mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Properly check attribute URLs -- Bug 562547, r=jst, a=blocking2.0 

Do not inherit principal from embedding doc (often chrome) when checking URIs,
but use NullPrincipal for untrusted content.
This commit is contained in:
Robert Sayre 2010-12-15 18:14:11 +01:00
Родитель c8a9c2b63c
Коммит ebc688fea2
4 изменённых файлов: 22 добавлений и 5 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
content/html/document/src/Makefile.in
Просмотреть файл

@ -76,6 +76,7 @@ INCLUDES += \
-I$(srcdir)/../../../../layout/style \
-I$(srcdir)/../../../../dom/base \
-I$(srcdir)/../../../../xpcom/io \
-I$(srcdir)/../../../../caps/include \
$(NULL)
DEFINES += -D_IMPL_NS_LAYOUT

12
content/html/document/src/nsHTMLFragmentContentSink.cpp
Просмотреть файл

@ -60,6 +60,7 @@
#include "nsContentUtils.h"
#include "nsEscape.h"
#include "nsNodeInfoManager.h"
#include "nsNullPrincipal.h"
#include "nsContentCreatorFunctions.h"
#include "nsNetUtil.h"
#include "nsIScriptSecurityManager.h"
@ -821,6 +822,8 @@ protected:
PRPackedBool mInStyle; // whether we're inside a style element
PRPackedBool mProcessComments; // used when comments are allowed
nsCOMPtr<nsIPrincipal> mNullPrincipal;
// Use nsTHashTable as a hash set for our whitelists
static nsTHashtable<nsISupportsHashKey>* sAllowedTags;
static nsTHashtable<nsISupportsHashKey>* sAllowedAttributes;
@ -989,7 +992,12 @@ nsHTMLParanoidFragmentSink::AddAttributes(const nsIParserNode& aNode,
nsresult rv;
// use this to check for safe URIs in the few attributes that allow them
nsIScriptSecurityManager* secMan = nsContentUtils::GetSecurityManager();
PRUint32 flags = nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL;
nsCOMPtr<nsIURI> baseURI;
if (!mNullPrincipal) {
mNullPrincipal = do_CreateInstance(NS_NULLPRINCIPAL_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
}
for (PRInt32 i = ac - 1; i >= 0; i--) {
rv = NS_OK;
@ -1023,9 +1031,7 @@ nsHTMLParanoidFragmentSink::AddAttributes(const nsIParserNode& aNode,
rv = NS_NewURI(getter_AddRefs(attrURI), v, nsnull, baseURI);
if (NS_SUCCEEDED(rv)) {
rv = secMan->
CheckLoadURIWithPrincipal(mTargetDocument->NodePrincipal(),
attrURI,
nsIScriptSecurityManager::DISALLOW_INHERIT_PRINCIPAL);
CheckLoadURIWithPrincipal(mNullPrincipal, attrURI, flags);
}
}

1
content/xml/document/src/Makefile.in
Просмотреть файл

@ -68,6 +68,7 @@ LOCAL_INCLUDES = \
-I$(srcdir)/../../../xul/content/src \
-I$(srcdir)/../../../events/src \
-I$(srcdir)/../../../../dom/base \
-I$(srcdir)/../../../../caps/include \
$(NULL)
DEFINES += -D_IMPL_NS_LAYOUT

13
content/xml/document/src/nsXMLFragmentContentSink.cpp
Просмотреть файл

@ -50,6 +50,7 @@
#include "nsGkAtoms.h"
#include "nsINodeInfo.h"
#include "nsNodeInfoManager.h"
#include "nsNullPrincipal.h"
#include "nsContentCreatorFunctions.h"
#include "nsDOMError.h"
#include "nsIConsoleService.h"
@ -519,6 +520,9 @@ public:
PRUint32 aLength);
protected:
PRUint32 mSkipLevel; // used when we descend into <style> or <script>
nsCOMPtr<nsIPrincipal> mNullPrincipal;
// Use nsTHashTable as a hash set for our whitelists
static nsTHashtable<nsISupportsHashKey>* sAllowedTags;
static nsTHashtable<nsISupportsHashKey>* sAllowedAttributes;
@ -640,6 +644,12 @@ nsXHTMLParanoidFragmentSink::AddAttributes(const PRUnichar** aAtts,
PRInt32 nameSpaceID;
nsCOMPtr<nsIAtom> prefix, localName;
nsCOMPtr<nsINodeInfo> nodeInfo;
if (!mNullPrincipal) {
mNullPrincipal = do_CreateInstance(NS_NULLPRINCIPAL_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
}
while (*aAtts) {
nsContentUtils::SplitExpatName(aAtts[0], getter_AddRefs(prefix),
getter_AddRefs(localName), &nameSpaceID);
@ -655,8 +665,7 @@ nsXHTMLParanoidFragmentSink::AddAttributes(const PRUnichar** aAtts,
rv = NS_NewURI(getter_AddRefs(attrURI), nsDependentString(aAtts[1]),
nsnull, baseURI);
if (NS_SUCCEEDED(rv)) {
rv = secMan->CheckLoadURIWithPrincipal(mTargetDocument->NodePrincipal(),
attrURI, flags);
rv = secMan->CheckLoadURIWithPrincipal(mNullPrincipal, attrURI, flags);
}
}