Bug 1460538, r=valentin

Differential Revision: https://phabricator.services.mozilla.com/D4469 --HG-- extra : rebase_source : da483f0add427a60f9c435b6a4427ea98bab4e92 extra : amend_source : 4a0c50154372dd9172da286ac148cc65dde6f02c
2018-08-28 19:14:54 +01:00 · 2018-08-28 19:14:54 +01:00 · 7ccb094a30
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@ -1121,6 +1121,25 @@ nsJARChannel::OnStartRequest(nsIRequest *req, nsISupports *ctx)

    mRequest = req;
    nsresult rv = mListener->OnStartRequest(this, mListenerContext);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    // Restrict loadable content types.
+    nsAutoCString contentType;
+    GetContentType(contentType);
+    auto contentPolicyType = mLoadInfo->GetExternalContentPolicyType();
+    if (contentType.Equals(APPLICATION_HTTP_INDEX_FORMAT) &&
+        contentPolicyType != nsIContentPolicy::TYPE_DOCUMENT) {
+      return NS_ERROR_CORRUPTED_CONTENT;
+    }
+    if (contentPolicyType == nsIContentPolicy::TYPE_STYLESHEET &&
+        !contentType.EqualsLiteral(TEXT_CSS)) {
+      return NS_ERROR_CORRUPTED_CONTENT;
+    }
+    if (contentPolicyType == nsIContentPolicy::TYPE_SCRIPT &&
+        !nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) {
+      return NS_ERROR_CORRUPTED_CONTENT;
+    }
+
    mRequest = nullptr;

    return rv;