Bug 1661174 - restrict schemes supported by Web Share API r=edgar

Restrict to "loadable" URLs. Also exclude blob URLs. Edgar, This includes Marcos' fix. Apparently I can push revisions without commandeering it, so the last few are mine alone. What appears to have happened is that the fix bounced due to Windows builders not being configured to support sharing (I ran these locally and they pass). Including these as expected failures on Windows seems to work (I ran this on try, and missed a test, as you can see from history). Try run here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=3ebecf71d5732d4dc0438f4d7b714f94b881353a (I since added wss to the expected failures). Differential Revision: https://phabricator.services.mozilla.com/D88371
2020-09-02 11:52:16 +00:00 · 2020-09-02 11:52:16 +00:00 · d7901374c5
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@ -1417,6 +1417,18 @@ Promise* Navigator::Share(const ShareData& aData, ErrorResult& aRv) {
      return nullptr;
    }
    url = result.unwrap();
+    // Check that we only share loadable URLs (e.g., http/https).
+    // we also exclude blobs, as it doesn't make sense to share those outside
+    // the context of the browser.
+    auto principal = doc->NodePrincipal();
+    if (principal) {
+      if (NS_FAILED(principal->CheckMayLoad(url, false)) ||
+          url->SchemeIs("blob")) {
+        aRv.ThrowTypeError<MSG_INVALID_URL_SCHEME>("Share",
+                                                   url->GetSpecOrDefault());
+        return nullptr;
+      }
+    }
  }

  // Process the title member...
--- a/testing/web-platform/meta/web-share/share-url-invalid.https.html.ini
+++ b/testing/web-platform/meta/web-share/share-url-invalid.https.html.ini
@ -2,3 +2,27 @@
  [share() rejects when URL is invalid]
    expected:
      if os == "win": FAIL
+
+  [share() rejects file:// URLs]
+    expected:
+      if os == "win": FAIL
+
+  [share() rejects about: URLs]
+    expected:
+      if os == "win": FAIL
+
+  [share() rejects chrome: URLs]
+    expected:
+      if os == "win": FAIL
+
+  [share() rejects blob: URLs]
+    expected:
+      if os == "win": FAIL
+
+  [share() rejects wss: URLs]
+    expected:
+      if os == "win": FAIL
+
+  [share() rejects data: URLs]
+    expected:
+      if os == "win": FAIL
--- a/testing/web-platform/tests/web-share/share-url-invalid.https.html
+++ b/testing/web-platform/tests/web-share/share-url-invalid.https.html
@ -11,15 +11,60 @@
  <body>
    <script>
      promise_test(async t => {
-        const url = "http://example.com:65536";
-        await test_driver.bless(
-          "web share",
-          () => {
-            return promise_rejects_js(t, TypeError, navigator.share({ url }));
-          },
-          "share with an invalid URL"
-        );
+        await test_driver.bless();
+        const promise = navigator.share({ url: "http://a.com:65536" });
+        return promise_rejects_js(t, TypeError, promise);
      }, "share() rejects when URL is invalid");
+
+      promise_test(async t => {
+        await test_driver.bless();
+        const promise = navigator.share({ url: "file:///etc/passwd" });
+        return promise_rejects_js(t, TypeError, promise);
+      }, "share() rejects file:// URLs");
+
+      promise_test(async t => {
+        await test_driver.bless();
+        const promise = navigator.share({ url: "wss://a.com/" });
+        return promise_rejects_js(t, TypeError, promise);
+      }, "share() rejects wss: URLs");
+
+      promise_test(async t => {
+        await test_driver.bless();
+        const promise = navigator.share({ url: "about:config" });
+        return promise_rejects_js(t, TypeError, promise);
+      }, "share() rejects about: URLs");
+
+      promise_test(async t => {
+        await test_driver.bless();
+        const promise = navigator.share({ url: "chrome://about" });
+        return promise_rejects_js(t, TypeError, promise);
+      }, "share() rejects chrome: URLs");
+
+      promise_test(async t => {
+        await test_driver.bless();
+        const file = new File([], "text/plain");
+        const promise = navigator.share({ url: URL.createObjectURL(file) });
+        return promise_rejects_js(t, TypeError, promise);
+      }, "share() rejects blob: URLs");
+
+      promise_test(async t => {
+        const encoder = new TextEncoder();
+        const encoded = encoder.encode(
+          `<meta http-equiv="refresh" content="1;url=http://example.com/">`
+        );
+        const file = new File(encoded, "text/html");
+        const url = URL.createObjectURL(file);
+        const reader = new FileReader();
+        reader.readAsDataURL(file);
+        const dataURL = await new Promise(resolve => {
+          reader.addEventListener("load", () => {
+            resolve(reader.result);
+          });
+        });
+        await test_driver.bless();
+        const promise = navigator.share({ url: dataURL });
+        return promise_rejects_js(t, TypeError, promise);
+      }, "share() rejects data: URLs");
    </script>
  </body>
 </html>