddScriptRunner(new nsScriptRequestProcessor(this,
|
|
request));
|
|
return false;
|
|
}
|
|
if (aElement->GetParserCreated() == FROM_PARSER_NETWORK &&
|
|
!ReadyToExecuteScripts()) {
|
|
NS_ASSERTION(!mParserBlockingRequest,
|
|
"There can be only one parser-blocking script at a time");
|
|
mParserBlockingRequest = request;
|
|
NS_ASSERTION(mXSLTRequests.IsEmpty(),
|
|
"Parser-blocking scripts and XSLT scripts in the same doc!");
|
|
return true;
|
|
}
|
|
// We now have a document.written inline script or we have an inline script
|
|
// from the network but there is no style sheet that is blocking scripts.
|
|
// Don't check for style sheets blocking scripts in the document.write
|
|
// case to avoid style sheet network activity affecting when
|
|
// document.write returns. It's not really necessary to do this if
|
|
// there's no document.write currently on the call stack. However,
|
|
// this way matches IE more closely than checking if document.write
|
|
// is on the call stack.
|
|
NS_ASSERTION(nsContentUtils::IsSafeToRunScript(),
|
|
"Not safe to run a parser-inserted script?");
|
|
return ProcessRequest(request) == NS_ERROR_HTMLPARSER_BLOCK;
|
|
}
|
|
|
|
nsresult
|
|
nsScriptLoader::ProcessRequest(nsScriptLoadRequest* aRequest)
|
|
{
|
|
NS_ASSERTION(nsContentUtils::IsSafeToRunScript(),
|
|
"Processing requests when running scripts is unsafe.");
|
|
|
|
NS_ENSURE_ARG(aRequest);
|
|
nsAFlatString* script;
|
|
nsAutoString textData;
|
|
|
|
nsCOMPtr<nsIDocument> doc;
|
|
|
|
nsCOMPtr<nsINode> scriptElem = do_QueryInterface(aRequest->mElement);
|
|
|
|
// If there's no script text, we try to get it from the element
|
|
if (aRequest->mIsInline) {
|
|
// XXX This is inefficient - GetText makes multiple
|
|
// copies.
|
|
aRequest->mElement->GetScriptText(textData);
|
|
|
|
script = &textData;
|
|
}
|
|
else {
|
|
script = &aRequest->mScriptText;
|
|
|
|
doc = scriptElem->OwnerDoc();
|
|
}
|
|
|
|
nsCOMPtr<nsIScriptElement> oldParserInsertedScript;
|
|
uint32_t parserCreated = aRequest->mElement->GetParserCreated();
|
|
if (parserCreated) {
|
|
oldParserInsertedScript = mCurrentParserInsertedScript;
|
|
mCurrentParserInsertedScript = aRequest->mElement;
|
|
}
|
|
|
|
FireScriptAvailable(NS_OK, aRequest);
|
|
|
|
bool runScript = true;
|
|
nsContentUtils::DispatchTrustedEvent(scriptElem->OwnerDoc(),
|
|
scriptElem,
|
|
NS_LITERAL_STRING("beforescriptexecute"),
|
|
true, true, &runScript);
|
|
|
|
nsresult rv = NS_OK;
|
|
if (runScript) {
|
|
if (doc) {
|
|
doc->BeginEvaluatingExternalScript();
|
|
}
|
|
aRequest->mElement->BeginEvaluating();
|
|
rv = EvaluateScript(aRequest, *script);
|
|
aRequest->mElement->EndEvaluating();
|
|
if (doc) {
|
|
doc->EndEvaluatingExternalScript();
|
|
}
|
|
|
|
nsContentUtils::DispatchTrustedEvent(scriptElem->OwnerDoc(),
|
|
scriptElem,
|
|
NS_LITERAL_STRING("afterscriptexecute"),
|
|
true, false);
|
|
}
|
|
|
|
FireScriptEvaluated(rv, aRequest);
|
|
|
|
if (parserCreated) {
|
|
mCurrentParserInsertedScript = oldParserInsertedScript;
|
|
}
|
|
|
|
return rv;
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::FireScriptAvailable(nsresult aResult,
|
|
nsScriptLoadRequest* aRequest)
|
|
{
|
|
for (int32_t i = 0; i < mObservers.Count(); i++) {
|
|
nsCOMPtr<nsIScriptLoaderObserver> obs = mObservers[i];
|
|
obs->ScriptAvailable(aResult, aRequest->mElement,
|
|
aRequest->mIsInline, aRequest->mURI,
|
|
aRequest->mLineNo);
|
|
}
|
|
|
|
aRequest->FireScriptAvailable(aResult);
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::FireScriptEvaluated(nsresult aResult,
|
|
nsScriptLoadRequest* aRequest)
|
|
{
|
|
for (int32_t i = 0; i < mObservers.Count(); i++) {
|
|
nsCOMPtr<nsIScriptLoaderObserver> obs = mObservers[i];
|
|
obs->ScriptEvaluated(aResult, aRequest->mElement,
|
|
aRequest->mIsInline);
|
|
}
|
|
|
|
aRequest->FireScriptEvaluated(aResult);
|
|
}
|
|
|
|
nsresult
|
|
nsScriptLoader::EvaluateScript(nsScriptLoadRequest* aRequest,
|
|
const nsAFlatString& aScript)
|
|
{
|
|
nsresult rv = NS_OK;
|
|
|
|
// We need a document to evaluate scripts.
|
|
if (!mDocument) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
nsCOMPtr<nsIContent> scriptContent(do_QueryInterface(aRequest->mElement));
|
|
nsIDocument* ownerDoc = scriptContent->OwnerDoc();
|
|
if (ownerDoc != mDocument) {
|
|
// Willful violation of HTML5 as of 2010-12-01
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
nsPIDOMWindow *pwin = mDocument->GetInnerWindow();
|
|
if (!pwin || !pwin->IsInnerWindow()) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
nsCOMPtr<nsIScriptGlobalObject> globalObject = do_QueryInterface(pwin);
|
|
NS_ASSERTION(globalObject, "windows must be global objects");
|
|
|
|
// Get the script-type to be used by this element.
|
|
NS_ASSERTION(scriptContent, "no content - what is default script-type?");
|
|
|
|
// and make sure we are setup for this type of script.
|
|
rv = globalObject->EnsureScriptEnvironment();
|
|
if (NS_FAILED(rv))
|
|
return rv;
|
|
|
|
// Make sure context is a strong reference since we access it after
|
|
// we've executed a script, which may cause all other references to
|
|
// the context to go away.
|
|
nsCOMPtr<nsIScriptContext> context = globalObject->GetScriptContext();
|
|
if (!context) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
bool oldProcessingScriptTag = context->GetProcessingScriptTag();
|
|
context->SetProcessingScriptTag(true);
|
|
|
|
// Update our current script.
|
|
nsCOMPtr<nsIScriptElement> oldCurrent = mCurrentScript;
|
|
mCurrentScript = aRequest->mElement;
|
|
|
|
// It's very important to use aRequest->mURI, not the final URI of the channel
|
|
// aRequest ended up getting script data from, as the script filename.
|
|
nsAutoCString url;
|
|
nsContentUtils::GetWrapperSafeScriptFilename(mDocument, aRequest->mURI, url);
|
|
|
|
bool isUndefined;
|
|
rv = context->EvaluateString(aScript, globalObject->GetGlobalJSObject(),
|
|
mDocument->NodePrincipal(),
|
|
aRequest->mOriginPrincipal,
|
|
url.get(), aRequest->mLineNo,
|
|
JSVersion(aRequest->mJSVersion), nullptr,
|
|
&isUndefined);
|
|
|
|
// Put the old script back in case it wants to do anything else.
|
|
mCurrentScript = oldCurrent;
|
|
|
|
JSContext *cx = nullptr; // Initialize this to keep GCC happy.
|
|
cx = context->GetNativeContext();
|
|
JSAutoRequest ar(cx);
|
|
context->SetProcessingScriptTag(oldProcessingScriptTag);
|
|
return rv;
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::ProcessPendingRequestsAsync()
|
|
{
|
|
if (mParserBlockingRequest || !mPendingChildLoaders.IsEmpty()) {
|
|
nsCOMPtr<nsIRunnable> ev = NS_NewRunnableMethod(this,
|
|
&nsScriptLoader::ProcessPendingRequests);
|
|
|
|
NS_DispatchToCurrentThread(ev);
|
|
}
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::ProcessPendingRequests()
|
|
{
|
|
nsRefPtr<nsScriptLoadRequest> request;
|
|
if (mParserBlockingRequest &&
|
|
!mParserBlockingRequest->mLoading &&
|
|
ReadyToExecuteScripts()) {
|
|
request.swap(mParserBlockingRequest);
|
|
UnblockParser(request);
|
|
ProcessRequest(request);
|
|
ContinueParserAsync(request);
|
|
}
|
|
|
|
while (ReadyToExecuteScripts() &&
|
|
!mXSLTRequests.IsEmpty() &&
|
|
!mXSLTRequests[0]->mLoading) {
|
|
request.swap(mXSLTRequests[0]);
|
|
mXSLTRequests.RemoveElementAt(0);
|
|
ProcessRequest(request);
|
|
}
|
|
|
|
uint32_t i = 0;
|
|
while (mEnabled && i < mAsyncRequests.Length()) {
|
|
if (!mAsyncRequests[i]->mLoading) {
|
|
request.swap(mAsyncRequests[i]);
|
|
mAsyncRequests.RemoveElementAt(i);
|
|
ProcessRequest(request);
|
|
continue;
|
|
}
|
|
++i;
|
|
}
|
|
|
|
while (mEnabled && !mNonAsyncExternalScriptInsertedRequests.IsEmpty() &&
|
|
!mNonAsyncExternalScriptInsertedRequests[0]->mLoading) {
|
|
// Violate the HTML5 spec and execute these in the insertion order in
|
|
// order to make LABjs and the "order" plug-in for RequireJS work with
|
|
// their Gecko-sniffed code path. See
|
|
// http://lists.w3.org/Archives/Public/public-html/2010Oct/0088.html
|
|
request.swap(mNonAsyncExternalScriptInsertedRequests[0]);
|
|
mNonAsyncExternalScriptInsertedRequests.RemoveElementAt(0);
|
|
ProcessRequest(request);
|
|
}
|
|
|
|
if (mDocumentParsingDone && mXSLTRequests.IsEmpty()) {
|
|
while (!mDeferRequests.IsEmpty() && !mDeferRequests[0]->mLoading) {
|
|
request.swap(mDeferRequests[0]);
|
|
mDeferRequests.RemoveElementAt(0);
|
|
ProcessRequest(request);
|
|
}
|
|
}
|
|
|
|
while (!mPendingChildLoaders.IsEmpty() && ReadyToExecuteScripts()) {
|
|
nsRefPtr<nsScriptLoader> child = mPendingChildLoaders[0];
|
|
mPendingChildLoaders.RemoveElementAt(0);
|
|
child->RemoveExecuteBlocker();
|
|
}
|
|
|
|
if (mDocumentParsingDone && mDocument &&
|
|
!mParserBlockingRequest && mAsyncRequests.IsEmpty() &&
|
|
mNonAsyncExternalScriptInsertedRequests.IsEmpty() &&
|
|
mXSLTRequests.IsEmpty() && mDeferRequests.IsEmpty()) {
|
|
// No more pending scripts; time to unblock onload.
|
|
// OK to unblock onload synchronously here, since callers must be
|
|
// prepared for the world changing anyway.
|
|
mDocumentParsingDone = false;
|
|
mDocument->UnblockOnload(true);
|
|
}
|
|
}
|
|
|
|
bool
|
|
nsScriptLoader::ReadyToExecuteScripts()
|
|
{
|
|
// Make sure the SelfReadyToExecuteScripts check is first, so that
|
|
// we don't block twice on an ancestor.
|
|
if (!SelfReadyToExecuteScripts()) {
|
|
return false;
|
|
}
|
|
|
|
for (nsIDocument* doc = mDocument; doc; doc = doc->GetParentDocument()) {
|
|
nsScriptLoader* ancestor = doc->ScriptLoader();
|
|
if (!ancestor->SelfReadyToExecuteScripts() &&
|
|
ancestor->AddPendingChildLoader(this)) {
|
|
AddExecuteBlocker();
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
// This function was copied from nsParser.cpp. It was simplified a bit.
|
|
static bool
|
|
DetectByteOrderMark(const unsigned char* aBytes, int32_t aLen, nsCString& oCharset)
|
|
{
|
|
if (aLen < 2)
|
|
return false;
|
|
|
|
switch(aBytes[0]) {
|
|
case 0xEF:
|
|
if (aLen >= 3 && 0xBB == aBytes[1] && 0xBF == aBytes[2]) {
|
|
// EF BB BF
|
|
// Win2K UTF-8 BOM
|
|
oCharset.Assign("UTF-8");
|
|
}
|
|
break;
|
|
case 0xFE:
|
|
if (0xFF == aBytes[1]) {
|
|
// FE FF
|
|
// UTF-16, big-endian
|
|
oCharset.Assign("UTF-16");
|
|
}
|
|
break;
|
|
case 0xFF:
|
|
if (0xFE == aBytes[1]) {
|
|
// FF FE
|
|
// UTF-16, little-endian
|
|
oCharset.Assign("UTF-16");
|
|
}
|
|
break;
|
|
}
|
|
return !oCharset.IsEmpty();
|
|
}
|
|
|
|
/* static */ nsresult
|
|
nsScriptLoader::ConvertToUTF16(nsIChannel* aChannel, const uint8_t* aData,
|
|
uint32_t aLength, const nsAString& aHintCharset,
|
|
nsIDocument* aDocument, nsString& aString)
|
|
{
|
|
if (!aLength) {
|
|
aString.Truncate();
|
|
return NS_OK;
|
|
}
|
|
|
|
nsAutoCString characterSet;
|
|
|
|
nsresult rv = NS_OK;
|
|
if (aChannel) {
|
|
rv = aChannel->GetContentCharset(characterSet);
|
|
}
|
|
|
|
if (!aHintCharset.IsEmpty() && (NS_FAILED(rv) || characterSet.IsEmpty())) {
|
|
// charset name is always ASCII.
|
|
LossyCopyUTF16toASCII(aHintCharset, characterSet);
|
|
}
|
|
|
|
if (NS_FAILED(rv) || characterSet.IsEmpty()) {
|
|
DetectByteOrderMark(aData, aLength, characterSet);
|
|
}
|
|
|
|
if (characterSet.IsEmpty() && aDocument) {
|
|
// charset from document default
|
|
characterSet = aDocument->GetDocumentCharacterSet();
|
|
}
|
|
|
|
if (characterSet.IsEmpty()) {
|
|
// fall back to ISO-8859-1, see bug 118404
|
|
characterSet.AssignLiteral("ISO-8859-1");
|
|
}
|
|
|
|
nsCOMPtr<nsICharsetConverterManager> charsetConv =
|
|
do_GetService(NS_CHARSETCONVERTERMANAGER_CONTRACTID, &rv);
|
|
|
|
nsCOMPtr<nsIUnicodeDecoder> unicodeDecoder;
|
|
|
|
if (NS_SUCCEEDED(rv) && charsetConv) {
|
|
rv = charsetConv->GetUnicodeDecoder(characterSet.get(),
|
|
getter_AddRefs(unicodeDecoder));
|
|
if (NS_FAILED(rv)) {
|
|
// fall back to ISO-8859-1 if charset is not supported. (bug 230104)
|
|
rv = charsetConv->GetUnicodeDecoderRaw("ISO-8859-1",
|
|
getter_AddRefs(unicodeDecoder));
|
|
}
|
|
}
|
|
|
|
// converts from the charset to unicode
|
|
if (NS_SUCCEEDED(rv)) {
|
|
int32_t unicodeLength = 0;
|
|
|
|
rv = unicodeDecoder->GetMaxLength(reinterpret_cast<const char*>(aData),
|
|
aLength, &unicodeLength);
|
|
if (NS_SUCCEEDED(rv)) {
|
|
if (!EnsureStringLength(aString, unicodeLength))
|
|
return NS_ERROR_OUT_OF_MEMORY;
|
|
|
|
PRUnichar *ustr = aString.BeginWriting();
|
|
|
|
int32_t consumedLength = 0;
|
|
int32_t originalLength = aLength;
|
|
int32_t convertedLength = 0;
|
|
int32_t bufferLength = unicodeLength;
|
|
do {
|
|
rv = unicodeDecoder->Convert(reinterpret_cast<const char*>(aData),
|
|
(int32_t *) &aLength, ustr,
|
|
&unicodeLength);
|
|
if (NS_FAILED(rv)) {
|
|
// if we failed, we consume one byte, replace it with U+FFFD
|
|
// and try the conversion again.
|
|
ustr[unicodeLength++] = (PRUnichar)0xFFFD;
|
|
ustr += unicodeLength;
|
|
|
|
unicodeDecoder->Reset();
|
|
}
|
|
aData += ++aLength;
|
|
consumedLength += aLength;
|
|
aLength = originalLength - consumedLength;
|
|
convertedLength += unicodeLength;
|
|
unicodeLength = bufferLength - convertedLength;
|
|
} while (NS_FAILED(rv) && (originalLength > consumedLength) && (bufferLength > convertedLength));
|
|
aString.SetLength(convertedLength);
|
|
}
|
|
}
|
|
return rv;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsScriptLoader::OnStreamComplete(nsIStreamLoader* aLoader,
|
|
nsISupports* aContext,
|
|
nsresult aStatus,
|
|
uint32_t aStringLen,
|
|
const uint8_t* aString)
|
|
{
|
|
nsScriptLoadRequest* request = static_cast<nsScriptLoadRequest*>(aContext);
|
|
NS_ASSERTION(request, "null request in stream complete handler");
|
|
NS_ENSURE_TRUE(request, NS_ERROR_FAILURE);
|
|
|
|
nsresult rv = PrepareLoadedRequest(request, aLoader, aStatus, aStringLen,
|
|
aString);
|
|
if (NS_FAILED(rv)) {
|
|
if (mDeferRequests.RemoveElement(request) ||
|
|
mAsyncRequests.RemoveElement(request) ||
|
|
mNonAsyncExternalScriptInsertedRequests.RemoveElement(request) ||
|
|
mXSLTRequests.RemoveElement(request)) {
|
|
FireScriptAvailable(rv, request);
|
|
} else if (mParserBlockingRequest == request) {
|
|
mParserBlockingRequest = nullptr;
|
|
UnblockParser(request);
|
|
FireScriptAvailable(rv, request);
|
|
ContinueParserAsync(request);
|
|
} else {
|
|
mPreloads.RemoveElement(request, PreloadRequestComparator());
|
|
}
|
|
}
|
|
|
|
// Process our request and/or any pending ones
|
|
ProcessPendingRequests();
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::UnblockParser(nsScriptLoadRequest* aParserBlockingRequest)
|
|
{
|
|
aParserBlockingRequest->mElement->UnblockParser();
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::ContinueParserAsync(nsScriptLoadRequest* aParserBlockingRequest)
|
|
{
|
|
aParserBlockingRequest->mElement->ContinueParserAsync();
|
|
}
|
|
|
|
nsresult
|
|
nsScriptLoader::PrepareLoadedRequest(nsScriptLoadRequest* aRequest,
|
|
nsIStreamLoader* aLoader,
|
|
nsresult aStatus,
|
|
uint32_t aStringLen,
|
|
const uint8_t* aString)
|
|
{
|
|
if (NS_FAILED(aStatus)) {
|
|
return aStatus;
|
|
}
|
|
|
|
// If we don't have a document, then we need to abort further
|
|
// evaluation.
|
|
if (!mDocument) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
// If the load returned an error page, then we need to abort
|
|
nsCOMPtr<nsIRequest> req;
|
|
nsresult rv = aLoader->GetRequest(getter_AddRefs(req));
|
|
NS_ASSERTION(req, "StreamLoader's request went away prematurely");
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(req);
|
|
if (httpChannel) {
|
|
bool requestSucceeded;
|
|
rv = httpChannel->GetRequestSucceeded(&requestSucceeded);
|
|
if (NS_SUCCEEDED(rv) && !requestSucceeded) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
}
|
|
|
|
nsCOMPtr<nsIChannel> channel = do_QueryInterface(req);
|
|
// If this load was subject to a CORS check; don't flag it with a
|
|
// separate origin principal, so that it will treat our document's
|
|
// principal as the origin principal
|
|
if (aRequest->mCORSMode == CORS_NONE) {
|
|
rv = nsContentUtils::GetSecurityManager()->
|
|
GetChannelPrincipal(channel, getter_AddRefs(aRequest->mOriginPrincipal));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
}
|
|
|
|
if (aStringLen) {
|
|
// Check the charset attribute to determine script charset.
|
|
nsAutoString hintCharset;
|
|
if (!aRequest->IsPreload()) {
|
|
aRequest->mElement->GetScriptCharset(hintCharset);
|
|
} else {
|
|
nsTArray<PreloadInfo>::index_type i =
|
|
mPreloads.IndexOf(aRequest, 0, PreloadRequestComparator());
|
|
NS_ASSERTION(i != mPreloads.NoIndex, "Incorrect preload bookkeeping");
|
|
hintCharset = mPreloads[i].mCharset;
|
|
}
|
|
rv = ConvertToUTF16(channel, aString, aStringLen, hintCharset, mDocument,
|
|
aRequest->mScriptText);
|
|
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
if (!ShouldExecuteScript(mDocument, channel)) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
}
|
|
|
|
// This assertion could fire errorously if we ran out of memory when
|
|
// inserting the request in the array. However it's an unlikely case
|
|
// so if you see this assertion it is likely something else that is
|
|
// wrong, especially if you see it more than once.
|
|
NS_ASSERTION(mDeferRequests.Contains(aRequest) ||
|
|
mAsyncRequests.Contains(aRequest) ||
|
|
mNonAsyncExternalScriptInsertedRequests.Contains(aRequest) ||
|
|
mXSLTRequests.Contains(aRequest) ||
|
|
mPreloads.Contains(aRequest, PreloadRequestComparator()) ||
|
|
mParserBlockingRequest,
|
|
"aRequest should be pending!");
|
|
|
|
// Mark this as loaded
|
|
aRequest->mLoading = false;
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
/* static */
|
|
bool
|
|
nsScriptLoader::ShouldExecuteScript(nsIDocument* aDocument,
|
|
nsIChannel* aChannel)
|
|
{
|
|
if (!aChannel) {
|
|
return false;
|
|
}
|
|
|
|
bool hasCert;
|
|
nsIPrincipal* docPrincipal = aDocument->NodePrincipal();
|
|
docPrincipal->GetHasCertificate(&hasCert);
|
|
if (!hasCert) {
|
|
return true;
|
|
}
|
|
|
|
nsCOMPtr<nsIPrincipal> channelPrincipal;
|
|
nsresult rv = nsContentUtils::GetSecurityManager()->
|
|
GetChannelPrincipal(aChannel, getter_AddRefs(channelPrincipal));
|
|
NS_ENSURE_SUCCESS(rv, false);
|
|
|
|
NS_ASSERTION(channelPrincipal, "Gotta have a principal here!");
|
|
|
|
// If the channel principal isn't at least as powerful as the
|
|
// document principal, then we don't execute the script.
|
|
bool subsumes;
|
|
rv = channelPrincipal->Subsumes(docPrincipal, &subsumes);
|
|
return NS_SUCCEEDED(rv) && subsumes;
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::ParsingComplete(bool aTerminated)
|
|
{
|
|
if (mDeferEnabled) {
|
|
// Have to check because we apparently get ParsingComplete
|
|
// without BeginDeferringScripts in some cases
|
|
mDocumentParsingDone = true;
|
|
}
|
|
mDeferEnabled = false;
|
|
if (aTerminated) {
|
|
mDeferRequests.Clear();
|
|
mAsyncRequests.Clear();
|
|
mNonAsyncExternalScriptInsertedRequests.Clear();
|
|
mXSLTRequests.Clear();
|
|
mParserBlockingRequest = nullptr;
|
|
}
|
|
|
|
// Have to call this even if aTerminated so we'll correctly unblock
|
|
// onload and all.
|
|
ProcessPendingRequests();
|
|
}
|
|
|
|
void
|
|
nsScriptLoader::PreloadURI(nsIURI *aURI, const nsAString &aCharset,
|
|
const nsAString &aType,
|
|
const nsAString &aCrossOrigin)
|
|
{
|
|
// Check to see if scripts has been turned off.
|
|
if (!mEnabled || !mDocument->IsScriptEnabled()) {
|
|
return;
|
|
}
|
|
|
|
nsRefPtr<nsScriptLoadRequest> request =
|
|
new nsScriptLoadRequest(nullptr, 0,
|
|
nsGenericElement::StringToCORSMode(aCrossOrigin));
|
|
request->mURI = aURI;
|
|
request->mIsInline = false;
|
|
request->mLoading = true;
|
|
nsresult rv = StartLoad(request, aType);
|
|
if (NS_FAILED(rv)) {
|
|
return;
|
|
}
|
|
|
|
PreloadInfo *pi = mPreloads.AppendElement();
|
|
pi->mRequest = request;
|
|
pi->mCharset = aCharset;
|
|
}
|