зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1562292: Part 1d - Move OnePermittedSandboxedNavigator to BrowsingContext. r=nika
We need to be able to check the one-permitted-sandboxed-navigator from potentially-cross-process access checks in DocShell, which means it needs to live on BrowsingContext rather than DocShell. Differential Revision: https://phabricator.services.mozilla.com/D40495 --HG-- extra : rebase_source : 6f635ae549c89fee9773a9661289bad7a84aeb38 extra : histedit_source : 5a8a33c6463ae6231dfcfc7ca646ea47eada84bb
This commit is contained in:
Родитель
de1486255d
Коммит
a33e880ee6
|
@ -209,6 +209,23 @@ class BrowsingContext : public nsWrapperCache, public BrowsingContextBase {
|
||||||
|
|
||||||
bool HasOpener() const;
|
bool HasOpener() const;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* When a new browsing context is opened by a sandboxed document, it needs to
|
||||||
|
* keep track of the browsing context that opened it, so that it can be
|
||||||
|
* navigated by it. This is the "one permitted sandboxed navigator".
|
||||||
|
*/
|
||||||
|
already_AddRefed<BrowsingContext> GetOnePermittedSandboxedNavigator() const {
|
||||||
|
return Get(mOnePermittedSandboxedNavigatorId);
|
||||||
|
}
|
||||||
|
void SetOnePermittedSandboxedNavigator(BrowsingContext* aNavigator) {
|
||||||
|
if (mOnePermittedSandboxedNavigatorId) {
|
||||||
|
MOZ_ASSERT(false,
|
||||||
|
"One Permitted Sandboxed Navigator should only be set once.");
|
||||||
|
} else {
|
||||||
|
SetOnePermittedSandboxedNavigatorId(aNavigator ? aNavigator->Id() : 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void GetChildren(Children& aChildren);
|
void GetChildren(Children& aChildren);
|
||||||
|
|
||||||
BrowsingContextGroup* Group() { return mGroup; }
|
BrowsingContextGroup* Group() { return mGroup; }
|
||||||
|
|
|
@ -19,6 +19,8 @@ MOZ_BC_FIELD(OpenerPolicy, nsILoadInfo::CrossOriginOpenerPolicy)
|
||||||
// stored as the opener ID.
|
// stored as the opener ID.
|
||||||
MOZ_BC_FIELD(OpenerId, uint64_t)
|
MOZ_BC_FIELD(OpenerId, uint64_t)
|
||||||
|
|
||||||
|
MOZ_BC_FIELD(OnePermittedSandboxedNavigatorId, uint64_t)
|
||||||
|
|
||||||
// Toplevel browsing contexts only. This field controls whether the browsing
|
// Toplevel browsing contexts only. This field controls whether the browsing
|
||||||
// context is currently considered to be activated by a gesture.
|
// context is currently considered to be activated by a gesture.
|
||||||
MOZ_BC_FIELD(IsActivatedByUserGesture, bool)
|
MOZ_BC_FIELD(IsActivatedByUserGesture, bool)
|
||||||
|
|
|
@ -3054,10 +3054,10 @@ bool nsDocShell::IsSandboxedFrom(nsIDocShell* aTargetDocShell) {
|
||||||
|
|
||||||
// aTargetDocShell is top level, are we the "one permitted sandboxed
|
// aTargetDocShell is top level, are we the "one permitted sandboxed
|
||||||
// navigator", i.e. did we open aTargetDocShell?
|
// navigator", i.e. did we open aTargetDocShell?
|
||||||
nsCOMPtr<nsIDocShell> permittedNavigator;
|
RefPtr<BrowsingContext> permittedNavigator(
|
||||||
aTargetDocShell->GetOnePermittedSandboxedNavigator(
|
aTargetDocShell->GetBrowsingContext()
|
||||||
getter_AddRefs(permittedNavigator));
|
->GetOnePermittedSandboxedNavigator());
|
||||||
if (permittedNavigator == this) {
|
if (permittedNavigator == mBrowsingContext) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4967,8 +4967,6 @@ nsDocShell::Destroy() {
|
||||||
|
|
||||||
mChromeEventHandler = nullptr;
|
mChromeEventHandler = nullptr;
|
||||||
|
|
||||||
mOnePermittedSandboxedNavigator = nullptr;
|
|
||||||
|
|
||||||
// required to break ref cycle
|
// required to break ref cycle
|
||||||
mSecurityUI = nullptr;
|
mSecurityUI = nullptr;
|
||||||
|
|
||||||
|
@ -5367,34 +5365,6 @@ nsDocShell::GetSandboxFlags(uint32_t* aSandboxFlags) {
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP
|
|
||||||
nsDocShell::SetOnePermittedSandboxedNavigator(
|
|
||||||
nsIDocShell* aSandboxedNavigator) {
|
|
||||||
if (mOnePermittedSandboxedNavigator) {
|
|
||||||
NS_ERROR("One Permitted Sandboxed Navigator should only be set once.");
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
MOZ_ASSERT(!mIsBeingDestroyed);
|
|
||||||
|
|
||||||
mOnePermittedSandboxedNavigator = do_GetWeakReference(aSandboxedNavigator);
|
|
||||||
NS_ASSERTION(
|
|
||||||
mOnePermittedSandboxedNavigator,
|
|
||||||
"One Permitted Sandboxed Navigator must support weak references.");
|
|
||||||
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
NS_IMETHODIMP
|
|
||||||
nsDocShell::GetOnePermittedSandboxedNavigator(
|
|
||||||
nsIDocShell** aSandboxedNavigator) {
|
|
||||||
NS_ENSURE_ARG_POINTER(aSandboxedNavigator);
|
|
||||||
nsCOMPtr<nsIDocShell> permittedNavigator =
|
|
||||||
do_QueryReferent(mOnePermittedSandboxedNavigator);
|
|
||||||
permittedNavigator.forget(aSandboxedNavigator);
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsDocShell::SetDefaultLoadFlags(uint32_t aDefaultLoadFlags) {
|
nsDocShell::SetDefaultLoadFlags(uint32_t aDefaultLoadFlags) {
|
||||||
mDefaultLoadFlags = aDefaultLoadFlags;
|
mDefaultLoadFlags = aDefaultLoadFlags;
|
||||||
|
|
|
@ -1066,7 +1066,6 @@ class nsDocShell final : public nsDocLoader,
|
||||||
nsString mTitle;
|
nsString mTitle;
|
||||||
nsString mCustomUserAgent;
|
nsString mCustomUserAgent;
|
||||||
nsCString mOriginalUriString;
|
nsCString mOriginalUriString;
|
||||||
nsWeakPtr mOnePermittedSandboxedNavigator;
|
|
||||||
nsWeakPtr mOpener;
|
nsWeakPtr mOpener;
|
||||||
nsTObserverArray<nsWeakPtr> mPrivacyObservers;
|
nsTObserverArray<nsWeakPtr> mPrivacyObservers;
|
||||||
nsTObserverArray<nsWeakPtr> mReflowObservers;
|
nsTObserverArray<nsWeakPtr> mReflowObservers;
|
||||||
|
|
|
@ -784,13 +784,6 @@ interface nsIDocShell : nsIDocShellTreeItem
|
||||||
*/
|
*/
|
||||||
attribute unsigned long sandboxFlags;
|
attribute unsigned long sandboxFlags;
|
||||||
|
|
||||||
/**
|
|
||||||
* When a new browsing context is opened by a sandboxed document, it needs to
|
|
||||||
* keep track of the browsing context that opened it, so that it can be
|
|
||||||
* navigated by it. This is the "one permitted sandboxed navigator".
|
|
||||||
*/
|
|
||||||
attribute nsIDocShell onePermittedSandboxedNavigator;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true if we are sandboxed from aTargetDocShell.
|
* Returns true if we are sandboxed from aTargetDocShell.
|
||||||
* aTargetDocShell - the browsing context we are attempting to navigate.
|
* aTargetDocShell - the browsing context we are attempting to navigate.
|
||||||
|
|
|
@ -922,7 +922,8 @@ nsresult nsWindowWatcher::OpenWindowInternal(
|
||||||
// If our parent is sandboxed, set it as the one permitted sandboxed navigator
|
// If our parent is sandboxed, set it as the one permitted sandboxed navigator
|
||||||
// on the new window we're opening.
|
// on the new window we're opening.
|
||||||
if (activeDocsSandboxFlags && parentWindow) {
|
if (activeDocsSandboxFlags && parentWindow) {
|
||||||
newDocShell->SetOnePermittedSandboxedNavigator(parentWindow->GetDocShell());
|
newDocShell->GetBrowsingContext()->SetOnePermittedSandboxedNavigator(
|
||||||
|
parentWindow->GetBrowsingContext());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Copy sandbox flags to the new window if activeDocsSandboxFlags says to do
|
// Copy sandbox flags to the new window if activeDocsSandboxFlags says to do
|
||||||
|
|
Загрузка…
Ссылка в новой задаче