From d06a79e62ce80cfe49d37c8479a646e319f6043b Mon Sep 17 00:00:00 2001 From: Jonas Sicking Date: Tue, 2 Mar 2010 11:40:14 -0800 Subject: [PATCH] Fix bug 490790. r=dveditz --- content/base/public/nsContentUtils.h | 5 +++++ content/base/public/nsIContentPolicy.idl | 2 +- content/base/src/nsContentUtils.cpp | 8 +++++++ content/xml/document/src/nsXMLDocument.cpp | 25 +++++++++++++++++----- 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/content/base/public/nsContentUtils.h b/content/base/public/nsContentUtils.h index 4d974fa918f..823166c84c8 100644 --- a/content/base/public/nsContentUtils.h +++ b/content/base/public/nsContentUtils.h @@ -1256,6 +1256,11 @@ public: const nsACString& aMimeGuess = EmptyCString(), nsISupports* aExtra = nsnull); + /** + * Returns true if aPrincipal is the system principal. + */ + static PRBool IsSystemPrincipal(nsIPrincipal* aPrincipal); + /** * Trigger a link with uri aLinkURI. If aClick is false, this triggers a * mouseover on the link, otherwise it triggers a load after doing a diff --git a/content/base/public/nsIContentPolicy.idl b/content/base/public/nsIContentPolicy.idl index 06268da5802..8ef1afcf8ed 100644 --- a/content/base/public/nsIContentPolicy.idl +++ b/content/base/public/nsIContentPolicy.idl @@ -112,7 +112,7 @@ interface nsIContentPolicy : nsISupports const unsigned long TYPE_PING = 10; /** - * Indicates an XMLHttpRequest. + * Indicates an XMLHttpRequest. Also used for document.load. */ const unsigned long TYPE_XMLHTTPREQUEST = 11; diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp index 46f30d2f31d..544b4896b1c 100644 --- a/content/base/src/nsContentUtils.cpp +++ b/content/base/src/nsContentUtils.cpp @@ -4251,6 +4251,14 @@ nsContentUtils::CheckSecurityBeforeLoad(nsIURI* aURIToLoad, return aLoadingPrincipal->CheckMayLoad(aURIToLoad, PR_TRUE); } +PRBool +nsContentUtils::IsSystemPrincipal(nsIPrincipal* aPrincipal) +{ + PRBool isSystem; + nsresult rv = sSecurityManager->IsSystemPrincipal(aPrincipal, &isSystem); + return NS_SUCCEEDED(rv) && isSystem; +} + /* static */ void nsContentUtils::TriggerLink(nsIContent *aContent, nsPresContext *aPresContext, diff --git a/content/xml/document/src/nsXMLDocument.cpp b/content/xml/document/src/nsXMLDocument.cpp index bf4f7582de9..9b79edd195e 100644 --- a/content/xml/document/src/nsXMLDocument.cpp +++ b/content/xml/document/src/nsXMLDocument.cpp @@ -85,6 +85,8 @@ #include "nsIScriptGlobalObjectOwner.h" #include "nsIJSContextStack.h" #include "nsContentCreatorFunctions.h" +#include "nsContentPolicyUtils.h" +#include "nsContentErrors.h" #include "nsIDOMUserDataHandler.h" #include "nsEventDispatcher.h" #include "nsNodeUtils.h" @@ -335,10 +337,6 @@ nsXMLDocument::Load(const nsAString& aUrl, PRBool *aReturn) return rv; } - nsCOMPtr principal = NodePrincipal(); - nsCOMPtr codebase; - principal->GetURI(getter_AddRefs(codebase)); - // Check to see whether the current document is allowed to load this URI. // It's important to use the current document's principal for this check so // that we don't end up in a case where code with elevated privileges is @@ -347,9 +345,26 @@ nsXMLDocument::Load(const nsAString& aUrl, PRBool *aReturn) // Enforce same-origin even for chrome loaders to avoid someone accidentally // using a document that content has a reference to and turn that into a // chrome document. - if (codebase) { + nsCOMPtr principal = NodePrincipal(); + if (!nsContentUtils::IsSystemPrincipal(principal)) { rv = principal->CheckMayLoad(uri, PR_FALSE); NS_ENSURE_SUCCESS(rv, rv); + + PRInt16 shouldLoad = nsIContentPolicy::ACCEPT; + rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_XMLHTTPREQUEST, + uri, + principal, + callingDoc ? callingDoc.get() : + static_cast(this), + NS_LITERAL_CSTRING("application/xml"), + nsnull, + &shouldLoad, + nsContentUtils::GetContentPolicy(), + nsContentUtils::GetSecurityManager()); + NS_ENSURE_SUCCESS(rv, rv); + if (NS_CP_REJECTED(shouldLoad)) { + return NS_ERROR_CONTENT_BLOCKED; + } } else { // We're called from chrome, check to make sure the URI we're // about to load is also chrome.