From 43adcc310e53a8953616e741832ea5134675c74c Mon Sep 17 00:00:00 2001 From: "sicking%bigfoot.com" Date: Wed, 2 Nov 2005 07:38:06 +0000 Subject: [PATCH] Reenable same-origin checks. Patch by me and jst. b=156452 r=peterv/sicking/jst sr=bz/jst a=chofmann --- content/xslt/src/base/txURIUtils.cpp | 61 +++++++++++++++------------- content/xslt/src/base/txURIUtils.h | 7 +++- 2 files changed, 37 insertions(+), 31 deletions(-) diff --git a/content/xslt/src/base/txURIUtils.cpp b/content/xslt/src/base/txURIUtils.cpp index a10f66732a0..78074002711 100644 --- a/content/xslt/src/base/txURIUtils.cpp +++ b/content/xslt/src/base/txURIUtils.cpp @@ -317,47 +317,50 @@ URIUtils::ParsedURI* URIUtils::parseURI(const String& uri) { #else /* TX_EXE */ + +nsIScriptSecurityManager *gTxSecurityManager = 0; + // static -MBool URIUtils::CanCallerAccess(nsIDOMNode *aNode) +PRBool URIUtils::CanCallerAccess(nsIDOMNode *aNode) { - // DISABLED UNTIL THE SLOWDOWN IN TXUL, TP AND TS GETS RESOLVED - // (SEE BUG 156452). - return PR_TRUE; + // Make sure that this is a real node. We do this by first QI'ing to + // nsIContent (which is important performance wise) and if that QI + // fails we QI to nsIDocument. If both those QI's fail we won't let + // the caller access this unknown node. - nsCOMPtr doc(do_QueryInterface(aNode)); + nsCOMPtr doc; - if (!doc) { - // Make sure that this is a real node. nsCOMPtr content(do_QueryInterface(aNode)); if (!content) { - return MB_FALSE; + doc = do_QueryInterface(aNode); + + if (!doc) { + // aNode is neither a nsIContent nor an nsIDocument, something + // weird is going on... + return PR_FALSE; + } } - nsCOMPtr domDoc; - aNode->GetOwnerDocument(getter_AddRefs(domDoc)); - if (!domDoc) { - // aNode is not part of a document, let any caller access it. - return PR_TRUE; + if (!doc) { + nsCOMPtr domDoc; + aNode->GetOwnerDocument(getter_AddRefs(domDoc)); + if (!domDoc) { + // aNode is not part of a document, let any caller access it. + return PR_TRUE; + } + doc = do_QueryInterface(domDoc); + NS_ASSERTION(doc, "QI to nsIDocument failed"); } - doc = do_QueryInterface(domDoc); - NS_ASSERTION(doc, "QI to nsIDocument failed"); - } - nsCOMPtr uri; - doc->GetDocumentURL(getter_AddRefs(uri)); + if (!gTxSecurityManager) { + // No security manager available, let any calls go through... + return PR_TRUE; + } - nsresult rv = NS_OK; - nsCOMPtr securityManager = - do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv); + nsCOMPtr uri; + doc->GetDocumentURL(getter_AddRefs(uri)); - // If we can't get the security manager service we'll assume that's - // because it's not installed, if that's the case then the installer - // didn't care about security in the first place. - NS_ENSURE_SUCCESS(rv, PR_TRUE); - - rv = securityManager->CheckSameOrigin(nsnull, uri); - - return NS_SUCCEEDED(rv); + return NS_SUCCEEDED(gTxSecurityManager->CheckSameOrigin(nsnull, uri)); } diff --git a/content/xslt/src/base/txURIUtils.h b/content/xslt/src/base/txURIUtils.h index 4189ff7b368..ac21884fe20 100644 --- a/content/xslt/src/base/txURIUtils.h +++ b/content/xslt/src/base/txURIUtils.h @@ -42,8 +42,11 @@ #include #else #include "nsIDOMNode.h" -#endif +class nsIScriptSecurityManager; +extern nsIScriptSecurityManager *gTxSecurityManager; + +#endif /** * A utility class for URI handling @@ -94,7 +97,7 @@ public: /* * Checks if a caller is allowed to access a given node */ - static MBool CanCallerAccess(nsIDOMNode *aNode); + static PRBool CanCallerAccess(nsIDOMNode *aNode); #endif /* TX_EXE */