зеркало из https://github.com/mozilla/pjs.git
Make content policy api (nsIContentPolicy) not suck.
bug 191839. Original patch and hard work by Tim <riceman+bmo@mail.rit.edu>, r=bzbarsky (on backend stuff), r=neil (on the tabbrowser stuff), sr=bzbarsky
This commit is contained in:
mvl%exedo.nl
Родитель
b9765065d0
Коммит
25e84ace45
|
|
@ -528,6 +528,12 @@
|
||||||
<parameter name="event"/>
|
<parameter name="event"/>
|
||||||
<body>
|
<body>
|
||||||
<![CDATA[
|
<![CDATA[
|
||||||
|
// mechanism for reading properties of the underlying XPCOM object
|
||||||
|
// (ignoring potential getters/setters added by malicious content)
|
||||||
|
var safeGetProperty = function(obj, propname) {
|
||||||
|
return Components.lookupMethod(obj, propname).call(obj);
|
||||||
|
};
|
||||||
|
|
||||||
var tabBrowser = this.parentNode.parentNode;
|
var tabBrowser = this.parentNode.parentNode;
|
||||||
if (!tabBrowser.mPrefs.getBoolPref("browser.chrome.site_icons"))
|
if (!tabBrowser.mPrefs.getBoolPref("browser.chrome.site_icons"))
|
||||||
return;
|
return;
|
||||||
|
|
@ -540,25 +546,54 @@
|
||||||
if (!href)
|
if (!href)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
// Verify that the load of this icon is legal. We use the same
|
try {
|
||||||
// content policy that is used for a Web page loading images.
|
var contentPolicy =
|
||||||
var contentPolicy = Components.classes['@mozilla.org/layout/content-policy;1'].getService(Components.interfaces.nsIContentPolicy);
|
Components.classes['@mozilla.org/layout/content-policy;1']
|
||||||
if (!contentPolicy)
|
.getService(Components.interfaces.nsIContentPolicy);
|
||||||
|
} catch(e) {
|
||||||
return; // Refuse to load if we can't do a security check.
|
return; // Refuse to load if we can't do a security check.
|
||||||
|
}
|
||||||
|
|
||||||
|
// Verify that the load of this icon is legal.
|
||||||
|
// We check first with the security manager
|
||||||
|
const secMan =
|
||||||
|
Components.classes["@mozilla.org/scriptsecuritymanager;1"]
|
||||||
|
.getService(Components.interfaces.nsIScriptSecurityManager);
|
||||||
|
|
||||||
|
// Get the IOService so we can make URIs
|
||||||
|
const ioService =
|
||||||
|
Components.classes["@mozilla.org/network/io-service;1"]
|
||||||
|
.getService(Components.interfaces.nsIIOService);
|
||||||
|
|
||||||
|
const targetDoc = safeGetProperty(event.target, "ownerDocument");
|
||||||
// Make a URI out of our href.
|
// Make a URI out of our href.
|
||||||
var uri = Components.classes['@mozilla.org/network/standard-url;1'].createInstance();
|
var docCharset = safeGetProperty(targetDoc, "characterSet");
|
||||||
uri = uri.QueryInterface(Components.interfaces.nsIURI);
|
var uri = ioService.newURI(href, docCharset, null);
|
||||||
|
|
||||||
|
var origURIStr = safeGetProperty(targetDoc, "documentURI");
|
||||||
|
var origURI = ioService.newURI(origURIStr, docCharset, null);
|
||||||
|
|
||||||
|
const nsIScriptSecMan =
|
||||||
|
Components.interfaces.nsIScriptSecurityManager;
|
||||||
|
|
||||||
|
try {
|
||||||
|
secMan.checkLoadURI(origURI, uri, nsIScriptSecMan.STANDARD);
|
||||||
|
} catch(e) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
var notifyListeners = true;
|
var notifyListeners = true;
|
||||||
var i;
|
var i;
|
||||||
|
|
||||||
|
// Security says okay, now ask content policy
|
||||||
if (tabBrowser.mTabbedMode) {
|
if (tabBrowser.mTabbedMode) {
|
||||||
// We need to update a tab.
|
// We need to update a tab.
|
||||||
for (i = 0; i < this.childNodes.length; i++) {
|
for (i = 0; i < this.childNodes.length; i++) {
|
||||||
if (this.childNodes[i].contentDocument == event.target.ownerDocument) {
|
if (this.childNodes[i].contentDocument == event.target.ownerDocument) {
|
||||||
if (!contentPolicy.shouldLoad(Components.interfaces.nsIContentPolicy.IMAGE,
|
if (contentPolicy.shouldLoad(Components.interfaces.nsIContentPolicy.TYPE_IMAGE,
|
||||||
uri, event.target, this.childNodes[i].contentWindow))
|
uri, origURI, event.target,
|
||||||
|
safeGetProperty(event.target, "type"),
|
||||||
|
null) != Components.interfaces.nsIContentPolicy.ACCEPT)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
var listener = tabBrowser.mTabListeners[i];
|
var listener = tabBrowser.mTabListeners[i];
|
||||||
|
|
@ -569,8 +604,11 @@
|
||||||
|
|
||||||
notifyListeners = (this.childNodes[i] == tabBrowser.mCurrentBrowser);
|
notifyListeners = (this.childNodes[i] == tabBrowser.mCurrentBrowser);
|
||||||
}
|
}
|
||||||
else if (!contentPolicy.shouldLoad(Components.interfaces.nsIContentPolicy.IMAGE,
|
else if ((this.contentDocument != safeGetProperty(event.originalTarget, "ownerDocument")) ||
|
||||||
uri, event.target, tabBrowser.mCurrentBrowser.contentWindow))
|
(contentPolicy.shouldLoad(Components.interfaces.nsIContentPolicy.TYPE_IMAGE,
|
||||||
|
uri, origURI, event.target,
|
||||||
|
safeGetProperty(event.target, "type"),
|
||||||
|
null) != Components.interfaces.nsIContentPolicy.ACCEPT))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (notifyListeners && tabBrowser.mProgressListeners) {
|
if (notifyListeners && tabBrowser.mProgressListeners) {
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче