mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Fix 

20257 unable to edit existing images in editor due to JS error
	19933 JavaScript "window.location" core dumps in CAPS
Back out previous changes for enforcing security on listeners and go with a
simple restriction of access to the method for adding listeners.
r=mstoltz
This commit is contained in:
norris%netscape.com 1999-12-01 22:23:22 +00:00
Родитель 6c3aa7008e
Коммит afb1f1e1e3
12 изменённых файлов: 34 добавлений и 157 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

9
caps/idl/nsIScriptSecurityManager.idl
Просмотреть файл

@ -58,10 +58,11 @@ interface nsIScriptSecurityManager : nsISupports
*/
void CheckLoadURI(in nsIURI from, in nsIURI uri);
void CheckCanListenTo(in nsIPrincipal principal);
boolean HasSubjectPrincipal();
/**
* Return the principal of the innermost frame of the currently
* executing script. Will return null if there is no script
* currently executing.
*/
nsIPrincipal GetSubjectPrincipal();
nsIPrincipal GetSystemPrincipal();

70
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -390,8 +390,12 @@ nsScriptSecurityManager::CheckLoadURIFromScript(nsIScriptContext *aContext,
return NS_ERROR_FAILURE;
}
// Native code can load all URIs.
if (!principal)
return NS_OK;
// The system principal can load all URIs.
PRBool equals;
PRBool equals = PR_FALSE;
if (NS_FAILED(principal->Equals(mSystemPrincipal, &equals)))
return NS_ERROR_FAILURE;
if (equals)
@ -477,50 +481,15 @@ nsScriptSecurityManager::CheckLoadURI(nsIURI *aFromURI,
return NS_ERROR_DOM_BAD_URI;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckCanListenTo(nsIPrincipal *principal)
{
nsCOMPtr<nsIPrincipal> subject;
nsresult rv;
PRBool hasSubject;
if (NS_FAILED(rv = HasSubjectPrincipal(&hasSubject)))
return rv;
if (!hasSubject)
return NS_OK; // No script code, so native code has access.
if (NS_FAILED(rv = GetSubjectPrincipal(getter_AddRefs(subject))))
return rv;
nsCOMPtr<nsICodebasePrincipal> codebase = do_QueryInterface(subject);
PRBool equals;
if (codebase && NS_SUCCEEDED(codebase->SameOrigin(principal, &equals))) {
if (equals)
return NS_OK; // Listener and Listened-to have same origin
}
PRBool enabled;
if (NS_SUCCEEDED(IsCapabilityEnabled("UniversalBrowserRead", &enabled))) {
if (enabled)
return NS_OK; // Capability allows access
}
// Report error
JSContext *cx = GetCurrentContext();
JS_ReportError(cx, "Access denied to listen to events across origins");
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
NS_IMETHODIMP
nsScriptSecurityManager::HasSubjectPrincipal(PRBool *result)
{
*result = GetCurrentContext() != nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::GetSubjectPrincipal(nsIPrincipal **result)
{
JSContext *cx = GetCurrentContext();
if (!cx)
return NS_ERROR_FAILURE;
if (!cx) {
*result = nsnull;
return NS_OK;
}
return GetSubjectPrincipal(cx, result);
}
@ -889,13 +858,7 @@ nsScriptSecurityManager::GetSubjectPrincipal(JSContext *cx,
nsIPrincipal **result)
{
JSStackFrame *fp;
if (NS_FAILED(GetPrincipalAndFrame(cx, result, &fp)))
return NS_ERROR_FAILURE;
if (*result)
return NS_OK;
// Couldn't find principals: no mobile code on stack.
// Use system principal.
return GetSystemPrincipal(result);
return GetPrincipalAndFrame(cx, result, &fp);
}
@ -946,6 +909,15 @@ nsScriptSecurityManager::CheckPermissions(JSContext *aCx, JSObject *aObj,
if (NS_FAILED(GetSubjectPrincipal(aCx, getter_AddRefs(subject))))
return NS_ERROR_FAILURE;
// If native code or system principal, allow access
PRBool equals;
if (!subject ||
(NS_SUCCEEDED(subject->Equals(mSystemPrincipal, &equals)) && equals))
{
*aResult = PR_TRUE;
return NS_OK;
}
nsCOMPtr<nsIPrincipal> object;
if (NS_FAILED(GetObjectPrincipal(aCx, aObj, getter_AddRefs(object))))
return NS_ERROR_FAILURE;
@ -1951,8 +1923,8 @@ nsScriptSecurityManager::GetPrefName(JSContext *cx, nsDOMProp domProp,
if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal)))) {
return NS_ERROR_FAILURE;
}
PRBool equals;
if (NS_FAILED(principal->Equals(mSystemPrincipal, &equals)))
PRBool equals = PR_TRUE;
if (principal && NS_FAILED(principal->Equals(mSystemPrincipal, &equals)))
return NS_ERROR_FAILURE;
if (equals) {
s += defaultStr;

10
content/base/src/nsDocument.cpp
Просмотреть файл

@ -2381,15 +2381,7 @@ nsresult nsDocument::GetListenerManager(nsIEventListenerManager **aInstancePtrRe
nsresult nsDocument::GetNewListenerManager(nsIEventListenerManager **aInstancePtrResult)
{
nsresult rv = NS_NewEventListenerManager(aInstancePtrResult);
if (NS_FAILED(rv))
return rv;
nsIPrincipal *principal = GetDocumentPrincipal();
if (principal) {
(*aInstancePtrResult)->SetPrincipal(principal);
NS_RELEASE(principal);
}
return NS_OK;
return NS_NewEventListenerManager(aInstancePtrResult);
}
nsresult nsDocument::HandleDOMEvent(nsIPresContext* aPresContext,

12
content/events/public/nsIEventListenerManager.h
Просмотреть файл

@ -134,18 +134,6 @@ public:
*/
virtual nsresult RemoveAllListeners(PRBool aScriptOnly) = 0;
/**
* Sets the principal of the entity being listened to.
*
* Used for security checks that ensure that events can't propagate past
* trust boundaries.
*/
virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal) = 0;
/**
* Gets the principal of the entity being listened to.
*/
virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal) = 0;
};
extern NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult);

24
content/events/src/nsEventListenerManager.cpp
Просмотреть файл

@ -51,7 +51,6 @@
#include "nsIContent.h"
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "nsIScriptSecurityManager.h"
static NS_DEFINE_IID(kIEventListenerManagerIID, NS_IEVENTLISTENERMANAGER_IID);
static NS_DEFINE_IID(kIDOMEventListenerIID, NS_IDOMEVENTLISTENER_IID);
@ -237,15 +236,6 @@ nsresult nsEventListenerManager::AddEventListener(nsIDOMEventListener *aListener
NS_IF_RELEASE(sel);
if (!found) {
// Check to see if we can add a new listener.
nsresult rv;
NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager,
NS_SCRIPTSECURITYMANAGER_PROGID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
rv = securityManager->CheckCanListenTo(mPrincipal);
if (NS_FAILED(rv))
return rv;
ls = PR_NEW(nsListenerStruct);
if (ls) {
ls->mListener = aListener;
@ -1427,20 +1417,6 @@ nsresult nsEventListenerManager::RemoveAllListeners(PRBool aScriptOnly)
return NS_OK;
}
nsresult nsEventListenerManager::GetPrincipal(nsIPrincipal **aListenedToPrincipal)
{
*aListenedToPrincipal = mPrincipal;
if (*aListenedToPrincipal)
NS_ADDREF(*aListenedToPrincipal);
return NS_OK;
}
nsresult nsEventListenerManager::SetPrincipal(nsIPrincipal *aListenedToPrincipal)
{
mPrincipal = aListenedToPrincipal;
return NS_OK;
}
NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult)
{
nsIEventListenerManager* l = new nsEventListenerManager();

3
content/events/src/nsEventListenerManager.h
Просмотреть файл

@ -99,9 +99,6 @@ public:
virtual nsresult RemoveAllListeners(PRBool aScriptOnly);
virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal);
virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal);
static nsresult GetIdentifiersForType(nsIAtom* aType, nsIID& aIID, PRInt32* aSubType);
protected:

12
dom/src/jsurl/nsJSProtocolHandler.cpp
Просмотреть файл

@ -223,15 +223,11 @@ nsJSProtocolHandler::NewChannel(const char* verb,
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
PRBool hasPrincipal;
if (NS_FAILED(securityManager->HasSubjectPrincipal(&hasPrincipal)))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIPrincipal> principal;
if (hasPrincipal) {
// script is currently executing; get principal from that script
if (NS_FAILED(securityManager->GetSubjectPrincipal(getter_AddRefs(principal))))
return NS_ERROR_FAILURE;
} else {
// script is currently executing; get principal from that script
if (NS_FAILED(securityManager->GetSubjectPrincipal(getter_AddRefs(principal))))
return NS_ERROR_FAILURE;
if (!principal) {
// No scripts currently executing; get principal from referrer of link
nsCOMPtr<nsIWebShell> webShell;
webShell = do_QueryInterface(owner);

10
layout/base/src/nsDocument.cpp
Просмотреть файл

@ -2381,15 +2381,7 @@ nsresult nsDocument::GetListenerManager(nsIEventListenerManager **aInstancePtrRe
nsresult nsDocument::GetNewListenerManager(nsIEventListenerManager **aInstancePtrResult)
{
nsresult rv = NS_NewEventListenerManager(aInstancePtrResult);
if (NS_FAILED(rv))
return rv;
nsIPrincipal *principal = GetDocumentPrincipal();
if (principal) {
(*aInstancePtrResult)->SetPrincipal(principal);
NS_RELEASE(principal);
}
return NS_OK;
return NS_NewEventListenerManager(aInstancePtrResult);
}
nsresult nsDocument::HandleDOMEvent(nsIPresContext* aPresContext,

12
layout/events/public/nsIEventListenerManager.h
Просмотреть файл

@ -134,18 +134,6 @@ public:
*/
virtual nsresult RemoveAllListeners(PRBool aScriptOnly) = 0;
/**
* Sets the principal of the entity being listened to.
*
* Used for security checks that ensure that events can't propagate past
* trust boundaries.
*/
virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal) = 0;
/**
* Gets the principal of the entity being listened to.
*/
virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal) = 0;
};
extern NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult);

24
layout/events/src/nsEventListenerManager.cpp
Просмотреть файл

@ -51,7 +51,6 @@
#include "nsIContent.h"
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "nsIScriptSecurityManager.h"
static NS_DEFINE_IID(kIEventListenerManagerIID, NS_IEVENTLISTENERMANAGER_IID);
static NS_DEFINE_IID(kIDOMEventListenerIID, NS_IDOMEVENTLISTENER_IID);
@ -237,15 +236,6 @@ nsresult nsEventListenerManager::AddEventListener(nsIDOMEventListener *aListener
NS_IF_RELEASE(sel);
if (!found) {
// Check to see if we can add a new listener.
nsresult rv;
NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager,
NS_SCRIPTSECURITYMANAGER_PROGID, &rv);
if (NS_FAILED(rv))
return NS_ERROR_FAILURE;
rv = securityManager->CheckCanListenTo(mPrincipal);
if (NS_FAILED(rv))
return rv;
ls = PR_NEW(nsListenerStruct);
if (ls) {
ls->mListener = aListener;
@ -1427,20 +1417,6 @@ nsresult nsEventListenerManager::RemoveAllListeners(PRBool aScriptOnly)
return NS_OK;
}
nsresult nsEventListenerManager::GetPrincipal(nsIPrincipal **aListenedToPrincipal)
{
*aListenedToPrincipal = mPrincipal;
if (*aListenedToPrincipal)
NS_ADDREF(*aListenedToPrincipal);
return NS_OK;
}
nsresult nsEventListenerManager::SetPrincipal(nsIPrincipal *aListenedToPrincipal)
{
mPrincipal = aListenedToPrincipal;
return NS_OK;
}
NS_HTML nsresult NS_NewEventListenerManager(nsIEventListenerManager** aInstancePtrResult)
{
nsIEventListenerManager* l = new nsEventListenerManager();

3
layout/events/src/nsEventListenerManager.h
Просмотреть файл

@ -99,9 +99,6 @@ public:
virtual nsresult RemoveAllListeners(PRBool aScriptOnly);
virtual nsresult SetPrincipal(nsIPrincipal *aListenedToPrincipal);
virtual nsresult GetPrincipal(nsIPrincipal **aListenedToPrincipal);
static nsresult GetIdentifiersForType(nsIAtom* aType, nsIID& aIID, PRInt32* aSubType);
protected:

2
modules/libpref/src/init/all.js
Просмотреть файл

@ -384,6 +384,8 @@ pref("security.policy.default.nshtmldocument.vlinkcolor.write", "sameOrigin");
pref("security.policy.default.nshtmldocument.write", "sameOrigin");
pref("security.policy.default.nshtmldocument.writeln", "sameOrigin");
pref("security.policy.default.eventtarget.addeventlistener", "sameOrigin");
pref("security.policy.default.navigator.preference.read", "UniversalPreferencesRead");
pref("security.policy.default.navigator.preference.write", "UniversalPreferencesWrite");