зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1562292: Part 1d - Move OnePermittedSandboxedNavigator to BrowsingContext. r=nika
We need to be able to check the one-permitted-sandboxed-navigator from potentially-cross-process access checks in DocShell, which means it needs to live on BrowsingContext rather than DocShell. Differential Revision: https://phabricator.services.mozilla.com/D40495 --HG-- extra : rebase_source : 6f635ae549c89fee9773a9661289bad7a84aeb38 extra : histedit_source : 5a8a33c6463ae6231dfcfc7ca646ea47eada84bb
This commit is contained in:
Родитель
de1486255d
Коммит
a33e880ee6
|
@ -209,6 +209,23 @@ class BrowsingContext : public nsWrapperCache, public BrowsingContextBase {
|
|||
|
||||
bool HasOpener() const;
|
||||
|
||||
/**
|
||||
* When a new browsing context is opened by a sandboxed document, it needs to
|
||||
* keep track of the browsing context that opened it, so that it can be
|
||||
* navigated by it. This is the "one permitted sandboxed navigator".
|
||||
*/
|
||||
already_AddRefed<BrowsingContext> GetOnePermittedSandboxedNavigator() const {
|
||||
return Get(mOnePermittedSandboxedNavigatorId);
|
||||
}
|
||||
void SetOnePermittedSandboxedNavigator(BrowsingContext* aNavigator) {
|
||||
if (mOnePermittedSandboxedNavigatorId) {
|
||||
MOZ_ASSERT(false,
|
||||
"One Permitted Sandboxed Navigator should only be set once.");
|
||||
} else {
|
||||
SetOnePermittedSandboxedNavigatorId(aNavigator ? aNavigator->Id() : 0);
|
||||
}
|
||||
}
|
||||
|
||||
void GetChildren(Children& aChildren);
|
||||
|
||||
BrowsingContextGroup* Group() { return mGroup; }
|
||||
|
|
|
@ -19,6 +19,8 @@ MOZ_BC_FIELD(OpenerPolicy, nsILoadInfo::CrossOriginOpenerPolicy)
|
|||
// stored as the opener ID.
|
||||
MOZ_BC_FIELD(OpenerId, uint64_t)
|
||||
|
||||
MOZ_BC_FIELD(OnePermittedSandboxedNavigatorId, uint64_t)
|
||||
|
||||
// Toplevel browsing contexts only. This field controls whether the browsing
|
||||
// context is currently considered to be activated by a gesture.
|
||||
MOZ_BC_FIELD(IsActivatedByUserGesture, bool)
|
||||
|
|
|
@ -3054,10 +3054,10 @@ bool nsDocShell::IsSandboxedFrom(nsIDocShell* aTargetDocShell) {
|
|||
|
||||
// aTargetDocShell is top level, are we the "one permitted sandboxed
|
||||
// navigator", i.e. did we open aTargetDocShell?
|
||||
nsCOMPtr<nsIDocShell> permittedNavigator;
|
||||
aTargetDocShell->GetOnePermittedSandboxedNavigator(
|
||||
getter_AddRefs(permittedNavigator));
|
||||
if (permittedNavigator == this) {
|
||||
RefPtr<BrowsingContext> permittedNavigator(
|
||||
aTargetDocShell->GetBrowsingContext()
|
||||
->GetOnePermittedSandboxedNavigator());
|
||||
if (permittedNavigator == mBrowsingContext) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -4967,8 +4967,6 @@ nsDocShell::Destroy() {
|
|||
|
||||
mChromeEventHandler = nullptr;
|
||||
|
||||
mOnePermittedSandboxedNavigator = nullptr;
|
||||
|
||||
// required to break ref cycle
|
||||
mSecurityUI = nullptr;
|
||||
|
||||
|
@ -5367,34 +5365,6 @@ nsDocShell::GetSandboxFlags(uint32_t* aSandboxFlags) {
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::SetOnePermittedSandboxedNavigator(
|
||||
nsIDocShell* aSandboxedNavigator) {
|
||||
if (mOnePermittedSandboxedNavigator) {
|
||||
NS_ERROR("One Permitted Sandboxed Navigator should only be set once.");
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
MOZ_ASSERT(!mIsBeingDestroyed);
|
||||
|
||||
mOnePermittedSandboxedNavigator = do_GetWeakReference(aSandboxedNavigator);
|
||||
NS_ASSERTION(
|
||||
mOnePermittedSandboxedNavigator,
|
||||
"One Permitted Sandboxed Navigator must support weak references.");
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::GetOnePermittedSandboxedNavigator(
|
||||
nsIDocShell** aSandboxedNavigator) {
|
||||
NS_ENSURE_ARG_POINTER(aSandboxedNavigator);
|
||||
nsCOMPtr<nsIDocShell> permittedNavigator =
|
||||
do_QueryReferent(mOnePermittedSandboxedNavigator);
|
||||
permittedNavigator.forget(aSandboxedNavigator);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsDocShell::SetDefaultLoadFlags(uint32_t aDefaultLoadFlags) {
|
||||
mDefaultLoadFlags = aDefaultLoadFlags;
|
||||
|
|
|
@ -1066,7 +1066,6 @@ class nsDocShell final : public nsDocLoader,
|
|||
nsString mTitle;
|
||||
nsString mCustomUserAgent;
|
||||
nsCString mOriginalUriString;
|
||||
nsWeakPtr mOnePermittedSandboxedNavigator;
|
||||
nsWeakPtr mOpener;
|
||||
nsTObserverArray<nsWeakPtr> mPrivacyObservers;
|
||||
nsTObserverArray<nsWeakPtr> mReflowObservers;
|
||||
|
|
|
@ -784,13 +784,6 @@ interface nsIDocShell : nsIDocShellTreeItem
|
|||
*/
|
||||
attribute unsigned long sandboxFlags;
|
||||
|
||||
/**
|
||||
* When a new browsing context is opened by a sandboxed document, it needs to
|
||||
* keep track of the browsing context that opened it, so that it can be
|
||||
* navigated by it. This is the "one permitted sandboxed navigator".
|
||||
*/
|
||||
attribute nsIDocShell onePermittedSandboxedNavigator;
|
||||
|
||||
/**
|
||||
* Returns true if we are sandboxed from aTargetDocShell.
|
||||
* aTargetDocShell - the browsing context we are attempting to navigate.
|
||||
|
|
|
@ -922,7 +922,8 @@ nsresult nsWindowWatcher::OpenWindowInternal(
|
|||
// If our parent is sandboxed, set it as the one permitted sandboxed navigator
|
||||
// on the new window we're opening.
|
||||
if (activeDocsSandboxFlags && parentWindow) {
|
||||
newDocShell->SetOnePermittedSandboxedNavigator(parentWindow->GetDocShell());
|
||||
newDocShell->GetBrowsingContext()->SetOnePermittedSandboxedNavigator(
|
||||
parentWindow->GetBrowsingContext());
|
||||
}
|
||||
|
||||
// Copy sandbox flags to the new window if activeDocsSandboxFlags says to do
|
||||
|
|
Загрузка…
Ссылка в новой задаче