Bug 1669453 - Get user passwords after validating same-origin. r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D198084
2024-01-10 23:31:03 +00:00 · 2024-01-10 23:31:03 +00:00 · 096f34a11c
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@ -11264,16 +11264,19 @@ nsDocShell::AddState(JS::Handle<JS::Value> aData, const nsAString& aTitle,
      // It's very important that we check that newURI is of the same
      // origin as currentURI, not docBaseURI, because a page can
      // set docBaseURI arbitrarily to any domain.
-      nsAutoCString currentUserPass, newUserPass;
-      NS_ENSURE_SUCCESS(currentURI->GetUserPass(currentUserPass),
-                        NS_ERROR_FAILURE);
-      NS_ENSURE_SUCCESS(newURI->GetUserPass(newUserPass), NS_ERROR_FAILURE);
      bool isPrivateWin =
          document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId >
          0;
      if (NS_FAILED(secMan->CheckSameOriginURI(currentURI, newURI, true,
-                                               isPrivateWin)) ||
-          !currentUserPass.Equals(newUserPass)) {
+                                               isPrivateWin))) {
+        return NS_ERROR_DOM_SECURITY_ERR;
+      }
+
+      nsAutoCString currentUserPass, newUserPass;
+      NS_ENSURE_SUCCESS(currentURI->GetUserPass(currentUserPass),
+                        NS_ERROR_FAILURE);
+      NS_ENSURE_SUCCESS(newURI->GetUserPass(newUserPass), NS_ERROR_FAILURE);
+      if (!currentUserPass.Equals(newUserPass)) {
        return NS_ERROR_DOM_SECURITY_ERR;
      }
    } else {
--- a/testing/web-platform/meta/html/browsers/history/the-history-interface/001.html.ini
+++ b/testing/web-platform/meta/html/browsers/history/the-history-interface/001.html.ini
@ -1,8 +0,0 @@
-[001.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
-  [pushState must not be allowed to create cross-origin URLs (about:blank)]
-    expected: FAIL
-
-  [pushState must not be allowed to create cross-origin URLs (data:URI)]
-    expected: FAIL
--- a/testing/web-platform/meta/html/browsers/history/the-history-interface/002.html.ini
+++ b/testing/web-platform/meta/html/browsers/history/the-history-interface/002.html.ini
@ -1,8 +0,0 @@
-[002.html]
-  expected:
-    if (os == "android") and fission: [OK, TIMEOUT]
-  [replaceState must not be allowed to create cross-origin URLs (about:blank)]
-    expected: FAIL
-
-  [replaceState must not be allowed to create cross-origin URLs (data:URI)]
-    expected: FAIL