diff --git a/chrome/src/nsChromeRegistry.cpp b/chrome/src/nsChromeRegistry.cpp index 7a3ad987968..b84a01796aa 100644 --- a/chrome/src/nsChromeRegistry.cpp +++ b/chrome/src/nsChromeRegistry.cpp @@ -1002,7 +1002,8 @@ nsresult nsChromeRegistry::RefreshWindow(nsIDOMWindowInternal* aWindow, if (IsChromeURI(uri)) { // Reload the sheet. nsCOMPtr newSheet; - rv = aCSSLoader->LoadSheetSync(uri, PR_TRUE, getter_AddRefs(newSheet)); + rv = aCSSLoader->LoadSheetSync(uri, PR_TRUE, PR_TRUE, + getter_AddRefs(newSheet)); if (NS_FAILED(rv)) return rv; if (newSheet) { rv = newAgentSheets.AppendObject(newSheet) ? NS_OK : NS_ERROR_FAILURE; diff --git a/content/base/src/nsDocument.cpp b/content/base/src/nsDocument.cpp index 99c51bf8fee..341f74adefc 100644 --- a/content/base/src/nsDocument.cpp +++ b/content/base/src/nsDocument.cpp @@ -3494,7 +3494,7 @@ nsDocument::EnsureCatalogStyleSheet(const char *aStyleSheetURI) NS_NewURI(getter_AddRefs(uri), aStyleSheetURI); if (uri) { nsCOMPtr sheet; - cssLoader->LoadSheetSync(uri, PR_TRUE, getter_AddRefs(sheet)); + cssLoader->LoadSheetSync(uri, PR_TRUE, PR_TRUE, getter_AddRefs(sheet)); if (sheet) { BeginUpdate(UPDATE_STYLE); AddCatalogStyleSheet(sheet); diff --git a/content/xbl/src/nsXBLResourceLoader.cpp b/content/xbl/src/nsXBLResourceLoader.cpp index ef5fd477f39..7b04e3bb49c 100644 --- a/content/xbl/src/nsXBLResourceLoader.cpp +++ b/content/xbl/src/nsXBLResourceLoader.cpp @@ -59,6 +59,7 @@ #include "nsCSSRuleProcessor.h" #include "nsContentUtils.h" #include "nsStyleSet.h" +#include "nsIScriptSecurityManager.h" NS_IMPL_CYCLE_COLLECTION_CLASS(nsXBLResourceLoader) NS_IMPL_CYCLE_COLLECTION_UNLINK_BEGIN(nsXBLResourceLoader) @@ -148,13 +149,18 @@ nsXBLResourceLoader::LoadResources(PRBool* aResult) nsresult rv; if (NS_SUCCEEDED(url->SchemeIs("chrome", &chrome)) && chrome) { - nsCOMPtr sheet; - rv = cssLoader->LoadSheetSync(url, getter_AddRefs(sheet)); - NS_ASSERTION(NS_SUCCEEDED(rv), "Load failed!!!"); - if (NS_SUCCEEDED(rv)) - { - rv = StyleSheetLoaded(sheet, PR_FALSE, NS_OK); - NS_ASSERTION(NS_SUCCEEDED(rv), "Processing the style sheet failed!!!"); + rv = nsContentUtils::GetSecurityManager()-> + CheckLoadURIWithPrincipal(docPrincipal, url, + nsIScriptSecurityManager::ALLOW_CHROME); + if (NS_SUCCEEDED(rv)) { + nsCOMPtr sheet; + rv = cssLoader->LoadSheetSync(url, getter_AddRefs(sheet)); + NS_ASSERTION(NS_SUCCEEDED(rv), "Load failed!!!"); + if (NS_SUCCEEDED(rv)) + { + rv = StyleSheetLoaded(sheet, PR_FALSE, NS_OK); + NS_ASSERTION(NS_SUCCEEDED(rv), "Processing the style sheet failed!!!"); + } } } else diff --git a/content/xbl/src/nsXBLService.cpp b/content/xbl/src/nsXBLService.cpp index c87f27d01a2..8baef5df837 100644 --- a/content/xbl/src/nsXBLService.cpp +++ b/content/xbl/src/nsXBLService.cpp @@ -1114,24 +1114,18 @@ nsXBLService::LoadBindingDocumentInfo(nsIContent* aBoundElement, NS_ENSURE_SUCCESS(rv, rv); // Also make sure that we're same-origin with the bound document - // except if the stylesheet is a UA stylesheet. We fake testing - // for UA stylesheets by calling CheckLoadURI. - nsCOMPtr principalURI; - rv = aOriginPrincipal->GetURI(getter_AddRefs(principalURI)); + // except if the stylesheet has the system principal. + PRBool isSystem; + rv = nsContentUtils::GetSecurityManager()-> + IsSystemPrincipal(aOriginPrincipal, &isSystem); NS_ENSURE_SUCCESS(rv, rv); - if (principalURI && + if (!isSystem && !(gAllowDataURIs && SchemeIs(aBindingURI, "data")) && !SchemeIs(aBindingURI, "chrome")) { - nsresult uaCheckRes = - nsContentUtils::GetSecurityManager()-> - CheckLoadURIWithPrincipal(aBoundDocument->NodePrincipal(), - principalURI, 0); - if (NS_SUCCEEDED(uaCheckRes)) { - rv = aBoundDocument->NodePrincipal()->CheckMayLoad(aBindingURI, - PR_TRUE); - NS_ENSURE_SUCCESS(rv, rv); - } + rv = aBoundDocument->NodePrincipal()->CheckMayLoad(aBindingURI, + PR_TRUE); + NS_ENSURE_SUCCESS(rv, rv); } } diff --git a/content/xml/document/src/nsXMLContentSink.cpp b/content/xml/document/src/nsXMLContentSink.cpp index ddffd28a134..314ce70af2f 100644 --- a/content/xml/document/src/nsXMLContentSink.cpp +++ b/content/xml/document/src/nsXMLContentSink.cpp @@ -1289,7 +1289,7 @@ nsXMLContentSink::HandleDoctypeDecl(const nsAString & aSubset, nsCOMPtr uri(do_QueryInterface(aCatalogData)); if (uri) { nsCOMPtr sheet; - mCSSLoader->LoadSheetSync(uri, PR_TRUE, getter_AddRefs(sheet)); + mCSSLoader->LoadSheetSync(uri, PR_TRUE, PR_TRUE, getter_AddRefs(sheet)); #ifdef NS_DEBUG nsCAutoString uriStr; diff --git a/editor/libeditor/html/nsHTMLEditor.cpp b/editor/libeditor/html/nsHTMLEditor.cpp index 936ef8c8ad1..88003b135dd 100644 --- a/editor/libeditor/html/nsHTMLEditor.cpp +++ b/editor/libeditor/html/nsHTMLEditor.cpp @@ -3602,7 +3602,7 @@ nsHTMLEditor::AddOverrideStyleSheet(const nsAString& aURL) // synchronously, of course.. nsCOMPtr sheet; // Editor override style sheets may want to style Gecko anonymous boxes - rv = cssLoader->LoadSheetSync(uaURI, PR_TRUE, getter_AddRefs(sheet)); + rv = cssLoader->LoadSheetSync(uaURI, PR_TRUE, PR_TRUE, getter_AddRefs(sheet)); // Synchronous loads should ALWAYS return completed if (!sheet) diff --git a/layout/base/nsStyleSheetService.cpp b/layout/base/nsStyleSheetService.cpp index 33cdc5a1dbe..16500253c0d 100644 --- a/layout/base/nsStyleSheetService.cpp +++ b/layout/base/nsStyleSheetService.cpp @@ -172,7 +172,7 @@ nsStyleSheetService::LoadAndRegisterSheetInternal(nsIURI *aSheetURI, nsCOMPtr sheet; // Allow UA sheets, but not user sheets, to use unsafe rules nsresult rv = loader->LoadSheetSync(aSheetURI, aSheetType == AGENT_SHEET, - getter_AddRefs(sheet)); + PR_TRUE, getter_AddRefs(sheet)); NS_ENSURE_SUCCESS(rv, rv); if (!mSheets[aSheetType].AppendObject(sheet)) { diff --git a/layout/style/nsCSSLoader.cpp b/layout/style/nsCSSLoader.cpp index 114762c8221..684f43dee3b 100644 --- a/layout/style/nsCSSLoader.cpp +++ b/layout/style/nsCSSLoader.cpp @@ -166,11 +166,11 @@ SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader, mMustNotify(PR_FALSE), mWasAlternate(aIsAlternate), mAllowUnsafeRules(PR_FALSE), + mUseSystemPrincipal(PR_FALSE), mOwningElement(aOwningElement), mObserver(aObserver), mLoaderPrincipal(aLoaderPrincipal) { - NS_PRECONDITION(mLoader, "Must have a loader!"); NS_ADDREF(mLoader); } @@ -195,11 +195,11 @@ SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader, mMustNotify(PR_FALSE), mWasAlternate(PR_FALSE), mAllowUnsafeRules(PR_FALSE), + mUseSystemPrincipal(PR_FALSE), mOwningElement(nsnull), mObserver(aObserver), mLoaderPrincipal(aLoaderPrincipal) { - NS_PRECONDITION(mLoader, "Must have a loader!"); NS_ADDREF(mLoader); if (mParentData) { @@ -207,8 +207,12 @@ SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader, mSyncLoad = mParentData->mSyncLoad; mIsNonDocumentSheet = mParentData->mIsNonDocumentSheet; mAllowUnsafeRules = mParentData->mAllowUnsafeRules; + mUseSystemPrincipal = mParentData->mUseSystemPrincipal; ++(mParentData->mPendingChildren); } + + NS_POSTCONDITION(!mUseSystemPrincipal || mSyncLoad, + "Shouldn't use system principal for async loads"); } SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader, @@ -216,6 +220,7 @@ SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader, nsICSSStyleSheet* aSheet, PRBool aSyncLoad, PRBool aAllowUnsafeRules, + PRBool aUseSystemPrincipal, nsICSSLoaderObserver* aObserver, nsIPrincipal* aLoaderPrincipal) : mLoader(aLoader), @@ -232,13 +237,16 @@ SheetLoadData::SheetLoadData(CSSLoaderImpl* aLoader, mMustNotify(PR_FALSE), mWasAlternate(PR_FALSE), mAllowUnsafeRules(aAllowUnsafeRules), + mUseSystemPrincipal(aUseSystemPrincipal), mOwningElement(nsnull), mObserver(aObserver), mLoaderPrincipal(aLoaderPrincipal) { - NS_PRECONDITION(mLoader, "Must have a loader!"); NS_ADDREF(mLoader); + + NS_POSTCONDITION(!mUseSystemPrincipal || mSyncLoad, + "Shouldn't use system principal for async loads"); } SheetLoadData::~SheetLoadData() @@ -1272,6 +1280,8 @@ CSSLoaderImpl::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) NS_PRECONDITION(aLoadData->mURI, "Need a URI to load"); NS_PRECONDITION(aLoadData->mSheet, "Need a sheet to load into"); NS_PRECONDITION(aSheetState != eSheetComplete, "Why bother?"); + NS_PRECONDITION(!aLoadData->mUseSystemPrincipal || aLoadData->mSyncLoad, + "Shouldn't use system principal for async loads"); NS_ASSERTION(mLoadingDatas.IsInitialized(), "mLoadingDatas should be initialized by now."); LOG_URI(" Load from: '%s'", aLoadData->mURI); @@ -1305,10 +1315,16 @@ CSSLoaderImpl::LoadSheet(SheetLoadData* aLoadData, StyleSheetState aSheetState) NS_ASSERTION(channel, "NS_OpenURI lied?"); - // Get the principal for this channel + // Get the principal for this sheet nsCOMPtr principal; - rv = nsContentUtils::GetSecurityManager()-> - GetChannelPrincipal(channel, getter_AddRefs(principal)); + if (aLoadData->mUseSystemPrincipal) { + rv = nsContentUtils::GetSecurityManager()-> + GetSystemPrincipal(getter_AddRefs(principal)); + } else { + rv = nsContentUtils::GetSecurityManager()-> + GetChannelPrincipal(channel, getter_AddRefs(principal)); + } + if (NS_FAILED(rv)) { LOG_ERROR((" Failed to get a principal for the sheet")); SheetComplete(aLoadData, rv); @@ -1973,10 +1989,12 @@ CSSLoaderImpl::LoadChildSheet(nsICSSStyleSheet* aParentSheet, NS_IMETHODIMP CSSLoaderImpl::LoadSheetSync(nsIURI* aURL, PRBool aAllowUnsafeRules, + PRBool aUseSystemPrincipal, nsICSSStyleSheet** aSheet) { LOG(("CSSLoaderImpl::LoadSheetSync")); - return InternalLoadNonDocumentSheet(aURL, aAllowUnsafeRules, nsnull, + return InternalLoadNonDocumentSheet(aURL, aAllowUnsafeRules, + aUseSystemPrincipal, nsnull, aSheet, nsnull); } @@ -1988,7 +2006,8 @@ CSSLoaderImpl::LoadSheet(nsIURI* aURL, { LOG(("CSSLoaderImpl::LoadSheet(aURL, aObserver, aSheet) api call")); NS_PRECONDITION(aSheet, "aSheet is null"); - return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginPrincipal, + return InternalLoadNonDocumentSheet(aURL, PR_FALSE, PR_FALSE, + aOriginPrincipal, aSheet, aObserver); } @@ -1998,19 +2017,23 @@ CSSLoaderImpl::LoadSheet(nsIURI* aURL, nsICSSLoaderObserver* aObserver) { LOG(("CSSLoaderImpl::LoadSheet(aURL, aObserver) api call")); - return InternalLoadNonDocumentSheet(aURL, PR_FALSE, aOriginPrincipal, + return InternalLoadNonDocumentSheet(aURL, PR_FALSE, PR_FALSE, + aOriginPrincipal, nsnull, aObserver); } nsresult CSSLoaderImpl::InternalLoadNonDocumentSheet(nsIURI* aURL, PRBool aAllowUnsafeRules, + PRBool aUseSystemPrincipal, nsIPrincipal* aOriginPrincipal, nsICSSStyleSheet** aSheet, nsICSSLoaderObserver* aObserver) { NS_PRECONDITION(aURL, "Must have a URI to load"); NS_PRECONDITION(aSheet || aObserver, "Sheet and observer can't both be null"); + NS_PRECONDITION(!aUseSystemPrincipal || !aObserver, + "Shouldn't load system-principal sheets async"); NS_ASSERTION(mParsingDatas.Length() == 0, "We're in the middle of a parse?"); LOG_URI(" Non-document sheet uri: '%s'", aURL); @@ -2054,7 +2077,7 @@ CSSLoaderImpl::InternalLoadNonDocumentSheet(nsIURI* aURL, SheetLoadData* data = new SheetLoadData(this, aURL, sheet, syncLoad, aAllowUnsafeRules, - aObserver, aOriginPrincipal); + aUseSystemPrincipal, aObserver, aOriginPrincipal); if (!data) { sheet->SetComplete(); diff --git a/layout/style/nsCSSLoader.h b/layout/style/nsCSSLoader.h index 2f1afad0f8c..497f0be9366 100644 --- a/layout/style/nsCSSLoader.h +++ b/layout/style/nsCSSLoader.h @@ -135,6 +135,7 @@ public: nsICSSStyleSheet* aSheet, PRBool aSyncLoad, PRBool aAllowUnsafeRules, + PRBool aUseSystemPrincipal, nsICSSLoaderObserver* aObserver, nsIPrincipal* aLoaderPrincipal); @@ -207,6 +208,11 @@ public: // mAllowUnsafeRules is true if we should allow unsafe rules to be parsed // in the loaded sheet. PRPackedBool mAllowUnsafeRules : 1; + + // mUseSystemPrincipal is true if the system principal should be used for + // this sheet, no matter what the channel principal is. Only true for sync + // loads. + PRPackedBool mUseSystemPrincipal : 1; // This is the element that imported the sheet. Needed to get the // charset set on it. @@ -339,6 +345,7 @@ public: nsICSSImportRule* aRule); NS_IMETHOD LoadSheetSync(nsIURI* aURL, PRBool aAllowUnsafeRules, + PRBool aUseSystemPrincipal, nsICSSStyleSheet** aSheet); NS_IMETHOD LoadSheet(nsIURI* aURL, @@ -415,6 +422,7 @@ private: nsresult InternalLoadNonDocumentSheet(nsIURI* aURL, PRBool aAllowUnsafeRules, + PRBool aUseSystemPrincipal, nsIPrincipal* aOriginPrincipal, nsICSSStyleSheet** aSheet, nsICSSLoaderObserver* aObserver); diff --git a/layout/style/nsICSSLoader.h b/layout/style/nsICSSLoader.h index da14a664b11..a961dc434a0 100644 --- a/layout/style/nsICSSLoader.h +++ b/layout/style/nsICSSLoader.h @@ -58,10 +58,10 @@ class nsICSSImportRule; class nsIPrincipal; // IID for the nsICSSLoader interface -// 0c6d7e76-dddc-4727-b557-7ef531127e11 +// 51735c82-f3d9-4237-9a81-f5bdaf4865c5 #define NS_ICSS_LOADER_IID \ -{ 0x0c6d7e76, 0xdddc, 0x4727, \ - { 0xb5, 0x57, 0x7e, 0xf5, 0x31, 0x12, 0x7e, 0x11 } } +{ 0x51735c82, 0xf3d9, 0x4237, \ + { 0x9a, 0x81, 0xf5, 0xbd, 0xaf, 0x48, 0x65, 0xc5 } } typedef void (*nsCSSLoaderCallbackFunc)(nsICSSStyleSheet* aSheet, void *aData, PRBool aDidNotify); @@ -169,7 +169,6 @@ public: * method can be used to load sheets not associated with a document. * * @param aURL the URL of the sheet to load - * @param [out] aSheet the loaded, complete sheet. * @param aEnableUnsafeRules whether unsafe rules are enabled for this * sheet load * Unsafe rules are rules that can violate key Gecko invariants if misused. @@ -177,6 +176,9 @@ public: * styled or we will have severe problems. Therefore unsafe rules should * never be enabled for stylesheets controlled by untrusted sites; preferably * unsafe rules should only be enabled for agent sheets. + * @param aUseSystemPrincipal if true, give the resulting sheet the system + * principal no matter where it's being loaded from. + * @param [out] aSheet the loaded, complete sheet. * * NOTE: At the moment, this method assumes the sheet will be UTF-8, but * ideally it would allow arbitrary encodings. Callers should NOT depend on @@ -187,13 +189,14 @@ public: * about the status of child sheets of the returned sheet. */ NS_IMETHOD LoadSheetSync(nsIURI* aURL, PRBool aEnableUnsafeRules, + PRBool aUseSystemPrincipal, nsICSSStyleSheet** aSheet) = 0; /** - * As above, but aEnableUnsafeRules is assumed false. + * As above, but aUseSystemPrincipal and aEnableUnsafeRules are assumed false. */ nsresult LoadSheetSync(nsIURI* aURL, nsICSSStyleSheet** aSheet) { - return LoadSheetSync(aURL, PR_FALSE, aSheet); + return LoadSheetSync(aURL, PR_FALSE, PR_FALSE, aSheet); } /** diff --git a/layout/style/nsLayoutStylesheetCache.cpp b/layout/style/nsLayoutStylesheetCache.cpp index 1b066520b71..f8ffb928f17 100644 --- a/layout/style/nsLayoutStylesheetCache.cpp +++ b/layout/style/nsLayoutStylesheetCache.cpp @@ -258,7 +258,8 @@ nsLayoutStylesheetCache::LoadSheet(nsIURI* aURI, nsCOMPtr &aSh NS_NewCSSLoader(&gCSSLoader); if (gCSSLoader) { - gCSSLoader->LoadSheetSync(aURI, aEnableUnsafeRules, getter_AddRefs(aSheet)); + gCSSLoader->LoadSheetSync(aURI, aEnableUnsafeRules, PR_TRUE, + getter_AddRefs(aSheet)); } }