Bug 457296 - Implement separate whitelist for addresses/domains allowed to load remote images for email - part 2: content policy changes. r=standard8, a=standard8

Original patch by Irving Reid <irving@mozilla.com>
This commit is contained in:
Magnus Melin 2011-11-23 15:31:43 -05:00
Родитель f280f02390
Коммит d8877d3db4
3 изменённых файлов: 62 добавлений и 43 удалений

Просмотреть файл

@ -30,6 +30,9 @@ Components.utils.import("resource://mozmill/modules/jum.js", jumlib);
var elib = {};
Components.utils.import('resource://mozmill/modules/elementslib.js', elib);
Components.utils.import('resource://gre/modules/Services.jsm');
Components.utils.import("resource:///modules/mailServices.js");
var folder = null;
var gMsgNo = 0;
@ -258,6 +261,42 @@ function checkAllowFeedMsg(test) {
++gMsgNo;
}
/**
* Check remote content is not blocked for a sender with permissions.
*/
function checkAllowForSenderWithPerms(test) {
let msgDbHdr = addToFolder(test.type + " priv sender test message " + gMsgNo,
msgBodyStart + test.body + msgBodyEnd, folder);
let addresses = {};
MailServices.headerParser.parseHeadersWithArray(msgDbHdr.author, addresses, {}, {});
let authorEmailAddress = addresses.value[0];
let uri = Services.io.newURI("mailto:" + authorEmailAddress, null, null);
Services.perms.add(uri, "image", Services.perms.ALLOW_ACTION);
assert_true(Services.perms.testPermission(uri, "image") ==
Services.perms.ALLOW_ACTION);
// select the newly created message
let msgHdr = select_click_row(gMsgNo);
assert_equals(msgDbHdr, msgHdr);
assert_selected_and_displayed(gMsgNo);
// Now check that the content hasn't been blocked
if (!test.checkForAllowed(mozmill.getMail3PaneController()
.window.content.document.getElementById("testelement")))
throw new Error(test.type + " has been unexpectedly blocked for sender=" +
authorEmailAddress);
// Clean up after ourselves, and make sure that worked as expected.
Services.perms.remove(authorEmailAddress, "image");
assert_true(Services.perms.testPermission(uri, "image") ==
Services.perms.UNKNOWN_ACTION);
++gMsgNo;
}
function test_generalContentPolicy() {
let folderTab = mc.tabmail.currentTabInfo;
be_in_folder(folder);
@ -296,5 +335,8 @@ function test_generalContentPolicy() {
// Check allowed in a feed message
checkAllowFeedMsg(TESTS[i]);
// Check per sender privileges.
checkAllowForSenderWithPerms(TESTS[i]);
}
}

Просмотреть файл

@ -78,12 +78,17 @@ nsresult nsMsgContentPolicy::Init()
prefInternal->GetCharPref(kTrustedDomains, getter_Copies(mTrustedMailDomains));
prefInternal->GetBoolPref(kBlockRemoteImages, &mBlockRemoteImages);
// Grab a handle on the PermissionManager service for managing allowed remote
// content senders.
mPermissionManager = do_GetService(NS_PERMISSIONMANAGER_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
return NS_OK;
}
/**
* returns true if the sender referenced by aMsgHdr is in one one of our local
* address books and the user has explicitly allowed remote content for the sender
* @returns true if the sender referenced by aMsgHdr is explicitly allowed to
* load remote images according to the PermissionManager
*/
bool
nsMsgContentPolicy::ShouldAcceptRemoteContentForSender(nsIMsgDBHdr *aMsgHdr)
@ -101,50 +106,20 @@ nsMsgContentPolicy::ShouldAcceptRemoteContentForSender(nsIMsgDBHdr *aMsgHdr)
if (emailAddress.IsEmpty())
return false;
nsCOMPtr<nsIAbManager> abManager = do_GetService("@mozilla.org/abmanager;1",
&rv);
nsCOMPtr<nsIIOService> ios = do_GetService("@mozilla.org/network/io-service;1", &rv);
NS_ENSURE_SUCCESS(rv, false);
nsCOMPtr<nsIURI> mailURI;
emailAddress.Insert("mailto:", 0);
rv = ios->NewURI(emailAddress, nullptr, nullptr, getter_AddRefs(mailURI));
NS_ENSURE_SUCCESS(rv, false);
nsCOMPtr<nsISimpleEnumerator> enumerator;
rv = abManager->GetDirectories(getter_AddRefs(enumerator));
// check with permission manager
uint32_t permission = 0;
rv = mPermissionManager->TestPermission(mailURI, "image", &permission);
NS_ENSURE_SUCCESS(rv, false);
nsCOMPtr<nsISupports> supports;
nsCOMPtr<nsIAbDirectory> directory;
nsCOMPtr<nsIAbCard> cardForAddress;
bool hasMore;
while (NS_SUCCEEDED(enumerator->HasMoreElements(&hasMore)) && hasMore &&
!cardForAddress)
{
rv = enumerator->GetNext(getter_AddRefs(supports));
NS_ENSURE_SUCCESS(rv, false);
directory = do_QueryInterface(supports);
if (directory)
{
bool readOnly;
rv = directory->GetReadOnly(&readOnly);
NS_ENSURE_SUCCESS(rv, false);
// Read-only ABs, don't support the remote content property, so skip
// this one.
if (readOnly)
continue;
rv = directory->CardForEmailAddress(emailAddress, getter_AddRefs(cardForAddress));
if (NS_FAILED(rv) && rv != NS_ERROR_NOT_IMPLEMENTED)
return false;
}
}
// If we found a card from the sender, check if the remote content property
// is set to allow.
if (!cardForAddress)
return false;
bool allowForSender;
cardForAddress->GetPropertyAsBool(kAllowRemoteContentProperty,
&allowForSender);
return allowForSender;
// Only return true if the permission manager has an explicit allow
return (permission == nsIPermissionManager::ALLOW_ACTION);
}
/**
@ -457,7 +432,7 @@ nsMsgContentPolicy::ShouldAcceptRemoteContentForMsgHdr(nsIMsgDBHdr *aMsgHdr,
// Case #3, the domain for the remote image is in our white list
bool trustedDomain = IsTrustedDomain(aContentLocation);
// Case 4 is expensive as we're looking up items in the address book. So if
// Case 4 means looking up items in the permissions database. So if
// either of the two previous items means we load the data, just do it.
if (isRSS || remoteContentPolicy == kAllowRemoteContent || trustedDomain)
return nsIContentPolicy::ACCEPT;

Просмотреть файл

@ -21,6 +21,7 @@
#include "nsIWebProgressListener.h"
#include "nsIMsgCompose.h"
#include "nsIDocShell.h"
#include "nsIPermissionManager.h"
/* DBFCFDF0-4489-4faa-8122-190FD1EFA16C */
#define NS_MSGCONTENTPOLICY_CID \
@ -51,6 +52,7 @@ protected:
bool mBlockRemoteImages;
bool mAllowPlugins;
nsCString mTrustedMailDomains;
nsCOMPtr<nsIPermissionManager> mPermissionManager;
bool IsTrustedDomain(nsIURI * aContentLocation);
bool IsSafeRequestingLocation(nsIURI *aRequestingLocation);