зеркало из https://github.com/mozilla/pjs.git
Add sameorigin checks to treewalker
b=156452, r=mstoltz, sr=jst, a=chofmann
This commit is contained in:
Родитель
e6669e6ca6
Коммит
bbbe940ae9
|
@ -167,6 +167,9 @@ public:
|
|||
|
||||
static void Shutdown();
|
||||
|
||||
// Checks if two nodes live in document coming from the same origin
|
||||
static nsresult CheckSameOrigin(nsIDOMNode* aNode1, nsIDOMNode* aNode2);
|
||||
|
||||
private:
|
||||
static nsresult doReparentContentWrapper(nsIContent *aChild,
|
||||
nsIDocument *aNewDocument,
|
||||
|
|
|
@ -49,6 +49,10 @@
|
|||
#include "nsIDocument.h"
|
||||
#include "nsINodeInfo.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsIDOMDocument.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsDOMError.h"
|
||||
|
||||
#include "nsIJSContextStack.h"
|
||||
#include "nsIDocShell.h"
|
||||
|
@ -350,6 +354,58 @@ nsContentUtils::GetClassInfoInstance(nsDOMClassInfoID aID)
|
|||
return sDOMScriptObjectFactory->GetClassInfoInstance(aID);
|
||||
}
|
||||
|
||||
// static
|
||||
nsresult
|
||||
nsContentUtils::CheckSameOrigin(nsIDOMNode* aNode1, nsIDOMNode* aNode2)
|
||||
{
|
||||
nsCOMPtr<nsIDocument> doc1 = do_QueryInterface(aNode1);
|
||||
if (!doc1) {
|
||||
// Make sure that this is a real node.
|
||||
nsCOMPtr<nsIContent> cont1 = do_QueryInterface(aNode1);
|
||||
if (!cont1) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIDOMDocument> domDoc1;
|
||||
aNode1->GetOwnerDocument(getter_AddRefs(domDoc1));
|
||||
doc1 = do_QueryInterface(domDoc1);
|
||||
if (!doc1) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIDocument> doc2 = do_QueryInterface(aNode2);
|
||||
if (!doc2) {
|
||||
// Make sure that this is a real node.
|
||||
nsCOMPtr<nsIContent> cont2 = do_QueryInterface(aNode2);
|
||||
if (!cont2) {
|
||||
return NS_ERROR_DOM_SECURITY_ERR;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIDOMDocument> domDoc2;
|
||||
aNode2->GetOwnerDocument(getter_AddRefs(domDoc2));
|
||||
doc2 = do_QueryInterface(domDoc2);
|
||||
if (!doc2) {
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
if (doc1 == doc2)
|
||||
return NS_OK;
|
||||
|
||||
nsCOMPtr<nsIURI> uri1;
|
||||
doc1->GetDocumentURL(getter_AddRefs(uri1));
|
||||
nsCOMPtr<nsIURI> uri2;
|
||||
doc2->GetDocumentURL(getter_AddRefs(uri2));
|
||||
|
||||
nsresult rv = NS_OK;
|
||||
nsCOMPtr<nsIScriptSecurityManager> securityManager =
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return securityManager->CheckSameOriginURI(uri1, uri2);
|
||||
}
|
||||
|
||||
// static
|
||||
nsresult
|
||||
nsContentUtils::doReparentContentWrapper(nsIContent *aChild,
|
||||
|
|
|
@ -2698,6 +2698,12 @@ nsDocument::CreateTreeWalker(nsIDOMNode *aRoot,
|
|||
PRBool aEntityReferenceExpansion,
|
||||
nsIDOMTreeWalker **_retval)
|
||||
{
|
||||
*_retval = nsnull;
|
||||
|
||||
nsresult rv = nsContentUtils::CheckSameOrigin(this, aRoot);
|
||||
if(NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
return NS_NewTreeWalker(aRoot,
|
||||
aWhatToShow,
|
||||
aFilter,
|
||||
|
|
|
@ -159,6 +159,11 @@ NS_IMETHODIMP nsTreeWalker::GetCurrentNode(nsIDOMNode * *aCurrentNode)
|
|||
NS_IMETHODIMP nsTreeWalker::SetCurrentNode(nsIDOMNode * aCurrentNode)
|
||||
{
|
||||
NS_ENSURE_TRUE(aCurrentNode, NS_ERROR_DOM_NOT_SUPPORTED_ERR);
|
||||
|
||||
nsresult rv = nsContentUtils::CheckSameOrigin(mRoot, aCurrentNode);
|
||||
if(NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
mCurrentNode = aCurrentNode;
|
||||
return NS_OK;
|
||||
}
|
||||
|
|
|
@ -3214,6 +3214,12 @@ nsXULDocument::CreateTreeWalker(nsIDOMNode *aRoot,
|
|||
PRBool aEntityReferenceExpansion,
|
||||
nsIDOMTreeWalker **_retval)
|
||||
{
|
||||
*_retval = nsnull;
|
||||
|
||||
nsresult rv = nsContentUtils::CheckSameOrigin(this, aRoot);
|
||||
if(NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
return NS_NewTreeWalker(aRoot,
|
||||
aWhatToShow,
|
||||
aFilter,
|
||||
|
|
Загрузка…
Ссылка в новой задаче