mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset 4270e8daf3cf (bug 1395948) for build bustage at docshell/base/nsDocShellLoadTypes.h:22. r=backout on a CLOSED TREE

This commit is contained in:
Sebastian Hengst 2017-09-05 12:09:22 +02:00
Родитель 299370b2ab
Коммит 50778e172c
1 изменённых файлов: 31 добавлений и 33 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

64
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -9928,39 +9928,6 @@ nsDocShell::InternalLoad(nsIURI* aURI,
isTargetTopLevelDocShell = true;
}
if (contentType == nsIContentPolicy::TYPE_DOCUMENT &&
nsIOService::BlockToplevelDataUriNavigations()) {
bool isDataURI =
(NS_SUCCEEDED(aURI->SchemeIs("data", &isDataURI)) && isDataURI);
// Let's block all toplevel document navigations to a data: URI.
// In all cases where the toplevel document is navigated to a
// data: URI the triggeringPrincipal is a codeBasePrincipal, or
// a NullPrincipal. In other cases, e.g. typing a data: URL into
// the URL-Bar, the triggeringPrincipal is a SystemPrincipal;
// we don't want to block those loads. Only exception, loads coming
// from an external applicaton (e.g. Thunderbird) don't load
// using a codeBasePrincipal, but we want to block those loads.
bool loadFromExternal =
LOAD_TYPE_HAS_FLAGS(aLoadType, LOAD_NORMAL_EXTERNAL);
if (isDataURI && (loadFromExternal ||
!nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal))) {
NS_ConvertUTF8toUTF16 specUTF16(aURI->GetSpecOrDefault());
if (specUTF16.Length() > 50) {
specUTF16.Truncate(50);
specUTF16.AppendLiteral("...");
}
const char16_t* params[] = { specUTF16.get() };
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
NS_LITERAL_CSTRING("DATA_URI_BLOCKED"),
// no doc available, log to browser console
nullptr,
nsContentUtils::eSECURITY_PROPERTIES,
"BlockTopLevelDataURINavigation",
params, ArrayLength(params));
return NS_OK;
}
}
// If there's no targetDocShell, that means we are about to create a new
// window (or aWindowTarget is empty). Perform a content policy check before
// creating the window.
@ -11138,6 +11105,37 @@ nsDocShell::DoURILoad(nsIURI* aURI,
new LoadInfo(loadingPrincipal, aTriggeringPrincipal, loadingNode,
securityFlags, aContentPolicyType);
if (aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT &&
nsIOService::BlockToplevelDataUriNavigations()) {
bool isDataURI =
(NS_SUCCEEDED(aURI->SchemeIs("data", &isDataURI)) && isDataURI);
// Let's block all toplevel document navigations to a data: URI.
// In all cases where the toplevel document is navigated to a
// data: URI the triggeringPrincipal is a codeBasePrincipal, or
// a NullPrincipal. In other cases, e.g. typing a data: URL into
// the URL-Bar, the triggeringPrincipal is a SystemPrincipal;
// we don't want to block those loads. Only exception, loads coming
// from an external applicaton (e.g. Thunderbird) don't load
// using a codeBasePrincipal, but we want to block those loads.
if (isDataURI && (aLoadFromExternal ||
!nsContentUtils::IsSystemPrincipal(aTriggeringPrincipal))) {
NS_ConvertUTF8toUTF16 specUTF16(aURI->GetSpecOrDefault());
if (specUTF16.Length() > 50) {
specUTF16.Truncate(50);
specUTF16.AppendLiteral("...");
}
const char16_t* params[] = { specUTF16.get() };
nsContentUtils::ReportToConsole(nsIScriptError::warningFlag,
NS_LITERAL_CSTRING("DATA_URI_BLOCKED"),
// no doc available, log to browser console
nullptr,
nsContentUtils::eSECURITY_PROPERTIES,
"BlockTopLevelDataURINavigation",
params, ArrayLength(params));
return NS_OK;
}
}
if (aPrincipalToInherit) {
loadInfo->SetPrincipalToInherit(aPrincipalToInherit);
}