From 96405b7e876fc3fcc8a8a5ec3e5fa990fb3280c1 Mon Sep 17 00:00:00 2001
From: Andrea Marchesini <amarchesini@mozilla.com>
Date: Thu, 29 Sep 2016 08:55:21 +0200
Subject: [PATCH] Bug 1297393 - Make passing of subject principals to webidl
 entry points explicit - part 4 - Location, r=ehsan

---
 dom/base/Location.cpp      |   7 ++-
 dom/base/Location.h        | 109 +++++++++++++++++++++++++++++--------
 dom/webidl/Location.webidl |  26 ++++-----
 3 files changed, 103 insertions(+), 39 deletions(-)

diff --git a/dom/base/Location.cpp b/dom/base/Location.cpp
index 0b46daa0e80e..125a956f2c71 100644
--- a/dom/base/Location.cpp
+++ b/dom/base/Location.cpp
@@ -910,8 +910,10 @@ Location::GetSourceBaseURL(JSContext* cx, nsIURI** sourceURL)
 }
 
 bool
-Location::CallerSubsumes()
+Location::CallerSubsumes(nsIPrincipal* aSubjectPrincipal)
 {
+  MOZ_ASSERT(aSubjectPrincipal);
+
   // Get the principal associated with the location object.  Note that this is
   // the principal of the page which will actually be navigated, not the
   // principal of the Location object itself.  This is why we need this check
@@ -923,7 +925,8 @@ Location::CallerSubsumes()
   nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(outer);
   bool subsumes = false;
   nsresult rv =
-    nsContentUtils::SubjectPrincipal()->SubsumesConsideringDomain(sop->GetPrincipal(), &subsumes);
+    aSubjectPrincipal->SubsumesConsideringDomain(sop->GetPrincipal(),
+                                                 &subsumes);
   NS_ENSURE_SUCCESS(rv, false);
   return subsumes;
 }
diff --git a/dom/base/Location.h b/dom/base/Location.h
index 214fedb57fd0..f59ffb544278 100644
--- a/dom/base/Location.h
+++ b/dom/base/Location.h
@@ -44,119 +44,180 @@ public:
   NS_DECL_NSIDOMLOCATION
 
   #define THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME() { \
-    if (!CallerSubsumes()) { \
+    MOZ_ASSERT(aSubjectPrincipal.isSome()); \
+    if (!CallerSubsumes(aSubjectPrincipal.value())) { \
       aError.Throw(NS_ERROR_DOM_SECURITY_ERR); \
       return; \
     } \
   }
 
   // WebIDL API:
-  void Assign(const nsAString& aUrl, ErrorResult& aError)
+  void Assign(const nsAString& aUrl,
+              const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+              ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = Assign(aUrl);
   }
 
-  void Replace(const nsAString& aUrl, ErrorResult& aError)
+  void Replace(const nsAString& aUrl,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     aError = Replace(aUrl);
   }
 
-  void Reload(bool aForceget, ErrorResult& aError)
+  void Reload(bool aForceget,
+              const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+              ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = Reload(aForceget);
   }
-  void GetHref(nsAString& aHref, ErrorResult& aError)
+
+  void GetHref(nsAString& aHref,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetHref(aHref);
   }
-  void SetHref(const nsAString& aHref, ErrorResult& aError)
+
+  void SetHref(const nsAString& aHref,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     aError = SetHref(aHref);
   }
-  void GetOrigin(nsAString& aOrigin, ErrorResult& aError)
+
+  void GetOrigin(nsAString& aOrigin,
+                 const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                 ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetOrigin(aOrigin);
   }
-  void GetProtocol(nsAString& aProtocol, ErrorResult& aError)
+
+  void GetProtocol(nsAString& aProtocol,
+                   const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                   ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetProtocol(aProtocol);
   }
-  void SetProtocol(const nsAString& aProtocol, ErrorResult& aError)
+
+  void SetProtocol(const nsAString& aProtocol,
+                   const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                   ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = SetProtocol(aProtocol);
   }
-  void GetHost(nsAString& aHost, ErrorResult& aError)
+
+  void GetHost(nsAString& aHost,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetHost(aHost);
   }
-  void SetHost(const nsAString& aHost, ErrorResult& aError)
+
+  void SetHost(const nsAString& aHost,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = SetHost(aHost);
   }
-  void GetHostname(nsAString& aHostname, ErrorResult& aError)
+
+  void GetHostname(nsAString& aHostname,
+                   const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                   ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetHostname(aHostname);
   }
-  void SetHostname(const nsAString& aHostname, ErrorResult& aError)
+
+  void SetHostname(const nsAString& aHostname,
+                   const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                   ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = SetHostname(aHostname);
   }
-  void GetPort(nsAString& aPort, ErrorResult& aError)
+
+  void GetPort(nsAString& aPort,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetPort(aPort);
   }
-  void SetPort(const nsAString& aPort, ErrorResult& aError)
+
+  void SetPort(const nsAString& aPort,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = SetPort(aPort);
   }
-  void GetPathname(nsAString& aPathname, ErrorResult& aError)
+
+  void GetPathname(nsAString& aPathname,
+                   const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                   ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetPathname(aPathname);
   }
-  void SetPathname(const nsAString& aPathname, ErrorResult& aError)
+
+  void SetPathname(const nsAString& aPathname,
+                   const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                   ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = SetPathname(aPathname);
   }
-  void GetSearch(nsAString& aSeach, ErrorResult& aError)
+
+  void GetSearch(nsAString& aSeach,
+                 const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                 ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetSearch(aSeach);
   }
-  void SetSearch(const nsAString& aSeach, ErrorResult& aError)
+
+  void SetSearch(const nsAString& aSeach,
+                 const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                 ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = SetSearch(aSeach);
   }
 
-  void GetHash(nsAString& aHash, ErrorResult& aError)
+  void GetHash(nsAString& aHash,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = GetHash(aHash);
   }
-  void SetHash(const nsAString& aHash, ErrorResult& aError)
+
+  void SetHash(const nsAString& aHash,
+               const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+               ErrorResult& aError)
   {
     THROW_AND_RETURN_IF_CALLER_DOESNT_SUBSUME();
     aError = SetHash(aHash);
   }
-  void Stringify(nsAString& aRetval, ErrorResult& aError)
+
+  void Stringify(nsAString& aRetval,
+                 const Maybe<nsIPrincipal*>& aSubjectPrincipal,
+                 ErrorResult& aError)
   {
     // GetHref checks CallerSubsumes.
-    GetHref(aRetval, aError);
+    GetHref(aRetval, aSubjectPrincipal, aError);
   }
+
   nsPIDOMWindowInner* GetParentObject() const
   {
     return mInnerWindow;
@@ -185,7 +246,7 @@ protected:
 
   nsresult GetSourceBaseURL(JSContext* cx, nsIURI** sourceURL);
   nsresult CheckURL(nsIURI *url, nsIDocShellLoadInfo** aLoadInfo);
-  bool CallerSubsumes();
+  bool CallerSubsumes(nsIPrincipal* aSubjectPrincipal);
 
   nsString mCachedHash;
   nsCOMPtr<nsPIDOMWindowInner> mInnerWindow;
diff --git a/dom/webidl/Location.webidl b/dom/webidl/Location.webidl
index fa017156a961..991da99a9188 100644
--- a/dom/webidl/Location.webidl
+++ b/dom/webidl/Location.webidl
@@ -17,36 +17,36 @@ interface Location {
   //  stringifier attribute USVString href;
 
   // Bug 824857 should remove this.
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
   stringifier;
 
-  [Throws, CrossOriginWritable]
+  [Throws, CrossOriginWritable, NeedsSubjectPrincipal]
            attribute USVString href;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
   readonly attribute USVString origin;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
            attribute USVString protocol;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
            attribute USVString host;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
            attribute USVString hostname;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
            attribute USVString port;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
            attribute USVString pathname;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
            attribute USVString search;
-  [Throws]
+  [Throws, NeedsSubjectPrincipal]
            attribute USVString hash;
 
-  [Throws, UnsafeInPrerendering]
+  [Throws, UnsafeInPrerendering, NeedsSubjectPrincipal]
   void assign(USVString url);
 
-  [Throws, CrossOriginCallable, UnsafeInPrerendering]
+  [Throws, CrossOriginCallable, UnsafeInPrerendering, NeedsSubjectPrincipal]
   void replace(USVString url);
 
   // XXXbz there is no forceget argument in the spec!  See bug 1037721.
-  [Throws, UnsafeInPrerendering]
+  [Throws, UnsafeInPrerendering, NeedsSubjectPrincipal]
   void reload(optional boolean forceget = false);
 
   // Bug 1085214 [SameObject] readonly attribute USVString[] ancestorOrigins;