/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=4 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef nsScriptSecurityManager_h__ #define nsScriptSecurityManager_h__ #include "nsIScriptSecurityManager.h" #include "mozilla/Maybe.h" #include "nsIPrincipal.h" #include "nsCOMPtr.h" #include "nsServiceManagerUtils.h" #include "nsStringFwd.h" #include "plstr.h" #include "js/TypeDecls.h" #include class nsIIOService; class nsIStringBundle; namespace mozilla { class OriginAttributes; class SystemPrincipal; } // namespace mozilla ///////////////////////////// // nsScriptSecurityManager // ///////////////////////////// #define NS_SCRIPTSECURITYMANAGER_CID \ { \ 0x7ee2a4c0, 0x4b93, 0x17d3, { \ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 \ } \ } class nsScriptSecurityManager final : public nsIScriptSecurityManager { public: static void Shutdown(); NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID) NS_DECL_ISUPPORTS NS_DECL_NSISCRIPTSECURITYMANAGER static nsScriptSecurityManager* GetScriptSecurityManager(); // Invoked exactly once, by XPConnect. static void InitStatics(); void InitJSCallbacks(JSContext* aCx); // This has to be static because it is called after gScriptSecMan is cleared. static void ClearJSCallbacks(JSContext* aCx); static already_AddRefed SystemPrincipalSingletonConstructor(); /** * Utility method for comparing two URIs. For security purposes, two URIs * are equivalent if their schemes, hosts, and ports (if any) match. This * method returns true if aSubjectURI and aObjectURI have the same origin, * false otherwise. */ static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI); static uint32_t SecurityHashURI(nsIURI* aURI); static nsresult ReportError(const char* aMessageTag, nsIURI* aSource, nsIURI* aTarget, bool aFromPrivateWindow); static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; } void DeactivateDomainPolicy(); private: // GetScriptSecurityManager is the only call that can make one nsScriptSecurityManager(); virtual ~nsScriptSecurityManager(); // Decides, based on CSP, whether or not eval() and stuff can be executed. static bool ContentSecurityPolicyPermitsJSAction(JSContext* cx, JS::HandleValue aValue); static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second); nsresult Init(); nsresult InitPrefs(); static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf); void ScriptSecurityPrefChanged(const char* aPref = nullptr); inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList); nsresult GetChannelResultPrincipal(nsIChannel* aChannel, nsIPrincipal** aPrincipal, bool aIgnoreSandboxing); nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI, nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI, uint32_t aFlags, bool aFromPrivateWindow); // Returns the file URI allowlist, initializing it if it has not been // initialized. const nsTArray>& EnsureFileURIAllowlist(); nsCOMPtr mSystemPrincipal; bool mPrefInitialized; bool mIsJavaScriptEnabled; // List of URIs whose domains and sub-domains are allowlisted to allow // access to file: URIs. Lazily initialized; isNothing() when not yet // initialized. mozilla::Maybe>> mFileURIAllowlist; // This machinery controls new-style domain policies. The old-style // policy machinery will be removed soon. nsCOMPtr mDomainPolicy; static bool sStrictFileOriginPolicy; static nsIIOService* sIOService; static nsIStringBundle* sStrBundle; }; #endif // nsScriptSecurityManager_h__