Landing fix for bug 397571. Only expose known safe functions to untrusted script in nsIDOMWindowUtils. Patch by suryaismail@gmail.com, r+sr+a=jst@mozilla.org

2007-10-10 14:03:12 -07:00 · 2007-10-10 14:03:12 -07:00 · 1b2003d222
--- a/dom/public/idl/base/nsIDOMWindowUtils.idl
+++ b/dom/public/idl/base/nsIDOMWindowUtils.idl
@ -71,7 +71,8 @@ interface nsIDOMWindowUtils : nsISupports {

  /**
   * Whether the charset of the window's current document has been forced by
-   * the user
+   * the user.
+   * Cannot be accessed from unprivileged context (not content-accessible)
   */
  readonly attribute boolean docCharsetIsForced;

@ -105,6 +106,10 @@ interface nsIDOMWindowUtils : nsISupports {
   * mouseover and mouseout events, a movemove event fired on the new element
   * should be sufficient to generate the correct over and out events as well.
   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without UniversalXPConnect
+   * privileges.
+   *
   * @param aType event type
   * @param aX x offset
   * @param aY y offset
@ -125,6 +130,10 @@ interface nsIDOMWindowUtils : nsISupports {
   *
   * Key events generally end up being sent to the focused node.
   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without UniversalXPConnect
+   * privileges.
+   *
   * @param aType event type
   * @param aKeyCode key code
   * @param aCharCode character code
@ -140,6 +149,10 @@ interface nsIDOMWindowUtils : nsISupports {
   * that the window is displaying. Pass null to blur the element, if any,
   * that currently has focus, and focus the document.
   *
+   * Cannot be accessed from unprivileged context (not content-accessible)
+   * Will throw a DOM security error if called without UniversalXPConnect
+   * privileges.
+   *
   * @param aElement the element to focus
   */
  void focus(in nsIDOMElement aElement);
--- a/dom/src/base/nsDOMWindowUtils.cpp
+++ b/dom/src/base/nsDOMWindowUtils.cpp
@ -297,6 +297,11 @@ nsDOMWindowUtils::GetWidget()
 NS_IMETHODIMP
 nsDOMWindowUtils::Focus(nsIDOMElement* aElement)
 {
+  PRBool hasCap = PR_FALSE;
+  if (NS_FAILED(nsContentUtils::GetSecurityManager()->IsCapabilityEnabled(
+    "UniversalXPConnect", &hasCap)) || !hasCap)
+    return NS_ERROR_DOM_SECURITY_ERR;
+
  if (mWindow) {
    nsCOMPtr<nsIContent> content = do_QueryInterface(aElement);
    if (content) {