Bug 1370263: Don't try to match content scripts for non-codebase principals. r=mixedpuppy

MozReview-Commit-ID: 96lQfKC9PGx

--HG--
extra : rebase_source : da431ada55fda32be5335a18df5d925e2a84ebbb
extra : histedit_source : abfd512d5460d0d1fe1161dd7f833f55f231726f

toolkit/components/extensions/WebExtensionContentScript.h

@@ -40,8 +40,13 @@ public:
 
   const URLInfo& URL() const { return mURL; }
 
+  // The principal of the document, or the expected principal of a request.
+  // May be null for non-DOMWindow DocInfo objects unless
+  // URL().InheritsPrincipal() is true.
   nsIPrincipal* Principal() const;
 
+  // Returns the URL of the document's principal. Note that this must *only*
+  // be called for codebase principals.
   const URLInfo& PrincipalURL() const;
 
   bool IsTopLevel() const;

toolkit/components/extensions/WebExtensionPolicy.cpp

@@ -364,10 +364,17 @@ WebExtensionContentScript::Matches(const DocInfo& aDoc) const
   // cases, we test the URL of the principal that it inherits.
   if (mMatchAboutBlank && aDoc.IsTopLevel() &&
       aDoc.URL().Spec().EqualsLiteral("about:blank") &&
-      aDoc.Principal()->GetIsNullPrincipal()) {
+      aDoc.Principal() && aDoc.Principal()->GetIsNullPrincipal()) {
     return true;
   }
 
+  // With the exception of top-level about:blank documents with null
+  // principals, we never match documents that have non-codebase principals,
+  // including those with null principals or system principals.
+  if (aDoc.Principal() && !aDoc.Principal()->GetIsCodebasePrincipal()) {
+    return false;
+  }
+
   return MatchesURI(aDoc.PrincipalURL());
 }
 
@@ -471,14 +478,26 @@ DocInfo::Principal() const
   if (mPrincipal.isNothing()) {
     struct Matcher
     {
+      explicit Matcher(const DocInfo& aThis) : mThis(aThis) {}
+      const DocInfo& mThis;
+
       nsIPrincipal* match(Window aWin)
       {
         nsCOMPtr<nsIDocument> doc = aWin->GetDoc();
         return doc->NodePrincipal();
       }
-      nsIPrincipal* match(LoadInfo aLoadInfo) { return aLoadInfo->PrincipalToInherit(); }
+      nsIPrincipal* match(LoadInfo aLoadInfo)
+      {
+        if (!(mThis.URL().InheritsPrincipal() || aLoadInfo->GetForceInheritPrincipal())) {
+          return nullptr;
+        }
+        if (auto principal = aLoadInfo->PrincipalToInherit()) {
+          return principal;
+        }
+        return aLoadInfo->TriggeringPrincipal();
+      }
     };
-    mPrincipal.emplace(mObj.match(Matcher()));
+    mPrincipal.emplace(mObj.match(Matcher(*this)));
   }
   return mPrincipal.ref();
 }
@@ -486,14 +505,16 @@ DocInfo::Principal() const
 const URLInfo&
 DocInfo::PrincipalURL() const
 {
-  if (!URL().InheritsPrincipal()) {
+  if (!URL().InheritsPrincipal() ||
+      !(Principal() && Principal()->GetIsCodebasePrincipal())) {
     return URL();
   }
 
   if (mPrincipalURL.isNothing()) {
     nsIPrincipal* prin = Principal();
     nsCOMPtr<nsIURI> uri;
-    if (prin && NS_SUCCEEDED(prin->GetURI(getter_AddRefs(uri)))) {
+    if (NS_SUCCEEDED(prin->GetURI(getter_AddRefs(uri)))) {
+      MOZ_DIAGNOSTIC_ASSERT(uri);
       mPrincipalURL.emplace(uri);
     } else {
       mPrincipalURL.emplace(URL());