зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1144991 - Be a bit more restrictive about when a URI_IS_UI_RESOURCE source is allowed to link to a URI_IS_UI_RESOURCE URI that doesn't have the same scheme. r=bholley, a=me
This commit is contained in:
Родитель
6163874390
Коммит
94fe221522
|
@ -749,12 +749,31 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
|
|||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (hasFlags) {
|
||||
if (aFlags & nsIScriptSecurityManager::ALLOW_CHROME) {
|
||||
|
||||
// For now, don't change behavior for resource:// or moz-icon:// and
|
||||
// just allow them.
|
||||
if (!targetScheme.EqualsLiteral("chrome")) {
|
||||
// for now don't change behavior for resource: or moz-icon:
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// allow load only if chrome package is whitelisted
|
||||
// Allow a URI_IS_UI_RESOURCE source to link to a URI_IS_UI_RESOURCE
|
||||
// target if ALLOW_CHROME is set.
|
||||
//
|
||||
// ALLOW_CHROME is a flag that we pass on all loads _except_ docshell
|
||||
// loads (since docshell loads run the loaded content with its origin
|
||||
// principal). So we're effectively allowing resource://, chrome://,
|
||||
// and moz-icon:// source URIs to load resource://, chrome://, and
|
||||
// moz-icon:// files, so long as they're not loading it as a document.
|
||||
bool sourceIsUIResource;
|
||||
rv = NS_URIChainHasFlags(sourceBaseURI,
|
||||
nsIProtocolHandler::URI_IS_UI_RESOURCE,
|
||||
&sourceIsUIResource);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (sourceIsUIResource) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// Allow the load only if the chrome package is whitelisted.
|
||||
nsCOMPtr<nsIXULChromeRegistry> reg(do_GetService(
|
||||
NS_CHROMEREGISTRY_CONTRACTID));
|
||||
if (reg) {
|
||||
|
@ -766,17 +785,6 @@ nsScriptSecurityManager::CheckLoadURIWithPrincipal(nsIPrincipal* aPrincipal,
|
|||
}
|
||||
}
|
||||
|
||||
// resource: and chrome: are equivalent, securitywise
|
||||
// That's bogus!! Fix this. But watch out for
|
||||
// the view-source stylesheet?
|
||||
bool sourceIsChrome;
|
||||
rv = NS_URIChainHasFlags(sourceBaseURI,
|
||||
nsIProtocolHandler::URI_IS_UI_RESOURCE,
|
||||
&sourceIsChrome);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (sourceIsChrome) {
|
||||
return NS_OK;
|
||||
}
|
||||
if (reportErrors) {
|
||||
ReportError(nullptr, errorTag, sourceURI, aTargetURI);
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче