mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1522181 - multiple external protocol URL blocker behind pref, r=smaug

This commit is contained in:
Andrea Marchesini 2019-01-24 06:31:41 +01:00
Родитель e2b193a67c
Коммит 0ae3238ccd
3 изменённых файлов: 60 добавлений и 39 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -9640,6 +9640,7 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME, aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_FRAME,
"DoURILoad thinks this is a frame and InternalLoad does not"); "DoURILoad thinks this is a frame and InternalLoad does not");
if (StaticPrefs::dom_block_external_protocol_in_iframes()) {
// Only allow URLs able to return data in iframes. // Only allow URLs able to return data in iframes.
bool doesNotReturnData = false; bool doesNotReturnData = false;
NS_URIChainHasFlags(aLoadState->URI(), NS_URIChainHasFlags(aLoadState->URI(),
@ -9648,8 +9649,9 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
if (doesNotReturnData) { if (doesNotReturnData) {
bool popupBlocked = true; bool popupBlocked = true;
// Let's consider external protocols as popups and let's check if the page // Let's consider external protocols as popups and let's check if the
// is allowed to open them without abuse regardless of allowed events // page is allowed to open them without abuse regardless of allowed
// events
if (PopupBlocker::GetPopupControlState() <= PopupBlocker::openBlocked) { if (PopupBlocker::GetPopupControlState() <= PopupBlocker::openBlocked) {
popupBlocked = !PopupBlocker::TryUsePopupOpeningToken(); popupBlocked = !PopupBlocker::TryUsePopupOpeningToken();
} else { } else {
@ -9665,6 +9667,7 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
return NS_ERROR_UNKNOWN_PROTOCOL; return NS_ERROR_UNKNOWN_PROTOCOL;
} }
} }
}
// Only allow view-source scheme in top-level docshells. view-source is // Only allow view-source scheme in top-level docshells. view-source is
// the only scheme to which this applies at the moment due to potential // the only scheme to which this applies at the moment due to potential

9
dom/html/test/test_external_protocol_iframe.html
Просмотреть файл

@ -10,8 +10,7 @@
<div id='foo'><a href='#'>Click here to test this issue</a></div> <div id='foo'><a href='#'>Click here to test this issue</a></div>
<script> <script>
SimpleTest.waitForExplicitFinish(); function next() {
let foo = document.getElementById('foo'); let foo = document.getElementById('foo');
foo.addEventListener('click', _ => { foo.addEventListener('click', _ => {
is(ChromeUtils.getPopupControlState(), "openAllowed", "Click events allow popups"); is(ChromeUtils.getPopupControlState(), "openAllowed", "Click events allow popups");
@ -33,7 +32,13 @@ foo.addEventListener('click', _ => {
setTimeout(_ => { setTimeout(_ => {
sendMouseEvent({type:'click'}, 'foo'); sendMouseEvent({type:'click'}, 'foo');
}, 0); }, 0);
}
SpecialPowers.pushPrefEnv({'set': [
['dom.block_external_protocol_in_iframes', true],
]}, next);
SimpleTest.waitForExplicitFinish();
</script> </script>
</body> </body>
</html> </html>

13
modules/libpref/init/StaticPrefList.h
Просмотреть файл

@ -456,6 +456,19 @@ VARCACHE_PREF(
RelaxedAtomicBool, false RelaxedAtomicBool, false
) )
// Block multiple external protocol URLs in iframes per single event.
#ifdef NIGHTLY_BUILD
#define PREF_VALUE true
#else
#define PREF_VALUE false
#endif
VARCACHE_PREF(
"dom.block_external_protocol_in_iframes",
dom_block_external_protocol_in_iframes,
bool, PREF_VALUE
)
#undef PREF_VALUE
// Block multiple window.open() per single event. // Block multiple window.open() per single event.
VARCACHE_PREF( VARCACHE_PREF(
"dom.block_multiple_popups", "dom.block_multiple_popups",