зеркало из https://github.com/mozilla/gecko-dev.git
fixes bug 271411 "Same-origin checking for XForms submission" r=bryner sr=jst
This commit is contained in:
Родитель
577739f6ea
Коммит
36ecadf8f0
|
@ -49,6 +49,7 @@
|
|||
#include "nsIDOMDOMImplementation.h"
|
||||
#include "nsIXTFGenericElementWrapper.h"
|
||||
#include "nsXFormsUtils.h"
|
||||
#include "nsNetUtil.h"
|
||||
|
||||
NS_IMPL_ISUPPORTS_INHERITED3(nsXFormsInstanceElement,
|
||||
nsXFormsStubElement,
|
||||
|
@ -253,14 +254,29 @@ nsXFormsInstanceElement::LoadExternalInstance(const nsAString &aSrc)
|
|||
if (NS_FAILED(CreateInstanceDocument()))
|
||||
return;
|
||||
|
||||
nsCOMPtr<nsIDOMEventReceiver> rec = do_QueryInterface(mDocument);
|
||||
rec->AddEventListenerByIID(this, NS_GET_IID(nsIDOMLoadListener));
|
||||
nsCOMPtr<nsIDocument> doc = do_QueryInterface(mDocument);
|
||||
if (!doc)
|
||||
return;
|
||||
|
||||
nsCOMPtr<nsIDOMXMLDocument> xmlDoc = do_QueryInterface(mDocument);
|
||||
NS_ASSERTION(xmlDoc, "we created a document but it's not an XMLDocument?");
|
||||
nsCOMPtr<nsIURI> uri;
|
||||
NS_NewURI(getter_AddRefs(uri), aSrc, doc->GetDocumentCharacterSet().get(),
|
||||
doc->GetDocumentURI());
|
||||
if (!uri)
|
||||
return;
|
||||
|
||||
PRBool success;
|
||||
xmlDoc->Load(aSrc, &success);
|
||||
PRBool success = PR_FALSE;
|
||||
|
||||
if (nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), uri)) {
|
||||
nsCOMPtr<nsIDOMEventReceiver> rec = do_QueryInterface(mDocument);
|
||||
rec->AddEventListenerByIID(this, NS_GET_IID(nsIDOMLoadListener));
|
||||
|
||||
nsCOMPtr<nsIDOMXMLDocument> xmlDoc = do_QueryInterface(mDocument);
|
||||
NS_ASSERTION(xmlDoc, "we created a document but it's not an XMLDocument?");
|
||||
|
||||
nsCAutoString spec;
|
||||
uri->GetSpec(spec);
|
||||
xmlDoc->Load(NS_ConvertUTF8toUTF16(spec), &success);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIModelElementPrivate> model = GetModel();
|
||||
if (model) {
|
||||
|
|
|
@ -92,6 +92,8 @@ nsXFormsSetValueElement::HandleAction(nsIDOMEvent* aEvent,
|
|||
nsCOMPtr<nsIDOMXPathResult> xpResult =
|
||||
nsXFormsUtils::EvaluateXPath(value, docElement, mElement,
|
||||
nsIDOMXPathResult::STRING_TYPE);
|
||||
if (!xpResult)
|
||||
return NS_OK;
|
||||
xpResult->GetStringValue(value);
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -1341,24 +1341,15 @@ nsXFormsSubmissionElement::SendData(PRUint32 format,
|
|||
|
||||
nsresult rv;
|
||||
|
||||
// We require same-origin for replace="instance" or XML submission
|
||||
|
||||
nsAutoString replace;
|
||||
mElement->GetAttribute(NS_LITERAL_STRING("replace"), replace);
|
||||
if (replace.IsEmpty() || replace.EqualsLiteral("all"))
|
||||
if (format & (ENCODING_XML | ENCODING_MULTIPART_RELATED) ||
|
||||
replace.EqualsLiteral("instance"))
|
||||
{
|
||||
// check to see if we're allowed to load this URI
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
|
||||
NS_ENSURE_STATE(secMan);
|
||||
|
||||
rv = secMan->CheckConnect(nsnull, uri, "XForms", "submission");
|
||||
if (NS_FAILED(rv))
|
||||
{
|
||||
// We need to return success here so that JS will get a proper
|
||||
// exception thrown later. Native calls should always result in
|
||||
// CheckConnect() succeeding, but in case JS calls C++ which calls
|
||||
// this code the exception might be lost.
|
||||
return NS_OK;
|
||||
}
|
||||
if (!nsXFormsUtils::CheckSameOrigin(doc->GetDocumentURI(), uri))
|
||||
return NS_ERROR_ABORT;
|
||||
}
|
||||
|
||||
// wrap the entire upload stream in a buffered input stream, so that
|
||||
|
|
|
@ -58,6 +58,10 @@
|
|||
#include "nsIDOMEventTarget.h"
|
||||
#include "nsDataHashtable.h"
|
||||
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsIPermissionManager.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
|
||||
struct EventData
|
||||
{
|
||||
const char *name;
|
||||
|
@ -835,3 +839,30 @@ nsXFormsUtils::FindParentContext(nsIDOMElement *aElement,
|
|||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/* static */ PRBool
|
||||
nsXFormsUtils::CheckSameOrigin(nsIURI *aBaseURI, nsIURI *aTestURI)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
// check to see if we're allowed to load this URI
|
||||
nsCOMPtr<nsIScriptSecurityManager> secMan =
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
|
||||
if (secMan) {
|
||||
rv = secMan->CheckSameOriginURI(aBaseURI, aTestURI);
|
||||
if (NS_SUCCEEDED(rv))
|
||||
return PR_TRUE;
|
||||
}
|
||||
|
||||
// else, check with the permission manager to see if this host is
|
||||
// permitted to access sites from other domains.
|
||||
|
||||
nsCOMPtr<nsIPermissionManager> permMgr =
|
||||
do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
|
||||
PRUint32 perm;
|
||||
rv = permMgr->TestPermission(aBaseURI, "xforms-load", &perm);
|
||||
if (NS_SUCCEEDED(rv) && perm == nsIPermissionManager::ALLOW_ACTION)
|
||||
return PR_TRUE;
|
||||
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
|
|
@ -47,6 +47,7 @@
|
|||
class nsIDOMNode;
|
||||
class nsIDOMElement;
|
||||
class nsIXFormsModelElement;
|
||||
class nsIURI;
|
||||
class nsString;
|
||||
|
||||
#define NS_NAMESPACE_XFORMS "http://www.w3.org/2002/xforms"
|
||||
|
@ -292,6 +293,11 @@ public:
|
|||
PRInt32 *aContextPosition,
|
||||
PRInt32 *aContextSize);
|
||||
|
||||
/**
|
||||
* @return true if aTestURI has the same origin as aBaseURI
|
||||
*/
|
||||
static NS_HIDDEN_(PRBool) CheckSameOrigin(nsIURI *aBaseURI,
|
||||
nsIURI *aTestURI);
|
||||
};
|
||||
|
||||
#endif
|
||||
|
|
Загрузка…
Ссылка в новой задаче