Backing out mstoltz. r=dbaron,jrgm

2002-02-19 04:06:53 +00:00 · 2002-02-19 04:06:53 +00:00 · 1a3a52cce7
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@ -198,12 +198,6 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
    [noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx,
                                               in JSObjectPtr obj);

-    /**
-     * Returns true if the principal of the currently running script is the
-     * system principal, false otherwise.
-     */
-    boolean subjectPrincipalIsSystem();
-
    /**
     * Forget all currently stored security policies and reread from prefs.
     * This must be called after any capability.policy prefs have changed.
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@ -1240,31 +1240,6 @@ nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal **result)
    return NS_OK;
 }

-NS_IMETHODIMP
-nsScriptSecurityManager::SubjectPrincipalIsSystem(PRBool* aIsSystem)
-{
-    NS_ENSURE_ARG_POINTER(aIsSystem);
-    *aIsSystem = PR_FALSE;
-
-    if (!mSystemPrincipal)
-        return NS_OK;
-
-    nsCOMPtr<nsIPrincipal> subject;
-    nsresult rv = GetSubjectPrincipal(getter_AddRefs(subject));
-    if (NS_FAILED(rv))
-        return rv;
-
-    if(!subject)
-    {
-        // No subject principal means no JS is running;
-        // this is the equivalent of system principal code
-        *aIsSystem = PR_TRUE;
-        return NS_OK;
-    }
-
-    return mSystemPrincipal->Equals(subject, aIsSystem);
-}
-
 NS_IMETHODIMP
 nsScriptSecurityManager::GetCertificatePrincipal(const char* aCertID,
                                                 nsIPrincipal **result)
@ -2702,6 +2677,7 @@ nsScriptSecurityManager::InitPrefs()
    PRUint32 prefCount;
    char** prefNames;

+    //-- Set a callback for policy changes
    // Registering the security manager as an observer to the
    // profile-after-change topic. We will build up the policy table
    // after the initial profile loads and after profile switches.
--- a/dom/resources/locale/dom.properties
+++ b/dom/resources/locale/dom.properties
@ -1,4 +1 @@
-JSURLLoadBlockedWarning = Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.
-ConfirmWindowCloseDialogTitle = Close Window?
-ConfirmWindowCloseDialogText = A script wants to close the current window. Do you wish to allow this?
-
+JSURLLoadBlockedWarning=Attempt to load a javascript: URL from one host\nin a window displaying content from another host\nwas blocked by the security manager.
--- a/dom/src/base/Makefile.in
+++ b/dom/src/base/Makefile.in
@ -60,7 +60,6 @@ REQUIRES	= xpcom \
 		  xmlextras \
                  find \
                  appshell \
-		  intl \
 		  $(NULL)

 CPPSRCS =			\
--- a/dom/src/base/makefile.win
+++ b/dom/src/base/makefile.win
@ -57,7 +57,6 @@ REQUIRES	= xpcom \
 		  htmlparser \
 		  chardet \
 		  transformiix \
-		  intl \
 		  xmlextras \
                  find \
                  appshell \
--- a/dom/src/base/nsGlobalWindow.cpp
+++ b/dom/src/base/nsGlobalWindow.cpp
@ -124,7 +124,6 @@
 #include "nsISupportsPrimitives.h"
 #include "nsDOMClassInfo.h"
 #include "nsIJSNativeInitializer.h"
-#include "nsIStringBundle.h"

 #include "plbase64.h"

@ -156,7 +155,7 @@ static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
 static NS_DEFINE_CID(kWindowMediatorCID, NS_WINDOWMEDIATOR_CID); // For window.find()
 static const char *sWindowWatcherContractID = "@mozilla.org/embedcomp/window-watcher;1";
 static const char *sJSStackContractID = "@mozilla.org/js/xpc/ContextStack;1";
-static NS_DEFINE_CID(kStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
+

 static const char * const kCryptoContractID = NS_CRYPTO_CONTRACTID;
 static const char * const kPkcs11ContractID = NS_PKCS11_CONTRACTID;
@ -1157,28 +1156,7 @@ GlobalWindowImpl::GetControllers(nsIControllers** aResult)
 NS_IMETHODIMP
 GlobalWindowImpl::GetOpener(nsIDOMWindowInternal** aOpener)
 {
-  *aOpener = nsnull;
-  // We don't want to reveal the opener if the opener is a mail window,
-  // because opener can be used to spoof the contents of a message (bug 105050).
-  // So, we look in the opener's root docshell to see if it's a mail window.
-  nsCOMPtr<nsIScriptGlobalObject> openerSGO(do_QueryInterface(mOpener));
-  if (openerSGO) {
-    nsCOMPtr<nsIDocShell> openerDocShell;
-    openerSGO->GetDocShell(getter_AddRefs(openerDocShell));
-    nsCOMPtr<nsIDocShellTreeItem> docShellAsItem(do_QueryInterface(openerDocShell));
-    if (docShellAsItem) {
-      nsCOMPtr<nsIDocShellTreeItem> openerRootItem;
-      docShellAsItem->GetRootTreeItem(getter_AddRefs(openerRootItem));
-      nsCOMPtr<nsIDocShell> openerRootDocShell(do_QueryInterface(openerRootItem));
-      if (openerRootDocShell) {
-        PRUint32 appType;
-        nsresult rv = openerRootDocShell->GetAppType(&appType);
-        if (NS_SUCCEEDED(rv) && appType != nsIDocShell::APP_TYPE_MAIL) {
-          *aOpener = mOpener;
-        }
-      }
-    }
-  } 
+  *aOpener = mOpener;
  NS_IF_ADDREF(*aOpener);
  return NS_OK;
 }
@ -2460,46 +2438,6 @@ GlobalWindowImpl::GetFrames(nsIDOMWindow** aFrames)
  return NS_OK;
 }

-#define DOM_PROPERTIES_URL "chrome://communicator/locale/dom/dom.properties"
-
-nsresult
-GlobalWindowImpl::ConfirmClose(PRBool* aConfirmed)
-{
-  nsresult rv;
-  // Get the localized strings for the dialog
-  nsCOMPtr<nsIStringBundleService> bundleService(
-    do_GetService(kStringBundleServiceCID, &rv));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  //XXX: What to do on error?
-  nsCOMPtr<nsIStringBundle> bundle;
-  rv = bundleService->CreateBundle(NS_LITERAL_CSTRING(DOM_PROPERTIES_URL).get(),
-                                   getter_AddRefs(bundle));
-  NS_ENSURE_SUCCESS(rv, rv);
-    
-  nsXPIDLString confirmTitle;
-  rv = bundle->GetStringFromName(NS_LITERAL_STRING("ConfirmWindowCloseDialogTitle").get(),
-                                 getter_Copies(confirmTitle));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  nsXPIDLString confirmText;
-  rv = bundle->GetStringFromName(NS_LITERAL_STRING("ConfirmWindowCloseDialogText").get(),
-                                 getter_Copies(confirmText));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  // Show the dialog
-  nsCOMPtr<nsIPrompt> prompter;
-  rv = GetPrompter(getter_AddRefs(prompter));
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  return prompter->Confirm(confirmTitle,
-                           confirmText, aConfirmed);
-}
-
-#define DENY_SCRIPT_CLOSE      0
-#define CONFIRM_SCRIPT_CLOSE   1
-#define ALLOW_SCRIPT_CLOSE     2
-
 NS_IMETHODIMP
 GlobalWindowImpl::Close()
 {
@ -2509,44 +2447,15 @@ GlobalWindowImpl::Close()
  if (parent != NS_STATIC_CAST(nsIDOMWindow *, this)) {
    // window.close() is called on a frame in a frameset, such calls
    // are ignored.
+
    return NS_OK;
  }

-  // If this window was not opened by script (!mOpener), find out
-  // whether it's OK for a script to close it.
-  if (!mOpener) {
-    nsresult rv;
-    nsCOMPtr<nsIScriptSecurityManager> secMan = 
-      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    // System scripts can close all windows
-    PRBool InSystemCode = PR_FALSE;
-    rv = secMan->SubjectPrincipalIsSystem(&InSystemCode);
-    if (NS_FAILED(rv) || !InSystemCode) {
-      // Check the pref "dom.allow_scripts_to_close_windows"
-      nsCOMPtr<nsIPref> pref(do_GetService(kPrefServiceCID, &rv));
-      NS_ENSURE_SUCCESS(rv, rv);
-
-      PRInt32 closePref;
-      rv = pref->GetIntPref("dom.allow_scripts_to_close_windows", &closePref);
-      if (NS_FAILED(rv))
-          closePref = CONFIRM_SCRIPT_CLOSE;
-      PRBool confirmOK = PR_FALSE;
-      if (closePref == CONFIRM_SCRIPT_CLOSE) {
-        // Ask the user whether it's OK to close the window        
-        rv = ConfirmClose(&confirmOK);
-        if (NS_FAILED(rv))
-          return rv;
-      } else {
-        confirmOK = (closePref == ALLOW_SCRIPT_CLOSE);
-      }
-      if (!confirmOK) {
-        // User clicked Cancel, so abort the close
-        return NS_OK;
-      }
-    }
-  }
+  // Note: the basic security check, rejecting windows not opened through JS,
+  // has been removed. This was approved long ago by ...you're going to call me
+  // on this, aren't you... well it was. And anyway, a better means is coming.
+  // In the new world of application-level interfaces being written in JS, this
+  // security check was causing problems.

  nsCOMPtr<nsIJSContextStack> stack =
    do_GetService("@mozilla.org/js/xpc/ContextStack;1");
--- a/dom/src/base/nsGlobalWindow.h
+++ b/dom/src/base/nsGlobalWindow.h
@ -214,7 +214,6 @@ protected:
                          const nsAReadableString& aOptions,
                          PRBool aDialog, jsval *argv, PRUint32 argc,
                          nsISupports *aExtraArgument, nsIDOMWindow **aReturn);
-  nsresult ConfirmClose(PRBool* aConfirmed);
  static void CloseWindow(nsISupports* aWindow);

  // Timeout Functions
--- a/modules/libpref/src/init/all.js
+++ b/modules/libpref/src/init/all.js
@ -335,9 +335,6 @@ pref("capability.principal.codebase.foo.granted", "UniversalFoo");
 //////////////////////////////////////////////////////////

 pref("dom.disable_open_during_load", false);
-// 0 = never allow scripts to close windows that weren't opened by script,
-// 1 = prompt user,  2 = always allow. Default is prompt.
-pref("dom.allow_scripts_to_close_windows", 1);

 pref("javascript.enabled",                  true);
 pref("javascript.allow.mailnews",           false);