Bug #278176 --> Make Thunderbird's content policy manager more strict about the kinds of urls it allows

before it decides to put up the remote content bar in mail messages. sr=bienvenu
2005-02-26 00:26:29 +00:00 · 2005-02-26 00:26:29 +00:00 · 2d9d191be6
--- a/mailnews/base/src/nsMsgContentPolicy.cpp
+++ b/mailnews/base/src/nsMsgContentPolicy.cpp
@ -58,6 +58,10 @@
 #include "nsIMsgHdr.h"
 #include "nsMsgUtils.h"

+// needed by the content load policy manager
+#include "nsIExternalProtocolService.h"
+#include "nsCExternalHandlerService.h"
+
 // needed for the cookie policy manager
 #include "nsICookie2.h"
 #include "nsICookieManager2.h"
@ -170,10 +174,10 @@ nsMsgContentPolicy::ShouldLoad(PRUint32          aContentType,
                               PRInt16          *aDecision)
 {
  nsresult rv = NS_OK;
-  *aDecision = nsIContentPolicy::ACCEPT;
+  *aDecision = nsIContentPolicy::REJECT_REQUEST;

-  if (!aContentLocation) 
-      return rv;
+  NS_ENSURE_ARG_POINTER(aContentLocation);
+  NS_ENSURE_ARG_POINTER(aRequestingLocation);

  if (aContentType == nsIContentPolicy::TYPE_OBJECT)
  {
@ -183,29 +187,48 @@ nsMsgContentPolicy::ShouldLoad(PRUint32          aContentType,
  }
  else 
  {
-    PRBool isFtp = PR_FALSE;
-    rv = aContentLocation->SchemeIs("ftp", &isFtp);
+    // if aRequestingLocation is chrome, about or resource, allow aContentLocation to load
+    PRBool isChrome = PR_FALSE;
+    PRBool isRes = PR_FALSE;
+    PRBool isAbout = PR_FALSE;

-    if (isFtp) 
-    {
-      // never allow ftp for mail messages, 
-      // because we don't want to send the users email address
-      // as the anonymous password
-      *aDecision = nsIContentPolicy::REJECT_REQUEST;
-    }
-    else 
-    {
-      PRBool needToCheck = PR_FALSE;
-      rv = aContentLocation->SchemeIs("http", &needToCheck);
-      NS_ENSURE_SUCCESS(rv,rv);
+    rv = aRequestingLocation->SchemeIs("chrome", &isChrome);
+    rv |= aRequestingLocation->SchemeIs("resource", &isRes);
+    rv |= aRequestingLocation->SchemeIs("about", &isAbout);
      
-      if (!needToCheck) {
-        rv = aContentLocation->SchemeIs("https", &needToCheck);
-        NS_ENSURE_SUCCESS(rv,rv);
+    if (NS_SUCCEEDED(rv) && (isChrome || isRes || isAbout))
+    {
+      *aDecision = nsIContentPolicy::ACCEPT;
+      return rv;
    }

-      // Consider blocking remote image requests if the image url is http or https
-      if (needToCheck) 
+    // if aContentLocation is a protocol we handle (imap, pop3, mailbox, etc) or is a chrome url, then allowe the load
+    nsCAutoString contentScheme;
+    PRBool isExposedProtocol = PR_FALSE;
+    rv = aContentLocation->GetScheme(contentScheme);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    nsCOMPtr<nsIExternalProtocolService> extProtService = do_GetService(NS_EXTERNALPROTOCOLSERVICE_CONTRACTID);
+    rv = extProtService->IsExposedProtocol(contentScheme.get(), &isExposedProtocol);
+    NS_ENSURE_SUCCESS(rv, rv);
+    aContentLocation->SchemeIs("chrome", &isChrome);    
+    
+    if (isExposedProtocol || isChrome)
+    {
+      *aDecision = nsIContentPolicy::ACCEPT;
+      return rv;
+    }
+
+    // for unexposed protocols, we never try to load any of them with the exception of http and https. 
+    // this means we never even try to load urls that we don't handle ourselves like ftp and gopher.
+    PRBool isHttp = PR_FALSE;
+    PRBool isHttps = PR_FALSE;
+
+    rv = aContentLocation->SchemeIs("http", &isHttp);
+    rv |= aContentLocation->SchemeIs("https", &isHttps);
+
+    // Look into http and https more closely to determine if the load should be allowed
+    if (NS_SUCCEEDED(rv) && (isHttp || isHttps)) 
    {
      // default to blocking remote content 
      *aDecision = mBlockRemoteImages ? nsIContentPolicy::REJECT_REQUEST : nsIContentPolicy::ACCEPT;
@ -267,12 +290,10 @@ nsMsgContentPolicy::ShouldLoad(PRUint32          aContentType,
        nsCOMPtr<nsIMsgHeaderSink> msgHdrSink;
        rv = msgWindow->GetMsgHeaderSink(getter_AddRefs(msgHdrSink));
        NS_ENSURE_TRUE(msgHdrSink, rv);
-
        msgHdrSink->OnMsgHasRemoteContent(msgHdr); // notify the UI to show the remote content hdr bar so the user can overide
      } // if mBlockRemoteImages
-      } // if need to check the url for a remote image policy
+    } // if isHttp
  } 
-  } // if aContentType == nsIContentPolicy::TYPE_IMAGE

  return rv;
 }