Give a saner principal to documents created via DOMImplementation. Bug 324601,

r=sicking, sr=jst
2006-02-20 18:57:32 +00:00 · 2006-02-20 18:57:32 +00:00 · a83eba463b
--- a/content/base/public/nsIDocument.h
+++ b/content/base/public/nsIDocument.h
@ -1004,12 +1004,18 @@ NS_NewImageDocument(nsIDocument** aInstancePtrResult);
 nsresult
 NS_NewDocumentFragment(nsIDOMDocumentFragment** aInstancePtrResult,
                       nsNodeInfoManager *aNodeInfoManager);
+
+// Note: it's the caller's responsibility to create or get aPrincipal as needed
+// -- this method will not attempt to get a principal based on aDocumentURI.
+// Also, both aDocumentURI and aBaseURI must not be null.
 nsresult
 NS_NewDOMDocument(nsIDOMDocument** aInstancePtrResult,
                  const nsAString& aNamespaceURI, 
                  const nsAString& aQualifiedName, 
                  nsIDOMDocumentType* aDoctype,
-                  nsIURI* aBaseURI);
+                  nsIURI* aDocumentURI,
+                  nsIURI* aBaseURI,
+                  nsIPrincipal* aPrincipal);
 nsresult
 NS_NewPluginDocument(nsIDocument** aInstancePtrResult);

--- a/content/base/public/nsIPrivateDOMImplementation.h
+++ b/content/base/public/nsIPrivateDOMImplementation.h
@ -41,21 +41,23 @@
 #include "nsISupports.h"

 class nsIURI;
+class nsIPrincipal;

 /*
 * Event listener manager interface.
 */
 #define NS_IPRIVATEDOMIMPLEMENTATION_IID \
-{ /* d3205fb8-2652-11d4-ba06-0060b0fc76dd */ \
-0xd3205fb8, 0x2652, 0x11d4, \
-{0xba, 0x06, 0x00, 0x60, 0xb0, 0xfc, 0x76, 0xdd} }
+{ /* 87c20441-8b0d-4383-a189-52fef1dd5d8a */ \
+0x87c20441, 0x8b0d, 0x4383, \
+ { 0xa1, 0x89, 0x52, 0xfe, 0xf1, 0xdd, 0x5d, 0x8a } }

 class nsIPrivateDOMImplementation : public nsISupports {

 public:
  NS_DECLARE_STATIC_IID_ACCESSOR(NS_IPRIVATEDOMIMPLEMENTATION_IID)

-  NS_IMETHOD Init(nsIURI* aBaseURI) = 0;
+  NS_IMETHOD Init(nsIURI* aDocumentURI, nsIURI* aBaseURI,
+                  nsIPrincipal* aPrincipal) = 0;
 };

 NS_DEFINE_STATIC_IID_ACCESSOR(nsIPrivateDOMImplementation,
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@ -476,7 +476,9 @@ class nsDOMImplementation : public nsIDOMDOMImplementation,
                            public nsIPrivateDOMImplementation
 {
 public:
-  nsDOMImplementation(nsIURI* aBaseURI = nsnull);
+  nsDOMImplementation(nsIURI* aDocumentURI,
+                      nsIURI* aBaseURI,
+                      nsIPrincipal* aPrincipal);
  virtual ~nsDOMImplementation();

  NS_DECL_ISUPPORTS
@ -485,17 +487,20 @@ public:
  NS_DECL_NSIDOMDOMIMPLEMENTATION

  // nsIPrivateDOMImplementation
-  NS_IMETHOD Init(nsIURI* aBaseURI);
+  NS_IMETHOD Init(nsIURI* aDocumentURI, nsIURI* aBaseURI,
+                  nsIPrincipal* aPrincipal);

 protected:
+  nsCOMPtr<nsIURI> mDocumentURI;
  nsCOMPtr<nsIURI> mBaseURI;
+  nsCOMPtr<nsIPrincipal> mPrincipal;
 };


 nsresult
 NS_NewDOMImplementation(nsIDOMDOMImplementation** aInstancePtrResult)
 {
-  *aInstancePtrResult = new nsDOMImplementation();
+  *aInstancePtrResult = new nsDOMImplementation(nsnull, nsnull, nsnull);
  if (!*aInstancePtrResult) {
    return NS_ERROR_OUT_OF_MEMORY;
  }
@ -505,9 +510,13 @@ NS_NewDOMImplementation(nsIDOMDOMImplementation** aInstancePtrResult)
  return NS_OK;
 }

-nsDOMImplementation::nsDOMImplementation(nsIURI* aBaseURI)
+nsDOMImplementation::nsDOMImplementation(nsIURI* aDocumentURI,
+                                         nsIURI* aBaseURI,
+                                         nsIPrincipal* aPrincipal)
+  : mDocumentURI(aDocumentURI),
+    mBaseURI(aBaseURI),
+    mPrincipal(aPrincipal)
 {
-  mBaseURI = aBaseURI;
 }

 nsDOMImplementation::~nsDOMImplementation()
@ -550,14 +559,8 @@ nsDOMImplementation::CreateDocumentType(const nsAString& aQualifiedName,

  nsCOMPtr<nsIAtom> name = do_GetAtom(aQualifiedName);
  NS_ENSURE_TRUE(name, NS_ERROR_OUT_OF_MEMORY);
-
-  // XXXbz shouldn't this use the original document principal instead?
-  nsCOMPtr<nsIPrincipal> principal;
-  rv = nsContentUtils::GetSecurityManager()->
-    GetCodebasePrincipal(mBaseURI, getter_AddRefs(principal));
-  NS_ENSURE_SUCCESS(rv, rv);
    
-  return NS_NewDOMDocumentType(aReturn, nsnull, principal, name, nsnull,
+  return NS_NewDOMDocumentType(aReturn, nsnull, mPrincipal, name, nsnull,
                               nsnull, aPublicId, aSystemId, EmptyString());
 }

@ -600,7 +603,7 @@ nsDOMImplementation::CreateDocument(const nsAString& aNamespaceURI,
  }

  rv = NS_NewDOMDocument(aReturn, aNamespaceURI, aQualifiedName, aDoctype,
-                         mBaseURI);
+                         mDocumentURI, mBaseURI, mPrincipal);

  nsIDocShell *docShell = nsContentUtils::GetDocShellFromCaller();
  if (docShell) {
@ -619,9 +622,14 @@ nsDOMImplementation::CreateDocument(const nsAString& aNamespaceURI,
 }

 NS_IMETHODIMP
-nsDOMImplementation::Init(nsIURI* aBaseURI)
+nsDOMImplementation::Init(nsIURI* aDocumentURI, nsIURI* aBaseURI,
+                          nsIPrincipal* aPrincipal)
 {
+  // Note: can't require that the args be non-null, since at least one
+  // caller (XMLHttpRequest) doesn't have decent args to pass in.
+  mDocumentURI = aDocumentURI;
  mBaseURI = aBaseURI;
+  mPrincipal = aPrincipal;
  return NS_OK;
 }

@ -2578,7 +2586,11 @@ nsDocument::GetImplementation(nsIDOMDOMImplementation** aImplementation)
 {
  // For now, create a new implementation every time. This shouldn't
  // be a high bandwidth operation
-  *aImplementation = new nsDOMImplementation(mDocumentURI);
+  nsCOMPtr<nsIURI> uri;
+  NS_NewURI(getter_AddRefs(uri), "about:blank");
+  NS_ENSURE_TRUE(uri, NS_ERROR_OUT_OF_MEMORY);
+  
+  *aImplementation = new nsDOMImplementation(uri, uri, GetNodePrincipal());
  if (!*aImplementation) {
    return NS_ERROR_OUT_OF_MEMORY;
  }
--- a/content/xml/document/src/nsXMLDocument.cpp
+++ b/content/xml/document/src/nsXMLDocument.cpp
@ -109,8 +109,14 @@ NS_NewDOMDocument(nsIDOMDocument** aInstancePtrResult,
                  const nsAString& aNamespaceURI, 
                  const nsAString& aQualifiedName, 
                  nsIDOMDocumentType* aDoctype,
-                  nsIURI* aBaseURI)
+                  nsIURI* aDocumentURI,
+                  nsIURI* aBaseURI,
+                  nsIPrincipal* aPrincipal)
 {
+  // Note: can't require that aDocumentURI/aBaseURI/aPrincipal be non-null,
+  // since at least one caller (XMLHttpRequest) doesn't have decent args to
+  // pass in.
+  
  nsresult rv;

  *aInstancePtrResult = nsnull;
@ -125,7 +131,9 @@ NS_NewDOMDocument(nsIDOMDocument** aInstancePtrResult,
    return rv;
  }

-  doc->nsIDocument::SetDocumentURI(aBaseURI);
+  doc->nsIDocument::SetDocumentURI(aDocumentURI);
+  // Must set the principal first, since SetBaseURI checks it.
+  doc->SetPrincipal(aPrincipal);
  doc->SetBaseURI(aBaseURI);

  if (aDoctype) {
@ -694,7 +702,8 @@ nsXMLDocument::CloneNode(PRBool aDeep, nsIDOMNode** aReturn)

  // Create an empty document
  rv = NS_NewDOMDocument(getter_AddRefs(newDoc), EmptyString(), EmptyString(),
-                         newDocType, mDocumentURI);
+                         newDocType, nsIDocument::GetDocumentURI(),
+                         nsIDocument::GetBaseURI(), GetNodePrincipal());
  if (NS_FAILED(rv)) return rv;

  if (aDeep) {
--- a/extensions/webdav/src/nsWebDAVService.cpp
+++ b/extensions/webdav/src/nsWebDAVService.cpp
@ -219,7 +219,12 @@ nsWebDAVService::CreatePropfindDocument(nsIURI *resourceURI,

    nsCOMPtr<nsIPrivateDOMImplementation> 
        privImpl(do_QueryInterface(implementation));
-    privImpl->Init(resourceURI);
+    // XXXbz I doubt this is right, but I have no idea what this code is doing
+    // or why it's creating documents without a useful principal... so I'm just
+    // going to make the fact that those documents have no principal very
+    // explicit, and if this causes issues then someone familiar with this code
+    // should figure out what principals this _should_ be using.
+    privImpl->Init(resourceURI, resourceURI, nsnull);

    nsCOMPtr<nsIDOMDocument> doc;
    rv = implementation->CreateDocument(mDAVNSString, EmptyString(), nsnull,
--- a/extensions/xmlextras/base/src/nsDOMParser.cpp
+++ b/extensions/xmlextras/base/src/nsDOMParser.cpp
@ -277,7 +277,11 @@ nsDOMParser::ParseFromStream(nsIInputStream *stream,
  if (baseURI) {
    nsCOMPtr<nsIPrivateDOMImplementation> privImpl(do_QueryInterface(implementation));
    if (privImpl) {
-      privImpl->Init(baseURI);
+      // XXXbz Is this really right?  Why are we setting the documentURI to
+      // baseURI?  But note that's what the StartDocumentLoad() below would do
+      // if we let it reset.  In any case, this is odd, since the caller can
+      // set baseURI to anything it feels like, pretty much.
+      privImpl->Init(baseURI, baseURI, principal);
    }
  }

--- a/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp
+++ b/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp
@ -1233,7 +1233,15 @@ nsXMLHttpRequest::OnStartRequest(nsIRequest *request, nsISupports *ctxt)
  nsCOMPtr<nsIPrivateDOMImplementation> privImpl =
    do_QueryInterface(implementation);
  if (privImpl) {
-    privImpl->Init(GetBaseURI());
+    // XXXbz this is probably all wrong when not called from JS... and possibly
+    // even then! Fixing that requires giving XMLHttpRequest some principals
+    // when inited.  Until then, cases when we don't actually parse the
+    // document will give our mDocument he wrong principal.  I'm just not sure
+    // how wrong it can get...  Shouldn't be too bad as long as mScriptContext
+    // is sane, I guess.
+    nsCOMPtr<nsIDocument> doc = GetDocumentFromScriptContext(mScriptContext);
+    nsIURI* uri = GetBaseURI();
+    privImpl->Init(uri, uri, doc->GetNodePrincipal());
  }

  // Create an empty document from it (resets current document as well)