2015-05-03 22:32:37 +03:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
|
2012-05-21 15:12:37 +04:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2005-04-11 04:29:36 +04:00
|
|
|
|
2006-03-30 12:03:04 +04:00
|
|
|
/*
|
|
|
|
* Content policy implementation that prevents all loads of images,
|
|
|
|
* subframes, etc from documents loaded as data (eg documents loaded
|
|
|
|
* via XMLHttpRequest).
|
|
|
|
*/
|
|
|
|
|
2015-06-16 17:39:00 +03:00
|
|
|
#include "nsContentUtils.h"
|
2005-04-11 04:29:36 +04:00
|
|
|
#include "nsDataDocumentContentPolicy.h"
|
2011-01-28 18:59:15 +03:00
|
|
|
#include "nsNetUtil.h"
|
2015-07-07 05:17:00 +03:00
|
|
|
#include "nsIProtocolHandler.h"
|
2011-01-28 18:59:15 +03:00
|
|
|
#include "nsScriptSecurityManager.h"
|
2019-01-02 16:05:23 +03:00
|
|
|
#include "mozilla/dom/Document.h"
|
2006-01-31 07:25:22 +03:00
|
|
|
#include "nsINode.h"
|
2005-04-11 04:29:36 +04:00
|
|
|
#include "nsIDOMWindow.h"
|
2015-07-22 19:03:07 +03:00
|
|
|
#include "nsIURI.h"
|
2005-04-11 04:29:36 +04:00
|
|
|
|
2014-04-27 11:06:00 +04:00
|
|
|
NS_IMPL_ISUPPORTS(nsDataDocumentContentPolicy, nsIContentPolicy)
|
2005-04-11 04:29:36 +04:00
|
|
|
|
2011-11-08 01:45:42 +04:00
|
|
|
// Helper method for ShouldLoad()
|
|
|
|
// Checks a URI for the given flags. Returns true if the URI has the flags,
|
|
|
|
// and false if not (or if we weren't able to tell).
|
2012-08-22 19:56:38 +04:00
|
|
|
static bool HasFlags(nsIURI *aURI, uint32_t aURIFlags) {
|
2011-11-08 01:45:42 +04:00
|
|
|
bool hasFlags;
|
|
|
|
nsresult rv = NS_URIChainHasFlags(aURI, aURIFlags, &hasFlags);
|
|
|
|
return NS_SUCCEEDED(rv) && hasFlags;
|
|
|
|
}
|
|
|
|
|
2013-01-08 21:16:28 +04:00
|
|
|
// If you change DataDocumentContentPolicy, make sure to check that
|
|
|
|
// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
|
|
|
|
// nsContentPolicyUtils may not pass all the parameters to ShouldLoad.
|
2005-04-11 04:29:36 +04:00
|
|
|
NS_IMETHODIMP
|
2018-03-29 13:16:23 +03:00
|
|
|
nsDataDocumentContentPolicy::ShouldLoad(nsIURI *aContentLocation,
|
|
|
|
nsILoadInfo *aLoadInfo,
|
2005-04-11 04:29:36 +04:00
|
|
|
const nsACString &aMimeGuess,
|
2012-08-22 19:56:38 +04:00
|
|
|
int16_t *aDecision) {
|
2018-05-30 22:21:17 +03:00
|
|
|
uint32_t contentType = aLoadInfo->GetExternalContentPolicyType();
|
|
|
|
nsCOMPtr<nsISupports> requestingContext = aLoadInfo->GetLoadingContext();
|
2018-03-29 13:16:23 +03:00
|
|
|
|
2018-05-30 22:21:17 +03:00
|
|
|
MOZ_ASSERT(contentType == nsContentUtils::InternalContentPolicyTypeToExternal(
|
|
|
|
contentType),
|
2015-06-12 23:52:07 +03:00
|
|
|
"We should only see external content policy types here.");
|
|
|
|
|
2005-04-11 04:29:36 +04:00
|
|
|
*aDecision = nsIContentPolicy::ACCEPT;
|
2018-05-30 22:21:17 +03:00
|
|
|
// Look for the document. In most cases, requestingContext is a node.
|
2019-01-02 16:05:23 +03:00
|
|
|
nsCOMPtr<Document> doc;
|
2018-05-30 22:21:17 +03:00
|
|
|
nsCOMPtr<nsINode> node = do_QueryInterface(requestingContext);
|
2006-01-31 07:25:22 +03:00
|
|
|
if (node) {
|
2011-10-18 14:53:36 +04:00
|
|
|
doc = node->OwnerDoc();
|
2006-01-31 04:47:30 +03:00
|
|
|
} else {
|
2018-05-30 22:21:17 +03:00
|
|
|
if (nsCOMPtr<nsPIDOMWindowOuter> window =
|
|
|
|
do_QueryInterface(requestingContext)) {
|
2014-01-15 18:26:51 +04:00
|
|
|
doc = window->GetDoc();
|
2005-04-11 04:29:36 +04:00
|
|
|
}
|
|
|
|
}
|
2008-10-05 00:00:09 +04:00
|
|
|
|
|
|
|
// DTDs are always OK to load
|
2018-05-30 22:21:17 +03:00
|
|
|
if (!doc || contentType == nsIContentPolicy::TYPE_DTD) {
|
2008-10-05 00:00:09 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2011-01-28 18:52:16 +03:00
|
|
|
// Nothing else is OK to load for data documents
|
|
|
|
if (doc->IsLoadedAsData()) {
|
2012-09-04 17:29:27 +04:00
|
|
|
// ...but let static (print/print preview) documents to load fonts.
|
2018-05-30 22:21:17 +03:00
|
|
|
if (!doc->IsStaticDocument() ||
|
|
|
|
contentType != nsIContentPolicy::TYPE_FONT) {
|
2012-09-04 17:29:27 +04:00
|
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
|
|
return NS_OK;
|
|
|
|
}
|
2008-10-05 00:00:09 +04:00
|
|
|
}
|
|
|
|
|
2019-01-02 16:05:23 +03:00
|
|
|
Document *docToCheckForImage = doc->GetDisplayDocument();
|
2016-11-29 03:31:12 +03:00
|
|
|
if (!docToCheckForImage) {
|
|
|
|
docToCheckForImage = doc;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (docToCheckForImage->IsBeingUsedAsImage()) {
|
2011-11-08 01:45:42 +04:00
|
|
|
// We only allow SVG images to load content from URIs that are local and
|
|
|
|
// also satisfy one of the following conditions:
|
|
|
|
// - URI inherits security context, e.g. data URIs
|
|
|
|
// OR
|
2012-01-12 14:36:03 +04:00
|
|
|
// - URI loadable by subsumers, e.g. blob URIs
|
2011-11-08 01:45:42 +04:00
|
|
|
// Any URI that doesn't meet these requirements will be rejected below.
|
2015-08-16 23:37:56 +03:00
|
|
|
if (!(HasFlags(aContentLocation,
|
|
|
|
nsIProtocolHandler::URI_IS_LOCAL_RESOURCE) &&
|
|
|
|
(HasFlags(aContentLocation,
|
|
|
|
nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT) ||
|
|
|
|
HasFlags(aContentLocation,
|
|
|
|
nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS)))) {
|
2011-01-28 18:59:15 +03:00
|
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
|
|
|
2011-11-08 01:45:42 +04:00
|
|
|
// Report error, if we can.
|
2011-01-28 18:59:15 +03:00
|
|
|
if (node) {
|
|
|
|
nsIPrincipal *requestingPrincipal = node->NodePrincipal();
|
2015-10-18 08:24:48 +03:00
|
|
|
RefPtr<nsIURI> principalURI;
|
2011-11-08 01:45:42 +04:00
|
|
|
nsresult rv = requestingPrincipal->GetURI(getter_AddRefs(principalURI));
|
2011-01-28 18:59:15 +03:00
|
|
|
if (NS_SUCCEEDED(rv) && principalURI) {
|
|
|
|
nsScriptSecurityManager::ReportError(
|
2018-09-25 08:25:05 +03:00
|
|
|
"ExternalDataError", principalURI, aContentLocation,
|
|
|
|
requestingPrincipal->OriginAttributesRef().mPrivateBrowsingId >
|
|
|
|
0);
|
2011-01-28 18:59:15 +03:00
|
|
|
}
|
|
|
|
}
|
2018-05-30 22:21:17 +03:00
|
|
|
} else if ((contentType == nsIContentPolicy::TYPE_IMAGE ||
|
|
|
|
contentType == nsIContentPolicy::TYPE_IMAGESET) &&
|
2011-06-23 09:21:47 +04:00
|
|
|
doc->GetDocumentURI()) {
|
|
|
|
// Check for (& disallow) recursive image-loads
|
2011-09-29 10:19:26 +04:00
|
|
|
bool isRecursiveLoad;
|
2011-11-08 01:45:42 +04:00
|
|
|
nsresult rv = aContentLocation->EqualsExceptRef(doc->GetDocumentURI(),
|
|
|
|
&isRecursiveLoad);
|
2011-06-23 09:21:47 +04:00
|
|
|
if (NS_FAILED(rv) || isRecursiveLoad) {
|
|
|
|
NS_WARNING("Refusing to recursively load image");
|
|
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
|
|
}
|
2011-01-28 18:59:15 +03:00
|
|
|
}
|
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2011-11-14 02:21:41 +04:00
|
|
|
// Allow all loads for non-resource documents
|
|
|
|
if (!doc->IsResourceDoc()) {
|
2008-10-05 00:00:09 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
2011-11-14 02:21:41 +04:00
|
|
|
// For resource documents, blacklist some load types
|
2018-05-30 22:21:17 +03:00
|
|
|
if (contentType == nsIContentPolicy::TYPE_OBJECT ||
|
|
|
|
contentType == nsIContentPolicy::TYPE_DOCUMENT ||
|
|
|
|
contentType == nsIContentPolicy::TYPE_SUBDOCUMENT ||
|
|
|
|
contentType == nsIContentPolicy::TYPE_SCRIPT ||
|
|
|
|
contentType == nsIContentPolicy::TYPE_XSLT ||
|
|
|
|
contentType == nsIContentPolicy::TYPE_FETCH ||
|
|
|
|
contentType == nsIContentPolicy::TYPE_WEB_MANIFEST) {
|
2006-01-31 04:47:30 +03:00
|
|
|
*aDecision = nsIContentPolicy::REJECT_TYPE;
|
|
|
|
}
|
|
|
|
|
2013-01-08 21:16:28 +04:00
|
|
|
// If you add more restrictions here, make sure to check that
|
|
|
|
// CHECK_PRINCIPAL_AND_DATA in nsContentPolicyUtils is still valid.
|
|
|
|
// nsContentPolicyUtils may not pass all the parameters to ShouldLoad
|
|
|
|
|
2005-04-11 04:29:36 +04:00
|
|
|
return NS_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
NS_IMETHODIMP
|
2018-03-29 13:16:23 +03:00
|
|
|
nsDataDocumentContentPolicy::ShouldProcess(nsIURI *aContentLocation,
|
|
|
|
nsILoadInfo *aLoadInfo,
|
2005-04-11 04:29:36 +04:00
|
|
|
const nsACString &aMimeGuess,
|
2012-08-22 19:56:38 +04:00
|
|
|
int16_t *aDecision) {
|
2018-03-29 13:16:23 +03:00
|
|
|
return ShouldLoad(aContentLocation, aLoadInfo, aMimeGuess, aDecision);
|
2005-04-11 04:29:36 +04:00
|
|
|
}
|