mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1361579 - Remove nsISimpleContentPolicy. r=Ehsan 

MozReview-Commit-ID: BsjkGpTpe8I

--HG--
extra : rebase_source : 640807623fc70797932a0ee592b887d5c134b5f9
This commit is contained in:
Masatoshi Kimura 2017-08-03 17:50:00 +09:00
Родитель 8117229d66
Коммит 866d87ee67
18 изменённых файлов: 374 добавлений и 833 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
dom/base/Link.h
Просмотреть файл

@ -14,7 +14,7 @@
#include "mozilla/IHistory.h"
#include "mozilla/MemoryReporting.h"
#include "nsIContent.h" // for nsLinkState
#include "nsIContentPolicyBase.h"
#include "nsIContentPolicy.h"
namespace mozilla {

2
dom/base/moz.build
Просмотреть файл

@ -15,7 +15,6 @@ TEST_DIRS += ['test']
XPIDL_SOURCES += [
'mozIDOMWindow.idl',
'nsIContentPolicy.idl',
'nsIContentPolicyBase.idl',
'nsIDocumentEncoder.idl',
'nsIDOMDataChannel.idl',
'nsIDOMDOMCursor.idl',
@ -35,7 +34,6 @@ XPIDL_SOURCES += [
'nsISelectionDisplay.idl',
'nsISelectionListener.idl',
'nsISelectionPrivate.idl',
'nsISimpleContentPolicy.idl',
'nsISlowScriptDebug.idl',
]

56
dom/base/nsContentPolicy.cpp
Просмотреть файл

@ -46,7 +46,6 @@ NS_NewContentPolicy(nsIContentPolicy **aResult)
nsContentPolicy::nsContentPolicy()
: mPolicies(NS_CONTENTPOLICY_CATEGORY)
, mSimplePolicies(NS_SIMPLECONTENTPOLICY_CATEGORY)
, mMixedContentBlocker(do_GetService(NS_MIXEDCONTENTBLOCKER_CONTRACTID))
, mCSPService(do_GetService(CSPSERVICE_CONTRACTID))
{
@ -76,7 +75,6 @@ nsContentPolicy::~nsContentPolicy()
inline nsresult
nsContentPolicy::CheckPolicy(CPMethod policyMethod,
SCPMethod simplePolicyMethod,
nsContentPolicyType contentType,
nsIURI *contentLocation,
nsIURI *requestingLocation,
@ -173,58 +171,6 @@ nsContentPolicy::CheckPolicy(CPMethod policyMethod,
}
}
nsCOMPtr<nsIDOMElement> topFrameElement;
bool isTopLevel = true;
if (window) {
nsCOMPtr<nsIDocShell> docShell = window->GetDocShell();
nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
if (loadContext) {
loadContext->GetTopFrameElement(getter_AddRefs(topFrameElement));
}
MOZ_ASSERT(window->IsOuterWindow());
if (topFrameElement) {
nsCOMPtr<nsPIDOMWindowOuter> topWindow = window->GetScriptableTop();
isTopLevel = topWindow == window;
} else {
// If we don't have a top frame element, then requestingContext is
// part of the top-level XUL document. Presumably it's the <browser>
// element that content is being loaded into, so we call it the
// topFrameElement.
topFrameElement = do_QueryInterface(requestingContext);
isTopLevel = true;
}
}
const nsCOMArray<nsISimpleContentPolicy>& simpleEntries =
mSimplePolicies.GetCachedEntries();
count = simpleEntries.Count();
for (int32_t i = 0; i < count; i++) {
/* check the appropriate policy */
rv = (simpleEntries[i]->*simplePolicyMethod)(externalType, contentLocation,
requestingLocation,
topFrameElement, isTopLevel,
mimeType, extra, requestPrincipal,
decision);
if (NS_SUCCEEDED(rv) && NS_CP_REJECTED(*decision)) {
// If we are blocking an image, we have to let the
// ImageLoadingContent know that we blocked the load.
if (externalType == nsIContentPolicy::TYPE_IMAGE ||
externalType == nsIContentPolicy::TYPE_IMAGESET) {
nsCOMPtr<nsIImageLoadingContent> img =
do_QueryInterface(requestingContext);
if (img) {
img->SetBlockedRequest(*decision);
}
}
/* policy says no, no point continuing to check */
return NS_OK;
}
}
// everyone returned failure, or no policies: sanitize result
*decision = nsIContentPolicy::ACCEPT;
return NS_OK;
@ -266,7 +212,6 @@ nsContentPolicy::ShouldLoad(uint32_t contentType,
// ShouldProcess does not need a content location, but we do
NS_PRECONDITION(contentLocation, "Must provide request location");
nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldLoad,
&nsISimpleContentPolicy::ShouldLoad,
contentType,
contentLocation, requestingLocation,
requestingContext, mimeType, extra,
@ -287,7 +232,6 @@ nsContentPolicy::ShouldProcess(uint32_t contentType,
int16_t *decision)
{
nsresult rv = CheckPolicy(&nsIContentPolicy::ShouldProcess,
&nsISimpleContentPolicy::ShouldProcess,
contentType,
contentLocation, requestingLocation,
requestingContext, mimeType, extra,

5
dom/base/nsContentPolicy.h
Просмотреть файл

@ -8,7 +8,6 @@
#define __nsContentPolicy_h__
#include "nsIContentPolicy.h"
#include "nsISimpleContentPolicy.h"
#include "nsCategoryCache.h"
/*
@ -29,18 +28,16 @@ class nsContentPolicy : public nsIContentPolicy
private:
//Array of policies
nsCategoryCache<nsIContentPolicy> mPolicies;
nsCategoryCache<nsISimpleContentPolicy> mSimplePolicies;
nsCOMPtr<nsIContentPolicy> mMixedContentBlocker;
nsCOMPtr<nsIContentPolicy> mCSPService;
//Helper type for CheckPolicy
typedef decltype(&nsIContentPolicy::ShouldProcess) CPMethod;
typedef decltype(&nsISimpleContentPolicy::ShouldProcess) SCPMethod;
//Helper method that applies policyMethod across all policies in mPolicies
// with the given parameters
nsresult CheckPolicy(CPMethod policyMethod, SCPMethod simplePolicyMethod,
nsresult CheckPolicy(CPMethod policyMethod,
nsContentPolicyType contentType,
nsIURI *aURI, nsIURI *origURI,
nsISupports *requestingContext,

1
dom/base/nsContentPolicyUtils.h
Просмотреть файл

@ -30,7 +30,6 @@ class nsIPrincipal;
#define NS_CONTENTPOLICY_CONTRACTID "@mozilla.org/layout/content-policy;1"
#define NS_CONTENTPOLICY_CATEGORY "content-policy"
#define NS_SIMPLECONTENTPOLICY_CATEGORY "simple-content-policy"
#define NS_CONTENTPOLICY_CID \
{0x0e3afd3d, 0xeb60, 0x4c2b, \
{ 0x96, 0x3b, 0x56, 0xd7, 0xc4, 0x39, 0xf1, 0x24 }}

368
dom/base/nsIContentPolicy.idl
Просмотреть файл

@ -5,12 +5,16 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
#include "nsIContentPolicyBase.idl"
interface nsIURI;
interface nsIDOMNode;
interface nsIPrincipal;
/**
* The type of nsIContentPolicy::TYPE_*
*/
typedef unsigned long nsContentPolicyType;
/**
* Interface for content policy mechanism. Implementations of this
* interface can be used to control loading of various types of out-of-line
@ -21,8 +25,368 @@ interface nsIPrincipal;
*/
[scriptable,uuid(caad4f1f-d047-46ac-ae9d-dc598e4fb91b)]
interface nsIContentPolicy : nsIContentPolicyBase
interface nsIContentPolicy : nsISupports
{
/**
* Indicates a unset or bogus policy type.
*/
const nsContentPolicyType TYPE_INVALID = 0;
/**
* Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for
* requests that are coming from webpages. Or requests in general which
* you expect that security checks will be done on.
* Always use a more specific type if one is available. And do not hesitate
* to add more types as appropriate.
* But if you are fairly sure that no one would care about your more specific
* type, then it's ok to use TYPE_OTHER.
*
* Extension developers: Whenever it is reasonable, use one of the existing
* content types. If none of the existing content types are right for
* something you are doing, file a bug in the Core/DOM component that
* includes a patch that adds your new content type to the end of the list of
* TYPE_* constants here. But, don't start using your new content type until
* your patch has been accepted, because it will be uncertain what exact
* value and name your new content type will have; in that interim period,
* use TYPE_OTHER. In your patch, document your new content type in the style
* of the existing ones. In the bug you file, provide a more detailed
* description of the new type of content you want Gecko to support, so that
* the existing implementations of nsIContentPolicy can be properly modified
* to deal with that new type of content.
*
* Implementations of nsIContentPolicy should treat this the same way they
* treat unknown types, because existing users of TYPE_OTHER may be converted
* to use new content types.
*
* Note that the TYPE_INTERNAL_* constants are never passed to content
* policy implementations. They are mapped to other TYPE_* constants, and
* are only intended for internal usage inside Gecko.
*/
const nsContentPolicyType TYPE_OTHER = 1;
/**
* Indicates an executable script (such as JavaScript).
*/
const nsContentPolicyType TYPE_SCRIPT = 2;
/**
* Indicates an image (e.g., IMG elements).
*/
const nsContentPolicyType TYPE_IMAGE = 3;
/**
* Indicates a stylesheet (e.g., STYLE elements).
*/
const nsContentPolicyType TYPE_STYLESHEET = 4;
/**
* Indicates a generic object (plugin-handled content typically falls under
* this category).
*/
const nsContentPolicyType TYPE_OBJECT = 5;
/**
* Indicates a document at the top-level (i.e., in a browser).
*/
const nsContentPolicyType TYPE_DOCUMENT = 6;
/**
* Indicates a document contained within another document (e.g., IFRAMEs,
* FRAMES, and OBJECTs).
*/
const nsContentPolicyType TYPE_SUBDOCUMENT = 7;
/**
* Indicates a timed refresh.
*
* shouldLoad will never get this, because it does not represent content
* to be loaded (the actual load triggered by the refresh will go through
* shouldLoad as expected).
*
* shouldProcess will get this for, e.g., META Refresh elements and HTTP
* Refresh headers.
*/
const nsContentPolicyType TYPE_REFRESH = 8;
/**
* Indicates an XBL binding request, triggered either by -moz-binding CSS
* property.
*/
const nsContentPolicyType TYPE_XBL = 9;
/**
* Indicates a ping triggered by a click on <A PING="..."> element.
*/
const nsContentPolicyType TYPE_PING = 10;
/**
* Indicates an XMLHttpRequest. Also used for document.load and for EventSource.
*/
const nsContentPolicyType TYPE_XMLHTTPREQUEST = 11;
const nsContentPolicyType TYPE_DATAREQUEST = 11; // alias
/**
* Indicates a request by a plugin.
*/
const nsContentPolicyType TYPE_OBJECT_SUBREQUEST = 12;
/**
* Indicates a DTD loaded by an XML document.
*/
const nsContentPolicyType TYPE_DTD = 13;
/**
* Indicates a font loaded via @font-face rule.
*/
const nsContentPolicyType TYPE_FONT = 14;
/**
* Indicates a video or audio load.
*/
const nsContentPolicyType TYPE_MEDIA = 15;
/**
* Indicates a WebSocket load.
*/
const nsContentPolicyType TYPE_WEBSOCKET = 16;
/**
* Indicates a Content Security Policy report.
*/
const nsContentPolicyType TYPE_CSP_REPORT = 17;
/**
* Indicates a style sheet transformation.
*/
const nsContentPolicyType TYPE_XSLT = 18;
/**
* Indicates a beacon post.
*/
const nsContentPolicyType TYPE_BEACON = 19;
/**
* Indicates a load initiated by the fetch() function from the Fetch
* specification.
*/
const nsContentPolicyType TYPE_FETCH = 20;
/**
* Indicates a <img srcset> or <picture> request.
*/
const nsContentPolicyType TYPE_IMAGESET = 21;
/**
* Indicates a web manifest.
*/
const nsContentPolicyType TYPE_WEB_MANIFEST = 22;
/**
* Indicates an internal constant for scripts loaded through script
* elements.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SCRIPT = 23;
/**
* Indicates an internal constant for scripts loaded through a dedicated
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_WORKER = 24;
/**
* Indicates an internal constant for scripts loaded through a shared
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SHARED_WORKER = 25;
/**
* Indicates an internal constant for content loaded from embed elements.
*
* This will be mapped to TYPE_OBJECT.
*/
const nsContentPolicyType TYPE_INTERNAL_EMBED = 26;
/**
* Indicates an internal constant for content loaded from object elements.
*
* This will be mapped to TYPE_OBJECT.
*/
const nsContentPolicyType TYPE_INTERNAL_OBJECT = 27;
/**
* Indicates an internal constant for content loaded from frame elements.
*
* This will be mapped to TYPE_SUBDOCUMENT.
*/
const nsContentPolicyType TYPE_INTERNAL_FRAME = 28;
/**
* Indicates an internal constant for content loaded from iframe elements.
*
* This will be mapped to TYPE_SUBDOCUMENT.
*/
const nsContentPolicyType TYPE_INTERNAL_IFRAME = 29;
/**
* Indicates an internal constant for content loaded from audio elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_AUDIO = 30;
/**
* Indicates an internal constant for content loaded from video elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_VIDEO = 31;
/**
* Indicates an internal constant for content loaded from track elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_TRACK = 32;
/**
* Indicates an internal constant for an XMLHttpRequest.
*
* This will be mapped to TYPE_XMLHTTPREQUEST.
*/
const nsContentPolicyType TYPE_INTERNAL_XMLHTTPREQUEST = 33;
/**
* Indicates an internal constant for EventSource.
*
* This will be mapped to TYPE_DATAREQUEST.
*/
const nsContentPolicyType TYPE_INTERNAL_EVENTSOURCE = 34;
/**
* Indicates an internal constant for scripts loaded through a service
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SERVICE_WORKER = 35;
/**
* Indicates an internal constant for *preloaded* scripts
* loaded through script elements.
*
* This will be mapped to TYPE_SCRIPT before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SCRIPT_PRELOAD = 36;
/**
* Indicates an internal constant for normal images.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE = 37;
/**
* Indicates an internal constant for *preloaded* images.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE_PRELOAD = 38;
/**
* Indicates an internal constant for normal stylesheets.
*
* This will be mapped to TYPE_STYLESHEET before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_STYLESHEET = 39;
/**
* Indicates an internal constant for *preloaded* stylesheets.
*
* This will be mapped to TYPE_STYLESHEET before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_STYLESHEET_PRELOAD = 40;
/**
* Indicates an internal constant for favicon.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE_FAVICON = 41;
/**
* Indicates an importScripts() inside a worker script.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS = 42;
/* When adding new content types, please update nsContentBlocker,
* NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy
* implementations, the static_assert in dom/cache/DBSchema.cpp,
* and other things that are not listed here that are related to
* nsIContentPolicy. */
//////////////////////////////////////////////////////////////////////
/**
* Returned from shouldLoad or shouldProcess if the load or process request
* is rejected based on details of the request.
*/
const short REJECT_REQUEST = -1;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based solely on its type (of the above flags).
*
* NOTE that it is not meant to stop future requests for this type--only the
* current request.
*/
const short REJECT_TYPE = -2;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based on the server it is hosted on or requested from (aContentLocation or
* aRequestOrigin), e.g., if you block an IMAGE because it is served from
* goatse.cx (even if you don't necessarily block other types from that
* server/domain).
*
* NOTE that it is not meant to stop future requests for this server--only the
* current request.
*/
const short REJECT_SERVER = -3;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based on some other criteria. Mozilla callers will handle this like
* REJECT_REQUEST; third-party implementors may, for example, use this to
* direct their own callers to consult the extra parameter for additional
* details.
*/
const short REJECT_OTHER = -4;
/**
* Returned from shouldLoad or shouldProcess if the load or process request
* is not rejected.
*/
const short ACCEPT = 1;
/**
* Should the resource at this location be loaded?
* ShouldLoad will be called before loading the resource at aContentLocation

389
dom/base/nsIContentPolicyBase.idl
Просмотреть файл

@ -1,389 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ft=cpp tw=78 sw=2 et ts=8 : */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIURI;
interface nsIDOMNode;
interface nsIPrincipal;
/**
* The type of nsIContentPolicy::TYPE_*
*/
typedef unsigned long nsContentPolicyType;
/**
* Interface for content policy mechanism. Implementations of this
* interface can be used to control loading of various types of out-of-line
* content, or processing of certain types of in-line content.
*
* WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
* by launching a dialog to prompt the user for something).
*/
[scriptable,uuid(17418187-d86f-48dd-92d1-238838df0a4e)]
interface nsIContentPolicyBase : nsISupports
{
/**
* Indicates a unset or bogus policy type.
*/
const nsContentPolicyType TYPE_INVALID = 0;
/**
* Gecko/Firefox developers: Avoid using TYPE_OTHER. Especially for
* requests that are coming from webpages. Or requests in general which
* you expect that security checks will be done on.
* Always use a more specific type if one is available. And do not hesitate
* to add more types as appropriate.
* But if you are fairly sure that no one would care about your more specific
* type, then it's ok to use TYPE_OTHER.
*
* Extension developers: Whenever it is reasonable, use one of the existing
* content types. If none of the existing content types are right for
* something you are doing, file a bug in the Core/DOM component that
* includes a patch that adds your new content type to the end of the list of
* TYPE_* constants here. But, don't start using your new content type until
* your patch has been accepted, because it will be uncertain what exact
* value and name your new content type will have; in that interim period,
* use TYPE_OTHER. In your patch, document your new content type in the style
* of the existing ones. In the bug you file, provide a more detailed
* description of the new type of content you want Gecko to support, so that
* the existing implementations of nsIContentPolicy can be properly modified
* to deal with that new type of content.
*
* Implementations of nsIContentPolicy should treat this the same way they
* treat unknown types, because existing users of TYPE_OTHER may be converted
* to use new content types.
*
* Note that the TYPE_INTERNAL_* constants are never passed to content
* policy implementations. They are mapped to other TYPE_* constants, and
* are only intended for internal usage inside Gecko.
*/
const nsContentPolicyType TYPE_OTHER = 1;
/**
* Indicates an executable script (such as JavaScript).
*/
const nsContentPolicyType TYPE_SCRIPT = 2;
/**
* Indicates an image (e.g., IMG elements).
*/
const nsContentPolicyType TYPE_IMAGE = 3;
/**
* Indicates a stylesheet (e.g., STYLE elements).
*/
const nsContentPolicyType TYPE_STYLESHEET = 4;
/**
* Indicates a generic object (plugin-handled content typically falls under
* this category).
*/
const nsContentPolicyType TYPE_OBJECT = 5;
/**
* Indicates a document at the top-level (i.e., in a browser).
*/
const nsContentPolicyType TYPE_DOCUMENT = 6;
/**
* Indicates a document contained within another document (e.g., IFRAMEs,
* FRAMES, and OBJECTs).
*/
const nsContentPolicyType TYPE_SUBDOCUMENT = 7;
/**
* Indicates a timed refresh.
*
* shouldLoad will never get this, because it does not represent content
* to be loaded (the actual load triggered by the refresh will go through
* shouldLoad as expected).
*
* shouldProcess will get this for, e.g., META Refresh elements and HTTP
* Refresh headers.
*/
const nsContentPolicyType TYPE_REFRESH = 8;
/**
* Indicates an XBL binding request, triggered either by -moz-binding CSS
* property.
*/
const nsContentPolicyType TYPE_XBL = 9;
/**
* Indicates a ping triggered by a click on <A PING="..."> element.
*/
const nsContentPolicyType TYPE_PING = 10;
/**
* Indicates an XMLHttpRequest. Also used for document.load and for EventSource.
*/
const nsContentPolicyType TYPE_XMLHTTPREQUEST = 11;
const nsContentPolicyType TYPE_DATAREQUEST = 11; // alias
/**
* Indicates a request by a plugin.
*/
const nsContentPolicyType TYPE_OBJECT_SUBREQUEST = 12;
/**
* Indicates a DTD loaded by an XML document.
*/
const nsContentPolicyType TYPE_DTD = 13;
/**
* Indicates a font loaded via @font-face rule.
*/
const nsContentPolicyType TYPE_FONT = 14;
/**
* Indicates a video or audio load.
*/
const nsContentPolicyType TYPE_MEDIA = 15;
/**
* Indicates a WebSocket load.
*/
const nsContentPolicyType TYPE_WEBSOCKET = 16;
/**
* Indicates a Content Security Policy report.
*/
const nsContentPolicyType TYPE_CSP_REPORT = 17;
/**
* Indicates a style sheet transformation.
*/
const nsContentPolicyType TYPE_XSLT = 18;
/**
* Indicates a beacon post.
*/
const nsContentPolicyType TYPE_BEACON = 19;
/**
* Indicates a load initiated by the fetch() function from the Fetch
* specification.
*/
const nsContentPolicyType TYPE_FETCH = 20;
/**
* Indicates a <img srcset> or <picture> request.
*/
const nsContentPolicyType TYPE_IMAGESET = 21;
/**
* Indicates a web manifest.
*/
const nsContentPolicyType TYPE_WEB_MANIFEST = 22;
/**
* Indicates an internal constant for scripts loaded through script
* elements.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SCRIPT = 23;
/**
* Indicates an internal constant for scripts loaded through a dedicated
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_WORKER = 24;
/**
* Indicates an internal constant for scripts loaded through a shared
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SHARED_WORKER = 25;
/**
* Indicates an internal constant for content loaded from embed elements.
*
* This will be mapped to TYPE_OBJECT.
*/
const nsContentPolicyType TYPE_INTERNAL_EMBED = 26;
/**
* Indicates an internal constant for content loaded from object elements.
*
* This will be mapped to TYPE_OBJECT.
*/
const nsContentPolicyType TYPE_INTERNAL_OBJECT = 27;
/**
* Indicates an internal constant for content loaded from frame elements.
*
* This will be mapped to TYPE_SUBDOCUMENT.
*/
const nsContentPolicyType TYPE_INTERNAL_FRAME = 28;
/**
* Indicates an internal constant for content loaded from iframe elements.
*
* This will be mapped to TYPE_SUBDOCUMENT.
*/
const nsContentPolicyType TYPE_INTERNAL_IFRAME = 29;
/**
* Indicates an internal constant for content loaded from audio elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_AUDIO = 30;
/**
* Indicates an internal constant for content loaded from video elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_VIDEO = 31;
/**
* Indicates an internal constant for content loaded from track elements.
*
* This will be mapped to TYPE_MEDIA.
*/
const nsContentPolicyType TYPE_INTERNAL_TRACK = 32;
/**
* Indicates an internal constant for an XMLHttpRequest.
*
* This will be mapped to TYPE_XMLHTTPREQUEST.
*/
const nsContentPolicyType TYPE_INTERNAL_XMLHTTPREQUEST = 33;
/**
* Indicates an internal constant for EventSource.
*
* This will be mapped to TYPE_DATAREQUEST.
*/
const nsContentPolicyType TYPE_INTERNAL_EVENTSOURCE = 34;
/**
* Indicates an internal constant for scripts loaded through a service
* worker.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SERVICE_WORKER = 35;
/**
* Indicates an internal constant for *preloaded* scripts
* loaded through script elements.
*
* This will be mapped to TYPE_SCRIPT before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_SCRIPT_PRELOAD = 36;
/**
* Indicates an internal constant for normal images.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE = 37;
/**
* Indicates an internal constant for *preloaded* images.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE_PRELOAD = 38;
/**
* Indicates an internal constant for normal stylesheets.
*
* This will be mapped to TYPE_STYLESHEET before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_STYLESHEET = 39;
/**
* Indicates an internal constant for *preloaded* stylesheets.
*
* This will be mapped to TYPE_STYLESHEET before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_STYLESHEET_PRELOAD = 40;
/**
* Indicates an internal constant for favicon.
*
* This will be mapped to TYPE_IMAGE before being passed
* to content policy implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_IMAGE_FAVICON = 41;
/**
* Indicates an importScripts() inside a worker script.
*
* This will be mapped to TYPE_SCRIPT before being passed to content policy
* implementations.
*/
const nsContentPolicyType TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS = 42;
/* When adding new content types, please update nsContentBlocker,
* NS_CP_ContentTypeName, nsCSPContext, all nsIContentPolicy
* implementations, the static_assert in dom/cache/DBSchema.cpp,
* and other things that are not listed here that are related to
* nsIContentPolicy. */
//////////////////////////////////////////////////////////////////////
/**
* Returned from shouldLoad or shouldProcess if the load or process request
* is rejected based on details of the request.
*/
const short REJECT_REQUEST = -1;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based solely on its type (of the above flags).
*
* NOTE that it is not meant to stop future requests for this type--only the
* current request.
*/
const short REJECT_TYPE = -2;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based on the server it is hosted on or requested from (aContentLocation or
* aRequestOrigin), e.g., if you block an IMAGE because it is served from
* goatse.cx (even if you don't necessarily block other types from that
* server/domain).
*
* NOTE that it is not meant to stop future requests for this server--only the
* current request.
*/
const short REJECT_SERVER = -3;
/**
* Returned from shouldLoad or shouldProcess if the load/process is rejected
* based on some other criteria. Mozilla callers will handle this like
* REJECT_REQUEST; third-party implementors may, for example, use this to
* direct their own callers to consult the extra parameter for additional
* details.
*/
const short REJECT_OTHER = -4;
/**
* Returned from shouldLoad or shouldProcess if the load or process request
* is not rejected.
*/
const short ACCEPT = 1;
};

147
dom/base/nsISimpleContentPolicy.idl
Просмотреть файл

@ -1,147 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ft=cpp tw=78 sw=2 et ts=8 : */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
#include "nsIContentPolicyBase.idl"
interface nsIURI;
interface nsIDOMNode;
interface nsIPrincipal;
interface nsIDOMElement;
/**
* Interface for content policy mechanism. Implementations of this
* interface can be used to control loading of various types of out-of-line
* content, or processing of certain types of in-line content.
*
* This interface differs from nsIContentPolicy in that it offers less control
* (the DOM node doing the load is not provided) but more flexibility for
* Gecko. In particular, this interface allows an add-on in the chrome process
* to block loads without using cross-process wrappers (CPOWs). Add-ons should
* prefer this interface to nsIContentPolicy because it should be faster in
* e10s. In the future, it may also be run asynchronously.
*
* WARNING: do not block the caller from shouldLoad or shouldProcess (e.g.,
* by launching a dialog to prompt the user for something).
*/
[scriptable,uuid(b9df71e3-a9b3-4706-b2d5-e6c0d3d68ec7)]
interface nsISimpleContentPolicy : nsIContentPolicyBase
{
/**
* Should the resource at this location be loaded?
* ShouldLoad will be called before loading the resource at aContentLocation
* to determine whether to start the load at all.
*
* @param aContentType the type of content being tested. This will be one
* one of the TYPE_* constants.
*
* @param aContentLocation the location of the content being checked; must
* not be null
*
* @param aRequestOrigin OPTIONAL. the location of the resource that
* initiated this load request; can be null if
* inapplicable
*
* @param aTopFrameElement OPTIONAL. The top frame element (typically a
* <xul:browser> element) that initiated the
* request. In a content process, this argument
* will be null.
*
* @param aIsTopLevel OPTIONAL. True iff the request was initiated
* from a frame where |window.top === window|.
*
* @param aMimeTypeGuess OPTIONAL. a guess for the requested content's
* MIME type, based on information available to
* the request initiator (e.g., an OBJECT's type
* attribute); does not reliably reflect the
* actual MIME type of the requested content
*
* @param aExtra an OPTIONAL argument, pass-through for non-Gecko
* callers to pass extra data to callees.
*
* @param aRequestPrincipal an OPTIONAL argument, defines the principal that
* caused the load. This is optional only for
* non-gecko code: all gecko code should set this
* argument. For navigation events, this is
* the principal of the page that caused this load.
*
* @return ACCEPT or REJECT_*
*
* @note shouldLoad can be called while the DOM and layout of the document
* involved is in an inconsistent state. This means that implementors of
* this method MUST NOT do any of the following:
* 1) Modify the DOM in any way (e.g. setting attributes is a no-no).
* 2) Query any DOM properties that depend on layout (e.g. offset*
* properties).
* 3) Query any DOM properties that depend on style (e.g. computed style).
* 4) Query any DOM properties that depend on the current state of the DOM
* outside the "context" node (e.g. lengths of node lists).
* 5) [JavaScript implementations only] Access properties of any sort on any
* object without using XPCNativeWrapper (either explicitly or
* implicitly). Due to various DOM0 things, this leads to item 4.
* If you do any of these things in your shouldLoad implementation, expect
* unpredictable behavior, possibly including crashes, content not showing
* up, content showing up doubled, etc. If you need to do any of the things
* above, do them off timeout or event.
*/
short shouldLoad(in nsContentPolicyType aContentType,
in nsIURI aContentLocation,
in nsIURI aRequestOrigin,
in nsIDOMElement aTopFrameElement,
in boolean aIsTopLevel,
in ACString aMimeTypeGuess,
in nsISupports aExtra,
in nsIPrincipal aRequestPrincipal);
/**
* Should the resource be processed?
* ShouldProcess will be called once all the information passed to it has
* been determined about the resource, typically after part of the resource
* has been loaded.
*
* @param aContentType the type of content being tested. This will be one
* one of the TYPE_* constants.
*
* @param aContentLocation OPTIONAL; the location of the resource being
* requested: MAY be, e.g., a post-redirection URI
* for the resource.
*
* @param aRequestOrigin OPTIONAL. the location of the resource that
* initiated this load request; can be null if
* inapplicable
*
* @param aTopFrameElement OPTIONAL. The top frame element (typically a
* <xul:browser> element) that initiated the
* request. In a content process, this argument
* will be null.
*
* @param aIsTopLevel OPTIONAL. True iff the request was initiated
* from a frame where |window.top === window|.
*
* @param aMimeType the MIME type of the requested resource (e.g.,
* image/png), as reported by the networking library,
* if available (may be empty if inappropriate for
* the type, e.g., TYPE_REFRESH).
*
* @param aExtra an OPTIONAL argument, pass-through for non-Gecko
* callers to pass extra data to callees.
*
* @return ACCEPT or REJECT_*
*
* @note shouldProcess can be called while the DOM and layout of the document
* involved is in an inconsistent state. See the note on shouldLoad to see
* what this means for implementors of this method.
*/
short shouldProcess(in nsContentPolicyType aContentType,
in nsIURI aContentLocation,
in nsIURI aRequestOrigin,
in nsIDOMElement aTopFrameElement,
in boolean aIsTopLevel,
in ACString aMimeType,
in nsISupports aExtra,
in nsIPrincipal aRequestPrincipal);
};

2
dom/base/nsStyleLinkElement.cpp
Просмотреть файл

@ -33,7 +33,7 @@
#include "nsContentUtils.h"
#include "nsStyleUtil.h"
#include "nsQueryObject.h"
#include "nsIContentPolicyBase.h"
#include "nsIContentPolicy.h"
#include "nsMimeTypes.h"
#include "imgLoader.h"
#include "MediaContainerType.h"

72
dom/base/test/file_simplecontentpolicy.js
Просмотреть файл

@ -1,72 +0,0 @@
var Ci = Components.interfaces;
var Cc = Components.classes;
var Cr = Components.results;
Components.utils.import("resource://gre/modules/Services.jsm");
Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
function executeSoon(f)
{
Services.tm.dispatchToMainThread(f);
}
var urlSuffix = "/this/is/the/test/url";
// Content policy / factory implementation for the test
var policyID = Components.ID("{6aadacff-f1f2-46f4-a6db-6d429f884a30}");
var policyName = "@mozilla.org/simpletestpolicy;1";
var policy = {
// nsISupports implementation
QueryInterface:
XPCOMUtils.generateQI([
Ci.nsISupports,
Ci.nsIFactory,
Ci.nsISimpleContentPolicy]),
// nsIFactory implementation
createInstance: function(outer, iid) {
return this.QueryInterface(iid);
},
// nsIContentPolicy implementation
shouldLoad: function(contentType,
contentLocation,
requestOrigin,
frame,
isTopLevel,
mimeTypeGuess,
extra)
{
// Remember last content type seen for the test url
if (contentLocation.spec.endsWith(urlSuffix)) {
sendAsyncMessage("shouldLoad", {contentType: contentType, isTopLevel: isTopLevel});
return Ci.nsIContentPolicy.REJECT_REQUEST;
}
return Ci.nsIContentPolicy.ACCEPT;
},
shouldProcess: function() {
return Ci.nsIContentPolicy.ACCEPT;
}
}
// Register content policy
var componentManager = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
componentManager.registerFactory(policyID, "Test simple content policy", policyName, policy);
var categoryManager = Cc["@mozilla.org/categorymanager;1"].getService(Ci.nsICategoryManager);
categoryManager.addCategoryEntry("simple-content-policy", policyName, policyName, false, true);
addMessageListener("finished", () => {
// Unregister content policy
categoryManager.deleteCategoryEntry("simple-content-policy", policyName, false);
executeSoon(function() {
// Component must be unregistered delayed, otherwise other content
// policy will not be removed from the category correctly
componentManager.unregisterFactory(policyID, policy);
});
});
sendAsyncMessage("ready");

3
dom/base/test/mochitest.ini
Просмотреть файл

@ -155,7 +155,6 @@ support-files =
file_record_orientation.html
file_restrictedEventSource.sjs
file_settimeout_inner.html
file_simplecontentpolicy.js
file_timer_flood.html
file_viewport_scroll_quirks.html
file_viewport_scroll_xml.xml
@ -780,8 +779,6 @@ skip-if = debug == false
[test_settimeout_inner.html]
[test_setTimeoutWith0.html]
[test_setting_opener.html]
[test_simplecontentpolicy.html]
skip-if = e10s # Bug 1156489.
[test_text_wholeText.html]
[test_textnode_normalize_in_selection.html]
[test_textnode_split_in_selection.html]

149
dom/base/test/test_simplecontentpolicy.html
Просмотреть файл

@ -1,149 +0,0 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Test for nsISimpleContentPolicy</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1128798">Mozilla Bug 1128798</a>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<script class="testbody" type="text/javascript">
var lastContentType = -1;
const testURL = window.location.href + "/this/is/the/test/url";
const Cc = SpecialPowers.Cc;
const Ci = SpecialPowers.Ci;
var beaconUrl = "http://mochi.test:8888/tests/dom/tests/mochitest/beacon/beacon-handler.sjs";
var chromeURL = SimpleTest.getTestFileURL("file_simplecontentpolicy.js");
var script = SpecialPowers.loadChromeScript(chromeURL);
// Try creating different request types. Most of these are not
// top-level because they run in the test iframe.
var tests = [["SCRIPT", false],
["IMAGE", false],
["STYLESHEET", false],
["OBJECT", false],
["DOCUMENT", true],
["SUBDOCUMENT", false],
["XBL", false],
["XMLHTTPREQUEST", false],
["BEACON", false]];
var curTest = -1;
var div;
SimpleTest.waitForExplicitFinish();
script.addMessageListener("ready", function(msg) {
SpecialPowers.pushPrefEnv({'set': [["beacon.enabled", true]]}, runNextTest);
});
script.addMessageListener("shouldLoad", function(msg) {
var isTopLevel = tests[curTest][1];
var type = "TYPE_" + tests[curTest][0];
is(msg.contentType, Ci.nsIContentPolicy[type], "Content policies triggered for " + type);
is(msg.isTopLevel, isTopLevel, "isTopLevel is set correctly");
if (tests[curTest] == "XBL") {
//XXX Removing binding to work-around a memory leak (bugs 478528, 499735).
div.style.MozBinding = "";
}
runNextTest();
});
function runNextTest() {
curTest++;
if (curTest < tests.length) {
var method = "request_" + tests[curTest][0].toLowerCase();
try {
window[method]();
} catch(e) {}
}
else {
script.sendAsyncMessage("finished");
SimpleTest.finish();
}
}
// Request creating functions
function request_script() {
var content = $("content");
Math.sin(1);
var script = document.createElement("script");
script.setAttribute("type", "text/javascript")
script.setAttribute("src", testURL)
content.appendChild(script);
}
function request_image() {
var content = $("content");
var image = new Image();
image.src = testURL;
}
function request_stylesheet() {
var content = $("content");
var stylesheet = document.createElement("link");
stylesheet.setAttribute("rel", "stylesheet");
stylesheet.setAttribute("type", "text/css");
stylesheet.setAttribute("href", testURL);
content.appendChild(stylesheet);
}
function request_object() {
var content = $("content");
var object = document.createElement("embed");
object.setAttribute("src", testURL);
content.appendChild(object);
}
function request_document() {
top.location.href = testURL;
}
function request_subdocument() {
var content = $("content");
var frame = document.createElement("iframe");
frame.setAttribute("src", testURL);
content.appendChild(frame);
}
function request_xbl() {
var content = $("content");
div = document.createElement("div");
div.style.MozBinding = "url(" + testURL + ")";
$('test').appendChild(div);
div.offsetLeft; // Flush styles.
}
function request_xmlhttprequest() {
var request = new XMLHttpRequest();
request.open("GET", testURL, false);
request.send(null);
}
function request_beacon() {
navigator.sendBeacon(testURL, "bacon would have been a better name than beacon");
}
</script>
</pre>
</body>
</html>

2
dom/workers/ScriptLoader.h
Просмотреть файл

@ -8,7 +8,7 @@
#define mozilla_dom_workers_scriptloader_h__
#include "Workers.h"
#include "nsIContentPolicyBase.h"
#include "nsIContentPolicy.h"
class nsIPrincipal;
class nsIURI;

2
netwerk/base/nsINetworkInterceptController.idl
Просмотреть файл

@ -4,7 +4,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
#include "nsIContentPolicyBase.idl"
#include "nsIContentPolicy.idl"
interface nsIChannel;
interface nsIConsoleReportCollector;

2
netwerk/protocol/http/HttpBaseChannel.cpp
Просмотреть файл

@ -3950,7 +3950,7 @@ HttpBaseChannel::GetPerformance()
}
// We don't need to report the resource timing entry for a TYPE_DOCUMENT load.
if (mLoadInfo->GetExternalContentPolicyType() == nsIContentPolicyBase::TYPE_DOCUMENT) {
if (mLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) {
return nullptr;
}

2
widget/nsIDragService.idl
Просмотреть файл

@ -8,7 +8,7 @@
#include "nsISupports.idl"
#include "nsIDragSession.idl"
#include "nsIScriptableRegion.idl"
#include "nsIContentPolicyBase.idl"
#include "nsIContentPolicy.idl"
interface nsIDOMNode;
interface nsIDOMDragEvent;

2
widget/nsITransferable.idl
Просмотреть файл

@ -7,7 +7,7 @@
#include "nsIArray.idl"
#include "nsISupports.idl"
#include "nsIFormatConverter.idl"
#include "nsIContentPolicyBase.idl"
#include "nsIContentPolicy.idl"
interface nsIPrincipal;

1
widget/nsTransferable.h
Просмотреть файл

@ -6,7 +6,6 @@
#ifndef nsTransferable_h__
#define nsTransferable_h__
#include "nsIContentPolicyBase.h"
#include "nsIFormatConverter.h"
#include "nsITransferable.h"
#include "nsCOMPtr.h"