зеркало из https://github.com/mozilla/gecko-dev.git
32088 Circumventing Same Origin security policy using javascript: URLs 32040 about: can't be link Also remove deprecated method r=mstoltz
This commit is contained in:
Родитель
bebfa35340
Коммит
4eb52aa84b
|
@ -471,12 +471,12 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI,
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
enum Action { AllowProtocol, DenyProtocol, AboutProtocol};
|
||||
enum Action { AllowProtocol, DenyProtocol };
|
||||
struct {
|
||||
const char *name;
|
||||
Action action;
|
||||
} protocolList[] = {
|
||||
{ "about", AboutProtocol },
|
||||
{ "about", AllowProtocol },
|
||||
{ "data", AllowProtocol },
|
||||
{ "file", DenyProtocol },
|
||||
{ "ftp", AllowProtocol },
|
||||
|
@ -505,15 +505,6 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI, nsIURI *aURI,
|
|||
case DenyProtocol:
|
||||
// Deny access
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
case AboutProtocol:
|
||||
// Allow for about:blank, deny for others.
|
||||
nsXPIDLCString spec;
|
||||
if (NS_FAILED(aURI->GetSpec(getter_Copies(spec))))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (nsCRT::strcasecmp(spec, "about:blank") == 0) {
|
||||
return NS_OK;
|
||||
}
|
||||
return NS_ERROR_DOM_BAD_URI;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2000,6 +2000,45 @@ nsHTMLDocument::ScriptWriteCommon(JSContext *cx,
|
|||
{
|
||||
nsresult result = NS_OK;
|
||||
|
||||
|
||||
nsXPIDLCString spec;
|
||||
if (!mDocumentURL ||
|
||||
(NS_SUCCEEDED(mDocumentURL->GetSpec(getter_Copies(spec))) &&
|
||||
nsCRT::strcasecmp(spec, "about:blank") == 0))
|
||||
{
|
||||
// The current document's URL and principal are empty or "about:blank".
|
||||
// By writing to this document, the script acquires responsibility for the
|
||||
// document for security purposes. Thus a document.write of a script tag
|
||||
// ends up producing a script with the same principals as the script
|
||||
// that performed the write.
|
||||
nsIScriptContext *context = (nsIScriptContext*)JS_GetContextPrivate(cx);
|
||||
JSObject* obj;
|
||||
if (NS_FAILED(GetScriptObject(context, (void**)&obj)))
|
||||
return NS_ERROR_FAILURE;
|
||||
nsIScriptSecurityManager *sm = nsJSUtils::nsGetSecurityManager(cx, nsnull);
|
||||
if (!sm)
|
||||
return NS_ERROR_FAILURE;
|
||||
nsCOMPtr<nsIPrincipal> subject;
|
||||
if (NS_FAILED(sm->GetSubjectPrincipal(getter_AddRefs(subject))))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (subject) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
|
||||
if (codebase) {
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
if (NS_FAILED(codebase->GetURI(getter_AddRefs(subjectURI))))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
NS_IF_RELEASE(mDocumentURL);
|
||||
mDocumentURL = subjectURI;
|
||||
NS_ADDREF(mDocumentURL);
|
||||
|
||||
NS_IF_RELEASE(mPrincipal);
|
||||
mPrincipal = subject;
|
||||
NS_ADDREF(mPrincipal);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (nsnull == mParser) {
|
||||
result = Open(cx, argv, argc);
|
||||
if (NS_OK != result) {
|
||||
|
|
|
@ -1675,7 +1675,8 @@ nsXMLContentSink::EvaluateScript(nsString& aScript, PRUint32 aLineNo, const char
|
|||
nsAutoString val;
|
||||
PRBool isUndefined;
|
||||
|
||||
(void) context->EvaluateString(aScript, url, aLineNo, aVersion,
|
||||
// XXX need principal
|
||||
(void) context->EvaluateString(aScript, nsnull, nsnull, url, aLineNo, aVersion,
|
||||
val, &isUndefined);
|
||||
|
||||
NS_IF_RELEASE(docURL);
|
||||
|
|
|
@ -51,14 +51,6 @@ class nsIScriptContext : public nsISupports {
|
|||
public:
|
||||
NS_DEFINE_STATIC_IID_ACCESSOR(NS_ISCRIPTCONTEXT_IID)
|
||||
|
||||
// deprecated: remove later (XXXbe when is later?)
|
||||
NS_IMETHOD EvaluateString(const nsString& aScript,
|
||||
const char *aURL,
|
||||
PRUint32 aLineNo,
|
||||
const char* aVersion,
|
||||
nsString& aRetValue,
|
||||
PRBool* aIsUndefined) = 0;
|
||||
|
||||
/**
|
||||
* Compile and execute a script.
|
||||
*
|
||||
|
|
|
@ -193,17 +193,6 @@ nsJSContext::~nsJSContext()
|
|||
|
||||
NS_IMPL_ISUPPORTS(nsJSContext, NS_GET_IID(nsIScriptContext));
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsJSContext::EvaluateString(const nsString& aScript,
|
||||
const char *aURL,
|
||||
PRUint32 aLineNo,
|
||||
const char* aVersion,
|
||||
nsString& aRetValue,
|
||||
PRBool* aIsUndefined)
|
||||
{
|
||||
return EvaluateString(aScript, nsnull, nsnull, aURL, aLineNo, aVersion, aRetValue, aIsUndefined);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsJSContext::EvaluateString(const nsString& aScript,
|
||||
void *aScopeObject,
|
||||
|
@ -227,7 +216,6 @@ nsJSContext::EvaluateString(const nsString& aScript,
|
|||
aPrincipal->GetJSPrincipals(&jsprin);
|
||||
}
|
||||
else {
|
||||
// norris TODO: Using GetGlobalObject to get principals is broken?
|
||||
nsCOMPtr<nsIScriptGlobalObject> global = dont_AddRef(GetGlobalObject());
|
||||
if (!global)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
|
|
@ -53,12 +53,6 @@ public:
|
|||
|
||||
NS_DECL_ISUPPORTS
|
||||
|
||||
NS_IMETHOD EvaluateString(const nsString& aScript,
|
||||
const char *aURL,
|
||||
PRUint32 aLineNo,
|
||||
const char* aVersion,
|
||||
nsString& aRetValue,
|
||||
PRBool* aIsUndefined);
|
||||
NS_IMETHOD EvaluateString(const nsString& aScript,
|
||||
void *aScopeObject,
|
||||
nsIPrincipal *principal,
|
||||
|
|
|
@ -3961,7 +3961,7 @@ nsEditorShell::ExecuteScript(nsIScriptContext * aContext, const nsString& aScrip
|
|||
nsCRT::free(script_str);
|
||||
#endif
|
||||
|
||||
aContext->EvaluateString(aScript, url, 0, nsnull, rVal, &isUndefined);
|
||||
aContext->EvaluateString(aScript, nsnull, nsnull, url, 0, nsnull, rVal, &isUndefined);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
|
@ -3961,7 +3961,7 @@ nsEditorShell::ExecuteScript(nsIScriptContext * aContext, const nsString& aScrip
|
|||
nsCRT::free(script_str);
|
||||
#endif
|
||||
|
||||
aContext->EvaluateString(aScript, url, 0, nsnull, rVal, &isUndefined);
|
||||
aContext->EvaluateString(aScript, nsnull, nsnull, url, 0, nsnull, rVal, &isUndefined);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
|
@ -2000,6 +2000,45 @@ nsHTMLDocument::ScriptWriteCommon(JSContext *cx,
|
|||
{
|
||||
nsresult result = NS_OK;
|
||||
|
||||
|
||||
nsXPIDLCString spec;
|
||||
if (!mDocumentURL ||
|
||||
(NS_SUCCEEDED(mDocumentURL->GetSpec(getter_Copies(spec))) &&
|
||||
nsCRT::strcasecmp(spec, "about:blank") == 0))
|
||||
{
|
||||
// The current document's URL and principal are empty or "about:blank".
|
||||
// By writing to this document, the script acquires responsibility for the
|
||||
// document for security purposes. Thus a document.write of a script tag
|
||||
// ends up producing a script with the same principals as the script
|
||||
// that performed the write.
|
||||
nsIScriptContext *context = (nsIScriptContext*)JS_GetContextPrivate(cx);
|
||||
JSObject* obj;
|
||||
if (NS_FAILED(GetScriptObject(context, (void**)&obj)))
|
||||
return NS_ERROR_FAILURE;
|
||||
nsIScriptSecurityManager *sm = nsJSUtils::nsGetSecurityManager(cx, nsnull);
|
||||
if (!sm)
|
||||
return NS_ERROR_FAILURE;
|
||||
nsCOMPtr<nsIPrincipal> subject;
|
||||
if (NS_FAILED(sm->GetSubjectPrincipal(getter_AddRefs(subject))))
|
||||
return NS_ERROR_FAILURE;
|
||||
if (subject) {
|
||||
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
|
||||
if (codebase) {
|
||||
nsCOMPtr<nsIURI> subjectURI;
|
||||
if (NS_FAILED(codebase->GetURI(getter_AddRefs(subjectURI))))
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
NS_IF_RELEASE(mDocumentURL);
|
||||
mDocumentURL = subjectURI;
|
||||
NS_ADDREF(mDocumentURL);
|
||||
|
||||
NS_IF_RELEASE(mPrincipal);
|
||||
mPrincipal = subject;
|
||||
NS_ADDREF(mPrincipal);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (nsnull == mParser) {
|
||||
result = Open(cx, argv, argc);
|
||||
if (NS_OK != result) {
|
||||
|
|
|
@ -1675,7 +1675,8 @@ nsXMLContentSink::EvaluateScript(nsString& aScript, PRUint32 aLineNo, const char
|
|||
nsAutoString val;
|
||||
PRBool isUndefined;
|
||||
|
||||
(void) context->EvaluateString(aScript, url, aLineNo, aVersion,
|
||||
// XXX need principal
|
||||
(void) context->EvaluateString(aScript, nsnull, nsnull, url, aLineNo, aVersion,
|
||||
val, &isUndefined);
|
||||
|
||||
NS_IF_RELEASE(docURL);
|
||||
|
|
|
@ -889,6 +889,8 @@ void JSConsole::EvaluateText(UINT aStartSel, UINT aEndSel)
|
|||
PRBool isUndefined;
|
||||
|
||||
if (NS_SUCCEEDED(mContext->EvaluateString(nsString(cleanBuffer),
|
||||
nsnull,
|
||||
nsnull,
|
||||
nsnull,
|
||||
0,
|
||||
nsnull,
|
||||
|
|
|
@ -1986,7 +1986,7 @@ nsBrowserAppCore::ExecuteScript(nsIScriptContext * aContext, const nsString& aSc
|
|||
if (APP_DEBUG) {
|
||||
printf("Executing [%s]\n", (const char *)nsCAutoString(aScript));
|
||||
}
|
||||
aContext->EvaluateString(aScript, url, 0, nsnull, rVal, &isUndefined);
|
||||
aContext->EvaluateString(aScript, nsnull, nsnull, url, 0, nsnull, rVal, &isUndefined);
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче