From dad0acb099a1b557c275a0014ad779af83d6d7ea Mon Sep 17 00:00:00 2001 From: Christoph Kerschbaumer Date: Mon, 22 Sep 2014 04:49:12 -0700 Subject: [PATCH] Bug 1038756: Callsites creating a channel in /dom/[base,xml,plugins] (r=jst) * * * Bug 1038756: Callsites creating a channel in /dom/[base,xbl,plugins] (r=jst) --- dom/base/Navigator.cpp | 9 +++--- dom/plugins/base/nsPluginHost.cpp | 32 ++++++++++++------- .../base/nsPluginStreamListenerPeer.cpp | 25 ++++++++++++++- dom/xml/XMLDocument.cpp | 11 ++++++- dom/xml/nsXMLPrettyPrinter.cpp | 3 +- 5 files changed, 61 insertions(+), 19 deletions(-) diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp index a8e7c4caf620..d6c9e12a2f78 100644 --- a/dom/base/Navigator.cpp +++ b/dom/base/Navigator.cpp @@ -1072,13 +1072,14 @@ Navigator::SendBeacon(const nsAString& aUrl, channelPolicy->SetContentSecurityPolicy(csp); channelPolicy->SetLoadType(nsIContentPolicy::TYPE_BEACON); } + rv = NS_NewChannel(getter_AddRefs(channel), uri, - nullptr, - nullptr, - nullptr, - nsIRequest::LOAD_NORMAL, + doc, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_BEACON, channelPolicy); + if (NS_FAILED(rv)) { aRv.Throw(rv); return false; diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp index 0a2cda477379..d8fc59477428 100644 --- a/dom/plugins/base/nsPluginHost.cpp +++ b/dom/plugins/base/nsPluginHost.cpp @@ -2817,11 +2817,12 @@ nsresult nsPluginHost::NewPluginURLStream(const nsString& aURL, owner->GetDOMElement(getter_AddRefs(element)); owner->GetDocument(getter_AddRefs(doc)); } + nsCOMPtr principal = doc ? doc->NodePrincipal() : nullptr; int16_t shouldLoad = nsIContentPolicy::ACCEPT; rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_OBJECT_SUBREQUEST, url, - (doc ? doc->NodePrincipal() : nullptr), + principal, element, EmptyCString(), //mime guess nullptr, //extra @@ -2841,22 +2842,29 @@ nsresult nsPluginHost::NewPluginURLStream(const nsString& aURL, if (NS_FAILED(rv)) return rv; + if (!principal) { + principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv); + NS_ENSURE_SUCCESS(rv, rv); + } + // @arg loadgroup: + // do not add this internal plugin's channel on the + // load group otherwise this channel could be canceled + // form |nsDocShell::OnLinkClickSync| bug 166613 nsCOMPtr channel; - rv = NS_NewChannel(getter_AddRefs(channel), url, nullptr, - nullptr, /* do not add this internal plugin's channel - on the load group otherwise this channel could be canceled - form |nsDocShell::OnLinkClickSync| bug 166613 */ - listenerPeer); + rv = NS_NewChannelInternal(getter_AddRefs(channel), + url, + doc, + principal, + nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL, + nsIContentPolicy::TYPE_OBJECT_SUBREQUEST, + nullptr, // aChannelPolicy + nullptr, // aLoadGroup + listenerPeer); + if (NS_FAILED(rv)) return rv; if (doc) { - // Set the owner of channel to the document principal... - nsCOMPtr loadInfo = - new LoadInfo(doc->NodePrincipal(), LoadInfo::eInheritPrincipal, - LoadInfo::eNotSandboxed); - channel->SetLoadInfo(loadInfo); - // And if it's a script allow it to execute against the // document's script context. nsCOMPtr scriptChannel(do_QueryInterface(channel)); diff --git a/dom/plugins/base/nsPluginStreamListenerPeer.cpp b/dom/plugins/base/nsPluginStreamListenerPeer.cpp index 26ed12fc8516..54f2afb92a0a 100644 --- a/dom/plugins/base/nsPluginStreamListenerPeer.cpp +++ b/dom/plugins/base/nsPluginStreamListenerPeer.cpp @@ -639,10 +639,33 @@ nsPluginStreamListenerPeer::RequestRead(NPByteRange* rangeList) nsresult rv = NS_OK; + nsRefPtr owner = mPluginInstance->GetOwner(); + nsCOMPtr doc; + if (owner) { + rv = owner->GetDocument(getter_AddRefs(doc)); + NS_ENSURE_SUCCESS(rv, rv); + } + nsCOMPtr callbacks = do_QueryReferent(mWeakPtrChannelCallbacks); nsCOMPtr loadGroup = do_QueryReferent(mWeakPtrChannelLoadGroup); + + nsCOMPtr principal = doc ? doc->NodePrincipal() : nullptr; + if (!principal) { + principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv); + NS_ENSURE_SUCCESS(rv, rv); + } + nsCOMPtr channel; - rv = NS_NewChannel(getter_AddRefs(channel), mURL, nullptr, loadGroup, callbacks); + rv = NS_NewChannelInternal(getter_AddRefs(channel), + mURL, + doc, + principal, + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_OTHER, + nullptr, // aChannelPolicy + loadGroup, + callbacks); + if (NS_FAILED(rv)) return rv; diff --git a/dom/xml/XMLDocument.cpp b/dom/xml/XMLDocument.cpp index 3d8afe122af0..ebd093a5f548 100644 --- a/dom/xml/XMLDocument.cpp +++ b/dom/xml/XMLDocument.cpp @@ -443,8 +443,17 @@ XMLDocument::Load(const nsAString& aUrl, ErrorResult& aRv) nsCOMPtr channel; // nsIRequest::LOAD_BACKGROUND prevents throbber from becoming active, // which in turn keeps STOP button from becoming active - rv = NS_NewChannel(getter_AddRefs(channel), uri, nullptr, loadGroup, req, + rv = NS_NewChannel(getter_AddRefs(channel), + uri, + callingDoc ? callingDoc.get() : + static_cast(this), + nsILoadInfo::SEC_NORMAL, + nsIContentPolicy::TYPE_XMLHTTPREQUEST, + nullptr, // aChannelPolicy + loadGroup, + req, nsIRequest::LOAD_BACKGROUND); + if (NS_FAILED(rv)) { aRv.Throw(rv); return false; diff --git a/dom/xml/nsXMLPrettyPrinter.cpp b/dom/xml/nsXMLPrettyPrinter.cpp index 682a2d00c80f..5ca593d3e8d8 100644 --- a/dom/xml/nsXMLPrettyPrinter.cpp +++ b/dom/xml/nsXMLPrettyPrinter.cpp @@ -101,7 +101,8 @@ nsXMLPrettyPrinter::PrettyPrint(nsIDocument* aDocument, NS_ENSURE_SUCCESS(rv, rv); nsCOMPtr xslDocument; - rv = nsSyncLoadService::LoadDocument(xslUri, nullptr, nullptr, true, + rv = nsSyncLoadService::LoadDocument(xslUri, nsContentUtils::GetSystemPrincipal(), + nullptr, true, getter_AddRefs(xslDocument)); NS_ENSURE_SUCCESS(rv, rv);