mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Deal with checkLoadURI better in the face of URI fixup. Bug 334341, r=biesi, sr=dveditz

This commit is contained in:
bzbarsky%mit.edu 2006-04-25 03:24:43 +00:00
Родитель 5c1512150e
Коммит 0488da364f
2 изменённых файлов: 34 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

34
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -83,6 +83,8 @@
#include "nsAutoPtr.h" #include "nsAutoPtr.h"
#include "nsAboutProtocolUtils.h" #include "nsAboutProtocolUtils.h"
#include "nsIClassInfo.h" #include "nsIClassInfo.h"
#include "nsIURIFixup.h"
#include "nsCDefaultURIFixup.h"
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID); static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
@ -1486,11 +1488,41 @@ nsScriptSecurityManager::CheckLoadURIStr(const nsACString& aSourceURIStr,
nsresult rv = NS_NewURI(getter_AddRefs(source), aSourceURIStr, nsresult rv = NS_NewURI(getter_AddRefs(source), aSourceURIStr,
nsnull, nsnull, sIOService); nsnull, nsnull, sIOService);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIURI> target; nsCOMPtr<nsIURI> target;
rv = NS_NewURI(getter_AddRefs(target), aTargetURIStr, rv = NS_NewURI(getter_AddRefs(target), aTargetURIStr,
nsnull, nsnull, sIOService); nsnull, nsnull, sIOService);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
return CheckLoadURI(source, target, aFlags);
rv = CheckLoadURI(source, target, aFlags);
NS_ENSURE_SUCCESS(rv, rv);
// Now start testing fixup -- since aTargetURIStr is a string, not
// an nsIURI, we may well end up fixing it up before loading.
// Note: This needs to stay in sync with the nsIURIFixup api.
nsCOMPtr<nsIURIFixup> fixup = do_GetService(NS_URIFIXUP_CONTRACTID);
if (!fixup) {
return rv;
}
PRUint32 flags[] = {
nsIURIFixup::FIXUP_FLAG_NONE,
nsIURIFixup::FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP,
nsIURIFixup::FIXUP_FLAGS_MAKE_ALTERNATE_URI,
nsIURIFixup::FIXUP_FLAG_ALLOW_KEYWORD_LOOKUP |
nsIURIFixup::FIXUP_FLAGS_MAKE_ALTERNATE_URI
};
for (PRUint32 i = 0; i < NS_ARRAY_LENGTH(flags); ++i) {
rv = fixup->CreateFixupURI(aTargetURIStr, flags[i],
getter_AddRefs(target));
NS_ENSURE_SUCCESS(rv, rv);
rv = CheckLoadURI(source, target, aFlags);
NS_ENSURE_SUCCESS(rv, rv);
}
return rv;
} }
NS_IMETHODIMP NS_IMETHODIMP

5
toolkit/content/contentAreaUtils.js
Просмотреть файл

@ -117,14 +117,11 @@ function openNewWindowWith(href, sourceURL, postData, allowThirdPartyFixup)
*/ */
function urlSecurityCheck(url, sourceURL) function urlSecurityCheck(url, sourceURL)
{ {
var sourceURI = makeURI(sourceURL);
var destURI = makeURI(url);
const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager; const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"] var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
.getService(nsIScriptSecurityManager); .getService(nsIScriptSecurityManager);
try { try {
secMan.checkLoadURI(sourceURI, destURI, nsIScriptSecurityManager.STANDARD); secMan.checkLoadURIStr(sourceURL, url, nsIScriptSecurityManager.STANDARD);
} catch (e) { } catch (e) {
throw "Load of " + url + " from " + sourceURL + " denied."; throw "Load of " + url + " from " + sourceURL + " denied.";
} }