2012-05-21 15:12:37 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
2019-01-17 21:18:31 +03:00
|
|
|
const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
|
|
|
|
const { OS } = ChromeUtils.import("resource://gre/modules/osfile.jsm");
|
2010-04-18 22:27:18 +04:00
|
|
|
|
|
|
|
// This component is used for handling dragover and drop of urls.
|
|
|
|
//
|
|
|
|
// It checks to see whether a drop of a url is allowed. For instance, a url
|
|
|
|
// cannot be dropped if it is not a valid uri or the source of the drag cannot
|
|
|
|
// access the uri. This prevents, for example, a source document from tricking
|
|
|
|
// the user into dragging a chrome url.
|
|
|
|
|
|
|
|
function ContentAreaDropListener() {}
|
|
|
|
|
|
|
|
ContentAreaDropListener.prototype = {
|
|
|
|
classID: Components.ID("{1f34bc80-1bc7-11d6-a384-d705dd0746fc}"),
|
Bug 1649221: Update ChromeUtils.generateQI callers to pass strings. r=mccr8,remote-protocol-reviewers,marionette-reviewers,perftest-reviewers,webcompat-reviewers,geckoview-reviewers,preferences-reviewers,agi,whimboo,Bebe,twisniewski
Differential Revision: https://phabricator.services.mozilla.com/D81594
2020-07-11 02:58:28 +03:00
|
|
|
QueryInterface: ChromeUtils.generateQI(["nsIDroppedLinkHandler"]),
|
2010-04-18 22:27:18 +04:00
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
_addLink(links, url, name, type) {
|
2015-11-11 01:15:03 +03:00
|
|
|
links.push({ url, name, type });
|
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
_addLinksFromItem(links, dt, i) {
|
2015-11-11 01:15:03 +03:00
|
|
|
let types = dt.mozTypesAt(i);
|
|
|
|
let type, data;
|
|
|
|
|
|
|
|
type = "text/uri-list";
|
|
|
|
if (types.contains(type)) {
|
|
|
|
data = dt.mozGetDataAt(type, i);
|
|
|
|
if (data) {
|
|
|
|
let urls = data.split("\n");
|
|
|
|
for (let url of urls) {
|
|
|
|
// lines beginning with # are comments
|
|
|
|
if (url.startsWith("#")) {
|
|
|
|
continue;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2015-11-11 01:15:03 +03:00
|
|
|
url = url.replace(/^\s+|\s+$/g, "");
|
|
|
|
this._addLink(links, url, url, type);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type = "text/x-moz-url";
|
|
|
|
if (types.contains(type)) {
|
|
|
|
data = dt.mozGetDataAt(type, i);
|
|
|
|
if (data) {
|
|
|
|
let lines = data.split("\n");
|
|
|
|
for (let i = 0, length = lines.length; i < length; i += 2) {
|
|
|
|
this._addLink(links, lines[i], lines[i + 1], type);
|
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
for (let type of ["text/plain", "text/x-moz-text-internal"]) {
|
|
|
|
if (types.contains(type)) {
|
|
|
|
data = dt.mozGetDataAt(type, i);
|
|
|
|
if (data) {
|
|
|
|
let lines = data.replace(/^\s+|\s+$/gm, "").split("\n");
|
2018-02-28 04:36:43 +03:00
|
|
|
if (!lines.length) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// For plain text, there are 2 cases:
|
|
|
|
// * if there is at least one URI:
|
|
|
|
// Add all URIs, ignoring non-URI lines, so that all URIs
|
|
|
|
// are opened in tabs.
|
|
|
|
// * if there's no URI:
|
|
|
|
// Add the entire text as a single entry, so that the entire
|
|
|
|
// text is searched.
|
|
|
|
let hasURI = false;
|
2019-10-12 15:37:51 +03:00
|
|
|
// We don't care whether we are in a private context, because we are
|
|
|
|
// only using fixedURI and thus there's no risk to use the wrong
|
|
|
|
// search engine.
|
2018-02-28 04:36:43 +03:00
|
|
|
let flags =
|
|
|
|
Ci.nsIURIFixup.FIXUP_FLAG_FIX_SCHEME_TYPOS |
|
|
|
|
Ci.nsIURIFixup.FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP;
|
2015-11-11 01:15:03 +03:00
|
|
|
for (let line of lines) {
|
2018-02-28 04:36:43 +03:00
|
|
|
let info = Services.uriFixup.getFixupURIInfo(line, flags);
|
|
|
|
if (info.fixedURI) {
|
|
|
|
// Use the original line here, and let the caller decide
|
|
|
|
// whether to perform fixup or not.
|
|
|
|
hasURI = true;
|
|
|
|
this._addLink(links, line, line, type);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!hasURI) {
|
|
|
|
this._addLink(links, data, data, type);
|
2015-11-11 01:15:03 +03:00
|
|
|
}
|
|
|
|
return;
|
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// For shortcuts, we want to check for the file type last, so that the
|
|
|
|
// url pointed to in one of the url types is found first before the file
|
|
|
|
// type, which points to the actual file.
|
2015-05-11 21:33:15 +03:00
|
|
|
let files = dt.files;
|
2015-11-11 01:15:03 +03:00
|
|
|
if (files && i < files.length) {
|
|
|
|
this._addLink(
|
|
|
|
links,
|
|
|
|
OS.Path.toFileURI(files[i].mozFullPath),
|
|
|
|
files[i].name,
|
|
|
|
"application/x-moz-file"
|
|
|
|
);
|
2010-04-18 22:27:18 +04:00
|
|
|
}
|
2015-11-11 01:15:03 +03:00
|
|
|
},
|
2010-04-18 22:27:18 +04:00
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
_getDropLinks(dt) {
|
2015-11-11 01:15:03 +03:00
|
|
|
let links = [];
|
|
|
|
for (let i = 0; i < dt.mozItemCount; i++) {
|
|
|
|
this._addLinksFromItem(links, dt, i);
|
|
|
|
}
|
|
|
|
return links;
|
2010-04-18 22:27:18 +04:00
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
_validateURI(dataTransfer, uriString, disallowInherit, triggeringPrincipal) {
|
2010-04-18 22:27:18 +04:00
|
|
|
if (!uriString) {
|
|
|
|
return "";
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
|
|
|
// Strip leading and trailing whitespace, then try to create a
|
|
|
|
// URI from the dropped string. If that succeeds, we're
|
|
|
|
// dropping a URI and we need to do a security check to make
|
|
|
|
// sure the source document can load the dropped URI.
|
|
|
|
uriString = uriString.replace(/^\s*|\s*$/g, "");
|
|
|
|
|
2018-02-28 04:36:43 +03:00
|
|
|
// Apply URI fixup so that this validation prevents bad URIs even if the
|
|
|
|
// similar fixup is applied later, especialy fixing typos up will convert
|
|
|
|
// non-URI to URI.
|
2019-10-12 15:37:51 +03:00
|
|
|
// We don't know if the uri comes from a private context, but luckily we
|
|
|
|
// are only using fixedURI, so there's no risk to use the wrong search
|
|
|
|
// engine.
|
2018-02-28 04:36:43 +03:00
|
|
|
let fixupFlags =
|
|
|
|
Ci.nsIURIFixup.FIXUP_FLAG_FIX_SCHEME_TYPOS |
|
|
|
|
Ci.nsIURIFixup.FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP;
|
|
|
|
let info = Services.uriFixup.getFixupURIInfo(uriString, fixupFlags);
|
|
|
|
if (!info.fixedURI || info.keywordProviderName) {
|
|
|
|
// Loading a keyword search should always be fine for all cases.
|
2010-04-18 22:27:18 +04:00
|
|
|
return uriString;
|
2018-02-28 04:36:43 +03:00
|
|
|
}
|
|
|
|
let uri = info.fixedURI;
|
2010-04-18 22:27:18 +04:00
|
|
|
|
|
|
|
let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
|
|
|
|
Ci.nsIScriptSecurityManager
|
|
|
|
);
|
2012-01-31 05:58:30 +04:00
|
|
|
let flags = secMan.STANDARD;
|
|
|
|
if (disallowInherit) {
|
|
|
|
flags |= secMan.DISALLOW_INHERIT_PRINCIPAL;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2012-01-31 05:58:30 +04:00
|
|
|
|
2018-02-28 04:36:43 +03:00
|
|
|
secMan.checkLoadURIWithPrincipal(triggeringPrincipal, uri, flags);
|
2010-04-18 22:27:18 +04:00
|
|
|
|
2018-02-28 04:36:43 +03:00
|
|
|
// Once we validated, return the URI after fixup, instead of the original
|
|
|
|
// uriString.
|
|
|
|
return uri.spec;
|
2010-04-18 22:27:18 +04:00
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
_getTriggeringPrincipalFromDataTransfer(
|
2018-02-09 04:43:53 +03:00
|
|
|
aDataTransfer,
|
|
|
|
fallbackToSystemPrincipal
|
2017-08-10 03:43:35 +03:00
|
|
|
) {
|
2018-02-09 04:43:53 +03:00
|
|
|
let sourceNode = aDataTransfer.mozSourceNode;
|
|
|
|
if (
|
|
|
|
sourceNode &&
|
|
|
|
(sourceNode.localName !== "browser" ||
|
|
|
|
sourceNode.namespaceURI !==
|
|
|
|
"http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul")
|
|
|
|
) {
|
|
|
|
// Use sourceNode's principal only if the sourceNode is not browser.
|
|
|
|
//
|
|
|
|
// If sourceNode is browser, the actual triggering principal may be
|
|
|
|
// differ than sourceNode's principal, since sourceNode's principal is
|
|
|
|
// top level document's one and the drag may be triggered from a frame
|
|
|
|
// with different principal.
|
|
|
|
if (sourceNode.nodePrincipal) {
|
|
|
|
return sourceNode.nodePrincipal;
|
|
|
|
}
|
2017-08-10 03:43:35 +03:00
|
|
|
}
|
2018-02-09 04:43:53 +03:00
|
|
|
|
|
|
|
// First, fallback to mozTriggeringPrincipalURISpec that is set when the
|
|
|
|
// drop comes from another content process.
|
|
|
|
let principalURISpec = aDataTransfer.mozTriggeringPrincipalURISpec;
|
|
|
|
if (!principalURISpec) {
|
|
|
|
// Fallback to either system principal or file principal, supposing
|
|
|
|
// the drop comes from outside of the browser, so that drops of file
|
|
|
|
// URIs are always allowed.
|
|
|
|
//
|
|
|
|
// TODO: Investigate and describe the difference between them,
|
|
|
|
// or use only one principal. (Bug 1367038)
|
|
|
|
if (fallbackToSystemPrincipal) {
|
|
|
|
let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
|
|
|
|
Ci.nsIScriptSecurityManager
|
|
|
|
);
|
|
|
|
return secMan.getSystemPrincipal();
|
|
|
|
} else {
|
|
|
|
principalURISpec = "file:///";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
let ioService = Cc["@mozilla.org/network/io-service;1"].getService(
|
|
|
|
Ci.nsIIOService
|
|
|
|
);
|
|
|
|
let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
|
|
|
|
Ci.nsIScriptSecurityManager
|
|
|
|
);
|
2019-07-08 19:37:45 +03:00
|
|
|
return secMan.createContentPrincipal(
|
|
|
|
ioService.newURI(principalURISpec),
|
|
|
|
{}
|
|
|
|
);
|
2017-08-10 03:43:35 +03:00
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
getTriggeringPrincipal(aEvent) {
|
2017-08-10 03:43:35 +03:00
|
|
|
let dataTransfer = aEvent.dataTransfer;
|
2018-02-09 04:43:53 +03:00
|
|
|
return this._getTriggeringPrincipalFromDataTransfer(dataTransfer, true);
|
2017-08-10 03:43:35 +03:00
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
getCSP(aEvent) {
|
2019-02-21 18:00:32 +03:00
|
|
|
let sourceNode = aEvent.dataTransfer.mozSourceNode;
|
2019-08-20 15:43:02 +03:00
|
|
|
if (aEvent.dataTransfer.mozCSP !== null) {
|
|
|
|
return aEvent.dataTransfer.mozCSP;
|
|
|
|
}
|
|
|
|
|
2019-02-21 18:00:32 +03:00
|
|
|
if (
|
|
|
|
sourceNode &&
|
|
|
|
(sourceNode.localName !== "browser" ||
|
|
|
|
sourceNode.namespaceURI !==
|
|
|
|
"http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul")
|
|
|
|
) {
|
2019-05-22 02:15:08 +03:00
|
|
|
// Use sourceNode's csp only if the sourceNode is not browser.
|
2019-02-21 18:00:32 +03:00
|
|
|
//
|
2019-05-22 02:15:08 +03:00
|
|
|
// If sourceNode is browser, the actual triggering csp may be differ than sourceNode's csp,
|
|
|
|
// since sourceNode's csp is top level document's one and the drag may be triggered from a
|
|
|
|
// frame with different csp.
|
|
|
|
return sourceNode.csp;
|
2019-02-21 18:00:32 +03:00
|
|
|
}
|
|
|
|
return null;
|
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
canDropLink(aEvent, aAllowSameDocument) {
|
2013-01-03 19:17:36 +04:00
|
|
|
if (this._eventTargetIsDisabled(aEvent)) {
|
|
|
|
return false;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2013-01-03 19:17:36 +04:00
|
|
|
|
2010-04-18 22:27:18 +04:00
|
|
|
let dataTransfer = aEvent.dataTransfer;
|
|
|
|
let types = dataTransfer.types;
|
2016-10-11 04:07:47 +03:00
|
|
|
if (
|
|
|
|
!types.includes("application/x-moz-file") &&
|
|
|
|
!types.includes("text/x-moz-url") &&
|
|
|
|
!types.includes("text/uri-list") &&
|
|
|
|
!types.includes("text/x-moz-text-internal") &&
|
|
|
|
!types.includes("text/plain")
|
2019-07-15 20:22:45 +03:00
|
|
|
) {
|
2010-04-18 22:27:18 +04:00
|
|
|
return false;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
|
|
|
if (aAllowSameDocument) {
|
|
|
|
return true;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
|
|
|
let sourceNode = dataTransfer.mozSourceNode;
|
|
|
|
if (!sourceNode) {
|
|
|
|
return true;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
|
|
|
// don't allow a drop of a node from the same document onto this one
|
|
|
|
let sourceDocument = sourceNode.ownerDocument;
|
|
|
|
let eventDocument = aEvent.originalTarget.ownerDocument;
|
|
|
|
if (sourceDocument == eventDocument) {
|
|
|
|
return false;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
|
|
|
// also check for nodes in other child or sibling frames by checking
|
|
|
|
// if both have the same top window.
|
|
|
|
if (sourceDocument && eventDocument) {
|
2016-05-27 16:19:53 +03:00
|
|
|
if (sourceDocument.defaultView == null) {
|
|
|
|
return true;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
let sourceRoot = sourceDocument.defaultView.top;
|
|
|
|
if (sourceRoot && sourceRoot == eventDocument.defaultView.top) {
|
|
|
|
return false;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
dropLink(aEvent, aName, aDisallowInherit) {
|
2010-04-18 22:27:18 +04:00
|
|
|
aName.value = "";
|
2015-11-11 01:15:03 +03:00
|
|
|
let links = this.dropLinks(aEvent, aDisallowInherit);
|
|
|
|
let url = "";
|
|
|
|
if (links.length > 0) {
|
|
|
|
url = links[0].url;
|
|
|
|
let name = links[0].name;
|
|
|
|
if (name) {
|
|
|
|
aName.value = name;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2015-11-11 01:15:03 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
2015-11-11 01:15:03 +03:00
|
|
|
return url;
|
|
|
|
},
|
2010-04-18 22:27:18 +04:00
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
dropLinks(aEvent, aDisallowInherit) {
|
2015-11-11 01:15:03 +03:00
|
|
|
if (aEvent && this._eventTargetIsDisabled(aEvent)) {
|
|
|
|
return [];
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
2015-11-11 01:15:03 +03:00
|
|
|
let dataTransfer = aEvent.dataTransfer;
|
|
|
|
let links = this._getDropLinks(dataTransfer);
|
2018-02-28 04:36:43 +03:00
|
|
|
let triggeringPrincipal = this._getTriggeringPrincipalFromDataTransfer(
|
|
|
|
dataTransfer,
|
|
|
|
false
|
|
|
|
);
|
2015-11-11 01:15:03 +03:00
|
|
|
|
|
|
|
for (let link of links) {
|
|
|
|
try {
|
2018-02-28 04:36:43 +03:00
|
|
|
link.url = this._validateURI(
|
|
|
|
dataTransfer,
|
|
|
|
link.url,
|
|
|
|
aDisallowInherit,
|
|
|
|
triggeringPrincipal
|
|
|
|
);
|
2015-11-11 01:15:03 +03:00
|
|
|
} catch (ex) {
|
|
|
|
// Prevent the drop entirely if any of the links are invalid even if
|
|
|
|
// one of them is valid.
|
|
|
|
aEvent.stopPropagation();
|
|
|
|
aEvent.preventDefault();
|
|
|
|
throw ex;
|
|
|
|
}
|
|
|
|
}
|
2010-04-18 22:27:18 +04:00
|
|
|
|
2015-11-11 01:15:03 +03:00
|
|
|
return links;
|
2013-01-03 19:17:36 +04:00
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
validateURIsForDrop(aEvent, aURIs, aDisallowInherit) {
|
2018-02-28 04:36:43 +03:00
|
|
|
let dataTransfer = aEvent.dataTransfer;
|
2018-02-28 04:36:43 +03:00
|
|
|
let triggeringPrincipal = this._getTriggeringPrincipalFromDataTransfer(
|
|
|
|
dataTransfer,
|
|
|
|
false
|
|
|
|
);
|
2018-02-28 04:36:43 +03:00
|
|
|
|
|
|
|
for (let uri of aURIs) {
|
2018-02-28 04:36:43 +03:00
|
|
|
this._validateURI(
|
|
|
|
dataTransfer,
|
|
|
|
uri,
|
|
|
|
aDisallowInherit,
|
|
|
|
triggeringPrincipal
|
|
|
|
);
|
2018-02-28 04:36:43 +03:00
|
|
|
}
|
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
queryLinks(aDataTransfer) {
|
2019-05-15 23:24:00 +03:00
|
|
|
return this._getDropLinks(aDataTransfer);
|
2017-08-22 11:07:03 +03:00
|
|
|
},
|
|
|
|
|
2019-09-02 14:22:27 +03:00
|
|
|
_eventTargetIsDisabled(aEvent) {
|
2013-01-03 19:17:36 +04:00
|
|
|
let ownerDoc = aEvent.originalTarget.ownerDocument;
|
|
|
|
if (!ownerDoc || !ownerDoc.defaultView) {
|
|
|
|
return false;
|
2019-07-15 20:22:45 +03:00
|
|
|
}
|
2013-01-03 19:17:36 +04:00
|
|
|
|
|
|
|
return ownerDoc.defaultView.windowUtils.isNodeDisabledForEvents(
|
|
|
|
aEvent.originalTarget
|
|
|
|
);
|
2010-04-18 22:27:18 +04:00
|
|
|
},
|
|
|
|
};
|
|
|
|
|
2019-01-30 22:37:53 +03:00
|
|
|
var EXPORTED_SYMBOLS = ["ContentAreaDropListener"];
|